xref: /linux/drivers/cxl/core/mbox.c (revision cbbca60a1efc1e8920be13d6bdaf3345ff49132f)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright(c) 2020 Intel Corporation. All rights reserved. */
3 #include <linux/security.h>
4 #include <linux/debugfs.h>
5 #include <linux/ktime.h>
6 #include <linux/mutex.h>
7 #include <linux/unaligned.h>
8 #include <cxlpci.h>
9 #include <cxlmem.h>
10 #include <cxl.h>
11 
12 #include "core.h"
13 #include "trace.h"
14 
15 static bool cxl_raw_allow_all;
16 
17 /**
18  * DOC: cxl mbox
19  *
20  * Core implementation of the CXL 2.0 Type-3 Memory Device Mailbox. The
21  * implementation is used by the cxl_pci driver to initialize the device
22  * and implement the cxl_mem.h IOCTL UAPI. It also implements the
23  * backend of the cxl_pmem_ctl() transport for LIBNVDIMM.
24  */
25 
26 #define cxl_for_each_cmd(cmd)                                                  \
27 	for ((cmd) = &cxl_mem_commands[0];                                     \
28 	     ((cmd) - cxl_mem_commands) < ARRAY_SIZE(cxl_mem_commands); (cmd)++)
29 
30 #define CXL_CMD(_id, sin, sout, _flags)                                        \
31 	[CXL_MEM_COMMAND_ID_##_id] = {                                         \
32 	.info =	{                                                              \
33 			.id = CXL_MEM_COMMAND_ID_##_id,                        \
34 			.size_in = sin,                                        \
35 			.size_out = sout,                                      \
36 		},                                                             \
37 	.opcode = CXL_MBOX_OP_##_id,                                           \
38 	.flags = _flags,                                                       \
39 	}
40 
41 #define CXL_VARIABLE_PAYLOAD	~0U
42 /*
43  * This table defines the supported mailbox commands for the driver. This table
44  * is made up of a UAPI structure. Non-negative values as parameters in the
45  * table will be validated against the user's input. For example, if size_in is
46  * 0, and the user passed in 1, it is an error.
47  */
48 static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
49 	CXL_CMD(IDENTIFY, 0, 0x43, CXL_CMD_FLAG_FORCE_ENABLE),
50 #ifdef CONFIG_CXL_MEM_RAW_COMMANDS
51 	CXL_CMD(RAW, CXL_VARIABLE_PAYLOAD, CXL_VARIABLE_PAYLOAD, 0),
52 #endif
53 	CXL_CMD(GET_SUPPORTED_LOGS, 0, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
54 	CXL_CMD(GET_FW_INFO, 0, 0x50, 0),
55 	CXL_CMD(GET_PARTITION_INFO, 0, 0x20, 0),
56 	CXL_CMD(GET_LSA, 0x8, CXL_VARIABLE_PAYLOAD, 0),
57 	CXL_CMD(GET_HEALTH_INFO, 0, 0x12, 0),
58 	CXL_CMD(GET_LOG, 0x18, CXL_VARIABLE_PAYLOAD, CXL_CMD_FLAG_FORCE_ENABLE),
59 	CXL_CMD(GET_LOG_CAPS, 0x10, 0x4, 0),
60 	CXL_CMD(CLEAR_LOG, 0x10, 0, 0),
61 	CXL_CMD(GET_SUP_LOG_SUBLIST, 0x2, CXL_VARIABLE_PAYLOAD, 0),
62 	CXL_CMD(SET_PARTITION_INFO, 0x0a, 0, 0),
63 	CXL_CMD(SET_LSA, CXL_VARIABLE_PAYLOAD, 0, 0),
64 	CXL_CMD(GET_ALERT_CONFIG, 0, 0x10, 0),
65 	CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
66 	CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
67 	CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
68 	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
69 	CXL_CMD(GET_TIMESTAMP, 0, 0x8, 0),
70 };
71 
72 /*
73  * Commands that RAW doesn't permit. The rationale for each:
74  *
75  * CXL_MBOX_OP_ACTIVATE_FW: Firmware activation requires adjustment /
76  * coordination of transaction timeout values at the root bridge level.
77  *
78  * CXL_MBOX_OP_SET_PARTITION_INFO: The device memory map may change live
79  * and needs to be coordinated with HDM updates.
80  *
81  * CXL_MBOX_OP_SET_LSA: The label storage area may be cached by the
82  * driver and any writes from userspace invalidates those contents.
83  *
84  * CXL_MBOX_OP_SET_SHUTDOWN_STATE: Set shutdown state assumes no writes
85  * to the device after it is marked clean, userspace can not make that
86  * assertion.
87  *
88  * CXL_MBOX_OP_[GET_]SCAN_MEDIA: The kernel provides a native error list that
89  * is kept up to date with patrol notifications and error management.
90  *
91  * CXL_MBOX_OP_[GET_,INJECT_,CLEAR_]POISON: These commands require kernel
92  * driver orchestration for safety.
93  */
94 static u16 cxl_disabled_raw_commands[] = {
95 	CXL_MBOX_OP_ACTIVATE_FW,
96 	CXL_MBOX_OP_SET_PARTITION_INFO,
97 	CXL_MBOX_OP_SET_LSA,
98 	CXL_MBOX_OP_SET_SHUTDOWN_STATE,
99 	CXL_MBOX_OP_SCAN_MEDIA,
100 	CXL_MBOX_OP_GET_SCAN_MEDIA,
101 	CXL_MBOX_OP_GET_POISON,
102 	CXL_MBOX_OP_INJECT_POISON,
103 	CXL_MBOX_OP_CLEAR_POISON,
104 };
105 
106 /*
107  * Command sets that RAW doesn't permit. All opcodes in this set are
108  * disabled because they pass plain text security payloads over the
109  * user/kernel boundary. This functionality is intended to be wrapped
110  * behind the keys ABI which allows for encrypted payloads in the UAPI
111  */
112 static u8 security_command_sets[] = {
113 	0x44, /* Sanitize */
114 	0x45, /* Persistent Memory Data-at-rest Security */
115 	0x46, /* Security Passthrough */
116 };
117 
118 static bool cxl_is_security_command(u16 opcode)
119 {
120 	int i;
121 
122 	for (i = 0; i < ARRAY_SIZE(security_command_sets); i++)
123 		if (security_command_sets[i] == (opcode >> 8))
124 			return true;
125 	return false;
126 }
127 
128 static void cxl_set_security_cmd_enabled(struct cxl_security_state *security,
129 					 u16 opcode)
130 {
131 	switch (opcode) {
132 	case CXL_MBOX_OP_SANITIZE:
133 		set_bit(CXL_SEC_ENABLED_SANITIZE, security->enabled_cmds);
134 		break;
135 	case CXL_MBOX_OP_SECURE_ERASE:
136 		set_bit(CXL_SEC_ENABLED_SECURE_ERASE,
137 			security->enabled_cmds);
138 		break;
139 	case CXL_MBOX_OP_GET_SECURITY_STATE:
140 		set_bit(CXL_SEC_ENABLED_GET_SECURITY_STATE,
141 			security->enabled_cmds);
142 		break;
143 	case CXL_MBOX_OP_SET_PASSPHRASE:
144 		set_bit(CXL_SEC_ENABLED_SET_PASSPHRASE,
145 			security->enabled_cmds);
146 		break;
147 	case CXL_MBOX_OP_DISABLE_PASSPHRASE:
148 		set_bit(CXL_SEC_ENABLED_DISABLE_PASSPHRASE,
149 			security->enabled_cmds);
150 		break;
151 	case CXL_MBOX_OP_UNLOCK:
152 		set_bit(CXL_SEC_ENABLED_UNLOCK, security->enabled_cmds);
153 		break;
154 	case CXL_MBOX_OP_FREEZE_SECURITY:
155 		set_bit(CXL_SEC_ENABLED_FREEZE_SECURITY,
156 			security->enabled_cmds);
157 		break;
158 	case CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE:
159 		set_bit(CXL_SEC_ENABLED_PASSPHRASE_SECURE_ERASE,
160 			security->enabled_cmds);
161 		break;
162 	default:
163 		break;
164 	}
165 }
166 
167 static bool cxl_is_poison_command(u16 opcode)
168 {
169 #define CXL_MBOX_OP_POISON_CMDS 0x43
170 
171 	if ((opcode >> 8) == CXL_MBOX_OP_POISON_CMDS)
172 		return true;
173 
174 	return false;
175 }
176 
177 static void cxl_set_poison_cmd_enabled(struct cxl_poison_state *poison,
178 				       u16 opcode)
179 {
180 	switch (opcode) {
181 	case CXL_MBOX_OP_GET_POISON:
182 		set_bit(CXL_POISON_ENABLED_LIST, poison->enabled_cmds);
183 		break;
184 	case CXL_MBOX_OP_INJECT_POISON:
185 		set_bit(CXL_POISON_ENABLED_INJECT, poison->enabled_cmds);
186 		break;
187 	case CXL_MBOX_OP_CLEAR_POISON:
188 		set_bit(CXL_POISON_ENABLED_CLEAR, poison->enabled_cmds);
189 		break;
190 	case CXL_MBOX_OP_GET_SCAN_MEDIA_CAPS:
191 		set_bit(CXL_POISON_ENABLED_SCAN_CAPS, poison->enabled_cmds);
192 		break;
193 	case CXL_MBOX_OP_SCAN_MEDIA:
194 		set_bit(CXL_POISON_ENABLED_SCAN_MEDIA, poison->enabled_cmds);
195 		break;
196 	case CXL_MBOX_OP_GET_SCAN_MEDIA:
197 		set_bit(CXL_POISON_ENABLED_SCAN_RESULTS, poison->enabled_cmds);
198 		break;
199 	default:
200 		break;
201 	}
202 }
203 
204 static struct cxl_mem_command *cxl_mem_find_command(u16 opcode)
205 {
206 	struct cxl_mem_command *c;
207 
208 	cxl_for_each_cmd(c)
209 		if (c->opcode == opcode)
210 			return c;
211 
212 	return NULL;
213 }
214 
215 static const char *cxl_mem_opcode_to_name(u16 opcode)
216 {
217 	struct cxl_mem_command *c;
218 
219 	c = cxl_mem_find_command(opcode);
220 	if (!c)
221 		return NULL;
222 
223 	return cxl_command_names[c->info.id].name;
224 }
225 
226 /**
227  * cxl_internal_send_cmd() - Kernel internal interface to send a mailbox command
228  * @cxl_mbox: CXL mailbox context
229  * @mbox_cmd: initialized command to execute
230  *
231  * Context: Any context.
232  * Return:
233  *  * %>=0	- Number of bytes returned in @out.
234  *  * %-E2BIG	- Payload is too large for hardware.
235  *  * %-EBUSY	- Couldn't acquire exclusive mailbox access.
236  *  * %-EFAULT	- Hardware error occurred.
237  *  * %-ENXIO	- Command completed, but device reported an error.
238  *  * %-EIO	- Unexpected output size.
239  *
240  * Mailbox commands may execute successfully yet the device itself reported an
241  * error. While this distinction can be useful for commands from userspace, the
242  * kernel will only be able to use results when both are successful.
243  */
244 int cxl_internal_send_cmd(struct cxl_mailbox *cxl_mbox,
245 			  struct cxl_mbox_cmd *mbox_cmd)
246 {
247 	size_t out_size, min_out;
248 	int rc;
249 
250 	if (mbox_cmd->size_in > cxl_mbox->payload_size ||
251 	    mbox_cmd->size_out > cxl_mbox->payload_size)
252 		return -E2BIG;
253 
254 	out_size = mbox_cmd->size_out;
255 	min_out = mbox_cmd->min_out;
256 	rc = cxl_mbox->mbox_send(cxl_mbox, mbox_cmd);
257 	/*
258 	 * EIO is reserved for a payload size mismatch and mbox_send()
259 	 * may not return this error.
260 	 */
261 	if (WARN_ONCE(rc == -EIO, "Bad return code: -EIO"))
262 		return -ENXIO;
263 	if (rc)
264 		return rc;
265 
266 	if (mbox_cmd->return_code != CXL_MBOX_CMD_RC_SUCCESS &&
267 	    mbox_cmd->return_code != CXL_MBOX_CMD_RC_BACKGROUND)
268 		return cxl_mbox_cmd_rc2errno(mbox_cmd);
269 
270 	if (!out_size)
271 		return 0;
272 
273 	/*
274 	 * Variable sized output needs to at least satisfy the caller's
275 	 * minimum if not the fully requested size.
276 	 */
277 	if (min_out == 0)
278 		min_out = out_size;
279 
280 	if (mbox_cmd->size_out < min_out)
281 		return -EIO;
282 	return 0;
283 }
284 EXPORT_SYMBOL_NS_GPL(cxl_internal_send_cmd, "CXL");
285 
286 static bool cxl_mem_raw_command_allowed(u16 opcode)
287 {
288 	int i;
289 
290 	if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
291 		return false;
292 
293 	if (security_locked_down(LOCKDOWN_PCI_ACCESS))
294 		return false;
295 
296 	if (cxl_raw_allow_all)
297 		return true;
298 
299 	if (cxl_is_security_command(opcode))
300 		return false;
301 
302 	for (i = 0; i < ARRAY_SIZE(cxl_disabled_raw_commands); i++)
303 		if (cxl_disabled_raw_commands[i] == opcode)
304 			return false;
305 
306 	return true;
307 }
308 
309 /**
310  * cxl_payload_from_user_allowed() - Check contents of in_payload.
311  * @opcode: The mailbox command opcode.
312  * @payload_in: Pointer to the input payload passed in from user space.
313  *
314  * Return:
315  *  * true	- payload_in passes check for @opcode.
316  *  * false	- payload_in contains invalid or unsupported values.
317  *
318  * The driver may inspect payload contents before sending a mailbox
319  * command from user space to the device. The intent is to reject
320  * commands with input payloads that are known to be unsafe. This
321  * check is not intended to replace the users careful selection of
322  * mailbox command parameters and makes no guarantee that the user
323  * command will succeed, nor that it is appropriate.
324  *
325  * The specific checks are determined by the opcode.
326  */
327 static bool cxl_payload_from_user_allowed(u16 opcode, void *payload_in)
328 {
329 	switch (opcode) {
330 	case CXL_MBOX_OP_SET_PARTITION_INFO: {
331 		struct cxl_mbox_set_partition_info *pi = payload_in;
332 
333 		if (pi->flags & CXL_SET_PARTITION_IMMEDIATE_FLAG)
334 			return false;
335 		break;
336 	}
337 	case CXL_MBOX_OP_CLEAR_LOG: {
338 		const uuid_t *uuid = (uuid_t *)payload_in;
339 
340 		/*
341 		 * Restrict the ‘Clear log’ action to only apply to
342 		 * Vendor debug logs.
343 		 */
344 		return uuid_equal(uuid, &DEFINE_CXL_VENDOR_DEBUG_UUID);
345 	}
346 	default:
347 		break;
348 	}
349 	return true;
350 }
351 
352 static int cxl_mbox_cmd_ctor(struct cxl_mbox_cmd *mbox_cmd,
353 			     struct cxl_mailbox *cxl_mbox, u16 opcode,
354 			     size_t in_size, size_t out_size, u64 in_payload)
355 {
356 	*mbox_cmd = (struct cxl_mbox_cmd) {
357 		.opcode = opcode,
358 		.size_in = in_size,
359 	};
360 
361 	if (in_size) {
362 		mbox_cmd->payload_in = vmemdup_user(u64_to_user_ptr(in_payload),
363 						    in_size);
364 		if (IS_ERR(mbox_cmd->payload_in))
365 			return PTR_ERR(mbox_cmd->payload_in);
366 
367 		if (!cxl_payload_from_user_allowed(opcode, mbox_cmd->payload_in)) {
368 			dev_dbg(cxl_mbox->host, "%s: input payload not allowed\n",
369 				cxl_mem_opcode_to_name(opcode));
370 			kvfree(mbox_cmd->payload_in);
371 			return -EBUSY;
372 		}
373 	}
374 
375 	/* Prepare to handle a full payload for variable sized output */
376 	if (out_size == CXL_VARIABLE_PAYLOAD)
377 		mbox_cmd->size_out = cxl_mbox->payload_size;
378 	else
379 		mbox_cmd->size_out = out_size;
380 
381 	if (mbox_cmd->size_out) {
382 		mbox_cmd->payload_out = kvzalloc(mbox_cmd->size_out, GFP_KERNEL);
383 		if (!mbox_cmd->payload_out) {
384 			kvfree(mbox_cmd->payload_in);
385 			return -ENOMEM;
386 		}
387 	}
388 	return 0;
389 }
390 
391 static void cxl_mbox_cmd_dtor(struct cxl_mbox_cmd *mbox)
392 {
393 	kvfree(mbox->payload_in);
394 	kvfree(mbox->payload_out);
395 }
396 
397 static int cxl_to_mem_cmd_raw(struct cxl_mem_command *mem_cmd,
398 			      const struct cxl_send_command *send_cmd,
399 			      struct cxl_mailbox *cxl_mbox)
400 {
401 	if (send_cmd->raw.rsvd)
402 		return -EINVAL;
403 
404 	/*
405 	 * Unlike supported commands, the output size of RAW commands
406 	 * gets passed along without further checking, so it must be
407 	 * validated here.
408 	 */
409 	if (send_cmd->out.size > cxl_mbox->payload_size)
410 		return -EINVAL;
411 
412 	if (!cxl_mem_raw_command_allowed(send_cmd->raw.opcode))
413 		return -EPERM;
414 
415 	dev_WARN_ONCE(cxl_mbox->host, true, "raw command path used\n");
416 
417 	*mem_cmd = (struct cxl_mem_command) {
418 		.info = {
419 			.id = CXL_MEM_COMMAND_ID_RAW,
420 			.size_in = send_cmd->in.size,
421 			.size_out = send_cmd->out.size,
422 		},
423 		.opcode = send_cmd->raw.opcode
424 	};
425 
426 	return 0;
427 }
428 
429 static int cxl_to_mem_cmd(struct cxl_mem_command *mem_cmd,
430 			  const struct cxl_send_command *send_cmd,
431 			  struct cxl_mailbox *cxl_mbox)
432 {
433 	struct cxl_mem_command *c = &cxl_mem_commands[send_cmd->id];
434 	const struct cxl_command_info *info = &c->info;
435 
436 	if (send_cmd->flags & ~CXL_MEM_COMMAND_FLAG_MASK)
437 		return -EINVAL;
438 
439 	if (send_cmd->rsvd)
440 		return -EINVAL;
441 
442 	if (send_cmd->in.rsvd || send_cmd->out.rsvd)
443 		return -EINVAL;
444 
445 	/* Check that the command is enabled for hardware */
446 	if (!test_bit(info->id, cxl_mbox->enabled_cmds))
447 		return -ENOTTY;
448 
449 	/* Check that the command is not claimed for exclusive kernel use */
450 	if (test_bit(info->id, cxl_mbox->exclusive_cmds))
451 		return -EBUSY;
452 
453 	/* Check the input buffer is the expected size */
454 	if ((info->size_in != CXL_VARIABLE_PAYLOAD) &&
455 	    (info->size_in != send_cmd->in.size))
456 		return -ENOMEM;
457 
458 	/* Check the output buffer is at least large enough */
459 	if ((info->size_out != CXL_VARIABLE_PAYLOAD) &&
460 	    (send_cmd->out.size < info->size_out))
461 		return -ENOMEM;
462 
463 	*mem_cmd = (struct cxl_mem_command) {
464 		.info = {
465 			.id = info->id,
466 			.flags = info->flags,
467 			.size_in = send_cmd->in.size,
468 			.size_out = send_cmd->out.size,
469 		},
470 		.opcode = c->opcode
471 	};
472 
473 	return 0;
474 }
475 
476 /**
477  * cxl_validate_cmd_from_user() - Check fields for CXL_MEM_SEND_COMMAND.
478  * @mbox_cmd: Sanitized and populated &struct cxl_mbox_cmd.
479  * @cxl_mbox: CXL mailbox context
480  * @send_cmd: &struct cxl_send_command copied in from userspace.
481  *
482  * Return:
483  *  * %0	- @out_cmd is ready to send.
484  *  * %-ENOTTY	- Invalid command specified.
485  *  * %-EINVAL	- Reserved fields or invalid values were used.
486  *  * %-ENOMEM	- Input or output buffer wasn't sized properly.
487  *  * %-EPERM	- Attempted to use a protected command.
488  *  * %-EBUSY	- Kernel has claimed exclusive access to this opcode
489  *
490  * The result of this command is a fully validated command in @mbox_cmd that is
491  * safe to send to the hardware.
492  */
493 static int cxl_validate_cmd_from_user(struct cxl_mbox_cmd *mbox_cmd,
494 				      struct cxl_mailbox *cxl_mbox,
495 				      const struct cxl_send_command *send_cmd)
496 {
497 	struct cxl_mem_command mem_cmd;
498 	int rc;
499 
500 	if (send_cmd->id == 0 || send_cmd->id >= CXL_MEM_COMMAND_ID_MAX)
501 		return -ENOTTY;
502 
503 	/*
504 	 * The user can never specify an input payload larger than what hardware
505 	 * supports, but output can be arbitrarily large (simply write out as
506 	 * much data as the hardware provides).
507 	 */
508 	if (send_cmd->in.size > cxl_mbox->payload_size)
509 		return -EINVAL;
510 
511 	/* Sanitize and construct a cxl_mem_command */
512 	if (send_cmd->id == CXL_MEM_COMMAND_ID_RAW)
513 		rc = cxl_to_mem_cmd_raw(&mem_cmd, send_cmd, cxl_mbox);
514 	else
515 		rc = cxl_to_mem_cmd(&mem_cmd, send_cmd, cxl_mbox);
516 
517 	if (rc)
518 		return rc;
519 
520 	/* Sanitize and construct a cxl_mbox_cmd */
521 	return cxl_mbox_cmd_ctor(mbox_cmd, cxl_mbox, mem_cmd.opcode,
522 				 mem_cmd.info.size_in, mem_cmd.info.size_out,
523 				 send_cmd->in.payload);
524 }
525 
526 int cxl_query_cmd(struct cxl_mailbox *cxl_mbox,
527 		  struct cxl_mem_query_commands __user *q)
528 {
529 	struct device *dev = cxl_mbox->host;
530 	struct cxl_mem_command *cmd;
531 	u32 n_commands;
532 	int j = 0;
533 
534 	dev_dbg(dev, "Query IOCTL\n");
535 
536 	if (get_user(n_commands, &q->n_commands))
537 		return -EFAULT;
538 
539 	/* returns the total number if 0 elements are requested. */
540 	if (n_commands == 0)
541 		return put_user(ARRAY_SIZE(cxl_mem_commands), &q->n_commands);
542 
543 	/*
544 	 * otherwise, return min(n_commands, total commands) cxl_command_info
545 	 * structures.
546 	 */
547 	cxl_for_each_cmd(cmd) {
548 		struct cxl_command_info info = cmd->info;
549 
550 		if (test_bit(info.id, cxl_mbox->enabled_cmds))
551 			info.flags |= CXL_MEM_COMMAND_FLAG_ENABLED;
552 		if (test_bit(info.id, cxl_mbox->exclusive_cmds))
553 			info.flags |= CXL_MEM_COMMAND_FLAG_EXCLUSIVE;
554 
555 		if (copy_to_user(&q->commands[j++], &info, sizeof(info)))
556 			return -EFAULT;
557 
558 		if (j == n_commands)
559 			break;
560 	}
561 
562 	return 0;
563 }
564 
565 /**
566  * handle_mailbox_cmd_from_user() - Dispatch a mailbox command for userspace.
567  * @cxl_mbox: The mailbox context for the operation.
568  * @mbox_cmd: The validated mailbox command.
569  * @out_payload: Pointer to userspace's output payload.
570  * @size_out: (Input) Max payload size to copy out.
571  *            (Output) Payload size hardware generated.
572  * @retval: Hardware generated return code from the operation.
573  *
574  * Return:
575  *  * %0	- Mailbox transaction succeeded. This implies the mailbox
576  *		  protocol completed successfully not that the operation itself
577  *		  was successful.
578  *  * %-ENOMEM  - Couldn't allocate a bounce buffer.
579  *  * %-EFAULT	- Something happened with copy_to/from_user.
580  *  * %-EINTR	- Mailbox acquisition interrupted.
581  *  * %-EXXX	- Transaction level failures.
582  *
583  * Dispatches a mailbox command on behalf of a userspace request.
584  * The output payload is copied to userspace.
585  *
586  * See cxl_send_cmd().
587  */
588 static int handle_mailbox_cmd_from_user(struct cxl_mailbox *cxl_mbox,
589 					struct cxl_mbox_cmd *mbox_cmd,
590 					u64 out_payload, s32 *size_out,
591 					u32 *retval)
592 {
593 	struct device *dev = cxl_mbox->host;
594 	int rc;
595 
596 	dev_dbg(dev,
597 		"Submitting %s command for user\n"
598 		"\topcode: %x\n"
599 		"\tsize: %zx\n",
600 		cxl_mem_opcode_to_name(mbox_cmd->opcode),
601 		mbox_cmd->opcode, mbox_cmd->size_in);
602 
603 	rc = cxl_mbox->mbox_send(cxl_mbox, mbox_cmd);
604 	if (rc)
605 		goto out;
606 
607 	/*
608 	 * @size_out contains the max size that's allowed to be written back out
609 	 * to userspace. While the payload may have written more output than
610 	 * this it will have to be ignored.
611 	 */
612 	if (mbox_cmd->size_out) {
613 		dev_WARN_ONCE(dev, mbox_cmd->size_out > *size_out,
614 			      "Invalid return size\n");
615 		if (copy_to_user(u64_to_user_ptr(out_payload),
616 				 mbox_cmd->payload_out, mbox_cmd->size_out)) {
617 			rc = -EFAULT;
618 			goto out;
619 		}
620 	}
621 
622 	*size_out = mbox_cmd->size_out;
623 	*retval = mbox_cmd->return_code;
624 
625 out:
626 	cxl_mbox_cmd_dtor(mbox_cmd);
627 	return rc;
628 }
629 
630 int cxl_send_cmd(struct cxl_mailbox *cxl_mbox, struct cxl_send_command __user *s)
631 {
632 	struct device *dev = cxl_mbox->host;
633 	struct cxl_send_command send;
634 	struct cxl_mbox_cmd mbox_cmd;
635 	int rc;
636 
637 	dev_dbg(dev, "Send IOCTL\n");
638 
639 	if (copy_from_user(&send, s, sizeof(send)))
640 		return -EFAULT;
641 
642 	rc = cxl_validate_cmd_from_user(&mbox_cmd, cxl_mbox, &send);
643 	if (rc)
644 		return rc;
645 
646 	rc = handle_mailbox_cmd_from_user(cxl_mbox, &mbox_cmd, send.out.payload,
647 					  &send.out.size, &send.retval);
648 	if (rc)
649 		return rc;
650 
651 	if (copy_to_user(s, &send, sizeof(send)))
652 		return -EFAULT;
653 
654 	return 0;
655 }
656 
657 static int cxl_xfer_log(struct cxl_memdev_state *mds, uuid_t *uuid,
658 			u32 *size, u8 *out)
659 {
660 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
661 	u32 remaining = *size;
662 	u32 offset = 0;
663 
664 	while (remaining) {
665 		u32 xfer_size = min_t(u32, remaining, cxl_mbox->payload_size);
666 		struct cxl_mbox_cmd mbox_cmd;
667 		struct cxl_mbox_get_log log;
668 		int rc;
669 
670 		log = (struct cxl_mbox_get_log) {
671 			.uuid = *uuid,
672 			.offset = cpu_to_le32(offset),
673 			.length = cpu_to_le32(xfer_size),
674 		};
675 
676 		mbox_cmd = (struct cxl_mbox_cmd) {
677 			.opcode = CXL_MBOX_OP_GET_LOG,
678 			.size_in = sizeof(log),
679 			.payload_in = &log,
680 			.size_out = xfer_size,
681 			.payload_out = out,
682 		};
683 
684 		rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
685 
686 		/*
687 		 * The output payload length that indicates the number
688 		 * of valid bytes can be smaller than the Log buffer
689 		 * size.
690 		 */
691 		if (rc == -EIO && mbox_cmd.size_out < xfer_size) {
692 			offset += mbox_cmd.size_out;
693 			break;
694 		}
695 
696 		if (rc < 0)
697 			return rc;
698 
699 		out += xfer_size;
700 		remaining -= xfer_size;
701 		offset += xfer_size;
702 	}
703 
704 	*size = offset;
705 
706 	return 0;
707 }
708 
709 static int check_features_opcodes(u16 opcode, int *ro_cmds, int *wr_cmds)
710 {
711 	switch (opcode) {
712 	case CXL_MBOX_OP_GET_SUPPORTED_FEATURES:
713 	case CXL_MBOX_OP_GET_FEATURE:
714 		(*ro_cmds)++;
715 		return 1;
716 	case CXL_MBOX_OP_SET_FEATURE:
717 		(*wr_cmds)++;
718 		return 1;
719 	default:
720 		return 0;
721 	}
722 }
723 
724 /* 'Get Supported Features' and 'Get Feature' */
725 #define MAX_FEATURES_READ_CMDS	2
726 static void set_features_cap(struct cxl_mailbox *cxl_mbox,
727 			     int ro_cmds, int wr_cmds)
728 {
729 	/* Setting up Features capability while walking the CEL */
730 	if (ro_cmds == MAX_FEATURES_READ_CMDS) {
731 		if (wr_cmds)
732 			cxl_mbox->feat_cap = CXL_FEATURES_RW;
733 		else
734 			cxl_mbox->feat_cap = CXL_FEATURES_RO;
735 	}
736 }
737 
738 /**
739  * cxl_walk_cel() - Walk through the Command Effects Log.
740  * @mds: The driver data for the operation
741  * @size: Length of the Command Effects Log.
742  * @cel: CEL
743  *
744  * Iterate over each entry in the CEL and determine if the driver supports the
745  * command. If so, the command is enabled for the device and can be used later.
746  */
747 static void cxl_walk_cel(struct cxl_memdev_state *mds, size_t size, u8 *cel)
748 {
749 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
750 	struct cxl_cel_entry *cel_entry;
751 	const int cel_entries = size / sizeof(*cel_entry);
752 	struct device *dev = mds->cxlds.dev;
753 	int i, ro_cmds = 0, wr_cmds = 0;
754 
755 	cel_entry = (struct cxl_cel_entry *) cel;
756 
757 	for (i = 0; i < cel_entries; i++) {
758 		u16 opcode = le16_to_cpu(cel_entry[i].opcode);
759 		struct cxl_mem_command *cmd = cxl_mem_find_command(opcode);
760 		int enabled = 0;
761 
762 		if (cmd) {
763 			set_bit(cmd->info.id, cxl_mbox->enabled_cmds);
764 			enabled++;
765 		}
766 
767 		enabled += check_features_opcodes(opcode, &ro_cmds,
768 						  &wr_cmds);
769 
770 		if (cxl_is_poison_command(opcode)) {
771 			cxl_set_poison_cmd_enabled(&mds->poison, opcode);
772 			enabled++;
773 		}
774 
775 		if (cxl_is_security_command(opcode)) {
776 			cxl_set_security_cmd_enabled(&mds->security, opcode);
777 			enabled++;
778 		}
779 
780 		dev_dbg(dev, "Opcode 0x%04x %s\n", opcode,
781 			enabled ? "enabled" : "unsupported by driver");
782 	}
783 
784 	set_features_cap(cxl_mbox, ro_cmds, wr_cmds);
785 }
786 
787 static struct cxl_mbox_get_supported_logs *cxl_get_gsl(struct cxl_memdev_state *mds)
788 {
789 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
790 	struct cxl_mbox_get_supported_logs *ret;
791 	struct cxl_mbox_cmd mbox_cmd;
792 	int rc;
793 
794 	ret = kvmalloc(cxl_mbox->payload_size, GFP_KERNEL);
795 	if (!ret)
796 		return ERR_PTR(-ENOMEM);
797 
798 	mbox_cmd = (struct cxl_mbox_cmd) {
799 		.opcode = CXL_MBOX_OP_GET_SUPPORTED_LOGS,
800 		.size_out = cxl_mbox->payload_size,
801 		.payload_out = ret,
802 		/* At least the record number field must be valid */
803 		.min_out = 2,
804 	};
805 	rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
806 	if (rc < 0) {
807 		kvfree(ret);
808 		return ERR_PTR(rc);
809 	}
810 
811 
812 	return ret;
813 }
814 
815 enum {
816 	CEL_UUID,
817 	VENDOR_DEBUG_UUID,
818 };
819 
820 /* See CXL 2.0 Table 170. Get Log Input Payload */
821 static const uuid_t log_uuid[] = {
822 	[CEL_UUID] = DEFINE_CXL_CEL_UUID,
823 	[VENDOR_DEBUG_UUID] = DEFINE_CXL_VENDOR_DEBUG_UUID,
824 };
825 
826 /**
827  * cxl_enumerate_cmds() - Enumerate commands for a device.
828  * @mds: The driver data for the operation
829  *
830  * Returns 0 if enumerate completed successfully.
831  *
832  * CXL devices have optional support for certain commands. This function will
833  * determine the set of supported commands for the hardware and update the
834  * enabled_cmds bitmap in the @mds.
835  */
836 int cxl_enumerate_cmds(struct cxl_memdev_state *mds)
837 {
838 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
839 	struct cxl_mbox_get_supported_logs *gsl;
840 	struct device *dev = mds->cxlds.dev;
841 	struct cxl_mem_command *cmd;
842 	int i, rc;
843 
844 	gsl = cxl_get_gsl(mds);
845 	if (IS_ERR(gsl))
846 		return PTR_ERR(gsl);
847 
848 	rc = -ENOENT;
849 	for (i = 0; i < le16_to_cpu(gsl->entries); i++) {
850 		u32 size = le32_to_cpu(gsl->entry[i].size);
851 		uuid_t uuid = gsl->entry[i].uuid;
852 		u8 *log;
853 
854 		dev_dbg(dev, "Found LOG type %pU of size %d", &uuid, size);
855 
856 		if (!uuid_equal(&uuid, &log_uuid[CEL_UUID]))
857 			continue;
858 
859 		log = kvmalloc(size, GFP_KERNEL);
860 		if (!log) {
861 			rc = -ENOMEM;
862 			goto out;
863 		}
864 
865 		rc = cxl_xfer_log(mds, &uuid, &size, log);
866 		if (rc) {
867 			kvfree(log);
868 			goto out;
869 		}
870 
871 		cxl_walk_cel(mds, size, log);
872 		kvfree(log);
873 
874 		/* In case CEL was bogus, enable some default commands. */
875 		cxl_for_each_cmd(cmd)
876 			if (cmd->flags & CXL_CMD_FLAG_FORCE_ENABLE)
877 				set_bit(cmd->info.id, cxl_mbox->enabled_cmds);
878 
879 		/* Found the required CEL */
880 		rc = 0;
881 	}
882 out:
883 	kvfree(gsl);
884 	return rc;
885 }
886 EXPORT_SYMBOL_NS_GPL(cxl_enumerate_cmds, "CXL");
887 
888 void cxl_event_trace_record(const struct cxl_memdev *cxlmd,
889 			    enum cxl_event_log_type type,
890 			    enum cxl_event_type event_type,
891 			    const uuid_t *uuid, union cxl_event *evt)
892 {
893 	if (event_type == CXL_CPER_EVENT_MEM_MODULE) {
894 		trace_cxl_memory_module(cxlmd, type, &evt->mem_module);
895 		return;
896 	}
897 	if (event_type == CXL_CPER_EVENT_GENERIC) {
898 		trace_cxl_generic_event(cxlmd, type, uuid, &evt->generic);
899 		return;
900 	}
901 
902 	if (trace_cxl_general_media_enabled() || trace_cxl_dram_enabled()) {
903 		u64 dpa, hpa = ULLONG_MAX;
904 		struct cxl_region *cxlr;
905 
906 		/*
907 		 * These trace points are annotated with HPA and region
908 		 * translations. Take topology mutation locks and lookup
909 		 * { HPA, REGION } from { DPA, MEMDEV } in the event record.
910 		 */
911 		guard(rwsem_read)(&cxl_region_rwsem);
912 		guard(rwsem_read)(&cxl_dpa_rwsem);
913 
914 		dpa = le64_to_cpu(evt->media_hdr.phys_addr) & CXL_DPA_MASK;
915 		cxlr = cxl_dpa_to_region(cxlmd, dpa);
916 		if (cxlr)
917 			hpa = cxl_dpa_to_hpa(cxlr, cxlmd, dpa);
918 
919 		if (event_type == CXL_CPER_EVENT_GEN_MEDIA)
920 			trace_cxl_general_media(cxlmd, type, cxlr, hpa,
921 						&evt->gen_media);
922 		else if (event_type == CXL_CPER_EVENT_DRAM)
923 			trace_cxl_dram(cxlmd, type, cxlr, hpa, &evt->dram);
924 	}
925 }
926 EXPORT_SYMBOL_NS_GPL(cxl_event_trace_record, "CXL");
927 
928 static void __cxl_event_trace_record(const struct cxl_memdev *cxlmd,
929 				     enum cxl_event_log_type type,
930 				     struct cxl_event_record_raw *record)
931 {
932 	enum cxl_event_type ev_type = CXL_CPER_EVENT_GENERIC;
933 	const uuid_t *uuid = &record->id;
934 
935 	if (uuid_equal(uuid, &CXL_EVENT_GEN_MEDIA_UUID))
936 		ev_type = CXL_CPER_EVENT_GEN_MEDIA;
937 	else if (uuid_equal(uuid, &CXL_EVENT_DRAM_UUID))
938 		ev_type = CXL_CPER_EVENT_DRAM;
939 	else if (uuid_equal(uuid, &CXL_EVENT_MEM_MODULE_UUID))
940 		ev_type = CXL_CPER_EVENT_MEM_MODULE;
941 
942 	cxl_event_trace_record(cxlmd, type, ev_type, uuid, &record->event);
943 }
944 
945 static int cxl_clear_event_record(struct cxl_memdev_state *mds,
946 				  enum cxl_event_log_type log,
947 				  struct cxl_get_event_payload *get_pl)
948 {
949 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
950 	struct cxl_mbox_clear_event_payload *payload;
951 	u16 total = le16_to_cpu(get_pl->record_count);
952 	u8 max_handles = CXL_CLEAR_EVENT_MAX_HANDLES;
953 	size_t pl_size = struct_size(payload, handles, max_handles);
954 	struct cxl_mbox_cmd mbox_cmd;
955 	u16 cnt;
956 	int rc = 0;
957 	int i;
958 
959 	/* Payload size may limit the max handles */
960 	if (pl_size > cxl_mbox->payload_size) {
961 		max_handles = (cxl_mbox->payload_size - sizeof(*payload)) /
962 			      sizeof(__le16);
963 		pl_size = struct_size(payload, handles, max_handles);
964 	}
965 
966 	payload = kvzalloc(pl_size, GFP_KERNEL);
967 	if (!payload)
968 		return -ENOMEM;
969 
970 	*payload = (struct cxl_mbox_clear_event_payload) {
971 		.event_log = log,
972 	};
973 
974 	mbox_cmd = (struct cxl_mbox_cmd) {
975 		.opcode = CXL_MBOX_OP_CLEAR_EVENT_RECORD,
976 		.payload_in = payload,
977 		.size_in = pl_size,
978 	};
979 
980 	/*
981 	 * Clear Event Records uses u8 for the handle cnt while Get Event
982 	 * Record can return up to 0xffff records.
983 	 */
984 	i = 0;
985 	for (cnt = 0; cnt < total; cnt++) {
986 		struct cxl_event_record_raw *raw = &get_pl->records[cnt];
987 		struct cxl_event_generic *gen = &raw->event.generic;
988 
989 		payload->handles[i++] = gen->hdr.handle;
990 		dev_dbg(mds->cxlds.dev, "Event log '%d': Clearing %u\n", log,
991 			le16_to_cpu(payload->handles[i - 1]));
992 
993 		if (i == max_handles) {
994 			payload->nr_recs = i;
995 			rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
996 			if (rc)
997 				goto free_pl;
998 			i = 0;
999 		}
1000 	}
1001 
1002 	/* Clear what is left if any */
1003 	if (i) {
1004 		payload->nr_recs = i;
1005 		mbox_cmd.size_in = struct_size(payload, handles, i);
1006 		rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
1007 		if (rc)
1008 			goto free_pl;
1009 	}
1010 
1011 free_pl:
1012 	kvfree(payload);
1013 	return rc;
1014 }
1015 
1016 static void cxl_mem_get_records_log(struct cxl_memdev_state *mds,
1017 				    enum cxl_event_log_type type)
1018 {
1019 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
1020 	struct cxl_memdev *cxlmd = mds->cxlds.cxlmd;
1021 	struct device *dev = mds->cxlds.dev;
1022 	struct cxl_get_event_payload *payload;
1023 	u8 log_type = type;
1024 	u16 nr_rec;
1025 
1026 	mutex_lock(&mds->event.log_lock);
1027 	payload = mds->event.buf;
1028 
1029 	do {
1030 		int rc, i;
1031 		struct cxl_mbox_cmd mbox_cmd = (struct cxl_mbox_cmd) {
1032 			.opcode = CXL_MBOX_OP_GET_EVENT_RECORD,
1033 			.payload_in = &log_type,
1034 			.size_in = sizeof(log_type),
1035 			.payload_out = payload,
1036 			.size_out = cxl_mbox->payload_size,
1037 			.min_out = struct_size(payload, records, 0),
1038 		};
1039 
1040 		rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
1041 		if (rc) {
1042 			dev_err_ratelimited(dev,
1043 				"Event log '%d': Failed to query event records : %d",
1044 				type, rc);
1045 			break;
1046 		}
1047 
1048 		nr_rec = le16_to_cpu(payload->record_count);
1049 		if (!nr_rec)
1050 			break;
1051 
1052 		for (i = 0; i < nr_rec; i++)
1053 			__cxl_event_trace_record(cxlmd, type,
1054 						 &payload->records[i]);
1055 
1056 		if (payload->flags & CXL_GET_EVENT_FLAG_OVERFLOW)
1057 			trace_cxl_overflow(cxlmd, type, payload);
1058 
1059 		rc = cxl_clear_event_record(mds, type, payload);
1060 		if (rc) {
1061 			dev_err_ratelimited(dev,
1062 				"Event log '%d': Failed to clear events : %d",
1063 				type, rc);
1064 			break;
1065 		}
1066 	} while (nr_rec);
1067 
1068 	mutex_unlock(&mds->event.log_lock);
1069 }
1070 
1071 /**
1072  * cxl_mem_get_event_records - Get Event Records from the device
1073  * @mds: The driver data for the operation
1074  * @status: Event Status register value identifying which events are available.
1075  *
1076  * Retrieve all event records available on the device, report them as trace
1077  * events, and clear them.
1078  *
1079  * See CXL rev 3.0 @8.2.9.2.2 Get Event Records
1080  * See CXL rev 3.0 @8.2.9.2.3 Clear Event Records
1081  */
1082 void cxl_mem_get_event_records(struct cxl_memdev_state *mds, u32 status)
1083 {
1084 	dev_dbg(mds->cxlds.dev, "Reading event logs: %x\n", status);
1085 
1086 	if (status & CXLDEV_EVENT_STATUS_FATAL)
1087 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_FATAL);
1088 	if (status & CXLDEV_EVENT_STATUS_FAIL)
1089 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_FAIL);
1090 	if (status & CXLDEV_EVENT_STATUS_WARN)
1091 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_WARN);
1092 	if (status & CXLDEV_EVENT_STATUS_INFO)
1093 		cxl_mem_get_records_log(mds, CXL_EVENT_TYPE_INFO);
1094 }
1095 EXPORT_SYMBOL_NS_GPL(cxl_mem_get_event_records, "CXL");
1096 
1097 /**
1098  * cxl_mem_get_partition_info - Get partition info
1099  * @mds: The driver data for the operation
1100  *
1101  * Retrieve the current partition info for the device specified.  The active
1102  * values are the current capacity in bytes.  If not 0, the 'next' values are
1103  * the pending values, in bytes, which take affect on next cold reset.
1104  *
1105  * Return: 0 if no error: or the result of the mailbox command.
1106  *
1107  * See CXL @8.2.9.5.2.1 Get Partition Info
1108  */
1109 static int cxl_mem_get_partition_info(struct cxl_memdev_state *mds)
1110 {
1111 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
1112 	struct cxl_mbox_get_partition_info pi;
1113 	struct cxl_mbox_cmd mbox_cmd;
1114 	int rc;
1115 
1116 	mbox_cmd = (struct cxl_mbox_cmd) {
1117 		.opcode = CXL_MBOX_OP_GET_PARTITION_INFO,
1118 		.size_out = sizeof(pi),
1119 		.payload_out = &pi,
1120 	};
1121 	rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
1122 	if (rc)
1123 		return rc;
1124 
1125 	mds->active_volatile_bytes =
1126 		le64_to_cpu(pi.active_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
1127 	mds->active_persistent_bytes =
1128 		le64_to_cpu(pi.active_persistent_cap) * CXL_CAPACITY_MULTIPLIER;
1129 	mds->next_volatile_bytes =
1130 		le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
1131 	mds->next_persistent_bytes =
1132 		le64_to_cpu(pi.next_volatile_cap) * CXL_CAPACITY_MULTIPLIER;
1133 
1134 	return 0;
1135 }
1136 
1137 /**
1138  * cxl_dev_state_identify() - Send the IDENTIFY command to the device.
1139  * @mds: The driver data for the operation
1140  *
1141  * Return: 0 if identify was executed successfully or media not ready.
1142  *
1143  * This will dispatch the identify command to the device and on success populate
1144  * structures to be exported to sysfs.
1145  */
1146 int cxl_dev_state_identify(struct cxl_memdev_state *mds)
1147 {
1148 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
1149 	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
1150 	struct cxl_mbox_identify id;
1151 	struct cxl_mbox_cmd mbox_cmd;
1152 	u32 val;
1153 	int rc;
1154 
1155 	if (!mds->cxlds.media_ready)
1156 		return 0;
1157 
1158 	mbox_cmd = (struct cxl_mbox_cmd) {
1159 		.opcode = CXL_MBOX_OP_IDENTIFY,
1160 		.size_out = sizeof(id),
1161 		.payload_out = &id,
1162 	};
1163 	rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
1164 	if (rc < 0)
1165 		return rc;
1166 
1167 	mds->total_bytes =
1168 		le64_to_cpu(id.total_capacity) * CXL_CAPACITY_MULTIPLIER;
1169 	mds->volatile_only_bytes =
1170 		le64_to_cpu(id.volatile_capacity) * CXL_CAPACITY_MULTIPLIER;
1171 	mds->persistent_only_bytes =
1172 		le64_to_cpu(id.persistent_capacity) * CXL_CAPACITY_MULTIPLIER;
1173 	mds->partition_align_bytes =
1174 		le64_to_cpu(id.partition_align) * CXL_CAPACITY_MULTIPLIER;
1175 
1176 	mds->lsa_size = le32_to_cpu(id.lsa_size);
1177 	memcpy(mds->firmware_version, id.fw_revision,
1178 	       sizeof(id.fw_revision));
1179 
1180 	if (test_bit(CXL_POISON_ENABLED_LIST, mds->poison.enabled_cmds)) {
1181 		val = get_unaligned_le24(id.poison_list_max_mer);
1182 		mds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
1183 	}
1184 
1185 	return 0;
1186 }
1187 EXPORT_SYMBOL_NS_GPL(cxl_dev_state_identify, "CXL");
1188 
1189 static int __cxl_mem_sanitize(struct cxl_memdev_state *mds, u16 cmd)
1190 {
1191 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
1192 	int rc;
1193 	u32 sec_out = 0;
1194 	struct cxl_get_security_output {
1195 		__le32 flags;
1196 	} out;
1197 	struct cxl_mbox_cmd sec_cmd = {
1198 		.opcode = CXL_MBOX_OP_GET_SECURITY_STATE,
1199 		.payload_out = &out,
1200 		.size_out = sizeof(out),
1201 	};
1202 	struct cxl_mbox_cmd mbox_cmd = { .opcode = cmd };
1203 
1204 	if (cmd != CXL_MBOX_OP_SANITIZE && cmd != CXL_MBOX_OP_SECURE_ERASE)
1205 		return -EINVAL;
1206 
1207 	rc = cxl_internal_send_cmd(cxl_mbox, &sec_cmd);
1208 	if (rc < 0) {
1209 		dev_err(cxl_mbox->host, "Failed to get security state : %d", rc);
1210 		return rc;
1211 	}
1212 
1213 	/*
1214 	 * Prior to using these commands, any security applied to
1215 	 * the user data areas of the device shall be DISABLED (or
1216 	 * UNLOCKED for secure erase case).
1217 	 */
1218 	sec_out = le32_to_cpu(out.flags);
1219 	if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET)
1220 		return -EINVAL;
1221 
1222 	if (cmd == CXL_MBOX_OP_SECURE_ERASE &&
1223 	    sec_out & CXL_PMEM_SEC_STATE_LOCKED)
1224 		return -EINVAL;
1225 
1226 	rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
1227 	if (rc < 0) {
1228 		dev_err(cxl_mbox->host, "Failed to sanitize device : %d", rc);
1229 		return rc;
1230 	}
1231 
1232 	return 0;
1233 }
1234 
1235 
1236 /**
1237  * cxl_mem_sanitize() - Send a sanitization command to the device.
1238  * @cxlmd: The device for the operation
1239  * @cmd: The specific sanitization command opcode
1240  *
1241  * Return: 0 if the command was executed successfully, regardless of
1242  * whether or not the actual security operation is done in the background,
1243  * such as for the Sanitize case.
1244  * Error return values can be the result of the mailbox command, -EINVAL
1245  * when security requirements are not met or invalid contexts, or -EBUSY
1246  * if the sanitize operation is already in flight.
1247  *
1248  * See CXL 3.0 @8.2.9.8.5.1 Sanitize and @8.2.9.8.5.2 Secure Erase.
1249  */
1250 int cxl_mem_sanitize(struct cxl_memdev *cxlmd, u16 cmd)
1251 {
1252 	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
1253 	struct cxl_port  *endpoint;
1254 	int rc;
1255 
1256 	/* synchronize with cxl_mem_probe() and decoder write operations */
1257 	guard(device)(&cxlmd->dev);
1258 	endpoint = cxlmd->endpoint;
1259 	down_read(&cxl_region_rwsem);
1260 	/*
1261 	 * Require an endpoint to be safe otherwise the driver can not
1262 	 * be sure that the device is unmapped.
1263 	 */
1264 	if (endpoint && cxl_num_decoders_committed(endpoint) == 0)
1265 		rc = __cxl_mem_sanitize(mds, cmd);
1266 	else
1267 		rc = -EBUSY;
1268 	up_read(&cxl_region_rwsem);
1269 
1270 	return rc;
1271 }
1272 
1273 static int add_dpa_res(struct device *dev, struct resource *parent,
1274 		       struct resource *res, resource_size_t start,
1275 		       resource_size_t size, const char *type)
1276 {
1277 	int rc;
1278 
1279 	res->name = type;
1280 	res->start = start;
1281 	res->end = start + size - 1;
1282 	res->flags = IORESOURCE_MEM;
1283 	if (resource_size(res) == 0) {
1284 		dev_dbg(dev, "DPA(%s): no capacity\n", res->name);
1285 		return 0;
1286 	}
1287 	rc = request_resource(parent, res);
1288 	if (rc) {
1289 		dev_err(dev, "DPA(%s): failed to track %pr (%d)\n", res->name,
1290 			res, rc);
1291 		return rc;
1292 	}
1293 
1294 	dev_dbg(dev, "DPA(%s): %pr\n", res->name, res);
1295 
1296 	return 0;
1297 }
1298 
1299 int cxl_mem_create_range_info(struct cxl_memdev_state *mds)
1300 {
1301 	struct cxl_dev_state *cxlds = &mds->cxlds;
1302 	struct device *dev = cxlds->dev;
1303 	int rc;
1304 
1305 	if (!cxlds->media_ready) {
1306 		cxlds->dpa_res = DEFINE_RES_MEM(0, 0);
1307 		cxlds->ram_res = DEFINE_RES_MEM(0, 0);
1308 		cxlds->pmem_res = DEFINE_RES_MEM(0, 0);
1309 		return 0;
1310 	}
1311 
1312 	cxlds->dpa_res = DEFINE_RES_MEM(0, mds->total_bytes);
1313 
1314 	if (mds->partition_align_bytes == 0) {
1315 		rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1316 				 mds->volatile_only_bytes, "ram");
1317 		if (rc)
1318 			return rc;
1319 		return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1320 				   mds->volatile_only_bytes,
1321 				   mds->persistent_only_bytes, "pmem");
1322 	}
1323 
1324 	rc = cxl_mem_get_partition_info(mds);
1325 	if (rc) {
1326 		dev_err(dev, "Failed to query partition information\n");
1327 		return rc;
1328 	}
1329 
1330 	rc = add_dpa_res(dev, &cxlds->dpa_res, &cxlds->ram_res, 0,
1331 			 mds->active_volatile_bytes, "ram");
1332 	if (rc)
1333 		return rc;
1334 	return add_dpa_res(dev, &cxlds->dpa_res, &cxlds->pmem_res,
1335 			   mds->active_volatile_bytes,
1336 			   mds->active_persistent_bytes, "pmem");
1337 }
1338 EXPORT_SYMBOL_NS_GPL(cxl_mem_create_range_info, "CXL");
1339 
1340 int cxl_set_timestamp(struct cxl_memdev_state *mds)
1341 {
1342 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
1343 	struct cxl_mbox_cmd mbox_cmd;
1344 	struct cxl_mbox_set_timestamp_in pi;
1345 	int rc;
1346 
1347 	pi.timestamp = cpu_to_le64(ktime_get_real_ns());
1348 	mbox_cmd = (struct cxl_mbox_cmd) {
1349 		.opcode = CXL_MBOX_OP_SET_TIMESTAMP,
1350 		.size_in = sizeof(pi),
1351 		.payload_in = &pi,
1352 	};
1353 
1354 	rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
1355 	/*
1356 	 * Command is optional. Devices may have another way of providing
1357 	 * a timestamp, or may return all 0s in timestamp fields.
1358 	 * Don't report an error if this command isn't supported
1359 	 */
1360 	if (rc && (mbox_cmd.return_code != CXL_MBOX_CMD_RC_UNSUPPORTED))
1361 		return rc;
1362 
1363 	return 0;
1364 }
1365 EXPORT_SYMBOL_NS_GPL(cxl_set_timestamp, "CXL");
1366 
1367 int cxl_mem_get_poison(struct cxl_memdev *cxlmd, u64 offset, u64 len,
1368 		       struct cxl_region *cxlr)
1369 {
1370 	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
1371 	struct cxl_mailbox *cxl_mbox = &cxlmd->cxlds->cxl_mbox;
1372 	struct cxl_mbox_poison_out *po;
1373 	struct cxl_mbox_poison_in pi;
1374 	int nr_records = 0;
1375 	int rc;
1376 
1377 	rc = mutex_lock_interruptible(&mds->poison.lock);
1378 	if (rc)
1379 		return rc;
1380 
1381 	po = mds->poison.list_out;
1382 	pi.offset = cpu_to_le64(offset);
1383 	pi.length = cpu_to_le64(len / CXL_POISON_LEN_MULT);
1384 
1385 	do {
1386 		struct cxl_mbox_cmd mbox_cmd = (struct cxl_mbox_cmd){
1387 			.opcode = CXL_MBOX_OP_GET_POISON,
1388 			.size_in = sizeof(pi),
1389 			.payload_in = &pi,
1390 			.size_out = cxl_mbox->payload_size,
1391 			.payload_out = po,
1392 			.min_out = struct_size(po, record, 0),
1393 		};
1394 
1395 		rc = cxl_internal_send_cmd(cxl_mbox, &mbox_cmd);
1396 		if (rc)
1397 			break;
1398 
1399 		for (int i = 0; i < le16_to_cpu(po->count); i++)
1400 			trace_cxl_poison(cxlmd, cxlr, &po->record[i],
1401 					 po->flags, po->overflow_ts,
1402 					 CXL_POISON_TRACE_LIST);
1403 
1404 		/* Protect against an uncleared _FLAG_MORE */
1405 		nr_records = nr_records + le16_to_cpu(po->count);
1406 		if (nr_records >= mds->poison.max_errors) {
1407 			dev_dbg(&cxlmd->dev, "Max Error Records reached: %d\n",
1408 				nr_records);
1409 			break;
1410 		}
1411 	} while (po->flags & CXL_POISON_FLAG_MORE);
1412 
1413 	mutex_unlock(&mds->poison.lock);
1414 	return rc;
1415 }
1416 EXPORT_SYMBOL_NS_GPL(cxl_mem_get_poison, "CXL");
1417 
1418 static void free_poison_buf(void *buf)
1419 {
1420 	kvfree(buf);
1421 }
1422 
1423 /* Get Poison List output buffer is protected by mds->poison.lock */
1424 static int cxl_poison_alloc_buf(struct cxl_memdev_state *mds)
1425 {
1426 	struct cxl_mailbox *cxl_mbox = &mds->cxlds.cxl_mbox;
1427 
1428 	mds->poison.list_out = kvmalloc(cxl_mbox->payload_size, GFP_KERNEL);
1429 	if (!mds->poison.list_out)
1430 		return -ENOMEM;
1431 
1432 	return devm_add_action_or_reset(mds->cxlds.dev, free_poison_buf,
1433 					mds->poison.list_out);
1434 }
1435 
1436 int cxl_poison_state_init(struct cxl_memdev_state *mds)
1437 {
1438 	int rc;
1439 
1440 	if (!test_bit(CXL_POISON_ENABLED_LIST, mds->poison.enabled_cmds))
1441 		return 0;
1442 
1443 	rc = cxl_poison_alloc_buf(mds);
1444 	if (rc) {
1445 		clear_bit(CXL_POISON_ENABLED_LIST, mds->poison.enabled_cmds);
1446 		return rc;
1447 	}
1448 
1449 	mutex_init(&mds->poison.lock);
1450 	return 0;
1451 }
1452 EXPORT_SYMBOL_NS_GPL(cxl_poison_state_init, "CXL");
1453 
1454 int cxl_mailbox_init(struct cxl_mailbox *cxl_mbox, struct device *host)
1455 {
1456 	if (!cxl_mbox || !host)
1457 		return -EINVAL;
1458 
1459 	cxl_mbox->host = host;
1460 	mutex_init(&cxl_mbox->mbox_mutex);
1461 	rcuwait_init(&cxl_mbox->mbox_wait);
1462 
1463 	return 0;
1464 }
1465 EXPORT_SYMBOL_NS_GPL(cxl_mailbox_init, "CXL");
1466 
1467 struct cxl_memdev_state *cxl_memdev_state_create(struct device *dev)
1468 {
1469 	struct cxl_memdev_state *mds;
1470 
1471 	mds = devm_kzalloc(dev, sizeof(*mds), GFP_KERNEL);
1472 	if (!mds) {
1473 		dev_err(dev, "No memory available\n");
1474 		return ERR_PTR(-ENOMEM);
1475 	}
1476 
1477 	mutex_init(&mds->event.log_lock);
1478 	mds->cxlds.dev = dev;
1479 	mds->cxlds.reg_map.host = dev;
1480 	mds->cxlds.cxl_mbox.host = dev;
1481 	mds->cxlds.reg_map.resource = CXL_RESOURCE_NONE;
1482 	mds->cxlds.type = CXL_DEVTYPE_CLASSMEM;
1483 	mds->ram_perf.qos_class = CXL_QOS_CLASS_INVALID;
1484 	mds->pmem_perf.qos_class = CXL_QOS_CLASS_INVALID;
1485 
1486 	return mds;
1487 }
1488 EXPORT_SYMBOL_NS_GPL(cxl_memdev_state_create, "CXL");
1489 
1490 void __init cxl_mbox_init(void)
1491 {
1492 	struct dentry *mbox_debugfs;
1493 
1494 	mbox_debugfs = cxl_debugfs_create_dir("mbox");
1495 	debugfs_create_bool("raw_allow_all", 0600, mbox_debugfs,
1496 			    &cxl_raw_allow_all);
1497 }
1498