Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

author Linus Torvalds <torvalds@linux-foundation.org>

Sat, 11 Sep 2021 21:48:42 +0000 (14:48 -0700)

committer Linus Torvalds <torvalds@linux-foundation.org>

Sat, 11 Sep 2021 21:48:42 +0000 (14:48 -0700)
author Linus Torvalds <torvalds@linux-foundation.org>
Sat, 11 Sep 2021 21:48:42 +0000 (14:48 -0700)
committer Linus Torvalds <torvalds@linux-foundation.org>
Sat, 11 Sep 2021 21:48:42 +0000 (14:48 -0700)
diff --combined Documentation/userspace-api/ioctl/ioctl-number.rst

index b7070d7,293ca3a..2e81340
--- 1/Documentation/userspace-api/ioctl/ioctl-number.rst
--- 2/Documentation/userspace-api/ioctl/ioctl-number.rst
+++ b/Documentation/userspace-api/ioctl/ioctl-number.rst
@@@ -160,6 -160,7 +160,6 @@@ Code  Seq#    Include Fil
   'K'   all    linux/kd.h
   'L'   00-1F  linux/loop.h                                            conflict!
   'L'   10-1F  drivers/scsi/mpt3sas/mpt3sas_ctl.h                      conflict!
- -'L'   20-2F  linux/lightnvm.h
   'L'   E0-FF  linux/ppdd.h                                            encrypted disk device driver
                                                                        <http://linux01.gwdg.de/~alatham/ppdd.html>
   'M'   all    linux/soundcard.h                                       conflict!
@@@ -299,6 -300,7 +299,7 @@@
   'z'   10-4F  drivers/s390/crypto/zcrypt_api.h                        conflict!
   '|'   00-7F  linux/media.h
   0x80  00-1F  linux/fb.h
+ 0x81  00-1F  linux/vduse.h
   0x89  00-06  arch/x86/include/asm/sockios.h
   0x89  0B-DF  linux/sockios.h
   0x89  E0-EF  linux/sockios.h                                         SIOCPROTOPRIVATE range
diff --combined drivers/block/virtio_blk.c

index 57c6ae7,e574fbf..9b3bd08
--- 1/drivers/block/virtio_blk.c
--- 2/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@@ -166,8 -166,11 +166,8 @@@ static inline void virtblk_request_done
   {
         struct virtblk_req *vbr = blk_mq_rq_to_pdu(req);
   
- -      if (req->rq_flags & RQF_SPECIAL_PAYLOAD) {
- -              kfree(page_address(req->special_vec.bv_page) +
- -                    req->special_vec.bv_offset);
- -      }
- -
+ +      if (req->rq_flags & RQF_SPECIAL_PAYLOAD)
+ +              kfree(bvec_virt(&req->special_vec));
         blk_mq_end_request(req, virtblk_result(vbr));
   }
   
@@@ -762,7 -765,7 +762,7 @@@ static int virtblk_probe(struct virtio_
                 goto out_free_vblk;
   
         /* Default queue sizing is to fill the ring. */
-       if (likely(!virtblk_queue_depth)) {
+       if (!virtblk_queue_depth) {
                 queue_depth = vblk->vqs[0].vq->num_free;
                 /* ... but without indirect descs, we use 2 descs per req */
                 if (!virtio_has_feature(vdev, VIRTIO_RING_F_INDIRECT_DESC))
@@@ -836,12 -839,12 +836,12 @@@
         else
                 blk_size = queue_logical_block_size(q);
   
-       if (unlikely(blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE)) {
+       if (blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE) {
                 dev_err(&vdev->dev,
                         "block size is changed unexpectedly, now is %u\n",
                         blk_size);
                 err = -EINVAL;
- -              goto err_cleanup_disk;
+ +              goto out_cleanup_disk;
         }
   
         /* Use topology information if available */
@@@ -899,13 -902,10 +899,13 @@@
         virtblk_update_capacity(vblk, false);
         virtio_device_ready(vdev);
   
- -      device_add_disk(&vdev->dev, vblk->disk, virtblk_attr_groups);
+ +      err = device_add_disk(&vdev->dev, vblk->disk, virtblk_attr_groups);
+ +      if (err)
+ +              goto out_cleanup_disk;
+ +
         return 0;
   
- -err_cleanup_disk:
+ +out_cleanup_disk:
         blk_cleanup_disk(vblk->disk);
   out_free_tags:
         blk_mq_free_tag_set(&vblk->tag_set);
diff --combined drivers/iommu/iova.c

index 0af42fb,3941ed6..9e8bc80
--- 1/drivers/iommu/iova.c
--- 2/drivers/iommu/iova.c
+++ b/drivers/iommu/iova.c
@@@ -121,6 -121,8 +121,6 @@@ int init_iova_flush_queue(struct iova_d
                 spin_lock_init(&fq->lock);
         }
   
- -      smp_wmb();
- -
         iovad->fq = queue;
   
         timer_setup(&iovad->fq_timer, fq_flush_timeout, 0);
@@@ -519,6 -521,7 +519,7 @@@ retry
   
         return new_iova->pfn_lo;
   }
+ EXPORT_SYMBOL_GPL(alloc_iova_fast);
   
   /**
    * free_iova_fast - free iova pfn range into rcache
@@@ -536,6 -539,7 +537,7 @@@ free_iova_fast(struct iova_domain *iova
   
         free_iova(iovad, pfn);
   }
+ EXPORT_SYMBOL_GPL(free_iova_fast);
   
   #define fq_ring_for_each(i, fq) \
         for ((i) = (fq)->head; (i) != (fq)->tail; (i) = ((i) + 1) % IOVA_FQ_SIZE)
@@@ -631,20 -635,10 +633,20 @@@ void queue_iova(struct iova_domain *iov
                 unsigned long pfn, unsigned long pages,
                 unsigned long data)
   {
- -      struct iova_fq *fq = raw_cpu_ptr(iovad->fq);
+ +      struct iova_fq *fq;
         unsigned long flags;
         unsigned idx;
   
+ +      /*
+ +       * Order against the IOMMU driver's pagetable update from unmapping
+ +       * @pte, to guarantee that iova_domain_flush() observes that if called
+ +       * from a different CPU before we release the lock below. Full barrier
+ +       * so it also pairs with iommu_dma_init_fq() to avoid seeing partially
+ +       * written fq state here.
+ +       */
+ +      smp_mb();
+ +
+ +      fq = raw_cpu_ptr(iovad->fq);
         spin_lock_irqsave(&fq->lock, flags);
   
         /*
diff --combined drivers/vdpa/mlx5/net/mlx5_vnet.c

index 5906cad,08f3995..294ba05
--- 1/drivers/vdpa/mlx5/net/mlx5_vnet.c
--- 2/drivers/vdpa/mlx5/net/mlx5_vnet.c
+++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
@@@ -45,6 -45,8 +45,8 @@@ MODULE_LICENSE("Dual BSD/GPL")
         (VIRTIO_CONFIG_S_ACKNOWLEDGE | VIRTIO_CONFIG_S_DRIVER | VIRTIO_CONFIG_S_DRIVER_OK |        \
          VIRTIO_CONFIG_S_FEATURES_OK | VIRTIO_CONFIG_S_NEEDS_RESET | VIRTIO_CONFIG_S_FAILED)
   
+ #define MLX5_FEATURE(_mvdev, _feature) (!!((_mvdev)->actual_features & BIT_ULL(_feature)))
+ 
   struct mlx5_vdpa_net_resources {
         u32 tisn;
         u32 tdn;
@@@ -90,7 -92,6 +92,6 @@@ struct mlx5_vq_restore_info 
         u16 avail_index;
         u16 used_index;
         bool ready;
-       struct vdpa_callback cb;
         bool restore;
   };
   
@@@ -100,7 -101,6 +101,6 @@@ struct mlx5_vdpa_virtqueue 
         u64 device_addr;
         u64 driver_addr;
         u32 num_ent;
-       struct vdpa_callback event_cb;
   
         /* Resources for implementing the notification channel from the device
          * to the driver. fwqp is the firmware end of an RC connection; the
@@@ -135,11 -135,20 +135,20 @@@
    */
   #define MLX5_MAX_SUPPORTED_VQS 16
   
+ static bool is_index_valid(struct mlx5_vdpa_dev *mvdev, u16 idx)
+ {
+       if (unlikely(idx > mvdev->max_idx))
+               return false;
+ 
+       return true;
+ }
+ 
   struct mlx5_vdpa_net {
         struct mlx5_vdpa_dev mvdev;
         struct mlx5_vdpa_net_resources res;
         struct virtio_net_config config;
         struct mlx5_vdpa_virtqueue vqs[MLX5_MAX_SUPPORTED_VQS];
+       struct vdpa_callback event_cbs[MLX5_MAX_SUPPORTED_VQS + 1];
   
         /* Serialize vq resources creation and destruction. This is required
          * since memory map might change and we need to destroy and create
@@@ -151,15 -160,18 +160,18 @@@
         struct mlx5_flow_handle *rx_rule;
         bool setup;
         u16 mtu;
+       u32 cur_num_vqs;
   };
   
   static void free_resources(struct mlx5_vdpa_net *ndev);
   static void init_mvqs(struct mlx5_vdpa_net *ndev);
- static int setup_driver(struct mlx5_vdpa_net *ndev);
+ static int setup_driver(struct mlx5_vdpa_dev *mvdev);
   static void teardown_driver(struct mlx5_vdpa_net *ndev);
   
   static bool mlx5_vdpa_debug;
   
+ #define MLX5_CVQ_MAX_ENT 16
+ 
   #define MLX5_LOG_VIO_FLAG(_feature)                                                                \
         do {                                                                                       \
                 if (features & BIT_ULL(_feature))                                                  \
@@@ -172,11 -184,41 +184,41 @@@
                         mlx5_vdpa_info(mvdev, "%s\n", #_status);                                   \
         } while (0)
   
+ /* TODO: cross-endian support */
+ static inline bool mlx5_vdpa_is_little_endian(struct mlx5_vdpa_dev *mvdev)
+ {
+       return virtio_legacy_is_little_endian() ||
+               (mvdev->actual_features & BIT_ULL(VIRTIO_F_VERSION_1));
+ }
+ 
+ static u16 mlx5vdpa16_to_cpu(struct mlx5_vdpa_dev *mvdev, __virtio16 val)
+ {
+       return __virtio16_to_cpu(mlx5_vdpa_is_little_endian(mvdev), val);
+ }
+ 
+ static __virtio16 cpu_to_mlx5vdpa16(struct mlx5_vdpa_dev *mvdev, u16 val)
+ {
+       return __cpu_to_virtio16(mlx5_vdpa_is_little_endian(mvdev), val);
+ }
+ 
   static inline u32 mlx5_vdpa_max_qps(int max_vqs)
   {
         return max_vqs / 2;
   }
   
+ static u16 ctrl_vq_idx(struct mlx5_vdpa_dev *mvdev)
+ {
+       if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_MQ)))
+               return 2;
+ 
+       return 2 * mlx5_vdpa_max_qps(mvdev->max_vqs);
+ }
+ 
+ static bool is_ctrl_vq_idx(struct mlx5_vdpa_dev *mvdev, u16 idx)
+ {
+       return idx == ctrl_vq_idx(mvdev);
+ }
+ 
   static void print_status(struct mlx5_vdpa_dev *mvdev, u8 status, bool set)
   {
         if (status & ~VALID_STATUS_MASK)
@@@ -481,6 -523,10 +523,10 @@@ static int mlx5_vdpa_poll_one(struct ml
   
   static void mlx5_vdpa_handle_completions(struct mlx5_vdpa_virtqueue *mvq, int num)
   {
+       struct mlx5_vdpa_net *ndev = mvq->ndev;
+       struct vdpa_callback *event_cb;
+ 
+       event_cb = &ndev->event_cbs[mvq->index];
         mlx5_cq_set_ci(&mvq->cq.mcq);
   
         /* make sure CQ cosumer update is visible to the hardware before updating
@@@ -488,8 -534,8 +534,8 @@@
          */
         dma_wmb();
         rx_post(&mvq->vqqp, num);
-       if (mvq->event_cb.callback)
-               mvq->event_cb.callback(mvq->event_cb.private);
+       if (event_cb->callback)
+               event_cb->callback(event_cb->private);
   }
   
   static void mlx5_vdpa_cq_comp(struct mlx5_core_cq *mcq, struct mlx5_eqe *eqe)
@@@ -572,7 -618,7 +618,7 @@@ static int cq_create(struct mlx5_vdpa_n
         cqc = MLX5_ADDR_OF(create_cq_in, in, cq_context);
         MLX5_SET(cqc, cqc, log_cq_size, ilog2(num_ent));
         MLX5_SET(cqc, cqc, uar_page, ndev->mvdev.res.uar->index);
- -      MLX5_SET(cqc, cqc, c_eqn, eqn);
+ +      MLX5_SET(cqc, cqc, c_eqn_or_apu_element, eqn);
         MLX5_SET64(cqc, cqc, dbr_addr, vcq->db.dma);
   
         err = mlx5_core_create_cq(mdev, &vcq->mcq, in, inlen, out, sizeof(out));
@@@ -1100,10 -1146,8 +1146,8 @@@ static int setup_vq(struct mlx5_vdpa_ne
         if (!mvq->num_ent)
                 return 0;
   
-       if (mvq->initialized) {
-               mlx5_vdpa_warn(&ndev->mvdev, "attempt re init\n");
-               return -EINVAL;
-       }
+       if (mvq->initialized)
+               return 0;
   
         err = cq_create(ndev, idx, mvq->num_ent);
         if (err)
@@@ -1190,19 -1234,20 +1234,20 @@@ static void teardown_vq(struct mlx5_vdp
   
   static int create_rqt(struct mlx5_vdpa_net *ndev)
   {
-       int log_max_rqt;
         __be32 *list;
+       int max_rqt;
         void *rqtc;
         int inlen;
         void *in;
         int i, j;
         int err;
   
-       log_max_rqt = min_t(int, 1, MLX5_CAP_GEN(ndev->mvdev.mdev, log_max_rqt_size));
-       if (log_max_rqt < 1)
+       max_rqt = min_t(int, MLX5_MAX_SUPPORTED_VQS / 2,
+                       1 << MLX5_CAP_GEN(ndev->mvdev.mdev, log_max_rqt_size));
+       if (max_rqt < 1)
                 return -EOPNOTSUPP;
   
-       inlen = MLX5_ST_SZ_BYTES(create_rqt_in) + (1 << log_max_rqt) * MLX5_ST_SZ_BYTES(rq_num);
+       inlen = MLX5_ST_SZ_BYTES(create_rqt_in) + max_rqt * MLX5_ST_SZ_BYTES(rq_num);
         in = kzalloc(inlen, GFP_KERNEL);
         if (!in)
                 return -ENOMEM;
@@@ -1211,10 -1256,9 +1256,9 @@@
         rqtc = MLX5_ADDR_OF(create_rqt_in, in, rqt_context);
   
         MLX5_SET(rqtc, rqtc, list_q_type, MLX5_RQTC_LIST_Q_TYPE_VIRTIO_NET_Q);
-       MLX5_SET(rqtc, rqtc, rqt_max_size, 1 << log_max_rqt);
-       MLX5_SET(rqtc, rqtc, rqt_actual_size, 1);
+       MLX5_SET(rqtc, rqtc, rqt_max_size, max_rqt);
         list = MLX5_ADDR_OF(rqtc, rqtc, rq_num[0]);
-       for (i = 0, j = 0; j < ndev->mvdev.max_vqs; j++) {
+       for (i = 0, j = 0; j < max_rqt; j++) {
                 if (!ndev->vqs[j].initialized)
                         continue;
   
@@@ -1223,6 -1267,7 +1267,7 @@@
                         i++;
                 }
         }
+       MLX5_SET(rqtc, rqtc, rqt_actual_size, i);
   
         err = mlx5_vdpa_create_rqt(&ndev->mvdev, in, inlen, &ndev->res.rqtn);
         kfree(in);
@@@ -1232,6 -1277,52 +1277,52 @@@
         return 0;
   }
   
+ #define MLX5_MODIFY_RQT_NUM_RQS ((u64)1)
+ 
+ static int modify_rqt(struct mlx5_vdpa_net *ndev, int num)
+ {
+       __be32 *list;
+       int max_rqt;
+       void *rqtc;
+       int inlen;
+       void *in;
+       int i, j;
+       int err;
+ 
+       max_rqt = min_t(int, ndev->cur_num_vqs / 2,
+                       1 << MLX5_CAP_GEN(ndev->mvdev.mdev, log_max_rqt_size));
+       if (max_rqt < 1)
+               return -EOPNOTSUPP;
+ 
+       inlen = MLX5_ST_SZ_BYTES(modify_rqt_in) + max_rqt * MLX5_ST_SZ_BYTES(rq_num);
+       in = kzalloc(inlen, GFP_KERNEL);
+       if (!in)
+               return -ENOMEM;
+ 
+       MLX5_SET(modify_rqt_in, in, uid, ndev->mvdev.res.uid);
+       MLX5_SET64(modify_rqt_in, in, bitmask, MLX5_MODIFY_RQT_NUM_RQS);
+       rqtc = MLX5_ADDR_OF(modify_rqt_in, in, ctx);
+       MLX5_SET(rqtc, rqtc, list_q_type, MLX5_RQTC_LIST_Q_TYPE_VIRTIO_NET_Q);
+ 
+       list = MLX5_ADDR_OF(rqtc, rqtc, rq_num[0]);
+       for (i = 0, j = 0; j < num; j++) {
+               if (!ndev->vqs[j].initialized)
+                       continue;
+ 
+               if (!vq_is_tx(ndev->vqs[j].index)) {
+                       list[i] = cpu_to_be32(ndev->vqs[j].virtq_id);
+                       i++;
+               }
+       }
+       MLX5_SET(rqtc, rqtc, rqt_actual_size, i);
+       err = mlx5_vdpa_modify_rqt(&ndev->mvdev, in, inlen, ndev->res.rqtn);
+       kfree(in);
+       if (err)
+               return err;
+ 
+       return 0;
+ }
+ 
   static void destroy_rqt(struct mlx5_vdpa_net *ndev)
   {
         mlx5_vdpa_destroy_rqt(&ndev->mvdev, ndev->res.rqtn);
@@@ -1345,12 -1436,206 +1436,206 @@@ static void remove_fwd_to_tir(struct ml
         ndev->rx_rule = NULL;
   }
   
+ static virtio_net_ctrl_ack handle_ctrl_mac(struct mlx5_vdpa_dev *mvdev, u8 cmd)
+ {
+       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
+       struct mlx5_control_vq *cvq = &mvdev->cvq;
+       virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+       struct mlx5_core_dev *pfmdev;
+       size_t read;
+       u8 mac[ETH_ALEN];
+ 
+       pfmdev = pci_get_drvdata(pci_physfn(mvdev->mdev->pdev));
+       switch (cmd) {
+       case VIRTIO_NET_CTRL_MAC_ADDR_SET:
+               read = vringh_iov_pull_iotlb(&cvq->vring, &cvq->riov, (void *)mac, ETH_ALEN);
+               if (read != ETH_ALEN)
+                       break;
+ 
+               if (!memcmp(ndev->config.mac, mac, 6)) {
+                       status = VIRTIO_NET_OK;
+                       break;
+               }
+ 
+               if (!is_zero_ether_addr(ndev->config.mac)) {
+                       if (mlx5_mpfs_del_mac(pfmdev, ndev->config.mac)) {
+                               mlx5_vdpa_warn(mvdev, "failed to delete old MAC %pM from MPFS table\n",
+                                              ndev->config.mac);
+                               break;
+                       }
+               }
+ 
+               if (mlx5_mpfs_add_mac(pfmdev, mac)) {
+                       mlx5_vdpa_warn(mvdev, "failed to insert new MAC %pM into MPFS table\n",
+                                      mac);
+                       break;
+               }
+ 
+               memcpy(ndev->config.mac, mac, ETH_ALEN);
+               status = VIRTIO_NET_OK;
+               break;
+ 
+       default:
+               break;
+       }
+ 
+       return status;
+ }
+ 
+ static int change_num_qps(struct mlx5_vdpa_dev *mvdev, int newqps)
+ {
+       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
+       int cur_qps = ndev->cur_num_vqs / 2;
+       int err;
+       int i;
+ 
+       if (cur_qps > newqps) {
+               err = modify_rqt(ndev, 2 * newqps);
+               if (err)
+                       return err;
+ 
+               for (i = ndev->cur_num_vqs - 1; i >= 2 * newqps; i--)
+                       teardown_vq(ndev, &ndev->vqs[i]);
+ 
+               ndev->cur_num_vqs = 2 * newqps;
+       } else {
+               ndev->cur_num_vqs = 2 * newqps;
+               for (i = cur_qps * 2; i < 2 * newqps; i++) {
+                       err = setup_vq(ndev, &ndev->vqs[i]);
+                       if (err)
+                               goto clean_added;
+               }
+               err = modify_rqt(ndev, 2 * newqps);
+               if (err)
+                       goto clean_added;
+       }
+       return 0;
+ 
+ clean_added:
+       for (--i; i >= cur_qps; --i)
+               teardown_vq(ndev, &ndev->vqs[i]);
+ 
+       return err;
+ }
+ 
+ static virtio_net_ctrl_ack handle_ctrl_mq(struct mlx5_vdpa_dev *mvdev, u8 cmd)
+ {
+       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
+       virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+       struct mlx5_control_vq *cvq = &mvdev->cvq;
+       struct virtio_net_ctrl_mq mq;
+       size_t read;
+       u16 newqps;
+ 
+       switch (cmd) {
+       case VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET:
+               read = vringh_iov_pull_iotlb(&cvq->vring, &cvq->riov, (void *)&mq, sizeof(mq));
+               if (read != sizeof(mq))
+                       break;
+ 
+               newqps = mlx5vdpa16_to_cpu(mvdev, mq.virtqueue_pairs);
+               if (ndev->cur_num_vqs == 2 * newqps) {
+                       status = VIRTIO_NET_OK;
+                       break;
+               }
+ 
+               if (newqps & (newqps - 1))
+                       break;
+ 
+               if (!change_num_qps(mvdev, newqps))
+                       status = VIRTIO_NET_OK;
+ 
+               break;
+       default:
+               break;
+       }
+ 
+       return status;
+ }
+ 
+ static void mlx5_cvq_kick_handler(struct work_struct *work)
+ {
+       virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+       struct virtio_net_ctrl_hdr ctrl;
+       struct mlx5_ctrl_wq_ent *wqent;
+       struct mlx5_vdpa_dev *mvdev;
+       struct mlx5_control_vq *cvq;
+       struct mlx5_vdpa_net *ndev;
+       size_t read, write;
+       int err;
+ 
+       wqent = container_of(work, struct mlx5_ctrl_wq_ent, work);
+       mvdev = wqent->mvdev;
+       ndev = to_mlx5_vdpa_ndev(mvdev);
+       cvq = &mvdev->cvq;
+       if (!(ndev->mvdev.actual_features & BIT_ULL(VIRTIO_NET_F_CTRL_VQ)))
+               goto out;
+ 
+       if (!cvq->ready)
+               goto out;
+ 
+       while (true) {
+               err = vringh_getdesc_iotlb(&cvq->vring, &cvq->riov, &cvq->wiov, &cvq->head,
+                                          GFP_ATOMIC);
+               if (err <= 0)
+                       break;
+ 
+               read = vringh_iov_pull_iotlb(&cvq->vring, &cvq->riov, &ctrl, sizeof(ctrl));
+               if (read != sizeof(ctrl))
+                       break;
+ 
+               switch (ctrl.class) {
+               case VIRTIO_NET_CTRL_MAC:
+                       status = handle_ctrl_mac(mvdev, ctrl.cmd);
+                       break;
+               case VIRTIO_NET_CTRL_MQ:
+                       status = handle_ctrl_mq(mvdev, ctrl.cmd);
+                       break;
+ 
+               default:
+                       break;
+               }
+ 
+               /* Make sure data is written before advancing index */
+               smp_wmb();
+ 
+               write = vringh_iov_push_iotlb(&cvq->vring, &cvq->wiov, &status, sizeof(status));
+               vringh_complete_iotlb(&cvq->vring, cvq->head, write);
+               vringh_kiov_cleanup(&cvq->riov);
+               vringh_kiov_cleanup(&cvq->wiov);
+ 
+               if (vringh_need_notify_iotlb(&cvq->vring))
+                       vringh_notify(&cvq->vring);
+       }
+ out:
+       kfree(wqent);
+ }
+ 
   static void mlx5_vdpa_kick_vq(struct vdpa_device *vdev, u16 idx)
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
-       struct mlx5_vdpa_virtqueue *mvq = &ndev->vqs[idx];
+       struct mlx5_vdpa_virtqueue *mvq;
+       struct mlx5_ctrl_wq_ent *wqent;
+ 
+       if (!is_index_valid(mvdev, idx))
+               return;
+ 
+       if (unlikely(is_ctrl_vq_idx(mvdev, idx))) {
+               if (!mvdev->cvq.ready)
+                       return;
+ 
+               wqent = kzalloc(sizeof(*wqent), GFP_ATOMIC);
+               if (!wqent)
+                       return;
   
+               wqent->mvdev = mvdev;
+               INIT_WORK(&wqent->work, mlx5_cvq_kick_handler);
+               queue_work(mvdev->wq, &wqent->work);
+               return;
+       }
+ 
+       mvq = &ndev->vqs[idx];
         if (unlikely(!mvq->ready))
                 return;
   
@@@ -1362,8 -1647,19 +1647,19 @@@ static int mlx5_vdpa_set_vq_address(str
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
-       struct mlx5_vdpa_virtqueue *mvq = &ndev->vqs[idx];
+       struct mlx5_vdpa_virtqueue *mvq;
+ 
+       if (!is_index_valid(mvdev, idx))
+               return -EINVAL;
   
+       if (is_ctrl_vq_idx(mvdev, idx)) {
+               mvdev->cvq.desc_addr = desc_area;
+               mvdev->cvq.device_addr = device_area;
+               mvdev->cvq.driver_addr = driver_area;
+               return 0;
+       }
+ 
+       mvq = &ndev->vqs[idx];
         mvq->desc_addr = desc_area;
         mvq->device_addr = device_area;
         mvq->driver_addr = driver_area;
@@@ -1376,6 -1672,9 +1672,9 @@@ static void mlx5_vdpa_set_vq_num(struc
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
         struct mlx5_vdpa_virtqueue *mvq;
   
+       if (!is_index_valid(mvdev, idx) || is_ctrl_vq_idx(mvdev, idx))
+               return;
+ 
         mvq = &ndev->vqs[idx];
         mvq->num_ent = num;
   }
@@@ -1384,17 -1683,46 +1683,46 @@@ static void mlx5_vdpa_set_vq_cb(struct 
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
-       struct mlx5_vdpa_virtqueue *vq = &ndev->vqs[idx];
   
-       vq->event_cb = *cb;
+       ndev->event_cbs[idx] = *cb;
+ }
+ 
+ static void mlx5_cvq_notify(struct vringh *vring)
+ {
+       struct mlx5_control_vq *cvq = container_of(vring, struct mlx5_control_vq, vring);
+ 
+       if (!cvq->event_cb.callback)
+               return;
+ 
+       cvq->event_cb.callback(cvq->event_cb.private);
+ }
+ 
+ static void set_cvq_ready(struct mlx5_vdpa_dev *mvdev, bool ready)
+ {
+       struct mlx5_control_vq *cvq = &mvdev->cvq;
+ 
+       cvq->ready = ready;
+       if (!ready)
+               return;
+ 
+       cvq->vring.notify = mlx5_cvq_notify;
   }
   
   static void mlx5_vdpa_set_vq_ready(struct vdpa_device *vdev, u16 idx, bool ready)
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
-       struct mlx5_vdpa_virtqueue *mvq = &ndev->vqs[idx];
+       struct mlx5_vdpa_virtqueue *mvq;
+ 
+       if (!is_index_valid(mvdev, idx))
+               return;
+ 
+       if (is_ctrl_vq_idx(mvdev, idx)) {
+               set_cvq_ready(mvdev, ready);
+               return;
+       }
   
+       mvq = &ndev->vqs[idx];
         if (!ready)
                 suspend_vq(ndev, mvq);
   
@@@ -1405,9 -1733,14 +1733,14 @@@ static bool mlx5_vdpa_get_vq_ready(stru
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
-       struct mlx5_vdpa_virtqueue *mvq = &ndev->vqs[idx];
   
-       return mvq->ready;
+       if (!is_index_valid(mvdev, idx))
+               return false;
+ 
+       if (is_ctrl_vq_idx(mvdev, idx))
+               return mvdev->cvq.ready;
+ 
+       return ndev->vqs[idx].ready;
   }
   
   static int mlx5_vdpa_set_vq_state(struct vdpa_device *vdev, u16 idx,
@@@ -1415,8 -1748,17 +1748,17 @@@
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
-       struct mlx5_vdpa_virtqueue *mvq = &ndev->vqs[idx];
+       struct mlx5_vdpa_virtqueue *mvq;
   
+       if (!is_index_valid(mvdev, idx))
+               return -EINVAL;
+ 
+       if (is_ctrl_vq_idx(mvdev, idx)) {
+               mvdev->cvq.vring.last_avail_idx = state->split.avail_index;
+               return 0;
+       }
+ 
+       mvq = &ndev->vqs[idx];
         if (mvq->fw_state == MLX5_VIRTIO_NET_Q_OBJECT_STATE_RDY) {
                 mlx5_vdpa_warn(mvdev, "can't modify available index\n");
                 return -EINVAL;
@@@ -1431,10 -1773,19 +1773,19 @@@ static int mlx5_vdpa_get_vq_state(struc
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
         struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
-       struct mlx5_vdpa_virtqueue *mvq = &ndev->vqs[idx];
+       struct mlx5_vdpa_virtqueue *mvq;
         struct mlx5_virtq_attr attr;
         int err;
   
+       if (!is_index_valid(mvdev, idx))
+               return -EINVAL;
+ 
+       if (is_ctrl_vq_idx(mvdev, idx)) {
+               state->split.avail_index = mvdev->cvq.vring.last_avail_idx;
+               return 0;
+       }
+ 
+       mvq = &ndev->vqs[idx];
         /* If the virtq object was destroyed, use the value saved at
          * the last minute of suspend_vq. This caters for userspace
          * that cares about emulating the index after vq is stopped.
@@@ -1491,10 -1842,14 +1842,14 @@@ static u64 mlx5_vdpa_get_features(struc
         u16 dev_features;
   
         dev_features = MLX5_CAP_DEV_VDPA_EMULATION(mvdev->mdev, device_features_bits_mask);
-       ndev->mvdev.mlx_features = mlx_to_vritio_features(dev_features);
+       ndev->mvdev.mlx_features |= mlx_to_vritio_features(dev_features);
         if (MLX5_CAP_DEV_VDPA_EMULATION(mvdev->mdev, virtio_version_1_0))
                 ndev->mvdev.mlx_features |= BIT_ULL(VIRTIO_F_VERSION_1);
         ndev->mvdev.mlx_features |= BIT_ULL(VIRTIO_F_ACCESS_PLATFORM);
+       ndev->mvdev.mlx_features |= BIT_ULL(VIRTIO_NET_F_CTRL_VQ);
+       ndev->mvdev.mlx_features |= BIT_ULL(VIRTIO_NET_F_CTRL_MAC_ADDR);
+       ndev->mvdev.mlx_features |= BIT_ULL(VIRTIO_NET_F_MQ);
+ 
         print_features(mvdev, ndev->mvdev.mlx_features, false);
         return ndev->mvdev.mlx_features;
   }
@@@ -1507,17 -1862,29 +1862,29 @@@ static int verify_min_features(struct m
         return 0;
   }
   
- static int setup_virtqueues(struct mlx5_vdpa_net *ndev)
+ static int setup_virtqueues(struct mlx5_vdpa_dev *mvdev)
   {
+       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
+       struct mlx5_control_vq *cvq = &mvdev->cvq;
         int err;
         int i;
   
-       for (i = 0; i < 2 * mlx5_vdpa_max_qps(ndev->mvdev.max_vqs); i++) {
+       for (i = 0; i < 2 * mlx5_vdpa_max_qps(mvdev->max_vqs); i++) {
                 err = setup_vq(ndev, &ndev->vqs[i]);
                 if (err)
                         goto err_vq;
         }
   
+       if (mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_CTRL_VQ)) {
+               err = vringh_init_iotlb(&cvq->vring, mvdev->actual_features,
+                                       MLX5_CVQ_MAX_ENT, false,
+                                       (struct vring_desc *)(uintptr_t)cvq->desc_addr,
+                                       (struct vring_avail *)(uintptr_t)cvq->driver_addr,
+                                       (struct vring_used *)(uintptr_t)cvq->device_addr);
+               if (err)
+                       goto err_vq;
+       }
+ 
         return 0;
   
   err_vq:
@@@ -1541,16 -1908,22 +1908,22 @@@ static void teardown_virtqueues(struct 
         }
   }
   
- /* TODO: cross-endian support */
- static inline bool mlx5_vdpa_is_little_endian(struct mlx5_vdpa_dev *mvdev)
- {
-       return virtio_legacy_is_little_endian() ||
-               (mvdev->actual_features & BIT_ULL(VIRTIO_F_VERSION_1));
- }
- 
- static __virtio16 cpu_to_mlx5vdpa16(struct mlx5_vdpa_dev *mvdev, u16 val)
+ static void update_cvq_info(struct mlx5_vdpa_dev *mvdev)
   {
-       return __cpu_to_virtio16(mlx5_vdpa_is_little_endian(mvdev), val);
+       if (MLX5_FEATURE(mvdev, VIRTIO_NET_F_CTRL_VQ)) {
+               if (MLX5_FEATURE(mvdev, VIRTIO_NET_F_MQ)) {
+                       /* MQ supported. CVQ index is right above the last data virtqueue's */
+                       mvdev->max_idx = mvdev->max_vqs;
+               } else {
+                       /* Only CVQ supportted. data virtqueues occupy indices 0 and 1.
+                        * CVQ gets index 2
+                        */
+                       mvdev->max_idx = 2;
+               }
+       } else {
+               /* Two data virtqueues only: one for rx and one for tx */
+               mvdev->max_idx = 1;
+       }
   }
   
   static int mlx5_vdpa_set_features(struct vdpa_device *vdev, u64 features)
@@@ -1568,6 -1941,7 +1941,7 @@@
         ndev->mvdev.actual_features = features & ndev->mvdev.mlx_features;
         ndev->config.mtu = cpu_to_mlx5vdpa16(mvdev, ndev->mtu);
         ndev->config.status |= cpu_to_mlx5vdpa16(mvdev, VIRTIO_NET_S_LINK_UP);
+       update_cvq_info(mvdev);
         return err;
   }
   
@@@ -1605,15 -1979,14 +1979,14 @@@ static u8 mlx5_vdpa_get_status(struct v
   static int save_channel_info(struct mlx5_vdpa_net *ndev, struct mlx5_vdpa_virtqueue *mvq)
   {
         struct mlx5_vq_restore_info *ri = &mvq->ri;
-       struct mlx5_virtq_attr attr;
+       struct mlx5_virtq_attr attr = {};
         int err;
   
-       if (!mvq->initialized)
-               return 0;
- 
-       err = query_virtqueue(ndev, mvq, &attr);
-       if (err)
-               return err;
+       if (mvq->initialized) {
+               err = query_virtqueue(ndev, mvq, &attr);
+               if (err)
+                       return err;
+       }
   
         ri->avail_index = attr.available_index;
         ri->used_index = attr.used_index;
@@@ -1622,7 -1995,6 +1995,6 @@@
         ri->desc_addr = mvq->desc_addr;
         ri->device_addr = mvq->device_addr;
         ri->driver_addr = mvq->driver_addr;
-       ri->cb = mvq->event_cb;
         ri->restore = true;
         return 0;
   }
@@@ -1667,12 -2039,12 +2039,12 @@@ static void restore_channels_info(struc
                 mvq->desc_addr = ri->desc_addr;
                 mvq->device_addr = ri->device_addr;
                 mvq->driver_addr = ri->driver_addr;
-               mvq->event_cb = ri->cb;
         }
   }
   
- static int mlx5_vdpa_change_map(struct mlx5_vdpa_net *ndev, struct vhost_iotlb *iotlb)
+ static int mlx5_vdpa_change_map(struct mlx5_vdpa_dev *mvdev, struct vhost_iotlb *iotlb)
   {
+       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
         int err;
   
         suspend_vqs(ndev);
@@@ -1681,58 -2053,59 +2053,59 @@@
                 goto err_mr;
   
         teardown_driver(ndev);
-       mlx5_vdpa_destroy_mr(&ndev->mvdev);
-       err = mlx5_vdpa_create_mr(&ndev->mvdev, iotlb);
+       mlx5_vdpa_destroy_mr(mvdev);
+       err = mlx5_vdpa_create_mr(mvdev, iotlb);
         if (err)
                 goto err_mr;
   
-       if (!(ndev->mvdev.status & VIRTIO_CONFIG_S_DRIVER_OK))
+       if (!(mvdev->status & VIRTIO_CONFIG_S_DRIVER_OK))
                 return 0;
   
         restore_channels_info(ndev);
-       err = setup_driver(ndev);
+       err = setup_driver(mvdev);
         if (err)
                 goto err_setup;
   
         return 0;
   
   err_setup:
-       mlx5_vdpa_destroy_mr(&ndev->mvdev);
+       mlx5_vdpa_destroy_mr(mvdev);
   err_mr:
         return err;
   }
   
- static int setup_driver(struct mlx5_vdpa_net *ndev)
+ static int setup_driver(struct mlx5_vdpa_dev *mvdev)
   {
+       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
         int err;
   
         mutex_lock(&ndev->reslock);
         if (ndev->setup) {
-               mlx5_vdpa_warn(&ndev->mvdev, "setup driver called for already setup driver\n");
+               mlx5_vdpa_warn(mvdev, "setup driver called for already setup driver\n");
                 err = 0;
                 goto out;
         }
-       err = setup_virtqueues(ndev);
+       err = setup_virtqueues(mvdev);
         if (err) {
-               mlx5_vdpa_warn(&ndev->mvdev, "setup_virtqueues\n");
+               mlx5_vdpa_warn(mvdev, "setup_virtqueues\n");
                 goto out;
         }
   
         err = create_rqt(ndev);
         if (err) {
-               mlx5_vdpa_warn(&ndev->mvdev, "create_rqt\n");
+               mlx5_vdpa_warn(mvdev, "create_rqt\n");
                 goto err_rqt;
         }
   
         err = create_tir(ndev);
         if (err) {
-               mlx5_vdpa_warn(&ndev->mvdev, "create_tir\n");
+               mlx5_vdpa_warn(mvdev, "create_tir\n");
                 goto err_tir;
         }
   
         err = add_fwd_to_tir(ndev);
         if (err) {
-               mlx5_vdpa_warn(&ndev->mvdev, "add_fwd_to_tir\n");
+               mlx5_vdpa_warn(mvdev, "add_fwd_to_tir\n");
                 goto err_fwd;
         }
         ndev->setup = true;
@@@ -1781,24 -2154,10 +2154,10 @@@ static void mlx5_vdpa_set_status(struc
         int err;
   
         print_status(mvdev, status, true);
-       if (!status) {
-               mlx5_vdpa_info(mvdev, "performing device reset\n");
-               teardown_driver(ndev);
-               clear_vqs_ready(ndev);
-               mlx5_vdpa_destroy_mr(&ndev->mvdev);
-               ndev->mvdev.status = 0;
-               ndev->mvdev.mlx_features = 0;
-               ++mvdev->generation;
-               if (MLX5_CAP_GEN(mvdev->mdev, umem_uid_0)) {
-                       if (mlx5_vdpa_create_mr(mvdev, NULL))
-                               mlx5_vdpa_warn(mvdev, "create MR failed\n");
-               }
-               return;
-       }
   
         if ((status ^ ndev->mvdev.status) & VIRTIO_CONFIG_S_DRIVER_OK) {
                 if (status & VIRTIO_CONFIG_S_DRIVER_OK) {
-                       err = setup_driver(ndev);
+                       err = setup_driver(mvdev);
                         if (err) {
                                 mlx5_vdpa_warn(mvdev, "failed to setup driver\n");
                                 goto err_setup;
@@@ -1817,6 -2176,29 +2176,29 @@@ err_setup
         ndev->mvdev.status |= VIRTIO_CONFIG_S_FAILED;
   }
   
+ static int mlx5_vdpa_reset(struct vdpa_device *vdev)
+ {
+       struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
+       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
+ 
+       print_status(mvdev, 0, true);
+       mlx5_vdpa_info(mvdev, "performing device reset\n");
+       teardown_driver(ndev);
+       clear_vqs_ready(ndev);
+       mlx5_vdpa_destroy_mr(&ndev->mvdev);
+       ndev->mvdev.status = 0;
+       ndev->mvdev.mlx_features = 0;
+       memset(ndev->event_cbs, 0, sizeof(ndev->event_cbs));
+       ndev->mvdev.actual_features = 0;
+       ++mvdev->generation;
+       if (MLX5_CAP_GEN(mvdev->mdev, umem_uid_0)) {
+               if (mlx5_vdpa_create_mr(mvdev, NULL))
+                       mlx5_vdpa_warn(mvdev, "create MR failed\n");
+       }
+ 
+       return 0;
+ }
+ 
   static size_t mlx5_vdpa_get_config_size(struct vdpa_device *vdev)
   {
         return sizeof(struct virtio_net_config);
@@@ -1848,7 -2230,6 +2230,6 @@@ static u32 mlx5_vdpa_get_generation(str
   static int mlx5_vdpa_set_map(struct vdpa_device *vdev, struct vhost_iotlb *iotlb)
   {
         struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
-       struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
         bool change_map;
         int err;
   
@@@ -1859,7 -2240,7 +2240,7 @@@
         }
   
         if (change_map)
-               return mlx5_vdpa_change_map(ndev, iotlb);
+               return mlx5_vdpa_change_map(mvdev, iotlb);
   
         return 0;
   }
@@@ -1889,6 -2270,9 +2270,9 @@@ static struct vdpa_notification_area ml
         struct mlx5_vdpa_net *ndev;
         phys_addr_t addr;
   
+       if (!is_index_valid(mvdev, idx) || is_ctrl_vq_idx(mvdev, idx))
+               return ret;
+ 
         /* If SF BAR size is smaller than PAGE_SIZE, do not use direct
          * notification to avoid the risk of mapping pages that contain BAR of more
          * than one SF
@@@ -1928,6 -2312,7 +2312,7 @@@ static const struct vdpa_config_ops mlx
         .get_vendor_id = mlx5_vdpa_get_vendor_id,
         .get_status = mlx5_vdpa_get_status,
         .set_status = mlx5_vdpa_set_status,
+       .reset = mlx5_vdpa_reset,
         .get_config_size = mlx5_vdpa_get_config_size,
         .get_config = mlx5_vdpa_get_config,
         .set_config = mlx5_vdpa_set_config,
@@@ -2040,7 -2425,7 +2425,7 @@@ static int mlx5_vdpa_dev_add(struct vdp
         max_vqs = min_t(u32, max_vqs, MLX5_MAX_SUPPORTED_VQS);
   
         ndev = vdpa_alloc_device(struct mlx5_vdpa_net, mvdev.vdev, mdev->device, &mlx5_vdpa_ops,
-                                name);
+                                name, false);
         if (IS_ERR(ndev))
                 return PTR_ERR(ndev);
   
@@@ -2063,8 -2448,11 +2448,11 @@@
                 err = mlx5_mpfs_add_mac(pfmdev, config->mac);
                 if (err)
                         goto err_mtu;
+ 
+               ndev->mvdev.mlx_features |= BIT_ULL(VIRTIO_NET_F_MAC);
         }
   
+       config->max_virtqueue_pairs = cpu_to_mlx5vdpa16(mvdev, mlx5_vdpa_max_qps(max_vqs));
         mvdev->vdev.dma_dev = &mdev->pdev->dev;
         err = mlx5_vdpa_alloc_resources(&ndev->mvdev);
         if (err)
@@@ -2080,8 -2468,15 +2468,15 @@@
         if (err)
                 goto err_mr;
   
+       mvdev->wq = create_singlethread_workqueue("mlx5_vdpa_ctrl_wq");
+       if (!mvdev->wq) {
+               err = -ENOMEM;
+               goto err_res2;
+       }
+ 
+       ndev->cur_num_vqs = 2 * mlx5_vdpa_max_qps(max_vqs);
         mvdev->vdev.mdev = &mgtdev->mgtdev;
-       err = _vdpa_register_device(&mvdev->vdev, 2 * mlx5_vdpa_max_qps(max_vqs));
+       err = _vdpa_register_device(&mvdev->vdev, ndev->cur_num_vqs + 1);
         if (err)
                 goto err_reg;
   
@@@ -2089,6 -2484,8 +2484,8 @@@
         return 0;
   
   err_reg:
+       destroy_workqueue(mvdev->wq);
+ err_res2:
         free_resources(ndev);
   err_mr:
         mlx5_vdpa_destroy_mr(mvdev);
@@@ -2106,7 -2503,9 +2503,9 @@@ err_mtu
   static void mlx5_vdpa_dev_del(struct vdpa_mgmt_dev *v_mdev, struct vdpa_device *dev)
   {
         struct mlx5_vdpa_mgmtdev *mgtdev = container_of(v_mdev, struct mlx5_vdpa_mgmtdev, mgtdev);
+       struct mlx5_vdpa_dev *mvdev = to_mvdev(dev);
   
+       destroy_workqueue(mvdev->wq);
         _vdpa_unregister_device(dev);
         mgtdev->ndev = NULL;
   }
diff --combined drivers/vdpa/vdpa.c

index 3fc4525,8f01d6a..1dc121a
--- 1/drivers/vdpa/vdpa.c
--- 2/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@@ -34,13 -34,15 +34,13 @@@ static int vdpa_dev_probe(struct devic
         return ret;
   }
   
- -static int vdpa_dev_remove(struct device *d)
+ +static void vdpa_dev_remove(struct device *d)
   {
         struct vdpa_device *vdev = dev_to_vdpa(d);
         struct vdpa_driver *drv = drv_to_vdpa(vdev->dev.driver);
   
         if (drv && drv->remove)
                 drv->remove(vdev);
- -
- -      return 0;
   }
   
   static struct bus_type vdpa_bus = {
@@@ -69,6 -71,7 +69,7 @@@ static void vdpa_release_dev(struct dev
    * @config: the bus operations that is supported by this device
    * @size: size of the parent structure that contains private data
    * @name: name of the vdpa device; optional.
+  * @use_va: indicate whether virtual address must be used by this device
    *
    * Driver should use vdpa_alloc_device() wrapper macro instead of
    * using this directly.
@@@ -78,7 -81,8 +79,8 @@@
    */
   struct vdpa_device *__vdpa_alloc_device(struct device *parent,
                                         const struct vdpa_config_ops *config,
-                                       size_t size, const char *name)
+                                       size_t size, const char *name,
+                                       bool use_va)
   {
         struct vdpa_device *vdev;
         int err = -EINVAL;
@@@ -89,6 -93,10 +91,10 @@@
         if (!!config->dma_map != !!config->dma_unmap)
                 goto err;
   
+       /* It should only work for the device that use on-chip IOMMU */
+       if (use_va && !(config->dma_map || config->set_map))
+               goto err;
+ 
         err = -ENOMEM;
         vdev = kzalloc(size, GFP_KERNEL);
         if (!vdev)
@@@ -104,6 -112,7 +110,7 @@@
         vdev->index = err;
         vdev->config = config;
         vdev->features_valid = false;
+       vdev->use_va = use_va;
   
         if (name)
                 err = dev_set_name(&vdev->dev, "%s", name);
diff --combined drivers/vdpa/vdpa_user/vduse_dev.c

index 0000000,59a93e5..29a38ec

mode 000000,100644..100644
--- /dev/null
--- 2/drivers/vdpa/vdpa_user/vduse_dev.c
+++ b/drivers/vdpa/vdpa_user/vduse_dev.c
@@@ -1,0 -1,1641 +1,1641 @@@
- -      if (eventfd_signal_count()) {
+ // SPDX-License-Identifier: GPL-2.0-only
+ /*
+  * VDUSE: vDPA Device in Userspace
+  *
+  * Copyright (C) 2020-2021 Bytedance Inc. and/or its affiliates. All rights reserved.
+  *
+  * Author: Xie Yongji <xieyongji@bytedance.com>
+  *
+  */
+ 
+ #include <linux/init.h>
+ #include <linux/module.h>
+ #include <linux/cdev.h>
+ #include <linux/device.h>
+ #include <linux/eventfd.h>
+ #include <linux/slab.h>
+ #include <linux/wait.h>
+ #include <linux/dma-map-ops.h>
+ #include <linux/poll.h>
+ #include <linux/file.h>
+ #include <linux/uio.h>
+ #include <linux/vdpa.h>
+ #include <linux/nospec.h>
+ #include <uapi/linux/vduse.h>
+ #include <uapi/linux/vdpa.h>
+ #include <uapi/linux/virtio_config.h>
+ #include <uapi/linux/virtio_ids.h>
+ #include <uapi/linux/virtio_blk.h>
+ #include <linux/mod_devicetable.h>
+ 
+ #include "iova_domain.h"
+ 
+ #define DRV_AUTHOR   "Yongji Xie <xieyongji@bytedance.com>"
+ #define DRV_DESC     "vDPA Device in Userspace"
+ #define DRV_LICENSE  "GPL v2"
+ 
+ #define VDUSE_DEV_MAX (1U << MINORBITS)
+ #define VDUSE_BOUNCE_SIZE (64 * 1024 * 1024)
+ #define VDUSE_IOVA_SIZE (128 * 1024 * 1024)
+ #define VDUSE_MSG_DEFAULT_TIMEOUT 30
+ 
+ struct vduse_virtqueue {
+       u16 index;
+       u16 num_max;
+       u32 num;
+       u64 desc_addr;
+       u64 driver_addr;
+       u64 device_addr;
+       struct vdpa_vq_state state;
+       bool ready;
+       bool kicked;
+       spinlock_t kick_lock;
+       spinlock_t irq_lock;
+       struct eventfd_ctx *kickfd;
+       struct vdpa_callback cb;
+       struct work_struct inject;
+       struct work_struct kick;
+ };
+ 
+ struct vduse_dev;
+ 
+ struct vduse_vdpa {
+       struct vdpa_device vdpa;
+       struct vduse_dev *dev;
+ };
+ 
+ struct vduse_dev {
+       struct vduse_vdpa *vdev;
+       struct device *dev;
+       struct vduse_virtqueue *vqs;
+       struct vduse_iova_domain *domain;
+       char *name;
+       struct mutex lock;
+       spinlock_t msg_lock;
+       u64 msg_unique;
+       u32 msg_timeout;
+       wait_queue_head_t waitq;
+       struct list_head send_list;
+       struct list_head recv_list;
+       struct vdpa_callback config_cb;
+       struct work_struct inject;
+       spinlock_t irq_lock;
+       int minor;
+       bool broken;
+       bool connected;
+       u64 api_version;
+       u64 device_features;
+       u64 driver_features;
+       u32 device_id;
+       u32 vendor_id;
+       u32 generation;
+       u32 config_size;
+       void *config;
+       u8 status;
+       u32 vq_num;
+       u32 vq_align;
+ };
+ 
+ struct vduse_dev_msg {
+       struct vduse_dev_request req;
+       struct vduse_dev_response resp;
+       struct list_head list;
+       wait_queue_head_t waitq;
+       bool completed;
+ };
+ 
+ struct vduse_control {
+       u64 api_version;
+ };
+ 
+ static DEFINE_MUTEX(vduse_lock);
+ static DEFINE_IDR(vduse_idr);
+ 
+ static dev_t vduse_major;
+ static struct class *vduse_class;
+ static struct cdev vduse_ctrl_cdev;
+ static struct cdev vduse_cdev;
+ static struct workqueue_struct *vduse_irq_wq;
+ 
+ static u32 allowed_device_id[] = {
+       VIRTIO_ID_BLOCK,
+ };
+ 
+ static inline struct vduse_dev *vdpa_to_vduse(struct vdpa_device *vdpa)
+ {
+       struct vduse_vdpa *vdev = container_of(vdpa, struct vduse_vdpa, vdpa);
+ 
+       return vdev->dev;
+ }
+ 
+ static inline struct vduse_dev *dev_to_vduse(struct device *dev)
+ {
+       struct vdpa_device *vdpa = dev_to_vdpa(dev);
+ 
+       return vdpa_to_vduse(vdpa);
+ }
+ 
+ static struct vduse_dev_msg *vduse_find_msg(struct list_head *head,
+                                           uint32_t request_id)
+ {
+       struct vduse_dev_msg *msg;
+ 
+       list_for_each_entry(msg, head, list) {
+               if (msg->req.request_id == request_id) {
+                       list_del(&msg->list);
+                       return msg;
+               }
+       }
+ 
+       return NULL;
+ }
+ 
+ static struct vduse_dev_msg *vduse_dequeue_msg(struct list_head *head)
+ {
+       struct vduse_dev_msg *msg = NULL;
+ 
+       if (!list_empty(head)) {
+               msg = list_first_entry(head, struct vduse_dev_msg, list);
+               list_del(&msg->list);
+       }
+ 
+       return msg;
+ }
+ 
+ static void vduse_enqueue_msg(struct list_head *head,
+                             struct vduse_dev_msg *msg)
+ {
+       list_add_tail(&msg->list, head);
+ }
+ 
+ static void vduse_dev_broken(struct vduse_dev *dev)
+ {
+       struct vduse_dev_msg *msg, *tmp;
+ 
+       if (unlikely(dev->broken))
+               return;
+ 
+       list_splice_init(&dev->recv_list, &dev->send_list);
+       list_for_each_entry_safe(msg, tmp, &dev->send_list, list) {
+               list_del(&msg->list);
+               msg->completed = 1;
+               msg->resp.result = VDUSE_REQ_RESULT_FAILED;
+               wake_up(&msg->waitq);
+       }
+       dev->broken = true;
+       wake_up(&dev->waitq);
+ }
+ 
+ static int vduse_dev_msg_sync(struct vduse_dev *dev,
+                             struct vduse_dev_msg *msg)
+ {
+       int ret;
+ 
+       if (unlikely(dev->broken))
+               return -EIO;
+ 
+       init_waitqueue_head(&msg->waitq);
+       spin_lock(&dev->msg_lock);
+       if (unlikely(dev->broken)) {
+               spin_unlock(&dev->msg_lock);
+               return -EIO;
+       }
+       msg->req.request_id = dev->msg_unique++;
+       vduse_enqueue_msg(&dev->send_list, msg);
+       wake_up(&dev->waitq);
+       spin_unlock(&dev->msg_lock);
+       if (dev->msg_timeout)
+               ret = wait_event_killable_timeout(msg->waitq, msg->completed,
+                                                 (long)dev->msg_timeout * HZ);
+       else
+               ret = wait_event_killable(msg->waitq, msg->completed);
+ 
+       spin_lock(&dev->msg_lock);
+       if (!msg->completed) {
+               list_del(&msg->list);
+               msg->resp.result = VDUSE_REQ_RESULT_FAILED;
+               /* Mark the device as malfunction when there is a timeout */
+               if (!ret)
+                       vduse_dev_broken(dev);
+       }
+       ret = (msg->resp.result == VDUSE_REQ_RESULT_OK) ? 0 : -EIO;
+       spin_unlock(&dev->msg_lock);
+ 
+       return ret;
+ }
+ 
+ static int vduse_dev_get_vq_state_packed(struct vduse_dev *dev,
+                                        struct vduse_virtqueue *vq,
+                                        struct vdpa_vq_state_packed *packed)
+ {
+       struct vduse_dev_msg msg = { 0 };
+       int ret;
+ 
+       msg.req.type = VDUSE_GET_VQ_STATE;
+       msg.req.vq_state.index = vq->index;
+ 
+       ret = vduse_dev_msg_sync(dev, &msg);
+       if (ret)
+               return ret;
+ 
+       packed->last_avail_counter =
+                       msg.resp.vq_state.packed.last_avail_counter & 0x0001;
+       packed->last_avail_idx =
+                       msg.resp.vq_state.packed.last_avail_idx & 0x7FFF;
+       packed->last_used_counter =
+                       msg.resp.vq_state.packed.last_used_counter & 0x0001;
+       packed->last_used_idx =
+                       msg.resp.vq_state.packed.last_used_idx & 0x7FFF;
+ 
+       return 0;
+ }
+ 
+ static int vduse_dev_get_vq_state_split(struct vduse_dev *dev,
+                                       struct vduse_virtqueue *vq,
+                                       struct vdpa_vq_state_split *split)
+ {
+       struct vduse_dev_msg msg = { 0 };
+       int ret;
+ 
+       msg.req.type = VDUSE_GET_VQ_STATE;
+       msg.req.vq_state.index = vq->index;
+ 
+       ret = vduse_dev_msg_sync(dev, &msg);
+       if (ret)
+               return ret;
+ 
+       split->avail_index = msg.resp.vq_state.split.avail_index;
+ 
+       return 0;
+ }
+ 
+ static int vduse_dev_set_status(struct vduse_dev *dev, u8 status)
+ {
+       struct vduse_dev_msg msg = { 0 };
+ 
+       msg.req.type = VDUSE_SET_STATUS;
+       msg.req.s.status = status;
+ 
+       return vduse_dev_msg_sync(dev, &msg);
+ }
+ 
+ static int vduse_dev_update_iotlb(struct vduse_dev *dev,
+                                 u64 start, u64 last)
+ {
+       struct vduse_dev_msg msg = { 0 };
+ 
+       if (last < start)
+               return -EINVAL;
+ 
+       msg.req.type = VDUSE_UPDATE_IOTLB;
+       msg.req.iova.start = start;
+       msg.req.iova.last = last;
+ 
+       return vduse_dev_msg_sync(dev, &msg);
+ }
+ 
+ static ssize_t vduse_dev_read_iter(struct kiocb *iocb, struct iov_iter *to)
+ {
+       struct file *file = iocb->ki_filp;
+       struct vduse_dev *dev = file->private_data;
+       struct vduse_dev_msg *msg;
+       int size = sizeof(struct vduse_dev_request);
+       ssize_t ret;
+ 
+       if (iov_iter_count(to) < size)
+               return -EINVAL;
+ 
+       spin_lock(&dev->msg_lock);
+       while (1) {
+               msg = vduse_dequeue_msg(&dev->send_list);
+               if (msg)
+                       break;
+ 
+               ret = -EAGAIN;
+               if (file->f_flags & O_NONBLOCK)
+                       goto unlock;
+ 
+               spin_unlock(&dev->msg_lock);
+               ret = wait_event_interruptible_exclusive(dev->waitq,
+                                       !list_empty(&dev->send_list));
+               if (ret)
+                       return ret;
+ 
+               spin_lock(&dev->msg_lock);
+       }
+       spin_unlock(&dev->msg_lock);
+       ret = copy_to_iter(&msg->req, size, to);
+       spin_lock(&dev->msg_lock);
+       if (ret != size) {
+               ret = -EFAULT;
+               vduse_enqueue_msg(&dev->send_list, msg);
+               goto unlock;
+       }
+       vduse_enqueue_msg(&dev->recv_list, msg);
+ unlock:
+       spin_unlock(&dev->msg_lock);
+ 
+       return ret;
+ }
+ 
+ static bool is_mem_zero(const char *ptr, int size)
+ {
+       int i;
+ 
+       for (i = 0; i < size; i++) {
+               if (ptr[i])
+                       return false;
+       }
+       return true;
+ }
+ 
+ static ssize_t vduse_dev_write_iter(struct kiocb *iocb, struct iov_iter *from)
+ {
+       struct file *file = iocb->ki_filp;
+       struct vduse_dev *dev = file->private_data;
+       struct vduse_dev_response resp;
+       struct vduse_dev_msg *msg;
+       size_t ret;
+ 
+       ret = copy_from_iter(&resp, sizeof(resp), from);
+       if (ret != sizeof(resp))
+               return -EINVAL;
+ 
+       if (!is_mem_zero((const char *)resp.reserved, sizeof(resp.reserved)))
+               return -EINVAL;
+ 
+       spin_lock(&dev->msg_lock);
+       msg = vduse_find_msg(&dev->recv_list, resp.request_id);
+       if (!msg) {
+               ret = -ENOENT;
+               goto unlock;
+       }
+ 
+       memcpy(&msg->resp, &resp, sizeof(resp));
+       msg->completed = 1;
+       wake_up(&msg->waitq);
+ unlock:
+       spin_unlock(&dev->msg_lock);
+ 
+       return ret;
+ }
+ 
+ static __poll_t vduse_dev_poll(struct file *file, poll_table *wait)
+ {
+       struct vduse_dev *dev = file->private_data;
+       __poll_t mask = 0;
+ 
+       poll_wait(file, &dev->waitq, wait);
+ 
+       spin_lock(&dev->msg_lock);
+ 
+       if (unlikely(dev->broken))
+               mask |= EPOLLERR;
+       if (!list_empty(&dev->send_list))
+               mask |= EPOLLIN | EPOLLRDNORM;
+       if (!list_empty(&dev->recv_list))
+               mask |= EPOLLOUT | EPOLLWRNORM;
+ 
+       spin_unlock(&dev->msg_lock);
+ 
+       return mask;
+ }
+ 
+ static void vduse_dev_reset(struct vduse_dev *dev)
+ {
+       int i;
+       struct vduse_iova_domain *domain = dev->domain;
+ 
+       /* The coherent mappings are handled in vduse_dev_free_coherent() */
+       if (domain->bounce_map)
+               vduse_domain_reset_bounce_map(domain);
+ 
+       dev->status = 0;
+       dev->driver_features = 0;
+       dev->generation++;
+       spin_lock(&dev->irq_lock);
+       dev->config_cb.callback = NULL;
+       dev->config_cb.private = NULL;
+       spin_unlock(&dev->irq_lock);
+       flush_work(&dev->inject);
+ 
+       for (i = 0; i < dev->vq_num; i++) {
+               struct vduse_virtqueue *vq = &dev->vqs[i];
+ 
+               vq->ready = false;
+               vq->desc_addr = 0;
+               vq->driver_addr = 0;
+               vq->device_addr = 0;
+               vq->num = 0;
+               memset(&vq->state, 0, sizeof(vq->state));
+ 
+               spin_lock(&vq->kick_lock);
+               vq->kicked = false;
+               if (vq->kickfd)
+                       eventfd_ctx_put(vq->kickfd);
+               vq->kickfd = NULL;
+               spin_unlock(&vq->kick_lock);
+ 
+               spin_lock(&vq->irq_lock);
+               vq->cb.callback = NULL;
+               vq->cb.private = NULL;
+               spin_unlock(&vq->irq_lock);
+               flush_work(&vq->inject);
+               flush_work(&vq->kick);
+       }
+ }
+ 
+ static int vduse_vdpa_set_vq_address(struct vdpa_device *vdpa, u16 idx,
+                               u64 desc_area, u64 driver_area,
+                               u64 device_area)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
+       vq->desc_addr = desc_area;
+       vq->driver_addr = driver_area;
+       vq->device_addr = device_area;
+ 
+       return 0;
+ }
+ 
+ static void vduse_vq_kick(struct vduse_virtqueue *vq)
+ {
+       spin_lock(&vq->kick_lock);
+       if (!vq->ready)
+               goto unlock;
+ 
+       if (vq->kickfd)
+               eventfd_signal(vq->kickfd, 1);
+       else
+               vq->kicked = true;
+ unlock:
+       spin_unlock(&vq->kick_lock);
+ }
+ 
+ static void vduse_vq_kick_work(struct work_struct *work)
+ {
+       struct vduse_virtqueue *vq = container_of(work,
+                                       struct vduse_virtqueue, kick);
+ 
+       vduse_vq_kick(vq);
+ }
+ 
+ static void vduse_vdpa_kick_vq(struct vdpa_device *vdpa, u16 idx)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
++      if (!eventfd_signal_allowed()) {
+               schedule_work(&vq->kick);
+               return;
+       }
+       vduse_vq_kick(vq);
+ }
+ 
+ static void vduse_vdpa_set_vq_cb(struct vdpa_device *vdpa, u16 idx,
+                             struct vdpa_callback *cb)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
+       spin_lock(&vq->irq_lock);
+       vq->cb.callback = cb->callback;
+       vq->cb.private = cb->private;
+       spin_unlock(&vq->irq_lock);
+ }
+ 
+ static void vduse_vdpa_set_vq_num(struct vdpa_device *vdpa, u16 idx, u32 num)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
+       vq->num = num;
+ }
+ 
+ static void vduse_vdpa_set_vq_ready(struct vdpa_device *vdpa,
+                                       u16 idx, bool ready)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
+       vq->ready = ready;
+ }
+ 
+ static bool vduse_vdpa_get_vq_ready(struct vdpa_device *vdpa, u16 idx)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
+       return vq->ready;
+ }
+ 
+ static int vduse_vdpa_set_vq_state(struct vdpa_device *vdpa, u16 idx,
+                               const struct vdpa_vq_state *state)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
+       if (dev->driver_features & BIT_ULL(VIRTIO_F_RING_PACKED)) {
+               vq->state.packed.last_avail_counter =
+                               state->packed.last_avail_counter;
+               vq->state.packed.last_avail_idx = state->packed.last_avail_idx;
+               vq->state.packed.last_used_counter =
+                               state->packed.last_used_counter;
+               vq->state.packed.last_used_idx = state->packed.last_used_idx;
+       } else
+               vq->state.split.avail_index = state->split.avail_index;
+ 
+       return 0;
+ }
+ 
+ static int vduse_vdpa_get_vq_state(struct vdpa_device *vdpa, u16 idx,
+                               struct vdpa_vq_state *state)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       struct vduse_virtqueue *vq = &dev->vqs[idx];
+ 
+       if (dev->driver_features & BIT_ULL(VIRTIO_F_RING_PACKED))
+               return vduse_dev_get_vq_state_packed(dev, vq, &state->packed);
+ 
+       return vduse_dev_get_vq_state_split(dev, vq, &state->split);
+ }
+ 
+ static u32 vduse_vdpa_get_vq_align(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       return dev->vq_align;
+ }
+ 
+ static u64 vduse_vdpa_get_features(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       return dev->device_features;
+ }
+ 
+ static int vduse_vdpa_set_features(struct vdpa_device *vdpa, u64 features)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       dev->driver_features = features;
+       return 0;
+ }
+ 
+ static void vduse_vdpa_set_config_cb(struct vdpa_device *vdpa,
+                                 struct vdpa_callback *cb)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       spin_lock(&dev->irq_lock);
+       dev->config_cb.callback = cb->callback;
+       dev->config_cb.private = cb->private;
+       spin_unlock(&dev->irq_lock);
+ }
+ 
+ static u16 vduse_vdpa_get_vq_num_max(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       u16 num_max = 0;
+       int i;
+ 
+       for (i = 0; i < dev->vq_num; i++)
+               if (num_max < dev->vqs[i].num_max)
+                       num_max = dev->vqs[i].num_max;
+ 
+       return num_max;
+ }
+ 
+ static u32 vduse_vdpa_get_device_id(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       return dev->device_id;
+ }
+ 
+ static u32 vduse_vdpa_get_vendor_id(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       return dev->vendor_id;
+ }
+ 
+ static u8 vduse_vdpa_get_status(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       return dev->status;
+ }
+ 
+ static void vduse_vdpa_set_status(struct vdpa_device *vdpa, u8 status)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       if (vduse_dev_set_status(dev, status))
+               return;
+ 
+       dev->status = status;
+ }
+ 
+ static size_t vduse_vdpa_get_config_size(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       return dev->config_size;
+ }
+ 
+ static void vduse_vdpa_get_config(struct vdpa_device *vdpa, unsigned int offset,
+                                 void *buf, unsigned int len)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       if (len > dev->config_size - offset)
+               return;
+ 
+       memcpy(buf, dev->config + offset, len);
+ }
+ 
+ static void vduse_vdpa_set_config(struct vdpa_device *vdpa, unsigned int offset,
+                       const void *buf, unsigned int len)
+ {
+       /* Now we only support read-only configuration space */
+ }
+ 
+ static int vduse_vdpa_reset(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       if (vduse_dev_set_status(dev, 0))
+               return -EIO;
+ 
+       vduse_dev_reset(dev);
+ 
+       return 0;
+ }
+ 
+ static u32 vduse_vdpa_get_generation(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       return dev->generation;
+ }
+ 
+ static int vduse_vdpa_set_map(struct vdpa_device *vdpa,
+                               struct vhost_iotlb *iotlb)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+       int ret;
+ 
+       ret = vduse_domain_set_map(dev->domain, iotlb);
+       if (ret)
+               return ret;
+ 
+       ret = vduse_dev_update_iotlb(dev, 0ULL, ULLONG_MAX);
+       if (ret) {
+               vduse_domain_clear_map(dev->domain, iotlb);
+               return ret;
+       }
+ 
+       return 0;
+ }
+ 
+ static void vduse_vdpa_free(struct vdpa_device *vdpa)
+ {
+       struct vduse_dev *dev = vdpa_to_vduse(vdpa);
+ 
+       dev->vdev = NULL;
+ }
+ 
+ static const struct vdpa_config_ops vduse_vdpa_config_ops = {
+       .set_vq_address         = vduse_vdpa_set_vq_address,
+       .kick_vq                = vduse_vdpa_kick_vq,
+       .set_vq_cb              = vduse_vdpa_set_vq_cb,
+       .set_vq_num             = vduse_vdpa_set_vq_num,
+       .set_vq_ready           = vduse_vdpa_set_vq_ready,
+       .get_vq_ready           = vduse_vdpa_get_vq_ready,
+       .set_vq_state           = vduse_vdpa_set_vq_state,
+       .get_vq_state           = vduse_vdpa_get_vq_state,
+       .get_vq_align           = vduse_vdpa_get_vq_align,
+       .get_features           = vduse_vdpa_get_features,
+       .set_features           = vduse_vdpa_set_features,
+       .set_config_cb          = vduse_vdpa_set_config_cb,
+       .get_vq_num_max         = vduse_vdpa_get_vq_num_max,
+       .get_device_id          = vduse_vdpa_get_device_id,
+       .get_vendor_id          = vduse_vdpa_get_vendor_id,
+       .get_status             = vduse_vdpa_get_status,
+       .set_status             = vduse_vdpa_set_status,
+       .get_config_size        = vduse_vdpa_get_config_size,
+       .get_config             = vduse_vdpa_get_config,
+       .set_config             = vduse_vdpa_set_config,
+       .get_generation         = vduse_vdpa_get_generation,
+       .reset                  = vduse_vdpa_reset,
+       .set_map                = vduse_vdpa_set_map,
+       .free                   = vduse_vdpa_free,
+ };
+ 
+ static dma_addr_t vduse_dev_map_page(struct device *dev, struct page *page,
+                                    unsigned long offset, size_t size,
+                                    enum dma_data_direction dir,
+                                    unsigned long attrs)
+ {
+       struct vduse_dev *vdev = dev_to_vduse(dev);
+       struct vduse_iova_domain *domain = vdev->domain;
+ 
+       return vduse_domain_map_page(domain, page, offset, size, dir, attrs);
+ }
+ 
+ static void vduse_dev_unmap_page(struct device *dev, dma_addr_t dma_addr,
+                               size_t size, enum dma_data_direction dir,
+                               unsigned long attrs)
+ {
+       struct vduse_dev *vdev = dev_to_vduse(dev);
+       struct vduse_iova_domain *domain = vdev->domain;
+ 
+       return vduse_domain_unmap_page(domain, dma_addr, size, dir, attrs);
+ }
+ 
+ static void *vduse_dev_alloc_coherent(struct device *dev, size_t size,
+                                       dma_addr_t *dma_addr, gfp_t flag,
+                                       unsigned long attrs)
+ {
+       struct vduse_dev *vdev = dev_to_vduse(dev);
+       struct vduse_iova_domain *domain = vdev->domain;
+       unsigned long iova;
+       void *addr;
+ 
+       *dma_addr = DMA_MAPPING_ERROR;
+       addr = vduse_domain_alloc_coherent(domain, size,
+                               (dma_addr_t *)&iova, flag, attrs);
+       if (!addr)
+               return NULL;
+ 
+       *dma_addr = (dma_addr_t)iova;
+ 
+       return addr;
+ }
+ 
+ static void vduse_dev_free_coherent(struct device *dev, size_t size,
+                                       void *vaddr, dma_addr_t dma_addr,
+                                       unsigned long attrs)
+ {
+       struct vduse_dev *vdev = dev_to_vduse(dev);
+       struct vduse_iova_domain *domain = vdev->domain;
+ 
+       vduse_domain_free_coherent(domain, size, vaddr, dma_addr, attrs);
+ }
+ 
+ static size_t vduse_dev_max_mapping_size(struct device *dev)
+ {
+       struct vduse_dev *vdev = dev_to_vduse(dev);
+       struct vduse_iova_domain *domain = vdev->domain;
+ 
+       return domain->bounce_size;
+ }
+ 
+ static const struct dma_map_ops vduse_dev_dma_ops = {
+       .map_page = vduse_dev_map_page,
+       .unmap_page = vduse_dev_unmap_page,
+       .alloc = vduse_dev_alloc_coherent,
+       .free = vduse_dev_free_coherent,
+       .max_mapping_size = vduse_dev_max_mapping_size,
+ };
+ 
+ static unsigned int perm_to_file_flags(u8 perm)
+ {
+       unsigned int flags = 0;
+ 
+       switch (perm) {
+       case VDUSE_ACCESS_WO:
+               flags |= O_WRONLY;
+               break;
+       case VDUSE_ACCESS_RO:
+               flags |= O_RDONLY;
+               break;
+       case VDUSE_ACCESS_RW:
+               flags |= O_RDWR;
+               break;
+       default:
+               WARN(1, "invalidate vhost IOTLB permission\n");
+               break;
+       }
+ 
+       return flags;
+ }
+ 
+ static int vduse_kickfd_setup(struct vduse_dev *dev,
+                       struct vduse_vq_eventfd *eventfd)
+ {
+       struct eventfd_ctx *ctx = NULL;
+       struct vduse_virtqueue *vq;
+       u32 index;
+ 
+       if (eventfd->index >= dev->vq_num)
+               return -EINVAL;
+ 
+       index = array_index_nospec(eventfd->index, dev->vq_num);
+       vq = &dev->vqs[index];
+       if (eventfd->fd >= 0) {
+               ctx = eventfd_ctx_fdget(eventfd->fd);
+               if (IS_ERR(ctx))
+                       return PTR_ERR(ctx);
+       } else if (eventfd->fd != VDUSE_EVENTFD_DEASSIGN)
+               return 0;
+ 
+       spin_lock(&vq->kick_lock);
+       if (vq->kickfd)
+               eventfd_ctx_put(vq->kickfd);
+       vq->kickfd = ctx;
+       if (vq->ready && vq->kicked && vq->kickfd) {
+               eventfd_signal(vq->kickfd, 1);
+               vq->kicked = false;
+       }
+       spin_unlock(&vq->kick_lock);
+ 
+       return 0;
+ }
+ 
+ static bool vduse_dev_is_ready(struct vduse_dev *dev)
+ {
+       int i;
+ 
+       for (i = 0; i < dev->vq_num; i++)
+               if (!dev->vqs[i].num_max)
+                       return false;
+ 
+       return true;
+ }
+ 
+ static void vduse_dev_irq_inject(struct work_struct *work)
+ {
+       struct vduse_dev *dev = container_of(work, struct vduse_dev, inject);
+ 
+       spin_lock_irq(&dev->irq_lock);
+       if (dev->config_cb.callback)
+               dev->config_cb.callback(dev->config_cb.private);
+       spin_unlock_irq(&dev->irq_lock);
+ }
+ 
+ static void vduse_vq_irq_inject(struct work_struct *work)
+ {
+       struct vduse_virtqueue *vq = container_of(work,
+                                       struct vduse_virtqueue, inject);
+ 
+       spin_lock_irq(&vq->irq_lock);
+       if (vq->ready && vq->cb.callback)
+               vq->cb.callback(vq->cb.private);
+       spin_unlock_irq(&vq->irq_lock);
+ }
+ 
+ static long vduse_dev_ioctl(struct file *file, unsigned int cmd,
+                           unsigned long arg)
+ {
+       struct vduse_dev *dev = file->private_data;
+       void __user *argp = (void __user *)arg;
+       int ret;
+ 
+       if (unlikely(dev->broken))
+               return -EPERM;
+ 
+       switch (cmd) {
+       case VDUSE_IOTLB_GET_FD: {
+               struct vduse_iotlb_entry entry;
+               struct vhost_iotlb_map *map;
+               struct vdpa_map_file *map_file;
+               struct vduse_iova_domain *domain = dev->domain;
+               struct file *f = NULL;
+ 
+               ret = -EFAULT;
+               if (copy_from_user(&entry, argp, sizeof(entry)))
+                       break;
+ 
+               ret = -EINVAL;
+               if (entry.start > entry.last)
+                       break;
+ 
+               spin_lock(&domain->iotlb_lock);
+               map = vhost_iotlb_itree_first(domain->iotlb,
+                                             entry.start, entry.last);
+               if (map) {
+                       map_file = (struct vdpa_map_file *)map->opaque;
+                       f = get_file(map_file->file);
+                       entry.offset = map_file->offset;
+                       entry.start = map->start;
+                       entry.last = map->last;
+                       entry.perm = map->perm;
+               }
+               spin_unlock(&domain->iotlb_lock);
+               ret = -EINVAL;
+               if (!f)
+                       break;
+ 
+               ret = -EFAULT;
+               if (copy_to_user(argp, &entry, sizeof(entry))) {
+                       fput(f);
+                       break;
+               }
+               ret = receive_fd(f, perm_to_file_flags(entry.perm));
+               fput(f);
+               break;
+       }
+       case VDUSE_DEV_GET_FEATURES:
+               /*
+                * Just mirror what driver wrote here.
+                * The driver is expected to check FEATURE_OK later.
+                */
+               ret = put_user(dev->driver_features, (u64 __user *)argp);
+               break;
+       case VDUSE_DEV_SET_CONFIG: {
+               struct vduse_config_data config;
+               unsigned long size = offsetof(struct vduse_config_data,
+                                             buffer);
+ 
+               ret = -EFAULT;
+               if (copy_from_user(&config, argp, size))
+                       break;
+ 
+               ret = -EINVAL;
+               if (config.length == 0 ||
+                   config.length > dev->config_size - config.offset)
+                       break;
+ 
+               ret = -EFAULT;
+               if (copy_from_user(dev->config + config.offset, argp + size,
+                                  config.length))
+                       break;
+ 
+               ret = 0;
+               break;
+       }
+       case VDUSE_DEV_INJECT_CONFIG_IRQ:
+               ret = 0;
+               queue_work(vduse_irq_wq, &dev->inject);
+               break;
+       case VDUSE_VQ_SETUP: {
+               struct vduse_vq_config config;
+               u32 index;
+ 
+               ret = -EFAULT;
+               if (copy_from_user(&config, argp, sizeof(config)))
+                       break;
+ 
+               ret = -EINVAL;
+               if (config.index >= dev->vq_num)
+                       break;
+ 
+               if (!is_mem_zero((const char *)config.reserved,
+                                sizeof(config.reserved)))
+                       break;
+ 
+               index = array_index_nospec(config.index, dev->vq_num);
+               dev->vqs[index].num_max = config.max_size;
+               ret = 0;
+               break;
+       }
+       case VDUSE_VQ_GET_INFO: {
+               struct vduse_vq_info vq_info;
+               struct vduse_virtqueue *vq;
+               u32 index;
+ 
+               ret = -EFAULT;
+               if (copy_from_user(&vq_info, argp, sizeof(vq_info)))
+                       break;
+ 
+               ret = -EINVAL;
+               if (vq_info.index >= dev->vq_num)
+                       break;
+ 
+               index = array_index_nospec(vq_info.index, dev->vq_num);
+               vq = &dev->vqs[index];
+               vq_info.desc_addr = vq->desc_addr;
+               vq_info.driver_addr = vq->driver_addr;
+               vq_info.device_addr = vq->device_addr;
+               vq_info.num = vq->num;
+ 
+               if (dev->driver_features & BIT_ULL(VIRTIO_F_RING_PACKED)) {
+                       vq_info.packed.last_avail_counter =
+                               vq->state.packed.last_avail_counter;
+                       vq_info.packed.last_avail_idx =
+                               vq->state.packed.last_avail_idx;
+                       vq_info.packed.last_used_counter =
+                               vq->state.packed.last_used_counter;
+                       vq_info.packed.last_used_idx =
+                               vq->state.packed.last_used_idx;
+               } else
+                       vq_info.split.avail_index =
+                               vq->state.split.avail_index;
+ 
+               vq_info.ready = vq->ready;
+ 
+               ret = -EFAULT;
+               if (copy_to_user(argp, &vq_info, sizeof(vq_info)))
+                       break;
+ 
+               ret = 0;
+               break;
+       }
+       case VDUSE_VQ_SETUP_KICKFD: {
+               struct vduse_vq_eventfd eventfd;
+ 
+               ret = -EFAULT;
+               if (copy_from_user(&eventfd, argp, sizeof(eventfd)))
+                       break;
+ 
+               ret = vduse_kickfd_setup(dev, &eventfd);
+               break;
+       }
+       case VDUSE_VQ_INJECT_IRQ: {
+               u32 index;
+ 
+               ret = -EFAULT;
+               if (get_user(index, (u32 __user *)argp))
+                       break;
+ 
+               ret = -EINVAL;
+               if (index >= dev->vq_num)
+                       break;
+ 
+               ret = 0;
+               index = array_index_nospec(index, dev->vq_num);
+               queue_work(vduse_irq_wq, &dev->vqs[index].inject);
+               break;
+       }
+       default:
+               ret = -ENOIOCTLCMD;
+               break;
+       }
+ 
+       return ret;
+ }
+ 
+ static int vduse_dev_release(struct inode *inode, struct file *file)
+ {
+       struct vduse_dev *dev = file->private_data;
+ 
+       spin_lock(&dev->msg_lock);
+       /* Make sure the inflight messages can processed after reconncection */
+       list_splice_init(&dev->recv_list, &dev->send_list);
+       spin_unlock(&dev->msg_lock);
+       dev->connected = false;
+ 
+       return 0;
+ }
+ 
+ static struct vduse_dev *vduse_dev_get_from_minor(int minor)
+ {
+       struct vduse_dev *dev;
+ 
+       mutex_lock(&vduse_lock);
+       dev = idr_find(&vduse_idr, minor);
+       mutex_unlock(&vduse_lock);
+ 
+       return dev;
+ }
+ 
+ static int vduse_dev_open(struct inode *inode, struct file *file)
+ {
+       int ret;
+       struct vduse_dev *dev = vduse_dev_get_from_minor(iminor(inode));
+ 
+       if (!dev)
+               return -ENODEV;
+ 
+       ret = -EBUSY;
+       mutex_lock(&dev->lock);
+       if (dev->connected)
+               goto unlock;
+ 
+       ret = 0;
+       dev->connected = true;
+       file->private_data = dev;
+ unlock:
+       mutex_unlock(&dev->lock);
+ 
+       return ret;
+ }
+ 
+ static const struct file_operations vduse_dev_fops = {
+       .owner          = THIS_MODULE,
+       .open           = vduse_dev_open,
+       .release        = vduse_dev_release,
+       .read_iter      = vduse_dev_read_iter,
+       .write_iter     = vduse_dev_write_iter,
+       .poll           = vduse_dev_poll,
+       .unlocked_ioctl = vduse_dev_ioctl,
+       .compat_ioctl   = compat_ptr_ioctl,
+       .llseek         = noop_llseek,
+ };
+ 
+ static struct vduse_dev *vduse_dev_create(void)
+ {
+       struct vduse_dev *dev = kzalloc(sizeof(*dev), GFP_KERNEL);
+ 
+       if (!dev)
+               return NULL;
+ 
+       mutex_init(&dev->lock);
+       spin_lock_init(&dev->msg_lock);
+       INIT_LIST_HEAD(&dev->send_list);
+       INIT_LIST_HEAD(&dev->recv_list);
+       spin_lock_init(&dev->irq_lock);
+ 
+       INIT_WORK(&dev->inject, vduse_dev_irq_inject);
+       init_waitqueue_head(&dev->waitq);
+ 
+       return dev;
+ }
+ 
+ static void vduse_dev_destroy(struct vduse_dev *dev)
+ {
+       kfree(dev);
+ }
+ 
+ static struct vduse_dev *vduse_find_dev(const char *name)
+ {
+       struct vduse_dev *dev;
+       int id;
+ 
+       idr_for_each_entry(&vduse_idr, dev, id)
+               if (!strcmp(dev->name, name))
+                       return dev;
+ 
+       return NULL;
+ }
+ 
+ static int vduse_destroy_dev(char *name)
+ {
+       struct vduse_dev *dev = vduse_find_dev(name);
+ 
+       if (!dev)
+               return -EINVAL;
+ 
+       mutex_lock(&dev->lock);
+       if (dev->vdev || dev->connected) {
+               mutex_unlock(&dev->lock);
+               return -EBUSY;
+       }
+       dev->connected = true;
+       mutex_unlock(&dev->lock);
+ 
+       vduse_dev_reset(dev);
+       device_destroy(vduse_class, MKDEV(MAJOR(vduse_major), dev->minor));
+       idr_remove(&vduse_idr, dev->minor);
+       kvfree(dev->config);
+       kfree(dev->vqs);
+       vduse_domain_destroy(dev->domain);
+       kfree(dev->name);
+       vduse_dev_destroy(dev);
+       module_put(THIS_MODULE);
+ 
+       return 0;
+ }
+ 
+ static bool device_is_allowed(u32 device_id)
+ {
+       int i;
+ 
+       for (i = 0; i < ARRAY_SIZE(allowed_device_id); i++)
+               if (allowed_device_id[i] == device_id)
+                       return true;
+ 
+       return false;
+ }
+ 
+ static bool features_is_valid(u64 features)
+ {
+       if (!(features & (1ULL << VIRTIO_F_ACCESS_PLATFORM)))
+               return false;
+ 
+       /* Now we only support read-only configuration space */
+       if (features & (1ULL << VIRTIO_BLK_F_CONFIG_WCE))
+               return false;
+ 
+       return true;
+ }
+ 
+ static bool vduse_validate_config(struct vduse_dev_config *config)
+ {
+       if (!is_mem_zero((const char *)config->reserved,
+                        sizeof(config->reserved)))
+               return false;
+ 
+       if (config->vq_align > PAGE_SIZE)
+               return false;
+ 
+       if (config->config_size > PAGE_SIZE)
+               return false;
+ 
+       if (!device_is_allowed(config->device_id))
+               return false;
+ 
+       if (!features_is_valid(config->features))
+               return false;
+ 
+       return true;
+ }
+ 
+ static ssize_t msg_timeout_show(struct device *device,
+                               struct device_attribute *attr, char *buf)
+ {
+       struct vduse_dev *dev = dev_get_drvdata(device);
+ 
+       return sysfs_emit(buf, "%u\n", dev->msg_timeout);
+ }
+ 
+ static ssize_t msg_timeout_store(struct device *device,
+                                struct device_attribute *attr,
+                                const char *buf, size_t count)
+ {
+       struct vduse_dev *dev = dev_get_drvdata(device);
+       int ret;
+ 
+       ret = kstrtouint(buf, 10, &dev->msg_timeout);
+       if (ret < 0)
+               return ret;
+ 
+       return count;
+ }
+ 
+ static DEVICE_ATTR_RW(msg_timeout);
+ 
+ static struct attribute *vduse_dev_attrs[] = {
+       &dev_attr_msg_timeout.attr,
+       NULL
+ };
+ 
+ ATTRIBUTE_GROUPS(vduse_dev);
+ 
+ static int vduse_create_dev(struct vduse_dev_config *config,
+                           void *config_buf, u64 api_version)
+ {
+       int i, ret;
+       struct vduse_dev *dev;
+ 
+       ret = -EEXIST;
+       if (vduse_find_dev(config->name))
+               goto err;
+ 
+       ret = -ENOMEM;
+       dev = vduse_dev_create();
+       if (!dev)
+               goto err;
+ 
+       dev->api_version = api_version;
+       dev->device_features = config->features;
+       dev->device_id = config->device_id;
+       dev->vendor_id = config->vendor_id;
+       dev->name = kstrdup(config->name, GFP_KERNEL);
+       if (!dev->name)
+               goto err_str;
+ 
+       dev->domain = vduse_domain_create(VDUSE_IOVA_SIZE - 1,
+                                         VDUSE_BOUNCE_SIZE);
+       if (!dev->domain)
+               goto err_domain;
+ 
+       dev->config = config_buf;
+       dev->config_size = config->config_size;
+       dev->vq_align = config->vq_align;
+       dev->vq_num = config->vq_num;
+       dev->vqs = kcalloc(dev->vq_num, sizeof(*dev->vqs), GFP_KERNEL);
+       if (!dev->vqs)
+               goto err_vqs;
+ 
+       for (i = 0; i < dev->vq_num; i++) {
+               dev->vqs[i].index = i;
+               INIT_WORK(&dev->vqs[i].inject, vduse_vq_irq_inject);
+               INIT_WORK(&dev->vqs[i].kick, vduse_vq_kick_work);
+               spin_lock_init(&dev->vqs[i].kick_lock);
+               spin_lock_init(&dev->vqs[i].irq_lock);
+       }
+ 
+       ret = idr_alloc(&vduse_idr, dev, 1, VDUSE_DEV_MAX, GFP_KERNEL);
+       if (ret < 0)
+               goto err_idr;
+ 
+       dev->minor = ret;
+       dev->msg_timeout = VDUSE_MSG_DEFAULT_TIMEOUT;
+       dev->dev = device_create(vduse_class, NULL,
+                                MKDEV(MAJOR(vduse_major), dev->minor),
+                                dev, "%s", config->name);
+       if (IS_ERR(dev->dev)) {
+               ret = PTR_ERR(dev->dev);
+               goto err_dev;
+       }
+       __module_get(THIS_MODULE);
+ 
+       return 0;
+ err_dev:
+       idr_remove(&vduse_idr, dev->minor);
+ err_idr:
+       kfree(dev->vqs);
+ err_vqs:
+       vduse_domain_destroy(dev->domain);
+ err_domain:
+       kfree(dev->name);
+ err_str:
+       vduse_dev_destroy(dev);
+ err:
+       kvfree(config_buf);
+       return ret;
+ }
+ 
+ static long vduse_ioctl(struct file *file, unsigned int cmd,
+                       unsigned long arg)
+ {
+       int ret;
+       void __user *argp = (void __user *)arg;
+       struct vduse_control *control = file->private_data;
+ 
+       mutex_lock(&vduse_lock);
+       switch (cmd) {
+       case VDUSE_GET_API_VERSION:
+               ret = put_user(control->api_version, (u64 __user *)argp);
+               break;
+       case VDUSE_SET_API_VERSION: {
+               u64 api_version;
+ 
+               ret = -EFAULT;
+               if (get_user(api_version, (u64 __user *)argp))
+                       break;
+ 
+               ret = -EINVAL;
+               if (api_version > VDUSE_API_VERSION)
+                       break;
+ 
+               ret = 0;
+               control->api_version = api_version;
+               break;
+       }
+       case VDUSE_CREATE_DEV: {
+               struct vduse_dev_config config;
+               unsigned long size = offsetof(struct vduse_dev_config, config);
+               void *buf;
+ 
+               ret = -EFAULT;
+               if (copy_from_user(&config, argp, size))
+                       break;
+ 
+               ret = -EINVAL;
+               if (vduse_validate_config(&config) == false)
+                       break;
+ 
+               buf = vmemdup_user(argp + size, config.config_size);
+               if (IS_ERR(buf)) {
+                       ret = PTR_ERR(buf);
+                       break;
+               }
+               config.name[VDUSE_NAME_MAX - 1] = '\0';
+               ret = vduse_create_dev(&config, buf, control->api_version);
+               break;
+       }
+       case VDUSE_DESTROY_DEV: {
+               char name[VDUSE_NAME_MAX];
+ 
+               ret = -EFAULT;
+               if (copy_from_user(name, argp, VDUSE_NAME_MAX))
+                       break;
+ 
+               name[VDUSE_NAME_MAX - 1] = '\0';
+               ret = vduse_destroy_dev(name);
+               break;
+       }
+       default:
+               ret = -EINVAL;
+               break;
+       }
+       mutex_unlock(&vduse_lock);
+ 
+       return ret;
+ }
+ 
+ static int vduse_release(struct inode *inode, struct file *file)
+ {
+       struct vduse_control *control = file->private_data;
+ 
+       kfree(control);
+       return 0;
+ }
+ 
+ static int vduse_open(struct inode *inode, struct file *file)
+ {
+       struct vduse_control *control;
+ 
+       control = kmalloc(sizeof(struct vduse_control), GFP_KERNEL);
+       if (!control)
+               return -ENOMEM;
+ 
+       control->api_version = VDUSE_API_VERSION;
+       file->private_data = control;
+ 
+       return 0;
+ }
+ 
+ static const struct file_operations vduse_ctrl_fops = {
+       .owner          = THIS_MODULE,
+       .open           = vduse_open,
+       .release        = vduse_release,
+       .unlocked_ioctl = vduse_ioctl,
+       .compat_ioctl   = compat_ptr_ioctl,
+       .llseek         = noop_llseek,
+ };
+ 
+ static char *vduse_devnode(struct device *dev, umode_t *mode)
+ {
+       return kasprintf(GFP_KERNEL, "vduse/%s", dev_name(dev));
+ }
+ 
+ static void vduse_mgmtdev_release(struct device *dev)
+ {
+ }
+ 
+ static struct device vduse_mgmtdev = {
+       .init_name = "vduse",
+       .release = vduse_mgmtdev_release,
+ };
+ 
+ static struct vdpa_mgmt_dev mgmt_dev;
+ 
+ static int vduse_dev_init_vdpa(struct vduse_dev *dev, const char *name)
+ {
+       struct vduse_vdpa *vdev;
+       int ret;
+ 
+       if (dev->vdev)
+               return -EEXIST;
+ 
+       vdev = vdpa_alloc_device(struct vduse_vdpa, vdpa, dev->dev,
+                                &vduse_vdpa_config_ops, name, true);
+       if (IS_ERR(vdev))
+               return PTR_ERR(vdev);
+ 
+       dev->vdev = vdev;
+       vdev->dev = dev;
+       vdev->vdpa.dev.dma_mask = &vdev->vdpa.dev.coherent_dma_mask;
+       ret = dma_set_mask_and_coherent(&vdev->vdpa.dev, DMA_BIT_MASK(64));
+       if (ret) {
+               put_device(&vdev->vdpa.dev);
+               return ret;
+       }
+       set_dma_ops(&vdev->vdpa.dev, &vduse_dev_dma_ops);
+       vdev->vdpa.dma_dev = &vdev->vdpa.dev;
+       vdev->vdpa.mdev = &mgmt_dev;
+ 
+       return 0;
+ }
+ 
+ static int vdpa_dev_add(struct vdpa_mgmt_dev *mdev, const char *name)
+ {
+       struct vduse_dev *dev;
+       int ret;
+ 
+       mutex_lock(&vduse_lock);
+       dev = vduse_find_dev(name);
+       if (!dev || !vduse_dev_is_ready(dev)) {
+               mutex_unlock(&vduse_lock);
+               return -EINVAL;
+       }
+       ret = vduse_dev_init_vdpa(dev, name);
+       mutex_unlock(&vduse_lock);
+       if (ret)
+               return ret;
+ 
+       ret = _vdpa_register_device(&dev->vdev->vdpa, dev->vq_num);
+       if (ret) {
+               put_device(&dev->vdev->vdpa.dev);
+               return ret;
+       }
+ 
+       return 0;
+ }
+ 
+ static void vdpa_dev_del(struct vdpa_mgmt_dev *mdev, struct vdpa_device *dev)
+ {
+       _vdpa_unregister_device(dev);
+ }
+ 
+ static const struct vdpa_mgmtdev_ops vdpa_dev_mgmtdev_ops = {
+       .dev_add = vdpa_dev_add,
+       .dev_del = vdpa_dev_del,
+ };
+ 
+ static struct virtio_device_id id_table[] = {
+       { VIRTIO_ID_BLOCK, VIRTIO_DEV_ANY_ID },
+       { 0 },
+ };
+ 
+ static struct vdpa_mgmt_dev mgmt_dev = {
+       .device = &vduse_mgmtdev,
+       .id_table = id_table,
+       .ops = &vdpa_dev_mgmtdev_ops,
+ };
+ 
+ static int vduse_mgmtdev_init(void)
+ {
+       int ret;
+ 
+       ret = device_register(&vduse_mgmtdev);
+       if (ret)
+               return ret;
+ 
+       ret = vdpa_mgmtdev_register(&mgmt_dev);
+       if (ret)
+               goto err;
+ 
+       return 0;
+ err:
+       device_unregister(&vduse_mgmtdev);
+       return ret;
+ }
+ 
+ static void vduse_mgmtdev_exit(void)
+ {
+       vdpa_mgmtdev_unregister(&mgmt_dev);
+       device_unregister(&vduse_mgmtdev);
+ }
+ 
+ static int vduse_init(void)
+ {
+       int ret;
+       struct device *dev;
+ 
+       vduse_class = class_create(THIS_MODULE, "vduse");
+       if (IS_ERR(vduse_class))
+               return PTR_ERR(vduse_class);
+ 
+       vduse_class->devnode = vduse_devnode;
+       vduse_class->dev_groups = vduse_dev_groups;
+ 
+       ret = alloc_chrdev_region(&vduse_major, 0, VDUSE_DEV_MAX, "vduse");
+       if (ret)
+               goto err_chardev_region;
+ 
+       /* /dev/vduse/control */
+       cdev_init(&vduse_ctrl_cdev, &vduse_ctrl_fops);
+       vduse_ctrl_cdev.owner = THIS_MODULE;
+       ret = cdev_add(&vduse_ctrl_cdev, vduse_major, 1);
+       if (ret)
+               goto err_ctrl_cdev;
+ 
+       dev = device_create(vduse_class, NULL, vduse_major, NULL, "control");
+       if (IS_ERR(dev)) {
+               ret = PTR_ERR(dev);
+               goto err_device;
+       }
+ 
+       /* /dev/vduse/$DEVICE */
+       cdev_init(&vduse_cdev, &vduse_dev_fops);
+       vduse_cdev.owner = THIS_MODULE;
+       ret = cdev_add(&vduse_cdev, MKDEV(MAJOR(vduse_major), 1),
+                      VDUSE_DEV_MAX - 1);
+       if (ret)
+               goto err_cdev;
+ 
+       vduse_irq_wq = alloc_workqueue("vduse-irq",
+                               WQ_HIGHPRI | WQ_SYSFS | WQ_UNBOUND, 0);
+       if (!vduse_irq_wq)
+               goto err_wq;
+ 
+       ret = vduse_domain_init();
+       if (ret)
+               goto err_domain;
+ 
+       ret = vduse_mgmtdev_init();
+       if (ret)
+               goto err_mgmtdev;
+ 
+       return 0;
+ err_mgmtdev:
+       vduse_domain_exit();
+ err_domain:
+       destroy_workqueue(vduse_irq_wq);
+ err_wq:
+       cdev_del(&vduse_cdev);
+ err_cdev:
+       device_destroy(vduse_class, vduse_major);
+ err_device:
+       cdev_del(&vduse_ctrl_cdev);
+ err_ctrl_cdev:
+       unregister_chrdev_region(vduse_major, VDUSE_DEV_MAX);
+ err_chardev_region:
+       class_destroy(vduse_class);
+       return ret;
+ }
+ module_init(vduse_init);
+ 
+ static void vduse_exit(void)
+ {
+       vduse_mgmtdev_exit();
+       vduse_domain_exit();
+       destroy_workqueue(vduse_irq_wq);
+       cdev_del(&vduse_cdev);
+       device_destroy(vduse_class, vduse_major);
+       cdev_del(&vduse_ctrl_cdev);
+       unregister_chrdev_region(vduse_major, VDUSE_DEV_MAX);
+       class_destroy(vduse_class);
+ }
+ module_exit(vduse_exit);
+ 
+ MODULE_LICENSE(DRV_LICENSE);
+ MODULE_AUTHOR(DRV_AUTHOR);
+ MODULE_DESCRIPTION(DRV_DESC);
diff --combined drivers/virtio/virtio.c

index 1ea0c1f,c46cc1f..588e02f
--- 1/drivers/virtio/virtio.c
--- 2/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@@ -4,6 -4,7 +4,7 @@@
   #include <linux/virtio_config.h>
   #include <linux/module.h>
   #include <linux/idr.h>
+ #include <linux/of.h>
   #include <uapi/linux/virtio_ids.h>
   
   /* Unique numbering for virtio devices. */
@@@ -278,7 -279,7 +279,7 @@@ err
   
   }
   
- -static int virtio_dev_remove(struct device *_d)
+ +static void virtio_dev_remove(struct device *_d)
   {
         struct virtio_device *dev = dev_to_virtio(_d);
         struct virtio_driver *drv = drv_to_virtio(dev->dev.driver);
@@@ -292,6 -293,10 +293,8 @@@
   
         /* Acknowledge the device's existence again. */
         virtio_add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE);
- -
- -      return 0;
+ 
+       of_node_put(dev->dev.of_node);
   }
   
   static struct bus_type virtio_bus = {
@@@ -318,6 -323,43 +321,43 @@@ void unregister_virtio_driver(struct vi
   }
   EXPORT_SYMBOL_GPL(unregister_virtio_driver);
   
+ static int virtio_device_of_init(struct virtio_device *dev)
+ {
+       struct device_node *np, *pnode = dev_of_node(dev->dev.parent);
+       char compat[] = "virtio,deviceXXXXXXXX";
+       int ret, count;
+ 
+       if (!pnode)
+               return 0;
+ 
+       count = of_get_available_child_count(pnode);
+       if (!count)
+               return 0;
+ 
+       /* There can be only 1 child node */
+       if (WARN_ON(count > 1))
+               return -EINVAL;
+ 
+       np = of_get_next_available_child(pnode, NULL);
+       if (WARN_ON(!np))
+               return -ENODEV;
+ 
+       ret = snprintf(compat, sizeof(compat), "virtio,device%x", dev->id.device);
+       BUG_ON(ret >= sizeof(compat));
+ 
+       if (!of_device_is_compatible(np, compat)) {
+               ret = -EINVAL;
+               goto out;
+       }
+ 
+       dev->dev.of_node = np;
+       return 0;
+ 
+ out:
+       of_node_put(np);
+       return ret;
+ }
+ 
   /**
    * register_virtio_device - register virtio device
    * @dev        : virtio device to be registered
@@@ -342,6 -384,10 +382,10 @@@ int register_virtio_device(struct virti
         dev->index = err;
         dev_set_name(&dev->dev, "virtio%u", dev->index);
   
+       err = virtio_device_of_init(dev);
+       if (err)
+               goto out_ida_remove;
+ 
         spin_lock_init(&dev->config_lock);
         dev->config_enabled = false;
         dev->config_change_pending = false;
@@@ -362,10 -408,16 +406,16 @@@
          */
         err = device_add(&dev->dev);
         if (err)
-               ida_simple_remove(&virtio_index_ida, dev->index);
+               goto out_of_node_put;
+ 
+       return 0;
+ 
+ out_of_node_put:
+       of_node_put(dev->dev.of_node);
+ out_ida_remove:
+       ida_simple_remove(&virtio_index_ida, dev->index);
   out:
-       if (err)
-               virtio_add_status(dev, VIRTIO_CONFIG_S_FAILED);
+       virtio_add_status(dev, VIRTIO_CONFIG_S_FAILED);
         return err;
   }
   EXPORT_SYMBOL_GPL(register_virtio_device);
diff --combined fs/file.c

index d8afa82,210e540..8627dac
--- 1/fs/file.c
--- 2/fs/file.c
+++ b/fs/file.c
@@@ -596,32 -596,18 +596,32 @@@ void fd_install(unsigned int fd, struc
   
   EXPORT_SYMBOL(fd_install);
   
+ +/**
+ + * pick_file - return file associatd with fd
+ + * @files: file struct to retrieve file from
+ + * @fd: file descriptor to retrieve file for
+ + *
+ + * If this functions returns an EINVAL error pointer the fd was beyond the
+ + * current maximum number of file descriptors for that fdtable.
+ + *
+ + * Returns: The file associated with @fd, on error returns an error pointer.
+ + */
   static struct file *pick_file(struct files_struct *files, unsigned fd)
   {
- -      struct file *file = NULL;
+ +      struct file *file;
         struct fdtable *fdt;
   
         spin_lock(&files->file_lock);
         fdt = files_fdtable(files);
- -      if (fd >= fdt->max_fds)
+ +      if (fd >= fdt->max_fds) {
+ +              file = ERR_PTR(-EINVAL);
                 goto out_unlock;
+ +      }
         file = fdt->fd[fd];
- -      if (!file)
+ +      if (!file) {
+ +              file = ERR_PTR(-EBADF);
                 goto out_unlock;
+ +      }
         rcu_assign_pointer(fdt->fd[fd], NULL);
         __put_unused_fd(files, fd);
   
@@@ -636,7 -622,7 +636,7 @@@ int close_fd(unsigned fd
         struct file *file;
   
         file = pick_file(files, fd);
- -      if (!file)
+ +      if (IS_ERR(file))
                 return -EBADF;
   
         return filp_close(file, files);
@@@ -677,16 -663,11 +677,16 @@@ static inline void __range_close(struc
                 struct file *file;
   
                 file = pick_file(cur_fds, fd++);
- -              if (!file)
+ +              if (!IS_ERR(file)) {
+ +                      /* found a valid file to close */
+ +                      filp_close(file, cur_fds);
+ +                      cond_resched();
                         continue;
+ +              }
   
- -              filp_close(file, cur_fds);
- -              cond_resched();
+ +              /* beyond the last fd in that table */
+ +              if (PTR_ERR(file) == -EINVAL)
+ +                      return;
         }
   }
   
@@@ -701,6 -682,7 +701,6 @@@
    */
   int __close_range(unsigned fd, unsigned max_fd, unsigned int flags)
   {
- -      unsigned int cur_max;
         struct task_struct *me = current;
         struct files_struct *cur_fds = me->files, *fds = NULL;
   
@@@ -710,26 -692,26 +710,26 @@@
         if (fd > max_fd)
                 return -EINVAL;
   
- -      rcu_read_lock();
- -      cur_max = files_fdtable(cur_fds)->max_fds;
- -      rcu_read_unlock();
- -
- -      /* cap to last valid index into fdtable */
- -      cur_max--;
- -
         if (flags & CLOSE_RANGE_UNSHARE) {
                 int ret;
                 unsigned int max_unshare_fds = NR_OPEN_MAX;
   
                 /*
- -               * If the requested range is greater than the current maximum,
- -               * we're closing everything so only copy all file descriptors
- -               * beneath the lowest file descriptor.
- -               * If the caller requested all fds to be made cloexec copy all
- -               * of the file descriptors since they still want to use them.
+ +               * If the caller requested all fds to be made cloexec we always
+ +               * copy all of the file descriptors since they still want to
+ +               * use them.
                  */
- -              if (!(flags & CLOSE_RANGE_CLOEXEC) && (max_fd >= cur_max))
- -                      max_unshare_fds = fd;
+ +              if (!(flags & CLOSE_RANGE_CLOEXEC)) {
+ +                      /*
+ +                       * If the requested range is greater than the current
+ +                       * maximum, we're closing everything so only copy all
+ +                       * file descriptors beneath the lowest file descriptor.
+ +                       */
+ +                      rcu_read_lock();
+ +                      if (max_fd >= last_fd(files_fdtable(cur_fds)))
+ +                              max_unshare_fds = fd;
+ +                      rcu_read_unlock();
+ +              }
   
                 ret = unshare_fd(CLONE_FILES, max_unshare_fds, &fds);
                 if (ret)
@@@ -743,6 -725,8 +743,6 @@@
                         swap(cur_fds, fds);
         }
   
- -      max_fd = min(max_fd, cur_max);
- -
         if (flags & CLOSE_RANGE_CLOEXEC)
                 __range_cloexec(cur_fds, fd, max_fd);
         else
@@@ -1150,6 -1134,12 +1150,12 @@@ int receive_fd_replace(int new_fd, stru
         return new_fd;
   }
   
+ int receive_fd(struct file *file, unsigned int o_flags)
+ {
+       return __receive_fd(file, NULL, o_flags);
+ }
+ EXPORT_SYMBOL_GPL(receive_fd);
+ 
   static int ksys_dup3(unsigned int oldfd, unsigned int newfd, int flags)
   {
         int err = -EBADF;
diff --combined include/uapi/linux/virtio_ids.h

index 50d352f,3c8e118..80d76b7
--- 1/include/uapi/linux/virtio_ids.h
--- 2/include/uapi/linux/virtio_ids.h
+++ b/include/uapi/linux/virtio_ids.h
@@@ -54,9 -54,18 +54,18 @@@
   #define VIRTIO_ID_SOUND                       25 /* virtio sound */
   #define VIRTIO_ID_FS                  26 /* virtio filesystem */
   #define VIRTIO_ID_PMEM                        27 /* virtio pmem */
+ #define VIRTIO_ID_RPMB                        28 /* virtio rpmb */
   #define VIRTIO_ID_MAC80211_HWSIM      29 /* virtio mac80211-hwsim */
- -#define VIRTIO_ID_SCMI                        32 /* virtio scmi */
+ #define VIRTIO_ID_VIDEO_ENCODER               30 /* virtio video encoder */
+ #define VIRTIO_ID_VIDEO_DECODER               31 /* virtio video decoder */
+ +#define VIRTIO_ID_SCMI                        32 /* virtio SCMI */
+ #define VIRTIO_ID_NITRO_SEC_MOD               33 /* virtio nitro secure module*/
   #define VIRTIO_ID_I2C_ADAPTER         34 /* virtio i2c adapter */
+ #define VIRTIO_ID_WATCHDOG            35 /* virtio watchdog */
+ #define VIRTIO_ID_CAN                 36 /* virtio can */
+ #define VIRTIO_ID_DMABUF              37 /* virtio dmabuf */
+ #define VIRTIO_ID_PARAM_SERV          38 /* virtio parameter server */
+ #define VIRTIO_ID_AUDIO_POLICY                39 /* virtio audio policy */
   #define VIRTIO_ID_BT                  40 /* virtio bluetooth */
   #define VIRTIO_ID_GPIO                        41 /* virtio gpio */
author	Linus Torvalds <torvalds@linux-foundation.org>
	Sat, 11 Sep 2021 21:48:42 +0000 (14:48 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Sat, 11 Sep 2021 21:48:42 +0000 (14:48 -0700)
		1	2
Documentation/userspace-api/ioctl/ioctl-number.rst	patch \|	diff1 \|	diff2 \|	blob \| history
drivers/block/virtio_blk.c	patch \|	diff1 \|	diff2 \|	blob \| history
drivers/iommu/iova.c	patch \|	diff1 \|	diff2 \|	blob \| history
drivers/vdpa/mlx5/net/mlx5_vnet.c	patch \|	diff1 \|	diff2 \|	blob \| history
drivers/vdpa/vdpa.c	patch \|	diff1 \|	diff2 \|	blob \| history
drivers/vdpa/vdpa_user/vduse_dev.c	patch \|	\|	diff2 \|	blob \| history
drivers/virtio/virtio.c	patch \|	diff1 \|	diff2 \|	blob \| history
fs/file.c	patch \|	diff1 \|	diff2 \|	blob \| history
include/uapi/linux/virtio_ids.h	patch \|	diff1 \|	diff2 \|	blob \| history