git: 36b855f18925 - main - amd64/vmm: Lock global PCI passthrough structures
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 Feb 2026 15:39:28 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=36b855f1892575cbfe1cd5455b989bfc8ae07502
commit 36b855f1892575cbfe1cd5455b989bfc8ae07502
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-02-06 15:29:22 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-02-06 15:38:51 +0000
amd64/vmm: Lock global PCI passthrough structures
There is a global list of ppt-claimed devices, accessed via several
vmm ioctls. The ioctls are locked by per-VM locks, but this isn't
sufficient to prevent multiple VMs from trying to bind a given device.
Add a sleepable lock and use that to synchronize all access to ppt
devices.
Reviewed by: corvink, jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55065
---
sys/amd64/vmm/io/ppt.c | 162 +++++++++++++++++++++++++++++++++----------------
1 file changed, 111 insertions(+), 51 deletions(-)
diff --git a/sys/amd64/vmm/io/ppt.c b/sys/amd64/vmm/io/ppt.c
index 6feac5dcbbed..b522e18e3b24 100644
--- a/sys/amd64/vmm/io/ppt.c
+++ b/sys/amd64/vmm/io/ppt.c
@@ -28,13 +28,15 @@
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/bus.h>
#include <sys/kernel.h>
+#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/module.h>
-#include <sys/bus.h>
#include <sys/pciio.h>
#include <sys/rman.h>
#include <sys/smp.h>
+#include <sys/sx.h>
#include <sys/sysctl.h>
#include <dev/pci/pcivar.h>
@@ -67,6 +69,12 @@
MALLOC_DEFINE(M_PPTMSIX, "pptmsix", "Passthru MSI-X resources");
+static struct sx ppt_mtx;
+SX_SYSINIT(ppt_mtx, &ppt_mtx, "ppt_mtx");
+#define PPT_LOCK() sx_xlock(&ppt_mtx)
+#define PPT_UNLOCK() sx_xunlock(&ppt_mtx)
+#define PPT_ASSERT_LOCKED() sx_assert(&ppt_mtx, SA_XLOCKED)
+
struct pptintr_arg { /* pptintr(pptintr_arg) */
struct pptdev *pptdev;
uint64_t addr;
@@ -156,17 +164,20 @@ ppt_attach(device_t dev)
ppt = device_get_softc(dev);
+ PPT_LOCK();
cmd1 = cmd = pci_read_config(dev, PCIR_COMMAND, 2);
cmd &= ~(PCIM_CMD_PORTEN | PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN);
pci_write_config(dev, PCIR_COMMAND, cmd, 2);
error = iommu_remove_device(iommu_host_domain(), dev, pci_get_rid(dev));
if (error != 0) {
pci_write_config(dev, PCIR_COMMAND, cmd1, 2);
+ PPT_UNLOCK();
return (error);
}
num_pptdevs++;
TAILQ_INSERT_TAIL(&pptdev_list, ppt, next);
ppt->dev = dev;
+ PPT_UNLOCK();
if (bootverbose)
device_printf(dev, "attached\n");
@@ -180,22 +191,26 @@ ppt_detach(device_t dev)
struct pptdev *ppt;
int error;
+ error = 0;
ppt = device_get_softc(dev);
- if (ppt->vm != NULL)
- return (EBUSY);
+ PPT_LOCK();
+ if (ppt->vm != NULL) {
+ error = EBUSY;
+ goto out;
+ }
if (iommu_host_domain() != NULL) {
error = iommu_add_device(iommu_host_domain(), dev,
pci_get_rid(dev));
- } else {
- error = 0;
+ if (error != 0)
+ goto out;
}
- if (error != 0)
- return (error);
num_pptdevs--;
TAILQ_REMOVE(&pptdev_list, ppt, next);
+out:
+ PPT_UNLOCK();
- return (0);
+ return (error);
}
static device_method_t ppt_methods[] = {
@@ -216,6 +231,8 @@ ppt_find(struct vm *vm, int bus, int slot, int func, struct pptdev **pptp)
struct pptdev *ppt;
int b, s, f;
+ PPT_ASSERT_LOCKED();
+
TAILQ_FOREACH(ppt, &pptdev_list, next) {
dev = ppt->dev;
b = pci_get_bus(dev);
@@ -406,10 +423,11 @@ ppt_assign_device(struct vm *vm, int bus, int slot, int func)
int error;
uint16_t cmd;
+ PPT_LOCK();
/* Passing NULL requires the device to be unowned. */
error = ppt_find(NULL, bus, slot, func, &ppt);
- if (error)
- return (error);
+ if (error != 0)
+ goto out;
pci_save_state(ppt->dev);
ppt_pci_reset(ppt->dev);
@@ -417,12 +435,14 @@ ppt_assign_device(struct vm *vm, int bus, int slot, int func)
error = iommu_add_device(vm_iommu_domain(vm), ppt->dev,
pci_get_rid(ppt->dev));
if (error != 0)
- return (error);
+ goto out;
ppt->vm = vm;
cmd = pci_read_config(ppt->dev, PCIR_COMMAND, 2);
cmd |= PCIM_CMD_BUSMASTEREN | ppt_bar_enables(ppt);
pci_write_config(ppt->dev, PCIR_COMMAND, cmd, 2);
- return (0);
+out:
+ PPT_UNLOCK();
+ return (error);
}
int
@@ -432,9 +452,10 @@ ppt_unassign_device(struct vm *vm, int bus, int slot, int func)
int error;
uint16_t cmd;
+ PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
- if (error)
- return (error);
+ if (error != 0)
+ goto out;
cmd = pci_read_config(ppt->dev, PCIR_COMMAND, 2);
cmd &= ~(PCIM_CMD_PORTEN | PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN);
@@ -448,6 +469,8 @@ ppt_unassign_device(struct vm *vm, int bus, int slot, int func)
error = iommu_remove_device(vm_iommu_domain(vm), ppt->dev,
pci_get_rid(ppt->dev));
ppt->vm = NULL;
+out:
+ PPT_UNLOCK();
return (error);
}
@@ -500,13 +523,17 @@ ppt_map_mmio(struct vm *vm, int bus, int slot, int func,
hpa % PAGE_SIZE != 0 || gpa + len < gpa || hpa + len < hpa)
return (EINVAL);
+ PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
- return (error);
+ goto out;
- if (!ppt_valid_bar_mapping(ppt, hpa, len))
- return (EINVAL);
+ if (!ppt_valid_bar_mapping(ppt, hpa, len)) {
+ error = EINVAL;
+ goto out;
+ }
+ error = ENOSPC;
for (i = 0; i < MAX_MMIOSEGS; i++) {
seg = &ppt->mmio[i];
if (seg->len == 0) {
@@ -515,10 +542,12 @@ ppt_map_mmio(struct vm *vm, int bus, int slot, int func,
seg->gpa = gpa;
seg->len = len;
}
- return (error);
+ break;
}
}
- return (ENOSPC);
+out:
+ PPT_UNLOCK();
+ return (error);
}
int
@@ -529,10 +558,12 @@ ppt_unmap_mmio(struct vm *vm, int bus, int slot, int func,
struct pptseg *seg;
struct pptdev *ppt;
+ PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
- return (error);
+ goto out;
+ error = ENOENT;
for (i = 0; i < MAX_MMIOSEGS; i++) {
seg = &ppt->mmio[i];
if (seg->gpa == gpa && seg->len == len) {
@@ -541,9 +572,11 @@ ppt_unmap_mmio(struct vm *vm, int bus, int slot, int func,
seg->gpa = 0;
seg->len = 0;
}
- return (error);
+ break;
}
}
+out:
+ PPT_UNLOCK();
return (ENOENT);
}
@@ -586,19 +619,22 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
if (numvec < 0 || numvec > MAX_MSIMSGS)
return (EINVAL);
+ PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
- return (error);
+ goto out;
/* Reject attempts to enable MSI while MSI-X is active. */
- if (ppt->msix.num_msgs != 0 && numvec != 0)
- return (EBUSY);
+ if (ppt->msix.num_msgs != 0 && numvec != 0) {
+ error = EBUSY;
+ goto out;
+ }
/* Free any allocated resources */
ppt_teardown_msi(ppt);
if (numvec == 0) /* nothing more to do */
- return (0);
+ goto out;
flags = RF_ACTIVE;
msi_count = pci_msi_count(ppt->dev);
@@ -613,8 +649,10 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
* The device must be capable of supporting the number of vectors
* the guest wants to allocate.
*/
- if (numvec > msi_count)
- return (EINVAL);
+ if (numvec > msi_count) {
+ error = EINVAL;
+ goto out;
+ }
/*
* Make sure that we can allocate all the MSI vectors that are needed
@@ -624,10 +662,11 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
tmp = numvec;
error = pci_alloc_msi(ppt->dev, &tmp);
if (error)
- return (error);
+ goto out;
else if (tmp != numvec) {
pci_release_msi(ppt->dev);
- return (ENOSPC);
+ error = ENOSPC;
+ goto out;
} else {
/* success */
}
@@ -662,10 +701,12 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func,
if (i < numvec) {
ppt_teardown_msi(ppt);
- return (ENXIO);
+ error = ENXIO;
}
- return (0);
+out:
+ PPT_UNLOCK();
+ return (error);
}
int
@@ -677,17 +718,22 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
int numvec, alloced, rid, error;
size_t res_size, cookie_size, arg_size;
+ PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
if (error)
- return (error);
+ goto out;
/* Reject attempts to enable MSI-X while MSI is active. */
- if (ppt->msi.num_msgs != 0)
- return (EBUSY);
+ if (ppt->msi.num_msgs != 0) {
+ error = EBUSY;
+ goto out;
+ }
dinfo = device_get_ivars(ppt->dev);
- if (!dinfo)
- return (ENXIO);
+ if (dinfo == NULL) {
+ error = ENXIO;
+ goto out;
+ }
/*
* First-time configuration:
@@ -697,8 +743,10 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
*/
if (ppt->msix.num_msgs == 0) {
numvec = pci_msix_count(ppt->dev);
- if (numvec <= 0)
- return (EINVAL);
+ if (numvec <= 0) {
+ error = EINVAL;
+ goto out;
+ }
ppt->msix.startrid = 1;
ppt->msix.num_msgs = numvec;
@@ -718,7 +766,8 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
if (ppt->msix.msix_table_res == NULL) {
ppt_teardown_msix(ppt);
- return (ENOSPC);
+ error = ENOSPC;
+ goto out;
}
ppt->msix.msix_table_rid = rid;
@@ -730,7 +779,8 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
if (ppt->msix.msix_pba_res == NULL) {
ppt_teardown_msix(ppt);
- return (ENOSPC);
+ error = ENOSPC;
+ goto out;
}
ppt->msix.msix_pba_rid = rid;
}
@@ -739,12 +789,16 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
error = pci_alloc_msix(ppt->dev, &alloced);
if (error || alloced != numvec) {
ppt_teardown_msix(ppt);
- return (error == 0 ? ENOSPC: error);
+ if (error == 0)
+ error = ENOSPC;
+ goto out;
}
}
- if (idx >= ppt->msix.num_msgs)
- return (EINVAL);
+ if (idx >= ppt->msix.num_msgs) {
+ error = EINVAL;
+ goto out;
+ }
if ((vector_control & PCIM_MSIX_VCTRL_MASK) == 0) {
/* Tear down the IRQ if it's already set up */
@@ -755,8 +809,10 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
rid = ppt->msix.startrid + idx;
ppt->msix.res[idx] = bus_alloc_resource_any(ppt->dev, SYS_RES_IRQ,
&rid, RF_ACTIVE);
- if (ppt->msix.res[idx] == NULL)
- return (ENXIO);
+ if (ppt->msix.res[idx] == NULL) {
+ error = ENXIO;
+ goto out;
+ }
ppt->msix.arg[idx].pptdev = ppt;
ppt->msix.arg[idx].addr = addr;
@@ -767,19 +823,20 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func,
INTR_TYPE_NET | INTR_MPSAFE,
pptintr, NULL, &ppt->msix.arg[idx],
&ppt->msix.cookie[idx]);
-
if (error != 0) {
bus_release_resource(ppt->dev, SYS_RES_IRQ, rid, ppt->msix.res[idx]);
ppt->msix.cookie[idx] = NULL;
ppt->msix.res[idx] = NULL;
- return (ENXIO);
+ error = ENXIO;
+ goto out;
}
} else {
/* Masked, tear it down if it's already been set up */
ppt_teardown_msix_intr(ppt, idx);
}
-
- return (0);
+out:
+ PPT_UNLOCK();
+ return (error);
}
int
@@ -788,10 +845,13 @@ ppt_disable_msix(struct vm *vm, int bus, int slot, int func)
struct pptdev *ppt;
int error;
+ PPT_LOCK();
error = ppt_find(vm, bus, slot, func, &ppt);
- if (error)
+ if (error != 0) {
+ PPT_UNLOCK();
return (error);
-
+ }
ppt_teardown_msix(ppt);
+ PPT_UNLOCK();
return (0);
}