1 /* 2 * CXL Utility library for mailbox interface 3 * 4 * Copyright(C) 2020 Intel Corporation. 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2. See the 7 * COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "hw/pci/msi.h" 12 #include "hw/pci/msix.h" 13 #include "hw/cxl/cxl.h" 14 #include "hw/cxl/cxl_events.h" 15 #include "hw/cxl/cxl_mailbox.h" 16 #include "hw/pci/pci.h" 17 #include "hw/pci-bridge/cxl_upstream_port.h" 18 #include "qemu/cutils.h" 19 #include "qemu/log.h" 20 #include "qemu/units.h" 21 #include "qemu/uuid.h" 22 #include "sysemu/hostmem.h" 23 #include "qemu/range.h" 24 25 #define CXL_CAPACITY_MULTIPLIER (256 * MiB) 26 #define CXL_DC_EVENT_LOG_SIZE 8 27 #define CXL_NUM_EXTENTS_SUPPORTED 512 28 #define CXL_NUM_TAGS_SUPPORTED 0 29 30 /* 31 * How to add a new command, example. The command set FOO, with cmd BAR. 32 * 1. Add the command set and cmd to the enum. 33 * FOO = 0x7f, 34 * #define BAR 0 35 * 2. Implement the handler 36 * static CXLRetCode cmd_foo_bar(struct cxl_cmd *cmd, 37 * CXLDeviceState *cxl_dstate, uint16_t *len) 38 * 3. Add the command to the cxl_cmd_set[][] 39 * [FOO][BAR] = { "FOO_BAR", cmd_foo_bar, x, y }, 40 * 4. Implement your handler 41 * define_mailbox_handler(FOO_BAR) { ... return CXL_MBOX_SUCCESS; } 42 * 43 * 44 * Writing the handler: 45 * The handler will provide the &struct cxl_cmd, the &CXLDeviceState, and the 46 * in/out length of the payload. The handler is responsible for consuming the 47 * payload from cmd->payload and operating upon it as necessary. It must then 48 * fill the output data into cmd->payload (overwriting what was there), 49 * setting the length, and returning a valid return code. 50 * 51 * XXX: The handler need not worry about endianness. The payload is read out of 52 * a register interface that already deals with it. 53 */ 54 55 enum { 56 INFOSTAT = 0x00, 57 #define IS_IDENTIFY 0x1 58 #define BACKGROUND_OPERATION_STATUS 0x2 59 EVENTS = 0x01, 60 #define GET_RECORDS 0x0 61 #define CLEAR_RECORDS 0x1 62 #define GET_INTERRUPT_POLICY 0x2 63 #define SET_INTERRUPT_POLICY 0x3 64 FIRMWARE_UPDATE = 0x02, 65 #define GET_INFO 0x0 66 #define TRANSFER 0x1 67 #define ACTIVATE 0x2 68 TIMESTAMP = 0x03, 69 #define GET 0x0 70 #define SET 0x1 71 LOGS = 0x04, 72 #define GET_SUPPORTED 0x0 73 #define GET_LOG 0x1 74 FEATURES = 0x05, 75 #define GET_SUPPORTED 0x0 76 #define GET_FEATURE 0x1 77 #define SET_FEATURE 0x2 78 IDENTIFY = 0x40, 79 #define MEMORY_DEVICE 0x0 80 CCLS = 0x41, 81 #define GET_PARTITION_INFO 0x0 82 #define GET_LSA 0x2 83 #define SET_LSA 0x3 84 SANITIZE = 0x44, 85 #define OVERWRITE 0x0 86 #define SECURE_ERASE 0x1 87 PERSISTENT_MEM = 0x45, 88 #define GET_SECURITY_STATE 0x0 89 MEDIA_AND_POISON = 0x43, 90 #define GET_POISON_LIST 0x0 91 #define INJECT_POISON 0x1 92 #define CLEAR_POISON 0x2 93 #define GET_SCAN_MEDIA_CAPABILITIES 0x3 94 #define SCAN_MEDIA 0x4 95 #define GET_SCAN_MEDIA_RESULTS 0x5 96 DCD_CONFIG = 0x48, 97 #define GET_DC_CONFIG 0x0 98 #define GET_DYN_CAP_EXT_LIST 0x1 99 #define ADD_DYN_CAP_RSP 0x2 100 #define RELEASE_DYN_CAP 0x3 101 PHYSICAL_SWITCH = 0x51, 102 #define IDENTIFY_SWITCH_DEVICE 0x0 103 #define GET_PHYSICAL_PORT_STATE 0x1 104 TUNNEL = 0x53, 105 #define MANAGEMENT_COMMAND 0x0 106 }; 107 108 /* CCI Message Format CXL r3.1 Figure 7-19 */ 109 typedef struct CXLCCIMessage { 110 uint8_t category; 111 #define CXL_CCI_CAT_REQ 0 112 #define CXL_CCI_CAT_RSP 1 113 uint8_t tag; 114 uint8_t resv1; 115 uint8_t command; 116 uint8_t command_set; 117 uint8_t pl_length[3]; 118 uint16_t rc; 119 uint16_t vendor_specific; 120 uint8_t payload[]; 121 } QEMU_PACKED CXLCCIMessage; 122 123 /* This command is only defined to an MLD FM Owned LD or an MHD */ 124 static CXLRetCode cmd_tunnel_management_cmd(const struct cxl_cmd *cmd, 125 uint8_t *payload_in, 126 size_t len_in, 127 uint8_t *payload_out, 128 size_t *len_out, 129 CXLCCI *cci) 130 { 131 PCIDevice *tunnel_target; 132 CXLCCI *target_cci; 133 struct { 134 uint8_t port_or_ld_id; 135 uint8_t target_type; 136 uint16_t size; 137 CXLCCIMessage ccimessage; 138 } QEMU_PACKED *in; 139 struct { 140 uint16_t resp_len; 141 uint8_t resv[2]; 142 CXLCCIMessage ccimessage; 143 } QEMU_PACKED *out; 144 size_t pl_length, length_out; 145 bool bg_started; 146 int rc; 147 148 if (cmd->in < sizeof(*in)) { 149 return CXL_MBOX_INVALID_INPUT; 150 } 151 in = (void *)payload_in; 152 out = (void *)payload_out; 153 154 /* Enough room for minimum sized message - no payload */ 155 if (in->size < sizeof(in->ccimessage)) { 156 return CXL_MBOX_INVALID_PAYLOAD_LENGTH; 157 } 158 /* Length of input payload should be in->size + a wrapping tunnel header */ 159 if (in->size != len_in - offsetof(typeof(*out), ccimessage)) { 160 return CXL_MBOX_INVALID_PAYLOAD_LENGTH; 161 } 162 if (in->ccimessage.category != CXL_CCI_CAT_REQ) { 163 return CXL_MBOX_INVALID_INPUT; 164 } 165 166 if (in->target_type != 0) { 167 qemu_log_mask(LOG_UNIMP, 168 "Tunneled Command sent to non existent FM-LD"); 169 return CXL_MBOX_INVALID_INPUT; 170 } 171 172 /* 173 * Target of a tunnel unfortunately depends on type of CCI readint 174 * the message. 175 * If in a switch, then it's the port number. 176 * If in an MLD it is the ld number. 177 * If in an MHD target type indicate where we are going. 178 */ 179 if (object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_TYPE3)) { 180 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 181 if (in->port_or_ld_id != 0) { 182 /* Only pretending to have one for now! */ 183 return CXL_MBOX_INVALID_INPUT; 184 } 185 target_cci = &ct3d->ld0_cci; 186 } else if (object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_USP)) { 187 CXLUpstreamPort *usp = CXL_USP(cci->d); 188 189 tunnel_target = pcie_find_port_by_pn(&PCI_BRIDGE(usp)->sec_bus, 190 in->port_or_ld_id); 191 if (!tunnel_target) { 192 return CXL_MBOX_INVALID_INPUT; 193 } 194 tunnel_target = 195 pci_bridge_get_sec_bus(PCI_BRIDGE(tunnel_target))->devices[0]; 196 if (!tunnel_target) { 197 return CXL_MBOX_INVALID_INPUT; 198 } 199 if (object_dynamic_cast(OBJECT(tunnel_target), TYPE_CXL_TYPE3)) { 200 CXLType3Dev *ct3d = CXL_TYPE3(tunnel_target); 201 /* Tunneled VDMs always land on FM Owned LD */ 202 target_cci = &ct3d->vdm_fm_owned_ld_mctp_cci; 203 } else { 204 return CXL_MBOX_INVALID_INPUT; 205 } 206 } else { 207 return CXL_MBOX_INVALID_INPUT; 208 } 209 210 pl_length = in->ccimessage.pl_length[2] << 16 | 211 in->ccimessage.pl_length[1] << 8 | in->ccimessage.pl_length[0]; 212 rc = cxl_process_cci_message(target_cci, 213 in->ccimessage.command_set, 214 in->ccimessage.command, 215 pl_length, in->ccimessage.payload, 216 &length_out, out->ccimessage.payload, 217 &bg_started); 218 /* Payload should be in place. Rest of CCI header and needs filling */ 219 out->resp_len = length_out + sizeof(CXLCCIMessage); 220 st24_le_p(out->ccimessage.pl_length, length_out); 221 out->ccimessage.rc = rc; 222 out->ccimessage.category = CXL_CCI_CAT_RSP; 223 out->ccimessage.command = in->ccimessage.command; 224 out->ccimessage.command_set = in->ccimessage.command_set; 225 out->ccimessage.tag = in->ccimessage.tag; 226 *len_out = length_out + sizeof(*out); 227 228 return CXL_MBOX_SUCCESS; 229 } 230 231 static CXLRetCode cmd_events_get_records(const struct cxl_cmd *cmd, 232 uint8_t *payload_in, size_t len_in, 233 uint8_t *payload_out, size_t *len_out, 234 CXLCCI *cci) 235 { 236 CXLDeviceState *cxlds = &CXL_TYPE3(cci->d)->cxl_dstate; 237 CXLGetEventPayload *pl; 238 uint8_t log_type; 239 int max_recs; 240 241 if (cmd->in < sizeof(log_type)) { 242 return CXL_MBOX_INVALID_INPUT; 243 } 244 245 log_type = payload_in[0]; 246 247 pl = (CXLGetEventPayload *)payload_out; 248 249 max_recs = (cxlds->payload_size - CXL_EVENT_PAYLOAD_HDR_SIZE) / 250 CXL_EVENT_RECORD_SIZE; 251 if (max_recs > 0xFFFF) { 252 max_recs = 0xFFFF; 253 } 254 255 return cxl_event_get_records(cxlds, pl, log_type, max_recs, len_out); 256 } 257 258 static CXLRetCode cmd_events_clear_records(const struct cxl_cmd *cmd, 259 uint8_t *payload_in, 260 size_t len_in, 261 uint8_t *payload_out, 262 size_t *len_out, 263 CXLCCI *cci) 264 { 265 CXLDeviceState *cxlds = &CXL_TYPE3(cci->d)->cxl_dstate; 266 CXLClearEventPayload *pl; 267 268 pl = (CXLClearEventPayload *)payload_in; 269 *len_out = 0; 270 return cxl_event_clear_records(cxlds, pl); 271 } 272 273 static CXLRetCode cmd_events_get_interrupt_policy(const struct cxl_cmd *cmd, 274 uint8_t *payload_in, 275 size_t len_in, 276 uint8_t *payload_out, 277 size_t *len_out, 278 CXLCCI *cci) 279 { 280 CXLDeviceState *cxlds = &CXL_TYPE3(cci->d)->cxl_dstate; 281 CXLEventInterruptPolicy *policy; 282 CXLEventLog *log; 283 284 policy = (CXLEventInterruptPolicy *)payload_out; 285 286 log = &cxlds->event_logs[CXL_EVENT_TYPE_INFO]; 287 if (log->irq_enabled) { 288 policy->info_settings = CXL_EVENT_INT_SETTING(log->irq_vec); 289 } 290 291 log = &cxlds->event_logs[CXL_EVENT_TYPE_WARN]; 292 if (log->irq_enabled) { 293 policy->warn_settings = CXL_EVENT_INT_SETTING(log->irq_vec); 294 } 295 296 log = &cxlds->event_logs[CXL_EVENT_TYPE_FAIL]; 297 if (log->irq_enabled) { 298 policy->failure_settings = CXL_EVENT_INT_SETTING(log->irq_vec); 299 } 300 301 log = &cxlds->event_logs[CXL_EVENT_TYPE_FATAL]; 302 if (log->irq_enabled) { 303 policy->fatal_settings = CXL_EVENT_INT_SETTING(log->irq_vec); 304 } 305 306 log = &cxlds->event_logs[CXL_EVENT_TYPE_DYNAMIC_CAP]; 307 if (log->irq_enabled) { 308 /* Dynamic Capacity borrows the same vector as info */ 309 policy->dyn_cap_settings = CXL_INT_MSI_MSIX; 310 } 311 312 *len_out = sizeof(*policy); 313 return CXL_MBOX_SUCCESS; 314 } 315 316 static CXLRetCode cmd_events_set_interrupt_policy(const struct cxl_cmd *cmd, 317 uint8_t *payload_in, 318 size_t len_in, 319 uint8_t *payload_out, 320 size_t *len_out, 321 CXLCCI *cci) 322 { 323 CXLDeviceState *cxlds = &CXL_TYPE3(cci->d)->cxl_dstate; 324 CXLEventInterruptPolicy *policy; 325 CXLEventLog *log; 326 327 if (len_in < CXL_EVENT_INT_SETTING_MIN_LEN) { 328 return CXL_MBOX_INVALID_PAYLOAD_LENGTH; 329 } 330 331 policy = (CXLEventInterruptPolicy *)payload_in; 332 333 log = &cxlds->event_logs[CXL_EVENT_TYPE_INFO]; 334 log->irq_enabled = (policy->info_settings & CXL_EVENT_INT_MODE_MASK) == 335 CXL_INT_MSI_MSIX; 336 337 log = &cxlds->event_logs[CXL_EVENT_TYPE_WARN]; 338 log->irq_enabled = (policy->warn_settings & CXL_EVENT_INT_MODE_MASK) == 339 CXL_INT_MSI_MSIX; 340 341 log = &cxlds->event_logs[CXL_EVENT_TYPE_FAIL]; 342 log->irq_enabled = (policy->failure_settings & CXL_EVENT_INT_MODE_MASK) == 343 CXL_INT_MSI_MSIX; 344 345 log = &cxlds->event_logs[CXL_EVENT_TYPE_FATAL]; 346 log->irq_enabled = (policy->fatal_settings & CXL_EVENT_INT_MODE_MASK) == 347 CXL_INT_MSI_MSIX; 348 349 /* DCD is optional */ 350 if (len_in < sizeof(*policy)) { 351 return CXL_MBOX_SUCCESS; 352 } 353 354 log = &cxlds->event_logs[CXL_EVENT_TYPE_DYNAMIC_CAP]; 355 log->irq_enabled = (policy->dyn_cap_settings & CXL_EVENT_INT_MODE_MASK) == 356 CXL_INT_MSI_MSIX; 357 358 *len_out = 0; 359 return CXL_MBOX_SUCCESS; 360 } 361 362 /* CXL r3.1 section 8.2.9.1.1: Identify (Opcode 0001h) */ 363 static CXLRetCode cmd_infostat_identify(const struct cxl_cmd *cmd, 364 uint8_t *payload_in, 365 size_t len_in, 366 uint8_t *payload_out, 367 size_t *len_out, 368 CXLCCI *cci) 369 { 370 PCIDeviceClass *class = PCI_DEVICE_GET_CLASS(cci->d); 371 struct { 372 uint16_t pcie_vid; 373 uint16_t pcie_did; 374 uint16_t pcie_subsys_vid; 375 uint16_t pcie_subsys_id; 376 uint64_t sn; 377 uint8_t max_message_size; 378 uint8_t component_type; 379 } QEMU_PACKED *is_identify; 380 QEMU_BUILD_BUG_ON(sizeof(*is_identify) != 18); 381 382 is_identify = (void *)payload_out; 383 is_identify->pcie_vid = class->vendor_id; 384 is_identify->pcie_did = class->device_id; 385 if (object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_USP)) { 386 is_identify->sn = CXL_USP(cci->d)->sn; 387 /* Subsystem info not defined for a USP */ 388 is_identify->pcie_subsys_vid = 0; 389 is_identify->pcie_subsys_id = 0; 390 is_identify->component_type = 0x0; /* Switch */ 391 } else if (object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_TYPE3)) { 392 PCIDevice *pci_dev = PCI_DEVICE(cci->d); 393 394 is_identify->sn = CXL_TYPE3(cci->d)->sn; 395 /* 396 * We can't always use class->subsystem_vendor_id as 397 * it is not set if the defaults are used. 398 */ 399 is_identify->pcie_subsys_vid = 400 pci_get_word(pci_dev->config + PCI_SUBSYSTEM_VENDOR_ID); 401 is_identify->pcie_subsys_id = 402 pci_get_word(pci_dev->config + PCI_SUBSYSTEM_ID); 403 is_identify->component_type = 0x3; /* Type 3 */ 404 } 405 406 /* TODO: Allow this to vary across different CCIs */ 407 is_identify->max_message_size = 9; /* 512 bytes - MCTP_CXL_MAILBOX_BYTES */ 408 *len_out = sizeof(*is_identify); 409 return CXL_MBOX_SUCCESS; 410 } 411 412 static void cxl_set_dsp_active_bm(PCIBus *b, PCIDevice *d, 413 void *private) 414 { 415 uint8_t *bm = private; 416 if (object_dynamic_cast(OBJECT(d), TYPE_CXL_DSP)) { 417 uint8_t port = PCIE_PORT(d)->port; 418 bm[port / 8] |= 1 << (port % 8); 419 } 420 } 421 422 /* CXL r3.1 Section 7.6.7.1.1: Identify Switch Device (Opcode 5100h) */ 423 static CXLRetCode cmd_identify_switch_device(const struct cxl_cmd *cmd, 424 uint8_t *payload_in, 425 size_t len_in, 426 uint8_t *payload_out, 427 size_t *len_out, 428 CXLCCI *cci) 429 { 430 PCIEPort *usp = PCIE_PORT(cci->d); 431 PCIBus *bus = &PCI_BRIDGE(cci->d)->sec_bus; 432 int num_phys_ports = pcie_count_ds_ports(bus); 433 434 struct cxl_fmapi_ident_switch_dev_resp_pl { 435 uint8_t ingress_port_id; 436 uint8_t rsvd; 437 uint8_t num_physical_ports; 438 uint8_t num_vcss; 439 uint8_t active_port_bitmask[0x20]; 440 uint8_t active_vcs_bitmask[0x20]; 441 uint16_t total_vppbs; 442 uint16_t bound_vppbs; 443 uint8_t num_hdm_decoders_per_usp; 444 } QEMU_PACKED *out; 445 QEMU_BUILD_BUG_ON(sizeof(*out) != 0x49); 446 447 out = (struct cxl_fmapi_ident_switch_dev_resp_pl *)payload_out; 448 *out = (struct cxl_fmapi_ident_switch_dev_resp_pl) { 449 .num_physical_ports = num_phys_ports + 1, /* 1 USP */ 450 .num_vcss = 1, /* Not yet support multiple VCS - potentially tricky */ 451 .active_vcs_bitmask[0] = 0x1, 452 .total_vppbs = num_phys_ports + 1, 453 .bound_vppbs = num_phys_ports + 1, 454 .num_hdm_decoders_per_usp = 4, 455 }; 456 457 /* Depends on the CCI type */ 458 if (object_dynamic_cast(OBJECT(cci->intf), TYPE_PCIE_PORT)) { 459 out->ingress_port_id = PCIE_PORT(cci->intf)->port; 460 } else { 461 /* MCTP? */ 462 out->ingress_port_id = 0; 463 } 464 465 pci_for_each_device_under_bus(bus, cxl_set_dsp_active_bm, 466 out->active_port_bitmask); 467 out->active_port_bitmask[usp->port / 8] |= (1 << usp->port % 8); 468 469 *len_out = sizeof(*out); 470 471 return CXL_MBOX_SUCCESS; 472 } 473 474 /* CXL r3.1 Section 7.6.7.1.2: Get Physical Port State (Opcode 5101h) */ 475 static CXLRetCode cmd_get_physical_port_state(const struct cxl_cmd *cmd, 476 uint8_t *payload_in, 477 size_t len_in, 478 uint8_t *payload_out, 479 size_t *len_out, 480 CXLCCI *cci) 481 { 482 /* CXL r3.1 Table 7-17: Get Physical Port State Request Payload */ 483 struct cxl_fmapi_get_phys_port_state_req_pl { 484 uint8_t num_ports; 485 uint8_t ports[]; 486 } QEMU_PACKED *in; 487 488 /* 489 * CXL r3.1 Table 7-19: Get Physical Port State Port Information Block 490 * Format 491 */ 492 struct cxl_fmapi_port_state_info_block { 493 uint8_t port_id; 494 uint8_t config_state; 495 uint8_t connected_device_cxl_version; 496 uint8_t rsv1; 497 uint8_t connected_device_type; 498 uint8_t port_cxl_version_bitmask; 499 uint8_t max_link_width; 500 uint8_t negotiated_link_width; 501 uint8_t supported_link_speeds_vector; 502 uint8_t max_link_speed; 503 uint8_t current_link_speed; 504 uint8_t ltssm_state; 505 uint8_t first_lane_num; 506 uint16_t link_state; 507 uint8_t supported_ld_count; 508 } QEMU_PACKED; 509 510 /* CXL r3.1 Table 7-18: Get Physical Port State Response Payload */ 511 struct cxl_fmapi_get_phys_port_state_resp_pl { 512 uint8_t num_ports; 513 uint8_t rsv1[3]; 514 struct cxl_fmapi_port_state_info_block ports[]; 515 } QEMU_PACKED *out; 516 PCIBus *bus = &PCI_BRIDGE(cci->d)->sec_bus; 517 PCIEPort *usp = PCIE_PORT(cci->d); 518 size_t pl_size; 519 int i; 520 521 in = (struct cxl_fmapi_get_phys_port_state_req_pl *)payload_in; 522 out = (struct cxl_fmapi_get_phys_port_state_resp_pl *)payload_out; 523 524 /* Check if what was requested can fit */ 525 if (sizeof(*out) + sizeof(*out->ports) * in->num_ports > cci->payload_max) { 526 return CXL_MBOX_INVALID_INPUT; 527 } 528 529 /* For success there should be a match for each requested */ 530 out->num_ports = in->num_ports; 531 532 for (i = 0; i < in->num_ports; i++) { 533 struct cxl_fmapi_port_state_info_block *port; 534 /* First try to match on downstream port */ 535 PCIDevice *port_dev; 536 uint16_t lnkcap, lnkcap2, lnksta; 537 538 port = &out->ports[i]; 539 540 port_dev = pcie_find_port_by_pn(bus, in->ports[i]); 541 if (port_dev) { /* DSP */ 542 PCIDevice *ds_dev = pci_bridge_get_sec_bus(PCI_BRIDGE(port_dev)) 543 ->devices[0]; 544 port->config_state = 3; 545 if (ds_dev) { 546 if (object_dynamic_cast(OBJECT(ds_dev), TYPE_CXL_TYPE3)) { 547 port->connected_device_type = 5; /* Assume MLD for now */ 548 } else { 549 port->connected_device_type = 1; 550 } 551 } else { 552 port->connected_device_type = 0; 553 } 554 port->supported_ld_count = 3; 555 } else if (usp->port == in->ports[i]) { /* USP */ 556 port_dev = PCI_DEVICE(usp); 557 port->config_state = 4; 558 port->connected_device_type = 0; 559 } else { 560 return CXL_MBOX_INVALID_INPUT; 561 } 562 563 port->port_id = in->ports[i]; 564 /* Information on status of this port in lnksta, lnkcap */ 565 if (!port_dev->exp.exp_cap) { 566 return CXL_MBOX_INTERNAL_ERROR; 567 } 568 lnksta = port_dev->config_read(port_dev, 569 port_dev->exp.exp_cap + PCI_EXP_LNKSTA, 570 sizeof(lnksta)); 571 lnkcap = port_dev->config_read(port_dev, 572 port_dev->exp.exp_cap + PCI_EXP_LNKCAP, 573 sizeof(lnkcap)); 574 lnkcap2 = port_dev->config_read(port_dev, 575 port_dev->exp.exp_cap + PCI_EXP_LNKCAP2, 576 sizeof(lnkcap2)); 577 578 port->max_link_width = (lnkcap & PCI_EXP_LNKCAP_MLW) >> 4; 579 port->negotiated_link_width = (lnksta & PCI_EXP_LNKSTA_NLW) >> 4; 580 /* No definition for SLS field in linux/pci_regs.h */ 581 port->supported_link_speeds_vector = (lnkcap2 & 0xFE) >> 1; 582 port->max_link_speed = lnkcap & PCI_EXP_LNKCAP_SLS; 583 port->current_link_speed = lnksta & PCI_EXP_LNKSTA_CLS; 584 /* TODO: Track down if we can get the rest of the info */ 585 port->ltssm_state = 0x7; 586 port->first_lane_num = 0; 587 port->link_state = 0; 588 port->port_cxl_version_bitmask = 0x2; 589 port->connected_device_cxl_version = 0x2; 590 } 591 592 pl_size = sizeof(*out) + sizeof(*out->ports) * in->num_ports; 593 *len_out = pl_size; 594 595 return CXL_MBOX_SUCCESS; 596 } 597 598 /* CXL r3.1 Section 8.2.9.1.2: Background Operation Status (Opcode 0002h) */ 599 static CXLRetCode cmd_infostat_bg_op_sts(const struct cxl_cmd *cmd, 600 uint8_t *payload_in, 601 size_t len_in, 602 uint8_t *payload_out, 603 size_t *len_out, 604 CXLCCI *cci) 605 { 606 struct { 607 uint8_t status; 608 uint8_t rsvd; 609 uint16_t opcode; 610 uint16_t returncode; 611 uint16_t vendor_ext_status; 612 } QEMU_PACKED *bg_op_status; 613 QEMU_BUILD_BUG_ON(sizeof(*bg_op_status) != 8); 614 615 bg_op_status = (void *)payload_out; 616 bg_op_status->status = cci->bg.complete_pct << 1; 617 if (cci->bg.runtime > 0) { 618 bg_op_status->status |= 1U << 0; 619 } 620 bg_op_status->opcode = cci->bg.opcode; 621 bg_op_status->returncode = cci->bg.ret_code; 622 *len_out = sizeof(*bg_op_status); 623 624 return CXL_MBOX_SUCCESS; 625 } 626 627 #define CXL_FW_SLOTS 2 628 #define CXL_FW_SIZE 0x02000000 /* 32 mb */ 629 630 /* CXL r3.1 Section 8.2.9.3.1: Get FW Info (Opcode 0200h) */ 631 static CXLRetCode cmd_firmware_update_get_info(const struct cxl_cmd *cmd, 632 uint8_t *payload_in, 633 size_t len, 634 uint8_t *payload_out, 635 size_t *len_out, 636 CXLCCI *cci) 637 { 638 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 639 CXLDeviceState *cxl_dstate = &ct3d->cxl_dstate; 640 struct { 641 uint8_t slots_supported; 642 uint8_t slot_info; 643 uint8_t caps; 644 uint8_t rsvd[0xd]; 645 char fw_rev1[0x10]; 646 char fw_rev2[0x10]; 647 char fw_rev3[0x10]; 648 char fw_rev4[0x10]; 649 } QEMU_PACKED *fw_info; 650 QEMU_BUILD_BUG_ON(sizeof(*fw_info) != 0x50); 651 652 if ((cxl_dstate->vmem_size < CXL_CAPACITY_MULTIPLIER) || 653 (cxl_dstate->pmem_size < CXL_CAPACITY_MULTIPLIER) || 654 (ct3d->dc.total_capacity < CXL_CAPACITY_MULTIPLIER)) { 655 return CXL_MBOX_INTERNAL_ERROR; 656 } 657 658 fw_info = (void *)payload_out; 659 660 fw_info->slots_supported = CXL_FW_SLOTS; 661 fw_info->slot_info = (cci->fw.active_slot & 0x7) | 662 ((cci->fw.staged_slot & 0x7) << 3); 663 fw_info->caps = BIT(0); /* online update supported */ 664 665 if (cci->fw.slot[0]) { 666 pstrcpy(fw_info->fw_rev1, sizeof(fw_info->fw_rev1), "BWFW VERSION 0"); 667 } 668 if (cci->fw.slot[1]) { 669 pstrcpy(fw_info->fw_rev2, sizeof(fw_info->fw_rev2), "BWFW VERSION 1"); 670 } 671 672 *len_out = sizeof(*fw_info); 673 return CXL_MBOX_SUCCESS; 674 } 675 676 /* CXL r3.1 section 8.2.9.3.2: Transfer FW (Opcode 0201h) */ 677 #define CXL_FW_XFER_ALIGNMENT 128 678 679 #define CXL_FW_XFER_ACTION_FULL 0x0 680 #define CXL_FW_XFER_ACTION_INIT 0x1 681 #define CXL_FW_XFER_ACTION_CONTINUE 0x2 682 #define CXL_FW_XFER_ACTION_END 0x3 683 #define CXL_FW_XFER_ACTION_ABORT 0x4 684 685 static CXLRetCode cmd_firmware_update_transfer(const struct cxl_cmd *cmd, 686 uint8_t *payload_in, 687 size_t len, 688 uint8_t *payload_out, 689 size_t *len_out, 690 CXLCCI *cci) 691 { 692 struct { 693 uint8_t action; 694 uint8_t slot; 695 uint8_t rsvd1[2]; 696 uint32_t offset; 697 uint8_t rsvd2[0x78]; 698 uint8_t data[]; 699 } QEMU_PACKED *fw_transfer = (void *)payload_in; 700 size_t offset, length; 701 702 if (fw_transfer->action == CXL_FW_XFER_ACTION_ABORT) { 703 /* 704 * At this point there aren't any on-going transfers 705 * running in the bg - this is serialized before this 706 * call altogether. Just mark the state machine and 707 * disregard any other input. 708 */ 709 cci->fw.transferring = false; 710 return CXL_MBOX_SUCCESS; 711 } 712 713 offset = fw_transfer->offset * CXL_FW_XFER_ALIGNMENT; 714 length = len - sizeof(*fw_transfer); 715 if (offset + length > CXL_FW_SIZE) { 716 return CXL_MBOX_INVALID_INPUT; 717 } 718 719 if (cci->fw.transferring) { 720 if (fw_transfer->action == CXL_FW_XFER_ACTION_FULL || 721 fw_transfer->action == CXL_FW_XFER_ACTION_INIT) { 722 return CXL_MBOX_FW_XFER_IN_PROGRESS; 723 } 724 /* 725 * Abort partitioned package transfer if over 30 secs 726 * between parts. As opposed to the explicit ABORT action, 727 * semantically treat this condition as an error - as 728 * if a part action were passed without a previous INIT. 729 */ 730 if (difftime(time(NULL), cci->fw.last_partxfer) > 30.0) { 731 cci->fw.transferring = false; 732 return CXL_MBOX_INVALID_INPUT; 733 } 734 } else if (fw_transfer->action == CXL_FW_XFER_ACTION_CONTINUE || 735 fw_transfer->action == CXL_FW_XFER_ACTION_END) { 736 return CXL_MBOX_INVALID_INPUT; 737 } 738 739 /* allow back-to-back retransmission */ 740 if ((offset != cci->fw.prev_offset || length != cci->fw.prev_len) && 741 (fw_transfer->action == CXL_FW_XFER_ACTION_CONTINUE || 742 fw_transfer->action == CXL_FW_XFER_ACTION_END)) { 743 /* verify no overlaps */ 744 if (offset < cci->fw.prev_offset + cci->fw.prev_len) { 745 return CXL_MBOX_FW_XFER_OUT_OF_ORDER; 746 } 747 } 748 749 switch (fw_transfer->action) { 750 case CXL_FW_XFER_ACTION_FULL: /* ignores offset */ 751 case CXL_FW_XFER_ACTION_END: 752 if (fw_transfer->slot == 0 || 753 fw_transfer->slot == cci->fw.active_slot || 754 fw_transfer->slot > CXL_FW_SLOTS) { 755 return CXL_MBOX_FW_INVALID_SLOT; 756 } 757 758 /* mark the slot used upon bg completion */ 759 break; 760 case CXL_FW_XFER_ACTION_INIT: 761 if (offset != 0) { 762 return CXL_MBOX_INVALID_INPUT; 763 } 764 765 cci->fw.transferring = true; 766 cci->fw.prev_offset = offset; 767 cci->fw.prev_len = length; 768 break; 769 case CXL_FW_XFER_ACTION_CONTINUE: 770 cci->fw.prev_offset = offset; 771 cci->fw.prev_len = length; 772 break; 773 default: 774 return CXL_MBOX_INVALID_INPUT; 775 } 776 777 if (fw_transfer->action == CXL_FW_XFER_ACTION_FULL) { 778 cci->bg.runtime = 10 * 1000UL; 779 } else { 780 cci->bg.runtime = 2 * 1000UL; 781 } 782 /* keep relevant context for bg completion */ 783 cci->fw.curr_action = fw_transfer->action; 784 cci->fw.curr_slot = fw_transfer->slot; 785 *len_out = 0; 786 787 return CXL_MBOX_BG_STARTED; 788 } 789 790 static void __do_firmware_xfer(CXLCCI *cci) 791 { 792 switch (cci->fw.curr_action) { 793 case CXL_FW_XFER_ACTION_FULL: 794 case CXL_FW_XFER_ACTION_END: 795 cci->fw.slot[cci->fw.curr_slot - 1] = true; 796 cci->fw.transferring = false; 797 break; 798 case CXL_FW_XFER_ACTION_INIT: 799 case CXL_FW_XFER_ACTION_CONTINUE: 800 time(&cci->fw.last_partxfer); 801 break; 802 default: 803 break; 804 } 805 } 806 807 /* CXL r3.1 section 8.2.9.3.3: Activate FW (Opcode 0202h) */ 808 static CXLRetCode cmd_firmware_update_activate(const struct cxl_cmd *cmd, 809 uint8_t *payload_in, 810 size_t len, 811 uint8_t *payload_out, 812 size_t *len_out, 813 CXLCCI *cci) 814 { 815 struct { 816 uint8_t action; 817 uint8_t slot; 818 } QEMU_PACKED *fw_activate = (void *)payload_in; 819 QEMU_BUILD_BUG_ON(sizeof(*fw_activate) != 0x2); 820 821 if (fw_activate->slot == 0 || 822 fw_activate->slot == cci->fw.active_slot || 823 fw_activate->slot > CXL_FW_SLOTS) { 824 return CXL_MBOX_FW_INVALID_SLOT; 825 } 826 827 /* ensure that an actual fw package is there */ 828 if (!cci->fw.slot[fw_activate->slot - 1]) { 829 return CXL_MBOX_FW_INVALID_SLOT; 830 } 831 832 switch (fw_activate->action) { 833 case 0: /* online */ 834 cci->fw.active_slot = fw_activate->slot; 835 break; 836 case 1: /* reset */ 837 cci->fw.staged_slot = fw_activate->slot; 838 break; 839 default: 840 return CXL_MBOX_INVALID_INPUT; 841 } 842 843 return CXL_MBOX_SUCCESS; 844 } 845 846 /* CXL r3.1 Section 8.2.9.4.1: Get Timestamp (Opcode 0300h) */ 847 static CXLRetCode cmd_timestamp_get(const struct cxl_cmd *cmd, 848 uint8_t *payload_in, 849 size_t len_in, 850 uint8_t *payload_out, 851 size_t *len_out, 852 CXLCCI *cci) 853 { 854 CXLDeviceState *cxl_dstate = &CXL_TYPE3(cci->d)->cxl_dstate; 855 uint64_t final_time = cxl_device_get_timestamp(cxl_dstate); 856 857 stq_le_p(payload_out, final_time); 858 *len_out = 8; 859 860 return CXL_MBOX_SUCCESS; 861 } 862 863 /* CXL r3.1 Section 8.2.9.4.2: Set Timestamp (Opcode 0301h) */ 864 static CXLRetCode cmd_timestamp_set(const struct cxl_cmd *cmd, 865 uint8_t *payload_in, 866 size_t len_in, 867 uint8_t *payload_out, 868 size_t *len_out, 869 CXLCCI *cci) 870 { 871 CXLDeviceState *cxl_dstate = &CXL_TYPE3(cci->d)->cxl_dstate; 872 873 cxl_dstate->timestamp.set = true; 874 cxl_dstate->timestamp.last_set = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 875 876 cxl_dstate->timestamp.host_set = le64_to_cpu(*(uint64_t *)payload_in); 877 878 *len_out = 0; 879 return CXL_MBOX_SUCCESS; 880 } 881 882 /* CXL r3.1 Section 8.2.9.5.2.1: Command Effects Log (CEL) */ 883 static const QemuUUID cel_uuid = { 884 .data = UUID(0x0da9c0b5, 0xbf41, 0x4b78, 0x8f, 0x79, 885 0x96, 0xb1, 0x62, 0x3b, 0x3f, 0x17) 886 }; 887 888 /* CXL r3.1 Section 8.2.9.5.1: Get Supported Logs (Opcode 0400h) */ 889 static CXLRetCode cmd_logs_get_supported(const struct cxl_cmd *cmd, 890 uint8_t *payload_in, 891 size_t len_in, 892 uint8_t *payload_out, 893 size_t *len_out, 894 CXLCCI *cci) 895 { 896 struct { 897 uint16_t entries; 898 uint8_t rsvd[6]; 899 struct { 900 QemuUUID uuid; 901 uint32_t size; 902 } log_entries[1]; 903 } QEMU_PACKED *supported_logs = (void *)payload_out; 904 QEMU_BUILD_BUG_ON(sizeof(*supported_logs) != 0x1c); 905 906 supported_logs->entries = 1; 907 supported_logs->log_entries[0].uuid = cel_uuid; 908 supported_logs->log_entries[0].size = 4 * cci->cel_size; 909 910 *len_out = sizeof(*supported_logs); 911 return CXL_MBOX_SUCCESS; 912 } 913 914 /* CXL r3.1 Section 8.2.9.5.2: Get Log (Opcode 0401h) */ 915 static CXLRetCode cmd_logs_get_log(const struct cxl_cmd *cmd, 916 uint8_t *payload_in, 917 size_t len_in, 918 uint8_t *payload_out, 919 size_t *len_out, 920 CXLCCI *cci) 921 { 922 struct { 923 QemuUUID uuid; 924 uint32_t offset; 925 uint32_t length; 926 } QEMU_PACKED QEMU_ALIGNED(16) *get_log; 927 928 get_log = (void *)payload_in; 929 930 /* 931 * CXL r3.1 Section 8.2.9.5.2: Get Log (Opcode 0401h) 932 * The device shall return Invalid Input if the Offset or Length 933 * fields attempt to access beyond the size of the log as reported by Get 934 * Supported Logs. 935 * 936 * The CEL buffer is large enough to fit all commands in the emulation, so 937 * the only possible failure would be if the mailbox itself isn't big 938 * enough. 939 */ 940 if (get_log->offset + get_log->length > cci->payload_max) { 941 return CXL_MBOX_INVALID_INPUT; 942 } 943 944 if (!qemu_uuid_is_equal(&get_log->uuid, &cel_uuid)) { 945 return CXL_MBOX_INVALID_LOG; 946 } 947 948 /* Store off everything to local variables so we can wipe out the payload */ 949 *len_out = get_log->length; 950 951 memmove(payload_out, cci->cel_log + get_log->offset, get_log->length); 952 953 return CXL_MBOX_SUCCESS; 954 } 955 956 /* CXL r3.1 section 8.2.9.6: Features */ 957 /* 958 * Get Supported Features output payload 959 * CXL r3.1 section 8.2.9.6.1 Table 8-96 960 */ 961 typedef struct CXLSupportedFeatureHeader { 962 uint16_t entries; 963 uint16_t nsuppfeats_dev; 964 uint32_t reserved; 965 } QEMU_PACKED CXLSupportedFeatureHeader; 966 967 /* 968 * Get Supported Features Supported Feature Entry 969 * CXL r3.1 section 8.2.9.6.1 Table 8-97 970 */ 971 typedef struct CXLSupportedFeatureEntry { 972 QemuUUID uuid; 973 uint16_t feat_index; 974 uint16_t get_feat_size; 975 uint16_t set_feat_size; 976 uint32_t attr_flags; 977 uint8_t get_feat_version; 978 uint8_t set_feat_version; 979 uint16_t set_feat_effects; 980 uint8_t rsvd[18]; 981 } QEMU_PACKED CXLSupportedFeatureEntry; 982 983 /* 984 * Get Supported Features Supported Feature Entry 985 * CXL rev 3.1 section 8.2.9.6.1 Table 8-97 986 */ 987 /* Supported Feature Entry : attribute flags */ 988 #define CXL_FEAT_ENTRY_ATTR_FLAG_CHANGABLE BIT(0) 989 #define CXL_FEAT_ENTRY_ATTR_FLAG_DEEPEST_RESET_PERSISTENCE_MASK GENMASK(3, 1) 990 #define CXL_FEAT_ENTRY_ATTR_FLAG_PERSIST_ACROSS_FIRMWARE_UPDATE BIT(4) 991 #define CXL_FEAT_ENTRY_ATTR_FLAG_SUPPORT_DEFAULT_SELECTION BIT(5) 992 #define CXL_FEAT_ENTRY_ATTR_FLAG_SUPPORT_SAVED_SELECTION BIT(6) 993 994 /* Supported Feature Entry : set feature effects */ 995 #define CXL_FEAT_ENTRY_SFE_CONFIG_CHANGE_COLD_RESET BIT(0) 996 #define CXL_FEAT_ENTRY_SFE_IMMEDIATE_CONFIG_CHANGE BIT(1) 997 #define CXL_FEAT_ENTRY_SFE_IMMEDIATE_DATA_CHANGE BIT(2) 998 #define CXL_FEAT_ENTRY_SFE_IMMEDIATE_POLICY_CHANGE BIT(3) 999 #define CXL_FEAT_ENTRY_SFE_IMMEDIATE_LOG_CHANGE BIT(4) 1000 #define CXL_FEAT_ENTRY_SFE_SECURITY_STATE_CHANGE BIT(5) 1001 #define CXL_FEAT_ENTRY_SFE_BACKGROUND_OPERATION BIT(6) 1002 #define CXL_FEAT_ENTRY_SFE_SUPPORT_SECONDARY_MAILBOX BIT(7) 1003 #define CXL_FEAT_ENTRY_SFE_SUPPORT_ABORT_BACKGROUND_OPERATION BIT(8) 1004 #define CXL_FEAT_ENTRY_SFE_CEL_VALID BIT(9) 1005 #define CXL_FEAT_ENTRY_SFE_CONFIG_CHANGE_CONV_RESET BIT(10) 1006 #define CXL_FEAT_ENTRY_SFE_CONFIG_CHANGE_CXL_RESET BIT(11) 1007 1008 enum CXL_SUPPORTED_FEATURES_LIST { 1009 CXL_FEATURE_PATROL_SCRUB = 0, 1010 CXL_FEATURE_ECS, 1011 CXL_FEATURE_MAX 1012 }; 1013 1014 /* Get Feature CXL 3.1 Spec 8.2.9.6.2 */ 1015 /* 1016 * Get Feature input payload 1017 * CXL r3.1 section 8.2.9.6.2 Table 8-99 1018 */ 1019 /* Get Feature : Payload in selection */ 1020 enum CXL_GET_FEATURE_SELECTION { 1021 CXL_GET_FEATURE_SEL_CURRENT_VALUE, 1022 CXL_GET_FEATURE_SEL_DEFAULT_VALUE, 1023 CXL_GET_FEATURE_SEL_SAVED_VALUE, 1024 CXL_GET_FEATURE_SEL_MAX 1025 }; 1026 1027 /* Set Feature CXL 3.1 Spec 8.2.9.6.3 */ 1028 /* 1029 * Set Feature input payload 1030 * CXL r3.1 section 8.2.9.6.3 Table 8-101 1031 */ 1032 typedef struct CXLSetFeatureInHeader { 1033 QemuUUID uuid; 1034 uint32_t flags; 1035 uint16_t offset; 1036 uint8_t version; 1037 uint8_t rsvd[9]; 1038 } QEMU_PACKED QEMU_ALIGNED(16) CXLSetFeatureInHeader; 1039 1040 /* Set Feature : Payload in flags */ 1041 #define CXL_SET_FEATURE_FLAG_DATA_TRANSFER_MASK 0x7 1042 enum CXL_SET_FEATURE_FLAG_DATA_TRANSFER { 1043 CXL_SET_FEATURE_FLAG_FULL_DATA_TRANSFER, 1044 CXL_SET_FEATURE_FLAG_INITIATE_DATA_TRANSFER, 1045 CXL_SET_FEATURE_FLAG_CONTINUE_DATA_TRANSFER, 1046 CXL_SET_FEATURE_FLAG_FINISH_DATA_TRANSFER, 1047 CXL_SET_FEATURE_FLAG_ABORT_DATA_TRANSFER, 1048 CXL_SET_FEATURE_FLAG_DATA_TRANSFER_MAX 1049 }; 1050 #define CXL_SET_FEAT_DATA_SAVED_ACROSS_RESET BIT(3) 1051 1052 /* CXL r3.1 section 8.2.9.9.11.1: Device Patrol Scrub Control Feature */ 1053 static const QemuUUID patrol_scrub_uuid = { 1054 .data = UUID(0x96dad7d6, 0xfde8, 0x482b, 0xa7, 0x33, 1055 0x75, 0x77, 0x4e, 0x06, 0xdb, 0x8a) 1056 }; 1057 1058 typedef struct CXLMemPatrolScrubSetFeature { 1059 CXLSetFeatureInHeader hdr; 1060 CXLMemPatrolScrubWriteAttrs feat_data; 1061 } QEMU_PACKED QEMU_ALIGNED(16) CXLMemPatrolScrubSetFeature; 1062 1063 /* 1064 * CXL r3.1 section 8.2.9.9.11.2: 1065 * DDR5 Error Check Scrub (ECS) Control Feature 1066 */ 1067 static const QemuUUID ecs_uuid = { 1068 .data = UUID(0xe5b13f22, 0x2328, 0x4a14, 0xb8, 0xba, 1069 0xb9, 0x69, 0x1e, 0x89, 0x33, 0x86) 1070 }; 1071 1072 typedef struct CXLMemECSSetFeature { 1073 CXLSetFeatureInHeader hdr; 1074 CXLMemECSWriteAttrs feat_data[]; 1075 } QEMU_PACKED QEMU_ALIGNED(16) CXLMemECSSetFeature; 1076 1077 /* CXL r3.1 section 8.2.9.6.1: Get Supported Features (Opcode 0500h) */ 1078 static CXLRetCode cmd_features_get_supported(const struct cxl_cmd *cmd, 1079 uint8_t *payload_in, 1080 size_t len_in, 1081 uint8_t *payload_out, 1082 size_t *len_out, 1083 CXLCCI *cci) 1084 { 1085 struct { 1086 uint32_t count; 1087 uint16_t start_index; 1088 uint16_t reserved; 1089 } QEMU_PACKED QEMU_ALIGNED(16) * get_feats_in = (void *)payload_in; 1090 1091 struct { 1092 CXLSupportedFeatureHeader hdr; 1093 CXLSupportedFeatureEntry feat_entries[]; 1094 } QEMU_PACKED QEMU_ALIGNED(16) * get_feats_out = (void *)payload_out; 1095 uint16_t index, req_entries; 1096 uint16_t entry; 1097 1098 if (!object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_TYPE3)) { 1099 return CXL_MBOX_UNSUPPORTED; 1100 } 1101 if (get_feats_in->count < sizeof(CXLSupportedFeatureHeader) || 1102 get_feats_in->start_index >= CXL_FEATURE_MAX) { 1103 return CXL_MBOX_INVALID_INPUT; 1104 } 1105 1106 req_entries = (get_feats_in->count - 1107 sizeof(CXLSupportedFeatureHeader)) / 1108 sizeof(CXLSupportedFeatureEntry); 1109 req_entries = MIN(req_entries, 1110 (CXL_FEATURE_MAX - get_feats_in->start_index)); 1111 1112 for (entry = 0, index = get_feats_in->start_index; 1113 entry < req_entries; index++) { 1114 switch (index) { 1115 case CXL_FEATURE_PATROL_SCRUB: 1116 /* Fill supported feature entry for device patrol scrub control */ 1117 get_feats_out->feat_entries[entry++] = 1118 (struct CXLSupportedFeatureEntry) { 1119 .uuid = patrol_scrub_uuid, 1120 .feat_index = index, 1121 .get_feat_size = sizeof(CXLMemPatrolScrubReadAttrs), 1122 .set_feat_size = sizeof(CXLMemPatrolScrubWriteAttrs), 1123 .attr_flags = CXL_FEAT_ENTRY_ATTR_FLAG_CHANGABLE, 1124 .get_feat_version = CXL_MEMDEV_PS_GET_FEATURE_VERSION, 1125 .set_feat_version = CXL_MEMDEV_PS_SET_FEATURE_VERSION, 1126 .set_feat_effects = CXL_FEAT_ENTRY_SFE_IMMEDIATE_CONFIG_CHANGE | 1127 CXL_FEAT_ENTRY_SFE_CEL_VALID, 1128 }; 1129 break; 1130 case CXL_FEATURE_ECS: 1131 /* Fill supported feature entry for device DDR5 ECS control */ 1132 get_feats_out->feat_entries[entry++] = 1133 (struct CXLSupportedFeatureEntry) { 1134 .uuid = ecs_uuid, 1135 .feat_index = index, 1136 .get_feat_size = CXL_ECS_NUM_MEDIA_FRUS * 1137 sizeof(CXLMemECSReadAttrs), 1138 .set_feat_size = CXL_ECS_NUM_MEDIA_FRUS * 1139 sizeof(CXLMemECSWriteAttrs), 1140 .attr_flags = CXL_FEAT_ENTRY_ATTR_FLAG_CHANGABLE, 1141 .get_feat_version = CXL_ECS_GET_FEATURE_VERSION, 1142 .set_feat_version = CXL_ECS_SET_FEATURE_VERSION, 1143 .set_feat_effects = CXL_FEAT_ENTRY_SFE_IMMEDIATE_CONFIG_CHANGE | 1144 CXL_FEAT_ENTRY_SFE_CEL_VALID, 1145 }; 1146 break; 1147 default: 1148 __builtin_unreachable(); 1149 } 1150 } 1151 get_feats_out->hdr.nsuppfeats_dev = CXL_FEATURE_MAX; 1152 get_feats_out->hdr.entries = req_entries; 1153 *len_out = sizeof(CXLSupportedFeatureHeader) + 1154 req_entries * sizeof(CXLSupportedFeatureEntry); 1155 1156 return CXL_MBOX_SUCCESS; 1157 } 1158 1159 /* CXL r3.1 section 8.2.9.6.2: Get Feature (Opcode 0501h) */ 1160 static CXLRetCode cmd_features_get_feature(const struct cxl_cmd *cmd, 1161 uint8_t *payload_in, 1162 size_t len_in, 1163 uint8_t *payload_out, 1164 size_t *len_out, 1165 CXLCCI *cci) 1166 { 1167 struct { 1168 QemuUUID uuid; 1169 uint16_t offset; 1170 uint16_t count; 1171 uint8_t selection; 1172 } QEMU_PACKED QEMU_ALIGNED(16) * get_feature; 1173 uint16_t bytes_to_copy = 0; 1174 CXLType3Dev *ct3d; 1175 CXLSetFeatureInfo *set_feat_info; 1176 1177 if (!object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_TYPE3)) { 1178 return CXL_MBOX_UNSUPPORTED; 1179 } 1180 1181 ct3d = CXL_TYPE3(cci->d); 1182 get_feature = (void *)payload_in; 1183 1184 set_feat_info = &ct3d->set_feat_info; 1185 if (qemu_uuid_is_equal(&get_feature->uuid, &set_feat_info->uuid)) { 1186 return CXL_MBOX_FEATURE_TRANSFER_IN_PROGRESS; 1187 } 1188 1189 if (get_feature->selection != CXL_GET_FEATURE_SEL_CURRENT_VALUE) { 1190 return CXL_MBOX_UNSUPPORTED; 1191 } 1192 if (get_feature->offset + get_feature->count > cci->payload_max) { 1193 return CXL_MBOX_INVALID_INPUT; 1194 } 1195 1196 if (qemu_uuid_is_equal(&get_feature->uuid, &patrol_scrub_uuid)) { 1197 if (get_feature->offset >= sizeof(CXLMemPatrolScrubReadAttrs)) { 1198 return CXL_MBOX_INVALID_INPUT; 1199 } 1200 bytes_to_copy = sizeof(CXLMemPatrolScrubReadAttrs) - 1201 get_feature->offset; 1202 bytes_to_copy = MIN(bytes_to_copy, get_feature->count); 1203 memcpy(payload_out, 1204 (uint8_t *)&ct3d->patrol_scrub_attrs + get_feature->offset, 1205 bytes_to_copy); 1206 } else if (qemu_uuid_is_equal(&get_feature->uuid, &ecs_uuid)) { 1207 if (get_feature->offset >= CXL_ECS_NUM_MEDIA_FRUS * 1208 sizeof(CXLMemECSReadAttrs)) { 1209 return CXL_MBOX_INVALID_INPUT; 1210 } 1211 bytes_to_copy = CXL_ECS_NUM_MEDIA_FRUS * 1212 sizeof(CXLMemECSReadAttrs) - 1213 get_feature->offset; 1214 bytes_to_copy = MIN(bytes_to_copy, get_feature->count); 1215 memcpy(payload_out, 1216 (uint8_t *)&ct3d->ecs_attrs + get_feature->offset, 1217 bytes_to_copy); 1218 } else { 1219 return CXL_MBOX_UNSUPPORTED; 1220 } 1221 1222 *len_out = bytes_to_copy; 1223 1224 return CXL_MBOX_SUCCESS; 1225 } 1226 1227 /* CXL r3.1 section 8.2.9.6.3: Set Feature (Opcode 0502h) */ 1228 static CXLRetCode cmd_features_set_feature(const struct cxl_cmd *cmd, 1229 uint8_t *payload_in, 1230 size_t len_in, 1231 uint8_t *payload_out, 1232 size_t *len_out, 1233 CXLCCI *cci) 1234 { 1235 CXLSetFeatureInHeader *hdr = (void *)payload_in; 1236 CXLMemPatrolScrubWriteAttrs *ps_write_attrs; 1237 CXLMemPatrolScrubSetFeature *ps_set_feature; 1238 CXLMemECSWriteAttrs *ecs_write_attrs; 1239 CXLMemECSSetFeature *ecs_set_feature; 1240 CXLSetFeatureInfo *set_feat_info; 1241 uint16_t bytes_to_copy = 0; 1242 uint8_t data_transfer_flag; 1243 CXLType3Dev *ct3d; 1244 uint16_t count; 1245 1246 1247 if (!object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_TYPE3)) { 1248 return CXL_MBOX_UNSUPPORTED; 1249 } 1250 ct3d = CXL_TYPE3(cci->d); 1251 set_feat_info = &ct3d->set_feat_info; 1252 1253 if (!qemu_uuid_is_null(&set_feat_info->uuid) && 1254 !qemu_uuid_is_equal(&hdr->uuid, &set_feat_info->uuid)) { 1255 return CXL_MBOX_FEATURE_TRANSFER_IN_PROGRESS; 1256 } 1257 if (hdr->flags & CXL_SET_FEAT_DATA_SAVED_ACROSS_RESET) { 1258 set_feat_info->data_saved_across_reset = true; 1259 } else { 1260 set_feat_info->data_saved_across_reset = false; 1261 } 1262 1263 data_transfer_flag = 1264 hdr->flags & CXL_SET_FEATURE_FLAG_DATA_TRANSFER_MASK; 1265 if (data_transfer_flag == CXL_SET_FEATURE_FLAG_INITIATE_DATA_TRANSFER) { 1266 set_feat_info->uuid = hdr->uuid; 1267 set_feat_info->data_size = 0; 1268 } 1269 set_feat_info->data_transfer_flag = data_transfer_flag; 1270 set_feat_info->data_offset = hdr->offset; 1271 bytes_to_copy = len_in - sizeof(CXLSetFeatureInHeader); 1272 1273 if (qemu_uuid_is_equal(&hdr->uuid, &patrol_scrub_uuid)) { 1274 if (hdr->version != CXL_MEMDEV_PS_SET_FEATURE_VERSION) { 1275 return CXL_MBOX_UNSUPPORTED; 1276 } 1277 1278 ps_set_feature = (void *)payload_in; 1279 ps_write_attrs = &ps_set_feature->feat_data; 1280 memcpy((uint8_t *)&ct3d->patrol_scrub_wr_attrs + hdr->offset, 1281 ps_write_attrs, 1282 bytes_to_copy); 1283 set_feat_info->data_size += bytes_to_copy; 1284 1285 if (data_transfer_flag == CXL_SET_FEATURE_FLAG_FULL_DATA_TRANSFER || 1286 data_transfer_flag == CXL_SET_FEATURE_FLAG_FINISH_DATA_TRANSFER) { 1287 ct3d->patrol_scrub_attrs.scrub_cycle &= ~0xFF; 1288 ct3d->patrol_scrub_attrs.scrub_cycle |= 1289 ct3d->patrol_scrub_wr_attrs.scrub_cycle_hr & 0xFF; 1290 ct3d->patrol_scrub_attrs.scrub_flags &= ~0x1; 1291 ct3d->patrol_scrub_attrs.scrub_flags |= 1292 ct3d->patrol_scrub_wr_attrs.scrub_flags & 0x1; 1293 } 1294 } else if (qemu_uuid_is_equal(&hdr->uuid, 1295 &ecs_uuid)) { 1296 if (hdr->version != CXL_ECS_SET_FEATURE_VERSION) { 1297 return CXL_MBOX_UNSUPPORTED; 1298 } 1299 1300 ecs_set_feature = (void *)payload_in; 1301 ecs_write_attrs = ecs_set_feature->feat_data; 1302 memcpy((uint8_t *)ct3d->ecs_wr_attrs + hdr->offset, 1303 ecs_write_attrs, 1304 bytes_to_copy); 1305 set_feat_info->data_size += bytes_to_copy; 1306 1307 if (data_transfer_flag == CXL_SET_FEATURE_FLAG_FULL_DATA_TRANSFER || 1308 data_transfer_flag == CXL_SET_FEATURE_FLAG_FINISH_DATA_TRANSFER) { 1309 for (count = 0; count < CXL_ECS_NUM_MEDIA_FRUS; count++) { 1310 ct3d->ecs_attrs[count].ecs_log_cap = 1311 ct3d->ecs_wr_attrs[count].ecs_log_cap; 1312 ct3d->ecs_attrs[count].ecs_config = 1313 ct3d->ecs_wr_attrs[count].ecs_config & 0x1F; 1314 } 1315 } 1316 } else { 1317 return CXL_MBOX_UNSUPPORTED; 1318 } 1319 1320 if (data_transfer_flag == CXL_SET_FEATURE_FLAG_FULL_DATA_TRANSFER || 1321 data_transfer_flag == CXL_SET_FEATURE_FLAG_FINISH_DATA_TRANSFER || 1322 data_transfer_flag == CXL_SET_FEATURE_FLAG_ABORT_DATA_TRANSFER) { 1323 memset(&set_feat_info->uuid, 0, sizeof(QemuUUID)); 1324 if (qemu_uuid_is_equal(&hdr->uuid, &patrol_scrub_uuid)) { 1325 memset(&ct3d->patrol_scrub_wr_attrs, 0, set_feat_info->data_size); 1326 } else if (qemu_uuid_is_equal(&hdr->uuid, &ecs_uuid)) { 1327 memset(ct3d->ecs_wr_attrs, 0, set_feat_info->data_size); 1328 } 1329 set_feat_info->data_transfer_flag = 0; 1330 set_feat_info->data_saved_across_reset = false; 1331 set_feat_info->data_offset = 0; 1332 set_feat_info->data_size = 0; 1333 } 1334 1335 return CXL_MBOX_SUCCESS; 1336 } 1337 1338 /* CXL r3.1 Section 8.2.9.9.1.1: Identify Memory Device (Opcode 4000h) */ 1339 static CXLRetCode cmd_identify_memory_device(const struct cxl_cmd *cmd, 1340 uint8_t *payload_in, 1341 size_t len_in, 1342 uint8_t *payload_out, 1343 size_t *len_out, 1344 CXLCCI *cci) 1345 { 1346 struct { 1347 char fw_revision[0x10]; 1348 uint64_t total_capacity; 1349 uint64_t volatile_capacity; 1350 uint64_t persistent_capacity; 1351 uint64_t partition_align; 1352 uint16_t info_event_log_size; 1353 uint16_t warning_event_log_size; 1354 uint16_t failure_event_log_size; 1355 uint16_t fatal_event_log_size; 1356 uint32_t lsa_size; 1357 uint8_t poison_list_max_mer[3]; 1358 uint16_t inject_poison_limit; 1359 uint8_t poison_caps; 1360 uint8_t qos_telemetry_caps; 1361 uint16_t dc_event_log_size; 1362 } QEMU_PACKED *id; 1363 QEMU_BUILD_BUG_ON(sizeof(*id) != 0x45); 1364 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1365 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 1366 CXLDeviceState *cxl_dstate = &ct3d->cxl_dstate; 1367 1368 if ((!QEMU_IS_ALIGNED(cxl_dstate->vmem_size, CXL_CAPACITY_MULTIPLIER)) || 1369 (!QEMU_IS_ALIGNED(cxl_dstate->pmem_size, CXL_CAPACITY_MULTIPLIER)) || 1370 (!QEMU_IS_ALIGNED(ct3d->dc.total_capacity, CXL_CAPACITY_MULTIPLIER))) { 1371 return CXL_MBOX_INTERNAL_ERROR; 1372 } 1373 1374 id = (void *)payload_out; 1375 1376 snprintf(id->fw_revision, 0x10, "BWFW VERSION %02d", 0); 1377 1378 stq_le_p(&id->total_capacity, 1379 cxl_dstate->static_mem_size / CXL_CAPACITY_MULTIPLIER); 1380 stq_le_p(&id->persistent_capacity, 1381 cxl_dstate->pmem_size / CXL_CAPACITY_MULTIPLIER); 1382 stq_le_p(&id->volatile_capacity, 1383 cxl_dstate->vmem_size / CXL_CAPACITY_MULTIPLIER); 1384 stl_le_p(&id->lsa_size, cvc->get_lsa_size(ct3d)); 1385 /* 256 poison records */ 1386 st24_le_p(id->poison_list_max_mer, 256); 1387 /* No limit - so limited by main poison record limit */ 1388 stw_le_p(&id->inject_poison_limit, 0); 1389 stw_le_p(&id->dc_event_log_size, CXL_DC_EVENT_LOG_SIZE); 1390 1391 *len_out = sizeof(*id); 1392 return CXL_MBOX_SUCCESS; 1393 } 1394 1395 /* CXL r3.1 Section 8.2.9.9.2.1: Get Partition Info (Opcode 4100h) */ 1396 static CXLRetCode cmd_ccls_get_partition_info(const struct cxl_cmd *cmd, 1397 uint8_t *payload_in, 1398 size_t len_in, 1399 uint8_t *payload_out, 1400 size_t *len_out, 1401 CXLCCI *cci) 1402 { 1403 CXLDeviceState *cxl_dstate = &CXL_TYPE3(cci->d)->cxl_dstate; 1404 struct { 1405 uint64_t active_vmem; 1406 uint64_t active_pmem; 1407 uint64_t next_vmem; 1408 uint64_t next_pmem; 1409 } QEMU_PACKED *part_info = (void *)payload_out; 1410 QEMU_BUILD_BUG_ON(sizeof(*part_info) != 0x20); 1411 CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate); 1412 1413 if ((!QEMU_IS_ALIGNED(cxl_dstate->vmem_size, CXL_CAPACITY_MULTIPLIER)) || 1414 (!QEMU_IS_ALIGNED(cxl_dstate->pmem_size, CXL_CAPACITY_MULTIPLIER)) || 1415 (!QEMU_IS_ALIGNED(ct3d->dc.total_capacity, CXL_CAPACITY_MULTIPLIER))) { 1416 return CXL_MBOX_INTERNAL_ERROR; 1417 } 1418 1419 stq_le_p(&part_info->active_vmem, 1420 cxl_dstate->vmem_size / CXL_CAPACITY_MULTIPLIER); 1421 /* 1422 * When both next_vmem and next_pmem are 0, there is no pending change to 1423 * partitioning. 1424 */ 1425 stq_le_p(&part_info->next_vmem, 0); 1426 stq_le_p(&part_info->active_pmem, 1427 cxl_dstate->pmem_size / CXL_CAPACITY_MULTIPLIER); 1428 stq_le_p(&part_info->next_pmem, 0); 1429 1430 *len_out = sizeof(*part_info); 1431 return CXL_MBOX_SUCCESS; 1432 } 1433 1434 /* CXL r3.1 Section 8.2.9.9.2.3: Get LSA (Opcode 4102h) */ 1435 static CXLRetCode cmd_ccls_get_lsa(const struct cxl_cmd *cmd, 1436 uint8_t *payload_in, 1437 size_t len_in, 1438 uint8_t *payload_out, 1439 size_t *len_out, 1440 CXLCCI *cci) 1441 { 1442 struct { 1443 uint32_t offset; 1444 uint32_t length; 1445 } QEMU_PACKED *get_lsa; 1446 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1447 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 1448 uint32_t offset, length; 1449 1450 get_lsa = (void *)payload_in; 1451 offset = get_lsa->offset; 1452 length = get_lsa->length; 1453 1454 if (offset + length > cvc->get_lsa_size(ct3d)) { 1455 *len_out = 0; 1456 return CXL_MBOX_INVALID_INPUT; 1457 } 1458 1459 *len_out = cvc->get_lsa(ct3d, payload_out, length, offset); 1460 return CXL_MBOX_SUCCESS; 1461 } 1462 1463 /* CXL r3.1 Section 8.2.9.9.2.4: Set LSA (Opcode 4103h) */ 1464 static CXLRetCode cmd_ccls_set_lsa(const struct cxl_cmd *cmd, 1465 uint8_t *payload_in, 1466 size_t len_in, 1467 uint8_t *payload_out, 1468 size_t *len_out, 1469 CXLCCI *cci) 1470 { 1471 struct set_lsa_pl { 1472 uint32_t offset; 1473 uint32_t rsvd; 1474 uint8_t data[]; 1475 } QEMU_PACKED; 1476 struct set_lsa_pl *set_lsa_payload = (void *)payload_in; 1477 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1478 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 1479 const size_t hdr_len = offsetof(struct set_lsa_pl, data); 1480 1481 *len_out = 0; 1482 if (!len_in) { 1483 return CXL_MBOX_SUCCESS; 1484 } 1485 1486 if (set_lsa_payload->offset + len_in > cvc->get_lsa_size(ct3d) + hdr_len) { 1487 return CXL_MBOX_INVALID_INPUT; 1488 } 1489 len_in -= hdr_len; 1490 1491 cvc->set_lsa(ct3d, set_lsa_payload->data, len_in, set_lsa_payload->offset); 1492 return CXL_MBOX_SUCCESS; 1493 } 1494 1495 /* Perform the actual device zeroing */ 1496 static void __do_sanitization(CXLType3Dev *ct3d) 1497 { 1498 MemoryRegion *mr; 1499 1500 if (ct3d->hostvmem) { 1501 mr = host_memory_backend_get_memory(ct3d->hostvmem); 1502 if (mr) { 1503 void *hostmem = memory_region_get_ram_ptr(mr); 1504 memset(hostmem, 0, memory_region_size(mr)); 1505 } 1506 } 1507 1508 if (ct3d->hostpmem) { 1509 mr = host_memory_backend_get_memory(ct3d->hostpmem); 1510 if (mr) { 1511 void *hostmem = memory_region_get_ram_ptr(mr); 1512 memset(hostmem, 0, memory_region_size(mr)); 1513 } 1514 } 1515 if (ct3d->lsa) { 1516 mr = host_memory_backend_get_memory(ct3d->lsa); 1517 if (mr) { 1518 void *lsa = memory_region_get_ram_ptr(mr); 1519 memset(lsa, 0, memory_region_size(mr)); 1520 } 1521 } 1522 cxl_discard_all_event_records(&ct3d->cxl_dstate); 1523 } 1524 1525 /* 1526 * CXL r3.1 Section 8.2.9.9.5.1: Sanitize (Opcode 4400h) 1527 * 1528 * Once the Sanitize command has started successfully, the device shall be 1529 * placed in the media disabled state. If the command fails or is interrupted 1530 * by a reset or power failure, it shall remain in the media disabled state 1531 * until a successful Sanitize command has been completed. During this state: 1532 * 1533 * 1. Memory writes to the device will have no effect, and all memory reads 1534 * will return random values (no user data returned, even for locations that 1535 * the failed Sanitize operation didn’t sanitize yet). 1536 * 1537 * 2. Mailbox commands shall still be processed in the disabled state, except 1538 * that commands that access Sanitized areas shall fail with the Media Disabled 1539 * error code. 1540 */ 1541 static CXLRetCode cmd_sanitize_overwrite(const struct cxl_cmd *cmd, 1542 uint8_t *payload_in, 1543 size_t len_in, 1544 uint8_t *payload_out, 1545 size_t *len_out, 1546 CXLCCI *cci) 1547 { 1548 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1549 uint64_t total_mem; /* in Mb */ 1550 int secs; 1551 1552 total_mem = (ct3d->cxl_dstate.vmem_size + ct3d->cxl_dstate.pmem_size) >> 20; 1553 if (total_mem <= 512) { 1554 secs = 4; 1555 } else if (total_mem <= 1024) { 1556 secs = 8; 1557 } else if (total_mem <= 2 * 1024) { 1558 secs = 15; 1559 } else if (total_mem <= 4 * 1024) { 1560 secs = 30; 1561 } else if (total_mem <= 8 * 1024) { 1562 secs = 60; 1563 } else if (total_mem <= 16 * 1024) { 1564 secs = 2 * 60; 1565 } else if (total_mem <= 32 * 1024) { 1566 secs = 4 * 60; 1567 } else if (total_mem <= 64 * 1024) { 1568 secs = 8 * 60; 1569 } else if (total_mem <= 128 * 1024) { 1570 secs = 15 * 60; 1571 } else if (total_mem <= 256 * 1024) { 1572 secs = 30 * 60; 1573 } else if (total_mem <= 512 * 1024) { 1574 secs = 60 * 60; 1575 } else if (total_mem <= 1024 * 1024) { 1576 secs = 120 * 60; 1577 } else { 1578 secs = 240 * 60; /* max 4 hrs */ 1579 } 1580 1581 /* EBUSY other bg cmds as of now */ 1582 cci->bg.runtime = secs * 1000UL; 1583 *len_out = 0; 1584 1585 cxl_dev_disable_media(&ct3d->cxl_dstate); 1586 1587 /* sanitize when done */ 1588 return CXL_MBOX_BG_STARTED; 1589 } 1590 1591 static CXLRetCode cmd_get_security_state(const struct cxl_cmd *cmd, 1592 uint8_t *payload_in, 1593 size_t len_in, 1594 uint8_t *payload_out, 1595 size_t *len_out, 1596 CXLCCI *cci) 1597 { 1598 uint32_t *state = (uint32_t *)payload_out; 1599 1600 *state = 0; 1601 *len_out = 4; 1602 return CXL_MBOX_SUCCESS; 1603 } 1604 1605 /* 1606 * CXL r3.1 Section 8.2.9.9.4.1: Get Poison List (Opcode 4300h) 1607 * 1608 * This is very inefficient, but good enough for now! 1609 * Also the payload will always fit, so no need to handle the MORE flag and 1610 * make this stateful. We may want to allow longer poison lists to aid 1611 * testing that kernel functionality. 1612 */ 1613 static CXLRetCode cmd_media_get_poison_list(const struct cxl_cmd *cmd, 1614 uint8_t *payload_in, 1615 size_t len_in, 1616 uint8_t *payload_out, 1617 size_t *len_out, 1618 CXLCCI *cci) 1619 { 1620 struct get_poison_list_pl { 1621 uint64_t pa; 1622 uint64_t length; 1623 } QEMU_PACKED; 1624 1625 struct get_poison_list_out_pl { 1626 uint8_t flags; 1627 uint8_t rsvd1; 1628 uint64_t overflow_timestamp; 1629 uint16_t count; 1630 uint8_t rsvd2[0x14]; 1631 struct { 1632 uint64_t addr; 1633 uint32_t length; 1634 uint32_t resv; 1635 } QEMU_PACKED records[]; 1636 } QEMU_PACKED; 1637 1638 struct get_poison_list_pl *in = (void *)payload_in; 1639 struct get_poison_list_out_pl *out = (void *)payload_out; 1640 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1641 uint16_t record_count = 0, i = 0; 1642 uint64_t query_start, query_length; 1643 CXLPoisonList *poison_list = &ct3d->poison_list; 1644 CXLPoison *ent; 1645 uint16_t out_pl_len; 1646 1647 query_start = ldq_le_p(&in->pa); 1648 /* 64 byte alignment required */ 1649 if (query_start & 0x3f) { 1650 return CXL_MBOX_INVALID_INPUT; 1651 } 1652 query_length = ldq_le_p(&in->length) * CXL_CACHE_LINE_SIZE; 1653 1654 QLIST_FOREACH(ent, poison_list, node) { 1655 /* Check for no overlap */ 1656 if (!ranges_overlap(ent->start, ent->length, 1657 query_start, query_length)) { 1658 continue; 1659 } 1660 record_count++; 1661 } 1662 out_pl_len = sizeof(*out) + record_count * sizeof(out->records[0]); 1663 assert(out_pl_len <= CXL_MAILBOX_MAX_PAYLOAD_SIZE); 1664 1665 QLIST_FOREACH(ent, poison_list, node) { 1666 uint64_t start, stop; 1667 1668 /* Check for no overlap */ 1669 if (!ranges_overlap(ent->start, ent->length, 1670 query_start, query_length)) { 1671 continue; 1672 } 1673 1674 /* Deal with overlap */ 1675 start = MAX(ROUND_DOWN(ent->start, 64ull), query_start); 1676 stop = MIN(ROUND_DOWN(ent->start, 64ull) + ent->length, 1677 query_start + query_length); 1678 stq_le_p(&out->records[i].addr, start | (ent->type & 0x7)); 1679 stl_le_p(&out->records[i].length, (stop - start) / CXL_CACHE_LINE_SIZE); 1680 i++; 1681 } 1682 if (ct3d->poison_list_overflowed) { 1683 out->flags = (1 << 1); 1684 stq_le_p(&out->overflow_timestamp, ct3d->poison_list_overflow_ts); 1685 } 1686 if (scan_media_running(cci)) { 1687 out->flags |= (1 << 2); 1688 } 1689 1690 stw_le_p(&out->count, record_count); 1691 *len_out = out_pl_len; 1692 return CXL_MBOX_SUCCESS; 1693 } 1694 1695 /* CXL r3.1 Section 8.2.9.9.4.2: Inject Poison (Opcode 4301h) */ 1696 static CXLRetCode cmd_media_inject_poison(const struct cxl_cmd *cmd, 1697 uint8_t *payload_in, 1698 size_t len_in, 1699 uint8_t *payload_out, 1700 size_t *len_out, 1701 CXLCCI *cci) 1702 { 1703 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1704 CXLPoisonList *poison_list = &ct3d->poison_list; 1705 CXLPoison *ent; 1706 struct inject_poison_pl { 1707 uint64_t dpa; 1708 }; 1709 struct inject_poison_pl *in = (void *)payload_in; 1710 uint64_t dpa = ldq_le_p(&in->dpa); 1711 CXLPoison *p; 1712 1713 QLIST_FOREACH(ent, poison_list, node) { 1714 if (dpa >= ent->start && 1715 dpa + CXL_CACHE_LINE_SIZE <= ent->start + ent->length) { 1716 return CXL_MBOX_SUCCESS; 1717 } 1718 } 1719 /* 1720 * Freeze the list if there is an on-going scan media operation. 1721 */ 1722 if (scan_media_running(cci)) { 1723 /* 1724 * XXX: Spec is ambiguous - is this case considered 1725 * a successful return despite not adding to the list? 1726 */ 1727 goto success; 1728 } 1729 1730 if (ct3d->poison_list_cnt == CXL_POISON_LIST_LIMIT) { 1731 return CXL_MBOX_INJECT_POISON_LIMIT; 1732 } 1733 p = g_new0(CXLPoison, 1); 1734 1735 p->length = CXL_CACHE_LINE_SIZE; 1736 p->start = dpa; 1737 p->type = CXL_POISON_TYPE_INJECTED; 1738 1739 /* 1740 * Possible todo: Merge with existing entry if next to it and if same type 1741 */ 1742 QLIST_INSERT_HEAD(poison_list, p, node); 1743 ct3d->poison_list_cnt++; 1744 success: 1745 *len_out = 0; 1746 1747 return CXL_MBOX_SUCCESS; 1748 } 1749 1750 /* CXL r3.1 Section 8.2.9.9.4.3: Clear Poison (Opcode 4302h */ 1751 static CXLRetCode cmd_media_clear_poison(const struct cxl_cmd *cmd, 1752 uint8_t *payload_in, 1753 size_t len_in, 1754 uint8_t *payload_out, 1755 size_t *len_out, 1756 CXLCCI *cci) 1757 { 1758 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1759 CXLDeviceState *cxl_dstate = &ct3d->cxl_dstate; 1760 CXLPoisonList *poison_list = &ct3d->poison_list; 1761 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 1762 struct clear_poison_pl { 1763 uint64_t dpa; 1764 uint8_t data[64]; 1765 }; 1766 CXLPoison *ent; 1767 uint64_t dpa; 1768 1769 struct clear_poison_pl *in = (void *)payload_in; 1770 1771 dpa = ldq_le_p(&in->dpa); 1772 if (dpa + CXL_CACHE_LINE_SIZE > cxl_dstate->static_mem_size + 1773 ct3d->dc.total_capacity) { 1774 return CXL_MBOX_INVALID_PA; 1775 } 1776 1777 /* Clearing a region with no poison is not an error so always do so */ 1778 if (cvc->set_cacheline) { 1779 if (!cvc->set_cacheline(ct3d, dpa, in->data)) { 1780 return CXL_MBOX_INTERNAL_ERROR; 1781 } 1782 } 1783 1784 /* 1785 * Freeze the list if there is an on-going scan media operation. 1786 */ 1787 if (scan_media_running(cci)) { 1788 /* 1789 * XXX: Spec is ambiguous - is this case considered 1790 * a successful return despite not removing from the list? 1791 */ 1792 goto success; 1793 } 1794 1795 QLIST_FOREACH(ent, poison_list, node) { 1796 /* 1797 * Test for contained in entry. Simpler than general case 1798 * as clearing 64 bytes and entries 64 byte aligned 1799 */ 1800 if ((dpa >= ent->start) && (dpa < ent->start + ent->length)) { 1801 break; 1802 } 1803 } 1804 if (!ent) { 1805 goto success; 1806 } 1807 1808 QLIST_REMOVE(ent, node); 1809 ct3d->poison_list_cnt--; 1810 1811 if (dpa > ent->start) { 1812 CXLPoison *frag; 1813 /* Cannot overflow as replacing existing entry */ 1814 1815 frag = g_new0(CXLPoison, 1); 1816 1817 frag->start = ent->start; 1818 frag->length = dpa - ent->start; 1819 frag->type = ent->type; 1820 1821 QLIST_INSERT_HEAD(poison_list, frag, node); 1822 ct3d->poison_list_cnt++; 1823 } 1824 1825 if (dpa + CXL_CACHE_LINE_SIZE < ent->start + ent->length) { 1826 CXLPoison *frag; 1827 1828 if (ct3d->poison_list_cnt == CXL_POISON_LIST_LIMIT) { 1829 cxl_set_poison_list_overflowed(ct3d); 1830 } else { 1831 frag = g_new0(CXLPoison, 1); 1832 1833 frag->start = dpa + CXL_CACHE_LINE_SIZE; 1834 frag->length = ent->start + ent->length - frag->start; 1835 frag->type = ent->type; 1836 QLIST_INSERT_HEAD(poison_list, frag, node); 1837 ct3d->poison_list_cnt++; 1838 } 1839 } 1840 /* Any fragments have been added, free original entry */ 1841 g_free(ent); 1842 success: 1843 *len_out = 0; 1844 1845 return CXL_MBOX_SUCCESS; 1846 } 1847 1848 /* 1849 * CXL r3.1 section 8.2.9.9.4.4: Get Scan Media Capabilities 1850 */ 1851 static CXLRetCode 1852 cmd_media_get_scan_media_capabilities(const struct cxl_cmd *cmd, 1853 uint8_t *payload_in, 1854 size_t len_in, 1855 uint8_t *payload_out, 1856 size_t *len_out, 1857 CXLCCI *cci) 1858 { 1859 struct get_scan_media_capabilities_pl { 1860 uint64_t pa; 1861 uint64_t length; 1862 } QEMU_PACKED; 1863 1864 struct get_scan_media_capabilities_out_pl { 1865 uint32_t estimated_runtime_ms; 1866 }; 1867 1868 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1869 CXLDeviceState *cxl_dstate = &ct3d->cxl_dstate; 1870 struct get_scan_media_capabilities_pl *in = (void *)payload_in; 1871 struct get_scan_media_capabilities_out_pl *out = (void *)payload_out; 1872 uint64_t query_start; 1873 uint64_t query_length; 1874 1875 query_start = ldq_le_p(&in->pa); 1876 /* 64 byte alignment required */ 1877 if (query_start & 0x3f) { 1878 return CXL_MBOX_INVALID_INPUT; 1879 } 1880 query_length = ldq_le_p(&in->length) * CXL_CACHE_LINE_SIZE; 1881 1882 if (query_start + query_length > cxl_dstate->static_mem_size) { 1883 return CXL_MBOX_INVALID_PA; 1884 } 1885 1886 /* 1887 * Just use 400 nanosecond access/read latency + 100 ns for 1888 * the cost of updating the poison list. For small enough 1889 * chunks return at least 1 ms. 1890 */ 1891 stl_le_p(&out->estimated_runtime_ms, 1892 MAX(1, query_length * (0.0005L / 64))); 1893 1894 *len_out = sizeof(*out); 1895 return CXL_MBOX_SUCCESS; 1896 } 1897 1898 static void __do_scan_media(CXLType3Dev *ct3d) 1899 { 1900 CXLPoison *ent; 1901 unsigned int results_cnt = 0; 1902 1903 QLIST_FOREACH(ent, &ct3d->scan_media_results, node) { 1904 results_cnt++; 1905 } 1906 1907 /* only scan media may clear the overflow */ 1908 if (ct3d->poison_list_overflowed && 1909 ct3d->poison_list_cnt == results_cnt) { 1910 cxl_clear_poison_list_overflowed(ct3d); 1911 } 1912 /* scan media has run since last conventional reset */ 1913 ct3d->scan_media_hasrun = true; 1914 } 1915 1916 /* 1917 * CXL r3.1 section 8.2.9.9.4.5: Scan Media 1918 */ 1919 static CXLRetCode cmd_media_scan_media(const struct cxl_cmd *cmd, 1920 uint8_t *payload_in, 1921 size_t len_in, 1922 uint8_t *payload_out, 1923 size_t *len_out, 1924 CXLCCI *cci) 1925 { 1926 struct scan_media_pl { 1927 uint64_t pa; 1928 uint64_t length; 1929 uint8_t flags; 1930 } QEMU_PACKED; 1931 1932 struct scan_media_pl *in = (void *)payload_in; 1933 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 1934 CXLDeviceState *cxl_dstate = &ct3d->cxl_dstate; 1935 uint64_t query_start; 1936 uint64_t query_length; 1937 CXLPoison *ent, *next; 1938 1939 query_start = ldq_le_p(&in->pa); 1940 /* 64 byte alignment required */ 1941 if (query_start & 0x3f) { 1942 return CXL_MBOX_INVALID_INPUT; 1943 } 1944 query_length = ldq_le_p(&in->length) * CXL_CACHE_LINE_SIZE; 1945 1946 if (query_start + query_length > cxl_dstate->static_mem_size) { 1947 return CXL_MBOX_INVALID_PA; 1948 } 1949 if (ct3d->dc.num_regions && query_start + query_length >= 1950 cxl_dstate->static_mem_size + ct3d->dc.total_capacity) { 1951 return CXL_MBOX_INVALID_PA; 1952 } 1953 1954 if (in->flags == 0) { /* TODO */ 1955 qemu_log_mask(LOG_UNIMP, 1956 "Scan Media Event Log is unsupported\n"); 1957 } 1958 1959 /* any previous results are discarded upon a new Scan Media */ 1960 QLIST_FOREACH_SAFE(ent, &ct3d->scan_media_results, node, next) { 1961 QLIST_REMOVE(ent, node); 1962 g_free(ent); 1963 } 1964 1965 /* kill the poison list - it will be recreated */ 1966 if (ct3d->poison_list_overflowed) { 1967 QLIST_FOREACH_SAFE(ent, &ct3d->poison_list, node, next) { 1968 QLIST_REMOVE(ent, node); 1969 g_free(ent); 1970 ct3d->poison_list_cnt--; 1971 } 1972 } 1973 1974 /* 1975 * Scan the backup list and move corresponding entries 1976 * into the results list, updating the poison list 1977 * when possible. 1978 */ 1979 QLIST_FOREACH_SAFE(ent, &ct3d->poison_list_bkp, node, next) { 1980 CXLPoison *res; 1981 1982 if (ent->start >= query_start + query_length || 1983 ent->start + ent->length <= query_start) { 1984 continue; 1985 } 1986 1987 /* 1988 * If a Get Poison List cmd comes in while this 1989 * scan is being done, it will see the new complete 1990 * list, while setting the respective flag. 1991 */ 1992 if (ct3d->poison_list_cnt < CXL_POISON_LIST_LIMIT) { 1993 CXLPoison *p = g_new0(CXLPoison, 1); 1994 1995 p->start = ent->start; 1996 p->length = ent->length; 1997 p->type = ent->type; 1998 QLIST_INSERT_HEAD(&ct3d->poison_list, p, node); 1999 ct3d->poison_list_cnt++; 2000 } 2001 2002 res = g_new0(CXLPoison, 1); 2003 res->start = ent->start; 2004 res->length = ent->length; 2005 res->type = ent->type; 2006 QLIST_INSERT_HEAD(&ct3d->scan_media_results, res, node); 2007 2008 QLIST_REMOVE(ent, node); 2009 g_free(ent); 2010 } 2011 2012 cci->bg.runtime = MAX(1, query_length * (0.0005L / 64)); 2013 *len_out = 0; 2014 2015 return CXL_MBOX_BG_STARTED; 2016 } 2017 2018 /* 2019 * CXL r3.1 section 8.2.9.9.4.6: Get Scan Media Results 2020 */ 2021 static CXLRetCode cmd_media_get_scan_media_results(const struct cxl_cmd *cmd, 2022 uint8_t *payload_in, 2023 size_t len_in, 2024 uint8_t *payload_out, 2025 size_t *len_out, 2026 CXLCCI *cci) 2027 { 2028 struct get_scan_media_results_out_pl { 2029 uint64_t dpa_restart; 2030 uint64_t length; 2031 uint8_t flags; 2032 uint8_t rsvd1; 2033 uint16_t count; 2034 uint8_t rsvd2[0xc]; 2035 struct { 2036 uint64_t addr; 2037 uint32_t length; 2038 uint32_t resv; 2039 } QEMU_PACKED records[]; 2040 } QEMU_PACKED; 2041 2042 struct get_scan_media_results_out_pl *out = (void *)payload_out; 2043 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2044 CXLPoisonList *scan_media_results = &ct3d->scan_media_results; 2045 CXLPoison *ent, *next; 2046 uint16_t total_count = 0, record_count = 0, i = 0; 2047 uint16_t out_pl_len; 2048 2049 if (!ct3d->scan_media_hasrun) { 2050 return CXL_MBOX_UNSUPPORTED; 2051 } 2052 2053 /* 2054 * Calculate limits, all entries are within the same address range of the 2055 * last scan media call. 2056 */ 2057 QLIST_FOREACH(ent, scan_media_results, node) { 2058 size_t rec_size = record_count * sizeof(out->records[0]); 2059 2060 if (sizeof(*out) + rec_size < CXL_MAILBOX_MAX_PAYLOAD_SIZE) { 2061 record_count++; 2062 } 2063 total_count++; 2064 } 2065 2066 out_pl_len = sizeof(*out) + record_count * sizeof(out->records[0]); 2067 assert(out_pl_len <= CXL_MAILBOX_MAX_PAYLOAD_SIZE); 2068 2069 memset(out, 0, out_pl_len); 2070 QLIST_FOREACH_SAFE(ent, scan_media_results, node, next) { 2071 uint64_t start, stop; 2072 2073 if (i == record_count) { 2074 break; 2075 } 2076 2077 start = ROUND_DOWN(ent->start, 64ull); 2078 stop = ROUND_DOWN(ent->start, 64ull) + ent->length; 2079 stq_le_p(&out->records[i].addr, start); 2080 stl_le_p(&out->records[i].length, (stop - start) / CXL_CACHE_LINE_SIZE); 2081 i++; 2082 2083 /* consume the returning entry */ 2084 QLIST_REMOVE(ent, node); 2085 g_free(ent); 2086 } 2087 2088 stw_le_p(&out->count, record_count); 2089 if (total_count > record_count) { 2090 out->flags = (1 << 0); /* More Media Error Records */ 2091 } 2092 2093 *len_out = out_pl_len; 2094 return CXL_MBOX_SUCCESS; 2095 } 2096 2097 /* 2098 * CXL r3.1 section 8.2.9.9.9.1: Get Dynamic Capacity Configuration 2099 * (Opcode: 4800h) 2100 */ 2101 static CXLRetCode cmd_dcd_get_dyn_cap_config(const struct cxl_cmd *cmd, 2102 uint8_t *payload_in, 2103 size_t len_in, 2104 uint8_t *payload_out, 2105 size_t *len_out, 2106 CXLCCI *cci) 2107 { 2108 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2109 struct { 2110 uint8_t region_cnt; 2111 uint8_t start_rid; 2112 } QEMU_PACKED *in = (void *)payload_in; 2113 struct { 2114 uint8_t num_regions; 2115 uint8_t regions_returned; 2116 uint8_t rsvd1[6]; 2117 struct { 2118 uint64_t base; 2119 uint64_t decode_len; 2120 uint64_t region_len; 2121 uint64_t block_size; 2122 uint32_t dsmadhandle; 2123 uint8_t flags; 2124 uint8_t rsvd2[3]; 2125 } QEMU_PACKED records[]; 2126 } QEMU_PACKED *out = (void *)payload_out; 2127 struct { 2128 uint32_t num_extents_supported; 2129 uint32_t num_extents_available; 2130 uint32_t num_tags_supported; 2131 uint32_t num_tags_available; 2132 } QEMU_PACKED *extra_out; 2133 uint16_t record_count; 2134 uint16_t i; 2135 uint16_t out_pl_len; 2136 uint8_t start_rid; 2137 2138 start_rid = in->start_rid; 2139 if (start_rid >= ct3d->dc.num_regions) { 2140 return CXL_MBOX_INVALID_INPUT; 2141 } 2142 2143 record_count = MIN(ct3d->dc.num_regions - in->start_rid, in->region_cnt); 2144 2145 out_pl_len = sizeof(*out) + record_count * sizeof(out->records[0]); 2146 extra_out = (void *)(payload_out + out_pl_len); 2147 out_pl_len += sizeof(*extra_out); 2148 assert(out_pl_len <= CXL_MAILBOX_MAX_PAYLOAD_SIZE); 2149 2150 out->num_regions = ct3d->dc.num_regions; 2151 out->regions_returned = record_count; 2152 for (i = 0; i < record_count; i++) { 2153 stq_le_p(&out->records[i].base, 2154 ct3d->dc.regions[start_rid + i].base); 2155 stq_le_p(&out->records[i].decode_len, 2156 ct3d->dc.regions[start_rid + i].decode_len / 2157 CXL_CAPACITY_MULTIPLIER); 2158 stq_le_p(&out->records[i].region_len, 2159 ct3d->dc.regions[start_rid + i].len); 2160 stq_le_p(&out->records[i].block_size, 2161 ct3d->dc.regions[start_rid + i].block_size); 2162 stl_le_p(&out->records[i].dsmadhandle, 2163 ct3d->dc.regions[start_rid + i].dsmadhandle); 2164 out->records[i].flags = ct3d->dc.regions[start_rid + i].flags; 2165 } 2166 /* 2167 * TODO: Assign values once extents and tags are introduced 2168 * to use. 2169 */ 2170 stl_le_p(&extra_out->num_extents_supported, CXL_NUM_EXTENTS_SUPPORTED); 2171 stl_le_p(&extra_out->num_extents_available, CXL_NUM_EXTENTS_SUPPORTED - 2172 ct3d->dc.total_extent_count); 2173 stl_le_p(&extra_out->num_tags_supported, CXL_NUM_TAGS_SUPPORTED); 2174 stl_le_p(&extra_out->num_tags_available, CXL_NUM_TAGS_SUPPORTED); 2175 2176 *len_out = out_pl_len; 2177 return CXL_MBOX_SUCCESS; 2178 } 2179 2180 /* 2181 * CXL r3.1 section 8.2.9.9.9.2: 2182 * Get Dynamic Capacity Extent List (Opcode 4801h) 2183 */ 2184 static CXLRetCode cmd_dcd_get_dyn_cap_ext_list(const struct cxl_cmd *cmd, 2185 uint8_t *payload_in, 2186 size_t len_in, 2187 uint8_t *payload_out, 2188 size_t *len_out, 2189 CXLCCI *cci) 2190 { 2191 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2192 struct { 2193 uint32_t extent_cnt; 2194 uint32_t start_extent_id; 2195 } QEMU_PACKED *in = (void *)payload_in; 2196 struct { 2197 uint32_t count; 2198 uint32_t total_extents; 2199 uint32_t generation_num; 2200 uint8_t rsvd[4]; 2201 CXLDCExtentRaw records[]; 2202 } QEMU_PACKED *out = (void *)payload_out; 2203 uint32_t start_extent_id = in->start_extent_id; 2204 CXLDCExtentList *extent_list = &ct3d->dc.extents; 2205 uint16_t record_count = 0, i = 0, record_done = 0; 2206 uint16_t out_pl_len, size; 2207 CXLDCExtent *ent; 2208 2209 if (start_extent_id > ct3d->dc.total_extent_count) { 2210 return CXL_MBOX_INVALID_INPUT; 2211 } 2212 2213 record_count = MIN(in->extent_cnt, 2214 ct3d->dc.total_extent_count - start_extent_id); 2215 size = CXL_MAILBOX_MAX_PAYLOAD_SIZE - sizeof(*out); 2216 record_count = MIN(record_count, size / sizeof(out->records[0])); 2217 out_pl_len = sizeof(*out) + record_count * sizeof(out->records[0]); 2218 2219 stl_le_p(&out->count, record_count); 2220 stl_le_p(&out->total_extents, ct3d->dc.total_extent_count); 2221 stl_le_p(&out->generation_num, ct3d->dc.ext_list_gen_seq); 2222 2223 if (record_count > 0) { 2224 CXLDCExtentRaw *out_rec = &out->records[record_done]; 2225 2226 QTAILQ_FOREACH(ent, extent_list, node) { 2227 if (i++ < start_extent_id) { 2228 continue; 2229 } 2230 stq_le_p(&out_rec->start_dpa, ent->start_dpa); 2231 stq_le_p(&out_rec->len, ent->len); 2232 memcpy(&out_rec->tag, ent->tag, 0x10); 2233 stw_le_p(&out_rec->shared_seq, ent->shared_seq); 2234 2235 record_done++; 2236 if (record_done == record_count) { 2237 break; 2238 } 2239 } 2240 } 2241 2242 *len_out = out_pl_len; 2243 return CXL_MBOX_SUCCESS; 2244 } 2245 2246 /* 2247 * Check whether any bit between addr[nr, nr+size) is set, 2248 * return true if any bit is set, otherwise return false 2249 */ 2250 bool test_any_bits_set(const unsigned long *addr, unsigned long nr, 2251 unsigned long size) 2252 { 2253 unsigned long res = find_next_bit(addr, size + nr, nr); 2254 2255 return res < nr + size; 2256 } 2257 2258 CXLDCRegion *cxl_find_dc_region(CXLType3Dev *ct3d, uint64_t dpa, uint64_t len) 2259 { 2260 int i; 2261 CXLDCRegion *region = &ct3d->dc.regions[0]; 2262 2263 if (dpa < region->base || 2264 dpa >= region->base + ct3d->dc.total_capacity) { 2265 return NULL; 2266 } 2267 2268 /* 2269 * CXL r3.1 section 9.13.3: Dynamic Capacity Device (DCD) 2270 * 2271 * Regions are used in increasing-DPA order, with Region 0 being used for 2272 * the lowest DPA of Dynamic Capacity and Region 7 for the highest DPA. 2273 * So check from the last region to find where the dpa belongs. Extents that 2274 * cross multiple regions are not allowed. 2275 */ 2276 for (i = ct3d->dc.num_regions - 1; i >= 0; i--) { 2277 region = &ct3d->dc.regions[i]; 2278 if (dpa >= region->base) { 2279 if (dpa + len > region->base + region->len) { 2280 return NULL; 2281 } 2282 return region; 2283 } 2284 } 2285 2286 return NULL; 2287 } 2288 2289 void cxl_insert_extent_to_extent_list(CXLDCExtentList *list, 2290 uint64_t dpa, 2291 uint64_t len, 2292 uint8_t *tag, 2293 uint16_t shared_seq) 2294 { 2295 CXLDCExtent *extent; 2296 2297 extent = g_new0(CXLDCExtent, 1); 2298 extent->start_dpa = dpa; 2299 extent->len = len; 2300 if (tag) { 2301 memcpy(extent->tag, tag, 0x10); 2302 } 2303 extent->shared_seq = shared_seq; 2304 2305 QTAILQ_INSERT_TAIL(list, extent, node); 2306 } 2307 2308 void cxl_remove_extent_from_extent_list(CXLDCExtentList *list, 2309 CXLDCExtent *extent) 2310 { 2311 QTAILQ_REMOVE(list, extent, node); 2312 g_free(extent); 2313 } 2314 2315 /* 2316 * Add a new extent to the extent "group" if group exists; 2317 * otherwise, create a new group 2318 * Return value: the extent group where the extent is inserted. 2319 */ 2320 CXLDCExtentGroup *cxl_insert_extent_to_extent_group(CXLDCExtentGroup *group, 2321 uint64_t dpa, 2322 uint64_t len, 2323 uint8_t *tag, 2324 uint16_t shared_seq) 2325 { 2326 if (!group) { 2327 group = g_new0(CXLDCExtentGroup, 1); 2328 QTAILQ_INIT(&group->list); 2329 } 2330 cxl_insert_extent_to_extent_list(&group->list, dpa, len, 2331 tag, shared_seq); 2332 return group; 2333 } 2334 2335 void cxl_extent_group_list_insert_tail(CXLDCExtentGroupList *list, 2336 CXLDCExtentGroup *group) 2337 { 2338 QTAILQ_INSERT_TAIL(list, group, node); 2339 } 2340 2341 void cxl_extent_group_list_delete_front(CXLDCExtentGroupList *list) 2342 { 2343 CXLDCExtent *ent, *ent_next; 2344 CXLDCExtentGroup *group = QTAILQ_FIRST(list); 2345 2346 QTAILQ_REMOVE(list, group, node); 2347 QTAILQ_FOREACH_SAFE(ent, &group->list, node, ent_next) { 2348 cxl_remove_extent_from_extent_list(&group->list, ent); 2349 } 2350 g_free(group); 2351 } 2352 2353 /* 2354 * CXL r3.1 Table 8-168: Add Dynamic Capacity Response Input Payload 2355 * CXL r3.1 Table 8-170: Release Dynamic Capacity Input Payload 2356 */ 2357 typedef struct CXLUpdateDCExtentListInPl { 2358 uint32_t num_entries_updated; 2359 uint8_t flags; 2360 uint8_t rsvd[3]; 2361 /* CXL r3.1 Table 8-169: Updated Extent */ 2362 struct { 2363 uint64_t start_dpa; 2364 uint64_t len; 2365 uint8_t rsvd[8]; 2366 } QEMU_PACKED updated_entries[]; 2367 } QEMU_PACKED CXLUpdateDCExtentListInPl; 2368 2369 /* 2370 * For the extents in the extent list to operate, check whether they are valid 2371 * 1. The extent should be in the range of a valid DC region; 2372 * 2. The extent should not cross multiple regions; 2373 * 3. The start DPA and the length of the extent should align with the block 2374 * size of the region; 2375 * 4. The address range of multiple extents in the list should not overlap. 2376 */ 2377 static CXLRetCode cxl_detect_malformed_extent_list(CXLType3Dev *ct3d, 2378 const CXLUpdateDCExtentListInPl *in) 2379 { 2380 uint64_t min_block_size = UINT64_MAX; 2381 CXLDCRegion *region; 2382 CXLDCRegion *lastregion = &ct3d->dc.regions[ct3d->dc.num_regions - 1]; 2383 g_autofree unsigned long *blk_bitmap = NULL; 2384 uint64_t dpa, len; 2385 uint32_t i; 2386 2387 for (i = 0; i < ct3d->dc.num_regions; i++) { 2388 region = &ct3d->dc.regions[i]; 2389 min_block_size = MIN(min_block_size, region->block_size); 2390 } 2391 2392 blk_bitmap = bitmap_new((lastregion->base + lastregion->len - 2393 ct3d->dc.regions[0].base) / min_block_size); 2394 2395 for (i = 0; i < in->num_entries_updated; i++) { 2396 dpa = in->updated_entries[i].start_dpa; 2397 len = in->updated_entries[i].len; 2398 2399 region = cxl_find_dc_region(ct3d, dpa, len); 2400 if (!region) { 2401 return CXL_MBOX_INVALID_PA; 2402 } 2403 2404 dpa -= ct3d->dc.regions[0].base; 2405 if (dpa % region->block_size || len % region->block_size) { 2406 return CXL_MBOX_INVALID_EXTENT_LIST; 2407 } 2408 /* the dpa range already covered by some other extents in the list */ 2409 if (test_any_bits_set(blk_bitmap, dpa / min_block_size, 2410 len / min_block_size)) { 2411 return CXL_MBOX_INVALID_EXTENT_LIST; 2412 } 2413 bitmap_set(blk_bitmap, dpa / min_block_size, len / min_block_size); 2414 } 2415 2416 return CXL_MBOX_SUCCESS; 2417 } 2418 2419 static CXLRetCode cxl_dcd_add_dyn_cap_rsp_dry_run(CXLType3Dev *ct3d, 2420 const CXLUpdateDCExtentListInPl *in) 2421 { 2422 uint32_t i; 2423 CXLDCExtent *ent; 2424 CXLDCExtentGroup *ext_group; 2425 uint64_t dpa, len; 2426 Range range1, range2; 2427 2428 for (i = 0; i < in->num_entries_updated; i++) { 2429 dpa = in->updated_entries[i].start_dpa; 2430 len = in->updated_entries[i].len; 2431 2432 range_init_nofail(&range1, dpa, len); 2433 2434 /* 2435 * The host-accepted DPA range must be contained by the first extent 2436 * group in the pending list 2437 */ 2438 ext_group = QTAILQ_FIRST(&ct3d->dc.extents_pending); 2439 if (!cxl_extents_contains_dpa_range(&ext_group->list, dpa, len)) { 2440 return CXL_MBOX_INVALID_PA; 2441 } 2442 2443 /* to-be-added range should not overlap with range already accepted */ 2444 QTAILQ_FOREACH(ent, &ct3d->dc.extents, node) { 2445 range_init_nofail(&range2, ent->start_dpa, ent->len); 2446 if (range_overlaps_range(&range1, &range2)) { 2447 return CXL_MBOX_INVALID_PA; 2448 } 2449 } 2450 } 2451 return CXL_MBOX_SUCCESS; 2452 } 2453 2454 /* 2455 * CXL r3.1 section 8.2.9.9.9.3: Add Dynamic Capacity Response (Opcode 4802h) 2456 * An extent is added to the extent list and becomes usable only after the 2457 * response is processed successfully. 2458 */ 2459 static CXLRetCode cmd_dcd_add_dyn_cap_rsp(const struct cxl_cmd *cmd, 2460 uint8_t *payload_in, 2461 size_t len_in, 2462 uint8_t *payload_out, 2463 size_t *len_out, 2464 CXLCCI *cci) 2465 { 2466 CXLUpdateDCExtentListInPl *in = (void *)payload_in; 2467 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2468 CXLDCExtentList *extent_list = &ct3d->dc.extents; 2469 uint32_t i; 2470 uint64_t dpa, len; 2471 CXLRetCode ret; 2472 2473 if (in->num_entries_updated == 0) { 2474 cxl_extent_group_list_delete_front(&ct3d->dc.extents_pending); 2475 return CXL_MBOX_SUCCESS; 2476 } 2477 2478 /* Adding extents causes exceeding device's extent tracking ability. */ 2479 if (in->num_entries_updated + ct3d->dc.total_extent_count > 2480 CXL_NUM_EXTENTS_SUPPORTED) { 2481 return CXL_MBOX_RESOURCES_EXHAUSTED; 2482 } 2483 2484 ret = cxl_detect_malformed_extent_list(ct3d, in); 2485 if (ret != CXL_MBOX_SUCCESS) { 2486 return ret; 2487 } 2488 2489 ret = cxl_dcd_add_dyn_cap_rsp_dry_run(ct3d, in); 2490 if (ret != CXL_MBOX_SUCCESS) { 2491 return ret; 2492 } 2493 2494 for (i = 0; i < in->num_entries_updated; i++) { 2495 dpa = in->updated_entries[i].start_dpa; 2496 len = in->updated_entries[i].len; 2497 2498 cxl_insert_extent_to_extent_list(extent_list, dpa, len, NULL, 0); 2499 ct3d->dc.total_extent_count += 1; 2500 ct3_set_region_block_backed(ct3d, dpa, len); 2501 } 2502 /* Remove the first extent group in the pending list */ 2503 cxl_extent_group_list_delete_front(&ct3d->dc.extents_pending); 2504 2505 return CXL_MBOX_SUCCESS; 2506 } 2507 2508 /* 2509 * Copy extent list from src to dst 2510 * Return value: number of extents copied 2511 */ 2512 static uint32_t copy_extent_list(CXLDCExtentList *dst, 2513 const CXLDCExtentList *src) 2514 { 2515 uint32_t cnt = 0; 2516 CXLDCExtent *ent; 2517 2518 if (!dst || !src) { 2519 return 0; 2520 } 2521 2522 QTAILQ_FOREACH(ent, src, node) { 2523 cxl_insert_extent_to_extent_list(dst, ent->start_dpa, ent->len, 2524 ent->tag, ent->shared_seq); 2525 cnt++; 2526 } 2527 return cnt; 2528 } 2529 2530 static CXLRetCode cxl_dc_extent_release_dry_run(CXLType3Dev *ct3d, 2531 const CXLUpdateDCExtentListInPl *in, CXLDCExtentList *updated_list, 2532 uint32_t *updated_list_size) 2533 { 2534 CXLDCExtent *ent, *ent_next; 2535 uint64_t dpa, len; 2536 uint32_t i; 2537 int cnt_delta = 0; 2538 CXLRetCode ret = CXL_MBOX_SUCCESS; 2539 2540 QTAILQ_INIT(updated_list); 2541 copy_extent_list(updated_list, &ct3d->dc.extents); 2542 2543 for (i = 0; i < in->num_entries_updated; i++) { 2544 Range range; 2545 2546 dpa = in->updated_entries[i].start_dpa; 2547 len = in->updated_entries[i].len; 2548 2549 /* Check if the DPA range is not fully backed with valid extents */ 2550 if (!ct3_test_region_block_backed(ct3d, dpa, len)) { 2551 ret = CXL_MBOX_INVALID_PA; 2552 goto free_and_exit; 2553 } 2554 2555 /* After this point, extent overflow is the only error can happen */ 2556 while (len > 0) { 2557 QTAILQ_FOREACH(ent, updated_list, node) { 2558 range_init_nofail(&range, ent->start_dpa, ent->len); 2559 2560 if (range_contains(&range, dpa)) { 2561 uint64_t len1, len2 = 0, len_done = 0; 2562 uint64_t ent_start_dpa = ent->start_dpa; 2563 uint64_t ent_len = ent->len; 2564 2565 len1 = dpa - ent->start_dpa; 2566 /* Found the extent or the subset of an existing extent */ 2567 if (range_contains(&range, dpa + len - 1)) { 2568 len2 = ent_start_dpa + ent_len - dpa - len; 2569 } else { 2570 dpa = ent_start_dpa + ent_len; 2571 } 2572 len_done = ent_len - len1 - len2; 2573 2574 cxl_remove_extent_from_extent_list(updated_list, ent); 2575 cnt_delta--; 2576 2577 if (len1) { 2578 cxl_insert_extent_to_extent_list(updated_list, 2579 ent_start_dpa, 2580 len1, NULL, 0); 2581 cnt_delta++; 2582 } 2583 if (len2) { 2584 cxl_insert_extent_to_extent_list(updated_list, 2585 dpa + len, 2586 len2, NULL, 0); 2587 cnt_delta++; 2588 } 2589 2590 if (cnt_delta + ct3d->dc.total_extent_count > 2591 CXL_NUM_EXTENTS_SUPPORTED) { 2592 ret = CXL_MBOX_RESOURCES_EXHAUSTED; 2593 goto free_and_exit; 2594 } 2595 2596 len -= len_done; 2597 break; 2598 } 2599 } 2600 } 2601 } 2602 free_and_exit: 2603 if (ret != CXL_MBOX_SUCCESS) { 2604 QTAILQ_FOREACH_SAFE(ent, updated_list, node, ent_next) { 2605 cxl_remove_extent_from_extent_list(updated_list, ent); 2606 } 2607 *updated_list_size = 0; 2608 } else { 2609 *updated_list_size = ct3d->dc.total_extent_count + cnt_delta; 2610 } 2611 2612 return ret; 2613 } 2614 2615 /* 2616 * CXL r3.1 section 8.2.9.9.9.4: Release Dynamic Capacity (Opcode 4803h) 2617 */ 2618 static CXLRetCode cmd_dcd_release_dyn_cap(const struct cxl_cmd *cmd, 2619 uint8_t *payload_in, 2620 size_t len_in, 2621 uint8_t *payload_out, 2622 size_t *len_out, 2623 CXLCCI *cci) 2624 { 2625 CXLUpdateDCExtentListInPl *in = (void *)payload_in; 2626 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2627 CXLDCExtentList updated_list; 2628 CXLDCExtent *ent, *ent_next; 2629 uint32_t updated_list_size; 2630 CXLRetCode ret; 2631 2632 if (in->num_entries_updated == 0) { 2633 return CXL_MBOX_INVALID_INPUT; 2634 } 2635 2636 ret = cxl_detect_malformed_extent_list(ct3d, in); 2637 if (ret != CXL_MBOX_SUCCESS) { 2638 return ret; 2639 } 2640 2641 ret = cxl_dc_extent_release_dry_run(ct3d, in, &updated_list, 2642 &updated_list_size); 2643 if (ret != CXL_MBOX_SUCCESS) { 2644 return ret; 2645 } 2646 2647 /* 2648 * If the dry run release passes, the returned updated_list will 2649 * be the updated extent list and we just need to clear the extents 2650 * in the accepted list and copy extents in the updated_list to accepted 2651 * list and update the extent count; 2652 */ 2653 QTAILQ_FOREACH_SAFE(ent, &ct3d->dc.extents, node, ent_next) { 2654 ct3_clear_region_block_backed(ct3d, ent->start_dpa, ent->len); 2655 cxl_remove_extent_from_extent_list(&ct3d->dc.extents, ent); 2656 } 2657 copy_extent_list(&ct3d->dc.extents, &updated_list); 2658 QTAILQ_FOREACH_SAFE(ent, &updated_list, node, ent_next) { 2659 ct3_set_region_block_backed(ct3d, ent->start_dpa, ent->len); 2660 cxl_remove_extent_from_extent_list(&updated_list, ent); 2661 } 2662 ct3d->dc.total_extent_count = updated_list_size; 2663 2664 return CXL_MBOX_SUCCESS; 2665 } 2666 2667 static const struct cxl_cmd cxl_cmd_set[256][256] = { 2668 [EVENTS][GET_RECORDS] = { "EVENTS_GET_RECORDS", 2669 cmd_events_get_records, 1, 0 }, 2670 [EVENTS][CLEAR_RECORDS] = { "EVENTS_CLEAR_RECORDS", 2671 cmd_events_clear_records, ~0, CXL_MBOX_IMMEDIATE_LOG_CHANGE }, 2672 [EVENTS][GET_INTERRUPT_POLICY] = { "EVENTS_GET_INTERRUPT_POLICY", 2673 cmd_events_get_interrupt_policy, 0, 0 }, 2674 [EVENTS][SET_INTERRUPT_POLICY] = { "EVENTS_SET_INTERRUPT_POLICY", 2675 cmd_events_set_interrupt_policy, 2676 ~0, CXL_MBOX_IMMEDIATE_CONFIG_CHANGE }, 2677 [FIRMWARE_UPDATE][GET_INFO] = { "FIRMWARE_UPDATE_GET_INFO", 2678 cmd_firmware_update_get_info, 0, 0 }, 2679 [FIRMWARE_UPDATE][TRANSFER] = { "FIRMWARE_UPDATE_TRANSFER", 2680 cmd_firmware_update_transfer, ~0, CXL_MBOX_BACKGROUND_OPERATION }, 2681 [FIRMWARE_UPDATE][ACTIVATE] = { "FIRMWARE_UPDATE_ACTIVATE", 2682 cmd_firmware_update_activate, 2, CXL_MBOX_BACKGROUND_OPERATION }, 2683 [TIMESTAMP][GET] = { "TIMESTAMP_GET", cmd_timestamp_get, 0, 0 }, 2684 [TIMESTAMP][SET] = { "TIMESTAMP_SET", cmd_timestamp_set, 2685 8, CXL_MBOX_IMMEDIATE_POLICY_CHANGE }, 2686 [LOGS][GET_SUPPORTED] = { "LOGS_GET_SUPPORTED", cmd_logs_get_supported, 2687 0, 0 }, 2688 [LOGS][GET_LOG] = { "LOGS_GET_LOG", cmd_logs_get_log, 0x18, 0 }, 2689 [FEATURES][GET_SUPPORTED] = { "FEATURES_GET_SUPPORTED", 2690 cmd_features_get_supported, 0x8, 0 }, 2691 [FEATURES][GET_FEATURE] = { "FEATURES_GET_FEATURE", 2692 cmd_features_get_feature, 0x15, 0 }, 2693 [FEATURES][SET_FEATURE] = { "FEATURES_SET_FEATURE", 2694 cmd_features_set_feature, 2695 ~0, 2696 (CXL_MBOX_IMMEDIATE_CONFIG_CHANGE | 2697 CXL_MBOX_IMMEDIATE_DATA_CHANGE | 2698 CXL_MBOX_IMMEDIATE_POLICY_CHANGE | 2699 CXL_MBOX_IMMEDIATE_LOG_CHANGE | 2700 CXL_MBOX_SECURITY_STATE_CHANGE)}, 2701 [IDENTIFY][MEMORY_DEVICE] = { "IDENTIFY_MEMORY_DEVICE", 2702 cmd_identify_memory_device, 0, 0 }, 2703 [CCLS][GET_PARTITION_INFO] = { "CCLS_GET_PARTITION_INFO", 2704 cmd_ccls_get_partition_info, 0, 0 }, 2705 [CCLS][GET_LSA] = { "CCLS_GET_LSA", cmd_ccls_get_lsa, 8, 0 }, 2706 [CCLS][SET_LSA] = { "CCLS_SET_LSA", cmd_ccls_set_lsa, 2707 ~0, CXL_MBOX_IMMEDIATE_CONFIG_CHANGE | CXL_MBOX_IMMEDIATE_DATA_CHANGE }, 2708 [SANITIZE][OVERWRITE] = { "SANITIZE_OVERWRITE", cmd_sanitize_overwrite, 0, 2709 (CXL_MBOX_IMMEDIATE_DATA_CHANGE | 2710 CXL_MBOX_SECURITY_STATE_CHANGE | 2711 CXL_MBOX_BACKGROUND_OPERATION)}, 2712 [PERSISTENT_MEM][GET_SECURITY_STATE] = { "GET_SECURITY_STATE", 2713 cmd_get_security_state, 0, 0 }, 2714 [MEDIA_AND_POISON][GET_POISON_LIST] = { "MEDIA_AND_POISON_GET_POISON_LIST", 2715 cmd_media_get_poison_list, 16, 0 }, 2716 [MEDIA_AND_POISON][INJECT_POISON] = { "MEDIA_AND_POISON_INJECT_POISON", 2717 cmd_media_inject_poison, 8, 0 }, 2718 [MEDIA_AND_POISON][CLEAR_POISON] = { "MEDIA_AND_POISON_CLEAR_POISON", 2719 cmd_media_clear_poison, 72, 0 }, 2720 [MEDIA_AND_POISON][GET_SCAN_MEDIA_CAPABILITIES] = { 2721 "MEDIA_AND_POISON_GET_SCAN_MEDIA_CAPABILITIES", 2722 cmd_media_get_scan_media_capabilities, 16, 0 }, 2723 [MEDIA_AND_POISON][SCAN_MEDIA] = { "MEDIA_AND_POISON_SCAN_MEDIA", 2724 cmd_media_scan_media, 17, CXL_MBOX_BACKGROUND_OPERATION }, 2725 [MEDIA_AND_POISON][GET_SCAN_MEDIA_RESULTS] = { 2726 "MEDIA_AND_POISON_GET_SCAN_MEDIA_RESULTS", 2727 cmd_media_get_scan_media_results, 0, 0 }, 2728 }; 2729 2730 static const struct cxl_cmd cxl_cmd_set_dcd[256][256] = { 2731 [DCD_CONFIG][GET_DC_CONFIG] = { "DCD_GET_DC_CONFIG", 2732 cmd_dcd_get_dyn_cap_config, 2, 0 }, 2733 [DCD_CONFIG][GET_DYN_CAP_EXT_LIST] = { 2734 "DCD_GET_DYNAMIC_CAPACITY_EXTENT_LIST", cmd_dcd_get_dyn_cap_ext_list, 2735 8, 0 }, 2736 [DCD_CONFIG][ADD_DYN_CAP_RSP] = { 2737 "DCD_ADD_DYNAMIC_CAPACITY_RESPONSE", cmd_dcd_add_dyn_cap_rsp, 2738 ~0, CXL_MBOX_IMMEDIATE_DATA_CHANGE }, 2739 [DCD_CONFIG][RELEASE_DYN_CAP] = { 2740 "DCD_RELEASE_DYNAMIC_CAPACITY", cmd_dcd_release_dyn_cap, 2741 ~0, CXL_MBOX_IMMEDIATE_DATA_CHANGE }, 2742 }; 2743 2744 static const struct cxl_cmd cxl_cmd_set_sw[256][256] = { 2745 [INFOSTAT][IS_IDENTIFY] = { "IDENTIFY", cmd_infostat_identify, 0, 0 }, 2746 [INFOSTAT][BACKGROUND_OPERATION_STATUS] = { "BACKGROUND_OPERATION_STATUS", 2747 cmd_infostat_bg_op_sts, 0, 0 }, 2748 [TIMESTAMP][GET] = { "TIMESTAMP_GET", cmd_timestamp_get, 0, 0 }, 2749 [TIMESTAMP][SET] = { "TIMESTAMP_SET", cmd_timestamp_set, 8, 2750 CXL_MBOX_IMMEDIATE_POLICY_CHANGE }, 2751 [LOGS][GET_SUPPORTED] = { "LOGS_GET_SUPPORTED", cmd_logs_get_supported, 0, 2752 0 }, 2753 [LOGS][GET_LOG] = { "LOGS_GET_LOG", cmd_logs_get_log, 0x18, 0 }, 2754 [PHYSICAL_SWITCH][IDENTIFY_SWITCH_DEVICE] = { "IDENTIFY_SWITCH_DEVICE", 2755 cmd_identify_switch_device, 0, 0 }, 2756 [PHYSICAL_SWITCH][GET_PHYSICAL_PORT_STATE] = { "SWITCH_PHYSICAL_PORT_STATS", 2757 cmd_get_physical_port_state, ~0, 0 }, 2758 [TUNNEL][MANAGEMENT_COMMAND] = { "TUNNEL_MANAGEMENT_COMMAND", 2759 cmd_tunnel_management_cmd, ~0, 0 }, 2760 }; 2761 2762 /* 2763 * While the command is executing in the background, the device should 2764 * update the percentage complete in the Background Command Status Register 2765 * at least once per second. 2766 */ 2767 2768 #define CXL_MBOX_BG_UPDATE_FREQ 1000UL 2769 2770 int cxl_process_cci_message(CXLCCI *cci, uint8_t set, uint8_t cmd, 2771 size_t len_in, uint8_t *pl_in, size_t *len_out, 2772 uint8_t *pl_out, bool *bg_started) 2773 { 2774 int ret; 2775 const struct cxl_cmd *cxl_cmd; 2776 opcode_handler h; 2777 CXLDeviceState *cxl_dstate; 2778 2779 *len_out = 0; 2780 cxl_cmd = &cci->cxl_cmd_set[set][cmd]; 2781 h = cxl_cmd->handler; 2782 if (!h) { 2783 qemu_log_mask(LOG_UNIMP, "Command %04xh not implemented\n", 2784 set << 8 | cmd); 2785 return CXL_MBOX_UNSUPPORTED; 2786 } 2787 2788 if (len_in != cxl_cmd->in && cxl_cmd->in != ~0) { 2789 return CXL_MBOX_INVALID_PAYLOAD_LENGTH; 2790 } 2791 2792 /* Only one bg command at a time */ 2793 if ((cxl_cmd->effect & CXL_MBOX_BACKGROUND_OPERATION) && 2794 cci->bg.runtime > 0) { 2795 return CXL_MBOX_BUSY; 2796 } 2797 2798 /* forbid any selected commands while the media is disabled */ 2799 if (object_dynamic_cast(OBJECT(cci->d), TYPE_CXL_TYPE3)) { 2800 cxl_dstate = &CXL_TYPE3(cci->d)->cxl_dstate; 2801 2802 if (cxl_dev_media_disabled(cxl_dstate)) { 2803 if (h == cmd_events_get_records || 2804 h == cmd_ccls_get_partition_info || 2805 h == cmd_ccls_set_lsa || 2806 h == cmd_ccls_get_lsa || 2807 h == cmd_logs_get_log || 2808 h == cmd_media_get_poison_list || 2809 h == cmd_media_inject_poison || 2810 h == cmd_media_clear_poison || 2811 h == cmd_sanitize_overwrite || 2812 h == cmd_firmware_update_transfer || 2813 h == cmd_firmware_update_activate) { 2814 return CXL_MBOX_MEDIA_DISABLED; 2815 } 2816 } 2817 } 2818 2819 ret = (*h)(cxl_cmd, pl_in, len_in, pl_out, len_out, cci); 2820 if ((cxl_cmd->effect & CXL_MBOX_BACKGROUND_OPERATION) && 2821 ret == CXL_MBOX_BG_STARTED) { 2822 *bg_started = true; 2823 } else { 2824 *bg_started = false; 2825 } 2826 2827 /* Set bg and the return code */ 2828 if (*bg_started) { 2829 uint64_t now; 2830 2831 cci->bg.opcode = (set << 8) | cmd; 2832 2833 cci->bg.complete_pct = 0; 2834 cci->bg.ret_code = 0; 2835 2836 now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL); 2837 cci->bg.starttime = now; 2838 timer_mod(cci->bg.timer, now + CXL_MBOX_BG_UPDATE_FREQ); 2839 } 2840 2841 return ret; 2842 } 2843 2844 static void bg_timercb(void *opaque) 2845 { 2846 CXLCCI *cci = opaque; 2847 uint64_t now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL); 2848 uint64_t total_time = cci->bg.starttime + cci->bg.runtime; 2849 2850 assert(cci->bg.runtime > 0); 2851 2852 if (now >= total_time) { /* we are done */ 2853 uint16_t ret = CXL_MBOX_SUCCESS; 2854 2855 cci->bg.complete_pct = 100; 2856 cci->bg.ret_code = ret; 2857 switch (cci->bg.opcode) { 2858 case 0x0201: /* fw transfer */ 2859 __do_firmware_xfer(cci); 2860 break; 2861 case 0x4400: /* sanitize */ 2862 { 2863 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2864 2865 __do_sanitization(ct3d); 2866 cxl_dev_enable_media(&ct3d->cxl_dstate); 2867 } 2868 break; 2869 case 0x4304: /* scan media */ 2870 { 2871 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2872 2873 __do_scan_media(ct3d); 2874 break; 2875 } 2876 default: 2877 __builtin_unreachable(); 2878 break; 2879 } 2880 } else { 2881 /* estimate only */ 2882 cci->bg.complete_pct = 100 * now / total_time; 2883 timer_mod(cci->bg.timer, now + CXL_MBOX_BG_UPDATE_FREQ); 2884 } 2885 2886 if (cci->bg.complete_pct == 100) { 2887 /* TODO: generalize to switch CCI */ 2888 CXLType3Dev *ct3d = CXL_TYPE3(cci->d); 2889 CXLDeviceState *cxl_dstate = &ct3d->cxl_dstate; 2890 PCIDevice *pdev = PCI_DEVICE(cci->d); 2891 2892 cci->bg.starttime = 0; 2893 /* registers are updated, allow new bg-capable cmds */ 2894 cci->bg.runtime = 0; 2895 2896 if (msix_enabled(pdev)) { 2897 msix_notify(pdev, cxl_dstate->mbox_msi_n); 2898 } else if (msi_enabled(pdev)) { 2899 msi_notify(pdev, cxl_dstate->mbox_msi_n); 2900 } 2901 } 2902 } 2903 2904 static void cxl_rebuild_cel(CXLCCI *cci) 2905 { 2906 cci->cel_size = 0; /* Reset for a fresh build */ 2907 for (int set = 0; set < 256; set++) { 2908 for (int cmd = 0; cmd < 256; cmd++) { 2909 if (cci->cxl_cmd_set[set][cmd].handler) { 2910 const struct cxl_cmd *c = &cci->cxl_cmd_set[set][cmd]; 2911 struct cel_log *log = 2912 &cci->cel_log[cci->cel_size]; 2913 2914 log->opcode = (set << 8) | cmd; 2915 log->effect = c->effect; 2916 cci->cel_size++; 2917 } 2918 } 2919 } 2920 } 2921 2922 void cxl_init_cci(CXLCCI *cci, size_t payload_max) 2923 { 2924 cci->payload_max = payload_max; 2925 cxl_rebuild_cel(cci); 2926 2927 cci->bg.complete_pct = 0; 2928 cci->bg.starttime = 0; 2929 cci->bg.runtime = 0; 2930 cci->bg.timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, 2931 bg_timercb, cci); 2932 2933 memset(&cci->fw, 0, sizeof(cci->fw)); 2934 cci->fw.active_slot = 1; 2935 cci->fw.slot[cci->fw.active_slot - 1] = true; 2936 } 2937 2938 static void cxl_copy_cci_commands(CXLCCI *cci, const struct cxl_cmd (*cxl_cmds)[256]) 2939 { 2940 for (int set = 0; set < 256; set++) { 2941 for (int cmd = 0; cmd < 256; cmd++) { 2942 if (cxl_cmds[set][cmd].handler) { 2943 cci->cxl_cmd_set[set][cmd] = cxl_cmds[set][cmd]; 2944 } 2945 } 2946 } 2947 } 2948 2949 void cxl_add_cci_commands(CXLCCI *cci, const struct cxl_cmd (*cxl_cmd_set)[256], 2950 size_t payload_max) 2951 { 2952 cci->payload_max = MAX(payload_max, cci->payload_max); 2953 cxl_copy_cci_commands(cci, cxl_cmd_set); 2954 cxl_rebuild_cel(cci); 2955 } 2956 2957 void cxl_initialize_mailbox_swcci(CXLCCI *cci, DeviceState *intf, 2958 DeviceState *d, size_t payload_max) 2959 { 2960 cxl_copy_cci_commands(cci, cxl_cmd_set_sw); 2961 cci->d = d; 2962 cci->intf = intf; 2963 cxl_init_cci(cci, payload_max); 2964 } 2965 2966 void cxl_initialize_mailbox_t3(CXLCCI *cci, DeviceState *d, size_t payload_max) 2967 { 2968 CXLType3Dev *ct3d = CXL_TYPE3(d); 2969 2970 cxl_copy_cci_commands(cci, cxl_cmd_set); 2971 if (ct3d->dc.num_regions) { 2972 cxl_copy_cci_commands(cci, cxl_cmd_set_dcd); 2973 } 2974 cci->d = d; 2975 2976 /* No separation for PCI MB as protocol handled in PCI device */ 2977 cci->intf = d; 2978 cxl_init_cci(cci, payload_max); 2979 } 2980 2981 static const struct cxl_cmd cxl_cmd_set_t3_ld[256][256] = { 2982 [INFOSTAT][IS_IDENTIFY] = { "IDENTIFY", cmd_infostat_identify, 0, 0 }, 2983 [LOGS][GET_SUPPORTED] = { "LOGS_GET_SUPPORTED", cmd_logs_get_supported, 0, 2984 0 }, 2985 [LOGS][GET_LOG] = { "LOGS_GET_LOG", cmd_logs_get_log, 0x18, 0 }, 2986 }; 2987 2988 void cxl_initialize_t3_ld_cci(CXLCCI *cci, DeviceState *d, DeviceState *intf, 2989 size_t payload_max) 2990 { 2991 cxl_copy_cci_commands(cci, cxl_cmd_set_t3_ld); 2992 cci->d = d; 2993 cci->intf = intf; 2994 cxl_init_cci(cci, payload_max); 2995 } 2996 2997 static const struct cxl_cmd cxl_cmd_set_t3_fm_owned_ld_mctp[256][256] = { 2998 [INFOSTAT][IS_IDENTIFY] = { "IDENTIFY", cmd_infostat_identify, 0, 0}, 2999 [LOGS][GET_SUPPORTED] = { "LOGS_GET_SUPPORTED", cmd_logs_get_supported, 0, 3000 0 }, 3001 [LOGS][GET_LOG] = { "LOGS_GET_LOG", cmd_logs_get_log, 0x18, 0 }, 3002 [TIMESTAMP][GET] = { "TIMESTAMP_GET", cmd_timestamp_get, 0, 0 }, 3003 [TUNNEL][MANAGEMENT_COMMAND] = { "TUNNEL_MANAGEMENT_COMMAND", 3004 cmd_tunnel_management_cmd, ~0, 0 }, 3005 }; 3006 3007 void cxl_initialize_t3_fm_owned_ld_mctpcci(CXLCCI *cci, DeviceState *d, 3008 DeviceState *intf, 3009 size_t payload_max) 3010 { 3011 cxl_copy_cci_commands(cci, cxl_cmd_set_t3_fm_owned_ld_mctp); 3012 cci->d = d; 3013 cci->intf = intf; 3014 cxl_init_cci(cci, payload_max); 3015 } 3016