drivers/gpu/drm/i915/gvt/kvmgt.c

   1 /*
   2  * KVMGT - the implementation of Intel mediated pass-through framework for KVM
   3  *
   4  * Copyright(c) 2014-2016 Intel Corporation. All rights reserved.
   5  *
   6  * Permission is hereby granted, free of charge, to any person obtaining a
   7  * copy of this software and associated documentation files (the "Software"),
   8  * to deal in the Software without restriction, including without limitation
   9  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
  10  * and/or sell copies of the Software, and to permit persons to whom the
  11  * Software is furnished to do so, subject to the following conditions:
  12  *
  13  * The above copyright notice and this permission notice (including the next
  14  * paragraph) shall be included in all copies or substantial portions of the
  15  * Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
  20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  23  * SOFTWARE.
  24  *
  25  * Authors:
  26  *    Kevin Tian <kevin.tian@intel.com>
  27  *    Jike Song <jike.song@intel.com>
  28  *    Xiaoguang Chen <xiaoguang.chen@intel.com>
  29  */
  30
  31 #include <linux/init.h>
  32 #include <linux/device.h>
  33 #include <linux/mm.h>
  34 #include <linux/mmu_context.h>
  35 #include <linux/types.h>
  36 #include <linux/list.h>
  37 #include <linux/rbtree.h>
  38 #include <linux/spinlock.h>
  39 #include <linux/eventfd.h>
  40 #include <linux/uuid.h>
  41 #include <linux/kvm_host.h>
  42 #include <linux/vfio.h>
  43 #include <linux/mdev.h>
  44 #include <linux/debugfs.h>
  45
  46 #include "i915_drv.h"
  47 #include "gvt.h"
  48
  49 static const struct intel_gvt_ops *intel_gvt_ops;
  50
  51 /* helper macros copied from vfio-pci */
  52 #define VFIO_PCI_OFFSET_SHIFT   40
  53 #define VFIO_PCI_OFFSET_TO_INDEX(off)   (off >> VFIO_PCI_OFFSET_SHIFT)
  54 #define VFIO_PCI_INDEX_TO_OFFSET(index) ((u64)(index) << VFIO_PCI_OFFSET_SHIFT)
  55 #define VFIO_PCI_OFFSET_MASK    (((u64)(1) << VFIO_PCI_OFFSET_SHIFT) - 1)
  56
  57 #define OPREGION_SIGNATURE "IntelGraphicsMem"
  58
  59 struct vfio_region;
  60 struct intel_vgpu_regops {
  61         size_t (*rw)(struct intel_vgpu *vgpu, char *buf,
  62                         size_t count, loff_t *ppos, bool iswrite);
  63         void (*release)(struct intel_vgpu *vgpu,
  64                         struct vfio_region *region);
  65 };
  66
  67 struct vfio_region {
  68         u32                             type;
  69         u32                             subtype;
  70         size_t                          size;
  71         u32                             flags;
  72         const struct intel_vgpu_regops  *ops;
  73         void                            *data;
  74 };
  75
  76 struct kvmgt_pgfn {
  77         gfn_t gfn;
  78         struct hlist_node hnode;
  79 };
  80
  81 struct kvmgt_guest_info {
  82         struct kvm *kvm;
  83         struct intel_vgpu *vgpu;
  84         struct kvm_page_track_notifier_node track_node;
  85 #define NR_BKT (1 << 18)
  86         struct hlist_head ptable[NR_BKT];
  87 #undef NR_BKT
  88         struct dentry *debugfs_cache_entries;
  89 };
  90
  91 struct gvt_dma {
  92         struct intel_vgpu *vgpu;
  93         struct rb_node gfn_node;
  94         struct rb_node dma_addr_node;
  95         gfn_t gfn;
  96         dma_addr_t dma_addr;
  97         struct kref ref;
  98 };
  99
 100 static inline bool handle_valid(unsigned long handle)
 101 {
 102         return !!(handle & ~0xff);
 103 }
 104
 105 static int kvmgt_guest_init(struct mdev_device *mdev);
 106 static void intel_vgpu_release_work(struct work_struct *work);
 107 static bool kvmgt_guest_exit(struct kvmgt_guest_info *info);
 108
 109 static int gvt_dma_map_page(struct intel_vgpu *vgpu, unsigned long gfn,
 110                 dma_addr_t *dma_addr)
 111 {
 112         struct device *dev = &vgpu->gvt->dev_priv->drm.pdev->dev;
 113         struct page *page;
 114         unsigned long pfn;
 115         int ret;
 116
 117         /* Pin the page first. */
 118         ret = vfio_pin_pages(mdev_dev(vgpu->vdev.mdev), &gfn, 1,
 119                              IOMMU_READ | IOMMU_WRITE, &pfn);
 120         if (ret != 1) {
 121                 gvt_vgpu_err("vfio_pin_pages failed for gfn 0x%lx: %d\n",
 122                              gfn, ret);
 123                 return -EINVAL;
 124         }
 125
 126         /* Setup DMA mapping. */
 127         page = pfn_to_page(pfn);
 128         *dma_addr = dma_map_page(dev, page, 0, PAGE_SIZE,
 129                                  PCI_DMA_BIDIRECTIONAL);
 130         if (dma_mapping_error(dev, *dma_addr)) {
 131                 gvt_vgpu_err("DMA mapping failed for gfn 0x%lx\n", gfn);
 132                 vfio_unpin_pages(mdev_dev(vgpu->vdev.mdev), &gfn, 1);
 133                 return -ENOMEM;
 134         }
 135
 136         return 0;
 137 }
 138
 139 static void gvt_dma_unmap_page(struct intel_vgpu *vgpu, unsigned long gfn,
 140                 dma_addr_t dma_addr)
 141 {
 142         struct device *dev = &vgpu->gvt->dev_priv->drm.pdev->dev;
 143         int ret;
 144
 145         dma_unmap_page(dev, dma_addr, PAGE_SIZE, PCI_DMA_BIDIRECTIONAL);
 146         ret = vfio_unpin_pages(mdev_dev(vgpu->vdev.mdev), &gfn, 1);
 147         WARN_ON(ret != 1);
 148 }
 149
 150 static struct gvt_dma *__gvt_cache_find_dma_addr(struct intel_vgpu *vgpu,
 151                 dma_addr_t dma_addr)
 152 {
 153         struct rb_node *node = vgpu->vdev.dma_addr_cache.rb_node;
 154         struct gvt_dma *itr;
 155
 156         while (node) {
 157                 itr = rb_entry(node, struct gvt_dma, dma_addr_node);
 158
 159                 if (dma_addr < itr->dma_addr)
 160                         node = node->rb_left;
 161                 else if (dma_addr > itr->dma_addr)
 162                         node = node->rb_right;
 163                 else
 164                         return itr;
 165         }
 166         return NULL;
 167 }
 168
 169 static struct gvt_dma *__gvt_cache_find_gfn(struct intel_vgpu *vgpu, gfn_t gfn)
 170 {
 171         struct rb_node *node = vgpu->vdev.gfn_cache.rb_node;
 172         struct gvt_dma *itr;
 173
 174         while (node) {
 175                 itr = rb_entry(node, struct gvt_dma, gfn_node);
 176
 177                 if (gfn < itr->gfn)
 178                         node = node->rb_left;
 179                 else if (gfn > itr->gfn)
 180                         node = node->rb_right;
 181                 else
 182                         return itr;
 183         }
 184         return NULL;
 185 }
 186
 187 static int __gvt_cache_add(struct intel_vgpu *vgpu, gfn_t gfn,
 188                 dma_addr_t dma_addr)
 189 {
 190         struct gvt_dma *new, *itr;
 191         struct rb_node **link, *parent = NULL;
 192
 193         new = kzalloc(sizeof(struct gvt_dma), GFP_KERNEL);
 194         if (!new)
 195                 return -ENOMEM;
 196
 197         new->vgpu = vgpu;
 198         new->gfn = gfn;
 199         new->dma_addr = dma_addr;
 200         kref_init(&new->ref);
 201
 202         /* gfn_cache maps gfn to struct gvt_dma. */
 203         link = &vgpu->vdev.gfn_cache.rb_node;
 204         while (*link) {
 205                 parent = *link;
 206                 itr = rb_entry(parent, struct gvt_dma, gfn_node);
 207
 208                 if (gfn < itr->gfn)
 209                         link = &parent->rb_left;
 210                 else
 211                         link = &parent->rb_right;
 212         }
 213         rb_link_node(&new->gfn_node, parent, link);
 214         rb_insert_color(&new->gfn_node, &vgpu->vdev.gfn_cache);
 215
 216         /* dma_addr_cache maps dma addr to struct gvt_dma. */
 217         parent = NULL;
 218         link = &vgpu->vdev.dma_addr_cache.rb_node;
 219         while (*link) {
 220                 parent = *link;
 221                 itr = rb_entry(parent, struct gvt_dma, dma_addr_node);
 222
 223                 if (dma_addr < itr->dma_addr)
 224                         link = &parent->rb_left;
 225                 else
 226                         link = &parent->rb_right;
 227         }
 228         rb_link_node(&new->dma_addr_node, parent, link);
 229         rb_insert_color(&new->dma_addr_node, &vgpu->vdev.dma_addr_cache);
 230
 231         vgpu->vdev.nr_cache_entries++;
 232         return 0;
 233 }
 234
 235 static void __gvt_cache_remove_entry(struct intel_vgpu *vgpu,
 236                                 struct gvt_dma *entry)
 237 {
 238         rb_erase(&entry->gfn_node, &vgpu->vdev.gfn_cache);
 239         rb_erase(&entry->dma_addr_node, &vgpu->vdev.dma_addr_cache);
 240         kfree(entry);
 241         vgpu->vdev.nr_cache_entries--;
 242 }
 243
 244 static void gvt_cache_destroy(struct intel_vgpu *vgpu)
 245 {
 246         struct gvt_dma *dma;
 247         struct rb_node *node = NULL;
 248
 249         for (;;) {
 250                 mutex_lock(&vgpu->vdev.cache_lock);
 251                 node = rb_first(&vgpu->vdev.gfn_cache);
 252                 if (!node) {
 253                         mutex_unlock(&vgpu->vdev.cache_lock);
 254                         break;
 255                 }
 256                 dma = rb_entry(node, struct gvt_dma, gfn_node);
 257                 gvt_dma_unmap_page(vgpu, dma->gfn, dma->dma_addr);
 258                 __gvt_cache_remove_entry(vgpu, dma);
 259                 mutex_unlock(&vgpu->vdev.cache_lock);
 260         }
 261 }
 262
 263 static void gvt_cache_init(struct intel_vgpu *vgpu)
 264 {
 265         vgpu->vdev.gfn_cache = RB_ROOT;
 266         vgpu->vdev.dma_addr_cache = RB_ROOT;
 267         vgpu->vdev.nr_cache_entries = 0;
 268         mutex_init(&vgpu->vdev.cache_lock);
 269 }
 270
 271 static void kvmgt_protect_table_init(struct kvmgt_guest_info *info)
 272 {
 273         hash_init(info->ptable);
 274 }
 275
 276 static void kvmgt_protect_table_destroy(struct kvmgt_guest_info *info)
 277 {
 278         struct kvmgt_pgfn *p;
 279         struct hlist_node *tmp;
 280         int i;
 281
 282         hash_for_each_safe(info->ptable, i, tmp, p, hnode) {
 283                 hash_del(&p->hnode);
 284                 kfree(p);
 285         }
 286 }
 287
 288 static struct kvmgt_pgfn *
 289 __kvmgt_protect_table_find(struct kvmgt_guest_info *info, gfn_t gfn)
 290 {
 291         struct kvmgt_pgfn *p, *res = NULL;
 292
 293         hash_for_each_possible(info->ptable, p, hnode, gfn) {
 294                 if (gfn == p->gfn) {
 295                         res = p;
 296                         break;
 297                 }
 298         }
 299
 300         return res;
 301 }
 302
 303 static bool kvmgt_gfn_is_write_protected(struct kvmgt_guest_info *info,
 304                                 gfn_t gfn)
 305 {
 306         struct kvmgt_pgfn *p;
 307
 308         p = __kvmgt_protect_table_find(info, gfn);
 309         return !!p;
 310 }
 311
 312 static void kvmgt_protect_table_add(struct kvmgt_guest_info *info, gfn_t gfn)
 313 {
 314         struct kvmgt_pgfn *p;
 315
 316         if (kvmgt_gfn_is_write_protected(info, gfn))
 317                 return;
 318
 319         p = kzalloc(sizeof(struct kvmgt_pgfn), GFP_ATOMIC);
 320         if (WARN(!p, "gfn: 0x%llx\n", gfn))
 321                 return;
 322
 323         p->gfn = gfn;
 324         hash_add(info->ptable, &p->hnode, gfn);
 325 }
 326
 327 static void kvmgt_protect_table_del(struct kvmgt_guest_info *info,
 328                                 gfn_t gfn)
 329 {
 330         struct kvmgt_pgfn *p;
 331
 332         p = __kvmgt_protect_table_find(info, gfn);
 333         if (p) {
 334                 hash_del(&p->hnode);
 335                 kfree(p);
 336         }
 337 }
 338
 339 static size_t intel_vgpu_reg_rw_opregion(struct intel_vgpu *vgpu, char *buf,
 340                 size_t count, loff_t *ppos, bool iswrite)
 341 {
 342         unsigned int i = VFIO_PCI_OFFSET_TO_INDEX(*ppos) -
 343                         VFIO_PCI_NUM_REGIONS;
 344         void *base = vgpu->vdev.region[i].data;
 345         loff_t pos = *ppos & VFIO_PCI_OFFSET_MASK;
 346
 347         if (pos >= vgpu->vdev.region[i].size || iswrite) {
 348                 gvt_vgpu_err("invalid op or offset for Intel vgpu OpRegion\n");
 349                 return -EINVAL;
 350         }
 351         count = min(count, (size_t)(vgpu->vdev.region[i].size - pos));
 352         memcpy(buf, base + pos, count);
 353
 354         return count;
 355 }
 356
 357 static void intel_vgpu_reg_release_opregion(struct intel_vgpu *vgpu,
 358                 struct vfio_region *region)
 359 {
 360 }
 361
 362 static const struct intel_vgpu_regops intel_vgpu_regops_opregion = {
 363         .rw = intel_vgpu_reg_rw_opregion,
 364         .release = intel_vgpu_reg_release_opregion,
 365 };
 366
 367 static int intel_vgpu_register_reg(struct intel_vgpu *vgpu,
 368                 unsigned int type, unsigned int subtype,
 369                 const struct intel_vgpu_regops *ops,
 370                 size_t size, u32 flags, void *data)
 371 {
 372         struct vfio_region *region;
 373
 374         region = krealloc(vgpu->vdev.region,
 375                         (vgpu->vdev.num_regions + 1) * sizeof(*region),
 376                         GFP_KERNEL);
 377         if (!region)
 378                 return -ENOMEM;
 379
 380         vgpu->vdev.region = region;
 381         vgpu->vdev.region[vgpu->vdev.num_regions].type = type;
 382         vgpu->vdev.region[vgpu->vdev.num_regions].subtype = subtype;
 383         vgpu->vdev.region[vgpu->vdev.num_regions].ops = ops;
 384         vgpu->vdev.region[vgpu->vdev.num_regions].size = size;
 385         vgpu->vdev.region[vgpu->vdev.num_regions].flags = flags;
 386         vgpu->vdev.region[vgpu->vdev.num_regions].data = data;
 387         vgpu->vdev.num_regions++;
 388         return 0;
 389 }
 390
 391 static int kvmgt_get_vfio_device(void *p_vgpu)
 392 {
 393         struct intel_vgpu *vgpu = (struct intel_vgpu *)p_vgpu;
 394
 395         vgpu->vdev.vfio_device = vfio_device_get_from_dev(
 396                 mdev_dev(vgpu->vdev.mdev));
 397         if (!vgpu->vdev.vfio_device) {
 398                 gvt_vgpu_err("failed to get vfio device\n");
 399                 return -ENODEV;
 400         }
 401         return 0;
 402 }
 403
 404
 405 static int kvmgt_set_opregion(void *p_vgpu)
 406 {
 407         struct intel_vgpu *vgpu = (struct intel_vgpu *)p_vgpu;
 408         void *base;
 409         int ret;
 410
 411         /* Each vgpu has its own opregion, although VFIO would create another
 412          * one later. This one is used to expose opregion to VFIO. And the
 413          * other one created by VFIO later, is used by guest actually.
 414          */
 415         base = vgpu_opregion(vgpu)->va;
 416         if (!base)
 417                 return -ENOMEM;
 418
 419         if (memcmp(base, OPREGION_SIGNATURE, 16)) {
 420                 memunmap(base);
 421                 return -EINVAL;
 422         }
 423
 424         ret = intel_vgpu_register_reg(vgpu,
 425                         PCI_VENDOR_ID_INTEL | VFIO_REGION_TYPE_PCI_VENDOR_TYPE,
 426                         VFIO_REGION_SUBTYPE_INTEL_IGD_OPREGION,
 427                         &intel_vgpu_regops_opregion, OPREGION_SIZE,
 428                         VFIO_REGION_INFO_FLAG_READ, base);
 429
 430         return ret;
 431 }
 432
 433 static void kvmgt_put_vfio_device(void *vgpu)
 434 {
 435         if (WARN_ON(!((struct intel_vgpu *)vgpu)->vdev.vfio_device))
 436                 return;
 437
 438         vfio_device_put(((struct intel_vgpu *)vgpu)->vdev.vfio_device);
 439 }
 440
 441 static int intel_vgpu_create(struct kobject *kobj, struct mdev_device *mdev)
 442 {
 443         struct intel_vgpu *vgpu = NULL;
 444         struct intel_vgpu_type *type;
 445         struct device *pdev;
 446         void *gvt;
 447         int ret;
 448
 449         pdev = mdev_parent_dev(mdev);
 450         gvt = kdev_to_i915(pdev)->gvt;
 451
 452         type = intel_gvt_ops->gvt_find_vgpu_type(gvt, kobject_name(kobj));
 453         if (!type) {
 454                 gvt_vgpu_err("failed to find type %s to create\n",
 455                                                 kobject_name(kobj));
 456                 ret = -EINVAL;
 457                 goto out;
 458         }
 459
 460         vgpu = intel_gvt_ops->vgpu_create(gvt, type);
 461         if (IS_ERR_OR_NULL(vgpu)) {
 462                 ret = vgpu == NULL ? -EFAULT : PTR_ERR(vgpu);
 463                 gvt_err("failed to create intel vgpu: %d\n", ret);
 464                 goto out;
 465         }
 466
 467         INIT_WORK(&vgpu->vdev.release_work, intel_vgpu_release_work);
 468
 469         vgpu->vdev.mdev = mdev;
 470         mdev_set_drvdata(mdev, vgpu);
 471
 472         gvt_dbg_core("intel_vgpu_create succeeded for mdev: %s\n",
 473                      dev_name(mdev_dev(mdev)));
 474         ret = 0;
 475
 476 out:
 477         return ret;
 478 }
 479
 480 static int intel_vgpu_remove(struct mdev_device *mdev)
 481 {
 482         struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
 483
 484         if (handle_valid(vgpu->handle))
 485                 return -EBUSY;
 486
 487         intel_gvt_ops->vgpu_destroy(vgpu);
 488         return 0;
 489 }
 490
 491 static int intel_vgpu_iommu_notifier(struct notifier_block *nb,
 492                                      unsigned long action, void *data)
 493 {
 494         struct intel_vgpu *vgpu = container_of(nb,
 495                                         struct intel_vgpu,
 496                                         vdev.iommu_notifier);
 497
 498         if (action == VFIO_IOMMU_NOTIFY_DMA_UNMAP) {
 499                 struct vfio_iommu_type1_dma_unmap *unmap = data;
 500                 struct gvt_dma *entry;
 501                 unsigned long iov_pfn, end_iov_pfn;
 502
 503                 iov_pfn = unmap->iova >> PAGE_SHIFT;
 504                 end_iov_pfn = iov_pfn + unmap->size / PAGE_SIZE;
 505
 506                 mutex_lock(&vgpu->vdev.cache_lock);
 507                 for (; iov_pfn < end_iov_pfn; iov_pfn++) {
 508                         entry = __gvt_cache_find_gfn(vgpu, iov_pfn);
 509                         if (!entry)
 510                                 continue;
 511
 512                         gvt_dma_unmap_page(vgpu, entry->gfn, entry->dma_addr);
 513                         __gvt_cache_remove_entry(vgpu, entry);
 514                 }
 515                 mutex_unlock(&vgpu->vdev.cache_lock);
 516         }
 517
 518         return NOTIFY_OK;
 519 }
 520
 521 static int intel_vgpu_group_notifier(struct notifier_block *nb,
 522                                      unsigned long action, void *data)
 523 {
 524         struct intel_vgpu *vgpu = container_of(nb,
 525                                         struct intel_vgpu,
 526                                         vdev.group_notifier);
 527
 528         /* the only action we care about */
 529         if (action == VFIO_GROUP_NOTIFY_SET_KVM) {
 530                 vgpu->vdev.kvm = data;
 531
 532                 if (!data)
 533                         schedule_work(&vgpu->vdev.release_work);
 534         }
 535
 536         return NOTIFY_OK;
 537 }
 538
 539 static int intel_vgpu_open(struct mdev_device *mdev)
 540 {
 541         struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
 542         unsigned long events;
 543         int ret;
 544
 545         vgpu->vdev.iommu_notifier.notifier_call = intel_vgpu_iommu_notifier;
 546         vgpu->vdev.group_notifier.notifier_call = intel_vgpu_group_notifier;
 547
 548         events = VFIO_IOMMU_NOTIFY_DMA_UNMAP;
 549         ret = vfio_register_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY, &events,
 550                                 &vgpu->vdev.iommu_notifier);
 551         if (ret != 0) {
 552                 gvt_vgpu_err("vfio_register_notifier for iommu failed: %d\n",
 553                         ret);
 554                 goto out;
 555         }
 556
 557         events = VFIO_GROUP_NOTIFY_SET_KVM;
 558         ret = vfio_register_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY, &events,
 559                                 &vgpu->vdev.group_notifier);
 560         if (ret != 0) {
 561                 gvt_vgpu_err("vfio_register_notifier for group failed: %d\n",
 562                         ret);
 563                 goto undo_iommu;
 564         }
 565
 566         ret = kvmgt_guest_init(mdev);
 567         if (ret)
 568                 goto undo_group;
 569
 570         intel_gvt_ops->vgpu_activate(vgpu);
 571
 572         atomic_set(&vgpu->vdev.released, 0);
 573         return ret;
 574
 575 undo_group:
 576         vfio_unregister_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
 577                                         &vgpu->vdev.group_notifier);
 578
 579 undo_iommu:
 580         vfio_unregister_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY,
 581                                         &vgpu->vdev.iommu_notifier);
 582 out:
 583         return ret;
 584 }
 585
 586 static void intel_vgpu_release_msi_eventfd_ctx(struct intel_vgpu *vgpu)
 587 {
 588         struct eventfd_ctx *trigger;
 589
 590         trigger = vgpu->vdev.msi_trigger;
 591         if (trigger) {
 592                 eventfd_ctx_put(trigger);
 593                 vgpu->vdev.msi_trigger = NULL;
 594         }
 595 }
 596
 597 static void __intel_vgpu_release(struct intel_vgpu *vgpu)
 598 {
 599         struct kvmgt_guest_info *info;
 600         int ret;
 601
 602         if (!handle_valid(vgpu->handle))
 603                 return;
 604
 605         if (atomic_cmpxchg(&vgpu->vdev.released, 0, 1))
 606                 return;
 607
 608         intel_gvt_ops->vgpu_deactivate(vgpu);
 609
 610         ret = vfio_unregister_notifier(mdev_dev(vgpu->vdev.mdev), VFIO_IOMMU_NOTIFY,
 611                                         &vgpu->vdev.iommu_notifier);
 612         WARN(ret, "vfio_unregister_notifier for iommu failed: %d\n", ret);
 613
 614         ret = vfio_unregister_notifier(mdev_dev(vgpu->vdev.mdev), VFIO_GROUP_NOTIFY,
 615                                         &vgpu->vdev.group_notifier);
 616         WARN(ret, "vfio_unregister_notifier for group failed: %d\n", ret);
 617
 618         info = (struct kvmgt_guest_info *)vgpu->handle;
 619         kvmgt_guest_exit(info);
 620
 621         intel_vgpu_release_msi_eventfd_ctx(vgpu);
 622
 623         vgpu->vdev.kvm = NULL;
 624         vgpu->handle = 0;
 625 }
 626
 627 static void intel_vgpu_release(struct mdev_device *mdev)
 628 {
 629         struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
 630
 631         __intel_vgpu_release(vgpu);
 632 }
 633
 634 static void intel_vgpu_release_work(struct work_struct *work)
 635 {
 636         struct intel_vgpu *vgpu = container_of(work, struct intel_vgpu,
 637                                         vdev.release_work);
 638
 639         __intel_vgpu_release(vgpu);
 640 }
 641
 642 static uint64_t intel_vgpu_get_bar_addr(struct intel_vgpu *vgpu, int bar)
 643 {
 644         u32 start_lo, start_hi;
 645         u32 mem_type;
 646
 647         start_lo = (*(u32 *)(vgpu->cfg_space.virtual_cfg_space + bar)) &
 648                         PCI_BASE_ADDRESS_MEM_MASK;
 649         mem_type = (*(u32 *)(vgpu->cfg_space.virtual_cfg_space + bar)) &
 650                         PCI_BASE_ADDRESS_MEM_TYPE_MASK;
 651
 652         switch (mem_type) {
 653         case PCI_BASE_ADDRESS_MEM_TYPE_64:
 654                 start_hi = (*(u32 *)(vgpu->cfg_space.virtual_cfg_space
 655                                                 + bar + 4));
 656                 break;
 657         case PCI_BASE_ADDRESS_MEM_TYPE_32:
 658         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
 659                 /* 1M mem BAR treated as 32-bit BAR */
 660         default:
 661                 /* mem unknown type treated as 32-bit BAR */
 662                 start_hi = 0;
 663                 break;
 664         }
 665
 666         return ((u64)start_hi << 32) | start_lo;
 667 }
 668
 669 static int intel_vgpu_bar_rw(struct intel_vgpu *vgpu, int bar, uint64_t off,
 670                              void *buf, unsigned int count, bool is_write)
 671 {
 672         uint64_t bar_start = intel_vgpu_get_bar_addr(vgpu, bar);
 673         int ret;
 674
 675         if (is_write)
 676                 ret = intel_gvt_ops->emulate_mmio_write(vgpu,
 677                                         bar_start + off, buf, count);
 678         else
 679                 ret = intel_gvt_ops->emulate_mmio_read(vgpu,
 680                                         bar_start + off, buf, count);
 681         return ret;
 682 }
 683
 684 static inline bool intel_vgpu_in_aperture(struct intel_vgpu *vgpu, uint64_t off)
 685 {
 686         return off >= vgpu_aperture_offset(vgpu) &&
 687                off < vgpu_aperture_offset(vgpu) + vgpu_aperture_sz(vgpu);
 688 }
 689
 690 static int intel_vgpu_aperture_rw(struct intel_vgpu *vgpu, uint64_t off,
 691                 void *buf, unsigned long count, bool is_write)
 692 {
 693         void *aperture_va;
 694
 695         if (!intel_vgpu_in_aperture(vgpu, off) ||
 696             !intel_vgpu_in_aperture(vgpu, off + count)) {
 697                 gvt_vgpu_err("Invalid aperture offset %llu\n", off);
 698                 return -EINVAL;
 699         }
 700
 701         aperture_va = io_mapping_map_wc(&vgpu->gvt->dev_priv->ggtt.iomap,
 702                                         ALIGN_DOWN(off, PAGE_SIZE),
 703                                         count + offset_in_page(off));
 704         if (!aperture_va)
 705                 return -EIO;
 706
 707         if (is_write)
 708                 memcpy(aperture_va + offset_in_page(off), buf, count);
 709         else
 710                 memcpy(buf, aperture_va + offset_in_page(off), count);
 711
 712         io_mapping_unmap(aperture_va);
 713
 714         return 0;
 715 }
 716
 717 static ssize_t intel_vgpu_rw(struct mdev_device *mdev, char *buf,
 718                         size_t count, loff_t *ppos, bool is_write)
 719 {
 720         struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
 721         unsigned int index = VFIO_PCI_OFFSET_TO_INDEX(*ppos);
 722         uint64_t pos = *ppos & VFIO_PCI_OFFSET_MASK;
 723         int ret = -EINVAL;
 724
 725
 726         if (index >= VFIO_PCI_NUM_REGIONS + vgpu->vdev.num_regions) {
 727                 gvt_vgpu_err("invalid index: %u\n", index);
 728                 return -EINVAL;
 729         }
 730
 731         switch (index) {
 732         case VFIO_PCI_CONFIG_REGION_INDEX:
 733                 if (is_write)
 734                         ret = intel_gvt_ops->emulate_cfg_write(vgpu, pos,
 735                                                 buf, count);
 736                 else
 737                         ret = intel_gvt_ops->emulate_cfg_read(vgpu, pos,
 738                                                 buf, count);
 739                 break;
 740         case VFIO_PCI_BAR0_REGION_INDEX:
 741                 ret = intel_vgpu_bar_rw(vgpu, PCI_BASE_ADDRESS_0, pos,
 742                                         buf, count, is_write);
 743                 break;
 744         case VFIO_PCI_BAR2_REGION_INDEX:
 745                 ret = intel_vgpu_aperture_rw(vgpu, pos, buf, count, is_write);
 746                 break;
 747         case VFIO_PCI_BAR1_REGION_INDEX:
 748         case VFIO_PCI_BAR3_REGION_INDEX:
 749         case VFIO_PCI_BAR4_REGION_INDEX:
 750         case VFIO_PCI_BAR5_REGION_INDEX:
 751         case VFIO_PCI_VGA_REGION_INDEX:
 752         case VFIO_PCI_ROM_REGION_INDEX:
 753                 break;
 754         default:
 755                 if (index >= VFIO_PCI_NUM_REGIONS + vgpu->vdev.num_regions)
 756                         return -EINVAL;
 757
 758                 index -= VFIO_PCI_NUM_REGIONS;
 759                 return vgpu->vdev.region[index].ops->rw(vgpu, buf, count,
 760                                 ppos, is_write);
 761         }
 762
 763         return ret == 0 ? count : ret;
 764 }
 765
 766 static bool gtt_entry(struct mdev_device *mdev, loff_t *ppos)
 767 {
 768         struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
 769         unsigned int index = VFIO_PCI_OFFSET_TO_INDEX(*ppos);
 770         struct intel_gvt *gvt = vgpu->gvt;
 771         int offset;
 772
 773         /* Only allow MMIO GGTT entry access */
 774         if (index != PCI_BASE_ADDRESS_0)
 775                 return false;
 776
 777         offset = (u64)(*ppos & VFIO_PCI_OFFSET_MASK) -
 778                 intel_vgpu_get_bar_gpa(vgpu, PCI_BASE_ADDRESS_0);
 779
 780         return (offset >= gvt->device_info.gtt_start_offset &&
 781                 offset < gvt->device_info.gtt_start_offset + gvt_ggtt_sz(gvt)) ?
 782                         true : false;
 783 }
 784
 785 static ssize_t intel_vgpu_read(struct mdev_device *mdev, char __user *buf,
 786                         size_t count, loff_t *ppos)
 787 {
 788         unsigned int done = 0;
 789         int ret;
 790
 791         while (count) {
 792                 size_t filled;
 793
 794                 /* Only support GGTT entry 8 bytes read */
 795                 if (count >= 8 && !(*ppos % 8) &&
 796                         gtt_entry(mdev, ppos)) {
 797                         u64 val;
 798
 799                         ret = intel_vgpu_rw(mdev, (char *)&val, sizeof(val),
 800                                         ppos, false);
 801                         if (ret <= 0)
 802                                 goto read_err;
 803
 804                         if (copy_to_user(buf, &val, sizeof(val)))
 805                                 goto read_err;
 806
 807                         filled = 8;
 808                 } else if (count >= 4 && !(*ppos % 4)) {
 809                         u32 val;
 810
 811                         ret = intel_vgpu_rw(mdev, (char *)&val, sizeof(val),
 812                                         ppos, false);
 813                         if (ret <= 0)
 814                                 goto read_err;
 815
 816                         if (copy_to_user(buf, &val, sizeof(val)))
 817                                 goto read_err;
 818
 819                         filled = 4;
 820                 } else if (count >= 2 && !(*ppos % 2)) {
 821                         u16 val;
 822
 823                         ret = intel_vgpu_rw(mdev, (char *)&val, sizeof(val),
 824                                         ppos, false);
 825                         if (ret <= 0)
 826                                 goto read_err;
 827
 828                         if (copy_to_user(buf, &val, sizeof(val)))
 829                                 goto read_err;
 830
 831                         filled = 2;
 832                 } else {
 833                         u8 val;
 834
 835                         ret = intel_vgpu_rw(mdev, &val, sizeof(val), ppos,
 836                                         false);
 837                         if (ret <= 0)
 838                                 goto read_err;
 839
 840                         if (copy_to_user(buf, &val, sizeof(val)))
 841                                 goto read_err;
 842
 843                         filled = 1;
 844                 }
 845
 846                 count -= filled;
 847                 done += filled;
 848                 *ppos += filled;
 849                 buf += filled;
 850         }
 851
 852         return done;
 853
 854 read_err:
 855         return -EFAULT;
 856 }
 857
 858 static ssize_t intel_vgpu_write(struct mdev_device *mdev,
 859                                 const char __user *buf,
 860                                 size_t count, loff_t *ppos)
 861 {
 862         unsigned int done = 0;
 863         int ret;
 864
 865         while (count) {
 866                 size_t filled;
 867
 868                 /* Only support GGTT entry 8 bytes write */
 869                 if (count >= 8 && !(*ppos % 8) &&
 870                         gtt_entry(mdev, ppos)) {
 871                         u64 val;
 872
 873                         if (copy_from_user(&val, buf, sizeof(val)))
 874                                 goto write_err;
 875
 876                         ret = intel_vgpu_rw(mdev, (char *)&val, sizeof(val),
 877                                         ppos, true);
 878                         if (ret <= 0)
 879                                 goto write_err;
 880
 881                         filled = 8;
 882                 } else if (count >= 4 && !(*ppos % 4)) {
 883                         u32 val;
 884
 885                         if (copy_from_user(&val, buf, sizeof(val)))
 886                                 goto write_err;
 887
 888                         ret = intel_vgpu_rw(mdev, (char *)&val, sizeof(val),
 889                                         ppos, true);
 890                         if (ret <= 0)
 891                                 goto write_err;
 892
 893                         filled = 4;
 894                 } else if (count >= 2 && !(*ppos % 2)) {
 895                         u16 val;
 896
 897                         if (copy_from_user(&val, buf, sizeof(val)))
 898                                 goto write_err;
 899
 900                         ret = intel_vgpu_rw(mdev, (char *)&val,
 901                                         sizeof(val), ppos, true);
 902                         if (ret <= 0)
 903                                 goto write_err;
 904
 905                         filled = 2;
 906                 } else {
 907                         u8 val;
 908
 909                         if (copy_from_user(&val, buf, sizeof(val)))
 910                                 goto write_err;
 911
 912                         ret = intel_vgpu_rw(mdev, &val, sizeof(val),
 913                                         ppos, true);
 914                         if (ret <= 0)
 915                                 goto write_err;
 916
 917                         filled = 1;
 918                 }
 919
 920                 count -= filled;
 921                 done += filled;
 922                 *ppos += filled;
 923                 buf += filled;
 924         }
 925
 926         return done;
 927 write_err:
 928         return -EFAULT;
 929 }
 930
 931 static int intel_vgpu_mmap(struct mdev_device *mdev, struct vm_area_struct *vma)
 932 {
 933         unsigned int index;
 934         u64 virtaddr;
 935         unsigned long req_size, pgoff = 0;
 936         pgprot_t pg_prot;
 937         struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
 938
 939         index = vma->vm_pgoff >> (VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT);
 940         if (index >= VFIO_PCI_ROM_REGION_INDEX)
 941                 return -EINVAL;
 942
 943         if (vma->vm_end < vma->vm_start)
 944                 return -EINVAL;
 945         if ((vma->vm_flags & VM_SHARED) == 0)
 946                 return -EINVAL;
 947         if (index != VFIO_PCI_BAR2_REGION_INDEX)
 948                 return -EINVAL;
 949
 950         pg_prot = vma->vm_page_prot;
 951         virtaddr = vma->vm_start;
 952         req_size = vma->vm_end - vma->vm_start;
 953         pgoff = vgpu_aperture_pa_base(vgpu) >> PAGE_SHIFT;
 954
 955         return remap_pfn_range(vma, virtaddr, pgoff, req_size, pg_prot);
 956 }
 957
 958 static int intel_vgpu_get_irq_count(struct intel_vgpu *vgpu, int type)
 959 {
 960         if (type == VFIO_PCI_INTX_IRQ_INDEX || type == VFIO_PCI_MSI_IRQ_INDEX)
 961                 return 1;
 962
 963         return 0;
 964 }
 965
 966 static int intel_vgpu_set_intx_mask(struct intel_vgpu *vgpu,
 967                         unsigned int index, unsigned int start,
 968                         unsigned int count, uint32_t flags,
 969                         void *data)
 970 {
 971         return 0;
 972 }
 973
 974 static int intel_vgpu_set_intx_unmask(struct intel_vgpu *vgpu,
 975                         unsigned int index, unsigned int start,
 976                         unsigned int count, uint32_t flags, void *data)
 977 {
 978         return 0;
 979 }
 980
 981 static int intel_vgpu_set_intx_trigger(struct intel_vgpu *vgpu,
 982                 unsigned int index, unsigned int start, unsigned int count,
 983                 uint32_t flags, void *data)
 984 {
 985         return 0;
 986 }
 987
 988 static int intel_vgpu_set_msi_trigger(struct intel_vgpu *vgpu,
 989                 unsigned int index, unsigned int start, unsigned int count,
 990                 uint32_t flags, void *data)
 991 {
 992         struct eventfd_ctx *trigger;
 993
 994         if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
 995                 int fd = *(int *)data;
 996
 997                 trigger = eventfd_ctx_fdget(fd);
 998                 if (IS_ERR(trigger)) {
 999                         gvt_vgpu_err("eventfd_ctx_fdget failed\n");
1000                         return PTR_ERR(trigger);
1001                 }
1002                 vgpu->vdev.msi_trigger = trigger;
1003         } else if ((flags & VFIO_IRQ_SET_DATA_NONE) && !count)
1004                 intel_vgpu_release_msi_eventfd_ctx(vgpu);
1005
1006         return 0;
1007 }
1008
1009 static int intel_vgpu_set_irqs(struct intel_vgpu *vgpu, uint32_t flags,
1010                 unsigned int index, unsigned int start, unsigned int count,
1011                 void *data)
1012 {
1013         int (*func)(struct intel_vgpu *vgpu, unsigned int index,
1014                         unsigned int start, unsigned int count, uint32_t flags,
1015                         void *data) = NULL;
1016
1017         switch (index) {
1018         case VFIO_PCI_INTX_IRQ_INDEX:
1019                 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
1020                 case VFIO_IRQ_SET_ACTION_MASK:
1021                         func = intel_vgpu_set_intx_mask;
1022                         break;
1023                 case VFIO_IRQ_SET_ACTION_UNMASK:
1024                         func = intel_vgpu_set_intx_unmask;
1025                         break;
1026                 case VFIO_IRQ_SET_ACTION_TRIGGER:
1027                         func = intel_vgpu_set_intx_trigger;
1028                         break;
1029                 }
1030                 break;
1031         case VFIO_PCI_MSI_IRQ_INDEX:
1032                 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
1033                 case VFIO_IRQ_SET_ACTION_MASK:
1034                 case VFIO_IRQ_SET_ACTION_UNMASK:
1035                         /* XXX Need masking support exported */
1036                         break;
1037                 case VFIO_IRQ_SET_ACTION_TRIGGER:
1038                         func = intel_vgpu_set_msi_trigger;
1039                         break;
1040                 }
1041                 break;
1042         }
1043
1044         if (!func)
1045                 return -ENOTTY;
1046
1047         return func(vgpu, index, start, count, flags, data);
1048 }
1049
1050 static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
1051                              unsigned long arg)
1052 {
1053         struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
1054         unsigned long minsz;
1055
1056         gvt_dbg_core("vgpu%d ioctl, cmd: %d\n", vgpu->id, cmd);
1057
1058         if (cmd == VFIO_DEVICE_GET_INFO) {
1059                 struct vfio_device_info info;
1060
1061                 minsz = offsetofend(struct vfio_device_info, num_irqs);
1062
1063                 if (copy_from_user(&info, (void __user *)arg, minsz))
1064                         return -EFAULT;
1065
1066                 if (info.argsz < minsz)
1067                         return -EINVAL;
1068
1069                 info.flags = VFIO_DEVICE_FLAGS_PCI;
1070                 info.flags |= VFIO_DEVICE_FLAGS_RESET;
1071                 info.num_regions = VFIO_PCI_NUM_REGIONS +
1072                                 vgpu->vdev.num_regions;
1073                 info.num_irqs = VFIO_PCI_NUM_IRQS;
1074
1075                 return copy_to_user((void __user *)arg, &info, minsz) ?
1076                         -EFAULT : 0;
1077
1078         } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) {
1079                 struct vfio_region_info info;
1080                 struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
1081                 int i, ret;
1082                 struct vfio_region_info_cap_sparse_mmap *sparse = NULL;
1083                 size_t size;
1084                 int nr_areas = 1;
1085                 int cap_type_id;
1086
1087                 minsz = offsetofend(struct vfio_region_info, offset);
1088
1089                 if (copy_from_user(&info, (void __user *)arg, minsz))
1090                         return -EFAULT;
1091
1092                 if (info.argsz < minsz)
1093                         return -EINVAL;
1094
1095                 switch (info.index) {
1096                 case VFIO_PCI_CONFIG_REGION_INDEX:
1097                         info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index);
1098                         info.size = vgpu->gvt->device_info.cfg_space_size;
1099                         info.flags = VFIO_REGION_INFO_FLAG_READ |
1100                                      VFIO_REGION_INFO_FLAG_WRITE;
1101                         break;
1102                 case VFIO_PCI_BAR0_REGION_INDEX:
1103                         info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index);
1104                         info.size = vgpu->cfg_space.bar[info.index].size;
1105                         if (!info.size) {
1106                                 info.flags = 0;
1107                                 break;
1108                         }
1109
1110                         info.flags = VFIO_REGION_INFO_FLAG_READ |
1111                                      VFIO_REGION_INFO_FLAG_WRITE;
1112                         break;
1113                 case VFIO_PCI_BAR1_REGION_INDEX:
1114                         info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index);
1115                         info.size = 0;
1116                         info.flags = 0;
1117                         break;
1118                 case VFIO_PCI_BAR2_REGION_INDEX:
1119                         info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index);
1120                         info.flags = VFIO_REGION_INFO_FLAG_CAPS |
1121                                         VFIO_REGION_INFO_FLAG_MMAP |
1122                                         VFIO_REGION_INFO_FLAG_READ |
1123                                         VFIO_REGION_INFO_FLAG_WRITE;
1124                         info.size = gvt_aperture_sz(vgpu->gvt);
1125
1126                         size = sizeof(*sparse) +
1127                                         (nr_areas * sizeof(*sparse->areas));
1128                         sparse = kzalloc(size, GFP_KERNEL);
1129                         if (!sparse)
1130                                 return -ENOMEM;
1131
1132                         sparse->header.id = VFIO_REGION_INFO_CAP_SPARSE_MMAP;
1133                         sparse->header.version = 1;
1134                         sparse->nr_areas = nr_areas;
1135                         cap_type_id = VFIO_REGION_INFO_CAP_SPARSE_MMAP;
1136                         sparse->areas[0].offset =
1137                                         PAGE_ALIGN(vgpu_aperture_offset(vgpu));
1138                         sparse->areas[0].size = vgpu_aperture_sz(vgpu);
1139                         break;
1140
1141                 case VFIO_PCI_BAR3_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX:
1142                         info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index);
1143                         info.size = 0;
1144                         info.flags = 0;
1145
1146                         gvt_dbg_core("get region info bar:%d\n", info.index);
1147                         break;
1148
1149                 case VFIO_PCI_ROM_REGION_INDEX:
1150                 case VFIO_PCI_VGA_REGION_INDEX:
1151                         info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index);
1152                         info.size = 0;
1153                         info.flags = 0;
1154
1155                         gvt_dbg_core("get region info index:%d\n", info.index);
1156                         break;
1157                 default:
1158                         {
1159                                 struct vfio_region_info_cap_type cap_type = {
1160                                         .header.id = VFIO_REGION_INFO_CAP_TYPE,
1161                                         .header.version = 1 };
1162
1163                                 if (info.index >= VFIO_PCI_NUM_REGIONS +
1164                                                 vgpu->vdev.num_regions)
1165                                         return -EINVAL;
1166
1167                                 i = info.index - VFIO_PCI_NUM_REGIONS;
1168
1169                                 info.offset =
1170                                         VFIO_PCI_INDEX_TO_OFFSET(info.index);
1171                                 info.size = vgpu->vdev.region[i].size;
1172                                 info.flags = vgpu->vdev.region[i].flags;
1173
1174                                 cap_type.type = vgpu->vdev.region[i].type;
1175                                 cap_type.subtype = vgpu->vdev.region[i].subtype;
1176
1177                                 ret = vfio_info_add_capability(&caps,
1178                                                         &cap_type.header,
1179                                                         sizeof(cap_type));
1180                                 if (ret)
1181                                         return ret;
1182                         }
1183                 }
1184
1185                 if ((info.flags & VFIO_REGION_INFO_FLAG_CAPS) && sparse) {
1186                         switch (cap_type_id) {
1187                         case VFIO_REGION_INFO_CAP_SPARSE_MMAP:
1188                                 ret = vfio_info_add_capability(&caps,
1189                                         &sparse->header, sizeof(*sparse) +
1190                                         (sparse->nr_areas *
1191                                                 sizeof(*sparse->areas)));
1192                                 kfree(sparse);
1193                                 if (ret)
1194                                         return ret;
1195                                 break;
1196                         default:
1197                                 return -EINVAL;
1198                         }
1199                 }
1200
1201                 if (caps.size) {
1202                         info.flags |= VFIO_REGION_INFO_FLAG_CAPS;
1203                         if (info.argsz < sizeof(info) + caps.size) {
1204                                 info.argsz = sizeof(info) + caps.size;
1205                                 info.cap_offset = 0;
1206                         } else {
1207                                 vfio_info_cap_shift(&caps, sizeof(info));
1208                                 if (copy_to_user((void __user *)arg +
1209                                                   sizeof(info), caps.buf,
1210                                                   caps.size)) {
1211                                         kfree(caps.buf);
1212                                         return -EFAULT;
1213                                 }
1214                                 info.cap_offset = sizeof(info);
1215                         }
1216
1217                         kfree(caps.buf);
1218                 }
1219
1220                 return copy_to_user((void __user *)arg, &info, minsz) ?
1221                         -EFAULT : 0;
1222         } else if (cmd == VFIO_DEVICE_GET_IRQ_INFO) {
1223                 struct vfio_irq_info info;
1224
1225                 minsz = offsetofend(struct vfio_irq_info, count);
1226
1227                 if (copy_from_user(&info, (void __user *)arg, minsz))
1228                         return -EFAULT;
1229
1230                 if (info.argsz < minsz || info.index >= VFIO_PCI_NUM_IRQS)
1231                         return -EINVAL;
1232
1233                 switch (info.index) {
1234                 case VFIO_PCI_INTX_IRQ_INDEX:
1235                 case VFIO_PCI_MSI_IRQ_INDEX:
1236                         break;
1237                 default:
1238                         return -EINVAL;
1239                 }
1240
1241                 info.flags = VFIO_IRQ_INFO_EVENTFD;
1242
1243                 info.count = intel_vgpu_get_irq_count(vgpu, info.index);
1244
1245                 if (info.index == VFIO_PCI_INTX_IRQ_INDEX)
1246                         info.flags |= (VFIO_IRQ_INFO_MASKABLE |
1247                                        VFIO_IRQ_INFO_AUTOMASKED);
1248                 else
1249                         info.flags |= VFIO_IRQ_INFO_NORESIZE;
1250
1251                 return copy_to_user((void __user *)arg, &info, minsz) ?
1252                         -EFAULT : 0;
1253         } else if (cmd == VFIO_DEVICE_SET_IRQS) {
1254                 struct vfio_irq_set hdr;
1255                 u8 *data = NULL;
1256                 int ret = 0;
1257                 size_t data_size = 0;
1258
1259                 minsz = offsetofend(struct vfio_irq_set, count);
1260
1261                 if (copy_from_user(&hdr, (void __user *)arg, minsz))
1262                         return -EFAULT;
1263
1264                 if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) {
1265                         int max = intel_vgpu_get_irq_count(vgpu, hdr.index);
1266
1267                         ret = vfio_set_irqs_validate_and_prepare(&hdr, max,
1268                                                 VFIO_PCI_NUM_IRQS, &data_size);
1269                         if (ret) {
1270                                 gvt_vgpu_err("intel:vfio_set_irqs_validate_and_prepare failed\n");
1271                                 return -EINVAL;
1272                         }
1273                         if (data_size) {
1274                                 data = memdup_user((void __user *)(arg + minsz),
1275                                                    data_size);
1276                                 if (IS_ERR(data))
1277                                         return PTR_ERR(data);
1278                         }
1279                 }
1280
1281                 ret = intel_vgpu_set_irqs(vgpu, hdr.flags, hdr.index,
1282                                         hdr.start, hdr.count, data);
1283                 kfree(data);
1284
1285                 return ret;
1286         } else if (cmd == VFIO_DEVICE_RESET) {
1287                 intel_gvt_ops->vgpu_reset(vgpu);
1288                 return 0;
1289         } else if (cmd == VFIO_DEVICE_QUERY_GFX_PLANE) {
1290                 struct vfio_device_gfx_plane_info dmabuf;
1291                 int ret = 0;
1292
1293                 minsz = offsetofend(struct vfio_device_gfx_plane_info,
1294                                     dmabuf_id);
1295                 if (copy_from_user(&dmabuf, (void __user *)arg, minsz))
1296                         return -EFAULT;
1297                 if (dmabuf.argsz < minsz)
1298                         return -EINVAL;
1299
1300                 ret = intel_gvt_ops->vgpu_query_plane(vgpu, &dmabuf);
1301                 if (ret != 0)
1302                         return ret;
1303
1304                 return copy_to_user((void __user *)arg, &dmabuf, minsz) ?
1305                                                                 -EFAULT : 0;
1306         } else if (cmd == VFIO_DEVICE_GET_GFX_DMABUF) {
1307                 __u32 dmabuf_id;
1308                 __s32 dmabuf_fd;
1309
1310                 if (get_user(dmabuf_id, (__u32 __user *)arg))
1311                         return -EFAULT;
1312
1313                 dmabuf_fd = intel_gvt_ops->vgpu_get_dmabuf(vgpu, dmabuf_id);
1314                 return dmabuf_fd;
1315
1316         }
1317
1318         return 0;
1319 }
1320
1321 static ssize_t
1322 vgpu_id_show(struct device *dev, struct device_attribute *attr,
1323              char *buf)
1324 {
1325         struct mdev_device *mdev = mdev_from_dev(dev);
1326
1327         if (mdev) {
1328                 struct intel_vgpu *vgpu = (struct intel_vgpu *)
1329                         mdev_get_drvdata(mdev);
1330                 return sprintf(buf, "%d\n", vgpu->id);
1331         }
1332         return sprintf(buf, "\n");
1333 }
1334
1335 static ssize_t
1336 hw_id_show(struct device *dev, struct device_attribute *attr,
1337            char *buf)
1338 {
1339         struct mdev_device *mdev = mdev_from_dev(dev);
1340
1341         if (mdev) {
1342                 struct intel_vgpu *vgpu = (struct intel_vgpu *)
1343                         mdev_get_drvdata(mdev);
1344                 return sprintf(buf, "%u\n",
1345                                vgpu->submission.shadow_ctx->hw_id);
1346         }
1347         return sprintf(buf, "\n");
1348 }
1349
1350 static DEVICE_ATTR_RO(vgpu_id);
1351 static DEVICE_ATTR_RO(hw_id);
1352
1353 static struct attribute *intel_vgpu_attrs[] = {
1354         &dev_attr_vgpu_id.attr,
1355         &dev_attr_hw_id.attr,
1356         NULL
1357 };
1358
1359 static const struct attribute_group intel_vgpu_group = {
1360         .name = "intel_vgpu",
1361         .attrs = intel_vgpu_attrs,
1362 };
1363
1364 static const struct attribute_group *intel_vgpu_groups[] = {
1365         &intel_vgpu_group,
1366         NULL,
1367 };
1368
1369 static struct mdev_parent_ops intel_vgpu_ops = {
1370         .mdev_attr_groups       = intel_vgpu_groups,
1371         .create                 = intel_vgpu_create,
1372         .remove                 = intel_vgpu_remove,
1373
1374         .open                   = intel_vgpu_open,
1375         .release                = intel_vgpu_release,
1376
1377         .read                   = intel_vgpu_read,
1378         .write                  = intel_vgpu_write,
1379         .mmap                   = intel_vgpu_mmap,
1380         .ioctl                  = intel_vgpu_ioctl,
1381 };
1382
1383 static int kvmgt_host_init(struct device *dev, void *gvt, const void *ops)
1384 {
1385         struct attribute **kvm_type_attrs;
1386         struct attribute_group **kvm_vgpu_type_groups;
1387
1388         intel_gvt_ops = ops;
1389         if (!intel_gvt_ops->get_gvt_attrs(&kvm_type_attrs,
1390                         &kvm_vgpu_type_groups))
1391                 return -EFAULT;
1392         intel_vgpu_ops.supported_type_groups = kvm_vgpu_type_groups;
1393
1394         return mdev_register_device(dev, &intel_vgpu_ops);
1395 }
1396
1397 static void kvmgt_host_exit(struct device *dev, void *gvt)
1398 {
1399         mdev_unregister_device(dev);
1400 }
1401
1402 static int kvmgt_page_track_add(unsigned long handle, u64 gfn)
1403 {
1404         struct kvmgt_guest_info *info;
1405         struct kvm *kvm;
1406         struct kvm_memory_slot *slot;
1407         int idx;
1408
1409         if (!handle_valid(handle))
1410                 return -ESRCH;
1411
1412         info = (struct kvmgt_guest_info *)handle;
1413         kvm = info->kvm;
1414
1415         idx = srcu_read_lock(&kvm->srcu);
1416         slot = gfn_to_memslot(kvm, gfn);
1417         if (!slot) {
1418                 srcu_read_unlock(&kvm->srcu, idx);
1419                 return -EINVAL;
1420         }
1421
1422         spin_lock(&kvm->mmu_lock);
1423
1424         if (kvmgt_gfn_is_write_protected(info, gfn))
1425                 goto out;
1426
1427         kvm_slot_page_track_add_page(kvm, slot, gfn, KVM_PAGE_TRACK_WRITE);
1428         kvmgt_protect_table_add(info, gfn);
1429
1430 out:
1431         spin_unlock(&kvm->mmu_lock);
1432         srcu_read_unlock(&kvm->srcu, idx);
1433         return 0;
1434 }
1435
1436 static int kvmgt_page_track_remove(unsigned long handle, u64 gfn)
1437 {
1438         struct kvmgt_guest_info *info;
1439         struct kvm *kvm;
1440         struct kvm_memory_slot *slot;
1441         int idx;
1442
1443         if (!handle_valid(handle))
1444                 return 0;
1445
1446         info = (struct kvmgt_guest_info *)handle;
1447         kvm = info->kvm;
1448
1449         idx = srcu_read_lock(&kvm->srcu);
1450         slot = gfn_to_memslot(kvm, gfn);
1451         if (!slot) {
1452                 srcu_read_unlock(&kvm->srcu, idx);
1453                 return -EINVAL;
1454         }
1455
1456         spin_lock(&kvm->mmu_lock);
1457
1458         if (!kvmgt_gfn_is_write_protected(info, gfn))
1459                 goto out;
1460
1461         kvm_slot_page_track_remove_page(kvm, slot, gfn, KVM_PAGE_TRACK_WRITE);
1462         kvmgt_protect_table_del(info, gfn);
1463
1464 out:
1465         spin_unlock(&kvm->mmu_lock);
1466         srcu_read_unlock(&kvm->srcu, idx);
1467         return 0;
1468 }
1469
1470 static void kvmgt_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1471                 const u8 *val, int len,
1472                 struct kvm_page_track_notifier_node *node)
1473 {
1474         struct kvmgt_guest_info *info = container_of(node,
1475                                         struct kvmgt_guest_info, track_node);
1476
1477         if (kvmgt_gfn_is_write_protected(info, gpa_to_gfn(gpa)))
1478                 intel_gvt_ops->write_protect_handler(info->vgpu, gpa,
1479                                                      (void *)val, len);
1480 }
1481
1482 static void kvmgt_page_track_flush_slot(struct kvm *kvm,
1483                 struct kvm_memory_slot *slot,
1484                 struct kvm_page_track_notifier_node *node)
1485 {
1486         int i;
1487         gfn_t gfn;
1488         struct kvmgt_guest_info *info = container_of(node,
1489                                         struct kvmgt_guest_info, track_node);
1490
1491         spin_lock(&kvm->mmu_lock);
1492         for (i = 0; i < slot->npages; i++) {
1493                 gfn = slot->base_gfn + i;
1494                 if (kvmgt_gfn_is_write_protected(info, gfn)) {
1495                         kvm_slot_page_track_remove_page(kvm, slot, gfn,
1496                                                 KVM_PAGE_TRACK_WRITE);
1497                         kvmgt_protect_table_del(info, gfn);
1498                 }
1499         }
1500         spin_unlock(&kvm->mmu_lock);
1501 }
1502
1503 static bool __kvmgt_vgpu_exist(struct intel_vgpu *vgpu, struct kvm *kvm)
1504 {
1505         struct intel_vgpu *itr;
1506         struct kvmgt_guest_info *info;
1507         int id;
1508         bool ret = false;
1509
1510         mutex_lock(&vgpu->gvt->lock);
1511         for_each_active_vgpu(vgpu->gvt, itr, id) {
1512                 if (!handle_valid(itr->handle))
1513                         continue;
1514
1515                 info = (struct kvmgt_guest_info *)itr->handle;
1516                 if (kvm && kvm == info->kvm) {
1517                         ret = true;
1518                         goto out;
1519                 }
1520         }
1521 out:
1522         mutex_unlock(&vgpu->gvt->lock);
1523         return ret;
1524 }
1525
1526 static int kvmgt_guest_init(struct mdev_device *mdev)
1527 {
1528         struct kvmgt_guest_info *info;
1529         struct intel_vgpu *vgpu;
1530         struct kvm *kvm;
1531
1532         vgpu = mdev_get_drvdata(mdev);
1533         if (handle_valid(vgpu->handle))
1534                 return -EEXIST;
1535
1536         kvm = vgpu->vdev.kvm;
1537         if (!kvm || kvm->mm != current->mm) {
1538                 gvt_vgpu_err("KVM is required to use Intel vGPU\n");
1539                 return -ESRCH;
1540         }
1541
1542         if (__kvmgt_vgpu_exist(vgpu, kvm))
1543                 return -EEXIST;
1544
1545         info = vzalloc(sizeof(struct kvmgt_guest_info));
1546         if (!info)
1547                 return -ENOMEM;
1548
1549         vgpu->handle = (unsigned long)info;
1550         info->vgpu = vgpu;
1551         info->kvm = kvm;
1552         kvm_get_kvm(info->kvm);
1553
1554         kvmgt_protect_table_init(info);
1555         gvt_cache_init(vgpu);
1556
1557         mutex_init(&vgpu->dmabuf_lock);
1558         init_completion(&vgpu->vblank_done);
1559
1560         info->track_node.track_write = kvmgt_page_track_write;
1561         info->track_node.track_flush_slot = kvmgt_page_track_flush_slot;
1562         kvm_page_track_register_notifier(kvm, &info->track_node);
1563
1564         info->debugfs_cache_entries = debugfs_create_ulong(
1565                                                 "kvmgt_nr_cache_entries",
1566                                                 0444, vgpu->debugfs,
1567                                                 &vgpu->vdev.nr_cache_entries);
1568         if (!info->debugfs_cache_entries)
1569                 gvt_vgpu_err("Cannot create kvmgt debugfs entry\n");
1570
1571         return 0;
1572 }
1573
1574 static bool kvmgt_guest_exit(struct kvmgt_guest_info *info)
1575 {
1576         debugfs_remove(info->debugfs_cache_entries);
1577
1578         kvm_page_track_unregister_notifier(info->kvm, &info->track_node);
1579         kvm_put_kvm(info->kvm);
1580         kvmgt_protect_table_destroy(info);
1581         gvt_cache_destroy(info->vgpu);
1582         vfree(info);
1583
1584         return true;
1585 }
1586
1587 static int kvmgt_attach_vgpu(void *vgpu, unsigned long *handle)
1588 {
1589         /* nothing to do here */
1590         return 0;
1591 }
1592
1593 static void kvmgt_detach_vgpu(unsigned long handle)
1594 {
1595         /* nothing to do here */
1596 }
1597
1598 static int kvmgt_inject_msi(unsigned long handle, u32 addr, u16 data)
1599 {
1600         struct kvmgt_guest_info *info;
1601         struct intel_vgpu *vgpu;
1602
1603         if (!handle_valid(handle))
1604                 return -ESRCH;
1605
1606         info = (struct kvmgt_guest_info *)handle;
1607         vgpu = info->vgpu;
1608
1609         /*
1610          * When guest is poweroff, msi_trigger is set to NULL, but vgpu's
1611          * config and mmio register isn't restored to default during guest
1612          * poweroff. If this vgpu is still used in next vm, this vgpu's pipe
1613          * may be enabled, then once this vgpu is active, it will get inject
1614          * vblank interrupt request. But msi_trigger is null until msi is
1615          * enabled by guest. so if msi_trigger is null, success is still
1616          * returned and don't inject interrupt into guest.
1617          */
1618         if (vgpu->vdev.msi_trigger == NULL)
1619                 return 0;
1620
1621         if (eventfd_signal(vgpu->vdev.msi_trigger, 1) == 1)
1622                 return 0;
1623
1624         return -EFAULT;
1625 }
1626
1627 static unsigned long kvmgt_gfn_to_pfn(unsigned long handle, unsigned long gfn)
1628 {
1629         struct kvmgt_guest_info *info;
1630         kvm_pfn_t pfn;
1631
1632         if (!handle_valid(handle))
1633                 return INTEL_GVT_INVALID_ADDR;
1634
1635         info = (struct kvmgt_guest_info *)handle;
1636
1637         pfn = gfn_to_pfn(info->kvm, gfn);
1638         if (is_error_noslot_pfn(pfn))
1639                 return INTEL_GVT_INVALID_ADDR;
1640
1641         return pfn;
1642 }
1643
1644 int kvmgt_dma_map_guest_page(unsigned long handle, unsigned long gfn,
1645                 dma_addr_t *dma_addr)
1646 {
1647         struct kvmgt_guest_info *info;
1648         struct intel_vgpu *vgpu;
1649         struct gvt_dma *entry;
1650         int ret;
1651
1652         if (!handle_valid(handle))
1653                 return -EINVAL;
1654
1655         info = (struct kvmgt_guest_info *)handle;
1656         vgpu = info->vgpu;
1657
1658         mutex_lock(&info->vgpu->vdev.cache_lock);
1659
1660         entry = __gvt_cache_find_gfn(info->vgpu, gfn);
1661         if (!entry) {
1662                 ret = gvt_dma_map_page(vgpu, gfn, dma_addr);
1663                 if (ret)
1664                         goto err_unlock;
1665
1666                 ret = __gvt_cache_add(info->vgpu, gfn, *dma_addr);
1667                 if (ret)
1668                         goto err_unmap;
1669         } else {
1670                 kref_get(&entry->ref);
1671                 *dma_addr = entry->dma_addr;
1672         }
1673
1674         mutex_unlock(&info->vgpu->vdev.cache_lock);
1675         return 0;
1676
1677 err_unmap:
1678         gvt_dma_unmap_page(vgpu, gfn, *dma_addr);
1679 err_unlock:
1680         mutex_unlock(&info->vgpu->vdev.cache_lock);
1681         return ret;
1682 }
1683
1684 static void __gvt_dma_release(struct kref *ref)
1685 {
1686         struct gvt_dma *entry = container_of(ref, typeof(*entry), ref);
1687
1688         gvt_dma_unmap_page(entry->vgpu, entry->gfn, entry->dma_addr);
1689         __gvt_cache_remove_entry(entry->vgpu, entry);
1690 }
1691
1692 void kvmgt_dma_unmap_guest_page(unsigned long handle, dma_addr_t dma_addr)
1693 {
1694         struct kvmgt_guest_info *info;
1695         struct gvt_dma *entry;
1696
1697         if (!handle_valid(handle))
1698                 return;
1699
1700         info = (struct kvmgt_guest_info *)handle;
1701
1702         mutex_lock(&info->vgpu->vdev.cache_lock);
1703         entry = __gvt_cache_find_dma_addr(info->vgpu, dma_addr);
1704         if (entry)
1705                 kref_put(&entry->ref, __gvt_dma_release);
1706         mutex_unlock(&info->vgpu->vdev.cache_lock);
1707 }
1708
1709 static int kvmgt_rw_gpa(unsigned long handle, unsigned long gpa,
1710                         void *buf, unsigned long len, bool write)
1711 {
1712         struct kvmgt_guest_info *info;
1713         struct kvm *kvm;
1714         int idx, ret;
1715         bool kthread = current->mm == NULL;
1716
1717         if (!handle_valid(handle))
1718                 return -ESRCH;
1719
1720         info = (struct kvmgt_guest_info *)handle;
1721         kvm = info->kvm;
1722
1723         if (kthread)
1724                 use_mm(kvm->mm);
1725
1726         idx = srcu_read_lock(&kvm->srcu);
1727         ret = write ? kvm_write_guest(kvm, gpa, buf, len) :
1728                       kvm_read_guest(kvm, gpa, buf, len);
1729         srcu_read_unlock(&kvm->srcu, idx);
1730
1731         if (kthread)
1732                 unuse_mm(kvm->mm);
1733
1734         return ret;
1735 }
1736
1737 static int kvmgt_read_gpa(unsigned long handle, unsigned long gpa,
1738                         void *buf, unsigned long len)
1739 {
1740         return kvmgt_rw_gpa(handle, gpa, buf, len, false);
1741 }
1742
1743 static int kvmgt_write_gpa(unsigned long handle, unsigned long gpa,
1744                         void *buf, unsigned long len)
1745 {
1746         return kvmgt_rw_gpa(handle, gpa, buf, len, true);
1747 }
1748
1749 static unsigned long kvmgt_virt_to_pfn(void *addr)
1750 {
1751         return PFN_DOWN(__pa(addr));
1752 }
1753
1754 static bool kvmgt_is_valid_gfn(unsigned long handle, unsigned long gfn)
1755 {
1756         struct kvmgt_guest_info *info;
1757         struct kvm *kvm;
1758
1759         if (!handle_valid(handle))
1760                 return false;
1761
1762         info = (struct kvmgt_guest_info *)handle;
1763         kvm = info->kvm;
1764
1765         return kvm_is_visible_gfn(kvm, gfn);
1766
1767 }
1768
1769 struct intel_gvt_mpt kvmgt_mpt = {
1770         .host_init = kvmgt_host_init,
1771         .host_exit = kvmgt_host_exit,
1772         .attach_vgpu = kvmgt_attach_vgpu,
1773         .detach_vgpu = kvmgt_detach_vgpu,
1774         .inject_msi = kvmgt_inject_msi,
1775         .from_virt_to_mfn = kvmgt_virt_to_pfn,
1776         .enable_page_track = kvmgt_page_track_add,
1777         .disable_page_track = kvmgt_page_track_remove,
1778         .read_gpa = kvmgt_read_gpa,
1779         .write_gpa = kvmgt_write_gpa,
1780         .gfn_to_mfn = kvmgt_gfn_to_pfn,
1781         .dma_map_guest_page = kvmgt_dma_map_guest_page,
1782         .dma_unmap_guest_page = kvmgt_dma_unmap_guest_page,
1783         .set_opregion = kvmgt_set_opregion,
1784         .get_vfio_device = kvmgt_get_vfio_device,
1785         .put_vfio_device = kvmgt_put_vfio_device,
1786         .is_valid_gfn = kvmgt_is_valid_gfn,
1787 };
1788 EXPORT_SYMBOL_GPL(kvmgt_mpt);
1789
1790 static int __init kvmgt_init(void)
1791 {
1792         return 0;
1793 }
1794
1795 static void __exit kvmgt_exit(void)
1796 {
1797 }
1798
1799 module_init(kvmgt_init);
1800 module_exit(kvmgt_exit);
1801
1802 MODULE_LICENSE("GPL and additional rights");
1803 MODULE_AUTHOR("Intel Corporation");