1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Access to PCI I/O memory from user space programs. 4 * 5 * Copyright IBM Corp. 2014 6 * Author(s): Alexey Ishchuk <aishchuk@linux.vnet.ibm.com> 7 */ 8 #include <linux/kernel.h> 9 #include <linux/syscalls.h> 10 #include <linux/init.h> 11 #include <linux/mm.h> 12 #include <linux/errno.h> 13 #include <linux/pci.h> 14 #include <asm/asm-extable.h> 15 #include <asm/pci_io.h> 16 #include <asm/pci_debug.h> 17 18 static inline void zpci_err_mmio(u8 cc, u8 status, u64 offset) 19 { 20 struct { 21 u64 offset; 22 u8 cc; 23 u8 status; 24 } data = {offset, cc, status}; 25 26 zpci_err_hex(&data, sizeof(data)); 27 } 28 29 static inline int __pcistb_mio_inuser( 30 void __iomem *ioaddr, const void __user *src, 31 u64 len, u8 *status) 32 { 33 int cc = -ENXIO; 34 35 asm volatile ( 36 " sacf 256\n" 37 "0: .insn rsy,0xeb00000000d4,%[len],%[ioaddr],%[src]\n" 38 "1: ipm %[cc]\n" 39 " srl %[cc],28\n" 40 "2: sacf 768\n" 41 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b) 42 : [cc] "+d" (cc), [len] "+d" (len) 43 : [ioaddr] "a" (ioaddr), [src] "Q" (*((u8 __force *)src)) 44 : "cc", "memory"); 45 *status = len >> 24 & 0xff; 46 return cc; 47 } 48 49 static inline int __pcistg_mio_inuser( 50 void __iomem *ioaddr, const void __user *src, 51 u64 ulen, u8 *status) 52 { 53 union register_pair ioaddr_len = {.even = (u64 __force)ioaddr, .odd = ulen}; 54 int cc = -ENXIO; 55 u64 val = 0; 56 u64 cnt = ulen; 57 u8 tmp; 58 59 /* 60 * copy 0 < @len <= 8 bytes from @src into the right most bytes of 61 * a register, then store it to PCI at @ioaddr while in secondary 62 * address space. pcistg then uses the user mappings. 63 */ 64 asm volatile ( 65 " sacf 256\n" 66 "0: llgc %[tmp],0(%[src])\n" 67 "4: sllg %[val],%[val],8\n" 68 " aghi %[src],1\n" 69 " ogr %[val],%[tmp]\n" 70 " brctg %[cnt],0b\n" 71 "1: .insn rre,0xb9d40000,%[val],%[ioaddr_len]\n" 72 "2: ipm %[cc]\n" 73 " srl %[cc],28\n" 74 "3: sacf 768\n" 75 EX_TABLE(0b, 3b) EX_TABLE(4b, 3b) EX_TABLE(1b, 3b) EX_TABLE(2b, 3b) 76 : 77 [src] "+a" (src), [cnt] "+d" (cnt), 78 [val] "+d" (val), [tmp] "=d" (tmp), 79 [cc] "+d" (cc), [ioaddr_len] "+&d" (ioaddr_len.pair) 80 :: "cc", "memory"); 81 *status = ioaddr_len.odd >> 24 & 0xff; 82 83 /* did we read everything from user memory? */ 84 if (!cc && cnt != 0) 85 cc = -EFAULT; 86 87 return cc; 88 } 89 90 static inline int __memcpy_toio_inuser(void __iomem *dst, 91 const void __user *src, size_t n) 92 { 93 int size, rc = 0; 94 u8 status = 0; 95 96 if (!src) 97 return -EINVAL; 98 99 while (n > 0) { 100 size = zpci_get_max_io_size((u64 __force) dst, 101 (u64 __force) src, n, 102 ZPCI_MAX_WRITE_SIZE); 103 if (size > 8) /* main path */ 104 rc = __pcistb_mio_inuser(dst, src, size, &status); 105 else 106 rc = __pcistg_mio_inuser(dst, src, size, &status); 107 if (rc) 108 break; 109 src += size; 110 dst += size; 111 n -= size; 112 } 113 if (rc) 114 zpci_err_mmio(rc, status, (__force u64) dst); 115 return rc; 116 } 117 118 SYSCALL_DEFINE3(s390_pci_mmio_write, unsigned long, mmio_addr, 119 const void __user *, user_buffer, size_t, length) 120 { 121 struct follow_pfnmap_args args = { }; 122 u8 local_buf[64]; 123 void __iomem *io_addr; 124 void *buf; 125 struct vm_area_struct *vma; 126 long ret; 127 128 if (!zpci_is_enabled()) 129 return -ENODEV; 130 131 if (length <= 0 || PAGE_SIZE - (mmio_addr & ~PAGE_MASK) < length) 132 return -EINVAL; 133 134 /* 135 * We only support write access to MIO capable devices if we are on 136 * a MIO enabled system. Otherwise we would have to check for every 137 * address if it is a special ZPCI_ADDR and would have to do 138 * a pfn lookup which we don't need for MIO capable devices. Currently 139 * ISM devices are the only devices without MIO support and there is no 140 * known need for accessing these from userspace. 141 */ 142 if (static_branch_likely(&have_mio)) { 143 ret = __memcpy_toio_inuser((void __iomem *) mmio_addr, 144 user_buffer, 145 length); 146 return ret; 147 } 148 149 if (length > 64) { 150 buf = kmalloc(length, GFP_KERNEL); 151 if (!buf) 152 return -ENOMEM; 153 } else 154 buf = local_buf; 155 156 ret = -EFAULT; 157 if (copy_from_user(buf, user_buffer, length)) 158 goto out_free; 159 160 mmap_read_lock(current->mm); 161 ret = -EINVAL; 162 vma = vma_lookup(current->mm, mmio_addr); 163 if (!vma) 164 goto out_unlock_mmap; 165 if (!(vma->vm_flags & (VM_IO | VM_PFNMAP))) 166 goto out_unlock_mmap; 167 ret = -EACCES; 168 if (!(vma->vm_flags & VM_WRITE)) 169 goto out_unlock_mmap; 170 171 args.address = mmio_addr; 172 args.vma = vma; 173 ret = follow_pfnmap_start(&args); 174 if (ret) 175 goto out_unlock_mmap; 176 177 io_addr = (void __iomem *)((args.pfn << PAGE_SHIFT) | 178 (mmio_addr & ~PAGE_MASK)); 179 180 if ((unsigned long) io_addr < ZPCI_IOMAP_ADDR_BASE) 181 goto out_unlock_pt; 182 183 ret = zpci_memcpy_toio(io_addr, buf, length); 184 out_unlock_pt: 185 follow_pfnmap_end(&args); 186 out_unlock_mmap: 187 mmap_read_unlock(current->mm); 188 out_free: 189 if (buf != local_buf) 190 kfree(buf); 191 return ret; 192 } 193 194 static inline int __pcilg_mio_inuser( 195 void __user *dst, const void __iomem *ioaddr, 196 u64 ulen, u8 *status) 197 { 198 union register_pair ioaddr_len = {.even = (u64 __force)ioaddr, .odd = ulen}; 199 u64 cnt = ulen; 200 int shift = ulen * 8; 201 int cc = -ENXIO; 202 u64 val, tmp; 203 204 /* 205 * read 0 < @len <= 8 bytes from the PCI memory mapped at @ioaddr (in 206 * user space) into a register using pcilg then store these bytes at 207 * user address @dst 208 */ 209 asm volatile ( 210 " sacf 256\n" 211 "0: .insn rre,0xb9d60000,%[val],%[ioaddr_len]\n" 212 "1: ipm %[cc]\n" 213 " srl %[cc],28\n" 214 " ltr %[cc],%[cc]\n" 215 " jne 4f\n" 216 "2: ahi %[shift],-8\n" 217 " srlg %[tmp],%[val],0(%[shift])\n" 218 "3: stc %[tmp],0(%[dst])\n" 219 "5: aghi %[dst],1\n" 220 " brctg %[cnt],2b\n" 221 "4: sacf 768\n" 222 EX_TABLE(0b, 4b) EX_TABLE(1b, 4b) EX_TABLE(3b, 4b) EX_TABLE(5b, 4b) 223 : 224 [ioaddr_len] "+&d" (ioaddr_len.pair), 225 [cc] "+d" (cc), [val] "=d" (val), 226 [dst] "+a" (dst), [cnt] "+d" (cnt), [tmp] "=d" (tmp), 227 [shift] "+d" (shift) 228 :: "cc", "memory"); 229 230 /* did we write everything to the user space buffer? */ 231 if (!cc && cnt != 0) 232 cc = -EFAULT; 233 234 *status = ioaddr_len.odd >> 24 & 0xff; 235 return cc; 236 } 237 238 static inline int __memcpy_fromio_inuser(void __user *dst, 239 const void __iomem *src, 240 unsigned long n) 241 { 242 int size, rc = 0; 243 u8 status; 244 245 while (n > 0) { 246 size = zpci_get_max_io_size((u64 __force) src, 247 (u64 __force) dst, n, 248 ZPCI_MAX_READ_SIZE); 249 rc = __pcilg_mio_inuser(dst, src, size, &status); 250 if (rc) 251 break; 252 src += size; 253 dst += size; 254 n -= size; 255 } 256 if (rc) 257 zpci_err_mmio(rc, status, (__force u64) dst); 258 return rc; 259 } 260 261 SYSCALL_DEFINE3(s390_pci_mmio_read, unsigned long, mmio_addr, 262 void __user *, user_buffer, size_t, length) 263 { 264 struct follow_pfnmap_args args = { }; 265 u8 local_buf[64]; 266 void __iomem *io_addr; 267 void *buf; 268 struct vm_area_struct *vma; 269 long ret; 270 271 if (!zpci_is_enabled()) 272 return -ENODEV; 273 274 if (length <= 0 || PAGE_SIZE - (mmio_addr & ~PAGE_MASK) < length) 275 return -EINVAL; 276 277 /* 278 * We only support read access to MIO capable devices if we are on 279 * a MIO enabled system. Otherwise we would have to check for every 280 * address if it is a special ZPCI_ADDR and would have to do 281 * a pfn lookup which we don't need for MIO capable devices. Currently 282 * ISM devices are the only devices without MIO support and there is no 283 * known need for accessing these from userspace. 284 */ 285 if (static_branch_likely(&have_mio)) { 286 ret = __memcpy_fromio_inuser( 287 user_buffer, (const void __iomem *)mmio_addr, 288 length); 289 return ret; 290 } 291 292 if (length > 64) { 293 buf = kmalloc(length, GFP_KERNEL); 294 if (!buf) 295 return -ENOMEM; 296 } else { 297 buf = local_buf; 298 } 299 300 mmap_read_lock(current->mm); 301 ret = -EINVAL; 302 vma = vma_lookup(current->mm, mmio_addr); 303 if (!vma) 304 goto out_unlock_mmap; 305 if (!(vma->vm_flags & (VM_IO | VM_PFNMAP))) 306 goto out_unlock_mmap; 307 ret = -EACCES; 308 if (!(vma->vm_flags & VM_WRITE)) 309 goto out_unlock_mmap; 310 311 args.vma = vma; 312 args.address = mmio_addr; 313 ret = follow_pfnmap_start(&args); 314 if (ret) 315 goto out_unlock_mmap; 316 317 io_addr = (void __iomem *)((args.pfn << PAGE_SHIFT) | 318 (mmio_addr & ~PAGE_MASK)); 319 320 if ((unsigned long) io_addr < ZPCI_IOMAP_ADDR_BASE) { 321 ret = -EFAULT; 322 goto out_unlock_pt; 323 } 324 ret = zpci_memcpy_fromio(buf, io_addr, length); 325 326 out_unlock_pt: 327 follow_pfnmap_end(&args); 328 out_unlock_mmap: 329 mmap_read_unlock(current->mm); 330 331 if (!ret && copy_to_user(user_buffer, buf, length)) 332 ret = -EFAULT; 333 334 if (buf != local_buf) 335 kfree(buf); 336 return ret; 337 } 338