xref: /openbmc/linux/drivers/cxl/core/mbox.c (revision 47aab53331effedd3f5a6136854bd1da011f94b6)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright(c) 2020 Intel Corporation. All rights reserved. */
3 #include <linux/security.h>
4 #include <linux/debugfs.h>
5 #include <linux/ktime.h>
6 #include <linux/mutex.h>
7 #include <asm/unaligned.h>
8 #include <cxlpci.h>
9 #include <cxlmem.h>
10 #include <cxl.h>
11 
12 #include "core.h"
13 #include "trace.h"
14 
15 static bool cxl_raw_allow_all;
16 
17 /**
18  * DOC: cxl mbox
19  *
20  * Core implementation of the CXL 2.0 Type-3 Memory Device Mailbox. The
21  * implementation is used by the cxl_pci driver to initialize the device
22  * and implement the cxl_mem.h IOCTL UAPI. It also implements the
23  * backend of the cxl_pmem_ctl() transport for LIBNVDIMM.
24  */
25 
26 #define cxl_for_each_cmd(cmd)                                                  \
27 	for ((cmd) = &cxl_mem_commands[0];                                     \
28 	     ((cmd) - cxl_mem_commands) < ARRAY_SIZE(cxl_mem_commands); (cmd)++)
29 
30 #define CXL_CMD(_id, sin, sout, _flags)                                        \
31 	[CXL_MEM_COMMAND_ID_##_id] = {                                         \
32 	.info =	{                                                              \
33 			.id = CXL_MEM_COMMAND_ID_##_id,                        \
34 			.size_in = sin,                                        \
35 			.size_out = sout,                                      \
36 		},                                                             \
37 	.opcode = CXL_MBOX_OP_##_id,                                           \
38 	.flags = _flags,                                                       \
39 	}
40 
41 #define CXL_VARIABLE_PAYLOAD	~0U
42 /*
43  * This table defines the supported mailbox commands for the driver. This table
44  * is made up of a UAPI structure. Non-negative values as parameters in the
45  * table will be validated against the user's input. For example, if size_in is
46  * 0, and the user passed in 1, it is an error.
47  */
48 static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
49 	CXL_CMD(IDENTIFY, 0, 0x43, CXL_CMD_FLAG_FORCE_ENABLE),
50 #ifdef CONFIG_CXL_MEM_RAW_COMMANDS
51 	CXL_CMD(RAW, CXL_VARIABLE_PAYLOAD, CXL_VARIABLE_PAYLOAD, 0),
52 #endif
53 	CXL_CMD(GET_SUPPORTED_LOGS, 0, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
54 	CXL_CMD(GET_FW_INFO, 0, 0x50, 0),
55 	CXL_CMD(GET_PARTITION_INFO, 0, 0x20, 0),
56 	CXL_CMD(GET_LSA, 0x8, CXL_VARIABLE_PAYLOAD, 0),
57 	CXL_CMD(GET_HEALTH_INFO, 0, 0x12, 0),
58 	CXL_CMD(GET_LOG, 0x18, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
59 	CXL_CMD(SET_PARTITION_INFO, 0x0a, 0, 0),
60 	CXL_CMD(SET_LSA, CXL_VARIABLE_PAYLOAD, 0, 0),
61 	CXL_CMD(GET_ALERT_CONFIG, 0, 0x10, 0),
62 	CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
63 	CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
64 	CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
65 	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
66 };
67 
68 /*
69  * Commands that RAW doesn't permit. The rationale for each:
70  *
71  * CXL_MBOX_OP_ACTIVATE_FW: Firmware activation requires adjustment /
72  * coordination of transaction timeout values at the root bridge level.
73  *
74  * CXL_MBOX_OP_SET_PARTITION_INFO: The device memory map may change live
75  * and needs to be coordinated with HDM updates.
76  *
77  * CXL_MBOX_OP_SET_LSA: The label storage area may be cached by the
78  * driver and any writes from userspace invalidates those contents.
79  *
80  * CXL_MBOX_OP_SET_SHUTDOWN_STATE: Set shutdown state assumes no writes
81  * to the device after it is marked clean, userspace can not make that
82  * assertion.
83  *
84  * CXL_MBOX_OP_[GET_]SCAN_MEDIA: The kernel provides a native error list that
85  * is kept up to date with patrol notifications and error management.
86  *
87  * CXL_MBOX_OP_[GET_,INJECT_,CLEAR_]POISON: These commands require kernel
88  * driver orchestration for safety.
89  */
90 static u16 cxl_disabled_raw_commands[] = {
91 	CXL_MBOX_OP_ACTIVATE_FW,
92 	CXL_MBOX_OP_SET_PARTITION_INFO,
93 	CXL_MBOX_OP_SET_LSA,
94 	CXL_MBOX_OP_SET_SHUTDOWN_STATE,
95 	CXL_MBOX_OP_SCAN_MEDIA,
96 	CXL_MBOX_OP_GET_SCAN_MEDIA,
97 	CXL_MBOX_OP_GET_POISON,
98 	CXL_MBOX_OP_INJECT_POISON,
99 	CXL_MBOX_OP_CLEAR_POISON,
100 };
101 
102 /*
103  * Command sets that RAW doesn't permit. All opcodes in this set are
104  * disabled because they pass plain text security payloads over the
105  * user/kernel boundary. This functionality is intended to be wrapped
106  * behind the keys ABI which allows for encrypted payloads in the UAPI
107  */
108 static u8 security_command_sets[] = {
109 	0x44, /* Sanitize */
110 	0x45, /* Persistent Memory Data-at-rest Security */
111 	0x46, /* Security Passthrough */
112 };
113 
114 static bool cxl_is_security_command(u16 opcode)
115 {
116 	int i;
117 
118 	for (i = 0; i < ARRAY_SIZE(security_command_sets); i++)
119 		if (security_command_sets[i] == (opcode >> 8))
120 			return true;
121 	return false;
122 }
123 
124 static bool cxl_is_poison_command(u16 opcode)
125 {
126 #define CXL_MBOX_OP_POISON_CMDS 0x43
127 
128 	if ((opcode >> 8) == CXL_MBOX_OP_POISON_CMDS)
129 		return true;
130 
131 	return false;
132 }
133 
134 static void cxl_set_poison_cmd_enabled(struct cxl_poison_state *poison,
135 				       u16 opcode)
136 {
137 	switch (opcode) {
138 	case CXL_MBOX_OP_GET_POISON:
139 		set_bit(CXL_POISON_ENABLED_LIST, poison->enabled_cmds);
140 		break;
141 	case CXL_MBOX_OP_INJECT_POISON:
142 		set_bit(CXL_POISON_ENABLED_INJECT, poison->enabled_cmds);
143 		break;
144 	case CXL_MBOX_OP_CLEAR_POISON:
145 		set_bit(CXL_POISON_ENABLED_CLEAR, poison->enabled_cmds);
146 		break;
147 	case CXL_MBOX_OP_GET_SCAN_MEDIA_CAPS:
148 		set_bit(CXL_POISON_ENABLED_SCAN_CAPS, poison->enabled_cmds);
149 		break;
150 	case CXL_MBOX_OP_SCAN_MEDIA:
151 		set_bit(CXL_POISON_ENABLED_SCAN_MEDIA, poison->enabled_cmds);
152 		break;
153 	case CXL_MBOX_OP_GET_SCAN_MEDIA:
154 		set_bit(CXL_POISON_ENABLED_SCAN_RESULTS, poison->enabled_cmds);
155 		break;
156 	default:
157 		break;
158 	}
159 }
160 
161 static struct cxl_mem_command *cxl_mem_find_command(u16 opcode)
162 {
163 	struct cxl_mem_command *c;
164 
165 	cxl_for_each_cmd(c)
166 		if (c->opcode == opcode)
167 			return c;
168 
169 	return NULL;
170 }
171 
172 static const char *cxl_mem_opcode_to_name(u16 opcode)
173 {
174 	struct cxl_mem_command *c;
175 
176 	c = cxl_mem_find_command(opcode);
177 	if (!c)
178 		return NULL;
179 
180 	return cxl_command_names[c->info.id].name;
181 }
182 
183 /**
184  * cxl_internal_send_cmd() - Kernel internal interface to send a mailbox command
185  * @mds: The driver data for the operation
186  * @mbox_cmd: initialized command to execute
187  *
188  * Context: Any context.
189  * Return:
190  *  * %>=0	- Number of bytes returned in @out.
191  *  * %-E2BIG	- Payload is too large for hardware.
192  *  * %-EBUSY	- Couldn't acquire exclusive mailbox access.
193  *  * %-EFAULT	- Hardware error occurred.
194  *  * %-ENXIO	- Command completed, but device reported an error.
195  *  * %-EIO	- Unexpected output size.
196  *
197  * Mailbox commands may execute successfully yet the device itself reported an
198  * error. While this distinction can be useful for commands from userspace, the
199  * kernel will only be able to use results when both are successful.
200  */
201 int cxl_internal_send_cmd(struct cxl_memdev_state *mds,
202 			  struct cxl_mbox_cmd *mbox_cmd)
203 {
204 	size_t out_size, min_out;
205 	int rc;
206 
207 	if (mbox_cmd->size_in > mds->payload_size ||
208 	    mbox_cmd->size_out > mds->payload_size)
209 		return -E2BIG;
210 
211 	out_size = mbox_cmd->size_out;
212 	min_out = mbox_cmd->min_out;
213 	rc = mds->mbox_send(mds, mbox_cmd);
214 	/*
215 	 * EIO is reserved for a payload size mismatch and mbox_send()
216 	 * may not return this error.
217 	 */
218 	if (WARN_ONCE(rc == -EIO, "Bad return code: -EIO"))
219 		return -ENXIO;
220 	if (rc)
221 		return rc;
222 
223 	if (mbox_cmd->return_code != CXL_MBOX_CMD_RC_SUCCESS &&
224 	    mbox_cmd->return_code != CXL_MBOX_CMD_RC_BACKGROUND)
225 		return cxl_mbox_cmd_rc2errno(mbox_cmd);
226 
227 	if (!out_size)
228 		return 0;
229 
230 	/*
231 	 * Variable sized output needs to at least satisfy the caller's
232 	 * minimum if not the fully requested size.
233 	 */
234 	if (min_out == 0)
235 		min_out = out_size;
236 
237 	if (mbox_cmd->size_out < min_out)
238 		return -EIO;
239 	return 0;
240 }
241 EXPORT_SYMBOL_NS_GPL(cxl_internal_send_cmd, CXL);
242 
243 static bool cxl_mem_raw_command_allowed(u16 opcode)
244 {
245 	int i;
246 
247 	if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
248 		return false;
249 
250 	if (security_locked_down(LOCKDOWN_PCI_ACCESS))
251 		return false;
252 
253 	if (cxl_raw_allow_all)
254 		return true;
255 
256 	if (cxl_is_security_command(opcode))
257 		return false;
258 
259 	for (i = 0; i < ARRAY_SIZE(cxl_disabled_raw_commands); i++)
260 		if (cxl_disabled_raw_commands[i] == opcode)
261 			return false;
262 
263 	return true;
264 }
265 
266 /**
267  * cxl_payload_from_user_allowed() - Check contents of in_payload.
268  * @opcode: The mailbox command opcode.
269  * @payload_in: Pointer to the input payload passed in from user space.
270  *
271  * Return:
272  *  * true	- payload_in passes check for @opcode.
273  *  * false	- payload_in contains invalid or unsupported values.
274  *
275  * The driver may inspect payload contents before sending a mailbox
276  * command from user space to the device. The intent is to reject
277  * commands with input payloads that are known to be unsafe. This
278  * check is not intended to replace the users careful selection of
279  * mailbox command parameters and makes no guarantee that the user
280  * command will succeed, nor that it is appropriate.
281  *
282  * The specific checks are determined by the opcode.
283  */
284 static bool cxl_payload_from_user_allowed(u16 opcode, void *payload_in)
285 {
286 	switch (opcode) {
287 	case CXL_MBOX_OP_SET_PARTITION_INFO: {
288 		struct cxl_mbox_set_partition_info *pi = payload_in;
289 
290 		if (pi->flags & CXL_SET_PARTITION_IMMEDIATE_FLAG)
291 			return false;
292 		break;
293 	}
294 	default:
295 		break;
296 	}
297 	return true;
298 }
299 
300 static int cxl_mbox_cmd_ctor(struct cxl_mbox_cmd *mbox,
301 			     struct cxl_memdev_state *mds, u16 opcode,
302 			     size_t in_size, size_t out_size, u64 in_payload)
303 {
304 	*mbox = (struct cxl_mbox_cmd) {
305 		.opcode = opcode,
306 		.size_in = in_size,
307 	};
308 
309 	if (in_size) {
310 		mbox->payload_in = vmemdup_user(u64_to_user_ptr(in_payload),
311 						in_size);
312 		if (IS_ERR(mbox->payload_in))
313 			return PTR_ERR(mbox->payload_in);
314 
315 		if (!cxl_payload_from_user_allowed(opcode, mbox->payload_in)) {
316 			dev_dbg(mds->cxlds.dev, "%s: input payload not allowed\n",
317 				cxl_mem_opcode_to_name(opcode));
318 			kvfree(mbox->payload_in);
319 			return -EBUSY;
320 		}
321 	}
322 
323 	/* Prepare to handle a full payload for variable sized output */
324 	if (out_size == CXL_VARIABLE_PAYLOAD)
325 		mbox->size_out = mds->payload_size;
326 	else
327 		mbox->size_out = out_size;
328 
329 	if (mbox->size_out) {
330 		mbox->payload_out = kvzalloc(mbox->size_out, GFP_KERNEL);
331 		if (!mbox->payload_out) {
332 			kvfree(mbox->payload_in);
333 			return -ENOMEM;
334 		}
335 	}
336 	return 0;
337 }
338 
339 static void cxl_mbox_cmd_dtor(struct cxl_mbox_cmd *mbox)
340 {
341 	kvfree(mbox->payload_in);
342 	kvfree(mbox->payload_out);
343 }
344 
345 static int cxl_to_mem_cmd_raw(struct cxl_mem_command *mem_cmd,
346 			      const struct cxl_send_command *send_cmd,
347 			      struct cxl_memdev_state *mds)
348 {
349 	if (send_cmd->raw.rsvd)
350 		return -EINVAL;
351 
352 	/*
353 	 * Unlike supported commands, the output size of RAW commands
354 	 * gets passed along without further checking, so it must be
355 	 * validated here.
356 	 */
357 	if (send_cmd->out.size > mds->payload_size)
358 		return -EINVAL;
359 
360 	if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode))
361 		return -EPERM;
362 
363 	dev_WARN_ONCE(mds->cxlds.dev, true, "raw command path used\n");
364 
365 	*mem_cmd = (struct cxl_mem_command) {
366 		.info = {
367 			.id = CXL_MEM_COMMAND_ID_RAW,
368 			.size_in = send_cmd->in.size,
369 			.size_out = send_cmd->out.size,
370 		},
371 		.opcode = send_cmd->raw.opcode
372 	};
373 
374 	return 0;
375 }
376 
377 static int cxl_to_mem_cmd(struct cxl_mem_command *mem_cmd,
378 			  const struct cxl_send_command *send_cmd,
379 			  struct cxl_memdev_state *mds)
380 {
381 	struct cxl_mem_command *c = &cxl_mem_commands[send_cmd->id];
382 	const struct cxl_command_info *info = &c->info;
383 
384 	if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK)
385 		return -EINVAL;
386 
387 	if (send_cmd->rsvd)
388 		return -EINVAL;
389 
390 	if (send_cmd->in.rsvd || send_cmd->out.rsvd)
391 		return -EINVAL;
392 
393 	/* Check that the command is enabled for hardware */
394 	if (!test_bit(info->id, mds->enabled_cmds))
395 		return -ENOTTY;
396 
397 	/* Check that the command is not claimed for exclusive kernel use */
398 	if (test_bit(info->id, mds->exclusive_cmds))
399 		return -EBUSY;
400 
401 	/* Check the input buffer is the expected size */
402 	if ((info->size_in != CXL_VARIABLE_PAYLOAD) &&
403 	    (info->size_in != send_cmd->in.size))
404 		return -ENOMEM;
405 
406 	/* Check the output buffer is at least large enough */
407 	if ((info->size_out != CXL_VARIABLE_PAYLOAD) &&
408 	    (send_cmd->out.size < info->size_out))
409 		return -ENOMEM;
410 
411 	*mem_cmd = (struct cxl_mem_command) {
412 		.info = {
413 			.id = info->id,
414 			.flags = info->flags,
415 			.size_in = send_cmd->in.size,
416 			.size_out = send_cmd->out.size,
417 		},
418 		.opcode = c->opcode
419 	};
420 
421 	return 0;
422 }
423 
424 /**
425  * cxl_validate_cmd_from_user() - Check fields for CXL_MEM_SEND_COMMAND.
426  * @mbox_cmd: Sanitized and populated &struct cxl_mbox_cmd.
427  * @mds: The driver data for the operation
428  * @send_cmd: &struct cxl_send_command copied in from userspace.
429  *
430  * Return:
431  *  * %0	- @out_cmd is ready to send.
432  *  * %-ENOTTY	- Invalid command specified.
433  *  * %-EINVAL	- Reserved fields or invalid values were used.
434  *  * %-ENOMEM	- Input or output buffer wasn't sized properly.
435  *  * %-EPERM	- Attempted to use a protected command.
436  *  * %-EBUSY	- Kernel has claimed exclusive access to this opcode
437  *
438  * The result of this command is a fully validated command in @mbox_cmd that is
439  * safe to send to the hardware.
440  */
441 static int cxl_validate_cmd_from_user(struct cxl_mbox_cmd *mbox_cmd,
442 				      struct cxl_memdev_state *mds,
443 				      const struct cxl_send_command *send_cmd)
444 {
445 	struct cxl_mem_command mem_cmd;
446 	int rc;
447 
448 	if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX)
449 		return -ENOTTY;
450 
451 	/*
452 	 * The user can never specify an input payload larger than what hardware
453 	 * supports, but output can be arbitrarily large (simply write out as
454 	 * much data as the hardware provides).
455 	 */
456 	if (send_cmd->in.size > mds->payload_size)
457 		return -EINVAL;
458 
459 	/* Sanitize and construct a cxl_mem_command */
460 	if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW)
461 		rc = cxl_to_mem_cmd_raw(&mem_cmd, send_cmd, mds);
462 	else
463 		rc = cxl_to_mem_cmd(&mem_cmd, send_cmd, mds);
464 
465 	if (rc)
466 		return rc;
467 
468 	/* Sanitize and construct a cxl_mbox_cmd */
469 	return cxl_mbox_cmd_ctor(mbox_cmd, mds, mem_cmd.opcode,
470 				 mem_cmd.info.size_in, mem_cmd.info.size_out,
471 				 send_cmd->in.payload);
472 }
473 
474 int cxl_query_cmd(struct cxl_memdev *cxlmd,
475 		  struct cxl_mem_query_commands __user *q)
476 {
477 	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
478 	struct device *dev = &cxlmd->dev;
479 	struct cxl_mem_command *cmd;
480 	u32 n_commands;
481 	int j = 0;
482 
483 	dev_dbg(dev, "Query IOCTL\n");
484 
485 	if (get_user(n_commands, &q->n_commands))
486 		return -EFAULT;
487 
488 	/* returns the total number if 0 elements are requested. */
489 	if (n_commands == 0)
490 		return put_user(ARRAY_SIZE(cxl_mem_commands), &q->n_commands);
491 
492 	/*
493 	 * otherwise, return max(n_commands, total commands) cxl_command_info
494 	 * structures.
495 	 */
496 	cxl_for_each_cmd(cmd) {
497 		struct cxl_command_info info = cmd->info;
498 
499 		if (test_bit(info.id, mds->enabled_cmds))
500 			info.flags |= CXL_MEM_COMMAND_FLAG_ENABLED;
501 		if (test_bit(info.id, mds->exclusive_cmds))
502 			info.flags |= CXL_MEM_COMMAND_FLAG_EXCLUSIVE;
503 
504 		if (copy_to_user(&q->commands[j++], &info, sizeof(info)))
505 			return -EFAULT;
506 
507 		if (j == n_commands)
508 			break;
509 	}
510 
511 	return 0;
512 }
513 
514 /**
515  * handle_mailbox_cmd_from_user() - Dispatch a mailbox command for userspace.
516  * @mds: The driver data for the operation
517  * @mbox_cmd: The validated mailbox command.
518  * @out_payload: Pointer to userspace's output payload.
519  * @size_out: (Input) Max payload size to copy out.
520  *            (Output) Payload size hardware generated.
521  * @retval: Hardware generated return code from the operation.
522  *
523  * Return:
524  *  * %0	- Mailbox transaction succeeded. This implies the mailbox
525  *		  protocol completed successfully not that the operation itself
526  *		  was successful.
527  *  * %-ENOMEM  - Couldn't allocate a bounce buffer.
528  *  * %-EFAULT	- Something happened with copy_to/from_user.
529  *  * %-EINTR	- Mailbox acquisition interrupted.
530  *  * %-EXXX	- Transaction level failures.
531  *
532  * Dispatches a mailbox command on behalf of a userspace request.
533  * The output payload is copied to userspace.
534  *
535  * See cxl_send_cmd().
536  */
537 static int handle_mailbox_cmd_from_user(struct cxl_memdev_state *mds,
538 					struct cxl_mbox_cmd *mbox_cmd,
539 					u64 out_payload, s32 *size_out,
540 					u32 *retval)
541 {
542 	struct device *dev = mds->cxlds.dev;
543 	int rc;
544 
545 	dev_dbg(dev,
546 		"Submitting %s command for user\n"
547 		"\topcode: %x\n"
548 		"\tsize: %zx\n",
549 		cxl_mem_opcode_to_name(mbox_cmd->opcode),
550 		mbox_cmd->opcode, mbox_cmd->size_in);
551 
552 	rc = mds->mbox_send(mds, mbox_cmd);
553 	if (rc)
554 		goto out;
555 
556 	/*
557 	 * @size_out contains the max size that's allowed to be written back out
558 	 * to userspace. While the payload may have written more output than
559 	 * this it will have to be ignored.
560 	 */
561 	if (mbox_cmd->size_out) {
562 		dev_WARN_ONCE(dev, mbox_cmd->size_out > *size_out,
563 			      "Invalid return size\n");
564 		if (copy_to_user(u64_to_user_ptr(out_payload),
565 				 mbox_cmd->payload_out, mbox_cmd->size_out)) {
566 			rc = -EFAULT;
567 			goto out;
568 		}
569 	}
570 
571 	*size_out = mbox_cmd->size_out;
572 	*retval = mbox_cmd->return_code;
573 
574 out:
575 	cxl_mbox_cmd_dtor(mbox_cmd);
576 	return rc;
577 }
578 
579 int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s)
580 {
581 	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
582 	struct device *dev = &cxlmd->dev;
583 	struct cxl_send_command send;
584 	struct cxl_mbox_cmd mbox_cmd;
585 	int rc;
586 
587 	dev_dbg(dev, "Send IOCTL\n");
588 
589 	if (copy_from_user(&send, s, sizeof(send)))
590 		return -EFAULT;
591 
592 	rc = cxl_validate_cmd_from_user(&mbox_cmd, mds, &send);
593 	if (rc)
594 		return rc;
595 
596 	rc = handle_mailbox_cmd_from_user(mds, &mbox_cmd, send.out.payload,
597 					  &send.out.size, &send.retval);
598 	if (rc)
599 		return rc;
600 
601 	if (copy_to_user(s, &send, sizeof(send)))
602 		return -EFAULT;
603 
604 	return 0;
605 }
606 
607 static int cxl_xfer_log(struct cxl_memdev_state *mds, uuid_t *uuid,
608 			u32 *size, u8 *out)
609 {
610 	u32 remaining = *size;
611 	u32 offset = 0;
612 
613 	while (remaining) {
614 		u32 xfer_size = min_t(u32, remaining, mds->payload_size);
615 		struct cxl_mbox_cmd mbox_cmd;
616 		struct cxl_mbox_get_log log;
617 		int rc;
618 
619 		log = (struct cxl_mbox_get_log) {
620 			.uuid = *uuid,
621 			.offset = cpu_to_le32(offset),
622 			.length = cpu_to_le32(xfer_size),
623 		};
624 
625 		mbox_cmd = (struct cxl_mbox_cmd) {
626 			.opcode = CXL_MBOX_OP_GET_LOG,
627 			.size_in = sizeof(log),
628 			.payload_in = &log,
629 			.size_out = xfer_size,
630 			.payload_out = out,
631 		};
632 
633 		rc = cxl_internal_send_cmd(mds, &mbox_cmd);
634 
635 		/*
636 		 * The output payload length that indicates the number
637 		 * of valid bytes can be smaller than the Log buffer
638 		 * size.
639 		 */
640 		if (rc == -EIO && mbox_cmd.size_out < xfer_size) {
641 			offset += mbox_cmd.size_out;
642 			break;
643 		}
644 
645 		if (rc < 0)
646 			return rc;
647 
648 		out += xfer_size;
649 		remaining -= xfer_size;
650 		offset += xfer_size;
651 	}
652 
653 	*size = offset;
654 
655 	return 0;
656 }
657 
658 /**
659  * cxl_walk_cel() - Walk through the Command Effects Log.
660  * @mds: The driver data for the operation
661  * @size: Length of the Command Effects Log.
662  * @cel: CEL
663  *
664  * Iterate over each entry in the CEL and determine if the driver supports the
665  * command. If so, the command is enabled for the device and can be used later.
666  */
667 static void cxl_walk_cel(struct cxl_memdev_state *mds, size_t size, u8 *cel)
668 {
669 	struct cxl_cel_entry *cel_entry;
670 	const int cel_entries = size / sizeof(*cel_entry);
671 	struct device *dev = mds->cxlds.dev;
672 	int i;
673 
674 	cel_entry = (struct cxl_cel_entry *) cel;
675 
676 	for (i = 0; i < cel_entries; i++) {
677 		u16 opcode = le16_to_cpu(cel_entry[i].opcode);
678 		struct cxl_mem_command *cmd = cxl_mem_find_command(opcode);
679 
680 		if (!cmd && !cxl_is_poison_command(opcode)) {
681 			dev_dbg(dev,
682 				"Opcode 0x%04x unsupported by driver\n", opcode);
683 			continue;
684 		}
685 
686 		if (cmd)
687 			set_bit(cmd->info.id, mds->enabled_cmds);
688 
689 		if (cxl_is_poison_command(opcode))
690 			cxl_set_poison_cmd_enabled(&mds->poison, opcode);
691 
692 		dev_dbg(dev, "Opcode 0x%04x enabled\n", opcode);
693 	}
694 }
695 
696 static struct cxl_mbox_get_supported_logs *cxl_get_gsl(struct cxl_memdev_state *mds)
697 {
698 	struct cxl_mbox_get_supported_logs *ret;
699 	struct cxl_mbox_cmd mbox_cmd;
700 	int rc;
701 
702 	ret = kvmalloc(mds->payload_size, GFP_KERNEL);
703 	if (!ret)
704 		return ERR_PTR(-ENOMEM);
705 
706 	mbox_cmd = (struct cxl_mbox_cmd) {
707 		.opcode = CXL_MBOX_OP_GET_SUPPORTED_LOGS,
708 		.size_out = mds->payload_size,
709 		.payload_out = ret,
710 		/* At least the record number field must be valid */
711 		.min_out = 2,
712 	};
713 	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
714 	if (rc < 0) {
715 		kvfree(ret);
716 		return ERR_PTR(rc);
717 	}
718 
719 
720 	return ret;
721 }
722 
723 enum {
724 	CEL_UUID,
725 	VENDOR_DEBUG_UUID,
726 };
727 
728 /* See CXL 2.0 Table 170. Get Log Input Payload */
729 static const uuid_t log_uuid[] = {
730 	[CEL_UUID] = DEFINE_CXL_CEL_UUID,
731 	[VENDOR_DEBUG_UUID] = DEFINE_CXL_VENDOR_DEBUG_UUID,
732 };
733 
734 /**
735  * cxl_enumerate_cmds() - Enumerate commands for a device.
736  * @mds: The driver data for the operation
737  *
738  * Returns 0 if enumerate completed successfully.
739  *
740  * CXL devices have optional support for certain commands. This function will
741  * determine the set of supported commands for the hardware and update the
742  * enabled_cmds bitmap in the @mds.
743  */
744 int cxl_enumerate_cmds(struct cxl_memdev_state *mds)
745 {
746 	struct cxl_mbox_get_supported_logs *gsl;
747 	struct device *dev = mds->cxlds.dev;
748 	struct cxl_mem_command *cmd;
749 	int i, rc;
750 
751 	gsl = cxl_get_gsl(mds);
752 	if (IS_ERR(gsl))
753 		return PTR_ERR(gsl);
754 
755 	rc = -ENOENT;
756 	for (i = 0; i < le16_to_cpu(gsl->entries); i++) {
757 		u32 size = le32_to_cpu(gsl->entry[i].size);
758 		uuid_t uuid = gsl->entry[i].uuid;
759 		u8 *log;
760 
761 		dev_dbg(dev, "Found LOG type %pU of size %d", &uuid, size);
762 
763 		if (!uuid_equal(&uuid, &log_uuid[CEL_UUID]))
764 			continue;
765 
766 		log = kvmalloc(size, GFP_KERNEL);
767 		if (!log) {
768 			rc = -ENOMEM;
769 			goto out;
770 		}
771 
772 		rc = cxl_xfer_log(mds, &uuid, &size, log);
773 		if (rc) {
774 			kvfree(log);
775 			goto out;
776 		}
777 
778 		cxl_walk_cel(mds, size, log);
779 		kvfree(log);
780 
781 		/* In case CEL was bogus, enable some default commands. */
782 		cxl_for_each_cmd(cmd)
783 			if (cmd->flags & CXL_CMD_FLAG_FORCE_ENABLE)
784 				set_bit(cmd->info.id, mds->enabled_cmds);
785 
786 		/* Found the required CEL */
787 		rc = 0;
788 	}
789 out:
790 	kvfree(gsl);
791 	return rc;
792 }
793 EXPORT_SYMBOL_NS_GPL(cxl_enumerate_cmds, CXL);
794 
795 /*
796  * General Media Event Record
797  * CXL rev 3.0 Section 8.2.9.2.1.1; Table 8-43
798  */
799 static const uuid_t gen_media_event_uuid =
800 	UUID_INIT(0xfbcd0a77, 0xc260, 0x417f,
801 		  0x85, 0xa9, 0x08, 0x8b, 0x16, 0x21, 0xeb, 0xa6);
802 
803 /*
804  * DRAM Event Record
805  * CXL rev 3.0 section 8.2.9.2.1.2; Table 8-44
806  */
807 static const uuid_t dram_event_uuid =
808 	UUID_INIT(0x601dcbb3, 0x9c06, 0x4eab,
809 		  0xb8, 0xaf, 0x4e, 0x9b, 0xfb, 0x5c, 0x96, 0x24);
810 
811 /*
812  * Memory Module Event Record
813  * CXL rev 3.0 section 8.2.9.2.1.3; Table 8-45
814  */
815 static const uuid_t mem_mod_event_uuid =
816 	UUID_INIT(0xfe927475, 0xdd59, 0x4339,
817 		  0xa5, 0x86, 0x79, 0xba, 0xb1, 0x13, 0xb7, 0x74);
818 
819 static void cxl_event_trace_record(const struct cxl_memdev *cxlmd,
820 				   enum cxl_event_log_type type,
821 				   struct cxl_event_record_raw *record)
822 {
823 	uuid_t *id = &record->hdr.id;
824 
825 	if (uuid_equal(id, &gen_media_event_uuid)) {
826 		struct cxl_event_gen_media *rec =
827 				(struct cxl_event_gen_media *)record;
828 
829 		trace_cxl_general_media(cxlmd, type, rec);
830 	} else if (uuid_equal(id, &dram_event_uuid)) {
831 		struct cxl_event_dram *rec = (struct cxl_event_dram *)record;
832 
833 		trace_cxl_dram(cxlmd, type, rec);
834 	} else if (uuid_equal(id, &mem_mod_event_uuid)) {
835 		struct cxl_event_mem_module *rec =
836 				(struct cxl_event_mem_module *)record;
837 
838 		trace_cxl_memory_module(cxlmd, type, rec);
839 	} else {
840 		/* For unknown record types print just the header */
841 		trace_cxl_generic_event(cxlmd, type, record);
842 	}
843 }
844 
845 static int cxl_clear_event_record(struct cxl_memdev_state *mds,
846 				  enum cxl_event_log_type log,
847 				  struct cxl_get_event_payload *get_pl)
848 {
849 	struct cxl_mbox_clear_event_payload *payload;
850 	u16 total = le16_to_cpu(get_pl->record_count);
851 	u8 max_handles = CXL_CLEAR_EVENT_MAX_HANDLES;
852 	size_t pl_size = struct_size(payload, handles, max_handles);
853 	struct cxl_mbox_cmd mbox_cmd;
854 	u16 cnt;
855 	int rc = 0;
856 	int i;
857 
858 	/* Payload size may limit the max handles */
859 	if (pl_size > mds->payload_size) {
860 		max_handles = (mds->payload_size - sizeof(*payload)) /
861 			      sizeof(__le16);
862 		pl_size = struct_size(payload, handles, max_handles);
863 	}
864 
865 	payload = kvzalloc(pl_size, GFP_KERNEL);
866 	if (!payload)
867 		return -ENOMEM;
868 
869 	*payload = (struct cxl_mbox_clear_event_payload) {
870 		.event_log = log,
871 	};
872 
873 	mbox_cmd = (struct cxl_mbox_cmd) {
874 		.opcode = CXL_MBOX_OP_CLEAR_EVENT_RECORD,
875 		.payload_in = payload,
876 		.size_in = pl_size,
877 	};
878 
879 	/*
880 	 * Clear Event Records uses u8 for the handle cnt while Get Event
881 	 * Record can return up to 0xffff records.
882 	 */
883 	i = 0;
884 	for (cnt = 0; cnt < total; cnt++) {
885 		payload->handles[i++] = get_pl->records[cnt].hdr.handle;
886 		dev_dbg(mds->cxlds.dev, "Event log '%d': Clearing %u\n", log,
887 			le16_to_cpu(payload->handles[i]));
888 
889 		if (i == max_handles) {
890 			payload->nr_recs = i;
891 			rc = cxl_internal_send_cmd(mds, &mbox_cmd);
892 			if (rc)
893 				goto free_pl;
894 			i = 0;
895 		}
896 	}
897 
898 	/* Clear what is left if any */
899 	if (i) {
900 		payload->nr_recs = i;
901 		mbox_cmd.size_in = struct_size(payload, handles, i);
902 		rc = cxl_internal_send_cmd(mds, &mbox_cmd);
903 		if (rc)
904 			goto free_pl;
905 	}
906 
907 free_pl:
908 	kvfree(payload);
909 	return rc;
910 }
911 
912 static void cxl_mem_get_records_log(struct cxl_memdev_state *mds,
913 				    enum cxl_event_log_type type)
914 {
915 	struct cxl_memdev *cxlmd = mds->cxlds.cxlmd;
916 	struct device *dev = mds->cxlds.dev;
917 	struct cxl_get_event_payload *payload;
918 	struct cxl_mbox_cmd mbox_cmd;
919 	u8 log_type = type;
920 	u16 nr_rec;
921 
922 	mutex_lock(&mds->event.log_lock);
923 	payload = mds->event.buf;
924 
925 	mbox_cmd = (struct cxl_mbox_cmd) {
926 		.opcode = CXL_MBOX_OP_GET_EVENT_RECORD,
927 		.payload_in = &log_type,
928 		.size_in = sizeof(log_type),
929 		.payload_out = payload,
930 		.size_out = mds->payload_size,
931 		.min_out = struct_size(payload, records, 0),
932 	};
933 
934 	do {
935 		int rc, i;
936 
937 		rc = cxl_internal_send_cmd(mds, &mbox_cmd);
938 		if (rc) {
939 			dev_err_ratelimited(dev,
940 				"Event log '%d': Failed to query event records : %d",
941 				type, rc);
942 			break;
943 		}
944 
945 		nr_rec = le16_to_cpu(payload->record_count);
946 		if (!nr_rec)
947 			break;
948 
949 		for (i = 0; i < nr_rec; i++)
950 			cxl_event_trace_record(cxlmd, type,
951 					       &payload->records[i]);
952 
953 		if (payload->flags & CXL_GET_EVENT_FLAG_OVERFLOW)
954 			trace_cxl_overflow(cxlmd, type, payload);
955 
956 		rc = cxl_clear_event_record(mds, type, payload);
957 		if (rc) {
958 			dev_err_ratelimited(dev,
959 				"Event log '%d': Failed to clear events : %d",
960 				type, rc);
961 			break;
962 		}
963 	} while (nr_rec);
964 
965 	mutex_unlock(&mds->event.log_lock);
966 }
967 
968 /**
969  * cxl_mem_get_event_records - Get Event Records from the device
970  * @mds: The driver data for the operation
971  * @status: Event Status register value identifying which events are available.
972  *
973  * Retrieve all event records available on the device, report them as trace
974  * events, and clear them.
975  *
976  * See CXL rev 3.0 @8.2.9.2.2 Get Event Records
977  * See CXL rev 3.0 @8.2.9.2.3 Clear Event Records
978  */
979 void cxl_mem_get_event_records(struct cxl_memdev_state *mds, u32 status)
980 {
981 	dev_dbg(mds->cxlds.dev, "Reading event logs: %x\n", status);
982 
983 	if (status & CXLDEV_EVENT_STATUS_FATAL)
984 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_FATAL);
985 	if (status & CXLDEV_EVENT_STATUS_FAIL)
986 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_FAIL);
987 	if (status & CXLDEV_EVENT_STATUS_WARN)
988 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_WARN);
989 	if (status & CXLDEV_EVENT_STATUS_INFO)
990 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_INFO);
991 }
992 EXPORT_SYMBOL_NS_GPL(cxl_mem_get_event_records, CXL);
993 
994 /**
995  * cxl_mem_get_partition_info - Get partition info
996  * @mds: The driver data for the operation
997  *
998  * Retrieve the current partition info for the device specified.  The active
999  * values are the current capacity in bytes.  If not 0, the 'next' values are
1000  * the pending values, in bytes, which take affect on next cold reset.
1001  *
1002  * Return: 0 if no error: or the result of the mailbox command.
1003  *
1004  * See CXL @8.2.9.5.2.1 Get Partition Info
1005  */
1006 static int cxl_mem_get_partition_info(struct cxl_memdev_state *mds)
1007 {
1008 	struct cxl_mbox_get_partition_info pi;
1009 	struct cxl_mbox_cmd mbox_cmd;
1010 	int rc;
1011 
1012 	mbox_cmd = (struct cxl_mbox_cmd) {
1013 		.opcode = CXL_MBOX_OP_GET_PARTITION_INFO,
1014 		.size_out = sizeof(pi),
1015 		.payload_out = &pi,
1016 	};
1017 	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
1018 	if (rc)
1019 		return rc;
1020 
1021 	mds->active_volatile_bytes =
1022 		le64_to_cpu(pi.active_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
1023 	mds->active_persistent_bytes =
1024 		le64_to_cpu(pi.active_persistent_cap) * CXL_CAPACITY_MULTIPLIER;
1025 	mds->next_volatile_bytes =
1026 		le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
1027 	mds->next_persistent_bytes =
1028 		le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
1029 
1030 	return 0;
1031 }
1032 
1033 /**
1034  * cxl_dev_state_identify() - Send the IDENTIFY command to the device.
1035  * @mds: The driver data for the operation
1036  *
1037  * Return: 0 if identify was executed successfully or media not ready.
1038  *
1039  * This will dispatch the identify command to the device and on success populate
1040  * structures to be exported to sysfs.
1041  */
1042 int cxl_dev_state_identify(struct cxl_memdev_state *mds)
1043 {
1044 	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
1045 	struct cxl_mbox_identify id;
1046 	struct cxl_mbox_cmd mbox_cmd;
1047 	u32 val;
1048 	int rc;
1049 
1050 	if (!mds->cxlds.media_ready)
1051 		return 0;
1052 
1053 	mbox_cmd = (struct cxl_mbox_cmd) {
1054 		.opcode = CXL_MBOX_OP_IDENTIFY,
1055 		.size_out = sizeof(id),
1056 		.payload_out = &id,
1057 	};
1058 	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
1059 	if (rc < 0)
1060 		return rc;
1061 
1062 	mds->total_bytes =
1063 		le64_to_cpu(id.total_capacity) * CXL_CAPACITY_MULTIPLIER;
1064 	mds->volatile_only_bytes =
1065 		le64_to_cpu(id.volatile_capacity) * CXL_CAPACITY_MULTIPLIER;
1066 	mds->persistent_only_bytes =
1067 		le64_to_cpu(id.persistent_capacity) * CXL_CAPACITY_MULTIPLIER;
1068 	mds->partition_align_bytes =
1069 		le64_to_cpu(id.partition_align) * CXL_CAPACITY_MULTIPLIER;
1070 
1071 	mds->lsa_size = le32_to_cpu(id.lsa_size);
1072 	memcpy(mds->firmware_version, id.fw_revision,
1073 	       sizeof(id.fw_revision));
1074 
1075 	if (test_bit(CXL_POISON_ENABLED_LIST, mds->poison.enabled_cmds)) {
1076 		val = get_unaligned_le24(id.poison_list_max_mer);
1077 		mds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
1078 	}
1079 
1080 	return 0;
1081 }
1082 EXPORT_SYMBOL_NS_GPL(cxl_dev_state_identify, CXL);
1083 
1084 /**
1085  * cxl_mem_sanitize() - Send a sanitization command to the device.
1086  * @mds: The device data for the operation
1087  * @cmd: The specific sanitization command opcode
1088  *
1089  * Return: 0 if the command was executed successfully, regardless of
1090  * whether or not the actual security operation is done in the background,
1091  * such as for the Sanitize case.
1092  * Error return values can be the result of the mailbox command, -EINVAL
1093  * when security requirements are not met or invalid contexts.
1094  *
1095  * See CXL 3.0 @8.2.9.8.5.1 Sanitize and @8.2.9.8.5.2 Secure Erase.
1096  */
1097 int cxl_mem_sanitize(struct cxl_memdev_state *mds, u16 cmd)
1098 {
1099 	int rc;
1100 	u32 sec_out = 0;
1101 	struct cxl_get_security_output {
1102 		__le32 flags;
1103 	} out;
1104 	struct cxl_mbox_cmd sec_cmd = {
1105 		.opcode = CXL_MBOX_OP_GET_SECURITY_STATE,
1106 		.payload_out = &out,
1107 		.size_out = sizeof(out),
1108 	};
1109 	struct cxl_mbox_cmd mbox_cmd = { .opcode = cmd };
1110 	struct cxl_dev_state *cxlds = &mds->cxlds;
1111 
1112 	if (cmd != CXL_MBOX_OP_SANITIZE && cmd != CXL_MBOX_OP_SECURE_ERASE)
1113 		return -EINVAL;
1114 
1115 	rc = cxl_internal_send_cmd(mds, &sec_cmd);
1116 	if (rc < 0) {
1117 		dev_err(cxlds->dev, "Failed to get security state : %d", rc);
1118 		return rc;
1119 	}
1120 
1121 	/*
1122 	 * Prior to using these commands, any security applied to
1123 	 * the user data areas of the device shall be DISABLED (or
1124 	 * UNLOCKED for secure erase case).
1125 	 */
1126 	sec_out = le32_to_cpu(out.flags);
1127 	if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET)
1128 		return -EINVAL;
1129 
1130 	if (cmd == CXL_MBOX_OP_SECURE_ERASE &&
1131 	    sec_out & CXL_PMEM_SEC_STATE_LOCKED)
1132 		return -EINVAL;
1133 
1134 	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
1135 	if (rc < 0) {
1136 		dev_err(cxlds->dev, "Failed to sanitize device : %d", rc);
1137 		return rc;
1138 	}
1139 
1140 	return 0;
1141 }
1142 EXPORT_SYMBOL_NS_GPL(cxl_mem_sanitize, CXL);
1143 
1144 static int add_dpa_res(struct device *dev, struct resource *parent,
1145 		       struct resource *res, resource_size_t start,
1146 		       resource_size_t size, const char *type)
1147 {
1148 	int rc;
1149 
1150 	res->name = type;
1151 	res->start = start;
1152 	res->end = start + size - 1;
1153 	res->flags = IORESOURCE_MEM;
1154 	if (resource_size(res) == 0) {
1155 		dev_dbg(dev, "DPA(%s): no capacity\n", res->name);
1156 		return 0;
1157 	}
1158 	rc = request_resource(parent, res);
1159 	if (rc) {
1160 		dev_err(dev, "DPA(%s): failed to track %pr (%d)\n", res->name,
1161 			res, rc);
1162 		return rc;
1163 	}
1164 
1165 	dev_dbg(dev, "DPA(%s): %pr\n", res->name, res);
1166 
1167 	return 0;
1168 }
1169 
1170 int cxl_mem_create_range_info(struct cxl_memdev_state *mds)
1171 {
1172 	struct cxl_dev_state *cxlds = &mds->cxlds;
1173 	struct device *dev = cxlds->dev;
1174 	int rc;
1175 
1176 	if (!cxlds->media_ready) {
1177 		cxlds->dpa_res = DEFINE_RES_MEM(0, 0);
1178 		cxlds->ram_res = DEFINE_RES_MEM(0, 0);
1179 		cxlds->pmem_res = DEFINE_RES_MEM(0, 0);
1180 		return 0;
1181 	}
1182 
1183 	cxlds->dpa_res =
1184 		(struct resource)DEFINE_RES_MEM(0, mds->total_bytes);
1185 
1186 	if (mds->partition_align_bytes == 0) {
1187 		rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1188 				 mds->volatile_only_bytes, "ram");
1189 		if (rc)
1190 			return rc;
1191 		return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1192 				   mds->volatile_only_bytes,
1193 				   mds->persistent_only_bytes, "pmem");
1194 	}
1195 
1196 	rc = cxl_mem_get_partition_info(mds);
1197 	if (rc) {
1198 		dev_err(dev, "Failed to query partition information\n");
1199 		return rc;
1200 	}
1201 
1202 	rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1203 			 mds->active_volatile_bytes, "ram");
1204 	if (rc)
1205 		return rc;
1206 	return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1207 			   mds->active_volatile_bytes,
1208 			   mds->active_persistent_bytes, "pmem");
1209 }
1210 EXPORT_SYMBOL_NS_GPL(cxl_mem_create_range_info, CXL);
1211 
1212 int cxl_set_timestamp(struct cxl_memdev_state *mds)
1213 {
1214 	struct cxl_mbox_cmd mbox_cmd;
1215 	struct cxl_mbox_set_timestamp_in pi;
1216 	int rc;
1217 
1218 	pi.timestamp = cpu_to_le64(ktime_get_real_ns());
1219 	mbox_cmd = (struct cxl_mbox_cmd) {
1220 		.opcode = CXL_MBOX_OP_SET_TIMESTAMP,
1221 		.size_in = sizeof(pi),
1222 		.payload_in = &pi,
1223 	};
1224 
1225 	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
1226 	/*
1227 	 * Command is optional. Devices may have another way of providing
1228 	 * a timestamp, or may return all 0s in timestamp fields.
1229 	 * Don't report an error if this command isn't supported
1230 	 */
1231 	if (rc && (mbox_cmd.return_code != CXL_MBOX_CMD_RC_UNSUPPORTED))
1232 		return rc;
1233 
1234 	return 0;
1235 }
1236 EXPORT_SYMBOL_NS_GPL(cxl_set_timestamp, CXL);
1237 
1238 int cxl_mem_get_poison(struct cxl_memdev *cxlmd, u64 offset, u64 len,
1239 		       struct cxl_region *cxlr)
1240 {
1241 	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
1242 	struct cxl_mbox_poison_out *po;
1243 	struct cxl_mbox_poison_in pi;
1244 	struct cxl_mbox_cmd mbox_cmd;
1245 	int nr_records = 0;
1246 	int rc;
1247 
1248 	rc = mutex_lock_interruptible(&mds->poison.lock);
1249 	if (rc)
1250 		return rc;
1251 
1252 	po = mds->poison.list_out;
1253 	pi.offset = cpu_to_le64(offset);
1254 	pi.length = cpu_to_le64(len / CXL_POISON_LEN_MULT);
1255 
1256 	mbox_cmd = (struct cxl_mbox_cmd) {
1257 		.opcode = CXL_MBOX_OP_GET_POISON,
1258 		.size_in = sizeof(pi),
1259 		.payload_in = &pi,
1260 		.size_out = mds->payload_size,
1261 		.payload_out = po,
1262 		.min_out = struct_size(po, record, 0),
1263 	};
1264 
1265 	do {
1266 		rc = cxl_internal_send_cmd(mds, &mbox_cmd);
1267 		if (rc)
1268 			break;
1269 
1270 		for (int i = 0; i < le16_to_cpu(po->count); i++)
1271 			trace_cxl_poison(cxlmd, cxlr, &po->record[i],
1272 					 po->flags, po->overflow_ts,
1273 					 CXL_POISON_TRACE_LIST);
1274 
1275 		/* Protect against an uncleared _FLAG_MORE */
1276 		nr_records = nr_records + le16_to_cpu(po->count);
1277 		if (nr_records >= mds->poison.max_errors) {
1278 			dev_dbg(&cxlmd->dev, "Max Error Records reached: %d\n",
1279 				nr_records);
1280 			break;
1281 		}
1282 	} while (po->flags & CXL_POISON_FLAG_MORE);
1283 
1284 	mutex_unlock(&mds->poison.lock);
1285 	return rc;
1286 }
1287 EXPORT_SYMBOL_NS_GPL(cxl_mem_get_poison, CXL);
1288 
1289 static void free_poison_buf(void *buf)
1290 {
1291 	kvfree(buf);
1292 }
1293 
1294 /* Get Poison List output buffer is protected by mds->poison.lock */
1295 static int cxl_poison_alloc_buf(struct cxl_memdev_state *mds)
1296 {
1297 	mds->poison.list_out = kvmalloc(mds->payload_size, GFP_KERNEL);
1298 	if (!mds->poison.list_out)
1299 		return -ENOMEM;
1300 
1301 	return devm_add_action_or_reset(mds->cxlds.dev, free_poison_buf,
1302 					mds->poison.list_out);
1303 }
1304 
1305 int cxl_poison_state_init(struct cxl_memdev_state *mds)
1306 {
1307 	int rc;
1308 
1309 	if (!test_bit(CXL_POISON_ENABLED_LIST, mds->poison.enabled_cmds))
1310 		return 0;
1311 
1312 	rc = cxl_poison_alloc_buf(mds);
1313 	if (rc) {
1314 		clear_bit(CXL_POISON_ENABLED_LIST, mds->poison.enabled_cmds);
1315 		return rc;
1316 	}
1317 
1318 	mutex_init(&mds->poison.lock);
1319 	return 0;
1320 }
1321 EXPORT_SYMBOL_NS_GPL(cxl_poison_state_init, CXL);
1322 
1323 struct cxl_memdev_state *cxl_memdev_state_create(struct device *dev)
1324 {
1325 	struct cxl_memdev_state *mds;
1326 
1327 	mds = devm_kzalloc(dev, sizeof(*mds), GFP_KERNEL);
1328 	if (!mds) {
1329 		dev_err(dev, "No memory available\n");
1330 		return ERR_PTR(-ENOMEM);
1331 	}
1332 
1333 	mutex_init(&mds->mbox_mutex);
1334 	mutex_init(&mds->event.log_lock);
1335 	mds->cxlds.dev = dev;
1336 	mds->cxlds.type = CXL_DEVTYPE_CLASSMEM;
1337 
1338 	return mds;
1339 }
1340 EXPORT_SYMBOL_NS_GPL(cxl_memdev_state_create, CXL);
1341 
1342 void __init cxl_mbox_init(void)
1343 {
1344 	struct dentry *mbox_debugfs;
1345 
1346 	mbox_debugfs = cxl_debugfs_create_dir("mbox");
1347 	debugfs_create_bool("raw_allow_all", 0600, mbox_debugfs,
1348 			    &cxl_raw_allow_all);
1349 }
1350