1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright(c) 2019 Intel Corporation. All rights rsvd. */
3 #include <linux/init.h>
4 #include <linux/kernel.h>
5 #include <linux/module.h>
6 #include <linux/pci.h>
7 #include <linux/device.h>
8 #include <linux/sched/task.h>
9 #include <linux/io-64-nonatomic-lo-hi.h>
10 #include <linux/cdev.h>
11 #include <linux/fs.h>
12 #include <linux/poll.h>
13 #include <linux/iommu.h>
14 #include <linux/highmem.h>
15 #include <uapi/linux/idxd.h>
16 #include <linux/xarray.h>
17 #include "registers.h"
18 #include "idxd.h"
19
20 struct idxd_cdev_context {
21 const char *name;
22 dev_t devt;
23 struct ida minor_ida;
24 };
25
26 /*
27 * Since user file names are global in DSA devices, define their ida's as
28 * global to avoid conflict file names.
29 */
30 static DEFINE_IDA(file_ida);
31
32 /*
33 * ictx is an array based off of accelerator types. enum idxd_type
34 * is used as index
35 */
36 static struct idxd_cdev_context ictx[IDXD_TYPE_MAX] = {
37 { .name = "dsa" },
38 { .name = "iax" }
39 };
40
41 struct idxd_user_context {
42 struct idxd_wq *wq;
43 struct task_struct *task;
44 unsigned int pasid;
45 struct mm_struct *mm;
46 unsigned int flags;
47 struct iommu_sva *sva;
48 struct idxd_dev idxd_dev;
49 u64 counters[COUNTER_MAX];
50 int id;
51 pid_t pid;
52 };
53
54 static void idxd_cdev_evl_drain_pasid(struct idxd_wq *wq, u32 pasid);
55 static void idxd_xa_pasid_remove(struct idxd_user_context *ctx);
56
dev_to_uctx(struct device * dev)57 static inline struct idxd_user_context *dev_to_uctx(struct device *dev)
58 {
59 struct idxd_dev *idxd_dev = confdev_to_idxd_dev(dev);
60
61 return container_of(idxd_dev, struct idxd_user_context, idxd_dev);
62 }
63
cr_faults_show(struct device * dev,struct device_attribute * attr,char * buf)64 static ssize_t cr_faults_show(struct device *dev, struct device_attribute *attr, char *buf)
65 {
66 struct idxd_user_context *ctx = dev_to_uctx(dev);
67
68 return sysfs_emit(buf, "%llu\n", ctx->counters[COUNTER_FAULTS]);
69 }
70 static DEVICE_ATTR_RO(cr_faults);
71
cr_fault_failures_show(struct device * dev,struct device_attribute * attr,char * buf)72 static ssize_t cr_fault_failures_show(struct device *dev,
73 struct device_attribute *attr, char *buf)
74 {
75 struct idxd_user_context *ctx = dev_to_uctx(dev);
76
77 return sysfs_emit(buf, "%llu\n", ctx->counters[COUNTER_FAULT_FAILS]);
78 }
79 static DEVICE_ATTR_RO(cr_fault_failures);
80
pid_show(struct device * dev,struct device_attribute * attr,char * buf)81 static ssize_t pid_show(struct device *dev, struct device_attribute *attr, char *buf)
82 {
83 struct idxd_user_context *ctx = dev_to_uctx(dev);
84
85 return sysfs_emit(buf, "%u\n", ctx->pid);
86 }
87 static DEVICE_ATTR_RO(pid);
88
89 static struct attribute *cdev_file_attributes[] = {
90 &dev_attr_cr_faults.attr,
91 &dev_attr_cr_fault_failures.attr,
92 &dev_attr_pid.attr,
93 NULL
94 };
95
cdev_file_attr_visible(struct kobject * kobj,struct attribute * a,int n)96 static umode_t cdev_file_attr_visible(struct kobject *kobj, struct attribute *a, int n)
97 {
98 struct device *dev = container_of(kobj, typeof(*dev), kobj);
99 struct idxd_user_context *ctx = dev_to_uctx(dev);
100 struct idxd_wq *wq = ctx->wq;
101
102 if (!wq_pasid_enabled(wq))
103 return 0;
104
105 return a->mode;
106 }
107
108 static const struct attribute_group cdev_file_attribute_group = {
109 .attrs = cdev_file_attributes,
110 .is_visible = cdev_file_attr_visible,
111 };
112
113 static const struct attribute_group *cdev_file_attribute_groups[] = {
114 &cdev_file_attribute_group,
115 NULL
116 };
117
idxd_file_dev_release(struct device * dev)118 static void idxd_file_dev_release(struct device *dev)
119 {
120 struct idxd_user_context *ctx = dev_to_uctx(dev);
121 struct idxd_wq *wq = ctx->wq;
122 struct idxd_device *idxd = wq->idxd;
123 int rc;
124
125 ida_free(&file_ida, ctx->id);
126
127 /* Wait for in-flight operations to complete. */
128 if (wq_shared(wq)) {
129 idxd_device_drain_pasid(idxd, ctx->pasid);
130 } else {
131 if (device_user_pasid_enabled(idxd)) {
132 /* The wq disable in the disable pasid function will drain the wq */
133 rc = idxd_wq_disable_pasid(wq);
134 if (rc < 0)
135 dev_err(dev, "wq disable pasid failed.\n");
136 } else {
137 idxd_wq_drain(wq);
138 }
139 }
140
141 if (ctx->sva) {
142 idxd_cdev_evl_drain_pasid(wq, ctx->pasid);
143 iommu_sva_unbind_device(ctx->sva);
144 idxd_xa_pasid_remove(ctx);
145 }
146 kfree(ctx);
147 mutex_lock(&wq->wq_lock);
148 idxd_wq_put(wq);
149 mutex_unlock(&wq->wq_lock);
150 }
151
152 static const struct device_type idxd_cdev_file_type = {
153 .name = "idxd_file",
154 .release = idxd_file_dev_release,
155 .groups = cdev_file_attribute_groups,
156 };
157
idxd_cdev_dev_release(struct device * dev)158 static void idxd_cdev_dev_release(struct device *dev)
159 {
160 struct idxd_cdev *idxd_cdev = dev_to_cdev(dev);
161 struct idxd_cdev_context *cdev_ctx;
162 struct idxd_wq *wq = idxd_cdev->wq;
163
164 cdev_ctx = &ictx[wq->idxd->data->type];
165 ida_free(&cdev_ctx->minor_ida, idxd_cdev->minor);
166 kfree(idxd_cdev);
167 }
168
169 static const struct device_type idxd_cdev_device_type = {
170 .name = "idxd_cdev",
171 .release = idxd_cdev_dev_release,
172 };
173
inode_idxd_cdev(struct inode * inode)174 static inline struct idxd_cdev *inode_idxd_cdev(struct inode *inode)
175 {
176 struct cdev *cdev = inode->i_cdev;
177
178 return container_of(cdev, struct idxd_cdev, cdev);
179 }
180
inode_wq(struct inode * inode)181 static inline struct idxd_wq *inode_wq(struct inode *inode)
182 {
183 struct idxd_cdev *idxd_cdev = inode_idxd_cdev(inode);
184
185 return idxd_cdev->wq;
186 }
187
idxd_xa_pasid_remove(struct idxd_user_context * ctx)188 static void idxd_xa_pasid_remove(struct idxd_user_context *ctx)
189 {
190 struct idxd_wq *wq = ctx->wq;
191 void *ptr;
192
193 mutex_lock(&wq->uc_lock);
194 ptr = xa_cmpxchg(&wq->upasid_xa, ctx->pasid, ctx, NULL, GFP_KERNEL);
195 if (ptr != (void *)ctx)
196 dev_warn(&wq->idxd->pdev->dev, "xarray cmpxchg failed for pasid %u\n",
197 ctx->pasid);
198 mutex_unlock(&wq->uc_lock);
199 }
200
idxd_user_counter_increment(struct idxd_wq * wq,u32 pasid,int index)201 void idxd_user_counter_increment(struct idxd_wq *wq, u32 pasid, int index)
202 {
203 struct idxd_user_context *ctx;
204
205 if (index >= COUNTER_MAX)
206 return;
207
208 mutex_lock(&wq->uc_lock);
209 ctx = xa_load(&wq->upasid_xa, pasid);
210 if (!ctx) {
211 mutex_unlock(&wq->uc_lock);
212 return;
213 }
214 ctx->counters[index]++;
215 mutex_unlock(&wq->uc_lock);
216 }
217
idxd_cdev_open(struct inode * inode,struct file * filp)218 static int idxd_cdev_open(struct inode *inode, struct file *filp)
219 {
220 struct idxd_user_context *ctx;
221 struct idxd_device *idxd;
222 struct idxd_wq *wq;
223 struct device *dev, *fdev;
224 int rc = 0;
225 struct iommu_sva *sva;
226 unsigned int pasid;
227 struct idxd_cdev *idxd_cdev;
228
229 wq = inode_wq(inode);
230 idxd = wq->idxd;
231 dev = &idxd->pdev->dev;
232
233 dev_dbg(dev, "%s called: %d\n", __func__, idxd_wq_refcount(wq));
234
235 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
236 if (!ctx)
237 return -ENOMEM;
238
239 mutex_lock(&wq->wq_lock);
240
241 if (idxd_wq_refcount(wq) > 0 && wq_dedicated(wq)) {
242 rc = -EBUSY;
243 goto failed;
244 }
245
246 ctx->wq = wq;
247 filp->private_data = ctx;
248 ctx->pid = current->pid;
249
250 if (device_user_pasid_enabled(idxd)) {
251 sva = iommu_sva_bind_device(dev, current->mm);
252 if (IS_ERR(sva)) {
253 rc = PTR_ERR(sva);
254 dev_err(dev, "pasid allocation failed: %d\n", rc);
255 goto failed;
256 }
257
258 pasid = iommu_sva_get_pasid(sva);
259 if (pasid == IOMMU_PASID_INVALID) {
260 rc = -EINVAL;
261 goto failed_get_pasid;
262 }
263
264 ctx->sva = sva;
265 ctx->pasid = pasid;
266 ctx->mm = current->mm;
267
268 mutex_lock(&wq->uc_lock);
269 rc = xa_insert(&wq->upasid_xa, pasid, ctx, GFP_KERNEL);
270 mutex_unlock(&wq->uc_lock);
271 if (rc < 0)
272 dev_warn(dev, "PASID entry already exist in xarray.\n");
273
274 if (wq_dedicated(wq)) {
275 rc = idxd_wq_set_pasid(wq, pasid);
276 if (rc < 0) {
277 dev_err(dev, "wq set pasid failed: %d\n", rc);
278 goto failed_set_pasid;
279 }
280 }
281 }
282
283 idxd_cdev = wq->idxd_cdev;
284 ctx->id = ida_alloc(&file_ida, GFP_KERNEL);
285 if (ctx->id < 0) {
286 dev_warn(dev, "ida alloc failure\n");
287 goto failed_ida;
288 }
289 ctx->idxd_dev.type = IDXD_DEV_CDEV_FILE;
290 fdev = user_ctx_dev(ctx);
291 device_initialize(fdev);
292 fdev->parent = cdev_dev(idxd_cdev);
293 fdev->bus = &dsa_bus_type;
294 fdev->type = &idxd_cdev_file_type;
295
296 rc = dev_set_name(fdev, "file%d", ctx->id);
297 if (rc < 0) {
298 dev_warn(dev, "set name failure\n");
299 goto failed_dev_name;
300 }
301
302 rc = device_add(fdev);
303 if (rc < 0) {
304 dev_warn(dev, "file device add failure\n");
305 goto failed_dev_add;
306 }
307
308 idxd_wq_get(wq);
309 mutex_unlock(&wq->wq_lock);
310 return 0;
311
312 failed_dev_add:
313 failed_dev_name:
314 put_device(fdev);
315 failed_ida:
316 failed_set_pasid:
317 if (device_user_pasid_enabled(idxd))
318 idxd_xa_pasid_remove(ctx);
319 failed_get_pasid:
320 if (device_user_pasid_enabled(idxd))
321 iommu_sva_unbind_device(sva);
322 failed:
323 mutex_unlock(&wq->wq_lock);
324 kfree(ctx);
325 return rc;
326 }
327
idxd_cdev_evl_drain_pasid(struct idxd_wq * wq,u32 pasid)328 static void idxd_cdev_evl_drain_pasid(struct idxd_wq *wq, u32 pasid)
329 {
330 struct idxd_device *idxd = wq->idxd;
331 struct idxd_evl *evl = idxd->evl;
332 union evl_status_reg status;
333 u16 h, t, size;
334 int ent_size = evl_ent_size(idxd);
335 struct __evl_entry *entry_head;
336
337 if (!evl)
338 return;
339
340 mutex_lock(&evl->lock);
341 status.bits = ioread64(idxd->reg_base + IDXD_EVLSTATUS_OFFSET);
342 t = status.tail;
343 h = status.head;
344 size = evl->size;
345
346 while (h != t) {
347 entry_head = (struct __evl_entry *)(evl->log + (h * ent_size));
348 if (entry_head->pasid == pasid && entry_head->wq_idx == wq->id)
349 set_bit(h, evl->bmap);
350 h = (h + 1) % size;
351 }
352 drain_workqueue(wq->wq);
353 mutex_unlock(&evl->lock);
354 }
355
idxd_cdev_release(struct inode * node,struct file * filep)356 static int idxd_cdev_release(struct inode *node, struct file *filep)
357 {
358 struct idxd_user_context *ctx = filep->private_data;
359 struct idxd_wq *wq = ctx->wq;
360 struct idxd_device *idxd = wq->idxd;
361 struct device *dev = &idxd->pdev->dev;
362
363 dev_dbg(dev, "%s called\n", __func__);
364 filep->private_data = NULL;
365
366 device_unregister(user_ctx_dev(ctx));
367
368 return 0;
369 }
370
check_vma(struct idxd_wq * wq,struct vm_area_struct * vma,const char * func)371 static int check_vma(struct idxd_wq *wq, struct vm_area_struct *vma,
372 const char *func)
373 {
374 struct device *dev = &wq->idxd->pdev->dev;
375
376 if ((vma->vm_end - vma->vm_start) > PAGE_SIZE) {
377 dev_info_ratelimited(dev,
378 "%s: %s: mapping too large: %lu\n",
379 current->comm, func,
380 vma->vm_end - vma->vm_start);
381 return -EINVAL;
382 }
383
384 return 0;
385 }
386
idxd_cdev_mmap(struct file * filp,struct vm_area_struct * vma)387 static int idxd_cdev_mmap(struct file *filp, struct vm_area_struct *vma)
388 {
389 struct idxd_user_context *ctx = filp->private_data;
390 struct idxd_wq *wq = ctx->wq;
391 struct idxd_device *idxd = wq->idxd;
392 struct pci_dev *pdev = idxd->pdev;
393 phys_addr_t base = pci_resource_start(pdev, IDXD_WQ_BAR);
394 unsigned long pfn;
395 int rc;
396
397 dev_dbg(&pdev->dev, "%s called\n", __func__);
398
399 /*
400 * Due to an erratum in some of the devices supported by the driver,
401 * direct user submission to the device can be unsafe.
402 * (See the INTEL-SA-01084 security advisory)
403 *
404 * For the devices that exhibit this behavior, require that the user
405 * has CAP_SYS_RAWIO capabilities.
406 */
407 if (!idxd->user_submission_safe && !capable(CAP_SYS_RAWIO))
408 return -EPERM;
409
410 rc = check_vma(wq, vma, __func__);
411 if (rc < 0)
412 return rc;
413
414 vm_flags_set(vma, VM_DONTCOPY);
415 pfn = (base + idxd_get_wq_portal_full_offset(wq->id,
416 IDXD_PORTAL_LIMITED)) >> PAGE_SHIFT;
417 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
418 vma->vm_private_data = ctx;
419
420 return io_remap_pfn_range(vma, vma->vm_start, pfn, PAGE_SIZE,
421 vma->vm_page_prot);
422 }
423
idxd_submit_user_descriptor(struct idxd_user_context * ctx,struct dsa_hw_desc __user * udesc)424 static int idxd_submit_user_descriptor(struct idxd_user_context *ctx,
425 struct dsa_hw_desc __user *udesc)
426 {
427 struct idxd_wq *wq = ctx->wq;
428 struct idxd_dev *idxd_dev = &wq->idxd->idxd_dev;
429 const uint64_t comp_addr_align = is_dsa_dev(idxd_dev) ? 0x20 : 0x40;
430 void __iomem *portal = idxd_wq_portal_addr(wq);
431 struct dsa_hw_desc descriptor __aligned(64);
432 int rc;
433
434 rc = copy_from_user(&descriptor, udesc, sizeof(descriptor));
435 if (rc)
436 return -EFAULT;
437
438 /*
439 * DSA devices are capable of indirect ("batch") command submission.
440 * On devices where direct user submissions are not safe, we cannot
441 * allow this since there is no good way for us to verify these
442 * indirect commands.
443 */
444 if (is_dsa_dev(idxd_dev) && descriptor.opcode == DSA_OPCODE_BATCH &&
445 !wq->idxd->user_submission_safe)
446 return -EINVAL;
447 /*
448 * As per the programming specification, the completion address must be
449 * aligned to 32 or 64 bytes. If this is violated the hardware
450 * engine can get very confused (security issue).
451 */
452 if (!IS_ALIGNED(descriptor.completion_addr, comp_addr_align))
453 return -EINVAL;
454
455 if (wq_dedicated(wq))
456 iosubmit_cmds512(portal, &descriptor, 1);
457 else {
458 descriptor.priv = 0;
459 descriptor.pasid = ctx->pasid;
460 rc = idxd_enqcmds(wq, portal, &descriptor);
461 if (rc < 0)
462 return rc;
463 }
464
465 return 0;
466 }
467
idxd_cdev_write(struct file * filp,const char __user * buf,size_t len,loff_t * unused)468 static ssize_t idxd_cdev_write(struct file *filp, const char __user *buf, size_t len,
469 loff_t *unused)
470 {
471 struct dsa_hw_desc __user *udesc = (struct dsa_hw_desc __user *)buf;
472 struct idxd_user_context *ctx = filp->private_data;
473 ssize_t written = 0;
474 int i;
475
476 for (i = 0; i < len/sizeof(struct dsa_hw_desc); i++) {
477 int rc = idxd_submit_user_descriptor(ctx, udesc + i);
478
479 if (rc)
480 return written ? written : rc;
481
482 written += sizeof(struct dsa_hw_desc);
483 }
484
485 return written;
486 }
487
idxd_cdev_poll(struct file * filp,struct poll_table_struct * wait)488 static __poll_t idxd_cdev_poll(struct file *filp,
489 struct poll_table_struct *wait)
490 {
491 struct idxd_user_context *ctx = filp->private_data;
492 struct idxd_wq *wq = ctx->wq;
493 struct idxd_device *idxd = wq->idxd;
494 __poll_t out = 0;
495
496 poll_wait(filp, &wq->err_queue, wait);
497 spin_lock(&idxd->dev_lock);
498 if (idxd->sw_err.valid)
499 out = EPOLLIN | EPOLLRDNORM;
500 spin_unlock(&idxd->dev_lock);
501
502 return out;
503 }
504
505 static const struct file_operations idxd_cdev_fops = {
506 .owner = THIS_MODULE,
507 .open = idxd_cdev_open,
508 .release = idxd_cdev_release,
509 .mmap = idxd_cdev_mmap,
510 .write = idxd_cdev_write,
511 .poll = idxd_cdev_poll,
512 };
513
idxd_cdev_get_major(struct idxd_device * idxd)514 int idxd_cdev_get_major(struct idxd_device *idxd)
515 {
516 return MAJOR(ictx[idxd->data->type].devt);
517 }
518
idxd_wq_add_cdev(struct idxd_wq * wq)519 int idxd_wq_add_cdev(struct idxd_wq *wq)
520 {
521 struct idxd_device *idxd = wq->idxd;
522 struct idxd_cdev *idxd_cdev;
523 struct cdev *cdev;
524 struct device *dev;
525 struct idxd_cdev_context *cdev_ctx;
526 int rc, minor;
527
528 idxd_cdev = kzalloc(sizeof(*idxd_cdev), GFP_KERNEL);
529 if (!idxd_cdev)
530 return -ENOMEM;
531
532 idxd_cdev->idxd_dev.type = IDXD_DEV_CDEV;
533 idxd_cdev->wq = wq;
534 cdev = &idxd_cdev->cdev;
535 dev = cdev_dev(idxd_cdev);
536 cdev_ctx = &ictx[wq->idxd->data->type];
537 minor = ida_alloc_max(&cdev_ctx->minor_ida, MINORMASK, GFP_KERNEL);
538 if (minor < 0) {
539 kfree(idxd_cdev);
540 return minor;
541 }
542 idxd_cdev->minor = minor;
543
544 device_initialize(dev);
545 dev->parent = wq_confdev(wq);
546 dev->bus = &dsa_bus_type;
547 dev->type = &idxd_cdev_device_type;
548 dev->devt = MKDEV(MAJOR(cdev_ctx->devt), minor);
549
550 rc = dev_set_name(dev, "%s/wq%u.%u", idxd->data->name_prefix, idxd->id, wq->id);
551 if (rc < 0)
552 goto err;
553
554 wq->idxd_cdev = idxd_cdev;
555 cdev_init(cdev, &idxd_cdev_fops);
556 rc = cdev_device_add(cdev, dev);
557 if (rc) {
558 dev_dbg(&wq->idxd->pdev->dev, "cdev_add failed: %d\n", rc);
559 goto err;
560 }
561
562 return 0;
563
564 err:
565 put_device(dev);
566 wq->idxd_cdev = NULL;
567 return rc;
568 }
569
idxd_wq_del_cdev(struct idxd_wq * wq)570 void idxd_wq_del_cdev(struct idxd_wq *wq)
571 {
572 struct idxd_cdev *idxd_cdev;
573
574 idxd_cdev = wq->idxd_cdev;
575 wq->idxd_cdev = NULL;
576 cdev_device_del(&idxd_cdev->cdev, cdev_dev(idxd_cdev));
577 put_device(cdev_dev(idxd_cdev));
578 }
579
idxd_user_drv_probe(struct idxd_dev * idxd_dev)580 static int idxd_user_drv_probe(struct idxd_dev *idxd_dev)
581 {
582 struct device *dev = &idxd_dev->conf_dev;
583 struct idxd_wq *wq = idxd_dev_to_wq(idxd_dev);
584 struct idxd_device *idxd = wq->idxd;
585 int rc;
586
587 if (idxd->state != IDXD_DEV_ENABLED)
588 return -ENXIO;
589
590 mutex_lock(&wq->wq_lock);
591
592 if (!idxd_wq_driver_name_match(wq, dev)) {
593 idxd->cmd_status = IDXD_SCMD_WQ_NO_DRV_NAME;
594 rc = -ENODEV;
595 goto wq_err;
596 }
597
598 /*
599 * User type WQ is enabled only when SVA is enabled for two reasons:
600 * - If no IOMMU or IOMMU Passthrough without SVA, userspace
601 * can directly access physical address through the WQ.
602 * - The IDXD cdev driver does not provide any ways to pin
603 * user pages and translate the address from user VA to IOVA or
604 * PA without IOMMU SVA. Therefore the application has no way
605 * to instruct the device to perform DMA function. This makes
606 * the cdev not usable for normal application usage.
607 */
608 if (!device_user_pasid_enabled(idxd)) {
609 idxd->cmd_status = IDXD_SCMD_WQ_USER_NO_IOMMU;
610 dev_dbg(&idxd->pdev->dev,
611 "User type WQ cannot be enabled without SVA.\n");
612
613 rc = -EOPNOTSUPP;
614 goto wq_err;
615 }
616
617 wq->wq = create_workqueue(dev_name(wq_confdev(wq)));
618 if (!wq->wq) {
619 rc = -ENOMEM;
620 goto wq_err;
621 }
622
623 wq->type = IDXD_WQT_USER;
624 rc = idxd_drv_enable_wq(wq);
625 if (rc < 0)
626 goto err;
627
628 rc = idxd_wq_add_cdev(wq);
629 if (rc < 0) {
630 idxd->cmd_status = IDXD_SCMD_CDEV_ERR;
631 goto err_cdev;
632 }
633
634 idxd->cmd_status = 0;
635 mutex_unlock(&wq->wq_lock);
636 return 0;
637
638 err_cdev:
639 idxd_drv_disable_wq(wq);
640 err:
641 destroy_workqueue(wq->wq);
642 wq->type = IDXD_WQT_NONE;
643 wq_err:
644 mutex_unlock(&wq->wq_lock);
645 return rc;
646 }
647
idxd_user_drv_remove(struct idxd_dev * idxd_dev)648 static void idxd_user_drv_remove(struct idxd_dev *idxd_dev)
649 {
650 struct idxd_wq *wq = idxd_dev_to_wq(idxd_dev);
651
652 mutex_lock(&wq->wq_lock);
653 idxd_wq_del_cdev(wq);
654 idxd_drv_disable_wq(wq);
655 wq->type = IDXD_WQT_NONE;
656 destroy_workqueue(wq->wq);
657 wq->wq = NULL;
658 mutex_unlock(&wq->wq_lock);
659 }
660
661 static enum idxd_dev_type dev_types[] = {
662 IDXD_DEV_WQ,
663 IDXD_DEV_NONE,
664 };
665
666 struct idxd_device_driver idxd_user_drv = {
667 .probe = idxd_user_drv_probe,
668 .remove = idxd_user_drv_remove,
669 .name = "user",
670 .type = dev_types,
671 };
672 EXPORT_SYMBOL_GPL(idxd_user_drv);
673
idxd_cdev_register(void)674 int idxd_cdev_register(void)
675 {
676 int rc, i;
677
678 for (i = 0; i < IDXD_TYPE_MAX; i++) {
679 ida_init(&ictx[i].minor_ida);
680 rc = alloc_chrdev_region(&ictx[i].devt, 0, MINORMASK,
681 ictx[i].name);
682 if (rc)
683 goto err_free_chrdev_region;
684 }
685
686 return 0;
687
688 err_free_chrdev_region:
689 for (i--; i >= 0; i--)
690 unregister_chrdev_region(ictx[i].devt, MINORMASK);
691
692 return rc;
693 }
694
idxd_cdev_remove(void)695 void idxd_cdev_remove(void)
696 {
697 int i;
698
699 for (i = 0; i < IDXD_TYPE_MAX; i++) {
700 unregister_chrdev_region(ictx[i].devt, MINORMASK);
701 ida_destroy(&ictx[i].minor_ida);
702 }
703 }
704
705 /**
706 * idxd_copy_cr - copy completion record to user address space found by wq and
707 * PASID
708 * @wq: work queue
709 * @pasid: PASID
710 * @addr: user fault address to write
711 * @cr: completion record
712 * @len: number of bytes to copy
713 *
714 * This is called by a work that handles completion record fault.
715 *
716 * Return: number of bytes copied.
717 */
idxd_copy_cr(struct idxd_wq * wq,ioasid_t pasid,unsigned long addr,void * cr,int len)718 int idxd_copy_cr(struct idxd_wq *wq, ioasid_t pasid, unsigned long addr,
719 void *cr, int len)
720 {
721 struct device *dev = &wq->idxd->pdev->dev;
722 int left = len, status_size = 1;
723 struct idxd_user_context *ctx;
724 struct mm_struct *mm;
725
726 mutex_lock(&wq->uc_lock);
727
728 ctx = xa_load(&wq->upasid_xa, pasid);
729 if (!ctx) {
730 dev_warn(dev, "No user context\n");
731 goto out;
732 }
733
734 mm = ctx->mm;
735 /*
736 * The completion record fault handling work is running in kernel
737 * thread context. It temporarily switches to the mm to copy cr
738 * to addr in the mm.
739 */
740 kthread_use_mm(mm);
741 left = copy_to_user((void __user *)addr + status_size, cr + status_size,
742 len - status_size);
743 /*
744 * Copy status only after the rest of completion record is copied
745 * successfully so that the user gets the complete completion record
746 * when a non-zero status is polled.
747 */
748 if (!left) {
749 u8 status;
750
751 /*
752 * Ensure that the completion record's status field is written
753 * after the rest of the completion record has been written.
754 * This ensures that the user receives the correct completion
755 * record information once polling for a non-zero status.
756 */
757 wmb();
758 status = *(u8 *)cr;
759 if (put_user(status, (u8 __user *)addr))
760 left += status_size;
761 } else {
762 left += status_size;
763 }
764 kthread_unuse_mm(mm);
765
766 out:
767 mutex_unlock(&wq->uc_lock);
768
769 return len - left;
770 }
771