1 // SPDX-License-Identifier: GPL-2.0-only
3 * VFIO: IOMMU DMA mapping support for Type1 IOMMU
5 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
6 * Author: Alex Williamson <alex.williamson@redhat.com>
8 * Derived from original vfio:
9 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
10 * Author: Tom Lyon, pugs@cisco.com
12 * We arbitrarily define a Type1 IOMMU as one matching the below code.
13 * It could be called the x86 IOMMU as it's designed for AMD-Vi & Intel
14 * VT-d, but that makes it harder to re-use as theoretically anyone
15 * implementing a similar IOMMU could make use of this. We expect the
16 * IOMMU to support the IOMMU API and have few to no restrictions around
17 * the IOVA range that can be mapped. The Type1 IOMMU is currently
18 * optimized for relatively static mappings of a userspace process with
19 * userpsace pages pinned into memory. We also assume devices and IOMMU
20 * domains are PCI based as the IOMMU API is still centered around a
21 * device/bus interface rather than a group interface.
24 #include <linux/compat.h>
25 #include <linux/device.h>
27 #include <linux/iommu.h>
28 #include <linux/module.h>
30 #include <linux/kthread.h>
31 #include <linux/rbtree.h>
32 #include <linux/sched/signal.h>
33 #include <linux/sched/mm.h>
34 #include <linux/slab.h>
35 #include <linux/uaccess.h>
36 #include <linux/vfio.h>
37 #include <linux/workqueue.h>
38 #include <linux/mdev.h>
39 #include <linux/notifier.h>
40 #include <linux/dma-iommu.h>
41 #include <linux/irqdomain.h>
43 #define DRIVER_VERSION "0.2"
44 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
45 #define DRIVER_DESC "Type1 IOMMU driver for VFIO"
47 static bool allow_unsafe_interrupts;
48 module_param_named(allow_unsafe_interrupts,
49 allow_unsafe_interrupts, bool, S_IRUGO | S_IWUSR);
50 MODULE_PARM_DESC(allow_unsafe_interrupts,
51 "Enable VFIO IOMMU support for on platforms without interrupt remapping support.");
53 static bool disable_hugepages;
54 module_param_named(disable_hugepages,
55 disable_hugepages, bool, S_IRUGO | S_IWUSR);
56 MODULE_PARM_DESC(disable_hugepages,
57 "Disable VFIO IOMMU support for IOMMU hugepages.");
59 static unsigned int dma_entry_limit __read_mostly = U16_MAX;
60 module_param_named(dma_entry_limit, dma_entry_limit, uint, 0644);
61 MODULE_PARM_DESC(dma_entry_limit,
62 "Maximum number of user DMA mappings per container (65535).");
65 struct list_head domain_list;
66 struct list_head iova_list;
67 struct vfio_domain *external_domain; /* domain for external user */
69 struct rb_root dma_list;
70 struct blocking_notifier_head notifier;
71 unsigned int dma_avail;
72 uint64_t pgsize_bitmap;
75 bool dirty_page_tracking;
76 bool pinned_page_dirty_scope;
80 struct iommu_domain *domain;
81 struct list_head next;
82 struct list_head group_list;
83 int prot; /* IOMMU_CACHE */
84 bool fgsp; /* Fine-grained super pages */
89 dma_addr_t iova; /* Device address */
90 unsigned long vaddr; /* Process virtual addr */
91 size_t size; /* Map size (bytes) */
92 int prot; /* IOMMU_READ/WRITE */
94 bool lock_cap; /* capable(CAP_IPC_LOCK) */
95 struct task_struct *task;
96 struct rb_root pfn_list; /* Ex-user pinned pfn list */
97 unsigned long *bitmap;
101 struct iommu_group *iommu_group;
102 struct list_head next;
103 bool mdev_group; /* An mdev group */
104 bool pinned_page_dirty_scope;
108 struct list_head list;
114 * Guest RAM pinning working set or DMA target
118 dma_addr_t iova; /* Device address */
119 unsigned long pfn; /* Host pfn */
120 unsigned int ref_count;
123 struct vfio_regions {
124 struct list_head list;
130 #define IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu) \
131 (!list_empty(&iommu->domain_list))
133 #define DIRTY_BITMAP_BYTES(n) (ALIGN(n, BITS_PER_TYPE(u64)) / BITS_PER_BYTE)
136 * Input argument of number of bits to bitmap_set() is unsigned integer, which
137 * further casts to signed integer for unaligned multi-bit operation,
139 * Then maximum bitmap size supported is 2^31 bits divided by 2^3 bits/byte,
140 * that is 2^28 (256 MB) which maps to 2^31 * 2^12 = 2^43 (8TB) on 4K page
143 #define DIRTY_BITMAP_PAGES_MAX ((u64)INT_MAX)
144 #define DIRTY_BITMAP_SIZE_MAX DIRTY_BITMAP_BYTES(DIRTY_BITMAP_PAGES_MAX)
146 static int put_pfn(unsigned long pfn, int prot);
148 static struct vfio_group *vfio_iommu_find_iommu_group(struct vfio_iommu *iommu,
149 struct iommu_group *iommu_group);
151 static void update_pinned_page_dirty_scope(struct vfio_iommu *iommu);
153 * This code handles mapping and unmapping of user data buffers
154 * into DMA'ble space using the IOMMU
157 static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu,
158 dma_addr_t start, size_t size)
160 struct rb_node *node = iommu->dma_list.rb_node;
163 struct vfio_dma *dma = rb_entry(node, struct vfio_dma, node);
165 if (start + size <= dma->iova)
166 node = node->rb_left;
167 else if (start >= dma->iova + dma->size)
168 node = node->rb_right;
176 static void vfio_link_dma(struct vfio_iommu *iommu, struct vfio_dma *new)
178 struct rb_node **link = &iommu->dma_list.rb_node, *parent = NULL;
179 struct vfio_dma *dma;
183 dma = rb_entry(parent, struct vfio_dma, node);
185 if (new->iova + new->size <= dma->iova)
186 link = &(*link)->rb_left;
188 link = &(*link)->rb_right;
191 rb_link_node(&new->node, parent, link);
192 rb_insert_color(&new->node, &iommu->dma_list);
195 static void vfio_unlink_dma(struct vfio_iommu *iommu, struct vfio_dma *old)
197 rb_erase(&old->node, &iommu->dma_list);
201 static int vfio_dma_bitmap_alloc(struct vfio_dma *dma, size_t pgsize)
203 uint64_t npages = dma->size / pgsize;
205 if (npages > DIRTY_BITMAP_PAGES_MAX)
209 * Allocate extra 64 bits that are used to calculate shift required for
210 * bitmap_shift_left() to manipulate and club unaligned number of pages
211 * in adjacent vfio_dma ranges.
213 dma->bitmap = kvzalloc(DIRTY_BITMAP_BYTES(npages) + sizeof(u64),
221 static void vfio_dma_bitmap_free(struct vfio_dma *dma)
227 static void vfio_dma_populate_bitmap(struct vfio_dma *dma, size_t pgsize)
230 unsigned long pgshift = __ffs(pgsize);
232 for (p = rb_first(&dma->pfn_list); p; p = rb_next(p)) {
233 struct vfio_pfn *vpfn = rb_entry(p, struct vfio_pfn, node);
235 bitmap_set(dma->bitmap, (vpfn->iova - dma->iova) >> pgshift, 1);
239 static void vfio_iommu_populate_bitmap_full(struct vfio_iommu *iommu)
242 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
244 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
245 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
247 bitmap_set(dma->bitmap, 0, dma->size >> pgshift);
251 static int vfio_dma_bitmap_alloc_all(struct vfio_iommu *iommu, size_t pgsize)
255 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
256 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
259 ret = vfio_dma_bitmap_alloc(dma, pgsize);
263 for (p = rb_prev(n); p; p = rb_prev(p)) {
264 struct vfio_dma *dma = rb_entry(n,
265 struct vfio_dma, node);
267 vfio_dma_bitmap_free(dma);
271 vfio_dma_populate_bitmap(dma, pgsize);
276 static void vfio_dma_bitmap_free_all(struct vfio_iommu *iommu)
280 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
281 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
283 vfio_dma_bitmap_free(dma);
288 * Helper Functions for host iova-pfn list
290 static struct vfio_pfn *vfio_find_vpfn(struct vfio_dma *dma, dma_addr_t iova)
292 struct vfio_pfn *vpfn;
293 struct rb_node *node = dma->pfn_list.rb_node;
296 vpfn = rb_entry(node, struct vfio_pfn, node);
298 if (iova < vpfn->iova)
299 node = node->rb_left;
300 else if (iova > vpfn->iova)
301 node = node->rb_right;
308 static void vfio_link_pfn(struct vfio_dma *dma,
309 struct vfio_pfn *new)
311 struct rb_node **link, *parent = NULL;
312 struct vfio_pfn *vpfn;
314 link = &dma->pfn_list.rb_node;
317 vpfn = rb_entry(parent, struct vfio_pfn, node);
319 if (new->iova < vpfn->iova)
320 link = &(*link)->rb_left;
322 link = &(*link)->rb_right;
325 rb_link_node(&new->node, parent, link);
326 rb_insert_color(&new->node, &dma->pfn_list);
329 static void vfio_unlink_pfn(struct vfio_dma *dma, struct vfio_pfn *old)
331 rb_erase(&old->node, &dma->pfn_list);
334 static int vfio_add_to_pfn_list(struct vfio_dma *dma, dma_addr_t iova,
337 struct vfio_pfn *vpfn;
339 vpfn = kzalloc(sizeof(*vpfn), GFP_KERNEL);
346 vfio_link_pfn(dma, vpfn);
350 static void vfio_remove_from_pfn_list(struct vfio_dma *dma,
351 struct vfio_pfn *vpfn)
353 vfio_unlink_pfn(dma, vpfn);
357 static struct vfio_pfn *vfio_iova_get_vfio_pfn(struct vfio_dma *dma,
360 struct vfio_pfn *vpfn = vfio_find_vpfn(dma, iova);
367 static int vfio_iova_put_vfio_pfn(struct vfio_dma *dma, struct vfio_pfn *vpfn)
372 if (!vpfn->ref_count) {
373 ret = put_pfn(vpfn->pfn, dma->prot);
374 vfio_remove_from_pfn_list(dma, vpfn);
379 static int vfio_lock_acct(struct vfio_dma *dma, long npage, bool async)
381 struct mm_struct *mm;
387 mm = async ? get_task_mm(dma->task) : dma->task->mm;
389 return -ESRCH; /* process exited */
391 ret = mmap_write_lock_killable(mm);
393 ret = __account_locked_vm(mm, abs(npage), npage > 0, dma->task,
395 mmap_write_unlock(mm);
405 * Some mappings aren't backed by a struct page, for example an mmap'd
406 * MMIO range for our own or another device. These use a different
407 * pfn conversion and shouldn't be tracked as locked pages.
408 * For compound pages, any driver that sets the reserved bit in head
409 * page needs to set the reserved bit in all subpages to be safe.
411 static bool is_invalid_reserved_pfn(unsigned long pfn)
414 return PageReserved(pfn_to_page(pfn));
419 static int put_pfn(unsigned long pfn, int prot)
421 if (!is_invalid_reserved_pfn(pfn)) {
422 struct page *page = pfn_to_page(pfn);
424 unpin_user_pages_dirty_lock(&page, 1, prot & IOMMU_WRITE);
430 static int follow_fault_pfn(struct vm_area_struct *vma, struct mm_struct *mm,
431 unsigned long vaddr, unsigned long *pfn,
436 ret = follow_pfn(vma, vaddr, pfn);
438 bool unlocked = false;
440 ret = fixup_user_fault(mm, vaddr,
442 (write_fault ? FAULT_FLAG_WRITE : 0),
450 ret = follow_pfn(vma, vaddr, pfn);
456 static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr,
457 int prot, unsigned long *pfn)
459 struct page *page[1];
460 struct vm_area_struct *vma;
461 unsigned int flags = 0;
464 if (prot & IOMMU_WRITE)
468 ret = pin_user_pages_remote(mm, vaddr, 1, flags | FOLL_LONGTERM,
471 *pfn = page_to_pfn(page[0]);
476 vaddr = untagged_addr(vaddr);
479 vma = find_vma_intersection(mm, vaddr, vaddr + 1);
481 if (vma && vma->vm_flags & VM_PFNMAP) {
482 ret = follow_fault_pfn(vma, mm, vaddr, pfn, prot & IOMMU_WRITE);
486 if (!ret && !is_invalid_reserved_pfn(*pfn))
490 mmap_read_unlock(mm);
495 * Attempt to pin pages. We really don't want to track all the pfns and
496 * the iommu can only map chunks of consecutive pfns anyway, so get the
497 * first page and all consecutive pages with the same locking.
499 static long vfio_pin_pages_remote(struct vfio_dma *dma, unsigned long vaddr,
500 long npage, unsigned long *pfn_base,
503 unsigned long pfn = 0;
504 long ret, pinned = 0, lock_acct = 0;
506 dma_addr_t iova = vaddr - dma->vaddr + dma->iova;
508 /* This code path is only user initiated */
512 ret = vaddr_get_pfn(current->mm, vaddr, dma->prot, pfn_base);
517 rsvd = is_invalid_reserved_pfn(*pfn_base);
520 * Reserved pages aren't counted against the user, externally pinned
521 * pages are already counted against the user.
523 if (!rsvd && !vfio_find_vpfn(dma, iova)) {
524 if (!dma->lock_cap && current->mm->locked_vm + 1 > limit) {
525 put_pfn(*pfn_base, dma->prot);
526 pr_warn("%s: RLIMIT_MEMLOCK (%ld) exceeded\n", __func__,
527 limit << PAGE_SHIFT);
533 if (unlikely(disable_hugepages))
536 /* Lock all the consecutive pages from pfn_base */
537 for (vaddr += PAGE_SIZE, iova += PAGE_SIZE; pinned < npage;
538 pinned++, vaddr += PAGE_SIZE, iova += PAGE_SIZE) {
539 ret = vaddr_get_pfn(current->mm, vaddr, dma->prot, &pfn);
543 if (pfn != *pfn_base + pinned ||
544 rsvd != is_invalid_reserved_pfn(pfn)) {
545 put_pfn(pfn, dma->prot);
549 if (!rsvd && !vfio_find_vpfn(dma, iova)) {
550 if (!dma->lock_cap &&
551 current->mm->locked_vm + lock_acct + 1 > limit) {
552 put_pfn(pfn, dma->prot);
553 pr_warn("%s: RLIMIT_MEMLOCK (%ld) exceeded\n",
554 __func__, limit << PAGE_SHIFT);
563 ret = vfio_lock_acct(dma, lock_acct, false);
568 for (pfn = *pfn_base ; pinned ; pfn++, pinned--)
569 put_pfn(pfn, dma->prot);
578 static long vfio_unpin_pages_remote(struct vfio_dma *dma, dma_addr_t iova,
579 unsigned long pfn, long npage,
582 long unlocked = 0, locked = 0;
585 for (i = 0; i < npage; i++, iova += PAGE_SIZE) {
586 if (put_pfn(pfn++, dma->prot)) {
588 if (vfio_find_vpfn(dma, iova))
594 vfio_lock_acct(dma, locked - unlocked, true);
599 static int vfio_pin_page_external(struct vfio_dma *dma, unsigned long vaddr,
600 unsigned long *pfn_base, bool do_accounting)
602 struct mm_struct *mm;
605 mm = get_task_mm(dma->task);
609 ret = vaddr_get_pfn(mm, vaddr, dma->prot, pfn_base);
610 if (!ret && do_accounting && !is_invalid_reserved_pfn(*pfn_base)) {
611 ret = vfio_lock_acct(dma, 1, true);
613 put_pfn(*pfn_base, dma->prot);
615 pr_warn("%s: Task %s (%d) RLIMIT_MEMLOCK "
616 "(%ld) exceeded\n", __func__,
617 dma->task->comm, task_pid_nr(dma->task),
618 task_rlimit(dma->task, RLIMIT_MEMLOCK));
626 static int vfio_unpin_page_external(struct vfio_dma *dma, dma_addr_t iova,
630 struct vfio_pfn *vpfn = vfio_find_vpfn(dma, iova);
635 unlocked = vfio_iova_put_vfio_pfn(dma, vpfn);
638 vfio_lock_acct(dma, -unlocked, true);
643 static int vfio_iommu_type1_pin_pages(void *iommu_data,
644 struct iommu_group *iommu_group,
645 unsigned long *user_pfn,
647 unsigned long *phys_pfn)
649 struct vfio_iommu *iommu = iommu_data;
650 struct vfio_group *group;
652 unsigned long remote_vaddr;
653 struct vfio_dma *dma;
656 if (!iommu || !user_pfn || !phys_pfn)
659 /* Supported for v2 version only */
663 mutex_lock(&iommu->lock);
665 /* Fail if notifier list is empty */
666 if (!iommu->notifier.head) {
672 * If iommu capable domain exist in the container then all pages are
673 * already pinned and accounted. Accouting should be done if there is no
674 * iommu capable domain in the container.
676 do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu);
678 for (i = 0; i < npage; i++) {
680 struct vfio_pfn *vpfn;
682 iova = user_pfn[i] << PAGE_SHIFT;
683 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
689 if ((dma->prot & prot) != prot) {
694 vpfn = vfio_iova_get_vfio_pfn(dma, iova);
696 phys_pfn[i] = vpfn->pfn;
700 remote_vaddr = dma->vaddr + (iova - dma->iova);
701 ret = vfio_pin_page_external(dma, remote_vaddr, &phys_pfn[i],
706 ret = vfio_add_to_pfn_list(dma, iova, phys_pfn[i]);
708 if (put_pfn(phys_pfn[i], dma->prot) && do_accounting)
709 vfio_lock_acct(dma, -1, true);
713 if (iommu->dirty_page_tracking) {
714 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
717 * Bitmap populated with the smallest supported page
720 bitmap_set(dma->bitmap,
721 (iova - dma->iova) >> pgshift, 1);
726 group = vfio_iommu_find_iommu_group(iommu, iommu_group);
727 if (!group->pinned_page_dirty_scope) {
728 group->pinned_page_dirty_scope = true;
729 update_pinned_page_dirty_scope(iommu);
736 for (j = 0; j < i; j++) {
739 iova = user_pfn[j] << PAGE_SHIFT;
740 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
741 vfio_unpin_page_external(dma, iova, do_accounting);
745 mutex_unlock(&iommu->lock);
749 static int vfio_iommu_type1_unpin_pages(void *iommu_data,
750 unsigned long *user_pfn,
753 struct vfio_iommu *iommu = iommu_data;
757 if (!iommu || !user_pfn)
760 /* Supported for v2 version only */
764 mutex_lock(&iommu->lock);
766 do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu);
767 for (i = 0; i < npage; i++) {
768 struct vfio_dma *dma;
771 iova = user_pfn[i] << PAGE_SHIFT;
772 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
775 vfio_unpin_page_external(dma, iova, do_accounting);
779 mutex_unlock(&iommu->lock);
780 return i > npage ? npage : (i > 0 ? i : -EINVAL);
783 static long vfio_sync_unpin(struct vfio_dma *dma, struct vfio_domain *domain,
784 struct list_head *regions,
785 struct iommu_iotlb_gather *iotlb_gather)
788 struct vfio_regions *entry, *next;
790 iommu_iotlb_sync(domain->domain, iotlb_gather);
792 list_for_each_entry_safe(entry, next, regions, list) {
793 unlocked += vfio_unpin_pages_remote(dma,
795 entry->phys >> PAGE_SHIFT,
796 entry->len >> PAGE_SHIFT,
798 list_del(&entry->list);
808 * Generally, VFIO needs to unpin remote pages after each IOTLB flush.
809 * Therefore, when using IOTLB flush sync interface, VFIO need to keep track
810 * of these regions (currently using a list).
812 * This value specifies maximum number of regions for each IOTLB flush sync.
814 #define VFIO_IOMMU_TLB_SYNC_MAX 512
816 static size_t unmap_unpin_fast(struct vfio_domain *domain,
817 struct vfio_dma *dma, dma_addr_t *iova,
818 size_t len, phys_addr_t phys, long *unlocked,
819 struct list_head *unmapped_list,
821 struct iommu_iotlb_gather *iotlb_gather)
824 struct vfio_regions *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
827 unmapped = iommu_unmap_fast(domain->domain, *iova, len,
835 entry->len = unmapped;
836 list_add_tail(&entry->list, unmapped_list);
844 * Sync if the number of fast-unmap regions hits the limit
845 * or in case of errors.
847 if (*unmapped_cnt >= VFIO_IOMMU_TLB_SYNC_MAX || !unmapped) {
848 *unlocked += vfio_sync_unpin(dma, domain, unmapped_list,
856 static size_t unmap_unpin_slow(struct vfio_domain *domain,
857 struct vfio_dma *dma, dma_addr_t *iova,
858 size_t len, phys_addr_t phys,
861 size_t unmapped = iommu_unmap(domain->domain, *iova, len);
864 *unlocked += vfio_unpin_pages_remote(dma, *iova,
866 unmapped >> PAGE_SHIFT,
874 static long vfio_unmap_unpin(struct vfio_iommu *iommu, struct vfio_dma *dma,
877 dma_addr_t iova = dma->iova, end = dma->iova + dma->size;
878 struct vfio_domain *domain, *d;
879 LIST_HEAD(unmapped_region_list);
880 struct iommu_iotlb_gather iotlb_gather;
881 int unmapped_region_cnt = 0;
887 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
891 * We use the IOMMU to track the physical addresses, otherwise we'd
892 * need a much more complicated tracking system. Unfortunately that
893 * means we need to use one of the iommu domains to figure out the
894 * pfns to unpin. The rest need to be unmapped in advance so we have
895 * no iommu translations remaining when the pages are unpinned.
897 domain = d = list_first_entry(&iommu->domain_list,
898 struct vfio_domain, next);
900 list_for_each_entry_continue(d, &iommu->domain_list, next) {
901 iommu_unmap(d->domain, dma->iova, dma->size);
905 iommu_iotlb_gather_init(&iotlb_gather);
907 size_t unmapped, len;
908 phys_addr_t phys, next;
910 phys = iommu_iova_to_phys(domain->domain, iova);
911 if (WARN_ON(!phys)) {
917 * To optimize for fewer iommu_unmap() calls, each of which
918 * may require hardware cache flushing, try to find the
919 * largest contiguous physical memory chunk to unmap.
921 for (len = PAGE_SIZE;
922 !domain->fgsp && iova + len < end; len += PAGE_SIZE) {
923 next = iommu_iova_to_phys(domain->domain, iova + len);
924 if (next != phys + len)
929 * First, try to use fast unmap/unpin. In case of failure,
930 * switch to slow unmap/unpin path.
932 unmapped = unmap_unpin_fast(domain, dma, &iova, len, phys,
933 &unlocked, &unmapped_region_list,
934 &unmapped_region_cnt,
937 unmapped = unmap_unpin_slow(domain, dma, &iova, len,
939 if (WARN_ON(!unmapped))
944 dma->iommu_mapped = false;
946 if (unmapped_region_cnt) {
947 unlocked += vfio_sync_unpin(dma, domain, &unmapped_region_list,
952 vfio_lock_acct(dma, -unlocked, true);
958 static void vfio_remove_dma(struct vfio_iommu *iommu, struct vfio_dma *dma)
960 vfio_unmap_unpin(iommu, dma, true);
961 vfio_unlink_dma(iommu, dma);
962 put_task_struct(dma->task);
963 vfio_dma_bitmap_free(dma);
968 static void vfio_update_pgsize_bitmap(struct vfio_iommu *iommu)
970 struct vfio_domain *domain;
972 iommu->pgsize_bitmap = ULONG_MAX;
974 list_for_each_entry(domain, &iommu->domain_list, next)
975 iommu->pgsize_bitmap &= domain->domain->pgsize_bitmap;
978 * In case the IOMMU supports page sizes smaller than PAGE_SIZE
979 * we pretend PAGE_SIZE is supported and hide sub-PAGE_SIZE sizes.
980 * That way the user will be able to map/unmap buffers whose size/
981 * start address is aligned with PAGE_SIZE. Pinning code uses that
982 * granularity while iommu driver can use the sub-PAGE_SIZE size
985 if (iommu->pgsize_bitmap & ~PAGE_MASK) {
986 iommu->pgsize_bitmap &= PAGE_MASK;
987 iommu->pgsize_bitmap |= PAGE_SIZE;
991 static int update_user_bitmap(u64 __user *bitmap, struct vfio_iommu *iommu,
992 struct vfio_dma *dma, dma_addr_t base_iova,
995 unsigned long pgshift = __ffs(pgsize);
996 unsigned long nbits = dma->size >> pgshift;
997 unsigned long bit_offset = (dma->iova - base_iova) >> pgshift;
998 unsigned long copy_offset = bit_offset / BITS_PER_LONG;
999 unsigned long shift = bit_offset % BITS_PER_LONG;
1000 unsigned long leftover;
1003 * mark all pages dirty if any IOMMU capable device is not able
1004 * to report dirty pages and all pages are pinned and mapped.
1006 if (!iommu->pinned_page_dirty_scope && dma->iommu_mapped)
1007 bitmap_set(dma->bitmap, 0, nbits);
1010 bitmap_shift_left(dma->bitmap, dma->bitmap, shift,
1013 if (copy_from_user(&leftover,
1014 (void __user *)(bitmap + copy_offset),
1018 bitmap_or(dma->bitmap, dma->bitmap, &leftover, shift);
1021 if (copy_to_user((void __user *)(bitmap + copy_offset), dma->bitmap,
1022 DIRTY_BITMAP_BYTES(nbits + shift)))
1028 static int vfio_iova_dirty_bitmap(u64 __user *bitmap, struct vfio_iommu *iommu,
1029 dma_addr_t iova, size_t size, size_t pgsize)
1031 struct vfio_dma *dma;
1033 unsigned long pgshift = __ffs(pgsize);
1037 * GET_BITMAP request must fully cover vfio_dma mappings. Multiple
1038 * vfio_dma mappings may be clubbed by specifying large ranges, but
1039 * there must not be any previous mappings bisected by the range.
1040 * An error will be returned if these conditions are not met.
1042 dma = vfio_find_dma(iommu, iova, 1);
1043 if (dma && dma->iova != iova)
1046 dma = vfio_find_dma(iommu, iova + size - 1, 0);
1047 if (dma && dma->iova + dma->size != iova + size)
1050 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
1051 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
1053 if (dma->iova < iova)
1056 if (dma->iova > iova + size - 1)
1059 ret = update_user_bitmap(bitmap, iommu, dma, iova, pgsize);
1064 * Re-populate bitmap to include all pinned pages which are
1065 * considered as dirty but exclude pages which are unpinned and
1066 * pages which are marked dirty by vfio_dma_rw()
1068 bitmap_clear(dma->bitmap, 0, dma->size >> pgshift);
1069 vfio_dma_populate_bitmap(dma, pgsize);
1074 static int verify_bitmap_size(uint64_t npages, uint64_t bitmap_size)
1076 if (!npages || !bitmap_size || (bitmap_size > DIRTY_BITMAP_SIZE_MAX) ||
1077 (bitmap_size < DIRTY_BITMAP_BYTES(npages)))
1083 static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
1084 struct vfio_iommu_type1_dma_unmap *unmap,
1085 struct vfio_bitmap *bitmap)
1087 struct vfio_dma *dma, *dma_last = NULL;
1088 size_t unmapped = 0, pgsize;
1089 int ret = 0, retries = 0;
1090 unsigned long pgshift;
1092 mutex_lock(&iommu->lock);
1094 pgshift = __ffs(iommu->pgsize_bitmap);
1095 pgsize = (size_t)1 << pgshift;
1097 if (unmap->iova & (pgsize - 1)) {
1102 if (!unmap->size || unmap->size & (pgsize - 1)) {
1107 if (unmap->iova + unmap->size - 1 < unmap->iova ||
1108 unmap->size > SIZE_MAX) {
1113 /* When dirty tracking is enabled, allow only min supported pgsize */
1114 if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) &&
1115 (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) {
1120 WARN_ON((pgsize - 1) & PAGE_MASK);
1123 * vfio-iommu-type1 (v1) - User mappings were coalesced together to
1124 * avoid tracking individual mappings. This means that the granularity
1125 * of the original mapping was lost and the user was allowed to attempt
1126 * to unmap any range. Depending on the contiguousness of physical
1127 * memory and page sizes supported by the IOMMU, arbitrary unmaps may
1128 * or may not have worked. We only guaranteed unmap granularity
1129 * matching the original mapping; even though it was untracked here,
1130 * the original mappings are reflected in IOMMU mappings. This
1131 * resulted in a couple unusual behaviors. First, if a range is not
1132 * able to be unmapped, ex. a set of 4k pages that was mapped as a
1133 * 2M hugepage into the IOMMU, the unmap ioctl returns success but with
1134 * a zero sized unmap. Also, if an unmap request overlaps the first
1135 * address of a hugepage, the IOMMU will unmap the entire hugepage.
1136 * This also returns success and the returned unmap size reflects the
1137 * actual size unmapped.
1139 * We attempt to maintain compatibility with this "v1" interface, but
1140 * we take control out of the hands of the IOMMU. Therefore, an unmap
1141 * request offset from the beginning of the original mapping will
1142 * return success with zero sized unmap. And an unmap request covering
1143 * the first iova of mapping will unmap the entire range.
1145 * The v2 version of this interface intends to be more deterministic.
1146 * Unmap requests must fully cover previous mappings. Multiple
1147 * mappings may still be unmaped by specifying large ranges, but there
1148 * must not be any previous mappings bisected by the range. An error
1149 * will be returned if these conditions are not met. The v2 interface
1150 * will only return success and a size of zero if there were no
1151 * mappings within the range.
1154 dma = vfio_find_dma(iommu, unmap->iova, 1);
1155 if (dma && dma->iova != unmap->iova) {
1159 dma = vfio_find_dma(iommu, unmap->iova + unmap->size - 1, 0);
1160 if (dma && dma->iova + dma->size != unmap->iova + unmap->size) {
1166 while ((dma = vfio_find_dma(iommu, unmap->iova, unmap->size))) {
1167 if (!iommu->v2 && unmap->iova > dma->iova)
1170 * Task with same address space who mapped this iova range is
1171 * allowed to unmap the iova range.
1173 if (dma->task->mm != current->mm)
1176 if (!RB_EMPTY_ROOT(&dma->pfn_list)) {
1177 struct vfio_iommu_type1_dma_unmap nb_unmap;
1179 if (dma_last == dma) {
1180 BUG_ON(++retries > 10);
1186 nb_unmap.iova = dma->iova;
1187 nb_unmap.size = dma->size;
1190 * Notify anyone (mdev vendor drivers) to invalidate and
1191 * unmap iovas within the range we're about to unmap.
1192 * Vendor drivers MUST unpin pages in response to an
1195 mutex_unlock(&iommu->lock);
1196 blocking_notifier_call_chain(&iommu->notifier,
1197 VFIO_IOMMU_NOTIFY_DMA_UNMAP,
1199 mutex_lock(&iommu->lock);
1203 if (unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) {
1204 ret = update_user_bitmap(bitmap->data, iommu, dma,
1205 unmap->iova, pgsize);
1210 unmapped += dma->size;
1211 vfio_remove_dma(iommu, dma);
1215 mutex_unlock(&iommu->lock);
1217 /* Report how much was unmapped */
1218 unmap->size = unmapped;
1223 static int vfio_iommu_map(struct vfio_iommu *iommu, dma_addr_t iova,
1224 unsigned long pfn, long npage, int prot)
1226 struct vfio_domain *d;
1229 list_for_each_entry(d, &iommu->domain_list, next) {
1230 ret = iommu_map(d->domain, iova, (phys_addr_t)pfn << PAGE_SHIFT,
1231 npage << PAGE_SHIFT, prot | d->prot);
1241 list_for_each_entry_continue_reverse(d, &iommu->domain_list, next) {
1242 iommu_unmap(d->domain, iova, npage << PAGE_SHIFT);
1249 static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma,
1252 dma_addr_t iova = dma->iova;
1253 unsigned long vaddr = dma->vaddr;
1254 size_t size = map_size;
1256 unsigned long pfn, limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
1260 /* Pin a contiguous chunk of memory */
1261 npage = vfio_pin_pages_remote(dma, vaddr + dma->size,
1262 size >> PAGE_SHIFT, &pfn, limit);
1270 ret = vfio_iommu_map(iommu, iova + dma->size, pfn, npage,
1273 vfio_unpin_pages_remote(dma, iova + dma->size, pfn,
1278 size -= npage << PAGE_SHIFT;
1279 dma->size += npage << PAGE_SHIFT;
1282 dma->iommu_mapped = true;
1285 vfio_remove_dma(iommu, dma);
1291 * Check dma map request is within a valid iova range
1293 static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu,
1294 dma_addr_t start, dma_addr_t end)
1296 struct list_head *iova = &iommu->iova_list;
1297 struct vfio_iova *node;
1299 list_for_each_entry(node, iova, list) {
1300 if (start >= node->start && end <= node->end)
1305 * Check for list_empty() as well since a container with
1306 * a single mdev device will have an empty list.
1308 return list_empty(iova);
1311 static int vfio_dma_do_map(struct vfio_iommu *iommu,
1312 struct vfio_iommu_type1_dma_map *map)
1314 dma_addr_t iova = map->iova;
1315 unsigned long vaddr = map->vaddr;
1316 size_t size = map->size;
1317 int ret = 0, prot = 0;
1319 struct vfio_dma *dma;
1321 /* Verify that none of our __u64 fields overflow */
1322 if (map->size != size || map->vaddr != vaddr || map->iova != iova)
1325 /* READ/WRITE from device perspective */
1326 if (map->flags & VFIO_DMA_MAP_FLAG_WRITE)
1327 prot |= IOMMU_WRITE;
1328 if (map->flags & VFIO_DMA_MAP_FLAG_READ)
1331 mutex_lock(&iommu->lock);
1333 pgsize = (size_t)1 << __ffs(iommu->pgsize_bitmap);
1335 WARN_ON((pgsize - 1) & PAGE_MASK);
1337 if (!prot || !size || (size | iova | vaddr) & (pgsize - 1)) {
1342 /* Don't allow IOVA or virtual address wrap */
1343 if (iova + size - 1 < iova || vaddr + size - 1 < vaddr) {
1348 if (vfio_find_dma(iommu, iova, size)) {
1353 if (!iommu->dma_avail) {
1358 if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) {
1363 dma = kzalloc(sizeof(*dma), GFP_KERNEL);
1375 * We need to be able to both add to a task's locked memory and test
1376 * against the locked memory limit and we need to be able to do both
1377 * outside of this call path as pinning can be asynchronous via the
1378 * external interfaces for mdev devices. RLIMIT_MEMLOCK requires a
1379 * task_struct and VM locked pages requires an mm_struct, however
1380 * holding an indefinite mm reference is not recommended, therefore we
1381 * only hold a reference to a task. We could hold a reference to
1382 * current, however QEMU uses this call path through vCPU threads,
1383 * which can be killed resulting in a NULL mm and failure in the unmap
1384 * path when called via a different thread. Avoid this problem by
1385 * using the group_leader as threads within the same group require
1386 * both CLONE_THREAD and CLONE_VM and will therefore use the same
1389 * Previously we also used the task for testing CAP_IPC_LOCK at the
1390 * time of pinning and accounting, however has_capability() makes use
1391 * of real_cred, a copy-on-write field, so we can't guarantee that it
1392 * matches group_leader, or in fact that it might not change by the
1393 * time it's evaluated. If a process were to call MAP_DMA with
1394 * CAP_IPC_LOCK but later drop it, it doesn't make sense that they
1395 * possibly see different results for an iommu_mapped vfio_dma vs
1396 * externally mapped. Therefore track CAP_IPC_LOCK in vfio_dma at the
1397 * time of calling MAP_DMA.
1399 get_task_struct(current->group_leader);
1400 dma->task = current->group_leader;
1401 dma->lock_cap = capable(CAP_IPC_LOCK);
1403 dma->pfn_list = RB_ROOT;
1405 /* Insert zero-sized and grow as we map chunks of it */
1406 vfio_link_dma(iommu, dma);
1408 /* Don't pin and map if container doesn't contain IOMMU capable domain*/
1409 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
1412 ret = vfio_pin_map_dma(iommu, dma, size);
1414 if (!ret && iommu->dirty_page_tracking) {
1415 ret = vfio_dma_bitmap_alloc(dma, pgsize);
1417 vfio_remove_dma(iommu, dma);
1421 mutex_unlock(&iommu->lock);
1425 static int vfio_bus_type(struct device *dev, void *data)
1427 struct bus_type **bus = data;
1429 if (*bus && *bus != dev->bus)
1437 static int vfio_iommu_replay(struct vfio_iommu *iommu,
1438 struct vfio_domain *domain)
1440 struct vfio_domain *d = NULL;
1442 unsigned long limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
1445 /* Arbitrarily pick the first domain in the list for lookups */
1446 if (!list_empty(&iommu->domain_list))
1447 d = list_first_entry(&iommu->domain_list,
1448 struct vfio_domain, next);
1450 n = rb_first(&iommu->dma_list);
1452 for (; n; n = rb_next(n)) {
1453 struct vfio_dma *dma;
1456 dma = rb_entry(n, struct vfio_dma, node);
1459 while (iova < dma->iova + dma->size) {
1463 if (dma->iommu_mapped) {
1467 if (WARN_ON(!d)) { /* mapped w/o a domain?! */
1472 phys = iommu_iova_to_phys(d->domain, iova);
1474 if (WARN_ON(!phys)) {
1482 while (i < dma->iova + dma->size &&
1483 p == iommu_iova_to_phys(d->domain, i)) {
1490 unsigned long vaddr = dma->vaddr +
1492 size_t n = dma->iova + dma->size - iova;
1495 npage = vfio_pin_pages_remote(dma, vaddr,
1504 phys = pfn << PAGE_SHIFT;
1505 size = npage << PAGE_SHIFT;
1508 ret = iommu_map(domain->domain, iova, phys,
1509 size, dma->prot | domain->prot);
1511 if (!dma->iommu_mapped)
1512 vfio_unpin_pages_remote(dma, iova,
1523 /* All dmas are now mapped, defer to second tree walk for unwind */
1524 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
1525 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
1527 dma->iommu_mapped = true;
1533 for (; n; n = rb_prev(n)) {
1534 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
1537 if (dma->iommu_mapped) {
1538 iommu_unmap(domain->domain, dma->iova, dma->size);
1543 while (iova < dma->iova + dma->size) {
1544 phys_addr_t phys, p;
1548 phys = iommu_iova_to_phys(domain->domain, iova);
1557 while (i < dma->iova + dma->size &&
1558 p == iommu_iova_to_phys(domain->domain, i)) {
1564 iommu_unmap(domain->domain, iova, size);
1565 vfio_unpin_pages_remote(dma, iova, phys >> PAGE_SHIFT,
1566 size >> PAGE_SHIFT, true);
1574 * We change our unmap behavior slightly depending on whether the IOMMU
1575 * supports fine-grained superpages. IOMMUs like AMD-Vi will use a superpage
1576 * for practically any contiguous power-of-two mapping we give it. This means
1577 * we don't need to look for contiguous chunks ourselves to make unmapping
1578 * more efficient. On IOMMUs with coarse-grained super pages, like Intel VT-d
1579 * with discrete 2M/1G/512G/1T superpages, identifying contiguous chunks
1580 * significantly boosts non-hugetlbfs mappings and doesn't seem to hurt when
1581 * hugetlbfs is in use.
1583 static void vfio_test_domain_fgsp(struct vfio_domain *domain)
1586 int ret, order = get_order(PAGE_SIZE * 2);
1588 pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, order);
1592 ret = iommu_map(domain->domain, 0, page_to_phys(pages), PAGE_SIZE * 2,
1593 IOMMU_READ | IOMMU_WRITE | domain->prot);
1595 size_t unmapped = iommu_unmap(domain->domain, 0, PAGE_SIZE);
1597 if (unmapped == PAGE_SIZE)
1598 iommu_unmap(domain->domain, PAGE_SIZE, PAGE_SIZE);
1600 domain->fgsp = true;
1603 __free_pages(pages, order);
1606 static struct vfio_group *find_iommu_group(struct vfio_domain *domain,
1607 struct iommu_group *iommu_group)
1609 struct vfio_group *g;
1611 list_for_each_entry(g, &domain->group_list, next) {
1612 if (g->iommu_group == iommu_group)
1619 static struct vfio_group *vfio_iommu_find_iommu_group(struct vfio_iommu *iommu,
1620 struct iommu_group *iommu_group)
1622 struct vfio_domain *domain;
1623 struct vfio_group *group = NULL;
1625 list_for_each_entry(domain, &iommu->domain_list, next) {
1626 group = find_iommu_group(domain, iommu_group);
1631 if (iommu->external_domain)
1632 group = find_iommu_group(iommu->external_domain, iommu_group);
1637 static void update_pinned_page_dirty_scope(struct vfio_iommu *iommu)
1639 struct vfio_domain *domain;
1640 struct vfio_group *group;
1642 list_for_each_entry(domain, &iommu->domain_list, next) {
1643 list_for_each_entry(group, &domain->group_list, next) {
1644 if (!group->pinned_page_dirty_scope) {
1645 iommu->pinned_page_dirty_scope = false;
1651 if (iommu->external_domain) {
1652 domain = iommu->external_domain;
1653 list_for_each_entry(group, &domain->group_list, next) {
1654 if (!group->pinned_page_dirty_scope) {
1655 iommu->pinned_page_dirty_scope = false;
1661 iommu->pinned_page_dirty_scope = true;
1664 static bool vfio_iommu_has_sw_msi(struct list_head *group_resv_regions,
1667 struct iommu_resv_region *region;
1670 list_for_each_entry(region, group_resv_regions, list) {
1672 * The presence of any 'real' MSI regions should take
1673 * precedence over the software-managed one if the
1674 * IOMMU driver happens to advertise both types.
1676 if (region->type == IOMMU_RESV_MSI) {
1681 if (region->type == IOMMU_RESV_SW_MSI) {
1682 *base = region->start;
1690 static struct device *vfio_mdev_get_iommu_device(struct device *dev)
1692 struct device *(*fn)(struct device *dev);
1693 struct device *iommu_device;
1695 fn = symbol_get(mdev_get_iommu_device);
1697 iommu_device = fn(dev);
1698 symbol_put(mdev_get_iommu_device);
1700 return iommu_device;
1706 static int vfio_mdev_attach_domain(struct device *dev, void *data)
1708 struct iommu_domain *domain = data;
1709 struct device *iommu_device;
1711 iommu_device = vfio_mdev_get_iommu_device(dev);
1713 if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
1714 return iommu_aux_attach_device(domain, iommu_device);
1716 return iommu_attach_device(domain, iommu_device);
1722 static int vfio_mdev_detach_domain(struct device *dev, void *data)
1724 struct iommu_domain *domain = data;
1725 struct device *iommu_device;
1727 iommu_device = vfio_mdev_get_iommu_device(dev);
1729 if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
1730 iommu_aux_detach_device(domain, iommu_device);
1732 iommu_detach_device(domain, iommu_device);
1738 static int vfio_iommu_attach_group(struct vfio_domain *domain,
1739 struct vfio_group *group)
1741 if (group->mdev_group)
1742 return iommu_group_for_each_dev(group->iommu_group,
1744 vfio_mdev_attach_domain);
1746 return iommu_attach_group(domain->domain, group->iommu_group);
1749 static void vfio_iommu_detach_group(struct vfio_domain *domain,
1750 struct vfio_group *group)
1752 if (group->mdev_group)
1753 iommu_group_for_each_dev(group->iommu_group, domain->domain,
1754 vfio_mdev_detach_domain);
1756 iommu_detach_group(domain->domain, group->iommu_group);
1759 static bool vfio_bus_is_mdev(struct bus_type *bus)
1761 struct bus_type *mdev_bus;
1764 mdev_bus = symbol_get(mdev_bus_type);
1766 ret = (bus == mdev_bus);
1767 symbol_put(mdev_bus_type);
1773 static int vfio_mdev_iommu_device(struct device *dev, void *data)
1775 struct device **old = data, *new;
1777 new = vfio_mdev_get_iommu_device(dev);
1778 if (!new || (*old && *old != new))
1787 * This is a helper function to insert an address range to iova list.
1788 * The list is initially created with a single entry corresponding to
1789 * the IOMMU domain geometry to which the device group is attached.
1790 * The list aperture gets modified when a new domain is added to the
1791 * container if the new aperture doesn't conflict with the current one
1792 * or with any existing dma mappings. The list is also modified to
1793 * exclude any reserved regions associated with the device group.
1795 static int vfio_iommu_iova_insert(struct list_head *head,
1796 dma_addr_t start, dma_addr_t end)
1798 struct vfio_iova *region;
1800 region = kmalloc(sizeof(*region), GFP_KERNEL);
1804 INIT_LIST_HEAD(®ion->list);
1805 region->start = start;
1808 list_add_tail(®ion->list, head);
1813 * Check the new iommu aperture conflicts with existing aper or with any
1814 * existing dma mappings.
1816 static bool vfio_iommu_aper_conflict(struct vfio_iommu *iommu,
1817 dma_addr_t start, dma_addr_t end)
1819 struct vfio_iova *first, *last;
1820 struct list_head *iova = &iommu->iova_list;
1822 if (list_empty(iova))
1825 /* Disjoint sets, return conflict */
1826 first = list_first_entry(iova, struct vfio_iova, list);
1827 last = list_last_entry(iova, struct vfio_iova, list);
1828 if (start > last->end || end < first->start)
1831 /* Check for any existing dma mappings below the new start */
1832 if (start > first->start) {
1833 if (vfio_find_dma(iommu, first->start, start - first->start))
1837 /* Check for any existing dma mappings beyond the new end */
1838 if (end < last->end) {
1839 if (vfio_find_dma(iommu, end + 1, last->end - end))
1847 * Resize iommu iova aperture window. This is called only if the new
1848 * aperture has no conflict with existing aperture and dma mappings.
1850 static int vfio_iommu_aper_resize(struct list_head *iova,
1851 dma_addr_t start, dma_addr_t end)
1853 struct vfio_iova *node, *next;
1855 if (list_empty(iova))
1856 return vfio_iommu_iova_insert(iova, start, end);
1858 /* Adjust iova list start */
1859 list_for_each_entry_safe(node, next, iova, list) {
1860 if (start < node->start)
1862 if (start >= node->start && start < node->end) {
1863 node->start = start;
1866 /* Delete nodes before new start */
1867 list_del(&node->list);
1871 /* Adjust iova list end */
1872 list_for_each_entry_safe(node, next, iova, list) {
1873 if (end > node->end)
1875 if (end > node->start && end <= node->end) {
1879 /* Delete nodes after new end */
1880 list_del(&node->list);
1888 * Check reserved region conflicts with existing dma mappings
1890 static bool vfio_iommu_resv_conflict(struct vfio_iommu *iommu,
1891 struct list_head *resv_regions)
1893 struct iommu_resv_region *region;
1895 /* Check for conflict with existing dma mappings */
1896 list_for_each_entry(region, resv_regions, list) {
1897 if (region->type == IOMMU_RESV_DIRECT_RELAXABLE)
1900 if (vfio_find_dma(iommu, region->start, region->length))
1908 * Check iova region overlap with reserved regions and
1909 * exclude them from the iommu iova range
1911 static int vfio_iommu_resv_exclude(struct list_head *iova,
1912 struct list_head *resv_regions)
1914 struct iommu_resv_region *resv;
1915 struct vfio_iova *n, *next;
1917 list_for_each_entry(resv, resv_regions, list) {
1918 phys_addr_t start, end;
1920 if (resv->type == IOMMU_RESV_DIRECT_RELAXABLE)
1923 start = resv->start;
1924 end = resv->start + resv->length - 1;
1926 list_for_each_entry_safe(n, next, iova, list) {
1930 if (start > n->end || end < n->start)
1933 * Insert a new node if current node overlaps with the
1934 * reserve region to exlude that from valid iova range.
1935 * Note that, new node is inserted before the current
1936 * node and finally the current node is deleted keeping
1937 * the list updated and sorted.
1939 if (start > n->start)
1940 ret = vfio_iommu_iova_insert(&n->list, n->start,
1942 if (!ret && end < n->end)
1943 ret = vfio_iommu_iova_insert(&n->list, end + 1,
1953 if (list_empty(iova))
1959 static void vfio_iommu_resv_free(struct list_head *resv_regions)
1961 struct iommu_resv_region *n, *next;
1963 list_for_each_entry_safe(n, next, resv_regions, list) {
1969 static void vfio_iommu_iova_free(struct list_head *iova)
1971 struct vfio_iova *n, *next;
1973 list_for_each_entry_safe(n, next, iova, list) {
1979 static int vfio_iommu_iova_get_copy(struct vfio_iommu *iommu,
1980 struct list_head *iova_copy)
1982 struct list_head *iova = &iommu->iova_list;
1983 struct vfio_iova *n;
1986 list_for_each_entry(n, iova, list) {
1987 ret = vfio_iommu_iova_insert(iova_copy, n->start, n->end);
1995 vfio_iommu_iova_free(iova_copy);
1999 static void vfio_iommu_iova_insert_copy(struct vfio_iommu *iommu,
2000 struct list_head *iova_copy)
2002 struct list_head *iova = &iommu->iova_list;
2004 vfio_iommu_iova_free(iova);
2006 list_splice_tail(iova_copy, iova);
2009 static int vfio_iommu_type1_attach_group(void *iommu_data,
2010 struct iommu_group *iommu_group)
2012 struct vfio_iommu *iommu = iommu_data;
2013 struct vfio_group *group;
2014 struct vfio_domain *domain, *d;
2015 struct bus_type *bus = NULL;
2017 bool resv_msi, msi_remap;
2018 phys_addr_t resv_msi_base = 0;
2019 struct iommu_domain_geometry geo;
2020 LIST_HEAD(iova_copy);
2021 LIST_HEAD(group_resv_regions);
2023 mutex_lock(&iommu->lock);
2025 /* Check for duplicates */
2026 if (vfio_iommu_find_iommu_group(iommu, iommu_group)) {
2027 mutex_unlock(&iommu->lock);
2031 group = kzalloc(sizeof(*group), GFP_KERNEL);
2032 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
2033 if (!group || !domain) {
2038 group->iommu_group = iommu_group;
2040 /* Determine bus_type in order to allocate a domain */
2041 ret = iommu_group_for_each_dev(iommu_group, &bus, vfio_bus_type);
2045 if (vfio_bus_is_mdev(bus)) {
2046 struct device *iommu_device = NULL;
2048 group->mdev_group = true;
2050 /* Determine the isolation type */
2051 ret = iommu_group_for_each_dev(iommu_group, &iommu_device,
2052 vfio_mdev_iommu_device);
2053 if (ret || !iommu_device) {
2054 if (!iommu->external_domain) {
2055 INIT_LIST_HEAD(&domain->group_list);
2056 iommu->external_domain = domain;
2057 vfio_update_pgsize_bitmap(iommu);
2062 list_add(&group->next,
2063 &iommu->external_domain->group_list);
2065 * Non-iommu backed group cannot dirty memory directly,
2066 * it can only use interfaces that provide dirty
2068 * The iommu scope can only be promoted with the
2069 * addition of a dirty tracking group.
2071 group->pinned_page_dirty_scope = true;
2072 if (!iommu->pinned_page_dirty_scope)
2073 update_pinned_page_dirty_scope(iommu);
2074 mutex_unlock(&iommu->lock);
2079 bus = iommu_device->bus;
2082 domain->domain = iommu_domain_alloc(bus);
2083 if (!domain->domain) {
2088 if (iommu->nesting) {
2091 ret = iommu_domain_set_attr(domain->domain, DOMAIN_ATTR_NESTING,
2097 ret = vfio_iommu_attach_group(domain, group);
2101 /* Get aperture info */
2102 iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY, &geo);
2104 if (vfio_iommu_aper_conflict(iommu, geo.aperture_start,
2105 geo.aperture_end)) {
2110 ret = iommu_get_group_resv_regions(iommu_group, &group_resv_regions);
2114 if (vfio_iommu_resv_conflict(iommu, &group_resv_regions)) {
2120 * We don't want to work on the original iova list as the list
2121 * gets modified and in case of failure we have to retain the
2122 * original list. Get a copy here.
2124 ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
2128 ret = vfio_iommu_aper_resize(&iova_copy, geo.aperture_start,
2133 ret = vfio_iommu_resv_exclude(&iova_copy, &group_resv_regions);
2137 resv_msi = vfio_iommu_has_sw_msi(&group_resv_regions, &resv_msi_base);
2139 INIT_LIST_HEAD(&domain->group_list);
2140 list_add(&group->next, &domain->group_list);
2142 msi_remap = irq_domain_check_msi_remap() ||
2143 iommu_capable(bus, IOMMU_CAP_INTR_REMAP);
2145 if (!allow_unsafe_interrupts && !msi_remap) {
2146 pr_warn("%s: No interrupt remapping support. Use the module param \"allow_unsafe_interrupts\" to enable VFIO IOMMU support on this platform\n",
2152 if (iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
2153 domain->prot |= IOMMU_CACHE;
2156 * Try to match an existing compatible domain. We don't want to
2157 * preclude an IOMMU driver supporting multiple bus_types and being
2158 * able to include different bus_types in the same IOMMU domain, so
2159 * we test whether the domains use the same iommu_ops rather than
2160 * testing if they're on the same bus_type.
2162 list_for_each_entry(d, &iommu->domain_list, next) {
2163 if (d->domain->ops == domain->domain->ops &&
2164 d->prot == domain->prot) {
2165 vfio_iommu_detach_group(domain, group);
2166 if (!vfio_iommu_attach_group(d, group)) {
2167 list_add(&group->next, &d->group_list);
2168 iommu_domain_free(domain->domain);
2173 ret = vfio_iommu_attach_group(domain, group);
2179 vfio_test_domain_fgsp(domain);
2181 /* replay mappings on new domains */
2182 ret = vfio_iommu_replay(iommu, domain);
2187 ret = iommu_get_msi_cookie(domain->domain, resv_msi_base);
2188 if (ret && ret != -ENODEV)
2192 list_add(&domain->next, &iommu->domain_list);
2193 vfio_update_pgsize_bitmap(iommu);
2195 /* Delete the old one and insert new iova list */
2196 vfio_iommu_iova_insert_copy(iommu, &iova_copy);
2199 * An iommu backed group can dirty memory directly and therefore
2200 * demotes the iommu scope until it declares itself dirty tracking
2201 * capable via the page pinning interface.
2203 iommu->pinned_page_dirty_scope = false;
2204 mutex_unlock(&iommu->lock);
2205 vfio_iommu_resv_free(&group_resv_regions);
2210 vfio_iommu_detach_group(domain, group);
2212 iommu_domain_free(domain->domain);
2213 vfio_iommu_iova_free(&iova_copy);
2214 vfio_iommu_resv_free(&group_resv_regions);
2218 mutex_unlock(&iommu->lock);
2222 static void vfio_iommu_unmap_unpin_all(struct vfio_iommu *iommu)
2224 struct rb_node *node;
2226 while ((node = rb_first(&iommu->dma_list)))
2227 vfio_remove_dma(iommu, rb_entry(node, struct vfio_dma, node));
2230 static void vfio_iommu_unmap_unpin_reaccount(struct vfio_iommu *iommu)
2232 struct rb_node *n, *p;
2234 n = rb_first(&iommu->dma_list);
2235 for (; n; n = rb_next(n)) {
2236 struct vfio_dma *dma;
2237 long locked = 0, unlocked = 0;
2239 dma = rb_entry(n, struct vfio_dma, node);
2240 unlocked += vfio_unmap_unpin(iommu, dma, false);
2241 p = rb_first(&dma->pfn_list);
2242 for (; p; p = rb_next(p)) {
2243 struct vfio_pfn *vpfn = rb_entry(p, struct vfio_pfn,
2246 if (!is_invalid_reserved_pfn(vpfn->pfn))
2249 vfio_lock_acct(dma, locked - unlocked, true);
2253 static void vfio_sanity_check_pfn_list(struct vfio_iommu *iommu)
2257 n = rb_first(&iommu->dma_list);
2258 for (; n; n = rb_next(n)) {
2259 struct vfio_dma *dma;
2261 dma = rb_entry(n, struct vfio_dma, node);
2263 if (WARN_ON(!RB_EMPTY_ROOT(&dma->pfn_list)))
2266 /* mdev vendor driver must unregister notifier */
2267 WARN_ON(iommu->notifier.head);
2271 * Called when a domain is removed in detach. It is possible that
2272 * the removed domain decided the iova aperture window. Modify the
2273 * iova aperture with the smallest window among existing domains.
2275 static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
2276 struct list_head *iova_copy)
2278 struct vfio_domain *domain;
2279 struct iommu_domain_geometry geo;
2280 struct vfio_iova *node;
2281 dma_addr_t start = 0;
2282 dma_addr_t end = (dma_addr_t)~0;
2284 if (list_empty(iova_copy))
2287 list_for_each_entry(domain, &iommu->domain_list, next) {
2288 iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
2290 if (geo.aperture_start > start)
2291 start = geo.aperture_start;
2292 if (geo.aperture_end < end)
2293 end = geo.aperture_end;
2296 /* Modify aperture limits. The new aper is either same or bigger */
2297 node = list_first_entry(iova_copy, struct vfio_iova, list);
2298 node->start = start;
2299 node = list_last_entry(iova_copy, struct vfio_iova, list);
2304 * Called when a group is detached. The reserved regions for that
2305 * group can be part of valid iova now. But since reserved regions
2306 * may be duplicated among groups, populate the iova valid regions
2309 static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
2310 struct list_head *iova_copy)
2312 struct vfio_domain *d;
2313 struct vfio_group *g;
2314 struct vfio_iova *node;
2315 dma_addr_t start, end;
2316 LIST_HEAD(resv_regions);
2319 if (list_empty(iova_copy))
2322 list_for_each_entry(d, &iommu->domain_list, next) {
2323 list_for_each_entry(g, &d->group_list, next) {
2324 ret = iommu_get_group_resv_regions(g->iommu_group,
2331 node = list_first_entry(iova_copy, struct vfio_iova, list);
2332 start = node->start;
2333 node = list_last_entry(iova_copy, struct vfio_iova, list);
2336 /* purge the iova list and create new one */
2337 vfio_iommu_iova_free(iova_copy);
2339 ret = vfio_iommu_aper_resize(iova_copy, start, end);
2343 /* Exclude current reserved regions from iova ranges */
2344 ret = vfio_iommu_resv_exclude(iova_copy, &resv_regions);
2346 vfio_iommu_resv_free(&resv_regions);
2350 static void vfio_iommu_type1_detach_group(void *iommu_data,
2351 struct iommu_group *iommu_group)
2353 struct vfio_iommu *iommu = iommu_data;
2354 struct vfio_domain *domain;
2355 struct vfio_group *group;
2356 bool update_dirty_scope = false;
2357 LIST_HEAD(iova_copy);
2359 mutex_lock(&iommu->lock);
2361 if (iommu->external_domain) {
2362 group = find_iommu_group(iommu->external_domain, iommu_group);
2364 update_dirty_scope = !group->pinned_page_dirty_scope;
2365 list_del(&group->next);
2368 if (list_empty(&iommu->external_domain->group_list)) {
2369 vfio_sanity_check_pfn_list(iommu);
2371 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
2372 vfio_iommu_unmap_unpin_all(iommu);
2374 kfree(iommu->external_domain);
2375 iommu->external_domain = NULL;
2377 goto detach_group_done;
2382 * Get a copy of iova list. This will be used to update
2383 * and to replace the current one later. Please note that
2384 * we will leave the original list as it is if update fails.
2386 vfio_iommu_iova_get_copy(iommu, &iova_copy);
2388 list_for_each_entry(domain, &iommu->domain_list, next) {
2389 group = find_iommu_group(domain, iommu_group);
2393 vfio_iommu_detach_group(domain, group);
2394 update_dirty_scope = !group->pinned_page_dirty_scope;
2395 list_del(&group->next);
2398 * Group ownership provides privilege, if the group list is
2399 * empty, the domain goes away. If it's the last domain with
2400 * iommu and external domain doesn't exist, then all the
2401 * mappings go away too. If it's the last domain with iommu and
2402 * external domain exist, update accounting
2404 if (list_empty(&domain->group_list)) {
2405 if (list_is_singular(&iommu->domain_list)) {
2406 if (!iommu->external_domain)
2407 vfio_iommu_unmap_unpin_all(iommu);
2409 vfio_iommu_unmap_unpin_reaccount(iommu);
2411 iommu_domain_free(domain->domain);
2412 list_del(&domain->next);
2414 vfio_iommu_aper_expand(iommu, &iova_copy);
2415 vfio_update_pgsize_bitmap(iommu);
2420 if (!vfio_iommu_resv_refresh(iommu, &iova_copy))
2421 vfio_iommu_iova_insert_copy(iommu, &iova_copy);
2423 vfio_iommu_iova_free(&iova_copy);
2427 * Removal of a group without dirty tracking may allow the iommu scope
2430 if (update_dirty_scope) {
2431 update_pinned_page_dirty_scope(iommu);
2432 if (iommu->dirty_page_tracking)
2433 vfio_iommu_populate_bitmap_full(iommu);
2435 mutex_unlock(&iommu->lock);
2438 static void *vfio_iommu_type1_open(unsigned long arg)
2440 struct vfio_iommu *iommu;
2442 iommu = kzalloc(sizeof(*iommu), GFP_KERNEL);
2444 return ERR_PTR(-ENOMEM);
2447 case VFIO_TYPE1_IOMMU:
2449 case VFIO_TYPE1_NESTING_IOMMU:
2450 iommu->nesting = true;
2452 case VFIO_TYPE1v2_IOMMU:
2457 return ERR_PTR(-EINVAL);
2460 INIT_LIST_HEAD(&iommu->domain_list);
2461 INIT_LIST_HEAD(&iommu->iova_list);
2462 iommu->dma_list = RB_ROOT;
2463 iommu->dma_avail = dma_entry_limit;
2464 mutex_init(&iommu->lock);
2465 BLOCKING_INIT_NOTIFIER_HEAD(&iommu->notifier);
2470 static void vfio_release_domain(struct vfio_domain *domain, bool external)
2472 struct vfio_group *group, *group_tmp;
2474 list_for_each_entry_safe(group, group_tmp,
2475 &domain->group_list, next) {
2477 vfio_iommu_detach_group(domain, group);
2478 list_del(&group->next);
2483 iommu_domain_free(domain->domain);
2486 static void vfio_iommu_type1_release(void *iommu_data)
2488 struct vfio_iommu *iommu = iommu_data;
2489 struct vfio_domain *domain, *domain_tmp;
2491 if (iommu->external_domain) {
2492 vfio_release_domain(iommu->external_domain, true);
2493 vfio_sanity_check_pfn_list(iommu);
2494 kfree(iommu->external_domain);
2497 vfio_iommu_unmap_unpin_all(iommu);
2499 list_for_each_entry_safe(domain, domain_tmp,
2500 &iommu->domain_list, next) {
2501 vfio_release_domain(domain, false);
2502 list_del(&domain->next);
2506 vfio_iommu_iova_free(&iommu->iova_list);
2511 static int vfio_domains_have_iommu_cache(struct vfio_iommu *iommu)
2513 struct vfio_domain *domain;
2516 mutex_lock(&iommu->lock);
2517 list_for_each_entry(domain, &iommu->domain_list, next) {
2518 if (!(domain->prot & IOMMU_CACHE)) {
2523 mutex_unlock(&iommu->lock);
2528 static int vfio_iommu_type1_check_extension(struct vfio_iommu *iommu,
2532 case VFIO_TYPE1_IOMMU:
2533 case VFIO_TYPE1v2_IOMMU:
2534 case VFIO_TYPE1_NESTING_IOMMU:
2536 case VFIO_DMA_CC_IOMMU:
2539 return vfio_domains_have_iommu_cache(iommu);
2545 static int vfio_iommu_iova_add_cap(struct vfio_info_cap *caps,
2546 struct vfio_iommu_type1_info_cap_iova_range *cap_iovas,
2549 struct vfio_info_cap_header *header;
2550 struct vfio_iommu_type1_info_cap_iova_range *iova_cap;
2552 header = vfio_info_cap_add(caps, size,
2553 VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE, 1);
2555 return PTR_ERR(header);
2557 iova_cap = container_of(header,
2558 struct vfio_iommu_type1_info_cap_iova_range,
2560 iova_cap->nr_iovas = cap_iovas->nr_iovas;
2561 memcpy(iova_cap->iova_ranges, cap_iovas->iova_ranges,
2562 cap_iovas->nr_iovas * sizeof(*cap_iovas->iova_ranges));
2566 static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
2567 struct vfio_info_cap *caps)
2569 struct vfio_iommu_type1_info_cap_iova_range *cap_iovas;
2570 struct vfio_iova *iova;
2572 int iovas = 0, i = 0, ret;
2574 list_for_each_entry(iova, &iommu->iova_list, list)
2579 * Return 0 as a container with a single mdev device
2580 * will have an empty list
2585 size = sizeof(*cap_iovas) + (iovas * sizeof(*cap_iovas->iova_ranges));
2587 cap_iovas = kzalloc(size, GFP_KERNEL);
2591 cap_iovas->nr_iovas = iovas;
2593 list_for_each_entry(iova, &iommu->iova_list, list) {
2594 cap_iovas->iova_ranges[i].start = iova->start;
2595 cap_iovas->iova_ranges[i].end = iova->end;
2599 ret = vfio_iommu_iova_add_cap(caps, cap_iovas, size);
2605 static int vfio_iommu_migration_build_caps(struct vfio_iommu *iommu,
2606 struct vfio_info_cap *caps)
2608 struct vfio_iommu_type1_info_cap_migration cap_mig;
2610 cap_mig.header.id = VFIO_IOMMU_TYPE1_INFO_CAP_MIGRATION;
2611 cap_mig.header.version = 1;
2614 /* support minimum pgsize */
2615 cap_mig.pgsize_bitmap = (size_t)1 << __ffs(iommu->pgsize_bitmap);
2616 cap_mig.max_dirty_bitmap_size = DIRTY_BITMAP_SIZE_MAX;
2618 return vfio_info_add_capability(caps, &cap_mig.header, sizeof(cap_mig));
2621 static int vfio_iommu_dma_avail_build_caps(struct vfio_iommu *iommu,
2622 struct vfio_info_cap *caps)
2624 struct vfio_iommu_type1_info_dma_avail cap_dma_avail;
2626 cap_dma_avail.header.id = VFIO_IOMMU_TYPE1_INFO_DMA_AVAIL;
2627 cap_dma_avail.header.version = 1;
2629 cap_dma_avail.avail = iommu->dma_avail;
2631 return vfio_info_add_capability(caps, &cap_dma_avail.header,
2632 sizeof(cap_dma_avail));
2635 static int vfio_iommu_type1_get_info(struct vfio_iommu *iommu,
2638 struct vfio_iommu_type1_info info;
2639 unsigned long minsz;
2640 struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
2641 unsigned long capsz;
2644 minsz = offsetofend(struct vfio_iommu_type1_info, iova_pgsizes);
2646 /* For backward compatibility, cannot require this */
2647 capsz = offsetofend(struct vfio_iommu_type1_info, cap_offset);
2649 if (copy_from_user(&info, (void __user *)arg, minsz))
2652 if (info.argsz < minsz)
2655 if (info.argsz >= capsz) {
2657 info.cap_offset = 0; /* output, no-recopy necessary */
2660 mutex_lock(&iommu->lock);
2661 info.flags = VFIO_IOMMU_INFO_PGSIZES;
2663 info.iova_pgsizes = iommu->pgsize_bitmap;
2665 ret = vfio_iommu_migration_build_caps(iommu, &caps);
2668 ret = vfio_iommu_dma_avail_build_caps(iommu, &caps);
2671 ret = vfio_iommu_iova_build_caps(iommu, &caps);
2673 mutex_unlock(&iommu->lock);
2679 info.flags |= VFIO_IOMMU_INFO_CAPS;
2681 if (info.argsz < sizeof(info) + caps.size) {
2682 info.argsz = sizeof(info) + caps.size;
2684 vfio_info_cap_shift(&caps, sizeof(info));
2685 if (copy_to_user((void __user *)arg +
2686 sizeof(info), caps.buf,
2691 info.cap_offset = sizeof(info);
2697 return copy_to_user((void __user *)arg, &info, minsz) ?
2701 static int vfio_iommu_type1_map_dma(struct vfio_iommu *iommu,
2704 struct vfio_iommu_type1_dma_map map;
2705 unsigned long minsz;
2706 uint32_t mask = VFIO_DMA_MAP_FLAG_READ | VFIO_DMA_MAP_FLAG_WRITE;
2708 minsz = offsetofend(struct vfio_iommu_type1_dma_map, size);
2710 if (copy_from_user(&map, (void __user *)arg, minsz))
2713 if (map.argsz < minsz || map.flags & ~mask)
2716 return vfio_dma_do_map(iommu, &map);
2719 static int vfio_iommu_type1_unmap_dma(struct vfio_iommu *iommu,
2722 struct vfio_iommu_type1_dma_unmap unmap;
2723 struct vfio_bitmap bitmap = { 0 };
2724 unsigned long minsz;
2727 minsz = offsetofend(struct vfio_iommu_type1_dma_unmap, size);
2729 if (copy_from_user(&unmap, (void __user *)arg, minsz))
2732 if (unmap.argsz < minsz ||
2733 unmap.flags & ~VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP)
2736 if (unmap.flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) {
2737 unsigned long pgshift;
2739 if (unmap.argsz < (minsz + sizeof(bitmap)))
2742 if (copy_from_user(&bitmap,
2743 (void __user *)(arg + minsz),
2747 if (!access_ok((void __user *)bitmap.data, bitmap.size))
2750 pgshift = __ffs(bitmap.pgsize);
2751 ret = verify_bitmap_size(unmap.size >> pgshift,
2757 ret = vfio_dma_do_unmap(iommu, &unmap, &bitmap);
2761 return copy_to_user((void __user *)arg, &unmap, minsz) ?
2765 static int vfio_iommu_type1_dirty_pages(struct vfio_iommu *iommu,
2768 struct vfio_iommu_type1_dirty_bitmap dirty;
2769 uint32_t mask = VFIO_IOMMU_DIRTY_PAGES_FLAG_START |
2770 VFIO_IOMMU_DIRTY_PAGES_FLAG_STOP |
2771 VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP;
2772 unsigned long minsz;
2778 minsz = offsetofend(struct vfio_iommu_type1_dirty_bitmap, flags);
2780 if (copy_from_user(&dirty, (void __user *)arg, minsz))
2783 if (dirty.argsz < minsz || dirty.flags & ~mask)
2786 /* only one flag should be set at a time */
2787 if (__ffs(dirty.flags) != __fls(dirty.flags))
2790 if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_START) {
2793 mutex_lock(&iommu->lock);
2794 pgsize = 1 << __ffs(iommu->pgsize_bitmap);
2795 if (!iommu->dirty_page_tracking) {
2796 ret = vfio_dma_bitmap_alloc_all(iommu, pgsize);
2798 iommu->dirty_page_tracking = true;
2800 mutex_unlock(&iommu->lock);
2802 } else if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_STOP) {
2803 mutex_lock(&iommu->lock);
2804 if (iommu->dirty_page_tracking) {
2805 iommu->dirty_page_tracking = false;
2806 vfio_dma_bitmap_free_all(iommu);
2808 mutex_unlock(&iommu->lock);
2810 } else if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP) {
2811 struct vfio_iommu_type1_dirty_bitmap_get range;
2812 unsigned long pgshift;
2813 size_t data_size = dirty.argsz - minsz;
2814 size_t iommu_pgsize;
2816 if (!data_size || data_size < sizeof(range))
2819 if (copy_from_user(&range, (void __user *)(arg + minsz),
2823 if (range.iova + range.size < range.iova)
2825 if (!access_ok((void __user *)range.bitmap.data,
2829 pgshift = __ffs(range.bitmap.pgsize);
2830 ret = verify_bitmap_size(range.size >> pgshift,
2835 mutex_lock(&iommu->lock);
2837 iommu_pgsize = (size_t)1 << __ffs(iommu->pgsize_bitmap);
2839 /* allow only smallest supported pgsize */
2840 if (range.bitmap.pgsize != iommu_pgsize) {
2844 if (range.iova & (iommu_pgsize - 1)) {
2848 if (!range.size || range.size & (iommu_pgsize - 1)) {
2853 if (iommu->dirty_page_tracking)
2854 ret = vfio_iova_dirty_bitmap(range.bitmap.data,
2857 range.bitmap.pgsize);
2861 mutex_unlock(&iommu->lock);
2869 static long vfio_iommu_type1_ioctl(void *iommu_data,
2870 unsigned int cmd, unsigned long arg)
2872 struct vfio_iommu *iommu = iommu_data;
2875 case VFIO_CHECK_EXTENSION:
2876 return vfio_iommu_type1_check_extension(iommu, arg);
2877 case VFIO_IOMMU_GET_INFO:
2878 return vfio_iommu_type1_get_info(iommu, arg);
2879 case VFIO_IOMMU_MAP_DMA:
2880 return vfio_iommu_type1_map_dma(iommu, arg);
2881 case VFIO_IOMMU_UNMAP_DMA:
2882 return vfio_iommu_type1_unmap_dma(iommu, arg);
2883 case VFIO_IOMMU_DIRTY_PAGES:
2884 return vfio_iommu_type1_dirty_pages(iommu, arg);
2890 static int vfio_iommu_type1_register_notifier(void *iommu_data,
2891 unsigned long *events,
2892 struct notifier_block *nb)
2894 struct vfio_iommu *iommu = iommu_data;
2896 /* clear known events */
2897 *events &= ~VFIO_IOMMU_NOTIFY_DMA_UNMAP;
2899 /* refuse to register if still events remaining */
2903 return blocking_notifier_chain_register(&iommu->notifier, nb);
2906 static int vfio_iommu_type1_unregister_notifier(void *iommu_data,
2907 struct notifier_block *nb)
2909 struct vfio_iommu *iommu = iommu_data;
2911 return blocking_notifier_chain_unregister(&iommu->notifier, nb);
2914 static int vfio_iommu_type1_dma_rw_chunk(struct vfio_iommu *iommu,
2915 dma_addr_t user_iova, void *data,
2916 size_t count, bool write,
2919 struct mm_struct *mm;
2920 unsigned long vaddr;
2921 struct vfio_dma *dma;
2922 bool kthread = current->mm == NULL;
2927 dma = vfio_find_dma(iommu, user_iova, 1);
2931 if ((write && !(dma->prot & IOMMU_WRITE)) ||
2932 !(dma->prot & IOMMU_READ))
2935 mm = get_task_mm(dma->task);
2942 else if (current->mm != mm)
2945 offset = user_iova - dma->iova;
2947 if (count > dma->size - offset)
2948 count = dma->size - offset;
2950 vaddr = dma->vaddr + offset;
2953 *copied = copy_to_user((void __user *)vaddr, data,
2955 if (*copied && iommu->dirty_page_tracking) {
2956 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
2958 * Bitmap populated with the smallest supported page
2961 bitmap_set(dma->bitmap, offset >> pgshift,
2962 ((offset + *copied - 1) >> pgshift) -
2963 (offset >> pgshift) + 1);
2966 *copied = copy_from_user(data, (void __user *)vaddr,
2969 kthread_unuse_mm(mm);
2972 return *copied ? 0 : -EFAULT;
2975 static int vfio_iommu_type1_dma_rw(void *iommu_data, dma_addr_t user_iova,
2976 void *data, size_t count, bool write)
2978 struct vfio_iommu *iommu = iommu_data;
2982 mutex_lock(&iommu->lock);
2984 ret = vfio_iommu_type1_dma_rw_chunk(iommu, user_iova, data,
2985 count, write, &done);
2994 mutex_unlock(&iommu->lock);
2998 static struct iommu_domain *
2999 vfio_iommu_type1_group_iommu_domain(void *iommu_data,
3000 struct iommu_group *iommu_group)
3002 struct iommu_domain *domain = ERR_PTR(-ENODEV);
3003 struct vfio_iommu *iommu = iommu_data;
3004 struct vfio_domain *d;
3006 if (!iommu || !iommu_group)
3007 return ERR_PTR(-EINVAL);
3009 mutex_lock(&iommu->lock);
3010 list_for_each_entry(d, &iommu->domain_list, next) {
3011 if (find_iommu_group(d, iommu_group)) {
3016 mutex_unlock(&iommu->lock);
3021 static const struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1 = {
3022 .name = "vfio-iommu-type1",
3023 .owner = THIS_MODULE,
3024 .open = vfio_iommu_type1_open,
3025 .release = vfio_iommu_type1_release,
3026 .ioctl = vfio_iommu_type1_ioctl,
3027 .attach_group = vfio_iommu_type1_attach_group,
3028 .detach_group = vfio_iommu_type1_detach_group,
3029 .pin_pages = vfio_iommu_type1_pin_pages,
3030 .unpin_pages = vfio_iommu_type1_unpin_pages,
3031 .register_notifier = vfio_iommu_type1_register_notifier,
3032 .unregister_notifier = vfio_iommu_type1_unregister_notifier,
3033 .dma_rw = vfio_iommu_type1_dma_rw,
3034 .group_iommu_domain = vfio_iommu_type1_group_iommu_domain,
3037 static int __init vfio_iommu_type1_init(void)
3039 return vfio_register_iommu_driver(&vfio_iommu_driver_ops_type1);
3042 static void __exit vfio_iommu_type1_cleanup(void)
3044 vfio_unregister_iommu_driver(&vfio_iommu_driver_ops_type1);
3047 module_init(vfio_iommu_type1_init);
3048 module_exit(vfio_iommu_type1_cleanup);
3050 MODULE_VERSION(DRIVER_VERSION);
3051 MODULE_LICENSE("GPL v2");
3052 MODULE_AUTHOR(DRIVER_AUTHOR);
3053 MODULE_DESCRIPTION(DRIVER_DESC);
projects / linux-2.6-microblaze.git / blob