1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Copyright (c) 2021-2022, NVIDIA CORPORATION & AFFILIATES 3 */ 4 #include <linux/iommufd.h> 5 #include <linux/slab.h> 6 #include <linux/iommu.h> 7 8 #include "io_pagetable.h" 9 #include "iommufd_private.h" 10 11 static bool allow_unsafe_interrupts; 12 module_param(allow_unsafe_interrupts, bool, S_IRUGO | S_IWUSR); 13 MODULE_PARM_DESC( 14 allow_unsafe_interrupts, 15 "Allow IOMMUFD to bind to devices even if the platform cannot isolate " 16 "the MSI interrupt window. Enabling this is a security weakness."); 17 18 void iommufd_device_destroy(struct iommufd_object *obj) 19 { 20 struct iommufd_device *idev = 21 container_of(obj, struct iommufd_device, obj); 22 23 iommu_device_release_dma_owner(idev->dev); 24 iommu_group_put(idev->group); 25 if (!iommufd_selftest_is_mock_dev(idev->dev)) 26 iommufd_ctx_put(idev->ictx); 27 } 28 29 /** 30 * iommufd_device_bind - Bind a physical device to an iommu fd 31 * @ictx: iommufd file descriptor 32 * @dev: Pointer to a physical device struct 33 * @id: Output ID number to return to userspace for this device 34 * 35 * A successful bind establishes an ownership over the device and returns 36 * struct iommufd_device pointer, otherwise returns error pointer. 37 * 38 * A driver using this API must set driver_managed_dma and must not touch 39 * the device until this routine succeeds and establishes ownership. 40 * 41 * Binding a PCI device places the entire RID under iommufd control. 42 * 43 * The caller must undo this with iommufd_device_unbind() 44 */ 45 struct iommufd_device *iommufd_device_bind(struct iommufd_ctx *ictx, 46 struct device *dev, u32 *id) 47 { 48 struct iommufd_device *idev; 49 struct iommu_group *group; 50 int rc; 51 52 /* 53 * iommufd always sets IOMMU_CACHE because we offer no way for userspace 54 * to restore cache coherency. 55 */ 56 if (!device_iommu_capable(dev, IOMMU_CAP_CACHE_COHERENCY)) 57 return ERR_PTR(-EINVAL); 58 59 group = iommu_group_get(dev); 60 if (!group) 61 return ERR_PTR(-ENODEV); 62 63 rc = iommu_device_claim_dma_owner(dev, ictx); 64 if (rc) 65 goto out_group_put; 66 67 idev = iommufd_object_alloc(ictx, idev, IOMMUFD_OBJ_DEVICE); 68 if (IS_ERR(idev)) { 69 rc = PTR_ERR(idev); 70 goto out_release_owner; 71 } 72 idev->ictx = ictx; 73 if (!iommufd_selftest_is_mock_dev(dev)) 74 iommufd_ctx_get(ictx); 75 idev->dev = dev; 76 idev->enforce_cache_coherency = 77 device_iommu_capable(dev, IOMMU_CAP_ENFORCE_CACHE_COHERENCY); 78 /* The calling driver is a user until iommufd_device_unbind() */ 79 refcount_inc(&idev->obj.users); 80 /* group refcount moves into iommufd_device */ 81 idev->group = group; 82 83 /* 84 * If the caller fails after this success it must call 85 * iommufd_unbind_device() which is safe since we hold this refcount. 86 * This also means the device is a leaf in the graph and no other object 87 * can take a reference on it. 88 */ 89 iommufd_object_finalize(ictx, &idev->obj); 90 *id = idev->obj.id; 91 return idev; 92 93 out_release_owner: 94 iommu_device_release_dma_owner(dev); 95 out_group_put: 96 iommu_group_put(group); 97 return ERR_PTR(rc); 98 } 99 EXPORT_SYMBOL_NS_GPL(iommufd_device_bind, IOMMUFD); 100 101 /** 102 * iommufd_device_unbind - Undo iommufd_device_bind() 103 * @idev: Device returned by iommufd_device_bind() 104 * 105 * Release the device from iommufd control. The DMA ownership will return back 106 * to unowned with DMA controlled by the DMA API. This invalidates the 107 * iommufd_device pointer, other APIs that consume it must not be called 108 * concurrently. 109 */ 110 void iommufd_device_unbind(struct iommufd_device *idev) 111 { 112 bool was_destroyed; 113 114 was_destroyed = iommufd_object_destroy_user(idev->ictx, &idev->obj); 115 WARN_ON(!was_destroyed); 116 } 117 EXPORT_SYMBOL_NS_GPL(iommufd_device_unbind, IOMMUFD); 118 119 static int iommufd_device_setup_msi(struct iommufd_device *idev, 120 struct iommufd_hw_pagetable *hwpt, 121 phys_addr_t sw_msi_start) 122 { 123 int rc; 124 125 /* 126 * If the IOMMU driver gives a IOMMU_RESV_SW_MSI then it is asking us to 127 * call iommu_get_msi_cookie() on its behalf. This is necessary to setup 128 * the MSI window so iommu_dma_prepare_msi() can install pages into our 129 * domain after request_irq(). If it is not done interrupts will not 130 * work on this domain. 131 * 132 * FIXME: This is conceptually broken for iommufd since we want to allow 133 * userspace to change the domains, eg switch from an identity IOAS to a 134 * DMA IOAS. There is currently no way to create a MSI window that 135 * matches what the IRQ layer actually expects in a newly created 136 * domain. 137 */ 138 if (sw_msi_start != PHYS_ADDR_MAX && !hwpt->msi_cookie) { 139 rc = iommu_get_msi_cookie(hwpt->domain, sw_msi_start); 140 if (rc) 141 return rc; 142 143 /* 144 * iommu_get_msi_cookie() can only be called once per domain, 145 * it returns -EBUSY on later calls. 146 */ 147 hwpt->msi_cookie = true; 148 } 149 150 /* 151 * For historical compat with VFIO the insecure interrupt path is 152 * allowed if the module parameter is set. Insecure means that a MemWr 153 * operation from the device (eg a simple DMA) cannot trigger an 154 * interrupt outside this iommufd context. 155 */ 156 if (!iommufd_selftest_is_mock_dev(idev->dev) && 157 !iommu_group_has_isolated_msi(idev->group)) { 158 if (!allow_unsafe_interrupts) 159 return -EPERM; 160 161 dev_warn( 162 idev->dev, 163 "MSI interrupts are not secure, they cannot be isolated by the platform. " 164 "Check that platform features like interrupt remapping are enabled. " 165 "Use the \"allow_unsafe_interrupts\" module parameter to override\n"); 166 } 167 return 0; 168 } 169 170 static bool iommufd_hw_pagetable_has_group(struct iommufd_hw_pagetable *hwpt, 171 struct iommu_group *group) 172 { 173 struct iommufd_device *cur_dev; 174 175 lockdep_assert_held(&hwpt->devices_lock); 176 177 list_for_each_entry(cur_dev, &hwpt->devices, devices_item) 178 if (cur_dev->group == group) 179 return true; 180 return false; 181 } 182 183 int iommufd_hw_pagetable_attach(struct iommufd_hw_pagetable *hwpt, 184 struct iommufd_device *idev) 185 { 186 phys_addr_t sw_msi_start = PHYS_ADDR_MAX; 187 int rc; 188 189 lockdep_assert_held(&hwpt->devices_lock); 190 191 if (WARN_ON(idev->hwpt)) 192 return -EINVAL; 193 194 /* 195 * Try to upgrade the domain we have, it is an iommu driver bug to 196 * report IOMMU_CAP_ENFORCE_CACHE_COHERENCY but fail 197 * enforce_cache_coherency when there are no devices attached to the 198 * domain. 199 */ 200 if (idev->enforce_cache_coherency && !hwpt->enforce_cache_coherency) { 201 if (hwpt->domain->ops->enforce_cache_coherency) 202 hwpt->enforce_cache_coherency = 203 hwpt->domain->ops->enforce_cache_coherency( 204 hwpt->domain); 205 if (!hwpt->enforce_cache_coherency) { 206 WARN_ON(list_empty(&hwpt->devices)); 207 return -EINVAL; 208 } 209 } 210 211 rc = iopt_table_enforce_group_resv_regions(&hwpt->ioas->iopt, idev->dev, 212 idev->group, &sw_msi_start); 213 if (rc) 214 return rc; 215 216 rc = iommufd_device_setup_msi(idev, hwpt, sw_msi_start); 217 if (rc) 218 goto err_unresv; 219 220 /* 221 * FIXME: Hack around missing a device-centric iommu api, only attach to 222 * the group once for the first device that is in the group. 223 */ 224 if (!iommufd_hw_pagetable_has_group(hwpt, idev->group)) { 225 rc = iommu_attach_group(hwpt->domain, idev->group); 226 if (rc) 227 goto err_unresv; 228 } 229 return 0; 230 err_unresv: 231 iopt_remove_reserved_iova(&hwpt->ioas->iopt, idev->dev); 232 return rc; 233 } 234 235 void iommufd_hw_pagetable_detach(struct iommufd_hw_pagetable *hwpt, 236 struct iommufd_device *idev) 237 { 238 if (!iommufd_hw_pagetable_has_group(hwpt, idev->group)) 239 iommu_detach_group(hwpt->domain, idev->group); 240 iopt_remove_reserved_iova(&hwpt->ioas->iopt, idev->dev); 241 } 242 243 static int iommufd_device_do_attach(struct iommufd_device *idev, 244 struct iommufd_hw_pagetable *hwpt) 245 { 246 int rc; 247 248 mutex_lock(&hwpt->devices_lock); 249 rc = iommufd_hw_pagetable_attach(hwpt, idev); 250 if (rc) 251 goto out_unlock; 252 253 idev->hwpt = hwpt; 254 refcount_inc(&hwpt->obj.users); 255 list_add(&idev->devices_item, &hwpt->devices); 256 out_unlock: 257 mutex_unlock(&hwpt->devices_lock); 258 return rc; 259 } 260 261 /* 262 * When automatically managing the domains we search for a compatible domain in 263 * the iopt and if one is found use it, otherwise create a new domain. 264 * Automatic domain selection will never pick a manually created domain. 265 */ 266 static int iommufd_device_auto_get_domain(struct iommufd_device *idev, 267 struct iommufd_ioas *ioas) 268 { 269 struct iommufd_hw_pagetable *hwpt; 270 int rc; 271 272 /* 273 * There is no differentiation when domains are allocated, so any domain 274 * that is willing to attach to the device is interchangeable with any 275 * other. 276 */ 277 mutex_lock(&ioas->mutex); 278 list_for_each_entry(hwpt, &ioas->hwpt_list, hwpt_item) { 279 if (!hwpt->auto_domain) 280 continue; 281 282 if (!iommufd_lock_obj(&hwpt->obj)) 283 continue; 284 rc = iommufd_device_do_attach(idev, hwpt); 285 iommufd_put_object(&hwpt->obj); 286 287 /* 288 * -EINVAL means the domain is incompatible with the device. 289 * Other error codes should propagate to userspace as failure. 290 * Success means the domain is attached. 291 */ 292 if (rc == -EINVAL) 293 continue; 294 goto out_unlock; 295 } 296 297 hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev, true); 298 if (IS_ERR(hwpt)) { 299 rc = PTR_ERR(hwpt); 300 goto out_unlock; 301 } 302 hwpt->auto_domain = true; 303 304 mutex_unlock(&ioas->mutex); 305 iommufd_object_finalize(idev->ictx, &hwpt->obj); 306 return 0; 307 out_unlock: 308 mutex_unlock(&ioas->mutex); 309 return rc; 310 } 311 312 /** 313 * iommufd_device_attach - Connect a device from an iommu_domain 314 * @idev: device to attach 315 * @pt_id: Input a IOMMUFD_OBJ_IOAS, or IOMMUFD_OBJ_HW_PAGETABLE 316 * Output the IOMMUFD_OBJ_HW_PAGETABLE ID 317 * 318 * This connects the device to an iommu_domain, either automatically or manually 319 * selected. Once this completes the device could do DMA. 320 * 321 * The caller should return the resulting pt_id back to userspace. 322 * This function is undone by calling iommufd_device_detach(). 323 */ 324 int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id) 325 { 326 struct iommufd_object *pt_obj; 327 int rc; 328 329 pt_obj = iommufd_get_object(idev->ictx, *pt_id, IOMMUFD_OBJ_ANY); 330 if (IS_ERR(pt_obj)) 331 return PTR_ERR(pt_obj); 332 333 switch (pt_obj->type) { 334 case IOMMUFD_OBJ_HW_PAGETABLE: { 335 struct iommufd_hw_pagetable *hwpt = 336 container_of(pt_obj, struct iommufd_hw_pagetable, obj); 337 338 rc = iommufd_device_do_attach(idev, hwpt); 339 if (rc) 340 goto out_put_pt_obj; 341 break; 342 } 343 case IOMMUFD_OBJ_IOAS: { 344 struct iommufd_ioas *ioas = 345 container_of(pt_obj, struct iommufd_ioas, obj); 346 347 rc = iommufd_device_auto_get_domain(idev, ioas); 348 if (rc) 349 goto out_put_pt_obj; 350 break; 351 } 352 default: 353 rc = -EINVAL; 354 goto out_put_pt_obj; 355 } 356 357 refcount_inc(&idev->obj.users); 358 *pt_id = idev->hwpt->obj.id; 359 rc = 0; 360 361 out_put_pt_obj: 362 iommufd_put_object(pt_obj); 363 return rc; 364 } 365 EXPORT_SYMBOL_NS_GPL(iommufd_device_attach, IOMMUFD); 366 367 /** 368 * iommufd_device_detach - Disconnect a device to an iommu_domain 369 * @idev: device to detach 370 * 371 * Undo iommufd_device_attach(). This disconnects the idev from the previously 372 * attached pt_id. The device returns back to a blocked DMA translation. 373 */ 374 void iommufd_device_detach(struct iommufd_device *idev) 375 { 376 struct iommufd_hw_pagetable *hwpt = idev->hwpt; 377 378 mutex_lock(&hwpt->devices_lock); 379 list_del(&idev->devices_item); 380 idev->hwpt = NULL; 381 iommufd_hw_pagetable_detach(hwpt, idev); 382 mutex_unlock(&hwpt->devices_lock); 383 384 if (hwpt->auto_domain) 385 iommufd_object_destroy_user(idev->ictx, &hwpt->obj); 386 else 387 refcount_dec(&hwpt->obj.users); 388 389 refcount_dec(&idev->obj.users); 390 } 391 EXPORT_SYMBOL_NS_GPL(iommufd_device_detach, IOMMUFD); 392 393 void iommufd_access_destroy_object(struct iommufd_object *obj) 394 { 395 struct iommufd_access *access = 396 container_of(obj, struct iommufd_access, obj); 397 398 if (access->ioas) { 399 iopt_remove_access(&access->ioas->iopt, access); 400 refcount_dec(&access->ioas->obj.users); 401 access->ioas = NULL; 402 } 403 iommufd_ctx_put(access->ictx); 404 } 405 406 /** 407 * iommufd_access_create - Create an iommufd_access 408 * @ictx: iommufd file descriptor 409 * @ops: Driver's ops to associate with the access 410 * @data: Opaque data to pass into ops functions 411 * @id: Output ID number to return to userspace for this access 412 * 413 * An iommufd_access allows a driver to read/write to the IOAS without using 414 * DMA. The underlying CPU memory can be accessed using the 415 * iommufd_access_pin_pages() or iommufd_access_rw() functions. 416 * 417 * The provided ops are required to use iommufd_access_pin_pages(). 418 */ 419 struct iommufd_access * 420 iommufd_access_create(struct iommufd_ctx *ictx, 421 const struct iommufd_access_ops *ops, void *data, u32 *id) 422 { 423 struct iommufd_access *access; 424 425 /* 426 * There is no uAPI for the access object, but to keep things symmetric 427 * use the object infrastructure anyhow. 428 */ 429 access = iommufd_object_alloc(ictx, access, IOMMUFD_OBJ_ACCESS); 430 if (IS_ERR(access)) 431 return access; 432 433 access->data = data; 434 access->ops = ops; 435 436 if (ops->needs_pin_pages) 437 access->iova_alignment = PAGE_SIZE; 438 else 439 access->iova_alignment = 1; 440 441 /* The calling driver is a user until iommufd_access_destroy() */ 442 refcount_inc(&access->obj.users); 443 access->ictx = ictx; 444 iommufd_ctx_get(ictx); 445 iommufd_object_finalize(ictx, &access->obj); 446 *id = access->obj.id; 447 return access; 448 } 449 EXPORT_SYMBOL_NS_GPL(iommufd_access_create, IOMMUFD); 450 451 /** 452 * iommufd_access_destroy - Destroy an iommufd_access 453 * @access: The access to destroy 454 * 455 * The caller must stop using the access before destroying it. 456 */ 457 void iommufd_access_destroy(struct iommufd_access *access) 458 { 459 bool was_destroyed; 460 461 was_destroyed = iommufd_object_destroy_user(access->ictx, &access->obj); 462 WARN_ON(!was_destroyed); 463 } 464 EXPORT_SYMBOL_NS_GPL(iommufd_access_destroy, IOMMUFD); 465 466 int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id) 467 { 468 struct iommufd_ioas *new_ioas; 469 int rc = 0; 470 471 if (access->ioas) 472 return -EINVAL; 473 474 new_ioas = iommufd_get_ioas(access->ictx, ioas_id); 475 if (IS_ERR(new_ioas)) 476 return PTR_ERR(new_ioas); 477 478 rc = iopt_add_access(&new_ioas->iopt, access); 479 if (rc) { 480 iommufd_put_object(&new_ioas->obj); 481 return rc; 482 } 483 iommufd_ref_to_users(&new_ioas->obj); 484 485 access->ioas = new_ioas; 486 return 0; 487 } 488 EXPORT_SYMBOL_NS_GPL(iommufd_access_attach, IOMMUFD); 489 490 /** 491 * iommufd_access_notify_unmap - Notify users of an iopt to stop using it 492 * @iopt: iopt to work on 493 * @iova: Starting iova in the iopt 494 * @length: Number of bytes 495 * 496 * After this function returns there should be no users attached to the pages 497 * linked to this iopt that intersect with iova,length. Anyone that has attached 498 * a user through iopt_access_pages() needs to detach it through 499 * iommufd_access_unpin_pages() before this function returns. 500 * 501 * iommufd_access_destroy() will wait for any outstanding unmap callback to 502 * complete. Once iommufd_access_destroy() no unmap ops are running or will 503 * run in the future. Due to this a driver must not create locking that prevents 504 * unmap to complete while iommufd_access_destroy() is running. 505 */ 506 void iommufd_access_notify_unmap(struct io_pagetable *iopt, unsigned long iova, 507 unsigned long length) 508 { 509 struct iommufd_ioas *ioas = 510 container_of(iopt, struct iommufd_ioas, iopt); 511 struct iommufd_access *access; 512 unsigned long index; 513 514 xa_lock(&ioas->iopt.access_list); 515 xa_for_each(&ioas->iopt.access_list, index, access) { 516 if (!iommufd_lock_obj(&access->obj)) 517 continue; 518 xa_unlock(&ioas->iopt.access_list); 519 520 access->ops->unmap(access->data, iova, length); 521 522 iommufd_put_object(&access->obj); 523 xa_lock(&ioas->iopt.access_list); 524 } 525 xa_unlock(&ioas->iopt.access_list); 526 } 527 528 /** 529 * iommufd_access_unpin_pages() - Undo iommufd_access_pin_pages 530 * @access: IOAS access to act on 531 * @iova: Starting IOVA 532 * @length: Number of bytes to access 533 * 534 * Return the struct page's. The caller must stop accessing them before calling 535 * this. The iova/length must exactly match the one provided to access_pages. 536 */ 537 void iommufd_access_unpin_pages(struct iommufd_access *access, 538 unsigned long iova, unsigned long length) 539 { 540 struct io_pagetable *iopt = &access->ioas->iopt; 541 struct iopt_area_contig_iter iter; 542 unsigned long last_iova; 543 struct iopt_area *area; 544 545 if (WARN_ON(!length) || 546 WARN_ON(check_add_overflow(iova, length - 1, &last_iova))) 547 return; 548 549 down_read(&iopt->iova_rwsem); 550 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) 551 iopt_area_remove_access( 552 area, iopt_area_iova_to_index(area, iter.cur_iova), 553 iopt_area_iova_to_index( 554 area, 555 min(last_iova, iopt_area_last_iova(area)))); 556 up_read(&iopt->iova_rwsem); 557 WARN_ON(!iopt_area_contig_done(&iter)); 558 } 559 EXPORT_SYMBOL_NS_GPL(iommufd_access_unpin_pages, IOMMUFD); 560 561 static bool iopt_area_contig_is_aligned(struct iopt_area_contig_iter *iter) 562 { 563 if (iopt_area_start_byte(iter->area, iter->cur_iova) % PAGE_SIZE) 564 return false; 565 566 if (!iopt_area_contig_done(iter) && 567 (iopt_area_start_byte(iter->area, iopt_area_last_iova(iter->area)) % 568 PAGE_SIZE) != (PAGE_SIZE - 1)) 569 return false; 570 return true; 571 } 572 573 static bool check_area_prot(struct iopt_area *area, unsigned int flags) 574 { 575 if (flags & IOMMUFD_ACCESS_RW_WRITE) 576 return area->iommu_prot & IOMMU_WRITE; 577 return area->iommu_prot & IOMMU_READ; 578 } 579 580 /** 581 * iommufd_access_pin_pages() - Return a list of pages under the iova 582 * @access: IOAS access to act on 583 * @iova: Starting IOVA 584 * @length: Number of bytes to access 585 * @out_pages: Output page list 586 * @flags: IOPMMUFD_ACCESS_RW_* flags 587 * 588 * Reads @length bytes starting at iova and returns the struct page * pointers. 589 * These can be kmap'd by the caller for CPU access. 590 * 591 * The caller must perform iommufd_access_unpin_pages() when done to balance 592 * this. 593 * 594 * This API always requires a page aligned iova. This happens naturally if the 595 * ioas alignment is >= PAGE_SIZE and the iova is PAGE_SIZE aligned. However 596 * smaller alignments have corner cases where this API can fail on otherwise 597 * aligned iova. 598 */ 599 int iommufd_access_pin_pages(struct iommufd_access *access, unsigned long iova, 600 unsigned long length, struct page **out_pages, 601 unsigned int flags) 602 { 603 struct io_pagetable *iopt = &access->ioas->iopt; 604 struct iopt_area_contig_iter iter; 605 unsigned long last_iova; 606 struct iopt_area *area; 607 int rc; 608 609 /* Driver's ops don't support pin_pages */ 610 if (IS_ENABLED(CONFIG_IOMMUFD_TEST) && 611 WARN_ON(access->iova_alignment != PAGE_SIZE || !access->ops->unmap)) 612 return -EINVAL; 613 614 if (!length) 615 return -EINVAL; 616 if (check_add_overflow(iova, length - 1, &last_iova)) 617 return -EOVERFLOW; 618 619 down_read(&iopt->iova_rwsem); 620 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) { 621 unsigned long last = min(last_iova, iopt_area_last_iova(area)); 622 unsigned long last_index = iopt_area_iova_to_index(area, last); 623 unsigned long index = 624 iopt_area_iova_to_index(area, iter.cur_iova); 625 626 if (area->prevent_access || 627 !iopt_area_contig_is_aligned(&iter)) { 628 rc = -EINVAL; 629 goto err_remove; 630 } 631 632 if (!check_area_prot(area, flags)) { 633 rc = -EPERM; 634 goto err_remove; 635 } 636 637 rc = iopt_area_add_access(area, index, last_index, out_pages, 638 flags); 639 if (rc) 640 goto err_remove; 641 out_pages += last_index - index + 1; 642 } 643 if (!iopt_area_contig_done(&iter)) { 644 rc = -ENOENT; 645 goto err_remove; 646 } 647 648 up_read(&iopt->iova_rwsem); 649 return 0; 650 651 err_remove: 652 if (iova < iter.cur_iova) { 653 last_iova = iter.cur_iova - 1; 654 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) 655 iopt_area_remove_access( 656 area, 657 iopt_area_iova_to_index(area, iter.cur_iova), 658 iopt_area_iova_to_index( 659 area, min(last_iova, 660 iopt_area_last_iova(area)))); 661 } 662 up_read(&iopt->iova_rwsem); 663 return rc; 664 } 665 EXPORT_SYMBOL_NS_GPL(iommufd_access_pin_pages, IOMMUFD); 666 667 /** 668 * iommufd_access_rw - Read or write data under the iova 669 * @access: IOAS access to act on 670 * @iova: Starting IOVA 671 * @data: Kernel buffer to copy to/from 672 * @length: Number of bytes to access 673 * @flags: IOMMUFD_ACCESS_RW_* flags 674 * 675 * Copy kernel to/from data into the range given by IOVA/length. If flags 676 * indicates IOMMUFD_ACCESS_RW_KTHREAD then a large copy can be optimized 677 * by changing it into copy_to/from_user(). 678 */ 679 int iommufd_access_rw(struct iommufd_access *access, unsigned long iova, 680 void *data, size_t length, unsigned int flags) 681 { 682 struct io_pagetable *iopt = &access->ioas->iopt; 683 struct iopt_area_contig_iter iter; 684 struct iopt_area *area; 685 unsigned long last_iova; 686 int rc; 687 688 if (!length) 689 return -EINVAL; 690 if (check_add_overflow(iova, length - 1, &last_iova)) 691 return -EOVERFLOW; 692 693 down_read(&iopt->iova_rwsem); 694 iopt_for_each_contig_area(&iter, area, iopt, iova, last_iova) { 695 unsigned long last = min(last_iova, iopt_area_last_iova(area)); 696 unsigned long bytes = (last - iter.cur_iova) + 1; 697 698 if (area->prevent_access) { 699 rc = -EINVAL; 700 goto err_out; 701 } 702 703 if (!check_area_prot(area, flags)) { 704 rc = -EPERM; 705 goto err_out; 706 } 707 708 rc = iopt_pages_rw_access( 709 area->pages, iopt_area_start_byte(area, iter.cur_iova), 710 data, bytes, flags); 711 if (rc) 712 goto err_out; 713 data += bytes; 714 } 715 if (!iopt_area_contig_done(&iter)) 716 rc = -ENOENT; 717 err_out: 718 up_read(&iopt->iova_rwsem); 719 return rc; 720 } 721 EXPORT_SYMBOL_NS_GPL(iommufd_access_rw, IOMMUFD); 722