From 20f300175a1e150dae231e21dfa1fc4c6fcf4db6 Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Tue, 9 Jun 2015 10:08:57 -0600 Subject: vfio/pci: Fix racy vfio_device_get_from_dev() call Testing the driver for a PCI device is racy, it can be all but complete in the release path and still report the driver as ours. Therefore we can't trust drvdata to be valid. This race can sometimes be seen when one port of a multifunction device is being unbound from the vfio-pci driver while another function is being released by the user and attempting a bus reset. The device in the remove path is found as a dependent device for the bus reset of the release path device, the driver is still set to vfio-pci, but the drvdata has already been cleared, resulting in a null pointer dereference. To resolve this, fix vfio_device_get_from_dev() to not take the dev_get_drvdata() shortcut and instead traverse through the iommu_group, vfio_group, vfio_device path to get a reference we can trust. Once we have that reference, we know the device isn't in transition and we can test to make sure the driver is still what we expect, so that we don't interfere with devices we don't own. Signed-off-by: Alex Williamson --- drivers/vfio/pci/vfio_pci.c | 16 +++++++++------- drivers/vfio/vfio.c | 27 +++++++++++++++++++-------- 2 files changed, 28 insertions(+), 15 deletions(-) (limited to 'drivers/vfio') diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index e9851add6f4e..964ad572aaee 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c @@ -1056,19 +1056,21 @@ struct vfio_devices { static int vfio_pci_get_devs(struct pci_dev *pdev, void *data) { struct vfio_devices *devs = data; - struct pci_driver *pci_drv = ACCESS_ONCE(pdev->driver); - - if (pci_drv != &vfio_pci_driver) - return -EBUSY; + struct vfio_device *device; if (devs->cur_index == devs->max_index) return -ENOSPC; - devs->devices[devs->cur_index] = vfio_device_get_from_dev(&pdev->dev); - if (!devs->devices[devs->cur_index]) + device = vfio_device_get_from_dev(&pdev->dev); + if (!device) return -EINVAL; - devs->cur_index++; + if (pci_dev_driver(pdev) != &vfio_pci_driver) { + vfio_device_put(device); + return -EBUSY; + } + + devs->devices[devs->cur_index++] = device; return 0; } diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c index e1278fe04b1e..2fb29dfeffbd 100644 --- a/drivers/vfio/vfio.c +++ b/drivers/vfio/vfio.c @@ -661,18 +661,29 @@ int vfio_add_group_dev(struct device *dev, EXPORT_SYMBOL_GPL(vfio_add_group_dev); /** - * Get a reference to the vfio_device for a device that is known to - * be bound to a vfio driver. The driver implicitly holds a - * vfio_device reference between vfio_add_group_dev and - * vfio_del_group_dev. We can therefore use drvdata to increment - * that reference from the struct device. This additional - * reference must be released by calling vfio_device_put. + * Get a reference to the vfio_device for a device. Even if the + * caller thinks they own the device, they could be racing with a + * release call path, so we can't trust drvdata for the shortcut. + * Go the long way around, from the iommu_group to the vfio_group + * to the vfio_device. */ struct vfio_device *vfio_device_get_from_dev(struct device *dev) { - struct vfio_device *device = dev_get_drvdata(dev); + struct iommu_group *iommu_group; + struct vfio_group *group; + struct vfio_device *device; + + iommu_group = iommu_group_get(dev); + if (!iommu_group) + return NULL; - vfio_device_get(device); + group = vfio_group_get_from_iommu(iommu_group); + iommu_group_put(iommu_group); + if (!group) + return NULL; + + device = vfio_group_get_device(group, dev); + vfio_group_put(group); return device; } -- cgit v1.2.3-70-g09d2 From 9f85d8f9fa342b22f01b8b4416c850bac00c2b4a Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Mon, 15 Jun 2015 11:09:42 +0200 Subject: VFIO: platform: add reset struct and lookup table This patch introduces the vfio_platform_reset_combo struct that stores all the information useful to handle the reset modality: compat string, name of the reset function, name of the module that implements the reset function. A lookup table of such structures is added, currently void. Signed-off-by: Eric Auger Acked-by: Baptiste Reynal Tested-by: Baptiste Reynal Signed-off-by: Alex Williamson --- drivers/vfio/platform/vfio_platform_common.c | 3 +++ drivers/vfio/platform/vfio_platform_private.h | 6 ++++++ 2 files changed, 9 insertions(+) (limited to 'drivers/vfio') diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c index abcff7a1aa66..611597e65f44 100644 --- a/drivers/vfio/platform/vfio_platform_common.c +++ b/drivers/vfio/platform/vfio_platform_common.c @@ -25,6 +25,9 @@ static DEFINE_MUTEX(driver_lock); +static const struct vfio_platform_reset_combo reset_lookup_table[] = { +}; + static int vfio_platform_regions_init(struct vfio_platform_device *vdev) { int cnt = 0, i; diff --git a/drivers/vfio/platform/vfio_platform_private.h b/drivers/vfio/platform/vfio_platform_private.h index 5d31e0473406..9e37b9fda483 100644 --- a/drivers/vfio/platform/vfio_platform_private.h +++ b/drivers/vfio/platform/vfio_platform_private.h @@ -69,6 +69,12 @@ struct vfio_platform_device { int (*get_irq)(struct vfio_platform_device *vdev, int i); }; +struct vfio_platform_reset_combo { + const char *compat; + const char *reset_function_name; + const char *module_name; +}; + extern int vfio_platform_probe_common(struct vfio_platform_device *vdev, struct device *dev); extern struct vfio_platform_device *vfio_platform_remove_common -- cgit v1.2.3-70-g09d2 From 813ae66008aeb97a48f20efefeb962179b642dbe Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Mon, 15 Jun 2015 11:09:43 +0200 Subject: VFIO: platform: add reset callback A new reset callback is introduced. If this callback is populated, the reset is invoked on device first open/last close or upon userspace ioctl. The modality is exposed on VFIO_DEVICE_GET_INFO. Signed-off-by: Eric Auger Acked-by: Baptiste Reynal Tested-by: Baptiste Reynal Signed-off-by: Alex Williamson --- drivers/vfio/platform/vfio_platform_common.c | 15 +++++++++++++-- drivers/vfio/platform/vfio_platform_private.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'drivers/vfio') diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c index 611597e65f44..63935811cbd9 100644 --- a/drivers/vfio/platform/vfio_platform_common.c +++ b/drivers/vfio/platform/vfio_platform_common.c @@ -103,6 +103,8 @@ static void vfio_platform_release(void *device_data) mutex_lock(&driver_lock); if (!(--vdev->refcnt)) { + if (vdev->reset) + vdev->reset(vdev); vfio_platform_regions_cleanup(vdev); vfio_platform_irq_cleanup(vdev); } @@ -130,6 +132,9 @@ static int vfio_platform_open(void *device_data) ret = vfio_platform_irq_init(vdev); if (ret) goto err_irq; + + if (vdev->reset) + vdev->reset(vdev); } vdev->refcnt++; @@ -162,6 +167,8 @@ static long vfio_platform_ioctl(void *device_data, if (info.argsz < minsz) return -EINVAL; + if (vdev->reset) + vdev->flags |= VFIO_DEVICE_FLAGS_RESET; info.flags = vdev->flags; info.num_regions = vdev->num_regions; info.num_irqs = vdev->num_irqs; @@ -255,8 +262,12 @@ static long vfio_platform_ioctl(void *device_data, return ret; - } else if (cmd == VFIO_DEVICE_RESET) - return -EINVAL; + } else if (cmd == VFIO_DEVICE_RESET) { + if (vdev->reset) + return vdev->reset(vdev); + else + return -EINVAL; + } return -ENOTTY; } diff --git a/drivers/vfio/platform/vfio_platform_private.h b/drivers/vfio/platform/vfio_platform_private.h index 9e37b9fda483..1c9b3d59543c 100644 --- a/drivers/vfio/platform/vfio_platform_private.h +++ b/drivers/vfio/platform/vfio_platform_private.h @@ -67,6 +67,7 @@ struct vfio_platform_device { struct resource* (*get_resource)(struct vfio_platform_device *vdev, int i); int (*get_irq)(struct vfio_platform_device *vdev, int i); + int (*reset)(struct vfio_platform_device *vdev); }; struct vfio_platform_reset_combo { -- cgit v1.2.3-70-g09d2 From 3eeb0d510c65e777030156f03c116393095a3248 Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Mon, 15 Jun 2015 11:09:44 +0200 Subject: VFIO: platform: populate the reset function on probe The reset function lookup happens on vfio-platform probe. The reset module load is requested and a reference to the function symbol is hold. The reference is released on vfio-platform remove. Signed-off-by: Eric Auger Acked-by: Baptiste Reynal Tested-by: Baptiste Reynal Signed-off-by: Alex Williamson --- drivers/vfio/platform/vfio_platform_common.c | 37 +++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) (limited to 'drivers/vfio') diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c index 63935811cbd9..f3391a93bc0c 100644 --- a/drivers/vfio/platform/vfio_platform_common.c +++ b/drivers/vfio/platform/vfio_platform_common.c @@ -28,6 +28,36 @@ static DEFINE_MUTEX(driver_lock); static const struct vfio_platform_reset_combo reset_lookup_table[] = { }; +static void vfio_platform_get_reset(struct vfio_platform_device *vdev, + struct device *dev) +{ + const char *compat; + int (*reset)(struct vfio_platform_device *); + int ret, i; + + ret = device_property_read_string(dev, "compatible", &compat); + if (ret) + return; + + for (i = 0 ; i < ARRAY_SIZE(reset_lookup_table); i++) { + if (!strcmp(reset_lookup_table[i].compat, compat)) { + request_module(reset_lookup_table[i].module_name); + reset = __symbol_get( + reset_lookup_table[i].reset_function_name); + if (reset) { + vdev->reset = reset; + return; + } + } + } +} + +static void vfio_platform_put_reset(struct vfio_platform_device *vdev) +{ + if (vdev->reset) + symbol_put_addr(vdev->reset); +} + static int vfio_platform_regions_init(struct vfio_platform_device *vdev) { int cnt = 0, i; @@ -516,6 +546,8 @@ int vfio_platform_probe_common(struct vfio_platform_device *vdev, return ret; } + vfio_platform_get_reset(vdev, dev); + mutex_init(&vdev->igate); return 0; @@ -527,8 +559,11 @@ struct vfio_platform_device *vfio_platform_remove_common(struct device *dev) struct vfio_platform_device *vdev; vdev = vfio_del_group_dev(dev); - if (vdev) + + if (vdev) { + vfio_platform_put_reset(vdev); iommu_group_put(dev->iommu_group); + } return vdev; } -- cgit v1.2.3-70-g09d2 From 713cc334a6cc20dd1740933bf49d804b081bbca0 Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Mon, 15 Jun 2015 11:09:45 +0200 Subject: VFIO: platform: Calxeda xgmac reset module This patch introduces a module that registers and implements a basic reset function for the Calxeda xgmac device. This latter basically disables interrupts and stops DMA transfers. The reset function code is inherited from the native calxeda xgmac driver. Signed-off-by: Eric Auger Acked-by: Baptiste Reynal Tested-by: Baptiste Reynal Signed-off-by: Alex Williamson --- drivers/vfio/platform/Kconfig | 2 + drivers/vfio/platform/Makefile | 2 + drivers/vfio/platform/reset/Kconfig | 7 ++ drivers/vfio/platform/reset/Makefile | 5 ++ .../platform/reset/vfio_platform_calxedaxgmac.c | 86 ++++++++++++++++++++++ drivers/vfio/platform/vfio_platform_common.c | 5 ++ 6 files changed, 107 insertions(+) create mode 100644 drivers/vfio/platform/reset/Kconfig create mode 100644 drivers/vfio/platform/reset/Makefile create mode 100644 drivers/vfio/platform/reset/vfio_platform_calxedaxgmac.c (limited to 'drivers/vfio') diff --git a/drivers/vfio/platform/Kconfig b/drivers/vfio/platform/Kconfig index 9a4403e2a36c..1df74772d1b7 100644 --- a/drivers/vfio/platform/Kconfig +++ b/drivers/vfio/platform/Kconfig @@ -18,3 +18,5 @@ config VFIO_AMBA framework. If you don't know what to do here, say N. + +source "drivers/vfio/platform/reset/Kconfig" diff --git a/drivers/vfio/platform/Makefile b/drivers/vfio/platform/Makefile index 81de144c0eaa..9ce8afe28450 100644 --- a/drivers/vfio/platform/Makefile +++ b/drivers/vfio/platform/Makefile @@ -2,7 +2,9 @@ vfio-platform-y := vfio_platform.o vfio_platform_common.o vfio_platform_irq.o obj-$(CONFIG_VFIO_PLATFORM) += vfio-platform.o +obj-$(CONFIG_VFIO_PLATFORM) += reset/ vfio-amba-y := vfio_amba.o obj-$(CONFIG_VFIO_AMBA) += vfio-amba.o +obj-$(CONFIG_VFIO_AMBA) += reset/ diff --git a/drivers/vfio/platform/reset/Kconfig b/drivers/vfio/platform/reset/Kconfig new file mode 100644 index 000000000000..746b96b0003b --- /dev/null +++ b/drivers/vfio/platform/reset/Kconfig @@ -0,0 +1,7 @@ +config VFIO_PLATFORM_CALXEDAXGMAC_RESET + tristate "VFIO support for calxeda xgmac reset" + depends on VFIO_PLATFORM + help + Enables the VFIO platform driver to handle reset for Calxeda xgmac + + If you don't know what to do here, say N. diff --git a/drivers/vfio/platform/reset/Makefile b/drivers/vfio/platform/reset/Makefile new file mode 100644 index 000000000000..2a486af9f8fa --- /dev/null +++ b/drivers/vfio/platform/reset/Makefile @@ -0,0 +1,5 @@ +vfio-platform-calxedaxgmac-y := vfio_platform_calxedaxgmac.o + +ccflags-y += -Idrivers/vfio/platform + +obj-$(CONFIG_VFIO_PLATFORM_CALXEDAXGMAC_RESET) += vfio-platform-calxedaxgmac.o diff --git a/drivers/vfio/platform/reset/vfio_platform_calxedaxgmac.c b/drivers/vfio/platform/reset/vfio_platform_calxedaxgmac.c new file mode 100644 index 000000000000..619dc7d22082 --- /dev/null +++ b/drivers/vfio/platform/reset/vfio_platform_calxedaxgmac.c @@ -0,0 +1,86 @@ +/* + * VFIO platform driver specialized for Calxeda xgmac reset + * reset code is inherited from calxeda xgmac native driver + * + * Copyright 2010-2011 Calxeda, Inc. + * Copyright (c) 2015 Linaro Ltd. + * www.linaro.org + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . + */ + +#include +#include +#include +#include + +#include "vfio_platform_private.h" + +#define DRIVER_VERSION "0.1" +#define DRIVER_AUTHOR "Eric Auger " +#define DRIVER_DESC "Reset support for Calxeda xgmac vfio platform device" + +#define CALXEDAXGMAC_COMPAT "calxeda,hb-xgmac" + +/* XGMAC Register definitions */ +#define XGMAC_CONTROL 0x00000000 /* MAC Configuration */ + +/* DMA Control and Status Registers */ +#define XGMAC_DMA_CONTROL 0x00000f18 /* Ctrl (Operational Mode) */ +#define XGMAC_DMA_INTR_ENA 0x00000f1c /* Interrupt Enable */ + +/* DMA Control registe defines */ +#define DMA_CONTROL_ST 0x00002000 /* Start/Stop Transmission */ +#define DMA_CONTROL_SR 0x00000002 /* Start/Stop Receive */ + +/* Common MAC defines */ +#define MAC_ENABLE_TX 0x00000008 /* Transmitter Enable */ +#define MAC_ENABLE_RX 0x00000004 /* Receiver Enable */ + +static inline void xgmac_mac_disable(void __iomem *ioaddr) +{ + u32 value = readl(ioaddr + XGMAC_DMA_CONTROL); + + value &= ~(DMA_CONTROL_ST | DMA_CONTROL_SR); + writel(value, ioaddr + XGMAC_DMA_CONTROL); + + value = readl(ioaddr + XGMAC_CONTROL); + value &= ~(MAC_ENABLE_TX | MAC_ENABLE_RX); + writel(value, ioaddr + XGMAC_CONTROL); +} + +int vfio_platform_calxedaxgmac_reset(struct vfio_platform_device *vdev) +{ + struct vfio_platform_region reg = vdev->regions[0]; + + if (!reg.ioaddr) { + reg.ioaddr = + ioremap_nocache(reg.addr, reg.size); + if (!reg.ioaddr) + return -ENOMEM; + } + + /* disable IRQ */ + writel(0, reg.ioaddr + XGMAC_DMA_INTR_ENA); + + /* Disable the MAC core */ + xgmac_mac_disable(reg.ioaddr); + + return 0; +} +EXPORT_SYMBOL_GPL(vfio_platform_calxedaxgmac_reset); + +MODULE_VERSION(DRIVER_VERSION); +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR(DRIVER_AUTHOR); +MODULE_DESCRIPTION(DRIVER_DESC); diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c index f3391a93bc0c..e43efb5e92bf 100644 --- a/drivers/vfio/platform/vfio_platform_common.c +++ b/drivers/vfio/platform/vfio_platform_common.c @@ -26,6 +26,11 @@ static DEFINE_MUTEX(driver_lock); static const struct vfio_platform_reset_combo reset_lookup_table[] = { + { + .compat = "calxeda,hb-xgmac", + .reset_function_name = "vfio_platform_calxedaxgmac_reset", + .module_name = "vfio-platform-calxedaxgmac", + }, }; static void vfio_platform_get_reset(struct vfio_platform_device *vdev, -- cgit v1.2.3-70-g09d2 From e6bcd47f8f676bd03205c8ffe3fe194936a3e2ca Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Mon, 15 Jun 2015 11:13:52 +0200 Subject: VFIO: platform: enable ARM64 build This patch enables building VFIO platform and derivatives on ARM64. Signed-off-by: Eric Auger Acked-by: Baptiste Reynal Tested-by: Baptiste Reynal Signed-off-by: Alex Williamson --- drivers/vfio/platform/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/vfio') diff --git a/drivers/vfio/platform/Kconfig b/drivers/vfio/platform/Kconfig index 1df74772d1b7..bb30128782aa 100644 --- a/drivers/vfio/platform/Kconfig +++ b/drivers/vfio/platform/Kconfig @@ -1,6 +1,6 @@ config VFIO_PLATFORM tristate "VFIO support for platform devices" - depends on VFIO && EVENTFD && ARM + depends on VFIO && EVENTFD && (ARM || ARM64) select VFIO_VIRQFD help Support for platform devices with VFIO. This is required to make -- cgit v1.2.3-70-g09d2