1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * VFIO core
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
6 * Author: Alex Williamson <alex.williamson@redhat.com>
7 *
8 * Derived from original vfio:
9 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
10 * Author: Tom Lyon, pugs@cisco.com
11 */
12
13 #include <linux/vfio.h>
14 #include <linux/iommufd.h>
15 #include <linux/anon_inodes.h>
16 #include "vfio.h"
17
18 static struct vfio {
19 struct class *class;
20 struct list_head group_list;
21 struct mutex group_lock; /* locks group_list */
22 struct ida group_ida;
23 dev_t group_devt;
24 } vfio;
25
vfio_device_get_from_name(struct vfio_group * group,char * buf)26 static struct vfio_device *vfio_device_get_from_name(struct vfio_group *group,
27 char *buf)
28 {
29 struct vfio_device *it, *device = ERR_PTR(-ENODEV);
30
31 mutex_lock(&group->device_lock);
32 list_for_each_entry(it, &group->device_list, group_next) {
33 int ret;
34
35 if (it->ops->match) {
36 ret = it->ops->match(it, buf);
37 if (ret < 0) {
38 device = ERR_PTR(ret);
39 break;
40 }
41 } else {
42 ret = !strcmp(dev_name(it->dev), buf);
43 }
44
45 if (ret && vfio_device_try_get_registration(it)) {
46 device = it;
47 break;
48 }
49 }
50 mutex_unlock(&group->device_lock);
51
52 return device;
53 }
54
55 /*
56 * VFIO Group fd, /dev/vfio/$GROUP
57 */
vfio_group_has_iommu(struct vfio_group * group)58 static bool vfio_group_has_iommu(struct vfio_group *group)
59 {
60 lockdep_assert_held(&group->group_lock);
61 /*
62 * There can only be users if there is a container, and if there is a
63 * container there must be users.
64 */
65 WARN_ON(!group->container != !group->container_users);
66
67 return group->container || group->iommufd;
68 }
69
70 /*
71 * VFIO_GROUP_UNSET_CONTAINER should fail if there are other users or
72 * if there was no container to unset. Since the ioctl is called on
73 * the group, we know that still exists, therefore the only valid
74 * transition here is 1->0.
75 */
vfio_group_ioctl_unset_container(struct vfio_group * group)76 static int vfio_group_ioctl_unset_container(struct vfio_group *group)
77 {
78 int ret = 0;
79
80 mutex_lock(&group->group_lock);
81 if (!vfio_group_has_iommu(group)) {
82 ret = -EINVAL;
83 goto out_unlock;
84 }
85 if (group->container) {
86 if (group->container_users != 1) {
87 ret = -EBUSY;
88 goto out_unlock;
89 }
90 vfio_group_detach_container(group);
91 }
92 if (group->iommufd) {
93 iommufd_ctx_put(group->iommufd);
94 group->iommufd = NULL;
95 }
96
97 out_unlock:
98 mutex_unlock(&group->group_lock);
99 return ret;
100 }
101
vfio_group_ioctl_set_container(struct vfio_group * group,int __user * arg)102 static int vfio_group_ioctl_set_container(struct vfio_group *group,
103 int __user *arg)
104 {
105 struct vfio_container *container;
106 struct iommufd_ctx *iommufd;
107 struct fd f;
108 int ret;
109 int fd;
110
111 if (get_user(fd, arg))
112 return -EFAULT;
113
114 f = fdget(fd);
115 if (!fd_file(f))
116 return -EBADF;
117
118 mutex_lock(&group->group_lock);
119 if (vfio_group_has_iommu(group)) {
120 ret = -EINVAL;
121 goto out_unlock;
122 }
123 if (!group->iommu_group) {
124 ret = -ENODEV;
125 goto out_unlock;
126 }
127
128 container = vfio_container_from_file(fd_file(f));
129 if (container) {
130 ret = vfio_container_attach_group(container, group);
131 goto out_unlock;
132 }
133
134 iommufd = iommufd_ctx_from_file(fd_file(f));
135 if (!IS_ERR(iommufd)) {
136 if (IS_ENABLED(CONFIG_VFIO_NOIOMMU) &&
137 group->type == VFIO_NO_IOMMU)
138 ret = iommufd_vfio_compat_set_no_iommu(iommufd);
139 else
140 ret = iommufd_vfio_compat_ioas_create(iommufd);
141
142 if (ret) {
143 iommufd_ctx_put(iommufd);
144 goto out_unlock;
145 }
146
147 group->iommufd = iommufd;
148 goto out_unlock;
149 }
150
151 /* The FD passed is not recognized. */
152 ret = -EBADFD;
153
154 out_unlock:
155 mutex_unlock(&group->group_lock);
156 fdput(f);
157 return ret;
158 }
159
vfio_device_group_get_kvm_safe(struct vfio_device * device)160 static void vfio_device_group_get_kvm_safe(struct vfio_device *device)
161 {
162 spin_lock(&device->group->kvm_ref_lock);
163 vfio_device_get_kvm_safe(device, device->group->kvm);
164 spin_unlock(&device->group->kvm_ref_lock);
165 }
166
vfio_df_group_open(struct vfio_device_file * df)167 static int vfio_df_group_open(struct vfio_device_file *df)
168 {
169 struct vfio_device *device = df->device;
170 int ret;
171
172 mutex_lock(&device->group->group_lock);
173 if (!vfio_group_has_iommu(device->group)) {
174 ret = -EINVAL;
175 goto out_unlock;
176 }
177
178 mutex_lock(&device->dev_set->lock);
179
180 /*
181 * Before the first device open, get the KVM pointer currently
182 * associated with the group (if there is one) and obtain a reference
183 * now that will be held until the open_count reaches 0 again. Save
184 * the pointer in the device for use by drivers.
185 */
186 if (device->open_count == 0)
187 vfio_device_group_get_kvm_safe(device);
188
189 df->iommufd = device->group->iommufd;
190 if (df->iommufd && vfio_device_is_noiommu(device) && device->open_count == 0) {
191 /*
192 * Require no compat ioas to be assigned to proceed. The basic
193 * statement is that the user cannot have done something that
194 * implies they expected translation to exist
195 */
196 if (!capable(CAP_SYS_RAWIO) ||
197 vfio_iommufd_device_has_compat_ioas(device, df->iommufd))
198 ret = -EPERM;
199 else
200 ret = 0;
201 goto out_put_kvm;
202 }
203
204 ret = vfio_df_open(df);
205 if (ret)
206 goto out_put_kvm;
207
208 if (df->iommufd && device->open_count == 1) {
209 ret = vfio_iommufd_compat_attach_ioas(device, df->iommufd);
210 if (ret)
211 goto out_close_device;
212 }
213
214 /*
215 * Paired with smp_load_acquire() in vfio_device_fops::ioctl/
216 * read/write/mmap and vfio_file_has_device_access()
217 */
218 smp_store_release(&df->access_granted, true);
219
220 mutex_unlock(&device->dev_set->lock);
221 mutex_unlock(&device->group->group_lock);
222 return 0;
223
224 out_close_device:
225 vfio_df_close(df);
226 out_put_kvm:
227 df->iommufd = NULL;
228 if (device->open_count == 0)
229 vfio_device_put_kvm(device);
230 mutex_unlock(&device->dev_set->lock);
231 out_unlock:
232 mutex_unlock(&device->group->group_lock);
233 return ret;
234 }
235
vfio_df_group_close(struct vfio_device_file * df)236 void vfio_df_group_close(struct vfio_device_file *df)
237 {
238 struct vfio_device *device = df->device;
239
240 mutex_lock(&device->group->group_lock);
241 mutex_lock(&device->dev_set->lock);
242
243 vfio_df_close(df);
244 df->iommufd = NULL;
245
246 if (device->open_count == 0)
247 vfio_device_put_kvm(device);
248
249 mutex_unlock(&device->dev_set->lock);
250 mutex_unlock(&device->group->group_lock);
251 }
252
vfio_device_open_file(struct vfio_device * device)253 static struct file *vfio_device_open_file(struct vfio_device *device)
254 {
255 struct vfio_device_file *df;
256 struct file *filep;
257 int ret;
258
259 df = vfio_allocate_device_file(device);
260 if (IS_ERR(df)) {
261 ret = PTR_ERR(df);
262 goto err_out;
263 }
264
265 df->group = device->group;
266
267 ret = vfio_df_group_open(df);
268 if (ret)
269 goto err_free;
270
271 /*
272 * We can't use anon_inode_getfd() because we need to modify
273 * the f_mode flags directly to allow more than just ioctls
274 */
275 filep = anon_inode_getfile("[vfio-device]", &vfio_device_fops,
276 df, O_RDWR);
277 if (IS_ERR(filep)) {
278 ret = PTR_ERR(filep);
279 goto err_close_device;
280 }
281
282 /*
283 * TODO: add an anon_inode interface to do this.
284 * Appears to be missing by lack of need rather than
285 * explicitly prevented. Now there's need.
286 */
287 filep->f_mode |= (FMODE_PREAD | FMODE_PWRITE);
288
289 /*
290 * Use the pseudo fs inode on the device to link all mmaps
291 * to the same address space, allowing us to unmap all vmas
292 * associated to this device using unmap_mapping_range().
293 */
294 filep->f_mapping = device->inode->i_mapping;
295
296 if (device->group->type == VFIO_NO_IOMMU)
297 dev_warn(device->dev, "vfio-noiommu device opened by user "
298 "(%s:%d)\n", current->comm, task_pid_nr(current));
299 /*
300 * On success the ref of device is moved to the file and
301 * put in vfio_device_fops_release()
302 */
303 return filep;
304
305 err_close_device:
306 vfio_df_group_close(df);
307 err_free:
308 kfree(df);
309 err_out:
310 return ERR_PTR(ret);
311 }
312
vfio_group_ioctl_get_device_fd(struct vfio_group * group,char __user * arg)313 static int vfio_group_ioctl_get_device_fd(struct vfio_group *group,
314 char __user *arg)
315 {
316 struct vfio_device *device;
317 struct file *filep;
318 char *buf;
319 int fdno;
320 int ret;
321
322 buf = strndup_user(arg, PAGE_SIZE);
323 if (IS_ERR(buf))
324 return PTR_ERR(buf);
325
326 device = vfio_device_get_from_name(group, buf);
327 kfree(buf);
328 if (IS_ERR(device))
329 return PTR_ERR(device);
330
331 fdno = get_unused_fd_flags(O_CLOEXEC);
332 if (fdno < 0) {
333 ret = fdno;
334 goto err_put_device;
335 }
336
337 filep = vfio_device_open_file(device);
338 if (IS_ERR(filep)) {
339 ret = PTR_ERR(filep);
340 goto err_put_fdno;
341 }
342
343 fd_install(fdno, filep);
344 return fdno;
345
346 err_put_fdno:
347 put_unused_fd(fdno);
348 err_put_device:
349 vfio_device_put_registration(device);
350 return ret;
351 }
352
vfio_group_ioctl_get_status(struct vfio_group * group,struct vfio_group_status __user * arg)353 static int vfio_group_ioctl_get_status(struct vfio_group *group,
354 struct vfio_group_status __user *arg)
355 {
356 unsigned long minsz = offsetofend(struct vfio_group_status, flags);
357 struct vfio_group_status status;
358
359 if (copy_from_user(&status, arg, minsz))
360 return -EFAULT;
361
362 if (status.argsz < minsz)
363 return -EINVAL;
364
365 status.flags = 0;
366
367 mutex_lock(&group->group_lock);
368 if (!group->iommu_group) {
369 mutex_unlock(&group->group_lock);
370 return -ENODEV;
371 }
372
373 /*
374 * With the container FD the iommu_group_claim_dma_owner() is done
375 * during SET_CONTAINER but for IOMMFD this is done during
376 * VFIO_GROUP_GET_DEVICE_FD. Meaning that with iommufd
377 * VFIO_GROUP_FLAGS_VIABLE could be set but GET_DEVICE_FD will fail due
378 * to viability.
379 */
380 if (vfio_group_has_iommu(group))
381 status.flags |= VFIO_GROUP_FLAGS_CONTAINER_SET |
382 VFIO_GROUP_FLAGS_VIABLE;
383 else if (!iommu_group_dma_owner_claimed(group->iommu_group))
384 status.flags |= VFIO_GROUP_FLAGS_VIABLE;
385 mutex_unlock(&group->group_lock);
386
387 if (copy_to_user(arg, &status, minsz))
388 return -EFAULT;
389 return 0;
390 }
391
vfio_group_fops_unl_ioctl(struct file * filep,unsigned int cmd,unsigned long arg)392 static long vfio_group_fops_unl_ioctl(struct file *filep,
393 unsigned int cmd, unsigned long arg)
394 {
395 struct vfio_group *group = filep->private_data;
396 void __user *uarg = (void __user *)arg;
397
398 switch (cmd) {
399 case VFIO_GROUP_GET_DEVICE_FD:
400 return vfio_group_ioctl_get_device_fd(group, uarg);
401 case VFIO_GROUP_GET_STATUS:
402 return vfio_group_ioctl_get_status(group, uarg);
403 case VFIO_GROUP_SET_CONTAINER:
404 return vfio_group_ioctl_set_container(group, uarg);
405 case VFIO_GROUP_UNSET_CONTAINER:
406 return vfio_group_ioctl_unset_container(group);
407 default:
408 return -ENOTTY;
409 }
410 }
411
vfio_device_block_group(struct vfio_device * device)412 int vfio_device_block_group(struct vfio_device *device)
413 {
414 struct vfio_group *group = device->group;
415 int ret = 0;
416
417 mutex_lock(&group->group_lock);
418 if (group->opened_file) {
419 ret = -EBUSY;
420 goto out_unlock;
421 }
422
423 group->cdev_device_open_cnt++;
424
425 out_unlock:
426 mutex_unlock(&group->group_lock);
427 return ret;
428 }
429
vfio_device_unblock_group(struct vfio_device * device)430 void vfio_device_unblock_group(struct vfio_device *device)
431 {
432 struct vfio_group *group = device->group;
433
434 mutex_lock(&group->group_lock);
435 group->cdev_device_open_cnt--;
436 mutex_unlock(&group->group_lock);
437 }
438
vfio_group_fops_open(struct inode * inode,struct file * filep)439 static int vfio_group_fops_open(struct inode *inode, struct file *filep)
440 {
441 struct vfio_group *group =
442 container_of(inode->i_cdev, struct vfio_group, cdev);
443 int ret;
444
445 mutex_lock(&group->group_lock);
446
447 /*
448 * drivers can be zero if this races with vfio_device_remove_group(), it
449 * will be stable at 0 under the group rwsem
450 */
451 if (refcount_read(&group->drivers) == 0) {
452 ret = -ENODEV;
453 goto out_unlock;
454 }
455
456 if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO)) {
457 ret = -EPERM;
458 goto out_unlock;
459 }
460
461 if (group->cdev_device_open_cnt) {
462 ret = -EBUSY;
463 goto out_unlock;
464 }
465
466 /*
467 * Do we need multiple instances of the group open? Seems not.
468 */
469 if (group->opened_file) {
470 ret = -EBUSY;
471 goto out_unlock;
472 }
473 group->opened_file = filep;
474 filep->private_data = group;
475 ret = 0;
476 out_unlock:
477 mutex_unlock(&group->group_lock);
478 return ret;
479 }
480
vfio_group_fops_release(struct inode * inode,struct file * filep)481 static int vfio_group_fops_release(struct inode *inode, struct file *filep)
482 {
483 struct vfio_group *group = filep->private_data;
484
485 filep->private_data = NULL;
486
487 mutex_lock(&group->group_lock);
488 /*
489 * Device FDs hold a group file reference, therefore the group release
490 * is only called when there are no open devices.
491 */
492 WARN_ON(group->notifier.head);
493 if (group->container)
494 vfio_group_detach_container(group);
495 if (group->iommufd) {
496 iommufd_ctx_put(group->iommufd);
497 group->iommufd = NULL;
498 }
499 group->opened_file = NULL;
500 mutex_unlock(&group->group_lock);
501 return 0;
502 }
503
504 static const struct file_operations vfio_group_fops = {
505 .owner = THIS_MODULE,
506 .unlocked_ioctl = vfio_group_fops_unl_ioctl,
507 .compat_ioctl = compat_ptr_ioctl,
508 .open = vfio_group_fops_open,
509 .release = vfio_group_fops_release,
510 };
511
512 /*
513 * Group objects - create, release, get, put, search
514 */
515 static struct vfio_group *
vfio_group_find_from_iommu(struct iommu_group * iommu_group)516 vfio_group_find_from_iommu(struct iommu_group *iommu_group)
517 {
518 struct vfio_group *group;
519
520 lockdep_assert_held(&vfio.group_lock);
521
522 /*
523 * group->iommu_group from the vfio.group_list cannot be NULL
524 * under the vfio.group_lock.
525 */
526 list_for_each_entry(group, &vfio.group_list, vfio_next) {
527 if (group->iommu_group == iommu_group)
528 return group;
529 }
530 return NULL;
531 }
532
vfio_group_release(struct device * dev)533 static void vfio_group_release(struct device *dev)
534 {
535 struct vfio_group *group = container_of(dev, struct vfio_group, dev);
536
537 mutex_destroy(&group->device_lock);
538 mutex_destroy(&group->group_lock);
539 WARN_ON(group->iommu_group);
540 WARN_ON(group->cdev_device_open_cnt);
541 ida_free(&vfio.group_ida, MINOR(group->dev.devt));
542 kfree(group);
543 }
544
vfio_group_alloc(struct iommu_group * iommu_group,enum vfio_group_type type)545 static struct vfio_group *vfio_group_alloc(struct iommu_group *iommu_group,
546 enum vfio_group_type type)
547 {
548 struct vfio_group *group;
549 int minor;
550
551 group = kzalloc(sizeof(*group), GFP_KERNEL);
552 if (!group)
553 return ERR_PTR(-ENOMEM);
554
555 minor = ida_alloc_max(&vfio.group_ida, MINORMASK, GFP_KERNEL);
556 if (minor < 0) {
557 kfree(group);
558 return ERR_PTR(minor);
559 }
560
561 device_initialize(&group->dev);
562 group->dev.devt = MKDEV(MAJOR(vfio.group_devt), minor);
563 group->dev.class = vfio.class;
564 group->dev.release = vfio_group_release;
565 cdev_init(&group->cdev, &vfio_group_fops);
566 group->cdev.owner = THIS_MODULE;
567
568 refcount_set(&group->drivers, 1);
569 mutex_init(&group->group_lock);
570 spin_lock_init(&group->kvm_ref_lock);
571 INIT_LIST_HEAD(&group->device_list);
572 mutex_init(&group->device_lock);
573 group->iommu_group = iommu_group;
574 /* put in vfio_group_release() */
575 iommu_group_ref_get(iommu_group);
576 group->type = type;
577 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
578
579 return group;
580 }
581
vfio_create_group(struct iommu_group * iommu_group,enum vfio_group_type type)582 static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
583 enum vfio_group_type type)
584 {
585 struct vfio_group *group;
586 struct vfio_group *ret;
587 int err;
588
589 lockdep_assert_held(&vfio.group_lock);
590
591 group = vfio_group_alloc(iommu_group, type);
592 if (IS_ERR(group))
593 return group;
594
595 err = dev_set_name(&group->dev, "%s%d",
596 group->type == VFIO_NO_IOMMU ? "noiommu-" : "",
597 iommu_group_id(iommu_group));
598 if (err) {
599 ret = ERR_PTR(err);
600 goto err_put;
601 }
602
603 err = cdev_device_add(&group->cdev, &group->dev);
604 if (err) {
605 ret = ERR_PTR(err);
606 goto err_put;
607 }
608
609 list_add(&group->vfio_next, &vfio.group_list);
610
611 return group;
612
613 err_put:
614 put_device(&group->dev);
615 return ret;
616 }
617
vfio_noiommu_group_alloc(struct device * dev,enum vfio_group_type type)618 static struct vfio_group *vfio_noiommu_group_alloc(struct device *dev,
619 enum vfio_group_type type)
620 {
621 struct iommu_group *iommu_group;
622 struct vfio_group *group;
623 int ret;
624
625 iommu_group = iommu_group_alloc();
626 if (IS_ERR(iommu_group))
627 return ERR_CAST(iommu_group);
628
629 ret = iommu_group_set_name(iommu_group, "vfio-noiommu");
630 if (ret)
631 goto out_put_group;
632 ret = iommu_group_add_device(iommu_group, dev);
633 if (ret)
634 goto out_put_group;
635
636 mutex_lock(&vfio.group_lock);
637 group = vfio_create_group(iommu_group, type);
638 mutex_unlock(&vfio.group_lock);
639 if (IS_ERR(group)) {
640 ret = PTR_ERR(group);
641 goto out_remove_device;
642 }
643 iommu_group_put(iommu_group);
644 return group;
645
646 out_remove_device:
647 iommu_group_remove_device(dev);
648 out_put_group:
649 iommu_group_put(iommu_group);
650 return ERR_PTR(ret);
651 }
652
vfio_group_has_device(struct vfio_group * group,struct device * dev)653 static bool vfio_group_has_device(struct vfio_group *group, struct device *dev)
654 {
655 struct vfio_device *device;
656
657 mutex_lock(&group->device_lock);
658 list_for_each_entry(device, &group->device_list, group_next) {
659 if (device->dev == dev) {
660 mutex_unlock(&group->device_lock);
661 return true;
662 }
663 }
664 mutex_unlock(&group->device_lock);
665 return false;
666 }
667
vfio_group_find_or_alloc(struct device * dev)668 static struct vfio_group *vfio_group_find_or_alloc(struct device *dev)
669 {
670 struct iommu_group *iommu_group;
671 struct vfio_group *group;
672
673 iommu_group = iommu_group_get(dev);
674 if (!iommu_group && vfio_noiommu) {
675 /*
676 * With noiommu enabled, create an IOMMU group for devices that
677 * don't already have one, implying no IOMMU hardware/driver
678 * exists. Taint the kernel because we're about to give a DMA
679 * capable device to a user without IOMMU protection.
680 */
681 group = vfio_noiommu_group_alloc(dev, VFIO_NO_IOMMU);
682 if (!IS_ERR(group)) {
683 add_taint(TAINT_USER, LOCKDEP_STILL_OK);
684 dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
685 }
686 return group;
687 }
688
689 if (!iommu_group)
690 return ERR_PTR(-EINVAL);
691
692 mutex_lock(&vfio.group_lock);
693 group = vfio_group_find_from_iommu(iommu_group);
694 if (group) {
695 if (WARN_ON(vfio_group_has_device(group, dev)))
696 group = ERR_PTR(-EINVAL);
697 else
698 refcount_inc(&group->drivers);
699 } else {
700 group = vfio_create_group(iommu_group, VFIO_IOMMU);
701 }
702 mutex_unlock(&vfio.group_lock);
703
704 /* The vfio_group holds a reference to the iommu_group */
705 iommu_group_put(iommu_group);
706 return group;
707 }
708
vfio_device_set_group(struct vfio_device * device,enum vfio_group_type type)709 int vfio_device_set_group(struct vfio_device *device,
710 enum vfio_group_type type)
711 {
712 struct vfio_group *group;
713
714 if (type == VFIO_IOMMU)
715 group = vfio_group_find_or_alloc(device->dev);
716 else
717 group = vfio_noiommu_group_alloc(device->dev, type);
718
719 if (IS_ERR(group))
720 return PTR_ERR(group);
721
722 /* Our reference on group is moved to the device */
723 device->group = group;
724 return 0;
725 }
726
vfio_device_remove_group(struct vfio_device * device)727 void vfio_device_remove_group(struct vfio_device *device)
728 {
729 struct vfio_group *group = device->group;
730 struct iommu_group *iommu_group;
731
732 if (group->type == VFIO_NO_IOMMU || group->type == VFIO_EMULATED_IOMMU)
733 iommu_group_remove_device(device->dev);
734
735 /* Pairs with vfio_create_group() / vfio_group_get_from_iommu() */
736 if (!refcount_dec_and_mutex_lock(&group->drivers, &vfio.group_lock))
737 return;
738 list_del(&group->vfio_next);
739
740 /*
741 * We could concurrently probe another driver in the group that might
742 * race vfio_device_remove_group() with vfio_get_group(), so we have to
743 * ensure that the sysfs is all cleaned up under lock otherwise the
744 * cdev_device_add() will fail due to the name aready existing.
745 */
746 cdev_device_del(&group->cdev, &group->dev);
747
748 mutex_lock(&group->group_lock);
749 /*
750 * These data structures all have paired operations that can only be
751 * undone when the caller holds a live reference on the device. Since
752 * all pairs must be undone these WARN_ON's indicate some caller did not
753 * properly hold the group reference.
754 */
755 WARN_ON(!list_empty(&group->device_list));
756 WARN_ON(group->notifier.head);
757
758 /*
759 * Revoke all users of group->iommu_group. At this point we know there
760 * are no devices active because we are unplugging the last one. Setting
761 * iommu_group to NULL blocks all new users.
762 */
763 if (group->container)
764 vfio_group_detach_container(group);
765 iommu_group = group->iommu_group;
766 group->iommu_group = NULL;
767 mutex_unlock(&group->group_lock);
768 mutex_unlock(&vfio.group_lock);
769
770 iommu_group_put(iommu_group);
771 put_device(&group->dev);
772 }
773
vfio_device_group_register(struct vfio_device * device)774 void vfio_device_group_register(struct vfio_device *device)
775 {
776 mutex_lock(&device->group->device_lock);
777 list_add(&device->group_next, &device->group->device_list);
778 mutex_unlock(&device->group->device_lock);
779 }
780
vfio_device_group_unregister(struct vfio_device * device)781 void vfio_device_group_unregister(struct vfio_device *device)
782 {
783 mutex_lock(&device->group->device_lock);
784 list_del(&device->group_next);
785 mutex_unlock(&device->group->device_lock);
786 }
787
vfio_device_group_use_iommu(struct vfio_device * device)788 int vfio_device_group_use_iommu(struct vfio_device *device)
789 {
790 struct vfio_group *group = device->group;
791 int ret = 0;
792
793 lockdep_assert_held(&group->group_lock);
794
795 if (WARN_ON(!group->container))
796 return -EINVAL;
797
798 ret = vfio_group_use_container(group);
799 if (ret)
800 return ret;
801 vfio_device_container_register(device);
802 return 0;
803 }
804
vfio_device_group_unuse_iommu(struct vfio_device * device)805 void vfio_device_group_unuse_iommu(struct vfio_device *device)
806 {
807 struct vfio_group *group = device->group;
808
809 lockdep_assert_held(&group->group_lock);
810
811 if (WARN_ON(!group->container))
812 return;
813
814 vfio_device_container_unregister(device);
815 vfio_group_unuse_container(group);
816 }
817
vfio_device_has_container(struct vfio_device * device)818 bool vfio_device_has_container(struct vfio_device *device)
819 {
820 return device->group->container;
821 }
822
vfio_group_from_file(struct file * file)823 struct vfio_group *vfio_group_from_file(struct file *file)
824 {
825 struct vfio_group *group = file->private_data;
826
827 if (file->f_op != &vfio_group_fops)
828 return NULL;
829 return group;
830 }
831
832 /**
833 * vfio_file_iommu_group - Return the struct iommu_group for the vfio group file
834 * @file: VFIO group file
835 *
836 * The returned iommu_group is valid as long as a ref is held on the file. This
837 * returns a reference on the group. This function is deprecated, only the SPAPR
838 * path in kvm should call it.
839 */
vfio_file_iommu_group(struct file * file)840 struct iommu_group *vfio_file_iommu_group(struct file *file)
841 {
842 struct vfio_group *group = vfio_group_from_file(file);
843 struct iommu_group *iommu_group = NULL;
844
845 if (!IS_ENABLED(CONFIG_SPAPR_TCE_IOMMU))
846 return NULL;
847
848 if (!group)
849 return NULL;
850
851 mutex_lock(&group->group_lock);
852 if (group->iommu_group) {
853 iommu_group = group->iommu_group;
854 iommu_group_ref_get(iommu_group);
855 }
856 mutex_unlock(&group->group_lock);
857 return iommu_group;
858 }
859 EXPORT_SYMBOL_GPL(vfio_file_iommu_group);
860
861 /**
862 * vfio_file_is_group - True if the file is a vfio group file
863 * @file: VFIO group file
864 */
vfio_file_is_group(struct file * file)865 bool vfio_file_is_group(struct file *file)
866 {
867 return vfio_group_from_file(file);
868 }
869 EXPORT_SYMBOL_GPL(vfio_file_is_group);
870
vfio_group_enforced_coherent(struct vfio_group * group)871 bool vfio_group_enforced_coherent(struct vfio_group *group)
872 {
873 struct vfio_device *device;
874 bool ret = true;
875
876 /*
877 * If the device does not have IOMMU_CAP_ENFORCE_CACHE_COHERENCY then
878 * any domain later attached to it will also not support it. If the cap
879 * is set then the iommu_domain eventually attached to the device/group
880 * must use a domain with enforce_cache_coherency().
881 */
882 mutex_lock(&group->device_lock);
883 list_for_each_entry(device, &group->device_list, group_next) {
884 if (!device_iommu_capable(device->dev,
885 IOMMU_CAP_ENFORCE_CACHE_COHERENCY)) {
886 ret = false;
887 break;
888 }
889 }
890 mutex_unlock(&group->device_lock);
891 return ret;
892 }
893
vfio_group_set_kvm(struct vfio_group * group,struct kvm * kvm)894 void vfio_group_set_kvm(struct vfio_group *group, struct kvm *kvm)
895 {
896 spin_lock(&group->kvm_ref_lock);
897 group->kvm = kvm;
898 spin_unlock(&group->kvm_ref_lock);
899 }
900
901 /**
902 * vfio_file_has_dev - True if the VFIO file is a handle for device
903 * @file: VFIO file to check
904 * @device: Device that must be part of the file
905 *
906 * Returns true if given file has permission to manipulate the given device.
907 */
vfio_file_has_dev(struct file * file,struct vfio_device * device)908 bool vfio_file_has_dev(struct file *file, struct vfio_device *device)
909 {
910 struct vfio_group *group = vfio_group_from_file(file);
911
912 if (!group)
913 return false;
914
915 return group == device->group;
916 }
917 EXPORT_SYMBOL_GPL(vfio_file_has_dev);
918
vfio_devnode(const struct device * dev,umode_t * mode)919 static char *vfio_devnode(const struct device *dev, umode_t *mode)
920 {
921 return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
922 }
923
vfio_group_init(void)924 int __init vfio_group_init(void)
925 {
926 int ret;
927
928 ida_init(&vfio.group_ida);
929 mutex_init(&vfio.group_lock);
930 INIT_LIST_HEAD(&vfio.group_list);
931
932 ret = vfio_container_init();
933 if (ret)
934 return ret;
935
936 /* /dev/vfio/$GROUP */
937 vfio.class = class_create("vfio");
938 if (IS_ERR(vfio.class)) {
939 ret = PTR_ERR(vfio.class);
940 goto err_group_class;
941 }
942
943 vfio.class->devnode = vfio_devnode;
944
945 ret = alloc_chrdev_region(&vfio.group_devt, 0, MINORMASK + 1, "vfio");
946 if (ret)
947 goto err_alloc_chrdev;
948 return 0;
949
950 err_alloc_chrdev:
951 class_destroy(vfio.class);
952 vfio.class = NULL;
953 err_group_class:
954 vfio_container_cleanup();
955 return ret;
956 }
957
vfio_group_cleanup(void)958 void vfio_group_cleanup(void)
959 {
960 WARN_ON(!list_empty(&vfio.group_list));
961 ida_destroy(&vfio.group_ida);
962 unregister_chrdev_region(vfio.group_devt, MINORMASK + 1);
963 class_destroy(vfio.class);
964 vfio.class = NULL;
965 vfio_container_cleanup();
966 }
967