1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Copyright (c) 2021-2022, NVIDIA CORPORATION & AFFILIATES 3 */ 4 #include <linux/iommufd.h> 5 #include <linux/slab.h> 6 #include <linux/iommu.h> 7 #include <linux/irqdomain.h> 8 9 #include "io_pagetable.h" 10 #include "iommufd_private.h" 11 12 static bool allow_unsafe_interrupts; 13 module_param(allow_unsafe_interrupts, bool, S_IRUGO | S_IWUSR); 14 MODULE_PARM_DESC( 15 allow_unsafe_interrupts, 16 "Allow IOMMUFD to bind to devices even if the platform cannot isolate " 17 "the MSI interrupt window. Enabling this is a security weakness."); 18 19 /* 20 * A iommufd_device object represents the binding relationship between a 21 * consuming driver and the iommufd. These objects are created/destroyed by 22 * external drivers, not by userspace. 23 */ 24 struct iommufd_device { 25 struct iommufd_object obj; 26 struct iommufd_ctx *ictx; 27 struct iommufd_hw_pagetable *hwpt; 28 /* Head at iommufd_hw_pagetable::devices */ 29 struct list_head devices_item; 30 /* always the physical device */ 31 struct device *dev; 32 struct iommu_group *group; 33 bool enforce_cache_coherency; 34 }; 35 36 void iommufd_device_destroy(struct iommufd_object *obj) 37 { 38 struct iommufd_device *idev = 39 container_of(obj, struct iommufd_device, obj); 40 41 iommu_device_release_dma_owner(idev->dev); 42 iommu_group_put(idev->group); 43 iommufd_ctx_put(idev->ictx); 44 } 45 46 /** 47 * iommufd_device_bind - Bind a physical device to an iommu fd 48 * @ictx: iommufd file descriptor 49 * @dev: Pointer to a physical device struct 50 * @id: Output ID number to return to userspace for this device 51 * 52 * A successful bind establishes an ownership over the device and returns 53 * struct iommufd_device pointer, otherwise returns error pointer. 54 * 55 * A driver using this API must set driver_managed_dma and must not touch 56 * the device until this routine succeeds and establishes ownership. 57 * 58 * Binding a PCI device places the entire RID under iommufd control. 59 * 60 * The caller must undo this with iommufd_device_unbind() 61 */ 62 struct iommufd_device *iommufd_device_bind(struct iommufd_ctx *ictx, 63 struct device *dev, u32 *id) 64 { 65 struct iommufd_device *idev; 66 struct iommu_group *group; 67 int rc; 68 69 /* 70 * iommufd always sets IOMMU_CACHE because we offer no way for userspace 71 * to restore cache coherency. 72 */ 73 if (!device_iommu_capable(dev, IOMMU_CAP_CACHE_COHERENCY)) 74 return ERR_PTR(-EINVAL); 75 76 group = iommu_group_get(dev); 77 if (!group) 78 return ERR_PTR(-ENODEV); 79 80 rc = iommu_device_claim_dma_owner(dev, ictx); 81 if (rc) 82 goto out_group_put; 83 84 idev = iommufd_object_alloc(ictx, idev, IOMMUFD_OBJ_DEVICE); 85 if (IS_ERR(idev)) { 86 rc = PTR_ERR(idev); 87 goto out_release_owner; 88 } 89 idev->ictx = ictx; 90 iommufd_ctx_get(ictx); 91 idev->dev = dev; 92 idev->enforce_cache_coherency = 93 device_iommu_capable(dev, IOMMU_CAP_ENFORCE_CACHE_COHERENCY); 94 /* The calling driver is a user until iommufd_device_unbind() */ 95 refcount_inc(&idev->obj.users); 96 /* group refcount moves into iommufd_device */ 97 idev->group = group; 98 99 /* 100 * If the caller fails after this success it must call 101 * iommufd_unbind_device() which is safe since we hold this refcount. 102 * This also means the device is a leaf in the graph and no other object 103 * can take a reference on it. 104 */ 105 iommufd_object_finalize(ictx, &idev->obj); 106 *id = idev->obj.id; 107 return idev; 108 109 out_release_owner: 110 iommu_device_release_dma_owner(dev); 111 out_group_put: 112 iommu_group_put(group); 113 return ERR_PTR(rc); 114 } 115 EXPORT_SYMBOL_NS_GPL(iommufd_device_bind, IOMMUFD); 116 117 /** 118 * iommufd_device_unbind - Undo iommufd_device_bind() 119 * @idev: Device returned by iommufd_device_bind() 120 * 121 * Release the device from iommufd control. The DMA ownership will return back 122 * to unowned with DMA controlled by the DMA API. This invalidates the 123 * iommufd_device pointer, other APIs that consume it must not be called 124 * concurrently. 125 */ 126 void iommufd_device_unbind(struct iommufd_device *idev) 127 { 128 bool was_destroyed; 129 130 was_destroyed = iommufd_object_destroy_user(idev->ictx, &idev->obj); 131 WARN_ON(!was_destroyed); 132 } 133 EXPORT_SYMBOL_NS_GPL(iommufd_device_unbind, IOMMUFD); 134 135 static int iommufd_device_setup_msi(struct iommufd_device *idev, 136 struct iommufd_hw_pagetable *hwpt, 137 phys_addr_t sw_msi_start) 138 { 139 int rc; 140 141 /* 142 * If the IOMMU driver gives a IOMMU_RESV_SW_MSI then it is asking us to 143 * call iommu_get_msi_cookie() on its behalf. This is necessary to setup 144 * the MSI window so iommu_dma_prepare_msi() can install pages into our 145 * domain after request_irq(). If it is not done interrupts will not 146 * work on this domain. 147 * 148 * FIXME: This is conceptually broken for iommufd since we want to allow 149 * userspace to change the domains, eg switch from an identity IOAS to a 150 * DMA IOAS. There is currently no way to create a MSI window that 151 * matches what the IRQ layer actually expects in a newly created 152 * domain. 153 */ 154 if (sw_msi_start != PHYS_ADDR_MAX && !hwpt->msi_cookie) { 155 rc = iommu_get_msi_cookie(hwpt->domain, sw_msi_start); 156 if (rc) 157 return rc; 158 159 /* 160 * iommu_get_msi_cookie() can only be called once per domain, 161 * it returns -EBUSY on later calls. 162 */ 163 hwpt->msi_cookie = true; 164 } 165 166 /* 167 * For historical compat with VFIO the insecure interrupt path is 168 * allowed if the module parameter is set. Insecure means that a MemWr 169 * operation from the device (eg a simple DMA) cannot trigger an 170 * interrupt outside this iommufd context. 171 */ 172 if (!device_iommu_capable(idev->dev, IOMMU_CAP_INTR_REMAP) && 173 !irq_domain_check_msi_remap()) { 174 if (!allow_unsafe_interrupts) 175 return -EPERM; 176 177 dev_warn( 178 idev->dev, 179 "MSI interrupts are not secure, they cannot be isolated by the platform. " 180 "Check that platform features like interrupt remapping are enabled. " 181 "Use the \"allow_unsafe_interrupts\" module parameter to override\n"); 182 } 183 return 0; 184 } 185 186 static bool iommufd_hw_pagetable_has_group(struct iommufd_hw_pagetable *hwpt, 187 struct iommu_group *group) 188 { 189 struct iommufd_device *cur_dev; 190 191 list_for_each_entry(cur_dev, &hwpt->devices, devices_item) 192 if (cur_dev->group == group) 193 return true; 194 return false; 195 } 196 197 static int iommufd_device_do_attach(struct iommufd_device *idev, 198 struct iommufd_hw_pagetable *hwpt) 199 { 200 phys_addr_t sw_msi_start = PHYS_ADDR_MAX; 201 int rc; 202 203 mutex_lock(&hwpt->devices_lock); 204 205 /* 206 * Try to upgrade the domain we have, it is an iommu driver bug to 207 * report IOMMU_CAP_ENFORCE_CACHE_COHERENCY but fail 208 * enforce_cache_coherency when there are no devices attached to the 209 * domain. 210 */ 211 if (idev->enforce_cache_coherency && !hwpt->enforce_cache_coherency) { 212 if (hwpt->domain->ops->enforce_cache_coherency) 213 hwpt->enforce_cache_coherency = 214 hwpt->domain->ops->enforce_cache_coherency( 215 hwpt->domain); 216 if (!hwpt->enforce_cache_coherency) { 217 WARN_ON(list_empty(&hwpt->devices)); 218 rc = -EINVAL; 219 goto out_unlock; 220 } 221 } 222 223 rc = iopt_table_enforce_group_resv_regions(&hwpt->ioas->iopt, idev->dev, 224 idev->group, &sw_msi_start); 225 if (rc) 226 goto out_unlock; 227 228 rc = iommufd_device_setup_msi(idev, hwpt, sw_msi_start); 229 if (rc) 230 goto out_iova; 231 232 /* 233 * FIXME: Hack around missing a device-centric iommu api, only attach to 234 * the group once for the first device that is in the group. 235 */ 236 if (!iommufd_hw_pagetable_has_group(hwpt, idev->group)) { 237 rc = iommu_attach_group(hwpt->domain, idev->group); 238 if (rc) 239 goto out_iova; 240 241 if (list_empty(&hwpt->devices)) { 242 rc = iopt_table_add_domain(&hwpt->ioas->iopt, 243 hwpt->domain); 244 if (rc) 245 goto out_detach; 246 } 247 } 248 249 idev->hwpt = hwpt; 250 refcount_inc(&hwpt->obj.users); 251 list_add(&idev->devices_item, &hwpt->devices); 252 mutex_unlock(&hwpt->devices_lock); 253 return 0; 254 255 out_detach: 256 iommu_detach_group(hwpt->domain, idev->group); 257 out_iova: 258 iopt_remove_reserved_iova(&hwpt->ioas->iopt, idev->dev); 259 out_unlock: 260 mutex_unlock(&hwpt->devices_lock); 261 return rc; 262 } 263 264 /* 265 * When automatically managing the domains we search for a compatible domain in 266 * the iopt and if one is found use it, otherwise create a new domain. 267 * Automatic domain selection will never pick a manually created domain. 268 */ 269 static int iommufd_device_auto_get_domain(struct iommufd_device *idev, 270 struct iommufd_ioas *ioas) 271 { 272 struct iommufd_hw_pagetable *hwpt; 273 int rc; 274 275 /* 276 * There is no differentiation when domains are allocated, so any domain 277 * that is willing to attach to the device is interchangeable with any 278 * other. 279 */ 280 mutex_lock(&ioas->mutex); 281 list_for_each_entry(hwpt, &ioas->hwpt_list, hwpt_item) { 282 if (!hwpt->auto_domain) 283 continue; 284 285 rc = iommufd_device_do_attach(idev, hwpt); 286 287 /* 288 * -EINVAL means the domain is incompatible with the device. 289 * Other error codes should propagate to userspace as failure. 290 * Success means the domain is attached. 291 */ 292 if (rc == -EINVAL) 293 continue; 294 goto out_unlock; 295 } 296 297 hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev->dev); 298 if (IS_ERR(hwpt)) { 299 rc = PTR_ERR(hwpt); 300 goto out_unlock; 301 } 302 hwpt->auto_domain = true; 303 304 rc = iommufd_device_do_attach(idev, hwpt); 305 if (rc) 306 goto out_abort; 307 list_add_tail(&hwpt->hwpt_item, &ioas->hwpt_list); 308 309 mutex_unlock(&ioas->mutex); 310 iommufd_object_finalize(idev->ictx, &hwpt->obj); 311 return 0; 312 313 out_abort: 314 iommufd_object_abort_and_destroy(idev->ictx, &hwpt->obj); 315 out_unlock: 316 mutex_unlock(&ioas->mutex); 317 return rc; 318 } 319 320 /** 321 * iommufd_device_attach - Connect a device from an iommu_domain 322 * @idev: device to attach 323 * @pt_id: Input a IOMMUFD_OBJ_IOAS, or IOMMUFD_OBJ_HW_PAGETABLE 324 * Output the IOMMUFD_OBJ_HW_PAGETABLE ID 325 * 326 * This connects the device to an iommu_domain, either automatically or manually 327 * selected. Once this completes the device could do DMA. 328 * 329 * The caller should return the resulting pt_id back to userspace. 330 * This function is undone by calling iommufd_device_detach(). 331 */ 332 int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id) 333 { 334 struct iommufd_object *pt_obj; 335 int rc; 336 337 pt_obj = iommufd_get_object(idev->ictx, *pt_id, IOMMUFD_OBJ_ANY); 338 if (IS_ERR(pt_obj)) 339 return PTR_ERR(pt_obj); 340 341 switch (pt_obj->type) { 342 case IOMMUFD_OBJ_HW_PAGETABLE: { 343 struct iommufd_hw_pagetable *hwpt = 344 container_of(pt_obj, struct iommufd_hw_pagetable, obj); 345 346 rc = iommufd_device_do_attach(idev, hwpt); 347 if (rc) 348 goto out_put_pt_obj; 349 350 mutex_lock(&hwpt->ioas->mutex); 351 list_add_tail(&hwpt->hwpt_item, &hwpt->ioas->hwpt_list); 352 mutex_unlock(&hwpt->ioas->mutex); 353 break; 354 } 355 case IOMMUFD_OBJ_IOAS: { 356 struct iommufd_ioas *ioas = 357 container_of(pt_obj, struct iommufd_ioas, obj); 358 359 rc = iommufd_device_auto_get_domain(idev, ioas); 360 if (rc) 361 goto out_put_pt_obj; 362 break; 363 } 364 default: 365 rc = -EINVAL; 366 goto out_put_pt_obj; 367 } 368 369 refcount_inc(&idev->obj.users); 370 *pt_id = idev->hwpt->obj.id; 371 rc = 0; 372 373 out_put_pt_obj: 374 iommufd_put_object(pt_obj); 375 return rc; 376 } 377 EXPORT_SYMBOL_NS_GPL(iommufd_device_attach, IOMMUFD); 378 379 /** 380 * iommufd_device_detach - Disconnect a device to an iommu_domain 381 * @idev: device to detach 382 * 383 * Undo iommufd_device_attach(). This disconnects the idev from the previously 384 * attached pt_id. The device returns back to a blocked DMA translation. 385 */ 386 void iommufd_device_detach(struct iommufd_device *idev) 387 { 388 struct iommufd_hw_pagetable *hwpt = idev->hwpt; 389 390 mutex_lock(&hwpt->ioas->mutex); 391 mutex_lock(&hwpt->devices_lock); 392 list_del(&idev->devices_item); 393 if (!iommufd_hw_pagetable_has_group(hwpt, idev->group)) { 394 if (list_empty(&hwpt->devices)) { 395 iopt_table_remove_domain(&hwpt->ioas->iopt, 396 hwpt->domain); 397 list_del(&hwpt->hwpt_item); 398 } 399 iommu_detach_group(hwpt->domain, idev->group); 400 } 401 iopt_remove_reserved_iova(&hwpt->ioas->iopt, idev->dev); 402 mutex_unlock(&hwpt->devices_lock); 403 mutex_unlock(&hwpt->ioas->mutex); 404 405 if (hwpt->auto_domain) 406 iommufd_object_destroy_user(idev->ictx, &hwpt->obj); 407 else 408 refcount_dec(&hwpt->obj.users); 409 410 idev->hwpt = NULL; 411 412 refcount_dec(&idev->obj.users); 413 } 414 EXPORT_SYMBOL_NS_GPL(iommufd_device_detach, IOMMUFD); 415 416 void iommufd_access_destroy_object(struct iommufd_object *obj) 417 { 418 struct iommufd_access *access = 419 container_of(obj, struct iommufd_access, obj); 420 421 iopt_remove_access(&access->ioas->iopt, access); 422 iommufd_ctx_put(access->ictx); 423 refcount_dec(&access->ioas->obj.users); 424 } 425 426 /** 427 * iommufd_access_create - Create an iommufd_access 428 * @ictx: iommufd file descriptor 429 * @ioas_id: ID for a IOMMUFD_OBJ_IOAS 430 * @ops: Driver's ops to associate with the access 431 * @data: Opaque data to pass into ops functions 432 * 433 * An iommufd_access allows a driver to read/write to the IOAS without using 434 * DMA. The underlying CPU memory can be accessed using the 435 * iommufd_access_pin_pages() or iommufd_access_rw() functions. 436 * 437 * The provided ops are required to use iommufd_access_pin_pages(). 438 */ 439 struct iommufd_access * 440 iommufd_access_create(struct iommufd_ctx *ictx, u32 ioas_id, 441 const struct iommufd_access_ops *ops, void *data) 442 { 443 struct iommufd_access *access; 444 struct iommufd_object *obj; 445 int rc; 446 447 /* 448 * There is no uAPI for the access object, but to keep things symmetric 449 * use the object infrastructure anyhow. 450 */ 451 access = iommufd_object_alloc(ictx, access, IOMMUFD_OBJ_ACCESS); 452 if (IS_ERR(access)) 453 return access; 454 455 access->data = data; 456 access->ops = ops; 457 458 obj = iommufd_get_object(ictx, ioas_id, IOMMUFD_OBJ_IOAS); 459 if (IS_ERR(obj)) { 460 rc = PTR_ERR(obj); 461 goto out_abort; 462 } 463 access->ioas = container_of(obj, struct iommufd_ioas, obj); 464 iommufd_ref_to_users(obj); 465 466 if (ops->needs_pin_pages) 467 access->iova_alignment = PAGE_SIZE; 468 else 469 access->iova_alignment = 1; 470 rc = iopt_add_access(&access->ioas->iopt, access); 471 if (rc) 472 goto out_put_ioas; 473 474 /* The calling driver is a user until iommufd_access_destroy() */ 475 refcount_inc(&access->obj.users); 476 access->ictx = ictx; 477 iommufd_ctx_get(ictx); 478 iommufd_object_finalize(ictx, &access->obj); 479 return access; 480 out_put_ioas: 481 refcount_dec(&access->ioas->obj.users); 482 out_abort: 483 iommufd_object_abort(ictx, &access->obj); 484 return ERR_PTR(rc); 485 } 486 EXPORT_SYMBOL_NS_GPL(iommufd_access_create, IOMMUFD); 487 488 /** 489 * iommufd_access_destroy - Destroy an iommufd_access 490 * @access: The access to destroy 491 * 492 * The caller must stop using the access before destroying it. 493 */ 494 void iommufd_access_destroy(struct iommufd_access *access) 495 { 496 bool was_destroyed; 497 498 was_destroyed = iommufd_object_destroy_user(access->ictx, &access->obj); 499 WARN_ON(!was_destroyed); 500 } 501 EXPORT_SYMBOL_NS_GPL(iommufd_access_destroy, IOMMUFD); 502 503 /** 504 * iommufd_access_notify_unmap - Notify users of an iopt to stop using it 505 * @iopt: iopt to work on 506 * @iova: Starting iova in the iopt 507 * @length: Number of bytes 508 * 509 * After this function returns there should be no users attached to the pages 510 * linked to this iopt that intersect with iova,length. Anyone that has attached 511 * a user through iopt_access_pages() needs to detach it through 512 * iommufd_access_unpin_pages() before this function returns. 513 * 514 * iommufd_access_destroy() will wait for any outstanding unmap callback to 515 * complete. Once iommufd_access_destroy() no unmap ops are running or will 516 * run in the future. Due to this a driver must not create locking that prevents 517 * unmap to complete while iommufd_access_destroy() is running. 518 */ 519 void iommufd_access_notify_unmap(struct io_pagetable *iopt, unsigned long iova, 520 unsigned long length) 521 { 522 struct iommufd_ioas *ioas = 523 container_of(iopt, struct iommufd_ioas, iopt); 524 struct iommufd_access *access; 525 unsigned long index; 526 527 xa_lock(&ioas->iopt.access_list); 528 xa_for_each(&ioas->iopt.access_list, index, access) { 529 if (!iommufd_lock_obj(&access->obj)) 530 continue; 531 xa_unlock(&ioas->iopt.access_list); 532 533 access->ops->unmap(access->data, iova, length); 534 535 iommufd_put_object(&access->obj); 536 xa_lock(&ioas->iopt.access_list); 537 } 538 xa_unlock(&ioas->iopt.access_list); 539 } 540 541 /** 542 * iommufd_access_unpin_pages() - Undo iommufd_access_pin_pages 543 * @access: IOAS access to act on 544 * @iova: Starting IOVA 545 * @length: Number of bytes to access 546 * 547 * Return the struct page's. The caller must stop accessing them before calling 548 * this. The iova/length must exactly match the one provided to access_pages. 549 */ 550 void iommufd_access_unpin_pages(struct iommufd_access *access, 551 unsigned long iova, unsigned long length) 552 { 553 struct io_pagetable *iopt = &access->ioas->iopt; 554 struct iopt_area_contig_iter iter; 555 unsigned long last_iova; 556 struct iopt_area *area; 557 558 if (WARN_ON(!length) || 559 WARN_ON(check_add_overflow(iova, length - 1, &last_iova))) 560 return; 561 562 down_read(&iopt->iova_rwsem); 563 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) 564 iopt_area_remove_access( 565 area, iopt_area_iova_to_index(area, iter.cur_iova), 566 iopt_area_iova_to_index( 567 area, 568 min(last_iova, iopt_area_last_iova(area)))); 569 up_read(&iopt->iova_rwsem); 570 WARN_ON(!iopt_area_contig_done(&iter)); 571 } 572 EXPORT_SYMBOL_NS_GPL(iommufd_access_unpin_pages, IOMMUFD); 573 574 static bool iopt_area_contig_is_aligned(struct iopt_area_contig_iter *iter) 575 { 576 if (iopt_area_start_byte(iter->area, iter->cur_iova) % PAGE_SIZE) 577 return false; 578 579 if (!iopt_area_contig_done(iter) && 580 (iopt_area_start_byte(iter->area, iopt_area_last_iova(iter->area)) % 581 PAGE_SIZE) != (PAGE_SIZE - 1)) 582 return false; 583 return true; 584 } 585 586 static bool check_area_prot(struct iopt_area *area, unsigned int flags) 587 { 588 if (flags & IOMMUFD_ACCESS_RW_WRITE) 589 return area->iommu_prot & IOMMU_WRITE; 590 return area->iommu_prot & IOMMU_READ; 591 } 592 593 /** 594 * iommufd_access_pin_pages() - Return a list of pages under the iova 595 * @access: IOAS access to act on 596 * @iova: Starting IOVA 597 * @length: Number of bytes to access 598 * @out_pages: Output page list 599 * @flags: IOPMMUFD_ACCESS_RW_* flags 600 * 601 * Reads @length bytes starting at iova and returns the struct page * pointers. 602 * These can be kmap'd by the caller for CPU access. 603 * 604 * The caller must perform iommufd_access_unpin_pages() when done to balance 605 * this. 606 * 607 * This API always requires a page aligned iova. This happens naturally if the 608 * ioas alignment is >= PAGE_SIZE and the iova is PAGE_SIZE aligned. However 609 * smaller alignments have corner cases where this API can fail on otherwise 610 * aligned iova. 611 */ 612 int iommufd_access_pin_pages(struct iommufd_access *access, unsigned long iova, 613 unsigned long length, struct page **out_pages, 614 unsigned int flags) 615 { 616 struct io_pagetable *iopt = &access->ioas->iopt; 617 struct iopt_area_contig_iter iter; 618 unsigned long last_iova; 619 struct iopt_area *area; 620 int rc; 621 622 /* Driver's ops don't support pin_pages */ 623 if (IS_ENABLED(CONFIG_IOMMUFD_TEST) && 624 WARN_ON(access->iova_alignment != PAGE_SIZE || !access->ops->unmap)) 625 return -EINVAL; 626 627 if (!length) 628 return -EINVAL; 629 if (check_add_overflow(iova, length - 1, &last_iova)) 630 return -EOVERFLOW; 631 632 down_read(&iopt->iova_rwsem); 633 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) { 634 unsigned long last = min(last_iova, iopt_area_last_iova(area)); 635 unsigned long last_index = iopt_area_iova_to_index(area, last); 636 unsigned long index = 637 iopt_area_iova_to_index(area, iter.cur_iova); 638 639 if (area->prevent_access || 640 !iopt_area_contig_is_aligned(&iter)) { 641 rc = -EINVAL; 642 goto err_remove; 643 } 644 645 if (!check_area_prot(area, flags)) { 646 rc = -EPERM; 647 goto err_remove; 648 } 649 650 rc = iopt_area_add_access(area, index, last_index, out_pages, 651 flags); 652 if (rc) 653 goto err_remove; 654 out_pages += last_index - index + 1; 655 } 656 if (!iopt_area_contig_done(&iter)) { 657 rc = -ENOENT; 658 goto err_remove; 659 } 660 661 up_read(&iopt->iova_rwsem); 662 return 0; 663 664 err_remove: 665 if (iova < iter.cur_iova) { 666 last_iova = iter.cur_iova - 1; 667 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) 668 iopt_area_remove_access( 669 area, 670 iopt_area_iova_to_index(area, iter.cur_iova), 671 iopt_area_iova_to_index( 672 area, min(last_iova, 673 iopt_area_last_iova(area)))); 674 } 675 up_read(&iopt->iova_rwsem); 676 return rc; 677 } 678 EXPORT_SYMBOL_NS_GPL(iommufd_access_pin_pages, IOMMUFD); 679 680 /** 681 * iommufd_access_rw - Read or write data under the iova 682 * @access: IOAS access to act on 683 * @iova: Starting IOVA 684 * @data: Kernel buffer to copy to/from 685 * @length: Number of bytes to access 686 * @flags: IOMMUFD_ACCESS_RW_* flags 687 * 688 * Copy kernel to/from data into the range given by IOVA/length. If flags 689 * indicates IOMMUFD_ACCESS_RW_KTHREAD then a large copy can be optimized 690 * by changing it into copy_to/from_user(). 691 */ 692 int iommufd_access_rw(struct iommufd_access *access, unsigned long iova, 693 void *data, size_t length, unsigned int flags) 694 { 695 struct io_pagetable *iopt = &access->ioas->iopt; 696 struct iopt_area_contig_iter iter; 697 struct iopt_area *area; 698 unsigned long last_iova; 699 int rc; 700 701 if (!length) 702 return -EINVAL; 703 if (check_add_overflow(iova, length - 1, &last_iova)) 704 return -EOVERFLOW; 705 706 down_read(&iopt->iova_rwsem); 707 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) { 708 unsigned long last = min(last_iova, iopt_area_last_iova(area)); 709 unsigned long bytes = (last - iter.cur_iova) + 1; 710 711 if (area->prevent_access) { 712 rc = -EINVAL; 713 goto err_out; 714 } 715 716 if (!check_area_prot(area, flags)) { 717 rc = -EPERM; 718 goto err_out; 719 } 720 721 rc = iopt_pages_rw_access( 722 area->pages, iopt_area_start_byte(area, iter.cur_iova), 723 data, bytes, flags); 724 if (rc) 725 goto err_out; 726 data += bytes; 727 } 728 if (!iopt_area_contig_done(&iter)) 729 rc = -ENOENT; 730 err_out: 731 up_read(&iopt->iova_rwsem); 732 return rc; 733 } 734 EXPORT_SYMBOL_NS_GPL(iommufd_access_rw, IOMMUFD); 735 736 #ifdef CONFIG_IOMMUFD_TEST 737 /* 738 * Creating a real iommufd_device is too hard, bypass creating a iommufd_device 739 * and go directly to attaching a domain. 740 */ 741 struct iommufd_hw_pagetable * 742 iommufd_device_selftest_attach(struct iommufd_ctx *ictx, 743 struct iommufd_ioas *ioas, 744 struct device *mock_dev) 745 { 746 struct iommufd_hw_pagetable *hwpt; 747 int rc; 748 749 hwpt = iommufd_hw_pagetable_alloc(ictx, ioas, mock_dev); 750 if (IS_ERR(hwpt)) 751 return hwpt; 752 753 rc = iopt_table_add_domain(&hwpt->ioas->iopt, hwpt->domain); 754 if (rc) 755 goto out_hwpt; 756 757 refcount_inc(&hwpt->obj.users); 758 iommufd_object_finalize(ictx, &hwpt->obj); 759 return hwpt; 760 761 out_hwpt: 762 iommufd_object_abort_and_destroy(ictx, &hwpt->obj); 763 return ERR_PTR(rc); 764 } 765 766 void iommufd_device_selftest_detach(struct iommufd_ctx *ictx, 767 struct iommufd_hw_pagetable *hwpt) 768 { 769 iopt_table_remove_domain(&hwpt->ioas->iopt, hwpt->domain); 770 refcount_dec(&hwpt->obj.users); 771 } 772 #endif 773