From nobody Tue Mar 31 15:58:44 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flXps3SfKz6WDyq for ; Tue, 31 Mar 2026 15:58:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4flXps0Tzhz3gbB for ; Tue, 31 Mar 2026 15:58:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774972725; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oXUeus4gMx462TV/+TwZHysSmUgEsuU5hxzaGJrU8UY=; b=uvWSCiUV0SNThae9UukkcAQZlDggGtEiwFslmKFeMb8sKiqz7gDpLonqiJxf5AKTQbDP0k kTVkm3isu8jq4x48p150e1araVX/54ArlR+5AFhJX3CoKhaJlvR1RTG/7fh1ZpVpFxaTCF +AAhLSBDFyriOEqEIvlK578qzuLwCEHxE9wzfwFRWQ4+XGwpKOKxwssnmMhhQxZP2HH4iy IPezuY6rp7bfs+CzI/3u03ROz0pTu/4Lww/0V9yMwmG2+X3wWi/It4O2TvAtSDQnJBk9Nm XegWhK3jLbbDYriKmCay6WzxasOq7+9Wp/d0X3IxxzlUdPz8bfwtXPc2v7wvfA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774972725; a=rsa-sha256; cv=none; b=VaBgGeE5X1M+wCaT8RhAoVY6b1FIfMJ2IZ1o+E/m5J+ICUTB2oJ2fIeK4NMec9vEdJ2hK5 VXfnEqiU1kulvUdbYAcY6cdZMY/UTnzp14mzY5kUmDBHlsgsuPriqNp7MnhSHe4xHd1c3t 91XAJdb136b/duF9kSdkzSwZ0lrG00WvOohhi0LLJH1l3BEoNeToao2+8XlmP8aIMYY0Fv oJM0neqj1ZIstODY5kT77Gu2Po4GkHP+UmNYCHozuJQD6bNSXIIFlwO/UwFZAjyqd0taIN FrT5rVpe34Z3n5faTitrNN5ED731c99KfFMClaVo6WBMW8UgWfWs1fSIXrQ/QA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774972725; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oXUeus4gMx462TV/+TwZHysSmUgEsuU5hxzaGJrU8UY=; b=smBjoPuTcI6NY6I3ATS24ISraLzxaL6g5InqEM3ZEHFndkP8p6n/vnPAXye9ECpFhrYniJ KVK3LJax59R0M+iWgWsVnjCN7Hc4VZ0OT1Iz6eA9wAwcx4lc0m9Jb3djPmdwxgs12+7fmR ildRFYR4dAf+xnvVSeeJqa5l5kWZV38vXtfGX3WPVfwV0OovNR6U9ChddUS6USu4c7QHTE cRW+2cZopu3XUsRPJKIKsOMrnN/gXyVPGGkvD0Syj3ETeUFHVLYiXeXHH2FNnx6aayvi/P 8g2WK7BeGtwDXps6qSMpc1p/8Op1AGNl+bgJX0rUHGq6zAQEhtFi9EKAmy+A5g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4flXpr6xzQzcby for ; Tue, 31 Mar 2026 15:58:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3b007 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 31 Mar 2026 15:58:44 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 633c7915b3d4 - stable/15 - amd64/vmm: Lock global PCI passthrough structures List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 633c7915b3d4fc6cee456250d79ac2cff0d41674 Auto-Submitted: auto-generated Date: Tue, 31 Mar 2026 15:58:44 +0000 Message-Id: <69cbef34.3b007.62784eac@gitrepo.freebsd.org> The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=633c7915b3d4fc6cee456250d79ac2cff0d41674 commit 633c7915b3d4fc6cee456250d79ac2cff0d41674 Author: Mark Johnston AuthorDate: 2026-02-06 15:29:22 +0000 Commit: Mark Johnston CommitDate: 2026-03-31 15:57:28 +0000 amd64/vmm: Lock global PCI passthrough structures There is a global list of ppt-claimed devices, accessed via several vmm ioctls. The ioctls are locked by per-VM locks, but this isn't sufficient to prevent multiple VMs from trying to bind a given device. Add a sleepable lock and use that to synchronize all access to ppt devices. Reviewed by: corvink, jhb MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D55065 (cherry picked from commit 36b855f1892575cbfe1cd5455b989bfc8ae07502) --- sys/amd64/vmm/io/ppt.c | 162 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 111 insertions(+), 51 deletions(-) diff --git a/sys/amd64/vmm/io/ppt.c b/sys/amd64/vmm/io/ppt.c index 6feac5dcbbed..b522e18e3b24 100644 --- a/sys/amd64/vmm/io/ppt.c +++ b/sys/amd64/vmm/io/ppt.c @@ -28,13 +28,15 @@ #include #include +#include #include +#include #include #include -#include #include #include #include +#include #include #include @@ -67,6 +69,12 @@ MALLOC_DEFINE(M_PPTMSIX, "pptmsix", "Passthru MSI-X resources"); +static struct sx ppt_mtx; +SX_SYSINIT(ppt_mtx, &ppt_mtx, "ppt_mtx"); +#define PPT_LOCK() sx_xlock(&ppt_mtx) +#define PPT_UNLOCK() sx_xunlock(&ppt_mtx) +#define PPT_ASSERT_LOCKED() sx_assert(&ppt_mtx, SA_XLOCKED) + struct pptintr_arg { /* pptintr(pptintr_arg) */ struct pptdev *pptdev; uint64_t addr; @@ -156,17 +164,20 @@ ppt_attach(device_t dev) ppt = device_get_softc(dev); + PPT_LOCK(); cmd1 = cmd = pci_read_config(dev, PCIR_COMMAND, 2); cmd &= ~(PCIM_CMD_PORTEN | PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN); pci_write_config(dev, PCIR_COMMAND, cmd, 2); error = iommu_remove_device(iommu_host_domain(), dev, pci_get_rid(dev)); if (error != 0) { pci_write_config(dev, PCIR_COMMAND, cmd1, 2); + PPT_UNLOCK(); return (error); } num_pptdevs++; TAILQ_INSERT_TAIL(&pptdev_list, ppt, next); ppt->dev = dev; + PPT_UNLOCK(); if (bootverbose) device_printf(dev, "attached\n"); @@ -180,22 +191,26 @@ ppt_detach(device_t dev) struct pptdev *ppt; int error; + error = 0; ppt = device_get_softc(dev); - if (ppt->vm != NULL) - return (EBUSY); + PPT_LOCK(); + if (ppt->vm != NULL) { + error = EBUSY; + goto out; + } if (iommu_host_domain() != NULL) { error = iommu_add_device(iommu_host_domain(), dev, pci_get_rid(dev)); - } else { - error = 0; + if (error != 0) + goto out; } - if (error != 0) - return (error); num_pptdevs--; TAILQ_REMOVE(&pptdev_list, ppt, next); +out: + PPT_UNLOCK(); - return (0); + return (error); } static device_method_t ppt_methods[] = { @@ -216,6 +231,8 @@ ppt_find(struct vm *vm, int bus, int slot, int func, struct pptdev **pptp) struct pptdev *ppt; int b, s, f; + PPT_ASSERT_LOCKED(); + TAILQ_FOREACH(ppt, &pptdev_list, next) { dev = ppt->dev; b = pci_get_bus(dev); @@ -406,10 +423,11 @@ ppt_assign_device(struct vm *vm, int bus, int slot, int func) int error; uint16_t cmd; + PPT_LOCK(); /* Passing NULL requires the device to be unowned. */ error = ppt_find(NULL, bus, slot, func, &ppt); - if (error) - return (error); + if (error != 0) + goto out; pci_save_state(ppt->dev); ppt_pci_reset(ppt->dev); @@ -417,12 +435,14 @@ ppt_assign_device(struct vm *vm, int bus, int slot, int func) error = iommu_add_device(vm_iommu_domain(vm), ppt->dev, pci_get_rid(ppt->dev)); if (error != 0) - return (error); + goto out; ppt->vm = vm; cmd = pci_read_config(ppt->dev, PCIR_COMMAND, 2); cmd |= PCIM_CMD_BUSMASTEREN | ppt_bar_enables(ppt); pci_write_config(ppt->dev, PCIR_COMMAND, cmd, 2); - return (0); +out: + PPT_UNLOCK(); + return (error); } int @@ -432,9 +452,10 @@ ppt_unassign_device(struct vm *vm, int bus, int slot, int func) int error; uint16_t cmd; + PPT_LOCK(); error = ppt_find(vm, bus, slot, func, &ppt); - if (error) - return (error); + if (error != 0) + goto out; cmd = pci_read_config(ppt->dev, PCIR_COMMAND, 2); cmd &= ~(PCIM_CMD_PORTEN | PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN); @@ -448,6 +469,8 @@ ppt_unassign_device(struct vm *vm, int bus, int slot, int func) error = iommu_remove_device(vm_iommu_domain(vm), ppt->dev, pci_get_rid(ppt->dev)); ppt->vm = NULL; +out: + PPT_UNLOCK(); return (error); } @@ -500,13 +523,17 @@ ppt_map_mmio(struct vm *vm, int bus, int slot, int func, hpa % PAGE_SIZE != 0 || gpa + len < gpa || hpa + len < hpa) return (EINVAL); + PPT_LOCK(); error = ppt_find(vm, bus, slot, func, &ppt); if (error) - return (error); + goto out; - if (!ppt_valid_bar_mapping(ppt, hpa, len)) - return (EINVAL); + if (!ppt_valid_bar_mapping(ppt, hpa, len)) { + error = EINVAL; + goto out; + } + error = ENOSPC; for (i = 0; i < MAX_MMIOSEGS; i++) { seg = &ppt->mmio[i]; if (seg->len == 0) { @@ -515,10 +542,12 @@ ppt_map_mmio(struct vm *vm, int bus, int slot, int func, seg->gpa = gpa; seg->len = len; } - return (error); + break; } } - return (ENOSPC); +out: + PPT_UNLOCK(); + return (error); } int @@ -529,10 +558,12 @@ ppt_unmap_mmio(struct vm *vm, int bus, int slot, int func, struct pptseg *seg; struct pptdev *ppt; + PPT_LOCK(); error = ppt_find(vm, bus, slot, func, &ppt); if (error) - return (error); + goto out; + error = ENOENT; for (i = 0; i < MAX_MMIOSEGS; i++) { seg = &ppt->mmio[i]; if (seg->gpa == gpa && seg->len == len) { @@ -541,9 +572,11 @@ ppt_unmap_mmio(struct vm *vm, int bus, int slot, int func, seg->gpa = 0; seg->len = 0; } - return (error); + break; } } +out: + PPT_UNLOCK(); return (ENOENT); } @@ -586,19 +619,22 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func, if (numvec < 0 || numvec > MAX_MSIMSGS) return (EINVAL); + PPT_LOCK(); error = ppt_find(vm, bus, slot, func, &ppt); if (error) - return (error); + goto out; /* Reject attempts to enable MSI while MSI-X is active. */ - if (ppt->msix.num_msgs != 0 && numvec != 0) - return (EBUSY); + if (ppt->msix.num_msgs != 0 && numvec != 0) { + error = EBUSY; + goto out; + } /* Free any allocated resources */ ppt_teardown_msi(ppt); if (numvec == 0) /* nothing more to do */ - return (0); + goto out; flags = RF_ACTIVE; msi_count = pci_msi_count(ppt->dev); @@ -613,8 +649,10 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func, * The device must be capable of supporting the number of vectors * the guest wants to allocate. */ - if (numvec > msi_count) - return (EINVAL); + if (numvec > msi_count) { + error = EINVAL; + goto out; + } /* * Make sure that we can allocate all the MSI vectors that are needed @@ -624,10 +662,11 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func, tmp = numvec; error = pci_alloc_msi(ppt->dev, &tmp); if (error) - return (error); + goto out; else if (tmp != numvec) { pci_release_msi(ppt->dev); - return (ENOSPC); + error = ENOSPC; + goto out; } else { /* success */ } @@ -662,10 +701,12 @@ ppt_setup_msi(struct vm *vm, int bus, int slot, int func, if (i < numvec) { ppt_teardown_msi(ppt); - return (ENXIO); + error = ENXIO; } - return (0); +out: + PPT_UNLOCK(); + return (error); } int @@ -677,17 +718,22 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func, int numvec, alloced, rid, error; size_t res_size, cookie_size, arg_size; + PPT_LOCK(); error = ppt_find(vm, bus, slot, func, &ppt); if (error) - return (error); + goto out; /* Reject attempts to enable MSI-X while MSI is active. */ - if (ppt->msi.num_msgs != 0) - return (EBUSY); + if (ppt->msi.num_msgs != 0) { + error = EBUSY; + goto out; + } dinfo = device_get_ivars(ppt->dev); - if (!dinfo) - return (ENXIO); + if (dinfo == NULL) { + error = ENXIO; + goto out; + } /* * First-time configuration: @@ -697,8 +743,10 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func, */ if (ppt->msix.num_msgs == 0) { numvec = pci_msix_count(ppt->dev); - if (numvec <= 0) - return (EINVAL); + if (numvec <= 0) { + error = EINVAL; + goto out; + } ppt->msix.startrid = 1; ppt->msix.num_msgs = numvec; @@ -718,7 +766,8 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func, if (ppt->msix.msix_table_res == NULL) { ppt_teardown_msix(ppt); - return (ENOSPC); + error = ENOSPC; + goto out; } ppt->msix.msix_table_rid = rid; @@ -730,7 +779,8 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func, if (ppt->msix.msix_pba_res == NULL) { ppt_teardown_msix(ppt); - return (ENOSPC); + error = ENOSPC; + goto out; } ppt->msix.msix_pba_rid = rid; } @@ -739,12 +789,16 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func, error = pci_alloc_msix(ppt->dev, &alloced); if (error || alloced != numvec) { ppt_teardown_msix(ppt); - return (error == 0 ? ENOSPC: error); + if (error == 0) + error = ENOSPC; + goto out; } } - if (idx >= ppt->msix.num_msgs) - return (EINVAL); + if (idx >= ppt->msix.num_msgs) { + error = EINVAL; + goto out; + } if ((vector_control & PCIM_MSIX_VCTRL_MASK) == 0) { /* Tear down the IRQ if it's already set up */ @@ -755,8 +809,10 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func, rid = ppt->msix.startrid + idx; ppt->msix.res[idx] = bus_alloc_resource_any(ppt->dev, SYS_RES_IRQ, &rid, RF_ACTIVE); - if (ppt->msix.res[idx] == NULL) - return (ENXIO); + if (ppt->msix.res[idx] == NULL) { + error = ENXIO; + goto out; + } ppt->msix.arg[idx].pptdev = ppt; ppt->msix.arg[idx].addr = addr; @@ -767,19 +823,20 @@ ppt_setup_msix(struct vm *vm, int bus, int slot, int func, INTR_TYPE_NET | INTR_MPSAFE, pptintr, NULL, &ppt->msix.arg[idx], &ppt->msix.cookie[idx]); - if (error != 0) { bus_release_resource(ppt->dev, SYS_RES_IRQ, rid, ppt->msix.res[idx]); ppt->msix.cookie[idx] = NULL; ppt->msix.res[idx] = NULL; - return (ENXIO); + error = ENXIO; + goto out; } } else { /* Masked, tear it down if it's already been set up */ ppt_teardown_msix_intr(ppt, idx); } - - return (0); +out: + PPT_UNLOCK(); + return (error); } int @@ -788,10 +845,13 @@ ppt_disable_msix(struct vm *vm, int bus, int slot, int func) struct pptdev *ppt; int error; + PPT_LOCK(); error = ppt_find(vm, bus, slot, func, &ppt); - if (error) + if (error != 0) { + PPT_UNLOCK(); return (error); - + } ppt_teardown_msix(ppt); + PPT_UNLOCK(); return (0); }