xref: /openbmc/linux/drivers/cxl/mem.c (revision 05911c5d)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright(c) 2020 Intel Corporation. All rights reserved. */
3 #include <uapi/linux/cxl_mem.h>
4 #include <linux/security.h>
5 #include <linux/debugfs.h>
6 #include <linux/module.h>
7 #include <linux/sizes.h>
8 #include <linux/mutex.h>
9 #include <linux/cdev.h>
10 #include <linux/idr.h>
11 #include <linux/pci.h>
12 #include <linux/io.h>
13 #include <linux/io-64-nonatomic-lo-hi.h>
14 #include "pci.h"
15 #include "cxl.h"
16 
17 /**
18  * DOC: cxl mem
19  *
20  * This implements a CXL memory device ("type-3") as it is defined by the
21  * Compute Express Link specification.
22  *
23  * The driver has several responsibilities, mainly:
24  *  - Create the memX device and register on the CXL bus.
25  *  - Enumerate device's register interface and map them.
26  *  - Probe the device attributes to establish sysfs interface.
27  *  - Provide an IOCTL interface to userspace to communicate with the device for
28  *    things like firmware update.
29  *  - Support management of interleave sets.
30  *  - Handle and manage error conditions.
31  */
32 
33 /*
34  * An entire PCI topology full of devices should be enough for any
35  * config
36  */
37 #define CXL_MEM_MAX_DEVS 65536
38 
39 #define cxl_doorbell_busy(cxlm)                                                \
40 	(readl((cxlm)->mbox_regs + CXLDEV_MBOX_CTRL_OFFSET) &                  \
41 	 CXLDEV_MBOX_CTRL_DOORBELL)
42 
43 /* CXL 2.0 - 8.2.8.4 */
44 #define CXL_MAILBOX_TIMEOUT_MS (2 * HZ)
45 
46 enum opcode {
47 	CXL_MBOX_OP_INVALID		= 0x0000,
48 	CXL_MBOX_OP_RAW			= CXL_MBOX_OP_INVALID,
49 	CXL_MBOX_OP_GET_FW_INFO		= 0x0200,
50 	CXL_MBOX_OP_ACTIVATE_FW		= 0x0202,
51 	CXL_MBOX_OP_GET_SUPPORTED_LOGS	= 0x0400,
52 	CXL_MBOX_OP_GET_LOG		= 0x0401,
53 	CXL_MBOX_OP_IDENTIFY		= 0x4000,
54 	CXL_MBOX_OP_GET_PARTITION_INFO	= 0x4100,
55 	CXL_MBOX_OP_SET_PARTITION_INFO	= 0x4101,
56 	CXL_MBOX_OP_GET_LSA		= 0x4102,
57 	CXL_MBOX_OP_SET_LSA		= 0x4103,
58 	CXL_MBOX_OP_GET_HEALTH_INFO	= 0x4200,
59 	CXL_MBOX_OP_SET_SHUTDOWN_STATE	= 0x4204,
60 	CXL_MBOX_OP_SCAN_MEDIA		= 0x4304,
61 	CXL_MBOX_OP_GET_SCAN_MEDIA	= 0x4305,
62 	CXL_MBOX_OP_MAX			= 0x10000
63 };
64 
65 /**
66  * struct mbox_cmd - A command to be submitted to hardware.
67  * @opcode: (input) The command set and command submitted to hardware.
68  * @payload_in: (input) Pointer to the input payload.
69  * @payload_out: (output) Pointer to the output payload. Must be allocated by
70  *		 the caller.
71  * @size_in: (input) Number of bytes to load from @payload_in.
72  * @size_out: (input) Max number of bytes loaded into @payload_out.
73  *            (output) Number of bytes generated by the device. For fixed size
74  *            outputs commands this is always expected to be deterministic. For
75  *            variable sized output commands, it tells the exact number of bytes
76  *            written.
77  * @return_code: (output) Error code returned from hardware.
78  *
79  * This is the primary mechanism used to send commands to the hardware.
80  * All the fields except @payload_* correspond exactly to the fields described in
81  * Command Register section of the CXL 2.0 8.2.8.4.5. @payload_in and
82  * @payload_out are written to, and read from the Command Payload Registers
83  * defined in CXL 2.0 8.2.8.4.8.
84  */
85 struct mbox_cmd {
86 	u16 opcode;
87 	void *payload_in;
88 	void *payload_out;
89 	size_t size_in;
90 	size_t size_out;
91 	u16 return_code;
92 #define CXL_MBOX_SUCCESS 0
93 };
94 
95 /**
96  * struct cxl_memdev - CXL bus object representing a Type-3 Memory Device
97  * @dev: driver core device object
98  * @cdev: char dev core object for ioctl operations
99  * @cxlm: pointer to the parent device driver data
100  * @id: id number of this memdev instance.
101  */
102 struct cxl_memdev {
103 	struct device dev;
104 	struct cdev cdev;
105 	struct cxl_mem *cxlm;
106 	int id;
107 };
108 
109 static int cxl_mem_major;
110 static DEFINE_IDA(cxl_memdev_ida);
111 static DECLARE_RWSEM(cxl_memdev_rwsem);
112 static struct dentry *cxl_debugfs;
113 static bool cxl_raw_allow_all;
114 
115 enum {
116 	CEL_UUID,
117 	VENDOR_DEBUG_UUID,
118 };
119 
120 /* See CXL 2.0 Table 170. Get Log Input Payload */
121 static const uuid_t log_uuid[] = {
122 	[CEL_UUID] = UUID_INIT(0xda9c0b5, 0xbf41, 0x4b78, 0x8f, 0x79, 0x96,
123 			       0xb1, 0x62, 0x3b, 0x3f, 0x17),
124 	[VENDOR_DEBUG_UUID] = UUID_INIT(0xe1819d9, 0x11a9, 0x400c, 0x81, 0x1f,
125 					0xd6, 0x07, 0x19, 0x40, 0x3d, 0x86),
126 };
127 
128 /**
129  * struct cxl_mem_command - Driver representation of a memory device command
130  * @info: Command information as it exists for the UAPI
131  * @opcode: The actual bits used for the mailbox protocol
132  * @flags: Set of flags effecting driver behavior.
133  *
134  *  * %CXL_CMD_FLAG_FORCE_ENABLE: In cases of error, commands with this flag
135  *    will be enabled by the driver regardless of what hardware may have
136  *    advertised.
137  *
138  * The cxl_mem_command is the driver's internal representation of commands that
139  * are supported by the driver. Some of these commands may not be supported by
140  * the hardware. The driver will use @info to validate the fields passed in by
141  * the user then submit the @opcode to the hardware.
142  *
143  * See struct cxl_command_info.
144  */
145 struct cxl_mem_command {
146 	struct cxl_command_info info;
147 	enum opcode opcode;
148 	u32 flags;
149 #define CXL_CMD_FLAG_NONE 0
150 #define CXL_CMD_FLAG_FORCE_ENABLE BIT(0)
151 };
152 
153 #define CXL_CMD(_id, sin, sout, _flags)                                        \
154 	[CXL_MEM_COMMAND_ID_##_id] = {                                         \
155 	.info =	{                                                              \
156 			.id = CXL_MEM_COMMAND_ID_##_id,                        \
157 			.size_in = sin,                                        \
158 			.size_out = sout,                                      \
159 		},                                                             \
160 	.opcode = CXL_MBOX_OP_##_id,                                           \
161 	.flags = _flags,                                                       \
162 	}
163 
164 /*
165  * This table defines the supported mailbox commands for the driver. This table
166  * is made up of a UAPI structure. Non-negative values as parameters in the
167  * table will be validated against the user's input. For example, if size_in is
168  * 0, and the user passed in 1, it is an error.
169  */
170 static struct cxl_mem_command mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
171 	CXL_CMD(IDENTIFY, 0, 0x43, CXL_CMD_FLAG_FORCE_ENABLE),
172 #ifdef CONFIG_CXL_MEM_RAW_COMMANDS
173 	CXL_CMD(RAW, ~0, ~0, 0),
174 #endif
175 	CXL_CMD(GET_SUPPORTED_LOGS, 0, ~0, CXL_CMD_FLAG_FORCE_ENABLE),
176 	CXL_CMD(GET_FW_INFO, 0, 0x50, 0),
177 	CXL_CMD(GET_PARTITION_INFO, 0, 0x20, 0),
178 	CXL_CMD(GET_LSA, 0x8, ~0, 0),
179 	CXL_CMD(GET_HEALTH_INFO, 0, 0x12, 0),
180 	CXL_CMD(GET_LOG, 0x18, ~0, CXL_CMD_FLAG_FORCE_ENABLE),
181 };
182 
183 /*
184  * Commands that RAW doesn't permit. The rationale for each:
185  *
186  * CXL_MBOX_OP_ACTIVATE_FW: Firmware activation requires adjustment /
187  * coordination of transaction timeout values at the root bridge level.
188  *
189  * CXL_MBOX_OP_SET_PARTITION_INFO: The device memory map may change live
190  * and needs to be coordinated with HDM updates.
191  *
192  * CXL_MBOX_OP_SET_LSA: The label storage area may be cached by the
193  * driver and any writes from userspace invalidates those contents.
194  *
195  * CXL_MBOX_OP_SET_SHUTDOWN_STATE: Set shutdown state assumes no writes
196  * to the device after it is marked clean, userspace can not make that
197  * assertion.
198  *
199  * CXL_MBOX_OP_[GET_]SCAN_MEDIA: The kernel provides a native error list that
200  * is kept up to date with patrol notifications and error management.
201  */
202 static u16 cxl_disabled_raw_commands[] = {
203 	CXL_MBOX_OP_ACTIVATE_FW,
204 	CXL_MBOX_OP_SET_PARTITION_INFO,
205 	CXL_MBOX_OP_SET_LSA,
206 	CXL_MBOX_OP_SET_SHUTDOWN_STATE,
207 	CXL_MBOX_OP_SCAN_MEDIA,
208 	CXL_MBOX_OP_GET_SCAN_MEDIA,
209 };
210 
211 /*
212  * Command sets that RAW doesn't permit. All opcodes in this set are
213  * disabled because they pass plain text security payloads over the
214  * user/kernel boundary. This functionality is intended to be wrapped
215  * behind the keys ABI which allows for encrypted payloads in the UAPI
216  */
217 static u8 security_command_sets[] = {
218 	0x44, /* Sanitize */
219 	0x45, /* Persistent Memory Data-at-rest Security */
220 	0x46, /* Security Passthrough */
221 };
222 
223 #define cxl_for_each_cmd(cmd)                                                  \
224 	for ((cmd) = &mem_commands[0];                                         \
225 	     ((cmd) - mem_commands) < ARRAY_SIZE(mem_commands); (cmd)++)
226 
227 #define cxl_cmd_count ARRAY_SIZE(mem_commands)
228 
229 static int cxl_mem_wait_for_doorbell(struct cxl_mem *cxlm)
230 {
231 	const unsigned long start = jiffies;
232 	unsigned long end = start;
233 
234 	while (cxl_doorbell_busy(cxlm)) {
235 		end = jiffies;
236 
237 		if (time_after(end, start + CXL_MAILBOX_TIMEOUT_MS)) {
238 			/* Check again in case preempted before timeout test */
239 			if (!cxl_doorbell_busy(cxlm))
240 				break;
241 			return -ETIMEDOUT;
242 		}
243 		cpu_relax();
244 	}
245 
246 	dev_dbg(&cxlm->pdev->dev, "Doorbell wait took %dms",
247 		jiffies_to_msecs(end) - jiffies_to_msecs(start));
248 	return 0;
249 }
250 
251 static bool cxl_is_security_command(u16 opcode)
252 {
253 	int i;
254 
255 	for (i = 0; i < ARRAY_SIZE(security_command_sets); i++)
256 		if (security_command_sets[i] == (opcode >> 8))
257 			return true;
258 	return false;
259 }
260 
261 static void cxl_mem_mbox_timeout(struct cxl_mem *cxlm,
262 				 struct mbox_cmd *mbox_cmd)
263 {
264 	struct device *dev = &cxlm->pdev->dev;
265 
266 	dev_dbg(dev, "Mailbox command (opcode: %#x size: %zub) timed out\n",
267 		mbox_cmd->opcode, mbox_cmd->size_in);
268 }
269 
270 /**
271  * __cxl_mem_mbox_send_cmd() - Execute a mailbox command
272  * @cxlm: The CXL memory device to communicate with.
273  * @mbox_cmd: Command to send to the memory device.
274  *
275  * Context: Any context. Expects mbox_mutex to be held.
276  * Return: -ETIMEDOUT if timeout occurred waiting for completion. 0 on success.
277  *         Caller should check the return code in @mbox_cmd to make sure it
278  *         succeeded.
279  *
280  * This is a generic form of the CXL mailbox send command thus only using the
281  * registers defined by the mailbox capability ID - CXL 2.0 8.2.8.4. Memory
282  * devices, and perhaps other types of CXL devices may have further information
283  * available upon error conditions. Driver facilities wishing to send mailbox
284  * commands should use the wrapper command.
285  *
286  * The CXL spec allows for up to two mailboxes. The intention is for the primary
287  * mailbox to be OS controlled and the secondary mailbox to be used by system
288  * firmware. This allows the OS and firmware to communicate with the device and
289  * not need to coordinate with each other. The driver only uses the primary
290  * mailbox.
291  */
292 static int __cxl_mem_mbox_send_cmd(struct cxl_mem *cxlm,
293 				   struct mbox_cmd *mbox_cmd)
294 {
295 	void __iomem *payload = cxlm->mbox_regs + CXLDEV_MBOX_PAYLOAD_OFFSET;
296 	u64 cmd_reg, status_reg;
297 	size_t out_len;
298 	int rc;
299 
300 	lockdep_assert_held(&cxlm->mbox_mutex);
301 
302 	/*
303 	 * Here are the steps from 8.2.8.4 of the CXL 2.0 spec.
304 	 *   1. Caller reads MB Control Register to verify doorbell is clear
305 	 *   2. Caller writes Command Register
306 	 *   3. Caller writes Command Payload Registers if input payload is non-empty
307 	 *   4. Caller writes MB Control Register to set doorbell
308 	 *   5. Caller either polls for doorbell to be clear or waits for interrupt if configured
309 	 *   6. Caller reads MB Status Register to fetch Return code
310 	 *   7. If command successful, Caller reads Command Register to get Payload Length
311 	 *   8. If output payload is non-empty, host reads Command Payload Registers
312 	 *
313 	 * Hardware is free to do whatever it wants before the doorbell is rung,
314 	 * and isn't allowed to change anything after it clears the doorbell. As
315 	 * such, steps 2 and 3 can happen in any order, and steps 6, 7, 8 can
316 	 * also happen in any order (though some orders might not make sense).
317 	 */
318 
319 	/* #1 */
320 	if (cxl_doorbell_busy(cxlm)) {
321 		dev_err_ratelimited(&cxlm->pdev->dev,
322 				    "Mailbox re-busy after acquiring\n");
323 		return -EBUSY;
324 	}
325 
326 	cmd_reg = FIELD_PREP(CXLDEV_MBOX_CMD_COMMAND_OPCODE_MASK,
327 			     mbox_cmd->opcode);
328 	if (mbox_cmd->size_in) {
329 		if (WARN_ON(!mbox_cmd->payload_in))
330 			return -EINVAL;
331 
332 		cmd_reg |= FIELD_PREP(CXLDEV_MBOX_CMD_PAYLOAD_LENGTH_MASK,
333 				      mbox_cmd->size_in);
334 		memcpy_toio(payload, mbox_cmd->payload_in, mbox_cmd->size_in);
335 	}
336 
337 	/* #2, #3 */
338 	writeq(cmd_reg, cxlm->mbox_regs + CXLDEV_MBOX_CMD_OFFSET);
339 
340 	/* #4 */
341 	dev_dbg(&cxlm->pdev->dev, "Sending command\n");
342 	writel(CXLDEV_MBOX_CTRL_DOORBELL,
343 	       cxlm->mbox_regs + CXLDEV_MBOX_CTRL_OFFSET);
344 
345 	/* #5 */
346 	rc = cxl_mem_wait_for_doorbell(cxlm);
347 	if (rc == -ETIMEDOUT) {
348 		cxl_mem_mbox_timeout(cxlm, mbox_cmd);
349 		return rc;
350 	}
351 
352 	/* #6 */
353 	status_reg = readq(cxlm->mbox_regs + CXLDEV_MBOX_STATUS_OFFSET);
354 	mbox_cmd->return_code =
355 		FIELD_GET(CXLDEV_MBOX_STATUS_RET_CODE_MASK, status_reg);
356 
357 	if (mbox_cmd->return_code != 0) {
358 		dev_dbg(&cxlm->pdev->dev, "Mailbox operation had an error\n");
359 		return 0;
360 	}
361 
362 	/* #7 */
363 	cmd_reg = readq(cxlm->mbox_regs + CXLDEV_MBOX_CMD_OFFSET);
364 	out_len = FIELD_GET(CXLDEV_MBOX_CMD_PAYLOAD_LENGTH_MASK, cmd_reg);
365 
366 	/* #8 */
367 	if (out_len && mbox_cmd->payload_out) {
368 		/*
369 		 * Sanitize the copy. If hardware misbehaves, out_len per the
370 		 * spec can actually be greater than the max allowed size (21
371 		 * bits available but spec defined 1M max). The caller also may
372 		 * have requested less data than the hardware supplied even
373 		 * within spec.
374 		 */
375 		size_t n = min3(mbox_cmd->size_out, cxlm->payload_size, out_len);
376 
377 		memcpy_fromio(mbox_cmd->payload_out, payload, n);
378 		mbox_cmd->size_out = n;
379 	} else {
380 		mbox_cmd->size_out = 0;
381 	}
382 
383 	return 0;
384 }
385 
386 /**
387  * cxl_mem_mbox_get() - Acquire exclusive access to the mailbox.
388  * @cxlm: The memory device to gain access to.
389  *
390  * Context: Any context. Takes the mbox_mutex.
391  * Return: 0 if exclusive access was acquired.
392  */
393 static int cxl_mem_mbox_get(struct cxl_mem *cxlm)
394 {
395 	struct device *dev = &cxlm->pdev->dev;
396 	u64 md_status;
397 	int rc;
398 
399 	mutex_lock_io(&cxlm->mbox_mutex);
400 
401 	/*
402 	 * XXX: There is some amount of ambiguity in the 2.0 version of the spec
403 	 * around the mailbox interface ready (8.2.8.5.1.1).  The purpose of the
404 	 * bit is to allow firmware running on the device to notify the driver
405 	 * that it's ready to receive commands. It is unclear if the bit needs
406 	 * to be read for each transaction mailbox, ie. the firmware can switch
407 	 * it on and off as needed. Second, there is no defined timeout for
408 	 * mailbox ready, like there is for the doorbell interface.
409 	 *
410 	 * Assumptions:
411 	 * 1. The firmware might toggle the Mailbox Interface Ready bit, check
412 	 *    it for every command.
413 	 *
414 	 * 2. If the doorbell is clear, the firmware should have first set the
415 	 *    Mailbox Interface Ready bit. Therefore, waiting for the doorbell
416 	 *    to be ready is sufficient.
417 	 */
418 	rc = cxl_mem_wait_for_doorbell(cxlm);
419 	if (rc) {
420 		dev_warn(dev, "Mailbox interface not ready\n");
421 		goto out;
422 	}
423 
424 	md_status = readq(cxlm->memdev_regs + CXLMDEV_STATUS_OFFSET);
425 	if (!(md_status & CXLMDEV_MBOX_IF_READY && CXLMDEV_READY(md_status))) {
426 		dev_err(dev, "mbox: reported doorbell ready, but not mbox ready\n");
427 		rc = -EBUSY;
428 		goto out;
429 	}
430 
431 	/*
432 	 * Hardware shouldn't allow a ready status but also have failure bits
433 	 * set. Spit out an error, this should be a bug report
434 	 */
435 	rc = -EFAULT;
436 	if (md_status & CXLMDEV_DEV_FATAL) {
437 		dev_err(dev, "mbox: reported ready, but fatal\n");
438 		goto out;
439 	}
440 	if (md_status & CXLMDEV_FW_HALT) {
441 		dev_err(dev, "mbox: reported ready, but halted\n");
442 		goto out;
443 	}
444 	if (CXLMDEV_RESET_NEEDED(md_status)) {
445 		dev_err(dev, "mbox: reported ready, but reset needed\n");
446 		goto out;
447 	}
448 
449 	/* with lock held */
450 	return 0;
451 
452 out:
453 	mutex_unlock(&cxlm->mbox_mutex);
454 	return rc;
455 }
456 
457 /**
458  * cxl_mem_mbox_put() - Release exclusive access to the mailbox.
459  * @cxlm: The CXL memory device to communicate with.
460  *
461  * Context: Any context. Expects mbox_mutex to be held.
462  */
463 static void cxl_mem_mbox_put(struct cxl_mem *cxlm)
464 {
465 	mutex_unlock(&cxlm->mbox_mutex);
466 }
467 
468 /**
469  * handle_mailbox_cmd_from_user() - Dispatch a mailbox command for userspace.
470  * @cxlm: The CXL memory device to communicate with.
471  * @cmd: The validated command.
472  * @in_payload: Pointer to userspace's input payload.
473  * @out_payload: Pointer to userspace's output payload.
474  * @size_out: (Input) Max payload size to copy out.
475  *            (Output) Payload size hardware generated.
476  * @retval: Hardware generated return code from the operation.
477  *
478  * Return:
479  *  * %0	- Mailbox transaction succeeded. This implies the mailbox
480  *		  protocol completed successfully not that the operation itself
481  *		  was successful.
482  *  * %-ENOMEM  - Couldn't allocate a bounce buffer.
483  *  * %-EFAULT	- Something happened with copy_to/from_user.
484  *  * %-EINTR	- Mailbox acquisition interrupted.
485  *  * %-EXXX	- Transaction level failures.
486  *
487  * Creates the appropriate mailbox command and dispatches it on behalf of a
488  * userspace request. The input and output payloads are copied between
489  * userspace.
490  *
491  * See cxl_send_cmd().
492  */
493 static int handle_mailbox_cmd_from_user(struct cxl_mem *cxlm,
494 					const struct cxl_mem_command *cmd,
495 					u64 in_payload, u64 out_payload,
496 					s32 *size_out, u32 *retval)
497 {
498 	struct device *dev = &cxlm->pdev->dev;
499 	struct mbox_cmd mbox_cmd = {
500 		.opcode = cmd->opcode,
501 		.size_in = cmd->info.size_in,
502 		.size_out = cmd->info.size_out,
503 	};
504 	int rc;
505 
506 	if (cmd->info.size_out) {
507 		mbox_cmd.payload_out = kvzalloc(cmd->info.size_out, GFP_KERNEL);
508 		if (!mbox_cmd.payload_out)
509 			return -ENOMEM;
510 	}
511 
512 	if (cmd->info.size_in) {
513 		mbox_cmd.payload_in = vmemdup_user(u64_to_user_ptr(in_payload),
514 						   cmd->info.size_in);
515 		if (IS_ERR(mbox_cmd.payload_in)) {
516 			kvfree(mbox_cmd.payload_out);
517 			return PTR_ERR(mbox_cmd.payload_in);
518 		}
519 	}
520 
521 	rc = cxl_mem_mbox_get(cxlm);
522 	if (rc)
523 		goto out;
524 
525 	dev_dbg(dev,
526 		"Submitting %s command for user\n"
527 		"\topcode: %x\n"
528 		"\tsize: %ub\n",
529 		cxl_command_names[cmd->info.id].name, mbox_cmd.opcode,
530 		cmd->info.size_in);
531 
532 	dev_WARN_ONCE(dev, cmd->info.id == CXL_MEM_COMMAND_ID_RAW,
533 		      "raw command path used\n");
534 
535 	rc = __cxl_mem_mbox_send_cmd(cxlm, &mbox_cmd);
536 	cxl_mem_mbox_put(cxlm);
537 	if (rc)
538 		goto out;
539 
540 	/*
541 	 * @size_out contains the max size that's allowed to be written back out
542 	 * to userspace. While the payload may have written more output than
543 	 * this it will have to be ignored.
544 	 */
545 	if (mbox_cmd.size_out) {
546 		dev_WARN_ONCE(dev, mbox_cmd.size_out > *size_out,
547 			      "Invalid return size\n");
548 		if (copy_to_user(u64_to_user_ptr(out_payload),
549 				 mbox_cmd.payload_out, mbox_cmd.size_out)) {
550 			rc = -EFAULT;
551 			goto out;
552 		}
553 	}
554 
555 	*size_out = mbox_cmd.size_out;
556 	*retval = mbox_cmd.return_code;
557 
558 out:
559 	kvfree(mbox_cmd.payload_in);
560 	kvfree(mbox_cmd.payload_out);
561 	return rc;
562 }
563 
564 static bool cxl_mem_raw_command_allowed(u16 opcode)
565 {
566 	int i;
567 
568 	if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
569 		return false;
570 
571 	if (security_locked_down(LOCKDOWN_NONE))
572 		return false;
573 
574 	if (cxl_raw_allow_all)
575 		return true;
576 
577 	if (cxl_is_security_command(opcode))
578 		return false;
579 
580 	for (i = 0; i < ARRAY_SIZE(cxl_disabled_raw_commands); i++)
581 		if (cxl_disabled_raw_commands[i] == opcode)
582 			return false;
583 
584 	return true;
585 }
586 
587 /**
588  * cxl_validate_cmd_from_user() - Check fields for CXL_MEM_SEND_COMMAND.
589  * @cxlm: &struct cxl_mem device whose mailbox will be used.
590  * @send_cmd: &struct cxl_send_command copied in from userspace.
591  * @out_cmd: Sanitized and populated &struct cxl_mem_command.
592  *
593  * Return:
594  *  * %0	- @out_cmd is ready to send.
595  *  * %-ENOTTY	- Invalid command specified.
596  *  * %-EINVAL	- Reserved fields or invalid values were used.
597  *  * %-ENOMEM	- Input or output buffer wasn't sized properly.
598  *  * %-EPERM	- Attempted to use a protected command.
599  *
600  * The result of this command is a fully validated command in @out_cmd that is
601  * safe to send to the hardware.
602  *
603  * See handle_mailbox_cmd_from_user()
604  */
605 static int cxl_validate_cmd_from_user(struct cxl_mem *cxlm,
606 				      const struct cxl_send_command *send_cmd,
607 				      struct cxl_mem_command *out_cmd)
608 {
609 	const struct cxl_command_info *info;
610 	struct cxl_mem_command *c;
611 
612 	if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX)
613 		return -ENOTTY;
614 
615 	/*
616 	 * The user can never specify an input payload larger than what hardware
617 	 * supports, but output can be arbitrarily large (simply write out as
618 	 * much data as the hardware provides).
619 	 */
620 	if (send_cmd->in.size > cxlm->payload_size)
621 		return -EINVAL;
622 
623 	/*
624 	 * Checks are bypassed for raw commands but a WARN/taint will occur
625 	 * later in the callchain
626 	 */
627 	if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW) {
628 		const struct cxl_mem_command temp = {
629 			.info = {
630 				.id = CXL_MEM_COMMAND_ID_RAW,
631 				.flags = 0,
632 				.size_in = send_cmd->in.size,
633 				.size_out = send_cmd->out.size,
634 			},
635 			.opcode = send_cmd->raw.opcode
636 		};
637 
638 		if (send_cmd->raw.rsvd)
639 			return -EINVAL;
640 
641 		/*
642 		 * Unlike supported commands, the output size of RAW commands
643 		 * gets passed along without further checking, so it must be
644 		 * validated here.
645 		 */
646 		if (send_cmd->out.size > cxlm->payload_size)
647 			return -EINVAL;
648 
649 		if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode))
650 			return -EPERM;
651 
652 		memcpy(out_cmd, &temp, sizeof(temp));
653 
654 		return 0;
655 	}
656 
657 	if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK)
658 		return -EINVAL;
659 
660 	if (send_cmd->rsvd)
661 		return -EINVAL;
662 
663 	if (send_cmd->in.rsvd || send_cmd->out.rsvd)
664 		return -EINVAL;
665 
666 	/* Convert user's command into the internal representation */
667 	c = &mem_commands[send_cmd->id];
668 	info = &c->info;
669 
670 	/* Check that the command is enabled for hardware */
671 	if (!test_bit(info->id, cxlm->enabled_cmds))
672 		return -ENOTTY;
673 
674 	/* Check the input buffer is the expected size */
675 	if (info->size_in >= 0 && info->size_in != send_cmd->in.size)
676 		return -ENOMEM;
677 
678 	/* Check the output buffer is at least large enough */
679 	if (info->size_out >= 0 && send_cmd->out.size < info->size_out)
680 		return -ENOMEM;
681 
682 	memcpy(out_cmd, c, sizeof(*c));
683 	out_cmd->info.size_in = send_cmd->in.size;
684 	/*
685 	 * XXX: out_cmd->info.size_out will be controlled by the driver, and the
686 	 * specified number of bytes @send_cmd->out.size will be copied back out
687 	 * to userspace.
688 	 */
689 
690 	return 0;
691 }
692 
693 static int cxl_query_cmd(struct cxl_memdev *cxlmd,
694 			 struct cxl_mem_query_commands __user *q)
695 {
696 	struct device *dev = &cxlmd->dev;
697 	struct cxl_mem_command *cmd;
698 	u32 n_commands;
699 	int j = 0;
700 
701 	dev_dbg(dev, "Query IOCTL\n");
702 
703 	if (get_user(n_commands, &q->n_commands))
704 		return -EFAULT;
705 
706 	/* returns the total number if 0 elements are requested. */
707 	if (n_commands == 0)
708 		return put_user(cxl_cmd_count, &q->n_commands);
709 
710 	/*
711 	 * otherwise, return max(n_commands, total commands) cxl_command_info
712 	 * structures.
713 	 */
714 	cxl_for_each_cmd(cmd) {
715 		const struct cxl_command_info *info = &cmd->info;
716 
717 		if (copy_to_user(&q->commands[j++], info, sizeof(*info)))
718 			return -EFAULT;
719 
720 		if (j == n_commands)
721 			break;
722 	}
723 
724 	return 0;
725 }
726 
727 static int cxl_send_cmd(struct cxl_memdev *cxlmd,
728 			struct cxl_send_command __user *s)
729 {
730 	struct cxl_mem *cxlm = cxlmd->cxlm;
731 	struct device *dev = &cxlmd->dev;
732 	struct cxl_send_command send;
733 	struct cxl_mem_command c;
734 	int rc;
735 
736 	dev_dbg(dev, "Send IOCTL\n");
737 
738 	if (copy_from_user(&send, s, sizeof(send)))
739 		return -EFAULT;
740 
741 	rc = cxl_validate_cmd_from_user(cxlmd->cxlm, &send, &c);
742 	if (rc)
743 		return rc;
744 
745 	/* Prepare to handle a full payload for variable sized output */
746 	if (c.info.size_out < 0)
747 		c.info.size_out = cxlm->payload_size;
748 
749 	rc = handle_mailbox_cmd_from_user(cxlm, &c, send.in.payload,
750 					  send.out.payload, &send.out.size,
751 					  &send.retval);
752 	if (rc)
753 		return rc;
754 
755 	if (copy_to_user(s, &send, sizeof(send)))
756 		return -EFAULT;
757 
758 	return 0;
759 }
760 
761 static long __cxl_memdev_ioctl(struct cxl_memdev *cxlmd, unsigned int cmd,
762 			       unsigned long arg)
763 {
764 	switch (cmd) {
765 	case CXL_MEM_QUERY_COMMANDS:
766 		return cxl_query_cmd(cxlmd, (void __user *)arg);
767 	case CXL_MEM_SEND_COMMAND:
768 		return cxl_send_cmd(cxlmd, (void __user *)arg);
769 	default:
770 		return -ENOTTY;
771 	}
772 }
773 
774 static long cxl_memdev_ioctl(struct file *file, unsigned int cmd,
775 			     unsigned long arg)
776 {
777 	struct cxl_memdev *cxlmd = file->private_data;
778 	int rc = -ENXIO;
779 
780 	down_read(&cxl_memdev_rwsem);
781 	if (cxlmd->cxlm)
782 		rc = __cxl_memdev_ioctl(cxlmd, cmd, arg);
783 	up_read(&cxl_memdev_rwsem);
784 
785 	return rc;
786 }
787 
788 static int cxl_memdev_open(struct inode *inode, struct file *file)
789 {
790 	struct cxl_memdev *cxlmd =
791 		container_of(inode->i_cdev, typeof(*cxlmd), cdev);
792 
793 	get_device(&cxlmd->dev);
794 	file->private_data = cxlmd;
795 
796 	return 0;
797 }
798 
799 static int cxl_memdev_release_file(struct inode *inode, struct file *file)
800 {
801 	struct cxl_memdev *cxlmd =
802 		container_of(inode->i_cdev, typeof(*cxlmd), cdev);
803 
804 	put_device(&cxlmd->dev);
805 
806 	return 0;
807 }
808 
809 static const struct file_operations cxl_memdev_fops = {
810 	.owner = THIS_MODULE,
811 	.unlocked_ioctl = cxl_memdev_ioctl,
812 	.open = cxl_memdev_open,
813 	.release = cxl_memdev_release_file,
814 	.compat_ioctl = compat_ptr_ioctl,
815 	.llseek = noop_llseek,
816 };
817 
818 static inline struct cxl_mem_command *cxl_mem_find_command(u16 opcode)
819 {
820 	struct cxl_mem_command *c;
821 
822 	cxl_for_each_cmd(c)
823 		if (c->opcode == opcode)
824 			return c;
825 
826 	return NULL;
827 }
828 
829 /**
830  * cxl_mem_mbox_send_cmd() - Send a mailbox command to a memory device.
831  * @cxlm: The CXL memory device to communicate with.
832  * @opcode: Opcode for the mailbox command.
833  * @in: The input payload for the mailbox command.
834  * @in_size: The length of the input payload
835  * @out: Caller allocated buffer for the output.
836  * @out_size: Expected size of output.
837  *
838  * Context: Any context. Will acquire and release mbox_mutex.
839  * Return:
840  *  * %>=0	- Number of bytes returned in @out.
841  *  * %-E2BIG	- Payload is too large for hardware.
842  *  * %-EBUSY	- Couldn't acquire exclusive mailbox access.
843  *  * %-EFAULT	- Hardware error occurred.
844  *  * %-ENXIO	- Command completed, but device reported an error.
845  *  * %-EIO	- Unexpected output size.
846  *
847  * Mailbox commands may execute successfully yet the device itself reported an
848  * error. While this distinction can be useful for commands from userspace, the
849  * kernel will only be able to use results when both are successful.
850  *
851  * See __cxl_mem_mbox_send_cmd()
852  */
853 static int cxl_mem_mbox_send_cmd(struct cxl_mem *cxlm, u16 opcode,
854 				 void *in, size_t in_size,
855 				 void *out, size_t out_size)
856 {
857 	const struct cxl_mem_command *cmd = cxl_mem_find_command(opcode);
858 	struct mbox_cmd mbox_cmd = {
859 		.opcode = opcode,
860 		.payload_in = in,
861 		.size_in = in_size,
862 		.size_out = out_size,
863 		.payload_out = out,
864 	};
865 	int rc;
866 
867 	if (out_size > cxlm->payload_size)
868 		return -E2BIG;
869 
870 	rc = cxl_mem_mbox_get(cxlm);
871 	if (rc)
872 		return rc;
873 
874 	rc = __cxl_mem_mbox_send_cmd(cxlm, &mbox_cmd);
875 	cxl_mem_mbox_put(cxlm);
876 	if (rc)
877 		return rc;
878 
879 	/* TODO: Map return code to proper kernel style errno */
880 	if (mbox_cmd.return_code != CXL_MBOX_SUCCESS)
881 		return -ENXIO;
882 
883 	/*
884 	 * Variable sized commands can't be validated and so it's up to the
885 	 * caller to do that if they wish.
886 	 */
887 	if (cmd->info.size_out >= 0 && mbox_cmd.size_out != out_size)
888 		return -EIO;
889 
890 	return 0;
891 }
892 
893 /**
894  * cxl_mem_setup_regs() - Setup necessary MMIO.
895  * @cxlm: The CXL memory device to communicate with.
896  *
897  * Return: 0 if all necessary registers mapped.
898  *
899  * A memory device is required by spec to implement a certain set of MMIO
900  * regions. The purpose of this function is to enumerate and map those
901  * registers.
902  */
903 static int cxl_mem_setup_regs(struct cxl_mem *cxlm)
904 {
905 	struct device *dev = &cxlm->pdev->dev;
906 	int cap, cap_count;
907 	u64 cap_array;
908 
909 	cap_array = readq(cxlm->regs + CXLDEV_CAP_ARRAY_OFFSET);
910 	if (FIELD_GET(CXLDEV_CAP_ARRAY_ID_MASK, cap_array) !=
911 	    CXLDEV_CAP_ARRAY_CAP_ID)
912 		return -ENODEV;
913 
914 	cap_count = FIELD_GET(CXLDEV_CAP_ARRAY_COUNT_MASK, cap_array);
915 
916 	for (cap = 1; cap <= cap_count; cap++) {
917 		void __iomem *register_block;
918 		u32 offset;
919 		u16 cap_id;
920 
921 		cap_id = FIELD_GET(CXLDEV_CAP_HDR_CAP_ID_MASK,
922 				   readl(cxlm->regs + cap * 0x10));
923 		offset = readl(cxlm->regs + cap * 0x10 + 0x4);
924 		register_block = cxlm->regs + offset;
925 
926 		switch (cap_id) {
927 		case CXLDEV_CAP_CAP_ID_DEVICE_STATUS:
928 			dev_dbg(dev, "found Status capability (0x%x)\n", offset);
929 			cxlm->status_regs = register_block;
930 			break;
931 		case CXLDEV_CAP_CAP_ID_PRIMARY_MAILBOX:
932 			dev_dbg(dev, "found Mailbox capability (0x%x)\n", offset);
933 			cxlm->mbox_regs = register_block;
934 			break;
935 		case CXLDEV_CAP_CAP_ID_SECONDARY_MAILBOX:
936 			dev_dbg(dev, "found Secondary Mailbox capability (0x%x)\n", offset);
937 			break;
938 		case CXLDEV_CAP_CAP_ID_MEMDEV:
939 			dev_dbg(dev, "found Memory Device capability (0x%x)\n", offset);
940 			cxlm->memdev_regs = register_block;
941 			break;
942 		default:
943 			dev_dbg(dev, "Unknown cap ID: %d (0x%x)\n", cap_id, offset);
944 			break;
945 		}
946 	}
947 
948 	if (!cxlm->status_regs || !cxlm->mbox_regs || !cxlm->memdev_regs) {
949 		dev_err(dev, "registers not found: %s%s%s\n",
950 			!cxlm->status_regs ? "status " : "",
951 			!cxlm->mbox_regs ? "mbox " : "",
952 			!cxlm->memdev_regs ? "memdev" : "");
953 		return -ENXIO;
954 	}
955 
956 	return 0;
957 }
958 
959 static int cxl_mem_setup_mailbox(struct cxl_mem *cxlm)
960 {
961 	const int cap = readl(cxlm->mbox_regs + CXLDEV_MBOX_CAPS_OFFSET);
962 
963 	cxlm->payload_size =
964 		1 << FIELD_GET(CXLDEV_MBOX_CAP_PAYLOAD_SIZE_MASK, cap);
965 
966 	/*
967 	 * CXL 2.0 8.2.8.4.3 Mailbox Capabilities Register
968 	 *
969 	 * If the size is too small, mandatory commands will not work and so
970 	 * there's no point in going forward. If the size is too large, there's
971 	 * no harm is soft limiting it.
972 	 */
973 	cxlm->payload_size = min_t(size_t, cxlm->payload_size, SZ_1M);
974 	if (cxlm->payload_size < 256) {
975 		dev_err(&cxlm->pdev->dev, "Mailbox is too small (%zub)",
976 			cxlm->payload_size);
977 		return -ENXIO;
978 	}
979 
980 	dev_dbg(&cxlm->pdev->dev, "Mailbox payload sized %zu",
981 		cxlm->payload_size);
982 
983 	return 0;
984 }
985 
986 static struct cxl_mem *cxl_mem_create(struct pci_dev *pdev, u32 reg_lo,
987 				      u32 reg_hi)
988 {
989 	struct device *dev = &pdev->dev;
990 	struct cxl_mem *cxlm;
991 	void __iomem *regs;
992 	u64 offset;
993 	u8 bar;
994 	int rc;
995 
996 	cxlm = devm_kzalloc(&pdev->dev, sizeof(*cxlm), GFP_KERNEL);
997 	if (!cxlm) {
998 		dev_err(dev, "No memory available\n");
999 		return NULL;
1000 	}
1001 
1002 	offset = ((u64)reg_hi << 32) | (reg_lo & CXL_REGLOC_ADDR_MASK);
1003 	bar = FIELD_GET(CXL_REGLOC_BIR_MASK, reg_lo);
1004 
1005 	/* Basic sanity check that BAR is big enough */
1006 	if (pci_resource_len(pdev, bar) < offset) {
1007 		dev_err(dev, "BAR%d: %pr: too small (offset: %#llx)\n", bar,
1008 			&pdev->resource[bar], (unsigned long long)offset);
1009 		return NULL;
1010 	}
1011 
1012 	rc = pcim_iomap_regions(pdev, BIT(bar), pci_name(pdev));
1013 	if (rc) {
1014 		dev_err(dev, "failed to map registers\n");
1015 		return NULL;
1016 	}
1017 	regs = pcim_iomap_table(pdev)[bar];
1018 
1019 	mutex_init(&cxlm->mbox_mutex);
1020 	cxlm->pdev = pdev;
1021 	cxlm->regs = regs + offset;
1022 	cxlm->enabled_cmds =
1023 		devm_kmalloc_array(dev, BITS_TO_LONGS(cxl_cmd_count),
1024 				   sizeof(unsigned long),
1025 				   GFP_KERNEL | __GFP_ZERO);
1026 	if (!cxlm->enabled_cmds) {
1027 		dev_err(dev, "No memory available for bitmap\n");
1028 		return NULL;
1029 	}
1030 
1031 	dev_dbg(dev, "Mapped CXL Memory Device resource\n");
1032 	return cxlm;
1033 }
1034 
1035 static int cxl_mem_dvsec(struct pci_dev *pdev, int dvsec)
1036 {
1037 	int pos;
1038 
1039 	pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_DVSEC);
1040 	if (!pos)
1041 		return 0;
1042 
1043 	while (pos) {
1044 		u16 vendor, id;
1045 
1046 		pci_read_config_word(pdev, pos + PCI_DVSEC_HEADER1, &vendor);
1047 		pci_read_config_word(pdev, pos + PCI_DVSEC_HEADER2, &id);
1048 		if (vendor == PCI_DVSEC_VENDOR_ID_CXL && dvsec == id)
1049 			return pos;
1050 
1051 		pos = pci_find_next_ext_capability(pdev, pos,
1052 						   PCI_EXT_CAP_ID_DVSEC);
1053 	}
1054 
1055 	return 0;
1056 }
1057 
1058 static struct cxl_memdev *to_cxl_memdev(struct device *dev)
1059 {
1060 	return container_of(dev, struct cxl_memdev, dev);
1061 }
1062 
1063 static void cxl_memdev_release(struct device *dev)
1064 {
1065 	struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
1066 
1067 	ida_free(&cxl_memdev_ida, cxlmd->id);
1068 	kfree(cxlmd);
1069 }
1070 
1071 static char *cxl_memdev_devnode(struct device *dev, umode_t *mode, kuid_t *uid,
1072 				kgid_t *gid)
1073 {
1074 	return kasprintf(GFP_KERNEL, "cxl/%s", dev_name(dev));
1075 }
1076 
1077 static ssize_t firmware_version_show(struct device *dev,
1078 				     struct device_attribute *attr, char *buf)
1079 {
1080 	struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
1081 	struct cxl_mem *cxlm = cxlmd->cxlm;
1082 
1083 	return sysfs_emit(buf, "%.16s\n", cxlm->firmware_version);
1084 }
1085 static DEVICE_ATTR_RO(firmware_version);
1086 
1087 static ssize_t payload_max_show(struct device *dev,
1088 				struct device_attribute *attr, char *buf)
1089 {
1090 	struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
1091 	struct cxl_mem *cxlm = cxlmd->cxlm;
1092 
1093 	return sysfs_emit(buf, "%zu\n", cxlm->payload_size);
1094 }
1095 static DEVICE_ATTR_RO(payload_max);
1096 
1097 static ssize_t ram_size_show(struct device *dev, struct device_attribute *attr,
1098 			     char *buf)
1099 {
1100 	struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
1101 	struct cxl_mem *cxlm = cxlmd->cxlm;
1102 	unsigned long long len = range_len(&cxlm->ram_range);
1103 
1104 	return sysfs_emit(buf, "%#llx\n", len);
1105 }
1106 
1107 static struct device_attribute dev_attr_ram_size =
1108 	__ATTR(size, 0444, ram_size_show, NULL);
1109 
1110 static ssize_t pmem_size_show(struct device *dev, struct device_attribute *attr,
1111 			      char *buf)
1112 {
1113 	struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
1114 	struct cxl_mem *cxlm = cxlmd->cxlm;
1115 	unsigned long long len = range_len(&cxlm->pmem_range);
1116 
1117 	return sysfs_emit(buf, "%#llx\n", len);
1118 }
1119 
1120 static struct device_attribute dev_attr_pmem_size =
1121 	__ATTR(size, 0444, pmem_size_show, NULL);
1122 
1123 static struct attribute *cxl_memdev_attributes[] = {
1124 	&dev_attr_firmware_version.attr,
1125 	&dev_attr_payload_max.attr,
1126 	NULL,
1127 };
1128 
1129 static struct attribute *cxl_memdev_pmem_attributes[] = {
1130 	&dev_attr_pmem_size.attr,
1131 	NULL,
1132 };
1133 
1134 static struct attribute *cxl_memdev_ram_attributes[] = {
1135 	&dev_attr_ram_size.attr,
1136 	NULL,
1137 };
1138 
1139 static struct attribute_group cxl_memdev_attribute_group = {
1140 	.attrs = cxl_memdev_attributes,
1141 };
1142 
1143 static struct attribute_group cxl_memdev_ram_attribute_group = {
1144 	.name = "ram",
1145 	.attrs = cxl_memdev_ram_attributes,
1146 };
1147 
1148 static struct attribute_group cxl_memdev_pmem_attribute_group = {
1149 	.name = "pmem",
1150 	.attrs = cxl_memdev_pmem_attributes,
1151 };
1152 
1153 static const struct attribute_group *cxl_memdev_attribute_groups[] = {
1154 	&cxl_memdev_attribute_group,
1155 	&cxl_memdev_ram_attribute_group,
1156 	&cxl_memdev_pmem_attribute_group,
1157 	NULL,
1158 };
1159 
1160 static const struct device_type cxl_memdev_type = {
1161 	.name = "cxl_memdev",
1162 	.release = cxl_memdev_release,
1163 	.devnode = cxl_memdev_devnode,
1164 	.groups = cxl_memdev_attribute_groups,
1165 };
1166 
1167 static void cxl_memdev_shutdown(struct cxl_memdev *cxlmd)
1168 {
1169 	down_write(&cxl_memdev_rwsem);
1170 	cxlmd->cxlm = NULL;
1171 	up_write(&cxl_memdev_rwsem);
1172 }
1173 
1174 static void cxl_memdev_unregister(void *_cxlmd)
1175 {
1176 	struct cxl_memdev *cxlmd = _cxlmd;
1177 	struct device *dev = &cxlmd->dev;
1178 
1179 	cdev_device_del(&cxlmd->cdev, dev);
1180 	cxl_memdev_shutdown(cxlmd);
1181 	put_device(dev);
1182 }
1183 
1184 static struct cxl_memdev *cxl_memdev_alloc(struct cxl_mem *cxlm)
1185 {
1186 	struct pci_dev *pdev = cxlm->pdev;
1187 	struct cxl_memdev *cxlmd;
1188 	struct device *dev;
1189 	struct cdev *cdev;
1190 	int rc;
1191 
1192 	cxlmd = kzalloc(sizeof(*cxlmd), GFP_KERNEL);
1193 	if (!cxlmd)
1194 		return ERR_PTR(-ENOMEM);
1195 
1196 	rc = ida_alloc_range(&cxl_memdev_ida, 0, CXL_MEM_MAX_DEVS, GFP_KERNEL);
1197 	if (rc < 0)
1198 		goto err;
1199 	cxlmd->id = rc;
1200 
1201 	dev = &cxlmd->dev;
1202 	device_initialize(dev);
1203 	dev->parent = &pdev->dev;
1204 	dev->bus = &cxl_bus_type;
1205 	dev->devt = MKDEV(cxl_mem_major, cxlmd->id);
1206 	dev->type = &cxl_memdev_type;
1207 	device_set_pm_not_required(dev);
1208 
1209 	cdev = &cxlmd->cdev;
1210 	cdev_init(cdev, &cxl_memdev_fops);
1211 	return cxlmd;
1212 
1213 err:
1214 	kfree(cxlmd);
1215 	return ERR_PTR(rc);
1216 }
1217 
1218 static int cxl_mem_add_memdev(struct cxl_mem *cxlm)
1219 {
1220 	struct cxl_memdev *cxlmd;
1221 	struct device *dev;
1222 	struct cdev *cdev;
1223 	int rc;
1224 
1225 	cxlmd = cxl_memdev_alloc(cxlm);
1226 	if (IS_ERR(cxlmd))
1227 		return PTR_ERR(cxlmd);
1228 
1229 	dev = &cxlmd->dev;
1230 	rc = dev_set_name(dev, "mem%d", cxlmd->id);
1231 	if (rc)
1232 		goto err;
1233 
1234 	/*
1235 	 * Activate ioctl operations, no cxl_memdev_rwsem manipulation
1236 	 * needed as this is ordered with cdev_add() publishing the device.
1237 	 */
1238 	cxlmd->cxlm = cxlm;
1239 
1240 	cdev = &cxlmd->cdev;
1241 	rc = cdev_device_add(cdev, dev);
1242 	if (rc)
1243 		goto err;
1244 
1245 	return devm_add_action_or_reset(dev->parent, cxl_memdev_unregister,
1246 					cxlmd);
1247 
1248 err:
1249 	/*
1250 	 * The cdev was briefly live, shutdown any ioctl operations that
1251 	 * saw that state.
1252 	 */
1253 	cxl_memdev_shutdown(cxlmd);
1254 	put_device(dev);
1255 	return rc;
1256 }
1257 
1258 static int cxl_xfer_log(struct cxl_mem *cxlm, uuid_t *uuid, u32 size, u8 *out)
1259 {
1260 	u32 remaining = size;
1261 	u32 offset = 0;
1262 
1263 	while (remaining) {
1264 		u32 xfer_size = min_t(u32, remaining, cxlm->payload_size);
1265 		struct cxl_mbox_get_log {
1266 			uuid_t uuid;
1267 			__le32 offset;
1268 			__le32 length;
1269 		} __packed log = {
1270 			.uuid = *uuid,
1271 			.offset = cpu_to_le32(offset),
1272 			.length = cpu_to_le32(xfer_size)
1273 		};
1274 		int rc;
1275 
1276 		rc = cxl_mem_mbox_send_cmd(cxlm, CXL_MBOX_OP_GET_LOG, &log,
1277 					   sizeof(log), out, xfer_size);
1278 		if (rc < 0)
1279 			return rc;
1280 
1281 		out += xfer_size;
1282 		remaining -= xfer_size;
1283 		offset += xfer_size;
1284 	}
1285 
1286 	return 0;
1287 }
1288 
1289 /**
1290  * cxl_walk_cel() - Walk through the Command Effects Log.
1291  * @cxlm: Device.
1292  * @size: Length of the Command Effects Log.
1293  * @cel: CEL
1294  *
1295  * Iterate over each entry in the CEL and determine if the driver supports the
1296  * command. If so, the command is enabled for the device and can be used later.
1297  */
1298 static void cxl_walk_cel(struct cxl_mem *cxlm, size_t size, u8 *cel)
1299 {
1300 	struct cel_entry {
1301 		__le16 opcode;
1302 		__le16 effect;
1303 	} __packed * cel_entry;
1304 	const int cel_entries = size / sizeof(*cel_entry);
1305 	int i;
1306 
1307 	cel_entry = (struct cel_entry *)cel;
1308 
1309 	for (i = 0; i < cel_entries; i++) {
1310 		u16 opcode = le16_to_cpu(cel_entry[i].opcode);
1311 		struct cxl_mem_command *cmd = cxl_mem_find_command(opcode);
1312 
1313 		if (!cmd) {
1314 			dev_dbg(&cxlm->pdev->dev,
1315 				"Opcode 0x%04x unsupported by driver", opcode);
1316 			continue;
1317 		}
1318 
1319 		set_bit(cmd->info.id, cxlm->enabled_cmds);
1320 	}
1321 }
1322 
1323 struct cxl_mbox_get_supported_logs {
1324 	__le16 entries;
1325 	u8 rsvd[6];
1326 	struct gsl_entry {
1327 		uuid_t uuid;
1328 		__le32 size;
1329 	} __packed entry[];
1330 } __packed;
1331 
1332 static struct cxl_mbox_get_supported_logs *cxl_get_gsl(struct cxl_mem *cxlm)
1333 {
1334 	struct cxl_mbox_get_supported_logs *ret;
1335 	int rc;
1336 
1337 	ret = kvmalloc(cxlm->payload_size, GFP_KERNEL);
1338 	if (!ret)
1339 		return ERR_PTR(-ENOMEM);
1340 
1341 	rc = cxl_mem_mbox_send_cmd(cxlm, CXL_MBOX_OP_GET_SUPPORTED_LOGS, NULL,
1342 				   0, ret, cxlm->payload_size);
1343 	if (rc < 0) {
1344 		kvfree(ret);
1345 		return ERR_PTR(rc);
1346 	}
1347 
1348 	return ret;
1349 }
1350 
1351 /**
1352  * cxl_mem_enumerate_cmds() - Enumerate commands for a device.
1353  * @cxlm: The device.
1354  *
1355  * Returns 0 if enumerate completed successfully.
1356  *
1357  * CXL devices have optional support for certain commands. This function will
1358  * determine the set of supported commands for the hardware and update the
1359  * enabled_cmds bitmap in the @cxlm.
1360  */
1361 static int cxl_mem_enumerate_cmds(struct cxl_mem *cxlm)
1362 {
1363 	struct cxl_mbox_get_supported_logs *gsl;
1364 	struct device *dev = &cxlm->pdev->dev;
1365 	struct cxl_mem_command *cmd;
1366 	int i, rc;
1367 
1368 	gsl = cxl_get_gsl(cxlm);
1369 	if (IS_ERR(gsl))
1370 		return PTR_ERR(gsl);
1371 
1372 	rc = -ENOENT;
1373 	for (i = 0; i < le16_to_cpu(gsl->entries); i++) {
1374 		u32 size = le32_to_cpu(gsl->entry[i].size);
1375 		uuid_t uuid = gsl->entry[i].uuid;
1376 		u8 *log;
1377 
1378 		dev_dbg(dev, "Found LOG type %pU of size %d", &uuid, size);
1379 
1380 		if (!uuid_equal(&uuid, &log_uuid[CEL_UUID]))
1381 			continue;
1382 
1383 		log = kvmalloc(size, GFP_KERNEL);
1384 		if (!log) {
1385 			rc = -ENOMEM;
1386 			goto out;
1387 		}
1388 
1389 		rc = cxl_xfer_log(cxlm, &uuid, size, log);
1390 		if (rc) {
1391 			kvfree(log);
1392 			goto out;
1393 		}
1394 
1395 		cxl_walk_cel(cxlm, size, log);
1396 		kvfree(log);
1397 
1398 		/* In case CEL was bogus, enable some default commands. */
1399 		cxl_for_each_cmd(cmd)
1400 			if (cmd->flags & CXL_CMD_FLAG_FORCE_ENABLE)
1401 				set_bit(cmd->info.id, cxlm->enabled_cmds);
1402 
1403 		/* Found the required CEL */
1404 		rc = 0;
1405 	}
1406 
1407 out:
1408 	kvfree(gsl);
1409 	return rc;
1410 }
1411 
1412 /**
1413  * cxl_mem_identify() - Send the IDENTIFY command to the device.
1414  * @cxlm: The device to identify.
1415  *
1416  * Return: 0 if identify was executed successfully.
1417  *
1418  * This will dispatch the identify command to the device and on success populate
1419  * structures to be exported to sysfs.
1420  */
1421 static int cxl_mem_identify(struct cxl_mem *cxlm)
1422 {
1423 	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
1424 	struct cxl_mbox_identify {
1425 		char fw_revision[0x10];
1426 		__le64 total_capacity;
1427 		__le64 volatile_capacity;
1428 		__le64 persistent_capacity;
1429 		__le64 partition_align;
1430 		__le16 info_event_log_size;
1431 		__le16 warning_event_log_size;
1432 		__le16 failure_event_log_size;
1433 		__le16 fatal_event_log_size;
1434 		__le32 lsa_size;
1435 		u8 poison_list_max_mer[3];
1436 		__le16 inject_poison_limit;
1437 		u8 poison_caps;
1438 		u8 qos_telemetry_caps;
1439 	} __packed id;
1440 	int rc;
1441 
1442 	rc = cxl_mem_mbox_send_cmd(cxlm, CXL_MBOX_OP_IDENTIFY, NULL, 0, &id,
1443 				   sizeof(id));
1444 	if (rc < 0)
1445 		return rc;
1446 
1447 	/*
1448 	 * TODO: enumerate DPA map, as 'ram' and 'pmem' do not alias.
1449 	 * For now, only the capacity is exported in sysfs
1450 	 */
1451 	cxlm->ram_range.start = 0;
1452 	cxlm->ram_range.end = le64_to_cpu(id.volatile_capacity) * SZ_256M - 1;
1453 
1454 	cxlm->pmem_range.start = 0;
1455 	cxlm->pmem_range.end =
1456 		le64_to_cpu(id.persistent_capacity) * SZ_256M - 1;
1457 
1458 	memcpy(cxlm->firmware_version, id.fw_revision, sizeof(id.fw_revision));
1459 
1460 	return 0;
1461 }
1462 
1463 static int cxl_mem_probe(struct pci_dev *pdev, const struct pci_device_id *id)
1464 {
1465 	struct device *dev = &pdev->dev;
1466 	struct cxl_mem *cxlm = NULL;
1467 	u32 regloc_size, regblocks;
1468 	int rc, regloc, i;
1469 
1470 	rc = pcim_enable_device(pdev);
1471 	if (rc)
1472 		return rc;
1473 
1474 	regloc = cxl_mem_dvsec(pdev, PCI_DVSEC_ID_CXL_REGLOC_OFFSET);
1475 	if (!regloc) {
1476 		dev_err(dev, "register location dvsec not found\n");
1477 		return -ENXIO;
1478 	}
1479 
1480 	/* Get the size of the Register Locator DVSEC */
1481 	pci_read_config_dword(pdev, regloc + PCI_DVSEC_HEADER1, &regloc_size);
1482 	regloc_size = FIELD_GET(PCI_DVSEC_HEADER1_LENGTH_MASK, regloc_size);
1483 
1484 	regloc += PCI_DVSEC_ID_CXL_REGLOC_BLOCK1_OFFSET;
1485 	regblocks = (regloc_size - PCI_DVSEC_ID_CXL_REGLOC_BLOCK1_OFFSET) / 8;
1486 
1487 	for (i = 0; i < regblocks; i++, regloc += 8) {
1488 		u32 reg_lo, reg_hi;
1489 		u8 reg_type;
1490 
1491 		/* "register low and high" contain other bits */
1492 		pci_read_config_dword(pdev, regloc, &reg_lo);
1493 		pci_read_config_dword(pdev, regloc + 4, &reg_hi);
1494 
1495 		reg_type = FIELD_GET(CXL_REGLOC_RBI_MASK, reg_lo);
1496 
1497 		if (reg_type == CXL_REGLOC_RBI_MEMDEV) {
1498 			cxlm = cxl_mem_create(pdev, reg_lo, reg_hi);
1499 			break;
1500 		}
1501 	}
1502 
1503 	if (!cxlm)
1504 		return -ENODEV;
1505 
1506 	rc = cxl_mem_setup_regs(cxlm);
1507 	if (rc)
1508 		return rc;
1509 
1510 	rc = cxl_mem_setup_mailbox(cxlm);
1511 	if (rc)
1512 		return rc;
1513 
1514 	rc = cxl_mem_enumerate_cmds(cxlm);
1515 	if (rc)
1516 		return rc;
1517 
1518 	rc = cxl_mem_identify(cxlm);
1519 	if (rc)
1520 		return rc;
1521 
1522 	return cxl_mem_add_memdev(cxlm);
1523 }
1524 
1525 static const struct pci_device_id cxl_mem_pci_tbl[] = {
1526 	/* PCI class code for CXL.mem Type-3 Devices */
1527 	{ PCI_DEVICE_CLASS((PCI_CLASS_MEMORY_CXL << 8 | CXL_MEMORY_PROGIF), ~0)},
1528 	{ /* terminate list */ },
1529 };
1530 MODULE_DEVICE_TABLE(pci, cxl_mem_pci_tbl);
1531 
1532 static struct pci_driver cxl_mem_driver = {
1533 	.name			= KBUILD_MODNAME,
1534 	.id_table		= cxl_mem_pci_tbl,
1535 	.probe			= cxl_mem_probe,
1536 	.driver	= {
1537 		.probe_type	= PROBE_PREFER_ASYNCHRONOUS,
1538 	},
1539 };
1540 
1541 static __init int cxl_mem_init(void)
1542 {
1543 	struct dentry *mbox_debugfs;
1544 	dev_t devt;
1545 	int rc;
1546 
1547 	rc = alloc_chrdev_region(&devt, 0, CXL_MEM_MAX_DEVS, "cxl");
1548 	if (rc)
1549 		return rc;
1550 
1551 	cxl_mem_major = MAJOR(devt);
1552 
1553 	rc = pci_register_driver(&cxl_mem_driver);
1554 	if (rc) {
1555 		unregister_chrdev_region(MKDEV(cxl_mem_major, 0),
1556 					 CXL_MEM_MAX_DEVS);
1557 		return rc;
1558 	}
1559 
1560 	cxl_debugfs = debugfs_create_dir("cxl", NULL);
1561 	mbox_debugfs = debugfs_create_dir("mbox", cxl_debugfs);
1562 	debugfs_create_bool("raw_allow_all", 0600, mbox_debugfs,
1563 			    &cxl_raw_allow_all);
1564 
1565 	return 0;
1566 }
1567 
1568 static __exit void cxl_mem_exit(void)
1569 {
1570 	debugfs_remove_recursive(cxl_debugfs);
1571 	pci_unregister_driver(&cxl_mem_driver);
1572 	unregister_chrdev_region(MKDEV(cxl_mem_major, 0), CXL_MEM_MAX_DEVS);
1573 }
1574 
1575 MODULE_LICENSE("GPL v2");
1576 module_init(cxl_mem_init);
1577 module_exit(cxl_mem_exit);
1578 MODULE_IMPORT_NS(CXL);
1579