vfio-pci: Fault mmaps to enable vma tracking

Rather than calling remap_pfn_range() when a region is mmap'd, setup
a vm_ops handler to support dynamic faulting of the range on access.
This allows us to manage a list of vmas actively mapping the area that
we can later use to invalidate those mappings.  The open callback
invalidates the vma range so that all tracking is inserted in the
fault handler and removed in the close handler.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
index 6c6b37b5c04e008967267893ba4f2e579b1d9b8f..66a545a01f8fc52a711b13a7044eae9e8ece00a4 100644 (file)
--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -1299,6 +1299,70 @@ static ssize_t vfio_pci_write(void *device_data, const char __user *buf,
        return vfio_pci_rw(device_data, (char __user *)buf, count, ppos, true);
 }
 
+static int vfio_pci_add_vma(struct vfio_pci_device *vdev,
+                           struct vm_area_struct *vma)
+{
+       struct vfio_pci_mmap_vma *mmap_vma;
+
+       mmap_vma = kmalloc(sizeof(*mmap_vma), GFP_KERNEL);
+       if (!mmap_vma)
+               return -ENOMEM;
+
+       mmap_vma->vma = vma;
+
+       mutex_lock(&vdev->vma_lock);
+       list_add(&mmap_vma->vma_next, &vdev->vma_list);
+       mutex_unlock(&vdev->vma_lock);
+
+       return 0;
+}
+
+/*
+ * Zap mmaps on open so that we can fault them in on access and therefore
+ * our vma_list only tracks mappings accessed since last zap.
+ */
+static void vfio_pci_mmap_open(struct vm_area_struct *vma)
+{
+       zap_vma_ptes(vma, vma->vm_start, vma->vm_end - vma->vm_start);
+}
+
+static void vfio_pci_mmap_close(struct vm_area_struct *vma)
+{
+       struct vfio_pci_device *vdev = vma->vm_private_data;
+       struct vfio_pci_mmap_vma *mmap_vma;
+
+       mutex_lock(&vdev->vma_lock);
+       list_for_each_entry(mmap_vma, &vdev->vma_list, vma_next) {
+               if (mmap_vma->vma == vma) {
+                       list_del(&mmap_vma->vma_next);
+                       kfree(mmap_vma);
+                       break;
+               }
+       }
+       mutex_unlock(&vdev->vma_lock);
+}
+
+static vm_fault_t vfio_pci_mmap_fault(struct vm_fault *vmf)
+{
+       struct vm_area_struct *vma = vmf->vma;
+       struct vfio_pci_device *vdev = vma->vm_private_data;
+
+       if (vfio_pci_add_vma(vdev, vma))
+               return VM_FAULT_OOM;
+
+       if (remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff,
+                           vma->vm_end - vma->vm_start, vma->vm_page_prot))
+               return VM_FAULT_SIGBUS;
+
+       return VM_FAULT_NOPAGE;
+}
+
+static const struct vm_operations_struct vfio_pci_mmap_ops = {
+       .open = vfio_pci_mmap_open,
+       .close = vfio_pci_mmap_close,
+       .fault = vfio_pci_mmap_fault,
+};
+
 static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma)
 {
        struct vfio_pci_device *vdev = device_data;
@@ -1357,8 +1421,14 @@ static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma)
        vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
        vma->vm_pgoff = (pci_resource_start(pdev, index) >> PAGE_SHIFT) + pgoff;
 
-       return remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff,
-                              req_len, vma->vm_page_prot);
+       /*
+        * See remap_pfn_range(), called from vfio_pci_fault() but we can't
+        * change vm_flags within the fault handler.  Set them now.
+        */
+       vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP;
+       vma->vm_ops = &vfio_pci_mmap_ops;
+
+       return 0;
 }
 
 static void vfio_pci_request(void *device_data, unsigned int count)
@@ -1608,6 +1678,8 @@ static int vfio_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
        spin_lock_init(&vdev->irqlock);
        mutex_init(&vdev->ioeventfds_lock);
        INIT_LIST_HEAD(&vdev->ioeventfds_list);
+       mutex_init(&vdev->vma_lock);
+       INIT_LIST_HEAD(&vdev->vma_list);
 
        ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev);
        if (ret)

diff --git a/drivers/vfio/pci/vfio_pci_private.h b/drivers/vfio/pci/vfio_pci_private.h
index 36ec69081ecd327a7012ea50ddbdcd7d6986d42a..9b25f9f6ce1d6ab76af02d6c10f78f6b2bd96b59 100644 (file)
--- a/drivers/vfio/pci/vfio_pci_private.h
+++ b/drivers/vfio/pci/vfio_pci_private.h
@@ -92,6 +92,11 @@ struct vfio_pci_vf_token {
        int                     users;
 };
 
+struct vfio_pci_mmap_vma {
+       struct vm_area_struct   *vma;
+       struct list_head        vma_next;
+};
+
 struct vfio_pci_device {
        struct pci_dev          *pdev;
        void __iomem            *barmap[PCI_STD_NUM_BARS];
@@ -132,6 +137,8 @@ struct vfio_pci_device {
        struct list_head        ioeventfds_list;
        struct vfio_pci_vf_token        *vf_token;
        struct notifier_block   nb;
+       struct mutex            vma_lock;
+       struct list_head        vma_list;
 };
 
 #define is_intx(vdev) (vdev->irq_type == VFIO_PCI_INTX_IRQ_INDEX)