amd64/vmm: Lock global PCI passthrough structures

There is a global list of ppt-claimed devices, accessed via several
vmm ioctls.  The ioctls are locked by per-VM locks, but this isn't
sufficient to prevent multiple VMs from trying to bind a given device.

Add a sleepable lock and use that to synchronize all access to ppt
devices.

Reviewed by:	corvink, jhb
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D55065
This commit is contained in:
Mark Johnston
2026-02-06 15:29:22 +00:00
parent f73101fabc
commit 36b855f189
+111 -51
View File
@@ -28,13 +28,15 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/bus.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/bus.h>
#include <sys/pciio.h>
#include <sys/rman.h>
#include <sys/smp.h>
#include <sys/sx.h>
#include <sys/sysctl.h>
#include <dev/pci/pcivar.h>
@@ -67,6 +69,12 @@
MALLOC_DEFINE(M_PPTMSIX, "pptmsix", "Passthru MSI-X resources");
static struct sx ppt_mtx;
SX_SYSINIT(ppt_mtx, &ppt_mtx, "ppt_mtx");
#define PPT_LOCK() sx_xlock(&ppt_mtx)
#define PPT_UNLOCK() sx_xunlock(&ppt_mtx)
#define PPT_ASSERT_LOCKED() sx_assert(&ppt_mtx, SA_XLOCKED)
struct pptintr_arg { /* pptintr(pptintr_arg) */
struct pptdev *pptdev;
uint64_t addr;
@@ -156,17 +164,20 @@ ppt_attach(device_t dev)
ppt = device_get_softc(dev);
PPT_LOCK();
cmd1 = cmd = pci_read_config(dev, PCIR_COMMAND, 2);
cmd &= ~(PCIM_CMD_PORTEN | PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN);
pci_write_config(dev, PCIR_COMMAND, cmd, 2);
error = iommu_remove_device(iommu_host_domain(), dev, pci_get_rid(dev));
if (error != 0) {
pci_write_config(dev, PCIR_COMMAND, cmd1, 2);
PPT_UNLOCK();
return (error);
}
num_pptdevs++;
TAILQ_INSERT_TAIL(&pptdev_list, ppt, next);
ppt->dev = dev;
PPT_UNLOCK();
if (bootverbose)
device_printf(dev, "attached\n");
@@ -180,22 +191,26 @@ ppt_detach(device_t dev)
struct pptdev *ppt;
int error;
error = 0;
ppt = device_get_softc(dev);
if (ppt->vm != NULL)
return (EBUSY);
PPT_LOCK();
if (ppt->vm != NULL) {
error = EBUSY;
goto out;
}
if (iommu_host_domain() != NULL) {
error = iommu_add_device(iommu_host_domain(), dev,
pci_get_rid(dev));
} else {
error = 0;
if (error != 0)
goto out;
}
if (error != 0)
return (error);
num_pptdevs--;
TAILQ_REMOVE(&pptdev_list, ppt, next);
out:
PPT_UNLOCK();
return (0);
return (error);
}
static device_method_t ppt_methods[] = {
@@ -216,6 +231,8 @@ ppt_find(struct vm *vm, int bus, int slot, int func, struct pptdev **pptp)
struct pptdev *ppt;
int b, s, f;
PPT_ASSERT_LOCKED();
TAILQ_FOREACH(ppt, &pptdev_list, next) {
dev = ppt->dev;
b = pci_get_bus(dev);
@@ -406,10 +423,11 @@ ppt_assign_device(struct vm *vm, int bus, int slot, int func)
int error;
uint16_t cmd;
PPT_LOCK();
/* Passing NULL requires the device to be unowned. */
error = ppt_find(NULL, bus, slot, func, &ppt);
if (error)
return (error);
if (error != 0)
goto out;
pci_save_state(ppt->dev);
ppt_pci_reset(ppt->dev);
@@ -417,12 +435,14 @@ ppt_assign_device(struct vm *vm, int bus, int slot, int func)
error = iommu_add_device(vm_iommu_domain(vm), ppt->dev,
pci_get_rid(ppt->dev));
if (error != 0)
return (error);
goto out;
ppt->vm = vm;
cmd = pci_read_config(ppt->dev, PCIR_COMMAND, 2);
cmd |= PCIM_CMD_BUSMASTEREN | ppt_bar_enables(ppt);
pci_write_config(ppt->dev, PCIR_COMMAND, cmd, 2);
return (0);
out:
PPT_UNLOCK();
return (error);
}
int
@@ -432,9 +452,10 @@ ppt_unassign_device(struct vm *vm, int bus, int slot, int func)
int error;
uint16_t cmd;
PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
return (error);
if (error != 0)
goto out;
cmd = pci_read_config(ppt->dev, PCIR_COMMAND, 2);
cmd &= ~(PCIM_CMD_PORTEN | PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN);
@@ -448,6 +469,8 @@ ppt_unassign_device(struct vm *vm, int bus, int slot, int func)
error = iommu_remove_device(vm_iommu_domain(vm), ppt->dev,
pci_get_rid(ppt->dev));
ppt->vm = NULL;
out:
PPT_UNLOCK();
return (error);
}
@@ -500,13 +523,17 @@ ppt_map_mmio(struct vm *vm, int bus, int slot, int func,
hpa % PAGE_SIZE != 0 || gpa + len < gpa || hpa + len < hpa)
return (EINVAL);
PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
return (error);
goto out;
if (!ppt_valid_bar_mapping(ppt, hpa, len))
return (EINVAL);
if (!ppt_valid_bar_mapping(ppt, hpa, len)) {
error = EINVAL;
goto out;
}
error = ENOSPC;
for (i = 0; i < MAX_MMIOSEGS; i++) {
seg = &ppt->mmio[i];
if (seg->len == 0) {
@@ -515,10 +542,12 @@ ppt_map_mmio(struct vm *vm, int bus, int slot, int func,
seg->gpa = gpa;
seg->len = len;
}
return (error);
break;
}
}
return (ENOSPC);
out:
PPT_UNLOCK();
return (error);
}
int
@@ -529,10 +558,12 @@ ppt_unmap_mmio(struct vm *vm, int bus, int slot, int func,
struct pptseg *seg;
struct pptdev *ppt;
PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
return (error);
goto out;
error = ENOENT;
for (i = 0; i < MAX_MMIOSEGS; i++) {
seg = &ppt->mmio[i];
if (seg->gpa == gpa && seg->len == len) {
@@ -541,9 +572,11 @@ ppt_unmap_mmio(struct vm *vm, int bus, int slot, int func,
seg->gpa = 0;
seg->len = 0;
}
return (error);
break;
}
}
out:
PPT_UNLOCK();
return (ENOENT);
}
@@ -586,19 +619,22 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
if (numvec < 0 || numvec > MAX_MSIMSGS)
return (EINVAL);
PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
return (error);
goto out;
/* Reject attempts to enable MSI while MSI-X is active. */
if (ppt->msix.num_msgs != 0 && numvec != 0)
return (EBUSY);
if (ppt->msix.num_msgs != 0 && numvec != 0) {
error = EBUSY;
goto out;
}
/* Free any allocated resources */
ppt_teardown_msi(ppt);
if (numvec == 0) /* nothing more to do */
return (0);
goto out;
flags = RF_ACTIVE;
msi_count = pci_msi_count(ppt->dev);
@@ -613,8 +649,10 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
* The device must be capable of supporting the number of vectors
* the guest wants to allocate.
*/
if (numvec > msi_count)
return (EINVAL);
if (numvec > msi_count) {
error = EINVAL;
goto out;
}
/*
* Make sure that we can allocate all the MSI vectors that are needed
@@ -624,10 +662,11 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
tmp = numvec;
error = pci_alloc_msi(ppt->dev, &tmp);
if (error)
return (error);
goto out;
else if (tmp != numvec) {
pci_release_msi(ppt->dev);
return (ENOSPC);
error = ENOSPC;
goto out;
} else {
/* success */
}
@@ -662,10 +701,12 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
if (i < numvec) {
ppt_teardown_msi(ppt);
return (ENXIO);
error = ENXIO;
}
return (0);
out:
PPT_UNLOCK();
return (error);
}
int
@@ -677,17 +718,22 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
int numvec, alloced, rid, error;
size_t res_size, cookie_size, arg_size;
PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
return (error);
goto out;
/* Reject attempts to enable MSI-X while MSI is active. */
if (ppt->msi.num_msgs != 0)
return (EBUSY);
if (ppt->msi.num_msgs != 0) {
error = EBUSY;
goto out;
}
dinfo = device_get_ivars(ppt->dev);
if (!dinfo)
return (ENXIO);
if (dinfo == NULL) {
error = ENXIO;
goto out;
}
/*
* First-time configuration:
@@ -697,8 +743,10 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
*/
if (ppt->msix.num_msgs == 0) {
numvec = pci_msix_count(ppt->dev);
if (numvec <= 0)
return (EINVAL);
if (numvec <= 0) {
error = EINVAL;
goto out;
}
ppt->msix.startrid = 1;
ppt->msix.num_msgs = numvec;
@@ -718,7 +766,8 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
if (ppt->msix.msix_table_res == NULL) {
ppt_teardown_msix(ppt);
return (ENOSPC);
error = ENOSPC;
goto out;
}
ppt->msix.msix_table_rid = rid;
@@ -730,7 +779,8 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
if (ppt->msix.msix_pba_res == NULL) {
ppt_teardown_msix(ppt);
return (ENOSPC);
error = ENOSPC;
goto out;
}
ppt->msix.msix_pba_rid = rid;
}
@@ -739,12 +789,16 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
error = pci_alloc_msix(ppt->dev, &alloced);
if (error || alloced != numvec) {
ppt_teardown_msix(ppt);
return (error == 0 ? ENOSPC: error);
if (error == 0)
error = ENOSPC;
goto out;
}
}
if (idx >= ppt->msix.num_msgs)
return (EINVAL);
if (idx >= ppt->msix.num_msgs) {
error = EINVAL;
goto out;
}
if ((vector_control & PCIM_MSIX_VCTRL_MASK) == 0) {
/* Tear down the IRQ if it's already set up */
@@ -755,8 +809,10 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
rid = ppt->msix.startrid + idx;
ppt->msix.res[idx] = bus_alloc_resource_any(ppt->dev, SYS_RES_IRQ,
&rid, RF_ACTIVE);
if (ppt->msix.res[idx] == NULL)
return (ENXIO);
if (ppt->msix.res[idx] == NULL) {
error = ENXIO;
goto out;
}
ppt->msix.arg[idx].pptdev = ppt;
ppt->msix.arg[idx].addr = addr;
@@ -767,19 +823,20 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
INTR_TYPE_NET | INTR_MPSAFE,
pptintr, NULL, &ppt->msix.arg[idx],
&ppt->msix.cookie[idx]);
if (error != 0) {
bus_release_resource(ppt->dev, SYS_RES_IRQ, rid, ppt->msix.res[idx]);
ppt->msix.cookie[idx] = NULL;
ppt->msix.res[idx] = NULL;
return (ENXIO);
error = ENXIO;
goto out;
}
} else {
/* Masked, tear it down if it's already been set up */
ppt_teardown_msix_intr(ppt, idx);
}
return (0);
out:
PPT_UNLOCK();
return (error);
}
int
@@ -788,10 +845,13 @@ ppt_disable_msix(struct vm *vm, int bus, int slot, int func)
struct pptdev *ppt;
int error;
PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
if (error != 0) {
PPT_UNLOCK();
return (error);
}
ppt_teardown_msix(ppt);
PPT_UNLOCK();
return (0);
}