162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Copyright (c) 2023 Intel Corporation. 462306a36Sopenharmony_ci */ 562306a36Sopenharmony_ci#include <linux/vfio.h> 662306a36Sopenharmony_ci#include <linux/iommufd.h> 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include "vfio.h" 962306a36Sopenharmony_ci 1062306a36Sopenharmony_cistatic dev_t device_devt; 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_civoid vfio_init_device_cdev(struct vfio_device *device) 1362306a36Sopenharmony_ci{ 1462306a36Sopenharmony_ci device->device.devt = MKDEV(MAJOR(device_devt), device->index); 1562306a36Sopenharmony_ci cdev_init(&device->cdev, &vfio_device_fops); 1662306a36Sopenharmony_ci device->cdev.owner = THIS_MODULE; 1762306a36Sopenharmony_ci} 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ci/* 2062306a36Sopenharmony_ci * device access via the fd opened by this function is blocked until 2162306a36Sopenharmony_ci * .open_device() is called successfully during BIND_IOMMUFD. 2262306a36Sopenharmony_ci */ 2362306a36Sopenharmony_ciint vfio_device_fops_cdev_open(struct inode *inode, struct file *filep) 2462306a36Sopenharmony_ci{ 2562306a36Sopenharmony_ci struct vfio_device *device = container_of(inode->i_cdev, 2662306a36Sopenharmony_ci struct vfio_device, cdev); 2762306a36Sopenharmony_ci struct vfio_device_file *df; 2862306a36Sopenharmony_ci int ret; 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_ci /* Paired with the put in vfio_device_fops_release() */ 3162306a36Sopenharmony_ci if (!vfio_device_try_get_registration(device)) 3262306a36Sopenharmony_ci return -ENODEV; 3362306a36Sopenharmony_ci 3462306a36Sopenharmony_ci df = vfio_allocate_device_file(device); 3562306a36Sopenharmony_ci if (IS_ERR(df)) { 3662306a36Sopenharmony_ci ret = PTR_ERR(df); 3762306a36Sopenharmony_ci goto err_put_registration; 3862306a36Sopenharmony_ci } 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci filep->private_data = df; 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ci return 0; 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_cierr_put_registration: 4562306a36Sopenharmony_ci vfio_device_put_registration(device); 4662306a36Sopenharmony_ci return ret; 4762306a36Sopenharmony_ci} 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_cistatic void vfio_df_get_kvm_safe(struct vfio_device_file *df) 5062306a36Sopenharmony_ci{ 5162306a36Sopenharmony_ci spin_lock(&df->kvm_ref_lock); 5262306a36Sopenharmony_ci vfio_device_get_kvm_safe(df->device, df->kvm); 5362306a36Sopenharmony_ci spin_unlock(&df->kvm_ref_lock); 5462306a36Sopenharmony_ci} 5562306a36Sopenharmony_ci 5662306a36Sopenharmony_cilong vfio_df_ioctl_bind_iommufd(struct vfio_device_file *df, 5762306a36Sopenharmony_ci struct vfio_device_bind_iommufd __user *arg) 5862306a36Sopenharmony_ci{ 5962306a36Sopenharmony_ci struct vfio_device *device = df->device; 6062306a36Sopenharmony_ci struct vfio_device_bind_iommufd bind; 6162306a36Sopenharmony_ci unsigned long minsz; 6262306a36Sopenharmony_ci int ret; 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_ci static_assert(__same_type(arg->out_devid, df->devid)); 6562306a36Sopenharmony_ci 6662306a36Sopenharmony_ci minsz = offsetofend(struct vfio_device_bind_iommufd, out_devid); 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_ci if (copy_from_user(&bind, arg, minsz)) 6962306a36Sopenharmony_ci return -EFAULT; 7062306a36Sopenharmony_ci 7162306a36Sopenharmony_ci if (bind.argsz < minsz || bind.flags || bind.iommufd < 0) 7262306a36Sopenharmony_ci return -EINVAL; 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci /* BIND_IOMMUFD only allowed for cdev fds */ 7562306a36Sopenharmony_ci if (df->group) 7662306a36Sopenharmony_ci return -EINVAL; 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_ci ret = vfio_device_block_group(device); 7962306a36Sopenharmony_ci if (ret) 8062306a36Sopenharmony_ci return ret; 8162306a36Sopenharmony_ci 8262306a36Sopenharmony_ci mutex_lock(&device->dev_set->lock); 8362306a36Sopenharmony_ci /* one device cannot be bound twice */ 8462306a36Sopenharmony_ci if (df->access_granted) { 8562306a36Sopenharmony_ci ret = -EINVAL; 8662306a36Sopenharmony_ci goto out_unlock; 8762306a36Sopenharmony_ci } 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci df->iommufd = iommufd_ctx_from_fd(bind.iommufd); 9062306a36Sopenharmony_ci if (IS_ERR(df->iommufd)) { 9162306a36Sopenharmony_ci ret = PTR_ERR(df->iommufd); 9262306a36Sopenharmony_ci df->iommufd = NULL; 9362306a36Sopenharmony_ci goto out_unlock; 9462306a36Sopenharmony_ci } 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci /* 9762306a36Sopenharmony_ci * Before the device open, get the KVM pointer currently 9862306a36Sopenharmony_ci * associated with the device file (if there is) and obtain 9962306a36Sopenharmony_ci * a reference. This reference is held until device closed. 10062306a36Sopenharmony_ci * Save the pointer in the device for use by drivers. 10162306a36Sopenharmony_ci */ 10262306a36Sopenharmony_ci vfio_df_get_kvm_safe(df); 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci ret = vfio_df_open(df); 10562306a36Sopenharmony_ci if (ret) 10662306a36Sopenharmony_ci goto out_put_kvm; 10762306a36Sopenharmony_ci 10862306a36Sopenharmony_ci ret = copy_to_user(&arg->out_devid, &df->devid, 10962306a36Sopenharmony_ci sizeof(df->devid)) ? -EFAULT : 0; 11062306a36Sopenharmony_ci if (ret) 11162306a36Sopenharmony_ci goto out_close_device; 11262306a36Sopenharmony_ci 11362306a36Sopenharmony_ci device->cdev_opened = true; 11462306a36Sopenharmony_ci /* 11562306a36Sopenharmony_ci * Paired with smp_load_acquire() in vfio_device_fops::ioctl/ 11662306a36Sopenharmony_ci * read/write/mmap 11762306a36Sopenharmony_ci */ 11862306a36Sopenharmony_ci smp_store_release(&df->access_granted, true); 11962306a36Sopenharmony_ci mutex_unlock(&device->dev_set->lock); 12062306a36Sopenharmony_ci return 0; 12162306a36Sopenharmony_ci 12262306a36Sopenharmony_ciout_close_device: 12362306a36Sopenharmony_ci vfio_df_close(df); 12462306a36Sopenharmony_ciout_put_kvm: 12562306a36Sopenharmony_ci vfio_device_put_kvm(device); 12662306a36Sopenharmony_ci iommufd_ctx_put(df->iommufd); 12762306a36Sopenharmony_ci df->iommufd = NULL; 12862306a36Sopenharmony_ciout_unlock: 12962306a36Sopenharmony_ci mutex_unlock(&device->dev_set->lock); 13062306a36Sopenharmony_ci vfio_device_unblock_group(device); 13162306a36Sopenharmony_ci return ret; 13262306a36Sopenharmony_ci} 13362306a36Sopenharmony_ci 13462306a36Sopenharmony_civoid vfio_df_unbind_iommufd(struct vfio_device_file *df) 13562306a36Sopenharmony_ci{ 13662306a36Sopenharmony_ci struct vfio_device *device = df->device; 13762306a36Sopenharmony_ci 13862306a36Sopenharmony_ci /* 13962306a36Sopenharmony_ci * In the time of close, there is no contention with another one 14062306a36Sopenharmony_ci * changing this flag. So read df->access_granted without lock 14162306a36Sopenharmony_ci * and no smp_load_acquire() is ok. 14262306a36Sopenharmony_ci */ 14362306a36Sopenharmony_ci if (!df->access_granted) 14462306a36Sopenharmony_ci return; 14562306a36Sopenharmony_ci 14662306a36Sopenharmony_ci mutex_lock(&device->dev_set->lock); 14762306a36Sopenharmony_ci vfio_df_close(df); 14862306a36Sopenharmony_ci vfio_device_put_kvm(device); 14962306a36Sopenharmony_ci iommufd_ctx_put(df->iommufd); 15062306a36Sopenharmony_ci device->cdev_opened = false; 15162306a36Sopenharmony_ci mutex_unlock(&device->dev_set->lock); 15262306a36Sopenharmony_ci vfio_device_unblock_group(device); 15362306a36Sopenharmony_ci} 15462306a36Sopenharmony_ci 15562306a36Sopenharmony_ciint vfio_df_ioctl_attach_pt(struct vfio_device_file *df, 15662306a36Sopenharmony_ci struct vfio_device_attach_iommufd_pt __user *arg) 15762306a36Sopenharmony_ci{ 15862306a36Sopenharmony_ci struct vfio_device *device = df->device; 15962306a36Sopenharmony_ci struct vfio_device_attach_iommufd_pt attach; 16062306a36Sopenharmony_ci unsigned long minsz; 16162306a36Sopenharmony_ci int ret; 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci minsz = offsetofend(struct vfio_device_attach_iommufd_pt, pt_id); 16462306a36Sopenharmony_ci 16562306a36Sopenharmony_ci if (copy_from_user(&attach, arg, minsz)) 16662306a36Sopenharmony_ci return -EFAULT; 16762306a36Sopenharmony_ci 16862306a36Sopenharmony_ci if (attach.argsz < minsz || attach.flags) 16962306a36Sopenharmony_ci return -EINVAL; 17062306a36Sopenharmony_ci 17162306a36Sopenharmony_ci mutex_lock(&device->dev_set->lock); 17262306a36Sopenharmony_ci ret = device->ops->attach_ioas(device, &attach.pt_id); 17362306a36Sopenharmony_ci if (ret) 17462306a36Sopenharmony_ci goto out_unlock; 17562306a36Sopenharmony_ci 17662306a36Sopenharmony_ci if (copy_to_user(&arg->pt_id, &attach.pt_id, sizeof(attach.pt_id))) { 17762306a36Sopenharmony_ci ret = -EFAULT; 17862306a36Sopenharmony_ci goto out_detach; 17962306a36Sopenharmony_ci } 18062306a36Sopenharmony_ci mutex_unlock(&device->dev_set->lock); 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_ci return 0; 18362306a36Sopenharmony_ci 18462306a36Sopenharmony_ciout_detach: 18562306a36Sopenharmony_ci device->ops->detach_ioas(device); 18662306a36Sopenharmony_ciout_unlock: 18762306a36Sopenharmony_ci mutex_unlock(&device->dev_set->lock); 18862306a36Sopenharmony_ci return ret; 18962306a36Sopenharmony_ci} 19062306a36Sopenharmony_ci 19162306a36Sopenharmony_ciint vfio_df_ioctl_detach_pt(struct vfio_device_file *df, 19262306a36Sopenharmony_ci struct vfio_device_detach_iommufd_pt __user *arg) 19362306a36Sopenharmony_ci{ 19462306a36Sopenharmony_ci struct vfio_device *device = df->device; 19562306a36Sopenharmony_ci struct vfio_device_detach_iommufd_pt detach; 19662306a36Sopenharmony_ci unsigned long minsz; 19762306a36Sopenharmony_ci 19862306a36Sopenharmony_ci minsz = offsetofend(struct vfio_device_detach_iommufd_pt, flags); 19962306a36Sopenharmony_ci 20062306a36Sopenharmony_ci if (copy_from_user(&detach, arg, minsz)) 20162306a36Sopenharmony_ci return -EFAULT; 20262306a36Sopenharmony_ci 20362306a36Sopenharmony_ci if (detach.argsz < minsz || detach.flags) 20462306a36Sopenharmony_ci return -EINVAL; 20562306a36Sopenharmony_ci 20662306a36Sopenharmony_ci mutex_lock(&device->dev_set->lock); 20762306a36Sopenharmony_ci device->ops->detach_ioas(device); 20862306a36Sopenharmony_ci mutex_unlock(&device->dev_set->lock); 20962306a36Sopenharmony_ci 21062306a36Sopenharmony_ci return 0; 21162306a36Sopenharmony_ci} 21262306a36Sopenharmony_ci 21362306a36Sopenharmony_cistatic char *vfio_device_devnode(const struct device *dev, umode_t *mode) 21462306a36Sopenharmony_ci{ 21562306a36Sopenharmony_ci return kasprintf(GFP_KERNEL, "vfio/devices/%s", dev_name(dev)); 21662306a36Sopenharmony_ci} 21762306a36Sopenharmony_ci 21862306a36Sopenharmony_ciint vfio_cdev_init(struct class *device_class) 21962306a36Sopenharmony_ci{ 22062306a36Sopenharmony_ci device_class->devnode = vfio_device_devnode; 22162306a36Sopenharmony_ci return alloc_chrdev_region(&device_devt, 0, 22262306a36Sopenharmony_ci MINORMASK + 1, "vfio-dev"); 22362306a36Sopenharmony_ci} 22462306a36Sopenharmony_ci 22562306a36Sopenharmony_civoid vfio_cdev_cleanup(void) 22662306a36Sopenharmony_ci{ 22762306a36Sopenharmony_ci unregister_chrdev_region(device_devt, MINORMASK + 1); 22862306a36Sopenharmony_ci} 229