1 /* 2 * CXL Utility library for mailbox interface 3 * 4 * Copyright(C) 2020 Intel Corporation. 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2. See the 7 * COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "hw/cxl/cxl.h" 12 #include "hw/pci/pci.h" 13 #include "qemu/cutils.h" 14 #include "qemu/log.h" 15 #include "qemu/uuid.h" 16 17 /* 18 * How to add a new command, example. The command set FOO, with cmd BAR. 19 * 1. Add the command set and cmd to the enum. 20 * FOO = 0x7f, 21 * #define BAR 0 22 * 2. Implement the handler 23 * static ret_code cmd_foo_bar(struct cxl_cmd *cmd, 24 * CXLDeviceState *cxl_dstate, uint16_t *len) 25 * 3. Add the command to the cxl_cmd_set[][] 26 * [FOO][BAR] = { "FOO_BAR", cmd_foo_bar, x, y }, 27 * 4. Implement your handler 28 * define_mailbox_handler(FOO_BAR) { ... return CXL_MBOX_SUCCESS; } 29 * 30 * 31 * Writing the handler: 32 * The handler will provide the &struct cxl_cmd, the &CXLDeviceState, and the 33 * in/out length of the payload. The handler is responsible for consuming the 34 * payload from cmd->payload and operating upon it as necessary. It must then 35 * fill the output data into cmd->payload (overwriting what was there), 36 * setting the length, and returning a valid return code. 37 * 38 * XXX: The handler need not worry about endianess. The payload is read out of 39 * a register interface that already deals with it. 40 */ 41 42 enum { 43 EVENTS = 0x01, 44 #define GET_RECORDS 0x0 45 #define CLEAR_RECORDS 0x1 46 #define GET_INTERRUPT_POLICY 0x2 47 #define SET_INTERRUPT_POLICY 0x3 48 FIRMWARE_UPDATE = 0x02, 49 #define GET_INFO 0x0 50 TIMESTAMP = 0x03, 51 #define GET 0x0 52 #define SET 0x1 53 LOGS = 0x04, 54 #define GET_SUPPORTED 0x0 55 #define GET_LOG 0x1 56 IDENTIFY = 0x40, 57 #define MEMORY_DEVICE 0x0 58 CCLS = 0x41, 59 #define GET_PARTITION_INFO 0x0 60 #define GET_LSA 0x2 61 #define SET_LSA 0x3 62 }; 63 64 /* 8.2.8.4.5.1 Command Return Codes */ 65 typedef enum { 66 CXL_MBOX_SUCCESS = 0x0, 67 CXL_MBOX_BG_STARTED = 0x1, 68 CXL_MBOX_INVALID_INPUT = 0x2, 69 CXL_MBOX_UNSUPPORTED = 0x3, 70 CXL_MBOX_INTERNAL_ERROR = 0x4, 71 CXL_MBOX_RETRY_REQUIRED = 0x5, 72 CXL_MBOX_BUSY = 0x6, 73 CXL_MBOX_MEDIA_DISABLED = 0x7, 74 CXL_MBOX_FW_XFER_IN_PROGRESS = 0x8, 75 CXL_MBOX_FW_XFER_OUT_OF_ORDER = 0x9, 76 CXL_MBOX_FW_AUTH_FAILED = 0xa, 77 CXL_MBOX_FW_INVALID_SLOT = 0xb, 78 CXL_MBOX_FW_ROLLEDBACK = 0xc, 79 CXL_MBOX_FW_REST_REQD = 0xd, 80 CXL_MBOX_INVALID_HANDLE = 0xe, 81 CXL_MBOX_INVALID_PA = 0xf, 82 CXL_MBOX_INJECT_POISON_LIMIT = 0x10, 83 CXL_MBOX_PERMANENT_MEDIA_FAILURE = 0x11, 84 CXL_MBOX_ABORTED = 0x12, 85 CXL_MBOX_INVALID_SECURITY_STATE = 0x13, 86 CXL_MBOX_INCORRECT_PASSPHRASE = 0x14, 87 CXL_MBOX_UNSUPPORTED_MAILBOX = 0x15, 88 CXL_MBOX_INVALID_PAYLOAD_LENGTH = 0x16, 89 CXL_MBOX_MAX = 0x17 90 } ret_code; 91 92 struct cxl_cmd; 93 typedef ret_code (*opcode_handler)(struct cxl_cmd *cmd, 94 CXLDeviceState *cxl_dstate, uint16_t *len); 95 struct cxl_cmd { 96 const char *name; 97 opcode_handler handler; 98 ssize_t in; 99 uint16_t effect; /* Reported in CEL */ 100 uint8_t *payload; 101 }; 102 103 #define DEFINE_MAILBOX_HANDLER_ZEROED(name, size) \ 104 uint16_t __zero##name = size; \ 105 static ret_code cmd_##name(struct cxl_cmd *cmd, \ 106 CXLDeviceState *cxl_dstate, uint16_t *len) \ 107 { \ 108 *len = __zero##name; \ 109 memset(cmd->payload, 0, *len); \ 110 return CXL_MBOX_SUCCESS; \ 111 } 112 #define DEFINE_MAILBOX_HANDLER_NOP(name) \ 113 static ret_code cmd_##name(struct cxl_cmd *cmd, \ 114 CXLDeviceState *cxl_dstate, uint16_t *len) \ 115 { \ 116 return CXL_MBOX_SUCCESS; \ 117 } 118 119 DEFINE_MAILBOX_HANDLER_ZEROED(events_get_records, 0x20); 120 DEFINE_MAILBOX_HANDLER_NOP(events_clear_records); 121 DEFINE_MAILBOX_HANDLER_ZEROED(events_get_interrupt_policy, 4); 122 DEFINE_MAILBOX_HANDLER_NOP(events_set_interrupt_policy); 123 124 /* 8.2.9.2.1 */ 125 static ret_code cmd_firmware_update_get_info(struct cxl_cmd *cmd, 126 CXLDeviceState *cxl_dstate, 127 uint16_t *len) 128 { 129 struct { 130 uint8_t slots_supported; 131 uint8_t slot_info; 132 uint8_t caps; 133 uint8_t rsvd[0xd]; 134 char fw_rev1[0x10]; 135 char fw_rev2[0x10]; 136 char fw_rev3[0x10]; 137 char fw_rev4[0x10]; 138 } QEMU_PACKED *fw_info; 139 QEMU_BUILD_BUG_ON(sizeof(*fw_info) != 0x50); 140 141 if (cxl_dstate->pmem_size < (256 << 20)) { 142 return CXL_MBOX_INTERNAL_ERROR; 143 } 144 145 fw_info = (void *)cmd->payload; 146 memset(fw_info, 0, sizeof(*fw_info)); 147 148 fw_info->slots_supported = 2; 149 fw_info->slot_info = BIT(0) | BIT(3); 150 fw_info->caps = 0; 151 pstrcpy(fw_info->fw_rev1, sizeof(fw_info->fw_rev1), "BWFW VERSION 0"); 152 153 *len = sizeof(*fw_info); 154 return CXL_MBOX_SUCCESS; 155 } 156 157 /* 8.2.9.3.1 */ 158 static ret_code cmd_timestamp_get(struct cxl_cmd *cmd, 159 CXLDeviceState *cxl_dstate, 160 uint16_t *len) 161 { 162 uint64_t time, delta; 163 uint64_t final_time = 0; 164 165 if (cxl_dstate->timestamp.set) { 166 /* First find the delta from the last time the host set the time. */ 167 time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 168 delta = time - cxl_dstate->timestamp.last_set; 169 final_time = cxl_dstate->timestamp.host_set + delta; 170 } 171 172 /* Then adjust the actual time */ 173 stq_le_p(cmd->payload, final_time); 174 *len = 8; 175 176 return CXL_MBOX_SUCCESS; 177 } 178 179 /* 8.2.9.3.2 */ 180 static ret_code cmd_timestamp_set(struct cxl_cmd *cmd, 181 CXLDeviceState *cxl_dstate, 182 uint16_t *len) 183 { 184 cxl_dstate->timestamp.set = true; 185 cxl_dstate->timestamp.last_set = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 186 187 cxl_dstate->timestamp.host_set = le64_to_cpu(*(uint64_t *)cmd->payload); 188 189 *len = 0; 190 return CXL_MBOX_SUCCESS; 191 } 192 193 static QemuUUID cel_uuid; 194 195 /* 8.2.9.4.1 */ 196 static ret_code cmd_logs_get_supported(struct cxl_cmd *cmd, 197 CXLDeviceState *cxl_dstate, 198 uint16_t *len) 199 { 200 struct { 201 uint16_t entries; 202 uint8_t rsvd[6]; 203 struct { 204 QemuUUID uuid; 205 uint32_t size; 206 } log_entries[1]; 207 } QEMU_PACKED *supported_logs = (void *)cmd->payload; 208 QEMU_BUILD_BUG_ON(sizeof(*supported_logs) != 0x1c); 209 210 supported_logs->entries = 1; 211 supported_logs->log_entries[0].uuid = cel_uuid; 212 supported_logs->log_entries[0].size = 4 * cxl_dstate->cel_size; 213 214 *len = sizeof(*supported_logs); 215 return CXL_MBOX_SUCCESS; 216 } 217 218 /* 8.2.9.4.2 */ 219 static ret_code cmd_logs_get_log(struct cxl_cmd *cmd, 220 CXLDeviceState *cxl_dstate, 221 uint16_t *len) 222 { 223 struct { 224 QemuUUID uuid; 225 uint32_t offset; 226 uint32_t length; 227 } QEMU_PACKED QEMU_ALIGNED(16) *get_log = (void *)cmd->payload; 228 229 /* 230 * 8.2.9.4.2 231 * The device shall return Invalid Parameter if the Offset or Length 232 * fields attempt to access beyond the size of the log as reported by Get 233 * Supported Logs. 234 * 235 * XXX: Spec is wrong, "Invalid Parameter" isn't a thing. 236 * XXX: Spec doesn't address incorrect UUID incorrectness. 237 * 238 * The CEL buffer is large enough to fit all commands in the emulation, so 239 * the only possible failure would be if the mailbox itself isn't big 240 * enough. 241 */ 242 if (get_log->offset + get_log->length > cxl_dstate->payload_size) { 243 return CXL_MBOX_INVALID_INPUT; 244 } 245 246 if (!qemu_uuid_is_equal(&get_log->uuid, &cel_uuid)) { 247 return CXL_MBOX_UNSUPPORTED; 248 } 249 250 /* Store off everything to local variables so we can wipe out the payload */ 251 *len = get_log->length; 252 253 memmove(cmd->payload, cxl_dstate->cel_log + get_log->offset, 254 get_log->length); 255 256 return CXL_MBOX_SUCCESS; 257 } 258 259 /* 8.2.9.5.1.1 */ 260 static ret_code cmd_identify_memory_device(struct cxl_cmd *cmd, 261 CXLDeviceState *cxl_dstate, 262 uint16_t *len) 263 { 264 struct { 265 char fw_revision[0x10]; 266 uint64_t total_capacity; 267 uint64_t volatile_capacity; 268 uint64_t persistent_capacity; 269 uint64_t partition_align; 270 uint16_t info_event_log_size; 271 uint16_t warning_event_log_size; 272 uint16_t failure_event_log_size; 273 uint16_t fatal_event_log_size; 274 uint32_t lsa_size; 275 uint8_t poison_list_max_mer[3]; 276 uint16_t inject_poison_limit; 277 uint8_t poison_caps; 278 uint8_t qos_telemetry_caps; 279 } QEMU_PACKED *id; 280 QEMU_BUILD_BUG_ON(sizeof(*id) != 0x43); 281 282 CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate); 283 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 284 uint64_t size = cxl_dstate->pmem_size; 285 286 if (!QEMU_IS_ALIGNED(size, 256 << 20)) { 287 return CXL_MBOX_INTERNAL_ERROR; 288 } 289 290 id = (void *)cmd->payload; 291 memset(id, 0, sizeof(*id)); 292 293 /* PMEM only */ 294 snprintf(id->fw_revision, 0x10, "BWFW VERSION %02d", 0); 295 296 id->total_capacity = size / (256 << 20); 297 id->persistent_capacity = size / (256 << 20); 298 id->lsa_size = cvc->get_lsa_size(ct3d); 299 300 *len = sizeof(*id); 301 return CXL_MBOX_SUCCESS; 302 } 303 304 static ret_code cmd_ccls_get_partition_info(struct cxl_cmd *cmd, 305 CXLDeviceState *cxl_dstate, 306 uint16_t *len) 307 { 308 struct { 309 uint64_t active_vmem; 310 uint64_t active_pmem; 311 uint64_t next_vmem; 312 uint64_t next_pmem; 313 } QEMU_PACKED *part_info = (void *)cmd->payload; 314 QEMU_BUILD_BUG_ON(sizeof(*part_info) != 0x20); 315 uint64_t size = cxl_dstate->pmem_size; 316 317 if (!QEMU_IS_ALIGNED(size, 256 << 20)) { 318 return CXL_MBOX_INTERNAL_ERROR; 319 } 320 321 /* PMEM only */ 322 part_info->active_vmem = 0; 323 part_info->next_vmem = 0; 324 part_info->active_pmem = size / (256 << 20); 325 part_info->next_pmem = 0; 326 327 *len = sizeof(*part_info); 328 return CXL_MBOX_SUCCESS; 329 } 330 331 static ret_code cmd_ccls_get_lsa(struct cxl_cmd *cmd, 332 CXLDeviceState *cxl_dstate, 333 uint16_t *len) 334 { 335 struct { 336 uint32_t offset; 337 uint32_t length; 338 } QEMU_PACKED *get_lsa; 339 CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate); 340 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 341 uint32_t offset, length; 342 343 get_lsa = (void *)cmd->payload; 344 offset = get_lsa->offset; 345 length = get_lsa->length; 346 347 if (offset + length > cvc->get_lsa_size(ct3d)) { 348 *len = 0; 349 return CXL_MBOX_INVALID_INPUT; 350 } 351 352 *len = cvc->get_lsa(ct3d, get_lsa, length, offset); 353 return CXL_MBOX_SUCCESS; 354 } 355 356 static ret_code cmd_ccls_set_lsa(struct cxl_cmd *cmd, 357 CXLDeviceState *cxl_dstate, 358 uint16_t *len) 359 { 360 struct set_lsa_pl { 361 uint32_t offset; 362 uint32_t rsvd; 363 uint8_t data[]; 364 } QEMU_PACKED; 365 struct set_lsa_pl *set_lsa_payload = (void *)cmd->payload; 366 CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate); 367 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 368 const size_t hdr_len = offsetof(struct set_lsa_pl, data); 369 uint16_t plen = *len; 370 371 *len = 0; 372 if (!plen) { 373 return CXL_MBOX_SUCCESS; 374 } 375 376 if (set_lsa_payload->offset + plen > cvc->get_lsa_size(ct3d) + hdr_len) { 377 return CXL_MBOX_INVALID_INPUT; 378 } 379 plen -= hdr_len; 380 381 cvc->set_lsa(ct3d, set_lsa_payload->data, plen, set_lsa_payload->offset); 382 return CXL_MBOX_SUCCESS; 383 } 384 385 #define IMMEDIATE_CONFIG_CHANGE (1 << 1) 386 #define IMMEDIATE_DATA_CHANGE (1 << 2) 387 #define IMMEDIATE_POLICY_CHANGE (1 << 3) 388 #define IMMEDIATE_LOG_CHANGE (1 << 4) 389 390 static struct cxl_cmd cxl_cmd_set[256][256] = { 391 [EVENTS][GET_RECORDS] = { "EVENTS_GET_RECORDS", 392 cmd_events_get_records, 1, 0 }, 393 [EVENTS][CLEAR_RECORDS] = { "EVENTS_CLEAR_RECORDS", 394 cmd_events_clear_records, ~0, IMMEDIATE_LOG_CHANGE }, 395 [EVENTS][GET_INTERRUPT_POLICY] = { "EVENTS_GET_INTERRUPT_POLICY", 396 cmd_events_get_interrupt_policy, 0, 0 }, 397 [EVENTS][SET_INTERRUPT_POLICY] = { "EVENTS_SET_INTERRUPT_POLICY", 398 cmd_events_set_interrupt_policy, 4, IMMEDIATE_CONFIG_CHANGE }, 399 [FIRMWARE_UPDATE][GET_INFO] = { "FIRMWARE_UPDATE_GET_INFO", 400 cmd_firmware_update_get_info, 0, 0 }, 401 [TIMESTAMP][GET] = { "TIMESTAMP_GET", cmd_timestamp_get, 0, 0 }, 402 [TIMESTAMP][SET] = { "TIMESTAMP_SET", cmd_timestamp_set, 8, IMMEDIATE_POLICY_CHANGE }, 403 [LOGS][GET_SUPPORTED] = { "LOGS_GET_SUPPORTED", cmd_logs_get_supported, 0, 0 }, 404 [LOGS][GET_LOG] = { "LOGS_GET_LOG", cmd_logs_get_log, 0x18, 0 }, 405 [IDENTIFY][MEMORY_DEVICE] = { "IDENTIFY_MEMORY_DEVICE", 406 cmd_identify_memory_device, 0, 0 }, 407 [CCLS][GET_PARTITION_INFO] = { "CCLS_GET_PARTITION_INFO", 408 cmd_ccls_get_partition_info, 0, 0 }, 409 [CCLS][GET_LSA] = { "CCLS_GET_LSA", cmd_ccls_get_lsa, 0, 0 }, 410 [CCLS][SET_LSA] = { "CCLS_SET_LSA", cmd_ccls_set_lsa, 411 ~0, IMMEDIATE_CONFIG_CHANGE | IMMEDIATE_DATA_CHANGE }, 412 }; 413 414 void cxl_process_mailbox(CXLDeviceState *cxl_dstate) 415 { 416 uint16_t ret = CXL_MBOX_SUCCESS; 417 struct cxl_cmd *cxl_cmd; 418 uint64_t status_reg; 419 opcode_handler h; 420 uint64_t command_reg = cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_CMD]; 421 422 uint8_t set = FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND_SET); 423 uint8_t cmd = FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND); 424 uint16_t len = FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, LENGTH); 425 cxl_cmd = &cxl_cmd_set[set][cmd]; 426 h = cxl_cmd->handler; 427 if (h) { 428 if (len == cxl_cmd->in) { 429 cxl_cmd->payload = cxl_dstate->mbox_reg_state + 430 A_CXL_DEV_CMD_PAYLOAD; 431 ret = (*h)(cxl_cmd, cxl_dstate, &len); 432 assert(len <= cxl_dstate->payload_size); 433 } else { 434 ret = CXL_MBOX_INVALID_PAYLOAD_LENGTH; 435 } 436 } else { 437 qemu_log_mask(LOG_UNIMP, "Command %04xh not implemented\n", 438 set << 8 | cmd); 439 ret = CXL_MBOX_UNSUPPORTED; 440 } 441 442 /* Set the return code */ 443 status_reg = FIELD_DP64(0, CXL_DEV_MAILBOX_STS, ERRNO, ret); 444 445 /* Set the return length */ 446 command_reg = FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND_SET, 0); 447 command_reg = FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND, 0); 448 command_reg = FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, LENGTH, len); 449 450 cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_CMD] = command_reg; 451 cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_STS] = status_reg; 452 453 /* Tell the host we're done */ 454 ARRAY_FIELD_DP32(cxl_dstate->mbox_reg_state32, CXL_DEV_MAILBOX_CTRL, 455 DOORBELL, 0); 456 } 457 458 int cxl_initialize_mailbox(CXLDeviceState *cxl_dstate) 459 { 460 /* CXL 2.0: Table 169 Get Supported Logs Log Entry */ 461 const char *cel_uuidstr = "0da9c0b5-bf41-4b78-8f79-96b1623b3f17"; 462 463 for (int set = 0; set < 256; set++) { 464 for (int cmd = 0; cmd < 256; cmd++) { 465 if (cxl_cmd_set[set][cmd].handler) { 466 struct cxl_cmd *c = &cxl_cmd_set[set][cmd]; 467 struct cel_log *log = 468 &cxl_dstate->cel_log[cxl_dstate->cel_size]; 469 470 log->opcode = (set << 8) | cmd; 471 log->effect = c->effect; 472 cxl_dstate->cel_size++; 473 } 474 } 475 } 476 477 return qemu_uuid_parse(cel_uuidstr, &cel_uuid); 478 } 479