Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Mediated virtual PCI serial host device driver
4 *
5 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
6 * Author: Neo Jia <cjia@nvidia.com>
7 * Kirti Wankhede <kwankhede@nvidia.com>
8 *
9 * Sample driver that creates mdev device that simulates serial port over PCI
10 * card.
11 */
12
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/kernel.h>
16#include <linux/fs.h>
17#include <linux/poll.h>
18#include <linux/slab.h>
19#include <linux/cdev.h>
20#include <linux/sched.h>
21#include <linux/wait.h>
22#include <linux/vfio.h>
23#include <linux/iommu.h>
24#include <linux/sysfs.h>
25#include <linux/ctype.h>
26#include <linux/file.h>
27#include <linux/mdev.h>
28#include <linux/pci.h>
29#include <linux/serial.h>
30#include <uapi/linux/serial_reg.h>
31#include <linux/eventfd.h>
32/*
33 * #defines
34 */
35
36#define VERSION_STRING "0.1"
37#define DRIVER_AUTHOR "NVIDIA Corporation"
38
39#define MTTY_CLASS_NAME "mtty"
40
41#define MTTY_NAME "mtty"
42
43#define MTTY_STRING_LEN 16
44
45#define MTTY_CONFIG_SPACE_SIZE 0xff
46#define MTTY_IO_BAR_SIZE 0x8
47#define MTTY_MMIO_BAR_SIZE 0x100000
48
49#define STORE_LE16(addr, val) (*(u16 *)addr = val)
50#define STORE_LE32(addr, val) (*(u32 *)addr = val)
51
52#define MAX_FIFO_SIZE 16
53
54#define CIRCULAR_BUF_INC_IDX(idx) (idx = (idx + 1) & (MAX_FIFO_SIZE - 1))
55
56#define MTTY_VFIO_PCI_OFFSET_SHIFT 40
57
58#define MTTY_VFIO_PCI_OFFSET_TO_INDEX(off) (off >> MTTY_VFIO_PCI_OFFSET_SHIFT)
59#define MTTY_VFIO_PCI_INDEX_TO_OFFSET(index) \
60 ((u64)(index) << MTTY_VFIO_PCI_OFFSET_SHIFT)
61#define MTTY_VFIO_PCI_OFFSET_MASK \
62 (((u64)(1) << MTTY_VFIO_PCI_OFFSET_SHIFT) - 1)
63#define MAX_MTTYS 24
64
65/*
66 * Global Structures
67 */
68
69static struct mtty_dev {
70 dev_t vd_devt;
71 struct class *vd_class;
72 struct cdev vd_cdev;
73 struct idr vd_idr;
74 struct device dev;
75 struct mdev_parent parent;
76} mtty_dev;
77
78struct mdev_region_info {
79 u64 start;
80 u64 phys_start;
81 u32 size;
82 u64 vfio_offset;
83};
84
85#if defined(DEBUG_REGS)
86static const char *wr_reg[] = {
87 "TX",
88 "IER",
89 "FCR",
90 "LCR",
91 "MCR",
92 "LSR",
93 "MSR",
94 "SCR"
95};
96
97static const char *rd_reg[] = {
98 "RX",
99 "IER",
100 "IIR",
101 "LCR",
102 "MCR",
103 "LSR",
104 "MSR",
105 "SCR"
106};
107#endif
108
109/* loop back buffer */
110struct rxtx {
111 u8 fifo[MAX_FIFO_SIZE];
112 u8 head, tail;
113 u8 count;
114};
115
116struct serial_port {
117 u8 uart_reg[8]; /* 8 registers */
118 struct rxtx rxtx; /* loop back buffer */
119 bool dlab;
120 bool overrun;
121 u16 divisor;
122 u8 fcr; /* FIFO control register */
123 u8 max_fifo_size;
124 u8 intr_trigger_level; /* interrupt trigger level */
125};
126
127/* State of each mdev device */
128struct mdev_state {
129 struct vfio_device vdev;
130 int irq_fd;
131 struct eventfd_ctx *intx_evtfd;
132 struct eventfd_ctx *msi_evtfd;
133 int irq_index;
134 u8 *vconfig;
135 struct mutex ops_lock;
136 struct mdev_device *mdev;
137 struct mdev_region_info region_info[VFIO_PCI_NUM_REGIONS];
138 u32 bar_mask[VFIO_PCI_NUM_REGIONS];
139 struct list_head next;
140 struct serial_port s[2];
141 struct mutex rxtx_lock;
142 struct vfio_device_info dev_info;
143 int nr_ports;
144};
145
146static struct mtty_type {
147 struct mdev_type type;
148 int nr_ports;
149} mtty_types[2] = {
150 { .nr_ports = 1, .type.sysfs_name = "1",
151 .type.pretty_name = "Single port serial" },
152 { .nr_ports = 2, .type.sysfs_name = "2",
153 .type.pretty_name = "Dual port serial" },
154};
155
156static struct mdev_type *mtty_mdev_types[] = {
157 &mtty_types[0].type,
158 &mtty_types[1].type,
159};
160
161static atomic_t mdev_avail_ports = ATOMIC_INIT(MAX_MTTYS);
162
163static const struct file_operations vd_fops = {
164 .owner = THIS_MODULE,
165};
166
167static const struct vfio_device_ops mtty_dev_ops;
168
169/* function prototypes */
170
171static int mtty_trigger_interrupt(struct mdev_state *mdev_state);
172
173/* Helper functions */
174
175static void dump_buffer(u8 *buf, uint32_t count)
176{
177#if defined(DEBUG)
178 int i;
179
180 pr_info("Buffer:\n");
181 for (i = 0; i < count; i++) {
182 pr_info("%2x ", *(buf + i));
183 if ((i + 1) % 16 == 0)
184 pr_info("\n");
185 }
186#endif
187}
188
189static void mtty_create_config_space(struct mdev_state *mdev_state)
190{
191 /* PCI dev ID */
192 STORE_LE32((u32 *) &mdev_state->vconfig[0x0], 0x32534348);
193
194 /* Control: I/O+, Mem-, BusMaster- */
195 STORE_LE16((u16 *) &mdev_state->vconfig[0x4], 0x0001);
196
197 /* Status: capabilities list absent */
198 STORE_LE16((u16 *) &mdev_state->vconfig[0x6], 0x0200);
199
200 /* Rev ID */
201 mdev_state->vconfig[0x8] = 0x10;
202
203 /* programming interface class : 16550-compatible serial controller */
204 mdev_state->vconfig[0x9] = 0x02;
205
206 /* Sub class : 00 */
207 mdev_state->vconfig[0xa] = 0x00;
208
209 /* Base class : Simple Communication controllers */
210 mdev_state->vconfig[0xb] = 0x07;
211
212 /* base address registers */
213 /* BAR0: IO space */
214 STORE_LE32((u32 *) &mdev_state->vconfig[0x10], 0x000001);
215 mdev_state->bar_mask[0] = ~(MTTY_IO_BAR_SIZE) + 1;
216
217 if (mdev_state->nr_ports == 2) {
218 /* BAR1: IO space */
219 STORE_LE32((u32 *) &mdev_state->vconfig[0x14], 0x000001);
220 mdev_state->bar_mask[1] = ~(MTTY_IO_BAR_SIZE) + 1;
221 }
222
223 /* Subsystem ID */
224 STORE_LE32((u32 *) &mdev_state->vconfig[0x2c], 0x32534348);
225
226 mdev_state->vconfig[0x34] = 0x00; /* Cap Ptr */
227 mdev_state->vconfig[0x3d] = 0x01; /* interrupt pin (INTA#) */
228
229 /* Vendor specific data */
230 mdev_state->vconfig[0x40] = 0x23;
231 mdev_state->vconfig[0x43] = 0x80;
232 mdev_state->vconfig[0x44] = 0x23;
233 mdev_state->vconfig[0x48] = 0x23;
234 mdev_state->vconfig[0x4c] = 0x23;
235
236 mdev_state->vconfig[0x60] = 0x50;
237 mdev_state->vconfig[0x61] = 0x43;
238 mdev_state->vconfig[0x62] = 0x49;
239 mdev_state->vconfig[0x63] = 0x20;
240 mdev_state->vconfig[0x64] = 0x53;
241 mdev_state->vconfig[0x65] = 0x65;
242 mdev_state->vconfig[0x66] = 0x72;
243 mdev_state->vconfig[0x67] = 0x69;
244 mdev_state->vconfig[0x68] = 0x61;
245 mdev_state->vconfig[0x69] = 0x6c;
246 mdev_state->vconfig[0x6a] = 0x2f;
247 mdev_state->vconfig[0x6b] = 0x55;
248 mdev_state->vconfig[0x6c] = 0x41;
249 mdev_state->vconfig[0x6d] = 0x52;
250 mdev_state->vconfig[0x6e] = 0x54;
251}
252
253static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
254 u8 *buf, u32 count)
255{
256 u32 cfg_addr, bar_mask, bar_index = 0;
257
258 switch (offset) {
259 case 0x04: /* device control */
260 case 0x06: /* device status */
261 /* do nothing */
262 break;
263 case 0x3c: /* interrupt line */
264 mdev_state->vconfig[0x3c] = buf[0];
265 break;
266 case 0x3d:
267 /*
268 * Interrupt Pin is hardwired to INTA.
269 * This field is write protected by hardware
270 */
271 break;
272 case 0x10: /* BAR0 */
273 case 0x14: /* BAR1 */
274 if (offset == 0x10)
275 bar_index = 0;
276 else if (offset == 0x14)
277 bar_index = 1;
278
279 if ((mdev_state->nr_ports == 1) && (bar_index == 1)) {
280 STORE_LE32(&mdev_state->vconfig[offset], 0);
281 break;
282 }
283
284 cfg_addr = *(u32 *)buf;
285 pr_info("BAR%d addr 0x%x\n", bar_index, cfg_addr);
286
287 if (cfg_addr == 0xffffffff) {
288 bar_mask = mdev_state->bar_mask[bar_index];
289 cfg_addr = (cfg_addr & bar_mask);
290 }
291
292 cfg_addr |= (mdev_state->vconfig[offset] & 0x3ul);
293 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
294 break;
295 case 0x18: /* BAR2 */
296 case 0x1c: /* BAR3 */
297 case 0x20: /* BAR4 */
298 STORE_LE32(&mdev_state->vconfig[offset], 0);
299 break;
300 default:
301 pr_info("PCI config write @0x%x of %d bytes not handled\n",
302 offset, count);
303 break;
304 }
305}
306
307static void handle_bar_write(unsigned int index, struct mdev_state *mdev_state,
308 u16 offset, u8 *buf, u32 count)
309{
310 u8 data = *buf;
311
312 /* Handle data written by guest */
313 switch (offset) {
314 case UART_TX:
315 /* if DLAB set, data is LSB of divisor */
316 if (mdev_state->s[index].dlab) {
317 mdev_state->s[index].divisor |= data;
318 break;
319 }
320
321 mutex_lock(&mdev_state->rxtx_lock);
322
323 /* save in TX buffer */
324 if (mdev_state->s[index].rxtx.count <
325 mdev_state->s[index].max_fifo_size) {
326 mdev_state->s[index].rxtx.fifo[
327 mdev_state->s[index].rxtx.head] = data;
328 mdev_state->s[index].rxtx.count++;
329 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.head);
330 mdev_state->s[index].overrun = false;
331
332 /*
333 * Trigger interrupt if receive data interrupt is
334 * enabled and fifo reached trigger level
335 */
336 if ((mdev_state->s[index].uart_reg[UART_IER] &
337 UART_IER_RDI) &&
338 (mdev_state->s[index].rxtx.count ==
339 mdev_state->s[index].intr_trigger_level)) {
340 /* trigger interrupt */
341#if defined(DEBUG_INTR)
342 pr_err("Serial port %d: Fifo level trigger\n",
343 index);
344#endif
345 mtty_trigger_interrupt(mdev_state);
346 }
347 } else {
348#if defined(DEBUG_INTR)
349 pr_err("Serial port %d: Buffer Overflow\n", index);
350#endif
351 mdev_state->s[index].overrun = true;
352
353 /*
354 * Trigger interrupt if receiver line status interrupt
355 * is enabled
356 */
357 if (mdev_state->s[index].uart_reg[UART_IER] &
358 UART_IER_RLSI)
359 mtty_trigger_interrupt(mdev_state);
360 }
361 mutex_unlock(&mdev_state->rxtx_lock);
362 break;
363
364 case UART_IER:
365 /* if DLAB set, data is MSB of divisor */
366 if (mdev_state->s[index].dlab)
367 mdev_state->s[index].divisor |= (u16)data << 8;
368 else {
369 mdev_state->s[index].uart_reg[offset] = data;
370 mutex_lock(&mdev_state->rxtx_lock);
371 if ((data & UART_IER_THRI) &&
372 (mdev_state->s[index].rxtx.head ==
373 mdev_state->s[index].rxtx.tail)) {
374#if defined(DEBUG_INTR)
375 pr_err("Serial port %d: IER_THRI write\n",
376 index);
377#endif
378 mtty_trigger_interrupt(mdev_state);
379 }
380
381 mutex_unlock(&mdev_state->rxtx_lock);
382 }
383
384 break;
385
386 case UART_FCR:
387 mdev_state->s[index].fcr = data;
388
389 mutex_lock(&mdev_state->rxtx_lock);
390 if (data & (UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT)) {
391 /* clear loop back FIFO */
392 mdev_state->s[index].rxtx.count = 0;
393 mdev_state->s[index].rxtx.head = 0;
394 mdev_state->s[index].rxtx.tail = 0;
395 }
396 mutex_unlock(&mdev_state->rxtx_lock);
397
398 switch (data & UART_FCR_TRIGGER_MASK) {
399 case UART_FCR_TRIGGER_1:
400 mdev_state->s[index].intr_trigger_level = 1;
401 break;
402
403 case UART_FCR_TRIGGER_4:
404 mdev_state->s[index].intr_trigger_level = 4;
405 break;
406
407 case UART_FCR_TRIGGER_8:
408 mdev_state->s[index].intr_trigger_level = 8;
409 break;
410
411 case UART_FCR_TRIGGER_14:
412 mdev_state->s[index].intr_trigger_level = 14;
413 break;
414 }
415
416 /*
417 * Set trigger level to 1 otherwise or implement timer with
418 * timeout of 4 characters and on expiring that timer set
419 * Recevice data timeout in IIR register
420 */
421 mdev_state->s[index].intr_trigger_level = 1;
422 if (data & UART_FCR_ENABLE_FIFO)
423 mdev_state->s[index].max_fifo_size = MAX_FIFO_SIZE;
424 else {
425 mdev_state->s[index].max_fifo_size = 1;
426 mdev_state->s[index].intr_trigger_level = 1;
427 }
428
429 break;
430
431 case UART_LCR:
432 if (data & UART_LCR_DLAB) {
433 mdev_state->s[index].dlab = true;
434 mdev_state->s[index].divisor = 0;
435 } else
436 mdev_state->s[index].dlab = false;
437
438 mdev_state->s[index].uart_reg[offset] = data;
439 break;
440
441 case UART_MCR:
442 mdev_state->s[index].uart_reg[offset] = data;
443
444 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
445 (data & UART_MCR_OUT2)) {
446#if defined(DEBUG_INTR)
447 pr_err("Serial port %d: MCR_OUT2 write\n", index);
448#endif
449 mtty_trigger_interrupt(mdev_state);
450 }
451
452 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
453 (data & (UART_MCR_RTS | UART_MCR_DTR))) {
454#if defined(DEBUG_INTR)
455 pr_err("Serial port %d: MCR RTS/DTR write\n", index);
456#endif
457 mtty_trigger_interrupt(mdev_state);
458 }
459 break;
460
461 case UART_LSR:
462 case UART_MSR:
463 /* do nothing */
464 break;
465
466 case UART_SCR:
467 mdev_state->s[index].uart_reg[offset] = data;
468 break;
469
470 default:
471 break;
472 }
473}
474
475static void handle_bar_read(unsigned int index, struct mdev_state *mdev_state,
476 u16 offset, u8 *buf, u32 count)
477{
478 /* Handle read requests by guest */
479 switch (offset) {
480 case UART_RX:
481 /* if DLAB set, data is LSB of divisor */
482 if (mdev_state->s[index].dlab) {
483 *buf = (u8)mdev_state->s[index].divisor;
484 break;
485 }
486
487 mutex_lock(&mdev_state->rxtx_lock);
488 /* return data in tx buffer */
489 if (mdev_state->s[index].rxtx.head !=
490 mdev_state->s[index].rxtx.tail) {
491 *buf = mdev_state->s[index].rxtx.fifo[
492 mdev_state->s[index].rxtx.tail];
493 mdev_state->s[index].rxtx.count--;
494 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.tail);
495 }
496
497 if (mdev_state->s[index].rxtx.head ==
498 mdev_state->s[index].rxtx.tail) {
499 /*
500 * Trigger interrupt if tx buffer empty interrupt is
501 * enabled and fifo is empty
502 */
503#if defined(DEBUG_INTR)
504 pr_err("Serial port %d: Buffer Empty\n", index);
505#endif
506 if (mdev_state->s[index].uart_reg[UART_IER] &
507 UART_IER_THRI)
508 mtty_trigger_interrupt(mdev_state);
509 }
510 mutex_unlock(&mdev_state->rxtx_lock);
511
512 break;
513
514 case UART_IER:
515 if (mdev_state->s[index].dlab) {
516 *buf = (u8)(mdev_state->s[index].divisor >> 8);
517 break;
518 }
519 *buf = mdev_state->s[index].uart_reg[offset] & 0x0f;
520 break;
521
522 case UART_IIR:
523 {
524 u8 ier = mdev_state->s[index].uart_reg[UART_IER];
525 *buf = 0;
526
527 mutex_lock(&mdev_state->rxtx_lock);
528 /* Interrupt priority 1: Parity, overrun, framing or break */
529 if ((ier & UART_IER_RLSI) && mdev_state->s[index].overrun)
530 *buf |= UART_IIR_RLSI;
531
532 /* Interrupt priority 2: Fifo trigger level reached */
533 if ((ier & UART_IER_RDI) &&
534 (mdev_state->s[index].rxtx.count >=
535 mdev_state->s[index].intr_trigger_level))
536 *buf |= UART_IIR_RDI;
537
538 /* Interrupt priotiry 3: transmitter holding register empty */
539 if ((ier & UART_IER_THRI) &&
540 (mdev_state->s[index].rxtx.head ==
541 mdev_state->s[index].rxtx.tail))
542 *buf |= UART_IIR_THRI;
543
544 /* Interrupt priotiry 4: Modem status: CTS, DSR, RI or DCD */
545 if ((ier & UART_IER_MSI) &&
546 (mdev_state->s[index].uart_reg[UART_MCR] &
547 (UART_MCR_RTS | UART_MCR_DTR)))
548 *buf |= UART_IIR_MSI;
549
550 /* bit0: 0=> interrupt pending, 1=> no interrupt is pending */
551 if (*buf == 0)
552 *buf = UART_IIR_NO_INT;
553
554 /* set bit 6 & 7 to be 16550 compatible */
555 *buf |= 0xC0;
556 mutex_unlock(&mdev_state->rxtx_lock);
557 }
558 break;
559
560 case UART_LCR:
561 case UART_MCR:
562 *buf = mdev_state->s[index].uart_reg[offset];
563 break;
564
565 case UART_LSR:
566 {
567 u8 lsr = 0;
568
569 mutex_lock(&mdev_state->rxtx_lock);
570 /* atleast one char in FIFO */
571 if (mdev_state->s[index].rxtx.head !=
572 mdev_state->s[index].rxtx.tail)
573 lsr |= UART_LSR_DR;
574
575 /* if FIFO overrun */
576 if (mdev_state->s[index].overrun)
577 lsr |= UART_LSR_OE;
578
579 /* transmit FIFO empty and tramsitter empty */
580 if (mdev_state->s[index].rxtx.head ==
581 mdev_state->s[index].rxtx.tail)
582 lsr |= UART_LSR_TEMT | UART_LSR_THRE;
583
584 mutex_unlock(&mdev_state->rxtx_lock);
585 *buf = lsr;
586 break;
587 }
588 case UART_MSR:
589 *buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD;
590
591 mutex_lock(&mdev_state->rxtx_lock);
592 /* if AFE is 1 and FIFO have space, set CTS bit */
593 if (mdev_state->s[index].uart_reg[UART_MCR] &
594 UART_MCR_AFE) {
595 if (mdev_state->s[index].rxtx.count <
596 mdev_state->s[index].max_fifo_size)
597 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
598 } else
599 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
600 mutex_unlock(&mdev_state->rxtx_lock);
601
602 break;
603
604 case UART_SCR:
605 *buf = mdev_state->s[index].uart_reg[offset];
606 break;
607
608 default:
609 break;
610 }
611}
612
613static void mdev_read_base(struct mdev_state *mdev_state)
614{
615 int index, pos;
616 u32 start_lo, start_hi;
617 u32 mem_type;
618
619 pos = PCI_BASE_ADDRESS_0;
620
621 for (index = 0; index <= VFIO_PCI_BAR5_REGION_INDEX; index++) {
622
623 if (!mdev_state->region_info[index].size)
624 continue;
625
626 start_lo = (*(u32 *)(mdev_state->vconfig + pos)) &
627 PCI_BASE_ADDRESS_MEM_MASK;
628 mem_type = (*(u32 *)(mdev_state->vconfig + pos)) &
629 PCI_BASE_ADDRESS_MEM_TYPE_MASK;
630
631 switch (mem_type) {
632 case PCI_BASE_ADDRESS_MEM_TYPE_64:
633 start_hi = (*(u32 *)(mdev_state->vconfig + pos + 4));
634 pos += 4;
635 break;
636 case PCI_BASE_ADDRESS_MEM_TYPE_32:
637 case PCI_BASE_ADDRESS_MEM_TYPE_1M:
638 /* 1M mem BAR treated as 32-bit BAR */
639 default:
640 /* mem unknown type treated as 32-bit BAR */
641 start_hi = 0;
642 break;
643 }
644 pos += 4;
645 mdev_state->region_info[index].start = ((u64)start_hi << 32) |
646 start_lo;
647 }
648}
649
650static ssize_t mdev_access(struct mdev_state *mdev_state, u8 *buf, size_t count,
651 loff_t pos, bool is_write)
652{
653 unsigned int index;
654 loff_t offset;
655 int ret = 0;
656
657 if (!buf)
658 return -EINVAL;
659
660 mutex_lock(&mdev_state->ops_lock);
661
662 index = MTTY_VFIO_PCI_OFFSET_TO_INDEX(pos);
663 offset = pos & MTTY_VFIO_PCI_OFFSET_MASK;
664 switch (index) {
665 case VFIO_PCI_CONFIG_REGION_INDEX:
666
667#if defined(DEBUG)
668 pr_info("%s: PCI config space %s at offset 0x%llx\n",
669 __func__, is_write ? "write" : "read", offset);
670#endif
671 if (is_write) {
672 dump_buffer(buf, count);
673 handle_pci_cfg_write(mdev_state, offset, buf, count);
674 } else {
675 memcpy(buf, (mdev_state->vconfig + offset), count);
676 dump_buffer(buf, count);
677 }
678
679 break;
680
681 case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX:
682 if (!mdev_state->region_info[index].start)
683 mdev_read_base(mdev_state);
684
685 if (is_write) {
686 dump_buffer(buf, count);
687
688#if defined(DEBUG_REGS)
689 pr_info("%s: BAR%d WR @0x%llx %s val:0x%02x dlab:%d\n",
690 __func__, index, offset, wr_reg[offset],
691 *buf, mdev_state->s[index].dlab);
692#endif
693 handle_bar_write(index, mdev_state, offset, buf, count);
694 } else {
695 handle_bar_read(index, mdev_state, offset, buf, count);
696 dump_buffer(buf, count);
697
698#if defined(DEBUG_REGS)
699 pr_info("%s: BAR%d RD @0x%llx %s val:0x%02x dlab:%d\n",
700 __func__, index, offset, rd_reg[offset],
701 *buf, mdev_state->s[index].dlab);
702#endif
703 }
704 break;
705
706 default:
707 ret = -1;
708 goto accessfailed;
709 }
710
711 ret = count;
712
713
714accessfailed:
715 mutex_unlock(&mdev_state->ops_lock);
716
717 return ret;
718}
719
720static int mtty_init_dev(struct vfio_device *vdev)
721{
722 struct mdev_state *mdev_state =
723 container_of(vdev, struct mdev_state, vdev);
724 struct mdev_device *mdev = to_mdev_device(vdev->dev);
725 struct mtty_type *type =
726 container_of(mdev->type, struct mtty_type, type);
727 int avail_ports = atomic_read(&mdev_avail_ports);
728 int ret;
729
730 do {
731 if (avail_ports < type->nr_ports)
732 return -ENOSPC;
733 } while (!atomic_try_cmpxchg(&mdev_avail_ports,
734 &avail_ports,
735 avail_ports - type->nr_ports));
736
737 mdev_state->nr_ports = type->nr_ports;
738 mdev_state->irq_index = -1;
739 mdev_state->s[0].max_fifo_size = MAX_FIFO_SIZE;
740 mdev_state->s[1].max_fifo_size = MAX_FIFO_SIZE;
741 mutex_init(&mdev_state->rxtx_lock);
742
743 mdev_state->vconfig = kzalloc(MTTY_CONFIG_SPACE_SIZE, GFP_KERNEL);
744 if (!mdev_state->vconfig) {
745 ret = -ENOMEM;
746 goto err_nr_ports;
747 }
748
749 mutex_init(&mdev_state->ops_lock);
750 mdev_state->mdev = mdev;
751 mtty_create_config_space(mdev_state);
752 return 0;
753
754err_nr_ports:
755 atomic_add(type->nr_ports, &mdev_avail_ports);
756 return ret;
757}
758
759static int mtty_probe(struct mdev_device *mdev)
760{
761 struct mdev_state *mdev_state;
762 int ret;
763
764 mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
765 &mtty_dev_ops);
766 if (IS_ERR(mdev_state))
767 return PTR_ERR(mdev_state);
768
769 ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev);
770 if (ret)
771 goto err_put_vdev;
772 dev_set_drvdata(&mdev->dev, mdev_state);
773 return 0;
774
775err_put_vdev:
776 vfio_put_device(&mdev_state->vdev);
777 return ret;
778}
779
780static void mtty_release_dev(struct vfio_device *vdev)
781{
782 struct mdev_state *mdev_state =
783 container_of(vdev, struct mdev_state, vdev);
784
785 atomic_add(mdev_state->nr_ports, &mdev_avail_ports);
786 kfree(mdev_state->vconfig);
787}
788
789static void mtty_remove(struct mdev_device *mdev)
790{
791 struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev);
792
793 vfio_unregister_group_dev(&mdev_state->vdev);
794 vfio_put_device(&mdev_state->vdev);
795}
796
797static int mtty_reset(struct mdev_state *mdev_state)
798{
799 pr_info("%s: called\n", __func__);
800
801 return 0;
802}
803
804static ssize_t mtty_read(struct vfio_device *vdev, char __user *buf,
805 size_t count, loff_t *ppos)
806{
807 struct mdev_state *mdev_state =
808 container_of(vdev, struct mdev_state, vdev);
809 unsigned int done = 0;
810 int ret;
811
812 while (count) {
813 size_t filled;
814
815 if (count >= 4 && !(*ppos % 4)) {
816 u32 val;
817
818 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
819 *ppos, false);
820 if (ret <= 0)
821 goto read_err;
822
823 if (copy_to_user(buf, &val, sizeof(val)))
824 goto read_err;
825
826 filled = 4;
827 } else if (count >= 2 && !(*ppos % 2)) {
828 u16 val;
829
830 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
831 *ppos, false);
832 if (ret <= 0)
833 goto read_err;
834
835 if (copy_to_user(buf, &val, sizeof(val)))
836 goto read_err;
837
838 filled = 2;
839 } else {
840 u8 val;
841
842 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
843 *ppos, false);
844 if (ret <= 0)
845 goto read_err;
846
847 if (copy_to_user(buf, &val, sizeof(val)))
848 goto read_err;
849
850 filled = 1;
851 }
852
853 count -= filled;
854 done += filled;
855 *ppos += filled;
856 buf += filled;
857 }
858
859 return done;
860
861read_err:
862 return -EFAULT;
863}
864
865static ssize_t mtty_write(struct vfio_device *vdev, const char __user *buf,
866 size_t count, loff_t *ppos)
867{
868 struct mdev_state *mdev_state =
869 container_of(vdev, struct mdev_state, vdev);
870 unsigned int done = 0;
871 int ret;
872
873 while (count) {
874 size_t filled;
875
876 if (count >= 4 && !(*ppos % 4)) {
877 u32 val;
878
879 if (copy_from_user(&val, buf, sizeof(val)))
880 goto write_err;
881
882 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
883 *ppos, true);
884 if (ret <= 0)
885 goto write_err;
886
887 filled = 4;
888 } else if (count >= 2 && !(*ppos % 2)) {
889 u16 val;
890
891 if (copy_from_user(&val, buf, sizeof(val)))
892 goto write_err;
893
894 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
895 *ppos, true);
896 if (ret <= 0)
897 goto write_err;
898
899 filled = 2;
900 } else {
901 u8 val;
902
903 if (copy_from_user(&val, buf, sizeof(val)))
904 goto write_err;
905
906 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
907 *ppos, true);
908 if (ret <= 0)
909 goto write_err;
910
911 filled = 1;
912 }
913 count -= filled;
914 done += filled;
915 *ppos += filled;
916 buf += filled;
917 }
918
919 return done;
920write_err:
921 return -EFAULT;
922}
923
924static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
925 unsigned int index, unsigned int start,
926 unsigned int count, void *data)
927{
928 int ret = 0;
929
930 mutex_lock(&mdev_state->ops_lock);
931 switch (index) {
932 case VFIO_PCI_INTX_IRQ_INDEX:
933 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
934 case VFIO_IRQ_SET_ACTION_MASK:
935 case VFIO_IRQ_SET_ACTION_UNMASK:
936 break;
937 case VFIO_IRQ_SET_ACTION_TRIGGER:
938 {
939 if (flags & VFIO_IRQ_SET_DATA_NONE) {
940 pr_info("%s: disable INTx\n", __func__);
941 if (mdev_state->intx_evtfd)
942 eventfd_ctx_put(mdev_state->intx_evtfd);
943 break;
944 }
945
946 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
947 int fd = *(int *)data;
948
949 if (fd > 0) {
950 struct eventfd_ctx *evt;
951
952 evt = eventfd_ctx_fdget(fd);
953 if (IS_ERR(evt)) {
954 ret = PTR_ERR(evt);
955 break;
956 }
957 mdev_state->intx_evtfd = evt;
958 mdev_state->irq_fd = fd;
959 mdev_state->irq_index = index;
960 break;
961 }
962 }
963 break;
964 }
965 }
966 break;
967 case VFIO_PCI_MSI_IRQ_INDEX:
968 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
969 case VFIO_IRQ_SET_ACTION_MASK:
970 case VFIO_IRQ_SET_ACTION_UNMASK:
971 break;
972 case VFIO_IRQ_SET_ACTION_TRIGGER:
973 if (flags & VFIO_IRQ_SET_DATA_NONE) {
974 if (mdev_state->msi_evtfd)
975 eventfd_ctx_put(mdev_state->msi_evtfd);
976 pr_info("%s: disable MSI\n", __func__);
977 mdev_state->irq_index = VFIO_PCI_INTX_IRQ_INDEX;
978 break;
979 }
980 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
981 int fd = *(int *)data;
982 struct eventfd_ctx *evt;
983
984 if (fd <= 0)
985 break;
986
987 if (mdev_state->msi_evtfd)
988 break;
989
990 evt = eventfd_ctx_fdget(fd);
991 if (IS_ERR(evt)) {
992 ret = PTR_ERR(evt);
993 break;
994 }
995 mdev_state->msi_evtfd = evt;
996 mdev_state->irq_fd = fd;
997 mdev_state->irq_index = index;
998 }
999 break;
1000 }
1001 break;
1002 case VFIO_PCI_MSIX_IRQ_INDEX:
1003 pr_info("%s: MSIX_IRQ\n", __func__);
1004 break;
1005 case VFIO_PCI_ERR_IRQ_INDEX:
1006 pr_info("%s: ERR_IRQ\n", __func__);
1007 break;
1008 case VFIO_PCI_REQ_IRQ_INDEX:
1009 pr_info("%s: REQ_IRQ\n", __func__);
1010 break;
1011 }
1012
1013 mutex_unlock(&mdev_state->ops_lock);
1014 return ret;
1015}
1016
1017static int mtty_trigger_interrupt(struct mdev_state *mdev_state)
1018{
1019 int ret = -1;
1020
1021 if ((mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX) &&
1022 (!mdev_state->msi_evtfd))
1023 return -EINVAL;
1024 else if ((mdev_state->irq_index == VFIO_PCI_INTX_IRQ_INDEX) &&
1025 (!mdev_state->intx_evtfd)) {
1026 pr_info("%s: Intr eventfd not found\n", __func__);
1027 return -EINVAL;
1028 }
1029
1030 if (mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX)
1031 ret = eventfd_signal(mdev_state->msi_evtfd, 1);
1032 else
1033 ret = eventfd_signal(mdev_state->intx_evtfd, 1);
1034
1035#if defined(DEBUG_INTR)
1036 pr_info("Intx triggered\n");
1037#endif
1038 if (ret != 1)
1039 pr_err("%s: eventfd signal failed (%d)\n", __func__, ret);
1040
1041 return ret;
1042}
1043
1044static int mtty_get_region_info(struct mdev_state *mdev_state,
1045 struct vfio_region_info *region_info,
1046 u16 *cap_type_id, void **cap_type)
1047{
1048 unsigned int size = 0;
1049 u32 bar_index;
1050
1051 bar_index = region_info->index;
1052 if (bar_index >= VFIO_PCI_NUM_REGIONS)
1053 return -EINVAL;
1054
1055 mutex_lock(&mdev_state->ops_lock);
1056
1057 switch (bar_index) {
1058 case VFIO_PCI_CONFIG_REGION_INDEX:
1059 size = MTTY_CONFIG_SPACE_SIZE;
1060 break;
1061 case VFIO_PCI_BAR0_REGION_INDEX:
1062 size = MTTY_IO_BAR_SIZE;
1063 break;
1064 case VFIO_PCI_BAR1_REGION_INDEX:
1065 if (mdev_state->nr_ports == 2)
1066 size = MTTY_IO_BAR_SIZE;
1067 break;
1068 default:
1069 size = 0;
1070 break;
1071 }
1072
1073 mdev_state->region_info[bar_index].size = size;
1074 mdev_state->region_info[bar_index].vfio_offset =
1075 MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1076
1077 region_info->size = size;
1078 region_info->offset = MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1079 region_info->flags = VFIO_REGION_INFO_FLAG_READ |
1080 VFIO_REGION_INFO_FLAG_WRITE;
1081 mutex_unlock(&mdev_state->ops_lock);
1082 return 0;
1083}
1084
1085static int mtty_get_irq_info(struct vfio_irq_info *irq_info)
1086{
1087 switch (irq_info->index) {
1088 case VFIO_PCI_INTX_IRQ_INDEX:
1089 case VFIO_PCI_MSI_IRQ_INDEX:
1090 case VFIO_PCI_REQ_IRQ_INDEX:
1091 break;
1092
1093 default:
1094 return -EINVAL;
1095 }
1096
1097 irq_info->flags = VFIO_IRQ_INFO_EVENTFD;
1098 irq_info->count = 1;
1099
1100 if (irq_info->index == VFIO_PCI_INTX_IRQ_INDEX)
1101 irq_info->flags |= (VFIO_IRQ_INFO_MASKABLE |
1102 VFIO_IRQ_INFO_AUTOMASKED);
1103 else
1104 irq_info->flags |= VFIO_IRQ_INFO_NORESIZE;
1105
1106 return 0;
1107}
1108
1109static int mtty_get_device_info(struct vfio_device_info *dev_info)
1110{
1111 dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1112 dev_info->num_regions = VFIO_PCI_NUM_REGIONS;
1113 dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1114
1115 return 0;
1116}
1117
1118static long mtty_ioctl(struct vfio_device *vdev, unsigned int cmd,
1119 unsigned long arg)
1120{
1121 struct mdev_state *mdev_state =
1122 container_of(vdev, struct mdev_state, vdev);
1123 int ret = 0;
1124 unsigned long minsz;
1125
1126 switch (cmd) {
1127 case VFIO_DEVICE_GET_INFO:
1128 {
1129 struct vfio_device_info info;
1130
1131 minsz = offsetofend(struct vfio_device_info, num_irqs);
1132
1133 if (copy_from_user(&info, (void __user *)arg, minsz))
1134 return -EFAULT;
1135
1136 if (info.argsz < minsz)
1137 return -EINVAL;
1138
1139 ret = mtty_get_device_info(&info);
1140 if (ret)
1141 return ret;
1142
1143 memcpy(&mdev_state->dev_info, &info, sizeof(info));
1144
1145 if (copy_to_user((void __user *)arg, &info, minsz))
1146 return -EFAULT;
1147
1148 return 0;
1149 }
1150 case VFIO_DEVICE_GET_REGION_INFO:
1151 {
1152 struct vfio_region_info info;
1153 u16 cap_type_id = 0;
1154 void *cap_type = NULL;
1155
1156 minsz = offsetofend(struct vfio_region_info, offset);
1157
1158 if (copy_from_user(&info, (void __user *)arg, minsz))
1159 return -EFAULT;
1160
1161 if (info.argsz < minsz)
1162 return -EINVAL;
1163
1164 ret = mtty_get_region_info(mdev_state, &info, &cap_type_id,
1165 &cap_type);
1166 if (ret)
1167 return ret;
1168
1169 if (copy_to_user((void __user *)arg, &info, minsz))
1170 return -EFAULT;
1171
1172 return 0;
1173 }
1174
1175 case VFIO_DEVICE_GET_IRQ_INFO:
1176 {
1177 struct vfio_irq_info info;
1178
1179 minsz = offsetofend(struct vfio_irq_info, count);
1180
1181 if (copy_from_user(&info, (void __user *)arg, minsz))
1182 return -EFAULT;
1183
1184 if ((info.argsz < minsz) ||
1185 (info.index >= mdev_state->dev_info.num_irqs))
1186 return -EINVAL;
1187
1188 ret = mtty_get_irq_info(&info);
1189 if (ret)
1190 return ret;
1191
1192 if (copy_to_user((void __user *)arg, &info, minsz))
1193 return -EFAULT;
1194
1195 return 0;
1196 }
1197 case VFIO_DEVICE_SET_IRQS:
1198 {
1199 struct vfio_irq_set hdr;
1200 u8 *data = NULL, *ptr = NULL;
1201 size_t data_size = 0;
1202
1203 minsz = offsetofend(struct vfio_irq_set, count);
1204
1205 if (copy_from_user(&hdr, (void __user *)arg, minsz))
1206 return -EFAULT;
1207
1208 ret = vfio_set_irqs_validate_and_prepare(&hdr,
1209 mdev_state->dev_info.num_irqs,
1210 VFIO_PCI_NUM_IRQS,
1211 &data_size);
1212 if (ret)
1213 return ret;
1214
1215 if (data_size) {
1216 ptr = data = memdup_user((void __user *)(arg + minsz),
1217 data_size);
1218 if (IS_ERR(data))
1219 return PTR_ERR(data);
1220 }
1221
1222 ret = mtty_set_irqs(mdev_state, hdr.flags, hdr.index, hdr.start,
1223 hdr.count, data);
1224
1225 kfree(ptr);
1226 return ret;
1227 }
1228 case VFIO_DEVICE_RESET:
1229 return mtty_reset(mdev_state);
1230 }
1231 return -ENOTTY;
1232}
1233
1234static ssize_t
1235sample_mdev_dev_show(struct device *dev, struct device_attribute *attr,
1236 char *buf)
1237{
1238 return sprintf(buf, "This is MDEV %s\n", dev_name(dev));
1239}
1240
1241static DEVICE_ATTR_RO(sample_mdev_dev);
1242
1243static struct attribute *mdev_dev_attrs[] = {
1244 &dev_attr_sample_mdev_dev.attr,
1245 NULL,
1246};
1247
1248static const struct attribute_group mdev_dev_group = {
1249 .name = "vendor",
1250 .attrs = mdev_dev_attrs,
1251};
1252
1253static const struct attribute_group *mdev_dev_groups[] = {
1254 &mdev_dev_group,
1255 NULL,
1256};
1257
1258static unsigned int mtty_get_available(struct mdev_type *mtype)
1259{
1260 struct mtty_type *type = container_of(mtype, struct mtty_type, type);
1261
1262 return atomic_read(&mdev_avail_ports) / type->nr_ports;
1263}
1264
1265static const struct vfio_device_ops mtty_dev_ops = {
1266 .name = "vfio-mtty",
1267 .init = mtty_init_dev,
1268 .release = mtty_release_dev,
1269 .read = mtty_read,
1270 .write = mtty_write,
1271 .ioctl = mtty_ioctl,
1272};
1273
1274static struct mdev_driver mtty_driver = {
1275 .device_api = VFIO_DEVICE_API_PCI_STRING,
1276 .driver = {
1277 .name = "mtty",
1278 .owner = THIS_MODULE,
1279 .mod_name = KBUILD_MODNAME,
1280 .dev_groups = mdev_dev_groups,
1281 },
1282 .probe = mtty_probe,
1283 .remove = mtty_remove,
1284 .get_available = mtty_get_available,
1285};
1286
1287static void mtty_device_release(struct device *dev)
1288{
1289 dev_dbg(dev, "mtty: released\n");
1290}
1291
1292static int __init mtty_dev_init(void)
1293{
1294 int ret = 0;
1295
1296 pr_info("mtty_dev: %s\n", __func__);
1297
1298 memset(&mtty_dev, 0, sizeof(mtty_dev));
1299
1300 idr_init(&mtty_dev.vd_idr);
1301
1302 ret = alloc_chrdev_region(&mtty_dev.vd_devt, 0, MINORMASK + 1,
1303 MTTY_NAME);
1304
1305 if (ret < 0) {
1306 pr_err("Error: failed to register mtty_dev, err:%d\n", ret);
1307 return ret;
1308 }
1309
1310 cdev_init(&mtty_dev.vd_cdev, &vd_fops);
1311 cdev_add(&mtty_dev.vd_cdev, mtty_dev.vd_devt, MINORMASK + 1);
1312
1313 pr_info("major_number:%d\n", MAJOR(mtty_dev.vd_devt));
1314
1315 ret = mdev_register_driver(&mtty_driver);
1316 if (ret)
1317 goto err_cdev;
1318
1319 mtty_dev.vd_class = class_create(THIS_MODULE, MTTY_CLASS_NAME);
1320
1321 if (IS_ERR(mtty_dev.vd_class)) {
1322 pr_err("Error: failed to register mtty_dev class\n");
1323 ret = PTR_ERR(mtty_dev.vd_class);
1324 goto err_driver;
1325 }
1326
1327 mtty_dev.dev.class = mtty_dev.vd_class;
1328 mtty_dev.dev.release = mtty_device_release;
1329 dev_set_name(&mtty_dev.dev, "%s", MTTY_NAME);
1330
1331 ret = device_register(&mtty_dev.dev);
1332 if (ret)
1333 goto err_put;
1334
1335 ret = mdev_register_parent(&mtty_dev.parent, &mtty_dev.dev,
1336 &mtty_driver, mtty_mdev_types,
1337 ARRAY_SIZE(mtty_mdev_types));
1338 if (ret)
1339 goto err_device;
1340 return 0;
1341
1342err_device:
1343 device_del(&mtty_dev.dev);
1344err_put:
1345 put_device(&mtty_dev.dev);
1346 class_destroy(mtty_dev.vd_class);
1347err_driver:
1348 mdev_unregister_driver(&mtty_driver);
1349err_cdev:
1350 cdev_del(&mtty_dev.vd_cdev);
1351 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
1352 return ret;
1353}
1354
1355static void __exit mtty_dev_exit(void)
1356{
1357 mtty_dev.dev.bus = NULL;
1358 mdev_unregister_parent(&mtty_dev.parent);
1359
1360 device_unregister(&mtty_dev.dev);
1361 idr_destroy(&mtty_dev.vd_idr);
1362 mdev_unregister_driver(&mtty_driver);
1363 cdev_del(&mtty_dev.vd_cdev);
1364 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
1365 class_destroy(mtty_dev.vd_class);
1366 mtty_dev.vd_class = NULL;
1367 pr_info("mtty_dev: Unloaded!\n");
1368}
1369
1370module_init(mtty_dev_init)
1371module_exit(mtty_dev_exit)
1372
1373MODULE_LICENSE("GPL v2");
1374MODULE_INFO(supported, "Test driver that simulate serial port over PCI");
1375MODULE_VERSION(VERSION_STRING);
1376MODULE_AUTHOR(DRIVER_AUTHOR);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Mediated virtual PCI serial host device driver
4 *
5 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
6 * Author: Neo Jia <cjia@nvidia.com>
7 * Kirti Wankhede <kwankhede@nvidia.com>
8 *
9 * Sample driver that creates mdev device that simulates serial port over PCI
10 * card.
11 */
12
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/kernel.h>
16#include <linux/fs.h>
17#include <linux/poll.h>
18#include <linux/slab.h>
19#include <linux/cdev.h>
20#include <linux/sched.h>
21#include <linux/wait.h>
22#include <linux/vfio.h>
23#include <linux/iommu.h>
24#include <linux/sysfs.h>
25#include <linux/ctype.h>
26#include <linux/file.h>
27#include <linux/mdev.h>
28#include <linux/pci.h>
29#include <linux/serial.h>
30#include <uapi/linux/serial_reg.h>
31#include <linux/eventfd.h>
32#include <linux/anon_inodes.h>
33
34/*
35 * #defines
36 */
37
38#define VERSION_STRING "0.1"
39#define DRIVER_AUTHOR "NVIDIA Corporation"
40
41#define MTTY_CLASS_NAME "mtty"
42
43#define MTTY_NAME "mtty"
44
45#define MTTY_STRING_LEN 16
46
47#define MTTY_CONFIG_SPACE_SIZE 0xff
48#define MTTY_IO_BAR_SIZE 0x8
49#define MTTY_MMIO_BAR_SIZE 0x100000
50
51#define STORE_LE16(addr, val) (*(u16 *)addr = val)
52#define STORE_LE32(addr, val) (*(u32 *)addr = val)
53
54#define MAX_FIFO_SIZE 16
55
56#define CIRCULAR_BUF_INC_IDX(idx) (idx = (idx + 1) & (MAX_FIFO_SIZE - 1))
57
58#define MTTY_VFIO_PCI_OFFSET_SHIFT 40
59
60#define MTTY_VFIO_PCI_OFFSET_TO_INDEX(off) (off >> MTTY_VFIO_PCI_OFFSET_SHIFT)
61#define MTTY_VFIO_PCI_INDEX_TO_OFFSET(index) \
62 ((u64)(index) << MTTY_VFIO_PCI_OFFSET_SHIFT)
63#define MTTY_VFIO_PCI_OFFSET_MASK \
64 (((u64)(1) << MTTY_VFIO_PCI_OFFSET_SHIFT) - 1)
65#define MAX_MTTYS 24
66
67/*
68 * Global Structures
69 */
70
71static struct mtty_dev {
72 dev_t vd_devt;
73 struct class *vd_class;
74 struct cdev vd_cdev;
75 struct idr vd_idr;
76 struct device dev;
77 struct mdev_parent parent;
78} mtty_dev;
79
80struct mdev_region_info {
81 u64 start;
82 u64 phys_start;
83 u32 size;
84 u64 vfio_offset;
85};
86
87#if defined(DEBUG_REGS)
88static const char *wr_reg[] = {
89 "TX",
90 "IER",
91 "FCR",
92 "LCR",
93 "MCR",
94 "LSR",
95 "MSR",
96 "SCR"
97};
98
99static const char *rd_reg[] = {
100 "RX",
101 "IER",
102 "IIR",
103 "LCR",
104 "MCR",
105 "LSR",
106 "MSR",
107 "SCR"
108};
109#endif
110
111/* loop back buffer */
112struct rxtx {
113 u8 fifo[MAX_FIFO_SIZE];
114 u8 head, tail;
115 u8 count;
116};
117
118struct serial_port {
119 u8 uart_reg[8]; /* 8 registers */
120 struct rxtx rxtx; /* loop back buffer */
121 bool dlab;
122 bool overrun;
123 u16 divisor;
124 u8 fcr; /* FIFO control register */
125 u8 max_fifo_size;
126 u8 intr_trigger_level; /* interrupt trigger level */
127};
128
129struct mtty_data {
130 u64 magic;
131#define MTTY_MAGIC 0x7e9d09898c3e2c4e /* Nothing clever, just random */
132 u32 major_ver;
133#define MTTY_MAJOR_VER 1
134 u32 minor_ver;
135#define MTTY_MINOR_VER 0
136 u32 nr_ports;
137 u32 flags;
138 struct serial_port ports[2];
139};
140
141struct mdev_state;
142
143struct mtty_migration_file {
144 struct file *filp;
145 struct mutex lock;
146 struct mdev_state *mdev_state;
147 struct mtty_data data;
148 ssize_t filled_size;
149 u8 disabled:1;
150};
151
152/* State of each mdev device */
153struct mdev_state {
154 struct vfio_device vdev;
155 struct eventfd_ctx *intx_evtfd;
156 struct eventfd_ctx *msi_evtfd;
157 int irq_index;
158 u8 *vconfig;
159 struct mutex ops_lock;
160 struct mdev_device *mdev;
161 struct mdev_region_info region_info[VFIO_PCI_NUM_REGIONS];
162 u32 bar_mask[VFIO_PCI_NUM_REGIONS];
163 struct list_head next;
164 struct serial_port s[2];
165 struct mutex rxtx_lock;
166 struct vfio_device_info dev_info;
167 int nr_ports;
168 enum vfio_device_mig_state state;
169 struct mutex state_mutex;
170 struct mutex reset_mutex;
171 struct mtty_migration_file *saving_migf;
172 struct mtty_migration_file *resuming_migf;
173 u8 deferred_reset:1;
174 u8 intx_mask:1;
175};
176
177static struct mtty_type {
178 struct mdev_type type;
179 int nr_ports;
180} mtty_types[2] = {
181 { .nr_ports = 1, .type.sysfs_name = "1",
182 .type.pretty_name = "Single port serial" },
183 { .nr_ports = 2, .type.sysfs_name = "2",
184 .type.pretty_name = "Dual port serial" },
185};
186
187static struct mdev_type *mtty_mdev_types[] = {
188 &mtty_types[0].type,
189 &mtty_types[1].type,
190};
191
192static atomic_t mdev_avail_ports = ATOMIC_INIT(MAX_MTTYS);
193
194static const struct file_operations vd_fops = {
195 .owner = THIS_MODULE,
196};
197
198static const struct vfio_device_ops mtty_dev_ops;
199
200/* Helper functions */
201
202static void dump_buffer(u8 *buf, uint32_t count)
203{
204#if defined(DEBUG)
205 int i;
206
207 pr_info("Buffer:\n");
208 for (i = 0; i < count; i++) {
209 pr_info("%2x ", *(buf + i));
210 if ((i + 1) % 16 == 0)
211 pr_info("\n");
212 }
213#endif
214}
215
216static bool is_intx(struct mdev_state *mdev_state)
217{
218 return mdev_state->irq_index == VFIO_PCI_INTX_IRQ_INDEX;
219}
220
221static bool is_msi(struct mdev_state *mdev_state)
222{
223 return mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX;
224}
225
226static bool is_noirq(struct mdev_state *mdev_state)
227{
228 return !is_intx(mdev_state) && !is_msi(mdev_state);
229}
230
231static void mtty_trigger_interrupt(struct mdev_state *mdev_state)
232{
233 lockdep_assert_held(&mdev_state->ops_lock);
234
235 if (is_msi(mdev_state)) {
236 if (mdev_state->msi_evtfd)
237 eventfd_signal(mdev_state->msi_evtfd);
238 } else if (is_intx(mdev_state)) {
239 if (mdev_state->intx_evtfd && !mdev_state->intx_mask) {
240 eventfd_signal(mdev_state->intx_evtfd);
241 mdev_state->intx_mask = true;
242 }
243 }
244}
245
246static void mtty_create_config_space(struct mdev_state *mdev_state)
247{
248 /* PCI dev ID */
249 STORE_LE32((u32 *) &mdev_state->vconfig[0x0], 0x32534348);
250
251 /* Control: I/O+, Mem-, BusMaster- */
252 STORE_LE16((u16 *) &mdev_state->vconfig[0x4], 0x0001);
253
254 /* Status: capabilities list absent */
255 STORE_LE16((u16 *) &mdev_state->vconfig[0x6], 0x0200);
256
257 /* Rev ID */
258 mdev_state->vconfig[0x8] = 0x10;
259
260 /* programming interface class : 16550-compatible serial controller */
261 mdev_state->vconfig[0x9] = 0x02;
262
263 /* Sub class : 00 */
264 mdev_state->vconfig[0xa] = 0x00;
265
266 /* Base class : Simple Communication controllers */
267 mdev_state->vconfig[0xb] = 0x07;
268
269 /* base address registers */
270 /* BAR0: IO space */
271 STORE_LE32((u32 *) &mdev_state->vconfig[0x10], 0x000001);
272 mdev_state->bar_mask[0] = ~(MTTY_IO_BAR_SIZE) + 1;
273
274 if (mdev_state->nr_ports == 2) {
275 /* BAR1: IO space */
276 STORE_LE32((u32 *) &mdev_state->vconfig[0x14], 0x000001);
277 mdev_state->bar_mask[1] = ~(MTTY_IO_BAR_SIZE) + 1;
278 }
279
280 /* Subsystem ID */
281 STORE_LE32((u32 *) &mdev_state->vconfig[0x2c], 0x32534348);
282
283 mdev_state->vconfig[0x34] = 0x00; /* Cap Ptr */
284 mdev_state->vconfig[0x3d] = 0x01; /* interrupt pin (INTA#) */
285
286 /* Vendor specific data */
287 mdev_state->vconfig[0x40] = 0x23;
288 mdev_state->vconfig[0x43] = 0x80;
289 mdev_state->vconfig[0x44] = 0x23;
290 mdev_state->vconfig[0x48] = 0x23;
291 mdev_state->vconfig[0x4c] = 0x23;
292
293 mdev_state->vconfig[0x60] = 0x50;
294 mdev_state->vconfig[0x61] = 0x43;
295 mdev_state->vconfig[0x62] = 0x49;
296 mdev_state->vconfig[0x63] = 0x20;
297 mdev_state->vconfig[0x64] = 0x53;
298 mdev_state->vconfig[0x65] = 0x65;
299 mdev_state->vconfig[0x66] = 0x72;
300 mdev_state->vconfig[0x67] = 0x69;
301 mdev_state->vconfig[0x68] = 0x61;
302 mdev_state->vconfig[0x69] = 0x6c;
303 mdev_state->vconfig[0x6a] = 0x2f;
304 mdev_state->vconfig[0x6b] = 0x55;
305 mdev_state->vconfig[0x6c] = 0x41;
306 mdev_state->vconfig[0x6d] = 0x52;
307 mdev_state->vconfig[0x6e] = 0x54;
308}
309
310static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
311 u8 *buf, u32 count)
312{
313 u32 cfg_addr, bar_mask, bar_index = 0;
314
315 switch (offset) {
316 case 0x04: /* device control */
317 case 0x06: /* device status */
318 /* do nothing */
319 break;
320 case 0x3c: /* interrupt line */
321 mdev_state->vconfig[0x3c] = buf[0];
322 break;
323 case 0x3d:
324 /*
325 * Interrupt Pin is hardwired to INTA.
326 * This field is write protected by hardware
327 */
328 break;
329 case 0x10: /* BAR0 */
330 case 0x14: /* BAR1 */
331 if (offset == 0x10)
332 bar_index = 0;
333 else if (offset == 0x14)
334 bar_index = 1;
335
336 if ((mdev_state->nr_ports == 1) && (bar_index == 1)) {
337 STORE_LE32(&mdev_state->vconfig[offset], 0);
338 break;
339 }
340
341 cfg_addr = *(u32 *)buf;
342 pr_info("BAR%d addr 0x%x\n", bar_index, cfg_addr);
343
344 if (cfg_addr == 0xffffffff) {
345 bar_mask = mdev_state->bar_mask[bar_index];
346 cfg_addr = (cfg_addr & bar_mask);
347 }
348
349 cfg_addr |= (mdev_state->vconfig[offset] & 0x3ul);
350 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
351 break;
352 case 0x18: /* BAR2 */
353 case 0x1c: /* BAR3 */
354 case 0x20: /* BAR4 */
355 STORE_LE32(&mdev_state->vconfig[offset], 0);
356 break;
357 default:
358 pr_info("PCI config write @0x%x of %d bytes not handled\n",
359 offset, count);
360 break;
361 }
362}
363
364static void handle_bar_write(unsigned int index, struct mdev_state *mdev_state,
365 u16 offset, u8 *buf, u32 count)
366{
367 u8 data = *buf;
368
369 /* Handle data written by guest */
370 switch (offset) {
371 case UART_TX:
372 /* if DLAB set, data is LSB of divisor */
373 if (mdev_state->s[index].dlab) {
374 mdev_state->s[index].divisor |= data;
375 break;
376 }
377
378 mutex_lock(&mdev_state->rxtx_lock);
379
380 /* save in TX buffer */
381 if (mdev_state->s[index].rxtx.count <
382 mdev_state->s[index].max_fifo_size) {
383 mdev_state->s[index].rxtx.fifo[
384 mdev_state->s[index].rxtx.head] = data;
385 mdev_state->s[index].rxtx.count++;
386 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.head);
387 mdev_state->s[index].overrun = false;
388
389 /*
390 * Trigger interrupt if receive data interrupt is
391 * enabled and fifo reached trigger level
392 */
393 if ((mdev_state->s[index].uart_reg[UART_IER] &
394 UART_IER_RDI) &&
395 (mdev_state->s[index].rxtx.count ==
396 mdev_state->s[index].intr_trigger_level)) {
397 /* trigger interrupt */
398#if defined(DEBUG_INTR)
399 pr_err("Serial port %d: Fifo level trigger\n",
400 index);
401#endif
402 mtty_trigger_interrupt(mdev_state);
403 }
404 } else {
405#if defined(DEBUG_INTR)
406 pr_err("Serial port %d: Buffer Overflow\n", index);
407#endif
408 mdev_state->s[index].overrun = true;
409
410 /*
411 * Trigger interrupt if receiver line status interrupt
412 * is enabled
413 */
414 if (mdev_state->s[index].uart_reg[UART_IER] &
415 UART_IER_RLSI)
416 mtty_trigger_interrupt(mdev_state);
417 }
418 mutex_unlock(&mdev_state->rxtx_lock);
419 break;
420
421 case UART_IER:
422 /* if DLAB set, data is MSB of divisor */
423 if (mdev_state->s[index].dlab)
424 mdev_state->s[index].divisor |= (u16)data << 8;
425 else {
426 mdev_state->s[index].uart_reg[offset] = data;
427 mutex_lock(&mdev_state->rxtx_lock);
428 if ((data & UART_IER_THRI) &&
429 (mdev_state->s[index].rxtx.head ==
430 mdev_state->s[index].rxtx.tail)) {
431#if defined(DEBUG_INTR)
432 pr_err("Serial port %d: IER_THRI write\n",
433 index);
434#endif
435 mtty_trigger_interrupt(mdev_state);
436 }
437
438 mutex_unlock(&mdev_state->rxtx_lock);
439 }
440
441 break;
442
443 case UART_FCR:
444 mdev_state->s[index].fcr = data;
445
446 mutex_lock(&mdev_state->rxtx_lock);
447 if (data & (UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT)) {
448 /* clear loop back FIFO */
449 mdev_state->s[index].rxtx.count = 0;
450 mdev_state->s[index].rxtx.head = 0;
451 mdev_state->s[index].rxtx.tail = 0;
452 }
453 mutex_unlock(&mdev_state->rxtx_lock);
454
455 switch (data & UART_FCR_TRIGGER_MASK) {
456 case UART_FCR_TRIGGER_1:
457 mdev_state->s[index].intr_trigger_level = 1;
458 break;
459
460 case UART_FCR_TRIGGER_4:
461 mdev_state->s[index].intr_trigger_level = 4;
462 break;
463
464 case UART_FCR_TRIGGER_8:
465 mdev_state->s[index].intr_trigger_level = 8;
466 break;
467
468 case UART_FCR_TRIGGER_14:
469 mdev_state->s[index].intr_trigger_level = 14;
470 break;
471 }
472
473 /*
474 * Set trigger level to 1 otherwise or implement timer with
475 * timeout of 4 characters and on expiring that timer set
476 * Recevice data timeout in IIR register
477 */
478 mdev_state->s[index].intr_trigger_level = 1;
479 if (data & UART_FCR_ENABLE_FIFO)
480 mdev_state->s[index].max_fifo_size = MAX_FIFO_SIZE;
481 else {
482 mdev_state->s[index].max_fifo_size = 1;
483 mdev_state->s[index].intr_trigger_level = 1;
484 }
485
486 break;
487
488 case UART_LCR:
489 if (data & UART_LCR_DLAB) {
490 mdev_state->s[index].dlab = true;
491 mdev_state->s[index].divisor = 0;
492 } else
493 mdev_state->s[index].dlab = false;
494
495 mdev_state->s[index].uart_reg[offset] = data;
496 break;
497
498 case UART_MCR:
499 mdev_state->s[index].uart_reg[offset] = data;
500
501 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
502 (data & UART_MCR_OUT2)) {
503#if defined(DEBUG_INTR)
504 pr_err("Serial port %d: MCR_OUT2 write\n", index);
505#endif
506 mtty_trigger_interrupt(mdev_state);
507 }
508
509 if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
510 (data & (UART_MCR_RTS | UART_MCR_DTR))) {
511#if defined(DEBUG_INTR)
512 pr_err("Serial port %d: MCR RTS/DTR write\n", index);
513#endif
514 mtty_trigger_interrupt(mdev_state);
515 }
516 break;
517
518 case UART_LSR:
519 case UART_MSR:
520 /* do nothing */
521 break;
522
523 case UART_SCR:
524 mdev_state->s[index].uart_reg[offset] = data;
525 break;
526
527 default:
528 break;
529 }
530}
531
532static void handle_bar_read(unsigned int index, struct mdev_state *mdev_state,
533 u16 offset, u8 *buf, u32 count)
534{
535 /* Handle read requests by guest */
536 switch (offset) {
537 case UART_RX:
538 /* if DLAB set, data is LSB of divisor */
539 if (mdev_state->s[index].dlab) {
540 *buf = (u8)mdev_state->s[index].divisor;
541 break;
542 }
543
544 mutex_lock(&mdev_state->rxtx_lock);
545 /* return data in tx buffer */
546 if (mdev_state->s[index].rxtx.head !=
547 mdev_state->s[index].rxtx.tail) {
548 *buf = mdev_state->s[index].rxtx.fifo[
549 mdev_state->s[index].rxtx.tail];
550 mdev_state->s[index].rxtx.count--;
551 CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.tail);
552 }
553
554 if (mdev_state->s[index].rxtx.head ==
555 mdev_state->s[index].rxtx.tail) {
556 /*
557 * Trigger interrupt if tx buffer empty interrupt is
558 * enabled and fifo is empty
559 */
560#if defined(DEBUG_INTR)
561 pr_err("Serial port %d: Buffer Empty\n", index);
562#endif
563 if (mdev_state->s[index].uart_reg[UART_IER] &
564 UART_IER_THRI)
565 mtty_trigger_interrupt(mdev_state);
566 }
567 mutex_unlock(&mdev_state->rxtx_lock);
568
569 break;
570
571 case UART_IER:
572 if (mdev_state->s[index].dlab) {
573 *buf = (u8)(mdev_state->s[index].divisor >> 8);
574 break;
575 }
576 *buf = mdev_state->s[index].uart_reg[offset] & 0x0f;
577 break;
578
579 case UART_IIR:
580 {
581 u8 ier = mdev_state->s[index].uart_reg[UART_IER];
582 *buf = 0;
583
584 mutex_lock(&mdev_state->rxtx_lock);
585 /* Interrupt priority 1: Parity, overrun, framing or break */
586 if ((ier & UART_IER_RLSI) && mdev_state->s[index].overrun)
587 *buf |= UART_IIR_RLSI;
588
589 /* Interrupt priority 2: Fifo trigger level reached */
590 if ((ier & UART_IER_RDI) &&
591 (mdev_state->s[index].rxtx.count >=
592 mdev_state->s[index].intr_trigger_level))
593 *buf |= UART_IIR_RDI;
594
595 /* Interrupt priotiry 3: transmitter holding register empty */
596 if ((ier & UART_IER_THRI) &&
597 (mdev_state->s[index].rxtx.head ==
598 mdev_state->s[index].rxtx.tail))
599 *buf |= UART_IIR_THRI;
600
601 /* Interrupt priotiry 4: Modem status: CTS, DSR, RI or DCD */
602 if ((ier & UART_IER_MSI) &&
603 (mdev_state->s[index].uart_reg[UART_MCR] &
604 (UART_MCR_RTS | UART_MCR_DTR)))
605 *buf |= UART_IIR_MSI;
606
607 /* bit0: 0=> interrupt pending, 1=> no interrupt is pending */
608 if (*buf == 0)
609 *buf = UART_IIR_NO_INT;
610
611 /* set bit 6 & 7 to be 16550 compatible */
612 *buf |= 0xC0;
613 mutex_unlock(&mdev_state->rxtx_lock);
614 }
615 break;
616
617 case UART_LCR:
618 case UART_MCR:
619 *buf = mdev_state->s[index].uart_reg[offset];
620 break;
621
622 case UART_LSR:
623 {
624 u8 lsr = 0;
625
626 mutex_lock(&mdev_state->rxtx_lock);
627 /* atleast one char in FIFO */
628 if (mdev_state->s[index].rxtx.head !=
629 mdev_state->s[index].rxtx.tail)
630 lsr |= UART_LSR_DR;
631
632 /* if FIFO overrun */
633 if (mdev_state->s[index].overrun)
634 lsr |= UART_LSR_OE;
635
636 /* transmit FIFO empty and tramsitter empty */
637 if (mdev_state->s[index].rxtx.head ==
638 mdev_state->s[index].rxtx.tail)
639 lsr |= UART_LSR_TEMT | UART_LSR_THRE;
640
641 mutex_unlock(&mdev_state->rxtx_lock);
642 *buf = lsr;
643 break;
644 }
645 case UART_MSR:
646 *buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD;
647
648 mutex_lock(&mdev_state->rxtx_lock);
649 /* if AFE is 1 and FIFO have space, set CTS bit */
650 if (mdev_state->s[index].uart_reg[UART_MCR] &
651 UART_MCR_AFE) {
652 if (mdev_state->s[index].rxtx.count <
653 mdev_state->s[index].max_fifo_size)
654 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
655 } else
656 *buf |= UART_MSR_CTS | UART_MSR_DCTS;
657 mutex_unlock(&mdev_state->rxtx_lock);
658
659 break;
660
661 case UART_SCR:
662 *buf = mdev_state->s[index].uart_reg[offset];
663 break;
664
665 default:
666 break;
667 }
668}
669
670static void mdev_read_base(struct mdev_state *mdev_state)
671{
672 int index, pos;
673 u32 start_lo, start_hi;
674 u32 mem_type;
675
676 pos = PCI_BASE_ADDRESS_0;
677
678 for (index = 0; index <= VFIO_PCI_BAR5_REGION_INDEX; index++) {
679
680 if (!mdev_state->region_info[index].size)
681 continue;
682
683 start_lo = (*(u32 *)(mdev_state->vconfig + pos)) &
684 PCI_BASE_ADDRESS_MEM_MASK;
685 mem_type = (*(u32 *)(mdev_state->vconfig + pos)) &
686 PCI_BASE_ADDRESS_MEM_TYPE_MASK;
687
688 switch (mem_type) {
689 case PCI_BASE_ADDRESS_MEM_TYPE_64:
690 start_hi = (*(u32 *)(mdev_state->vconfig + pos + 4));
691 pos += 4;
692 break;
693 case PCI_BASE_ADDRESS_MEM_TYPE_32:
694 case PCI_BASE_ADDRESS_MEM_TYPE_1M:
695 /* 1M mem BAR treated as 32-bit BAR */
696 default:
697 /* mem unknown type treated as 32-bit BAR */
698 start_hi = 0;
699 break;
700 }
701 pos += 4;
702 mdev_state->region_info[index].start = ((u64)start_hi << 32) |
703 start_lo;
704 }
705}
706
707static ssize_t mdev_access(struct mdev_state *mdev_state, u8 *buf, size_t count,
708 loff_t pos, bool is_write)
709{
710 unsigned int index;
711 loff_t offset;
712 int ret = 0;
713
714 if (!buf)
715 return -EINVAL;
716
717 mutex_lock(&mdev_state->ops_lock);
718
719 index = MTTY_VFIO_PCI_OFFSET_TO_INDEX(pos);
720 offset = pos & MTTY_VFIO_PCI_OFFSET_MASK;
721 switch (index) {
722 case VFIO_PCI_CONFIG_REGION_INDEX:
723
724#if defined(DEBUG)
725 pr_info("%s: PCI config space %s at offset 0x%llx\n",
726 __func__, is_write ? "write" : "read", offset);
727#endif
728 if (is_write) {
729 dump_buffer(buf, count);
730 handle_pci_cfg_write(mdev_state, offset, buf, count);
731 } else {
732 memcpy(buf, (mdev_state->vconfig + offset), count);
733 dump_buffer(buf, count);
734 }
735
736 break;
737
738 case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX:
739 if (!mdev_state->region_info[index].start)
740 mdev_read_base(mdev_state);
741
742 if (is_write) {
743 dump_buffer(buf, count);
744
745#if defined(DEBUG_REGS)
746 pr_info("%s: BAR%d WR @0x%llx %s val:0x%02x dlab:%d\n",
747 __func__, index, offset, wr_reg[offset],
748 *buf, mdev_state->s[index].dlab);
749#endif
750 handle_bar_write(index, mdev_state, offset, buf, count);
751 } else {
752 handle_bar_read(index, mdev_state, offset, buf, count);
753 dump_buffer(buf, count);
754
755#if defined(DEBUG_REGS)
756 pr_info("%s: BAR%d RD @0x%llx %s val:0x%02x dlab:%d\n",
757 __func__, index, offset, rd_reg[offset],
758 *buf, mdev_state->s[index].dlab);
759#endif
760 }
761 break;
762
763 default:
764 ret = -1;
765 goto accessfailed;
766 }
767
768 ret = count;
769
770
771accessfailed:
772 mutex_unlock(&mdev_state->ops_lock);
773
774 return ret;
775}
776
777static size_t mtty_data_size(struct mdev_state *mdev_state)
778{
779 return offsetof(struct mtty_data, ports) +
780 (mdev_state->nr_ports * sizeof(struct serial_port));
781}
782
783static void mtty_disable_file(struct mtty_migration_file *migf)
784{
785 mutex_lock(&migf->lock);
786 migf->disabled = true;
787 migf->filled_size = 0;
788 migf->filp->f_pos = 0;
789 mutex_unlock(&migf->lock);
790}
791
792static void mtty_disable_files(struct mdev_state *mdev_state)
793{
794 if (mdev_state->saving_migf) {
795 mtty_disable_file(mdev_state->saving_migf);
796 fput(mdev_state->saving_migf->filp);
797 mdev_state->saving_migf = NULL;
798 }
799
800 if (mdev_state->resuming_migf) {
801 mtty_disable_file(mdev_state->resuming_migf);
802 fput(mdev_state->resuming_migf->filp);
803 mdev_state->resuming_migf = NULL;
804 }
805}
806
807static void mtty_state_mutex_unlock(struct mdev_state *mdev_state)
808{
809again:
810 mutex_lock(&mdev_state->reset_mutex);
811 if (mdev_state->deferred_reset) {
812 mdev_state->deferred_reset = false;
813 mutex_unlock(&mdev_state->reset_mutex);
814 mdev_state->state = VFIO_DEVICE_STATE_RUNNING;
815 mtty_disable_files(mdev_state);
816 goto again;
817 }
818 mutex_unlock(&mdev_state->state_mutex);
819 mutex_unlock(&mdev_state->reset_mutex);
820}
821
822static int mtty_release_migf(struct inode *inode, struct file *filp)
823{
824 struct mtty_migration_file *migf = filp->private_data;
825
826 mtty_disable_file(migf);
827 mutex_destroy(&migf->lock);
828 kfree(migf);
829
830 return 0;
831}
832
833static long mtty_precopy_ioctl(struct file *filp, unsigned int cmd,
834 unsigned long arg)
835{
836 struct mtty_migration_file *migf = filp->private_data;
837 struct mdev_state *mdev_state = migf->mdev_state;
838 loff_t *pos = &filp->f_pos;
839 struct vfio_precopy_info info = {};
840 unsigned long minsz;
841 int ret;
842
843 if (cmd != VFIO_MIG_GET_PRECOPY_INFO)
844 return -ENOTTY;
845
846 minsz = offsetofend(struct vfio_precopy_info, dirty_bytes);
847
848 if (copy_from_user(&info, (void __user *)arg, minsz))
849 return -EFAULT;
850 if (info.argsz < minsz)
851 return -EINVAL;
852
853 mutex_lock(&mdev_state->state_mutex);
854 if (mdev_state->state != VFIO_DEVICE_STATE_PRE_COPY &&
855 mdev_state->state != VFIO_DEVICE_STATE_PRE_COPY_P2P) {
856 ret = -EINVAL;
857 goto unlock;
858 }
859
860 mutex_lock(&migf->lock);
861
862 if (migf->disabled) {
863 mutex_unlock(&migf->lock);
864 ret = -ENODEV;
865 goto unlock;
866 }
867
868 if (*pos > migf->filled_size) {
869 mutex_unlock(&migf->lock);
870 ret = -EINVAL;
871 goto unlock;
872 }
873
874 info.dirty_bytes = 0;
875 info.initial_bytes = migf->filled_size - *pos;
876 mutex_unlock(&migf->lock);
877
878 ret = copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
879unlock:
880 mtty_state_mutex_unlock(mdev_state);
881 return ret;
882}
883
884static ssize_t mtty_save_read(struct file *filp, char __user *buf,
885 size_t len, loff_t *pos)
886{
887 struct mtty_migration_file *migf = filp->private_data;
888 ssize_t ret = 0;
889
890 if (pos)
891 return -ESPIPE;
892
893 pos = &filp->f_pos;
894
895 mutex_lock(&migf->lock);
896
897 dev_dbg(migf->mdev_state->vdev.dev, "%s ask %zu\n", __func__, len);
898
899 if (migf->disabled) {
900 ret = -ENODEV;
901 goto out_unlock;
902 }
903
904 if (*pos > migf->filled_size) {
905 ret = -EINVAL;
906 goto out_unlock;
907 }
908
909 len = min_t(size_t, migf->filled_size - *pos, len);
910 if (len) {
911 if (copy_to_user(buf, (void *)&migf->data + *pos, len)) {
912 ret = -EFAULT;
913 goto out_unlock;
914 }
915 *pos += len;
916 ret = len;
917 }
918out_unlock:
919 dev_dbg(migf->mdev_state->vdev.dev, "%s read %zu\n", __func__, ret);
920 mutex_unlock(&migf->lock);
921 return ret;
922}
923
924static const struct file_operations mtty_save_fops = {
925 .owner = THIS_MODULE,
926 .read = mtty_save_read,
927 .unlocked_ioctl = mtty_precopy_ioctl,
928 .compat_ioctl = compat_ptr_ioctl,
929 .release = mtty_release_migf,
930};
931
932static void mtty_save_state(struct mdev_state *mdev_state)
933{
934 struct mtty_migration_file *migf = mdev_state->saving_migf;
935 int i;
936
937 mutex_lock(&migf->lock);
938 for (i = 0; i < mdev_state->nr_ports; i++) {
939 memcpy(&migf->data.ports[i],
940 &mdev_state->s[i], sizeof(struct serial_port));
941 migf->filled_size += sizeof(struct serial_port);
942 }
943 dev_dbg(mdev_state->vdev.dev,
944 "%s filled to %zu\n", __func__, migf->filled_size);
945 mutex_unlock(&migf->lock);
946}
947
948static int mtty_load_state(struct mdev_state *mdev_state)
949{
950 struct mtty_migration_file *migf = mdev_state->resuming_migf;
951 int i;
952
953 mutex_lock(&migf->lock);
954 /* magic and version already tested by resume write fn */
955 if (migf->filled_size < mtty_data_size(mdev_state)) {
956 dev_dbg(mdev_state->vdev.dev, "%s expected %zu, got %zu\n",
957 __func__, mtty_data_size(mdev_state),
958 migf->filled_size);
959 mutex_unlock(&migf->lock);
960 return -EINVAL;
961 }
962
963 for (i = 0; i < mdev_state->nr_ports; i++)
964 memcpy(&mdev_state->s[i],
965 &migf->data.ports[i], sizeof(struct serial_port));
966
967 mutex_unlock(&migf->lock);
968 return 0;
969}
970
971static struct mtty_migration_file *
972mtty_save_device_data(struct mdev_state *mdev_state,
973 enum vfio_device_mig_state state)
974{
975 struct mtty_migration_file *migf = mdev_state->saving_migf;
976 struct mtty_migration_file *ret = NULL;
977
978 if (migf) {
979 if (state == VFIO_DEVICE_STATE_STOP_COPY)
980 goto fill_data;
981 return ret;
982 }
983
984 migf = kzalloc(sizeof(*migf), GFP_KERNEL_ACCOUNT);
985 if (!migf)
986 return ERR_PTR(-ENOMEM);
987
988 migf->filp = anon_inode_getfile("mtty_mig", &mtty_save_fops,
989 migf, O_RDONLY);
990 if (IS_ERR(migf->filp)) {
991 int rc = PTR_ERR(migf->filp);
992
993 kfree(migf);
994 return ERR_PTR(rc);
995 }
996
997 stream_open(migf->filp->f_inode, migf->filp);
998 mutex_init(&migf->lock);
999 migf->mdev_state = mdev_state;
1000
1001 migf->data.magic = MTTY_MAGIC;
1002 migf->data.major_ver = MTTY_MAJOR_VER;
1003 migf->data.minor_ver = MTTY_MINOR_VER;
1004 migf->data.nr_ports = mdev_state->nr_ports;
1005
1006 migf->filled_size = offsetof(struct mtty_data, ports);
1007
1008 dev_dbg(mdev_state->vdev.dev, "%s filled header to %zu\n",
1009 __func__, migf->filled_size);
1010
1011 ret = mdev_state->saving_migf = migf;
1012
1013fill_data:
1014 if (state == VFIO_DEVICE_STATE_STOP_COPY)
1015 mtty_save_state(mdev_state);
1016
1017 return ret;
1018}
1019
1020static ssize_t mtty_resume_write(struct file *filp, const char __user *buf,
1021 size_t len, loff_t *pos)
1022{
1023 struct mtty_migration_file *migf = filp->private_data;
1024 struct mdev_state *mdev_state = migf->mdev_state;
1025 loff_t requested_length;
1026 ssize_t ret = 0;
1027
1028 if (pos)
1029 return -ESPIPE;
1030
1031 pos = &filp->f_pos;
1032
1033 if (*pos < 0 ||
1034 check_add_overflow((loff_t)len, *pos, &requested_length))
1035 return -EINVAL;
1036
1037 if (requested_length > mtty_data_size(mdev_state))
1038 return -ENOMEM;
1039
1040 mutex_lock(&migf->lock);
1041
1042 if (migf->disabled) {
1043 ret = -ENODEV;
1044 goto out_unlock;
1045 }
1046
1047 if (copy_from_user((void *)&migf->data + *pos, buf, len)) {
1048 ret = -EFAULT;
1049 goto out_unlock;
1050 }
1051
1052 *pos += len;
1053 ret = len;
1054
1055 dev_dbg(migf->mdev_state->vdev.dev, "%s received %zu, total %zu\n",
1056 __func__, len, migf->filled_size + len);
1057
1058 if (migf->filled_size < offsetof(struct mtty_data, ports) &&
1059 migf->filled_size + len >= offsetof(struct mtty_data, ports)) {
1060 if (migf->data.magic != MTTY_MAGIC || migf->data.flags ||
1061 migf->data.major_ver != MTTY_MAJOR_VER ||
1062 migf->data.minor_ver != MTTY_MINOR_VER ||
1063 migf->data.nr_ports != mdev_state->nr_ports) {
1064 dev_dbg(migf->mdev_state->vdev.dev,
1065 "%s failed validation\n", __func__);
1066 ret = -EFAULT;
1067 } else {
1068 dev_dbg(migf->mdev_state->vdev.dev,
1069 "%s header validated\n", __func__);
1070 }
1071 }
1072
1073 migf->filled_size += len;
1074
1075out_unlock:
1076 mutex_unlock(&migf->lock);
1077 return ret;
1078}
1079
1080static const struct file_operations mtty_resume_fops = {
1081 .owner = THIS_MODULE,
1082 .write = mtty_resume_write,
1083 .release = mtty_release_migf,
1084};
1085
1086static struct mtty_migration_file *
1087mtty_resume_device_data(struct mdev_state *mdev_state)
1088{
1089 struct mtty_migration_file *migf;
1090 int ret;
1091
1092 migf = kzalloc(sizeof(*migf), GFP_KERNEL_ACCOUNT);
1093 if (!migf)
1094 return ERR_PTR(-ENOMEM);
1095
1096 migf->filp = anon_inode_getfile("mtty_mig", &mtty_resume_fops,
1097 migf, O_WRONLY);
1098 if (IS_ERR(migf->filp)) {
1099 ret = PTR_ERR(migf->filp);
1100 kfree(migf);
1101 return ERR_PTR(ret);
1102 }
1103
1104 stream_open(migf->filp->f_inode, migf->filp);
1105 mutex_init(&migf->lock);
1106 migf->mdev_state = mdev_state;
1107
1108 mdev_state->resuming_migf = migf;
1109
1110 return migf;
1111}
1112
1113static struct file *mtty_step_state(struct mdev_state *mdev_state,
1114 enum vfio_device_mig_state new)
1115{
1116 enum vfio_device_mig_state cur = mdev_state->state;
1117
1118 dev_dbg(mdev_state->vdev.dev, "%s: %d -> %d\n", __func__, cur, new);
1119
1120 /*
1121 * The following state transitions are no-op considering
1122 * mtty does not do DMA nor require any explicit start/stop.
1123 *
1124 * RUNNING -> RUNNING_P2P
1125 * RUNNING_P2P -> RUNNING
1126 * RUNNING_P2P -> STOP
1127 * PRE_COPY -> PRE_COPY_P2P
1128 * PRE_COPY_P2P -> PRE_COPY
1129 * STOP -> RUNNING_P2P
1130 */
1131 if ((cur == VFIO_DEVICE_STATE_RUNNING &&
1132 new == VFIO_DEVICE_STATE_RUNNING_P2P) ||
1133 (cur == VFIO_DEVICE_STATE_RUNNING_P2P &&
1134 (new == VFIO_DEVICE_STATE_RUNNING ||
1135 new == VFIO_DEVICE_STATE_STOP)) ||
1136 (cur == VFIO_DEVICE_STATE_PRE_COPY &&
1137 new == VFIO_DEVICE_STATE_PRE_COPY_P2P) ||
1138 (cur == VFIO_DEVICE_STATE_PRE_COPY_P2P &&
1139 new == VFIO_DEVICE_STATE_PRE_COPY) ||
1140 (cur == VFIO_DEVICE_STATE_STOP &&
1141 new == VFIO_DEVICE_STATE_RUNNING_P2P))
1142 return NULL;
1143
1144 /*
1145 * The following state transitions simply close migration files,
1146 * with the exception of RESUMING -> STOP, which needs to load
1147 * the state first.
1148 *
1149 * RESUMING -> STOP
1150 * PRE_COPY -> RUNNING
1151 * PRE_COPY_P2P -> RUNNING_P2P
1152 * STOP_COPY -> STOP
1153 */
1154 if (cur == VFIO_DEVICE_STATE_RESUMING &&
1155 new == VFIO_DEVICE_STATE_STOP) {
1156 int ret;
1157
1158 ret = mtty_load_state(mdev_state);
1159 if (ret)
1160 return ERR_PTR(ret);
1161 mtty_disable_files(mdev_state);
1162 return NULL;
1163 }
1164
1165 if ((cur == VFIO_DEVICE_STATE_PRE_COPY &&
1166 new == VFIO_DEVICE_STATE_RUNNING) ||
1167 (cur == VFIO_DEVICE_STATE_PRE_COPY_P2P &&
1168 new == VFIO_DEVICE_STATE_RUNNING_P2P) ||
1169 (cur == VFIO_DEVICE_STATE_STOP_COPY &&
1170 new == VFIO_DEVICE_STATE_STOP)) {
1171 mtty_disable_files(mdev_state);
1172 return NULL;
1173 }
1174
1175 /*
1176 * The following state transitions return migration files.
1177 *
1178 * RUNNING -> PRE_COPY
1179 * RUNNING_P2P -> PRE_COPY_P2P
1180 * STOP -> STOP_COPY
1181 * STOP -> RESUMING
1182 * PRE_COPY_P2P -> STOP_COPY
1183 */
1184 if ((cur == VFIO_DEVICE_STATE_RUNNING &&
1185 new == VFIO_DEVICE_STATE_PRE_COPY) ||
1186 (cur == VFIO_DEVICE_STATE_RUNNING_P2P &&
1187 new == VFIO_DEVICE_STATE_PRE_COPY_P2P) ||
1188 (cur == VFIO_DEVICE_STATE_STOP &&
1189 new == VFIO_DEVICE_STATE_STOP_COPY) ||
1190 (cur == VFIO_DEVICE_STATE_PRE_COPY_P2P &&
1191 new == VFIO_DEVICE_STATE_STOP_COPY)) {
1192 struct mtty_migration_file *migf;
1193
1194 migf = mtty_save_device_data(mdev_state, new);
1195 if (IS_ERR(migf))
1196 return ERR_CAST(migf);
1197
1198 if (migf) {
1199 get_file(migf->filp);
1200
1201 return migf->filp;
1202 }
1203 return NULL;
1204 }
1205
1206 if (cur == VFIO_DEVICE_STATE_STOP &&
1207 new == VFIO_DEVICE_STATE_RESUMING) {
1208 struct mtty_migration_file *migf;
1209
1210 migf = mtty_resume_device_data(mdev_state);
1211 if (IS_ERR(migf))
1212 return ERR_CAST(migf);
1213
1214 get_file(migf->filp);
1215
1216 return migf->filp;
1217 }
1218
1219 /* vfio_mig_get_next_state() does not use arcs other than the above */
1220 WARN_ON(true);
1221 return ERR_PTR(-EINVAL);
1222}
1223
1224static struct file *mtty_set_state(struct vfio_device *vdev,
1225 enum vfio_device_mig_state new_state)
1226{
1227 struct mdev_state *mdev_state =
1228 container_of(vdev, struct mdev_state, vdev);
1229 struct file *ret = NULL;
1230
1231 dev_dbg(vdev->dev, "%s -> %d\n", __func__, new_state);
1232
1233 mutex_lock(&mdev_state->state_mutex);
1234 while (mdev_state->state != new_state) {
1235 enum vfio_device_mig_state next_state;
1236 int rc = vfio_mig_get_next_state(vdev, mdev_state->state,
1237 new_state, &next_state);
1238 if (rc) {
1239 ret = ERR_PTR(rc);
1240 break;
1241 }
1242
1243 ret = mtty_step_state(mdev_state, next_state);
1244 if (IS_ERR(ret))
1245 break;
1246
1247 mdev_state->state = next_state;
1248
1249 if (WARN_ON(ret && new_state != next_state)) {
1250 fput(ret);
1251 ret = ERR_PTR(-EINVAL);
1252 break;
1253 }
1254 }
1255 mtty_state_mutex_unlock(mdev_state);
1256 return ret;
1257}
1258
1259static int mtty_get_state(struct vfio_device *vdev,
1260 enum vfio_device_mig_state *current_state)
1261{
1262 struct mdev_state *mdev_state =
1263 container_of(vdev, struct mdev_state, vdev);
1264
1265 mutex_lock(&mdev_state->state_mutex);
1266 *current_state = mdev_state->state;
1267 mtty_state_mutex_unlock(mdev_state);
1268 return 0;
1269}
1270
1271static int mtty_get_data_size(struct vfio_device *vdev,
1272 unsigned long *stop_copy_length)
1273{
1274 struct mdev_state *mdev_state =
1275 container_of(vdev, struct mdev_state, vdev);
1276
1277 *stop_copy_length = mtty_data_size(mdev_state);
1278 return 0;
1279}
1280
1281static const struct vfio_migration_ops mtty_migration_ops = {
1282 .migration_set_state = mtty_set_state,
1283 .migration_get_state = mtty_get_state,
1284 .migration_get_data_size = mtty_get_data_size,
1285};
1286
1287static int mtty_log_start(struct vfio_device *vdev,
1288 struct rb_root_cached *ranges,
1289 u32 nnodes, u64 *page_size)
1290{
1291 return 0;
1292}
1293
1294static int mtty_log_stop(struct vfio_device *vdev)
1295{
1296 return 0;
1297}
1298
1299static int mtty_log_read_and_clear(struct vfio_device *vdev,
1300 unsigned long iova, unsigned long length,
1301 struct iova_bitmap *dirty)
1302{
1303 return 0;
1304}
1305
1306static const struct vfio_log_ops mtty_log_ops = {
1307 .log_start = mtty_log_start,
1308 .log_stop = mtty_log_stop,
1309 .log_read_and_clear = mtty_log_read_and_clear,
1310};
1311
1312static int mtty_init_dev(struct vfio_device *vdev)
1313{
1314 struct mdev_state *mdev_state =
1315 container_of(vdev, struct mdev_state, vdev);
1316 struct mdev_device *mdev = to_mdev_device(vdev->dev);
1317 struct mtty_type *type =
1318 container_of(mdev->type, struct mtty_type, type);
1319 int avail_ports = atomic_read(&mdev_avail_ports);
1320 int ret;
1321
1322 do {
1323 if (avail_ports < type->nr_ports)
1324 return -ENOSPC;
1325 } while (!atomic_try_cmpxchg(&mdev_avail_ports,
1326 &avail_ports,
1327 avail_ports - type->nr_ports));
1328
1329 mdev_state->nr_ports = type->nr_ports;
1330 mdev_state->irq_index = -1;
1331 mdev_state->s[0].max_fifo_size = MAX_FIFO_SIZE;
1332 mdev_state->s[1].max_fifo_size = MAX_FIFO_SIZE;
1333 mutex_init(&mdev_state->rxtx_lock);
1334
1335 mdev_state->vconfig = kzalloc(MTTY_CONFIG_SPACE_SIZE, GFP_KERNEL);
1336 if (!mdev_state->vconfig) {
1337 ret = -ENOMEM;
1338 goto err_nr_ports;
1339 }
1340
1341 mutex_init(&mdev_state->ops_lock);
1342 mdev_state->mdev = mdev;
1343 mtty_create_config_space(mdev_state);
1344
1345 mutex_init(&mdev_state->state_mutex);
1346 mutex_init(&mdev_state->reset_mutex);
1347 vdev->migration_flags = VFIO_MIGRATION_STOP_COPY |
1348 VFIO_MIGRATION_P2P |
1349 VFIO_MIGRATION_PRE_COPY;
1350 vdev->mig_ops = &mtty_migration_ops;
1351 vdev->log_ops = &mtty_log_ops;
1352 mdev_state->state = VFIO_DEVICE_STATE_RUNNING;
1353
1354 return 0;
1355
1356err_nr_ports:
1357 atomic_add(type->nr_ports, &mdev_avail_ports);
1358 return ret;
1359}
1360
1361static int mtty_probe(struct mdev_device *mdev)
1362{
1363 struct mdev_state *mdev_state;
1364 int ret;
1365
1366 mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
1367 &mtty_dev_ops);
1368 if (IS_ERR(mdev_state))
1369 return PTR_ERR(mdev_state);
1370
1371 ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev);
1372 if (ret)
1373 goto err_put_vdev;
1374 dev_set_drvdata(&mdev->dev, mdev_state);
1375 return 0;
1376
1377err_put_vdev:
1378 vfio_put_device(&mdev_state->vdev);
1379 return ret;
1380}
1381
1382static void mtty_release_dev(struct vfio_device *vdev)
1383{
1384 struct mdev_state *mdev_state =
1385 container_of(vdev, struct mdev_state, vdev);
1386
1387 mutex_destroy(&mdev_state->reset_mutex);
1388 mutex_destroy(&mdev_state->state_mutex);
1389 atomic_add(mdev_state->nr_ports, &mdev_avail_ports);
1390 kfree(mdev_state->vconfig);
1391}
1392
1393static void mtty_remove(struct mdev_device *mdev)
1394{
1395 struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev);
1396
1397 vfio_unregister_group_dev(&mdev_state->vdev);
1398 vfio_put_device(&mdev_state->vdev);
1399}
1400
1401static int mtty_reset(struct mdev_state *mdev_state)
1402{
1403 pr_info("%s: called\n", __func__);
1404
1405 mutex_lock(&mdev_state->reset_mutex);
1406 mdev_state->deferred_reset = true;
1407 if (!mutex_trylock(&mdev_state->state_mutex)) {
1408 mutex_unlock(&mdev_state->reset_mutex);
1409 return 0;
1410 }
1411 mutex_unlock(&mdev_state->reset_mutex);
1412 mtty_state_mutex_unlock(mdev_state);
1413
1414 return 0;
1415}
1416
1417static ssize_t mtty_read(struct vfio_device *vdev, char __user *buf,
1418 size_t count, loff_t *ppos)
1419{
1420 struct mdev_state *mdev_state =
1421 container_of(vdev, struct mdev_state, vdev);
1422 unsigned int done = 0;
1423 int ret;
1424
1425 while (count) {
1426 size_t filled;
1427
1428 if (count >= 4 && !(*ppos % 4)) {
1429 u32 val;
1430
1431 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1432 *ppos, false);
1433 if (ret <= 0)
1434 goto read_err;
1435
1436 if (copy_to_user(buf, &val, sizeof(val)))
1437 goto read_err;
1438
1439 filled = 4;
1440 } else if (count >= 2 && !(*ppos % 2)) {
1441 u16 val;
1442
1443 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1444 *ppos, false);
1445 if (ret <= 0)
1446 goto read_err;
1447
1448 if (copy_to_user(buf, &val, sizeof(val)))
1449 goto read_err;
1450
1451 filled = 2;
1452 } else {
1453 u8 val;
1454
1455 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1456 *ppos, false);
1457 if (ret <= 0)
1458 goto read_err;
1459
1460 if (copy_to_user(buf, &val, sizeof(val)))
1461 goto read_err;
1462
1463 filled = 1;
1464 }
1465
1466 count -= filled;
1467 done += filled;
1468 *ppos += filled;
1469 buf += filled;
1470 }
1471
1472 return done;
1473
1474read_err:
1475 return -EFAULT;
1476}
1477
1478static ssize_t mtty_write(struct vfio_device *vdev, const char __user *buf,
1479 size_t count, loff_t *ppos)
1480{
1481 struct mdev_state *mdev_state =
1482 container_of(vdev, struct mdev_state, vdev);
1483 unsigned int done = 0;
1484 int ret;
1485
1486 while (count) {
1487 size_t filled;
1488
1489 if (count >= 4 && !(*ppos % 4)) {
1490 u32 val;
1491
1492 if (copy_from_user(&val, buf, sizeof(val)))
1493 goto write_err;
1494
1495 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1496 *ppos, true);
1497 if (ret <= 0)
1498 goto write_err;
1499
1500 filled = 4;
1501 } else if (count >= 2 && !(*ppos % 2)) {
1502 u16 val;
1503
1504 if (copy_from_user(&val, buf, sizeof(val)))
1505 goto write_err;
1506
1507 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1508 *ppos, true);
1509 if (ret <= 0)
1510 goto write_err;
1511
1512 filled = 2;
1513 } else {
1514 u8 val;
1515
1516 if (copy_from_user(&val, buf, sizeof(val)))
1517 goto write_err;
1518
1519 ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1520 *ppos, true);
1521 if (ret <= 0)
1522 goto write_err;
1523
1524 filled = 1;
1525 }
1526 count -= filled;
1527 done += filled;
1528 *ppos += filled;
1529 buf += filled;
1530 }
1531
1532 return done;
1533write_err:
1534 return -EFAULT;
1535}
1536
1537static void mtty_disable_intx(struct mdev_state *mdev_state)
1538{
1539 if (mdev_state->intx_evtfd) {
1540 eventfd_ctx_put(mdev_state->intx_evtfd);
1541 mdev_state->intx_evtfd = NULL;
1542 mdev_state->intx_mask = false;
1543 mdev_state->irq_index = -1;
1544 }
1545}
1546
1547static void mtty_disable_msi(struct mdev_state *mdev_state)
1548{
1549 if (mdev_state->msi_evtfd) {
1550 eventfd_ctx_put(mdev_state->msi_evtfd);
1551 mdev_state->msi_evtfd = NULL;
1552 mdev_state->irq_index = -1;
1553 }
1554}
1555
1556static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
1557 unsigned int index, unsigned int start,
1558 unsigned int count, void *data)
1559{
1560 int ret = 0;
1561
1562 mutex_lock(&mdev_state->ops_lock);
1563 switch (index) {
1564 case VFIO_PCI_INTX_IRQ_INDEX:
1565 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
1566 case VFIO_IRQ_SET_ACTION_MASK:
1567 if (!is_intx(mdev_state) || start != 0 || count != 1) {
1568 ret = -EINVAL;
1569 break;
1570 }
1571
1572 if (flags & VFIO_IRQ_SET_DATA_NONE) {
1573 mdev_state->intx_mask = true;
1574 } else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1575 uint8_t mask = *(uint8_t *)data;
1576
1577 if (mask)
1578 mdev_state->intx_mask = true;
1579 } else if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
1580 ret = -ENOTTY; /* No support for mask fd */
1581 }
1582 break;
1583 case VFIO_IRQ_SET_ACTION_UNMASK:
1584 if (!is_intx(mdev_state) || start != 0 || count != 1) {
1585 ret = -EINVAL;
1586 break;
1587 }
1588
1589 if (flags & VFIO_IRQ_SET_DATA_NONE) {
1590 mdev_state->intx_mask = false;
1591 } else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1592 uint8_t mask = *(uint8_t *)data;
1593
1594 if (mask)
1595 mdev_state->intx_mask = false;
1596 } else if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
1597 ret = -ENOTTY; /* No support for unmask fd */
1598 }
1599 break;
1600 case VFIO_IRQ_SET_ACTION_TRIGGER:
1601 if (is_intx(mdev_state) && !count &&
1602 (flags & VFIO_IRQ_SET_DATA_NONE)) {
1603 mtty_disable_intx(mdev_state);
1604 break;
1605 }
1606
1607 if (!(is_intx(mdev_state) || is_noirq(mdev_state)) ||
1608 start != 0 || count != 1) {
1609 ret = -EINVAL;
1610 break;
1611 }
1612
1613 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
1614 int fd = *(int *)data;
1615 struct eventfd_ctx *evt;
1616
1617 mtty_disable_intx(mdev_state);
1618
1619 if (fd < 0)
1620 break;
1621
1622 evt = eventfd_ctx_fdget(fd);
1623 if (IS_ERR(evt)) {
1624 ret = PTR_ERR(evt);
1625 break;
1626 }
1627 mdev_state->intx_evtfd = evt;
1628 mdev_state->irq_index = index;
1629 break;
1630 }
1631
1632 if (!is_intx(mdev_state)) {
1633 ret = -EINVAL;
1634 break;
1635 }
1636
1637 if (flags & VFIO_IRQ_SET_DATA_NONE) {
1638 mtty_trigger_interrupt(mdev_state);
1639 } else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1640 uint8_t trigger = *(uint8_t *)data;
1641
1642 if (trigger)
1643 mtty_trigger_interrupt(mdev_state);
1644 }
1645 break;
1646 }
1647 break;
1648 case VFIO_PCI_MSI_IRQ_INDEX:
1649 switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
1650 case VFIO_IRQ_SET_ACTION_MASK:
1651 case VFIO_IRQ_SET_ACTION_UNMASK:
1652 ret = -ENOTTY;
1653 break;
1654 case VFIO_IRQ_SET_ACTION_TRIGGER:
1655 if (is_msi(mdev_state) && !count &&
1656 (flags & VFIO_IRQ_SET_DATA_NONE)) {
1657 mtty_disable_msi(mdev_state);
1658 break;
1659 }
1660
1661 if (!(is_msi(mdev_state) || is_noirq(mdev_state)) ||
1662 start != 0 || count != 1) {
1663 ret = -EINVAL;
1664 break;
1665 }
1666
1667 if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
1668 int fd = *(int *)data;
1669 struct eventfd_ctx *evt;
1670
1671 mtty_disable_msi(mdev_state);
1672
1673 if (fd < 0)
1674 break;
1675
1676 evt = eventfd_ctx_fdget(fd);
1677 if (IS_ERR(evt)) {
1678 ret = PTR_ERR(evt);
1679 break;
1680 }
1681 mdev_state->msi_evtfd = evt;
1682 mdev_state->irq_index = index;
1683 break;
1684 }
1685
1686 if (!is_msi(mdev_state)) {
1687 ret = -EINVAL;
1688 break;
1689 }
1690
1691 if (flags & VFIO_IRQ_SET_DATA_NONE) {
1692 mtty_trigger_interrupt(mdev_state);
1693 } else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1694 uint8_t trigger = *(uint8_t *)data;
1695
1696 if (trigger)
1697 mtty_trigger_interrupt(mdev_state);
1698 }
1699 break;
1700 }
1701 break;
1702 case VFIO_PCI_MSIX_IRQ_INDEX:
1703 dev_dbg(mdev_state->vdev.dev, "%s: MSIX_IRQ\n", __func__);
1704 ret = -ENOTTY;
1705 break;
1706 case VFIO_PCI_ERR_IRQ_INDEX:
1707 dev_dbg(mdev_state->vdev.dev, "%s: ERR_IRQ\n", __func__);
1708 ret = -ENOTTY;
1709 break;
1710 case VFIO_PCI_REQ_IRQ_INDEX:
1711 dev_dbg(mdev_state->vdev.dev, "%s: REQ_IRQ\n", __func__);
1712 ret = -ENOTTY;
1713 break;
1714 }
1715
1716 mutex_unlock(&mdev_state->ops_lock);
1717 return ret;
1718}
1719
1720static int mtty_get_region_info(struct mdev_state *mdev_state,
1721 struct vfio_region_info *region_info,
1722 u16 *cap_type_id, void **cap_type)
1723{
1724 unsigned int size = 0;
1725 u32 bar_index;
1726
1727 bar_index = region_info->index;
1728 if (bar_index >= VFIO_PCI_NUM_REGIONS)
1729 return -EINVAL;
1730
1731 mutex_lock(&mdev_state->ops_lock);
1732
1733 switch (bar_index) {
1734 case VFIO_PCI_CONFIG_REGION_INDEX:
1735 size = MTTY_CONFIG_SPACE_SIZE;
1736 break;
1737 case VFIO_PCI_BAR0_REGION_INDEX:
1738 size = MTTY_IO_BAR_SIZE;
1739 break;
1740 case VFIO_PCI_BAR1_REGION_INDEX:
1741 if (mdev_state->nr_ports == 2)
1742 size = MTTY_IO_BAR_SIZE;
1743 break;
1744 default:
1745 size = 0;
1746 break;
1747 }
1748
1749 mdev_state->region_info[bar_index].size = size;
1750 mdev_state->region_info[bar_index].vfio_offset =
1751 MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1752
1753 region_info->size = size;
1754 region_info->offset = MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1755 region_info->flags = VFIO_REGION_INFO_FLAG_READ |
1756 VFIO_REGION_INFO_FLAG_WRITE;
1757 mutex_unlock(&mdev_state->ops_lock);
1758 return 0;
1759}
1760
1761static int mtty_get_irq_info(struct vfio_irq_info *irq_info)
1762{
1763 if (irq_info->index != VFIO_PCI_INTX_IRQ_INDEX &&
1764 irq_info->index != VFIO_PCI_MSI_IRQ_INDEX)
1765 return -EINVAL;
1766
1767 irq_info->flags = VFIO_IRQ_INFO_EVENTFD;
1768 irq_info->count = 1;
1769
1770 if (irq_info->index == VFIO_PCI_INTX_IRQ_INDEX)
1771 irq_info->flags |= VFIO_IRQ_INFO_MASKABLE |
1772 VFIO_IRQ_INFO_AUTOMASKED;
1773 else
1774 irq_info->flags |= VFIO_IRQ_INFO_NORESIZE;
1775
1776 return 0;
1777}
1778
1779static int mtty_get_device_info(struct vfio_device_info *dev_info)
1780{
1781 dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1782 dev_info->num_regions = VFIO_PCI_NUM_REGIONS;
1783 dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1784
1785 return 0;
1786}
1787
1788static long mtty_ioctl(struct vfio_device *vdev, unsigned int cmd,
1789 unsigned long arg)
1790{
1791 struct mdev_state *mdev_state =
1792 container_of(vdev, struct mdev_state, vdev);
1793 int ret = 0;
1794 unsigned long minsz;
1795
1796 switch (cmd) {
1797 case VFIO_DEVICE_GET_INFO:
1798 {
1799 struct vfio_device_info info;
1800
1801 minsz = offsetofend(struct vfio_device_info, num_irqs);
1802
1803 if (copy_from_user(&info, (void __user *)arg, minsz))
1804 return -EFAULT;
1805
1806 if (info.argsz < minsz)
1807 return -EINVAL;
1808
1809 ret = mtty_get_device_info(&info);
1810 if (ret)
1811 return ret;
1812
1813 memcpy(&mdev_state->dev_info, &info, sizeof(info));
1814
1815 if (copy_to_user((void __user *)arg, &info, minsz))
1816 return -EFAULT;
1817
1818 return 0;
1819 }
1820 case VFIO_DEVICE_GET_REGION_INFO:
1821 {
1822 struct vfio_region_info info;
1823 u16 cap_type_id = 0;
1824 void *cap_type = NULL;
1825
1826 minsz = offsetofend(struct vfio_region_info, offset);
1827
1828 if (copy_from_user(&info, (void __user *)arg, minsz))
1829 return -EFAULT;
1830
1831 if (info.argsz < minsz)
1832 return -EINVAL;
1833
1834 ret = mtty_get_region_info(mdev_state, &info, &cap_type_id,
1835 &cap_type);
1836 if (ret)
1837 return ret;
1838
1839 if (copy_to_user((void __user *)arg, &info, minsz))
1840 return -EFAULT;
1841
1842 return 0;
1843 }
1844
1845 case VFIO_DEVICE_GET_IRQ_INFO:
1846 {
1847 struct vfio_irq_info info;
1848
1849 minsz = offsetofend(struct vfio_irq_info, count);
1850
1851 if (copy_from_user(&info, (void __user *)arg, minsz))
1852 return -EFAULT;
1853
1854 if ((info.argsz < minsz) ||
1855 (info.index >= mdev_state->dev_info.num_irqs))
1856 return -EINVAL;
1857
1858 ret = mtty_get_irq_info(&info);
1859 if (ret)
1860 return ret;
1861
1862 if (copy_to_user((void __user *)arg, &info, minsz))
1863 return -EFAULT;
1864
1865 return 0;
1866 }
1867 case VFIO_DEVICE_SET_IRQS:
1868 {
1869 struct vfio_irq_set hdr;
1870 u8 *data = NULL, *ptr = NULL;
1871 size_t data_size = 0;
1872
1873 minsz = offsetofend(struct vfio_irq_set, count);
1874
1875 if (copy_from_user(&hdr, (void __user *)arg, minsz))
1876 return -EFAULT;
1877
1878 ret = vfio_set_irqs_validate_and_prepare(&hdr,
1879 mdev_state->dev_info.num_irqs,
1880 VFIO_PCI_NUM_IRQS,
1881 &data_size);
1882 if (ret)
1883 return ret;
1884
1885 if (data_size) {
1886 ptr = data = memdup_user((void __user *)(arg + minsz),
1887 data_size);
1888 if (IS_ERR(data))
1889 return PTR_ERR(data);
1890 }
1891
1892 ret = mtty_set_irqs(mdev_state, hdr.flags, hdr.index, hdr.start,
1893 hdr.count, data);
1894
1895 kfree(ptr);
1896 return ret;
1897 }
1898 case VFIO_DEVICE_RESET:
1899 return mtty_reset(mdev_state);
1900 }
1901 return -ENOTTY;
1902}
1903
1904static ssize_t
1905sample_mdev_dev_show(struct device *dev, struct device_attribute *attr,
1906 char *buf)
1907{
1908 return sprintf(buf, "This is MDEV %s\n", dev_name(dev));
1909}
1910
1911static DEVICE_ATTR_RO(sample_mdev_dev);
1912
1913static struct attribute *mdev_dev_attrs[] = {
1914 &dev_attr_sample_mdev_dev.attr,
1915 NULL,
1916};
1917
1918static const struct attribute_group mdev_dev_group = {
1919 .name = "vendor",
1920 .attrs = mdev_dev_attrs,
1921};
1922
1923static const struct attribute_group *mdev_dev_groups[] = {
1924 &mdev_dev_group,
1925 NULL,
1926};
1927
1928static unsigned int mtty_get_available(struct mdev_type *mtype)
1929{
1930 struct mtty_type *type = container_of(mtype, struct mtty_type, type);
1931
1932 return atomic_read(&mdev_avail_ports) / type->nr_ports;
1933}
1934
1935static void mtty_close(struct vfio_device *vdev)
1936{
1937 struct mdev_state *mdev_state =
1938 container_of(vdev, struct mdev_state, vdev);
1939
1940 mtty_disable_files(mdev_state);
1941 mtty_disable_intx(mdev_state);
1942 mtty_disable_msi(mdev_state);
1943}
1944
1945static const struct vfio_device_ops mtty_dev_ops = {
1946 .name = "vfio-mtty",
1947 .init = mtty_init_dev,
1948 .release = mtty_release_dev,
1949 .read = mtty_read,
1950 .write = mtty_write,
1951 .ioctl = mtty_ioctl,
1952 .bind_iommufd = vfio_iommufd_emulated_bind,
1953 .unbind_iommufd = vfio_iommufd_emulated_unbind,
1954 .attach_ioas = vfio_iommufd_emulated_attach_ioas,
1955 .detach_ioas = vfio_iommufd_emulated_detach_ioas,
1956 .close_device = mtty_close,
1957};
1958
1959static struct mdev_driver mtty_driver = {
1960 .device_api = VFIO_DEVICE_API_PCI_STRING,
1961 .driver = {
1962 .name = "mtty",
1963 .owner = THIS_MODULE,
1964 .mod_name = KBUILD_MODNAME,
1965 .dev_groups = mdev_dev_groups,
1966 },
1967 .probe = mtty_probe,
1968 .remove = mtty_remove,
1969 .get_available = mtty_get_available,
1970};
1971
1972static void mtty_device_release(struct device *dev)
1973{
1974 dev_dbg(dev, "mtty: released\n");
1975}
1976
1977static int __init mtty_dev_init(void)
1978{
1979 int ret = 0;
1980
1981 pr_info("mtty_dev: %s\n", __func__);
1982
1983 memset(&mtty_dev, 0, sizeof(mtty_dev));
1984
1985 idr_init(&mtty_dev.vd_idr);
1986
1987 ret = alloc_chrdev_region(&mtty_dev.vd_devt, 0, MINORMASK + 1,
1988 MTTY_NAME);
1989
1990 if (ret < 0) {
1991 pr_err("Error: failed to register mtty_dev, err:%d\n", ret);
1992 return ret;
1993 }
1994
1995 cdev_init(&mtty_dev.vd_cdev, &vd_fops);
1996 cdev_add(&mtty_dev.vd_cdev, mtty_dev.vd_devt, MINORMASK + 1);
1997
1998 pr_info("major_number:%d\n", MAJOR(mtty_dev.vd_devt));
1999
2000 ret = mdev_register_driver(&mtty_driver);
2001 if (ret)
2002 goto err_cdev;
2003
2004 mtty_dev.vd_class = class_create(MTTY_CLASS_NAME);
2005
2006 if (IS_ERR(mtty_dev.vd_class)) {
2007 pr_err("Error: failed to register mtty_dev class\n");
2008 ret = PTR_ERR(mtty_dev.vd_class);
2009 goto err_driver;
2010 }
2011
2012 mtty_dev.dev.class = mtty_dev.vd_class;
2013 mtty_dev.dev.release = mtty_device_release;
2014 dev_set_name(&mtty_dev.dev, "%s", MTTY_NAME);
2015
2016 ret = device_register(&mtty_dev.dev);
2017 if (ret)
2018 goto err_put;
2019
2020 ret = mdev_register_parent(&mtty_dev.parent, &mtty_dev.dev,
2021 &mtty_driver, mtty_mdev_types,
2022 ARRAY_SIZE(mtty_mdev_types));
2023 if (ret)
2024 goto err_device;
2025 return 0;
2026
2027err_device:
2028 device_del(&mtty_dev.dev);
2029err_put:
2030 put_device(&mtty_dev.dev);
2031 class_destroy(mtty_dev.vd_class);
2032err_driver:
2033 mdev_unregister_driver(&mtty_driver);
2034err_cdev:
2035 cdev_del(&mtty_dev.vd_cdev);
2036 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
2037 return ret;
2038}
2039
2040static void __exit mtty_dev_exit(void)
2041{
2042 mtty_dev.dev.bus = NULL;
2043 mdev_unregister_parent(&mtty_dev.parent);
2044
2045 device_unregister(&mtty_dev.dev);
2046 idr_destroy(&mtty_dev.vd_idr);
2047 mdev_unregister_driver(&mtty_driver);
2048 cdev_del(&mtty_dev.vd_cdev);
2049 unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
2050 class_destroy(mtty_dev.vd_class);
2051 mtty_dev.vd_class = NULL;
2052 pr_info("mtty_dev: Unloaded!\n");
2053}
2054
2055module_init(mtty_dev_init)
2056module_exit(mtty_dev_exit)
2057
2058MODULE_LICENSE("GPL v2");
2059MODULE_DESCRIPTION("Test driver that simulate serial port over PCI");
2060MODULE_VERSION(VERSION_STRING);
2061MODULE_AUTHOR(DRIVER_AUTHOR);