1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * channel program interfaces 4 * 5 * Copyright IBM Corp. 2017 6 * 7 * Author(s): Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> 8 * Xiao Feng Ren <renxiaof@linux.vnet.ibm.com> 9 */ 10 11 #include <linux/ratelimit.h> 12 #include <linux/mm.h> 13 #include <linux/slab.h> 14 #include <linux/highmem.h> 15 #include <linux/iommu.h> 16 #include <linux/vfio.h> 17 #include <asm/idals.h> 18 19 #include "vfio_ccw_cp.h" 20 #include "vfio_ccw_private.h" 21 22 struct page_array { 23 /* Array that stores pages need to pin. */ 24 dma_addr_t *pa_iova; 25 /* Array that receives the pinned pages. */ 26 struct page **pa_page; 27 /* Number of pages pinned from @pa_iova. */ 28 int pa_nr; 29 }; 30 31 struct ccwchain { 32 struct list_head next; 33 struct ccw1 *ch_ccw; 34 /* Guest physical address of the current chain. */ 35 u64 ch_iova; 36 /* Count of the valid ccws in chain. */ 37 int ch_len; 38 /* Pinned PAGEs for the original data. */ 39 struct page_array *ch_pa; 40 }; 41 42 /* 43 * page_array_alloc() - alloc memory for page array 44 * @pa: page_array on which to perform the operation 45 * @len: number of pages that should be pinned from @iova 46 * 47 * Attempt to allocate memory for page array. 48 * 49 * Usage of page_array: 50 * We expect (pa_nr == 0) and (pa_iova == NULL), any field in 51 * this structure will be filled in by this function. 52 * 53 * Returns: 54 * 0 if page array is allocated 55 * -EINVAL if pa->pa_nr is not initially zero, or pa->pa_iova is not NULL 56 * -ENOMEM if alloc failed 57 */ 58 static int page_array_alloc(struct page_array *pa, unsigned int len) 59 { 60 if (pa->pa_nr || pa->pa_iova) 61 return -EINVAL; 62 63 if (len == 0) 64 return -EINVAL; 65 66 pa->pa_nr = len; 67 68 pa->pa_iova = kcalloc(len, sizeof(*pa->pa_iova), GFP_KERNEL); 69 if (!pa->pa_iova) 70 return -ENOMEM; 71 72 pa->pa_page = kcalloc(len, sizeof(*pa->pa_page), GFP_KERNEL); 73 if (!pa->pa_page) { 74 kfree(pa->pa_iova); 75 return -ENOMEM; 76 } 77 78 return 0; 79 } 80 81 /* 82 * page_array_unpin() - Unpin user pages in memory 83 * @pa: page_array on which to perform the operation 84 * @vdev: the vfio device to perform the operation 85 * @pa_nr: number of user pages to unpin 86 * 87 * Only unpin if any pages were pinned to begin with, i.e. pa_nr > 0, 88 * otherwise only clear pa->pa_nr 89 */ 90 static void page_array_unpin(struct page_array *pa, 91 struct vfio_device *vdev, int pa_nr) 92 { 93 int unpinned = 0, npage = 1; 94 95 while (unpinned < pa_nr) { 96 dma_addr_t *first = &pa->pa_iova[unpinned]; 97 dma_addr_t *last = &first[npage]; 98 99 if (unpinned + npage < pa_nr && 100 *first + npage * PAGE_SIZE == *last) { 101 npage++; 102 continue; 103 } 104 105 vfio_unpin_pages(vdev, *first, npage); 106 unpinned += npage; 107 npage = 1; 108 } 109 110 pa->pa_nr = 0; 111 } 112 113 /* 114 * page_array_pin() - Pin user pages in memory 115 * @pa: page_array on which to perform the operation 116 * @vdev: the vfio device to perform pin operations 117 * 118 * Returns number of pages pinned upon success. 119 * If the pin request partially succeeds, or fails completely, 120 * all pages are left unpinned and a negative error value is returned. 121 */ 122 static int page_array_pin(struct page_array *pa, struct vfio_device *vdev) 123 { 124 int pinned = 0, npage = 1; 125 int ret = 0; 126 127 while (pinned < pa->pa_nr) { 128 dma_addr_t *first = &pa->pa_iova[pinned]; 129 dma_addr_t *last = &first[npage]; 130 131 if (pinned + npage < pa->pa_nr && 132 *first + npage * PAGE_SIZE == *last) { 133 npage++; 134 continue; 135 } 136 137 ret = vfio_pin_pages(vdev, *first, npage, 138 IOMMU_READ | IOMMU_WRITE, 139 &pa->pa_page[pinned]); 140 if (ret < 0) { 141 goto err_out; 142 } else if (ret > 0 && ret != npage) { 143 pinned += ret; 144 ret = -EINVAL; 145 goto err_out; 146 } 147 pinned += npage; 148 npage = 1; 149 } 150 151 return ret; 152 153 err_out: 154 page_array_unpin(pa, vdev, pinned); 155 return ret; 156 } 157 158 /* Unpin the pages before releasing the memory. */ 159 static void page_array_unpin_free(struct page_array *pa, struct vfio_device *vdev) 160 { 161 page_array_unpin(pa, vdev, pa->pa_nr); 162 kfree(pa->pa_page); 163 kfree(pa->pa_iova); 164 } 165 166 static bool page_array_iova_pinned(struct page_array *pa, u64 iova, u64 length) 167 { 168 u64 iova_pfn_start = iova >> PAGE_SHIFT; 169 u64 iova_pfn_end = (iova + length - 1) >> PAGE_SHIFT; 170 u64 pfn; 171 int i; 172 173 for (i = 0; i < pa->pa_nr; i++) { 174 pfn = pa->pa_iova[i] >> PAGE_SHIFT; 175 if (pfn >= iova_pfn_start && pfn <= iova_pfn_end) 176 return true; 177 } 178 179 return false; 180 } 181 /* Create the list of IDAL words for a page_array. */ 182 static inline void page_array_idal_create_words(struct page_array *pa, 183 unsigned long *idaws) 184 { 185 int i; 186 187 /* 188 * Idal words (execept the first one) rely on the memory being 4k 189 * aligned. If a user virtual address is 4K aligned, then it's 190 * corresponding kernel physical address will also be 4K aligned. Thus 191 * there will be no problem here to simply use the phys to create an 192 * idaw. 193 */ 194 195 for (i = 0; i < pa->pa_nr; i++) { 196 idaws[i] = page_to_phys(pa->pa_page[i]); 197 198 /* Incorporate any offset from each starting address */ 199 idaws[i] += pa->pa_iova[i] & (PAGE_SIZE - 1); 200 } 201 } 202 203 static void convert_ccw0_to_ccw1(struct ccw1 *source, unsigned long len) 204 { 205 struct ccw0 ccw0; 206 struct ccw1 *pccw1 = source; 207 int i; 208 209 for (i = 0; i < len; i++) { 210 ccw0 = *(struct ccw0 *)pccw1; 211 if ((pccw1->cmd_code & 0x0f) == CCW_CMD_TIC) { 212 pccw1->cmd_code = CCW_CMD_TIC; 213 pccw1->flags = 0; 214 pccw1->count = 0; 215 } else { 216 pccw1->cmd_code = ccw0.cmd_code; 217 pccw1->flags = ccw0.flags; 218 pccw1->count = ccw0.count; 219 } 220 pccw1->cda = ccw0.cda; 221 pccw1++; 222 } 223 } 224 225 #define idal_is_2k(_cp) (!(_cp)->orb.cmd.c64 || (_cp)->orb.cmd.i2k) 226 227 /* 228 * Helpers to operate ccwchain. 229 */ 230 #define ccw_is_read(_ccw) (((_ccw)->cmd_code & 0x03) == 0x02) 231 #define ccw_is_read_backward(_ccw) (((_ccw)->cmd_code & 0x0F) == 0x0C) 232 #define ccw_is_sense(_ccw) (((_ccw)->cmd_code & 0x0F) == CCW_CMD_BASIC_SENSE) 233 234 #define ccw_is_noop(_ccw) ((_ccw)->cmd_code == CCW_CMD_NOOP) 235 236 #define ccw_is_tic(_ccw) ((_ccw)->cmd_code == CCW_CMD_TIC) 237 238 #define ccw_is_idal(_ccw) ((_ccw)->flags & CCW_FLAG_IDA) 239 #define ccw_is_skip(_ccw) ((_ccw)->flags & CCW_FLAG_SKIP) 240 241 #define ccw_is_chain(_ccw) ((_ccw)->flags & (CCW_FLAG_CC | CCW_FLAG_DC)) 242 243 /* 244 * ccw_does_data_transfer() 245 * 246 * Determine whether a CCW will move any data, such that the guest pages 247 * would need to be pinned before performing the I/O. 248 * 249 * Returns 1 if yes, 0 if no. 250 */ 251 static inline int ccw_does_data_transfer(struct ccw1 *ccw) 252 { 253 /* If the count field is zero, then no data will be transferred */ 254 if (ccw->count == 0) 255 return 0; 256 257 /* If the command is a NOP, then no data will be transferred */ 258 if (ccw_is_noop(ccw)) 259 return 0; 260 261 /* If the skip flag is off, then data will be transferred */ 262 if (!ccw_is_skip(ccw)) 263 return 1; 264 265 /* 266 * If the skip flag is on, it is only meaningful if the command 267 * code is a read, read backward, sense, or sense ID. In those 268 * cases, no data will be transferred. 269 */ 270 if (ccw_is_read(ccw) || ccw_is_read_backward(ccw)) 271 return 0; 272 273 if (ccw_is_sense(ccw)) 274 return 0; 275 276 /* The skip flag is on, but it is ignored for this command code. */ 277 return 1; 278 } 279 280 /* 281 * is_cpa_within_range() 282 * 283 * @cpa: channel program address being questioned 284 * @head: address of the beginning of a CCW chain 285 * @len: number of CCWs within the chain 286 * 287 * Determine whether the address of a CCW (whether a new chain, 288 * or the target of a TIC) falls within a range (including the end points). 289 * 290 * Returns 1 if yes, 0 if no. 291 */ 292 static inline int is_cpa_within_range(u32 cpa, u32 head, int len) 293 { 294 u32 tail = head + (len - 1) * sizeof(struct ccw1); 295 296 return (head <= cpa && cpa <= tail); 297 } 298 299 static inline int is_tic_within_range(struct ccw1 *ccw, u32 head, int len) 300 { 301 if (!ccw_is_tic(ccw)) 302 return 0; 303 304 return is_cpa_within_range(ccw->cda, head, len); 305 } 306 307 static struct ccwchain *ccwchain_alloc(struct channel_program *cp, int len) 308 { 309 struct ccwchain *chain; 310 311 chain = kzalloc(sizeof(*chain), GFP_KERNEL); 312 if (!chain) 313 return NULL; 314 315 chain->ch_ccw = kcalloc(len, sizeof(*chain->ch_ccw), GFP_DMA | GFP_KERNEL); 316 if (!chain->ch_ccw) 317 goto out_err; 318 319 chain->ch_pa = kcalloc(len, sizeof(*chain->ch_pa), GFP_KERNEL); 320 if (!chain->ch_pa) 321 goto out_err; 322 323 list_add_tail(&chain->next, &cp->ccwchain_list); 324 325 return chain; 326 327 out_err: 328 kfree(chain->ch_ccw); 329 kfree(chain); 330 return NULL; 331 } 332 333 static void ccwchain_free(struct ccwchain *chain) 334 { 335 list_del(&chain->next); 336 kfree(chain->ch_pa); 337 kfree(chain->ch_ccw); 338 kfree(chain); 339 } 340 341 /* Free resource for a ccw that allocated memory for its cda. */ 342 static void ccwchain_cda_free(struct ccwchain *chain, int idx) 343 { 344 struct ccw1 *ccw = &chain->ch_ccw[idx]; 345 346 if (ccw_is_tic(ccw)) 347 return; 348 349 kfree(phys_to_virt(ccw->cda)); 350 } 351 352 /** 353 * ccwchain_calc_length - calculate the length of the ccw chain. 354 * @iova: guest physical address of the target ccw chain 355 * @cp: channel_program on which to perform the operation 356 * 357 * This is the chain length not considering any TICs. 358 * You need to do a new round for each TIC target. 359 * 360 * The program is also validated for absence of not yet supported 361 * indirect data addressing scenarios. 362 * 363 * Returns: the length of the ccw chain or -errno. 364 */ 365 static int ccwchain_calc_length(u64 iova, struct channel_program *cp) 366 { 367 struct ccw1 *ccw = cp->guest_cp; 368 int cnt = 0; 369 370 do { 371 cnt++; 372 373 /* 374 * As we don't want to fail direct addressing even if the 375 * orb specified one of the unsupported formats, we defer 376 * checking for IDAWs in unsupported formats to here. 377 */ 378 if ((!cp->orb.cmd.c64 || cp->orb.cmd.i2k) && ccw_is_idal(ccw)) 379 return -EOPNOTSUPP; 380 381 /* 382 * We want to keep counting if the current CCW has the 383 * command-chaining flag enabled, or if it is a TIC CCW 384 * that loops back into the current chain. The latter 385 * is used for device orientation, where the CCW PRIOR to 386 * the TIC can either jump to the TIC or a CCW immediately 387 * after the TIC, depending on the results of its operation. 388 */ 389 if (!ccw_is_chain(ccw) && !is_tic_within_range(ccw, iova, cnt)) 390 break; 391 392 ccw++; 393 } while (cnt < CCWCHAIN_LEN_MAX + 1); 394 395 if (cnt == CCWCHAIN_LEN_MAX + 1) 396 cnt = -EINVAL; 397 398 return cnt; 399 } 400 401 static int tic_target_chain_exists(struct ccw1 *tic, struct channel_program *cp) 402 { 403 struct ccwchain *chain; 404 u32 ccw_head; 405 406 list_for_each_entry(chain, &cp->ccwchain_list, next) { 407 ccw_head = chain->ch_iova; 408 if (is_cpa_within_range(tic->cda, ccw_head, chain->ch_len)) 409 return 1; 410 } 411 412 return 0; 413 } 414 415 static int ccwchain_loop_tic(struct ccwchain *chain, 416 struct channel_program *cp); 417 418 static int ccwchain_handle_ccw(u32 cda, struct channel_program *cp) 419 { 420 struct vfio_device *vdev = 421 &container_of(cp, struct vfio_ccw_private, cp)->vdev; 422 struct ccwchain *chain; 423 int len, ret; 424 425 /* Copy 2K (the most we support today) of possible CCWs */ 426 ret = vfio_dma_rw(vdev, cda, cp->guest_cp, CCWCHAIN_LEN_MAX * sizeof(struct ccw1), false); 427 if (ret) 428 return ret; 429 430 /* Convert any Format-0 CCWs to Format-1 */ 431 if (!cp->orb.cmd.fmt) 432 convert_ccw0_to_ccw1(cp->guest_cp, CCWCHAIN_LEN_MAX); 433 434 /* Count the CCWs in the current chain */ 435 len = ccwchain_calc_length(cda, cp); 436 if (len < 0) 437 return len; 438 439 /* Need alloc a new chain for this one. */ 440 chain = ccwchain_alloc(cp, len); 441 if (!chain) 442 return -ENOMEM; 443 444 chain->ch_len = len; 445 chain->ch_iova = cda; 446 447 /* Copy the actual CCWs into the new chain */ 448 memcpy(chain->ch_ccw, cp->guest_cp, len * sizeof(struct ccw1)); 449 450 /* Loop for tics on this new chain. */ 451 ret = ccwchain_loop_tic(chain, cp); 452 453 if (ret) 454 ccwchain_free(chain); 455 456 return ret; 457 } 458 459 /* Loop for TICs. */ 460 static int ccwchain_loop_tic(struct ccwchain *chain, struct channel_program *cp) 461 { 462 struct ccw1 *tic; 463 int i, ret; 464 465 for (i = 0; i < chain->ch_len; i++) { 466 tic = &chain->ch_ccw[i]; 467 468 if (!ccw_is_tic(tic)) 469 continue; 470 471 /* May transfer to an existing chain. */ 472 if (tic_target_chain_exists(tic, cp)) 473 continue; 474 475 /* Build a ccwchain for the next segment */ 476 ret = ccwchain_handle_ccw(tic->cda, cp); 477 if (ret) 478 return ret; 479 } 480 481 return 0; 482 } 483 484 static int ccwchain_fetch_tic(struct ccw1 *ccw, 485 struct channel_program *cp) 486 { 487 struct ccwchain *iter; 488 u32 ccw_head; 489 490 list_for_each_entry(iter, &cp->ccwchain_list, next) { 491 ccw_head = iter->ch_iova; 492 if (is_cpa_within_range(ccw->cda, ccw_head, iter->ch_len)) { 493 ccw->cda = (__u32) (addr_t) (((char *)iter->ch_ccw) + 494 (ccw->cda - ccw_head)); 495 return 0; 496 } 497 } 498 499 return -EFAULT; 500 } 501 502 static unsigned long *get_guest_idal(struct ccw1 *ccw, 503 struct channel_program *cp, 504 int idaw_nr) 505 { 506 struct vfio_device *vdev = 507 &container_of(cp, struct vfio_ccw_private, cp)->vdev; 508 unsigned long *idaws; 509 unsigned int *idaws_f1; 510 int idal_len = idaw_nr * sizeof(*idaws); 511 int idaw_size = idal_is_2k(cp) ? PAGE_SIZE / 2 : PAGE_SIZE; 512 int idaw_mask = ~(idaw_size - 1); 513 int i, ret; 514 515 idaws = kcalloc(idaw_nr, sizeof(*idaws), GFP_DMA | GFP_KERNEL); 516 if (!idaws) 517 return ERR_PTR(-ENOMEM); 518 519 if (ccw_is_idal(ccw)) { 520 /* Copy IDAL from guest */ 521 ret = vfio_dma_rw(vdev, ccw->cda, idaws, idal_len, false); 522 if (ret) { 523 kfree(idaws); 524 return ERR_PTR(ret); 525 } 526 } else { 527 /* Fabricate an IDAL based off CCW data address */ 528 if (cp->orb.cmd.c64) { 529 idaws[0] = ccw->cda; 530 for (i = 1; i < idaw_nr; i++) 531 idaws[i] = (idaws[i - 1] + idaw_size) & idaw_mask; 532 } else { 533 idaws_f1 = (unsigned int *)idaws; 534 idaws_f1[0] = ccw->cda; 535 for (i = 1; i < idaw_nr; i++) 536 idaws_f1[i] = (idaws_f1[i - 1] + idaw_size) & idaw_mask; 537 } 538 } 539 540 return idaws; 541 } 542 543 /* 544 * ccw_count_idaws() - Calculate the number of IDAWs needed to transfer 545 * a specified amount of data 546 * 547 * @ccw: The Channel Command Word being translated 548 * @cp: Channel Program being processed 549 * 550 * The ORB is examined, since it specifies what IDAWs could actually be 551 * used by any CCW in the channel program, regardless of whether or not 552 * the CCW actually does. An ORB that does not specify Format-2-IDAW 553 * Control could still contain a CCW with an IDAL, which would be 554 * Format-1 and thus only move 2K with each IDAW. Thus all CCWs within 555 * the channel program must follow the same size requirements. 556 */ 557 static int ccw_count_idaws(struct ccw1 *ccw, 558 struct channel_program *cp) 559 { 560 struct vfio_device *vdev = 561 &container_of(cp, struct vfio_ccw_private, cp)->vdev; 562 u64 iova; 563 int size = cp->orb.cmd.c64 ? sizeof(u64) : sizeof(u32); 564 int ret; 565 int bytes = 1; 566 567 if (ccw->count) 568 bytes = ccw->count; 569 570 if (ccw_is_idal(ccw)) { 571 /* Read first IDAW to check its starting address. */ 572 /* All subsequent IDAWs will be 2K- or 4K-aligned. */ 573 ret = vfio_dma_rw(vdev, ccw->cda, &iova, size, false); 574 if (ret) 575 return ret; 576 577 /* 578 * Format-1 IDAWs only occupy the first 32 bits, 579 * and bit 0 is always off. 580 */ 581 if (!cp->orb.cmd.c64) 582 iova = iova >> 32; 583 } else { 584 iova = ccw->cda; 585 } 586 587 /* Format-1 IDAWs operate on 2K each */ 588 if (!cp->orb.cmd.c64) 589 return idal_2k_nr_words((void *)iova, bytes); 590 591 /* Using the 2K variant of Format-2 IDAWs? */ 592 if (cp->orb.cmd.i2k) 593 return idal_2k_nr_words((void *)iova, bytes); 594 595 /* The 'usual' case is 4K Format-2 IDAWs */ 596 return idal_nr_words((void *)iova, bytes); 597 } 598 599 static int ccwchain_fetch_ccw(struct ccw1 *ccw, 600 struct page_array *pa, 601 struct channel_program *cp) 602 { 603 struct vfio_device *vdev = 604 &container_of(cp, struct vfio_ccw_private, cp)->vdev; 605 unsigned long *idaws; 606 unsigned int *idaws_f1; 607 int ret; 608 int idaw_nr; 609 int i; 610 611 /* Calculate size of IDAL */ 612 idaw_nr = ccw_count_idaws(ccw, cp); 613 if (idaw_nr < 0) 614 return idaw_nr; 615 616 /* Allocate an IDAL from host storage */ 617 idaws = get_guest_idal(ccw, cp, idaw_nr); 618 if (IS_ERR(idaws)) { 619 ret = PTR_ERR(idaws); 620 goto out_init; 621 } 622 623 /* 624 * Allocate an array of pages to pin/translate. 625 * The number of pages is actually the count of the idaws 626 * required for the data transfer, since we only only support 627 * 4K IDAWs today. 628 */ 629 ret = page_array_alloc(pa, idaw_nr); 630 if (ret < 0) 631 goto out_free_idaws; 632 633 /* 634 * Copy guest IDAWs into page_array, in case the memory they 635 * occupy is not contiguous. 636 */ 637 idaws_f1 = (unsigned int *)idaws; 638 for (i = 0; i < idaw_nr; i++) { 639 if (cp->orb.cmd.c64) 640 pa->pa_iova[i] = idaws[i]; 641 else 642 pa->pa_iova[i] = idaws_f1[i]; 643 } 644 645 if (ccw_does_data_transfer(ccw)) { 646 ret = page_array_pin(pa, vdev); 647 if (ret < 0) 648 goto out_unpin; 649 } else { 650 pa->pa_nr = 0; 651 } 652 653 ccw->cda = (__u32) virt_to_phys(idaws); 654 ccw->flags |= CCW_FLAG_IDA; 655 656 /* Populate the IDAL with pinned/translated addresses from page */ 657 page_array_idal_create_words(pa, idaws); 658 659 return 0; 660 661 out_unpin: 662 page_array_unpin_free(pa, vdev); 663 out_free_idaws: 664 kfree(idaws); 665 out_init: 666 ccw->cda = 0; 667 return ret; 668 } 669 670 /* 671 * Fetch one ccw. 672 * To reduce memory copy, we'll pin the cda page in memory, 673 * and to get rid of the cda 2G limitiaion of ccw1, we'll translate 674 * direct ccws to idal ccws. 675 */ 676 static int ccwchain_fetch_one(struct ccw1 *ccw, 677 struct page_array *pa, 678 struct channel_program *cp) 679 680 { 681 if (ccw_is_tic(ccw)) 682 return ccwchain_fetch_tic(ccw, cp); 683 684 return ccwchain_fetch_ccw(ccw, pa, cp); 685 } 686 687 /** 688 * cp_init() - allocate ccwchains for a channel program. 689 * @cp: channel_program on which to perform the operation 690 * @orb: control block for the channel program from the guest 691 * 692 * This creates one or more ccwchain(s), and copies the raw data of 693 * the target channel program from @orb->cmd.iova to the new ccwchain(s). 694 * 695 * Limitations: 696 * 1. Supports idal(c64) ccw chaining. 697 * 2. Supports 4k idaw. 698 * 699 * Returns: 700 * %0 on success and a negative error value on failure. 701 */ 702 int cp_init(struct channel_program *cp, union orb *orb) 703 { 704 struct vfio_device *vdev = 705 &container_of(cp, struct vfio_ccw_private, cp)->vdev; 706 /* custom ratelimit used to avoid flood during guest IPL */ 707 static DEFINE_RATELIMIT_STATE(ratelimit_state, 5 * HZ, 1); 708 int ret; 709 710 /* this is an error in the caller */ 711 if (cp->initialized) 712 return -EBUSY; 713 714 /* 715 * We only support prefetching the channel program. We assume all channel 716 * programs executed by supported guests likewise support prefetching. 717 * Executing a channel program that does not specify prefetching will 718 * typically not cause an error, but a warning is issued to help identify 719 * the problem if something does break. 720 */ 721 if (!orb->cmd.pfch && __ratelimit(&ratelimit_state)) 722 dev_warn( 723 vdev->dev, 724 "Prefetching channel program even though prefetch not specified in ORB"); 725 726 INIT_LIST_HEAD(&cp->ccwchain_list); 727 memcpy(&cp->orb, orb, sizeof(*orb)); 728 729 /* Build a ccwchain for the first CCW segment */ 730 ret = ccwchain_handle_ccw(orb->cmd.cpa, cp); 731 732 if (!ret) 733 cp->initialized = true; 734 735 return ret; 736 } 737 738 739 /** 740 * cp_free() - free resources for channel program. 741 * @cp: channel_program on which to perform the operation 742 * 743 * This unpins the memory pages and frees the memory space occupied by 744 * @cp, which must have been returned by a previous call to cp_init(). 745 * Otherwise, undefined behavior occurs. 746 */ 747 void cp_free(struct channel_program *cp) 748 { 749 struct vfio_device *vdev = 750 &container_of(cp, struct vfio_ccw_private, cp)->vdev; 751 struct ccwchain *chain, *temp; 752 int i; 753 754 if (!cp->initialized) 755 return; 756 757 cp->initialized = false; 758 list_for_each_entry_safe(chain, temp, &cp->ccwchain_list, next) { 759 for (i = 0; i < chain->ch_len; i++) { 760 page_array_unpin_free(&chain->ch_pa[i], vdev); 761 ccwchain_cda_free(chain, i); 762 } 763 ccwchain_free(chain); 764 } 765 } 766 767 /** 768 * cp_prefetch() - translate a guest physical address channel program to 769 * a real-device runnable channel program. 770 * @cp: channel_program on which to perform the operation 771 * 772 * This function translates the guest-physical-address channel program 773 * and stores the result to ccwchain list. @cp must have been 774 * initialized by a previous call with cp_init(). Otherwise, undefined 775 * behavior occurs. 776 * For each chain composing the channel program: 777 * - On entry ch_len holds the count of CCWs to be translated. 778 * - On exit ch_len is adjusted to the count of successfully translated CCWs. 779 * This allows cp_free to find in ch_len the count of CCWs to free in a chain. 780 * 781 * The S/390 CCW Translation APIS (prefixed by 'cp_') are introduced 782 * as helpers to do ccw chain translation inside the kernel. Basically 783 * they accept a channel program issued by a virtual machine, and 784 * translate the channel program to a real-device runnable channel 785 * program. 786 * 787 * These APIs will copy the ccws into kernel-space buffers, and update 788 * the guest phsical addresses with their corresponding host physical 789 * addresses. Then channel I/O device drivers could issue the 790 * translated channel program to real devices to perform an I/O 791 * operation. 792 * 793 * These interfaces are designed to support translation only for 794 * channel programs, which are generated and formatted by a 795 * guest. Thus this will make it possible for things like VFIO to 796 * leverage the interfaces to passthrough a channel I/O mediated 797 * device in QEMU. 798 * 799 * We support direct ccw chaining by translating them to idal ccws. 800 * 801 * Returns: 802 * %0 on success and a negative error value on failure. 803 */ 804 int cp_prefetch(struct channel_program *cp) 805 { 806 struct ccwchain *chain; 807 struct ccw1 *ccw; 808 struct page_array *pa; 809 int len, idx, ret; 810 811 /* this is an error in the caller */ 812 if (!cp->initialized) 813 return -EINVAL; 814 815 list_for_each_entry(chain, &cp->ccwchain_list, next) { 816 len = chain->ch_len; 817 for (idx = 0; idx < len; idx++) { 818 ccw = &chain->ch_ccw[idx]; 819 pa = &chain->ch_pa[idx]; 820 821 ret = ccwchain_fetch_one(ccw, pa, cp); 822 if (ret) 823 goto out_err; 824 } 825 } 826 827 return 0; 828 out_err: 829 /* Only cleanup the chain elements that were actually translated. */ 830 chain->ch_len = idx; 831 list_for_each_entry_continue(chain, &cp->ccwchain_list, next) { 832 chain->ch_len = 0; 833 } 834 return ret; 835 } 836 837 /** 838 * cp_get_orb() - get the orb of the channel program 839 * @cp: channel_program on which to perform the operation 840 * @sch: subchannel the operation will be performed against 841 * 842 * This function returns the address of the updated orb of the channel 843 * program. Channel I/O device drivers could use this orb to issue a 844 * ssch. 845 */ 846 union orb *cp_get_orb(struct channel_program *cp, struct subchannel *sch) 847 { 848 union orb *orb; 849 struct ccwchain *chain; 850 struct ccw1 *cpa; 851 852 /* this is an error in the caller */ 853 if (!cp->initialized) 854 return NULL; 855 856 orb = &cp->orb; 857 858 orb->cmd.intparm = (u32)virt_to_phys(sch); 859 orb->cmd.fmt = 1; 860 861 /* 862 * Everything built by vfio-ccw is a Format-2 IDAL. 863 * If the input was a Format-1 IDAL, indicate that 864 * 2K Format-2 IDAWs were created here. 865 */ 866 if (!orb->cmd.c64) 867 orb->cmd.i2k = 1; 868 orb->cmd.c64 = 1; 869 870 if (orb->cmd.lpm == 0) 871 orb->cmd.lpm = sch->lpm; 872 873 chain = list_first_entry(&cp->ccwchain_list, struct ccwchain, next); 874 cpa = chain->ch_ccw; 875 orb->cmd.cpa = (__u32)virt_to_phys(cpa); 876 877 return orb; 878 } 879 880 /** 881 * cp_update_scsw() - update scsw for a channel program. 882 * @cp: channel_program on which to perform the operation 883 * @scsw: I/O results of the channel program and also the target to be 884 * updated 885 * 886 * @scsw contains the I/O results of the channel program that pointed 887 * to by @cp. However what @scsw->cpa stores is a host physical 888 * address, which is meaningless for the guest, which is waiting for 889 * the I/O results. 890 * 891 * This function updates @scsw->cpa to its coressponding guest physical 892 * address. 893 */ 894 void cp_update_scsw(struct channel_program *cp, union scsw *scsw) 895 { 896 struct ccwchain *chain; 897 u32 cpa = scsw->cmd.cpa; 898 u32 ccw_head; 899 900 if (!cp->initialized) 901 return; 902 903 /* 904 * LATER: 905 * For now, only update the cmd.cpa part. We may need to deal with 906 * other portions of the schib as well, even if we don't return them 907 * in the ioctl directly. Path status changes etc. 908 */ 909 list_for_each_entry(chain, &cp->ccwchain_list, next) { 910 ccw_head = (u32)(u64)chain->ch_ccw; 911 /* 912 * On successful execution, cpa points just beyond the end 913 * of the chain. 914 */ 915 if (is_cpa_within_range(cpa, ccw_head, chain->ch_len + 1)) { 916 /* 917 * (cpa - ccw_head) is the offset value of the host 918 * physical ccw to its chain head. 919 * Adding this value to the guest physical ccw chain 920 * head gets us the guest cpa. 921 */ 922 cpa = chain->ch_iova + (cpa - ccw_head); 923 break; 924 } 925 } 926 927 scsw->cmd.cpa = cpa; 928 } 929 930 /** 931 * cp_iova_pinned() - check if an iova is pinned for a ccw chain. 932 * @cp: channel_program on which to perform the operation 933 * @iova: the iova to check 934 * @length: the length to check from @iova 935 * 936 * If the @iova is currently pinned for the ccw chain, return true; 937 * else return false. 938 */ 939 bool cp_iova_pinned(struct channel_program *cp, u64 iova, u64 length) 940 { 941 struct ccwchain *chain; 942 int i; 943 944 if (!cp->initialized) 945 return false; 946 947 list_for_each_entry(chain, &cp->ccwchain_list, next) { 948 for (i = 0; i < chain->ch_len; i++) 949 if (page_array_iova_pinned(&chain->ch_pa[i], iova, length)) 950 return true; 951 } 952 953 return false; 954 } 955