Merge branch 'next' of git://selinuxproject.org/~jmorris/linux-security
[linux-btrfs-devel.git] / virt / kvm / iommu.c
blob78c80f67f535f97055d312aa946c109bcfdcd424
1 /*
2 * Copyright (c) 2006, Intel Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
11 * more details.
13 * You should have received a copy of the GNU General Public License along with
14 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
15 * Place - Suite 330, Boston, MA 02111-1307 USA.
17 * Copyright (C) 2006-2008 Intel Corporation
18 * Copyright IBM Corporation, 2008
19 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
21 * Author: Allen M. Kay <allen.m.kay@intel.com>
22 * Author: Weidong Han <weidong.han@intel.com>
23 * Author: Ben-Ami Yassour <benami@il.ibm.com>
26 #include <linux/list.h>
27 #include <linux/kvm_host.h>
28 #include <linux/pci.h>
29 #include <linux/dmar.h>
30 #include <linux/iommu.h>
31 #include <linux/intel-iommu.h>
33 static int allow_unsafe_assigned_interrupts;
34 module_param_named(allow_unsafe_assigned_interrupts,
35 allow_unsafe_assigned_interrupts, bool, S_IRUGO | S_IWUSR);
36 MODULE_PARM_DESC(allow_unsafe_assigned_interrupts,
37 "Enable device assignment on platforms without interrupt remapping support.");
39 static int kvm_iommu_unmap_memslots(struct kvm *kvm);
40 static void kvm_iommu_put_pages(struct kvm *kvm,
41 gfn_t base_gfn, unsigned long npages);
43 static pfn_t kvm_pin_pages(struct kvm *kvm, struct kvm_memory_slot *slot,
44 gfn_t gfn, unsigned long size)
46 gfn_t end_gfn;
47 pfn_t pfn;
49 pfn = gfn_to_pfn_memslot(kvm, slot, gfn);
50 end_gfn = gfn + (size >> PAGE_SHIFT);
51 gfn += 1;
53 if (is_error_pfn(pfn))
54 return pfn;
56 while (gfn < end_gfn)
57 gfn_to_pfn_memslot(kvm, slot, gfn++);
59 return pfn;
62 int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
64 gfn_t gfn, end_gfn;
65 pfn_t pfn;
66 int r = 0;
67 struct iommu_domain *domain = kvm->arch.iommu_domain;
68 int flags;
70 /* check if iommu exists and in use */
71 if (!domain)
72 return 0;
74 gfn = slot->base_gfn;
75 end_gfn = gfn + slot->npages;
77 flags = IOMMU_READ | IOMMU_WRITE;
78 if (kvm->arch.iommu_flags & KVM_IOMMU_CACHE_COHERENCY)
79 flags |= IOMMU_CACHE;
82 while (gfn < end_gfn) {
83 unsigned long page_size;
85 /* Check if already mapped */
86 if (iommu_iova_to_phys(domain, gfn_to_gpa(gfn))) {
87 gfn += 1;
88 continue;
91 /* Get the page size we could use to map */
92 page_size = kvm_host_page_size(kvm, gfn);
94 /* Make sure the page_size does not exceed the memslot */
95 while ((gfn + (page_size >> PAGE_SHIFT)) > end_gfn)
96 page_size >>= 1;
98 /* Make sure gfn is aligned to the page size we want to map */
99 while ((gfn << PAGE_SHIFT) & (page_size - 1))
100 page_size >>= 1;
103 * Pin all pages we are about to map in memory. This is
104 * important because we unmap and unpin in 4kb steps later.
106 pfn = kvm_pin_pages(kvm, slot, gfn, page_size);
107 if (is_error_pfn(pfn)) {
108 gfn += 1;
109 continue;
112 /* Map into IO address space */
113 r = iommu_map(domain, gfn_to_gpa(gfn), pfn_to_hpa(pfn),
114 get_order(page_size), flags);
115 if (r) {
116 printk(KERN_ERR "kvm_iommu_map_address:"
117 "iommu failed to map pfn=%llx\n", pfn);
118 goto unmap_pages;
121 gfn += page_size >> PAGE_SHIFT;
126 return 0;
128 unmap_pages:
129 kvm_iommu_put_pages(kvm, slot->base_gfn, gfn);
130 return r;
133 static int kvm_iommu_map_memslots(struct kvm *kvm)
135 int i, idx, r = 0;
136 struct kvm_memslots *slots;
138 idx = srcu_read_lock(&kvm->srcu);
139 slots = kvm_memslots(kvm);
141 for (i = 0; i < slots->nmemslots; i++) {
142 r = kvm_iommu_map_pages(kvm, &slots->memslots[i]);
143 if (r)
144 break;
146 srcu_read_unlock(&kvm->srcu, idx);
148 return r;
151 int kvm_assign_device(struct kvm *kvm,
152 struct kvm_assigned_dev_kernel *assigned_dev)
154 struct pci_dev *pdev = NULL;
155 struct iommu_domain *domain = kvm->arch.iommu_domain;
156 int r, last_flags;
158 /* check if iommu exists and in use */
159 if (!domain)
160 return 0;
162 pdev = assigned_dev->dev;
163 if (pdev == NULL)
164 return -ENODEV;
166 r = iommu_attach_device(domain, &pdev->dev);
167 if (r) {
168 printk(KERN_ERR "assign device %x:%x:%x.%x failed",
169 pci_domain_nr(pdev->bus),
170 pdev->bus->number,
171 PCI_SLOT(pdev->devfn),
172 PCI_FUNC(pdev->devfn));
173 return r;
176 last_flags = kvm->arch.iommu_flags;
177 if (iommu_domain_has_cap(kvm->arch.iommu_domain,
178 IOMMU_CAP_CACHE_COHERENCY))
179 kvm->arch.iommu_flags |= KVM_IOMMU_CACHE_COHERENCY;
181 /* Check if need to update IOMMU page table for guest memory */
182 if ((last_flags ^ kvm->arch.iommu_flags) ==
183 KVM_IOMMU_CACHE_COHERENCY) {
184 kvm_iommu_unmap_memslots(kvm);
185 r = kvm_iommu_map_memslots(kvm);
186 if (r)
187 goto out_unmap;
190 printk(KERN_DEBUG "assign device %x:%x:%x.%x\n",
191 assigned_dev->host_segnr,
192 assigned_dev->host_busnr,
193 PCI_SLOT(assigned_dev->host_devfn),
194 PCI_FUNC(assigned_dev->host_devfn));
196 return 0;
197 out_unmap:
198 kvm_iommu_unmap_memslots(kvm);
199 return r;
202 int kvm_deassign_device(struct kvm *kvm,
203 struct kvm_assigned_dev_kernel *assigned_dev)
205 struct iommu_domain *domain = kvm->arch.iommu_domain;
206 struct pci_dev *pdev = NULL;
208 /* check if iommu exists and in use */
209 if (!domain)
210 return 0;
212 pdev = assigned_dev->dev;
213 if (pdev == NULL)
214 return -ENODEV;
216 iommu_detach_device(domain, &pdev->dev);
218 printk(KERN_DEBUG "deassign device %x:%x:%x.%x\n",
219 assigned_dev->host_segnr,
220 assigned_dev->host_busnr,
221 PCI_SLOT(assigned_dev->host_devfn),
222 PCI_FUNC(assigned_dev->host_devfn));
224 return 0;
227 int kvm_iommu_map_guest(struct kvm *kvm)
229 int r;
231 if (!iommu_found()) {
232 printk(KERN_ERR "%s: iommu not found\n", __func__);
233 return -ENODEV;
236 kvm->arch.iommu_domain = iommu_domain_alloc();
237 if (!kvm->arch.iommu_domain)
238 return -ENOMEM;
240 if (!allow_unsafe_assigned_interrupts &&
241 !iommu_domain_has_cap(kvm->arch.iommu_domain,
242 IOMMU_CAP_INTR_REMAP)) {
243 printk(KERN_WARNING "%s: No interrupt remapping support,"
244 " disallowing device assignment."
245 " Re-enble with \"allow_unsafe_assigned_interrupts=1\""
246 " module option.\n", __func__);
247 iommu_domain_free(kvm->arch.iommu_domain);
248 kvm->arch.iommu_domain = NULL;
249 return -EPERM;
252 r = kvm_iommu_map_memslots(kvm);
253 if (r)
254 goto out_unmap;
256 return 0;
258 out_unmap:
259 kvm_iommu_unmap_memslots(kvm);
260 return r;
263 static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
265 unsigned long i;
267 for (i = 0; i < npages; ++i)
268 kvm_release_pfn_clean(pfn + i);
271 static void kvm_iommu_put_pages(struct kvm *kvm,
272 gfn_t base_gfn, unsigned long npages)
274 struct iommu_domain *domain;
275 gfn_t end_gfn, gfn;
276 pfn_t pfn;
277 u64 phys;
279 domain = kvm->arch.iommu_domain;
280 end_gfn = base_gfn + npages;
281 gfn = base_gfn;
283 /* check if iommu exists and in use */
284 if (!domain)
285 return;
287 while (gfn < end_gfn) {
288 unsigned long unmap_pages;
289 int order;
291 /* Get physical address */
292 phys = iommu_iova_to_phys(domain, gfn_to_gpa(gfn));
293 pfn = phys >> PAGE_SHIFT;
295 /* Unmap address from IO address space */
296 order = iommu_unmap(domain, gfn_to_gpa(gfn), 0);
297 unmap_pages = 1ULL << order;
299 /* Unpin all pages we just unmapped to not leak any memory */
300 kvm_unpin_pages(kvm, pfn, unmap_pages);
302 gfn += unmap_pages;
306 static int kvm_iommu_unmap_memslots(struct kvm *kvm)
308 int i, idx;
309 struct kvm_memslots *slots;
311 idx = srcu_read_lock(&kvm->srcu);
312 slots = kvm_memslots(kvm);
314 for (i = 0; i < slots->nmemslots; i++) {
315 kvm_iommu_put_pages(kvm, slots->memslots[i].base_gfn,
316 slots->memslots[i].npages);
318 srcu_read_unlock(&kvm->srcu, idx);
320 return 0;
323 int kvm_iommu_unmap_guest(struct kvm *kvm)
325 struct iommu_domain *domain = kvm->arch.iommu_domain;
327 /* check if iommu exists and in use */
328 if (!domain)
329 return 0;
331 kvm_iommu_unmap_memslots(kvm);
332 iommu_domain_free(domain);
333 return 0;