xref: /openbmc/linux/drivers/cxl/core/mbox.c (revision 248ed9e227e6cf59acb1aaf3aa30d530a0232c1a)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright(c) 2020 Intel Corporation. All rights reserved. */
3 #include <linux/io-64-nonatomic-lo-hi.h>
4 #include <linux/security.h>
5 #include <linux/debugfs.h>
6 #include <linux/ktime.h>
7 #include <linux/mutex.h>
8 #include <cxlmem.h>
9 #include <cxl.h>
10 
11 #include "core.h"
12 #include "trace.h"
13 
14 static bool cxl_raw_allow_all;
15 
16 /**
17  * DOC: cxl mbox
18  *
19  * Core implementation of the CXL 2.0 Type-3 Memory Device Mailbox. The
20  * implementation is used by the cxl_pci driver to initialize the device
21  * and implement the cxl_mem.h IOCTL UAPI. It also implements the
22  * backend of the cxl_pmem_ctl() transport for LIBNVDIMM.
23  */
24 
25 #define cxl_for_each_cmd(cmd)                                                  \
26 	for ((cmd) = &cxl_mem_commands[0];                                     \
27 	     ((cmd) - cxl_mem_commands) < ARRAY_SIZE(cxl_mem_commands); (cmd)++)
28 
29 #define CXL_CMD(_id, sin, sout, _flags)                                        \
30 	[CXL_MEM_COMMAND_ID_##_id] = {                                         \
31 	.info =	{                                                              \
32 			.id = CXL_MEM_COMMAND_ID_##_id,                        \
33 			.size_in = sin,                                        \
34 			.size_out = sout,                                      \
35 		},                                                             \
36 	.opcode = CXL_MBOX_OP_##_id,                                           \
37 	.flags = _flags,                                                       \
38 	}
39 
40 #define CXL_VARIABLE_PAYLOAD	~0U
41 /*
42  * This table defines the supported mailbox commands for the driver. This table
43  * is made up of a UAPI structure. Non-negative values as parameters in the
44  * table will be validated against the user's input. For example, if size_in is
45  * 0, and the user passed in 1, it is an error.
46  */
47 static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
48 	CXL_CMD(IDENTIFY, 0, 0x43, CXL_CMD_FLAG_FORCE_ENABLE),
49 #ifdef CONFIG_CXL_MEM_RAW_COMMANDS
50 	CXL_CMD(RAW, CXL_VARIABLE_PAYLOAD, CXL_VARIABLE_PAYLOAD, 0),
51 #endif
52 	CXL_CMD(GET_SUPPORTED_LOGS, 0, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
53 	CXL_CMD(GET_FW_INFO, 0, 0x50, 0),
54 	CXL_CMD(GET_PARTITION_INFO, 0, 0x20, 0),
55 	CXL_CMD(GET_LSA, 0x8, CXL_VARIABLE_PAYLOAD, 0),
56 	CXL_CMD(GET_HEALTH_INFO, 0, 0x12, 0),
57 	CXL_CMD(GET_LOG, 0x18, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
58 	CXL_CMD(SET_PARTITION_INFO, 0x0a, 0, 0),
59 	CXL_CMD(SET_LSA, CXL_VARIABLE_PAYLOAD, 0, 0),
60 	CXL_CMD(GET_ALERT_CONFIG, 0, 0x10, 0),
61 	CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
62 	CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
63 	CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
64 	CXL_CMD(GET_POISON, 0x10, CXL_VARIABLE_PAYLOAD, 0),
65 	CXL_CMD(INJECT_POISON, 0x8, 0, 0),
66 	CXL_CMD(CLEAR_POISON, 0x48, 0, 0),
67 	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
68 	CXL_CMD(SCAN_MEDIA, 0x11, 0, 0),
69 	CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),
70 };
71 
72 /*
73  * Commands that RAW doesn't permit. The rationale for each:
74  *
75  * CXL_MBOX_OP_ACTIVATE_FW: Firmware activation requires adjustment /
76  * coordination of transaction timeout values at the root bridge level.
77  *
78  * CXL_MBOX_OP_SET_PARTITION_INFO: The device memory map may change live
79  * and needs to be coordinated with HDM updates.
80  *
81  * CXL_MBOX_OP_SET_LSA: The label storage area may be cached by the
82  * driver and any writes from userspace invalidates those contents.
83  *
84  * CXL_MBOX_OP_SET_SHUTDOWN_STATE: Set shutdown state assumes no writes
85  * to the device after it is marked clean, userspace can not make that
86  * assertion.
87  *
88  * CXL_MBOX_OP_[GET_]SCAN_MEDIA: The kernel provides a native error list that
89  * is kept up to date with patrol notifications and error management.
90  */
91 static u16 cxl_disabled_raw_commands[] = {
92 	CXL_MBOX_OP_ACTIVATE_FW,
93 	CXL_MBOX_OP_SET_PARTITION_INFO,
94 	CXL_MBOX_OP_SET_LSA,
95 	CXL_MBOX_OP_SET_SHUTDOWN_STATE,
96 	CXL_MBOX_OP_SCAN_MEDIA,
97 	CXL_MBOX_OP_GET_SCAN_MEDIA,
98 };
99 
100 /*
101  * Command sets that RAW doesn't permit. All opcodes in this set are
102  * disabled because they pass plain text security payloads over the
103  * user/kernel boundary. This functionality is intended to be wrapped
104  * behind the keys ABI which allows for encrypted payloads in the UAPI
105  */
106 static u8 security_command_sets[] = {
107 	0x44, /* Sanitize */
108 	0x45, /* Persistent Memory Data-at-rest Security */
109 	0x46, /* Security Passthrough */
110 };
111 
112 static bool cxl_is_security_command(u16 opcode)
113 {
114 	int i;
115 
116 	for (i = 0; i < ARRAY_SIZE(security_command_sets); i++)
117 		if (security_command_sets[i] == (opcode >> 8))
118 			return true;
119 	return false;
120 }
121 
122 static struct cxl_mem_command *cxl_mem_find_command(u16 opcode)
123 {
124 	struct cxl_mem_command *c;
125 
126 	cxl_for_each_cmd(c)
127 		if (c->opcode == opcode)
128 			return c;
129 
130 	return NULL;
131 }
132 
133 static const char *cxl_mem_opcode_to_name(u16 opcode)
134 {
135 	struct cxl_mem_command *c;
136 
137 	c = cxl_mem_find_command(opcode);
138 	if (!c)
139 		return NULL;
140 
141 	return cxl_command_names[c->info.id].name;
142 }
143 
144 /**
145  * cxl_internal_send_cmd() - Kernel internal interface to send a mailbox command
146  * @cxlds: The device data for the operation
147  * @mbox_cmd: initialized command to execute
148  *
149  * Context: Any context.
150  * Return:
151  *  * %>=0	- Number of bytes returned in @out.
152  *  * %-E2BIG	- Payload is too large for hardware.
153  *  * %-EBUSY	- Couldn't acquire exclusive mailbox access.
154  *  * %-EFAULT	- Hardware error occurred.
155  *  * %-ENXIO	- Command completed, but device reported an error.
156  *  * %-EIO	- Unexpected output size.
157  *
158  * Mailbox commands may execute successfully yet the device itself reported an
159  * error. While this distinction can be useful for commands from userspace, the
160  * kernel will only be able to use results when both are successful.
161  */
162 int cxl_internal_send_cmd(struct cxl_dev_state *cxlds,
163 			  struct cxl_mbox_cmd *mbox_cmd)
164 {
165 	size_t out_size, min_out;
166 	int rc;
167 
168 	if (mbox_cmd->size_in > cxlds->payload_size ||
169 	    mbox_cmd->size_out > cxlds->payload_size)
170 		return -E2BIG;
171 
172 	out_size = mbox_cmd->size_out;
173 	min_out = mbox_cmd->min_out;
174 	rc = cxlds->mbox_send(cxlds, mbox_cmd);
175 	/*
176 	 * EIO is reserved for a payload size mismatch and mbox_send()
177 	 * may not return this error.
178 	 */
179 	if (WARN_ONCE(rc == -EIO, "Bad return code: -EIO"))
180 		return -ENXIO;
181 	if (rc)
182 		return rc;
183 
184 	if (mbox_cmd->return_code != CXL_MBOX_CMD_RC_SUCCESS)
185 		return cxl_mbox_cmd_rc2errno(mbox_cmd);
186 
187 	if (!out_size)
188 		return 0;
189 
190 	/*
191 	 * Variable sized output needs to at least satisfy the caller's
192 	 * minimum if not the fully requested size.
193 	 */
194 	if (min_out == 0)
195 		min_out = out_size;
196 
197 	if (mbox_cmd->size_out < min_out)
198 		return -EIO;
199 	return 0;
200 }
201 EXPORT_SYMBOL_NS_GPL(cxl_internal_send_cmd, CXL);
202 
203 static bool cxl_mem_raw_command_allowed(u16 opcode)
204 {
205 	int i;
206 
207 	if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
208 		return false;
209 
210 	if (security_locked_down(LOCKDOWN_PCI_ACCESS))
211 		return false;
212 
213 	if (cxl_raw_allow_all)
214 		return true;
215 
216 	if (cxl_is_security_command(opcode))
217 		return false;
218 
219 	for (i = 0; i < ARRAY_SIZE(cxl_disabled_raw_commands); i++)
220 		if (cxl_disabled_raw_commands[i] == opcode)
221 			return false;
222 
223 	return true;
224 }
225 
226 /**
227  * cxl_payload_from_user_allowed() - Check contents of in_payload.
228  * @opcode: The mailbox command opcode.
229  * @payload_in: Pointer to the input payload passed in from user space.
230  *
231  * Return:
232  *  * true	- payload_in passes check for @opcode.
233  *  * false	- payload_in contains invalid or unsupported values.
234  *
235  * The driver may inspect payload contents before sending a mailbox
236  * command from user space to the device. The intent is to reject
237  * commands with input payloads that are known to be unsafe. This
238  * check is not intended to replace the users careful selection of
239  * mailbox command parameters and makes no guarantee that the user
240  * command will succeed, nor that it is appropriate.
241  *
242  * The specific checks are determined by the opcode.
243  */
244 static bool cxl_payload_from_user_allowed(u16 opcode, void *payload_in)
245 {
246 	switch (opcode) {
247 	case CXL_MBOX_OP_SET_PARTITION_INFO: {
248 		struct cxl_mbox_set_partition_info *pi = payload_in;
249 
250 		if (pi->flags & CXL_SET_PARTITION_IMMEDIATE_FLAG)
251 			return false;
252 		break;
253 	}
254 	default:
255 		break;
256 	}
257 	return true;
258 }
259 
260 static int cxl_mbox_cmd_ctor(struct cxl_mbox_cmd *mbox,
261 			     struct cxl_dev_state *cxlds, u16 opcode,
262 			     size_t in_size, size_t out_size, u64 in_payload)
263 {
264 	*mbox = (struct cxl_mbox_cmd) {
265 		.opcode = opcode,
266 		.size_in = in_size,
267 	};
268 
269 	if (in_size) {
270 		mbox->payload_in = vmemdup_user(u64_to_user_ptr(in_payload),
271 						in_size);
272 		if (IS_ERR(mbox->payload_in))
273 			return PTR_ERR(mbox->payload_in);
274 
275 		if (!cxl_payload_from_user_allowed(opcode, mbox->payload_in)) {
276 			dev_dbg(cxlds->dev, "%s: input payload not allowed\n",
277 				cxl_mem_opcode_to_name(opcode));
278 			kvfree(mbox->payload_in);
279 			return -EBUSY;
280 		}
281 	}
282 
283 	/* Prepare to handle a full payload for variable sized output */
284 	if (out_size == CXL_VARIABLE_PAYLOAD)
285 		mbox->size_out = cxlds->payload_size;
286 	else
287 		mbox->size_out = out_size;
288 
289 	if (mbox->size_out) {
290 		mbox->payload_out = kvzalloc(mbox->size_out, GFP_KERNEL);
291 		if (!mbox->payload_out) {
292 			kvfree(mbox->payload_in);
293 			return -ENOMEM;
294 		}
295 	}
296 	return 0;
297 }
298 
299 static void cxl_mbox_cmd_dtor(struct cxl_mbox_cmd *mbox)
300 {
301 	kvfree(mbox->payload_in);
302 	kvfree(mbox->payload_out);
303 }
304 
305 static int cxl_to_mem_cmd_raw(struct cxl_mem_command *mem_cmd,
306 			      const struct cxl_send_command *send_cmd,
307 			      struct cxl_dev_state *cxlds)
308 {
309 	if (send_cmd->raw.rsvd)
310 		return -EINVAL;
311 
312 	/*
313 	 * Unlike supported commands, the output size of RAW commands
314 	 * gets passed along without further checking, so it must be
315 	 * validated here.
316 	 */
317 	if (send_cmd->out.size > cxlds->payload_size)
318 		return -EINVAL;
319 
320 	if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode))
321 		return -EPERM;
322 
323 	dev_WARN_ONCE(cxlds->dev, true, "raw command path used\n");
324 
325 	*mem_cmd = (struct cxl_mem_command) {
326 		.info = {
327 			.id = CXL_MEM_COMMAND_ID_RAW,
328 			.size_in = send_cmd->in.size,
329 			.size_out = send_cmd->out.size,
330 		},
331 		.opcode = send_cmd->raw.opcode
332 	};
333 
334 	return 0;
335 }
336 
337 static int cxl_to_mem_cmd(struct cxl_mem_command *mem_cmd,
338 			  const struct cxl_send_command *send_cmd,
339 			  struct cxl_dev_state *cxlds)
340 {
341 	struct cxl_mem_command *c = &cxl_mem_commands[send_cmd->id];
342 	const struct cxl_command_info *info = &c->info;
343 
344 	if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK)
345 		return -EINVAL;
346 
347 	if (send_cmd->rsvd)
348 		return -EINVAL;
349 
350 	if (send_cmd->in.rsvd || send_cmd->out.rsvd)
351 		return -EINVAL;
352 
353 	/* Check that the command is enabled for hardware */
354 	if (!test_bit(info->id, cxlds->enabled_cmds))
355 		return -ENOTTY;
356 
357 	/* Check that the command is not claimed for exclusive kernel use */
358 	if (test_bit(info->id, cxlds->exclusive_cmds))
359 		return -EBUSY;
360 
361 	/* Check the input buffer is the expected size */
362 	if ((info->size_in != CXL_VARIABLE_PAYLOAD) &&
363 	    (info->size_in != send_cmd->in.size))
364 		return -ENOMEM;
365 
366 	/* Check the output buffer is at least large enough */
367 	if ((info->size_out != CXL_VARIABLE_PAYLOAD) &&
368 	    (send_cmd->out.size < info->size_out))
369 		return -ENOMEM;
370 
371 	*mem_cmd = (struct cxl_mem_command) {
372 		.info = {
373 			.id = info->id,
374 			.flags = info->flags,
375 			.size_in = send_cmd->in.size,
376 			.size_out = send_cmd->out.size,
377 		},
378 		.opcode = c->opcode
379 	};
380 
381 	return 0;
382 }
383 
384 /**
385  * cxl_validate_cmd_from_user() - Check fields for CXL_MEM_SEND_COMMAND.
386  * @mbox_cmd: Sanitized and populated &struct cxl_mbox_cmd.
387  * @cxlds: The device data for the operation
388  * @send_cmd: &struct cxl_send_command copied in from userspace.
389  *
390  * Return:
391  *  * %0	- @out_cmd is ready to send.
392  *  * %-ENOTTY	- Invalid command specified.
393  *  * %-EINVAL	- Reserved fields or invalid values were used.
394  *  * %-ENOMEM	- Input or output buffer wasn't sized properly.
395  *  * %-EPERM	- Attempted to use a protected command.
396  *  * %-EBUSY	- Kernel has claimed exclusive access to this opcode
397  *
398  * The result of this command is a fully validated command in @mbox_cmd that is
399  * safe to send to the hardware.
400  */
401 static int cxl_validate_cmd_from_user(struct cxl_mbox_cmd *mbox_cmd,
402 				      struct cxl_dev_state *cxlds,
403 				      const struct cxl_send_command *send_cmd)
404 {
405 	struct cxl_mem_command mem_cmd;
406 	int rc;
407 
408 	if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX)
409 		return -ENOTTY;
410 
411 	/*
412 	 * The user can never specify an input payload larger than what hardware
413 	 * supports, but output can be arbitrarily large (simply write out as
414 	 * much data as the hardware provides).
415 	 */
416 	if (send_cmd->in.size > cxlds->payload_size)
417 		return -EINVAL;
418 
419 	/* Sanitize and construct a cxl_mem_command */
420 	if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW)
421 		rc = cxl_to_mem_cmd_raw(&mem_cmd, send_cmd, cxlds);
422 	else
423 		rc = cxl_to_mem_cmd(&mem_cmd, send_cmd, cxlds);
424 
425 	if (rc)
426 		return rc;
427 
428 	/* Sanitize and construct a cxl_mbox_cmd */
429 	return cxl_mbox_cmd_ctor(mbox_cmd, cxlds, mem_cmd.opcode,
430 				 mem_cmd.info.size_in, mem_cmd.info.size_out,
431 				 send_cmd->in.payload);
432 }
433 
434 int cxl_query_cmd(struct cxl_memdev *cxlmd,
435 		  struct cxl_mem_query_commands __user *q)
436 {
437 	struct device *dev = &cxlmd->dev;
438 	struct cxl_mem_command *cmd;
439 	u32 n_commands;
440 	int j = 0;
441 
442 	dev_dbg(dev, "Query IOCTL\n");
443 
444 	if (get_user(n_commands, &q->n_commands))
445 		return -EFAULT;
446 
447 	/* returns the total number if 0 elements are requested. */
448 	if (n_commands == 0)
449 		return put_user(ARRAY_SIZE(cxl_mem_commands), &q->n_commands);
450 
451 	/*
452 	 * otherwise, return max(n_commands, total commands) cxl_command_info
453 	 * structures.
454 	 */
455 	cxl_for_each_cmd(cmd) {
456 		struct cxl_command_info info = cmd->info;
457 
458 		if (test_bit(info.id, cxlmd->cxlds->enabled_cmds))
459 			info.flags |= CXL_MEM_COMMAND_FLAG_ENABLED;
460 		if (test_bit(info.id, cxlmd->cxlds->exclusive_cmds))
461 			info.flags |= CXL_MEM_COMMAND_FLAG_EXCLUSIVE;
462 
463 		if (copy_to_user(&q->commands[j++], &info, sizeof(info)))
464 			return -EFAULT;
465 
466 		if (j == n_commands)
467 			break;
468 	}
469 
470 	return 0;
471 }
472 
473 /**
474  * handle_mailbox_cmd_from_user() - Dispatch a mailbox command for userspace.
475  * @cxlds: The device data for the operation
476  * @mbox_cmd: The validated mailbox command.
477  * @out_payload: Pointer to userspace's output payload.
478  * @size_out: (Input) Max payload size to copy out.
479  *            (Output) Payload size hardware generated.
480  * @retval: Hardware generated return code from the operation.
481  *
482  * Return:
483  *  * %0	- Mailbox transaction succeeded. This implies the mailbox
484  *		  protocol completed successfully not that the operation itself
485  *		  was successful.
486  *  * %-ENOMEM  - Couldn't allocate a bounce buffer.
487  *  * %-EFAULT	- Something happened with copy_to/from_user.
488  *  * %-EINTR	- Mailbox acquisition interrupted.
489  *  * %-EXXX	- Transaction level failures.
490  *
491  * Dispatches a mailbox command on behalf of a userspace request.
492  * The output payload is copied to userspace.
493  *
494  * See cxl_send_cmd().
495  */
496 static int handle_mailbox_cmd_from_user(struct cxl_dev_state *cxlds,
497 					struct cxl_mbox_cmd *mbox_cmd,
498 					u64 out_payload, s32 *size_out,
499 					u32 *retval)
500 {
501 	struct device *dev = cxlds->dev;
502 	int rc;
503 
504 	dev_dbg(dev,
505 		"Submitting %s command for user\n"
506 		"\topcode: %x\n"
507 		"\tsize: %zx\n",
508 		cxl_mem_opcode_to_name(mbox_cmd->opcode),
509 		mbox_cmd->opcode, mbox_cmd->size_in);
510 
511 	rc = cxlds->mbox_send(cxlds, mbox_cmd);
512 	if (rc)
513 		goto out;
514 
515 	/*
516 	 * @size_out contains the max size that's allowed to be written back out
517 	 * to userspace. While the payload may have written more output than
518 	 * this it will have to be ignored.
519 	 */
520 	if (mbox_cmd->size_out) {
521 		dev_WARN_ONCE(dev, mbox_cmd->size_out > *size_out,
522 			      "Invalid return size\n");
523 		if (copy_to_user(u64_to_user_ptr(out_payload),
524 				 mbox_cmd->payload_out, mbox_cmd->size_out)) {
525 			rc = -EFAULT;
526 			goto out;
527 		}
528 	}
529 
530 	*size_out = mbox_cmd->size_out;
531 	*retval = mbox_cmd->return_code;
532 
533 out:
534 	cxl_mbox_cmd_dtor(mbox_cmd);
535 	return rc;
536 }
537 
538 int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s)
539 {
540 	struct cxl_dev_state *cxlds = cxlmd->cxlds;
541 	struct device *dev = &cxlmd->dev;
542 	struct cxl_send_command send;
543 	struct cxl_mbox_cmd mbox_cmd;
544 	int rc;
545 
546 	dev_dbg(dev, "Send IOCTL\n");
547 
548 	if (copy_from_user(&send, s, sizeof(send)))
549 		return -EFAULT;
550 
551 	rc = cxl_validate_cmd_from_user(&mbox_cmd, cxlmd->cxlds, &send);
552 	if (rc)
553 		return rc;
554 
555 	rc = handle_mailbox_cmd_from_user(cxlds, &mbox_cmd, send.out.payload,
556 					  &send.out.size, &send.retval);
557 	if (rc)
558 		return rc;
559 
560 	if (copy_to_user(s, &send, sizeof(send)))
561 		return -EFAULT;
562 
563 	return 0;
564 }
565 
566 static int cxl_xfer_log(struct cxl_dev_state *cxlds, uuid_t *uuid, u32 *size, u8 *out)
567 {
568 	u32 remaining = *size;
569 	u32 offset = 0;
570 
571 	while (remaining) {
572 		u32 xfer_size = min_t(u32, remaining, cxlds->payload_size);
573 		struct cxl_mbox_cmd mbox_cmd;
574 		struct cxl_mbox_get_log log;
575 		int rc;
576 
577 		log = (struct cxl_mbox_get_log) {
578 			.uuid = *uuid,
579 			.offset = cpu_to_le32(offset),
580 			.length = cpu_to_le32(xfer_size),
581 		};
582 
583 		mbox_cmd = (struct cxl_mbox_cmd) {
584 			.opcode = CXL_MBOX_OP_GET_LOG,
585 			.size_in = sizeof(log),
586 			.payload_in = &log,
587 			.size_out = xfer_size,
588 			.payload_out = out,
589 		};
590 
591 		rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
592 
593 		/*
594 		 * The output payload length that indicates the number
595 		 * of valid bytes can be smaller than the Log buffer
596 		 * size.
597 		 */
598 		if (rc == -EIO && mbox_cmd.size_out < xfer_size) {
599 			offset += mbox_cmd.size_out;
600 			break;
601 		}
602 
603 		if (rc < 0)
604 			return rc;
605 
606 		out += xfer_size;
607 		remaining -= xfer_size;
608 		offset += xfer_size;
609 	}
610 
611 	*size = offset;
612 
613 	return 0;
614 }
615 
616 /**
617  * cxl_walk_cel() - Walk through the Command Effects Log.
618  * @cxlds: The device data for the operation
619  * @size: Length of the Command Effects Log.
620  * @cel: CEL
621  *
622  * Iterate over each entry in the CEL and determine if the driver supports the
623  * command. If so, the command is enabled for the device and can be used later.
624  */
625 static void cxl_walk_cel(struct cxl_dev_state *cxlds, size_t size, u8 *cel)
626 {
627 	struct cxl_cel_entry *cel_entry;
628 	const int cel_entries = size / sizeof(*cel_entry);
629 	int i;
630 
631 	cel_entry = (struct cxl_cel_entry *) cel;
632 
633 	for (i = 0; i < cel_entries; i++) {
634 		u16 opcode = le16_to_cpu(cel_entry[i].opcode);
635 		struct cxl_mem_command *cmd = cxl_mem_find_command(opcode);
636 
637 		if (!cmd) {
638 			dev_dbg(cxlds->dev,
639 				"Opcode 0x%04x unsupported by driver\n", opcode);
640 			continue;
641 		}
642 
643 		set_bit(cmd->info.id, cxlds->enabled_cmds);
644 		dev_dbg(cxlds->dev, "Opcode 0x%04x enabled\n", opcode);
645 	}
646 }
647 
648 static struct cxl_mbox_get_supported_logs *cxl_get_gsl(struct cxl_dev_state *cxlds)
649 {
650 	struct cxl_mbox_get_supported_logs *ret;
651 	struct cxl_mbox_cmd mbox_cmd;
652 	int rc;
653 
654 	ret = kvmalloc(cxlds->payload_size, GFP_KERNEL);
655 	if (!ret)
656 		return ERR_PTR(-ENOMEM);
657 
658 	mbox_cmd = (struct cxl_mbox_cmd) {
659 		.opcode = CXL_MBOX_OP_GET_SUPPORTED_LOGS,
660 		.size_out = cxlds->payload_size,
661 		.payload_out = ret,
662 		/* At least the record number field must be valid */
663 		.min_out = 2,
664 	};
665 	rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
666 	if (rc < 0) {
667 		kvfree(ret);
668 		return ERR_PTR(rc);
669 	}
670 
671 
672 	return ret;
673 }
674 
675 enum {
676 	CEL_UUID,
677 	VENDOR_DEBUG_UUID,
678 };
679 
680 /* See CXL 2.0 Table 170. Get Log Input Payload */
681 static const uuid_t log_uuid[] = {
682 	[CEL_UUID] = DEFINE_CXL_CEL_UUID,
683 	[VENDOR_DEBUG_UUID] = DEFINE_CXL_VENDOR_DEBUG_UUID,
684 };
685 
686 /**
687  * cxl_enumerate_cmds() - Enumerate commands for a device.
688  * @cxlds: The device data for the operation
689  *
690  * Returns 0 if enumerate completed successfully.
691  *
692  * CXL devices have optional support for certain commands. This function will
693  * determine the set of supported commands for the hardware and update the
694  * enabled_cmds bitmap in the @cxlds.
695  */
696 int cxl_enumerate_cmds(struct cxl_dev_state *cxlds)
697 {
698 	struct cxl_mbox_get_supported_logs *gsl;
699 	struct device *dev = cxlds->dev;
700 	struct cxl_mem_command *cmd;
701 	int i, rc;
702 
703 	gsl = cxl_get_gsl(cxlds);
704 	if (IS_ERR(gsl))
705 		return PTR_ERR(gsl);
706 
707 	rc = -ENOENT;
708 	for (i = 0; i < le16_to_cpu(gsl->entries); i++) {
709 		u32 size = le32_to_cpu(gsl->entry[i].size);
710 		uuid_t uuid = gsl->entry[i].uuid;
711 		u8 *log;
712 
713 		dev_dbg(dev, "Found LOG type %pU of size %d", &uuid, size);
714 
715 		if (!uuid_equal(&uuid, &log_uuid[CEL_UUID]))
716 			continue;
717 
718 		log = kvmalloc(size, GFP_KERNEL);
719 		if (!log) {
720 			rc = -ENOMEM;
721 			goto out;
722 		}
723 
724 		rc = cxl_xfer_log(cxlds, &uuid, &size, log);
725 		if (rc) {
726 			kvfree(log);
727 			goto out;
728 		}
729 
730 		cxl_walk_cel(cxlds, size, log);
731 		kvfree(log);
732 
733 		/* In case CEL was bogus, enable some default commands. */
734 		cxl_for_each_cmd(cmd)
735 			if (cmd->flags & CXL_CMD_FLAG_FORCE_ENABLE)
736 				set_bit(cmd->info.id, cxlds->enabled_cmds);
737 
738 		/* Found the required CEL */
739 		rc = 0;
740 	}
741 out:
742 	kvfree(gsl);
743 	return rc;
744 }
745 EXPORT_SYMBOL_NS_GPL(cxl_enumerate_cmds, CXL);
746 
747 /*
748  * General Media Event Record
749  * CXL rev 3.0 Section 8.2.9.2.1.1; Table 8-43
750  */
751 static const uuid_t gen_media_event_uuid =
752 	UUID_INIT(0xfbcd0a77, 0xc260, 0x417f,
753 		  0x85, 0xa9, 0x08, 0x8b, 0x16, 0x21, 0xeb, 0xa6);
754 
755 /*
756  * DRAM Event Record
757  * CXL rev 3.0 section 8.2.9.2.1.2; Table 8-44
758  */
759 static const uuid_t dram_event_uuid =
760 	UUID_INIT(0x601dcbb3, 0x9c06, 0x4eab,
761 		  0xb8, 0xaf, 0x4e, 0x9b, 0xfb, 0x5c, 0x96, 0x24);
762 
763 /*
764  * Memory Module Event Record
765  * CXL rev 3.0 section 8.2.9.2.1.3; Table 8-45
766  */
767 static const uuid_t mem_mod_event_uuid =
768 	UUID_INIT(0xfe927475, 0xdd59, 0x4339,
769 		  0xa5, 0x86, 0x79, 0xba, 0xb1, 0x13, 0xb7, 0x74);
770 
771 static void cxl_event_trace_record(const struct cxl_memdev *cxlmd,
772 				   enum cxl_event_log_type type,
773 				   struct cxl_event_record_raw *record)
774 {
775 	uuid_t *id = &record->hdr.id;
776 
777 	if (uuid_equal(id, &gen_media_event_uuid)) {
778 		struct cxl_event_gen_media *rec =
779 				(struct cxl_event_gen_media *)record;
780 
781 		trace_cxl_general_media(cxlmd, type, rec);
782 	} else if (uuid_equal(id, &dram_event_uuid)) {
783 		struct cxl_event_dram *rec = (struct cxl_event_dram *)record;
784 
785 		trace_cxl_dram(cxlmd, type, rec);
786 	} else if (uuid_equal(id, &mem_mod_event_uuid)) {
787 		struct cxl_event_mem_module *rec =
788 				(struct cxl_event_mem_module *)record;
789 
790 		trace_cxl_memory_module(cxlmd, type, rec);
791 	} else {
792 		/* For unknown record types print just the header */
793 		trace_cxl_generic_event(cxlmd, type, record);
794 	}
795 }
796 
797 static int cxl_clear_event_record(struct cxl_dev_state *cxlds,
798 				  enum cxl_event_log_type log,
799 				  struct cxl_get_event_payload *get_pl)
800 {
801 	struct cxl_mbox_clear_event_payload *payload;
802 	u16 total = le16_to_cpu(get_pl->record_count);
803 	u8 max_handles = CXL_CLEAR_EVENT_MAX_HANDLES;
804 	size_t pl_size = struct_size(payload, handles, max_handles);
805 	struct cxl_mbox_cmd mbox_cmd;
806 	u16 cnt;
807 	int rc = 0;
808 	int i;
809 
810 	/* Payload size may limit the max handles */
811 	if (pl_size > cxlds->payload_size) {
812 		max_handles = (cxlds->payload_size - sizeof(*payload)) /
813 				sizeof(__le16);
814 		pl_size = struct_size(payload, handles, max_handles);
815 	}
816 
817 	payload = kvzalloc(pl_size, GFP_KERNEL);
818 	if (!payload)
819 		return -ENOMEM;
820 
821 	*payload = (struct cxl_mbox_clear_event_payload) {
822 		.event_log = log,
823 	};
824 
825 	mbox_cmd = (struct cxl_mbox_cmd) {
826 		.opcode = CXL_MBOX_OP_CLEAR_EVENT_RECORD,
827 		.payload_in = payload,
828 		.size_in = pl_size,
829 	};
830 
831 	/*
832 	 * Clear Event Records uses u8 for the handle cnt while Get Event
833 	 * Record can return up to 0xffff records.
834 	 */
835 	i = 0;
836 	for (cnt = 0; cnt < total; cnt++) {
837 		payload->handles[i++] = get_pl->records[cnt].hdr.handle;
838 		dev_dbg(cxlds->dev, "Event log '%d': Clearing %u\n",
839 			log, le16_to_cpu(payload->handles[i]));
840 
841 		if (i == max_handles) {
842 			payload->nr_recs = i;
843 			rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
844 			if (rc)
845 				goto free_pl;
846 			i = 0;
847 		}
848 	}
849 
850 	/* Clear what is left if any */
851 	if (i) {
852 		payload->nr_recs = i;
853 		mbox_cmd.size_in = struct_size(payload, handles, i);
854 		rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
855 		if (rc)
856 			goto free_pl;
857 	}
858 
859 free_pl:
860 	kvfree(payload);
861 	return rc;
862 }
863 
864 static void cxl_mem_get_records_log(struct cxl_dev_state *cxlds,
865 				    enum cxl_event_log_type type)
866 {
867 	struct cxl_get_event_payload *payload;
868 	struct cxl_mbox_cmd mbox_cmd;
869 	u8 log_type = type;
870 	u16 nr_rec;
871 
872 	mutex_lock(&cxlds->event.log_lock);
873 	payload = cxlds->event.buf;
874 
875 	mbox_cmd = (struct cxl_mbox_cmd) {
876 		.opcode = CXL_MBOX_OP_GET_EVENT_RECORD,
877 		.payload_in = &log_type,
878 		.size_in = sizeof(log_type),
879 		.payload_out = payload,
880 		.size_out = cxlds->payload_size,
881 		.min_out = struct_size(payload, records, 0),
882 	};
883 
884 	do {
885 		int rc, i;
886 
887 		rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
888 		if (rc) {
889 			dev_err_ratelimited(cxlds->dev,
890 				"Event log '%d': Failed to query event records : %d",
891 				type, rc);
892 			break;
893 		}
894 
895 		nr_rec = le16_to_cpu(payload->record_count);
896 		if (!nr_rec)
897 			break;
898 
899 		for (i = 0; i < nr_rec; i++)
900 			cxl_event_trace_record(cxlds->cxlmd, type,
901 					       &payload->records[i]);
902 
903 		if (payload->flags & CXL_GET_EVENT_FLAG_OVERFLOW)
904 			trace_cxl_overflow(cxlds->cxlmd, type, payload);
905 
906 		rc = cxl_clear_event_record(cxlds, type, payload);
907 		if (rc) {
908 			dev_err_ratelimited(cxlds->dev,
909 				"Event log '%d': Failed to clear events : %d",
910 				type, rc);
911 			break;
912 		}
913 	} while (nr_rec);
914 
915 	mutex_unlock(&cxlds->event.log_lock);
916 }
917 
918 /**
919  * cxl_mem_get_event_records - Get Event Records from the device
920  * @cxlds: The device data for the operation
921  * @status: Event Status register value identifying which events are available.
922  *
923  * Retrieve all event records available on the device, report them as trace
924  * events, and clear them.
925  *
926  * See CXL rev 3.0 @8.2.9.2.2 Get Event Records
927  * See CXL rev 3.0 @8.2.9.2.3 Clear Event Records
928  */
929 void cxl_mem_get_event_records(struct cxl_dev_state *cxlds, u32 status)
930 {
931 	dev_dbg(cxlds->dev, "Reading event logs: %x\n", status);
932 
933 	if (status & CXLDEV_EVENT_STATUS_FATAL)
934 		cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_FATAL);
935 	if (status & CXLDEV_EVENT_STATUS_FAIL)
936 		cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_FAIL);
937 	if (status & CXLDEV_EVENT_STATUS_WARN)
938 		cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_WARN);
939 	if (status & CXLDEV_EVENT_STATUS_INFO)
940 		cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_INFO);
941 }
942 EXPORT_SYMBOL_NS_GPL(cxl_mem_get_event_records, CXL);
943 
944 /**
945  * cxl_mem_get_partition_info - Get partition info
946  * @cxlds: The device data for the operation
947  *
948  * Retrieve the current partition info for the device specified.  The active
949  * values are the current capacity in bytes.  If not 0, the 'next' values are
950  * the pending values, in bytes, which take affect on next cold reset.
951  *
952  * Return: 0 if no error: or the result of the mailbox command.
953  *
954  * See CXL @8.2.9.5.2.1 Get Partition Info
955  */
956 static int cxl_mem_get_partition_info(struct cxl_dev_state *cxlds)
957 {
958 	struct cxl_mbox_get_partition_info pi;
959 	struct cxl_mbox_cmd mbox_cmd;
960 	int rc;
961 
962 	mbox_cmd = (struct cxl_mbox_cmd) {
963 		.opcode = CXL_MBOX_OP_GET_PARTITION_INFO,
964 		.size_out = sizeof(pi),
965 		.payload_out = &pi,
966 	};
967 	rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
968 	if (rc)
969 		return rc;
970 
971 	cxlds->active_volatile_bytes =
972 		le64_to_cpu(pi.active_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
973 	cxlds->active_persistent_bytes =
974 		le64_to_cpu(pi.active_persistent_cap) * CXL_CAPACITY_MULTIPLIER;
975 	cxlds->next_volatile_bytes =
976 		le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
977 	cxlds->next_persistent_bytes =
978 		le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
979 
980 	return 0;
981 }
982 
983 /**
984  * cxl_dev_state_identify() - Send the IDENTIFY command to the device.
985  * @cxlds: The device data for the operation
986  *
987  * Return: 0 if identify was executed successfully.
988  *
989  * This will dispatch the identify command to the device and on success populate
990  * structures to be exported to sysfs.
991  */
992 int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
993 {
994 	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
995 	struct cxl_mbox_identify id;
996 	struct cxl_mbox_cmd mbox_cmd;
997 	int rc;
998 
999 	mbox_cmd = (struct cxl_mbox_cmd) {
1000 		.opcode = CXL_MBOX_OP_IDENTIFY,
1001 		.size_out = sizeof(id),
1002 		.payload_out = &id,
1003 	};
1004 	rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
1005 	if (rc < 0)
1006 		return rc;
1007 
1008 	cxlds->total_bytes =
1009 		le64_to_cpu(id.total_capacity) * CXL_CAPACITY_MULTIPLIER;
1010 	cxlds->volatile_only_bytes =
1011 		le64_to_cpu(id.volatile_capacity) * CXL_CAPACITY_MULTIPLIER;
1012 	cxlds->persistent_only_bytes =
1013 		le64_to_cpu(id.persistent_capacity) * CXL_CAPACITY_MULTIPLIER;
1014 	cxlds->partition_align_bytes =
1015 		le64_to_cpu(id.partition_align) * CXL_CAPACITY_MULTIPLIER;
1016 
1017 	cxlds->lsa_size = le32_to_cpu(id.lsa_size);
1018 	memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
1019 
1020 	return 0;
1021 }
1022 EXPORT_SYMBOL_NS_GPL(cxl_dev_state_identify, CXL);
1023 
1024 static int add_dpa_res(struct device *dev, struct resource *parent,
1025 		       struct resource *res, resource_size_t start,
1026 		       resource_size_t size, const char *type)
1027 {
1028 	int rc;
1029 
1030 	res->name = type;
1031 	res->start = start;
1032 	res->end = start + size - 1;
1033 	res->flags = IORESOURCE_MEM;
1034 	if (resource_size(res) == 0) {
1035 		dev_dbg(dev, "DPA(%s): no capacity\n", res->name);
1036 		return 0;
1037 	}
1038 	rc = request_resource(parent, res);
1039 	if (rc) {
1040 		dev_err(dev, "DPA(%s): failed to track %pr (%d)\n", res->name,
1041 			res, rc);
1042 		return rc;
1043 	}
1044 
1045 	dev_dbg(dev, "DPA(%s): %pr\n", res->name, res);
1046 
1047 	return 0;
1048 }
1049 
1050 int cxl_mem_create_range_info(struct cxl_dev_state *cxlds)
1051 {
1052 	struct device *dev = cxlds->dev;
1053 	int rc;
1054 
1055 	cxlds->dpa_res =
1056 		(struct resource)DEFINE_RES_MEM(0, cxlds->total_bytes);
1057 
1058 	if (cxlds->partition_align_bytes == 0) {
1059 		rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1060 				 cxlds->volatile_only_bytes, "ram");
1061 		if (rc)
1062 			return rc;
1063 		return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1064 				   cxlds->volatile_only_bytes,
1065 				   cxlds->persistent_only_bytes, "pmem");
1066 	}
1067 
1068 	rc = cxl_mem_get_partition_info(cxlds);
1069 	if (rc) {
1070 		dev_err(dev, "Failed to query partition information\n");
1071 		return rc;
1072 	}
1073 
1074 	rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1075 			 cxlds->active_volatile_bytes, "ram");
1076 	if (rc)
1077 		return rc;
1078 	return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1079 			   cxlds->active_volatile_bytes,
1080 			   cxlds->active_persistent_bytes, "pmem");
1081 }
1082 EXPORT_SYMBOL_NS_GPL(cxl_mem_create_range_info, CXL);
1083 
1084 int cxl_set_timestamp(struct cxl_dev_state *cxlds)
1085 {
1086 	struct cxl_mbox_cmd mbox_cmd;
1087 	struct cxl_mbox_set_timestamp_in pi;
1088 	int rc;
1089 
1090 	pi.timestamp = cpu_to_le64(ktime_get_real_ns());
1091 	mbox_cmd = (struct cxl_mbox_cmd) {
1092 		.opcode = CXL_MBOX_OP_SET_TIMESTAMP,
1093 		.size_in = sizeof(pi),
1094 		.payload_in = &pi,
1095 	};
1096 
1097 	rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
1098 	/*
1099 	 * Command is optional. Devices may have another way of providing
1100 	 * a timestamp, or may return all 0s in timestamp fields.
1101 	 * Don't report an error if this command isn't supported
1102 	 */
1103 	if (rc && (mbox_cmd.return_code != CXL_MBOX_CMD_RC_UNSUPPORTED))
1104 		return rc;
1105 
1106 	return 0;
1107 }
1108 EXPORT_SYMBOL_NS_GPL(cxl_set_timestamp, CXL);
1109 
1110 struct cxl_dev_state *cxl_dev_state_create(struct device *dev)
1111 {
1112 	struct cxl_dev_state *cxlds;
1113 
1114 	cxlds = devm_kzalloc(dev, sizeof(*cxlds), GFP_KERNEL);
1115 	if (!cxlds) {
1116 		dev_err(dev, "No memory available\n");
1117 		return ERR_PTR(-ENOMEM);
1118 	}
1119 
1120 	mutex_init(&cxlds->mbox_mutex);
1121 	mutex_init(&cxlds->event.log_lock);
1122 	cxlds->dev = dev;
1123 
1124 	return cxlds;
1125 }
1126 EXPORT_SYMBOL_NS_GPL(cxl_dev_state_create, CXL);
1127 
1128 void __init cxl_mbox_init(void)
1129 {
1130 	struct dentry *mbox_debugfs;
1131 
1132 	mbox_debugfs = cxl_debugfs_create_dir("mbox");
1133 	debugfs_create_bool("raw_allow_all", 0600, mbox_debugfs,
1134 			    &cxl_raw_allow_all);
1135 }
1136