5 files changed, 293 insertions, 4 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 2214384ff610..42160b031fcd 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1212,6 +1212,7 @@ int kvm_dev_ioctl_check_extension(long ext)
        case KVM_CAP_IRQ_INJECT_STATUS:
        case KVM_CAP_ASSIGN_DEV_IRQ:
        case KVM_CAP_IRQFD:
+        case KVM_CAP_IOEVENTFD:
        case KVM_CAP_PIT2:
        case KVM_CAP_PIT_STATE2:
                r = 1;
diff --git a/include/linux/kvm.h b/include/linux/kvm.h
index a74a1fcc28e9..230a91aa61c9 100644
--- a/include/linux/kvm.h
+++ b/include/linux/kvm.h
@@ -307,6 +307,28 @@ struct kvm_guest_debug {
        struct kvm_guest_debug_arch arch;
 };
+enum {
+        kvm_ioeventfd_flag_nr_datamatch,
+        kvm_ioeventfd_flag_nr_pio,
+        kvm_ioeventfd_flag_nr_deassign,
+        kvm_ioeventfd_flag_nr_max,
+};
+#define KVM_IOEVENTFD_FLAG_DATAMATCH (1 << kvm_ioeventfd_flag_nr_datamatch)
+#define KVM_IOEVENTFD_FLAG_PIO       (1 << kvm_ioeventfd_flag_nr_pio)
+#define KVM_IOEVENTFD_FLAG_DEASSIGN  (1 << kvm_ioeventfd_flag_nr_deassign)
+#define KVM_IOEVENTFD_VALID_FLAG_MASK  ((1 << kvm_ioeventfd_flag_nr_max) - 1)
+struct kvm_ioeventfd {
+        __u64 datamatch;
+        __u64 addr;        /* legal pio/mmio address */
+        __u32 len;         /* 1, 2, 4, or 8 bytes    */
+        __s32 fd;
+        __u32 flags;
+        __u8  pad[36];
+};
 #define KVM_TRC_SHIFT           16
 /*
 * kvm trace categories
@@ -412,6 +434,7 @@ struct kvm_guest_debug {
 #ifdef __KVM_HAVE_PIT_STATE2
 #define KVM_CAP_PIT_STATE2 35
 #endif
+#define KVM_CAP_IOEVENTFD 36
 #ifdef KVM_CAP_IRQ_ROUTING
@@ -520,6 +543,7 @@ struct kvm_irqfd {
 #define KVM_IRQFD                  _IOW(KVMIO, 0x76, struct kvm_irqfd)
 #define KVM_CREATE_PIT2            _IOW(KVMIO, 0x77, struct kvm_pit_config)
 #define KVM_SET_BOOT_CPU_ID        _IO(KVMIO, 0x78)
+#define KVM_IOEVENTFD             _IOW(KVMIO, 0x79, struct kvm_ioeventfd)
 /*
 * ioctls for vcpu fds
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 983b0bdeb3ff..6ec9fc56a49e 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -155,6 +155,7 @@ struct kvm {
                spinlock_t        lock;
                struct list_head  items;
        } irqfds;
+        struct list_head ioeventfds;
 #endif
        struct kvm_vm_stat stat;
        struct kvm_arch arch;
@@ -528,19 +529,24 @@ static inline void kvm_free_irq_routing(struct kvm *kvm) {}
 #ifdef CONFIG_HAVE_KVM_EVENTFD
-void kvm_irqfd_init(struct kvm *kvm);
+void kvm_eventfd_init(struct kvm *kvm);
 int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags);
 void kvm_irqfd_release(struct kvm *kvm);
+int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args);
 #else
-static inline void kvm_irqfd_init(struct kvm *kvm) {}
+static inline void kvm_eventfd_init(struct kvm *kvm) {}
 static inline int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags)
 {
        return -EINVAL;
 }
 static inline void kvm_irqfd_release(struct kvm *kvm) {}
+static inline int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+{
+        return -ENOSYS;
+}
 #endif /* CONFIG_HAVE_KVM_EVENTFD */
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
index 4092b8dcd510..99017e8a92ac 100644
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -21,6 +21,7 @@
 */
 #include <linux/kvm_host.h>
+#include <linux/kvm.h>
 #include <linux/workqueue.h>
 #include <linux/syscalls.h>
 #include <linux/wait.h>
@@ -28,6 +29,9 @@
 #include <linux/file.h>
 #include <linux/list.h>
 #include <linux/eventfd.h>
+#include <linux/kernel.h>
+#include "iodev.h"
 /*
 * --------------------------------------------------------------------
@@ -234,10 +238,11 @@ fail:
 }
 void
-kvm_irqfd_init(struct kvm *kvm)
+kvm_eventfd_init(struct kvm *kvm)
 {
        spin_lock_init(&kvm->irqfds.lock);
        INIT_LIST_HEAD(&kvm->irqfds.items);
+        INIT_LIST_HEAD(&kvm->ioeventfds);
 }
 /*
@@ -327,3 +332,247 @@ static void __exit irqfd_module_exit(void)
 module_init(irqfd_module_init);
 module_exit(irqfd_module_exit);
+/*
+ * --------------------------------------------------------------------
+ * ioeventfd: translate a PIO/MMIO memory write to an eventfd signal.
+ *
+ * userspace can register a PIO/MMIO address with an eventfd for receiving
+ * notification when the memory has been touched.
+ * --------------------------------------------------------------------
+ */
+struct _ioeventfd {
+        struct list_head     list;
+        u64                  addr;
+        int                  length;
+        struct eventfd_ctx  *eventfd;
+        u64                  datamatch;
+        struct kvm_io_device dev;
+        bool                 wildcard;
+};
+static inline struct _ioeventfd *
+to_ioeventfd(struct kvm_io_device *dev)
+{
+        return container_of(dev, struct _ioeventfd, dev);
+}
+static void
+ioeventfd_release(struct _ioeventfd *p)
+{
+        eventfd_ctx_put(p->eventfd);
+        list_del(&p->list);
+        kfree(p);
+}
+static bool
+ioeventfd_in_range(struct _ioeventfd *p, gpa_t addr, int len, const void *val)
+{
+        u64 _val;
+        if (!(addr == p->addr && len == p->length))
+                /* address-range must be precise for a hit */
+                return false;
+        if (p->wildcard)
+                /* all else equal, wildcard is always a hit */
+                return true;
+        /* otherwise, we have to actually compare the data */
+        BUG_ON(!IS_ALIGNED((unsigned long)val, len));
+        switch (len) {
+        case 1:
+                _val = *(u8 *)val;
+                break;
+        case 2:
+                _val = *(u16 *)val;
+                break;
+        case 4:
+                _val = *(u32 *)val;
+                break;
+        case 8:
+                _val = *(u64 *)val;
+                break;
+        default:
+                return false;
+        }
+        return _val == p->datamatch ? true : false;
+}
+/* MMIO/PIO writes trigger an event if the addr/val match */
+static int
+ioeventfd_write(struct kvm_io_device *this, gpa_t addr, int len,
+                const void *val)
+{
+        struct _ioeventfd *p = to_ioeventfd(this);
+        if (!ioeventfd_in_range(p, addr, len, val))
+                return -EOPNOTSUPP;
+        eventfd_signal(p->eventfd, 1);
+        return 0;
+}
+/*
+ * This function is called as KVM is completely shutting down.  We do not
+ * need to worry about locking just nuke anything we have as quickly as possible
+ */
+static void
+ioeventfd_destructor(struct kvm_io_device *this)
+{
+        struct _ioeventfd *p = to_ioeventfd(this);
+        ioeventfd_release(p);
+}
+static const struct kvm_io_device_ops ioeventfd_ops = {
+        .write      = ioeventfd_write,
+        .destructor = ioeventfd_destructor,
+};
+/* assumes kvm->slots_lock held */
+static bool
+ioeventfd_check_collision(struct kvm *kvm, struct _ioeventfd *p)
+{
+        struct _ioeventfd *_p;
+        list_for_each_entry(_p, &kvm->ioeventfds, list)
+                if (_p->addr == p->addr && _p->length == p->length &&
+                    (_p->wildcard || p->wildcard ||
+                     _p->datamatch == p->datamatch))
+                        return true;
+        return false;
+}
+static int
+kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+{
+        int                       pio = args->flags & KVM_IOEVENTFD_FLAG_PIO;
+        struct kvm_io_bus        *bus = pio ? &kvm->pio_bus : &kvm->mmio_bus;
+        struct _ioeventfd        *p;
+        struct eventfd_ctx       *eventfd;
+        int                       ret;
+        /* must be natural-word sized */
+        switch (args->len) {
+        case 1:
+        case 2:
+        case 4:
+        case 8:
+                break;
+        default:
+                return -EINVAL;
+        }
+        /* check for range overflow */
+        if (args->addr + args->len < args->addr)
+                return -EINVAL;
+        /* check for extra flags that we don't understand */
+        if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
+                return -EINVAL;
+        eventfd = eventfd_ctx_fdget(args->fd);
+        if (IS_ERR(eventfd))
+                return PTR_ERR(eventfd);
+        p = kzalloc(sizeof(*p), GFP_KERNEL);
+        if (!p) {
+                ret = -ENOMEM;
+                goto fail;
+        }
+        INIT_LIST_HEAD(&p->list);
+        p->addr    = args->addr;
+        p->length  = args->len;
+        p->eventfd = eventfd;
+        /* The datamatch feature is optional, otherwise this is a wildcard */
+        if (args->flags & KVM_IOEVENTFD_FLAG_DATAMATCH)
+                p->datamatch = args->datamatch;
+        else
+                p->wildcard = true;
+        down_write(&kvm->slots_lock);
+        /* Verify that there isnt a match already */
+        if (ioeventfd_check_collision(kvm, p)) {
+                ret = -EEXIST;
+                goto unlock_fail;
+        }
+        kvm_iodevice_init(&p->dev, &ioeventfd_ops);
+        ret = __kvm_io_bus_register_dev(bus, &p->dev);
+        if (ret < 0)
+                goto unlock_fail;
+        list_add_tail(&p->list, &kvm->ioeventfds);
+        up_write(&kvm->slots_lock);
+        return 0;
+unlock_fail:
+        up_write(&kvm->slots_lock);
+fail:
+        kfree(p);
+        eventfd_ctx_put(eventfd);
+        return ret;
+}
+static int
+kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+{
+        int                       pio = args->flags & KVM_IOEVENTFD_FLAG_PIO;
+        struct kvm_io_bus        *bus = pio ? &kvm->pio_bus : &kvm->mmio_bus;
+        struct _ioeventfd        *p, *tmp;
+        struct eventfd_ctx       *eventfd;
+        int                       ret = -ENOENT;
+        eventfd = eventfd_ctx_fdget(args->fd);
+        if (IS_ERR(eventfd))
+                return PTR_ERR(eventfd);
+        down_write(&kvm->slots_lock);
+        list_for_each_entry_safe(p, tmp, &kvm->ioeventfds, list) {
+                bool wildcard = !(args->flags & KVM_IOEVENTFD_FLAG_DATAMATCH);
+                if (p->eventfd != eventfd  ||
+                    p->addr != args->addr  ||
+                    p->length != args->len ||
+                    p->wildcard != wildcard)
+                        continue;
+                if (!p->wildcard && p->datamatch != args->datamatch)
+                        continue;
+                __kvm_io_bus_unregister_dev(bus, &p->dev);
+                ioeventfd_release(p);
+                ret = 0;
+                break;
+        }
+        up_write(&kvm->slots_lock);
+        eventfd_ctx_put(eventfd);
+        return ret;
+}
+int
+kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+{
+        if (args->flags & KVM_IOEVENTFD_FLAG_DEASSIGN)
+                return kvm_deassign_ioeventfd(kvm, args);
+        return kvm_assign_ioeventfd(kvm, args);
+}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 9c2fd025b8ae..d7b9bbba26da 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -979,7 +979,7 @@ static struct kvm *kvm_create_vm(void)
        spin_lock_init(&kvm->mmu_lock);
        spin_lock_init(&kvm->requests_lock);
        kvm_io_bus_init(&kvm->pio_bus);
-        kvm_irqfd_init(kvm);
+        kvm_eventfd_init(kvm);
        mutex_init(&kvm->lock);
        mutex_init(&kvm->irq_lock);
        kvm_io_bus_init(&kvm->mmio_bus);
@@ -2271,6 +2271,15 @@ static long kvm_vm_ioctl(struct file *filp,
                r = kvm_irqfd(kvm, data.fd, data.gsi, data.flags);
                break;
        }
+        case KVM_IOEVENTFD: {
+                struct kvm_ioeventfd data;
+                r = -EFAULT;
+                if (copy_from_user(&data, argp, sizeof data))
+                        goto out;
+                r = kvm_ioeventfd(kvm, &data);
+                break;
+        }
 #ifdef CONFIG_KVM_APIC_ARCHITECTURE
        case KVM_SET_BOOT_CPU_ID:
                r = 0;

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 2214384ff610..42160b031fcd 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c
@@ -1212,6 +1212,7 @@ int kvm_dev_ioctl_check_extension(long ext)
1212	case KVM_CAP_IRQ_INJECT_STATUS:	1212	case KVM_CAP_IRQ_INJECT_STATUS:
1213	case KVM_CAP_ASSIGN_DEV_IRQ:	1213	case KVM_CAP_ASSIGN_DEV_IRQ:
1214	case KVM_CAP_IRQFD:	1214	case KVM_CAP_IRQFD:
		1215	case KVM_CAP_IOEVENTFD:
1215	case KVM_CAP_PIT2:	1216	case KVM_CAP_PIT2:
1216	case KVM_CAP_PIT_STATE2:	1217	case KVM_CAP_PIT_STATE2:
1217	r = 1;	1218	r = 1;


diff --git a/include/linux/kvm.h b/include/linux/kvm.h index a74a1fcc28e9..230a91aa61c9 100644 --- a/include/linux/kvm.h +++ b/include/linux/kvm.h
@@ -307,6 +307,28 @@ struct kvm_guest_debug {
307	struct kvm_guest_debug_arch arch;	307	struct kvm_guest_debug_arch arch;
308	};	308	};
309		309
		310	enum {
		311	kvm_ioeventfd_flag_nr_datamatch,
		312	kvm_ioeventfd_flag_nr_pio,
		313	kvm_ioeventfd_flag_nr_deassign,
		314	kvm_ioeventfd_flag_nr_max,
		315	};
		316
		317	#define KVM_IOEVENTFD_FLAG_DATAMATCH (1 << kvm_ioeventfd_flag_nr_datamatch)
		318	#define KVM_IOEVENTFD_FLAG_PIO (1 << kvm_ioeventfd_flag_nr_pio)
		319	#define KVM_IOEVENTFD_FLAG_DEASSIGN (1 << kvm_ioeventfd_flag_nr_deassign)
		320
		321	#define KVM_IOEVENTFD_VALID_FLAG_MASK ((1 << kvm_ioeventfd_flag_nr_max) - 1)
		322
		323	struct kvm_ioeventfd {
		324	__u64 datamatch;
		325	__u64 addr; /* legal pio/mmio address */
		326	__u32 len; /* 1, 2, 4, or 8 bytes */
		327	__s32 fd;
		328	__u32 flags;
		329	__u8 pad[36];
		330	};
		331
310	#define KVM_TRC_SHIFT 16	332	#define KVM_TRC_SHIFT 16
311	/*	333	/*
312	* kvm trace categories	334	* kvm trace categories
@@ -412,6 +434,7 @@ struct kvm_guest_debug {
412	#ifdef __KVM_HAVE_PIT_STATE2	434	#ifdef __KVM_HAVE_PIT_STATE2
413	#define KVM_CAP_PIT_STATE2 35	435	#define KVM_CAP_PIT_STATE2 35
414	#endif	436	#endif
		437	#define KVM_CAP_IOEVENTFD 36
415		438
416	#ifdef KVM_CAP_IRQ_ROUTING	439	#ifdef KVM_CAP_IRQ_ROUTING
417		440
@@ -520,6 +543,7 @@ struct kvm_irqfd {
520	#define KVM_IRQFD _IOW(KVMIO, 0x76, struct kvm_irqfd)	543	#define KVM_IRQFD _IOW(KVMIO, 0x76, struct kvm_irqfd)
521	#define KVM_CREATE_PIT2 _IOW(KVMIO, 0x77, struct kvm_pit_config)	544	#define KVM_CREATE_PIT2 _IOW(KVMIO, 0x77, struct kvm_pit_config)
522	#define KVM_SET_BOOT_CPU_ID _IO(KVMIO, 0x78)	545	#define KVM_SET_BOOT_CPU_ID _IO(KVMIO, 0x78)
		546	#define KVM_IOEVENTFD _IOW(KVMIO, 0x79, struct kvm_ioeventfd)
523		547
524	/*	548	/*
525	* ioctls for vcpu fds	549	* ioctls for vcpu fds


diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 983b0bdeb3ff..6ec9fc56a49e 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h
@@ -155,6 +155,7 @@ struct kvm {
155	spinlock_t lock;	155	spinlock_t lock;
156	struct list_head items;	156	struct list_head items;
157	} irqfds;	157	} irqfds;
		158	struct list_head ioeventfds;
158	#endif	159	#endif
159	struct kvm_vm_stat stat;	160	struct kvm_vm_stat stat;
160	struct kvm_arch arch;	161	struct kvm_arch arch;
@@ -528,19 +529,24 @@ static inline void kvm_free_irq_routing(struct kvm *kvm) {}
528		529
529	#ifdef CONFIG_HAVE_KVM_EVENTFD	530	#ifdef CONFIG_HAVE_KVM_EVENTFD
530		531
531	void kvm_irqfd_init(struct kvm *kvm);	532	void kvm_eventfd_init(struct kvm *kvm);
532	int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags);	533	int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags);
533	void kvm_irqfd_release(struct kvm *kvm);	534	void kvm_irqfd_release(struct kvm *kvm);
		535	int kvm_ioeventfd(struct kvm kvm, struct kvm_ioeventfd args);
534		536
535	#else	537	#else
536		538
537	static inline void kvm_irqfd_init(struct kvm *kvm) {}	539	static inline void kvm_eventfd_init(struct kvm *kvm) {}
538	static inline int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags)	540	static inline int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags)
539	{	541	{
540	return -EINVAL;	542	return -EINVAL;
541	}	543	}
542		544
543	static inline void kvm_irqfd_release(struct kvm *kvm) {}	545	static inline void kvm_irqfd_release(struct kvm *kvm) {}
		546	static inline int kvm_ioeventfd(struct kvm kvm, struct kvm_ioeventfd args)
		547	{
		548	return -ENOSYS;
		549	}
544		550
545	#endif /* CONFIG_HAVE_KVM_EVENTFD */	551	#endif /* CONFIG_HAVE_KVM_EVENTFD */
546		552


diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c index 4092b8dcd510..99017e8a92ac 100644 --- a/virt/kvm/eventfd.c +++ b/virt/kvm/eventfd.c
@@ -21,6 +21,7 @@
21	*/	21	*/
22		22
23	#include <linux/kvm_host.h>	23	#include <linux/kvm_host.h>
		24	#include <linux/kvm.h>
24	#include <linux/workqueue.h>	25	#include <linux/workqueue.h>
25	#include <linux/syscalls.h>	26	#include <linux/syscalls.h>
26	#include <linux/wait.h>	27	#include <linux/wait.h>
@@ -28,6 +29,9 @@
28	#include <linux/file.h>	29	#include <linux/file.h>
29	#include <linux/list.h>	30	#include <linux/list.h>
30	#include <linux/eventfd.h>	31	#include <linux/eventfd.h>
		32	#include <linux/kernel.h>
		33
		34	#include "iodev.h"
31		35
32	/*	36	/*
33	* --------------------------------------------------------------------	37	* --------------------------------------------------------------------
@@ -234,10 +238,11 @@ fail:
234	}	238	}
235		239
236	void	240	void
237	kvm_irqfd_init(struct kvm *kvm)	241	kvm_eventfd_init(struct kvm *kvm)
238	{	242	{
239	spin_lock_init(&kvm->irqfds.lock);	243	spin_lock_init(&kvm->irqfds.lock);
240	INIT_LIST_HEAD(&kvm->irqfds.items);	244	INIT_LIST_HEAD(&kvm->irqfds.items);
		245	INIT_LIST_HEAD(&kvm->ioeventfds);
241	}	246	}
242		247
243	/*	248	/*
@@ -327,3 +332,247 @@ static void __exit irqfd_module_exit(void)
327		332
328	module_init(irqfd_module_init);	333	module_init(irqfd_module_init);
329	module_exit(irqfd_module_exit);	334	module_exit(irqfd_module_exit);
		335
		336	/*
		337	* --------------------------------------------------------------------
		338	* ioeventfd: translate a PIO/MMIO memory write to an eventfd signal.
		339	*
		340	* userspace can register a PIO/MMIO address with an eventfd for receiving
		341	* notification when the memory has been touched.
		342	* --------------------------------------------------------------------
		343	*/
		344
		345	struct _ioeventfd {
		346	struct list_head list;
		347	u64 addr;
		348	int length;
		349	struct eventfd_ctx *eventfd;
		350	u64 datamatch;
		351	struct kvm_io_device dev;
		352	bool wildcard;
		353	};
		354
		355	static inline struct _ioeventfd *
		356	to_ioeventfd(struct kvm_io_device *dev)
		357	{
		358	return container_of(dev, struct _ioeventfd, dev);
		359	}
		360
		361	static void
		362	ioeventfd_release(struct _ioeventfd *p)
		363	{
		364	eventfd_ctx_put(p->eventfd);
		365	list_del(&p->list);
		366	kfree(p);
		367	}
		368
		369	static bool
		370	ioeventfd_in_range(struct _ioeventfd p, gpa_t addr, int len, const void val)
		371	{
		372	u64 _val;
		373
		374	if (!(addr == p->addr && len == p->length))
		375	/* address-range must be precise for a hit */
		376	return false;
		377
		378	if (p->wildcard)
		379	/* all else equal, wildcard is always a hit */
		380	return true;
		381
		382	/* otherwise, we have to actually compare the data */
		383
		384	BUG_ON(!IS_ALIGNED((unsigned long)val, len));
		385
		386	switch (len) {
		387	case 1:
		388	_val = (u8 )val;
		389	break;
		390	case 2:
		391	_val = (u16 )val;
		392	break;
		393	case 4:
		394	_val = (u32 )val;
		395	break;
		396	case 8:
		397	_val = (u64 )val;
		398	break;
		399	default:
		400	return false;
		401	}
		402
		403	return _val == p->datamatch ? true : false;
		404	}
		405
		406	/* MMIO/PIO writes trigger an event if the addr/val match */
		407	static int
		408	ioeventfd_write(struct kvm_io_device *this, gpa_t addr, int len,
		409	const void *val)
		410	{
		411	struct _ioeventfd *p = to_ioeventfd(this);
		412
		413	if (!ioeventfd_in_range(p, addr, len, val))
		414	return -EOPNOTSUPP;
		415
		416	eventfd_signal(p->eventfd, 1);
		417	return 0;
		418	}
		419
		420	/*
		421	* This function is called as KVM is completely shutting down. We do not
		422	* need to worry about locking just nuke anything we have as quickly as possible
		423	*/
		424	static void
		425	ioeventfd_destructor(struct kvm_io_device *this)
		426	{
		427	struct _ioeventfd *p = to_ioeventfd(this);
		428
		429	ioeventfd_release(p);
		430	}
		431
		432	static const struct kvm_io_device_ops ioeventfd_ops = {
		433	.write = ioeventfd_write,
		434	.destructor = ioeventfd_destructor,
		435	};
		436
		437	/* assumes kvm->slots_lock held */
		438	static bool
		439	ioeventfd_check_collision(struct kvm kvm, struct _ioeventfd p)
		440	{
		441	struct _ioeventfd *_p;
		442
		443	list_for_each_entry(_p, &kvm->ioeventfds, list)
		444	if (_p->addr == p->addr && _p->length == p->length &&
		445	(_p->wildcard \|\| p->wildcard \|\|
		446	_p->datamatch == p->datamatch))
		447	return true;
		448
		449	return false;
		450	}
		451
		452	static int
		453	kvm_assign_ioeventfd(struct kvm kvm, struct kvm_ioeventfd args)
		454	{
		455	int pio = args->flags & KVM_IOEVENTFD_FLAG_PIO;
		456	struct kvm_io_bus *bus = pio ? &kvm->pio_bus : &kvm->mmio_bus;
		457	struct _ioeventfd *p;
		458	struct eventfd_ctx *eventfd;
		459	int ret;
		460
		461	/* must be natural-word sized */
		462	switch (args->len) {
		463	case 1:
		464	case 2:
		465	case 4:
		466	case 8:
		467	break;
		468	default:
		469	return -EINVAL;
		470	}
		471
		472	/* check for range overflow */
		473	if (args->addr + args->len < args->addr)
		474	return -EINVAL;
		475
		476	/* check for extra flags that we don't understand */
		477	if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
		478	return -EINVAL;
		479
		480	eventfd = eventfd_ctx_fdget(args->fd);
		481	if (IS_ERR(eventfd))
		482	return PTR_ERR(eventfd);
		483
		484	p = kzalloc(sizeof(*p), GFP_KERNEL);
		485	if (!p) {
		486	ret = -ENOMEM;
		487	goto fail;
		488	}
		489
		490	INIT_LIST_HEAD(&p->list);
		491	p->addr = args->addr;
		492	p->length = args->len;
		493	p->eventfd = eventfd;
		494
		495	/* The datamatch feature is optional, otherwise this is a wildcard */
		496	if (args->flags & KVM_IOEVENTFD_FLAG_DATAMATCH)
		497	p->datamatch = args->datamatch;
		498	else
		499	p->wildcard = true;
		500
		501	down_write(&kvm->slots_lock);
		502
		503	/* Verify that there isnt a match already */
		504	if (ioeventfd_check_collision(kvm, p)) {
		505	ret = -EEXIST;
		506	goto unlock_fail;
		507	}
		508
		509	kvm_iodevice_init(&p->dev, &ioeventfd_ops);
		510
		511	ret = __kvm_io_bus_register_dev(bus, &p->dev);
		512	if (ret < 0)
		513	goto unlock_fail;
		514
		515	list_add_tail(&p->list, &kvm->ioeventfds);
		516
		517	up_write(&kvm->slots_lock);
		518
		519	return 0;
		520
		521	unlock_fail:
		522	up_write(&kvm->slots_lock);
		523
		524	fail:
		525	kfree(p);
		526	eventfd_ctx_put(eventfd);
		527
		528	return ret;
		529	}
		530
		531	static int
		532	kvm_deassign_ioeventfd(struct kvm kvm, struct kvm_ioeventfd args)
		533	{
		534	int pio = args->flags & KVM_IOEVENTFD_FLAG_PIO;
		535	struct kvm_io_bus *bus = pio ? &kvm->pio_bus : &kvm->mmio_bus;
		536	struct _ioeventfd p, tmp;
		537	struct eventfd_ctx *eventfd;
		538	int ret = -ENOENT;
		539
		540	eventfd = eventfd_ctx_fdget(args->fd);
		541	if (IS_ERR(eventfd))
		542	return PTR_ERR(eventfd);
		543
		544	down_write(&kvm->slots_lock);
		545
		546	list_for_each_entry_safe(p, tmp, &kvm->ioeventfds, list) {
		547	bool wildcard = !(args->flags & KVM_IOEVENTFD_FLAG_DATAMATCH);
		548
		549	if (p->eventfd != eventfd \|\|
		550	p->addr != args->addr \|\|
		551	p->length != args->len \|\|
		552	p->wildcard != wildcard)
		553	continue;
		554
		555	if (!p->wildcard && p->datamatch != args->datamatch)
		556	continue;
		557
		558	__kvm_io_bus_unregister_dev(bus, &p->dev);
		559	ioeventfd_release(p);
		560	ret = 0;
		561	break;
		562	}
		563
		564	up_write(&kvm->slots_lock);
		565
		566	eventfd_ctx_put(eventfd);
		567
		568	return ret;
		569	}
		570
		571	int
		572	kvm_ioeventfd(struct kvm kvm, struct kvm_ioeventfd args)
		573	{
		574	if (args->flags & KVM_IOEVENTFD_FLAG_DEASSIGN)
		575	return kvm_deassign_ioeventfd(kvm, args);
		576
		577	return kvm_assign_ioeventfd(kvm, args);
		578	}


diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 9c2fd025b8ae..d7b9bbba26da 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c
@@ -979,7 +979,7 @@ static struct kvm *kvm_create_vm(void)
979	spin_lock_init(&kvm->mmu_lock);	979	spin_lock_init(&kvm->mmu_lock);
980	spin_lock_init(&kvm->requests_lock);	980	spin_lock_init(&kvm->requests_lock);
981	kvm_io_bus_init(&kvm->pio_bus);	981	kvm_io_bus_init(&kvm->pio_bus);
982	kvm_irqfd_init(kvm);	982	kvm_eventfd_init(kvm);
983	mutex_init(&kvm->lock);	983	mutex_init(&kvm->lock);
984	mutex_init(&kvm->irq_lock);	984	mutex_init(&kvm->irq_lock);
985	kvm_io_bus_init(&kvm->mmio_bus);	985	kvm_io_bus_init(&kvm->mmio_bus);
@@ -2271,6 +2271,15 @@ static long kvm_vm_ioctl(struct file *filp,
2271	r = kvm_irqfd(kvm, data.fd, data.gsi, data.flags);	2271	r = kvm_irqfd(kvm, data.fd, data.gsi, data.flags);
2272	break;	2272	break;
2273	}	2273	}
		2274	case KVM_IOEVENTFD: {
		2275	struct kvm_ioeventfd data;
		2276
		2277	r = -EFAULT;
		2278	if (copy_from_user(&data, argp, sizeof data))
		2279	goto out;
		2280	r = kvm_ioeventfd(kvm, &data);
		2281	break;
		2282	}
2274	#ifdef CONFIG_KVM_APIC_ARCHITECTURE	2283	#ifdef CONFIG_KVM_APIC_ARCHITECTURE
2275	case KVM_SET_BOOT_CPU_ID:	2284	case KVM_SET_BOOT_CPU_ID:
2276	r = 0;	2285	r = 0;