virtcca feature: vfio attach the device list to secure world (3985ab2b) · Commits · EulixOS / Software / Kernel

drivers/iommu/arm/arm-smmu-v3/arm-s-smmu-v3.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1172,6 +1172,7 @@ int virtcca_smmu_secure_dev_operator(struct iommu_domain *domain, struct device

		return ret;
		}
		EXPORT_SYMBOL_GPL(virtcca_smmu_secure_dev_operator);

		/**
		* virtcca_smmu_device_init - Initialize the smmu security features

+27 −0

Original line number	Diff line number	Diff line
		@@ -2473,6 +2473,33 @@ static int __iommu_map(struct iommu_domain *domain, unsigned long iova,
		return ret;
		}

		#ifdef CONFIG_HISI_VIRTCCA_HOST
		/**
		* virtcca_attach_secure_dev - Attach the device of iommu
		* group to confidential virtual machine
		* @domain: The handle of iommu domain
		* @group: Iommu group
		*
		* Returns:
		* %0 if attach the all devices success
		* %-EINVAL if the smmu does not initialize secure state
		* %-ENOMEM if the device create secure ste failed
		* %-ENOENT if the device does not have fwspec
		*/
		int virtcca_attach_secure_dev(struct iommu_domain domain, struct iommu_group group)
		{
		struct group_device *gdev;
		int ret = 0;

		mutex_lock(&group->mutex);
		for_each_group_device(group, gdev)
		ret = virtcca_smmu_secure_dev_operator(domain, gdev->dev);
		mutex_unlock(&group->mutex);
		return ret;
		}
		EXPORT_SYMBOL_GPL(virtcca_attach_secure_dev);
		#endif

		int iommu_map(struct iommu_domain *domain, unsigned long iova,
		phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
		{

+25 −0

Original line number	Diff line number	Diff line
		@@ -77,6 +77,9 @@ struct vfio_iommu {
		bool dirty_page_tracking;
		struct list_head emulated_iommu_groups;
		bool dirty_log_get_no_clear;
		#ifdef CONFIG_HISI_VIRTCCA_HOST
		bool secure;
		#endif
		};

		struct vfio_domain {
		@@ -2454,10 +2457,23 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
		goto out_domain;
		}

		#ifdef CONFIG_HISI_VIRTCCA_HOST
		if (iommu->secure)
		domain->domain->secure = true;
		#endif

		ret = iommu_attach_group(domain->domain, group->iommu_group);
		if (ret)
		goto out_domain;

		#ifdef CONFIG_HISI_VIRTCCA_HOST
		if (iommu->secure) {
		ret = virtcca_attach_secure_dev(domain->domain, group->iommu_group);
		if (ret)
		goto out_domain;
		}
		#endif

		/* Get aperture info */
		geo = &domain->domain->geometry;
		if (vfio_iommu_aper_conflict(iommu, geo->aperture_start,
		@@ -2807,6 +2823,12 @@ static void *vfio_iommu_type1_open(unsigned long arg)
		case VFIO_TYPE1v2_IOMMU:
		iommu->v2 = true;
		break;
		#ifdef CONFIG_HISI_VIRTCCA_HOST
		case VFIO_TYPE1v2_S_IOMMU:
		iommu->v2 = true;
		iommu->secure = true;
		break;
		#endif
		default:
		kfree(iommu);
		return ERR_PTR(-EINVAL);
		@@ -2898,6 +2920,9 @@ static int vfio_iommu_type1_check_extension(struct vfio_iommu *iommu,
		switch (arg) {
		case VFIO_TYPE1_IOMMU:
		case VFIO_TYPE1v2_IOMMU:
		#ifdef CONFIG_HISI_VIRTCCA_HOST
		case VFIO_TYPE1v2_S_IOMMU:
		#endif
		case VFIO_TYPE1_NESTING_IOMMU:
		case VFIO_UNMAP_ALL:
		return 1;

+5 −0

Original line number	Diff line number	Diff line
		@@ -1762,4 +1762,9 @@ static inline void iopf_group_response(struct iopf_group *group,
		{
		}
		#endif /* CONFIG_IOMMU_IOPF */

		#ifdef CONFIG_HISI_VIRTCCA_HOST
		int virtcca_attach_secure_dev(struct iommu_domain domain, struct iommu_group group);
		int virtcca_smmu_secure_dev_operator(struct iommu_domain domain, struct device dev);
		#endif
		#endif /* __LINUX_IOMMU_H */

+1 −0

Original line number	Diff line number	Diff line
		@@ -25,6 +25,7 @@
		#define VFIO_TYPE1_IOMMU 1
		#define VFIO_SPAPR_TCE_IOMMU 2
		#define VFIO_TYPE1v2_IOMMU 3
		#define VFIO_TYPE1v2_S_IOMMU 12
		/*
		* IOMMU enforces DMA cache coherence (ex. PCIe NoSnoop stripping). This
		* capability is subject to change as groups are added or removed.