1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Physical device callbacks for vfio_ccw 4 * 5 * Copyright IBM Corp. 2017 6 * Copyright Red Hat, Inc. 2019 7 * 8 * Author(s): Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> 9 * Xiao Feng Ren <renxiaof@linux.vnet.ibm.com> 10 * Cornelia Huck <cohuck@redhat.com> 11 */ 12 13 #include <linux/vfio.h> 14 #include <linux/mdev.h> 15 #include <linux/nospec.h> 16 #include <linux/slab.h> 17 18 #include "vfio_ccw_private.h" 19 20 static int vfio_ccw_mdev_reset(struct mdev_device *mdev) 21 { 22 struct vfio_ccw_private *private; 23 struct subchannel *sch; 24 int ret; 25 26 private = dev_get_drvdata(mdev_parent_dev(mdev)); 27 sch = private->sch; 28 /* 29 * TODO: 30 * In the cureent stage, some things like "no I/O running" and "no 31 * interrupt pending" are clear, but we are not sure what other state 32 * we need to care about. 33 * There are still a lot more instructions need to be handled. We 34 * should come back here later. 35 */ 36 ret = vfio_ccw_sch_quiesce(sch); 37 if (ret) 38 return ret; 39 40 ret = cio_enable_subchannel(sch, (u32)(unsigned long)sch); 41 if (!ret) 42 private->state = VFIO_CCW_STATE_IDLE; 43 44 return ret; 45 } 46 47 static int vfio_ccw_mdev_notifier(struct notifier_block *nb, 48 unsigned long action, 49 void *data) 50 { 51 struct vfio_ccw_private *private = 52 container_of(nb, struct vfio_ccw_private, nb); 53 54 /* 55 * Vendor drivers MUST unpin pages in response to an 56 * invalidation. 57 */ 58 if (action == VFIO_IOMMU_NOTIFY_DMA_UNMAP) { 59 struct vfio_iommu_type1_dma_unmap *unmap = data; 60 61 if (!cp_iova_pinned(&private->cp, unmap->iova)) 62 return NOTIFY_OK; 63 64 if (vfio_ccw_mdev_reset(private->mdev)) 65 return NOTIFY_BAD; 66 67 cp_free(&private->cp); 68 return NOTIFY_OK; 69 } 70 71 return NOTIFY_DONE; 72 } 73 74 static ssize_t name_show(struct mdev_type *mtype, 75 struct mdev_type_attribute *attr, char *buf) 76 { 77 return sprintf(buf, "I/O subchannel (Non-QDIO)\n"); 78 } 79 static MDEV_TYPE_ATTR_RO(name); 80 81 static ssize_t device_api_show(struct mdev_type *mtype, 82 struct mdev_type_attribute *attr, char *buf) 83 { 84 return sprintf(buf, "%s\n", VFIO_DEVICE_API_CCW_STRING); 85 } 86 static MDEV_TYPE_ATTR_RO(device_api); 87 88 static ssize_t available_instances_show(struct mdev_type *mtype, 89 struct mdev_type_attribute *attr, 90 char *buf) 91 { 92 struct vfio_ccw_private *private = 93 dev_get_drvdata(mtype_get_parent_dev(mtype)); 94 95 return sprintf(buf, "%d\n", atomic_read(&private->avail)); 96 } 97 static MDEV_TYPE_ATTR_RO(available_instances); 98 99 static struct attribute *mdev_types_attrs[] = { 100 &mdev_type_attr_name.attr, 101 &mdev_type_attr_device_api.attr, 102 &mdev_type_attr_available_instances.attr, 103 NULL, 104 }; 105 106 static struct attribute_group mdev_type_group = { 107 .name = "io", 108 .attrs = mdev_types_attrs, 109 }; 110 111 static struct attribute_group *mdev_type_groups[] = { 112 &mdev_type_group, 113 NULL, 114 }; 115 116 static int vfio_ccw_mdev_create(struct mdev_device *mdev) 117 { 118 struct vfio_ccw_private *private = 119 dev_get_drvdata(mdev_parent_dev(mdev)); 120 121 if (private->state == VFIO_CCW_STATE_NOT_OPER) 122 return -ENODEV; 123 124 if (atomic_dec_if_positive(&private->avail) < 0) 125 return -EPERM; 126 127 private->mdev = mdev; 128 private->state = VFIO_CCW_STATE_IDLE; 129 130 VFIO_CCW_MSG_EVENT(2, "mdev %pUl, sch %x.%x.%04x: create\n", 131 mdev_uuid(mdev), private->sch->schid.cssid, 132 private->sch->schid.ssid, 133 private->sch->schid.sch_no); 134 135 return 0; 136 } 137 138 static int vfio_ccw_mdev_remove(struct mdev_device *mdev) 139 { 140 struct vfio_ccw_private *private = 141 dev_get_drvdata(mdev_parent_dev(mdev)); 142 143 VFIO_CCW_MSG_EVENT(2, "mdev %pUl, sch %x.%x.%04x: remove\n", 144 mdev_uuid(mdev), private->sch->schid.cssid, 145 private->sch->schid.ssid, 146 private->sch->schid.sch_no); 147 148 if ((private->state != VFIO_CCW_STATE_NOT_OPER) && 149 (private->state != VFIO_CCW_STATE_STANDBY)) { 150 if (!vfio_ccw_sch_quiesce(private->sch)) 151 private->state = VFIO_CCW_STATE_STANDBY; 152 /* The state will be NOT_OPER on error. */ 153 } 154 155 cp_free(&private->cp); 156 private->mdev = NULL; 157 atomic_inc(&private->avail); 158 159 return 0; 160 } 161 162 static int vfio_ccw_mdev_open(struct mdev_device *mdev) 163 { 164 struct vfio_ccw_private *private = 165 dev_get_drvdata(mdev_parent_dev(mdev)); 166 unsigned long events = VFIO_IOMMU_NOTIFY_DMA_UNMAP; 167 int ret; 168 169 private->nb.notifier_call = vfio_ccw_mdev_notifier; 170 171 ret = vfio_register_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY, 172 &events, &private->nb); 173 if (ret) 174 return ret; 175 176 ret = vfio_ccw_register_async_dev_regions(private); 177 if (ret) 178 goto out_unregister; 179 180 ret = vfio_ccw_register_schib_dev_regions(private); 181 if (ret) 182 goto out_unregister; 183 184 ret = vfio_ccw_register_crw_dev_regions(private); 185 if (ret) 186 goto out_unregister; 187 188 return ret; 189 190 out_unregister: 191 vfio_ccw_unregister_dev_regions(private); 192 vfio_unregister_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY, 193 &private->nb); 194 return ret; 195 } 196 197 static void vfio_ccw_mdev_release(struct mdev_device *mdev) 198 { 199 struct vfio_ccw_private *private = 200 dev_get_drvdata(mdev_parent_dev(mdev)); 201 202 if ((private->state != VFIO_CCW_STATE_NOT_OPER) && 203 (private->state != VFIO_CCW_STATE_STANDBY)) { 204 if (!vfio_ccw_mdev_reset(mdev)) 205 private->state = VFIO_CCW_STATE_STANDBY; 206 /* The state will be NOT_OPER on error. */ 207 } 208 209 cp_free(&private->cp); 210 vfio_ccw_unregister_dev_regions(private); 211 vfio_unregister_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY, 212 &private->nb); 213 } 214 215 static ssize_t vfio_ccw_mdev_read_io_region(struct vfio_ccw_private *private, 216 char __user *buf, size_t count, 217 loff_t *ppos) 218 { 219 loff_t pos = *ppos & VFIO_CCW_OFFSET_MASK; 220 struct ccw_io_region *region; 221 int ret; 222 223 if (pos + count > sizeof(*region)) 224 return -EINVAL; 225 226 mutex_lock(&private->io_mutex); 227 region = private->io_region; 228 if (copy_to_user(buf, (void *)region + pos, count)) 229 ret = -EFAULT; 230 else 231 ret = count; 232 mutex_unlock(&private->io_mutex); 233 return ret; 234 } 235 236 static ssize_t vfio_ccw_mdev_read(struct mdev_device *mdev, 237 char __user *buf, 238 size_t count, 239 loff_t *ppos) 240 { 241 unsigned int index = VFIO_CCW_OFFSET_TO_INDEX(*ppos); 242 struct vfio_ccw_private *private; 243 244 private = dev_get_drvdata(mdev_parent_dev(mdev)); 245 246 if (index >= VFIO_CCW_NUM_REGIONS + private->num_regions) 247 return -EINVAL; 248 249 switch (index) { 250 case VFIO_CCW_CONFIG_REGION_INDEX: 251 return vfio_ccw_mdev_read_io_region(private, buf, count, ppos); 252 default: 253 index -= VFIO_CCW_NUM_REGIONS; 254 return private->region[index].ops->read(private, buf, count, 255 ppos); 256 } 257 258 return -EINVAL; 259 } 260 261 static ssize_t vfio_ccw_mdev_write_io_region(struct vfio_ccw_private *private, 262 const char __user *buf, 263 size_t count, loff_t *ppos) 264 { 265 loff_t pos = *ppos & VFIO_CCW_OFFSET_MASK; 266 struct ccw_io_region *region; 267 int ret; 268 269 if (pos + count > sizeof(*region)) 270 return -EINVAL; 271 272 if (!mutex_trylock(&private->io_mutex)) 273 return -EAGAIN; 274 275 region = private->io_region; 276 if (copy_from_user((void *)region + pos, buf, count)) { 277 ret = -EFAULT; 278 goto out_unlock; 279 } 280 281 vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_IO_REQ); 282 if (region->ret_code != 0) 283 private->state = VFIO_CCW_STATE_IDLE; 284 ret = (region->ret_code != 0) ? region->ret_code : count; 285 286 out_unlock: 287 mutex_unlock(&private->io_mutex); 288 return ret; 289 } 290 291 static ssize_t vfio_ccw_mdev_write(struct mdev_device *mdev, 292 const char __user *buf, 293 size_t count, 294 loff_t *ppos) 295 { 296 unsigned int index = VFIO_CCW_OFFSET_TO_INDEX(*ppos); 297 struct vfio_ccw_private *private; 298 299 private = dev_get_drvdata(mdev_parent_dev(mdev)); 300 301 if (index >= VFIO_CCW_NUM_REGIONS + private->num_regions) 302 return -EINVAL; 303 304 switch (index) { 305 case VFIO_CCW_CONFIG_REGION_INDEX: 306 return vfio_ccw_mdev_write_io_region(private, buf, count, ppos); 307 default: 308 index -= VFIO_CCW_NUM_REGIONS; 309 return private->region[index].ops->write(private, buf, count, 310 ppos); 311 } 312 313 return -EINVAL; 314 } 315 316 static int vfio_ccw_mdev_get_device_info(struct vfio_device_info *info, 317 struct mdev_device *mdev) 318 { 319 struct vfio_ccw_private *private; 320 321 private = dev_get_drvdata(mdev_parent_dev(mdev)); 322 info->flags = VFIO_DEVICE_FLAGS_CCW | VFIO_DEVICE_FLAGS_RESET; 323 info->num_regions = VFIO_CCW_NUM_REGIONS + private->num_regions; 324 info->num_irqs = VFIO_CCW_NUM_IRQS; 325 326 return 0; 327 } 328 329 static int vfio_ccw_mdev_get_region_info(struct vfio_region_info *info, 330 struct mdev_device *mdev, 331 unsigned long arg) 332 { 333 struct vfio_ccw_private *private; 334 int i; 335 336 private = dev_get_drvdata(mdev_parent_dev(mdev)); 337 switch (info->index) { 338 case VFIO_CCW_CONFIG_REGION_INDEX: 339 info->offset = 0; 340 info->size = sizeof(struct ccw_io_region); 341 info->flags = VFIO_REGION_INFO_FLAG_READ 342 | VFIO_REGION_INFO_FLAG_WRITE; 343 return 0; 344 default: /* all other regions are handled via capability chain */ 345 { 346 struct vfio_info_cap caps = { .buf = NULL, .size = 0 }; 347 struct vfio_region_info_cap_type cap_type = { 348 .header.id = VFIO_REGION_INFO_CAP_TYPE, 349 .header.version = 1 }; 350 int ret; 351 352 if (info->index >= 353 VFIO_CCW_NUM_REGIONS + private->num_regions) 354 return -EINVAL; 355 356 info->index = array_index_nospec(info->index, 357 VFIO_CCW_NUM_REGIONS + 358 private->num_regions); 359 360 i = info->index - VFIO_CCW_NUM_REGIONS; 361 362 info->offset = VFIO_CCW_INDEX_TO_OFFSET(info->index); 363 info->size = private->region[i].size; 364 info->flags = private->region[i].flags; 365 366 cap_type.type = private->region[i].type; 367 cap_type.subtype = private->region[i].subtype; 368 369 ret = vfio_info_add_capability(&caps, &cap_type.header, 370 sizeof(cap_type)); 371 if (ret) 372 return ret; 373 374 info->flags |= VFIO_REGION_INFO_FLAG_CAPS; 375 if (info->argsz < sizeof(*info) + caps.size) { 376 info->argsz = sizeof(*info) + caps.size; 377 info->cap_offset = 0; 378 } else { 379 vfio_info_cap_shift(&caps, sizeof(*info)); 380 if (copy_to_user((void __user *)arg + sizeof(*info), 381 caps.buf, caps.size)) { 382 kfree(caps.buf); 383 return -EFAULT; 384 } 385 info->cap_offset = sizeof(*info); 386 } 387 388 kfree(caps.buf); 389 390 } 391 } 392 return 0; 393 } 394 395 static int vfio_ccw_mdev_get_irq_info(struct vfio_irq_info *info) 396 { 397 switch (info->index) { 398 case VFIO_CCW_IO_IRQ_INDEX: 399 case VFIO_CCW_CRW_IRQ_INDEX: 400 case VFIO_CCW_REQ_IRQ_INDEX: 401 info->count = 1; 402 info->flags = VFIO_IRQ_INFO_EVENTFD; 403 break; 404 default: 405 return -EINVAL; 406 } 407 408 return 0; 409 } 410 411 static int vfio_ccw_mdev_set_irqs(struct mdev_device *mdev, 412 uint32_t flags, 413 uint32_t index, 414 void __user *data) 415 { 416 struct vfio_ccw_private *private; 417 struct eventfd_ctx **ctx; 418 419 if (!(flags & VFIO_IRQ_SET_ACTION_TRIGGER)) 420 return -EINVAL; 421 422 private = dev_get_drvdata(mdev_parent_dev(mdev)); 423 424 switch (index) { 425 case VFIO_CCW_IO_IRQ_INDEX: 426 ctx = &private->io_trigger; 427 break; 428 case VFIO_CCW_CRW_IRQ_INDEX: 429 ctx = &private->crw_trigger; 430 break; 431 case VFIO_CCW_REQ_IRQ_INDEX: 432 ctx = &private->req_trigger; 433 break; 434 default: 435 return -EINVAL; 436 } 437 438 switch (flags & VFIO_IRQ_SET_DATA_TYPE_MASK) { 439 case VFIO_IRQ_SET_DATA_NONE: 440 { 441 if (*ctx) 442 eventfd_signal(*ctx, 1); 443 return 0; 444 } 445 case VFIO_IRQ_SET_DATA_BOOL: 446 { 447 uint8_t trigger; 448 449 if (get_user(trigger, (uint8_t __user *)data)) 450 return -EFAULT; 451 452 if (trigger && *ctx) 453 eventfd_signal(*ctx, 1); 454 return 0; 455 } 456 case VFIO_IRQ_SET_DATA_EVENTFD: 457 { 458 int32_t fd; 459 460 if (get_user(fd, (int32_t __user *)data)) 461 return -EFAULT; 462 463 if (fd == -1) { 464 if (*ctx) 465 eventfd_ctx_put(*ctx); 466 *ctx = NULL; 467 } else if (fd >= 0) { 468 struct eventfd_ctx *efdctx; 469 470 efdctx = eventfd_ctx_fdget(fd); 471 if (IS_ERR(efdctx)) 472 return PTR_ERR(efdctx); 473 474 if (*ctx) 475 eventfd_ctx_put(*ctx); 476 477 *ctx = efdctx; 478 } else 479 return -EINVAL; 480 481 return 0; 482 } 483 default: 484 return -EINVAL; 485 } 486 } 487 488 int vfio_ccw_register_dev_region(struct vfio_ccw_private *private, 489 unsigned int subtype, 490 const struct vfio_ccw_regops *ops, 491 size_t size, u32 flags, void *data) 492 { 493 struct vfio_ccw_region *region; 494 495 region = krealloc(private->region, 496 (private->num_regions + 1) * sizeof(*region), 497 GFP_KERNEL); 498 if (!region) 499 return -ENOMEM; 500 501 private->region = region; 502 private->region[private->num_regions].type = VFIO_REGION_TYPE_CCW; 503 private->region[private->num_regions].subtype = subtype; 504 private->region[private->num_regions].ops = ops; 505 private->region[private->num_regions].size = size; 506 private->region[private->num_regions].flags = flags; 507 private->region[private->num_regions].data = data; 508 509 private->num_regions++; 510 511 return 0; 512 } 513 514 void vfio_ccw_unregister_dev_regions(struct vfio_ccw_private *private) 515 { 516 int i; 517 518 for (i = 0; i < private->num_regions; i++) 519 private->region[i].ops->release(private, &private->region[i]); 520 private->num_regions = 0; 521 kfree(private->region); 522 private->region = NULL; 523 } 524 525 static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev, 526 unsigned int cmd, 527 unsigned long arg) 528 { 529 int ret = 0; 530 unsigned long minsz; 531 532 switch (cmd) { 533 case VFIO_DEVICE_GET_INFO: 534 { 535 struct vfio_device_info info; 536 537 minsz = offsetofend(struct vfio_device_info, num_irqs); 538 539 if (copy_from_user(&info, (void __user *)arg, minsz)) 540 return -EFAULT; 541 542 if (info.argsz < minsz) 543 return -EINVAL; 544 545 ret = vfio_ccw_mdev_get_device_info(&info, mdev); 546 if (ret) 547 return ret; 548 549 return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; 550 } 551 case VFIO_DEVICE_GET_REGION_INFO: 552 { 553 struct vfio_region_info info; 554 555 minsz = offsetofend(struct vfio_region_info, offset); 556 557 if (copy_from_user(&info, (void __user *)arg, minsz)) 558 return -EFAULT; 559 560 if (info.argsz < minsz) 561 return -EINVAL; 562 563 ret = vfio_ccw_mdev_get_region_info(&info, mdev, arg); 564 if (ret) 565 return ret; 566 567 return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; 568 } 569 case VFIO_DEVICE_GET_IRQ_INFO: 570 { 571 struct vfio_irq_info info; 572 573 minsz = offsetofend(struct vfio_irq_info, count); 574 575 if (copy_from_user(&info, (void __user *)arg, minsz)) 576 return -EFAULT; 577 578 if (info.argsz < minsz || info.index >= VFIO_CCW_NUM_IRQS) 579 return -EINVAL; 580 581 ret = vfio_ccw_mdev_get_irq_info(&info); 582 if (ret) 583 return ret; 584 585 if (info.count == -1) 586 return -EINVAL; 587 588 return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; 589 } 590 case VFIO_DEVICE_SET_IRQS: 591 { 592 struct vfio_irq_set hdr; 593 size_t data_size; 594 void __user *data; 595 596 minsz = offsetofend(struct vfio_irq_set, count); 597 598 if (copy_from_user(&hdr, (void __user *)arg, minsz)) 599 return -EFAULT; 600 601 ret = vfio_set_irqs_validate_and_prepare(&hdr, 1, 602 VFIO_CCW_NUM_IRQS, 603 &data_size); 604 if (ret) 605 return ret; 606 607 data = (void __user *)(arg + minsz); 608 return vfio_ccw_mdev_set_irqs(mdev, hdr.flags, hdr.index, data); 609 } 610 case VFIO_DEVICE_RESET: 611 return vfio_ccw_mdev_reset(mdev); 612 default: 613 return -ENOTTY; 614 } 615 } 616 617 /* Request removal of the device*/ 618 static void vfio_ccw_mdev_request(struct mdev_device *mdev, unsigned int count) 619 { 620 struct vfio_ccw_private *private = dev_get_drvdata(mdev_parent_dev(mdev)); 621 622 if (!private) 623 return; 624 625 if (private->req_trigger) { 626 if (!(count % 10)) 627 dev_notice_ratelimited(mdev_dev(private->mdev), 628 "Relaying device request to user (#%u)\n", 629 count); 630 631 eventfd_signal(private->req_trigger, 1); 632 } else if (count == 0) { 633 dev_notice(mdev_dev(private->mdev), 634 "No device request channel registered, blocked until released by user\n"); 635 } 636 } 637 638 static const struct mdev_parent_ops vfio_ccw_mdev_ops = { 639 .owner = THIS_MODULE, 640 .supported_type_groups = mdev_type_groups, 641 .create = vfio_ccw_mdev_create, 642 .remove = vfio_ccw_mdev_remove, 643 .open = vfio_ccw_mdev_open, 644 .release = vfio_ccw_mdev_release, 645 .read = vfio_ccw_mdev_read, 646 .write = vfio_ccw_mdev_write, 647 .ioctl = vfio_ccw_mdev_ioctl, 648 .request = vfio_ccw_mdev_request, 649 }; 650 651 int vfio_ccw_mdev_reg(struct subchannel *sch) 652 { 653 return mdev_register_device(&sch->dev, &vfio_ccw_mdev_ops); 654 } 655 656 void vfio_ccw_mdev_unreg(struct subchannel *sch) 657 { 658 mdev_unregister_device(&sch->dev); 659 } 660