Revert: "vfio: Include No-IOMMU mode"

Revert commit 033291eccbdb ("vfio: Include No-IOMMU mode") due to lack of a user. This was originally intended to fill a need for the DPDK driver, but uptake has been slow so rather than support an unproven kernel interface revert it and revisit when userspace catches up. Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
author: Alex Williamson <alex.williamson@redhat.com> 2015-12-04 10:38:42 -0500
committer: Alex Williamson <alex.williamson@redhat.com> 2015-12-04 10:38:42 -0500
commit: ae5515d66362b9d96cdcfce504567f0b8b7bd83e (patch)
tree: 543c07268f2f11423e199e5972c9c1a506677996
parent: 049af1060bb81532f2700762a8ba71eb3fa81f5a (diff)
5 files changed, 10 insertions, 209 deletions
diff --git a/drivers/vfio/Kconfig b/drivers/vfio/Kconfig
index da6e2ce77495..850d86ca685b 100644
--- a/drivers/vfio/Kconfig
+++ b/drivers/vfio/Kconfig
@@ -31,21 +31,6 @@ menuconfig VFIO
          If you don't know what to do here, say N.
-menuconfig VFIO_NOIOMMU
-        bool "VFIO No-IOMMU support"
-        depends on VFIO
-        help
-          VFIO is built on the ability to isolate devices using the IOMMU.
-          Only with an IOMMU can userspace access to DMA capable devices be
-          considered secure.  VFIO No-IOMMU mode enables IOMMU groups for
-          devices without IOMMU backing for the purpose of re-using the VFIO
-          infrastructure in a non-secure mode.  Use of this mode will result
-          in an unsupportable kernel and will therefore taint the kernel.
-          Device assignment to virtual machines is also not possible with
-          this mode since there is no IOMMU to provide DMA translation.
-          If you don't know what to do here, say N.
 source "drivers/vfio/pci/Kconfig"
 source "drivers/vfio/platform/Kconfig"
 source "virt/lib/Kconfig"
diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
index 2760a7ba3f30..56bf6dbb93db 100644
--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -940,13 +940,13 @@ static int vfio_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
        if (pdev->hdr_type != PCI_HEADER_TYPE_NORMAL)
                return -EINVAL;
-        group = vfio_iommu_group_get(&pdev->dev);
+        group = iommu_group_get(&pdev->dev);
        if (!group)
                return -EINVAL;
        vdev = kzalloc(sizeof(*vdev), GFP_KERNEL);
        if (!vdev) {
-                vfio_iommu_group_put(group, &pdev->dev);
+                iommu_group_put(group);
                return -ENOMEM;
        }
@@ -957,7 +957,7 @@ static int vfio_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
        ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev);
        if (ret) {
-                vfio_iommu_group_put(group, &pdev->dev);
+                iommu_group_put(group);
                kfree(vdev);
                return ret;
        }
@@ -993,7 +993,7 @@ static void vfio_pci_remove(struct pci_dev *pdev)
        if (!vdev)
                return;
-        vfio_iommu_group_put(pdev->dev.iommu_group, &pdev->dev);
+        iommu_group_put(pdev->dev.iommu_group);
        kfree(vdev);
        if (vfio_pci_is_vga(pdev)) {
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 9da0703e09d0..6070b793cbcb 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -62,7 +62,6 @@ struct vfio_container {
        struct rw_semaphore             group_lock;
        struct vfio_iommu_driver        *iommu_driver;
        void                            *iommu_data;
-        bool                            noiommu;
 };
 struct vfio_unbound_dev {
@@ -85,7 +84,6 @@ struct vfio_group {
        struct list_head                unbound_list;
        struct mutex                    unbound_lock;
        atomic_t                        opened;
-        bool                            noiommu;
 };
 struct vfio_device {
@@ -97,147 +95,6 @@ struct vfio_device {
        void                            *device_data;
 };
-#ifdef CONFIG_VFIO_NOIOMMU
-static bool noiommu __read_mostly;
-module_param_named(enable_unsafe_noiommu_support,
-                   noiommu, bool, S_IRUGO | S_IWUSR);
-MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode.  This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel.  If you do not know what this is for, step away. (default: false)");
-#endif
-/*
- * vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe
- * and remove functions, any use cases other than acquiring the first
- * reference for the purpose of calling vfio_add_group_dev() or removing
- * that symmetric reference after vfio_del_group_dev() should use the raw
- * iommu_group_{get,put} functions.  In particular, vfio_iommu_group_put()
- * removes the device from the dummy group and cannot be nested.
- */
-struct iommu_group *vfio_iommu_group_get(struct device *dev)
-{
-        struct iommu_group *group;
-        int __maybe_unused ret;
-        group = iommu_group_get(dev);
-#ifdef CONFIG_VFIO_NOIOMMU
-        /*
-         * With noiommu enabled, an IOMMU group will be created for a device
-         * that doesn't already have one and doesn't have an iommu_ops on their
-         * bus.  We use iommu_present() again in the main code to detect these
-         * fake groups.
-         */
-        if (group || !noiommu || iommu_present(dev->bus))
-                return group;
-        group = iommu_group_alloc();
-        if (IS_ERR(group))
-                return NULL;
-        iommu_group_set_name(group, "vfio-noiommu");
-        ret = iommu_group_add_device(group, dev);
-        iommu_group_put(group);
-        if (ret)
-                return NULL;
-        /*
-         * Where to taint?  At this point we've added an IOMMU group for a
-         * device that is not backed by iommu_ops, therefore any iommu_
-         * callback using iommu_ops can legitimately Oops.  So, while we may
-         * be about to give a DMA capable device to a user without IOMMU
-         * protection, which is clearly taint-worthy, let's go ahead and do
-         * it here.
-         */
-        add_taint(TAINT_USER, LOCKDEP_STILL_OK);
-        dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
-#endif
-        return group;
-}
-EXPORT_SYMBOL_GPL(vfio_iommu_group_get);
-void vfio_iommu_group_put(struct iommu_group *group, struct device *dev)
-{
-#ifdef CONFIG_VFIO_NOIOMMU
-        if (!iommu_present(dev->bus))
-                iommu_group_remove_device(dev);
-#endif
-        iommu_group_put(group);
-}
-EXPORT_SYMBOL_GPL(vfio_iommu_group_put);
-#ifdef CONFIG_VFIO_NOIOMMU
-static void *vfio_noiommu_open(unsigned long arg)
-{
-        if (arg != VFIO_NOIOMMU_IOMMU)
-                return ERR_PTR(-EINVAL);
-        if (!capable(CAP_SYS_RAWIO))
-                return ERR_PTR(-EPERM);
-        return NULL;
-}
-static void vfio_noiommu_release(void *iommu_data)
-{
-}
-static long vfio_noiommu_ioctl(void *iommu_data,
-                               unsigned int cmd, unsigned long arg)
-{
-        if (cmd == VFIO_CHECK_EXTENSION)
-                return arg == VFIO_NOIOMMU_IOMMU ? 1 : 0;
-        return -ENOTTY;
-}
-static int vfio_iommu_present(struct device *dev, void *unused)
-{
-        return iommu_present(dev->bus) ? 1 : 0;
-}
-static int vfio_noiommu_attach_group(void *iommu_data,
-                                     struct iommu_group *iommu_group)
-{
-        return iommu_group_for_each_dev(iommu_group, NULL,
-                                        vfio_iommu_present) ? -EINVAL : 0;
-}
-static void vfio_noiommu_detach_group(void *iommu_data,
-                                      struct iommu_group *iommu_group)
-{
-}
-static struct vfio_iommu_driver_ops vfio_noiommu_ops = {
-        .name = "vfio-noiommu",
-        .owner = THIS_MODULE,
-        .open = vfio_noiommu_open,
-        .release = vfio_noiommu_release,
-        .ioctl = vfio_noiommu_ioctl,
-        .attach_group = vfio_noiommu_attach_group,
-        .detach_group = vfio_noiommu_detach_group,
-};
-static struct vfio_iommu_driver vfio_noiommu_driver = {
-        .ops = &vfio_noiommu_ops,
-};
-/*
- * Wrap IOMMU drivers, the noiommu driver is the one and only driver for
- * noiommu groups (and thus containers) and not available for normal groups.
- */
-#define vfio_for_each_iommu_driver(con, pos)                            \
-        for (pos = con->noiommu ? &vfio_noiommu_driver :                \
-             list_first_entry(&vfio.iommu_drivers_list,                 \
-                              struct vfio_iommu_driver, vfio_next);     \
-             (con->noiommu ? pos != NULL :                              \
-                        &pos->vfio_next != &vfio.iommu_drivers_list);   \
-              pos = con->noiommu ? NULL : list_next_entry(pos, vfio_next))
-#else
-#define vfio_for_each_iommu_driver(con, pos)                            \
-        list_for_each_entry(pos, &vfio.iommu_drivers_list, vfio_next)
-#endif
 /**
 * IOMMU driver registration
 */
@@ -342,8 +199,7 @@ static void vfio_group_unlock_and_free(struct vfio_group *group)
 /**
 * Group objects - create, release, get, put, search
 */
-static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
+static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group)
-                                            bool noiommu)
 {
        struct vfio_group *group, *tmp;
        struct device *dev;
@@ -361,7 +217,6 @@ static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
        atomic_set(&group->container_users, 0);
        atomic_set(&group->opened, 0);
        group->iommu_group = iommu_group;
-        group->noiommu = noiommu;
        group->nb.notifier_call = vfio_iommu_group_notifier;
@@ -397,8 +252,7 @@ static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
        dev = device_create(vfio.class, NULL,
                            MKDEV(MAJOR(vfio.group_devt), minor),
-                            group, "%s%d", noiommu ? "noiommu-" : "",
+                            group, "%d", iommu_group_id(iommu_group));
-                            iommu_group_id(iommu_group));
        if (IS_ERR(dev)) {
                vfio_free_group_minor(minor);
                vfio_group_unlock_and_free(group);
@@ -786,8 +640,7 @@ int vfio_add_group_dev(struct device *dev,
        group = vfio_group_get_from_iommu(iommu_group);
        if (!group) {
-                group = vfio_create_group(iommu_group,
+                group = vfio_create_group(iommu_group);
-                                          !iommu_present(dev->bus));
                if (IS_ERR(group)) {
                        iommu_group_put(iommu_group);
                        return PTR_ERR(group);
@@ -999,7 +852,8 @@ static long vfio_ioctl_check_extension(struct vfio_container *container,
                 */
                if (!driver) {
                        mutex_lock(&vfio.iommu_drivers_lock);
-                        vfio_for_each_iommu_driver(container, driver) {
+                        list_for_each_entry(driver, &vfio.iommu_drivers_list,
+                                            vfio_next) {
                                if (!try_module_get(driver->ops->owner))
                                        continue;
@@ -1068,7 +922,7 @@ static long vfio_ioctl_set_iommu(struct vfio_container *container,
        }
        mutex_lock(&vfio.iommu_drivers_lock);
-        vfio_for_each_iommu_driver(container, driver) {
+        list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
                void *data;
                if (!try_module_get(driver->ops->owner))
@@ -1333,9 +1187,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
        if (atomic_read(&group->container_users))
                return -EINVAL;
-        if (group->noiommu && !capable(CAP_SYS_RAWIO))
-                return -EPERM;
        f = fdget(container_fd);
        if (!f.file)
                return -EBADF;
@@ -1351,13 +1202,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
        down_write(&container->group_lock);
-        /* Real groups and fake groups cannot mix */
-        if (!list_empty(&container->group_list) &&
-            container->noiommu != group->noiommu) {
-                ret = -EPERM;
-                goto unlock_out;
-        }
        driver = container->iommu_driver;
        if (driver) {
                ret = driver->ops->attach_group(container->iommu_data,
@@ -1367,7 +1211,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
        }
        group->container = container;
-        container->noiommu = group->noiommu;
        list_add(&group->container_next, &container->group_list);
        /* Get a reference on the container and mark a user within the group */
@@ -1398,9 +1241,6 @@ static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
            !group->container->iommu_driver || !vfio_group_viable(group))
                return -EINVAL;
-        if (group->noiommu && !capable(CAP_SYS_RAWIO))
-                return -EPERM;
        device = vfio_device_get_from_name(group, buf);
        if (!device)
                return -ENODEV;
@@ -1443,10 +1283,6 @@ static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
        fd_install(ret, filep);
-        if (group->noiommu)
-                dev_warn(device->dev, "vfio-noiommu device opened by user "
-                         "(%s:%d)\n", current->comm, task_pid_nr(current));
        return ret;
 }
@@ -1535,11 +1371,6 @@ static int vfio_group_fops_open(struct inode *inode, struct file *filep)
        if (!group)
                return -ENODEV;
-        if (group->noiommu && !capable(CAP_SYS_RAWIO)) {
-                vfio_group_put(group);
-                return -EPERM;
-        }
        /* Do we need multiple instances of the group open?  Seems not. */
        opened = atomic_cmpxchg(&group->opened, 0, 1);
        if (opened) {
@@ -1702,11 +1533,6 @@ struct vfio_group *vfio_group_get_external_user(struct file *filep)
        if (!atomic_inc_not_zero(&group->container_users))
                return ERR_PTR(-EINVAL);
-        if (group->noiommu) {
-                atomic_dec(&group->container_users);
-                return ERR_PTR(-EPERM);
-        }
        if (!group->container->iommu_driver ||
                        !vfio_group_viable(group)) {
                atomic_dec(&group->container_users);
diff --git a/include/linux/vfio.h b/include/linux/vfio.h
index 610a86a892b8..ddb440975382 100644
--- a/include/linux/vfio.h
+++ b/include/linux/vfio.h
@@ -44,9 +44,6 @@ struct vfio_device_ops {
        void    (*request)(void *device_data, unsigned int count);
 };
-extern struct iommu_group *vfio_iommu_group_get(struct device *dev);
-extern void vfio_iommu_group_put(struct iommu_group *group, struct device *dev);
 extern int vfio_add_group_dev(struct device *dev,
                              const struct vfio_device_ops *ops,
                              void *device_data);
diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 751b69f858c8..9fd7b5d8df2f 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -39,13 +39,6 @@
 #define VFIO_SPAPR_TCE_v2_IOMMU         7
 /*
- * The No-IOMMU IOMMU offers no translation or isolation for devices and
- * supports no ioctls outside of VFIO_CHECK_EXTENSION.  Use of VFIO's No-IOMMU
- * code will taint the host kernel and should be used with extreme caution.
- */
-#define VFIO_NOIOMMU_IOMMU              8
-/*
 * The IOCTL interface is designed for extensibility by embedding the
 * structure length (argsz) and flags into structures passed between
 * kernel and userspace.  We therefore use the _IO() macro for these
author	Alex Williamson <alex.williamson@redhat.com>	2015-12-04 10:38:42 -0500
committer	Alex Williamson <alex.williamson@redhat.com>	2015-12-04 10:38:42 -0500
commit	ae5515d66362b9d96cdcfce504567f0b8b7bd83e (patch)
tree	543c07268f2f11423e199e5972c9c1a506677996
parent	049af1060bb81532f2700762a8ba71eb3fa81f5a (diff)

diff --git a/drivers/vfio/Kconfig b/drivers/vfio/Kconfig index da6e2ce77495..850d86ca685b 100644 --- a/drivers/vfio/Kconfig +++ b/drivers/vfio/Kconfig
@@ -31,21 +31,6 @@ menuconfig VFIO
31		31
32	If you don't know what to do here, say N.	32	If you don't know what to do here, say N.
33		33
34	menuconfig VFIO_NOIOMMU
35	bool "VFIO No-IOMMU support"
36	depends on VFIO
37	help
38	VFIO is built on the ability to isolate devices using the IOMMU.
39	Only with an IOMMU can userspace access to DMA capable devices be
40	considered secure. VFIO No-IOMMU mode enables IOMMU groups for
41	devices without IOMMU backing for the purpose of re-using the VFIO
42	infrastructure in a non-secure mode. Use of this mode will result
43	in an unsupportable kernel and will therefore taint the kernel.
44	Device assignment to virtual machines is also not possible with
45	this mode since there is no IOMMU to provide DMA translation.
46
47	If you don't know what to do here, say N.
48
49	source "drivers/vfio/pci/Kconfig"	34	source "drivers/vfio/pci/Kconfig"
50	source "drivers/vfio/platform/Kconfig"	35	source "drivers/vfio/platform/Kconfig"
51	source "virt/lib/Kconfig"	36	source "virt/lib/Kconfig"


diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index 2760a7ba3f30..56bf6dbb93db 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c
@@ -940,13 +940,13 @@ static int vfio_pci_probe(struct pci_dev pdev, const struct pci_device_id id)
940	if (pdev->hdr_type != PCI_HEADER_TYPE_NORMAL)	940	if (pdev->hdr_type != PCI_HEADER_TYPE_NORMAL)
941	return -EINVAL;	941	return -EINVAL;
942		942
943	group = vfio_iommu_group_get(&pdev->dev);	943	group = iommu_group_get(&pdev->dev);
944	if (!group)	944	if (!group)
945	return -EINVAL;	945	return -EINVAL;
946		946
947	vdev = kzalloc(sizeof(*vdev), GFP_KERNEL);	947	vdev = kzalloc(sizeof(*vdev), GFP_KERNEL);
948	if (!vdev) {	948	if (!vdev) {
949	vfio_iommu_group_put(group, &pdev->dev);	949	iommu_group_put(group);
950	return -ENOMEM;	950	return -ENOMEM;
951	}	951	}
952		952
@@ -957,7 +957,7 @@ static int vfio_pci_probe(struct pci_dev pdev, const struct pci_device_id id)
957		957
958	ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev);	958	ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev);
959	if (ret) {	959	if (ret) {
960	vfio_iommu_group_put(group, &pdev->dev);	960	iommu_group_put(group);
961	kfree(vdev);	961	kfree(vdev);
962	return ret;	962	return ret;
963	}	963	}
@@ -993,7 +993,7 @@ static void vfio_pci_remove(struct pci_dev *pdev)
993	if (!vdev)	993	if (!vdev)
994	return;	994	return;
995		995
996	vfio_iommu_group_put(pdev->dev.iommu_group, &pdev->dev);	996	iommu_group_put(pdev->dev.iommu_group);
997	kfree(vdev);	997	kfree(vdev);
998		998
999	if (vfio_pci_is_vga(pdev)) {	999	if (vfio_pci_is_vga(pdev)) {


diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c index 9da0703e09d0..6070b793cbcb 100644 --- a/drivers/vfio/vfio.c +++ b/drivers/vfio/vfio.c
@@ -62,7 +62,6 @@ struct vfio_container {
62	struct rw_semaphore group_lock;	62	struct rw_semaphore group_lock;
63	struct vfio_iommu_driver *iommu_driver;	63	struct vfio_iommu_driver *iommu_driver;
64	void *iommu_data;	64	void *iommu_data;
65	bool noiommu;
66	};	65	};
67		66
68	struct vfio_unbound_dev {	67	struct vfio_unbound_dev {
@@ -85,7 +84,6 @@ struct vfio_group {
85	struct list_head unbound_list;	84	struct list_head unbound_list;
86	struct mutex unbound_lock;	85	struct mutex unbound_lock;
87	atomic_t opened;	86	atomic_t opened;
88	bool noiommu;
89	};	87	};
90		88
91	struct vfio_device {	89	struct vfio_device {
@@ -97,147 +95,6 @@ struct vfio_device {
97	void *device_data;	95	void *device_data;
98	};	96	};
99		97
100	#ifdef CONFIG_VFIO_NOIOMMU
101	static bool noiommu __read_mostly;
102	module_param_named(enable_unsafe_noiommu_support,
103	noiommu, bool, S_IRUGO \| S_IWUSR);
104	MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)");
105	#endif
106
107	/*
108	* vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe
109	* and remove functions, any use cases other than acquiring the first
110	* reference for the purpose of calling vfio_add_group_dev() or removing
111	* that symmetric reference after vfio_del_group_dev() should use the raw
112	* iommu_group_{get,put} functions. In particular, vfio_iommu_group_put()
113	* removes the device from the dummy group and cannot be nested.
114	*/
115	struct iommu_group vfio_iommu_group_get(struct device dev)
116	{
117	struct iommu_group *group;
118	int __maybe_unused ret;
119
120	group = iommu_group_get(dev);
121
122	#ifdef CONFIG_VFIO_NOIOMMU
123	/*
124	* With noiommu enabled, an IOMMU group will be created for a device
125	* that doesn't already have one and doesn't have an iommu_ops on their
126	* bus. We use iommu_present() again in the main code to detect these
127	* fake groups.
128	*/
129	if (group \|\| !noiommu \|\| iommu_present(dev->bus))
130	return group;
131
132	group = iommu_group_alloc();
133	if (IS_ERR(group))
134	return NULL;
135
136	iommu_group_set_name(group, "vfio-noiommu");
137	ret = iommu_group_add_device(group, dev);
138	iommu_group_put(group);
139	if (ret)
140	return NULL;
141
142	/*
143	* Where to taint? At this point we've added an IOMMU group for a
144	* device that is not backed by iommu_ops, therefore any iommu_
145	* callback using iommu_ops can legitimately Oops. So, while we may
146	* be about to give a DMA capable device to a user without IOMMU
147	* protection, which is clearly taint-worthy, let's go ahead and do
148	* it here.
149	*/
150	add_taint(TAINT_USER, LOCKDEP_STILL_OK);
151	dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
152	#endif
153
154	return group;
155	}
156	EXPORT_SYMBOL_GPL(vfio_iommu_group_get);
157
158	void vfio_iommu_group_put(struct iommu_group group, struct device dev)
159	{
160	#ifdef CONFIG_VFIO_NOIOMMU
161	if (!iommu_present(dev->bus))
162	iommu_group_remove_device(dev);
163	#endif
164
165	iommu_group_put(group);
166	}
167	EXPORT_SYMBOL_GPL(vfio_iommu_group_put);
168
169	#ifdef CONFIG_VFIO_NOIOMMU
170	static void *vfio_noiommu_open(unsigned long arg)
171	{
172	if (arg != VFIO_NOIOMMU_IOMMU)
173	return ERR_PTR(-EINVAL);
174	if (!capable(CAP_SYS_RAWIO))
175	return ERR_PTR(-EPERM);
176
177	return NULL;
178	}
179
180	static void vfio_noiommu_release(void *iommu_data)
181	{
182	}
183
184	static long vfio_noiommu_ioctl(void *iommu_data,
185	unsigned int cmd, unsigned long arg)
186	{
187	if (cmd == VFIO_CHECK_EXTENSION)
188	return arg == VFIO_NOIOMMU_IOMMU ? 1 : 0;
189
190	return -ENOTTY;
191	}
192
193	static int vfio_iommu_present(struct device dev, void unused)
194	{
195	return iommu_present(dev->bus) ? 1 : 0;
196	}
197
198	static int vfio_noiommu_attach_group(void *iommu_data,
199	struct iommu_group *iommu_group)
200	{
201	return iommu_group_for_each_dev(iommu_group, NULL,
202	vfio_iommu_present) ? -EINVAL : 0;
203	}
204
205	static void vfio_noiommu_detach_group(void *iommu_data,
206	struct iommu_group *iommu_group)
207	{
208	}
209
210	static struct vfio_iommu_driver_ops vfio_noiommu_ops = {
211	.name = "vfio-noiommu",
212	.owner = THIS_MODULE,
213	.open = vfio_noiommu_open,
214	.release = vfio_noiommu_release,
215	.ioctl = vfio_noiommu_ioctl,
216	.attach_group = vfio_noiommu_attach_group,
217	.detach_group = vfio_noiommu_detach_group,
218	};
219
220	static struct vfio_iommu_driver vfio_noiommu_driver = {
221	.ops = &vfio_noiommu_ops,
222	};
223
224	/*
225	* Wrap IOMMU drivers, the noiommu driver is the one and only driver for
226	* noiommu groups (and thus containers) and not available for normal groups.
227	*/
228	#define vfio_for_each_iommu_driver(con, pos) \
229	for (pos = con->noiommu ? &vfio_noiommu_driver : \
230	list_first_entry(&vfio.iommu_drivers_list, \
231	struct vfio_iommu_driver, vfio_next); \
232	(con->noiommu ? pos != NULL : \
233	&pos->vfio_next != &vfio.iommu_drivers_list); \
234	pos = con->noiommu ? NULL : list_next_entry(pos, vfio_next))
235	#else
236	#define vfio_for_each_iommu_driver(con, pos) \
237	list_for_each_entry(pos, &vfio.iommu_drivers_list, vfio_next)
238	#endif
239
240
241	/**	98	/**
242	* IOMMU driver registration	99	* IOMMU driver registration
243	*/	100	*/
@@ -342,8 +199,7 @@ static void vfio_group_unlock_and_free(struct vfio_group *group)
342	/**	199	/**
343	* Group objects - create, release, get, put, search	200	* Group objects - create, release, get, put, search
344	*/	201	*/
345	static struct vfio_group vfio_create_group(struct iommu_group iommu_group,	202	static struct vfio_group vfio_create_group(struct iommu_group iommu_group)
346	bool noiommu)
347	{	203	{
348	struct vfio_group group, tmp;	204	struct vfio_group group, tmp;
349	struct device *dev;	205	struct device *dev;
@@ -361,7 +217,6 @@ static struct vfio_group vfio_create_group(struct iommu_group iommu_group,
361	atomic_set(&group->container_users, 0);	217	atomic_set(&group->container_users, 0);
362	atomic_set(&group->opened, 0);	218	atomic_set(&group->opened, 0);
363	group->iommu_group = iommu_group;	219	group->iommu_group = iommu_group;
364	group->noiommu = noiommu;
365		220
366	group->nb.notifier_call = vfio_iommu_group_notifier;	221	group->nb.notifier_call = vfio_iommu_group_notifier;
367		222
@@ -397,8 +252,7 @@ static struct vfio_group vfio_create_group(struct iommu_group iommu_group,
397		252
398	dev = device_create(vfio.class, NULL,	253	dev = device_create(vfio.class, NULL,
399	MKDEV(MAJOR(vfio.group_devt), minor),	254	MKDEV(MAJOR(vfio.group_devt), minor),
400	group, "%s%d", noiommu ? "noiommu-" : "",	255	group, "%d", iommu_group_id(iommu_group));
401	iommu_group_id(iommu_group));
402	if (IS_ERR(dev)) {	256	if (IS_ERR(dev)) {
403	vfio_free_group_minor(minor);	257	vfio_free_group_minor(minor);
404	vfio_group_unlock_and_free(group);	258	vfio_group_unlock_and_free(group);
@@ -786,8 +640,7 @@ int vfio_add_group_dev(struct device *dev,
786		640
787	group = vfio_group_get_from_iommu(iommu_group);	641	group = vfio_group_get_from_iommu(iommu_group);
788	if (!group) {	642	if (!group) {
789	group = vfio_create_group(iommu_group,	643	group = vfio_create_group(iommu_group);
790	!iommu_present(dev->bus));
791	if (IS_ERR(group)) {	644	if (IS_ERR(group)) {
792	iommu_group_put(iommu_group);	645	iommu_group_put(iommu_group);
793	return PTR_ERR(group);	646	return PTR_ERR(group);
@@ -999,7 +852,8 @@ static long vfio_ioctl_check_extension(struct vfio_container *container,
999	*/	852	*/
1000	if (!driver) {	853	if (!driver) {
1001	mutex_lock(&vfio.iommu_drivers_lock);	854	mutex_lock(&vfio.iommu_drivers_lock);
1002	vfio_for_each_iommu_driver(container, driver) {	855	list_for_each_entry(driver, &vfio.iommu_drivers_list,
		856	vfio_next) {
1003	if (!try_module_get(driver->ops->owner))	857	if (!try_module_get(driver->ops->owner))
1004	continue;	858	continue;
1005		859
@@ -1068,7 +922,7 @@ static long vfio_ioctl_set_iommu(struct vfio_container *container,
1068	}	922	}
1069		923
1070	mutex_lock(&vfio.iommu_drivers_lock);	924	mutex_lock(&vfio.iommu_drivers_lock);
1071	vfio_for_each_iommu_driver(container, driver) {	925	list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
1072	void *data;	926	void *data;
1073		927
1074	if (!try_module_get(driver->ops->owner))	928	if (!try_module_get(driver->ops->owner))
@@ -1333,9 +1187,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1333	if (atomic_read(&group->container_users))	1187	if (atomic_read(&group->container_users))
1334	return -EINVAL;	1188	return -EINVAL;
1335		1189
1336	if (group->noiommu && !capable(CAP_SYS_RAWIO))
1337	return -EPERM;
1338
1339	f = fdget(container_fd);	1190	f = fdget(container_fd);
1340	if (!f.file)	1191	if (!f.file)
1341	return -EBADF;	1192	return -EBADF;
@@ -1351,13 +1202,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1351		1202
1352	down_write(&container->group_lock);	1203	down_write(&container->group_lock);
1353		1204
1354	/* Real groups and fake groups cannot mix */
1355	if (!list_empty(&container->group_list) &&
1356	container->noiommu != group->noiommu) {
1357	ret = -EPERM;
1358	goto unlock_out;
1359	}
1360
1361	driver = container->iommu_driver;	1205	driver = container->iommu_driver;
1362	if (driver) {	1206	if (driver) {
1363	ret = driver->ops->attach_group(container->iommu_data,	1207	ret = driver->ops->attach_group(container->iommu_data,
@@ -1367,7 +1211,6 @@ static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1367	}	1211	}
1368		1212
1369	group->container = container;	1213	group->container = container;
1370	container->noiommu = group->noiommu;
1371	list_add(&group->container_next, &container->group_list);	1214	list_add(&group->container_next, &container->group_list);
1372		1215
1373	/* Get a reference on the container and mark a user within the group */	1216	/* Get a reference on the container and mark a user within the group */
@@ -1398,9 +1241,6 @@ static int vfio_group_get_device_fd(struct vfio_group group, char buf)
1398	!group->container->iommu_driver \|\| !vfio_group_viable(group))	1241	!group->container->iommu_driver \|\| !vfio_group_viable(group))
1399	return -EINVAL;	1242	return -EINVAL;
1400		1243
1401	if (group->noiommu && !capable(CAP_SYS_RAWIO))
1402	return -EPERM;
1403
1404	device = vfio_device_get_from_name(group, buf);	1244	device = vfio_device_get_from_name(group, buf);
1405	if (!device)	1245	if (!device)
1406	return -ENODEV;	1246	return -ENODEV;
@@ -1443,10 +1283,6 @@ static int vfio_group_get_device_fd(struct vfio_group group, char buf)
1443		1283
1444	fd_install(ret, filep);	1284	fd_install(ret, filep);
1445		1285
1446	if (group->noiommu)
1447	dev_warn(device->dev, "vfio-noiommu device opened by user "
1448	"(%s:%d)\n", current->comm, task_pid_nr(current));
1449
1450	return ret;	1286	return ret;
1451	}	1287	}
1452		1288
@@ -1535,11 +1371,6 @@ static int vfio_group_fops_open(struct inode inode, struct file filep)
1535	if (!group)	1371	if (!group)
1536	return -ENODEV;	1372	return -ENODEV;
1537		1373
1538	if (group->noiommu && !capable(CAP_SYS_RAWIO)) {
1539	vfio_group_put(group);
1540	return -EPERM;
1541	}
1542
1543	/* Do we need multiple instances of the group open? Seems not. */	1374	/* Do we need multiple instances of the group open? Seems not. */
1544	opened = atomic_cmpxchg(&group->opened, 0, 1);	1375	opened = atomic_cmpxchg(&group->opened, 0, 1);
1545	if (opened) {	1376	if (opened) {
@@ -1702,11 +1533,6 @@ struct vfio_group vfio_group_get_external_user(struct file filep)
1702	if (!atomic_inc_not_zero(&group->container_users))	1533	if (!atomic_inc_not_zero(&group->container_users))
1703	return ERR_PTR(-EINVAL);	1534	return ERR_PTR(-EINVAL);
1704		1535
1705	if (group->noiommu) {
1706	atomic_dec(&group->container_users);
1707	return ERR_PTR(-EPERM);
1708	}
1709
1710	if (!group->container->iommu_driver \|\|	1536	if (!group->container->iommu_driver \|\|
1711	!vfio_group_viable(group)) {	1537	!vfio_group_viable(group)) {
1712	atomic_dec(&group->container_users);	1538	atomic_dec(&group->container_users);


diff --git a/include/linux/vfio.h b/include/linux/vfio.h index 610a86a892b8..ddb440975382 100644 --- a/include/linux/vfio.h +++ b/include/linux/vfio.h
@@ -44,9 +44,6 @@ struct vfio_device_ops {
44	void (request)(void device_data, unsigned int count);	44	void (request)(void device_data, unsigned int count);
45	};	45	};
46		46
47	extern struct iommu_group vfio_iommu_group_get(struct device dev);
48	extern void vfio_iommu_group_put(struct iommu_group group, struct device dev);
49
50	extern int vfio_add_group_dev(struct device *dev,	47	extern int vfio_add_group_dev(struct device *dev,
51	const struct vfio_device_ops *ops,	48	const struct vfio_device_ops *ops,
52	void *device_data);	49	void *device_data);


diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h index 751b69f858c8..9fd7b5d8df2f 100644 --- a/include/uapi/linux/vfio.h +++ b/include/uapi/linux/vfio.h
@@ -39,13 +39,6 @@
39	#define VFIO_SPAPR_TCE_v2_IOMMU 7	39	#define VFIO_SPAPR_TCE_v2_IOMMU 7
40		40
41	/*	41	/*
42	* The No-IOMMU IOMMU offers no translation or isolation for devices and
43	* supports no ioctls outside of VFIO_CHECK_EXTENSION. Use of VFIO's No-IOMMU
44	* code will taint the host kernel and should be used with extreme caution.
45	*/
46	#define VFIO_NOIOMMU_IOMMU 8
47
48	/*
49	* The IOCTL interface is designed for extensibility by embedding the	42	* The IOCTL interface is designed for extensibility by embedding the
50	* structure length (argsz) and flags into structures passed between	43	* structure length (argsz) and flags into structures passed between
51	* kernel and userspace. We therefore use the _IO() macro for these	44	* kernel and userspace. We therefore use the _IO() macro for these