summaryrefslogtreecommitdiff
path: root/drivers/vfio/vfio.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/vfio/vfio.c')
-rw-r--r--drivers/vfio/vfio.c25
1 files changed, 23 insertions, 2 deletions
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 330d50582f40..f5a86f651f38 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -85,6 +85,7 @@ struct vfio_group {
struct list_head unbound_list;
struct mutex unbound_lock;
atomic_t opened;
+ wait_queue_head_t container_q;
bool noiommu;
struct kvm *kvm;
struct blocking_notifier_head notifier;
@@ -138,9 +139,10 @@ struct iommu_group *vfio_iommu_group_get(struct device *dev)
iommu_group_set_name(group, "vfio-noiommu");
iommu_group_set_iommudata(group, &noiommu, NULL);
ret = iommu_group_add_device(group, dev);
- iommu_group_put(group);
- if (ret)
+ if (ret) {
+ iommu_group_put(group);
return NULL;
+ }
/*
* Where to taint? At this point we've added an IOMMU group for a
@@ -337,6 +339,7 @@ static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group)
mutex_init(&group->unbound_lock);
atomic_set(&group->container_users, 0);
atomic_set(&group->opened, 0);
+ init_waitqueue_head(&group->container_q);
group->iommu_group = iommu_group;
#ifdef CONFIG_VFIO_NOIOMMU
group->noiommu = (iommu_group_get_iommudata(iommu_group) == &noiommu);
@@ -993,6 +996,23 @@ void *vfio_del_group_dev(struct device *dev)
}
} while (ret <= 0);
+ /*
+ * In order to support multiple devices per group, devices can be
+ * plucked from the group while other devices in the group are still
+ * in use. The container persists with this group and those remaining
+ * devices still attached. If the user creates an isolation violation
+ * by binding this device to another driver while the group is still in
+ * use, that's their fault. However, in the case of removing the last,
+ * or potentially the only, device in the group there can be no other
+ * in-use devices in the group. The user has done their due diligence
+ * and we should lay no claims to those devices. In order to do that,
+ * we need to make sure the group is detached from the container.
+ * Without this stall, we're potentially racing with a user process
+ * that may attempt to immediately bind this device to another driver.
+ */
+ if (list_empty(&group->device_list))
+ wait_event(group->container_q, !group->container);
+
vfio_group_put(group);
return device_data;
@@ -1298,6 +1318,7 @@ static void __vfio_group_unset_container(struct vfio_group *group)
group->iommu_group);
group->container = NULL;
+ wake_up(&group->container_q);
list_del(&group->container_next);
/* Detaching the last group deprivileges a container, remove iommu */
generated by cgit v1.2.3 (git 2.0.4) at 2024-11-05 12:05:03 +0000