1 /* 2 * kvm eventfd support - use eventfd objects to signal various KVM events 3 * 4 * Copyright 2009 Novell. All Rights Reserved. 5 * Copyright 2010 Red Hat, Inc. and/or its affiliates. 6 * 7 * Author: 8 * Gregory Haskins <ghaskins@novell.com> 9 * 10 * This file is free software; you can redistribute it and/or modify 11 * it under the terms of version 2 of the GNU General Public License 12 * as published by the Free Software Foundation. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software Foundation, 21 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. 22 */ 23 24 #include <linux/kvm_host.h> 25 #include <linux/kvm.h> 26 #include <linux/kvm_irqfd.h> 27 #include <linux/workqueue.h> 28 #include <linux/syscalls.h> 29 #include <linux/wait.h> 30 #include <linux/poll.h> 31 #include <linux/file.h> 32 #include <linux/list.h> 33 #include <linux/eventfd.h> 34 #include <linux/kernel.h> 35 #include <linux/srcu.h> 36 #include <linux/slab.h> 37 #include <linux/seqlock.h> 38 #include <linux/irqbypass.h> 39 #include <trace/events/kvm.h> 40 41 #include <kvm/iodev.h> 42 43 #ifdef CONFIG_HAVE_KVM_IRQFD 44 45 static struct workqueue_struct *irqfd_cleanup_wq; 46 47 static void 48 irqfd_inject(struct work_struct *work) 49 { 50 struct kvm_kernel_irqfd *irqfd = 51 container_of(work, struct kvm_kernel_irqfd, inject); 52 struct kvm *kvm = irqfd->kvm; 53 54 if (!irqfd->resampler) { 55 kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID, irqfd->gsi, 1, 56 false); 57 kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID, irqfd->gsi, 0, 58 false); 59 } else 60 kvm_set_irq(kvm, KVM_IRQFD_RESAMPLE_IRQ_SOURCE_ID, 61 irqfd->gsi, 1, false); 62 } 63 64 /* 65 * Since resampler irqfds share an IRQ source ID, we de-assert once 66 * then notify all of the resampler irqfds using this GSI. We can't 67 * do multiple de-asserts or we risk racing with incoming re-asserts. 68 */ 69 static void 70 irqfd_resampler_ack(struct kvm_irq_ack_notifier *kian) 71 { 72 struct kvm_kernel_irqfd_resampler *resampler; 73 struct kvm *kvm; 74 struct kvm_kernel_irqfd *irqfd; 75 int idx; 76 77 resampler = container_of(kian, 78 struct kvm_kernel_irqfd_resampler, notifier); 79 kvm = resampler->kvm; 80 81 kvm_set_irq(kvm, KVM_IRQFD_RESAMPLE_IRQ_SOURCE_ID, 82 resampler->notifier.gsi, 0, false); 83 84 idx = srcu_read_lock(&kvm->irq_srcu); 85 86 list_for_each_entry_rcu(irqfd, &resampler->list, resampler_link) 87 eventfd_signal(irqfd->resamplefd, 1); 88 89 srcu_read_unlock(&kvm->irq_srcu, idx); 90 } 91 92 static void 93 irqfd_resampler_shutdown(struct kvm_kernel_irqfd *irqfd) 94 { 95 struct kvm_kernel_irqfd_resampler *resampler = irqfd->resampler; 96 struct kvm *kvm = resampler->kvm; 97 98 mutex_lock(&kvm->irqfds.resampler_lock); 99 100 list_del_rcu(&irqfd->resampler_link); 101 synchronize_srcu(&kvm->irq_srcu); 102 103 if (list_empty(&resampler->list)) { 104 list_del(&resampler->link); 105 kvm_unregister_irq_ack_notifier(kvm, &resampler->notifier); 106 kvm_set_irq(kvm, KVM_IRQFD_RESAMPLE_IRQ_SOURCE_ID, 107 resampler->notifier.gsi, 0, false); 108 kfree(resampler); 109 } 110 111 mutex_unlock(&kvm->irqfds.resampler_lock); 112 } 113 114 /* 115 * Race-free decouple logic (ordering is critical) 116 */ 117 static void 118 irqfd_shutdown(struct work_struct *work) 119 { 120 struct kvm_kernel_irqfd *irqfd = 121 container_of(work, struct kvm_kernel_irqfd, shutdown); 122 struct kvm *kvm = irqfd->kvm; 123 u64 cnt; 124 125 /* Make sure irqfd has been initalized in assign path. */ 126 synchronize_srcu(&kvm->irq_srcu); 127 128 /* 129 * Synchronize with the wait-queue and unhook ourselves to prevent 130 * further events. 131 */ 132 eventfd_ctx_remove_wait_queue(irqfd->eventfd, &irqfd->wait, &cnt); 133 134 /* 135 * We know no new events will be scheduled at this point, so block 136 * until all previously outstanding events have completed 137 */ 138 flush_work(&irqfd->inject); 139 140 if (irqfd->resampler) { 141 irqfd_resampler_shutdown(irqfd); 142 eventfd_ctx_put(irqfd->resamplefd); 143 } 144 145 /* 146 * It is now safe to release the object's resources 147 */ 148 #ifdef CONFIG_HAVE_KVM_IRQ_BYPASS 149 irq_bypass_unregister_consumer(&irqfd->consumer); 150 #endif 151 eventfd_ctx_put(irqfd->eventfd); 152 kfree(irqfd); 153 } 154 155 156 /* assumes kvm->irqfds.lock is held */ 157 static bool 158 irqfd_is_active(struct kvm_kernel_irqfd *irqfd) 159 { 160 return list_empty(&irqfd->list) ? false : true; 161 } 162 163 /* 164 * Mark the irqfd as inactive and schedule it for removal 165 * 166 * assumes kvm->irqfds.lock is held 167 */ 168 static void 169 irqfd_deactivate(struct kvm_kernel_irqfd *irqfd) 170 { 171 BUG_ON(!irqfd_is_active(irqfd)); 172 173 list_del_init(&irqfd->list); 174 175 queue_work(irqfd_cleanup_wq, &irqfd->shutdown); 176 } 177 178 int __attribute__((weak)) kvm_arch_set_irq_inatomic( 179 struct kvm_kernel_irq_routing_entry *irq, 180 struct kvm *kvm, int irq_source_id, 181 int level, 182 bool line_status) 183 { 184 return -EWOULDBLOCK; 185 } 186 187 /* 188 * Called with wqh->lock held and interrupts disabled 189 */ 190 static int 191 irqfd_wakeup(wait_queue_entry_t *wait, unsigned mode, int sync, void *key) 192 { 193 struct kvm_kernel_irqfd *irqfd = 194 container_of(wait, struct kvm_kernel_irqfd, wait); 195 __poll_t flags = key_to_poll(key); 196 struct kvm_kernel_irq_routing_entry irq; 197 struct kvm *kvm = irqfd->kvm; 198 unsigned seq; 199 int idx; 200 201 if (flags & EPOLLIN) { 202 idx = srcu_read_lock(&kvm->irq_srcu); 203 do { 204 seq = read_seqcount_begin(&irqfd->irq_entry_sc); 205 irq = irqfd->irq_entry; 206 } while (read_seqcount_retry(&irqfd->irq_entry_sc, seq)); 207 /* An event has been signaled, inject an interrupt */ 208 if (kvm_arch_set_irq_inatomic(&irq, kvm, 209 KVM_USERSPACE_IRQ_SOURCE_ID, 1, 210 false) == -EWOULDBLOCK) 211 schedule_work(&irqfd->inject); 212 srcu_read_unlock(&kvm->irq_srcu, idx); 213 } 214 215 if (flags & EPOLLHUP) { 216 /* The eventfd is closing, detach from KVM */ 217 unsigned long iflags; 218 219 spin_lock_irqsave(&kvm->irqfds.lock, iflags); 220 221 /* 222 * We must check if someone deactivated the irqfd before 223 * we could acquire the irqfds.lock since the item is 224 * deactivated from the KVM side before it is unhooked from 225 * the wait-queue. If it is already deactivated, we can 226 * simply return knowing the other side will cleanup for us. 227 * We cannot race against the irqfd going away since the 228 * other side is required to acquire wqh->lock, which we hold 229 */ 230 if (irqfd_is_active(irqfd)) 231 irqfd_deactivate(irqfd); 232 233 spin_unlock_irqrestore(&kvm->irqfds.lock, iflags); 234 } 235 236 return 0; 237 } 238 239 static void 240 irqfd_ptable_queue_proc(struct file *file, wait_queue_head_t *wqh, 241 poll_table *pt) 242 { 243 struct kvm_kernel_irqfd *irqfd = 244 container_of(pt, struct kvm_kernel_irqfd, pt); 245 add_wait_queue(wqh, &irqfd->wait); 246 } 247 248 /* Must be called under irqfds.lock */ 249 static void irqfd_update(struct kvm *kvm, struct kvm_kernel_irqfd *irqfd) 250 { 251 struct kvm_kernel_irq_routing_entry *e; 252 struct kvm_kernel_irq_routing_entry entries[KVM_NR_IRQCHIPS]; 253 int n_entries; 254 255 n_entries = kvm_irq_map_gsi(kvm, entries, irqfd->gsi); 256 257 write_seqcount_begin(&irqfd->irq_entry_sc); 258 259 e = entries; 260 if (n_entries == 1) 261 irqfd->irq_entry = *e; 262 else 263 irqfd->irq_entry.type = 0; 264 265 write_seqcount_end(&irqfd->irq_entry_sc); 266 } 267 268 #ifdef CONFIG_HAVE_KVM_IRQ_BYPASS 269 void __attribute__((weak)) kvm_arch_irq_bypass_stop( 270 struct irq_bypass_consumer *cons) 271 { 272 } 273 274 void __attribute__((weak)) kvm_arch_irq_bypass_start( 275 struct irq_bypass_consumer *cons) 276 { 277 } 278 279 int __attribute__((weak)) kvm_arch_update_irqfd_routing( 280 struct kvm *kvm, unsigned int host_irq, 281 uint32_t guest_irq, bool set) 282 { 283 return 0; 284 } 285 #endif 286 287 static int 288 kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args) 289 { 290 struct kvm_kernel_irqfd *irqfd, *tmp; 291 struct fd f; 292 struct eventfd_ctx *eventfd = NULL, *resamplefd = NULL; 293 int ret; 294 __poll_t events; 295 int idx; 296 297 if (!kvm_arch_intc_initialized(kvm)) 298 return -EAGAIN; 299 300 irqfd = kzalloc(sizeof(*irqfd), GFP_KERNEL_ACCOUNT); 301 if (!irqfd) 302 return -ENOMEM; 303 304 irqfd->kvm = kvm; 305 irqfd->gsi = args->gsi; 306 INIT_LIST_HEAD(&irqfd->list); 307 INIT_WORK(&irqfd->inject, irqfd_inject); 308 INIT_WORK(&irqfd->shutdown, irqfd_shutdown); 309 seqcount_init(&irqfd->irq_entry_sc); 310 311 f = fdget(args->fd); 312 if (!f.file) { 313 ret = -EBADF; 314 goto out; 315 } 316 317 eventfd = eventfd_ctx_fileget(f.file); 318 if (IS_ERR(eventfd)) { 319 ret = PTR_ERR(eventfd); 320 goto fail; 321 } 322 323 irqfd->eventfd = eventfd; 324 325 if (args->flags & KVM_IRQFD_FLAG_RESAMPLE) { 326 struct kvm_kernel_irqfd_resampler *resampler; 327 328 resamplefd = eventfd_ctx_fdget(args->resamplefd); 329 if (IS_ERR(resamplefd)) { 330 ret = PTR_ERR(resamplefd); 331 goto fail; 332 } 333 334 irqfd->resamplefd = resamplefd; 335 INIT_LIST_HEAD(&irqfd->resampler_link); 336 337 mutex_lock(&kvm->irqfds.resampler_lock); 338 339 list_for_each_entry(resampler, 340 &kvm->irqfds.resampler_list, link) { 341 if (resampler->notifier.gsi == irqfd->gsi) { 342 irqfd->resampler = resampler; 343 break; 344 } 345 } 346 347 if (!irqfd->resampler) { 348 resampler = kzalloc(sizeof(*resampler), 349 GFP_KERNEL_ACCOUNT); 350 if (!resampler) { 351 ret = -ENOMEM; 352 mutex_unlock(&kvm->irqfds.resampler_lock); 353 goto fail; 354 } 355 356 resampler->kvm = kvm; 357 INIT_LIST_HEAD(&resampler->list); 358 resampler->notifier.gsi = irqfd->gsi; 359 resampler->notifier.irq_acked = irqfd_resampler_ack; 360 INIT_LIST_HEAD(&resampler->link); 361 362 list_add(&resampler->link, &kvm->irqfds.resampler_list); 363 kvm_register_irq_ack_notifier(kvm, 364 &resampler->notifier); 365 irqfd->resampler = resampler; 366 } 367 368 list_add_rcu(&irqfd->resampler_link, &irqfd->resampler->list); 369 synchronize_srcu(&kvm->irq_srcu); 370 371 mutex_unlock(&kvm->irqfds.resampler_lock); 372 } 373 374 /* 375 * Install our own custom wake-up handling so we are notified via 376 * a callback whenever someone signals the underlying eventfd 377 */ 378 init_waitqueue_func_entry(&irqfd->wait, irqfd_wakeup); 379 init_poll_funcptr(&irqfd->pt, irqfd_ptable_queue_proc); 380 381 spin_lock_irq(&kvm->irqfds.lock); 382 383 ret = 0; 384 list_for_each_entry(tmp, &kvm->irqfds.items, list) { 385 if (irqfd->eventfd != tmp->eventfd) 386 continue; 387 /* This fd is used for another irq already. */ 388 ret = -EBUSY; 389 spin_unlock_irq(&kvm->irqfds.lock); 390 goto fail; 391 } 392 393 idx = srcu_read_lock(&kvm->irq_srcu); 394 irqfd_update(kvm, irqfd); 395 396 list_add_tail(&irqfd->list, &kvm->irqfds.items); 397 398 spin_unlock_irq(&kvm->irqfds.lock); 399 400 /* 401 * Check if there was an event already pending on the eventfd 402 * before we registered, and trigger it as if we didn't miss it. 403 */ 404 events = vfs_poll(f.file, &irqfd->pt); 405 406 if (events & EPOLLIN) 407 schedule_work(&irqfd->inject); 408 409 #ifdef CONFIG_HAVE_KVM_IRQ_BYPASS 410 if (kvm_arch_has_irq_bypass()) { 411 irqfd->consumer.token = (void *)irqfd->eventfd; 412 irqfd->consumer.add_producer = kvm_arch_irq_bypass_add_producer; 413 irqfd->consumer.del_producer = kvm_arch_irq_bypass_del_producer; 414 irqfd->consumer.stop = kvm_arch_irq_bypass_stop; 415 irqfd->consumer.start = kvm_arch_irq_bypass_start; 416 ret = irq_bypass_register_consumer(&irqfd->consumer); 417 if (ret) 418 pr_info("irq bypass consumer (token %p) registration fails: %d\n", 419 irqfd->consumer.token, ret); 420 } 421 #endif 422 423 srcu_read_unlock(&kvm->irq_srcu, idx); 424 425 /* 426 * do not drop the file until the irqfd is fully initialized, otherwise 427 * we might race against the EPOLLHUP 428 */ 429 fdput(f); 430 return 0; 431 432 fail: 433 if (irqfd->resampler) 434 irqfd_resampler_shutdown(irqfd); 435 436 if (resamplefd && !IS_ERR(resamplefd)) 437 eventfd_ctx_put(resamplefd); 438 439 if (eventfd && !IS_ERR(eventfd)) 440 eventfd_ctx_put(eventfd); 441 442 fdput(f); 443 444 out: 445 kfree(irqfd); 446 return ret; 447 } 448 449 bool kvm_irq_has_notifier(struct kvm *kvm, unsigned irqchip, unsigned pin) 450 { 451 struct kvm_irq_ack_notifier *kian; 452 int gsi, idx; 453 454 idx = srcu_read_lock(&kvm->irq_srcu); 455 gsi = kvm_irq_map_chip_pin(kvm, irqchip, pin); 456 if (gsi != -1) 457 hlist_for_each_entry_rcu(kian, &kvm->irq_ack_notifier_list, 458 link) 459 if (kian->gsi == gsi) { 460 srcu_read_unlock(&kvm->irq_srcu, idx); 461 return true; 462 } 463 464 srcu_read_unlock(&kvm->irq_srcu, idx); 465 466 return false; 467 } 468 EXPORT_SYMBOL_GPL(kvm_irq_has_notifier); 469 470 void kvm_notify_acked_gsi(struct kvm *kvm, int gsi) 471 { 472 struct kvm_irq_ack_notifier *kian; 473 474 hlist_for_each_entry_rcu(kian, &kvm->irq_ack_notifier_list, 475 link) 476 if (kian->gsi == gsi) 477 kian->irq_acked(kian); 478 } 479 480 void kvm_notify_acked_irq(struct kvm *kvm, unsigned irqchip, unsigned pin) 481 { 482 int gsi, idx; 483 484 trace_kvm_ack_irq(irqchip, pin); 485 486 idx = srcu_read_lock(&kvm->irq_srcu); 487 gsi = kvm_irq_map_chip_pin(kvm, irqchip, pin); 488 if (gsi != -1) 489 kvm_notify_acked_gsi(kvm, gsi); 490 srcu_read_unlock(&kvm->irq_srcu, idx); 491 } 492 493 void kvm_register_irq_ack_notifier(struct kvm *kvm, 494 struct kvm_irq_ack_notifier *kian) 495 { 496 mutex_lock(&kvm->irq_lock); 497 hlist_add_head_rcu(&kian->link, &kvm->irq_ack_notifier_list); 498 mutex_unlock(&kvm->irq_lock); 499 kvm_arch_post_irq_ack_notifier_list_update(kvm); 500 } 501 502 void kvm_unregister_irq_ack_notifier(struct kvm *kvm, 503 struct kvm_irq_ack_notifier *kian) 504 { 505 mutex_lock(&kvm->irq_lock); 506 hlist_del_init_rcu(&kian->link); 507 mutex_unlock(&kvm->irq_lock); 508 synchronize_srcu(&kvm->irq_srcu); 509 kvm_arch_post_irq_ack_notifier_list_update(kvm); 510 } 511 #endif 512 513 void 514 kvm_eventfd_init(struct kvm *kvm) 515 { 516 #ifdef CONFIG_HAVE_KVM_IRQFD 517 spin_lock_init(&kvm->irqfds.lock); 518 INIT_LIST_HEAD(&kvm->irqfds.items); 519 INIT_LIST_HEAD(&kvm->irqfds.resampler_list); 520 mutex_init(&kvm->irqfds.resampler_lock); 521 #endif 522 INIT_LIST_HEAD(&kvm->ioeventfds); 523 } 524 525 #ifdef CONFIG_HAVE_KVM_IRQFD 526 /* 527 * shutdown any irqfd's that match fd+gsi 528 */ 529 static int 530 kvm_irqfd_deassign(struct kvm *kvm, struct kvm_irqfd *args) 531 { 532 struct kvm_kernel_irqfd *irqfd, *tmp; 533 struct eventfd_ctx *eventfd; 534 535 eventfd = eventfd_ctx_fdget(args->fd); 536 if (IS_ERR(eventfd)) 537 return PTR_ERR(eventfd); 538 539 spin_lock_irq(&kvm->irqfds.lock); 540 541 list_for_each_entry_safe(irqfd, tmp, &kvm->irqfds.items, list) { 542 if (irqfd->eventfd == eventfd && irqfd->gsi == args->gsi) { 543 /* 544 * This clearing of irq_entry.type is needed for when 545 * another thread calls kvm_irq_routing_update before 546 * we flush workqueue below (we synchronize with 547 * kvm_irq_routing_update using irqfds.lock). 548 */ 549 write_seqcount_begin(&irqfd->irq_entry_sc); 550 irqfd->irq_entry.type = 0; 551 write_seqcount_end(&irqfd->irq_entry_sc); 552 irqfd_deactivate(irqfd); 553 } 554 } 555 556 spin_unlock_irq(&kvm->irqfds.lock); 557 eventfd_ctx_put(eventfd); 558 559 /* 560 * Block until we know all outstanding shutdown jobs have completed 561 * so that we guarantee there will not be any more interrupts on this 562 * gsi once this deassign function returns. 563 */ 564 flush_workqueue(irqfd_cleanup_wq); 565 566 return 0; 567 } 568 569 int 570 kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args) 571 { 572 if (args->flags & ~(KVM_IRQFD_FLAG_DEASSIGN | KVM_IRQFD_FLAG_RESAMPLE)) 573 return -EINVAL; 574 575 if (args->flags & KVM_IRQFD_FLAG_DEASSIGN) 576 return kvm_irqfd_deassign(kvm, args); 577 578 return kvm_irqfd_assign(kvm, args); 579 } 580 581 /* 582 * This function is called as the kvm VM fd is being released. Shutdown all 583 * irqfds that still remain open 584 */ 585 void 586 kvm_irqfd_release(struct kvm *kvm) 587 { 588 struct kvm_kernel_irqfd *irqfd, *tmp; 589 590 spin_lock_irq(&kvm->irqfds.lock); 591 592 list_for_each_entry_safe(irqfd, tmp, &kvm->irqfds.items, list) 593 irqfd_deactivate(irqfd); 594 595 spin_unlock_irq(&kvm->irqfds.lock); 596 597 /* 598 * Block until we know all outstanding shutdown jobs have completed 599 * since we do not take a kvm* reference. 600 */ 601 flush_workqueue(irqfd_cleanup_wq); 602 603 } 604 605 /* 606 * Take note of a change in irq routing. 607 * Caller must invoke synchronize_srcu(&kvm->irq_srcu) afterwards. 608 */ 609 void kvm_irq_routing_update(struct kvm *kvm) 610 { 611 struct kvm_kernel_irqfd *irqfd; 612 613 spin_lock_irq(&kvm->irqfds.lock); 614 615 list_for_each_entry(irqfd, &kvm->irqfds.items, list) { 616 irqfd_update(kvm, irqfd); 617 618 #ifdef CONFIG_HAVE_KVM_IRQ_BYPASS 619 if (irqfd->producer) { 620 int ret = kvm_arch_update_irqfd_routing( 621 irqfd->kvm, irqfd->producer->irq, 622 irqfd->gsi, 1); 623 WARN_ON(ret); 624 } 625 #endif 626 } 627 628 spin_unlock_irq(&kvm->irqfds.lock); 629 } 630 631 /* 632 * create a host-wide workqueue for issuing deferred shutdown requests 633 * aggregated from all vm* instances. We need our own isolated 634 * queue to ease flushing work items when a VM exits. 635 */ 636 int kvm_irqfd_init(void) 637 { 638 irqfd_cleanup_wq = alloc_workqueue("kvm-irqfd-cleanup", 0, 0); 639 if (!irqfd_cleanup_wq) 640 return -ENOMEM; 641 642 return 0; 643 } 644 645 void kvm_irqfd_exit(void) 646 { 647 destroy_workqueue(irqfd_cleanup_wq); 648 } 649 #endif 650 651 /* 652 * -------------------------------------------------------------------- 653 * ioeventfd: translate a PIO/MMIO memory write to an eventfd signal. 654 * 655 * userspace can register a PIO/MMIO address with an eventfd for receiving 656 * notification when the memory has been touched. 657 * -------------------------------------------------------------------- 658 */ 659 660 struct _ioeventfd { 661 struct list_head list; 662 u64 addr; 663 int length; 664 struct eventfd_ctx *eventfd; 665 u64 datamatch; 666 struct kvm_io_device dev; 667 u8 bus_idx; 668 bool wildcard; 669 }; 670 671 static inline struct _ioeventfd * 672 to_ioeventfd(struct kvm_io_device *dev) 673 { 674 return container_of(dev, struct _ioeventfd, dev); 675 } 676 677 static void 678 ioeventfd_release(struct _ioeventfd *p) 679 { 680 eventfd_ctx_put(p->eventfd); 681 list_del(&p->list); 682 kfree(p); 683 } 684 685 static bool 686 ioeventfd_in_range(struct _ioeventfd *p, gpa_t addr, int len, const void *val) 687 { 688 u64 _val; 689 690 if (addr != p->addr) 691 /* address must be precise for a hit */ 692 return false; 693 694 if (!p->length) 695 /* length = 0 means only look at the address, so always a hit */ 696 return true; 697 698 if (len != p->length) 699 /* address-range must be precise for a hit */ 700 return false; 701 702 if (p->wildcard) 703 /* all else equal, wildcard is always a hit */ 704 return true; 705 706 /* otherwise, we have to actually compare the data */ 707 708 BUG_ON(!IS_ALIGNED((unsigned long)val, len)); 709 710 switch (len) { 711 case 1: 712 _val = *(u8 *)val; 713 break; 714 case 2: 715 _val = *(u16 *)val; 716 break; 717 case 4: 718 _val = *(u32 *)val; 719 break; 720 case 8: 721 _val = *(u64 *)val; 722 break; 723 default: 724 return false; 725 } 726 727 return _val == p->datamatch ? true : false; 728 } 729 730 /* MMIO/PIO writes trigger an event if the addr/val match */ 731 static int 732 ioeventfd_write(struct kvm_vcpu *vcpu, struct kvm_io_device *this, gpa_t addr, 733 int len, const void *val) 734 { 735 struct _ioeventfd *p = to_ioeventfd(this); 736 737 if (!ioeventfd_in_range(p, addr, len, val)) 738 return -EOPNOTSUPP; 739 740 eventfd_signal(p->eventfd, 1); 741 return 0; 742 } 743 744 /* 745 * This function is called as KVM is completely shutting down. We do not 746 * need to worry about locking just nuke anything we have as quickly as possible 747 */ 748 static void 749 ioeventfd_destructor(struct kvm_io_device *this) 750 { 751 struct _ioeventfd *p = to_ioeventfd(this); 752 753 ioeventfd_release(p); 754 } 755 756 static const struct kvm_io_device_ops ioeventfd_ops = { 757 .write = ioeventfd_write, 758 .destructor = ioeventfd_destructor, 759 }; 760 761 /* assumes kvm->slots_lock held */ 762 static bool 763 ioeventfd_check_collision(struct kvm *kvm, struct _ioeventfd *p) 764 { 765 struct _ioeventfd *_p; 766 767 list_for_each_entry(_p, &kvm->ioeventfds, list) 768 if (_p->bus_idx == p->bus_idx && 769 _p->addr == p->addr && 770 (!_p->length || !p->length || 771 (_p->length == p->length && 772 (_p->wildcard || p->wildcard || 773 _p->datamatch == p->datamatch)))) 774 return true; 775 776 return false; 777 } 778 779 static enum kvm_bus ioeventfd_bus_from_flags(__u32 flags) 780 { 781 if (flags & KVM_IOEVENTFD_FLAG_PIO) 782 return KVM_PIO_BUS; 783 if (flags & KVM_IOEVENTFD_FLAG_VIRTIO_CCW_NOTIFY) 784 return KVM_VIRTIO_CCW_NOTIFY_BUS; 785 return KVM_MMIO_BUS; 786 } 787 788 static int kvm_assign_ioeventfd_idx(struct kvm *kvm, 789 enum kvm_bus bus_idx, 790 struct kvm_ioeventfd *args) 791 { 792 793 struct eventfd_ctx *eventfd; 794 struct _ioeventfd *p; 795 int ret; 796 797 eventfd = eventfd_ctx_fdget(args->fd); 798 if (IS_ERR(eventfd)) 799 return PTR_ERR(eventfd); 800 801 p = kzalloc(sizeof(*p), GFP_KERNEL_ACCOUNT); 802 if (!p) { 803 ret = -ENOMEM; 804 goto fail; 805 } 806 807 INIT_LIST_HEAD(&p->list); 808 p->addr = args->addr; 809 p->bus_idx = bus_idx; 810 p->length = args->len; 811 p->eventfd = eventfd; 812 813 /* The datamatch feature is optional, otherwise this is a wildcard */ 814 if (args->flags & KVM_IOEVENTFD_FLAG_DATAMATCH) 815 p->datamatch = args->datamatch; 816 else 817 p->wildcard = true; 818 819 mutex_lock(&kvm->slots_lock); 820 821 /* Verify that there isn't a match already */ 822 if (ioeventfd_check_collision(kvm, p)) { 823 ret = -EEXIST; 824 goto unlock_fail; 825 } 826 827 kvm_iodevice_init(&p->dev, &ioeventfd_ops); 828 829 ret = kvm_io_bus_register_dev(kvm, bus_idx, p->addr, p->length, 830 &p->dev); 831 if (ret < 0) 832 goto unlock_fail; 833 834 kvm_get_bus(kvm, bus_idx)->ioeventfd_count++; 835 list_add_tail(&p->list, &kvm->ioeventfds); 836 837 mutex_unlock(&kvm->slots_lock); 838 839 return 0; 840 841 unlock_fail: 842 mutex_unlock(&kvm->slots_lock); 843 844 fail: 845 kfree(p); 846 eventfd_ctx_put(eventfd); 847 848 return ret; 849 } 850 851 static int 852 kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx, 853 struct kvm_ioeventfd *args) 854 { 855 struct _ioeventfd *p, *tmp; 856 struct eventfd_ctx *eventfd; 857 struct kvm_io_bus *bus; 858 int ret = -ENOENT; 859 860 eventfd = eventfd_ctx_fdget(args->fd); 861 if (IS_ERR(eventfd)) 862 return PTR_ERR(eventfd); 863 864 mutex_lock(&kvm->slots_lock); 865 866 list_for_each_entry_safe(p, tmp, &kvm->ioeventfds, list) { 867 bool wildcard = !(args->flags & KVM_IOEVENTFD_FLAG_DATAMATCH); 868 869 if (p->bus_idx != bus_idx || 870 p->eventfd != eventfd || 871 p->addr != args->addr || 872 p->length != args->len || 873 p->wildcard != wildcard) 874 continue; 875 876 if (!p->wildcard && p->datamatch != args->datamatch) 877 continue; 878 879 kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev); 880 bus = kvm_get_bus(kvm, bus_idx); 881 if (bus) 882 bus->ioeventfd_count--; 883 ioeventfd_release(p); 884 ret = 0; 885 break; 886 } 887 888 mutex_unlock(&kvm->slots_lock); 889 890 eventfd_ctx_put(eventfd); 891 892 return ret; 893 } 894 895 static int kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) 896 { 897 enum kvm_bus bus_idx = ioeventfd_bus_from_flags(args->flags); 898 int ret = kvm_deassign_ioeventfd_idx(kvm, bus_idx, args); 899 900 if (!args->len && bus_idx == KVM_MMIO_BUS) 901 kvm_deassign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args); 902 903 return ret; 904 } 905 906 static int 907 kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) 908 { 909 enum kvm_bus bus_idx; 910 int ret; 911 912 bus_idx = ioeventfd_bus_from_flags(args->flags); 913 /* must be natural-word sized, or 0 to ignore length */ 914 switch (args->len) { 915 case 0: 916 case 1: 917 case 2: 918 case 4: 919 case 8: 920 break; 921 default: 922 return -EINVAL; 923 } 924 925 /* check for range overflow */ 926 if (args->addr + args->len < args->addr) 927 return -EINVAL; 928 929 /* check for extra flags that we don't understand */ 930 if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK) 931 return -EINVAL; 932 933 /* ioeventfd with no length can't be combined with DATAMATCH */ 934 if (!args->len && (args->flags & KVM_IOEVENTFD_FLAG_DATAMATCH)) 935 return -EINVAL; 936 937 ret = kvm_assign_ioeventfd_idx(kvm, bus_idx, args); 938 if (ret) 939 goto fail; 940 941 /* When length is ignored, MMIO is also put on a separate bus, for 942 * faster lookups. 943 */ 944 if (!args->len && bus_idx == KVM_MMIO_BUS) { 945 ret = kvm_assign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args); 946 if (ret < 0) 947 goto fast_fail; 948 } 949 950 return 0; 951 952 fast_fail: 953 kvm_deassign_ioeventfd_idx(kvm, bus_idx, args); 954 fail: 955 return ret; 956 } 957 958 int 959 kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) 960 { 961 if (args->flags & KVM_IOEVENTFD_FLAG_DEASSIGN) 962 return kvm_deassign_ioeventfd(kvm, args); 963 964 return kvm_assign_ioeventfd(kvm, args); 965 } 966