1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright(c) 2020 Intel Corporation. All rights reserved. */
3 #include <linux/io-64-nonatomic-lo-hi.h>
4 #include <linux/security.h>
5 #include <linux/debugfs.h>
6 #include <linux/ktime.h>
7 #include <linux/mutex.h>
8 #include <cxlmem.h>
9 #include <cxl.h>
10
11 #include "core.h"
12 #include "trace.h"
13
14 static bool cxl_raw_allow_all;
15
16 /**
17 * DOC: cxl mbox
18 *
19 * Core implementation of the CXL 2.0 Type-3 Memory Device Mailbox. The
20 * implementation is used by the cxl_pci driver to initialize the device
21 * and implement the cxl_mem.h IOCTL UAPI. It also implements the
22 * backend of the cxl_pmem_ctl() transport for LIBNVDIMM.
23 */
24
25 #define cxl_for_each_cmd(cmd) \
26 for ((cmd) = &cxl_mem_commands[0]; \
27 ((cmd) - cxl_mem_commands) < ARRAY_SIZE(cxl_mem_commands); (cmd)++)
28
29 #define CXL_CMD(_id, sin, sout, _flags) \
30 [CXL_MEM_COMMAND_ID_##_id] = { \
31 .info = { \
32 .id = CXL_MEM_COMMAND_ID_##_id, \
33 .size_in = sin, \
34 .size_out = sout, \
35 }, \
36 .opcode = CXL_MBOX_OP_##_id, \
37 .flags = _flags, \
38 }
39
40 #define CXL_VARIABLE_PAYLOAD ~0U
41 /*
42 * This table defines the supported mailbox commands for the driver. This table
43 * is made up of a UAPI structure. Non-negative values as parameters in the
44 * table will be validated against the user's input. For example, if size_in is
45 * 0, and the user passed in 1, it is an error.
46 */
47 static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
48 CXL_CMD(IDENTIFY, 0, 0x43, CXL_CMD_FLAG_FORCE_ENABLE),
49 #ifdef CONFIG_CXL_MEM_RAW_COMMANDS
50 CXL_CMD(RAW, CXL_VARIABLE_PAYLOAD, CXL_VARIABLE_PAYLOAD, 0),
51 #endif
52 CXL_CMD(GET_SUPPORTED_LOGS, 0, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
53 CXL_CMD(GET_FW_INFO, 0, 0x50, 0),
54 CXL_CMD(GET_PARTITION_INFO, 0, 0x20, 0),
55 CXL_CMD(GET_LSA, 0x8, CXL_VARIABLE_PAYLOAD, 0),
56 CXL_CMD(GET_HEALTH_INFO, 0, 0x12, 0),
57 CXL_CMD(GET_LOG, 0x18, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
58 CXL_CMD(SET_PARTITION_INFO, 0x0a, 0, 0),
59 CXL_CMD(SET_LSA, CXL_VARIABLE_PAYLOAD, 0, 0),
60 CXL_CMD(GET_ALERT_CONFIG, 0, 0x10, 0),
61 CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
62 CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
63 CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
64 CXL_CMD(GET_POISON, 0x10, CXL_VARIABLE_PAYLOAD, 0),
65 CXL_CMD(INJECT_POISON, 0x8, 0, 0),
66 CXL_CMD(CLEAR_POISON, 0x48, 0, 0),
67 CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
68 CXL_CMD(SCAN_MEDIA, 0x11, 0, 0),
69 CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),
70 };
71
72 /*
73 * Commands that RAW doesn't permit. The rationale for each:
74 *
75 * CXL_MBOX_OP_ACTIVATE_FW: Firmware activation requires adjustment /
76 * coordination of transaction timeout values at the root bridge level.
77 *
78 * CXL_MBOX_OP_SET_PARTITION_INFO: The device memory map may change live
79 * and needs to be coordinated with HDM updates.
80 *
81 * CXL_MBOX_OP_SET_LSA: The label storage area may be cached by the
82 * driver and any writes from userspace invalidates those contents.
83 *
84 * CXL_MBOX_OP_SET_SHUTDOWN_STATE: Set shutdown state assumes no writes
85 * to the device after it is marked clean, userspace can not make that
86 * assertion.
87 *
88 * CXL_MBOX_OP_[GET_]SCAN_MEDIA: The kernel provides a native error list that
89 * is kept up to date with patrol notifications and error management.
90 */
91 static u16 cxl_disabled_raw_commands[] = {
92 CXL_MBOX_OP_ACTIVATE_FW,
93 CXL_MBOX_OP_SET_PARTITION_INFO,
94 CXL_MBOX_OP_SET_LSA,
95 CXL_MBOX_OP_SET_SHUTDOWN_STATE,
96 CXL_MBOX_OP_SCAN_MEDIA,
97 CXL_MBOX_OP_GET_SCAN_MEDIA,
98 };
99
100 /*
101 * Command sets that RAW doesn't permit. All opcodes in this set are
102 * disabled because they pass plain text security payloads over the
103 * user/kernel boundary. This functionality is intended to be wrapped
104 * behind the keys ABI which allows for encrypted payloads in the UAPI
105 */
106 static u8 security_command_sets[] = {
107 0x44, /* Sanitize */
108 0x45, /* Persistent Memory Data-at-rest Security */
109 0x46, /* Security Passthrough */
110 };
111
cxl_is_security_command(u16 opcode)112 static bool cxl_is_security_command(u16 opcode)
113 {
114 int i;
115
116 for (i = 0; i < ARRAY_SIZE(security_command_sets); i++)
117 if (security_command_sets[i] == (opcode >> 8))
118 return true;
119 return false;
120 }
121
cxl_mem_find_command(u16 opcode)122 static struct cxl_mem_command *cxl_mem_find_command(u16 opcode)
123 {
124 struct cxl_mem_command *c;
125
126 cxl_for_each_cmd(c)
127 if (c->opcode == opcode)
128 return c;
129
130 return NULL;
131 }
132
cxl_mem_opcode_to_name(u16 opcode)133 static const char *cxl_mem_opcode_to_name(u16 opcode)
134 {
135 struct cxl_mem_command *c;
136
137 c = cxl_mem_find_command(opcode);
138 if (!c)
139 return NULL;
140
141 return cxl_command_names[c->info.id].name;
142 }
143
144 /**
145 * cxl_internal_send_cmd() - Kernel internal interface to send a mailbox command
146 * @cxlds: The device data for the operation
147 * @mbox_cmd: initialized command to execute
148 *
149 * Context: Any context.
150 * Return:
151 * * %>=0 - Number of bytes returned in @out.
152 * * %-E2BIG - Payload is too large for hardware.
153 * * %-EBUSY - Couldn't acquire exclusive mailbox access.
154 * * %-EFAULT - Hardware error occurred.
155 * * %-ENXIO - Command completed, but device reported an error.
156 * * %-EIO - Unexpected output size.
157 *
158 * Mailbox commands may execute successfully yet the device itself reported an
159 * error. While this distinction can be useful for commands from userspace, the
160 * kernel will only be able to use results when both are successful.
161 */
cxl_internal_send_cmd(struct cxl_dev_state * cxlds,struct cxl_mbox_cmd * mbox_cmd)162 int cxl_internal_send_cmd(struct cxl_dev_state *cxlds,
163 struct cxl_mbox_cmd *mbox_cmd)
164 {
165 size_t out_size, min_out;
166 int rc;
167
168 if (mbox_cmd->size_in > cxlds->payload_size ||
169 mbox_cmd->size_out > cxlds->payload_size)
170 return -E2BIG;
171
172 out_size = mbox_cmd->size_out;
173 min_out = mbox_cmd->min_out;
174 rc = cxlds->mbox_send(cxlds, mbox_cmd);
175 /*
176 * EIO is reserved for a payload size mismatch and mbox_send()
177 * may not return this error.
178 */
179 if (WARN_ONCE(rc == -EIO, "Bad return code: -EIO"))
180 return -ENXIO;
181 if (rc)
182 return rc;
183
184 if (mbox_cmd->return_code != CXL_MBOX_CMD_RC_SUCCESS)
185 return cxl_mbox_cmd_rc2errno(mbox_cmd);
186
187 if (!out_size)
188 return 0;
189
190 /*
191 * Variable sized output needs to at least satisfy the caller's
192 * minimum if not the fully requested size.
193 */
194 if (min_out == 0)
195 min_out = out_size;
196
197 if (mbox_cmd->size_out < min_out)
198 return -EIO;
199 return 0;
200 }
201 EXPORT_SYMBOL_NS_GPL(cxl_internal_send_cmd, CXL);
202
cxl_mem_raw_command_allowed(u16 opcode)203 static bool cxl_mem_raw_command_allowed(u16 opcode)
204 {
205 int i;
206
207 if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
208 return false;
209
210 if (security_locked_down(LOCKDOWN_PCI_ACCESS))
211 return false;
212
213 if (cxl_raw_allow_all)
214 return true;
215
216 if (cxl_is_security_command(opcode))
217 return false;
218
219 for (i = 0; i < ARRAY_SIZE(cxl_disabled_raw_commands); i++)
220 if (cxl_disabled_raw_commands[i] == opcode)
221 return false;
222
223 return true;
224 }
225
226 /**
227 * cxl_payload_from_user_allowed() - Check contents of in_payload.
228 * @opcode: The mailbox command opcode.
229 * @payload_in: Pointer to the input payload passed in from user space.
230 *
231 * Return:
232 * * true - payload_in passes check for @opcode.
233 * * false - payload_in contains invalid or unsupported values.
234 *
235 * The driver may inspect payload contents before sending a mailbox
236 * command from user space to the device. The intent is to reject
237 * commands with input payloads that are known to be unsafe. This
238 * check is not intended to replace the users careful selection of
239 * mailbox command parameters and makes no guarantee that the user
240 * command will succeed, nor that it is appropriate.
241 *
242 * The specific checks are determined by the opcode.
243 */
cxl_payload_from_user_allowed(u16 opcode,void * payload_in)244 static bool cxl_payload_from_user_allowed(u16 opcode, void *payload_in)
245 {
246 switch (opcode) {
247 case CXL_MBOX_OP_SET_PARTITION_INFO: {
248 struct cxl_mbox_set_partition_info *pi = payload_in;
249
250 if (pi->flags & CXL_SET_PARTITION_IMMEDIATE_FLAG)
251 return false;
252 break;
253 }
254 default:
255 break;
256 }
257 return true;
258 }
259
cxl_mbox_cmd_ctor(struct cxl_mbox_cmd * mbox,struct cxl_dev_state * cxlds,u16 opcode,size_t in_size,size_t out_size,u64 in_payload)260 static int cxl_mbox_cmd_ctor(struct cxl_mbox_cmd *mbox,
261 struct cxl_dev_state *cxlds, u16 opcode,
262 size_t in_size, size_t out_size, u64 in_payload)
263 {
264 *mbox = (struct cxl_mbox_cmd) {
265 .opcode = opcode,
266 .size_in = in_size,
267 };
268
269 if (in_size) {
270 mbox->payload_in = vmemdup_user(u64_to_user_ptr(in_payload),
271 in_size);
272 if (IS_ERR(mbox->payload_in))
273 return PTR_ERR(mbox->payload_in);
274
275 if (!cxl_payload_from_user_allowed(opcode, mbox->payload_in)) {
276 dev_dbg(cxlds->dev, "%s: input payload not allowed\n",
277 cxl_mem_opcode_to_name(opcode));
278 kvfree(mbox->payload_in);
279 return -EBUSY;
280 }
281 }
282
283 /* Prepare to handle a full payload for variable sized output */
284 if (out_size == CXL_VARIABLE_PAYLOAD)
285 mbox->size_out = cxlds->payload_size;
286 else
287 mbox->size_out = out_size;
288
289 if (mbox->size_out) {
290 mbox->payload_out = kvzalloc(mbox->size_out, GFP_KERNEL);
291 if (!mbox->payload_out) {
292 kvfree(mbox->payload_in);
293 return -ENOMEM;
294 }
295 }
296 return 0;
297 }
298
cxl_mbox_cmd_dtor(struct cxl_mbox_cmd * mbox)299 static void cxl_mbox_cmd_dtor(struct cxl_mbox_cmd *mbox)
300 {
301 kvfree(mbox->payload_in);
302 kvfree(mbox->payload_out);
303 }
304
cxl_to_mem_cmd_raw(struct cxl_mem_command * mem_cmd,const struct cxl_send_command * send_cmd,struct cxl_dev_state * cxlds)305 static int cxl_to_mem_cmd_raw(struct cxl_mem_command *mem_cmd,
306 const struct cxl_send_command *send_cmd,
307 struct cxl_dev_state *cxlds)
308 {
309 if (send_cmd->raw.rsvd)
310 return -EINVAL;
311
312 /*
313 * Unlike supported commands, the output size of RAW commands
314 * gets passed along without further checking, so it must be
315 * validated here.
316 */
317 if (send_cmd->out.size > cxlds->payload_size)
318 return -EINVAL;
319
320 if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode))
321 return -EPERM;
322
323 dev_WARN_ONCE(cxlds->dev, true, "raw command path used\n");
324
325 *mem_cmd = (struct cxl_mem_command) {
326 .info = {
327 .id = CXL_MEM_COMMAND_ID_RAW,
328 .size_in = send_cmd->in.size,
329 .size_out = send_cmd->out.size,
330 },
331 .opcode = send_cmd->raw.opcode
332 };
333
334 return 0;
335 }
336
cxl_to_mem_cmd(struct cxl_mem_command * mem_cmd,const struct cxl_send_command * send_cmd,struct cxl_dev_state * cxlds)337 static int cxl_to_mem_cmd(struct cxl_mem_command *mem_cmd,
338 const struct cxl_send_command *send_cmd,
339 struct cxl_dev_state *cxlds)
340 {
341 struct cxl_mem_command *c = &cxl_mem_commands[send_cmd->id];
342 const struct cxl_command_info *info = &c->info;
343
344 if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK)
345 return -EINVAL;
346
347 if (send_cmd->rsvd)
348 return -EINVAL;
349
350 if (send_cmd->in.rsvd || send_cmd->out.rsvd)
351 return -EINVAL;
352
353 /* Check that the command is enabled for hardware */
354 if (!test_bit(info->id, cxlds->enabled_cmds))
355 return -ENOTTY;
356
357 /* Check that the command is not claimed for exclusive kernel use */
358 if (test_bit(info->id, cxlds->exclusive_cmds))
359 return -EBUSY;
360
361 /* Check the input buffer is the expected size */
362 if ((info->size_in != CXL_VARIABLE_PAYLOAD) &&
363 (info->size_in != send_cmd->in.size))
364 return -ENOMEM;
365
366 /* Check the output buffer is at least large enough */
367 if ((info->size_out != CXL_VARIABLE_PAYLOAD) &&
368 (send_cmd->out.size < info->size_out))
369 return -ENOMEM;
370
371 *mem_cmd = (struct cxl_mem_command) {
372 .info = {
373 .id = info->id,
374 .flags = info->flags,
375 .size_in = send_cmd->in.size,
376 .size_out = send_cmd->out.size,
377 },
378 .opcode = c->opcode
379 };
380
381 return 0;
382 }
383
384 /**
385 * cxl_validate_cmd_from_user() - Check fields for CXL_MEM_SEND_COMMAND.
386 * @mbox_cmd: Sanitized and populated &struct cxl_mbox_cmd.
387 * @cxlds: The device data for the operation
388 * @send_cmd: &struct cxl_send_command copied in from userspace.
389 *
390 * Return:
391 * * %0 - @out_cmd is ready to send.
392 * * %-ENOTTY - Invalid command specified.
393 * * %-EINVAL - Reserved fields or invalid values were used.
394 * * %-ENOMEM - Input or output buffer wasn't sized properly.
395 * * %-EPERM - Attempted to use a protected command.
396 * * %-EBUSY - Kernel has claimed exclusive access to this opcode
397 *
398 * The result of this command is a fully validated command in @mbox_cmd that is
399 * safe to send to the hardware.
400 */
cxl_validate_cmd_from_user(struct cxl_mbox_cmd * mbox_cmd,struct cxl_dev_state * cxlds,const struct cxl_send_command * send_cmd)401 static int cxl_validate_cmd_from_user(struct cxl_mbox_cmd *mbox_cmd,
402 struct cxl_dev_state *cxlds,
403 const struct cxl_send_command *send_cmd)
404 {
405 struct cxl_mem_command mem_cmd;
406 int rc;
407
408 if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX)
409 return -ENOTTY;
410
411 /*
412 * The user can never specify an input payload larger than what hardware
413 * supports, but output can be arbitrarily large (simply write out as
414 * much data as the hardware provides).
415 */
416 if (send_cmd->in.size > cxlds->payload_size)
417 return -EINVAL;
418
419 /* Sanitize and construct a cxl_mem_command */
420 if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW)
421 rc = cxl_to_mem_cmd_raw(&mem_cmd, send_cmd, cxlds);
422 else
423 rc = cxl_to_mem_cmd(&mem_cmd, send_cmd, cxlds);
424
425 if (rc)
426 return rc;
427
428 /* Sanitize and construct a cxl_mbox_cmd */
429 return cxl_mbox_cmd_ctor(mbox_cmd, cxlds, mem_cmd.opcode,
430 mem_cmd.info.size_in, mem_cmd.info.size_out,
431 send_cmd->in.payload);
432 }
433
cxl_query_cmd(struct cxl_memdev * cxlmd,struct cxl_mem_query_commands __user * q)434 int cxl_query_cmd(struct cxl_memdev *cxlmd,
435 struct cxl_mem_query_commands __user *q)
436 {
437 struct device *dev = &cxlmd->dev;
438 struct cxl_mem_command *cmd;
439 u32 n_commands;
440 int j = 0;
441
442 dev_dbg(dev, "Query IOCTL\n");
443
444 if (get_user(n_commands, &q->n_commands))
445 return -EFAULT;
446
447 /* returns the total number if 0 elements are requested. */
448 if (n_commands == 0)
449 return put_user(ARRAY_SIZE(cxl_mem_commands), &q->n_commands);
450
451 /*
452 * otherwise, return max(n_commands, total commands) cxl_command_info
453 * structures.
454 */
455 cxl_for_each_cmd(cmd) {
456 struct cxl_command_info info = cmd->info;
457
458 if (test_bit(info.id, cxlmd->cxlds->enabled_cmds))
459 info.flags |= CXL_MEM_COMMAND_FLAG_ENABLED;
460 if (test_bit(info.id, cxlmd->cxlds->exclusive_cmds))
461 info.flags |= CXL_MEM_COMMAND_FLAG_EXCLUSIVE;
462
463 if (copy_to_user(&q->commands[j++], &info, sizeof(info)))
464 return -EFAULT;
465
466 if (j == n_commands)
467 break;
468 }
469
470 return 0;
471 }
472
473 /**
474 * handle_mailbox_cmd_from_user() - Dispatch a mailbox command for userspace.
475 * @cxlds: The device data for the operation
476 * @mbox_cmd: The validated mailbox command.
477 * @out_payload: Pointer to userspace's output payload.
478 * @size_out: (Input) Max payload size to copy out.
479 * (Output) Payload size hardware generated.
480 * @retval: Hardware generated return code from the operation.
481 *
482 * Return:
483 * * %0 - Mailbox transaction succeeded. This implies the mailbox
484 * protocol completed successfully not that the operation itself
485 * was successful.
486 * * %-ENOMEM - Couldn't allocate a bounce buffer.
487 * * %-EFAULT - Something happened with copy_to/from_user.
488 * * %-EINTR - Mailbox acquisition interrupted.
489 * * %-EXXX - Transaction level failures.
490 *
491 * Dispatches a mailbox command on behalf of a userspace request.
492 * The output payload is copied to userspace.
493 *
494 * See cxl_send_cmd().
495 */
handle_mailbox_cmd_from_user(struct cxl_dev_state * cxlds,struct cxl_mbox_cmd * mbox_cmd,u64 out_payload,s32 * size_out,u32 * retval)496 static int handle_mailbox_cmd_from_user(struct cxl_dev_state *cxlds,
497 struct cxl_mbox_cmd *mbox_cmd,
498 u64 out_payload, s32 *size_out,
499 u32 *retval)
500 {
501 struct device *dev = cxlds->dev;
502 int rc;
503
504 dev_dbg(dev,
505 "Submitting %s command for user\n"
506 "\topcode: %x\n"
507 "\tsize: %zx\n",
508 cxl_mem_opcode_to_name(mbox_cmd->opcode),
509 mbox_cmd->opcode, mbox_cmd->size_in);
510
511 rc = cxlds->mbox_send(cxlds, mbox_cmd);
512 if (rc)
513 goto out;
514
515 /*
516 * @size_out contains the max size that's allowed to be written back out
517 * to userspace. While the payload may have written more output than
518 * this it will have to be ignored.
519 */
520 if (mbox_cmd->size_out) {
521 dev_WARN_ONCE(dev, mbox_cmd->size_out > *size_out,
522 "Invalid return size\n");
523 if (copy_to_user(u64_to_user_ptr(out_payload),
524 mbox_cmd->payload_out, mbox_cmd->size_out)) {
525 rc = -EFAULT;
526 goto out;
527 }
528 }
529
530 *size_out = mbox_cmd->size_out;
531 *retval = mbox_cmd->return_code;
532
533 out:
534 cxl_mbox_cmd_dtor(mbox_cmd);
535 return rc;
536 }
537
cxl_send_cmd(struct cxl_memdev * cxlmd,struct cxl_send_command __user * s)538 int cxl_send_cmd(struct cxl_memdev *cxlmd, struct cxl_send_command __user *s)
539 {
540 struct cxl_dev_state *cxlds = cxlmd->cxlds;
541 struct device *dev = &cxlmd->dev;
542 struct cxl_send_command send;
543 struct cxl_mbox_cmd mbox_cmd;
544 int rc;
545
546 dev_dbg(dev, "Send IOCTL\n");
547
548 if (copy_from_user(&send, s, sizeof(send)))
549 return -EFAULT;
550
551 rc = cxl_validate_cmd_from_user(&mbox_cmd, cxlmd->cxlds, &send);
552 if (rc)
553 return rc;
554
555 rc = handle_mailbox_cmd_from_user(cxlds, &mbox_cmd, send.out.payload,
556 &send.out.size, &send.retval);
557 if (rc)
558 return rc;
559
560 if (copy_to_user(s, &send, sizeof(send)))
561 return -EFAULT;
562
563 return 0;
564 }
565
cxl_xfer_log(struct cxl_dev_state * cxlds,uuid_t * uuid,u32 * size,u8 * out)566 static int cxl_xfer_log(struct cxl_dev_state *cxlds, uuid_t *uuid, u32 *size, u8 *out)
567 {
568 u32 remaining = *size;
569 u32 offset = 0;
570
571 while (remaining) {
572 u32 xfer_size = min_t(u32, remaining, cxlds->payload_size);
573 struct cxl_mbox_cmd mbox_cmd;
574 struct cxl_mbox_get_log log;
575 int rc;
576
577 log = (struct cxl_mbox_get_log) {
578 .uuid = *uuid,
579 .offset = cpu_to_le32(offset),
580 .length = cpu_to_le32(xfer_size),
581 };
582
583 mbox_cmd = (struct cxl_mbox_cmd) {
584 .opcode = CXL_MBOX_OP_GET_LOG,
585 .size_in = sizeof(log),
586 .payload_in = &log,
587 .size_out = xfer_size,
588 .payload_out = out,
589 };
590
591 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
592
593 /*
594 * The output payload length that indicates the number
595 * of valid bytes can be smaller than the Log buffer
596 * size.
597 */
598 if (rc == -EIO && mbox_cmd.size_out < xfer_size) {
599 offset += mbox_cmd.size_out;
600 break;
601 }
602
603 if (rc < 0)
604 return rc;
605
606 out += xfer_size;
607 remaining -= xfer_size;
608 offset += xfer_size;
609 }
610
611 *size = offset;
612
613 return 0;
614 }
615
616 /**
617 * cxl_walk_cel() - Walk through the Command Effects Log.
618 * @cxlds: The device data for the operation
619 * @size: Length of the Command Effects Log.
620 * @cel: CEL
621 *
622 * Iterate over each entry in the CEL and determine if the driver supports the
623 * command. If so, the command is enabled for the device and can be used later.
624 */
cxl_walk_cel(struct cxl_dev_state * cxlds,size_t size,u8 * cel)625 static void cxl_walk_cel(struct cxl_dev_state *cxlds, size_t size, u8 *cel)
626 {
627 struct cxl_cel_entry *cel_entry;
628 const int cel_entries = size / sizeof(*cel_entry);
629 int i;
630
631 cel_entry = (struct cxl_cel_entry *) cel;
632
633 for (i = 0; i < cel_entries; i++) {
634 u16 opcode = le16_to_cpu(cel_entry[i].opcode);
635 struct cxl_mem_command *cmd = cxl_mem_find_command(opcode);
636
637 if (!cmd) {
638 dev_dbg(cxlds->dev,
639 "Opcode 0x%04x unsupported by driver\n", opcode);
640 continue;
641 }
642
643 set_bit(cmd->info.id, cxlds->enabled_cmds);
644 dev_dbg(cxlds->dev, "Opcode 0x%04x enabled\n", opcode);
645 }
646 }
647
cxl_get_gsl(struct cxl_dev_state * cxlds)648 static struct cxl_mbox_get_supported_logs *cxl_get_gsl(struct cxl_dev_state *cxlds)
649 {
650 struct cxl_mbox_get_supported_logs *ret;
651 struct cxl_mbox_cmd mbox_cmd;
652 int rc;
653
654 ret = kvmalloc(cxlds->payload_size, GFP_KERNEL);
655 if (!ret)
656 return ERR_PTR(-ENOMEM);
657
658 mbox_cmd = (struct cxl_mbox_cmd) {
659 .opcode = CXL_MBOX_OP_GET_SUPPORTED_LOGS,
660 .size_out = cxlds->payload_size,
661 .payload_out = ret,
662 /* At least the record number field must be valid */
663 .min_out = 2,
664 };
665 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
666 if (rc < 0) {
667 kvfree(ret);
668 return ERR_PTR(rc);
669 }
670
671
672 return ret;
673 }
674
675 enum {
676 CEL_UUID,
677 VENDOR_DEBUG_UUID,
678 };
679
680 /* See CXL 2.0 Table 170. Get Log Input Payload */
681 static const uuid_t log_uuid[] = {
682 [CEL_UUID] = DEFINE_CXL_CEL_UUID,
683 [VENDOR_DEBUG_UUID] = DEFINE_CXL_VENDOR_DEBUG_UUID,
684 };
685
686 /**
687 * cxl_enumerate_cmds() - Enumerate commands for a device.
688 * @cxlds: The device data for the operation
689 *
690 * Returns 0 if enumerate completed successfully.
691 *
692 * CXL devices have optional support for certain commands. This function will
693 * determine the set of supported commands for the hardware and update the
694 * enabled_cmds bitmap in the @cxlds.
695 */
cxl_enumerate_cmds(struct cxl_dev_state * cxlds)696 int cxl_enumerate_cmds(struct cxl_dev_state *cxlds)
697 {
698 struct cxl_mbox_get_supported_logs *gsl;
699 struct device *dev = cxlds->dev;
700 struct cxl_mem_command *cmd;
701 int i, rc;
702
703 gsl = cxl_get_gsl(cxlds);
704 if (IS_ERR(gsl))
705 return PTR_ERR(gsl);
706
707 rc = -ENOENT;
708 for (i = 0; i < le16_to_cpu(gsl->entries); i++) {
709 u32 size = le32_to_cpu(gsl->entry[i].size);
710 uuid_t uuid = gsl->entry[i].uuid;
711 u8 *log;
712
713 dev_dbg(dev, "Found LOG type %pU of size %d", &uuid, size);
714
715 if (!uuid_equal(&uuid, &log_uuid[CEL_UUID]))
716 continue;
717
718 log = kvmalloc(size, GFP_KERNEL);
719 if (!log) {
720 rc = -ENOMEM;
721 goto out;
722 }
723
724 rc = cxl_xfer_log(cxlds, &uuid, &size, log);
725 if (rc) {
726 kvfree(log);
727 goto out;
728 }
729
730 cxl_walk_cel(cxlds, size, log);
731 kvfree(log);
732
733 /* In case CEL was bogus, enable some default commands. */
734 cxl_for_each_cmd(cmd)
735 if (cmd->flags & CXL_CMD_FLAG_FORCE_ENABLE)
736 set_bit(cmd->info.id, cxlds->enabled_cmds);
737
738 /* Found the required CEL */
739 rc = 0;
740 }
741 out:
742 kvfree(gsl);
743 return rc;
744 }
745 EXPORT_SYMBOL_NS_GPL(cxl_enumerate_cmds, CXL);
746
747 /*
748 * General Media Event Record
749 * CXL rev 3.0 Section 8.2.9.2.1.1; Table 8-43
750 */
751 static const uuid_t gen_media_event_uuid =
752 UUID_INIT(0xfbcd0a77, 0xc260, 0x417f,
753 0x85, 0xa9, 0x08, 0x8b, 0x16, 0x21, 0xeb, 0xa6);
754
755 /*
756 * DRAM Event Record
757 * CXL rev 3.0 section 8.2.9.2.1.2; Table 8-44
758 */
759 static const uuid_t dram_event_uuid =
760 UUID_INIT(0x601dcbb3, 0x9c06, 0x4eab,
761 0xb8, 0xaf, 0x4e, 0x9b, 0xfb, 0x5c, 0x96, 0x24);
762
763 /*
764 * Memory Module Event Record
765 * CXL rev 3.0 section 8.2.9.2.1.3; Table 8-45
766 */
767 static const uuid_t mem_mod_event_uuid =
768 UUID_INIT(0xfe927475, 0xdd59, 0x4339,
769 0xa5, 0x86, 0x79, 0xba, 0xb1, 0x13, 0xb7, 0x74);
770
cxl_event_trace_record(const struct cxl_memdev * cxlmd,enum cxl_event_log_type type,struct cxl_event_record_raw * record)771 static void cxl_event_trace_record(const struct cxl_memdev *cxlmd,
772 enum cxl_event_log_type type,
773 struct cxl_event_record_raw *record)
774 {
775 uuid_t *id = &record->hdr.id;
776
777 if (uuid_equal(id, &gen_media_event_uuid)) {
778 struct cxl_event_gen_media *rec =
779 (struct cxl_event_gen_media *)record;
780
781 trace_cxl_general_media(cxlmd, type, rec);
782 } else if (uuid_equal(id, &dram_event_uuid)) {
783 struct cxl_event_dram *rec = (struct cxl_event_dram *)record;
784
785 trace_cxl_dram(cxlmd, type, rec);
786 } else if (uuid_equal(id, &mem_mod_event_uuid)) {
787 struct cxl_event_mem_module *rec =
788 (struct cxl_event_mem_module *)record;
789
790 trace_cxl_memory_module(cxlmd, type, rec);
791 } else {
792 /* For unknown record types print just the header */
793 trace_cxl_generic_event(cxlmd, type, record);
794 }
795 }
796
cxl_clear_event_record(struct cxl_dev_state * cxlds,enum cxl_event_log_type log,struct cxl_get_event_payload * get_pl)797 static int cxl_clear_event_record(struct cxl_dev_state *cxlds,
798 enum cxl_event_log_type log,
799 struct cxl_get_event_payload *get_pl)
800 {
801 struct cxl_mbox_clear_event_payload *payload;
802 u16 total = le16_to_cpu(get_pl->record_count);
803 u8 max_handles = CXL_CLEAR_EVENT_MAX_HANDLES;
804 size_t pl_size = struct_size(payload, handles, max_handles);
805 struct cxl_mbox_cmd mbox_cmd;
806 u16 cnt;
807 int rc = 0;
808 int i;
809
810 /* Payload size may limit the max handles */
811 if (pl_size > cxlds->payload_size) {
812 max_handles = (cxlds->payload_size - sizeof(*payload)) /
813 sizeof(__le16);
814 pl_size = struct_size(payload, handles, max_handles);
815 }
816
817 payload = kvzalloc(pl_size, GFP_KERNEL);
818 if (!payload)
819 return -ENOMEM;
820
821 *payload = (struct cxl_mbox_clear_event_payload) {
822 .event_log = log,
823 };
824
825 mbox_cmd = (struct cxl_mbox_cmd) {
826 .opcode = CXL_MBOX_OP_CLEAR_EVENT_RECORD,
827 .payload_in = payload,
828 .size_in = pl_size,
829 };
830
831 /*
832 * Clear Event Records uses u8 for the handle cnt while Get Event
833 * Record can return up to 0xffff records.
834 */
835 i = 0;
836 for (cnt = 0; cnt < total; cnt++) {
837 payload->handles[i++] = get_pl->records[cnt].hdr.handle;
838 dev_dbg(cxlds->dev, "Event log '%d': Clearing %u\n",
839 log, le16_to_cpu(payload->handles[i]));
840
841 if (i == max_handles) {
842 payload->nr_recs = i;
843 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
844 if (rc)
845 goto free_pl;
846 i = 0;
847 }
848 }
849
850 /* Clear what is left if any */
851 if (i) {
852 payload->nr_recs = i;
853 mbox_cmd.size_in = struct_size(payload, handles, i);
854 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
855 if (rc)
856 goto free_pl;
857 }
858
859 free_pl:
860 kvfree(payload);
861 return rc;
862 }
863
cxl_mem_get_records_log(struct cxl_dev_state * cxlds,enum cxl_event_log_type type)864 static void cxl_mem_get_records_log(struct cxl_dev_state *cxlds,
865 enum cxl_event_log_type type)
866 {
867 struct cxl_get_event_payload *payload;
868 struct cxl_mbox_cmd mbox_cmd;
869 u8 log_type = type;
870 u16 nr_rec;
871
872 mutex_lock(&cxlds->event.log_lock);
873 payload = cxlds->event.buf;
874
875 mbox_cmd = (struct cxl_mbox_cmd) {
876 .opcode = CXL_MBOX_OP_GET_EVENT_RECORD,
877 .payload_in = &log_type,
878 .size_in = sizeof(log_type),
879 .payload_out = payload,
880 .size_out = cxlds->payload_size,
881 .min_out = struct_size(payload, records, 0),
882 };
883
884 do {
885 int rc, i;
886
887 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
888 if (rc) {
889 dev_err_ratelimited(cxlds->dev,
890 "Event log '%d': Failed to query event records : %d",
891 type, rc);
892 break;
893 }
894
895 nr_rec = le16_to_cpu(payload->record_count);
896 if (!nr_rec)
897 break;
898
899 for (i = 0; i < nr_rec; i++)
900 cxl_event_trace_record(cxlds->cxlmd, type,
901 &payload->records[i]);
902
903 if (payload->flags & CXL_GET_EVENT_FLAG_OVERFLOW)
904 trace_cxl_overflow(cxlds->cxlmd, type, payload);
905
906 rc = cxl_clear_event_record(cxlds, type, payload);
907 if (rc) {
908 dev_err_ratelimited(cxlds->dev,
909 "Event log '%d': Failed to clear events : %d",
910 type, rc);
911 break;
912 }
913 } while (nr_rec);
914
915 mutex_unlock(&cxlds->event.log_lock);
916 }
917
918 /**
919 * cxl_mem_get_event_records - Get Event Records from the device
920 * @cxlds: The device data for the operation
921 * @status: Event Status register value identifying which events are available.
922 *
923 * Retrieve all event records available on the device, report them as trace
924 * events, and clear them.
925 *
926 * See CXL rev 3.0 @8.2.9.2.2 Get Event Records
927 * See CXL rev 3.0 @8.2.9.2.3 Clear Event Records
928 */
cxl_mem_get_event_records(struct cxl_dev_state * cxlds,u32 status)929 void cxl_mem_get_event_records(struct cxl_dev_state *cxlds, u32 status)
930 {
931 dev_dbg(cxlds->dev, "Reading event logs: %x\n", status);
932
933 if (status & CXLDEV_EVENT_STATUS_FATAL)
934 cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_FATAL);
935 if (status & CXLDEV_EVENT_STATUS_FAIL)
936 cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_FAIL);
937 if (status & CXLDEV_EVENT_STATUS_WARN)
938 cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_WARN);
939 if (status & CXLDEV_EVENT_STATUS_INFO)
940 cxl_mem_get_records_log(cxlds, CXL_EVENT_TYPE_INFO);
941 }
942 EXPORT_SYMBOL_NS_GPL(cxl_mem_get_event_records, CXL);
943
944 /**
945 * cxl_mem_get_partition_info - Get partition info
946 * @cxlds: The device data for the operation
947 *
948 * Retrieve the current partition info for the device specified. The active
949 * values are the current capacity in bytes. If not 0, the 'next' values are
950 * the pending values, in bytes, which take affect on next cold reset.
951 *
952 * Return: 0 if no error: or the result of the mailbox command.
953 *
954 * See CXL @8.2.9.5.2.1 Get Partition Info
955 */
cxl_mem_get_partition_info(struct cxl_dev_state * cxlds)956 static int cxl_mem_get_partition_info(struct cxl_dev_state *cxlds)
957 {
958 struct cxl_mbox_get_partition_info pi;
959 struct cxl_mbox_cmd mbox_cmd;
960 int rc;
961
962 mbox_cmd = (struct cxl_mbox_cmd) {
963 .opcode = CXL_MBOX_OP_GET_PARTITION_INFO,
964 .size_out = sizeof(pi),
965 .payload_out = &pi,
966 };
967 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
968 if (rc)
969 return rc;
970
971 cxlds->active_volatile_bytes =
972 le64_to_cpu(pi.active_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
973 cxlds->active_persistent_bytes =
974 le64_to_cpu(pi.active_persistent_cap) * CXL_CAPACITY_MULTIPLIER;
975 cxlds->next_volatile_bytes =
976 le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
977 cxlds->next_persistent_bytes =
978 le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
979
980 return 0;
981 }
982
983 /**
984 * cxl_dev_state_identify() - Send the IDENTIFY command to the device.
985 * @cxlds: The device data for the operation
986 *
987 * Return: 0 if identify was executed successfully.
988 *
989 * This will dispatch the identify command to the device and on success populate
990 * structures to be exported to sysfs.
991 */
cxl_dev_state_identify(struct cxl_dev_state * cxlds)992 int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
993 {
994 /* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
995 struct cxl_mbox_identify id;
996 struct cxl_mbox_cmd mbox_cmd;
997 int rc;
998
999 mbox_cmd = (struct cxl_mbox_cmd) {
1000 .opcode = CXL_MBOX_OP_IDENTIFY,
1001 .size_out = sizeof(id),
1002 .payload_out = &id,
1003 };
1004 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
1005 if (rc < 0)
1006 return rc;
1007
1008 cxlds->total_bytes =
1009 le64_to_cpu(id.total_capacity) * CXL_CAPACITY_MULTIPLIER;
1010 cxlds->volatile_only_bytes =
1011 le64_to_cpu(id.volatile_capacity) * CXL_CAPACITY_MULTIPLIER;
1012 cxlds->persistent_only_bytes =
1013 le64_to_cpu(id.persistent_capacity) * CXL_CAPACITY_MULTIPLIER;
1014 cxlds->partition_align_bytes =
1015 le64_to_cpu(id.partition_align) * CXL_CAPACITY_MULTIPLIER;
1016
1017 cxlds->lsa_size = le32_to_cpu(id.lsa_size);
1018 memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
1019
1020 return 0;
1021 }
1022 EXPORT_SYMBOL_NS_GPL(cxl_dev_state_identify, CXL);
1023
add_dpa_res(struct device * dev,struct resource * parent,struct resource * res,resource_size_t start,resource_size_t size,const char * type)1024 static int add_dpa_res(struct device *dev, struct resource *parent,
1025 struct resource *res, resource_size_t start,
1026 resource_size_t size, const char *type)
1027 {
1028 int rc;
1029
1030 res->name = type;
1031 res->start = start;
1032 res->end = start + size - 1;
1033 res->flags = IORESOURCE_MEM;
1034 if (resource_size(res) == 0) {
1035 dev_dbg(dev, "DPA(%s): no capacity\n", res->name);
1036 return 0;
1037 }
1038 rc = request_resource(parent, res);
1039 if (rc) {
1040 dev_err(dev, "DPA(%s): failed to track %pr (%d)\n", res->name,
1041 res, rc);
1042 return rc;
1043 }
1044
1045 dev_dbg(dev, "DPA(%s): %pr\n", res->name, res);
1046
1047 return 0;
1048 }
1049
cxl_mem_create_range_info(struct cxl_dev_state * cxlds)1050 int cxl_mem_create_range_info(struct cxl_dev_state *cxlds)
1051 {
1052 struct device *dev = cxlds->dev;
1053 int rc;
1054
1055 cxlds->dpa_res =
1056 (struct resource)DEFINE_RES_MEM(0, cxlds->total_bytes);
1057
1058 if (cxlds->partition_align_bytes == 0) {
1059 rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1060 cxlds->volatile_only_bytes, "ram");
1061 if (rc)
1062 return rc;
1063 return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1064 cxlds->volatile_only_bytes,
1065 cxlds->persistent_only_bytes, "pmem");
1066 }
1067
1068 rc = cxl_mem_get_partition_info(cxlds);
1069 if (rc) {
1070 dev_err(dev, "Failed to query partition information\n");
1071 return rc;
1072 }
1073
1074 rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1075 cxlds->active_volatile_bytes, "ram");
1076 if (rc)
1077 return rc;
1078 return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1079 cxlds->active_volatile_bytes,
1080 cxlds->active_persistent_bytes, "pmem");
1081 }
1082 EXPORT_SYMBOL_NS_GPL(cxl_mem_create_range_info, CXL);
1083
cxl_set_timestamp(struct cxl_dev_state * cxlds)1084 int cxl_set_timestamp(struct cxl_dev_state *cxlds)
1085 {
1086 struct cxl_mbox_cmd mbox_cmd;
1087 struct cxl_mbox_set_timestamp_in pi;
1088 int rc;
1089
1090 pi.timestamp = cpu_to_le64(ktime_get_real_ns());
1091 mbox_cmd = (struct cxl_mbox_cmd) {
1092 .opcode = CXL_MBOX_OP_SET_TIMESTAMP,
1093 .size_in = sizeof(pi),
1094 .payload_in = &pi,
1095 };
1096
1097 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
1098 /*
1099 * Command is optional. Devices may have another way of providing
1100 * a timestamp, or may return all 0s in timestamp fields.
1101 * Don't report an error if this command isn't supported
1102 */
1103 if (rc && (mbox_cmd.return_code != CXL_MBOX_CMD_RC_UNSUPPORTED))
1104 return rc;
1105
1106 return 0;
1107 }
1108 EXPORT_SYMBOL_NS_GPL(cxl_set_timestamp, CXL);
1109
cxl_dev_state_create(struct device * dev)1110 struct cxl_dev_state *cxl_dev_state_create(struct device *dev)
1111 {
1112 struct cxl_dev_state *cxlds;
1113
1114 cxlds = devm_kzalloc(dev, sizeof(*cxlds), GFP_KERNEL);
1115 if (!cxlds) {
1116 dev_err(dev, "No memory available\n");
1117 return ERR_PTR(-ENOMEM);
1118 }
1119
1120 mutex_init(&cxlds->mbox_mutex);
1121 mutex_init(&cxlds->event.log_lock);
1122 cxlds->dev = dev;
1123
1124 return cxlds;
1125 }
1126 EXPORT_SYMBOL_NS_GPL(cxl_dev_state_create, CXL);
1127
cxl_mbox_init(void)1128 void __init cxl_mbox_init(void)
1129 {
1130 struct dentry *mbox_debugfs;
1131
1132 mbox_debugfs = cxl_debugfs_create_dir("mbox");
1133 debugfs_create_bool("raw_allow_all", 0600, mbox_debugfs,
1134 &cxl_raw_allow_all);
1135 }
1136