Merge tag 'vfio-v4.4-rc5' of git://github.com/awilliam/linux-vfio

-15

drivers/vfio/Kconfig

··· 31 31 32 32 If you don't know what to do here, say N. 33 33 34 - menuconfig VFIO_NOIOMMU 35 - bool "VFIO No-IOMMU support" 36 - depends on VFIO 37 - help 38 - VFIO is built on the ability to isolate devices using the IOMMU. 39 - Only with an IOMMU can userspace access to DMA capable devices be 40 - considered secure. VFIO No-IOMMU mode enables IOMMU groups for 41 - devices without IOMMU backing for the purpose of re-using the VFIO 42 - infrastructure in a non-secure mode. Use of this mode will result 43 - in an unsupportable kernel and will therefore taint the kernel. 44 - Device assignment to virtual machines is also not possible with 45 - this mode since there is no IOMMU to provide DMA translation. 46 - 47 - If you don't know what to do here, say N. 48 - 49 34 source "drivers/vfio/pci/Kconfig" 50 35 source "drivers/vfio/platform/Kconfig" 51 36 source "virt/lib/Kconfig"

+5 -5

drivers/vfio/pci/vfio_pci.c

··· 940 940 if (pdev->hdr_type != PCI_HEADER_TYPE_NORMAL) 941 941 return -EINVAL; 942 942 943 - group = vfio_iommu_group_get(&pdev->dev); 943 + group = iommu_group_get(&pdev->dev); 944 944 if (!group) 945 945 return -EINVAL; 946 946 947 947 vdev = kzalloc(sizeof(*vdev), GFP_KERNEL); 948 948 if (!vdev) { 949 - vfio_iommu_group_put(group, &pdev->dev); 949 + iommu_group_put(group); 950 950 return -ENOMEM; 951 951 } 952 952 ··· 957 957 958 958 ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev); 959 959 if (ret) { 960 - vfio_iommu_group_put(group, &pdev->dev); 960 + iommu_group_put(group); 961 961 kfree(vdev); 962 962 return ret; 963 963 } ··· 993 993 if (!vdev) 994 994 return; 995 995 996 - vfio_iommu_group_put(pdev->dev.iommu_group, &pdev->dev); 996 + iommu_group_put(pdev->dev.iommu_group); 997 997 kfree(vdev); 998 998 999 999 if (vfio_pci_is_vga(pdev)) { ··· 1035 1035 return PCI_ERS_RESULT_CAN_RECOVER; 1036 1036 } 1037 1037 1038 - static struct pci_error_handlers vfio_err_handlers = { 1038 + static const struct pci_error_handlers vfio_err_handlers = { 1039 1039 .error_detected = vfio_pci_aer_err_detected, 1040 1040 }; 1041 1041

-1

drivers/vfio/platform/vfio_platform.c

··· 92 92 .remove = vfio_platform_remove, 93 93 .driver = { 94 94 .name = "vfio-platform", 95 - .owner = THIS_MODULE, 96 95 }, 97 96 }; 98 97

+1 -4

drivers/vfio/platform/vfio_platform_common.c

··· 51 51 52 52 static void vfio_platform_get_reset(struct vfio_platform_device *vdev) 53 53 { 54 - char modname[256]; 55 - 56 54 vdev->reset = vfio_platform_lookup_reset(vdev->compat, 57 55 &vdev->reset_module); 58 56 if (!vdev->reset) { 59 - snprintf(modname, 256, "vfio-reset:%s", vdev->compat); 60 - request_module(modname); 57 + request_module("vfio-reset:%s", vdev->compat); 61 58 vdev->reset = vfio_platform_lookup_reset(vdev->compat, 62 59 &vdev->reset_module); 63 60 }

+7 -181

drivers/vfio/vfio.c

··· 62 62 struct rw_semaphore group_lock; 63 63 struct vfio_iommu_driver *iommu_driver; 64 64 void *iommu_data; 65 - bool noiommu; 66 65 }; 67 66 68 67 struct vfio_unbound_dev { ··· 84 85 struct list_head unbound_list; 85 86 struct mutex unbound_lock; 86 87 atomic_t opened; 87 - bool noiommu; 88 88 }; 89 89 90 90 struct vfio_device { ··· 94 96 struct list_head group_next; 95 97 void *device_data; 96 98 }; 97 - 98 - #ifdef CONFIG_VFIO_NOIOMMU 99 - static bool noiommu __read_mostly; 100 - module_param_named(enable_unsafe_noiommu_support, 101 - noiommu, bool, S_IRUGO | S_IWUSR); 102 - MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)"); 103 - #endif 104 - 105 - /* 106 - * vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe 107 - * and remove functions, any use cases other than acquiring the first 108 - * reference for the purpose of calling vfio_add_group_dev() or removing 109 - * that symmetric reference after vfio_del_group_dev() should use the raw 110 - * iommu_group_{get,put} functions. In particular, vfio_iommu_group_put() 111 - * removes the device from the dummy group and cannot be nested. 112 - */ 113 - struct iommu_group *vfio_iommu_group_get(struct device *dev) 114 - { 115 - struct iommu_group *group; 116 - int __maybe_unused ret; 117 - 118 - group = iommu_group_get(dev); 119 - 120 - #ifdef CONFIG_VFIO_NOIOMMU 121 - /* 122 - * With noiommu enabled, an IOMMU group will be created for a device 123 - * that doesn't already have one and doesn't have an iommu_ops on their 124 - * bus. We use iommu_present() again in the main code to detect these 125 - * fake groups. 126 - */ 127 - if (group || !noiommu || iommu_present(dev->bus)) 128 - return group; 129 - 130 - group = iommu_group_alloc(); 131 - if (IS_ERR(group)) 132 - return NULL; 133 - 134 - iommu_group_set_name(group, "vfio-noiommu"); 135 - ret = iommu_group_add_device(group, dev); 136 - iommu_group_put(group); 137 - if (ret) 138 - return NULL; 139 - 140 - /* 141 - * Where to taint? At this point we've added an IOMMU group for a 142 - * device that is not backed by iommu_ops, therefore any iommu_ 143 - * callback using iommu_ops can legitimately Oops. So, while we may 144 - * be about to give a DMA capable device to a user without IOMMU 145 - * protection, which is clearly taint-worthy, let's go ahead and do 146 - * it here. 147 - */ 148 - add_taint(TAINT_USER, LOCKDEP_STILL_OK); 149 - dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n"); 150 - #endif 151 - 152 - return group; 153 - } 154 - EXPORT_SYMBOL_GPL(vfio_iommu_group_get); 155 - 156 - void vfio_iommu_group_put(struct iommu_group *group, struct device *dev) 157 - { 158 - #ifdef CONFIG_VFIO_NOIOMMU 159 - if (!iommu_present(dev->bus)) 160 - iommu_group_remove_device(dev); 161 - #endif 162 - 163 - iommu_group_put(group); 164 - } 165 - EXPORT_SYMBOL_GPL(vfio_iommu_group_put); 166 - 167 - #ifdef CONFIG_VFIO_NOIOMMU 168 - static void *vfio_noiommu_open(unsigned long arg) 169 - { 170 - if (arg != VFIO_NOIOMMU_IOMMU) 171 - return ERR_PTR(-EINVAL); 172 - if (!capable(CAP_SYS_RAWIO)) 173 - return ERR_PTR(-EPERM); 174 - 175 - return NULL; 176 - } 177 - 178 - static void vfio_noiommu_release(void *iommu_data) 179 - { 180 - } 181 - 182 - static long vfio_noiommu_ioctl(void *iommu_data, 183 - unsigned int cmd, unsigned long arg) 184 - { 185 - if (cmd == VFIO_CHECK_EXTENSION) 186 - return arg == VFIO_NOIOMMU_IOMMU ? 1 : 0; 187 - 188 - return -ENOTTY; 189 - } 190 - 191 - static int vfio_iommu_present(struct device *dev, void *unused) 192 - { 193 - return iommu_present(dev->bus) ? 1 : 0; 194 - } 195 - 196 - static int vfio_noiommu_attach_group(void *iommu_data, 197 - struct iommu_group *iommu_group) 198 - { 199 - return iommu_group_for_each_dev(iommu_group, NULL, 200 - vfio_iommu_present) ? -EINVAL : 0; 201 - } 202 - 203 - static void vfio_noiommu_detach_group(void *iommu_data, 204 - struct iommu_group *iommu_group) 205 - { 206 - } 207 - 208 - static struct vfio_iommu_driver_ops vfio_noiommu_ops = { 209 - .name = "vfio-noiommu", 210 - .owner = THIS_MODULE, 211 - .open = vfio_noiommu_open, 212 - .release = vfio_noiommu_release, 213 - .ioctl = vfio_noiommu_ioctl, 214 - .attach_group = vfio_noiommu_attach_group, 215 - .detach_group = vfio_noiommu_detach_group, 216 - }; 217 - 218 - static struct vfio_iommu_driver vfio_noiommu_driver = { 219 - .ops = &vfio_noiommu_ops, 220 - }; 221 - 222 - /* 223 - * Wrap IOMMU drivers, the noiommu driver is the one and only driver for 224 - * noiommu groups (and thus containers) and not available for normal groups. 225 - */ 226 - #define vfio_for_each_iommu_driver(con, pos) \ 227 - for (pos = con->noiommu ? &vfio_noiommu_driver : \ 228 - list_first_entry(&vfio.iommu_drivers_list, \ 229 - struct vfio_iommu_driver, vfio_next); \ 230 - (con->noiommu ? pos != NULL : \ 231 - &pos->vfio_next != &vfio.iommu_drivers_list); \ 232 - pos = con->noiommu ? NULL : list_next_entry(pos, vfio_next)) 233 - #else 234 - #define vfio_for_each_iommu_driver(con, pos) \ 235 - list_for_each_entry(pos, &vfio.iommu_drivers_list, vfio_next) 236 - #endif 237 - 238 99 239 100 /** 240 101 * IOMMU driver registration ··· 199 342 /** 200 343 * Group objects - create, release, get, put, search 201 344 */ 202 - static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group, 203 - bool noiommu) 345 + static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group) 204 346 { 205 347 struct vfio_group *group, *tmp; 206 348 struct device *dev; ··· 217 361 atomic_set(&group->container_users, 0); 218 362 atomic_set(&group->opened, 0); 219 363 group->iommu_group = iommu_group; 220 - group->noiommu = noiommu; 221 364 222 365 group->nb.notifier_call = vfio_iommu_group_notifier; 223 366 ··· 252 397 253 398 dev = device_create(vfio.class, NULL, 254 399 MKDEV(MAJOR(vfio.group_devt), minor), 255 - group, "%s%d", noiommu ? "noiommu-" : "", 256 - iommu_group_id(iommu_group)); 400 + group, "%d", iommu_group_id(iommu_group)); 257 401 if (IS_ERR(dev)) { 258 402 vfio_free_group_minor(minor); 259 403 vfio_group_unlock_and_free(group); ··· 536 682 return 0; 537 683 538 684 /* TODO Prevent device auto probing */ 539 - WARN("Device %s added to live group %d!\n", dev_name(dev), 685 + WARN(1, "Device %s added to live group %d!\n", dev_name(dev), 540 686 iommu_group_id(group->iommu_group)); 541 687 542 688 return 0; ··· 640 786 641 787 group = vfio_group_get_from_iommu(iommu_group); 642 788 if (!group) { 643 - group = vfio_create_group(iommu_group, 644 - !iommu_present(dev->bus)); 789 + group = vfio_create_group(iommu_group); 645 790 if (IS_ERR(group)) { 646 791 iommu_group_put(iommu_group); 647 792 return PTR_ERR(group); ··· 852 999 */ 853 1000 if (!driver) { 854 1001 mutex_lock(&vfio.iommu_drivers_lock); 855 - vfio_for_each_iommu_driver(container, driver) { 1002 + list_for_each_entry(driver, &vfio.iommu_drivers_list, 1003 + vfio_next) { 856 1004 if (!try_module_get(driver->ops->owner)) 857 1005 continue; 858 1006 ··· 922 1068 } 923 1069 924 1070 mutex_lock(&vfio.iommu_drivers_lock); 925 - vfio_for_each_iommu_driver(container, driver) { 1071 + list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) { 926 1072 void *data; 927 1073 928 1074 if (!try_module_get(driver->ops->owner)) ··· 1187 1333 if (atomic_read(&group->container_users)) 1188 1334 return -EINVAL; 1189 1335 1190 - if (group->noiommu && !capable(CAP_SYS_RAWIO)) 1191 - return -EPERM; 1192 - 1193 1336 f = fdget(container_fd); 1194 1337 if (!f.file) 1195 1338 return -EBADF; ··· 1202 1351 1203 1352 down_write(&container->group_lock); 1204 1353 1205 - /* Real groups and fake groups cannot mix */ 1206 - if (!list_empty(&container->group_list) && 1207 - container->noiommu != group->noiommu) { 1208 - ret = -EPERM; 1209 - goto unlock_out; 1210 - } 1211 - 1212 1354 driver = container->iommu_driver; 1213 1355 if (driver) { 1214 1356 ret = driver->ops->attach_group(container->iommu_data, ··· 1211 1367 } 1212 1368 1213 1369 group->container = container; 1214 - container->noiommu = group->noiommu; 1215 1370 list_add(&group->container_next, &container->group_list); 1216 1371 1217 1372 /* Get a reference on the container and mark a user within the group */ ··· 1240 1397 if (0 == atomic_read(&group->container_users) || 1241 1398 !group->container->iommu_driver || !vfio_group_viable(group)) 1242 1399 return -EINVAL; 1243 - 1244 - if (group->noiommu && !capable(CAP_SYS_RAWIO)) 1245 - return -EPERM; 1246 1400 1247 1401 device = vfio_device_get_from_name(group, buf); 1248 1402 if (!device) ··· 1282 1442 atomic_inc(&group->container_users); 1283 1443 1284 1444 fd_install(ret, filep); 1285 - 1286 - if (group->noiommu) 1287 - dev_warn(device->dev, "vfio-noiommu device opened by user " 1288 - "(%s:%d)\n", current->comm, task_pid_nr(current)); 1289 1445 1290 1446 return ret; 1291 1447 } ··· 1370 1534 group = vfio_group_get_from_minor(iminor(inode)); 1371 1535 if (!group) 1372 1536 return -ENODEV; 1373 - 1374 - if (group->noiommu && !capable(CAP_SYS_RAWIO)) { 1375 - vfio_group_put(group); 1376 - return -EPERM; 1377 - } 1378 1537 1379 1538 /* Do we need multiple instances of the group open? Seems not. */ 1380 1539 opened = atomic_cmpxchg(&group->opened, 0, 1); ··· 1532 1701 1533 1702 if (!atomic_inc_not_zero(&group->container_users)) 1534 1703 return ERR_PTR(-EINVAL); 1535 - 1536 - if (group->noiommu) { 1537 - atomic_dec(&group->container_users); 1538 - return ERR_PTR(-EPERM); 1539 - } 1540 1704 1541 1705 if (!group->container->iommu_driver || 1542 1706 !vfio_group_viable(group)) {

-3

include/linux/vfio.h

··· 44 44 void (*request)(void *device_data, unsigned int count); 45 45 }; 46 46 47 - extern struct iommu_group *vfio_iommu_group_get(struct device *dev); 48 - extern void vfio_iommu_group_put(struct iommu_group *group, struct device *dev); 49 - 50 47 extern int vfio_add_group_dev(struct device *dev, 51 48 const struct vfio_device_ops *ops, 52 49 void *device_data);

-7

include/uapi/linux/vfio.h

··· 39 39 #define VFIO_SPAPR_TCE_v2_IOMMU 7 40 40 41 41 /* 42 - * The No-IOMMU IOMMU offers no translation or isolation for devices and 43 - * supports no ioctls outside of VFIO_CHECK_EXTENSION. Use of VFIO's No-IOMMU 44 - * code will taint the host kernel and should be used with extreme caution. 45 - */ 46 - #define VFIO_NOIOMMU_IOMMU 8 47 - 48 - /* 49 42 * The IOCTL interface is designed for extensibility by embedding the 50 43 * structure length (argsz) and flags into structures passed between 51 44 * kernel and userspace. We therefore use the _IO() macro for these

Configure Feed

Configure Feed