Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Mediated virtual PCI serial host device driver
4 *
5 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
6 * Author: Neo Jia <cjia@nvidia.com>
7 * Kirti Wankhede <kwankhede@nvidia.com>
8 *
9 * Sample driver that creates mdev device that simulates serial port over PCI
10 * card.
11 */
12
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/kernel.h>
16#include <linux/fs.h>
17#include <linux/poll.h>
18#include <linux/slab.h>
19#include <linux/cdev.h>
20#include <linux/sched.h>
21#include <linux/wait.h>
22#include <linux/vfio.h>
23#include <linux/iommu.h>
24#include <linux/sysfs.h>
25#include <linux/ctype.h>
26#include <linux/file.h>
27#include <linux/mdev.h>
28#include <linux/pci.h>
29#include <linux/serial.h>
30#include <uapi/linux/serial_reg.h>
31#include <linux/eventfd.h>
32/*
33 * #defines
34 */
35
36#define VERSION_STRING "0.1"
37#define DRIVER_AUTHOR "NVIDIA Corporation"
38
39#define MTTY_CLASS_NAME "mtty"
40
41#define MTTY_NAME "mtty"
42
43#define MTTY_STRING_LEN 16
44
45#define MTTY_CONFIG_SPACE_SIZE 0xff
46#define MTTY_IO_BAR_SIZE 0x8
47#define MTTY_MMIO_BAR_SIZE 0x100000
48
49#define STORE_LE16(addr, val) (*(u16 *)addr = val)
50#define STORE_LE32(addr, val) (*(u32 *)addr = val)
51
52#define MAX_FIFO_SIZE 16
53
54#define CIRCULAR_BUF_INC_IDX(idx) (idx = (idx + 1) & (MAX_FIFO_SIZE - 1))
55
56#define MTTY_VFIO_PCI_OFFSET_SHIFT 40
57
58#define MTTY_VFIO_PCI_OFFSET_TO_INDEX(off) (off >> MTTY_VFIO_PCI_OFFSET_SHIFT)
59#define MTTY_VFIO_PCI_INDEX_TO_OFFSET(index) \
60 ((u64)(index) << MTTY_VFIO_PCI_OFFSET_SHIFT)
61#define MTTY_VFIO_PCI_OFFSET_MASK \
62 (((u64)(1) << MTTY_VFIO_PCI_OFFSET_SHIFT) - 1)
63#define MAX_MTTYS 24
64
65/*
66 * Global Structures
67 */
68
69static struct mtty_dev {
70 dev_t vd_devt;
71 struct class *vd_class;
72 struct cdev vd_cdev;
73 struct idr vd_idr;
74 struct device dev;
75 struct mdev_parent parent;
76} mtty_dev;
77
78struct mdev_region_info {
79 u64 start;
80 u64 phys_start;
81 u32 size;
82 u64 vfio_offset;
83};
84
85#if defined(DEBUG_REGS)
86static const char *wr_reg[] = {
87 "TX",
88 "IER",
89 "FCR",
90 "LCR",
91 "MCR",
92 "LSR",
93 "MSR",
94 "SCR"
95};
96
97static const char *rd_reg[] = {
98 "RX",
99 "IER",
100 "IIR",
101 "LCR",
102 "MCR",
103 "LSR",
104 "MSR",
105 "SCR"
106};
107#endif
108
109/* loop back buffer */
110struct rxtx {
111 u8 fifo[MAX_FIFO_SIZE];
112 u8 head, tail;
113 u8 count;
114};
115
116struct serial_port {
117 u8 uart_reg[8]; /* 8 registers */
118 struct rxtx rxtx; /* loop back buffer */
119 bool dlab;
120 bool overrun;
121 u16 divisor;
122 u8 fcr; /* FIFO control register */
123 u8 max_fifo_size;
124 u8 intr_trigger_level; /* interrupt trigger level */
125};
126
127/* State of each mdev device */
128struct mdev_state {
129 struct vfio_device vdev;
130 int irq_fd;
131 struct eventfd_ctx *intx_evtfd;
132 struct eventfd_ctx *msi_evtfd;
133 int irq_index;
134 u8 *vconfig;
135 struct mutex ops_lock;
136 struct mdev_device *mdev;
137 struct mdev_region_info region_info[VFIO_PCI_NUM_REGIONS];
138 u32 bar_mask[VFIO_PCI_NUM_REGIONS];
139 struct list_head next;
140 struct serial_port s[2];
141 struct mutex rxtx_lock;
142 struct vfio_device_info dev_info;
143 int nr_ports;
144};
145
146static struct mtty_type {
147 struct mdev_type type;
148 int nr_ports;
149} mtty_types[2] = {
150 { .nr_ports = 1, .type.sysfs_name = "1",
151 .type.pretty_name = "Single port serial" },
152 { .nr_ports = 2, .type.sysfs_name = "2",
153 .type.pretty_name = "Dual port serial" },
154};
155
156static struct mdev_type *mtty_mdev_types[] = {
157 &mtty_types[0].type,
158 &mtty_types[1].type,
159};
160
161static atomic_t mdev_avail_ports = ATOMIC_INIT(MAX_MTTYS);
162
163static const struct file_operations vd_fops = {
164 .owner = THIS_MODULE,
165};
166
167static const struct vfio_device_ops mtty_dev_ops;
168
169/* function prototypes */
170
171static int mtty_trigger_interrupt(struct mdev_state *mdev_state);
172
173/* Helper functions */
174
175static void dump_buffer(u8 *buf, uint32_t count)
176{
177#if defined(DEBUG)
178 int i;
179
180 pr_info("Buffer:\n");
181 for (i = 0; i < count; i++) {
182 pr_info("%2x ", *(buf + i));
183 if ((i + 1) % 16 == 0)
184 pr_info("\n");
185 }
186#endif
187}
188
189static void mtty_create_config_space(struct mdev_state *mdev_state)
190{
191 /* PCI dev ID */
192 STORE_LE32((u32 *) &mdev_state->vconfig[0x0], 0x32534348);
193
194 /* Control: I/O+, Mem-, BusMaster- */
195 STORE_LE16((u16 *) &mdev_state->vconfig[0x4], 0x0001);
196
197 /* Status: capabilities list absent */
198 STORE_LE16((u16 *) &mdev_state->vconfig[0x6], 0x0200);
199
200 /* Rev ID */
201 mdev_state->vconfig[0x8] = 0x10;
202
203 /* programming interface class : 16550-compatible serial controller */
204 mdev_state->vconfig[0x9] = 0x02;
205
206 /* Sub class : 00 */
207 mdev_state->vconfig[0xa] = 0x00;
208
209 /* Base class : Simple Communication controllers */
210 mdev_state->vconfig[0xb] = 0x07;
211
212 /* base address registers */
213 /* BAR0: IO space */
214 STORE_LE32((u32 *) &mdev_state->vconfig[0x10], 0x000001);
215 mdev_state->bar_mask[0] = ~(MTTY_IO_BAR_SIZE) + 1;
216
217 if (mdev_state->nr_ports == 2) {
218 /* BAR1: IO space */
219 STORE_LE32((u32 *) &mdev_state->vconfig[0x14], 0x000001);
220 mdev_state->bar_mask[1] = ~(MTTY_IO_BAR_SIZE) + 1;
221 }
222
223 /* Subsystem ID */
224 STORE_LE32((u32 *) &mdev_state->vconfig[0x2c], 0x32534348);
225
226 mdev_state->vconfig[0x34] = 0x00; /* Cap Ptr */
227 mdev_state->vconfig[0x3d] = 0x01; /* interrupt pin (INTA#) */
228
229 /* Vendor specific data */
230 mdev_state->vconfig[0x40] = 0x23;
231 mdev_state->vconfig[0x43] = 0x80;
232 mdev_state->vconfig[0x44] = 0x23;
233 mdev_state->vconfig[0x48] = 0x23;
234 mdev_state->vconfig[0x4c] = 0x23;
235
236 mdev_state->vconfig[0x60] = 0x50;
237 mdev_state->vconfig[0x61] = 0x43;
238 mdev_state->vconfig[0x62] = 0x49;
239 mdev_state->vconfig[0x63] = 0x20;
240 mdev_state->vconfig[0x64] = 0x53;
241 mdev_state->vconfig[0x65] = 0x65;
242 mdev_state->vconfig[0x66] = 0x72;
243 mdev_state->vconfig[0x67] = 0x69;
244 mdev_state->vconfig[0x68] = 0x61;
245 mdev_state->vconfig[0x69] = 0x6c;
246 mdev_state->vconfig[0x6a] = 0x2f;
247 mdev_state->vconfig[0x6b] = 0x55;
248 mdev_state->vconfig[0x6c] = 0x41;
249 mdev_state->vconfig[0x6d] = 0x52;
250 mdev_state->vconfig[0x6e] = 0x54;
251}
252
253static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
254 u8 *buf, u32 count)
255{
256 u32 cfg_addr, bar_mask, bar_index = 0;
257
258 switch (offset) {
259 case 0x04: /* device control */
260 case 0x06: /* device status */
261 /* do nothing */
262 break;
263 case 0x3c: /* interrupt line */
264 mdev_state->vconfig[0x3c] = buf[0];
265 break;
266 case 0x3d:
267 /*
268 * Interrupt Pin is hardwired to INTA.
269 * This field is write protected by hardware
270 */
271 break;
272 case 0x10: /* BAR0 */
273 case 0x14: /* BAR1 */
274 if (offset == 0x10)
275 bar_index = 0;
276 else if (offset == 0x14)
277 bar_index = 1;
278
279 if ((mdev_state->nr_ports == 1) && (bar_index == 1)) {
280 STORE_LE32(&mdev_state->vconfig[offset], 0);
281 break;
282 }
283
284 cfg_addr = *(u32 *)buf;
285 pr_info("BAR%d addr 0x%x\n", bar_index, cfg_addr);
286
287 if (cfg_addr == 0xffffffff) {
288 bar_mask = mdev_state->bar_mask[bar_index];
289 cfg_addr = (cfg_addr & bar_mask);
290 }
291
292 cfg_addr |= (mdev_state->vconfig[offset] & 0x3ul);
293 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
294 break;
295 case 0x18: /* BAR2 */
296 case 0x1c: /* BAR3 */
297 case 0x20: /* BAR4 */
298 STORE_LE32(&mdev_state->vconfig[offset], 0);
299 break;
300 default:
301 pr_info("PCI config write @0x%x of %d bytes not handled\n",
302 offset, count);
303 break;
304 }
305}
306
307static void handle_bar_write(unsigned int index, struct mdev_state *mdev_state,
308 u16 offset, u8 *buf, u32 count)
309{
310 u8 data = *buf;
311
312 /* Handle data written by guest */
313 switch (offset) {
314 case UART_TX:
315 /* if DLAB set, data is LSB of divisor */
316 if (mdev_state->s[index].dlab) {
317 mdev_state->s[index].divisor |= data;
318 break;
319 }
320
321 mutex_lock(&mdev_state->rxtx_lock);
322
323 /* save in TX buffer */
324 if (mdev_state->s[index].rxtx.count <
325 mdev_state->s[index].max_fifo_size) {
326 mdev_state->s[index].rxtx.fifo[
327 mdev_state->s[index].rxtx.head] = data;
328 mdev_state->s[index].rxtx.count++;
329 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.head);
330 mdev_state->s[index].overrun = false;
331
332 /*
333 * Trigger interrupt if receive data interrupt is
334 * enabled and fifo reached trigger level
335 */
336 if ((mdev_state->s[index].uart_reg[UART_IER] &
337 UART_IER_RDI) &&
338 (mdev_state->s[index].rxtx.count ==
339 mdev_state->s[index].intr_trigger_level)) {
340 /* trigger interrupt */
341#if defined(DEBUG_INTR)
342 pr_err("Serial port %d: Fifo level trigger\n",
343 index);
344#endif
345 mtty_trigger_interrupt(mdev_state);
346 }
347 } else {
348#if defined(DEBUG_INTR)
349 pr_err("Serial port %d: Buffer Overflow\n", index);
350#endif
351 mdev_state->s[index].overrun = true;
352
353 /*
354 * Trigger interrupt if receiver line status interrupt
355 * is enabled
356 */
357 if (mdev_state->s[index].uart_reg[UART_IER] &
358 UART_IER_RLSI)
359 mtty_trigger_interrupt(mdev_state);
360 }
361 mutex_unlock(&mdev_state->rxtx_lock);
362 break;
363
364 case UART_IER:
365 /* if DLAB set, data is MSB of divisor */
366 if (mdev_state->s[index].dlab)
367 mdev_state->s[index].divisor |= (u16)data << 8;
368 else {
369 mdev_state->s[index].uart_reg[offset] = data;
370 mutex_lock(&mdev_state->rxtx_lock);
371 if ((data & UART_IER_THRI) &&
372 (mdev_state->s[index].rxtx.head ==
373 mdev_state->s[index].rxtx.tail)) {
374#if defined(DEBUG_INTR)
375 pr_err("Serial port %d: IER_THRI write\n",
376 index);
377#endif
378 mtty_trigger_interrupt(mdev_state);
379 }
380
381 mutex_unlock(&mdev_state->rxtx_lock);
382 }
383
384 break;
385
386 case UART_FCR:
387 mdev_state->s[index].fcr = data;
388
389 mutex_lock(&mdev_state->rxtx_lock);
390 if (data & (UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT)) {
391 /* clear loop back FIFO */
392 mdev_state->s[index].rxtx.count = 0;
393 mdev_state->s[index].rxtx.head = 0;
394 mdev_state->s[index].rxtx.tail = 0;
395 }
396 mutex_unlock(&mdev_state->rxtx_lock);
397
398 switch (data & UART_FCR_TRIGGER_MASK) {
399 case UART_FCR_TRIGGER_1:
400 mdev_state->s[index].intr_trigger_level = 1;
401 break;
402
403 case UART_FCR_TRIGGER_4:
404 mdev_state->s[index].intr_trigger_level = 4;
405 break;
406
407 case UART_FCR_TRIGGER_8:
408 mdev_state->s[index].intr_trigger_level = 8;
409 break;
410
411 case UART_FCR_TRIGGER_14:
412 mdev_state->s[index].intr_trigger_level = 14;
413 break;
414 }
415
416 /*
417 * Set trigger level to 1 otherwise or implement timer with
418 * timeout of 4 characters and on expiring that timer set
419 * Recevice data timeout in IIR register
420 */
421 mdev_state->s[index].intr_trigger_level = 1;
422 if (data & UART_FCR_ENABLE_FIFO)
423 mdev_state->s[index].max_fifo_size = MAX_FIFO_SIZE;
424 else {
425 mdev_state->s[index].max_fifo_size = 1;
426 mdev_state->s[index].intr_trigger_level = 1;
427 }
428
429 break;
430
431 case UART_LCR:
432 if (data & UART_LCR_DLAB) {
433 mdev_state->s[index].dlab = true;
434 mdev_state->s[index].divisor = 0;
435 } else
436 mdev_state->s[index].dlab = false;
437
438 mdev_state->s[index].uart_reg[offset] = data;
439 break;
440
441 case UART_MCR:
442 mdev_state->s[index].uart_reg[offset] = data;
443
444 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
445 (data & UART_MCR_OUT2)) {
446#if defined(DEBUG_INTR)
447 pr_err("Serial port %d: MCR_OUT2 write\n", index);
448#endif
449 mtty_trigger_interrupt(mdev_state);
450 }
451
452 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
453 (data & (UART_MCR_RTS | UART_MCR_DTR))) {
454#if defined(DEBUG_INTR)
455 pr_err("Serial port %d: MCR RTS/DTR write\n", index);
456#endif
457 mtty_trigger_interrupt(mdev_state);
458 }
459 break;
460
461 case UART_LSR:
462 case UART_MSR:
463 /* do nothing */
464 break;
465
466 case UART_SCR:
467 mdev_state->s[index].uart_reg[offset] = data;
468 break;
469
470 default:
471 break;
472 }
473}
474
475static void handle_bar_read(unsigned int index, struct mdev_state *mdev_state,
476 u16 offset, u8 *buf, u32 count)
477{
478 /* Handle read requests by guest */
479 switch (offset) {
480 case UART_RX:
481 /* if DLAB set, data is LSB of divisor */
482 if (mdev_state->s[index].dlab) {
483 *buf = (u8)mdev_state->s[index].divisor;
484 break;
485 }
486
487 mutex_lock(&mdev_state->rxtx_lock);
488 /* return data in tx buffer */
489 if (mdev_state->s[index].rxtx.head !=
490 mdev_state->s[index].rxtx.tail) {
491 *buf = mdev_state->s[index].rxtx.fifo[
492 mdev_state->s[index].rxtx.tail];
493 mdev_state->s[index].rxtx.count--;
494 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.tail);
495 }
496
497 if (mdev_state->s[index].rxtx.head ==
498 mdev_state->s[index].rxtx.tail) {
499 /*
500 * Trigger interrupt if tx buffer empty interrupt is
501 * enabled and fifo is empty
502 */
503#if defined(DEBUG_INTR)
504 pr_err("Serial port %d: Buffer Empty\n", index);
505#endif
506 if (mdev_state->s[index].uart_reg[UART_IER] &
507 UART_IER_THRI)
508 mtty_trigger_interrupt(mdev_state);
509 }
510 mutex_unlock(&mdev_state->rxtx_lock);
511
512 break;
513
514 case UART_IER:
515 if (mdev_state->s[index].dlab) {
516 *buf = (u8)(mdev_state->s[index].divisor >> 8);
517 break;
518 }
519 *buf = mdev_state->s[index].uart_reg[offset] & 0x0f;
520 break;
521
522 case UART_IIR:
523 {
524 u8 ier = mdev_state->s[index].uart_reg[UART_IER];
525 *buf = 0;
526
527 mutex_lock(&mdev_state->rxtx_lock);
528 /* Interrupt priority 1: Parity, overrun, framing or break */
529 if ((ier & UART_IER_RLSI) && mdev_state->s[index].overrun)
530 *buf |= UART_IIR_RLSI;
531
532 /* Interrupt priority 2: Fifo trigger level reached */
533 if ((ier & UART_IER_RDI) &&
534 (mdev_state->s[index].rxtx.count >=
535 mdev_state->s[index].intr_trigger_level))
536 *buf |= UART_IIR_RDI;
537
538 /* Interrupt priotiry 3: transmitter holding register empty */
539 if ((ier & UART_IER_THRI) &&
540 (mdev_state->s[index].rxtx.head ==
541 mdev_state->s[index].rxtx.tail))
542 *buf |= UART_IIR_THRI;
543
544 /* Interrupt priotiry 4: Modem status: CTS, DSR, RI or DCD */
545 if ((ier & UART_IER_MSI) &&
546 (mdev_state->s[index].uart_reg[UART_MCR] &
547 (UART_MCR_RTS | UART_MCR_DTR)))
548 *buf |= UART_IIR_MSI;
549
550 /* bit0: 0=> interrupt pending, 1=> no interrupt is pending */
551 if (*buf == 0)
552 *buf = UART_IIR_NO_INT;
553
554 /* set bit 6 & 7 to be 16550 compatible */
555 *buf |= 0xC0;
556 mutex_unlock(&mdev_state->rxtx_lock);
557 }
558 break;
559
560 case UART_LCR:
561 case UART_MCR:
562 *buf = mdev_state->s[index].uart_reg[offset];
563 break;
564
565 case UART_LSR:
566 {
567 u8 lsr = 0;
568
569 mutex_lock(&mdev_state->rxtx_lock);
570 /* atleast one char in FIFO */
571 if (mdev_state->s[index].rxtx.head !=
572 mdev_state->s[index].rxtx.tail)
573 lsr |= UART_LSR_DR;
574
575 /* if FIFO overrun */
576 if (mdev_state->s[index].overrun)
577 lsr |= UART_LSR_OE;
578
579 /* transmit FIFO empty and tramsitter empty */
580 if (mdev_state->s[index].rxtx.head ==
581 mdev_state->s[index].rxtx.tail)
582 lsr |= UART_LSR_TEMT | UART_LSR_THRE;
583
584 mutex_unlock(&mdev_state->rxtx_lock);
585 *buf = lsr;
586 break;
587 }
588 case UART_MSR:
589 *buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD;
590
591 mutex_lock(&mdev_state->rxtx_lock);
592 /* if AFE is 1 and FIFO have space, set CTS bit */
593 if (mdev_state->s[index].uart_reg[UART_MCR] &
594 UART_MCR_AFE) {
595 if (mdev_state->s[index].rxtx.count <
596 mdev_state->s[index].max_fifo_size)
597 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
598 } else
599 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
600 mutex_unlock(&mdev_state->rxtx_lock);
601
602 break;
603
604 case UART_SCR:
605 *buf = mdev_state->s[index].uart_reg[offset];
606 break;
607
608 default:
609 break;
610 }
611}
612
613static void mdev_read_base(struct mdev_state *mdev_state)
614{
615 int index, pos;
616 u32 start_lo, start_hi;
617 u32 mem_type;
618
619 pos = PCI_BASE_ADDRESS_0;
620
621 for (index = 0; index <= VFIO_PCI_BAR5_REGION_INDEX; index++) {
622
623 if (!mdev_state->region_info[index].size)
624 continue;
625
626 start_lo = (*(u32 *)(mdev_state->vconfig + pos)) &
627 PCI_BASE_ADDRESS_MEM_MASK;
628 mem_type = (*(u32 *)(mdev_state->vconfig + pos)) &
629 PCI_BASE_ADDRESS_MEM_TYPE_MASK;
630
631 switch (mem_type) {
632 case PCI_BASE_ADDRESS_MEM_TYPE_64:
633 start_hi = (*(u32 *)(mdev_state->vconfig + pos + 4));
634 pos += 4;
635 break;
636 case PCI_BASE_ADDRESS_MEM_TYPE_32:
637 case PCI_BASE_ADDRESS_MEM_TYPE_1M:
638 /* 1M mem BAR treated as 32-bit BAR */
639 default:
640 /* mem unknown type treated as 32-bit BAR */
641 start_hi = 0;
642 break;
643 }
644 pos += 4;
645 mdev_state->region_info[index].start = ((u64)start_hi << 32) |
646 start_lo;
647 }
648}
649
650static ssize_t mdev_access(struct mdev_state *mdev_state, u8 *buf, size_t count,
651 loff_t pos, bool is_write)
652{
653 unsigned int index;
654 loff_t offset;
655 int ret = 0;
656
657 if (!buf)
658 return -EINVAL;
659
660 mutex_lock(&mdev_state->ops_lock);
661
662 index = MTTY_VFIO_PCI_OFFSET_TO_INDEX(pos);
663 offset = pos & MTTY_VFIO_PCI_OFFSET_MASK;
664 switch (index) {
665 case VFIO_PCI_CONFIG_REGION_INDEX:
666
667#if defined(DEBUG)
668 pr_info("%s: PCI config space %s at offset 0x%llx\n",
669 __func__, is_write ? "write" : "read", offset);
670#endif
671 if (is_write) {
672 dump_buffer(buf, count);
673 handle_pci_cfg_write(mdev_state, offset, buf, count);
674 } else {
675 memcpy(buf, (mdev_state->vconfig + offset), count);
676 dump_buffer(buf, count);
677 }
678
679 break;
680
681 case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX:
682 if (!mdev_state->region_info[index].start)
683 mdev_read_base(mdev_state);
684
685 if (is_write) {
686 dump_buffer(buf, count);
687
688#if defined(DEBUG_REGS)
689 pr_info("%s: BAR%d WR @0x%llx %s val:0x%02x dlab:%d\n",
690 __func__, index, offset, wr_reg[offset],
691 *buf, mdev_state->s[index].dlab);
692#endif
693 handle_bar_write(index, mdev_state, offset, buf, count);
694 } else {
695 handle_bar_read(index, mdev_state, offset, buf, count);
696 dump_buffer(buf, count);
697
698#if defined(DEBUG_REGS)
699 pr_info("%s: BAR%d RD @0x%llx %s val:0x%02x dlab:%d\n",
700 __func__, index, offset, rd_reg[offset],
701 *buf, mdev_state->s[index].dlab);
702#endif
703 }
704 break;
705
706 default:
707 ret = -1;
708 goto accessfailed;
709 }
710
711 ret = count;
712
713
714accessfailed:
715 mutex_unlock(&mdev_state->ops_lock);
716
717 return ret;
718}
719
720static int mtty_init_dev(struct vfio_device *vdev)
721{
722 struct mdev_state *mdev_state =
723 container_of(vdev, struct mdev_state, vdev);
724 struct mdev_device *mdev = to_mdev_device(vdev->dev);
725 struct mtty_type *type =
726 container_of(mdev->type, struct mtty_type, type);
727 int avail_ports = atomic_read(&mdev_avail_ports);
728 int ret;
729
730 do {
731 if (avail_ports < type->nr_ports)
732 return -ENOSPC;
733 } while (!atomic_try_cmpxchg(&mdev_avail_ports,
734 &avail_ports,
735 avail_ports - type->nr_ports));
736
737 mdev_state->nr_ports = type->nr_ports;
738 mdev_state->irq_index = -1;
739 mdev_state->s[0].max_fifo_size = MAX_FIFO_SIZE;
740 mdev_state->s[1].max_fifo_size = MAX_FIFO_SIZE;
741 mutex_init(&mdev_state->rxtx_lock);
742
743 mdev_state->vconfig = kzalloc(MTTY_CONFIG_SPACE_SIZE, GFP_KERNEL);
744 if (!mdev_state->vconfig) {
745 ret = -ENOMEM;
746 goto err_nr_ports;
747 }
748
749 mutex_init(&mdev_state->ops_lock);
750 mdev_state->mdev = mdev;
751 mtty_create_config_space(mdev_state);
752 return 0;
753
754err_nr_ports:
755 atomic_add(type->nr_ports, &mdev_avail_ports);
756 return ret;
757}
758
759static int mtty_probe(struct mdev_device *mdev)
760{
761 struct mdev_state *mdev_state;
762 int ret;
763
764 mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
765 &mtty_dev_ops);
766 if (IS_ERR(mdev_state))
767 return PTR_ERR(mdev_state);
768
769 ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev);
770 if (ret)
771 goto err_put_vdev;
772 dev_set_drvdata(&mdev->dev, mdev_state);
773 return 0;
774
775err_put_vdev:
776 vfio_put_device(&mdev_state->vdev);
777 return ret;
778}
779
780static void mtty_release_dev(struct vfio_device *vdev)
781{
782 struct mdev_state *mdev_state =
783 container_of(vdev, struct mdev_state, vdev);
784
785 atomic_add(mdev_state->nr_ports, &mdev_avail_ports);
786 kfree(mdev_state->vconfig);
787}
788
789static void mtty_remove(struct mdev_device *mdev)
790{
791 struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev);
792
793 vfio_unregister_group_dev(&mdev_state->vdev);
794 vfio_put_device(&mdev_state->vdev);
795}
796
797static int mtty_reset(struct mdev_state *mdev_state)
798{
799 pr_info("%s: called\n", __func__);
800
801 return 0;
802}
803
804static ssize_t mtty_read(struct vfio_device *vdev, char __user *buf,
805 size_t count, loff_t *ppos)
806{
807 struct mdev_state *mdev_state =
808 container_of(vdev, struct mdev_state, vdev);
809 unsigned int done = 0;
810 int ret;
811
812 while (count) {
813 size_t filled;
814
815 if (count >= 4 && !(*ppos % 4)) {
816 u32 val;
817
818 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
819 *ppos, false);
820 if (ret <= 0)
821 goto read_err;
822
823 if (copy_to_user(buf, &val, sizeof(val)))
824 goto read_err;
825
826 filled = 4;
827 } else if (count >= 2 && !(*ppos % 2)) {
828 u16 val;
829
830 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
831 *ppos, false);
832 if (ret <= 0)
833 goto read_err;
834
835 if (copy_to_user(buf, &val, sizeof(val)))
836 goto read_err;
837
838 filled = 2;
839 } else {
840 u8 val;
841
842 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
843 *ppos, false);
844 if (ret <= 0)
845 goto read_err;
846
847 if (copy_to_user(buf, &val, sizeof(val)))
848 goto read_err;
849
850 filled = 1;
851 }
852
853 count -= filled;
854 done += filled;
855 *ppos += filled;
856 buf += filled;
857 }
858
859 return done;
860
861read_err:
862 return -EFAULT;
863}
864
865static ssize_t mtty_write(struct vfio_device *vdev, const char __user *buf,
866 size_t count, loff_t *ppos)
867{
868 struct mdev_state *mdev_state =
869 container_of(vdev, struct mdev_state, vdev);
870 unsigned int done = 0;
871 int ret;
872
873 while (count) {
874 size_t filled;
875
876 if (count >= 4 && !(*ppos % 4)) {
877 u32 val;
878
879 if (copy_from_user(&val, buf, sizeof(val)))
880 goto write_err;
881
882 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
883 *ppos, true);
884 if (ret <= 0)
885 goto write_err;
886
887 filled = 4;
888 } else if (count >= 2 && !(*ppos % 2)) {
889 u16 val;
890
891 if (copy_from_user(&val, buf, sizeof(val)))
892 goto write_err;
893
894 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
895 *ppos, true);
896 if (ret <= 0)
897 goto write_err;
898
899 filled = 2;
900 } else {
901 u8 val;
902
903 if (copy_from_user(&val, buf, sizeof(val)))
904 goto write_err;
905
906 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
907 *ppos, true);
908 if (ret <= 0)
909 goto write_err;
910
911 filled = 1;
912 }
913 count -= filled;
914 done += filled;
915 *ppos += filled;
916 buf += filled;
917 }
918
919 return done;
920write_err:
921 return -EFAULT;
922}
923
924static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
925 unsigned int index, unsigned int start,
926 unsigned int count, void *data)
927{
928 int ret = 0;
929
930 mutex_lock(&mdev_state->ops_lock);
931 switch (index) {
932 case VFIO_PCI_INTX_IRQ_INDEX:
933 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
934 case VFIO_IRQ_SET_ACTION_MASK:
935 case VFIO_IRQ_SET_ACTION_UNMASK:
936 break;
937 case VFIO_IRQ_SET_ACTION_TRIGGER:
938 {
939 if (flags & VFIO_IRQ_SET_DATA_NONE) {
940 pr_info("%s: disable INTx\n", __func__);
941 if (mdev_state->intx_evtfd)
942 eventfd_ctx_put(mdev_state->intx_evtfd);
943 break;
944 }
945
946 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
947 int fd = *(int *)data;
948
949 if (fd > 0) {
950 struct eventfd_ctx *evt;
951
952 evt = eventfd_ctx_fdget(fd);
953 if (IS_ERR(evt)) {
954 ret = PTR_ERR(evt);
955 break;
956 }
957 mdev_state->intx_evtfd = evt;
958 mdev_state->irq_fd = fd;
959 mdev_state->irq_index = index;
960 break;
961 }
962 }
963 break;
964 }
965 }
966 break;
967 case VFIO_PCI_MSI_IRQ_INDEX:
968 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
969 case VFIO_IRQ_SET_ACTION_MASK:
970 case VFIO_IRQ_SET_ACTION_UNMASK:
971 break;
972 case VFIO_IRQ_SET_ACTION_TRIGGER:
973 if (flags & VFIO_IRQ_SET_DATA_NONE) {
974 if (mdev_state->msi_evtfd)
975 eventfd_ctx_put(mdev_state->msi_evtfd);
976 pr_info("%s: disable MSI\n", __func__);
977 mdev_state->irq_index = VFIO_PCI_INTX_IRQ_INDEX;
978 break;
979 }
980 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
981 int fd = *(int *)data;
982 struct eventfd_ctx *evt;
983
984 if (fd <= 0)
985 break;
986
987 if (mdev_state->msi_evtfd)
988 break;
989
990 evt = eventfd_ctx_fdget(fd);
991 if (IS_ERR(evt)) {
992 ret = PTR_ERR(evt);
993 break;
994 }
995 mdev_state->msi_evtfd = evt;
996 mdev_state->irq_fd = fd;
997 mdev_state->irq_index = index;
998 }
999 break;
1000 }
1001 break;
1002 case VFIO_PCI_MSIX_IRQ_INDEX:
1003 pr_info("%s: MSIX_IRQ\n", __func__);
1004 break;
1005 case VFIO_PCI_ERR_IRQ_INDEX:
1006 pr_info("%s: ERR_IRQ\n", __func__);
1007 break;
1008 case VFIO_PCI_REQ_IRQ_INDEX:
1009 pr_info("%s: REQ_IRQ\n", __func__);
1010 break;
1011 }
1012
1013 mutex_unlock(&mdev_state->ops_lock);
1014 return ret;
1015}
1016
1017static int mtty_trigger_interrupt(struct mdev_state *mdev_state)
1018{
1019 int ret = -1;
1020
1021 if ((mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX) &&
1022 (!mdev_state->msi_evtfd))
1023 return -EINVAL;
1024 else if ((mdev_state->irq_index == VFIO_PCI_INTX_IRQ_INDEX) &&
1025 (!mdev_state->intx_evtfd)) {
1026 pr_info("%s: Intr eventfd not found\n", __func__);
1027 return -EINVAL;
1028 }
1029
1030 if (mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX)
1031 ret = eventfd_signal(mdev_state->msi_evtfd, 1);
1032 else
1033 ret = eventfd_signal(mdev_state->intx_evtfd, 1);
1034
1035#if defined(DEBUG_INTR)
1036 pr_info("Intx triggered\n");
1037#endif
1038 if (ret != 1)
1039 pr_err("%s: eventfd signal failed (%d)\n", __func__, ret);
1040
1041 return ret;
1042}
1043
1044static int mtty_get_region_info(struct mdev_state *mdev_state,
1045 struct vfio_region_info *region_info,
1046 u16 *cap_type_id, void **cap_type)
1047{
1048 unsigned int size = 0;
1049 u32 bar_index;
1050
1051 bar_index = region_info->index;
1052 if (bar_index >= VFIO_PCI_NUM_REGIONS)
1053 return -EINVAL;
1054
1055 mutex_lock(&mdev_state->ops_lock);
1056
1057 switch (bar_index) {
1058 case VFIO_PCI_CONFIG_REGION_INDEX:
1059 size = MTTY_CONFIG_SPACE_SIZE;
1060 break;
1061 case VFIO_PCI_BAR0_REGION_INDEX:
1062 size = MTTY_IO_BAR_SIZE;
1063 break;
1064 case VFIO_PCI_BAR1_REGION_INDEX:
1065 if (mdev_state->nr_ports == 2)
1066 size = MTTY_IO_BAR_SIZE;
1067 break;
1068 default:
1069 size = 0;
1070 break;
1071 }
1072
1073 mdev_state->region_info[bar_index].size = size;
1074 mdev_state->region_info[bar_index].vfio_offset =
1075 MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1076
1077 region_info->size = size;
1078 region_info->offset = MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1079 region_info->flags = VFIO_REGION_INFO_FLAG_READ |
1080 VFIO_REGION_INFO_FLAG_WRITE;
1081 mutex_unlock(&mdev_state->ops_lock);
1082 return 0;
1083}
1084
1085static int mtty_get_irq_info(struct vfio_irq_info *irq_info)
1086{
1087 switch (irq_info->index) {
1088 case VFIO_PCI_INTX_IRQ_INDEX:
1089 case VFIO_PCI_MSI_IRQ_INDEX:
1090 case VFIO_PCI_REQ_IRQ_INDEX:
1091 break;
1092
1093 default:
1094 return -EINVAL;
1095 }
1096
1097 irq_info->flags = VFIO_IRQ_INFO_EVENTFD;
1098 irq_info->count = 1;
1099
1100 if (irq_info->index == VFIO_PCI_INTX_IRQ_INDEX)
1101 irq_info->flags |= (VFIO_IRQ_INFO_MASKABLE |
1102 VFIO_IRQ_INFO_AUTOMASKED);
1103 else
1104 irq_info->flags |= VFIO_IRQ_INFO_NORESIZE;
1105
1106 return 0;
1107}
1108
1109static int mtty_get_device_info(struct vfio_device_info *dev_info)
1110{
1111 dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1112 dev_info->num_regions = VFIO_PCI_NUM_REGIONS;
1113 dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1114
1115 return 0;
1116}
1117
1118static long mtty_ioctl(struct vfio_device *vdev, unsigned int cmd,
1119 unsigned long arg)
1120{
1121 struct mdev_state *mdev_state =
1122 container_of(vdev, struct mdev_state, vdev);
1123 int ret = 0;
1124 unsigned long minsz;
1125
1126 switch (cmd) {
1127 case VFIO_DEVICE_GET_INFO:
1128 {
1129 struct vfio_device_info info;
1130
1131 minsz = offsetofend(struct vfio_device_info, num_irqs);
1132
1133 if (copy_from_user(&info, (void __user *)arg, minsz))
1134 return -EFAULT;
1135
1136 if (info.argsz < minsz)
1137 return -EINVAL;
1138
1139 ret = mtty_get_device_info(&info);
1140 if (ret)
1141 return ret;
1142
1143 memcpy(&mdev_state->dev_info, &info, sizeof(info));
1144
1145 if (copy_to_user((void __user *)arg, &info, minsz))
1146 return -EFAULT;
1147
1148 return 0;
1149 }
1150 case VFIO_DEVICE_GET_REGION_INFO:
1151 {
1152 struct vfio_region_info info;
1153 u16 cap_type_id = 0;
1154 void *cap_type = NULL;
1155
1156 minsz = offsetofend(struct vfio_region_info, offset);
1157
1158 if (copy_from_user(&info, (void __user *)arg, minsz))
1159 return -EFAULT;
1160
1161 if (info.argsz < minsz)
1162 return -EINVAL;
1163
1164 ret = mtty_get_region_info(mdev_state, &info, &cap_type_id,
1165 &cap_type);
1166 if (ret)
1167 return ret;
1168
1169 if (copy_to_user((void __user *)arg, &info, minsz))
1170 return -EFAULT;
1171
1172 return 0;
1173 }
1174
1175 case VFIO_DEVICE_GET_IRQ_INFO:
1176 {
1177 struct vfio_irq_info info;
1178
1179 minsz = offsetofend(struct vfio_irq_info, count);
1180
1181 if (copy_from_user(&info, (void __user *)arg, minsz))
1182 return -EFAULT;
1183
1184 if ((info.argsz < minsz) ||
1185 (info.index >= mdev_state->dev_info.num_irqs))
1186 return -EINVAL;
1187
1188 ret = mtty_get_irq_info(&info);
1189 if (ret)
1190 return ret;
1191
1192 if (copy_to_user((void __user *)arg, &info, minsz))
1193 return -EFAULT;
1194
1195 return 0;
1196 }
1197 case VFIO_DEVICE_SET_IRQS:
1198 {
1199 struct vfio_irq_set hdr;
1200 u8 *data = NULL, *ptr = NULL;
1201 size_t data_size = 0;
1202
1203 minsz = offsetofend(struct vfio_irq_set, count);
1204
1205 if (copy_from_user(&hdr, (void __user *)arg, minsz))
1206 return -EFAULT;
1207
1208 ret = vfio_set_irqs_validate_and_prepare(&hdr,
1209 mdev_state->dev_info.num_irqs,
1210 VFIO_PCI_NUM_IRQS,
1211 &data_size);
1212 if (ret)
1213 return ret;
1214
1215 if (data_size) {
1216 ptr = data = memdup_user((void __user *)(arg + minsz),
1217 data_size);
1218 if (IS_ERR(data))
1219 return PTR_ERR(data);
1220 }
1221
1222 ret = mtty_set_irqs(mdev_state, hdr.flags, hdr.index, hdr.start,
1223 hdr.count, data);
1224
1225 kfree(ptr);
1226 return ret;
1227 }
1228 case VFIO_DEVICE_RESET:
1229 return mtty_reset(mdev_state);
1230 }
1231 return -ENOTTY;
1232}
1233
1234static ssize_t
1235sample_mdev_dev_show(struct device *dev, struct device_attribute *attr,
1236 char *buf)
1237{
1238 return sprintf(buf, "This is MDEV %s\n", dev_name(dev));
1239}
1240
1241static DEVICE_ATTR_RO(sample_mdev_dev);
1242
1243static struct attribute *mdev_dev_attrs[] = {
1244 &dev_attr_sample_mdev_dev.attr,
1245 NULL,
1246};
1247
1248static const struct attribute_group mdev_dev_group = {
1249 .name = "vendor",
1250 .attrs = mdev_dev_attrs,
1251};
1252
1253static const struct attribute_group *mdev_dev_groups[] = {
1254 &mdev_dev_group,
1255 NULL,
1256};
1257
1258static unsigned int mtty_get_available(struct mdev_type *mtype)
1259{
1260 struct mtty_type *type = container_of(mtype, struct mtty_type, type);
1261
1262 return atomic_read(&mdev_avail_ports) / type->nr_ports;
1263}
1264
1265static const struct vfio_device_ops mtty_dev_ops = {
1266 .name = "vfio-mtty",
1267 .init = mtty_init_dev,
1268 .release = mtty_release_dev,
1269 .read = mtty_read,
1270 .write = mtty_write,
1271 .ioctl = mtty_ioctl,
1272};
1273
1274static struct mdev_driver mtty_driver = {
1275 .device_api = VFIO_DEVICE_API_PCI_STRING,
1276 .driver = {
1277 .name = "mtty",
1278 .owner = THIS_MODULE,
1279 .mod_name = KBUILD_MODNAME,
1280 .dev_groups = mdev_dev_groups,
1281 },
1282 .probe = mtty_probe,
1283 .remove = mtty_remove,
1284 .get_available = mtty_get_available,
1285};
1286
1287static void mtty_device_release(struct device *dev)
1288{
1289 dev_dbg(dev, "mtty: released\n");
1290}
1291
1292static int __init mtty_dev_init(void)
1293{
1294 int ret = 0;
1295
1296 pr_info("mtty_dev: %s\n", __func__);
1297
1298 memset(&mtty_dev, 0, sizeof(mtty_dev));
1299
1300 idr_init(&mtty_dev.vd_idr);
1301
1302 ret = alloc_chrdev_region(&mtty_dev.vd_devt, 0, MINORMASK + 1,
1303 MTTY_NAME);
1304
1305 if (ret < 0) {
1306 pr_err("Error: failed to register mtty_dev, err:%d\n", ret);
1307 return ret;
1308 }
1309
1310 cdev_init(&mtty_dev.vd_cdev, &vd_fops);
1311 cdev_add(&mtty_dev.vd_cdev, mtty_dev.vd_devt, MINORMASK + 1);
1312
1313 pr_info("major_number:%d\n", MAJOR(mtty_dev.vd_devt));
1314
1315 ret = mdev_register_driver(&mtty_driver);
1316 if (ret)
1317 goto err_cdev;
1318
1319 mtty_dev.vd_class = class_create(THIS_MODULE, MTTY_CLASS_NAME);
1320
1321 if (IS_ERR(mtty_dev.vd_class)) {
1322 pr_err("Error: failed to register mtty_dev class\n");
1323 ret = PTR_ERR(mtty_dev.vd_class);
1324 goto err_driver;
1325 }
1326
1327 mtty_dev.dev.class = mtty_dev.vd_class;
1328 mtty_dev.dev.release = mtty_device_release;
1329 dev_set_name(&mtty_dev.dev, "%s", MTTY_NAME);
1330
1331 ret = device_register(&mtty_dev.dev);
1332 if (ret)
1333 goto err_put;
1334
1335 ret = mdev_register_parent(&mtty_dev.parent, &mtty_dev.dev,
1336 &mtty_driver, mtty_mdev_types,
1337 ARRAY_SIZE(mtty_mdev_types));
1338 if (ret)
1339 goto err_device;
1340 return 0;
1341
1342err_device:
1343 device_del(&mtty_dev.dev);
1344err_put:
1345 put_device(&mtty_dev.dev);
1346 class_destroy(mtty_dev.vd_class);
1347err_driver:
1348 mdev_unregister_driver(&mtty_driver);
1349err_cdev:
1350 cdev_del(&mtty_dev.vd_cdev);
1351 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
1352 return ret;
1353}
1354
1355static void __exit mtty_dev_exit(void)
1356{
1357 mtty_dev.dev.bus = NULL;
1358 mdev_unregister_parent(&mtty_dev.parent);
1359
1360 device_unregister(&mtty_dev.dev);
1361 idr_destroy(&mtty_dev.vd_idr);
1362 mdev_unregister_driver(&mtty_driver);
1363 cdev_del(&mtty_dev.vd_cdev);
1364 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
1365 class_destroy(mtty_dev.vd_class);
1366 mtty_dev.vd_class = NULL;
1367 pr_info("mtty_dev: Unloaded!\n");
1368}
1369
1370module_init(mtty_dev_init)
1371module_exit(mtty_dev_exit)
1372
1373MODULE_LICENSE("GPL v2");
1374MODULE_INFO(supported, "Test driver that simulate serial port over PCI");
1375MODULE_VERSION(VERSION_STRING);
1376MODULE_AUTHOR(DRIVER_AUTHOR);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Mediated virtual PCI serial host device driver
4 *
5 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
6 * Author: Neo Jia <cjia@nvidia.com>
7 * Kirti Wankhede <kwankhede@nvidia.com>
8 *
9 * Sample driver that creates mdev device that simulates serial port over PCI
10 * card.
11 */
12
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/device.h>
16#include <linux/kernel.h>
17#include <linux/fs.h>
18#include <linux/poll.h>
19#include <linux/slab.h>
20#include <linux/cdev.h>
21#include <linux/sched.h>
22#include <linux/wait.h>
23#include <linux/uuid.h>
24#include <linux/vfio.h>
25#include <linux/iommu.h>
26#include <linux/sysfs.h>
27#include <linux/ctype.h>
28#include <linux/file.h>
29#include <linux/mdev.h>
30#include <linux/pci.h>
31#include <linux/serial.h>
32#include <uapi/linux/serial_reg.h>
33#include <linux/eventfd.h>
34/*
35 * #defines
36 */
37
38#define VERSION_STRING "0.1"
39#define DRIVER_AUTHOR "NVIDIA Corporation"
40
41#define MTTY_CLASS_NAME "mtty"
42
43#define MTTY_NAME "mtty"
44
45#define MTTY_STRING_LEN 16
46
47#define MTTY_CONFIG_SPACE_SIZE 0xff
48#define MTTY_IO_BAR_SIZE 0x8
49#define MTTY_MMIO_BAR_SIZE 0x100000
50
51#define STORE_LE16(addr, val) (*(u16 *)addr = val)
52#define STORE_LE32(addr, val) (*(u32 *)addr = val)
53
54#define MAX_FIFO_SIZE 16
55
56#define CIRCULAR_BUF_INC_IDX(idx) (idx = (idx + 1) & (MAX_FIFO_SIZE - 1))
57
58#define MTTY_VFIO_PCI_OFFSET_SHIFT 40
59
60#define MTTY_VFIO_PCI_OFFSET_TO_INDEX(off) (off >> MTTY_VFIO_PCI_OFFSET_SHIFT)
61#define MTTY_VFIO_PCI_INDEX_TO_OFFSET(index) \
62 ((u64)(index) << MTTY_VFIO_PCI_OFFSET_SHIFT)
63#define MTTY_VFIO_PCI_OFFSET_MASK \
64 (((u64)(1) << MTTY_VFIO_PCI_OFFSET_SHIFT) - 1)
65#define MAX_MTTYS 24
66
67/*
68 * Global Structures
69 */
70
71static struct mtty_dev {
72 dev_t vd_devt;
73 struct class *vd_class;
74 struct cdev vd_cdev;
75 struct idr vd_idr;
76 struct device dev;
77} mtty_dev;
78
79struct mdev_region_info {
80 u64 start;
81 u64 phys_start;
82 u32 size;
83 u64 vfio_offset;
84};
85
86#if defined(DEBUG_REGS)
87static const char *wr_reg[] = {
88 "TX",
89 "IER",
90 "FCR",
91 "LCR",
92 "MCR",
93 "LSR",
94 "MSR",
95 "SCR"
96};
97
98static const char *rd_reg[] = {
99 "RX",
100 "IER",
101 "IIR",
102 "LCR",
103 "MCR",
104 "LSR",
105 "MSR",
106 "SCR"
107};
108#endif
109
110/* loop back buffer */
111struct rxtx {
112 u8 fifo[MAX_FIFO_SIZE];
113 u8 head, tail;
114 u8 count;
115};
116
117struct serial_port {
118 u8 uart_reg[8]; /* 8 registers */
119 struct rxtx rxtx; /* loop back buffer */
120 bool dlab;
121 bool overrun;
122 u16 divisor;
123 u8 fcr; /* FIFO control register */
124 u8 max_fifo_size;
125 u8 intr_trigger_level; /* interrupt trigger level */
126};
127
128/* State of each mdev device */
129struct mdev_state {
130 int irq_fd;
131 struct eventfd_ctx *intx_evtfd;
132 struct eventfd_ctx *msi_evtfd;
133 int irq_index;
134 u8 *vconfig;
135 struct mutex ops_lock;
136 struct mdev_device *mdev;
137 struct mdev_region_info region_info[VFIO_PCI_NUM_REGIONS];
138 u32 bar_mask[VFIO_PCI_NUM_REGIONS];
139 struct list_head next;
140 struct serial_port s[2];
141 struct mutex rxtx_lock;
142 struct vfio_device_info dev_info;
143 int nr_ports;
144};
145
146static struct mutex mdev_list_lock;
147static struct list_head mdev_devices_list;
148
149static const struct file_operations vd_fops = {
150 .owner = THIS_MODULE,
151};
152
153/* function prototypes */
154
155static int mtty_trigger_interrupt(struct mdev_state *mdev_state);
156
157/* Helper functions */
158
159static void dump_buffer(u8 *buf, uint32_t count)
160{
161#if defined(DEBUG)
162 int i;
163
164 pr_info("Buffer:\n");
165 for (i = 0; i < count; i++) {
166 pr_info("%2x ", *(buf + i));
167 if ((i + 1) % 16 == 0)
168 pr_info("\n");
169 }
170#endif
171}
172
173static void mtty_create_config_space(struct mdev_state *mdev_state)
174{
175 /* PCI dev ID */
176 STORE_LE32((u32 *) &mdev_state->vconfig[0x0], 0x32534348);
177
178 /* Control: I/O+, Mem-, BusMaster- */
179 STORE_LE16((u16 *) &mdev_state->vconfig[0x4], 0x0001);
180
181 /* Status: capabilities list absent */
182 STORE_LE16((u16 *) &mdev_state->vconfig[0x6], 0x0200);
183
184 /* Rev ID */
185 mdev_state->vconfig[0x8] = 0x10;
186
187 /* programming interface class : 16550-compatible serial controller */
188 mdev_state->vconfig[0x9] = 0x02;
189
190 /* Sub class : 00 */
191 mdev_state->vconfig[0xa] = 0x00;
192
193 /* Base class : Simple Communication controllers */
194 mdev_state->vconfig[0xb] = 0x07;
195
196 /* base address registers */
197 /* BAR0: IO space */
198 STORE_LE32((u32 *) &mdev_state->vconfig[0x10], 0x000001);
199 mdev_state->bar_mask[0] = ~(MTTY_IO_BAR_SIZE) + 1;
200
201 if (mdev_state->nr_ports == 2) {
202 /* BAR1: IO space */
203 STORE_LE32((u32 *) &mdev_state->vconfig[0x14], 0x000001);
204 mdev_state->bar_mask[1] = ~(MTTY_IO_BAR_SIZE) + 1;
205 }
206
207 /* Subsystem ID */
208 STORE_LE32((u32 *) &mdev_state->vconfig[0x2c], 0x32534348);
209
210 mdev_state->vconfig[0x34] = 0x00; /* Cap Ptr */
211 mdev_state->vconfig[0x3d] = 0x01; /* interrupt pin (INTA#) */
212
213 /* Vendor specific data */
214 mdev_state->vconfig[0x40] = 0x23;
215 mdev_state->vconfig[0x43] = 0x80;
216 mdev_state->vconfig[0x44] = 0x23;
217 mdev_state->vconfig[0x48] = 0x23;
218 mdev_state->vconfig[0x4c] = 0x23;
219
220 mdev_state->vconfig[0x60] = 0x50;
221 mdev_state->vconfig[0x61] = 0x43;
222 mdev_state->vconfig[0x62] = 0x49;
223 mdev_state->vconfig[0x63] = 0x20;
224 mdev_state->vconfig[0x64] = 0x53;
225 mdev_state->vconfig[0x65] = 0x65;
226 mdev_state->vconfig[0x66] = 0x72;
227 mdev_state->vconfig[0x67] = 0x69;
228 mdev_state->vconfig[0x68] = 0x61;
229 mdev_state->vconfig[0x69] = 0x6c;
230 mdev_state->vconfig[0x6a] = 0x2f;
231 mdev_state->vconfig[0x6b] = 0x55;
232 mdev_state->vconfig[0x6c] = 0x41;
233 mdev_state->vconfig[0x6d] = 0x52;
234 mdev_state->vconfig[0x6e] = 0x54;
235}
236
237static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
238 u8 *buf, u32 count)
239{
240 u32 cfg_addr, bar_mask, bar_index = 0;
241
242 switch (offset) {
243 case 0x04: /* device control */
244 case 0x06: /* device status */
245 /* do nothing */
246 break;
247 case 0x3c: /* interrupt line */
248 mdev_state->vconfig[0x3c] = buf[0];
249 break;
250 case 0x3d:
251 /*
252 * Interrupt Pin is hardwired to INTA.
253 * This field is write protected by hardware
254 */
255 break;
256 case 0x10: /* BAR0 */
257 case 0x14: /* BAR1 */
258 if (offset == 0x10)
259 bar_index = 0;
260 else if (offset == 0x14)
261 bar_index = 1;
262
263 if ((mdev_state->nr_ports == 1) && (bar_index == 1)) {
264 STORE_LE32(&mdev_state->vconfig[offset], 0);
265 break;
266 }
267
268 cfg_addr = *(u32 *)buf;
269 pr_info("BAR%d addr 0x%x\n", bar_index, cfg_addr);
270
271 if (cfg_addr == 0xffffffff) {
272 bar_mask = mdev_state->bar_mask[bar_index];
273 cfg_addr = (cfg_addr & bar_mask);
274 }
275
276 cfg_addr |= (mdev_state->vconfig[offset] & 0x3ul);
277 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
278 break;
279 case 0x18: /* BAR2 */
280 case 0x1c: /* BAR3 */
281 case 0x20: /* BAR4 */
282 STORE_LE32(&mdev_state->vconfig[offset], 0);
283 break;
284 default:
285 pr_info("PCI config write @0x%x of %d bytes not handled\n",
286 offset, count);
287 break;
288 }
289}
290
291static void handle_bar_write(unsigned int index, struct mdev_state *mdev_state,
292 u16 offset, u8 *buf, u32 count)
293{
294 u8 data = *buf;
295
296 /* Handle data written by guest */
297 switch (offset) {
298 case UART_TX:
299 /* if DLAB set, data is LSB of divisor */
300 if (mdev_state->s[index].dlab) {
301 mdev_state->s[index].divisor |= data;
302 break;
303 }
304
305 mutex_lock(&mdev_state->rxtx_lock);
306
307 /* save in TX buffer */
308 if (mdev_state->s[index].rxtx.count <
309 mdev_state->s[index].max_fifo_size) {
310 mdev_state->s[index].rxtx.fifo[
311 mdev_state->s[index].rxtx.head] = data;
312 mdev_state->s[index].rxtx.count++;
313 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.head);
314 mdev_state->s[index].overrun = false;
315
316 /*
317 * Trigger interrupt if receive data interrupt is
318 * enabled and fifo reached trigger level
319 */
320 if ((mdev_state->s[index].uart_reg[UART_IER] &
321 UART_IER_RDI) &&
322 (mdev_state->s[index].rxtx.count ==
323 mdev_state->s[index].intr_trigger_level)) {
324 /* trigger interrupt */
325#if defined(DEBUG_INTR)
326 pr_err("Serial port %d: Fifo level trigger\n",
327 index);
328#endif
329 mtty_trigger_interrupt(mdev_state);
330 }
331 } else {
332#if defined(DEBUG_INTR)
333 pr_err("Serial port %d: Buffer Overflow\n", index);
334#endif
335 mdev_state->s[index].overrun = true;
336
337 /*
338 * Trigger interrupt if receiver line status interrupt
339 * is enabled
340 */
341 if (mdev_state->s[index].uart_reg[UART_IER] &
342 UART_IER_RLSI)
343 mtty_trigger_interrupt(mdev_state);
344 }
345 mutex_unlock(&mdev_state->rxtx_lock);
346 break;
347
348 case UART_IER:
349 /* if DLAB set, data is MSB of divisor */
350 if (mdev_state->s[index].dlab)
351 mdev_state->s[index].divisor |= (u16)data << 8;
352 else {
353 mdev_state->s[index].uart_reg[offset] = data;
354 mutex_lock(&mdev_state->rxtx_lock);
355 if ((data & UART_IER_THRI) &&
356 (mdev_state->s[index].rxtx.head ==
357 mdev_state->s[index].rxtx.tail)) {
358#if defined(DEBUG_INTR)
359 pr_err("Serial port %d: IER_THRI write\n",
360 index);
361#endif
362 mtty_trigger_interrupt(mdev_state);
363 }
364
365 mutex_unlock(&mdev_state->rxtx_lock);
366 }
367
368 break;
369
370 case UART_FCR:
371 mdev_state->s[index].fcr = data;
372
373 mutex_lock(&mdev_state->rxtx_lock);
374 if (data & (UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT)) {
375 /* clear loop back FIFO */
376 mdev_state->s[index].rxtx.count = 0;
377 mdev_state->s[index].rxtx.head = 0;
378 mdev_state->s[index].rxtx.tail = 0;
379 }
380 mutex_unlock(&mdev_state->rxtx_lock);
381
382 switch (data & UART_FCR_TRIGGER_MASK) {
383 case UART_FCR_TRIGGER_1:
384 mdev_state->s[index].intr_trigger_level = 1;
385 break;
386
387 case UART_FCR_TRIGGER_4:
388 mdev_state->s[index].intr_trigger_level = 4;
389 break;
390
391 case UART_FCR_TRIGGER_8:
392 mdev_state->s[index].intr_trigger_level = 8;
393 break;
394
395 case UART_FCR_TRIGGER_14:
396 mdev_state->s[index].intr_trigger_level = 14;
397 break;
398 }
399
400 /*
401 * Set trigger level to 1 otherwise or implement timer with
402 * timeout of 4 characters and on expiring that timer set
403 * Recevice data timeout in IIR register
404 */
405 mdev_state->s[index].intr_trigger_level = 1;
406 if (data & UART_FCR_ENABLE_FIFO)
407 mdev_state->s[index].max_fifo_size = MAX_FIFO_SIZE;
408 else {
409 mdev_state->s[index].max_fifo_size = 1;
410 mdev_state->s[index].intr_trigger_level = 1;
411 }
412
413 break;
414
415 case UART_LCR:
416 if (data & UART_LCR_DLAB) {
417 mdev_state->s[index].dlab = true;
418 mdev_state->s[index].divisor = 0;
419 } else
420 mdev_state->s[index].dlab = false;
421
422 mdev_state->s[index].uart_reg[offset] = data;
423 break;
424
425 case UART_MCR:
426 mdev_state->s[index].uart_reg[offset] = data;
427
428 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
429 (data & UART_MCR_OUT2)) {
430#if defined(DEBUG_INTR)
431 pr_err("Serial port %d: MCR_OUT2 write\n", index);
432#endif
433 mtty_trigger_interrupt(mdev_state);
434 }
435
436 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
437 (data & (UART_MCR_RTS | UART_MCR_DTR))) {
438#if defined(DEBUG_INTR)
439 pr_err("Serial port %d: MCR RTS/DTR write\n", index);
440#endif
441 mtty_trigger_interrupt(mdev_state);
442 }
443 break;
444
445 case UART_LSR:
446 case UART_MSR:
447 /* do nothing */
448 break;
449
450 case UART_SCR:
451 mdev_state->s[index].uart_reg[offset] = data;
452 break;
453
454 default:
455 break;
456 }
457}
458
459static void handle_bar_read(unsigned int index, struct mdev_state *mdev_state,
460 u16 offset, u8 *buf, u32 count)
461{
462 /* Handle read requests by guest */
463 switch (offset) {
464 case UART_RX:
465 /* if DLAB set, data is LSB of divisor */
466 if (mdev_state->s[index].dlab) {
467 *buf = (u8)mdev_state->s[index].divisor;
468 break;
469 }
470
471 mutex_lock(&mdev_state->rxtx_lock);
472 /* return data in tx buffer */
473 if (mdev_state->s[index].rxtx.head !=
474 mdev_state->s[index].rxtx.tail) {
475 *buf = mdev_state->s[index].rxtx.fifo[
476 mdev_state->s[index].rxtx.tail];
477 mdev_state->s[index].rxtx.count--;
478 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.tail);
479 }
480
481 if (mdev_state->s[index].rxtx.head ==
482 mdev_state->s[index].rxtx.tail) {
483 /*
484 * Trigger interrupt if tx buffer empty interrupt is
485 * enabled and fifo is empty
486 */
487#if defined(DEBUG_INTR)
488 pr_err("Serial port %d: Buffer Empty\n", index);
489#endif
490 if (mdev_state->s[index].uart_reg[UART_IER] &
491 UART_IER_THRI)
492 mtty_trigger_interrupt(mdev_state);
493 }
494 mutex_unlock(&mdev_state->rxtx_lock);
495
496 break;
497
498 case UART_IER:
499 if (mdev_state->s[index].dlab) {
500 *buf = (u8)(mdev_state->s[index].divisor >> 8);
501 break;
502 }
503 *buf = mdev_state->s[index].uart_reg[offset] & 0x0f;
504 break;
505
506 case UART_IIR:
507 {
508 u8 ier = mdev_state->s[index].uart_reg[UART_IER];
509 *buf = 0;
510
511 mutex_lock(&mdev_state->rxtx_lock);
512 /* Interrupt priority 1: Parity, overrun, framing or break */
513 if ((ier & UART_IER_RLSI) && mdev_state->s[index].overrun)
514 *buf |= UART_IIR_RLSI;
515
516 /* Interrupt priority 2: Fifo trigger level reached */
517 if ((ier & UART_IER_RDI) &&
518 (mdev_state->s[index].rxtx.count >=
519 mdev_state->s[index].intr_trigger_level))
520 *buf |= UART_IIR_RDI;
521
522 /* Interrupt priotiry 3: transmitter holding register empty */
523 if ((ier & UART_IER_THRI) &&
524 (mdev_state->s[index].rxtx.head ==
525 mdev_state->s[index].rxtx.tail))
526 *buf |= UART_IIR_THRI;
527
528 /* Interrupt priotiry 4: Modem status: CTS, DSR, RI or DCD */
529 if ((ier & UART_IER_MSI) &&
530 (mdev_state->s[index].uart_reg[UART_MCR] &
531 (UART_MCR_RTS | UART_MCR_DTR)))
532 *buf |= UART_IIR_MSI;
533
534 /* bit0: 0=> interrupt pending, 1=> no interrupt is pending */
535 if (*buf == 0)
536 *buf = UART_IIR_NO_INT;
537
538 /* set bit 6 & 7 to be 16550 compatible */
539 *buf |= 0xC0;
540 mutex_unlock(&mdev_state->rxtx_lock);
541 }
542 break;
543
544 case UART_LCR:
545 case UART_MCR:
546 *buf = mdev_state->s[index].uart_reg[offset];
547 break;
548
549 case UART_LSR:
550 {
551 u8 lsr = 0;
552
553 mutex_lock(&mdev_state->rxtx_lock);
554 /* atleast one char in FIFO */
555 if (mdev_state->s[index].rxtx.head !=
556 mdev_state->s[index].rxtx.tail)
557 lsr |= UART_LSR_DR;
558
559 /* if FIFO overrun */
560 if (mdev_state->s[index].overrun)
561 lsr |= UART_LSR_OE;
562
563 /* transmit FIFO empty and tramsitter empty */
564 if (mdev_state->s[index].rxtx.head ==
565 mdev_state->s[index].rxtx.tail)
566 lsr |= UART_LSR_TEMT | UART_LSR_THRE;
567
568 mutex_unlock(&mdev_state->rxtx_lock);
569 *buf = lsr;
570 break;
571 }
572 case UART_MSR:
573 *buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD;
574
575 mutex_lock(&mdev_state->rxtx_lock);
576 /* if AFE is 1 and FIFO have space, set CTS bit */
577 if (mdev_state->s[index].uart_reg[UART_MCR] &
578 UART_MCR_AFE) {
579 if (mdev_state->s[index].rxtx.count <
580 mdev_state->s[index].max_fifo_size)
581 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
582 } else
583 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
584 mutex_unlock(&mdev_state->rxtx_lock);
585
586 break;
587
588 case UART_SCR:
589 *buf = mdev_state->s[index].uart_reg[offset];
590 break;
591
592 default:
593 break;
594 }
595}
596
597static void mdev_read_base(struct mdev_state *mdev_state)
598{
599 int index, pos;
600 u32 start_lo, start_hi;
601 u32 mem_type;
602
603 pos = PCI_BASE_ADDRESS_0;
604
605 for (index = 0; index <= VFIO_PCI_BAR5_REGION_INDEX; index++) {
606
607 if (!mdev_state->region_info[index].size)
608 continue;
609
610 start_lo = (*(u32 *)(mdev_state->vconfig + pos)) &
611 PCI_BASE_ADDRESS_MEM_MASK;
612 mem_type = (*(u32 *)(mdev_state->vconfig + pos)) &
613 PCI_BASE_ADDRESS_MEM_TYPE_MASK;
614
615 switch (mem_type) {
616 case PCI_BASE_ADDRESS_MEM_TYPE_64:
617 start_hi = (*(u32 *)(mdev_state->vconfig + pos + 4));
618 pos += 4;
619 break;
620 case PCI_BASE_ADDRESS_MEM_TYPE_32:
621 case PCI_BASE_ADDRESS_MEM_TYPE_1M:
622 /* 1M mem BAR treated as 32-bit BAR */
623 default:
624 /* mem unknown type treated as 32-bit BAR */
625 start_hi = 0;
626 break;
627 }
628 pos += 4;
629 mdev_state->region_info[index].start = ((u64)start_hi << 32) |
630 start_lo;
631 }
632}
633
634static ssize_t mdev_access(struct mdev_device *mdev, u8 *buf, size_t count,
635 loff_t pos, bool is_write)
636{
637 struct mdev_state *mdev_state;
638 unsigned int index;
639 loff_t offset;
640 int ret = 0;
641
642 if (!mdev || !buf)
643 return -EINVAL;
644
645 mdev_state = mdev_get_drvdata(mdev);
646 if (!mdev_state) {
647 pr_err("%s mdev_state not found\n", __func__);
648 return -EINVAL;
649 }
650
651 mutex_lock(&mdev_state->ops_lock);
652
653 index = MTTY_VFIO_PCI_OFFSET_TO_INDEX(pos);
654 offset = pos & MTTY_VFIO_PCI_OFFSET_MASK;
655 switch (index) {
656 case VFIO_PCI_CONFIG_REGION_INDEX:
657
658#if defined(DEBUG)
659 pr_info("%s: PCI config space %s at offset 0x%llx\n",
660 __func__, is_write ? "write" : "read", offset);
661#endif
662 if (is_write) {
663 dump_buffer(buf, count);
664 handle_pci_cfg_write(mdev_state, offset, buf, count);
665 } else {
666 memcpy(buf, (mdev_state->vconfig + offset), count);
667 dump_buffer(buf, count);
668 }
669
670 break;
671
672 case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX:
673 if (!mdev_state->region_info[index].start)
674 mdev_read_base(mdev_state);
675
676 if (is_write) {
677 dump_buffer(buf, count);
678
679#if defined(DEBUG_REGS)
680 pr_info("%s: BAR%d WR @0x%llx %s val:0x%02x dlab:%d\n",
681 __func__, index, offset, wr_reg[offset],
682 *buf, mdev_state->s[index].dlab);
683#endif
684 handle_bar_write(index, mdev_state, offset, buf, count);
685 } else {
686 handle_bar_read(index, mdev_state, offset, buf, count);
687 dump_buffer(buf, count);
688
689#if defined(DEBUG_REGS)
690 pr_info("%s: BAR%d RD @0x%llx %s val:0x%02x dlab:%d\n",
691 __func__, index, offset, rd_reg[offset],
692 *buf, mdev_state->s[index].dlab);
693#endif
694 }
695 break;
696
697 default:
698 ret = -1;
699 goto accessfailed;
700 }
701
702 ret = count;
703
704
705accessfailed:
706 mutex_unlock(&mdev_state->ops_lock);
707
708 return ret;
709}
710
711static int mtty_create(struct kobject *kobj, struct mdev_device *mdev)
712{
713 struct mdev_state *mdev_state;
714 char name[MTTY_STRING_LEN];
715 int nr_ports = 0, i;
716
717 if (!mdev)
718 return -EINVAL;
719
720 for (i = 0; i < 2; i++) {
721 snprintf(name, MTTY_STRING_LEN, "%s-%d",
722 dev_driver_string(mdev_parent_dev(mdev)), i + 1);
723 if (!strcmp(kobj->name, name)) {
724 nr_ports = i + 1;
725 break;
726 }
727 }
728
729 if (!nr_ports)
730 return -EINVAL;
731
732 mdev_state = kzalloc(sizeof(struct mdev_state), GFP_KERNEL);
733 if (mdev_state == NULL)
734 return -ENOMEM;
735
736 mdev_state->nr_ports = nr_ports;
737 mdev_state->irq_index = -1;
738 mdev_state->s[0].max_fifo_size = MAX_FIFO_SIZE;
739 mdev_state->s[1].max_fifo_size = MAX_FIFO_SIZE;
740 mutex_init(&mdev_state->rxtx_lock);
741 mdev_state->vconfig = kzalloc(MTTY_CONFIG_SPACE_SIZE, GFP_KERNEL);
742
743 if (mdev_state->vconfig == NULL) {
744 kfree(mdev_state);
745 return -ENOMEM;
746 }
747
748 mutex_init(&mdev_state->ops_lock);
749 mdev_state->mdev = mdev;
750 mdev_set_drvdata(mdev, mdev_state);
751
752 mtty_create_config_space(mdev_state);
753
754 mutex_lock(&mdev_list_lock);
755 list_add(&mdev_state->next, &mdev_devices_list);
756 mutex_unlock(&mdev_list_lock);
757
758 return 0;
759}
760
761static int mtty_remove(struct mdev_device *mdev)
762{
763 struct mdev_state *mds, *tmp_mds;
764 struct mdev_state *mdev_state = mdev_get_drvdata(mdev);
765 int ret = -EINVAL;
766
767 mutex_lock(&mdev_list_lock);
768 list_for_each_entry_safe(mds, tmp_mds, &mdev_devices_list, next) {
769 if (mdev_state == mds) {
770 list_del(&mdev_state->next);
771 mdev_set_drvdata(mdev, NULL);
772 kfree(mdev_state->vconfig);
773 kfree(mdev_state);
774 ret = 0;
775 break;
776 }
777 }
778 mutex_unlock(&mdev_list_lock);
779
780 return ret;
781}
782
783static int mtty_reset(struct mdev_device *mdev)
784{
785 struct mdev_state *mdev_state;
786
787 if (!mdev)
788 return -EINVAL;
789
790 mdev_state = mdev_get_drvdata(mdev);
791 if (!mdev_state)
792 return -EINVAL;
793
794 pr_info("%s: called\n", __func__);
795
796 return 0;
797}
798
799static ssize_t mtty_read(struct mdev_device *mdev, char __user *buf,
800 size_t count, loff_t *ppos)
801{
802 unsigned int done = 0;
803 int ret;
804
805 while (count) {
806 size_t filled;
807
808 if (count >= 4 && !(*ppos % 4)) {
809 u32 val;
810
811 ret = mdev_access(mdev, (u8 *)&val, sizeof(val),
812 *ppos, false);
813 if (ret <= 0)
814 goto read_err;
815
816 if (copy_to_user(buf, &val, sizeof(val)))
817 goto read_err;
818
819 filled = 4;
820 } else if (count >= 2 && !(*ppos % 2)) {
821 u16 val;
822
823 ret = mdev_access(mdev, (u8 *)&val, sizeof(val),
824 *ppos, false);
825 if (ret <= 0)
826 goto read_err;
827
828 if (copy_to_user(buf, &val, sizeof(val)))
829 goto read_err;
830
831 filled = 2;
832 } else {
833 u8 val;
834
835 ret = mdev_access(mdev, (u8 *)&val, sizeof(val),
836 *ppos, false);
837 if (ret <= 0)
838 goto read_err;
839
840 if (copy_to_user(buf, &val, sizeof(val)))
841 goto read_err;
842
843 filled = 1;
844 }
845
846 count -= filled;
847 done += filled;
848 *ppos += filled;
849 buf += filled;
850 }
851
852 return done;
853
854read_err:
855 return -EFAULT;
856}
857
858static ssize_t mtty_write(struct mdev_device *mdev, const char __user *buf,
859 size_t count, loff_t *ppos)
860{
861 unsigned int done = 0;
862 int ret;
863
864 while (count) {
865 size_t filled;
866
867 if (count >= 4 && !(*ppos % 4)) {
868 u32 val;
869
870 if (copy_from_user(&val, buf, sizeof(val)))
871 goto write_err;
872
873 ret = mdev_access(mdev, (u8 *)&val, sizeof(val),
874 *ppos, true);
875 if (ret <= 0)
876 goto write_err;
877
878 filled = 4;
879 } else if (count >= 2 && !(*ppos % 2)) {
880 u16 val;
881
882 if (copy_from_user(&val, buf, sizeof(val)))
883 goto write_err;
884
885 ret = mdev_access(mdev, (u8 *)&val, sizeof(val),
886 *ppos, true);
887 if (ret <= 0)
888 goto write_err;
889
890 filled = 2;
891 } else {
892 u8 val;
893
894 if (copy_from_user(&val, buf, sizeof(val)))
895 goto write_err;
896
897 ret = mdev_access(mdev, (u8 *)&val, sizeof(val),
898 *ppos, true);
899 if (ret <= 0)
900 goto write_err;
901
902 filled = 1;
903 }
904 count -= filled;
905 done += filled;
906 *ppos += filled;
907 buf += filled;
908 }
909
910 return done;
911write_err:
912 return -EFAULT;
913}
914
915static int mtty_set_irqs(struct mdev_device *mdev, uint32_t flags,
916 unsigned int index, unsigned int start,
917 unsigned int count, void *data)
918{
919 int ret = 0;
920 struct mdev_state *mdev_state;
921
922 if (!mdev)
923 return -EINVAL;
924
925 mdev_state = mdev_get_drvdata(mdev);
926 if (!mdev_state)
927 return -EINVAL;
928
929 mutex_lock(&mdev_state->ops_lock);
930 switch (index) {
931 case VFIO_PCI_INTX_IRQ_INDEX:
932 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
933 case VFIO_IRQ_SET_ACTION_MASK:
934 case VFIO_IRQ_SET_ACTION_UNMASK:
935 break;
936 case VFIO_IRQ_SET_ACTION_TRIGGER:
937 {
938 if (flags & VFIO_IRQ_SET_DATA_NONE) {
939 pr_info("%s: disable INTx\n", __func__);
940 if (mdev_state->intx_evtfd)
941 eventfd_ctx_put(mdev_state->intx_evtfd);
942 break;
943 }
944
945 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
946 int fd = *(int *)data;
947
948 if (fd > 0) {
949 struct eventfd_ctx *evt;
950
951 evt = eventfd_ctx_fdget(fd);
952 if (IS_ERR(evt)) {
953 ret = PTR_ERR(evt);
954 break;
955 }
956 mdev_state->intx_evtfd = evt;
957 mdev_state->irq_fd = fd;
958 mdev_state->irq_index = index;
959 break;
960 }
961 }
962 break;
963 }
964 }
965 break;
966 case VFIO_PCI_MSI_IRQ_INDEX:
967 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
968 case VFIO_IRQ_SET_ACTION_MASK:
969 case VFIO_IRQ_SET_ACTION_UNMASK:
970 break;
971 case VFIO_IRQ_SET_ACTION_TRIGGER:
972 if (flags & VFIO_IRQ_SET_DATA_NONE) {
973 if (mdev_state->msi_evtfd)
974 eventfd_ctx_put(mdev_state->msi_evtfd);
975 pr_info("%s: disable MSI\n", __func__);
976 mdev_state->irq_index = VFIO_PCI_INTX_IRQ_INDEX;
977 break;
978 }
979 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
980 int fd = *(int *)data;
981 struct eventfd_ctx *evt;
982
983 if (fd <= 0)
984 break;
985
986 if (mdev_state->msi_evtfd)
987 break;
988
989 evt = eventfd_ctx_fdget(fd);
990 if (IS_ERR(evt)) {
991 ret = PTR_ERR(evt);
992 break;
993 }
994 mdev_state->msi_evtfd = evt;
995 mdev_state->irq_fd = fd;
996 mdev_state->irq_index = index;
997 }
998 break;
999 }
1000 break;
1001 case VFIO_PCI_MSIX_IRQ_INDEX:
1002 pr_info("%s: MSIX_IRQ\n", __func__);
1003 break;
1004 case VFIO_PCI_ERR_IRQ_INDEX:
1005 pr_info("%s: ERR_IRQ\n", __func__);
1006 break;
1007 case VFIO_PCI_REQ_IRQ_INDEX:
1008 pr_info("%s: REQ_IRQ\n", __func__);
1009 break;
1010 }
1011
1012 mutex_unlock(&mdev_state->ops_lock);
1013 return ret;
1014}
1015
1016static int mtty_trigger_interrupt(struct mdev_state *mdev_state)
1017{
1018 int ret = -1;
1019
1020 if ((mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX) &&
1021 (!mdev_state->msi_evtfd))
1022 return -EINVAL;
1023 else if ((mdev_state->irq_index == VFIO_PCI_INTX_IRQ_INDEX) &&
1024 (!mdev_state->intx_evtfd)) {
1025 pr_info("%s: Intr eventfd not found\n", __func__);
1026 return -EINVAL;
1027 }
1028
1029 if (mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX)
1030 ret = eventfd_signal(mdev_state->msi_evtfd, 1);
1031 else
1032 ret = eventfd_signal(mdev_state->intx_evtfd, 1);
1033
1034#if defined(DEBUG_INTR)
1035 pr_info("Intx triggered\n");
1036#endif
1037 if (ret != 1)
1038 pr_err("%s: eventfd signal failed (%d)\n", __func__, ret);
1039
1040 return ret;
1041}
1042
1043static int mtty_get_region_info(struct mdev_device *mdev,
1044 struct vfio_region_info *region_info,
1045 u16 *cap_type_id, void **cap_type)
1046{
1047 unsigned int size = 0;
1048 struct mdev_state *mdev_state;
1049 u32 bar_index;
1050
1051 if (!mdev)
1052 return -EINVAL;
1053
1054 mdev_state = mdev_get_drvdata(mdev);
1055 if (!mdev_state)
1056 return -EINVAL;
1057
1058 bar_index = region_info->index;
1059 if (bar_index >= VFIO_PCI_NUM_REGIONS)
1060 return -EINVAL;
1061
1062 mutex_lock(&mdev_state->ops_lock);
1063
1064 switch (bar_index) {
1065 case VFIO_PCI_CONFIG_REGION_INDEX:
1066 size = MTTY_CONFIG_SPACE_SIZE;
1067 break;
1068 case VFIO_PCI_BAR0_REGION_INDEX:
1069 size = MTTY_IO_BAR_SIZE;
1070 break;
1071 case VFIO_PCI_BAR1_REGION_INDEX:
1072 if (mdev_state->nr_ports == 2)
1073 size = MTTY_IO_BAR_SIZE;
1074 break;
1075 default:
1076 size = 0;
1077 break;
1078 }
1079
1080 mdev_state->region_info[bar_index].size = size;
1081 mdev_state->region_info[bar_index].vfio_offset =
1082 MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1083
1084 region_info->size = size;
1085 region_info->offset = MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1086 region_info->flags = VFIO_REGION_INFO_FLAG_READ |
1087 VFIO_REGION_INFO_FLAG_WRITE;
1088 mutex_unlock(&mdev_state->ops_lock);
1089 return 0;
1090}
1091
1092static int mtty_get_irq_info(struct mdev_device *mdev,
1093 struct vfio_irq_info *irq_info)
1094{
1095 switch (irq_info->index) {
1096 case VFIO_PCI_INTX_IRQ_INDEX:
1097 case VFIO_PCI_MSI_IRQ_INDEX:
1098 case VFIO_PCI_REQ_IRQ_INDEX:
1099 break;
1100
1101 default:
1102 return -EINVAL;
1103 }
1104
1105 irq_info->flags = VFIO_IRQ_INFO_EVENTFD;
1106 irq_info->count = 1;
1107
1108 if (irq_info->index == VFIO_PCI_INTX_IRQ_INDEX)
1109 irq_info->flags |= (VFIO_IRQ_INFO_MASKABLE |
1110 VFIO_IRQ_INFO_AUTOMASKED);
1111 else
1112 irq_info->flags |= VFIO_IRQ_INFO_NORESIZE;
1113
1114 return 0;
1115}
1116
1117static int mtty_get_device_info(struct mdev_device *mdev,
1118 struct vfio_device_info *dev_info)
1119{
1120 dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1121 dev_info->num_regions = VFIO_PCI_NUM_REGIONS;
1122 dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1123
1124 return 0;
1125}
1126
1127static long mtty_ioctl(struct mdev_device *mdev, unsigned int cmd,
1128 unsigned long arg)
1129{
1130 int ret = 0;
1131 unsigned long minsz;
1132 struct mdev_state *mdev_state;
1133
1134 if (!mdev)
1135 return -EINVAL;
1136
1137 mdev_state = mdev_get_drvdata(mdev);
1138 if (!mdev_state)
1139 return -ENODEV;
1140
1141 switch (cmd) {
1142 case VFIO_DEVICE_GET_INFO:
1143 {
1144 struct vfio_device_info info;
1145
1146 minsz = offsetofend(struct vfio_device_info, num_irqs);
1147
1148 if (copy_from_user(&info, (void __user *)arg, minsz))
1149 return -EFAULT;
1150
1151 if (info.argsz < minsz)
1152 return -EINVAL;
1153
1154 ret = mtty_get_device_info(mdev, &info);
1155 if (ret)
1156 return ret;
1157
1158 memcpy(&mdev_state->dev_info, &info, sizeof(info));
1159
1160 if (copy_to_user((void __user *)arg, &info, minsz))
1161 return -EFAULT;
1162
1163 return 0;
1164 }
1165 case VFIO_DEVICE_GET_REGION_INFO:
1166 {
1167 struct vfio_region_info info;
1168 u16 cap_type_id = 0;
1169 void *cap_type = NULL;
1170
1171 minsz = offsetofend(struct vfio_region_info, offset);
1172
1173 if (copy_from_user(&info, (void __user *)arg, minsz))
1174 return -EFAULT;
1175
1176 if (info.argsz < minsz)
1177 return -EINVAL;
1178
1179 ret = mtty_get_region_info(mdev, &info, &cap_type_id,
1180 &cap_type);
1181 if (ret)
1182 return ret;
1183
1184 if (copy_to_user((void __user *)arg, &info, minsz))
1185 return -EFAULT;
1186
1187 return 0;
1188 }
1189
1190 case VFIO_DEVICE_GET_IRQ_INFO:
1191 {
1192 struct vfio_irq_info info;
1193
1194 minsz = offsetofend(struct vfio_irq_info, count);
1195
1196 if (copy_from_user(&info, (void __user *)arg, minsz))
1197 return -EFAULT;
1198
1199 if ((info.argsz < minsz) ||
1200 (info.index >= mdev_state->dev_info.num_irqs))
1201 return -EINVAL;
1202
1203 ret = mtty_get_irq_info(mdev, &info);
1204 if (ret)
1205 return ret;
1206
1207 if (copy_to_user((void __user *)arg, &info, minsz))
1208 return -EFAULT;
1209
1210 return 0;
1211 }
1212 case VFIO_DEVICE_SET_IRQS:
1213 {
1214 struct vfio_irq_set hdr;
1215 u8 *data = NULL, *ptr = NULL;
1216 size_t data_size = 0;
1217
1218 minsz = offsetofend(struct vfio_irq_set, count);
1219
1220 if (copy_from_user(&hdr, (void __user *)arg, minsz))
1221 return -EFAULT;
1222
1223 ret = vfio_set_irqs_validate_and_prepare(&hdr,
1224 mdev_state->dev_info.num_irqs,
1225 VFIO_PCI_NUM_IRQS,
1226 &data_size);
1227 if (ret)
1228 return ret;
1229
1230 if (data_size) {
1231 ptr = data = memdup_user((void __user *)(arg + minsz),
1232 data_size);
1233 if (IS_ERR(data))
1234 return PTR_ERR(data);
1235 }
1236
1237 ret = mtty_set_irqs(mdev, hdr.flags, hdr.index, hdr.start,
1238 hdr.count, data);
1239
1240 kfree(ptr);
1241 return ret;
1242 }
1243 case VFIO_DEVICE_RESET:
1244 return mtty_reset(mdev);
1245 }
1246 return -ENOTTY;
1247}
1248
1249static int mtty_open(struct mdev_device *mdev)
1250{
1251 pr_info("%s\n", __func__);
1252 return 0;
1253}
1254
1255static void mtty_close(struct mdev_device *mdev)
1256{
1257 pr_info("%s\n", __func__);
1258}
1259
1260static ssize_t
1261sample_mtty_dev_show(struct device *dev, struct device_attribute *attr,
1262 char *buf)
1263{
1264 return sprintf(buf, "This is phy device\n");
1265}
1266
1267static DEVICE_ATTR_RO(sample_mtty_dev);
1268
1269static struct attribute *mtty_dev_attrs[] = {
1270 &dev_attr_sample_mtty_dev.attr,
1271 NULL,
1272};
1273
1274static const struct attribute_group mtty_dev_group = {
1275 .name = "mtty_dev",
1276 .attrs = mtty_dev_attrs,
1277};
1278
1279static const struct attribute_group *mtty_dev_groups[] = {
1280 &mtty_dev_group,
1281 NULL,
1282};
1283
1284static ssize_t
1285sample_mdev_dev_show(struct device *dev, struct device_attribute *attr,
1286 char *buf)
1287{
1288 if (mdev_from_dev(dev))
1289 return sprintf(buf, "This is MDEV %s\n", dev_name(dev));
1290
1291 return sprintf(buf, "\n");
1292}
1293
1294static DEVICE_ATTR_RO(sample_mdev_dev);
1295
1296static struct attribute *mdev_dev_attrs[] = {
1297 &dev_attr_sample_mdev_dev.attr,
1298 NULL,
1299};
1300
1301static const struct attribute_group mdev_dev_group = {
1302 .name = "vendor",
1303 .attrs = mdev_dev_attrs,
1304};
1305
1306static const struct attribute_group *mdev_dev_groups[] = {
1307 &mdev_dev_group,
1308 NULL,
1309};
1310
1311static ssize_t
1312name_show(struct kobject *kobj, struct device *dev, char *buf)
1313{
1314 char name[MTTY_STRING_LEN];
1315 int i;
1316 const char *name_str[2] = {"Single port serial", "Dual port serial"};
1317
1318 for (i = 0; i < 2; i++) {
1319 snprintf(name, MTTY_STRING_LEN, "%s-%d",
1320 dev_driver_string(dev), i + 1);
1321 if (!strcmp(kobj->name, name))
1322 return sprintf(buf, "%s\n", name_str[i]);
1323 }
1324
1325 return -EINVAL;
1326}
1327
1328static MDEV_TYPE_ATTR_RO(name);
1329
1330static ssize_t
1331available_instances_show(struct kobject *kobj, struct device *dev, char *buf)
1332{
1333 char name[MTTY_STRING_LEN];
1334 int i;
1335 struct mdev_state *mds;
1336 int ports = 0, used = 0;
1337
1338 for (i = 0; i < 2; i++) {
1339 snprintf(name, MTTY_STRING_LEN, "%s-%d",
1340 dev_driver_string(dev), i + 1);
1341 if (!strcmp(kobj->name, name)) {
1342 ports = i + 1;
1343 break;
1344 }
1345 }
1346
1347 if (!ports)
1348 return -EINVAL;
1349
1350 list_for_each_entry(mds, &mdev_devices_list, next)
1351 used += mds->nr_ports;
1352
1353 return sprintf(buf, "%d\n", (MAX_MTTYS - used)/ports);
1354}
1355
1356static MDEV_TYPE_ATTR_RO(available_instances);
1357
1358
1359static ssize_t device_api_show(struct kobject *kobj, struct device *dev,
1360 char *buf)
1361{
1362 return sprintf(buf, "%s\n", VFIO_DEVICE_API_PCI_STRING);
1363}
1364
1365static MDEV_TYPE_ATTR_RO(device_api);
1366
1367static struct attribute *mdev_types_attrs[] = {
1368 &mdev_type_attr_name.attr,
1369 &mdev_type_attr_device_api.attr,
1370 &mdev_type_attr_available_instances.attr,
1371 NULL,
1372};
1373
1374static struct attribute_group mdev_type_group1 = {
1375 .name = "1",
1376 .attrs = mdev_types_attrs,
1377};
1378
1379static struct attribute_group mdev_type_group2 = {
1380 .name = "2",
1381 .attrs = mdev_types_attrs,
1382};
1383
1384static struct attribute_group *mdev_type_groups[] = {
1385 &mdev_type_group1,
1386 &mdev_type_group2,
1387 NULL,
1388};
1389
1390static const struct mdev_parent_ops mdev_fops = {
1391 .owner = THIS_MODULE,
1392 .dev_attr_groups = mtty_dev_groups,
1393 .mdev_attr_groups = mdev_dev_groups,
1394 .supported_type_groups = mdev_type_groups,
1395 .create = mtty_create,
1396 .remove = mtty_remove,
1397 .open = mtty_open,
1398 .release = mtty_close,
1399 .read = mtty_read,
1400 .write = mtty_write,
1401 .ioctl = mtty_ioctl,
1402};
1403
1404static void mtty_device_release(struct device *dev)
1405{
1406 dev_dbg(dev, "mtty: released\n");
1407}
1408
1409static int __init mtty_dev_init(void)
1410{
1411 int ret = 0;
1412
1413 pr_info("mtty_dev: %s\n", __func__);
1414
1415 memset(&mtty_dev, 0, sizeof(mtty_dev));
1416
1417 idr_init(&mtty_dev.vd_idr);
1418
1419 ret = alloc_chrdev_region(&mtty_dev.vd_devt, 0, MINORMASK + 1,
1420 MTTY_NAME);
1421
1422 if (ret < 0) {
1423 pr_err("Error: failed to register mtty_dev, err:%d\n", ret);
1424 return ret;
1425 }
1426
1427 cdev_init(&mtty_dev.vd_cdev, &vd_fops);
1428 cdev_add(&mtty_dev.vd_cdev, mtty_dev.vd_devt, MINORMASK + 1);
1429
1430 pr_info("major_number:%d\n", MAJOR(mtty_dev.vd_devt));
1431
1432 mtty_dev.vd_class = class_create(THIS_MODULE, MTTY_CLASS_NAME);
1433
1434 if (IS_ERR(mtty_dev.vd_class)) {
1435 pr_err("Error: failed to register mtty_dev class\n");
1436 ret = PTR_ERR(mtty_dev.vd_class);
1437 goto failed1;
1438 }
1439
1440 mtty_dev.dev.class = mtty_dev.vd_class;
1441 mtty_dev.dev.release = mtty_device_release;
1442 dev_set_name(&mtty_dev.dev, "%s", MTTY_NAME);
1443
1444 ret = device_register(&mtty_dev.dev);
1445 if (ret)
1446 goto failed2;
1447
1448 ret = mdev_register_device(&mtty_dev.dev, &mdev_fops);
1449 if (ret)
1450 goto failed3;
1451
1452 mutex_init(&mdev_list_lock);
1453 INIT_LIST_HEAD(&mdev_devices_list);
1454
1455 goto all_done;
1456
1457failed3:
1458
1459 device_unregister(&mtty_dev.dev);
1460failed2:
1461 class_destroy(mtty_dev.vd_class);
1462
1463failed1:
1464 cdev_del(&mtty_dev.vd_cdev);
1465 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
1466
1467all_done:
1468 return ret;
1469}
1470
1471static void __exit mtty_dev_exit(void)
1472{
1473 mtty_dev.dev.bus = NULL;
1474 mdev_unregister_device(&mtty_dev.dev);
1475
1476 device_unregister(&mtty_dev.dev);
1477 idr_destroy(&mtty_dev.vd_idr);
1478 cdev_del(&mtty_dev.vd_cdev);
1479 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
1480 class_destroy(mtty_dev.vd_class);
1481 mtty_dev.vd_class = NULL;
1482 pr_info("mtty_dev: Unloaded!\n");
1483}
1484
1485module_init(mtty_dev_init)
1486module_exit(mtty_dev_exit)
1487
1488MODULE_LICENSE("GPL v2");
1489MODULE_INFO(supported, "Test driver that simulate serial port over PCI");
1490MODULE_VERSION(VERSION_STRING);
1491MODULE_AUTHOR(DRIVER_AUTHOR);