1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Copyright (c) 2021-2022, NVIDIA CORPORATION & AFFILIATES 3 */ 4 #include <linux/iommufd.h> 5 #include <linux/slab.h> 6 #include <linux/iommu.h> 7 8 #include "io_pagetable.h" 9 #include "iommufd_private.h" 10 11 static bool allow_unsafe_interrupts; 12 module_param(allow_unsafe_interrupts, bool, S_IRUGO | S_IWUSR); 13 MODULE_PARM_DESC( 14 allow_unsafe_interrupts, 15 "Allow IOMMUFD to bind to devices even if the platform cannot isolate " 16 "the MSI interrupt window. Enabling this is a security weakness."); 17 18 /* 19 * A iommufd_device object represents the binding relationship between a 20 * consuming driver and the iommufd. These objects are created/destroyed by 21 * external drivers, not by userspace. 22 */ 23 struct iommufd_device { 24 struct iommufd_object obj; 25 struct iommufd_ctx *ictx; 26 struct iommufd_hw_pagetable *hwpt; 27 /* Head at iommufd_hw_pagetable::devices */ 28 struct list_head devices_item; 29 /* always the physical device */ 30 struct device *dev; 31 struct iommu_group *group; 32 bool enforce_cache_coherency; 33 }; 34 35 void iommufd_device_destroy(struct iommufd_object *obj) 36 { 37 struct iommufd_device *idev = 38 container_of(obj, struct iommufd_device, obj); 39 40 iommu_device_release_dma_owner(idev->dev); 41 iommu_group_put(idev->group); 42 iommufd_ctx_put(idev->ictx); 43 } 44 45 /** 46 * iommufd_device_bind - Bind a physical device to an iommu fd 47 * @ictx: iommufd file descriptor 48 * @dev: Pointer to a physical device struct 49 * @id: Output ID number to return to userspace for this device 50 * 51 * A successful bind establishes an ownership over the device and returns 52 * struct iommufd_device pointer, otherwise returns error pointer. 53 * 54 * A driver using this API must set driver_managed_dma and must not touch 55 * the device until this routine succeeds and establishes ownership. 56 * 57 * Binding a PCI device places the entire RID under iommufd control. 58 * 59 * The caller must undo this with iommufd_device_unbind() 60 */ 61 struct iommufd_device *iommufd_device_bind(struct iommufd_ctx *ictx, 62 struct device *dev, u32 *id) 63 { 64 struct iommufd_device *idev; 65 struct iommu_group *group; 66 int rc; 67 68 /* 69 * iommufd always sets IOMMU_CACHE because we offer no way for userspace 70 * to restore cache coherency. 71 */ 72 if (!device_iommu_capable(dev, IOMMU_CAP_CACHE_COHERENCY)) 73 return ERR_PTR(-EINVAL); 74 75 group = iommu_group_get(dev); 76 if (!group) 77 return ERR_PTR(-ENODEV); 78 79 rc = iommu_device_claim_dma_owner(dev, ictx); 80 if (rc) 81 goto out_group_put; 82 83 idev = iommufd_object_alloc(ictx, idev, IOMMUFD_OBJ_DEVICE); 84 if (IS_ERR(idev)) { 85 rc = PTR_ERR(idev); 86 goto out_release_owner; 87 } 88 idev->ictx = ictx; 89 iommufd_ctx_get(ictx); 90 idev->dev = dev; 91 idev->enforce_cache_coherency = 92 device_iommu_capable(dev, IOMMU_CAP_ENFORCE_CACHE_COHERENCY); 93 /* The calling driver is a user until iommufd_device_unbind() */ 94 refcount_inc(&idev->obj.users); 95 /* group refcount moves into iommufd_device */ 96 idev->group = group; 97 98 /* 99 * If the caller fails after this success it must call 100 * iommufd_unbind_device() which is safe since we hold this refcount. 101 * This also means the device is a leaf in the graph and no other object 102 * can take a reference on it. 103 */ 104 iommufd_object_finalize(ictx, &idev->obj); 105 *id = idev->obj.id; 106 return idev; 107 108 out_release_owner: 109 iommu_device_release_dma_owner(dev); 110 out_group_put: 111 iommu_group_put(group); 112 return ERR_PTR(rc); 113 } 114 EXPORT_SYMBOL_NS_GPL(iommufd_device_bind, IOMMUFD); 115 116 /** 117 * iommufd_device_unbind - Undo iommufd_device_bind() 118 * @idev: Device returned by iommufd_device_bind() 119 * 120 * Release the device from iommufd control. The DMA ownership will return back 121 * to unowned with DMA controlled by the DMA API. This invalidates the 122 * iommufd_device pointer, other APIs that consume it must not be called 123 * concurrently. 124 */ 125 void iommufd_device_unbind(struct iommufd_device *idev) 126 { 127 bool was_destroyed; 128 129 was_destroyed = iommufd_object_destroy_user(idev->ictx, &idev->obj); 130 WARN_ON(!was_destroyed); 131 } 132 EXPORT_SYMBOL_NS_GPL(iommufd_device_unbind, IOMMUFD); 133 134 static int iommufd_device_setup_msi(struct iommufd_device *idev, 135 struct iommufd_hw_pagetable *hwpt, 136 phys_addr_t sw_msi_start) 137 { 138 int rc; 139 140 /* 141 * If the IOMMU driver gives a IOMMU_RESV_SW_MSI then it is asking us to 142 * call iommu_get_msi_cookie() on its behalf. This is necessary to setup 143 * the MSI window so iommu_dma_prepare_msi() can install pages into our 144 * domain after request_irq(). If it is not done interrupts will not 145 * work on this domain. 146 * 147 * FIXME: This is conceptually broken for iommufd since we want to allow 148 * userspace to change the domains, eg switch from an identity IOAS to a 149 * DMA IOAS. There is currently no way to create a MSI window that 150 * matches what the IRQ layer actually expects in a newly created 151 * domain. 152 */ 153 if (sw_msi_start != PHYS_ADDR_MAX && !hwpt->msi_cookie) { 154 rc = iommu_get_msi_cookie(hwpt->domain, sw_msi_start); 155 if (rc) 156 return rc; 157 158 /* 159 * iommu_get_msi_cookie() can only be called once per domain, 160 * it returns -EBUSY on later calls. 161 */ 162 hwpt->msi_cookie = true; 163 } 164 165 /* 166 * For historical compat with VFIO the insecure interrupt path is 167 * allowed if the module parameter is set. Insecure means that a MemWr 168 * operation from the device (eg a simple DMA) cannot trigger an 169 * interrupt outside this iommufd context. 170 */ 171 if (!iommu_group_has_isolated_msi(idev->group)) { 172 if (!allow_unsafe_interrupts) 173 return -EPERM; 174 175 dev_warn( 176 idev->dev, 177 "MSI interrupts are not secure, they cannot be isolated by the platform. " 178 "Check that platform features like interrupt remapping are enabled. " 179 "Use the \"allow_unsafe_interrupts\" module parameter to override\n"); 180 } 181 return 0; 182 } 183 184 static bool iommufd_hw_pagetable_has_group(struct iommufd_hw_pagetable *hwpt, 185 struct iommu_group *group) 186 { 187 struct iommufd_device *cur_dev; 188 189 list_for_each_entry(cur_dev, &hwpt->devices, devices_item) 190 if (cur_dev->group == group) 191 return true; 192 return false; 193 } 194 195 static int iommufd_device_do_attach(struct iommufd_device *idev, 196 struct iommufd_hw_pagetable *hwpt) 197 { 198 phys_addr_t sw_msi_start = PHYS_ADDR_MAX; 199 int rc; 200 201 mutex_lock(&hwpt->devices_lock); 202 203 /* 204 * Try to upgrade the domain we have, it is an iommu driver bug to 205 * report IOMMU_CAP_ENFORCE_CACHE_COHERENCY but fail 206 * enforce_cache_coherency when there are no devices attached to the 207 * domain. 208 */ 209 if (idev->enforce_cache_coherency && !hwpt->enforce_cache_coherency) { 210 if (hwpt->domain->ops->enforce_cache_coherency) 211 hwpt->enforce_cache_coherency = 212 hwpt->domain->ops->enforce_cache_coherency( 213 hwpt->domain); 214 if (!hwpt->enforce_cache_coherency) { 215 WARN_ON(list_empty(&hwpt->devices)); 216 rc = -EINVAL; 217 goto out_unlock; 218 } 219 } 220 221 rc = iopt_table_enforce_group_resv_regions(&hwpt->ioas->iopt, idev->dev, 222 idev->group, &sw_msi_start); 223 if (rc) 224 goto out_unlock; 225 226 rc = iommufd_device_setup_msi(idev, hwpt, sw_msi_start); 227 if (rc) 228 goto out_iova; 229 230 /* 231 * FIXME: Hack around missing a device-centric iommu api, only attach to 232 * the group once for the first device that is in the group. 233 */ 234 if (!iommufd_hw_pagetable_has_group(hwpt, idev->group)) { 235 rc = iommu_attach_group(hwpt->domain, idev->group); 236 if (rc) 237 goto out_iova; 238 239 if (list_empty(&hwpt->devices)) { 240 rc = iopt_table_add_domain(&hwpt->ioas->iopt, 241 hwpt->domain); 242 if (rc) 243 goto out_detach; 244 } 245 } 246 247 idev->hwpt = hwpt; 248 refcount_inc(&hwpt->obj.users); 249 list_add(&idev->devices_item, &hwpt->devices); 250 mutex_unlock(&hwpt->devices_lock); 251 return 0; 252 253 out_detach: 254 iommu_detach_group(hwpt->domain, idev->group); 255 out_iova: 256 iopt_remove_reserved_iova(&hwpt->ioas->iopt, idev->dev); 257 out_unlock: 258 mutex_unlock(&hwpt->devices_lock); 259 return rc; 260 } 261 262 /* 263 * When automatically managing the domains we search for a compatible domain in 264 * the iopt and if one is found use it, otherwise create a new domain. 265 * Automatic domain selection will never pick a manually created domain. 266 */ 267 static int iommufd_device_auto_get_domain(struct iommufd_device *idev, 268 struct iommufd_ioas *ioas) 269 { 270 struct iommufd_hw_pagetable *hwpt; 271 int rc; 272 273 /* 274 * There is no differentiation when domains are allocated, so any domain 275 * that is willing to attach to the device is interchangeable with any 276 * other. 277 */ 278 mutex_lock(&ioas->mutex); 279 list_for_each_entry(hwpt, &ioas->hwpt_list, hwpt_item) { 280 if (!hwpt->auto_domain) 281 continue; 282 283 rc = iommufd_device_do_attach(idev, hwpt); 284 285 /* 286 * -EINVAL means the domain is incompatible with the device. 287 * Other error codes should propagate to userspace as failure. 288 * Success means the domain is attached. 289 */ 290 if (rc == -EINVAL) 291 continue; 292 goto out_unlock; 293 } 294 295 hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev->dev); 296 if (IS_ERR(hwpt)) { 297 rc = PTR_ERR(hwpt); 298 goto out_unlock; 299 } 300 hwpt->auto_domain = true; 301 302 rc = iommufd_device_do_attach(idev, hwpt); 303 if (rc) 304 goto out_abort; 305 list_add_tail(&hwpt->hwpt_item, &ioas->hwpt_list); 306 307 mutex_unlock(&ioas->mutex); 308 iommufd_object_finalize(idev->ictx, &hwpt->obj); 309 return 0; 310 311 out_abort: 312 iommufd_object_abort_and_destroy(idev->ictx, &hwpt->obj); 313 out_unlock: 314 mutex_unlock(&ioas->mutex); 315 return rc; 316 } 317 318 /** 319 * iommufd_device_attach - Connect a device from an iommu_domain 320 * @idev: device to attach 321 * @pt_id: Input a IOMMUFD_OBJ_IOAS, or IOMMUFD_OBJ_HW_PAGETABLE 322 * Output the IOMMUFD_OBJ_HW_PAGETABLE ID 323 * 324 * This connects the device to an iommu_domain, either automatically or manually 325 * selected. Once this completes the device could do DMA. 326 * 327 * The caller should return the resulting pt_id back to userspace. 328 * This function is undone by calling iommufd_device_detach(). 329 */ 330 int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id) 331 { 332 struct iommufd_object *pt_obj; 333 int rc; 334 335 pt_obj = iommufd_get_object(idev->ictx, *pt_id, IOMMUFD_OBJ_ANY); 336 if (IS_ERR(pt_obj)) 337 return PTR_ERR(pt_obj); 338 339 switch (pt_obj->type) { 340 case IOMMUFD_OBJ_HW_PAGETABLE: { 341 struct iommufd_hw_pagetable *hwpt = 342 container_of(pt_obj, struct iommufd_hw_pagetable, obj); 343 344 rc = iommufd_device_do_attach(idev, hwpt); 345 if (rc) 346 goto out_put_pt_obj; 347 break; 348 } 349 case IOMMUFD_OBJ_IOAS: { 350 struct iommufd_ioas *ioas = 351 container_of(pt_obj, struct iommufd_ioas, obj); 352 353 rc = iommufd_device_auto_get_domain(idev, ioas); 354 if (rc) 355 goto out_put_pt_obj; 356 break; 357 } 358 default: 359 rc = -EINVAL; 360 goto out_put_pt_obj; 361 } 362 363 refcount_inc(&idev->obj.users); 364 *pt_id = idev->hwpt->obj.id; 365 rc = 0; 366 367 out_put_pt_obj: 368 iommufd_put_object(pt_obj); 369 return rc; 370 } 371 EXPORT_SYMBOL_NS_GPL(iommufd_device_attach, IOMMUFD); 372 373 /** 374 * iommufd_device_detach - Disconnect a device to an iommu_domain 375 * @idev: device to detach 376 * 377 * Undo iommufd_device_attach(). This disconnects the idev from the previously 378 * attached pt_id. The device returns back to a blocked DMA translation. 379 */ 380 void iommufd_device_detach(struct iommufd_device *idev) 381 { 382 struct iommufd_hw_pagetable *hwpt = idev->hwpt; 383 384 mutex_lock(&hwpt->ioas->mutex); 385 mutex_lock(&hwpt->devices_lock); 386 list_del(&idev->devices_item); 387 if (!iommufd_hw_pagetable_has_group(hwpt, idev->group)) { 388 if (list_empty(&hwpt->devices)) { 389 iopt_table_remove_domain(&hwpt->ioas->iopt, 390 hwpt->domain); 391 list_del(&hwpt->hwpt_item); 392 } 393 iommu_detach_group(hwpt->domain, idev->group); 394 } 395 iopt_remove_reserved_iova(&hwpt->ioas->iopt, idev->dev); 396 mutex_unlock(&hwpt->devices_lock); 397 mutex_unlock(&hwpt->ioas->mutex); 398 399 if (hwpt->auto_domain) 400 iommufd_object_destroy_user(idev->ictx, &hwpt->obj); 401 else 402 refcount_dec(&hwpt->obj.users); 403 404 idev->hwpt = NULL; 405 406 refcount_dec(&idev->obj.users); 407 } 408 EXPORT_SYMBOL_NS_GPL(iommufd_device_detach, IOMMUFD); 409 410 void iommufd_access_destroy_object(struct iommufd_object *obj) 411 { 412 struct iommufd_access *access = 413 container_of(obj, struct iommufd_access, obj); 414 415 if (access->ioas) { 416 iopt_remove_access(&access->ioas->iopt, access); 417 refcount_dec(&access->ioas->obj.users); 418 access->ioas = NULL; 419 } 420 iommufd_ctx_put(access->ictx); 421 } 422 423 /** 424 * iommufd_access_create - Create an iommufd_access 425 * @ictx: iommufd file descriptor 426 * @ops: Driver's ops to associate with the access 427 * @data: Opaque data to pass into ops functions 428 * @id: Output ID number to return to userspace for this access 429 * 430 * An iommufd_access allows a driver to read/write to the IOAS without using 431 * DMA. The underlying CPU memory can be accessed using the 432 * iommufd_access_pin_pages() or iommufd_access_rw() functions. 433 * 434 * The provided ops are required to use iommufd_access_pin_pages(). 435 */ 436 struct iommufd_access * 437 iommufd_access_create(struct iommufd_ctx *ictx, 438 const struct iommufd_access_ops *ops, void *data, u32 *id) 439 { 440 struct iommufd_access *access; 441 442 /* 443 * There is no uAPI for the access object, but to keep things symmetric 444 * use the object infrastructure anyhow. 445 */ 446 access = iommufd_object_alloc(ictx, access, IOMMUFD_OBJ_ACCESS); 447 if (IS_ERR(access)) 448 return access; 449 450 access->data = data; 451 access->ops = ops; 452 453 if (ops->needs_pin_pages) 454 access->iova_alignment = PAGE_SIZE; 455 else 456 access->iova_alignment = 1; 457 458 /* The calling driver is a user until iommufd_access_destroy() */ 459 refcount_inc(&access->obj.users); 460 access->ictx = ictx; 461 iommufd_ctx_get(ictx); 462 iommufd_object_finalize(ictx, &access->obj); 463 *id = access->obj.id; 464 return access; 465 } 466 EXPORT_SYMBOL_NS_GPL(iommufd_access_create, IOMMUFD); 467 468 /** 469 * iommufd_access_destroy - Destroy an iommufd_access 470 * @access: The access to destroy 471 * 472 * The caller must stop using the access before destroying it. 473 */ 474 void iommufd_access_destroy(struct iommufd_access *access) 475 { 476 bool was_destroyed; 477 478 was_destroyed = iommufd_object_destroy_user(access->ictx, &access->obj); 479 WARN_ON(!was_destroyed); 480 } 481 EXPORT_SYMBOL_NS_GPL(iommufd_access_destroy, IOMMUFD); 482 483 int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id) 484 { 485 struct iommufd_ioas *new_ioas; 486 int rc = 0; 487 488 if (access->ioas) 489 return -EINVAL; 490 491 new_ioas = iommufd_get_ioas(access->ictx, ioas_id); 492 if (IS_ERR(new_ioas)) 493 return PTR_ERR(new_ioas); 494 495 rc = iopt_add_access(&new_ioas->iopt, access); 496 if (rc) { 497 iommufd_put_object(&new_ioas->obj); 498 return rc; 499 } 500 iommufd_ref_to_users(&new_ioas->obj); 501 502 access->ioas = new_ioas; 503 return 0; 504 } 505 EXPORT_SYMBOL_NS_GPL(iommufd_access_attach, IOMMUFD); 506 507 /** 508 * iommufd_access_notify_unmap - Notify users of an iopt to stop using it 509 * @iopt: iopt to work on 510 * @iova: Starting iova in the iopt 511 * @length: Number of bytes 512 * 513 * After this function returns there should be no users attached to the pages 514 * linked to this iopt that intersect with iova,length. Anyone that has attached 515 * a user through iopt_access_pages() needs to detach it through 516 * iommufd_access_unpin_pages() before this function returns. 517 * 518 * iommufd_access_destroy() will wait for any outstanding unmap callback to 519 * complete. Once iommufd_access_destroy() no unmap ops are running or will 520 * run in the future. Due to this a driver must not create locking that prevents 521 * unmap to complete while iommufd_access_destroy() is running. 522 */ 523 void iommufd_access_notify_unmap(struct io_pagetable *iopt, unsigned long iova, 524 unsigned long length) 525 { 526 struct iommufd_ioas *ioas = 527 container_of(iopt, struct iommufd_ioas, iopt); 528 struct iommufd_access *access; 529 unsigned long index; 530 531 xa_lock(&ioas->iopt.access_list); 532 xa_for_each(&ioas->iopt.access_list, index, access) { 533 if (!iommufd_lock_obj(&access->obj)) 534 continue; 535 xa_unlock(&ioas->iopt.access_list); 536 537 access->ops->unmap(access->data, iova, length); 538 539 iommufd_put_object(&access->obj); 540 xa_lock(&ioas->iopt.access_list); 541 } 542 xa_unlock(&ioas->iopt.access_list); 543 } 544 545 /** 546 * iommufd_access_unpin_pages() - Undo iommufd_access_pin_pages 547 * @access: IOAS access to act on 548 * @iova: Starting IOVA 549 * @length: Number of bytes to access 550 * 551 * Return the struct page's. The caller must stop accessing them before calling 552 * this. The iova/length must exactly match the one provided to access_pages. 553 */ 554 void iommufd_access_unpin_pages(struct iommufd_access *access, 555 unsigned long iova, unsigned long length) 556 { 557 struct io_pagetable *iopt = &access->ioas->iopt; 558 struct iopt_area_contig_iter iter; 559 unsigned long last_iova; 560 struct iopt_area *area; 561 562 if (WARN_ON(!length) || 563 WARN_ON(check_add_overflow(iova, length - 1, &last_iova))) 564 return; 565 566 down_read(&iopt->iova_rwsem); 567 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) 568 iopt_area_remove_access( 569 area, iopt_area_iova_to_index(area, iter.cur_iova), 570 iopt_area_iova_to_index( 571 area, 572 min(last_iova, iopt_area_last_iova(area)))); 573 up_read(&iopt->iova_rwsem); 574 WARN_ON(!iopt_area_contig_done(&iter)); 575 } 576 EXPORT_SYMBOL_NS_GPL(iommufd_access_unpin_pages, IOMMUFD); 577 578 static bool iopt_area_contig_is_aligned(struct iopt_area_contig_iter *iter) 579 { 580 if (iopt_area_start_byte(iter->area, iter->cur_iova) % PAGE_SIZE) 581 return false; 582 583 if (!iopt_area_contig_done(iter) && 584 (iopt_area_start_byte(iter->area, iopt_area_last_iova(iter->area)) % 585 PAGE_SIZE) != (PAGE_SIZE - 1)) 586 return false; 587 return true; 588 } 589 590 static bool check_area_prot(struct iopt_area *area, unsigned int flags) 591 { 592 if (flags & IOMMUFD_ACCESS_RW_WRITE) 593 return area->iommu_prot & IOMMU_WRITE; 594 return area->iommu_prot & IOMMU_READ; 595 } 596 597 /** 598 * iommufd_access_pin_pages() - Return a list of pages under the iova 599 * @access: IOAS access to act on 600 * @iova: Starting IOVA 601 * @length: Number of bytes to access 602 * @out_pages: Output page list 603 * @flags: IOPMMUFD_ACCESS_RW_* flags 604 * 605 * Reads @length bytes starting at iova and returns the struct page * pointers. 606 * These can be kmap'd by the caller for CPU access. 607 * 608 * The caller must perform iommufd_access_unpin_pages() when done to balance 609 * this. 610 * 611 * This API always requires a page aligned iova. This happens naturally if the 612 * ioas alignment is >= PAGE_SIZE and the iova is PAGE_SIZE aligned. However 613 * smaller alignments have corner cases where this API can fail on otherwise 614 * aligned iova. 615 */ 616 int iommufd_access_pin_pages(struct iommufd_access *access, unsigned long iova, 617 unsigned long length, struct page **out_pages, 618 unsigned int flags) 619 { 620 struct io_pagetable *iopt = &access->ioas->iopt; 621 struct iopt_area_contig_iter iter; 622 unsigned long last_iova; 623 struct iopt_area *area; 624 int rc; 625 626 /* Driver's ops don't support pin_pages */ 627 if (IS_ENABLED(CONFIG_IOMMUFD_TEST) && 628 WARN_ON(access->iova_alignment != PAGE_SIZE || !access->ops->unmap)) 629 return -EINVAL; 630 631 if (!length) 632 return -EINVAL; 633 if (check_add_overflow(iova, length - 1, &last_iova)) 634 return -EOVERFLOW; 635 636 down_read(&iopt->iova_rwsem); 637 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) { 638 unsigned long last = min(last_iova, iopt_area_last_iova(area)); 639 unsigned long last_index = iopt_area_iova_to_index(area, last); 640 unsigned long index = 641 iopt_area_iova_to_index(area, iter.cur_iova); 642 643 if (area->prevent_access || 644 !iopt_area_contig_is_aligned(&iter)) { 645 rc = -EINVAL; 646 goto err_remove; 647 } 648 649 if (!check_area_prot(area, flags)) { 650 rc = -EPERM; 651 goto err_remove; 652 } 653 654 rc = iopt_area_add_access(area, index, last_index, out_pages, 655 flags); 656 if (rc) 657 goto err_remove; 658 out_pages += last_index - index + 1; 659 } 660 if (!iopt_area_contig_done(&iter)) { 661 rc = -ENOENT; 662 goto err_remove; 663 } 664 665 up_read(&iopt->iova_rwsem); 666 return 0; 667 668 err_remove: 669 if (iova < iter.cur_iova) { 670 last_iova = iter.cur_iova - 1; 671 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) 672 iopt_area_remove_access( 673 area, 674 iopt_area_iova_to_index(area, iter.cur_iova), 675 iopt_area_iova_to_index( 676 area, min(last_iova, 677 iopt_area_last_iova(area)))); 678 } 679 up_read(&iopt->iova_rwsem); 680 return rc; 681 } 682 EXPORT_SYMBOL_NS_GPL(iommufd_access_pin_pages, IOMMUFD); 683 684 /** 685 * iommufd_access_rw - Read or write data under the iova 686 * @access: IOAS access to act on 687 * @iova: Starting IOVA 688 * @data: Kernel buffer to copy to/from 689 * @length: Number of bytes to access 690 * @flags: IOMMUFD_ACCESS_RW_* flags 691 * 692 * Copy kernel to/from data into the range given by IOVA/length. If flags 693 * indicates IOMMUFD_ACCESS_RW_KTHREAD then a large copy can be optimized 694 * by changing it into copy_to/from_user(). 695 */ 696 int iommufd_access_rw(struct iommufd_access *access, unsigned long iova, 697 void *data, size_t length, unsigned int flags) 698 { 699 struct io_pagetable *iopt = &access->ioas->iopt; 700 struct iopt_area_contig_iter iter; 701 struct iopt_area *area; 702 unsigned long last_iova; 703 int rc; 704 705 if (!length) 706 return -EINVAL; 707 if (check_add_overflow(iova, length - 1, &last_iova)) 708 return -EOVERFLOW; 709 710 down_read(&iopt->iova_rwsem); 711 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) { 712 unsigned long last = min(last_iova, iopt_area_last_iova(area)); 713 unsigned long bytes = (last - iter.cur_iova) + 1; 714 715 if (area->prevent_access) { 716 rc = -EINVAL; 717 goto err_out; 718 } 719 720 if (!check_area_prot(area, flags)) { 721 rc = -EPERM; 722 goto err_out; 723 } 724 725 rc = iopt_pages_rw_access( 726 area->pages, iopt_area_start_byte(area, iter.cur_iova), 727 data, bytes, flags); 728 if (rc) 729 goto err_out; 730 data += bytes; 731 } 732 if (!iopt_area_contig_done(&iter)) 733 rc = -ENOENT; 734 err_out: 735 up_read(&iopt->iova_rwsem); 736 return rc; 737 } 738 EXPORT_SYMBOL_NS_GPL(iommufd_access_rw, IOMMUFD); 739 740 #ifdef CONFIG_IOMMUFD_TEST 741 /* 742 * Creating a real iommufd_device is too hard, bypass creating a iommufd_device 743 * and go directly to attaching a domain. 744 */ 745 struct iommufd_hw_pagetable * 746 iommufd_device_selftest_attach(struct iommufd_ctx *ictx, 747 struct iommufd_ioas *ioas, 748 struct device *mock_dev) 749 { 750 struct iommufd_hw_pagetable *hwpt; 751 int rc; 752 753 hwpt = iommufd_hw_pagetable_alloc(ictx, ioas, mock_dev); 754 if (IS_ERR(hwpt)) 755 return hwpt; 756 757 rc = iopt_table_add_domain(&hwpt->ioas->iopt, hwpt->domain); 758 if (rc) 759 goto out_hwpt; 760 761 refcount_inc(&hwpt->obj.users); 762 iommufd_object_finalize(ictx, &hwpt->obj); 763 return hwpt; 764 765 out_hwpt: 766 iommufd_object_abort_and_destroy(ictx, &hwpt->obj); 767 return ERR_PTR(rc); 768 } 769 770 void iommufd_device_selftest_detach(struct iommufd_ctx *ictx, 771 struct iommufd_hw_pagetable *hwpt) 772 { 773 iopt_table_remove_domain(&hwpt->ioas->iopt, hwpt->domain); 774 refcount_dec(&hwpt->obj.users); 775 } 776 #endif 777