1 /* 2 * MSI-X device support 3 * 4 * This module includes support for MSI-X in pci devices. 5 * 6 * Author: Michael S. Tsirkin <mst@redhat.com> 7 * 8 * Copyright (c) 2009, Red Hat Inc, Michael S. Tsirkin (mst@redhat.com) 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2. See 11 * the COPYING file in the top-level directory. 12 * 13 * Contributions after 2012-01-13 are licensed under the terms of the 14 * GNU GPL, version 2 or (at your option) any later version. 15 */ 16 17 #include "qemu/osdep.h" 18 #include "hw/hw.h" 19 #include "hw/pci/msi.h" 20 #include "hw/pci/msix.h" 21 #include "hw/pci/pci.h" 22 #include "hw/xen/xen.h" 23 #include "qemu/range.h" 24 #include "qapi/error.h" 25 #include "trace.h" 26 27 #define MSIX_CAP_LENGTH 12 28 29 /* MSI enable bit and maskall bit are in byte 1 in FLAGS register */ 30 #define MSIX_CONTROL_OFFSET (PCI_MSIX_FLAGS + 1) 31 #define MSIX_ENABLE_MASK (PCI_MSIX_FLAGS_ENABLE >> 8) 32 #define MSIX_MASKALL_MASK (PCI_MSIX_FLAGS_MASKALL >> 8) 33 34 MSIMessage msix_get_message(PCIDevice *dev, unsigned vector) 35 { 36 uint8_t *table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE; 37 MSIMessage msg; 38 39 msg.address = pci_get_quad(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR); 40 msg.data = pci_get_long(table_entry + PCI_MSIX_ENTRY_DATA); 41 return msg; 42 } 43 44 /* 45 * Special API for POWER to configure the vectors through 46 * a side channel. Should never be used by devices. 47 */ 48 void msix_set_message(PCIDevice *dev, int vector, struct MSIMessage msg) 49 { 50 uint8_t *table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE; 51 52 pci_set_quad(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR, msg.address); 53 pci_set_long(table_entry + PCI_MSIX_ENTRY_DATA, msg.data); 54 table_entry[PCI_MSIX_ENTRY_VECTOR_CTRL] &= ~PCI_MSIX_ENTRY_CTRL_MASKBIT; 55 } 56 57 static uint8_t msix_pending_mask(int vector) 58 { 59 return 1 << (vector % 8); 60 } 61 62 static uint8_t *msix_pending_byte(PCIDevice *dev, int vector) 63 { 64 return dev->msix_pba + vector / 8; 65 } 66 67 static int msix_is_pending(PCIDevice *dev, int vector) 68 { 69 return *msix_pending_byte(dev, vector) & msix_pending_mask(vector); 70 } 71 72 void msix_set_pending(PCIDevice *dev, unsigned int vector) 73 { 74 *msix_pending_byte(dev, vector) |= msix_pending_mask(vector); 75 } 76 77 void msix_clr_pending(PCIDevice *dev, int vector) 78 { 79 *msix_pending_byte(dev, vector) &= ~msix_pending_mask(vector); 80 } 81 82 static bool msix_vector_masked(PCIDevice *dev, unsigned int vector, bool fmask) 83 { 84 unsigned offset = vector * PCI_MSIX_ENTRY_SIZE; 85 uint8_t *data = &dev->msix_table[offset + PCI_MSIX_ENTRY_DATA]; 86 /* MSIs on Xen can be remapped into pirqs. In those cases, masking 87 * and unmasking go through the PV evtchn path. */ 88 if (xen_enabled() && xen_is_pirq_msi(pci_get_long(data))) { 89 return false; 90 } 91 return fmask || dev->msix_table[offset + PCI_MSIX_ENTRY_VECTOR_CTRL] & 92 PCI_MSIX_ENTRY_CTRL_MASKBIT; 93 } 94 95 bool msix_is_masked(PCIDevice *dev, unsigned int vector) 96 { 97 return msix_vector_masked(dev, vector, dev->msix_function_masked); 98 } 99 100 static void msix_fire_vector_notifier(PCIDevice *dev, 101 unsigned int vector, bool is_masked) 102 { 103 MSIMessage msg; 104 int ret; 105 106 if (!dev->msix_vector_use_notifier) { 107 return; 108 } 109 if (is_masked) { 110 dev->msix_vector_release_notifier(dev, vector); 111 } else { 112 msg = msix_get_message(dev, vector); 113 ret = dev->msix_vector_use_notifier(dev, vector, msg); 114 assert(ret >= 0); 115 } 116 } 117 118 static void msix_handle_mask_update(PCIDevice *dev, int vector, bool was_masked) 119 { 120 bool is_masked = msix_is_masked(dev, vector); 121 122 if (is_masked == was_masked) { 123 return; 124 } 125 126 msix_fire_vector_notifier(dev, vector, is_masked); 127 128 if (!is_masked && msix_is_pending(dev, vector)) { 129 msix_clr_pending(dev, vector); 130 msix_notify(dev, vector); 131 } 132 } 133 134 static bool msix_masked(PCIDevice *dev) 135 { 136 return dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] & MSIX_MASKALL_MASK; 137 } 138 139 static void msix_update_function_masked(PCIDevice *dev) 140 { 141 dev->msix_function_masked = !msix_enabled(dev) || msix_masked(dev); 142 } 143 144 /* Handle MSI-X capability config write. */ 145 void msix_write_config(PCIDevice *dev, uint32_t addr, 146 uint32_t val, int len) 147 { 148 unsigned enable_pos = dev->msix_cap + MSIX_CONTROL_OFFSET; 149 int vector; 150 bool was_masked; 151 152 if (!msix_present(dev) || !range_covers_byte(addr, len, enable_pos)) { 153 return; 154 } 155 156 trace_msix_write_config(dev->name, msix_enabled(dev), msix_masked(dev)); 157 158 was_masked = dev->msix_function_masked; 159 msix_update_function_masked(dev); 160 161 if (!msix_enabled(dev)) { 162 return; 163 } 164 165 pci_device_deassert_intx(dev); 166 167 if (dev->msix_function_masked == was_masked) { 168 return; 169 } 170 171 for (vector = 0; vector < dev->msix_entries_nr; ++vector) { 172 msix_handle_mask_update(dev, vector, 173 msix_vector_masked(dev, vector, was_masked)); 174 } 175 } 176 177 static uint64_t msix_table_mmio_read(void *opaque, hwaddr addr, 178 unsigned size) 179 { 180 PCIDevice *dev = opaque; 181 182 return pci_get_long(dev->msix_table + addr); 183 } 184 185 static void msix_table_mmio_write(void *opaque, hwaddr addr, 186 uint64_t val, unsigned size) 187 { 188 PCIDevice *dev = opaque; 189 int vector = addr / PCI_MSIX_ENTRY_SIZE; 190 bool was_masked; 191 192 was_masked = msix_is_masked(dev, vector); 193 pci_set_long(dev->msix_table + addr, val); 194 msix_handle_mask_update(dev, vector, was_masked); 195 } 196 197 static const MemoryRegionOps msix_table_mmio_ops = { 198 .read = msix_table_mmio_read, 199 .write = msix_table_mmio_write, 200 .endianness = DEVICE_LITTLE_ENDIAN, 201 .valid = { 202 .min_access_size = 4, 203 .max_access_size = 4, 204 }, 205 }; 206 207 static uint64_t msix_pba_mmio_read(void *opaque, hwaddr addr, 208 unsigned size) 209 { 210 PCIDevice *dev = opaque; 211 if (dev->msix_vector_poll_notifier) { 212 unsigned vector_start = addr * 8; 213 unsigned vector_end = MIN(addr + size * 8, dev->msix_entries_nr); 214 dev->msix_vector_poll_notifier(dev, vector_start, vector_end); 215 } 216 217 return pci_get_long(dev->msix_pba + addr); 218 } 219 220 static void msix_pba_mmio_write(void *opaque, hwaddr addr, 221 uint64_t val, unsigned size) 222 { 223 } 224 225 static const MemoryRegionOps msix_pba_mmio_ops = { 226 .read = msix_pba_mmio_read, 227 .write = msix_pba_mmio_write, 228 .endianness = DEVICE_LITTLE_ENDIAN, 229 .valid = { 230 .min_access_size = 4, 231 .max_access_size = 4, 232 }, 233 }; 234 235 static void msix_mask_all(struct PCIDevice *dev, unsigned nentries) 236 { 237 int vector; 238 239 for (vector = 0; vector < nentries; ++vector) { 240 unsigned offset = 241 vector * PCI_MSIX_ENTRY_SIZE + PCI_MSIX_ENTRY_VECTOR_CTRL; 242 bool was_masked = msix_is_masked(dev, vector); 243 244 dev->msix_table[offset] |= PCI_MSIX_ENTRY_CTRL_MASKBIT; 245 msix_handle_mask_update(dev, vector, was_masked); 246 } 247 } 248 249 /* 250 * Make PCI device @dev MSI-X capable 251 * @nentries is the max number of MSI-X vectors that the device support. 252 * @table_bar is the MemoryRegion that MSI-X table structure resides. 253 * @table_bar_nr is number of base address register corresponding to @table_bar. 254 * @table_offset indicates the offset that the MSI-X table structure starts with 255 * in @table_bar. 256 * @pba_bar is the MemoryRegion that the Pending Bit Array structure resides. 257 * @pba_bar_nr is number of base address register corresponding to @pba_bar. 258 * @pba_offset indicates the offset that the Pending Bit Array structure 259 * starts with in @pba_bar. 260 * Non-zero @cap_pos puts capability MSI-X at that offset in PCI config space. 261 * @errp is for returning errors. 262 * 263 * Return 0 on success; set @errp and return -errno on error: 264 * -ENOTSUP means lacking msi support for a msi-capable platform. 265 * -EINVAL means capability overlap, happens when @cap_pos is non-zero, 266 * also means a programming error, except device assignment, which can check 267 * if a real HW is broken. 268 */ 269 int msix_init(struct PCIDevice *dev, unsigned short nentries, 270 MemoryRegion *table_bar, uint8_t table_bar_nr, 271 unsigned table_offset, MemoryRegion *pba_bar, 272 uint8_t pba_bar_nr, unsigned pba_offset, uint8_t cap_pos, 273 Error **errp) 274 { 275 int cap; 276 unsigned table_size, pba_size; 277 uint8_t *config; 278 279 /* Nothing to do if MSI is not supported by interrupt controller */ 280 if (!msi_nonbroken) { 281 error_setg(errp, "MSI-X is not supported by interrupt controller"); 282 return -ENOTSUP; 283 } 284 285 if (nentries < 1 || nentries > PCI_MSIX_FLAGS_QSIZE + 1) { 286 error_setg(errp, "The number of MSI-X vectors is invalid"); 287 return -EINVAL; 288 } 289 290 table_size = nentries * PCI_MSIX_ENTRY_SIZE; 291 pba_size = QEMU_ALIGN_UP(nentries, 64) / 8; 292 293 /* Sanity test: table & pba don't overlap, fit within BARs, min aligned */ 294 if ((table_bar_nr == pba_bar_nr && 295 ranges_overlap(table_offset, table_size, pba_offset, pba_size)) || 296 table_offset + table_size > memory_region_size(table_bar) || 297 pba_offset + pba_size > memory_region_size(pba_bar) || 298 (table_offset | pba_offset) & PCI_MSIX_FLAGS_BIRMASK) { 299 error_setg(errp, "table & pba overlap, or they don't fit in BARs," 300 " or don't align"); 301 return -EINVAL; 302 } 303 304 cap = pci_add_capability(dev, PCI_CAP_ID_MSIX, 305 cap_pos, MSIX_CAP_LENGTH, errp); 306 if (cap < 0) { 307 return cap; 308 } 309 310 dev->msix_cap = cap; 311 dev->cap_present |= QEMU_PCI_CAP_MSIX; 312 config = dev->config + cap; 313 314 pci_set_word(config + PCI_MSIX_FLAGS, nentries - 1); 315 dev->msix_entries_nr = nentries; 316 dev->msix_function_masked = true; 317 318 pci_set_long(config + PCI_MSIX_TABLE, table_offset | table_bar_nr); 319 pci_set_long(config + PCI_MSIX_PBA, pba_offset | pba_bar_nr); 320 321 /* Make flags bit writable. */ 322 dev->wmask[cap + MSIX_CONTROL_OFFSET] |= MSIX_ENABLE_MASK | 323 MSIX_MASKALL_MASK; 324 325 dev->msix_table = g_malloc0(table_size); 326 dev->msix_pba = g_malloc0(pba_size); 327 dev->msix_entry_used = g_malloc0(nentries * sizeof *dev->msix_entry_used); 328 329 msix_mask_all(dev, nentries); 330 331 memory_region_init_io(&dev->msix_table_mmio, OBJECT(dev), &msix_table_mmio_ops, dev, 332 "msix-table", table_size); 333 memory_region_add_subregion(table_bar, table_offset, &dev->msix_table_mmio); 334 memory_region_init_io(&dev->msix_pba_mmio, OBJECT(dev), &msix_pba_mmio_ops, dev, 335 "msix-pba", pba_size); 336 memory_region_add_subregion(pba_bar, pba_offset, &dev->msix_pba_mmio); 337 338 return 0; 339 } 340 341 int msix_init_exclusive_bar(PCIDevice *dev, unsigned short nentries, 342 uint8_t bar_nr, Error **errp) 343 { 344 int ret; 345 char *name; 346 uint32_t bar_size = 4096; 347 uint32_t bar_pba_offset = bar_size / 2; 348 uint32_t bar_pba_size = QEMU_ALIGN_UP(nentries, 64) / 8; 349 350 /* 351 * Migration compatibility dictates that this remains a 4k 352 * BAR with the vector table in the lower half and PBA in 353 * the upper half for nentries which is lower or equal to 128. 354 * No need to care about using more than 65 entries for legacy 355 * machine types who has at most 64 queues. 356 */ 357 if (nentries * PCI_MSIX_ENTRY_SIZE > bar_pba_offset) { 358 bar_pba_offset = nentries * PCI_MSIX_ENTRY_SIZE; 359 } 360 361 if (bar_pba_offset + bar_pba_size > 4096) { 362 bar_size = bar_pba_offset + bar_pba_size; 363 } 364 365 bar_size = pow2ceil(bar_size); 366 367 name = g_strdup_printf("%s-msix", dev->name); 368 memory_region_init(&dev->msix_exclusive_bar, OBJECT(dev), name, bar_size); 369 g_free(name); 370 371 ret = msix_init(dev, nentries, &dev->msix_exclusive_bar, bar_nr, 372 0, &dev->msix_exclusive_bar, 373 bar_nr, bar_pba_offset, 374 0, errp); 375 if (ret) { 376 return ret; 377 } 378 379 pci_register_bar(dev, bar_nr, PCI_BASE_ADDRESS_SPACE_MEMORY, 380 &dev->msix_exclusive_bar); 381 382 return 0; 383 } 384 385 static void msix_free_irq_entries(PCIDevice *dev) 386 { 387 int vector; 388 389 for (vector = 0; vector < dev->msix_entries_nr; ++vector) { 390 dev->msix_entry_used[vector] = 0; 391 msix_clr_pending(dev, vector); 392 } 393 } 394 395 static void msix_clear_all_vectors(PCIDevice *dev) 396 { 397 int vector; 398 399 for (vector = 0; vector < dev->msix_entries_nr; ++vector) { 400 msix_clr_pending(dev, vector); 401 } 402 } 403 404 /* Clean up resources for the device. */ 405 void msix_uninit(PCIDevice *dev, MemoryRegion *table_bar, MemoryRegion *pba_bar) 406 { 407 if (!msix_present(dev)) { 408 return; 409 } 410 pci_del_capability(dev, PCI_CAP_ID_MSIX, MSIX_CAP_LENGTH); 411 dev->msix_cap = 0; 412 msix_free_irq_entries(dev); 413 dev->msix_entries_nr = 0; 414 memory_region_del_subregion(pba_bar, &dev->msix_pba_mmio); 415 g_free(dev->msix_pba); 416 dev->msix_pba = NULL; 417 memory_region_del_subregion(table_bar, &dev->msix_table_mmio); 418 g_free(dev->msix_table); 419 dev->msix_table = NULL; 420 g_free(dev->msix_entry_used); 421 dev->msix_entry_used = NULL; 422 dev->cap_present &= ~QEMU_PCI_CAP_MSIX; 423 } 424 425 void msix_uninit_exclusive_bar(PCIDevice *dev) 426 { 427 if (msix_present(dev)) { 428 msix_uninit(dev, &dev->msix_exclusive_bar, &dev->msix_exclusive_bar); 429 } 430 } 431 432 void msix_save(PCIDevice *dev, QEMUFile *f) 433 { 434 unsigned n = dev->msix_entries_nr; 435 436 if (!msix_present(dev)) { 437 return; 438 } 439 440 qemu_put_buffer(f, dev->msix_table, n * PCI_MSIX_ENTRY_SIZE); 441 qemu_put_buffer(f, dev->msix_pba, DIV_ROUND_UP(n, 8)); 442 } 443 444 /* Should be called after restoring the config space. */ 445 void msix_load(PCIDevice *dev, QEMUFile *f) 446 { 447 unsigned n = dev->msix_entries_nr; 448 unsigned int vector; 449 450 if (!msix_present(dev)) { 451 return; 452 } 453 454 msix_clear_all_vectors(dev); 455 qemu_get_buffer(f, dev->msix_table, n * PCI_MSIX_ENTRY_SIZE); 456 qemu_get_buffer(f, dev->msix_pba, DIV_ROUND_UP(n, 8)); 457 msix_update_function_masked(dev); 458 459 for (vector = 0; vector < n; vector++) { 460 msix_handle_mask_update(dev, vector, true); 461 } 462 } 463 464 /* Does device support MSI-X? */ 465 int msix_present(PCIDevice *dev) 466 { 467 return dev->cap_present & QEMU_PCI_CAP_MSIX; 468 } 469 470 /* Is MSI-X enabled? */ 471 int msix_enabled(PCIDevice *dev) 472 { 473 return (dev->cap_present & QEMU_PCI_CAP_MSIX) && 474 (dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] & 475 MSIX_ENABLE_MASK); 476 } 477 478 /* Send an MSI-X message */ 479 void msix_notify(PCIDevice *dev, unsigned vector) 480 { 481 MSIMessage msg; 482 483 if (vector >= dev->msix_entries_nr || !dev->msix_entry_used[vector]) { 484 return; 485 } 486 487 if (msix_is_masked(dev, vector)) { 488 msix_set_pending(dev, vector); 489 return; 490 } 491 492 msg = msix_get_message(dev, vector); 493 494 msi_send_message(dev, msg); 495 } 496 497 void msix_reset(PCIDevice *dev) 498 { 499 if (!msix_present(dev)) { 500 return; 501 } 502 msix_clear_all_vectors(dev); 503 dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &= 504 ~dev->wmask[dev->msix_cap + MSIX_CONTROL_OFFSET]; 505 memset(dev->msix_table, 0, dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE); 506 memset(dev->msix_pba, 0, QEMU_ALIGN_UP(dev->msix_entries_nr, 64) / 8); 507 msix_mask_all(dev, dev->msix_entries_nr); 508 } 509 510 /* PCI spec suggests that devices make it possible for software to configure 511 * less vectors than supported by the device, but does not specify a standard 512 * mechanism for devices to do so. 513 * 514 * We support this by asking devices to declare vectors software is going to 515 * actually use, and checking this on the notification path. Devices that 516 * don't want to follow the spec suggestion can declare all vectors as used. */ 517 518 /* Mark vector as used. */ 519 int msix_vector_use(PCIDevice *dev, unsigned vector) 520 { 521 if (vector >= dev->msix_entries_nr) { 522 return -EINVAL; 523 } 524 525 dev->msix_entry_used[vector]++; 526 return 0; 527 } 528 529 /* Mark vector as unused. */ 530 void msix_vector_unuse(PCIDevice *dev, unsigned vector) 531 { 532 if (vector >= dev->msix_entries_nr || !dev->msix_entry_used[vector]) { 533 return; 534 } 535 if (--dev->msix_entry_used[vector]) { 536 return; 537 } 538 msix_clr_pending(dev, vector); 539 } 540 541 void msix_unuse_all_vectors(PCIDevice *dev) 542 { 543 if (!msix_present(dev)) { 544 return; 545 } 546 msix_free_irq_entries(dev); 547 } 548 549 unsigned int msix_nr_vectors_allocated(const PCIDevice *dev) 550 { 551 return dev->msix_entries_nr; 552 } 553 554 static int msix_set_notifier_for_vector(PCIDevice *dev, unsigned int vector) 555 { 556 MSIMessage msg; 557 558 if (msix_is_masked(dev, vector)) { 559 return 0; 560 } 561 msg = msix_get_message(dev, vector); 562 return dev->msix_vector_use_notifier(dev, vector, msg); 563 } 564 565 static void msix_unset_notifier_for_vector(PCIDevice *dev, unsigned int vector) 566 { 567 if (msix_is_masked(dev, vector)) { 568 return; 569 } 570 dev->msix_vector_release_notifier(dev, vector); 571 } 572 573 int msix_set_vector_notifiers(PCIDevice *dev, 574 MSIVectorUseNotifier use_notifier, 575 MSIVectorReleaseNotifier release_notifier, 576 MSIVectorPollNotifier poll_notifier) 577 { 578 int vector, ret; 579 580 assert(use_notifier && release_notifier); 581 582 dev->msix_vector_use_notifier = use_notifier; 583 dev->msix_vector_release_notifier = release_notifier; 584 dev->msix_vector_poll_notifier = poll_notifier; 585 586 if ((dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] & 587 (MSIX_ENABLE_MASK | MSIX_MASKALL_MASK)) == MSIX_ENABLE_MASK) { 588 for (vector = 0; vector < dev->msix_entries_nr; vector++) { 589 ret = msix_set_notifier_for_vector(dev, vector); 590 if (ret < 0) { 591 goto undo; 592 } 593 } 594 } 595 if (dev->msix_vector_poll_notifier) { 596 dev->msix_vector_poll_notifier(dev, 0, dev->msix_entries_nr); 597 } 598 return 0; 599 600 undo: 601 while (--vector >= 0) { 602 msix_unset_notifier_for_vector(dev, vector); 603 } 604 dev->msix_vector_use_notifier = NULL; 605 dev->msix_vector_release_notifier = NULL; 606 return ret; 607 } 608 609 void msix_unset_vector_notifiers(PCIDevice *dev) 610 { 611 int vector; 612 613 assert(dev->msix_vector_use_notifier && 614 dev->msix_vector_release_notifier); 615 616 if ((dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] & 617 (MSIX_ENABLE_MASK | MSIX_MASKALL_MASK)) == MSIX_ENABLE_MASK) { 618 for (vector = 0; vector < dev->msix_entries_nr; vector++) { 619 msix_unset_notifier_for_vector(dev, vector); 620 } 621 } 622 dev->msix_vector_use_notifier = NULL; 623 dev->msix_vector_release_notifier = NULL; 624 dev->msix_vector_poll_notifier = NULL; 625 } 626 627 static int put_msix_state(QEMUFile *f, void *pv, size_t size, 628 const VMStateField *field, QJSON *vmdesc) 629 { 630 msix_save(pv, f); 631 632 return 0; 633 } 634 635 static int get_msix_state(QEMUFile *f, void *pv, size_t size, 636 const VMStateField *field) 637 { 638 msix_load(pv, f); 639 return 0; 640 } 641 642 static VMStateInfo vmstate_info_msix = { 643 .name = "msix state", 644 .get = get_msix_state, 645 .put = put_msix_state, 646 }; 647 648 const VMStateDescription vmstate_msix = { 649 .name = "msix", 650 .fields = (VMStateField[]) { 651 { 652 .name = "msix", 653 .version_id = 0, 654 .field_exists = NULL, 655 .size = 0, /* ouch */ 656 .info = &vmstate_info_msix, 657 .flags = VMS_SINGLE, 658 .offset = 0, 659 }, 660 VMSTATE_END_OF_LIST() 661 } 662 }; 663