1 // SPDX-License-Identifier: GPL-2.0+ 2 // Copyright 2017 IBM Corp. 3 #include <linux/sched/mm.h> 4 #include <linux/mutex.h> 5 #include <linux/mm_types.h> 6 #include <linux/mmu_context.h> 7 #include <asm/copro.h> 8 #include <asm/pnv-ocxl.h> 9 #include <misc/ocxl.h> 10 #include "ocxl_internal.h" 11 #include "trace.h" 12 13 14 #define SPA_PASID_BITS 15 15 #define SPA_PASID_MAX ((1 << SPA_PASID_BITS) - 1) 16 #define SPA_PE_MASK SPA_PASID_MAX 17 #define SPA_SPA_SIZE_LOG 22 /* Each SPA is 4 Mb */ 18 19 #define SPA_CFG_SF (1ull << (63-0)) 20 #define SPA_CFG_TA (1ull << (63-1)) 21 #define SPA_CFG_HV (1ull << (63-3)) 22 #define SPA_CFG_UV (1ull << (63-4)) 23 #define SPA_CFG_XLAT_hpt (0ull << (63-6)) /* Hashed page table (HPT) mode */ 24 #define SPA_CFG_XLAT_roh (2ull << (63-6)) /* Radix on HPT mode */ 25 #define SPA_CFG_XLAT_ror (3ull << (63-6)) /* Radix on Radix mode */ 26 #define SPA_CFG_PR (1ull << (63-49)) 27 #define SPA_CFG_TC (1ull << (63-54)) 28 #define SPA_CFG_DR (1ull << (63-59)) 29 30 #define SPA_XSL_TF (1ull << (63-3)) /* Translation fault */ 31 #define SPA_XSL_S (1ull << (63-38)) /* Store operation */ 32 33 #define SPA_PE_VALID 0x80000000 34 35 36 struct pe_data { 37 struct mm_struct *mm; 38 /* callback to trigger when a translation fault occurs */ 39 void (*xsl_err_cb)(void *data, u64 addr, u64 dsisr); 40 /* opaque pointer to be passed to the above callback */ 41 void *xsl_err_data; 42 struct rcu_head rcu; 43 }; 44 45 struct spa { 46 struct ocxl_process_element *spa_mem; 47 int spa_order; 48 struct mutex spa_lock; 49 struct radix_tree_root pe_tree; /* Maps PE handles to pe_data */ 50 char *irq_name; 51 int virq; 52 void __iomem *reg_dsisr; 53 void __iomem *reg_dar; 54 void __iomem *reg_tfc; 55 void __iomem *reg_pe_handle; 56 /* 57 * The following field are used by the memory fault 58 * interrupt handler. We can only have one interrupt at a 59 * time. The NPU won't raise another interrupt until the 60 * previous one has been ack'd by writing to the TFC register 61 */ 62 struct xsl_fault { 63 struct work_struct fault_work; 64 u64 pe; 65 u64 dsisr; 66 u64 dar; 67 struct pe_data pe_data; 68 } xsl_fault; 69 }; 70 71 /* 72 * A opencapi link can be used be by several PCI functions. We have 73 * one link per device slot. 74 * 75 * A linked list of opencapi links should suffice, as there's a 76 * limited number of opencapi slots on a system and lookup is only 77 * done when the device is probed 78 */ 79 struct ocxl_link { 80 struct list_head list; 81 struct kref ref; 82 int domain; 83 int bus; 84 int dev; 85 atomic_t irq_available; 86 struct spa *spa; 87 void *platform_data; 88 }; 89 static struct list_head links_list = LIST_HEAD_INIT(links_list); 90 static DEFINE_MUTEX(links_list_lock); 91 92 enum xsl_response { 93 CONTINUE, 94 ADDRESS_ERROR, 95 RESTART, 96 }; 97 98 99 static void read_irq(struct spa *spa, u64 *dsisr, u64 *dar, u64 *pe) 100 { 101 u64 reg; 102 103 *dsisr = in_be64(spa->reg_dsisr); 104 *dar = in_be64(spa->reg_dar); 105 reg = in_be64(spa->reg_pe_handle); 106 *pe = reg & SPA_PE_MASK; 107 } 108 109 static void ack_irq(struct spa *spa, enum xsl_response r) 110 { 111 u64 reg = 0; 112 113 /* continue is not supported */ 114 if (r == RESTART) 115 reg = PPC_BIT(31); 116 else if (r == ADDRESS_ERROR) 117 reg = PPC_BIT(30); 118 else 119 WARN(1, "Invalid irq response %d\n", r); 120 121 if (reg) { 122 trace_ocxl_fault_ack(spa->spa_mem, spa->xsl_fault.pe, 123 spa->xsl_fault.dsisr, spa->xsl_fault.dar, reg); 124 out_be64(spa->reg_tfc, reg); 125 } 126 } 127 128 static void xsl_fault_handler_bh(struct work_struct *fault_work) 129 { 130 vm_fault_t flt = 0; 131 unsigned long access, flags, inv_flags = 0; 132 enum xsl_response r; 133 struct xsl_fault *fault = container_of(fault_work, struct xsl_fault, 134 fault_work); 135 struct spa *spa = container_of(fault, struct spa, xsl_fault); 136 137 int rc; 138 139 /* 140 * We must release a reference on mm_users whenever exiting this 141 * function (taken in the memory fault interrupt handler) 142 */ 143 rc = copro_handle_mm_fault(fault->pe_data.mm, fault->dar, fault->dsisr, 144 &flt); 145 if (rc) { 146 pr_debug("copro_handle_mm_fault failed: %d\n", rc); 147 if (fault->pe_data.xsl_err_cb) { 148 fault->pe_data.xsl_err_cb( 149 fault->pe_data.xsl_err_data, 150 fault->dar, fault->dsisr); 151 } 152 r = ADDRESS_ERROR; 153 goto ack; 154 } 155 156 if (!radix_enabled()) { 157 /* 158 * update_mmu_cache() will not have loaded the hash 159 * since current->trap is not a 0x400 or 0x300, so 160 * just call hash_page_mm() here. 161 */ 162 access = _PAGE_PRESENT | _PAGE_READ; 163 if (fault->dsisr & SPA_XSL_S) 164 access |= _PAGE_WRITE; 165 166 if (get_region_id(fault->dar) != USER_REGION_ID) 167 access |= _PAGE_PRIVILEGED; 168 169 local_irq_save(flags); 170 hash_page_mm(fault->pe_data.mm, fault->dar, access, 0x300, 171 inv_flags); 172 local_irq_restore(flags); 173 } 174 r = RESTART; 175 ack: 176 mmput(fault->pe_data.mm); 177 ack_irq(spa, r); 178 } 179 180 static irqreturn_t xsl_fault_handler(int irq, void *data) 181 { 182 struct ocxl_link *link = (struct ocxl_link *) data; 183 struct spa *spa = link->spa; 184 u64 dsisr, dar, pe_handle; 185 struct pe_data *pe_data; 186 struct ocxl_process_element *pe; 187 int pid; 188 bool schedule = false; 189 190 read_irq(spa, &dsisr, &dar, &pe_handle); 191 trace_ocxl_fault(spa->spa_mem, pe_handle, dsisr, dar, -1); 192 193 WARN_ON(pe_handle > SPA_PE_MASK); 194 pe = spa->spa_mem + pe_handle; 195 pid = be32_to_cpu(pe->pid); 196 /* We could be reading all null values here if the PE is being 197 * removed while an interrupt kicks in. It's not supposed to 198 * happen if the driver notified the AFU to terminate the 199 * PASID, and the AFU waited for pending operations before 200 * acknowledging. But even if it happens, we won't find a 201 * memory context below and fail silently, so it should be ok. 202 */ 203 if (!(dsisr & SPA_XSL_TF)) { 204 WARN(1, "Invalid xsl interrupt fault register %#llx\n", dsisr); 205 ack_irq(spa, ADDRESS_ERROR); 206 return IRQ_HANDLED; 207 } 208 209 rcu_read_lock(); 210 pe_data = radix_tree_lookup(&spa->pe_tree, pe_handle); 211 if (!pe_data) { 212 /* 213 * Could only happen if the driver didn't notify the 214 * AFU about PASID termination before removing the PE, 215 * or the AFU didn't wait for all memory access to 216 * have completed. 217 * 218 * Either way, we fail early, but we shouldn't log an 219 * error message, as it is a valid (if unexpected) 220 * scenario 221 */ 222 rcu_read_unlock(); 223 pr_debug("Unknown mm context for xsl interrupt\n"); 224 ack_irq(spa, ADDRESS_ERROR); 225 return IRQ_HANDLED; 226 } 227 WARN_ON(pe_data->mm->context.id != pid); 228 229 if (mmget_not_zero(pe_data->mm)) { 230 spa->xsl_fault.pe = pe_handle; 231 spa->xsl_fault.dar = dar; 232 spa->xsl_fault.dsisr = dsisr; 233 spa->xsl_fault.pe_data = *pe_data; 234 schedule = true; 235 /* mm_users count released by bottom half */ 236 } 237 rcu_read_unlock(); 238 if (schedule) 239 schedule_work(&spa->xsl_fault.fault_work); 240 else 241 ack_irq(spa, ADDRESS_ERROR); 242 return IRQ_HANDLED; 243 } 244 245 static void unmap_irq_registers(struct spa *spa) 246 { 247 pnv_ocxl_unmap_xsl_regs(spa->reg_dsisr, spa->reg_dar, spa->reg_tfc, 248 spa->reg_pe_handle); 249 } 250 251 static int map_irq_registers(struct pci_dev *dev, struct spa *spa) 252 { 253 return pnv_ocxl_map_xsl_regs(dev, &spa->reg_dsisr, &spa->reg_dar, 254 &spa->reg_tfc, &spa->reg_pe_handle); 255 } 256 257 static int setup_xsl_irq(struct pci_dev *dev, struct ocxl_link *link) 258 { 259 struct spa *spa = link->spa; 260 int rc; 261 int hwirq; 262 263 rc = pnv_ocxl_get_xsl_irq(dev, &hwirq); 264 if (rc) 265 return rc; 266 267 rc = map_irq_registers(dev, spa); 268 if (rc) 269 return rc; 270 271 spa->irq_name = kasprintf(GFP_KERNEL, "ocxl-xsl-%x-%x-%x", 272 link->domain, link->bus, link->dev); 273 if (!spa->irq_name) { 274 dev_err(&dev->dev, "Can't allocate name for xsl interrupt\n"); 275 rc = -ENOMEM; 276 goto err_xsl; 277 } 278 /* 279 * At some point, we'll need to look into allowing a higher 280 * number of interrupts. Could we have an IRQ domain per link? 281 */ 282 spa->virq = irq_create_mapping(NULL, hwirq); 283 if (!spa->virq) { 284 dev_err(&dev->dev, 285 "irq_create_mapping failed for translation interrupt\n"); 286 rc = -EINVAL; 287 goto err_name; 288 } 289 290 dev_dbg(&dev->dev, "hwirq %d mapped to virq %d\n", hwirq, spa->virq); 291 292 rc = request_irq(spa->virq, xsl_fault_handler, 0, spa->irq_name, 293 link); 294 if (rc) { 295 dev_err(&dev->dev, 296 "request_irq failed for translation interrupt: %d\n", 297 rc); 298 rc = -EINVAL; 299 goto err_mapping; 300 } 301 return 0; 302 303 err_mapping: 304 irq_dispose_mapping(spa->virq); 305 err_name: 306 kfree(spa->irq_name); 307 err_xsl: 308 unmap_irq_registers(spa); 309 return rc; 310 } 311 312 static void release_xsl_irq(struct ocxl_link *link) 313 { 314 struct spa *spa = link->spa; 315 316 if (spa->virq) { 317 free_irq(spa->virq, link); 318 irq_dispose_mapping(spa->virq); 319 } 320 kfree(spa->irq_name); 321 unmap_irq_registers(spa); 322 } 323 324 static int alloc_spa(struct pci_dev *dev, struct ocxl_link *link) 325 { 326 struct spa *spa; 327 328 spa = kzalloc(sizeof(struct spa), GFP_KERNEL); 329 if (!spa) 330 return -ENOMEM; 331 332 mutex_init(&spa->spa_lock); 333 INIT_RADIX_TREE(&spa->pe_tree, GFP_KERNEL); 334 INIT_WORK(&spa->xsl_fault.fault_work, xsl_fault_handler_bh); 335 336 spa->spa_order = SPA_SPA_SIZE_LOG - PAGE_SHIFT; 337 spa->spa_mem = (struct ocxl_process_element *) 338 __get_free_pages(GFP_KERNEL | __GFP_ZERO, spa->spa_order); 339 if (!spa->spa_mem) { 340 dev_err(&dev->dev, "Can't allocate Shared Process Area\n"); 341 kfree(spa); 342 return -ENOMEM; 343 } 344 pr_debug("Allocated SPA for %x:%x:%x at %p\n", link->domain, link->bus, 345 link->dev, spa->spa_mem); 346 347 link->spa = spa; 348 return 0; 349 } 350 351 static void free_spa(struct ocxl_link *link) 352 { 353 struct spa *spa = link->spa; 354 355 pr_debug("Freeing SPA for %x:%x:%x\n", link->domain, link->bus, 356 link->dev); 357 358 if (spa && spa->spa_mem) { 359 free_pages((unsigned long) spa->spa_mem, spa->spa_order); 360 kfree(spa); 361 link->spa = NULL; 362 } 363 } 364 365 static int alloc_link(struct pci_dev *dev, int PE_mask, struct ocxl_link **out_link) 366 { 367 struct ocxl_link *link; 368 int rc; 369 370 link = kzalloc(sizeof(struct ocxl_link), GFP_KERNEL); 371 if (!link) 372 return -ENOMEM; 373 374 kref_init(&link->ref); 375 link->domain = pci_domain_nr(dev->bus); 376 link->bus = dev->bus->number; 377 link->dev = PCI_SLOT(dev->devfn); 378 atomic_set(&link->irq_available, MAX_IRQ_PER_LINK); 379 380 rc = alloc_spa(dev, link); 381 if (rc) 382 goto err_free; 383 384 rc = setup_xsl_irq(dev, link); 385 if (rc) 386 goto err_spa; 387 388 /* platform specific hook */ 389 rc = pnv_ocxl_spa_setup(dev, link->spa->spa_mem, PE_mask, 390 &link->platform_data); 391 if (rc) 392 goto err_xsl_irq; 393 394 *out_link = link; 395 return 0; 396 397 err_xsl_irq: 398 release_xsl_irq(link); 399 err_spa: 400 free_spa(link); 401 err_free: 402 kfree(link); 403 return rc; 404 } 405 406 static void free_link(struct ocxl_link *link) 407 { 408 release_xsl_irq(link); 409 free_spa(link); 410 kfree(link); 411 } 412 413 int ocxl_link_setup(struct pci_dev *dev, int PE_mask, void **link_handle) 414 { 415 int rc = 0; 416 struct ocxl_link *link; 417 418 mutex_lock(&links_list_lock); 419 list_for_each_entry(link, &links_list, list) { 420 /* The functions of a device all share the same link */ 421 if (link->domain == pci_domain_nr(dev->bus) && 422 link->bus == dev->bus->number && 423 link->dev == PCI_SLOT(dev->devfn)) { 424 kref_get(&link->ref); 425 *link_handle = link; 426 goto unlock; 427 } 428 } 429 rc = alloc_link(dev, PE_mask, &link); 430 if (rc) 431 goto unlock; 432 433 list_add(&link->list, &links_list); 434 *link_handle = link; 435 unlock: 436 mutex_unlock(&links_list_lock); 437 return rc; 438 } 439 EXPORT_SYMBOL_GPL(ocxl_link_setup); 440 441 static void release_xsl(struct kref *ref) 442 { 443 struct ocxl_link *link = container_of(ref, struct ocxl_link, ref); 444 445 list_del(&link->list); 446 /* call platform code before releasing data */ 447 pnv_ocxl_spa_release(link->platform_data); 448 free_link(link); 449 } 450 451 void ocxl_link_release(struct pci_dev *dev, void *link_handle) 452 { 453 struct ocxl_link *link = (struct ocxl_link *) link_handle; 454 455 mutex_lock(&links_list_lock); 456 kref_put(&link->ref, release_xsl); 457 mutex_unlock(&links_list_lock); 458 } 459 EXPORT_SYMBOL_GPL(ocxl_link_release); 460 461 static u64 calculate_cfg_state(bool kernel) 462 { 463 u64 state; 464 465 state = SPA_CFG_DR; 466 if (mfspr(SPRN_LPCR) & LPCR_TC) 467 state |= SPA_CFG_TC; 468 if (radix_enabled()) 469 state |= SPA_CFG_XLAT_ror; 470 else 471 state |= SPA_CFG_XLAT_hpt; 472 state |= SPA_CFG_HV; 473 if (kernel) { 474 if (mfmsr() & MSR_SF) 475 state |= SPA_CFG_SF; 476 } else { 477 state |= SPA_CFG_PR; 478 if (!test_tsk_thread_flag(current, TIF_32BIT)) 479 state |= SPA_CFG_SF; 480 } 481 return state; 482 } 483 484 int ocxl_link_add_pe(void *link_handle, int pasid, u32 pidr, u32 tidr, 485 u64 amr, struct mm_struct *mm, 486 void (*xsl_err_cb)(void *data, u64 addr, u64 dsisr), 487 void *xsl_err_data) 488 { 489 struct ocxl_link *link = (struct ocxl_link *) link_handle; 490 struct spa *spa = link->spa; 491 struct ocxl_process_element *pe; 492 int pe_handle, rc = 0; 493 struct pe_data *pe_data; 494 495 BUILD_BUG_ON(sizeof(struct ocxl_process_element) != 128); 496 if (pasid > SPA_PASID_MAX) 497 return -EINVAL; 498 499 mutex_lock(&spa->spa_lock); 500 pe_handle = pasid & SPA_PE_MASK; 501 pe = spa->spa_mem + pe_handle; 502 503 if (pe->software_state) { 504 rc = -EBUSY; 505 goto unlock; 506 } 507 508 pe_data = kmalloc(sizeof(*pe_data), GFP_KERNEL); 509 if (!pe_data) { 510 rc = -ENOMEM; 511 goto unlock; 512 } 513 514 pe_data->mm = mm; 515 pe_data->xsl_err_cb = xsl_err_cb; 516 pe_data->xsl_err_data = xsl_err_data; 517 518 memset(pe, 0, sizeof(struct ocxl_process_element)); 519 pe->config_state = cpu_to_be64(calculate_cfg_state(pidr == 0)); 520 pe->lpid = cpu_to_be32(mfspr(SPRN_LPID)); 521 pe->pid = cpu_to_be32(pidr); 522 pe->tid = cpu_to_be32(tidr); 523 pe->amr = cpu_to_be64(amr); 524 pe->software_state = cpu_to_be32(SPA_PE_VALID); 525 526 mm_context_add_copro(mm); 527 /* 528 * Barrier is to make sure PE is visible in the SPA before it 529 * is used by the device. It also helps with the global TLBI 530 * invalidation 531 */ 532 mb(); 533 radix_tree_insert(&spa->pe_tree, pe_handle, pe_data); 534 535 /* 536 * The mm must stay valid for as long as the device uses it. We 537 * lower the count when the context is removed from the SPA. 538 * 539 * We grab mm_count (and not mm_users), as we don't want to 540 * end up in a circular dependency if a process mmaps its 541 * mmio, therefore incrementing the file ref count when 542 * calling mmap(), and forgets to unmap before exiting. In 543 * that scenario, when the kernel handles the death of the 544 * process, the file is not cleaned because unmap was not 545 * called, and the mm wouldn't be freed because we would still 546 * have a reference on mm_users. Incrementing mm_count solves 547 * the problem. 548 */ 549 mmgrab(mm); 550 trace_ocxl_context_add(current->pid, spa->spa_mem, pasid, pidr, tidr); 551 unlock: 552 mutex_unlock(&spa->spa_lock); 553 return rc; 554 } 555 EXPORT_SYMBOL_GPL(ocxl_link_add_pe); 556 557 int ocxl_link_update_pe(void *link_handle, int pasid, __u16 tid) 558 { 559 struct ocxl_link *link = (struct ocxl_link *) link_handle; 560 struct spa *spa = link->spa; 561 struct ocxl_process_element *pe; 562 int pe_handle, rc; 563 564 if (pasid > SPA_PASID_MAX) 565 return -EINVAL; 566 567 pe_handle = pasid & SPA_PE_MASK; 568 pe = spa->spa_mem + pe_handle; 569 570 mutex_lock(&spa->spa_lock); 571 572 pe->tid = cpu_to_be32(tid); 573 574 /* 575 * The barrier makes sure the PE is updated 576 * before we clear the NPU context cache below, so that the 577 * old PE cannot be reloaded erroneously. 578 */ 579 mb(); 580 581 /* 582 * hook to platform code 583 * On powerpc, the entry needs to be cleared from the context 584 * cache of the NPU. 585 */ 586 rc = pnv_ocxl_spa_remove_pe_from_cache(link->platform_data, pe_handle); 587 WARN_ON(rc); 588 589 mutex_unlock(&spa->spa_lock); 590 return rc; 591 } 592 593 int ocxl_link_remove_pe(void *link_handle, int pasid) 594 { 595 struct ocxl_link *link = (struct ocxl_link *) link_handle; 596 struct spa *spa = link->spa; 597 struct ocxl_process_element *pe; 598 struct pe_data *pe_data; 599 int pe_handle, rc; 600 601 if (pasid > SPA_PASID_MAX) 602 return -EINVAL; 603 604 /* 605 * About synchronization with our memory fault handler: 606 * 607 * Before removing the PE, the driver is supposed to have 608 * notified the AFU, which should have cleaned up and make 609 * sure the PASID is no longer in use, including pending 610 * interrupts. However, there's no way to be sure... 611 * 612 * We clear the PE and remove the context from our radix 613 * tree. From that point on, any new interrupt for that 614 * context will fail silently, which is ok. As mentioned 615 * above, that's not expected, but it could happen if the 616 * driver or AFU didn't do the right thing. 617 * 618 * There could still be a bottom half running, but we don't 619 * need to wait/flush, as it is managing a reference count on 620 * the mm it reads from the radix tree. 621 */ 622 pe_handle = pasid & SPA_PE_MASK; 623 pe = spa->spa_mem + pe_handle; 624 625 mutex_lock(&spa->spa_lock); 626 627 if (!(be32_to_cpu(pe->software_state) & SPA_PE_VALID)) { 628 rc = -EINVAL; 629 goto unlock; 630 } 631 632 trace_ocxl_context_remove(current->pid, spa->spa_mem, pasid, 633 be32_to_cpu(pe->pid), be32_to_cpu(pe->tid)); 634 635 memset(pe, 0, sizeof(struct ocxl_process_element)); 636 /* 637 * The barrier makes sure the PE is removed from the SPA 638 * before we clear the NPU context cache below, so that the 639 * old PE cannot be reloaded erroneously. 640 */ 641 mb(); 642 643 /* 644 * hook to platform code 645 * On powerpc, the entry needs to be cleared from the context 646 * cache of the NPU. 647 */ 648 rc = pnv_ocxl_spa_remove_pe_from_cache(link->platform_data, pe_handle); 649 WARN_ON(rc); 650 651 pe_data = radix_tree_delete(&spa->pe_tree, pe_handle); 652 if (!pe_data) { 653 WARN(1, "Couldn't find pe data when removing PE\n"); 654 } else { 655 mm_context_remove_copro(pe_data->mm); 656 mmdrop(pe_data->mm); 657 kfree_rcu(pe_data, rcu); 658 } 659 unlock: 660 mutex_unlock(&spa->spa_lock); 661 return rc; 662 } 663 EXPORT_SYMBOL_GPL(ocxl_link_remove_pe); 664 665 int ocxl_link_irq_alloc(void *link_handle, int *hw_irq, u64 *trigger_addr) 666 { 667 struct ocxl_link *link = (struct ocxl_link *) link_handle; 668 int rc, irq; 669 u64 addr; 670 671 if (atomic_dec_if_positive(&link->irq_available) < 0) 672 return -ENOSPC; 673 674 rc = pnv_ocxl_alloc_xive_irq(&irq, &addr); 675 if (rc) { 676 atomic_inc(&link->irq_available); 677 return rc; 678 } 679 680 *hw_irq = irq; 681 *trigger_addr = addr; 682 return 0; 683 } 684 EXPORT_SYMBOL_GPL(ocxl_link_irq_alloc); 685 686 void ocxl_link_free_irq(void *link_handle, int hw_irq) 687 { 688 struct ocxl_link *link = (struct ocxl_link *) link_handle; 689 690 pnv_ocxl_free_xive_irq(hw_irq); 691 atomic_inc(&link->irq_available); 692 } 693 EXPORT_SYMBOL_GPL(ocxl_link_free_irq); 694