summaryrefslogtreecommitdiffstats
path: root/samples/vfio-mdev
Commit message (Collapse)AuthorAgeFilesLines
* vfio/mdev: Remove mdev_parent_opsJason Gunthorpe2022-04-213-21/+6
| | | | | | | | | | | | | | The last useful member in this struct is the supported_type_groups, move it to the mdev_driver and delete mdev_parent_ops. Replace it with mdev_driver as an argument to mdev_register_device() Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Zhi Wang <zhi.a.wang@intel.com> Link: http://patchwork.freedesktop.org/patch/msgid/20220411141403.86980-33-hch@lst.de Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Reviewed-by: Zhi Wang <zhi.a.wang@intel.com>
* vfio/mdev: Remove mdev_parent_ops dev_attr_groupsJason Gunthorpe2022-04-211-29/+1
| | | | | | | | | | | | | | | | | | This is only used by one sample to print a fixed string that is pointless. In general, having a device driver attach sysfs attributes to the parent is horrific. This should never happen, and always leads to some kind of liftime bug as it become very difficult for the sysfs attribute to go back to any data owned by the device driver. Remove the general mechanism to create this abuse. Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Zhi Wang <zhi.a.wang@intel.com> Link: http://patchwork.freedesktop.org/patch/msgid/20220411141403.86980-32-hch@lst.de Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Reviewed-by: Zhi Wang <zhi.a.wang@intel.com>
* Merge tag 'char-misc-5.16-rc1' of ↵Linus Torvalds2021-11-041-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver updates from Greg KH: "Here is the big set of char and misc and other tiny driver subsystem updates for 5.16-rc1. Loads of things in here, all of which have been in linux-next for a while with no reported problems (except for one called out below.) Included are: - habanana labs driver updates, including dma_buf usage, reviewed and acked by the dma_buf maintainers - iio driver update (going through this tree not staging as they really do not belong going through that tree anymore) - counter driver updates - hwmon driver updates that the counter drivers needed, acked by the hwmon maintainer - xillybus driver updates - binder driver updates - extcon driver updates - dma_buf module namespaces added (will cause a build error in arm64 for allmodconfig, but that change is on its way through the drm tree) - lkdtm driver updates - pvpanic driver updates - phy driver updates - virt acrn and nitr_enclaves driver updates - smaller char and misc driver updates" * tag 'char-misc-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (386 commits) comedi: dt9812: fix DMA buffers on stack comedi: ni_usb6501: fix NULL-deref in command paths arm64: errata: Enable TRBE workaround for write to out-of-range address arm64: errata: Enable workaround for TRBE overwrite in FILL mode coresight: trbe: Work around write to out of range coresight: trbe: Make sure we have enough space coresight: trbe: Add a helper to determine the minimum buffer size coresight: trbe: Workaround TRBE errata overwrite in FILL mode coresight: trbe: Add infrastructure for Errata handling coresight: trbe: Allow driver to choose a different alignment coresight: trbe: Decouple buffer base from the hardware base coresight: trbe: Add a helper to pad a given buffer area coresight: trbe: Add a helper to calculate the trace generated coresight: trbe: Defer the probe on offline CPUs coresight: trbe: Fix incorrect access of the sink specific data coresight: etm4x: Add ETM PID for Kryo-5XX coresight: trbe: Prohibit trace before disabling TRBE coresight: trbe: End the AUX handle on truncation coresight: trbe: Do not truncate buffer on IRQ coresight: trbe: Fix handling of spurious interrupts ...
| * dma-buf: move dma-buf symbols into the DMA_BUF module namespaceGreg Kroah-Hartman2021-10-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to better track where in the kernel the dma-buf code is used, put the symbols in the namespace DMA_BUF and modify all users of the symbols to properly import the namespace to not break the build at the same time. Now the output of modinfo shows the use of these symbols, making it easier to watch for users over time: $ modinfo drivers/misc/fastrpc.ko | grep import import_ns: DMA_BUF Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com> Cc: David Airlie <airlied@linux.ie> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Maxime Ripard <mripard@kernel.org> Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: dri-devel@lists.freedesktop.org Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by: Christian König <christian.koenig@amd.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Sumit Semwal <sumit.semwal@linaro.org> Acked-by: Alex Deucher <alexander.deucher@amd.com> Link: https://lore.kernel.org/r/20211010124628.17691-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | vfio: simplify iommu group allocation for mediated devicesChristoph Hellwig2021-09-303-3/+3
|/ | | | | | | | | | | | Reuse the logic in vfio_noiommu_group_alloc to allocate a fake single-device iommu group for mediated devices by factoring out a common function, and replacing the noiommu boolean field in struct vfio_group with an enum to distinguish the three different kinds of groups. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Link: https://lore.kernel.org/r/20210924155705.4258-8-hch@lst.de Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mbochs: Fix close when multiple device FDs are openJason Gunthorpe2021-08-111-2/+2
| | | | | | | | | | | | | | mbochs_close() iterates over global device state and frees it. Currently this is done every time a device FD is closed, but if multiple device FDs are open this could corrupt other still active FDs. Change this to use close_device() so it only runs on the last close. Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Link: https://lore.kernel.org/r/11-v4-9ea22c5e6afb+1adf-vfio_reflck_jgg@nvidia.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/samples: Delete useless open/closeJason Gunthorpe2021-08-113-30/+0
| | | | | | | | | | | | | The core code no longer requires these ops to be defined, so delete these empty functions and leave the op as NULL. mtty's functions only log a pointless message, delete that entirely. Signed-off-by: Yishai Hadas <yishaih@nvidia.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Link: https://lore.kernel.org/r/5-v4-9ea22c5e6afb+1adf-vfio_reflck_jgg@nvidia.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio: Introduce a vfio_uninit_group_dev() API callMax Gurtovoy2021-08-113-21/+33
| | | | | | | | | | | | | | | | This pairs with vfio_init_group_dev() and allows undoing any state that is stored in the vfio_device unrelated to registration. Add appropriately placed calls to all the drivers. The following patch will use this to add pre-registration state for the device set. Signed-off-by: Max Gurtovoy <mgurtovoy@nvidia.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Link: https://lore.kernel.org/r/3-v4-9ea22c5e6afb+1adf-vfio_reflck_jgg@nvidia.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mbochs: Fix missing error unwind of mbochs_used_mbytesJason Gunthorpe2021-08-111-9/+15
| | | | | | | | | | | | | | | Convert mbochs to use an atomic scheme for this like mtty was changed into. The atomic fixes various race conditions with probing. Add the missing error unwind. Also add the missing kfree of mdev_state->pages. Fixes: 681c1615f891 ("vfio/mbochs: Convert to use vfio_register_group_dev()") Reported-by: Cornelia Huck <cohuck@redhat.com> Co-developed-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Link: https://lore.kernel.org/r/2-v4-9ea22c5e6afb+1adf-vfio_reflck_jgg@nvidia.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/samples: Remove module get/putJason Gunthorpe2021-08-112-8/+0
| | | | | | | | | | | | | | | The patch to move the get/put to core and the patch to convert the samples to use vfio_device crossed in a way that this was missed. When both patches are together the samples do not need their own get/put. Fixes: 437e41368c01 ("vfio/mdpy: Convert to use vfio_register_group_dev()") Fixes: 681c1615f891 ("vfio/mbochs: Convert to use vfio_register_group_dev()") Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Max Gurtovoy <mgurtovoy@nvidia.com> Link: https://lore.kernel.org/r/1-v4-9ea22c5e6afb+1adf-vfio_reflck_jgg@nvidia.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mtty: Enforce available_instancesAlex Williamson2021-06-281-6/+16
| | | | | | | | | | | The sample mtty mdev driver doesn't actually enforce the number of device instances it claims are available. Implement this properly. Link: https://lore.kernel.org/r/162465624894.3338367.12935940647049917981.stgit@omen Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mtty: Delete mdev_devices_listJason Gunthorpe2021-06-281-18/+6
| | | | | | | | | | | | | | | Dan points out that an error case left things on this list. It is also missing locking in available_instances_show(). Further study shows the list isn't needed at all, just store the total ports in use in an atomic and delete the whole thing. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 09177ac91921 ("vfio/mtty: Convert to use vfio_register_group_dev()") Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Link: https://lore.kernel.org/r/0-v1-0bc56b362ca7+62-mtty_used_ports_jgg@nvidia.com Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mdpy: Fix memory leak of object mdev_state->vconfigColin Ian King2021-06-241-0/+1
| | | | | | | | | | | | In the case where the call to vfio_register_group_dev fails the error return path kfree's mdev_state but not mdev_state->vconfig. Fix this by kfree'ing mdev_state->vconfig before returning. Addresses-Coverity: ("Resource leak") Fixes: 437e41368c01 ("vfio/mdpy: Convert to use vfio_register_group_dev()") Signed-off-by: Colin Ian King <colin.king@canonical.com> Link: https://lore.kernel.org/r/20210622183710.28954-1-colin.king@canonical.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mbochs: Convert to use vfio_register_group_dev()Jason Gunthorpe2021-06-211-72/+91
| | | | | | | | | | | | | This is straightforward conversion, the mdev_state is actually serving as the vfio_device and we can replace all the mdev_get_drvdata()'s and the wonky dead code with a simple container_of(). Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Link: https://lore.kernel.org/r/20210617142218.1877096-11-hch@lst.de Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mdpy: Convert to use vfio_register_group_dev()Jason Gunthorpe2021-06-211-71/+88
| | | | | | | | | | | | | This is straightforward conversion, the mdev_state is actually serving as the vfio_device and we can replace all the mdev_get_drvdata()'s and the wonky dead code with a simple container_of(). Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Link: https://lore.kernel.org/r/20210617142218.1877096-10-hch@lst.de Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mtty: Convert to use vfio_register_group_dev()Jason Gunthorpe2021-06-211-102/+83
| | | | | | | | | | | | | | This is straightforward conversion, the mdev_state is actually serving as the vfio_device and we can replace all the mdev_get_drvdata()'s and the wonky dead code with a simple container_of() Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Link: https://lore.kernel.org/r/20210617142218.1877096-9-hch@lst.de Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* samples: vfio-mdev: fix error handing in mdpy_fb_probe()Wei Yongjun2021-05-241-4/+9
| | | | | | | | | | | | Fix to return a negative error code from the framebuffer_alloc() error handling case instead of 0, also release regions in some error handing cases. Fixes: cacade1946a4 ("sample: vfio mdev display - guest driver") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Message-Id: <20210520133641.1421378-1-weiyongjun1@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mdev: remove unnecessary NULL check in mbochs_create()Dan Carpenter2021-05-042-4/+1
| | | | | | | | | | | | | | | Originally "type" could be NULL and these checks were required, but we recently changed how "type" is assigned and that's no longer the case. Now "type" points to an element in the middle of a non-NULL array. Removing the checks does not affect runtime at all, but it makes the code a little bit simpler to read. Fixes: 3d3a360e570616 ("vfio/mbochs: Use mdev_get_type_group_id()") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Message-Id: <20210429095327.GY1981@kadam> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* samples/vfio-mdev/mdpy: use remap_vmalloc_rangeChristoph Hellwig2021-04-301-3/+1
| | | | | | | | | | | | | | | | | | | Patch series "remap_vmalloc_range cleanups". This series removes an open coded instance of remap_vmalloc_range and removes the unused remap_vmalloc_range_partial export. This patch (of 2): Use remap_vmalloc_range instead of open coding it using remap_vmalloc_range_partial. Link: https://lkml.kernel.org/r/20210301082235.932968-1-hch@lst.de Link: https://lkml.kernel.org/r/20210301082235.932968-2-hch@lst.de Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* vfio/mdev: Correct the function signatures for the mdev_type_attributesJason Gunthorpe2021-04-123-30/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The driver core standard is to pass in the properly typed object, the properly typed attribute and the buffer data. It stems from the root kobject method: ssize_t (*show)(struct kobject *kobj, struct kobj_attribute *attr,..) Each subclass of kobject should provide their own function with the same signature but more specific types, eg struct device uses: ssize_t (*show)(struct device *dev, struct device_attribute *attr,..) In this case the existing signature is: ssize_t (*show)(struct kobject *kobj, struct device *dev,..) Where kobj is a 'struct mdev_type *' and dev is 'mdev_type->parent->dev'. Change the mdev_type related sysfs attribute functions to: ssize_t (*show)(struct mdev_type *mtype, struct mdev_type_attribute *attr,..) In order to restore type safety and match the driver core standard There are no current users of 'attr', but if it is ever needed it would be hard to add in retroactively, so do it now. Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Message-Id: <18-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mdev: Remove kobj from mdev_parent_ops->create()Jason Gunthorpe2021-04-123-3/+3
| | | | | | | | | | | | | The kobj here is a type-erased version of mdev_type, which is already stored in the struct mdev_device being passed in. It was only ever used to compute the type_group_id, which is now extracted directly from the mdev. Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Message-Id: <17-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mbochs: Use mdev_get_type_group_id()Jason Gunthorpe2021-04-071-14/+7
| | | | | | | | | | | The mbochs_types array is parallel to the supported_type_groups array, so the type_group_id indexes both. Instead of doing string searching just directly index with type_group_id in all places. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Message-Id: <14-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mdpy: Use mdev_get_type_group_id()Jason Gunthorpe2021-04-071-16/+6
| | | | | | | | | | | The mdpy_types array is parallel to the supported_type_groups array, so the type_group_id indexes both. Instead of doing string searching just directly index with type_group_id in all places. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Message-Id: <13-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mtty: Use mdev_get_type_group_id()Jason Gunthorpe2021-04-071-43/+7
| | | | | | | | | | The type_group_id directly gives the single or dual port index, no need for string searching. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Message-Id: <12-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio/mdev: Fix missing static's on MDEV_TYPE_ATTR'sJason Gunthorpe2021-04-072-10/+10
| | | | | | | | | | | | | | These should always be prefixed with static, otherwise compilation will fail on non-modular builds with ld: samples/vfio-mdev/mbochs.o:(.data+0x2e0): multiple definition of `mdev_type_attr_name'; samples/vfio-mdev/mdpy.o:(.data+0x240): first defined here Fixes: a5e6e6505f38 ("sample: vfio bochs vbe display (host device for bochs-drm)") Fixes: d61fc96f47fd ("sample: vfio mdev display - host device") Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Message-Id: <1-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* samples: vfio-mdev/mbochs: fix common struct sg_table related issuesMarek Szyprowski2020-09-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Documentation/DMA-API-HOWTO.txt states that the dma_map_sg() function returns the number of the created entries in the DMA address space. However the subsequent calls to the dma_sync_sg_for_{device,cpu}() and dma_unmap_sg must be called with the original number of the entries passed to the dma_map_sg(). struct sg_table is a common structure used for describing a non-contiguous memory buffer, used commonly in the DRM and graphics subsystems. It consists of a scatterlist with memory pages and DMA addresses (sgl entry), as well as the number of scatterlist entries: CPU pages (orig_nents entry) and DMA mapped pages (nents entry). It turned out that it was a common mistake to misuse nents and orig_nents entries, calling DMA-mapping functions with a wrong number of entries or ignoring the number of mapped entries returned by the dma_map_sg() function. To avoid such issues, lets use a common dma-mapping wrappers operating directly on the struct sg_table objects and use scatterlist page iterators where possible. This, almost always, hides references to the nents and orig_nents entries, making the code robust, easier to follow and copy/paste safe. While touching this code, also add missing call to dma_unmap_sgtable. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: Robin Murphy <robin.murphy@arm.com>
* PCI: Move PCI_VENDOR_ID_REDHAT definition to pci_ids.hHuacai Chen2020-07-091-1/+1
| | | | | | | | | | | Instead of duplicating the PCI_VENDOR_ID_REDHAT definition everywhere, move it to include/linux/pci_ids.h. [bhelgaas: also update MDPY_PCI_VENDOR_ID] Link: https://lore.kernel.org/r/1594195170-11119-1-git-send-email-chenhc@lemote.com Signed-off-by: Huacai Chen <chenhc@lemote.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* vmalloc: fix remap_vmalloc_range() bounds checksJann Horn2020-04-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remap_vmalloc_range() has had various issues with the bounds checks it promises to perform ("This function checks that addr is a valid vmalloc'ed area, and that it is big enough to cover the vma") over time, e.g.: - not detecting pgoff<<PAGE_SHIFT overflow - not detecting (pgoff<<PAGE_SHIFT)+usize overflow - not checking whether addr and addr+(pgoff<<PAGE_SHIFT) are the same vmalloc allocation - comparing a potentially wildly out-of-bounds pointer with the end of the vmalloc region In particular, since commit fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY"), unprivileged users can cause kernel null pointer dereferences by calling mmap() on a BPF map with a size that is bigger than the distance from the start of the BPF map to the end of the address space. This could theoretically be used as a kernel ASLR bypass, by using whether mmap() with a given offset oopses or returns an error code to perform a binary search over the possible address range. To allow remap_vmalloc_range_partial() to verify that addr and addr+(pgoff<<PAGE_SHIFT) are in the same vmalloc region, pass the offset to remap_vmalloc_range_partial() instead of adding it to the pointer in remap_vmalloc_range(). In remap_vmalloc_range_partial(), fix the check against get_vm_area_size() by using size comparisons instead of pointer comparisons, and add checks for pgoff. Fixes: 833423143c3a ("[PATCH] mm: introduce remap_vmalloc_range()") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: stable@vger.kernel.org Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Martin KaFai Lau <kafai@fb.com> Cc: Song Liu <songliubraving@fb.com> Cc: Yonghong Song <yhs@fb.com> Cc: Andrii Nakryiko <andriin@fb.com> Cc: John Fastabend <john.fastabend@gmail.com> Cc: KP Singh <kpsingh@chromium.org> Link: http://lkml.kernel.org/r/20200415222312.236431-1-jannh@google.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* samples: vfio-mdev: constify fb opsJani Nikula2019-12-101-1/+1
| | | | | | | | | | | | | | Now that the fbops member of struct fb_info is const, we can start making the ops const as well. v2: fix typo (Christophe de Dinechin) Cc: Kirti Wankhede <kwankhede@nvidia.com> Cc: kvm@vger.kernel.org Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Jani Nikula <jani.nikula@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/ddb10df1316ef585930cda7718643a580f4fe37b.1575390741.git.jani.nikula@intel.com
* sample/vfio-mdev/mbocs: Remove dma_buf_k(un)map supportDaniel Vetter2019-11-251-16/+0
| | | | | | | | | | | No in-tree users left. Acked-by: Sumit Semwal <sumit.semwal@linaro.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Cc: Kirti Wankhede <kwankhede@nvidia.com> Cc: kvm@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20191118103536.17675-15-daniel.vetter@ffwll.ch
* vfio-mdev/mtty: Simplify interrupt generationParav Pandit2019-08-191-31/+8
| | | | | | | | | | | | | | | | While generating interrupt, mdev_state is already available for which interrupt is generated. Instead of doing indirect way from state->device->uuid-> to searching state linearly in linked list on every interrupt generation, directly use the available state. Hence, simplify the code to use mdev_state and remove unused helper function with that. Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers againMasahiro Yamada2019-07-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The "WITH Linux-syscall-note" exception exists for headers exported to user space. It is strange to add it to non-exported headers. Commit 687a3e4d8e61 ("treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers") did cleanups some months ago, but it looks like we need to do this periodically. This patch was generated by the following script: git grep -l -e Linux-syscall-note \ -- :*.h :^arch/*/include/uapi/asm/*.h :^include/uapi/ :^tools | while read file do sed -i -e 's/(\(GPL-[^[:space:]]*\) WITH Linux-syscall-note)/\1/g' \ -e 's/ WITH Linux-syscall-note//g' $file done I did not commit drivers/staging/android/uapi/ion.h . This header is not currently exported, but somebody may plan to move it to include/uapi/ when the time comes. I am not sure. Anyway, it will be better to check the license inconsistency in drivers/staging/android/uapi/. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* sample/mdev/mbochs: remove set but not used variable 'mdev_state'YueHaibing2019-07-021-3/+0
| | | | | | | | | | | | | Fixes gcc '-Wunused-but-set-variable' warning: samples/vfio-mdev/mbochs.c: In function mbochs_ioctl: samples/vfio-mdev/mbochs.c:1188:21: warning: variable mdev_state set but not used [-Wunused-but-set-variable] It's not used any more since commit 104c7405a64d ("vfio: add edid support to mbochs sample driver") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio-mdev/samples: make some symbols staticKefeng Wang2019-07-021-23/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | Make some structs and functions static to fix build warning, parts of warning shown below, samples/vfio-mdev/mtty.c:730:5: warning: symbol 'mtty_create' was not declared. Should it be static? samples/vfio-mdev/mtty.c:780:5: warning: symbol 'mtty_remove' was not declared. Should it be static? samples/vfio-mdev/mtty.c:802:5: warning: symbol 'mtty_reset' was not declared. Should it be static? samples/vfio-mdev/mtty.c:818:9: warning: symbol 'mtty_read' was not declared. Should it be static? samples/vfio-mdev/mtty.c:877:9: warning: symbol 'mtty_write' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1070:5: warning: symbol 'mtty_get_region_info' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1119:5: warning: symbol 'mtty_get_irq_info' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1143:5: warning: symbol 'mtty_get_device_info' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1275:5: warning: symbol 'mtty_open' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1281:6: warning: symbol 'mtty_close' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1305:30: warning: symbol 'mtty_dev_groups' was not declared. Should it be static? Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Kirti Wankhede <kwankhede@nvidia.com> Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> [aw: wrap long lines] Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner2019-06-191-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation # extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 4122 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Enrico Weigelt <info@metux.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* treewide: Add SPDX license identifier - Makefile/KconfigThomas Gleixner2019-05-211-0/+1
| | | | | | | | | | | | | | Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* samples/vfio-mdev/mtty: expand minor range when registering chrdev regionChengguang Xu2019-02-121-4/+5
| | | | | | | | | Actually, total amount of available minor number for a single major is MINORMARK + 1. So expand minor range when registering chrdev region. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* samples/vfio-mdev/mdpy: expand minor range when registering chrdev regionChengguang Xu2019-02-121-4/+4
| | | | | | | | | Actually, total amount of available minor number for a single major is MINORMARK + 1. So expand minor range when registering chrdev region. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* samples/vfio-mdev/mbochs: expand minor range when registering chrdev regionChengguang Xu2019-02-121-4/+4
| | | | | | | | | Actually, total amount of available minor number for a single major is MINORMARK + 1. So expand minor range when registering chrdev region. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio-mdev: Switch to use new generic UUID APIAndy Shevchenko2019-02-051-4/+4
| | | | | | | | | | | | | There are new types and helpers that are supposed to be used in new code. As a preparation to get rid of legacy types and API functions do the conversion here. Cc: Kirti Wankhede <kwankhede@nvidia.com> Cc: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio-mdev/samples: Use u8 instead of char for handle functionsNathan Chancellor2018-12-171-13/+13
| | | | | | | | | | | | | | | | | Clang warns: samples/vfio-mdev/mtty.c:592:39: warning: implicit conversion from 'int' to 'char' changes value from 162 to -94 [-Wconstant-conversion] *buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD; ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~ 1 warning generated. Turns out that all uses of buf in this function ultimately end up stored or cast to an unsigned type. Just use u8, which has the same number of bits but can store this larger number so Clang no longer warns. Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio: add edid support to mbochs sample driverGerd Hoffmann2018-10-111-19/+117
| | | | | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* sample: vfio-mdev: avoid deadlock in mdev_access()Alexey Khoroshilov2018-07-111-1/+3
| | | | | | | | | | | mdev_access() calls mbochs_get_page() with mdev_state->ops_lock held, while mbochs_get_page() locks the mutex by itself. It leads to unavoidable deadlock. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* sample/vfio-mdev: Change return type to vm_fault_tSouptick Joarder2018-07-041-2/+2
| | | | | | | | convert mbochs_region_vm_fault and mbochs_dmabuf_vm_fault to return vm_fault_t type. Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* sample/mdev/mbochs: add mbochs_kunmap_dmabufGerd Hoffmann2018-06-261-0/+7
| | | | | | | | There is no default implementation for dma_buf_ops->unmap. So add a function unmapping the page, otherwise we'll leak them. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* sample/mdev/mbochs: remove mbochs_kmap_atomic_dmabufGerd Hoffmann2018-06-261-10/+0
| | | | | | | Atomic mapping interface for dmabufs will be removed. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* sample: vfio bochs vbe display (host device for bochs-drm)Gerd Hoffmann2018-06-082-0/+1407
| | | | | | | | | Display device, demo-ing the vfio dmabuf display interface (VFIO_GFX_PLANE_TYPE_DMABUF). Compatible enough to qemu stdvga that bochs-drm.ko can be used as guest driver. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* sample: vfio mdev display - guest driverGerd Hoffmann2018-06-082-0/+233
| | | | | | | Guest fbdev driver for CONFIG_SAMPLE_VFIO_MDEV_MDPY. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* sample: vfio mdev display - host deviceGerd Hoffmann2018-06-083-0/+830
| | | | | | | | Simple framebuffer display, demo-ing the vfio region display interface (VFIO_GFX_PLANE_TYPE_REGION). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* vfio-mdev/samples: change RDI interrupt conditionShunyong Yang2018-03-221-1/+1
| | | | | | | | | | | | | | When FIFO mode is enabled, the receive data available interrupt (UART_IIR_RDI in code) should be triggered when the number of data in FIFO is equal or larger than interrupt trigger level. This patch changes the trigger level check to ensure multiple bytes received from upper layer can trigger RDI interrupt correctly. Cc: Joey Zheng <yu.zheng@hxt-semitech.com> Signed-off-by: Shunyong Yang <shunyong.yang@hxt-semitech.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>