0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013 #include <linux/vfio.h>
0014 #include <linux/mdev.h>
0015 #include <linux/nospec.h>
0016 #include <linux/slab.h>
0017
0018 #include "vfio_ccw_private.h"
0019
0020 static const struct vfio_device_ops vfio_ccw_dev_ops;
0021
0022 static int vfio_ccw_mdev_reset(struct vfio_ccw_private *private)
0023 {
0024
0025
0026
0027
0028 vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_CLOSE);
0029 vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_OPEN);
0030 if (private->state == VFIO_CCW_STATE_NOT_OPER)
0031 return -EINVAL;
0032
0033 return 0;
0034 }
0035
0036 static void vfio_ccw_dma_unmap(struct vfio_device *vdev, u64 iova, u64 length)
0037 {
0038 struct vfio_ccw_private *private =
0039 container_of(vdev, struct vfio_ccw_private, vdev);
0040
0041
0042 if (!cp_iova_pinned(&private->cp, iova, length))
0043 return;
0044
0045 vfio_ccw_mdev_reset(private);
0046 }
0047
0048 static ssize_t name_show(struct mdev_type *mtype,
0049 struct mdev_type_attribute *attr, char *buf)
0050 {
0051 return sprintf(buf, "I/O subchannel (Non-QDIO)\n");
0052 }
0053 static MDEV_TYPE_ATTR_RO(name);
0054
0055 static ssize_t device_api_show(struct mdev_type *mtype,
0056 struct mdev_type_attribute *attr, char *buf)
0057 {
0058 return sprintf(buf, "%s\n", VFIO_DEVICE_API_CCW_STRING);
0059 }
0060 static MDEV_TYPE_ATTR_RO(device_api);
0061
0062 static ssize_t available_instances_show(struct mdev_type *mtype,
0063 struct mdev_type_attribute *attr,
0064 char *buf)
0065 {
0066 struct vfio_ccw_private *private =
0067 dev_get_drvdata(mtype_get_parent_dev(mtype));
0068
0069 return sprintf(buf, "%d\n", atomic_read(&private->avail));
0070 }
0071 static MDEV_TYPE_ATTR_RO(available_instances);
0072
0073 static struct attribute *mdev_types_attrs[] = {
0074 &mdev_type_attr_name.attr,
0075 &mdev_type_attr_device_api.attr,
0076 &mdev_type_attr_available_instances.attr,
0077 NULL,
0078 };
0079
0080 static struct attribute_group mdev_type_group = {
0081 .name = "io",
0082 .attrs = mdev_types_attrs,
0083 };
0084
0085 static struct attribute_group *mdev_type_groups[] = {
0086 &mdev_type_group,
0087 NULL,
0088 };
0089
0090 static int vfio_ccw_mdev_probe(struct mdev_device *mdev)
0091 {
0092 struct vfio_ccw_private *private = dev_get_drvdata(mdev->dev.parent);
0093 int ret;
0094
0095 if (private->state == VFIO_CCW_STATE_NOT_OPER)
0096 return -ENODEV;
0097
0098 if (atomic_dec_if_positive(&private->avail) < 0)
0099 return -EPERM;
0100
0101 memset(&private->vdev, 0, sizeof(private->vdev));
0102 vfio_init_group_dev(&private->vdev, &mdev->dev,
0103 &vfio_ccw_dev_ops);
0104
0105 VFIO_CCW_MSG_EVENT(2, "sch %x.%x.%04x: create\n",
0106 private->sch->schid.cssid,
0107 private->sch->schid.ssid,
0108 private->sch->schid.sch_no);
0109
0110 ret = vfio_register_emulated_iommu_dev(&private->vdev);
0111 if (ret)
0112 goto err_atomic;
0113 dev_set_drvdata(&mdev->dev, private);
0114 return 0;
0115
0116 err_atomic:
0117 vfio_uninit_group_dev(&private->vdev);
0118 atomic_inc(&private->avail);
0119 return ret;
0120 }
0121
0122 static void vfio_ccw_mdev_remove(struct mdev_device *mdev)
0123 {
0124 struct vfio_ccw_private *private = dev_get_drvdata(mdev->dev.parent);
0125
0126 VFIO_CCW_MSG_EVENT(2, "sch %x.%x.%04x: remove\n",
0127 private->sch->schid.cssid,
0128 private->sch->schid.ssid,
0129 private->sch->schid.sch_no);
0130
0131 vfio_unregister_group_dev(&private->vdev);
0132
0133 vfio_uninit_group_dev(&private->vdev);
0134 atomic_inc(&private->avail);
0135 }
0136
0137 static int vfio_ccw_mdev_open_device(struct vfio_device *vdev)
0138 {
0139 struct vfio_ccw_private *private =
0140 container_of(vdev, struct vfio_ccw_private, vdev);
0141 int ret;
0142
0143
0144 if (private->state == VFIO_CCW_STATE_NOT_OPER)
0145 return -EINVAL;
0146
0147 ret = vfio_ccw_register_async_dev_regions(private);
0148 if (ret)
0149 return ret;
0150
0151 ret = vfio_ccw_register_schib_dev_regions(private);
0152 if (ret)
0153 goto out_unregister;
0154
0155 ret = vfio_ccw_register_crw_dev_regions(private);
0156 if (ret)
0157 goto out_unregister;
0158
0159 vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_OPEN);
0160 if (private->state == VFIO_CCW_STATE_NOT_OPER) {
0161 ret = -EINVAL;
0162 goto out_unregister;
0163 }
0164
0165 return ret;
0166
0167 out_unregister:
0168 vfio_ccw_unregister_dev_regions(private);
0169 return ret;
0170 }
0171
0172 static void vfio_ccw_mdev_close_device(struct vfio_device *vdev)
0173 {
0174 struct vfio_ccw_private *private =
0175 container_of(vdev, struct vfio_ccw_private, vdev);
0176
0177 vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_CLOSE);
0178 vfio_ccw_unregister_dev_regions(private);
0179 }
0180
0181 static ssize_t vfio_ccw_mdev_read_io_region(struct vfio_ccw_private *private,
0182 char __user *buf, size_t count,
0183 loff_t *ppos)
0184 {
0185 loff_t pos = *ppos & VFIO_CCW_OFFSET_MASK;
0186 struct ccw_io_region *region;
0187 int ret;
0188
0189 if (pos + count > sizeof(*region))
0190 return -EINVAL;
0191
0192 mutex_lock(&private->io_mutex);
0193 region = private->io_region;
0194 if (copy_to_user(buf, (void *)region + pos, count))
0195 ret = -EFAULT;
0196 else
0197 ret = count;
0198 mutex_unlock(&private->io_mutex);
0199 return ret;
0200 }
0201
0202 static ssize_t vfio_ccw_mdev_read(struct vfio_device *vdev,
0203 char __user *buf,
0204 size_t count,
0205 loff_t *ppos)
0206 {
0207 struct vfio_ccw_private *private =
0208 container_of(vdev, struct vfio_ccw_private, vdev);
0209 unsigned int index = VFIO_CCW_OFFSET_TO_INDEX(*ppos);
0210
0211 if (index >= VFIO_CCW_NUM_REGIONS + private->num_regions)
0212 return -EINVAL;
0213
0214 switch (index) {
0215 case VFIO_CCW_CONFIG_REGION_INDEX:
0216 return vfio_ccw_mdev_read_io_region(private, buf, count, ppos);
0217 default:
0218 index -= VFIO_CCW_NUM_REGIONS;
0219 return private->region[index].ops->read(private, buf, count,
0220 ppos);
0221 }
0222
0223 return -EINVAL;
0224 }
0225
0226 static ssize_t vfio_ccw_mdev_write_io_region(struct vfio_ccw_private *private,
0227 const char __user *buf,
0228 size_t count, loff_t *ppos)
0229 {
0230 loff_t pos = *ppos & VFIO_CCW_OFFSET_MASK;
0231 struct ccw_io_region *region;
0232 int ret;
0233
0234 if (pos + count > sizeof(*region))
0235 return -EINVAL;
0236
0237 if (!mutex_trylock(&private->io_mutex))
0238 return -EAGAIN;
0239
0240 region = private->io_region;
0241 if (copy_from_user((void *)region + pos, buf, count)) {
0242 ret = -EFAULT;
0243 goto out_unlock;
0244 }
0245
0246 vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_IO_REQ);
0247 ret = (region->ret_code != 0) ? region->ret_code : count;
0248
0249 out_unlock:
0250 mutex_unlock(&private->io_mutex);
0251 return ret;
0252 }
0253
0254 static ssize_t vfio_ccw_mdev_write(struct vfio_device *vdev,
0255 const char __user *buf,
0256 size_t count,
0257 loff_t *ppos)
0258 {
0259 struct vfio_ccw_private *private =
0260 container_of(vdev, struct vfio_ccw_private, vdev);
0261 unsigned int index = VFIO_CCW_OFFSET_TO_INDEX(*ppos);
0262
0263 if (index >= VFIO_CCW_NUM_REGIONS + private->num_regions)
0264 return -EINVAL;
0265
0266 switch (index) {
0267 case VFIO_CCW_CONFIG_REGION_INDEX:
0268 return vfio_ccw_mdev_write_io_region(private, buf, count, ppos);
0269 default:
0270 index -= VFIO_CCW_NUM_REGIONS;
0271 return private->region[index].ops->write(private, buf, count,
0272 ppos);
0273 }
0274
0275 return -EINVAL;
0276 }
0277
0278 static int vfio_ccw_mdev_get_device_info(struct vfio_ccw_private *private,
0279 struct vfio_device_info *info)
0280 {
0281 info->flags = VFIO_DEVICE_FLAGS_CCW | VFIO_DEVICE_FLAGS_RESET;
0282 info->num_regions = VFIO_CCW_NUM_REGIONS + private->num_regions;
0283 info->num_irqs = VFIO_CCW_NUM_IRQS;
0284
0285 return 0;
0286 }
0287
0288 static int vfio_ccw_mdev_get_region_info(struct vfio_ccw_private *private,
0289 struct vfio_region_info *info,
0290 unsigned long arg)
0291 {
0292 int i;
0293
0294 switch (info->index) {
0295 case VFIO_CCW_CONFIG_REGION_INDEX:
0296 info->offset = 0;
0297 info->size = sizeof(struct ccw_io_region);
0298 info->flags = VFIO_REGION_INFO_FLAG_READ
0299 | VFIO_REGION_INFO_FLAG_WRITE;
0300 return 0;
0301 default:
0302 {
0303 struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
0304 struct vfio_region_info_cap_type cap_type = {
0305 .header.id = VFIO_REGION_INFO_CAP_TYPE,
0306 .header.version = 1 };
0307 int ret;
0308
0309 if (info->index >=
0310 VFIO_CCW_NUM_REGIONS + private->num_regions)
0311 return -EINVAL;
0312
0313 info->index = array_index_nospec(info->index,
0314 VFIO_CCW_NUM_REGIONS +
0315 private->num_regions);
0316
0317 i = info->index - VFIO_CCW_NUM_REGIONS;
0318
0319 info->offset = VFIO_CCW_INDEX_TO_OFFSET(info->index);
0320 info->size = private->region[i].size;
0321 info->flags = private->region[i].flags;
0322
0323 cap_type.type = private->region[i].type;
0324 cap_type.subtype = private->region[i].subtype;
0325
0326 ret = vfio_info_add_capability(&caps, &cap_type.header,
0327 sizeof(cap_type));
0328 if (ret)
0329 return ret;
0330
0331 info->flags |= VFIO_REGION_INFO_FLAG_CAPS;
0332 if (info->argsz < sizeof(*info) + caps.size) {
0333 info->argsz = sizeof(*info) + caps.size;
0334 info->cap_offset = 0;
0335 } else {
0336 vfio_info_cap_shift(&caps, sizeof(*info));
0337 if (copy_to_user((void __user *)arg + sizeof(*info),
0338 caps.buf, caps.size)) {
0339 kfree(caps.buf);
0340 return -EFAULT;
0341 }
0342 info->cap_offset = sizeof(*info);
0343 }
0344
0345 kfree(caps.buf);
0346
0347 }
0348 }
0349 return 0;
0350 }
0351
0352 static int vfio_ccw_mdev_get_irq_info(struct vfio_irq_info *info)
0353 {
0354 switch (info->index) {
0355 case VFIO_CCW_IO_IRQ_INDEX:
0356 case VFIO_CCW_CRW_IRQ_INDEX:
0357 case VFIO_CCW_REQ_IRQ_INDEX:
0358 info->count = 1;
0359 info->flags = VFIO_IRQ_INFO_EVENTFD;
0360 break;
0361 default:
0362 return -EINVAL;
0363 }
0364
0365 return 0;
0366 }
0367
0368 static int vfio_ccw_mdev_set_irqs(struct vfio_ccw_private *private,
0369 uint32_t flags,
0370 uint32_t index,
0371 void __user *data)
0372 {
0373 struct eventfd_ctx **ctx;
0374
0375 if (!(flags & VFIO_IRQ_SET_ACTION_TRIGGER))
0376 return -EINVAL;
0377
0378 switch (index) {
0379 case VFIO_CCW_IO_IRQ_INDEX:
0380 ctx = &private->io_trigger;
0381 break;
0382 case VFIO_CCW_CRW_IRQ_INDEX:
0383 ctx = &private->crw_trigger;
0384 break;
0385 case VFIO_CCW_REQ_IRQ_INDEX:
0386 ctx = &private->req_trigger;
0387 break;
0388 default:
0389 return -EINVAL;
0390 }
0391
0392 switch (flags & VFIO_IRQ_SET_DATA_TYPE_MASK) {
0393 case VFIO_IRQ_SET_DATA_NONE:
0394 {
0395 if (*ctx)
0396 eventfd_signal(*ctx, 1);
0397 return 0;
0398 }
0399 case VFIO_IRQ_SET_DATA_BOOL:
0400 {
0401 uint8_t trigger;
0402
0403 if (get_user(trigger, (uint8_t __user *)data))
0404 return -EFAULT;
0405
0406 if (trigger && *ctx)
0407 eventfd_signal(*ctx, 1);
0408 return 0;
0409 }
0410 case VFIO_IRQ_SET_DATA_EVENTFD:
0411 {
0412 int32_t fd;
0413
0414 if (get_user(fd, (int32_t __user *)data))
0415 return -EFAULT;
0416
0417 if (fd == -1) {
0418 if (*ctx)
0419 eventfd_ctx_put(*ctx);
0420 *ctx = NULL;
0421 } else if (fd >= 0) {
0422 struct eventfd_ctx *efdctx;
0423
0424 efdctx = eventfd_ctx_fdget(fd);
0425 if (IS_ERR(efdctx))
0426 return PTR_ERR(efdctx);
0427
0428 if (*ctx)
0429 eventfd_ctx_put(*ctx);
0430
0431 *ctx = efdctx;
0432 } else
0433 return -EINVAL;
0434
0435 return 0;
0436 }
0437 default:
0438 return -EINVAL;
0439 }
0440 }
0441
0442 int vfio_ccw_register_dev_region(struct vfio_ccw_private *private,
0443 unsigned int subtype,
0444 const struct vfio_ccw_regops *ops,
0445 size_t size, u32 flags, void *data)
0446 {
0447 struct vfio_ccw_region *region;
0448
0449 region = krealloc(private->region,
0450 (private->num_regions + 1) * sizeof(*region),
0451 GFP_KERNEL);
0452 if (!region)
0453 return -ENOMEM;
0454
0455 private->region = region;
0456 private->region[private->num_regions].type = VFIO_REGION_TYPE_CCW;
0457 private->region[private->num_regions].subtype = subtype;
0458 private->region[private->num_regions].ops = ops;
0459 private->region[private->num_regions].size = size;
0460 private->region[private->num_regions].flags = flags;
0461 private->region[private->num_regions].data = data;
0462
0463 private->num_regions++;
0464
0465 return 0;
0466 }
0467
0468 void vfio_ccw_unregister_dev_regions(struct vfio_ccw_private *private)
0469 {
0470 int i;
0471
0472 for (i = 0; i < private->num_regions; i++)
0473 private->region[i].ops->release(private, &private->region[i]);
0474 private->num_regions = 0;
0475 kfree(private->region);
0476 private->region = NULL;
0477 }
0478
0479 static ssize_t vfio_ccw_mdev_ioctl(struct vfio_device *vdev,
0480 unsigned int cmd,
0481 unsigned long arg)
0482 {
0483 struct vfio_ccw_private *private =
0484 container_of(vdev, struct vfio_ccw_private, vdev);
0485 int ret = 0;
0486 unsigned long minsz;
0487
0488 switch (cmd) {
0489 case VFIO_DEVICE_GET_INFO:
0490 {
0491 struct vfio_device_info info;
0492
0493 minsz = offsetofend(struct vfio_device_info, num_irqs);
0494
0495 if (copy_from_user(&info, (void __user *)arg, minsz))
0496 return -EFAULT;
0497
0498 if (info.argsz < minsz)
0499 return -EINVAL;
0500
0501 ret = vfio_ccw_mdev_get_device_info(private, &info);
0502 if (ret)
0503 return ret;
0504
0505 return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
0506 }
0507 case VFIO_DEVICE_GET_REGION_INFO:
0508 {
0509 struct vfio_region_info info;
0510
0511 minsz = offsetofend(struct vfio_region_info, offset);
0512
0513 if (copy_from_user(&info, (void __user *)arg, minsz))
0514 return -EFAULT;
0515
0516 if (info.argsz < minsz)
0517 return -EINVAL;
0518
0519 ret = vfio_ccw_mdev_get_region_info(private, &info, arg);
0520 if (ret)
0521 return ret;
0522
0523 return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
0524 }
0525 case VFIO_DEVICE_GET_IRQ_INFO:
0526 {
0527 struct vfio_irq_info info;
0528
0529 minsz = offsetofend(struct vfio_irq_info, count);
0530
0531 if (copy_from_user(&info, (void __user *)arg, minsz))
0532 return -EFAULT;
0533
0534 if (info.argsz < minsz || info.index >= VFIO_CCW_NUM_IRQS)
0535 return -EINVAL;
0536
0537 ret = vfio_ccw_mdev_get_irq_info(&info);
0538 if (ret)
0539 return ret;
0540
0541 if (info.count == -1)
0542 return -EINVAL;
0543
0544 return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
0545 }
0546 case VFIO_DEVICE_SET_IRQS:
0547 {
0548 struct vfio_irq_set hdr;
0549 size_t data_size;
0550 void __user *data;
0551
0552 minsz = offsetofend(struct vfio_irq_set, count);
0553
0554 if (copy_from_user(&hdr, (void __user *)arg, minsz))
0555 return -EFAULT;
0556
0557 ret = vfio_set_irqs_validate_and_prepare(&hdr, 1,
0558 VFIO_CCW_NUM_IRQS,
0559 &data_size);
0560 if (ret)
0561 return ret;
0562
0563 data = (void __user *)(arg + minsz);
0564 return vfio_ccw_mdev_set_irqs(private, hdr.flags, hdr.index,
0565 data);
0566 }
0567 case VFIO_DEVICE_RESET:
0568 return vfio_ccw_mdev_reset(private);
0569 default:
0570 return -ENOTTY;
0571 }
0572 }
0573
0574
0575 static void vfio_ccw_mdev_request(struct vfio_device *vdev, unsigned int count)
0576 {
0577 struct vfio_ccw_private *private =
0578 container_of(vdev, struct vfio_ccw_private, vdev);
0579 struct device *dev = vdev->dev;
0580
0581 if (private->req_trigger) {
0582 if (!(count % 10))
0583 dev_notice_ratelimited(dev,
0584 "Relaying device request to user (#%u)\n",
0585 count);
0586
0587 eventfd_signal(private->req_trigger, 1);
0588 } else if (count == 0) {
0589 dev_notice(dev,
0590 "No device request channel registered, blocked until released by user\n");
0591 }
0592 }
0593
0594 static const struct vfio_device_ops vfio_ccw_dev_ops = {
0595 .open_device = vfio_ccw_mdev_open_device,
0596 .close_device = vfio_ccw_mdev_close_device,
0597 .read = vfio_ccw_mdev_read,
0598 .write = vfio_ccw_mdev_write,
0599 .ioctl = vfio_ccw_mdev_ioctl,
0600 .request = vfio_ccw_mdev_request,
0601 .dma_unmap = vfio_ccw_dma_unmap,
0602 };
0603
0604 struct mdev_driver vfio_ccw_mdev_driver = {
0605 .driver = {
0606 .name = "vfio_ccw_mdev",
0607 .owner = THIS_MODULE,
0608 .mod_name = KBUILD_MODNAME,
0609 },
0610 .probe = vfio_ccw_mdev_probe,
0611 .remove = vfio_ccw_mdev_remove,
0612 .supported_type_groups = mdev_type_groups,
0613 };
