From: Yi Liu <yi.l.liu@intel.com>
To: alex.williamson@redhat.com, jgg@nvidia.com, kevin.tian@intel.com
Cc: joro@8bytes.org, robin.murphy@arm.com, cohuck@redhat.com,
eric.auger@redhat.com, nicolinc@nvidia.com, kvm@vger.kernel.org,
mjrosato@linux.ibm.com, chao.p.peng@linux.intel.com,
yi.l.liu@intel.com, yi.y.sun@linux.intel.com, peterx@redhat.com,
jasowang@redhat.com, shameerali.kolothum.thodi@huawei.com,
lulu@redhat.com, suravee.suthikulpanit@amd.com,
intel-gvt-dev@lists.freedesktop.org,
intel-gfx@lists.freedesktop.org, linux-s390@vger.kernel.org,
xudong.hao@intel.com, yan.y.zhao@intel.com,
terrence.xu@intel.com
Subject: [PATCH v6 11/24] vfio/pci: Accept device fd in VFIO_DEVICE_PCI_HOT_RESET ioctl
Date: Wed, 8 Mar 2023 05:28:50 -0800 [thread overview]
Message-ID: <20230308132903.465159-12-yi.l.liu@intel.com> (raw)
In-Reply-To: <20230308132903.465159-1-yi.l.liu@intel.com>
VFIO PCI device hot reset requires user to provide a set of FDs to prove
ownership on the affected devices in the hot reset. Either group fd or
device fd can be used. But when user uses vfio device cdev, there is only
device fd, hence VFIO_DEVICE_PCI_HOT_RESET needs to be extended to accept
device fds.
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
---
drivers/vfio/group.c | 15 +-----------
drivers/vfio/pci/vfio_pci_core.c | 22 +++++++++++------
drivers/vfio/vfio.h | 1 +
drivers/vfio/vfio_main.c | 42 ++++++++++++++++++++++++++++++++
include/linux/vfio.h | 1 +
include/uapi/linux/vfio.h | 6 +++--
6 files changed, 63 insertions(+), 24 deletions(-)
diff --git a/drivers/vfio/group.c b/drivers/vfio/group.c
index 4a220d5bf79b..6280368eb0bd 100644
--- a/drivers/vfio/group.c
+++ b/drivers/vfio/group.c
@@ -852,23 +852,10 @@ void vfio_group_set_kvm(struct vfio_group *group, struct kvm *kvm)
spin_unlock(&group->kvm_ref_lock);
}
-/**
- * vfio_file_has_dev - True if the VFIO file is a handle for device
- * @file: VFIO file to check
- * @device: Device that must be part of the file
- *
- * Returns true if given file has permission to manipulate the given device.
- */
-bool vfio_file_has_dev(struct file *file, struct vfio_device *device)
+bool vfio_group_has_dev(struct vfio_group *group, struct vfio_device *device)
{
- struct vfio_group *group = vfio_group_from_file(file);
-
- if (!group)
- return false;
-
return group == device->group;
}
-EXPORT_SYMBOL_GPL(vfio_file_has_dev);
static char *vfio_devnode(const struct device *dev, umode_t *mode)
{
diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
index 265a0058436c..123b468ead73 100644
--- a/drivers/vfio/pci/vfio_pci_core.c
+++ b/drivers/vfio/pci/vfio_pci_core.c
@@ -1300,7 +1300,7 @@ static int vfio_pci_ioctl_pci_hot_reset(struct vfio_pci_core_device *vdev,
return -ENOMEM;
}
- if (copy_from_user(user_fds, arg->group_fds,
+ if (copy_from_user(user_fds, arg->fds,
hdr.count * sizeof(*user_fds))) {
kfree(user_fds);
kfree(files);
@@ -1308,8 +1308,8 @@ static int vfio_pci_ioctl_pci_hot_reset(struct vfio_pci_core_device *vdev,
}
/*
- * Get the group file for each fd to ensure the group held across
- * the reset
+ * Get the file for each fd to ensure the group/device file
+ * is held across the reset
*/
for (file_idx = 0; file_idx < hdr.count; file_idx++) {
struct file *file = fget(user_fds[file_idx]);
@@ -1319,8 +1319,14 @@ static int vfio_pci_ioctl_pci_hot_reset(struct vfio_pci_core_device *vdev,
break;
}
- /* Ensure the FD is a vfio group FD.*/
- if (!vfio_file_is_group(file)) {
+ /*
+ * For vfio group FD, sanitize the file is enough.
+ * For vfio device FD, needs to ensure it has got the
+ * access to device, otherwise it cannot be used as
+ * proof of device ownership.
+ */
+ if (!vfio_file_is_valid(file) ||
+ (!vfio_file_is_group(file) && !vfio_file_has_device_access(file))) {
fput(file);
ret = -EINVAL;
break;
@@ -2440,9 +2446,9 @@ static int vfio_pci_dev_set_hot_reset(struct vfio_device_set *dev_set,
* by other users.
*
* For the devices that have been opened, needs to check the
- * ownership. If the user provides a set of group fds, test
- * whether all the opened affected devices are contained by the
- * set of groups provided by the user.
+ * ownership. If the user provides a set of group/device
+ * fds, test whether all the opened devices are contained
+ * by the set of groups/devices provided by the user.
*/
if (cur_vma->vdev.open_count &&
!vfio_dev_in_user_fds(cur_vma, user_info)) {
diff --git a/drivers/vfio/vfio.h b/drivers/vfio/vfio.h
index e60c409868f8..464263288d16 100644
--- a/drivers/vfio/vfio.h
+++ b/drivers/vfio/vfio.h
@@ -96,6 +96,7 @@ void vfio_device_group_close(struct vfio_device_file *df);
struct vfio_group *vfio_group_from_file(struct file *file);
bool vfio_group_enforced_coherent(struct vfio_group *group);
void vfio_group_set_kvm(struct vfio_group *group, struct kvm *kvm);
+bool vfio_group_has_dev(struct vfio_group *group, struct vfio_device *device);
bool vfio_device_has_container(struct vfio_device *device);
int __init vfio_group_init(void);
void vfio_group_cleanup(void);
diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
index 027410e8d4a8..cf9994a65df3 100644
--- a/drivers/vfio/vfio_main.c
+++ b/drivers/vfio/vfio_main.c
@@ -1277,6 +1277,48 @@ void vfio_file_set_kvm(struct file *file, struct kvm *kvm)
}
EXPORT_SYMBOL_GPL(vfio_file_set_kvm);
+/**
+ * vfio_file_has_device_access - True if the file has opened device
+ * @file: VFIO device file
+ */
+bool vfio_file_has_device_access(struct file *file)
+{
+ struct vfio_device_file *df;
+
+ if (vfio_group_from_file(file) ||
+ !vfio_device_from_file(file))
+ return false;
+
+ df = file->private_data;
+
+ return READ_ONCE(df->access_granted);
+}
+EXPORT_SYMBOL_GPL(vfio_file_has_device_access);
+
+/**
+ * vfio_file_has_dev - True if the VFIO file is a handle for device
+ * @file: VFIO file to check
+ * @device: Device that must be part of the file
+ *
+ * Returns true if given file has permission to manipulate the given device.
+ */
+bool vfio_file_has_dev(struct file *file, struct vfio_device *device)
+{
+ struct vfio_group *group;
+ struct vfio_device *vdev;
+
+ group = vfio_group_from_file(file);
+ if (group)
+ return vfio_group_has_dev(group, device);
+
+ vdev = vfio_device_from_file(file);
+ if (device)
+ return vdev == device;
+
+ return false;
+}
+EXPORT_SYMBOL_GPL(vfio_file_has_dev);
+
/*
* Sub-module support
*/
diff --git a/include/linux/vfio.h b/include/linux/vfio.h
index b14dcdd0b71f..1c69be2d687e 100644
--- a/include/linux/vfio.h
+++ b/include/linux/vfio.h
@@ -248,6 +248,7 @@ bool vfio_file_is_group(struct file *file);
bool vfio_file_is_valid(struct file *file);
bool vfio_file_enforced_coherent(struct file *file);
void vfio_file_set_kvm(struct file *file, struct kvm *kvm);
+bool vfio_file_has_device_access(struct file *file);
bool vfio_file_has_dev(struct file *file, struct vfio_device *device);
#define VFIO_PIN_PAGES_MAX_ENTRIES (PAGE_SIZE/sizeof(unsigned long))
diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index f96e5689cffc..d80141969cd1 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -679,7 +679,9 @@ struct vfio_pci_hot_reset_info {
* the calling user must ensure all affected devices, if opened, are
* owned by itself.
*
- * The ownership is proved by an array of group fds.
+ * The ownership can be proved by:
+ * - An array of group fds
+ * - An array of device fds
*
* Return: 0 on success, -errno on failure.
*/
@@ -687,7 +689,7 @@ struct vfio_pci_hot_reset {
__u32 argsz;
__u32 flags;
__u32 count;
- __s32 group_fds[];
+ __s32 fds[];
};
#define VFIO_DEVICE_PCI_HOT_RESET _IO(VFIO_TYPE, VFIO_BASE + 13)
--
2.34.1
next prev parent reply other threads:[~2023-03-08 13:32 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-08 13:28 [PATCH v6 00/24] cover-letter: Add vfio_device cdev for iommufd support Yi Liu
2023-03-08 13:28 ` [PATCH v6 01/24] vfio: Allocate per device file structure Yi Liu
2023-03-08 13:28 ` [PATCH v6 02/24] vfio: Refine vfio file kAPIs for KVM Yi Liu
2023-03-08 13:28 ` [PATCH v6 03/24] vfio: Accept vfio device file in the KVM facing kAPI Yi Liu
2023-03-08 13:28 ` [PATCH v6 04/24] kvm/vfio: Rename kvm_vfio_group to prepare for accepting vfio device fd Yi Liu
2023-03-08 13:28 ` [PATCH v6 05/24] kvm/vfio: Accept vfio device file from userspace Yi Liu
2023-03-22 14:10 ` Xu Yilun
2023-03-28 3:48 ` Liu, Yi L
2023-03-08 13:28 ` [PATCH v6 06/24] vfio: Pass struct vfio_device_file * to vfio_device_open/close() Yi Liu
2023-03-08 13:28 ` [PATCH v6 07/24] vfio: Block device access via device fd until device is opened Yi Liu
2023-03-10 4:50 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 08/24] vfio/pci: Update comment around group_fd get in vfio_pci_ioctl_pci_hot_reset() Yi Liu
2023-03-08 13:28 ` [PATCH v6 09/24] vfio/pci: Only need to check opened devices in the dev_set for hot reset Yi Liu
2023-03-10 5:00 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 10/24] vfio/pci: Rename the helpers and data in hot reset path to accept device fd Yi Liu
2023-03-10 5:01 ` Tian, Kevin
2023-03-08 13:28 ` Yi Liu [this message]
2023-03-10 5:08 ` [PATCH v6 11/24] vfio/pci: Accept device fd in VFIO_DEVICE_PCI_HOT_RESET ioctl Tian, Kevin
2023-03-10 5:38 ` Liu, Yi L
2023-03-08 13:28 ` [PATCH v6 12/24] vfio/pci: Allow passing zero-length fd array in VFIO_DEVICE_PCI_HOT_RESET Yi Liu
2023-03-10 5:31 ` Tian, Kevin
2023-03-10 6:04 ` Liu, Yi L
2023-03-10 9:08 ` Tian, Kevin
2023-03-10 17:42 ` Jason Gunthorpe
2023-03-15 22:53 ` Alex Williamson
2023-03-15 23:31 ` Tian, Kevin
2023-03-16 3:54 ` [offlist] " Liu, Yi L
2023-03-16 6:09 ` Tian, Kevin
2023-03-16 6:28 ` Liu, Yi L
2023-03-16 6:49 ` Nicolin Chen
2023-03-16 13:22 ` Liu, Yi L
2023-03-16 21:27 ` Nicolin Chen
2023-03-16 18:45 ` Alex Williamson
2023-03-16 23:29 ` Tian, Kevin
2023-03-17 0:22 ` Alex Williamson
2023-03-17 0:57 ` Tian, Kevin
2023-03-17 15:15 ` Alex Williamson
2023-03-20 17:14 ` Jason Gunthorpe
2023-03-20 22:52 ` Alex Williamson
2023-03-20 23:39 ` Jason Gunthorpe
2023-03-21 20:31 ` Alex Williamson
2023-03-21 20:50 ` Jason Gunthorpe
2023-03-21 21:01 ` Alex Williamson
2023-03-21 22:20 ` Jason Gunthorpe
2023-03-21 22:47 ` Alex Williamson
2023-03-22 4:42 ` Liu, Yi L
2023-03-22 12:23 ` Alex Williamson
2023-03-22 12:27 ` Jason Gunthorpe
2023-03-22 12:36 ` Alex Williamson
2023-03-22 12:47 ` Jason Gunthorpe
2023-03-24 9:09 ` Tian, Kevin
2023-03-24 13:14 ` Jason Gunthorpe
2023-03-22 8:17 ` Liu, Yi L
2023-03-22 12:17 ` Jason Gunthorpe
2023-03-22 13:33 ` Liu, Yi L
2023-03-22 13:43 ` Jason Gunthorpe
2023-03-23 3:15 ` Liu, Yi L
2023-03-23 12:02 ` Jason Gunthorpe
2023-03-24 9:25 ` Liu, Yi L
2023-03-27 11:57 ` Liu, Yi L
2023-03-08 13:28 ` [PATCH v6 13/24] vfio/iommufd: Split the compat_ioas attach out from vfio_iommufd_bind() Yi Liu
2023-03-10 8:08 ` Tian, Kevin
2023-03-10 8:22 ` Liu, Yi L
2023-03-10 9:10 ` Tian, Kevin
2023-03-11 10:24 ` Liu, Yi L
2023-03-13 2:06 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 14/24] vfio: Add cdev_device_open_cnt to vfio_group Yi Liu
2023-03-08 13:28 ` [PATCH v6 15/24] vfio: Make vfio_device_open() single open for device cdev path Yi Liu
2023-03-08 13:28 ` [PATCH v6 16/24] vfio: Make vfio_device_first_open() to cover the noiommu mode in " Yi Liu
2023-03-10 8:30 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 17/24] vfio-iommufd: Make vfio_iommufd_bind() selectively return devid Yi Liu
2023-03-10 8:31 ` Tian, Kevin
2023-03-08 13:28 ` [PATCH v6 18/24] vfio-iommufd: Add detach_ioas support for physical VFIO devices Yi Liu
2023-03-08 13:28 ` [PATCH v6 19/24] vfio-iommufd: Add detach_ioas support for emulated " Yi Liu
2023-03-10 23:42 ` Nicolin Chen
2023-03-15 6:15 ` Liu, Yi L
2023-03-15 6:25 ` Nicolin Chen
2023-03-08 13:28 ` [PATCH v6 20/24] vfio: Add cdev for vfio_device Yi Liu
2023-03-10 8:48 ` Tian, Kevin
2023-03-10 9:59 ` Liu, Yi L
2023-03-08 13:29 ` [PATCH v6 21/24] vfio: Add VFIO_DEVICE_BIND_IOMMUFD Yi Liu
2023-03-10 9:01 ` Tian, Kevin
2023-03-10 9:58 ` Liu, Yi L
2023-03-10 10:06 ` Tian, Kevin
2023-03-15 4:40 ` Liu, Yi L
2023-03-15 6:57 ` Tian, Kevin
2023-03-20 14:09 ` Jason Gunthorpe
2023-03-20 14:31 ` Yi Liu
2023-03-20 17:16 ` Jason Gunthorpe
2023-03-21 1:30 ` Tian, Kevin
2023-03-21 12:00 ` Jason Gunthorpe
2023-03-21 14:37 ` Liu, Yi L
2023-03-21 14:41 ` Jason Gunthorpe
2023-03-21 14:51 ` Liu, Yi L
2023-03-21 14:58 ` Jason Gunthorpe
2023-03-21 15:10 ` Liu, Yi L
2023-03-21 16:54 ` Jason Gunthorpe
2023-03-08 13:29 ` [PATCH v6 22/24] vfio: Add VFIO_DEVICE_AT[DE]TACH_IOMMUFD_PT Yi Liu
2023-03-08 13:29 ` [PATCH v6 23/24] vfio: Compile group optionally Yi Liu
2023-03-10 9:03 ` Tian, Kevin
2023-03-08 13:29 ` [PATCH v6 24/24] docs: vfio: Add vfio device cdev description Yi Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230308132903.465159-12-yi.l.liu@intel.com \
--to=yi.l.liu@intel.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jasowang@redhat.com \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=terrence.xu@intel.com \
--cc=xudong.hao@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yi.y.sun@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox