162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* Copyright (C) 2021 Intel Corporation 362306a36Sopenharmony_ci * Copyright (c) 2021-2022, NVIDIA CORPORATION & AFFILIATES 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * iommufd provides control over the IOMMU HW objects created by IOMMU kernel 662306a36Sopenharmony_ci * drivers. IOMMU HW objects revolve around IO page tables that map incoming DMA 762306a36Sopenharmony_ci * addresses (IOVA) to CPU addresses. 862306a36Sopenharmony_ci */ 962306a36Sopenharmony_ci#define pr_fmt(fmt) "iommufd: " fmt 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ci#include <linux/file.h> 1262306a36Sopenharmony_ci#include <linux/fs.h> 1362306a36Sopenharmony_ci#include <linux/module.h> 1462306a36Sopenharmony_ci#include <linux/slab.h> 1562306a36Sopenharmony_ci#include <linux/miscdevice.h> 1662306a36Sopenharmony_ci#include <linux/mutex.h> 1762306a36Sopenharmony_ci#include <linux/bug.h> 1862306a36Sopenharmony_ci#include <uapi/linux/iommufd.h> 1962306a36Sopenharmony_ci#include <linux/iommufd.h> 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_ci#include "io_pagetable.h" 2262306a36Sopenharmony_ci#include "iommufd_private.h" 2362306a36Sopenharmony_ci#include "iommufd_test.h" 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_cistruct iommufd_object_ops { 2662306a36Sopenharmony_ci void (*destroy)(struct iommufd_object *obj); 2762306a36Sopenharmony_ci void (*abort)(struct iommufd_object *obj); 2862306a36Sopenharmony_ci}; 2962306a36Sopenharmony_cistatic const struct iommufd_object_ops iommufd_object_ops[]; 3062306a36Sopenharmony_cistatic struct miscdevice vfio_misc_dev; 3162306a36Sopenharmony_ci 3262306a36Sopenharmony_cistruct iommufd_object *_iommufd_object_alloc(struct iommufd_ctx *ictx, 3362306a36Sopenharmony_ci size_t size, 3462306a36Sopenharmony_ci enum iommufd_object_type type) 3562306a36Sopenharmony_ci{ 3662306a36Sopenharmony_ci static struct lock_class_key obj_keys[IOMMUFD_OBJ_MAX]; 3762306a36Sopenharmony_ci struct iommufd_object *obj; 3862306a36Sopenharmony_ci int rc; 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci obj = kzalloc(size, GFP_KERNEL_ACCOUNT); 4162306a36Sopenharmony_ci if (!obj) 4262306a36Sopenharmony_ci return ERR_PTR(-ENOMEM); 4362306a36Sopenharmony_ci obj->type = type; 4462306a36Sopenharmony_ci /* 4562306a36Sopenharmony_ci * In most cases the destroy_rwsem is obtained with try so it doesn't 4662306a36Sopenharmony_ci * interact with lockdep, however on destroy we have to sleep. This 4762306a36Sopenharmony_ci * means if we have to destroy an object while holding a get on another 4862306a36Sopenharmony_ci * object it triggers lockdep. Using one locking class per object type 4962306a36Sopenharmony_ci * is a simple and reasonable way to avoid this. 5062306a36Sopenharmony_ci */ 5162306a36Sopenharmony_ci __init_rwsem(&obj->destroy_rwsem, "iommufd_object::destroy_rwsem", 5262306a36Sopenharmony_ci &obj_keys[type]); 5362306a36Sopenharmony_ci refcount_set(&obj->users, 1); 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci /* 5662306a36Sopenharmony_ci * Reserve an ID in the xarray but do not publish the pointer yet since 5762306a36Sopenharmony_ci * the caller hasn't initialized it yet. Once the pointer is published 5862306a36Sopenharmony_ci * in the xarray and visible to other threads we can't reliably destroy 5962306a36Sopenharmony_ci * it anymore, so the caller must complete all errorable operations 6062306a36Sopenharmony_ci * before calling iommufd_object_finalize(). 6162306a36Sopenharmony_ci */ 6262306a36Sopenharmony_ci rc = xa_alloc(&ictx->objects, &obj->id, XA_ZERO_ENTRY, 6362306a36Sopenharmony_ci xa_limit_31b, GFP_KERNEL_ACCOUNT); 6462306a36Sopenharmony_ci if (rc) 6562306a36Sopenharmony_ci goto out_free; 6662306a36Sopenharmony_ci return obj; 6762306a36Sopenharmony_ciout_free: 6862306a36Sopenharmony_ci kfree(obj); 6962306a36Sopenharmony_ci return ERR_PTR(rc); 7062306a36Sopenharmony_ci} 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_ci/* 7362306a36Sopenharmony_ci * Allow concurrent access to the object. 7462306a36Sopenharmony_ci * 7562306a36Sopenharmony_ci * Once another thread can see the object pointer it can prevent object 7662306a36Sopenharmony_ci * destruction. Expect for special kernel-only objects there is no in-kernel way 7762306a36Sopenharmony_ci * to reliably destroy a single object. Thus all APIs that are creating objects 7862306a36Sopenharmony_ci * must use iommufd_object_abort() to handle their errors and only call 7962306a36Sopenharmony_ci * iommufd_object_finalize() once object creation cannot fail. 8062306a36Sopenharmony_ci */ 8162306a36Sopenharmony_civoid iommufd_object_finalize(struct iommufd_ctx *ictx, 8262306a36Sopenharmony_ci struct iommufd_object *obj) 8362306a36Sopenharmony_ci{ 8462306a36Sopenharmony_ci void *old; 8562306a36Sopenharmony_ci 8662306a36Sopenharmony_ci old = xa_store(&ictx->objects, obj->id, obj, GFP_KERNEL); 8762306a36Sopenharmony_ci /* obj->id was returned from xa_alloc() so the xa_store() cannot fail */ 8862306a36Sopenharmony_ci WARN_ON(old); 8962306a36Sopenharmony_ci} 9062306a36Sopenharmony_ci 9162306a36Sopenharmony_ci/* Undo _iommufd_object_alloc() if iommufd_object_finalize() was not called */ 9262306a36Sopenharmony_civoid iommufd_object_abort(struct iommufd_ctx *ictx, struct iommufd_object *obj) 9362306a36Sopenharmony_ci{ 9462306a36Sopenharmony_ci void *old; 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci old = xa_erase(&ictx->objects, obj->id); 9762306a36Sopenharmony_ci WARN_ON(old); 9862306a36Sopenharmony_ci kfree(obj); 9962306a36Sopenharmony_ci} 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_ci/* 10262306a36Sopenharmony_ci * Abort an object that has been fully initialized and needs destroy, but has 10362306a36Sopenharmony_ci * not been finalized. 10462306a36Sopenharmony_ci */ 10562306a36Sopenharmony_civoid iommufd_object_abort_and_destroy(struct iommufd_ctx *ictx, 10662306a36Sopenharmony_ci struct iommufd_object *obj) 10762306a36Sopenharmony_ci{ 10862306a36Sopenharmony_ci if (iommufd_object_ops[obj->type].abort) 10962306a36Sopenharmony_ci iommufd_object_ops[obj->type].abort(obj); 11062306a36Sopenharmony_ci else 11162306a36Sopenharmony_ci iommufd_object_ops[obj->type].destroy(obj); 11262306a36Sopenharmony_ci iommufd_object_abort(ictx, obj); 11362306a36Sopenharmony_ci} 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_cistruct iommufd_object *iommufd_get_object(struct iommufd_ctx *ictx, u32 id, 11662306a36Sopenharmony_ci enum iommufd_object_type type) 11762306a36Sopenharmony_ci{ 11862306a36Sopenharmony_ci struct iommufd_object *obj; 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci if (iommufd_should_fail()) 12162306a36Sopenharmony_ci return ERR_PTR(-ENOENT); 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci xa_lock(&ictx->objects); 12462306a36Sopenharmony_ci obj = xa_load(&ictx->objects, id); 12562306a36Sopenharmony_ci if (!obj || (type != IOMMUFD_OBJ_ANY && obj->type != type) || 12662306a36Sopenharmony_ci !iommufd_lock_obj(obj)) 12762306a36Sopenharmony_ci obj = ERR_PTR(-ENOENT); 12862306a36Sopenharmony_ci xa_unlock(&ictx->objects); 12962306a36Sopenharmony_ci return obj; 13062306a36Sopenharmony_ci} 13162306a36Sopenharmony_ci 13262306a36Sopenharmony_ci/* 13362306a36Sopenharmony_ci * Remove the given object id from the xarray if the only reference to the 13462306a36Sopenharmony_ci * object is held by the xarray. The caller must call ops destroy(). 13562306a36Sopenharmony_ci */ 13662306a36Sopenharmony_cistatic struct iommufd_object *iommufd_object_remove(struct iommufd_ctx *ictx, 13762306a36Sopenharmony_ci u32 id, bool extra_put) 13862306a36Sopenharmony_ci{ 13962306a36Sopenharmony_ci struct iommufd_object *obj; 14062306a36Sopenharmony_ci XA_STATE(xas, &ictx->objects, id); 14162306a36Sopenharmony_ci 14262306a36Sopenharmony_ci xa_lock(&ictx->objects); 14362306a36Sopenharmony_ci obj = xas_load(&xas); 14462306a36Sopenharmony_ci if (xa_is_zero(obj) || !obj) { 14562306a36Sopenharmony_ci obj = ERR_PTR(-ENOENT); 14662306a36Sopenharmony_ci goto out_xa; 14762306a36Sopenharmony_ci } 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_ci /* 15062306a36Sopenharmony_ci * If the caller is holding a ref on obj we put it here under the 15162306a36Sopenharmony_ci * spinlock. 15262306a36Sopenharmony_ci */ 15362306a36Sopenharmony_ci if (extra_put) 15462306a36Sopenharmony_ci refcount_dec(&obj->users); 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci if (!refcount_dec_if_one(&obj->users)) { 15762306a36Sopenharmony_ci obj = ERR_PTR(-EBUSY); 15862306a36Sopenharmony_ci goto out_xa; 15962306a36Sopenharmony_ci } 16062306a36Sopenharmony_ci 16162306a36Sopenharmony_ci xas_store(&xas, NULL); 16262306a36Sopenharmony_ci if (ictx->vfio_ioas == container_of(obj, struct iommufd_ioas, obj)) 16362306a36Sopenharmony_ci ictx->vfio_ioas = NULL; 16462306a36Sopenharmony_ci 16562306a36Sopenharmony_ciout_xa: 16662306a36Sopenharmony_ci xa_unlock(&ictx->objects); 16762306a36Sopenharmony_ci 16862306a36Sopenharmony_ci /* The returned object reference count is zero */ 16962306a36Sopenharmony_ci return obj; 17062306a36Sopenharmony_ci} 17162306a36Sopenharmony_ci 17262306a36Sopenharmony_ci/* 17362306a36Sopenharmony_ci * The caller holds a users refcount and wants to destroy the object. Returns 17462306a36Sopenharmony_ci * true if the object was destroyed. In all cases the caller no longer has a 17562306a36Sopenharmony_ci * reference on obj. 17662306a36Sopenharmony_ci */ 17762306a36Sopenharmony_civoid __iommufd_object_destroy_user(struct iommufd_ctx *ictx, 17862306a36Sopenharmony_ci struct iommufd_object *obj, bool allow_fail) 17962306a36Sopenharmony_ci{ 18062306a36Sopenharmony_ci struct iommufd_object *ret; 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_ci /* 18362306a36Sopenharmony_ci * The purpose of the destroy_rwsem is to ensure deterministic 18462306a36Sopenharmony_ci * destruction of objects used by external drivers and destroyed by this 18562306a36Sopenharmony_ci * function. Any temporary increment of the refcount must hold the read 18662306a36Sopenharmony_ci * side of this, such as during ioctl execution. 18762306a36Sopenharmony_ci */ 18862306a36Sopenharmony_ci down_write(&obj->destroy_rwsem); 18962306a36Sopenharmony_ci ret = iommufd_object_remove(ictx, obj->id, true); 19062306a36Sopenharmony_ci up_write(&obj->destroy_rwsem); 19162306a36Sopenharmony_ci 19262306a36Sopenharmony_ci if (allow_fail && IS_ERR(ret)) 19362306a36Sopenharmony_ci return; 19462306a36Sopenharmony_ci 19562306a36Sopenharmony_ci /* 19662306a36Sopenharmony_ci * If there is a bug and we couldn't destroy the object then we did put 19762306a36Sopenharmony_ci * back the caller's refcount and will eventually try to free it again 19862306a36Sopenharmony_ci * during close. 19962306a36Sopenharmony_ci */ 20062306a36Sopenharmony_ci if (WARN_ON(IS_ERR(ret))) 20162306a36Sopenharmony_ci return; 20262306a36Sopenharmony_ci 20362306a36Sopenharmony_ci iommufd_object_ops[obj->type].destroy(obj); 20462306a36Sopenharmony_ci kfree(obj); 20562306a36Sopenharmony_ci} 20662306a36Sopenharmony_ci 20762306a36Sopenharmony_cistatic int iommufd_destroy(struct iommufd_ucmd *ucmd) 20862306a36Sopenharmony_ci{ 20962306a36Sopenharmony_ci struct iommu_destroy *cmd = ucmd->cmd; 21062306a36Sopenharmony_ci struct iommufd_object *obj; 21162306a36Sopenharmony_ci 21262306a36Sopenharmony_ci obj = iommufd_object_remove(ucmd->ictx, cmd->id, false); 21362306a36Sopenharmony_ci if (IS_ERR(obj)) 21462306a36Sopenharmony_ci return PTR_ERR(obj); 21562306a36Sopenharmony_ci iommufd_object_ops[obj->type].destroy(obj); 21662306a36Sopenharmony_ci kfree(obj); 21762306a36Sopenharmony_ci return 0; 21862306a36Sopenharmony_ci} 21962306a36Sopenharmony_ci 22062306a36Sopenharmony_cistatic int iommufd_fops_open(struct inode *inode, struct file *filp) 22162306a36Sopenharmony_ci{ 22262306a36Sopenharmony_ci struct iommufd_ctx *ictx; 22362306a36Sopenharmony_ci 22462306a36Sopenharmony_ci ictx = kzalloc(sizeof(*ictx), GFP_KERNEL_ACCOUNT); 22562306a36Sopenharmony_ci if (!ictx) 22662306a36Sopenharmony_ci return -ENOMEM; 22762306a36Sopenharmony_ci 22862306a36Sopenharmony_ci /* 22962306a36Sopenharmony_ci * For compatibility with VFIO when /dev/vfio/vfio is opened we default 23062306a36Sopenharmony_ci * to the same rlimit accounting as vfio uses. 23162306a36Sopenharmony_ci */ 23262306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER) && 23362306a36Sopenharmony_ci filp->private_data == &vfio_misc_dev) { 23462306a36Sopenharmony_ci ictx->account_mode = IOPT_PAGES_ACCOUNT_MM; 23562306a36Sopenharmony_ci pr_info_once("IOMMUFD is providing /dev/vfio/vfio, not VFIO.\n"); 23662306a36Sopenharmony_ci } 23762306a36Sopenharmony_ci 23862306a36Sopenharmony_ci xa_init_flags(&ictx->objects, XA_FLAGS_ALLOC1 | XA_FLAGS_ACCOUNT); 23962306a36Sopenharmony_ci xa_init(&ictx->groups); 24062306a36Sopenharmony_ci ictx->file = filp; 24162306a36Sopenharmony_ci filp->private_data = ictx; 24262306a36Sopenharmony_ci return 0; 24362306a36Sopenharmony_ci} 24462306a36Sopenharmony_ci 24562306a36Sopenharmony_cistatic int iommufd_fops_release(struct inode *inode, struct file *filp) 24662306a36Sopenharmony_ci{ 24762306a36Sopenharmony_ci struct iommufd_ctx *ictx = filp->private_data; 24862306a36Sopenharmony_ci struct iommufd_object *obj; 24962306a36Sopenharmony_ci 25062306a36Sopenharmony_ci /* 25162306a36Sopenharmony_ci * The objects in the xarray form a graph of "users" counts, and we have 25262306a36Sopenharmony_ci * to destroy them in a depth first manner. Leaf objects will reduce the 25362306a36Sopenharmony_ci * users count of interior objects when they are destroyed. 25462306a36Sopenharmony_ci * 25562306a36Sopenharmony_ci * Repeatedly destroying all the "1 users" leaf objects will progress 25662306a36Sopenharmony_ci * until the entire list is destroyed. If this can't progress then there 25762306a36Sopenharmony_ci * is some bug related to object refcounting. 25862306a36Sopenharmony_ci */ 25962306a36Sopenharmony_ci while (!xa_empty(&ictx->objects)) { 26062306a36Sopenharmony_ci unsigned int destroyed = 0; 26162306a36Sopenharmony_ci unsigned long index; 26262306a36Sopenharmony_ci 26362306a36Sopenharmony_ci xa_for_each(&ictx->objects, index, obj) { 26462306a36Sopenharmony_ci if (!refcount_dec_if_one(&obj->users)) 26562306a36Sopenharmony_ci continue; 26662306a36Sopenharmony_ci destroyed++; 26762306a36Sopenharmony_ci xa_erase(&ictx->objects, index); 26862306a36Sopenharmony_ci iommufd_object_ops[obj->type].destroy(obj); 26962306a36Sopenharmony_ci kfree(obj); 27062306a36Sopenharmony_ci } 27162306a36Sopenharmony_ci /* Bug related to users refcount */ 27262306a36Sopenharmony_ci if (WARN_ON(!destroyed)) 27362306a36Sopenharmony_ci break; 27462306a36Sopenharmony_ci } 27562306a36Sopenharmony_ci WARN_ON(!xa_empty(&ictx->groups)); 27662306a36Sopenharmony_ci kfree(ictx); 27762306a36Sopenharmony_ci return 0; 27862306a36Sopenharmony_ci} 27962306a36Sopenharmony_ci 28062306a36Sopenharmony_cistatic int iommufd_option(struct iommufd_ucmd *ucmd) 28162306a36Sopenharmony_ci{ 28262306a36Sopenharmony_ci struct iommu_option *cmd = ucmd->cmd; 28362306a36Sopenharmony_ci int rc; 28462306a36Sopenharmony_ci 28562306a36Sopenharmony_ci if (cmd->__reserved) 28662306a36Sopenharmony_ci return -EOPNOTSUPP; 28762306a36Sopenharmony_ci 28862306a36Sopenharmony_ci switch (cmd->option_id) { 28962306a36Sopenharmony_ci case IOMMU_OPTION_RLIMIT_MODE: 29062306a36Sopenharmony_ci rc = iommufd_option_rlimit_mode(cmd, ucmd->ictx); 29162306a36Sopenharmony_ci break; 29262306a36Sopenharmony_ci case IOMMU_OPTION_HUGE_PAGES: 29362306a36Sopenharmony_ci rc = iommufd_ioas_option(ucmd); 29462306a36Sopenharmony_ci break; 29562306a36Sopenharmony_ci default: 29662306a36Sopenharmony_ci return -EOPNOTSUPP; 29762306a36Sopenharmony_ci } 29862306a36Sopenharmony_ci if (rc) 29962306a36Sopenharmony_ci return rc; 30062306a36Sopenharmony_ci if (copy_to_user(&((struct iommu_option __user *)ucmd->ubuffer)->val64, 30162306a36Sopenharmony_ci &cmd->val64, sizeof(cmd->val64))) 30262306a36Sopenharmony_ci return -EFAULT; 30362306a36Sopenharmony_ci return 0; 30462306a36Sopenharmony_ci} 30562306a36Sopenharmony_ci 30662306a36Sopenharmony_ciunion ucmd_buffer { 30762306a36Sopenharmony_ci struct iommu_destroy destroy; 30862306a36Sopenharmony_ci struct iommu_hw_info info; 30962306a36Sopenharmony_ci struct iommu_hwpt_alloc hwpt; 31062306a36Sopenharmony_ci struct iommu_ioas_alloc alloc; 31162306a36Sopenharmony_ci struct iommu_ioas_allow_iovas allow_iovas; 31262306a36Sopenharmony_ci struct iommu_ioas_copy ioas_copy; 31362306a36Sopenharmony_ci struct iommu_ioas_iova_ranges iova_ranges; 31462306a36Sopenharmony_ci struct iommu_ioas_map map; 31562306a36Sopenharmony_ci struct iommu_ioas_unmap unmap; 31662306a36Sopenharmony_ci struct iommu_option option; 31762306a36Sopenharmony_ci struct iommu_vfio_ioas vfio_ioas; 31862306a36Sopenharmony_ci#ifdef CONFIG_IOMMUFD_TEST 31962306a36Sopenharmony_ci struct iommu_test_cmd test; 32062306a36Sopenharmony_ci#endif 32162306a36Sopenharmony_ci}; 32262306a36Sopenharmony_ci 32362306a36Sopenharmony_cistruct iommufd_ioctl_op { 32462306a36Sopenharmony_ci unsigned int size; 32562306a36Sopenharmony_ci unsigned int min_size; 32662306a36Sopenharmony_ci unsigned int ioctl_num; 32762306a36Sopenharmony_ci int (*execute)(struct iommufd_ucmd *ucmd); 32862306a36Sopenharmony_ci}; 32962306a36Sopenharmony_ci 33062306a36Sopenharmony_ci#define IOCTL_OP(_ioctl, _fn, _struct, _last) \ 33162306a36Sopenharmony_ci [_IOC_NR(_ioctl) - IOMMUFD_CMD_BASE] = { \ 33262306a36Sopenharmony_ci .size = sizeof(_struct) + \ 33362306a36Sopenharmony_ci BUILD_BUG_ON_ZERO(sizeof(union ucmd_buffer) < \ 33462306a36Sopenharmony_ci sizeof(_struct)), \ 33562306a36Sopenharmony_ci .min_size = offsetofend(_struct, _last), \ 33662306a36Sopenharmony_ci .ioctl_num = _ioctl, \ 33762306a36Sopenharmony_ci .execute = _fn, \ 33862306a36Sopenharmony_ci } 33962306a36Sopenharmony_cistatic const struct iommufd_ioctl_op iommufd_ioctl_ops[] = { 34062306a36Sopenharmony_ci IOCTL_OP(IOMMU_DESTROY, iommufd_destroy, struct iommu_destroy, id), 34162306a36Sopenharmony_ci IOCTL_OP(IOMMU_GET_HW_INFO, iommufd_get_hw_info, struct iommu_hw_info, 34262306a36Sopenharmony_ci __reserved), 34362306a36Sopenharmony_ci IOCTL_OP(IOMMU_HWPT_ALLOC, iommufd_hwpt_alloc, struct iommu_hwpt_alloc, 34462306a36Sopenharmony_ci __reserved), 34562306a36Sopenharmony_ci IOCTL_OP(IOMMU_IOAS_ALLOC, iommufd_ioas_alloc_ioctl, 34662306a36Sopenharmony_ci struct iommu_ioas_alloc, out_ioas_id), 34762306a36Sopenharmony_ci IOCTL_OP(IOMMU_IOAS_ALLOW_IOVAS, iommufd_ioas_allow_iovas, 34862306a36Sopenharmony_ci struct iommu_ioas_allow_iovas, allowed_iovas), 34962306a36Sopenharmony_ci IOCTL_OP(IOMMU_IOAS_COPY, iommufd_ioas_copy, struct iommu_ioas_copy, 35062306a36Sopenharmony_ci src_iova), 35162306a36Sopenharmony_ci IOCTL_OP(IOMMU_IOAS_IOVA_RANGES, iommufd_ioas_iova_ranges, 35262306a36Sopenharmony_ci struct iommu_ioas_iova_ranges, out_iova_alignment), 35362306a36Sopenharmony_ci IOCTL_OP(IOMMU_IOAS_MAP, iommufd_ioas_map, struct iommu_ioas_map, 35462306a36Sopenharmony_ci iova), 35562306a36Sopenharmony_ci IOCTL_OP(IOMMU_IOAS_UNMAP, iommufd_ioas_unmap, struct iommu_ioas_unmap, 35662306a36Sopenharmony_ci length), 35762306a36Sopenharmony_ci IOCTL_OP(IOMMU_OPTION, iommufd_option, struct iommu_option, 35862306a36Sopenharmony_ci val64), 35962306a36Sopenharmony_ci IOCTL_OP(IOMMU_VFIO_IOAS, iommufd_vfio_ioas, struct iommu_vfio_ioas, 36062306a36Sopenharmony_ci __reserved), 36162306a36Sopenharmony_ci#ifdef CONFIG_IOMMUFD_TEST 36262306a36Sopenharmony_ci IOCTL_OP(IOMMU_TEST_CMD, iommufd_test, struct iommu_test_cmd, last), 36362306a36Sopenharmony_ci#endif 36462306a36Sopenharmony_ci}; 36562306a36Sopenharmony_ci 36662306a36Sopenharmony_cistatic long iommufd_fops_ioctl(struct file *filp, unsigned int cmd, 36762306a36Sopenharmony_ci unsigned long arg) 36862306a36Sopenharmony_ci{ 36962306a36Sopenharmony_ci struct iommufd_ctx *ictx = filp->private_data; 37062306a36Sopenharmony_ci const struct iommufd_ioctl_op *op; 37162306a36Sopenharmony_ci struct iommufd_ucmd ucmd = {}; 37262306a36Sopenharmony_ci union ucmd_buffer buf; 37362306a36Sopenharmony_ci unsigned int nr; 37462306a36Sopenharmony_ci int ret; 37562306a36Sopenharmony_ci 37662306a36Sopenharmony_ci nr = _IOC_NR(cmd); 37762306a36Sopenharmony_ci if (nr < IOMMUFD_CMD_BASE || 37862306a36Sopenharmony_ci (nr - IOMMUFD_CMD_BASE) >= ARRAY_SIZE(iommufd_ioctl_ops)) 37962306a36Sopenharmony_ci return iommufd_vfio_ioctl(ictx, cmd, arg); 38062306a36Sopenharmony_ci 38162306a36Sopenharmony_ci ucmd.ictx = ictx; 38262306a36Sopenharmony_ci ucmd.ubuffer = (void __user *)arg; 38362306a36Sopenharmony_ci ret = get_user(ucmd.user_size, (u32 __user *)ucmd.ubuffer); 38462306a36Sopenharmony_ci if (ret) 38562306a36Sopenharmony_ci return ret; 38662306a36Sopenharmony_ci 38762306a36Sopenharmony_ci op = &iommufd_ioctl_ops[nr - IOMMUFD_CMD_BASE]; 38862306a36Sopenharmony_ci if (op->ioctl_num != cmd) 38962306a36Sopenharmony_ci return -ENOIOCTLCMD; 39062306a36Sopenharmony_ci if (ucmd.user_size < op->min_size) 39162306a36Sopenharmony_ci return -EINVAL; 39262306a36Sopenharmony_ci 39362306a36Sopenharmony_ci ucmd.cmd = &buf; 39462306a36Sopenharmony_ci ret = copy_struct_from_user(ucmd.cmd, op->size, ucmd.ubuffer, 39562306a36Sopenharmony_ci ucmd.user_size); 39662306a36Sopenharmony_ci if (ret) 39762306a36Sopenharmony_ci return ret; 39862306a36Sopenharmony_ci ret = op->execute(&ucmd); 39962306a36Sopenharmony_ci return ret; 40062306a36Sopenharmony_ci} 40162306a36Sopenharmony_ci 40262306a36Sopenharmony_cistatic const struct file_operations iommufd_fops = { 40362306a36Sopenharmony_ci .owner = THIS_MODULE, 40462306a36Sopenharmony_ci .open = iommufd_fops_open, 40562306a36Sopenharmony_ci .release = iommufd_fops_release, 40662306a36Sopenharmony_ci .unlocked_ioctl = iommufd_fops_ioctl, 40762306a36Sopenharmony_ci}; 40862306a36Sopenharmony_ci 40962306a36Sopenharmony_ci/** 41062306a36Sopenharmony_ci * iommufd_ctx_get - Get a context reference 41162306a36Sopenharmony_ci * @ictx: Context to get 41262306a36Sopenharmony_ci * 41362306a36Sopenharmony_ci * The caller must already hold a valid reference to ictx. 41462306a36Sopenharmony_ci */ 41562306a36Sopenharmony_civoid iommufd_ctx_get(struct iommufd_ctx *ictx) 41662306a36Sopenharmony_ci{ 41762306a36Sopenharmony_ci get_file(ictx->file); 41862306a36Sopenharmony_ci} 41962306a36Sopenharmony_ciEXPORT_SYMBOL_NS_GPL(iommufd_ctx_get, IOMMUFD); 42062306a36Sopenharmony_ci 42162306a36Sopenharmony_ci/** 42262306a36Sopenharmony_ci * iommufd_ctx_from_file - Acquires a reference to the iommufd context 42362306a36Sopenharmony_ci * @file: File to obtain the reference from 42462306a36Sopenharmony_ci * 42562306a36Sopenharmony_ci * Returns a pointer to the iommufd_ctx, otherwise ERR_PTR. The struct file 42662306a36Sopenharmony_ci * remains owned by the caller and the caller must still do fput. On success 42762306a36Sopenharmony_ci * the caller is responsible to call iommufd_ctx_put(). 42862306a36Sopenharmony_ci */ 42962306a36Sopenharmony_cistruct iommufd_ctx *iommufd_ctx_from_file(struct file *file) 43062306a36Sopenharmony_ci{ 43162306a36Sopenharmony_ci struct iommufd_ctx *ictx; 43262306a36Sopenharmony_ci 43362306a36Sopenharmony_ci if (file->f_op != &iommufd_fops) 43462306a36Sopenharmony_ci return ERR_PTR(-EBADFD); 43562306a36Sopenharmony_ci ictx = file->private_data; 43662306a36Sopenharmony_ci iommufd_ctx_get(ictx); 43762306a36Sopenharmony_ci return ictx; 43862306a36Sopenharmony_ci} 43962306a36Sopenharmony_ciEXPORT_SYMBOL_NS_GPL(iommufd_ctx_from_file, IOMMUFD); 44062306a36Sopenharmony_ci 44162306a36Sopenharmony_ci/** 44262306a36Sopenharmony_ci * iommufd_ctx_from_fd - Acquires a reference to the iommufd context 44362306a36Sopenharmony_ci * @fd: File descriptor to obtain the reference from 44462306a36Sopenharmony_ci * 44562306a36Sopenharmony_ci * Returns a pointer to the iommufd_ctx, otherwise ERR_PTR. On success 44662306a36Sopenharmony_ci * the caller is responsible to call iommufd_ctx_put(). 44762306a36Sopenharmony_ci */ 44862306a36Sopenharmony_cistruct iommufd_ctx *iommufd_ctx_from_fd(int fd) 44962306a36Sopenharmony_ci{ 45062306a36Sopenharmony_ci struct file *file; 45162306a36Sopenharmony_ci 45262306a36Sopenharmony_ci file = fget(fd); 45362306a36Sopenharmony_ci if (!file) 45462306a36Sopenharmony_ci return ERR_PTR(-EBADF); 45562306a36Sopenharmony_ci 45662306a36Sopenharmony_ci if (file->f_op != &iommufd_fops) { 45762306a36Sopenharmony_ci fput(file); 45862306a36Sopenharmony_ci return ERR_PTR(-EBADFD); 45962306a36Sopenharmony_ci } 46062306a36Sopenharmony_ci /* fget is the same as iommufd_ctx_get() */ 46162306a36Sopenharmony_ci return file->private_data; 46262306a36Sopenharmony_ci} 46362306a36Sopenharmony_ciEXPORT_SYMBOL_NS_GPL(iommufd_ctx_from_fd, IOMMUFD); 46462306a36Sopenharmony_ci 46562306a36Sopenharmony_ci/** 46662306a36Sopenharmony_ci * iommufd_ctx_put - Put back a reference 46762306a36Sopenharmony_ci * @ictx: Context to put back 46862306a36Sopenharmony_ci */ 46962306a36Sopenharmony_civoid iommufd_ctx_put(struct iommufd_ctx *ictx) 47062306a36Sopenharmony_ci{ 47162306a36Sopenharmony_ci fput(ictx->file); 47262306a36Sopenharmony_ci} 47362306a36Sopenharmony_ciEXPORT_SYMBOL_NS_GPL(iommufd_ctx_put, IOMMUFD); 47462306a36Sopenharmony_ci 47562306a36Sopenharmony_cistatic const struct iommufd_object_ops iommufd_object_ops[] = { 47662306a36Sopenharmony_ci [IOMMUFD_OBJ_ACCESS] = { 47762306a36Sopenharmony_ci .destroy = iommufd_access_destroy_object, 47862306a36Sopenharmony_ci }, 47962306a36Sopenharmony_ci [IOMMUFD_OBJ_DEVICE] = { 48062306a36Sopenharmony_ci .destroy = iommufd_device_destroy, 48162306a36Sopenharmony_ci }, 48262306a36Sopenharmony_ci [IOMMUFD_OBJ_IOAS] = { 48362306a36Sopenharmony_ci .destroy = iommufd_ioas_destroy, 48462306a36Sopenharmony_ci }, 48562306a36Sopenharmony_ci [IOMMUFD_OBJ_HW_PAGETABLE] = { 48662306a36Sopenharmony_ci .destroy = iommufd_hw_pagetable_destroy, 48762306a36Sopenharmony_ci .abort = iommufd_hw_pagetable_abort, 48862306a36Sopenharmony_ci }, 48962306a36Sopenharmony_ci#ifdef CONFIG_IOMMUFD_TEST 49062306a36Sopenharmony_ci [IOMMUFD_OBJ_SELFTEST] = { 49162306a36Sopenharmony_ci .destroy = iommufd_selftest_destroy, 49262306a36Sopenharmony_ci }, 49362306a36Sopenharmony_ci#endif 49462306a36Sopenharmony_ci}; 49562306a36Sopenharmony_ci 49662306a36Sopenharmony_cistatic struct miscdevice iommu_misc_dev = { 49762306a36Sopenharmony_ci .minor = MISC_DYNAMIC_MINOR, 49862306a36Sopenharmony_ci .name = "iommu", 49962306a36Sopenharmony_ci .fops = &iommufd_fops, 50062306a36Sopenharmony_ci .nodename = "iommu", 50162306a36Sopenharmony_ci .mode = 0660, 50262306a36Sopenharmony_ci}; 50362306a36Sopenharmony_ci 50462306a36Sopenharmony_ci 50562306a36Sopenharmony_cistatic struct miscdevice vfio_misc_dev = { 50662306a36Sopenharmony_ci .minor = VFIO_MINOR, 50762306a36Sopenharmony_ci .name = "vfio", 50862306a36Sopenharmony_ci .fops = &iommufd_fops, 50962306a36Sopenharmony_ci .nodename = "vfio/vfio", 51062306a36Sopenharmony_ci .mode = 0666, 51162306a36Sopenharmony_ci}; 51262306a36Sopenharmony_ci 51362306a36Sopenharmony_cistatic int __init iommufd_init(void) 51462306a36Sopenharmony_ci{ 51562306a36Sopenharmony_ci int ret; 51662306a36Sopenharmony_ci 51762306a36Sopenharmony_ci ret = misc_register(&iommu_misc_dev); 51862306a36Sopenharmony_ci if (ret) 51962306a36Sopenharmony_ci return ret; 52062306a36Sopenharmony_ci 52162306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER)) { 52262306a36Sopenharmony_ci ret = misc_register(&vfio_misc_dev); 52362306a36Sopenharmony_ci if (ret) 52462306a36Sopenharmony_ci goto err_misc; 52562306a36Sopenharmony_ci } 52662306a36Sopenharmony_ci ret = iommufd_test_init(); 52762306a36Sopenharmony_ci if (ret) 52862306a36Sopenharmony_ci goto err_vfio_misc; 52962306a36Sopenharmony_ci return 0; 53062306a36Sopenharmony_ci 53162306a36Sopenharmony_cierr_vfio_misc: 53262306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER)) 53362306a36Sopenharmony_ci misc_deregister(&vfio_misc_dev); 53462306a36Sopenharmony_cierr_misc: 53562306a36Sopenharmony_ci misc_deregister(&iommu_misc_dev); 53662306a36Sopenharmony_ci return ret; 53762306a36Sopenharmony_ci} 53862306a36Sopenharmony_ci 53962306a36Sopenharmony_cistatic void __exit iommufd_exit(void) 54062306a36Sopenharmony_ci{ 54162306a36Sopenharmony_ci iommufd_test_exit(); 54262306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER)) 54362306a36Sopenharmony_ci misc_deregister(&vfio_misc_dev); 54462306a36Sopenharmony_ci misc_deregister(&iommu_misc_dev); 54562306a36Sopenharmony_ci} 54662306a36Sopenharmony_ci 54762306a36Sopenharmony_cimodule_init(iommufd_init); 54862306a36Sopenharmony_cimodule_exit(iommufd_exit); 54962306a36Sopenharmony_ci 55062306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER) 55162306a36Sopenharmony_ciMODULE_ALIAS_MISCDEV(VFIO_MINOR); 55262306a36Sopenharmony_ciMODULE_ALIAS("devname:vfio/vfio"); 55362306a36Sopenharmony_ci#endif 55462306a36Sopenharmony_ciMODULE_IMPORT_NS(IOMMUFD_INTERNAL); 55562306a36Sopenharmony_ciMODULE_DESCRIPTION("I/O Address Space Management for passthrough devices"); 55662306a36Sopenharmony_ciMODULE_LICENSE("GPL"); 557