Merge tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd

			      const struct iommu_user_data *user_data)

{

	struct arm_vsmmu *vsmmu = container_of(viommu, struct arm_vsmmu, core);

	const u32 SUPPORTED_FLAGS = IOMMU_HWPT_FAULT_ID_VALID;

	struct arm_smmu_nested_domain *nested_domain;

	struct iommu_hwpt_arm_smmuv3 arg;

	bool enable_ats = false;

	int ret;

	/*

	 * Faults delivered to the nested domain are faults that originated by

	 * the S1 in the domain. The core code will match all PASIDs when

	 * delivering the fault due to user_pasid_table

	 */

	if (flags & ~SUPPORTED_FLAGS)

	if (flags)

		return ERR_PTR(-EOPNOTSUPP);

	ret = iommu_copy_struct_from_user(&arg, user_data,

	bool first_stage;

	if (flags &

	    (~(IOMMU_HWPT_ALLOC_NEST_PARENT | IOMMU_HWPT_ALLOC_DIRTY_TRACKING

	       | IOMMU_HWPT_FAULT_ID_VALID)))

	    (~(IOMMU_HWPT_ALLOC_NEST_PARENT | IOMMU_HWPT_ALLOC_DIRTY_TRACKING)))

		return ERR_PTR(-EOPNOTSUPP);

	if (nested_parent && !nested_supported(iommu))

		return ERR_PTR(-EOPNOTSUPP);

{

	struct iommufd_fault *fault = hwpt->fault;

	struct iopf_group *group, *next;

	struct list_head free_list;

	unsigned long index;

	if (!fault)

		return;

	INIT_LIST_HEAD(&free_list);

	mutex_lock(&fault->mutex);

	spin_lock(&fault->lock);

	list_for_each_entry_safe(group, next, &fault->deliver, node) {

		if (group->attach_handle != &handle->handle)

			continue;

		list_move(&group->node, &free_list);

	}

	spin_unlock(&fault->lock);

	list_for_each_entry_safe(group, next, &free_list, node) {

		list_del(&group->node);

		iopf_group_response(group, IOMMU_PAGE_RESP_INVALID);

		iopf_free_group(group);

{

	struct iommufd_fault *fault = container_of(obj, struct iommufd_fault, obj);

	struct iopf_group *group, *next;

	unsigned long index;

	/*

	 * The iommufd object's reference count is zero at this point.

		iopf_group_response(group, IOMMU_PAGE_RESP_INVALID);

		iopf_free_group(group);

	}

	xa_for_each(&fault->response, index, group) {

		xa_erase(&fault->response, index);

		iopf_group_response(group, IOMMU_PAGE_RESP_INVALID);

		iopf_free_group(group);

	}

	xa_destroy(&fault->response);

	mutex_destroy(&fault->mutex);

}

static void iommufd_compose_fault_message(struct iommu_fault *fault,

{

	size_t fault_size = sizeof(struct iommu_hwpt_pgfault);

	struct iommufd_fault *fault = filep->private_data;

	struct iommu_hwpt_pgfault data;

	struct iommu_hwpt_pgfault data = {};

	struct iommufd_device *idev;

	struct iopf_group *group;

	struct iopf_fault *iopf;

		return -ESPIPE;

	mutex_lock(&fault->mutex);

	while (!list_empty(&fault->deliver) && count > done) {

		group = list_first_entry(&fault->deliver,

					 struct iopf_group, node);

		if (group->fault_count * fault_size > count - done)

	while ((group = iommufd_fault_deliver_fetch(fault))) {

		if (done >= count ||

		    group->fault_count * fault_size > count - done) {

			iommufd_fault_deliver_restore(fault, group);

			break;

		}

		rc = xa_alloc(&fault->response, &group->cookie, group,

			      xa_limit_32b, GFP_KERNEL);

		if (rc)

		if (rc) {

			iommufd_fault_deliver_restore(fault, group);

			break;

		}

		idev = to_iommufd_handle(group->attach_handle)->idev;

		list_for_each_entry(iopf, &group->faults, list) {

						      group->cookie);

			if (copy_to_user(buf + done, &data, fault_size)) {

				xa_erase(&fault->response, group->cookie);

				iommufd_fault_deliver_restore(fault, group);

				rc = -EFAULT;

				break;

			}

			done += fault_size;

		}

		list_del(&group->node);

	}

	mutex_unlock(&fault->mutex);

	__poll_t pollflags = EPOLLOUT;

	poll_wait(filep, &fault->wait_queue, wait);

	mutex_lock(&fault->mutex);

	spin_lock(&fault->lock);

	if (!list_empty(&fault->deliver))

		pollflags |= EPOLLIN | EPOLLRDNORM;

	mutex_unlock(&fault->mutex);

	spin_unlock(&fault->lock);

	return pollflags;

}

	INIT_LIST_HEAD(&fault->deliver);

	xa_init_flags(&fault->response, XA_FLAGS_ALLOC1);

	mutex_init(&fault->mutex);

	spin_lock_init(&fault->lock);

	init_waitqueue_head(&fault->wait_queue);

	filep = anon_inode_getfile("[iommufd-pgfault]", &iommufd_fault_fops,

	hwpt = group->attach_handle->domain->fault_data;

	fault = hwpt->fault;

	mutex_lock(&fault->mutex);

	spin_lock(&fault->lock);

	list_add_tail(&group->node, &fault->deliver);

	mutex_unlock(&fault->mutex);

	spin_unlock(&fault->lock);

	wake_up_interruptible(&fault->wait_queue);

	hwpt_paging->nest_parent = flags & IOMMU_HWPT_ALLOC_NEST_PARENT;

	if (ops->domain_alloc_paging_flags) {

		hwpt->domain = ops->domain_alloc_paging_flags(idev->dev, flags,

							      user_data);

		hwpt->domain = ops->domain_alloc_paging_flags(idev->dev,

				flags & ~IOMMU_HWPT_FAULT_ID_VALID, user_data);

		if (IS_ERR(hwpt->domain)) {

			rc = PTR_ERR(hwpt->domain);

			hwpt->domain = NULL;

	struct iommufd_hw_pagetable *hwpt;

	int rc;

	if (flags & ~IOMMU_HWPT_FAULT_ID_VALID)

		return ERR_PTR(-EOPNOTSUPP);

	if (!user_data->len)

		return ERR_PTR(-EOPNOTSUPP);

	if (!viommu->ops || !viommu->ops->alloc_domain_nested)

	hwpt_nested->parent = viommu->hwpt;

	hwpt->domain =

		viommu->ops->alloc_domain_nested(viommu, flags, user_data);

		viommu->ops->alloc_domain_nested(viommu,

				flags & ~IOMMU_HWPT_FAULT_ID_VALID,

				user_data);

	if (IS_ERR(hwpt->domain)) {

		rc = PTR_ERR(hwpt->domain);

		hwpt->domain = NULL;

	struct iommufd_ctx *ictx;

	struct file *filep;

	/* The lists of outstanding faults protected by below mutex. */

	struct mutex mutex;

	spinlock_t lock; /* protects the deliver list */

	struct list_head deliver;

	struct mutex mutex; /* serializes response flows */

	struct xarray response;

	struct wait_queue_head wait_queue;

};

/* Fetch the first node out of the fault->deliver list */

static inline struct iopf_group *

iommufd_fault_deliver_fetch(struct iommufd_fault *fault)

{

	struct list_head *list = &fault->deliver;

	struct iopf_group *group = NULL;

	spin_lock(&fault->lock);

	if (!list_empty(list)) {

		group = list_first_entry(list, struct iopf_group, node);

		list_del(&group->node);

	}

	spin_unlock(&fault->lock);

	return group;

}

/* Restore a node back to the head of the fault->deliver list */

static inline void iommufd_fault_deliver_restore(struct iommufd_fault *fault,

						 struct iopf_group *group)

{

	spin_lock(&fault->lock);

	list_add(&group->node, &fault->deliver);

	spin_unlock(&fault->lock);

}

struct iommufd_attach_handle {

	struct iommu_attach_handle handle;

	struct iommufd_device *idev;