1 // SPDX-License-Identifier: GPL-2.0-only
3 * VFIO: IOMMU DMA mapping support for Type1 IOMMU
5 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
6 * Author: Alex Williamson <alex.williamson@redhat.com>
8 * Derived from original vfio:
9 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
10 * Author: Tom Lyon, pugs@cisco.com
12 * We arbitrarily define a Type1 IOMMU as one matching the below code.
13 * It could be called the x86 IOMMU as it's designed for AMD-Vi & Intel
14 * VT-d, but that makes it harder to re-use as theoretically anyone
15 * implementing a similar IOMMU could make use of this. We expect the
16 * IOMMU to support the IOMMU API and have few to no restrictions around
17 * the IOVA range that can be mapped. The Type1 IOMMU is currently
18 * optimized for relatively static mappings of a userspace process with
19 * userpsace pages pinned into memory. We also assume devices and IOMMU
20 * domains are PCI based as the IOMMU API is still centered around a
21 * device/bus interface rather than a group interface.
24 #include <linux/compat.h>
25 #include <linux/device.h>
27 #include <linux/highmem.h>
28 #include <linux/iommu.h>
29 #include <linux/module.h>
31 #include <linux/kthread.h>
32 #include <linux/rbtree.h>
33 #include <linux/sched/signal.h>
34 #include <linux/sched/mm.h>
35 #include <linux/slab.h>
36 #include <linux/uaccess.h>
37 #include <linux/vfio.h>
38 #include <linux/workqueue.h>
39 #include <linux/mdev.h>
40 #include <linux/notifier.h>
41 #include <linux/dma-iommu.h>
42 #include <linux/irqdomain.h>
44 #define DRIVER_VERSION "0.2"
45 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
46 #define DRIVER_DESC "Type1 IOMMU driver for VFIO"
48 static bool allow_unsafe_interrupts;
49 module_param_named(allow_unsafe_interrupts,
50 allow_unsafe_interrupts, bool, S_IRUGO | S_IWUSR);
51 MODULE_PARM_DESC(allow_unsafe_interrupts,
52 "Enable VFIO IOMMU support for on platforms without interrupt remapping support.");
54 static bool disable_hugepages;
55 module_param_named(disable_hugepages,
56 disable_hugepages, bool, S_IRUGO | S_IWUSR);
57 MODULE_PARM_DESC(disable_hugepages,
58 "Disable VFIO IOMMU support for IOMMU hugepages.");
60 static unsigned int dma_entry_limit __read_mostly = U16_MAX;
61 module_param_named(dma_entry_limit, dma_entry_limit, uint, 0644);
62 MODULE_PARM_DESC(dma_entry_limit,
63 "Maximum number of user DMA mappings per container (65535).");
66 struct list_head domain_list;
67 struct list_head iova_list;
68 struct vfio_domain *external_domain; /* domain for external user */
70 struct rb_root dma_list;
71 struct blocking_notifier_head notifier;
72 unsigned int dma_avail;
73 uint64_t pgsize_bitmap;
76 bool dirty_page_tracking;
77 bool pinned_page_dirty_scope;
81 struct iommu_domain *domain;
82 struct list_head next;
83 struct list_head group_list;
84 int prot; /* IOMMU_CACHE */
85 bool fgsp; /* Fine-grained super pages */
90 dma_addr_t iova; /* Device address */
91 unsigned long vaddr; /* Process virtual addr */
92 size_t size; /* Map size (bytes) */
93 int prot; /* IOMMU_READ/WRITE */
95 bool lock_cap; /* capable(CAP_IPC_LOCK) */
96 struct task_struct *task;
97 struct rb_root pfn_list; /* Ex-user pinned pfn list */
98 unsigned long *bitmap;
103 struct page **pages; /* for pin_user_pages_remote */
104 struct page *fallback_page; /* if pages alloc fails */
105 int capacity; /* length of pages array */
109 struct iommu_group *iommu_group;
110 struct list_head next;
111 bool mdev_group; /* An mdev group */
112 bool pinned_page_dirty_scope;
116 struct list_head list;
122 * Guest RAM pinning working set or DMA target
126 dma_addr_t iova; /* Device address */
127 unsigned long pfn; /* Host pfn */
128 unsigned int ref_count;
131 struct vfio_regions {
132 struct list_head list;
138 #define IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu) \
139 (!list_empty(&iommu->domain_list))
141 #define DIRTY_BITMAP_BYTES(n) (ALIGN(n, BITS_PER_TYPE(u64)) / BITS_PER_BYTE)
144 * Input argument of number of bits to bitmap_set() is unsigned integer, which
145 * further casts to signed integer for unaligned multi-bit operation,
147 * Then maximum bitmap size supported is 2^31 bits divided by 2^3 bits/byte,
148 * that is 2^28 (256 MB) which maps to 2^31 * 2^12 = 2^43 (8TB) on 4K page
151 #define DIRTY_BITMAP_PAGES_MAX ((u64)INT_MAX)
152 #define DIRTY_BITMAP_SIZE_MAX DIRTY_BITMAP_BYTES(DIRTY_BITMAP_PAGES_MAX)
154 static int put_pfn(unsigned long pfn, int prot);
156 static struct vfio_group *vfio_iommu_find_iommu_group(struct vfio_iommu *iommu,
157 struct iommu_group *iommu_group);
159 static void update_pinned_page_dirty_scope(struct vfio_iommu *iommu);
161 * This code handles mapping and unmapping of user data buffers
162 * into DMA'ble space using the IOMMU
165 static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu,
166 dma_addr_t start, size_t size)
168 struct rb_node *node = iommu->dma_list.rb_node;
171 struct vfio_dma *dma = rb_entry(node, struct vfio_dma, node);
173 if (start + size <= dma->iova)
174 node = node->rb_left;
175 else if (start >= dma->iova + dma->size)
176 node = node->rb_right;
184 static void vfio_link_dma(struct vfio_iommu *iommu, struct vfio_dma *new)
186 struct rb_node **link = &iommu->dma_list.rb_node, *parent = NULL;
187 struct vfio_dma *dma;
191 dma = rb_entry(parent, struct vfio_dma, node);
193 if (new->iova + new->size <= dma->iova)
194 link = &(*link)->rb_left;
196 link = &(*link)->rb_right;
199 rb_link_node(&new->node, parent, link);
200 rb_insert_color(&new->node, &iommu->dma_list);
203 static void vfio_unlink_dma(struct vfio_iommu *iommu, struct vfio_dma *old)
205 rb_erase(&old->node, &iommu->dma_list);
209 static int vfio_dma_bitmap_alloc(struct vfio_dma *dma, size_t pgsize)
211 uint64_t npages = dma->size / pgsize;
213 if (npages > DIRTY_BITMAP_PAGES_MAX)
217 * Allocate extra 64 bits that are used to calculate shift required for
218 * bitmap_shift_left() to manipulate and club unaligned number of pages
219 * in adjacent vfio_dma ranges.
221 dma->bitmap = kvzalloc(DIRTY_BITMAP_BYTES(npages) + sizeof(u64),
229 static void vfio_dma_bitmap_free(struct vfio_dma *dma)
235 static void vfio_dma_populate_bitmap(struct vfio_dma *dma, size_t pgsize)
238 unsigned long pgshift = __ffs(pgsize);
240 for (p = rb_first(&dma->pfn_list); p; p = rb_next(p)) {
241 struct vfio_pfn *vpfn = rb_entry(p, struct vfio_pfn, node);
243 bitmap_set(dma->bitmap, (vpfn->iova - dma->iova) >> pgshift, 1);
247 static void vfio_iommu_populate_bitmap_full(struct vfio_iommu *iommu)
250 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
252 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
253 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
255 bitmap_set(dma->bitmap, 0, dma->size >> pgshift);
259 static int vfio_dma_bitmap_alloc_all(struct vfio_iommu *iommu, size_t pgsize)
263 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
264 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
267 ret = vfio_dma_bitmap_alloc(dma, pgsize);
271 for (p = rb_prev(n); p; p = rb_prev(p)) {
272 struct vfio_dma *dma = rb_entry(n,
273 struct vfio_dma, node);
275 vfio_dma_bitmap_free(dma);
279 vfio_dma_populate_bitmap(dma, pgsize);
284 static void vfio_dma_bitmap_free_all(struct vfio_iommu *iommu)
288 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
289 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
291 vfio_dma_bitmap_free(dma);
296 * Helper Functions for host iova-pfn list
298 static struct vfio_pfn *vfio_find_vpfn(struct vfio_dma *dma, dma_addr_t iova)
300 struct vfio_pfn *vpfn;
301 struct rb_node *node = dma->pfn_list.rb_node;
304 vpfn = rb_entry(node, struct vfio_pfn, node);
306 if (iova < vpfn->iova)
307 node = node->rb_left;
308 else if (iova > vpfn->iova)
309 node = node->rb_right;
316 static void vfio_link_pfn(struct vfio_dma *dma,
317 struct vfio_pfn *new)
319 struct rb_node **link, *parent = NULL;
320 struct vfio_pfn *vpfn;
322 link = &dma->pfn_list.rb_node;
325 vpfn = rb_entry(parent, struct vfio_pfn, node);
327 if (new->iova < vpfn->iova)
328 link = &(*link)->rb_left;
330 link = &(*link)->rb_right;
333 rb_link_node(&new->node, parent, link);
334 rb_insert_color(&new->node, &dma->pfn_list);
337 static void vfio_unlink_pfn(struct vfio_dma *dma, struct vfio_pfn *old)
339 rb_erase(&old->node, &dma->pfn_list);
342 static int vfio_add_to_pfn_list(struct vfio_dma *dma, dma_addr_t iova,
345 struct vfio_pfn *vpfn;
347 vpfn = kzalloc(sizeof(*vpfn), GFP_KERNEL);
354 vfio_link_pfn(dma, vpfn);
358 static void vfio_remove_from_pfn_list(struct vfio_dma *dma,
359 struct vfio_pfn *vpfn)
361 vfio_unlink_pfn(dma, vpfn);
365 static struct vfio_pfn *vfio_iova_get_vfio_pfn(struct vfio_dma *dma,
368 struct vfio_pfn *vpfn = vfio_find_vpfn(dma, iova);
375 static int vfio_iova_put_vfio_pfn(struct vfio_dma *dma, struct vfio_pfn *vpfn)
380 if (!vpfn->ref_count) {
381 ret = put_pfn(vpfn->pfn, dma->prot);
382 vfio_remove_from_pfn_list(dma, vpfn);
387 static int vfio_lock_acct(struct vfio_dma *dma, long npage, bool async)
389 struct mm_struct *mm;
396 if (async && !mmget_not_zero(mm))
397 return -ESRCH; /* process exited */
399 ret = mmap_write_lock_killable(mm);
401 ret = __account_locked_vm(mm, abs(npage), npage > 0, dma->task,
403 mmap_write_unlock(mm);
413 * Some mappings aren't backed by a struct page, for example an mmap'd
414 * MMIO range for our own or another device. These use a different
415 * pfn conversion and shouldn't be tracked as locked pages.
416 * For compound pages, any driver that sets the reserved bit in head
417 * page needs to set the reserved bit in all subpages to be safe.
419 static bool is_invalid_reserved_pfn(unsigned long pfn)
422 return PageReserved(pfn_to_page(pfn));
427 static int put_pfn(unsigned long pfn, int prot)
429 if (!is_invalid_reserved_pfn(pfn)) {
430 struct page *page = pfn_to_page(pfn);
432 unpin_user_pages_dirty_lock(&page, 1, prot & IOMMU_WRITE);
438 #define VFIO_BATCH_MAX_CAPACITY (PAGE_SIZE / sizeof(struct page *))
440 static void vfio_batch_init(struct vfio_batch *batch)
442 if (unlikely(disable_hugepages))
445 batch->pages = (struct page **) __get_free_page(GFP_KERNEL);
449 batch->capacity = VFIO_BATCH_MAX_CAPACITY;
453 batch->pages = &batch->fallback_page;
457 static void vfio_batch_fini(struct vfio_batch *batch)
459 if (batch->capacity == VFIO_BATCH_MAX_CAPACITY)
460 free_page((unsigned long)batch->pages);
463 static int follow_fault_pfn(struct vm_area_struct *vma, struct mm_struct *mm,
464 unsigned long vaddr, unsigned long *pfn,
471 ret = follow_pte(vma->vm_mm, vaddr, &ptep, &ptl);
473 bool unlocked = false;
475 ret = fixup_user_fault(mm, vaddr,
477 (write_fault ? FAULT_FLAG_WRITE : 0),
485 ret = follow_pte(vma->vm_mm, vaddr, &ptep, &ptl);
490 if (write_fault && !pte_write(*ptep))
493 *pfn = pte_pfn(*ptep);
495 pte_unmap_unlock(ptep, ptl);
500 * Returns the positive number of pfns successfully obtained or a negative
503 static int vaddr_get_pfns(struct mm_struct *mm, unsigned long vaddr,
504 long npages, int prot, unsigned long *pfn,
507 struct vm_area_struct *vma;
508 unsigned int flags = 0;
511 if (prot & IOMMU_WRITE)
515 ret = pin_user_pages_remote(mm, vaddr, npages, flags | FOLL_LONGTERM,
521 * The zero page is always resident, we don't need to pin it
522 * and it falls into our invalid/reserved test so we don't
523 * unpin in put_pfn(). Unpin all zero pages in the batch here.
525 for (i = 0 ; i < ret; i++) {
526 if (unlikely(is_zero_pfn(page_to_pfn(pages[i]))))
527 unpin_user_page(pages[i]);
530 *pfn = page_to_pfn(pages[0]);
534 vaddr = untagged_addr(vaddr);
537 vma = find_vma_intersection(mm, vaddr, vaddr + 1);
539 if (vma && vma->vm_flags & VM_PFNMAP) {
540 ret = follow_fault_pfn(vma, mm, vaddr, pfn, prot & IOMMU_WRITE);
545 if (is_invalid_reserved_pfn(*pfn))
552 mmap_read_unlock(mm);
557 * Attempt to pin pages. We really don't want to track all the pfns and
558 * the iommu can only map chunks of consecutive pfns anyway, so get the
559 * first page and all consecutive pages with the same locking.
561 static long vfio_pin_pages_remote(struct vfio_dma *dma, unsigned long vaddr,
562 long npage, unsigned long *pfn_base,
563 unsigned long limit, struct vfio_batch *batch)
565 unsigned long pfn = 0;
566 long ret, pinned = 0, lock_acct = 0;
568 dma_addr_t iova = vaddr - dma->vaddr + dma->iova;
570 /* This code path is only user initiated */
574 ret = vaddr_get_pfns(current->mm, vaddr, 1, dma->prot, pfn_base,
580 rsvd = is_invalid_reserved_pfn(*pfn_base);
583 * Reserved pages aren't counted against the user, externally pinned
584 * pages are already counted against the user.
586 if (!rsvd && !vfio_find_vpfn(dma, iova)) {
587 if (!dma->lock_cap && current->mm->locked_vm + 1 > limit) {
588 put_pfn(*pfn_base, dma->prot);
589 pr_warn("%s: RLIMIT_MEMLOCK (%ld) exceeded\n", __func__,
590 limit << PAGE_SHIFT);
596 if (unlikely(disable_hugepages))
599 /* Lock all the consecutive pages from pfn_base */
600 for (vaddr += PAGE_SIZE, iova += PAGE_SIZE; pinned < npage;
601 pinned++, vaddr += PAGE_SIZE, iova += PAGE_SIZE) {
602 ret = vaddr_get_pfns(current->mm, vaddr, 1, dma->prot, &pfn,
607 if (pfn != *pfn_base + pinned ||
608 rsvd != is_invalid_reserved_pfn(pfn)) {
609 put_pfn(pfn, dma->prot);
613 if (!rsvd && !vfio_find_vpfn(dma, iova)) {
614 if (!dma->lock_cap &&
615 current->mm->locked_vm + lock_acct + 1 > limit) {
616 put_pfn(pfn, dma->prot);
617 pr_warn("%s: RLIMIT_MEMLOCK (%ld) exceeded\n",
618 __func__, limit << PAGE_SHIFT);
627 ret = vfio_lock_acct(dma, lock_acct, false);
632 for (pfn = *pfn_base ; pinned ; pfn++, pinned--)
633 put_pfn(pfn, dma->prot);
642 static long vfio_unpin_pages_remote(struct vfio_dma *dma, dma_addr_t iova,
643 unsigned long pfn, long npage,
646 long unlocked = 0, locked = 0;
649 for (i = 0; i < npage; i++, iova += PAGE_SIZE) {
650 if (put_pfn(pfn++, dma->prot)) {
652 if (vfio_find_vpfn(dma, iova))
658 vfio_lock_acct(dma, locked - unlocked, true);
663 static int vfio_pin_page_external(struct vfio_dma *dma, unsigned long vaddr,
664 unsigned long *pfn_base, bool do_accounting)
666 struct page *pages[1];
667 struct mm_struct *mm;
671 if (!mmget_not_zero(mm))
674 ret = vaddr_get_pfns(mm, vaddr, 1, dma->prot, pfn_base, pages);
680 if (do_accounting && !is_invalid_reserved_pfn(*pfn_base)) {
681 ret = vfio_lock_acct(dma, 1, false);
683 put_pfn(*pfn_base, dma->prot);
685 pr_warn("%s: Task %s (%d) RLIMIT_MEMLOCK "
686 "(%ld) exceeded\n", __func__,
687 dma->task->comm, task_pid_nr(dma->task),
688 task_rlimit(dma->task, RLIMIT_MEMLOCK));
697 static int vfio_unpin_page_external(struct vfio_dma *dma, dma_addr_t iova,
701 struct vfio_pfn *vpfn = vfio_find_vpfn(dma, iova);
706 unlocked = vfio_iova_put_vfio_pfn(dma, vpfn);
709 vfio_lock_acct(dma, -unlocked, true);
714 static int vfio_iommu_type1_pin_pages(void *iommu_data,
715 struct iommu_group *iommu_group,
716 unsigned long *user_pfn,
718 unsigned long *phys_pfn)
720 struct vfio_iommu *iommu = iommu_data;
721 struct vfio_group *group;
723 unsigned long remote_vaddr;
724 struct vfio_dma *dma;
727 if (!iommu || !user_pfn || !phys_pfn)
730 /* Supported for v2 version only */
734 mutex_lock(&iommu->lock);
736 /* Fail if notifier list is empty */
737 if (!iommu->notifier.head) {
743 * If iommu capable domain exist in the container then all pages are
744 * already pinned and accounted. Accouting should be done if there is no
745 * iommu capable domain in the container.
747 do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu);
749 for (i = 0; i < npage; i++) {
751 struct vfio_pfn *vpfn;
753 iova = user_pfn[i] << PAGE_SHIFT;
754 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
760 if ((dma->prot & prot) != prot) {
765 vpfn = vfio_iova_get_vfio_pfn(dma, iova);
767 phys_pfn[i] = vpfn->pfn;
771 remote_vaddr = dma->vaddr + (iova - dma->iova);
772 ret = vfio_pin_page_external(dma, remote_vaddr, &phys_pfn[i],
777 ret = vfio_add_to_pfn_list(dma, iova, phys_pfn[i]);
779 if (put_pfn(phys_pfn[i], dma->prot) && do_accounting)
780 vfio_lock_acct(dma, -1, true);
784 if (iommu->dirty_page_tracking) {
785 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
788 * Bitmap populated with the smallest supported page
791 bitmap_set(dma->bitmap,
792 (iova - dma->iova) >> pgshift, 1);
797 group = vfio_iommu_find_iommu_group(iommu, iommu_group);
798 if (!group->pinned_page_dirty_scope) {
799 group->pinned_page_dirty_scope = true;
800 update_pinned_page_dirty_scope(iommu);
807 for (j = 0; j < i; j++) {
810 iova = user_pfn[j] << PAGE_SHIFT;
811 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
812 vfio_unpin_page_external(dma, iova, do_accounting);
816 mutex_unlock(&iommu->lock);
820 static int vfio_iommu_type1_unpin_pages(void *iommu_data,
821 unsigned long *user_pfn,
824 struct vfio_iommu *iommu = iommu_data;
828 if (!iommu || !user_pfn)
831 /* Supported for v2 version only */
835 mutex_lock(&iommu->lock);
837 do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu);
838 for (i = 0; i < npage; i++) {
839 struct vfio_dma *dma;
842 iova = user_pfn[i] << PAGE_SHIFT;
843 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
846 vfio_unpin_page_external(dma, iova, do_accounting);
850 mutex_unlock(&iommu->lock);
851 return i > npage ? npage : (i > 0 ? i : -EINVAL);
854 static long vfio_sync_unpin(struct vfio_dma *dma, struct vfio_domain *domain,
855 struct list_head *regions,
856 struct iommu_iotlb_gather *iotlb_gather)
859 struct vfio_regions *entry, *next;
861 iommu_iotlb_sync(domain->domain, iotlb_gather);
863 list_for_each_entry_safe(entry, next, regions, list) {
864 unlocked += vfio_unpin_pages_remote(dma,
866 entry->phys >> PAGE_SHIFT,
867 entry->len >> PAGE_SHIFT,
869 list_del(&entry->list);
879 * Generally, VFIO needs to unpin remote pages after each IOTLB flush.
880 * Therefore, when using IOTLB flush sync interface, VFIO need to keep track
881 * of these regions (currently using a list).
883 * This value specifies maximum number of regions for each IOTLB flush sync.
885 #define VFIO_IOMMU_TLB_SYNC_MAX 512
887 static size_t unmap_unpin_fast(struct vfio_domain *domain,
888 struct vfio_dma *dma, dma_addr_t *iova,
889 size_t len, phys_addr_t phys, long *unlocked,
890 struct list_head *unmapped_list,
892 struct iommu_iotlb_gather *iotlb_gather)
895 struct vfio_regions *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
898 unmapped = iommu_unmap_fast(domain->domain, *iova, len,
906 entry->len = unmapped;
907 list_add_tail(&entry->list, unmapped_list);
915 * Sync if the number of fast-unmap regions hits the limit
916 * or in case of errors.
918 if (*unmapped_cnt >= VFIO_IOMMU_TLB_SYNC_MAX || !unmapped) {
919 *unlocked += vfio_sync_unpin(dma, domain, unmapped_list,
927 static size_t unmap_unpin_slow(struct vfio_domain *domain,
928 struct vfio_dma *dma, dma_addr_t *iova,
929 size_t len, phys_addr_t phys,
932 size_t unmapped = iommu_unmap(domain->domain, *iova, len);
935 *unlocked += vfio_unpin_pages_remote(dma, *iova,
937 unmapped >> PAGE_SHIFT,
945 static long vfio_unmap_unpin(struct vfio_iommu *iommu, struct vfio_dma *dma,
948 dma_addr_t iova = dma->iova, end = dma->iova + dma->size;
949 struct vfio_domain *domain, *d;
950 LIST_HEAD(unmapped_region_list);
951 struct iommu_iotlb_gather iotlb_gather;
952 int unmapped_region_cnt = 0;
958 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
962 * We use the IOMMU to track the physical addresses, otherwise we'd
963 * need a much more complicated tracking system. Unfortunately that
964 * means we need to use one of the iommu domains to figure out the
965 * pfns to unpin. The rest need to be unmapped in advance so we have
966 * no iommu translations remaining when the pages are unpinned.
968 domain = d = list_first_entry(&iommu->domain_list,
969 struct vfio_domain, next);
971 list_for_each_entry_continue(d, &iommu->domain_list, next) {
972 iommu_unmap(d->domain, dma->iova, dma->size);
976 iommu_iotlb_gather_init(&iotlb_gather);
978 size_t unmapped, len;
979 phys_addr_t phys, next;
981 phys = iommu_iova_to_phys(domain->domain, iova);
982 if (WARN_ON(!phys)) {
988 * To optimize for fewer iommu_unmap() calls, each of which
989 * may require hardware cache flushing, try to find the
990 * largest contiguous physical memory chunk to unmap.
992 for (len = PAGE_SIZE;
993 !domain->fgsp && iova + len < end; len += PAGE_SIZE) {
994 next = iommu_iova_to_phys(domain->domain, iova + len);
995 if (next != phys + len)
1000 * First, try to use fast unmap/unpin. In case of failure,
1001 * switch to slow unmap/unpin path.
1003 unmapped = unmap_unpin_fast(domain, dma, &iova, len, phys,
1004 &unlocked, &unmapped_region_list,
1005 &unmapped_region_cnt,
1008 unmapped = unmap_unpin_slow(domain, dma, &iova, len,
1010 if (WARN_ON(!unmapped))
1015 dma->iommu_mapped = false;
1017 if (unmapped_region_cnt) {
1018 unlocked += vfio_sync_unpin(dma, domain, &unmapped_region_list,
1022 if (do_accounting) {
1023 vfio_lock_acct(dma, -unlocked, true);
1029 static void vfio_remove_dma(struct vfio_iommu *iommu, struct vfio_dma *dma)
1031 WARN_ON(!RB_EMPTY_ROOT(&dma->pfn_list));
1032 vfio_unmap_unpin(iommu, dma, true);
1033 vfio_unlink_dma(iommu, dma);
1034 put_task_struct(dma->task);
1036 vfio_dma_bitmap_free(dma);
1041 static void vfio_update_pgsize_bitmap(struct vfio_iommu *iommu)
1043 struct vfio_domain *domain;
1045 iommu->pgsize_bitmap = ULONG_MAX;
1047 list_for_each_entry(domain, &iommu->domain_list, next)
1048 iommu->pgsize_bitmap &= domain->domain->pgsize_bitmap;
1051 * In case the IOMMU supports page sizes smaller than PAGE_SIZE
1052 * we pretend PAGE_SIZE is supported and hide sub-PAGE_SIZE sizes.
1053 * That way the user will be able to map/unmap buffers whose size/
1054 * start address is aligned with PAGE_SIZE. Pinning code uses that
1055 * granularity while iommu driver can use the sub-PAGE_SIZE size
1056 * to map the buffer.
1058 if (iommu->pgsize_bitmap & ~PAGE_MASK) {
1059 iommu->pgsize_bitmap &= PAGE_MASK;
1060 iommu->pgsize_bitmap |= PAGE_SIZE;
1064 static int update_user_bitmap(u64 __user *bitmap, struct vfio_iommu *iommu,
1065 struct vfio_dma *dma, dma_addr_t base_iova,
1068 unsigned long pgshift = __ffs(pgsize);
1069 unsigned long nbits = dma->size >> pgshift;
1070 unsigned long bit_offset = (dma->iova - base_iova) >> pgshift;
1071 unsigned long copy_offset = bit_offset / BITS_PER_LONG;
1072 unsigned long shift = bit_offset % BITS_PER_LONG;
1073 unsigned long leftover;
1076 * mark all pages dirty if any IOMMU capable device is not able
1077 * to report dirty pages and all pages are pinned and mapped.
1079 if (!iommu->pinned_page_dirty_scope && dma->iommu_mapped)
1080 bitmap_set(dma->bitmap, 0, nbits);
1083 bitmap_shift_left(dma->bitmap, dma->bitmap, shift,
1086 if (copy_from_user(&leftover,
1087 (void __user *)(bitmap + copy_offset),
1091 bitmap_or(dma->bitmap, dma->bitmap, &leftover, shift);
1094 if (copy_to_user((void __user *)(bitmap + copy_offset), dma->bitmap,
1095 DIRTY_BITMAP_BYTES(nbits + shift)))
1101 static int vfio_iova_dirty_bitmap(u64 __user *bitmap, struct vfio_iommu *iommu,
1102 dma_addr_t iova, size_t size, size_t pgsize)
1104 struct vfio_dma *dma;
1106 unsigned long pgshift = __ffs(pgsize);
1110 * GET_BITMAP request must fully cover vfio_dma mappings. Multiple
1111 * vfio_dma mappings may be clubbed by specifying large ranges, but
1112 * there must not be any previous mappings bisected by the range.
1113 * An error will be returned if these conditions are not met.
1115 dma = vfio_find_dma(iommu, iova, 1);
1116 if (dma && dma->iova != iova)
1119 dma = vfio_find_dma(iommu, iova + size - 1, 0);
1120 if (dma && dma->iova + dma->size != iova + size)
1123 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
1124 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
1126 if (dma->iova < iova)
1129 if (dma->iova > iova + size - 1)
1132 ret = update_user_bitmap(bitmap, iommu, dma, iova, pgsize);
1137 * Re-populate bitmap to include all pinned pages which are
1138 * considered as dirty but exclude pages which are unpinned and
1139 * pages which are marked dirty by vfio_dma_rw()
1141 bitmap_clear(dma->bitmap, 0, dma->size >> pgshift);
1142 vfio_dma_populate_bitmap(dma, pgsize);
1147 static int verify_bitmap_size(uint64_t npages, uint64_t bitmap_size)
1149 if (!npages || !bitmap_size || (bitmap_size > DIRTY_BITMAP_SIZE_MAX) ||
1150 (bitmap_size < DIRTY_BITMAP_BYTES(npages)))
1156 static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
1157 struct vfio_iommu_type1_dma_unmap *unmap,
1158 struct vfio_bitmap *bitmap)
1160 struct vfio_dma *dma, *dma_last = NULL;
1161 size_t unmapped = 0, pgsize;
1162 int ret = 0, retries = 0;
1163 unsigned long pgshift;
1165 mutex_lock(&iommu->lock);
1167 pgshift = __ffs(iommu->pgsize_bitmap);
1168 pgsize = (size_t)1 << pgshift;
1170 if (unmap->iova & (pgsize - 1)) {
1175 if (!unmap->size || unmap->size & (pgsize - 1)) {
1180 if (unmap->iova + unmap->size - 1 < unmap->iova ||
1181 unmap->size > SIZE_MAX) {
1186 /* When dirty tracking is enabled, allow only min supported pgsize */
1187 if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) &&
1188 (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) {
1193 WARN_ON((pgsize - 1) & PAGE_MASK);
1196 * vfio-iommu-type1 (v1) - User mappings were coalesced together to
1197 * avoid tracking individual mappings. This means that the granularity
1198 * of the original mapping was lost and the user was allowed to attempt
1199 * to unmap any range. Depending on the contiguousness of physical
1200 * memory and page sizes supported by the IOMMU, arbitrary unmaps may
1201 * or may not have worked. We only guaranteed unmap granularity
1202 * matching the original mapping; even though it was untracked here,
1203 * the original mappings are reflected in IOMMU mappings. This
1204 * resulted in a couple unusual behaviors. First, if a range is not
1205 * able to be unmapped, ex. a set of 4k pages that was mapped as a
1206 * 2M hugepage into the IOMMU, the unmap ioctl returns success but with
1207 * a zero sized unmap. Also, if an unmap request overlaps the first
1208 * address of a hugepage, the IOMMU will unmap the entire hugepage.
1209 * This also returns success and the returned unmap size reflects the
1210 * actual size unmapped.
1212 * We attempt to maintain compatibility with this "v1" interface, but
1213 * we take control out of the hands of the IOMMU. Therefore, an unmap
1214 * request offset from the beginning of the original mapping will
1215 * return success with zero sized unmap. And an unmap request covering
1216 * the first iova of mapping will unmap the entire range.
1218 * The v2 version of this interface intends to be more deterministic.
1219 * Unmap requests must fully cover previous mappings. Multiple
1220 * mappings may still be unmaped by specifying large ranges, but there
1221 * must not be any previous mappings bisected by the range. An error
1222 * will be returned if these conditions are not met. The v2 interface
1223 * will only return success and a size of zero if there were no
1224 * mappings within the range.
1227 dma = vfio_find_dma(iommu, unmap->iova, 1);
1228 if (dma && dma->iova != unmap->iova) {
1232 dma = vfio_find_dma(iommu, unmap->iova + unmap->size - 1, 0);
1233 if (dma && dma->iova + dma->size != unmap->iova + unmap->size) {
1239 while ((dma = vfio_find_dma(iommu, unmap->iova, unmap->size))) {
1240 if (!iommu->v2 && unmap->iova > dma->iova)
1243 * Task with same address space who mapped this iova range is
1244 * allowed to unmap the iova range.
1246 if (dma->task->mm != current->mm)
1249 if (!RB_EMPTY_ROOT(&dma->pfn_list)) {
1250 struct vfio_iommu_type1_dma_unmap nb_unmap;
1252 if (dma_last == dma) {
1253 BUG_ON(++retries > 10);
1259 nb_unmap.iova = dma->iova;
1260 nb_unmap.size = dma->size;
1263 * Notify anyone (mdev vendor drivers) to invalidate and
1264 * unmap iovas within the range we're about to unmap.
1265 * Vendor drivers MUST unpin pages in response to an
1268 mutex_unlock(&iommu->lock);
1269 blocking_notifier_call_chain(&iommu->notifier,
1270 VFIO_IOMMU_NOTIFY_DMA_UNMAP,
1272 mutex_lock(&iommu->lock);
1276 if (unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) {
1277 ret = update_user_bitmap(bitmap->data, iommu, dma,
1278 unmap->iova, pgsize);
1283 unmapped += dma->size;
1284 vfio_remove_dma(iommu, dma);
1288 mutex_unlock(&iommu->lock);
1290 /* Report how much was unmapped */
1291 unmap->size = unmapped;
1296 static int vfio_iommu_map(struct vfio_iommu *iommu, dma_addr_t iova,
1297 unsigned long pfn, long npage, int prot)
1299 struct vfio_domain *d;
1302 list_for_each_entry(d, &iommu->domain_list, next) {
1303 ret = iommu_map(d->domain, iova, (phys_addr_t)pfn << PAGE_SHIFT,
1304 npage << PAGE_SHIFT, prot | d->prot);
1314 list_for_each_entry_continue_reverse(d, &iommu->domain_list, next) {
1315 iommu_unmap(d->domain, iova, npage << PAGE_SHIFT);
1322 static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma,
1325 dma_addr_t iova = dma->iova;
1326 unsigned long vaddr = dma->vaddr;
1327 struct vfio_batch batch;
1328 size_t size = map_size;
1330 unsigned long pfn, limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
1333 vfio_batch_init(&batch);
1336 /* Pin a contiguous chunk of memory */
1337 npage = vfio_pin_pages_remote(dma, vaddr + dma->size,
1338 size >> PAGE_SHIFT, &pfn, limit,
1347 ret = vfio_iommu_map(iommu, iova + dma->size, pfn, npage,
1350 vfio_unpin_pages_remote(dma, iova + dma->size, pfn,
1355 size -= npage << PAGE_SHIFT;
1356 dma->size += npage << PAGE_SHIFT;
1359 vfio_batch_fini(&batch);
1360 dma->iommu_mapped = true;
1363 vfio_remove_dma(iommu, dma);
1369 * Check dma map request is within a valid iova range
1371 static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu,
1372 dma_addr_t start, dma_addr_t end)
1374 struct list_head *iova = &iommu->iova_list;
1375 struct vfio_iova *node;
1377 list_for_each_entry(node, iova, list) {
1378 if (start >= node->start && end <= node->end)
1383 * Check for list_empty() as well since a container with
1384 * a single mdev device will have an empty list.
1386 return list_empty(iova);
1389 static int vfio_dma_do_map(struct vfio_iommu *iommu,
1390 struct vfio_iommu_type1_dma_map *map)
1392 dma_addr_t iova = map->iova;
1393 unsigned long vaddr = map->vaddr;
1394 size_t size = map->size;
1395 int ret = 0, prot = 0;
1397 struct vfio_dma *dma;
1399 /* Verify that none of our __u64 fields overflow */
1400 if (map->size != size || map->vaddr != vaddr || map->iova != iova)
1403 /* READ/WRITE from device perspective */
1404 if (map->flags & VFIO_DMA_MAP_FLAG_WRITE)
1405 prot |= IOMMU_WRITE;
1406 if (map->flags & VFIO_DMA_MAP_FLAG_READ)
1409 mutex_lock(&iommu->lock);
1411 pgsize = (size_t)1 << __ffs(iommu->pgsize_bitmap);
1413 WARN_ON((pgsize - 1) & PAGE_MASK);
1415 if (!prot || !size || (size | iova | vaddr) & (pgsize - 1)) {
1420 /* Don't allow IOVA or virtual address wrap */
1421 if (iova + size - 1 < iova || vaddr + size - 1 < vaddr) {
1426 if (vfio_find_dma(iommu, iova, size)) {
1431 if (!iommu->dma_avail) {
1436 if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) {
1441 dma = kzalloc(sizeof(*dma), GFP_KERNEL);
1453 * We need to be able to both add to a task's locked memory and test
1454 * against the locked memory limit and we need to be able to do both
1455 * outside of this call path as pinning can be asynchronous via the
1456 * external interfaces for mdev devices. RLIMIT_MEMLOCK requires a
1457 * task_struct. Save the group_leader so that all DMA tracking uses
1458 * the same task, to make debugging easier. VM locked pages requires
1459 * an mm_struct, so grab the mm in case the task dies.
1461 get_task_struct(current->group_leader);
1462 dma->task = current->group_leader;
1463 dma->lock_cap = capable(CAP_IPC_LOCK);
1464 dma->mm = current->mm;
1467 dma->pfn_list = RB_ROOT;
1469 /* Insert zero-sized and grow as we map chunks of it */
1470 vfio_link_dma(iommu, dma);
1472 /* Don't pin and map if container doesn't contain IOMMU capable domain*/
1473 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
1476 ret = vfio_pin_map_dma(iommu, dma, size);
1478 if (!ret && iommu->dirty_page_tracking) {
1479 ret = vfio_dma_bitmap_alloc(dma, pgsize);
1481 vfio_remove_dma(iommu, dma);
1485 mutex_unlock(&iommu->lock);
1489 static int vfio_bus_type(struct device *dev, void *data)
1491 struct bus_type **bus = data;
1493 if (*bus && *bus != dev->bus)
1501 static int vfio_iommu_replay(struct vfio_iommu *iommu,
1502 struct vfio_domain *domain)
1504 struct vfio_batch batch;
1505 struct vfio_domain *d = NULL;
1507 unsigned long limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
1510 /* Arbitrarily pick the first domain in the list for lookups */
1511 if (!list_empty(&iommu->domain_list))
1512 d = list_first_entry(&iommu->domain_list,
1513 struct vfio_domain, next);
1515 vfio_batch_init(&batch);
1517 n = rb_first(&iommu->dma_list);
1519 for (; n; n = rb_next(n)) {
1520 struct vfio_dma *dma;
1523 dma = rb_entry(n, struct vfio_dma, node);
1526 while (iova < dma->iova + dma->size) {
1530 if (dma->iommu_mapped) {
1534 if (WARN_ON(!d)) { /* mapped w/o a domain?! */
1539 phys = iommu_iova_to_phys(d->domain, iova);
1541 if (WARN_ON(!phys)) {
1549 while (i < dma->iova + dma->size &&
1550 p == iommu_iova_to_phys(d->domain, i)) {
1557 unsigned long vaddr = dma->vaddr +
1559 size_t n = dma->iova + dma->size - iova;
1562 npage = vfio_pin_pages_remote(dma, vaddr,
1572 phys = pfn << PAGE_SHIFT;
1573 size = npage << PAGE_SHIFT;
1576 ret = iommu_map(domain->domain, iova, phys,
1577 size, dma->prot | domain->prot);
1579 if (!dma->iommu_mapped)
1580 vfio_unpin_pages_remote(dma, iova,
1591 /* All dmas are now mapped, defer to second tree walk for unwind */
1592 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
1593 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
1595 dma->iommu_mapped = true;
1598 vfio_batch_fini(&batch);
1602 for (; n; n = rb_prev(n)) {
1603 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
1606 if (dma->iommu_mapped) {
1607 iommu_unmap(domain->domain, dma->iova, dma->size);
1612 while (iova < dma->iova + dma->size) {
1613 phys_addr_t phys, p;
1617 phys = iommu_iova_to_phys(domain->domain, iova);
1626 while (i < dma->iova + dma->size &&
1627 p == iommu_iova_to_phys(domain->domain, i)) {
1633 iommu_unmap(domain->domain, iova, size);
1634 vfio_unpin_pages_remote(dma, iova, phys >> PAGE_SHIFT,
1635 size >> PAGE_SHIFT, true);
1639 vfio_batch_fini(&batch);
1644 * We change our unmap behavior slightly depending on whether the IOMMU
1645 * supports fine-grained superpages. IOMMUs like AMD-Vi will use a superpage
1646 * for practically any contiguous power-of-two mapping we give it. This means
1647 * we don't need to look for contiguous chunks ourselves to make unmapping
1648 * more efficient. On IOMMUs with coarse-grained super pages, like Intel VT-d
1649 * with discrete 2M/1G/512G/1T superpages, identifying contiguous chunks
1650 * significantly boosts non-hugetlbfs mappings and doesn't seem to hurt when
1651 * hugetlbfs is in use.
1653 static void vfio_test_domain_fgsp(struct vfio_domain *domain)
1656 int ret, order = get_order(PAGE_SIZE * 2);
1658 pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, order);
1662 ret = iommu_map(domain->domain, 0, page_to_phys(pages), PAGE_SIZE * 2,
1663 IOMMU_READ | IOMMU_WRITE | domain->prot);
1665 size_t unmapped = iommu_unmap(domain->domain, 0, PAGE_SIZE);
1667 if (unmapped == PAGE_SIZE)
1668 iommu_unmap(domain->domain, PAGE_SIZE, PAGE_SIZE);
1670 domain->fgsp = true;
1673 __free_pages(pages, order);
1676 static struct vfio_group *find_iommu_group(struct vfio_domain *domain,
1677 struct iommu_group *iommu_group)
1679 struct vfio_group *g;
1681 list_for_each_entry(g, &domain->group_list, next) {
1682 if (g->iommu_group == iommu_group)
1689 static struct vfio_group *vfio_iommu_find_iommu_group(struct vfio_iommu *iommu,
1690 struct iommu_group *iommu_group)
1692 struct vfio_domain *domain;
1693 struct vfio_group *group = NULL;
1695 list_for_each_entry(domain, &iommu->domain_list, next) {
1696 group = find_iommu_group(domain, iommu_group);
1701 if (iommu->external_domain)
1702 group = find_iommu_group(iommu->external_domain, iommu_group);
1707 static void update_pinned_page_dirty_scope(struct vfio_iommu *iommu)
1709 struct vfio_domain *domain;
1710 struct vfio_group *group;
1712 list_for_each_entry(domain, &iommu->domain_list, next) {
1713 list_for_each_entry(group, &domain->group_list, next) {
1714 if (!group->pinned_page_dirty_scope) {
1715 iommu->pinned_page_dirty_scope = false;
1721 if (iommu->external_domain) {
1722 domain = iommu->external_domain;
1723 list_for_each_entry(group, &domain->group_list, next) {
1724 if (!group->pinned_page_dirty_scope) {
1725 iommu->pinned_page_dirty_scope = false;
1731 iommu->pinned_page_dirty_scope = true;
1734 static bool vfio_iommu_has_sw_msi(struct list_head *group_resv_regions,
1737 struct iommu_resv_region *region;
1740 list_for_each_entry(region, group_resv_regions, list) {
1742 * The presence of any 'real' MSI regions should take
1743 * precedence over the software-managed one if the
1744 * IOMMU driver happens to advertise both types.
1746 if (region->type == IOMMU_RESV_MSI) {
1751 if (region->type == IOMMU_RESV_SW_MSI) {
1752 *base = region->start;
1760 static struct device *vfio_mdev_get_iommu_device(struct device *dev)
1762 struct device *(*fn)(struct device *dev);
1763 struct device *iommu_device;
1765 fn = symbol_get(mdev_get_iommu_device);
1767 iommu_device = fn(dev);
1768 symbol_put(mdev_get_iommu_device);
1770 return iommu_device;
1776 static int vfio_mdev_attach_domain(struct device *dev, void *data)
1778 struct iommu_domain *domain = data;
1779 struct device *iommu_device;
1781 iommu_device = vfio_mdev_get_iommu_device(dev);
1783 if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
1784 return iommu_aux_attach_device(domain, iommu_device);
1786 return iommu_attach_device(domain, iommu_device);
1792 static int vfio_mdev_detach_domain(struct device *dev, void *data)
1794 struct iommu_domain *domain = data;
1795 struct device *iommu_device;
1797 iommu_device = vfio_mdev_get_iommu_device(dev);
1799 if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
1800 iommu_aux_detach_device(domain, iommu_device);
1802 iommu_detach_device(domain, iommu_device);
1808 static int vfio_iommu_attach_group(struct vfio_domain *domain,
1809 struct vfio_group *group)
1811 if (group->mdev_group)
1812 return iommu_group_for_each_dev(group->iommu_group,
1814 vfio_mdev_attach_domain);
1816 return iommu_attach_group(domain->domain, group->iommu_group);
1819 static void vfio_iommu_detach_group(struct vfio_domain *domain,
1820 struct vfio_group *group)
1822 if (group->mdev_group)
1823 iommu_group_for_each_dev(group->iommu_group, domain->domain,
1824 vfio_mdev_detach_domain);
1826 iommu_detach_group(domain->domain, group->iommu_group);
1829 static bool vfio_bus_is_mdev(struct bus_type *bus)
1831 struct bus_type *mdev_bus;
1834 mdev_bus = symbol_get(mdev_bus_type);
1836 ret = (bus == mdev_bus);
1837 symbol_put(mdev_bus_type);
1843 static int vfio_mdev_iommu_device(struct device *dev, void *data)
1845 struct device **old = data, *new;
1847 new = vfio_mdev_get_iommu_device(dev);
1848 if (!new || (*old && *old != new))
1857 * This is a helper function to insert an address range to iova list.
1858 * The list is initially created with a single entry corresponding to
1859 * the IOMMU domain geometry to which the device group is attached.
1860 * The list aperture gets modified when a new domain is added to the
1861 * container if the new aperture doesn't conflict with the current one
1862 * or with any existing dma mappings. The list is also modified to
1863 * exclude any reserved regions associated with the device group.
1865 static int vfio_iommu_iova_insert(struct list_head *head,
1866 dma_addr_t start, dma_addr_t end)
1868 struct vfio_iova *region;
1870 region = kmalloc(sizeof(*region), GFP_KERNEL);
1874 INIT_LIST_HEAD(®ion->list);
1875 region->start = start;
1878 list_add_tail(®ion->list, head);
1883 * Check the new iommu aperture conflicts with existing aper or with any
1884 * existing dma mappings.
1886 static bool vfio_iommu_aper_conflict(struct vfio_iommu *iommu,
1887 dma_addr_t start, dma_addr_t end)
1889 struct vfio_iova *first, *last;
1890 struct list_head *iova = &iommu->iova_list;
1892 if (list_empty(iova))
1895 /* Disjoint sets, return conflict */
1896 first = list_first_entry(iova, struct vfio_iova, list);
1897 last = list_last_entry(iova, struct vfio_iova, list);
1898 if (start > last->end || end < first->start)
1901 /* Check for any existing dma mappings below the new start */
1902 if (start > first->start) {
1903 if (vfio_find_dma(iommu, first->start, start - first->start))
1907 /* Check for any existing dma mappings beyond the new end */
1908 if (end < last->end) {
1909 if (vfio_find_dma(iommu, end + 1, last->end - end))
1917 * Resize iommu iova aperture window. This is called only if the new
1918 * aperture has no conflict with existing aperture and dma mappings.
1920 static int vfio_iommu_aper_resize(struct list_head *iova,
1921 dma_addr_t start, dma_addr_t end)
1923 struct vfio_iova *node, *next;
1925 if (list_empty(iova))
1926 return vfio_iommu_iova_insert(iova, start, end);
1928 /* Adjust iova list start */
1929 list_for_each_entry_safe(node, next, iova, list) {
1930 if (start < node->start)
1932 if (start >= node->start && start < node->end) {
1933 node->start = start;
1936 /* Delete nodes before new start */
1937 list_del(&node->list);
1941 /* Adjust iova list end */
1942 list_for_each_entry_safe(node, next, iova, list) {
1943 if (end > node->end)
1945 if (end > node->start && end <= node->end) {
1949 /* Delete nodes after new end */
1950 list_del(&node->list);
1958 * Check reserved region conflicts with existing dma mappings
1960 static bool vfio_iommu_resv_conflict(struct vfio_iommu *iommu,
1961 struct list_head *resv_regions)
1963 struct iommu_resv_region *region;
1965 /* Check for conflict with existing dma mappings */
1966 list_for_each_entry(region, resv_regions, list) {
1967 if (region->type == IOMMU_RESV_DIRECT_RELAXABLE)
1970 if (vfio_find_dma(iommu, region->start, region->length))
1978 * Check iova region overlap with reserved regions and
1979 * exclude them from the iommu iova range
1981 static int vfio_iommu_resv_exclude(struct list_head *iova,
1982 struct list_head *resv_regions)
1984 struct iommu_resv_region *resv;
1985 struct vfio_iova *n, *next;
1987 list_for_each_entry(resv, resv_regions, list) {
1988 phys_addr_t start, end;
1990 if (resv->type == IOMMU_RESV_DIRECT_RELAXABLE)
1993 start = resv->start;
1994 end = resv->start + resv->length - 1;
1996 list_for_each_entry_safe(n, next, iova, list) {
2000 if (start > n->end || end < n->start)
2003 * Insert a new node if current node overlaps with the
2004 * reserve region to exlude that from valid iova range.
2005 * Note that, new node is inserted before the current
2006 * node and finally the current node is deleted keeping
2007 * the list updated and sorted.
2009 if (start > n->start)
2010 ret = vfio_iommu_iova_insert(&n->list, n->start,
2012 if (!ret && end < n->end)
2013 ret = vfio_iommu_iova_insert(&n->list, end + 1,
2023 if (list_empty(iova))
2029 static void vfio_iommu_resv_free(struct list_head *resv_regions)
2031 struct iommu_resv_region *n, *next;
2033 list_for_each_entry_safe(n, next, resv_regions, list) {
2039 static void vfio_iommu_iova_free(struct list_head *iova)
2041 struct vfio_iova *n, *next;
2043 list_for_each_entry_safe(n, next, iova, list) {
2049 static int vfio_iommu_iova_get_copy(struct vfio_iommu *iommu,
2050 struct list_head *iova_copy)
2052 struct list_head *iova = &iommu->iova_list;
2053 struct vfio_iova *n;
2056 list_for_each_entry(n, iova, list) {
2057 ret = vfio_iommu_iova_insert(iova_copy, n->start, n->end);
2065 vfio_iommu_iova_free(iova_copy);
2069 static void vfio_iommu_iova_insert_copy(struct vfio_iommu *iommu,
2070 struct list_head *iova_copy)
2072 struct list_head *iova = &iommu->iova_list;
2074 vfio_iommu_iova_free(iova);
2076 list_splice_tail(iova_copy, iova);
2079 static int vfio_iommu_type1_attach_group(void *iommu_data,
2080 struct iommu_group *iommu_group)
2082 struct vfio_iommu *iommu = iommu_data;
2083 struct vfio_group *group;
2084 struct vfio_domain *domain, *d;
2085 struct bus_type *bus = NULL;
2087 bool resv_msi, msi_remap;
2088 phys_addr_t resv_msi_base = 0;
2089 struct iommu_domain_geometry geo;
2090 LIST_HEAD(iova_copy);
2091 LIST_HEAD(group_resv_regions);
2093 mutex_lock(&iommu->lock);
2095 /* Check for duplicates */
2096 if (vfio_iommu_find_iommu_group(iommu, iommu_group)) {
2097 mutex_unlock(&iommu->lock);
2101 group = kzalloc(sizeof(*group), GFP_KERNEL);
2102 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
2103 if (!group || !domain) {
2108 group->iommu_group = iommu_group;
2110 /* Determine bus_type in order to allocate a domain */
2111 ret = iommu_group_for_each_dev(iommu_group, &bus, vfio_bus_type);
2115 if (vfio_bus_is_mdev(bus)) {
2116 struct device *iommu_device = NULL;
2118 group->mdev_group = true;
2120 /* Determine the isolation type */
2121 ret = iommu_group_for_each_dev(iommu_group, &iommu_device,
2122 vfio_mdev_iommu_device);
2123 if (ret || !iommu_device) {
2124 if (!iommu->external_domain) {
2125 INIT_LIST_HEAD(&domain->group_list);
2126 iommu->external_domain = domain;
2127 vfio_update_pgsize_bitmap(iommu);
2132 list_add(&group->next,
2133 &iommu->external_domain->group_list);
2135 * Non-iommu backed group cannot dirty memory directly,
2136 * it can only use interfaces that provide dirty
2138 * The iommu scope can only be promoted with the
2139 * addition of a dirty tracking group.
2141 group->pinned_page_dirty_scope = true;
2142 if (!iommu->pinned_page_dirty_scope)
2143 update_pinned_page_dirty_scope(iommu);
2144 mutex_unlock(&iommu->lock);
2149 bus = iommu_device->bus;
2152 domain->domain = iommu_domain_alloc(bus);
2153 if (!domain->domain) {
2158 if (iommu->nesting) {
2161 ret = iommu_domain_set_attr(domain->domain, DOMAIN_ATTR_NESTING,
2167 ret = vfio_iommu_attach_group(domain, group);
2171 /* Get aperture info */
2172 iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY, &geo);
2174 if (vfio_iommu_aper_conflict(iommu, geo.aperture_start,
2175 geo.aperture_end)) {
2180 ret = iommu_get_group_resv_regions(iommu_group, &group_resv_regions);
2184 if (vfio_iommu_resv_conflict(iommu, &group_resv_regions)) {
2190 * We don't want to work on the original iova list as the list
2191 * gets modified and in case of failure we have to retain the
2192 * original list. Get a copy here.
2194 ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
2198 ret = vfio_iommu_aper_resize(&iova_copy, geo.aperture_start,
2203 ret = vfio_iommu_resv_exclude(&iova_copy, &group_resv_regions);
2207 resv_msi = vfio_iommu_has_sw_msi(&group_resv_regions, &resv_msi_base);
2209 INIT_LIST_HEAD(&domain->group_list);
2210 list_add(&group->next, &domain->group_list);
2212 msi_remap = irq_domain_check_msi_remap() ||
2213 iommu_capable(bus, IOMMU_CAP_INTR_REMAP);
2215 if (!allow_unsafe_interrupts && !msi_remap) {
2216 pr_warn("%s: No interrupt remapping support. Use the module param \"allow_unsafe_interrupts\" to enable VFIO IOMMU support on this platform\n",
2222 if (iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
2223 domain->prot |= IOMMU_CACHE;
2226 * Try to match an existing compatible domain. We don't want to
2227 * preclude an IOMMU driver supporting multiple bus_types and being
2228 * able to include different bus_types in the same IOMMU domain, so
2229 * we test whether the domains use the same iommu_ops rather than
2230 * testing if they're on the same bus_type.
2232 list_for_each_entry(d, &iommu->domain_list, next) {
2233 if (d->domain->ops == domain->domain->ops &&
2234 d->prot == domain->prot) {
2235 vfio_iommu_detach_group(domain, group);
2236 if (!vfio_iommu_attach_group(d, group)) {
2237 list_add(&group->next, &d->group_list);
2238 iommu_domain_free(domain->domain);
2243 ret = vfio_iommu_attach_group(domain, group);
2249 vfio_test_domain_fgsp(domain);
2251 /* replay mappings on new domains */
2252 ret = vfio_iommu_replay(iommu, domain);
2257 ret = iommu_get_msi_cookie(domain->domain, resv_msi_base);
2258 if (ret && ret != -ENODEV)
2262 list_add(&domain->next, &iommu->domain_list);
2263 vfio_update_pgsize_bitmap(iommu);
2265 /* Delete the old one and insert new iova list */
2266 vfio_iommu_iova_insert_copy(iommu, &iova_copy);
2269 * An iommu backed group can dirty memory directly and therefore
2270 * demotes the iommu scope until it declares itself dirty tracking
2271 * capable via the page pinning interface.
2273 iommu->pinned_page_dirty_scope = false;
2274 mutex_unlock(&iommu->lock);
2275 vfio_iommu_resv_free(&group_resv_regions);
2280 vfio_iommu_detach_group(domain, group);
2282 iommu_domain_free(domain->domain);
2283 vfio_iommu_iova_free(&iova_copy);
2284 vfio_iommu_resv_free(&group_resv_regions);
2288 mutex_unlock(&iommu->lock);
2292 static void vfio_iommu_unmap_unpin_all(struct vfio_iommu *iommu)
2294 struct rb_node *node;
2296 while ((node = rb_first(&iommu->dma_list)))
2297 vfio_remove_dma(iommu, rb_entry(node, struct vfio_dma, node));
2300 static void vfio_iommu_unmap_unpin_reaccount(struct vfio_iommu *iommu)
2302 struct rb_node *n, *p;
2304 n = rb_first(&iommu->dma_list);
2305 for (; n; n = rb_next(n)) {
2306 struct vfio_dma *dma;
2307 long locked = 0, unlocked = 0;
2309 dma = rb_entry(n, struct vfio_dma, node);
2310 unlocked += vfio_unmap_unpin(iommu, dma, false);
2311 p = rb_first(&dma->pfn_list);
2312 for (; p; p = rb_next(p)) {
2313 struct vfio_pfn *vpfn = rb_entry(p, struct vfio_pfn,
2316 if (!is_invalid_reserved_pfn(vpfn->pfn))
2319 vfio_lock_acct(dma, locked - unlocked, true);
2324 * Called when a domain is removed in detach. It is possible that
2325 * the removed domain decided the iova aperture window. Modify the
2326 * iova aperture with the smallest window among existing domains.
2328 static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
2329 struct list_head *iova_copy)
2331 struct vfio_domain *domain;
2332 struct iommu_domain_geometry geo;
2333 struct vfio_iova *node;
2334 dma_addr_t start = 0;
2335 dma_addr_t end = (dma_addr_t)~0;
2337 if (list_empty(iova_copy))
2340 list_for_each_entry(domain, &iommu->domain_list, next) {
2341 iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
2343 if (geo.aperture_start > start)
2344 start = geo.aperture_start;
2345 if (geo.aperture_end < end)
2346 end = geo.aperture_end;
2349 /* Modify aperture limits. The new aper is either same or bigger */
2350 node = list_first_entry(iova_copy, struct vfio_iova, list);
2351 node->start = start;
2352 node = list_last_entry(iova_copy, struct vfio_iova, list);
2357 * Called when a group is detached. The reserved regions for that
2358 * group can be part of valid iova now. But since reserved regions
2359 * may be duplicated among groups, populate the iova valid regions
2362 static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
2363 struct list_head *iova_copy)
2365 struct vfio_domain *d;
2366 struct vfio_group *g;
2367 struct vfio_iova *node;
2368 dma_addr_t start, end;
2369 LIST_HEAD(resv_regions);
2372 if (list_empty(iova_copy))
2375 list_for_each_entry(d, &iommu->domain_list, next) {
2376 list_for_each_entry(g, &d->group_list, next) {
2377 ret = iommu_get_group_resv_regions(g->iommu_group,
2384 node = list_first_entry(iova_copy, struct vfio_iova, list);
2385 start = node->start;
2386 node = list_last_entry(iova_copy, struct vfio_iova, list);
2389 /* purge the iova list and create new one */
2390 vfio_iommu_iova_free(iova_copy);
2392 ret = vfio_iommu_aper_resize(iova_copy, start, end);
2396 /* Exclude current reserved regions from iova ranges */
2397 ret = vfio_iommu_resv_exclude(iova_copy, &resv_regions);
2399 vfio_iommu_resv_free(&resv_regions);
2403 static void vfio_iommu_type1_detach_group(void *iommu_data,
2404 struct iommu_group *iommu_group)
2406 struct vfio_iommu *iommu = iommu_data;
2407 struct vfio_domain *domain;
2408 struct vfio_group *group;
2409 bool update_dirty_scope = false;
2410 LIST_HEAD(iova_copy);
2412 mutex_lock(&iommu->lock);
2414 if (iommu->external_domain) {
2415 group = find_iommu_group(iommu->external_domain, iommu_group);
2417 update_dirty_scope = !group->pinned_page_dirty_scope;
2418 list_del(&group->next);
2421 if (list_empty(&iommu->external_domain->group_list)) {
2422 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu)) {
2423 WARN_ON(iommu->notifier.head);
2424 vfio_iommu_unmap_unpin_all(iommu);
2427 kfree(iommu->external_domain);
2428 iommu->external_domain = NULL;
2430 goto detach_group_done;
2435 * Get a copy of iova list. This will be used to update
2436 * and to replace the current one later. Please note that
2437 * we will leave the original list as it is if update fails.
2439 vfio_iommu_iova_get_copy(iommu, &iova_copy);
2441 list_for_each_entry(domain, &iommu->domain_list, next) {
2442 group = find_iommu_group(domain, iommu_group);
2446 vfio_iommu_detach_group(domain, group);
2447 update_dirty_scope = !group->pinned_page_dirty_scope;
2448 list_del(&group->next);
2451 * Group ownership provides privilege, if the group list is
2452 * empty, the domain goes away. If it's the last domain with
2453 * iommu and external domain doesn't exist, then all the
2454 * mappings go away too. If it's the last domain with iommu and
2455 * external domain exist, update accounting
2457 if (list_empty(&domain->group_list)) {
2458 if (list_is_singular(&iommu->domain_list)) {
2459 if (!iommu->external_domain) {
2460 WARN_ON(iommu->notifier.head);
2461 vfio_iommu_unmap_unpin_all(iommu);
2463 vfio_iommu_unmap_unpin_reaccount(iommu);
2466 iommu_domain_free(domain->domain);
2467 list_del(&domain->next);
2469 vfio_iommu_aper_expand(iommu, &iova_copy);
2470 vfio_update_pgsize_bitmap(iommu);
2475 if (!vfio_iommu_resv_refresh(iommu, &iova_copy))
2476 vfio_iommu_iova_insert_copy(iommu, &iova_copy);
2478 vfio_iommu_iova_free(&iova_copy);
2482 * Removal of a group without dirty tracking may allow the iommu scope
2485 if (update_dirty_scope) {
2486 update_pinned_page_dirty_scope(iommu);
2487 if (iommu->dirty_page_tracking)
2488 vfio_iommu_populate_bitmap_full(iommu);
2490 mutex_unlock(&iommu->lock);
2493 static void *vfio_iommu_type1_open(unsigned long arg)
2495 struct vfio_iommu *iommu;
2497 iommu = kzalloc(sizeof(*iommu), GFP_KERNEL);
2499 return ERR_PTR(-ENOMEM);
2502 case VFIO_TYPE1_IOMMU:
2504 case VFIO_TYPE1_NESTING_IOMMU:
2505 iommu->nesting = true;
2507 case VFIO_TYPE1v2_IOMMU:
2512 return ERR_PTR(-EINVAL);
2515 INIT_LIST_HEAD(&iommu->domain_list);
2516 INIT_LIST_HEAD(&iommu->iova_list);
2517 iommu->dma_list = RB_ROOT;
2518 iommu->dma_avail = dma_entry_limit;
2519 mutex_init(&iommu->lock);
2520 BLOCKING_INIT_NOTIFIER_HEAD(&iommu->notifier);
2525 static void vfio_release_domain(struct vfio_domain *domain, bool external)
2527 struct vfio_group *group, *group_tmp;
2529 list_for_each_entry_safe(group, group_tmp,
2530 &domain->group_list, next) {
2532 vfio_iommu_detach_group(domain, group);
2533 list_del(&group->next);
2538 iommu_domain_free(domain->domain);
2541 static void vfio_iommu_type1_release(void *iommu_data)
2543 struct vfio_iommu *iommu = iommu_data;
2544 struct vfio_domain *domain, *domain_tmp;
2546 if (iommu->external_domain) {
2547 vfio_release_domain(iommu->external_domain, true);
2548 kfree(iommu->external_domain);
2551 vfio_iommu_unmap_unpin_all(iommu);
2553 list_for_each_entry_safe(domain, domain_tmp,
2554 &iommu->domain_list, next) {
2555 vfio_release_domain(domain, false);
2556 list_del(&domain->next);
2560 vfio_iommu_iova_free(&iommu->iova_list);
2565 static int vfio_domains_have_iommu_cache(struct vfio_iommu *iommu)
2567 struct vfio_domain *domain;
2570 mutex_lock(&iommu->lock);
2571 list_for_each_entry(domain, &iommu->domain_list, next) {
2572 if (!(domain->prot & IOMMU_CACHE)) {
2577 mutex_unlock(&iommu->lock);
2582 static int vfio_iommu_type1_check_extension(struct vfio_iommu *iommu,
2586 case VFIO_TYPE1_IOMMU:
2587 case VFIO_TYPE1v2_IOMMU:
2588 case VFIO_TYPE1_NESTING_IOMMU:
2590 case VFIO_DMA_CC_IOMMU:
2593 return vfio_domains_have_iommu_cache(iommu);
2599 static int vfio_iommu_iova_add_cap(struct vfio_info_cap *caps,
2600 struct vfio_iommu_type1_info_cap_iova_range *cap_iovas,
2603 struct vfio_info_cap_header *header;
2604 struct vfio_iommu_type1_info_cap_iova_range *iova_cap;
2606 header = vfio_info_cap_add(caps, size,
2607 VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE, 1);
2609 return PTR_ERR(header);
2611 iova_cap = container_of(header,
2612 struct vfio_iommu_type1_info_cap_iova_range,
2614 iova_cap->nr_iovas = cap_iovas->nr_iovas;
2615 memcpy(iova_cap->iova_ranges, cap_iovas->iova_ranges,
2616 cap_iovas->nr_iovas * sizeof(*cap_iovas->iova_ranges));
2620 static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
2621 struct vfio_info_cap *caps)
2623 struct vfio_iommu_type1_info_cap_iova_range *cap_iovas;
2624 struct vfio_iova *iova;
2626 int iovas = 0, i = 0, ret;
2628 list_for_each_entry(iova, &iommu->iova_list, list)
2633 * Return 0 as a container with a single mdev device
2634 * will have an empty list
2639 size = sizeof(*cap_iovas) + (iovas * sizeof(*cap_iovas->iova_ranges));
2641 cap_iovas = kzalloc(size, GFP_KERNEL);
2645 cap_iovas->nr_iovas = iovas;
2647 list_for_each_entry(iova, &iommu->iova_list, list) {
2648 cap_iovas->iova_ranges[i].start = iova->start;
2649 cap_iovas->iova_ranges[i].end = iova->end;
2653 ret = vfio_iommu_iova_add_cap(caps, cap_iovas, size);
2659 static int vfio_iommu_migration_build_caps(struct vfio_iommu *iommu,
2660 struct vfio_info_cap *caps)
2662 struct vfio_iommu_type1_info_cap_migration cap_mig = {};
2664 cap_mig.header.id = VFIO_IOMMU_TYPE1_INFO_CAP_MIGRATION;
2665 cap_mig.header.version = 1;
2668 /* support minimum pgsize */
2669 cap_mig.pgsize_bitmap = (size_t)1 << __ffs(iommu->pgsize_bitmap);
2670 cap_mig.max_dirty_bitmap_size = DIRTY_BITMAP_SIZE_MAX;
2672 return vfio_info_add_capability(caps, &cap_mig.header, sizeof(cap_mig));
2675 static int vfio_iommu_dma_avail_build_caps(struct vfio_iommu *iommu,
2676 struct vfio_info_cap *caps)
2678 struct vfio_iommu_type1_info_dma_avail cap_dma_avail;
2680 cap_dma_avail.header.id = VFIO_IOMMU_TYPE1_INFO_DMA_AVAIL;
2681 cap_dma_avail.header.version = 1;
2683 cap_dma_avail.avail = iommu->dma_avail;
2685 return vfio_info_add_capability(caps, &cap_dma_avail.header,
2686 sizeof(cap_dma_avail));
2689 static int vfio_iommu_type1_get_info(struct vfio_iommu *iommu,
2692 struct vfio_iommu_type1_info info;
2693 unsigned long minsz;
2694 struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
2695 unsigned long capsz;
2698 minsz = offsetofend(struct vfio_iommu_type1_info, iova_pgsizes);
2700 /* For backward compatibility, cannot require this */
2701 capsz = offsetofend(struct vfio_iommu_type1_info, cap_offset);
2703 if (copy_from_user(&info, (void __user *)arg, minsz))
2706 if (info.argsz < minsz)
2709 if (info.argsz >= capsz) {
2711 info.cap_offset = 0; /* output, no-recopy necessary */
2714 mutex_lock(&iommu->lock);
2715 info.flags = VFIO_IOMMU_INFO_PGSIZES;
2717 info.iova_pgsizes = iommu->pgsize_bitmap;
2719 ret = vfio_iommu_migration_build_caps(iommu, &caps);
2722 ret = vfio_iommu_dma_avail_build_caps(iommu, &caps);
2725 ret = vfio_iommu_iova_build_caps(iommu, &caps);
2727 mutex_unlock(&iommu->lock);
2733 info.flags |= VFIO_IOMMU_INFO_CAPS;
2735 if (info.argsz < sizeof(info) + caps.size) {
2736 info.argsz = sizeof(info) + caps.size;
2738 vfio_info_cap_shift(&caps, sizeof(info));
2739 if (copy_to_user((void __user *)arg +
2740 sizeof(info), caps.buf,
2745 info.cap_offset = sizeof(info);
2751 return copy_to_user((void __user *)arg, &info, minsz) ?
2755 static int vfio_iommu_type1_map_dma(struct vfio_iommu *iommu,
2758 struct vfio_iommu_type1_dma_map map;
2759 unsigned long minsz;
2760 uint32_t mask = VFIO_DMA_MAP_FLAG_READ | VFIO_DMA_MAP_FLAG_WRITE;
2762 minsz = offsetofend(struct vfio_iommu_type1_dma_map, size);
2764 if (copy_from_user(&map, (void __user *)arg, minsz))
2767 if (map.argsz < minsz || map.flags & ~mask)
2770 return vfio_dma_do_map(iommu, &map);
2773 static int vfio_iommu_type1_unmap_dma(struct vfio_iommu *iommu,
2776 struct vfio_iommu_type1_dma_unmap unmap;
2777 struct vfio_bitmap bitmap = { 0 };
2778 unsigned long minsz;
2781 minsz = offsetofend(struct vfio_iommu_type1_dma_unmap, size);
2783 if (copy_from_user(&unmap, (void __user *)arg, minsz))
2786 if (unmap.argsz < minsz ||
2787 unmap.flags & ~VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP)
2790 if (unmap.flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) {
2791 unsigned long pgshift;
2793 if (unmap.argsz < (minsz + sizeof(bitmap)))
2796 if (copy_from_user(&bitmap,
2797 (void __user *)(arg + minsz),
2801 if (!access_ok((void __user *)bitmap.data, bitmap.size))
2804 pgshift = __ffs(bitmap.pgsize);
2805 ret = verify_bitmap_size(unmap.size >> pgshift,
2811 ret = vfio_dma_do_unmap(iommu, &unmap, &bitmap);
2815 return copy_to_user((void __user *)arg, &unmap, minsz) ?
2819 static int vfio_iommu_type1_dirty_pages(struct vfio_iommu *iommu,
2822 struct vfio_iommu_type1_dirty_bitmap dirty;
2823 uint32_t mask = VFIO_IOMMU_DIRTY_PAGES_FLAG_START |
2824 VFIO_IOMMU_DIRTY_PAGES_FLAG_STOP |
2825 VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP;
2826 unsigned long minsz;
2832 minsz = offsetofend(struct vfio_iommu_type1_dirty_bitmap, flags);
2834 if (copy_from_user(&dirty, (void __user *)arg, minsz))
2837 if (dirty.argsz < minsz || dirty.flags & ~mask)
2840 /* only one flag should be set at a time */
2841 if (__ffs(dirty.flags) != __fls(dirty.flags))
2844 if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_START) {
2847 mutex_lock(&iommu->lock);
2848 pgsize = 1 << __ffs(iommu->pgsize_bitmap);
2849 if (!iommu->dirty_page_tracking) {
2850 ret = vfio_dma_bitmap_alloc_all(iommu, pgsize);
2852 iommu->dirty_page_tracking = true;
2854 mutex_unlock(&iommu->lock);
2856 } else if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_STOP) {
2857 mutex_lock(&iommu->lock);
2858 if (iommu->dirty_page_tracking) {
2859 iommu->dirty_page_tracking = false;
2860 vfio_dma_bitmap_free_all(iommu);
2862 mutex_unlock(&iommu->lock);
2864 } else if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP) {
2865 struct vfio_iommu_type1_dirty_bitmap_get range;
2866 unsigned long pgshift;
2867 size_t data_size = dirty.argsz - minsz;
2868 size_t iommu_pgsize;
2870 if (!data_size || data_size < sizeof(range))
2873 if (copy_from_user(&range, (void __user *)(arg + minsz),
2877 if (range.iova + range.size < range.iova)
2879 if (!access_ok((void __user *)range.bitmap.data,
2883 pgshift = __ffs(range.bitmap.pgsize);
2884 ret = verify_bitmap_size(range.size >> pgshift,
2889 mutex_lock(&iommu->lock);
2891 iommu_pgsize = (size_t)1 << __ffs(iommu->pgsize_bitmap);
2893 /* allow only smallest supported pgsize */
2894 if (range.bitmap.pgsize != iommu_pgsize) {
2898 if (range.iova & (iommu_pgsize - 1)) {
2902 if (!range.size || range.size & (iommu_pgsize - 1)) {
2907 if (iommu->dirty_page_tracking)
2908 ret = vfio_iova_dirty_bitmap(range.bitmap.data,
2911 range.bitmap.pgsize);
2915 mutex_unlock(&iommu->lock);
2923 static long vfio_iommu_type1_ioctl(void *iommu_data,
2924 unsigned int cmd, unsigned long arg)
2926 struct vfio_iommu *iommu = iommu_data;
2929 case VFIO_CHECK_EXTENSION:
2930 return vfio_iommu_type1_check_extension(iommu, arg);
2931 case VFIO_IOMMU_GET_INFO:
2932 return vfio_iommu_type1_get_info(iommu, arg);
2933 case VFIO_IOMMU_MAP_DMA:
2934 return vfio_iommu_type1_map_dma(iommu, arg);
2935 case VFIO_IOMMU_UNMAP_DMA:
2936 return vfio_iommu_type1_unmap_dma(iommu, arg);
2937 case VFIO_IOMMU_DIRTY_PAGES:
2938 return vfio_iommu_type1_dirty_pages(iommu, arg);
2944 static int vfio_iommu_type1_register_notifier(void *iommu_data,
2945 unsigned long *events,
2946 struct notifier_block *nb)
2948 struct vfio_iommu *iommu = iommu_data;
2950 /* clear known events */
2951 *events &= ~VFIO_IOMMU_NOTIFY_DMA_UNMAP;
2953 /* refuse to register if still events remaining */
2957 return blocking_notifier_chain_register(&iommu->notifier, nb);
2960 static int vfio_iommu_type1_unregister_notifier(void *iommu_data,
2961 struct notifier_block *nb)
2963 struct vfio_iommu *iommu = iommu_data;
2965 return blocking_notifier_chain_unregister(&iommu->notifier, nb);
2968 static int vfio_iommu_type1_dma_rw_chunk(struct vfio_iommu *iommu,
2969 dma_addr_t user_iova, void *data,
2970 size_t count, bool write,
2973 struct mm_struct *mm;
2974 unsigned long vaddr;
2975 struct vfio_dma *dma;
2976 bool kthread = current->mm == NULL;
2981 dma = vfio_find_dma(iommu, user_iova, 1);
2985 if ((write && !(dma->prot & IOMMU_WRITE)) ||
2986 !(dma->prot & IOMMU_READ))
2990 if (!mmget_not_zero(mm))
2995 else if (current->mm != mm)
2998 offset = user_iova - dma->iova;
3000 if (count > dma->size - offset)
3001 count = dma->size - offset;
3003 vaddr = dma->vaddr + offset;
3006 *copied = copy_to_user((void __user *)vaddr, data,
3008 if (*copied && iommu->dirty_page_tracking) {
3009 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
3011 * Bitmap populated with the smallest supported page
3014 bitmap_set(dma->bitmap, offset >> pgshift,
3015 ((offset + *copied - 1) >> pgshift) -
3016 (offset >> pgshift) + 1);
3019 *copied = copy_from_user(data, (void __user *)vaddr,
3022 kthread_unuse_mm(mm);
3025 return *copied ? 0 : -EFAULT;
3028 static int vfio_iommu_type1_dma_rw(void *iommu_data, dma_addr_t user_iova,
3029 void *data, size_t count, bool write)
3031 struct vfio_iommu *iommu = iommu_data;
3035 mutex_lock(&iommu->lock);
3037 ret = vfio_iommu_type1_dma_rw_chunk(iommu, user_iova, data,
3038 count, write, &done);
3047 mutex_unlock(&iommu->lock);
3051 static const struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1 = {
3052 .name = "vfio-iommu-type1",
3053 .owner = THIS_MODULE,
3054 .open = vfio_iommu_type1_open,
3055 .release = vfio_iommu_type1_release,
3056 .ioctl = vfio_iommu_type1_ioctl,
3057 .attach_group = vfio_iommu_type1_attach_group,
3058 .detach_group = vfio_iommu_type1_detach_group,
3059 .pin_pages = vfio_iommu_type1_pin_pages,
3060 .unpin_pages = vfio_iommu_type1_unpin_pages,
3061 .register_notifier = vfio_iommu_type1_register_notifier,
3062 .unregister_notifier = vfio_iommu_type1_unregister_notifier,
3063 .dma_rw = vfio_iommu_type1_dma_rw,
3066 static int __init vfio_iommu_type1_init(void)
3068 return vfio_register_iommu_driver(&vfio_iommu_driver_ops_type1);
3071 static void __exit vfio_iommu_type1_cleanup(void)
3073 vfio_unregister_iommu_driver(&vfio_iommu_driver_ops_type1);
3076 module_init(vfio_iommu_type1_init);
3077 module_exit(vfio_iommu_type1_cleanup);
3079 MODULE_VERSION(DRIVER_VERSION);
3080 MODULE_LICENSE("GPL v2");
3081 MODULE_AUTHOR(DRIVER_AUTHOR);
3082 MODULE_DESCRIPTION(DRIVER_DESC);
projects / releases.git / blob