xref: /linux/drivers/s390/cio/vfio_ccw_cp.c (revision ec63e2a4897075e427c121d863bd89c44578094f)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * channel program interfaces
4  *
5  * Copyright IBM Corp. 2017
6  *
7  * Author(s): Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
8  *            Xiao Feng Ren <renxiaof@linux.vnet.ibm.com>
9  */
10 
11 #include <linux/mm.h>
12 #include <linux/slab.h>
13 #include <linux/iommu.h>
14 #include <linux/vfio.h>
15 #include <asm/idals.h>
16 
17 #include "vfio_ccw_cp.h"
18 
19 /*
20  * Max length for ccw chain.
21  * XXX: Limit to 256, need to check more?
22  */
23 #define CCWCHAIN_LEN_MAX	256
24 
25 struct pfn_array {
26 	/* Starting guest physical I/O address. */
27 	unsigned long		pa_iova;
28 	/* Array that stores PFNs of the pages need to pin. */
29 	unsigned long		*pa_iova_pfn;
30 	/* Array that receives PFNs of the pages pinned. */
31 	unsigned long		*pa_pfn;
32 	/* Number of pages pinned from @pa_iova. */
33 	int			pa_nr;
34 };
35 
36 struct pfn_array_table {
37 	struct pfn_array	*pat_pa;
38 	int			pat_nr;
39 };
40 
41 struct ccwchain {
42 	struct list_head	next;
43 	struct ccw1		*ch_ccw;
44 	/* Guest physical address of the current chain. */
45 	u64			ch_iova;
46 	/* Count of the valid ccws in chain. */
47 	int			ch_len;
48 	/* Pinned PAGEs for the original data. */
49 	struct pfn_array_table	*ch_pat;
50 };
51 
52 /*
53  * pfn_array_alloc_pin() - alloc memory for PFNs, then pin user pages in memory
54  * @pa: pfn_array on which to perform the operation
55  * @mdev: the mediated device to perform pin/unpin operations
56  * @iova: target guest physical address
57  * @len: number of bytes that should be pinned from @iova
58  *
59  * Attempt to allocate memory for PFNs, and pin user pages in memory.
60  *
61  * Usage of pfn_array:
62  * We expect (pa_nr == 0) and (pa_iova_pfn == NULL), any field in
63  * this structure will be filled in by this function.
64  *
65  * Returns:
66  *   Number of pages pinned on success.
67  *   If @pa->pa_nr is not 0, or @pa->pa_iova_pfn is not NULL initially,
68  *   returns -EINVAL.
69  *   If no pages were pinned, returns -errno.
70  */
71 static int pfn_array_alloc_pin(struct pfn_array *pa, struct device *mdev,
72 			       u64 iova, unsigned int len)
73 {
74 	int i, ret = 0;
75 
76 	if (!len)
77 		return 0;
78 
79 	if (pa->pa_nr || pa->pa_iova_pfn)
80 		return -EINVAL;
81 
82 	pa->pa_iova = iova;
83 
84 	pa->pa_nr = ((iova & ~PAGE_MASK) + len + (PAGE_SIZE - 1)) >> PAGE_SHIFT;
85 	if (!pa->pa_nr)
86 		return -EINVAL;
87 
88 	pa->pa_iova_pfn = kcalloc(pa->pa_nr,
89 				  sizeof(*pa->pa_iova_pfn) +
90 				  sizeof(*pa->pa_pfn),
91 				  GFP_KERNEL);
92 	if (unlikely(!pa->pa_iova_pfn))
93 		return -ENOMEM;
94 	pa->pa_pfn = pa->pa_iova_pfn + pa->pa_nr;
95 
96 	pa->pa_iova_pfn[0] = pa->pa_iova >> PAGE_SHIFT;
97 	for (i = 1; i < pa->pa_nr; i++)
98 		pa->pa_iova_pfn[i] = pa->pa_iova_pfn[i - 1] + 1;
99 
100 	ret = vfio_pin_pages(mdev, pa->pa_iova_pfn, pa->pa_nr,
101 			     IOMMU_READ | IOMMU_WRITE, pa->pa_pfn);
102 
103 	if (ret < 0) {
104 		goto err_out;
105 	} else if (ret > 0 && ret != pa->pa_nr) {
106 		vfio_unpin_pages(mdev, pa->pa_iova_pfn, ret);
107 		ret = -EINVAL;
108 		goto err_out;
109 	}
110 
111 	return ret;
112 
113 err_out:
114 	pa->pa_nr = 0;
115 	kfree(pa->pa_iova_pfn);
116 	pa->pa_iova_pfn = NULL;
117 
118 	return ret;
119 }
120 
121 /* Unpin the pages before releasing the memory. */
122 static void pfn_array_unpin_free(struct pfn_array *pa, struct device *mdev)
123 {
124 	vfio_unpin_pages(mdev, pa->pa_iova_pfn, pa->pa_nr);
125 	pa->pa_nr = 0;
126 	kfree(pa->pa_iova_pfn);
127 }
128 
129 static int pfn_array_table_init(struct pfn_array_table *pat, int nr)
130 {
131 	pat->pat_pa = kcalloc(nr, sizeof(*pat->pat_pa), GFP_KERNEL);
132 	if (unlikely(ZERO_OR_NULL_PTR(pat->pat_pa))) {
133 		pat->pat_nr = 0;
134 		return -ENOMEM;
135 	}
136 
137 	pat->pat_nr = nr;
138 
139 	return 0;
140 }
141 
142 static void pfn_array_table_unpin_free(struct pfn_array_table *pat,
143 				       struct device *mdev)
144 {
145 	int i;
146 
147 	for (i = 0; i < pat->pat_nr; i++)
148 		pfn_array_unpin_free(pat->pat_pa + i, mdev);
149 
150 	if (pat->pat_nr) {
151 		kfree(pat->pat_pa);
152 		pat->pat_pa = NULL;
153 		pat->pat_nr = 0;
154 	}
155 }
156 
157 static bool pfn_array_table_iova_pinned(struct pfn_array_table *pat,
158 					unsigned long iova)
159 {
160 	struct pfn_array *pa = pat->pat_pa;
161 	unsigned long iova_pfn = iova >> PAGE_SHIFT;
162 	int i, j;
163 
164 	for (i = 0; i < pat->pat_nr; i++, pa++)
165 		for (j = 0; j < pa->pa_nr; j++)
166 			if (pa->pa_iova_pfn[j] == iova_pfn)
167 				return true;
168 
169 	return false;
170 }
171 /* Create the list idal words for a pfn_array_table. */
172 static inline void pfn_array_table_idal_create_words(
173 	struct pfn_array_table *pat,
174 	unsigned long *idaws)
175 {
176 	struct pfn_array *pa;
177 	int i, j, k;
178 
179 	/*
180 	 * Idal words (execept the first one) rely on the memory being 4k
181 	 * aligned. If a user virtual address is 4K aligned, then it's
182 	 * corresponding kernel physical address will also be 4K aligned. Thus
183 	 * there will be no problem here to simply use the phys to create an
184 	 * idaw.
185 	 */
186 	k = 0;
187 	for (i = 0; i < pat->pat_nr; i++) {
188 		pa = pat->pat_pa + i;
189 		for (j = 0; j < pa->pa_nr; j++) {
190 			idaws[k] = pa->pa_pfn[j] << PAGE_SHIFT;
191 			if (k == 0)
192 				idaws[k] += pa->pa_iova & (PAGE_SIZE - 1);
193 			k++;
194 		}
195 	}
196 }
197 
198 
199 /*
200  * Within the domain (@mdev), copy @n bytes from a guest physical
201  * address (@iova) to a host physical address (@to).
202  */
203 static long copy_from_iova(struct device *mdev,
204 			   void *to, u64 iova,
205 			   unsigned long n)
206 {
207 	struct pfn_array pa = {0};
208 	u64 from;
209 	int i, ret;
210 	unsigned long l, m;
211 
212 	ret = pfn_array_alloc_pin(&pa, mdev, iova, n);
213 	if (ret <= 0)
214 		return ret;
215 
216 	l = n;
217 	for (i = 0; i < pa.pa_nr; i++) {
218 		from = pa.pa_pfn[i] << PAGE_SHIFT;
219 		m = PAGE_SIZE;
220 		if (i == 0) {
221 			from += iova & (PAGE_SIZE - 1);
222 			m -= iova & (PAGE_SIZE - 1);
223 		}
224 
225 		m = min(l, m);
226 		memcpy(to + (n - l), (void *)from, m);
227 
228 		l -= m;
229 		if (l == 0)
230 			break;
231 	}
232 
233 	pfn_array_unpin_free(&pa, mdev);
234 
235 	return l;
236 }
237 
238 static long copy_ccw_from_iova(struct channel_program *cp,
239 			       struct ccw1 *to, u64 iova,
240 			       unsigned long len)
241 {
242 	struct ccw0 ccw0;
243 	struct ccw1 *pccw1;
244 	int ret;
245 	int i;
246 
247 	ret = copy_from_iova(cp->mdev, to, iova, len * sizeof(struct ccw1));
248 	if (ret)
249 		return ret;
250 
251 	if (!cp->orb.cmd.fmt) {
252 		pccw1 = to;
253 		for (i = 0; i < len; i++) {
254 			ccw0 = *(struct ccw0 *)pccw1;
255 			if ((pccw1->cmd_code & 0x0f) == CCW_CMD_TIC) {
256 				pccw1->cmd_code = CCW_CMD_TIC;
257 				pccw1->flags = 0;
258 				pccw1->count = 0;
259 			} else {
260 				pccw1->cmd_code = ccw0.cmd_code;
261 				pccw1->flags = ccw0.flags;
262 				pccw1->count = ccw0.count;
263 			}
264 			pccw1->cda = ccw0.cda;
265 			pccw1++;
266 		}
267 	}
268 
269 	return ret;
270 }
271 
272 /*
273  * Helpers to operate ccwchain.
274  */
275 #define ccw_is_test(_ccw) (((_ccw)->cmd_code & 0x0F) == 0)
276 
277 #define ccw_is_noop(_ccw) ((_ccw)->cmd_code == CCW_CMD_NOOP)
278 
279 #define ccw_is_tic(_ccw) ((_ccw)->cmd_code == CCW_CMD_TIC)
280 
281 #define ccw_is_idal(_ccw) ((_ccw)->flags & CCW_FLAG_IDA)
282 
283 
284 #define ccw_is_chain(_ccw) ((_ccw)->flags & (CCW_FLAG_CC | CCW_FLAG_DC))
285 
286 /*
287  * is_cpa_within_range()
288  *
289  * @cpa: channel program address being questioned
290  * @head: address of the beginning of a CCW chain
291  * @len: number of CCWs within the chain
292  *
293  * Determine whether the address of a CCW (whether a new chain,
294  * or the target of a TIC) falls within a range (including the end points).
295  *
296  * Returns 1 if yes, 0 if no.
297  */
298 static inline int is_cpa_within_range(u32 cpa, u32 head, int len)
299 {
300 	u32 tail = head + (len - 1) * sizeof(struct ccw1);
301 
302 	return (head <= cpa && cpa <= tail);
303 }
304 
305 static inline int is_tic_within_range(struct ccw1 *ccw, u32 head, int len)
306 {
307 	if (!ccw_is_tic(ccw))
308 		return 0;
309 
310 	return is_cpa_within_range(ccw->cda, head, len);
311 }
312 
313 static struct ccwchain *ccwchain_alloc(struct channel_program *cp, int len)
314 {
315 	struct ccwchain *chain;
316 	void *data;
317 	size_t size;
318 
319 	/* Make ccw address aligned to 8. */
320 	size = ((sizeof(*chain) + 7L) & -8L) +
321 		sizeof(*chain->ch_ccw) * len +
322 		sizeof(*chain->ch_pat) * len;
323 	chain = kzalloc(size, GFP_DMA | GFP_KERNEL);
324 	if (!chain)
325 		return NULL;
326 
327 	data = (u8 *)chain + ((sizeof(*chain) + 7L) & -8L);
328 	chain->ch_ccw = (struct ccw1 *)data;
329 
330 	data = (u8 *)(chain->ch_ccw) + sizeof(*chain->ch_ccw) * len;
331 	chain->ch_pat = (struct pfn_array_table *)data;
332 
333 	chain->ch_len = len;
334 
335 	list_add_tail(&chain->next, &cp->ccwchain_list);
336 
337 	return chain;
338 }
339 
340 static void ccwchain_free(struct ccwchain *chain)
341 {
342 	list_del(&chain->next);
343 	kfree(chain);
344 }
345 
346 /* Free resource for a ccw that allocated memory for its cda. */
347 static void ccwchain_cda_free(struct ccwchain *chain, int idx)
348 {
349 	struct ccw1 *ccw = chain->ch_ccw + idx;
350 
351 	if (ccw_is_test(ccw) || ccw_is_noop(ccw) || ccw_is_tic(ccw))
352 		return;
353 	if (!ccw->count)
354 		return;
355 
356 	kfree((void *)(u64)ccw->cda);
357 }
358 
359 /* Unpin the pages then free the memory resources. */
360 static void cp_unpin_free(struct channel_program *cp)
361 {
362 	struct ccwchain *chain, *temp;
363 	int i;
364 
365 	list_for_each_entry_safe(chain, temp, &cp->ccwchain_list, next) {
366 		for (i = 0; i < chain->ch_len; i++) {
367 			pfn_array_table_unpin_free(chain->ch_pat + i,
368 						   cp->mdev);
369 			ccwchain_cda_free(chain, i);
370 		}
371 		ccwchain_free(chain);
372 	}
373 }
374 
375 /**
376  * ccwchain_calc_length - calculate the length of the ccw chain.
377  * @iova: guest physical address of the target ccw chain
378  * @cp: channel_program on which to perform the operation
379  *
380  * This is the chain length not considering any TICs.
381  * You need to do a new round for each TIC target.
382  *
383  * The program is also validated for absence of not yet supported
384  * indirect data addressing scenarios.
385  *
386  * Returns: the length of the ccw chain or -errno.
387  */
388 static int ccwchain_calc_length(u64 iova, struct channel_program *cp)
389 {
390 	struct ccw1 *ccw, *p;
391 	int cnt;
392 
393 	/*
394 	 * Copy current chain from guest to host kernel.
395 	 * Currently the chain length is limited to CCWCHAIN_LEN_MAX (256).
396 	 * So copying 2K is enough (safe).
397 	 */
398 	p = ccw = kcalloc(CCWCHAIN_LEN_MAX, sizeof(*ccw), GFP_KERNEL);
399 	if (!ccw)
400 		return -ENOMEM;
401 
402 	cnt = copy_ccw_from_iova(cp, ccw, iova, CCWCHAIN_LEN_MAX);
403 	if (cnt) {
404 		kfree(ccw);
405 		return cnt;
406 	}
407 
408 	cnt = 0;
409 	do {
410 		cnt++;
411 
412 		/*
413 		 * As we don't want to fail direct addressing even if the
414 		 * orb specified one of the unsupported formats, we defer
415 		 * checking for IDAWs in unsupported formats to here.
416 		 */
417 		if ((!cp->orb.cmd.c64 || cp->orb.cmd.i2k) && ccw_is_idal(ccw)) {
418 			kfree(p);
419 			return -EOPNOTSUPP;
420 		}
421 
422 		/*
423 		 * We want to keep counting if the current CCW has the
424 		 * command-chaining flag enabled, or if it is a TIC CCW
425 		 * that loops back into the current chain.  The latter
426 		 * is used for device orientation, where the CCW PRIOR to
427 		 * the TIC can either jump to the TIC or a CCW immediately
428 		 * after the TIC, depending on the results of its operation.
429 		 */
430 		if (!ccw_is_chain(ccw) && !is_tic_within_range(ccw, iova, cnt))
431 			break;
432 
433 		ccw++;
434 	} while (cnt < CCWCHAIN_LEN_MAX + 1);
435 
436 	if (cnt == CCWCHAIN_LEN_MAX + 1)
437 		cnt = -EINVAL;
438 
439 	kfree(p);
440 	return cnt;
441 }
442 
443 static int tic_target_chain_exists(struct ccw1 *tic, struct channel_program *cp)
444 {
445 	struct ccwchain *chain;
446 	u32 ccw_head;
447 
448 	list_for_each_entry(chain, &cp->ccwchain_list, next) {
449 		ccw_head = chain->ch_iova;
450 		if (is_cpa_within_range(tic->cda, ccw_head, chain->ch_len))
451 			return 1;
452 	}
453 
454 	return 0;
455 }
456 
457 static int ccwchain_loop_tic(struct ccwchain *chain,
458 			     struct channel_program *cp);
459 
460 static int ccwchain_handle_tic(struct ccw1 *tic, struct channel_program *cp)
461 {
462 	struct ccwchain *chain;
463 	int len, ret;
464 
465 	/* May transfer to an existing chain. */
466 	if (tic_target_chain_exists(tic, cp))
467 		return 0;
468 
469 	/* Get chain length. */
470 	len = ccwchain_calc_length(tic->cda, cp);
471 	if (len < 0)
472 		return len;
473 
474 	/* Need alloc a new chain for this one. */
475 	chain = ccwchain_alloc(cp, len);
476 	if (!chain)
477 		return -ENOMEM;
478 	chain->ch_iova = tic->cda;
479 
480 	/* Copy the new chain from user. */
481 	ret = copy_ccw_from_iova(cp, chain->ch_ccw, tic->cda, len);
482 	if (ret) {
483 		ccwchain_free(chain);
484 		return ret;
485 	}
486 
487 	/* Loop for tics on this new chain. */
488 	return ccwchain_loop_tic(chain, cp);
489 }
490 
491 /* Loop for TICs. */
492 static int ccwchain_loop_tic(struct ccwchain *chain, struct channel_program *cp)
493 {
494 	struct ccw1 *tic;
495 	int i, ret;
496 
497 	for (i = 0; i < chain->ch_len; i++) {
498 		tic = chain->ch_ccw + i;
499 
500 		if (!ccw_is_tic(tic))
501 			continue;
502 
503 		ret = ccwchain_handle_tic(tic, cp);
504 		if (ret)
505 			return ret;
506 	}
507 
508 	return 0;
509 }
510 
511 static int ccwchain_fetch_tic(struct ccwchain *chain,
512 			      int idx,
513 			      struct channel_program *cp)
514 {
515 	struct ccw1 *ccw = chain->ch_ccw + idx;
516 	struct ccwchain *iter;
517 	u32 ccw_head;
518 
519 	list_for_each_entry(iter, &cp->ccwchain_list, next) {
520 		ccw_head = iter->ch_iova;
521 		if (is_cpa_within_range(ccw->cda, ccw_head, iter->ch_len)) {
522 			ccw->cda = (__u32) (addr_t) (((char *)iter->ch_ccw) +
523 						     (ccw->cda - ccw_head));
524 			return 0;
525 		}
526 	}
527 
528 	return -EFAULT;
529 }
530 
531 static int ccwchain_fetch_direct(struct ccwchain *chain,
532 				 int idx,
533 				 struct channel_program *cp)
534 {
535 	struct ccw1 *ccw;
536 	struct pfn_array_table *pat;
537 	unsigned long *idaws;
538 	int ret;
539 
540 	ccw = chain->ch_ccw + idx;
541 
542 	if (!ccw->count) {
543 		/*
544 		 * We just want the translation result of any direct ccw
545 		 * to be an IDA ccw, so let's add the IDA flag for it.
546 		 * Although the flag will be ignored by firmware.
547 		 */
548 		ccw->flags |= CCW_FLAG_IDA;
549 		return 0;
550 	}
551 
552 	/*
553 	 * Pin data page(s) in memory.
554 	 * The number of pages actually is the count of the idaws which will be
555 	 * needed when translating a direct ccw to a idal ccw.
556 	 */
557 	pat = chain->ch_pat + idx;
558 	ret = pfn_array_table_init(pat, 1);
559 	if (ret)
560 		goto out_init;
561 
562 	ret = pfn_array_alloc_pin(pat->pat_pa, cp->mdev, ccw->cda, ccw->count);
563 	if (ret < 0)
564 		goto out_unpin;
565 
566 	/* Translate this direct ccw to a idal ccw. */
567 	idaws = kcalloc(ret, sizeof(*idaws), GFP_DMA | GFP_KERNEL);
568 	if (!idaws) {
569 		ret = -ENOMEM;
570 		goto out_unpin;
571 	}
572 	ccw->cda = (__u32) virt_to_phys(idaws);
573 	ccw->flags |= CCW_FLAG_IDA;
574 
575 	pfn_array_table_idal_create_words(pat, idaws);
576 
577 	return 0;
578 
579 out_unpin:
580 	pfn_array_table_unpin_free(pat, cp->mdev);
581 out_init:
582 	ccw->cda = 0;
583 	return ret;
584 }
585 
586 static int ccwchain_fetch_idal(struct ccwchain *chain,
587 			       int idx,
588 			       struct channel_program *cp)
589 {
590 	struct ccw1 *ccw;
591 	struct pfn_array_table *pat;
592 	unsigned long *idaws;
593 	u64 idaw_iova;
594 	unsigned int idaw_nr, idaw_len;
595 	int i, ret;
596 
597 	ccw = chain->ch_ccw + idx;
598 
599 	if (!ccw->count)
600 		return 0;
601 
602 	/* Calculate size of idaws. */
603 	ret = copy_from_iova(cp->mdev, &idaw_iova, ccw->cda, sizeof(idaw_iova));
604 	if (ret)
605 		return ret;
606 	idaw_nr = idal_nr_words((void *)(idaw_iova), ccw->count);
607 	idaw_len = idaw_nr * sizeof(*idaws);
608 
609 	/* Pin data page(s) in memory. */
610 	pat = chain->ch_pat + idx;
611 	ret = pfn_array_table_init(pat, idaw_nr);
612 	if (ret)
613 		goto out_init;
614 
615 	/* Translate idal ccw to use new allocated idaws. */
616 	idaws = kzalloc(idaw_len, GFP_DMA | GFP_KERNEL);
617 	if (!idaws) {
618 		ret = -ENOMEM;
619 		goto out_unpin;
620 	}
621 
622 	ret = copy_from_iova(cp->mdev, idaws, ccw->cda, idaw_len);
623 	if (ret)
624 		goto out_free_idaws;
625 
626 	ccw->cda = virt_to_phys(idaws);
627 
628 	for (i = 0; i < idaw_nr; i++) {
629 		idaw_iova = *(idaws + i);
630 
631 		ret = pfn_array_alloc_pin(pat->pat_pa + i, cp->mdev,
632 					  idaw_iova, 1);
633 		if (ret < 0)
634 			goto out_free_idaws;
635 	}
636 
637 	pfn_array_table_idal_create_words(pat, idaws);
638 
639 	return 0;
640 
641 out_free_idaws:
642 	kfree(idaws);
643 out_unpin:
644 	pfn_array_table_unpin_free(pat, cp->mdev);
645 out_init:
646 	ccw->cda = 0;
647 	return ret;
648 }
649 
650 /*
651  * Fetch one ccw.
652  * To reduce memory copy, we'll pin the cda page in memory,
653  * and to get rid of the cda 2G limitiaion of ccw1, we'll translate
654  * direct ccws to idal ccws.
655  */
656 static int ccwchain_fetch_one(struct ccwchain *chain,
657 			      int idx,
658 			      struct channel_program *cp)
659 {
660 	struct ccw1 *ccw = chain->ch_ccw + idx;
661 
662 	if (ccw_is_test(ccw) || ccw_is_noop(ccw))
663 		return 0;
664 
665 	if (ccw_is_tic(ccw))
666 		return ccwchain_fetch_tic(chain, idx, cp);
667 
668 	if (ccw_is_idal(ccw))
669 		return ccwchain_fetch_idal(chain, idx, cp);
670 
671 	return ccwchain_fetch_direct(chain, idx, cp);
672 }
673 
674 /**
675  * cp_init() - allocate ccwchains for a channel program.
676  * @cp: channel_program on which to perform the operation
677  * @mdev: the mediated device to perform pin/unpin operations
678  * @orb: control block for the channel program from the guest
679  *
680  * This creates one or more ccwchain(s), and copies the raw data of
681  * the target channel program from @orb->cmd.iova to the new ccwchain(s).
682  *
683  * Limitations:
684  * 1. Supports only prefetch enabled mode.
685  * 2. Supports idal(c64) ccw chaining.
686  * 3. Supports 4k idaw.
687  *
688  * Returns:
689  *   %0 on success and a negative error value on failure.
690  */
691 int cp_init(struct channel_program *cp, struct device *mdev, union orb *orb)
692 {
693 	u64 iova = orb->cmd.cpa;
694 	struct ccwchain *chain;
695 	int len, ret;
696 
697 	/*
698 	 * XXX:
699 	 * Only support prefetch enable mode now.
700 	 */
701 	if (!orb->cmd.pfch)
702 		return -EOPNOTSUPP;
703 
704 	INIT_LIST_HEAD(&cp->ccwchain_list);
705 	memcpy(&cp->orb, orb, sizeof(*orb));
706 	cp->mdev = mdev;
707 
708 	/* Get chain length. */
709 	len = ccwchain_calc_length(iova, cp);
710 	if (len < 0)
711 		return len;
712 
713 	/* Alloc mem for the head chain. */
714 	chain = ccwchain_alloc(cp, len);
715 	if (!chain)
716 		return -ENOMEM;
717 	chain->ch_iova = iova;
718 
719 	/* Copy the head chain from guest. */
720 	ret = copy_ccw_from_iova(cp, chain->ch_ccw, iova, len);
721 	if (ret) {
722 		ccwchain_free(chain);
723 		return ret;
724 	}
725 
726 	/* Now loop for its TICs. */
727 	ret = ccwchain_loop_tic(chain, cp);
728 	if (ret)
729 		cp_unpin_free(cp);
730 	/* It is safe to force: if not set but idals used
731 	 * ccwchain_calc_length returns an error.
732 	 */
733 	cp->orb.cmd.c64 = 1;
734 
735 	return ret;
736 }
737 
738 
739 /**
740  * cp_free() - free resources for channel program.
741  * @cp: channel_program on which to perform the operation
742  *
743  * This unpins the memory pages and frees the memory space occupied by
744  * @cp, which must have been returned by a previous call to cp_init().
745  * Otherwise, undefined behavior occurs.
746  */
747 void cp_free(struct channel_program *cp)
748 {
749 	cp_unpin_free(cp);
750 }
751 
752 /**
753  * cp_prefetch() - translate a guest physical address channel program to
754  *                 a real-device runnable channel program.
755  * @cp: channel_program on which to perform the operation
756  *
757  * This function translates the guest-physical-address channel program
758  * and stores the result to ccwchain list. @cp must have been
759  * initialized by a previous call with cp_init(). Otherwise, undefined
760  * behavior occurs.
761  * For each chain composing the channel program:
762  * - On entry ch_len holds the count of CCWs to be translated.
763  * - On exit ch_len is adjusted to the count of successfully translated CCWs.
764  * This allows cp_free to find in ch_len the count of CCWs to free in a chain.
765  *
766  * The S/390 CCW Translation APIS (prefixed by 'cp_') are introduced
767  * as helpers to do ccw chain translation inside the kernel. Basically
768  * they accept a channel program issued by a virtual machine, and
769  * translate the channel program to a real-device runnable channel
770  * program.
771  *
772  * These APIs will copy the ccws into kernel-space buffers, and update
773  * the guest phsical addresses with their corresponding host physical
774  * addresses.  Then channel I/O device drivers could issue the
775  * translated channel program to real devices to perform an I/O
776  * operation.
777  *
778  * These interfaces are designed to support translation only for
779  * channel programs, which are generated and formatted by a
780  * guest. Thus this will make it possible for things like VFIO to
781  * leverage the interfaces to passthrough a channel I/O mediated
782  * device in QEMU.
783  *
784  * We support direct ccw chaining by translating them to idal ccws.
785  *
786  * Returns:
787  *   %0 on success and a negative error value on failure.
788  */
789 int cp_prefetch(struct channel_program *cp)
790 {
791 	struct ccwchain *chain;
792 	int len, idx, ret;
793 
794 	list_for_each_entry(chain, &cp->ccwchain_list, next) {
795 		len = chain->ch_len;
796 		for (idx = 0; idx < len; idx++) {
797 			ret = ccwchain_fetch_one(chain, idx, cp);
798 			if (ret)
799 				goto out_err;
800 		}
801 	}
802 
803 	return 0;
804 out_err:
805 	/* Only cleanup the chain elements that were actually translated. */
806 	chain->ch_len = idx;
807 	list_for_each_entry_continue(chain, &cp->ccwchain_list, next) {
808 		chain->ch_len = 0;
809 	}
810 	return ret;
811 }
812 
813 /**
814  * cp_get_orb() - get the orb of the channel program
815  * @cp: channel_program on which to perform the operation
816  * @intparm: new intparm for the returned orb
817  * @lpm: candidate value of the logical-path mask for the returned orb
818  *
819  * This function returns the address of the updated orb of the channel
820  * program. Channel I/O device drivers could use this orb to issue a
821  * ssch.
822  */
823 union orb *cp_get_orb(struct channel_program *cp, u32 intparm, u8 lpm)
824 {
825 	union orb *orb;
826 	struct ccwchain *chain;
827 	struct ccw1 *cpa;
828 
829 	orb = &cp->orb;
830 
831 	orb->cmd.intparm = intparm;
832 	orb->cmd.fmt = 1;
833 	orb->cmd.key = PAGE_DEFAULT_KEY >> 4;
834 
835 	if (orb->cmd.lpm == 0)
836 		orb->cmd.lpm = lpm;
837 
838 	chain = list_first_entry(&cp->ccwchain_list, struct ccwchain, next);
839 	cpa = chain->ch_ccw;
840 	orb->cmd.cpa = (__u32) __pa(cpa);
841 
842 	return orb;
843 }
844 
845 /**
846  * cp_update_scsw() - update scsw for a channel program.
847  * @cp: channel_program on which to perform the operation
848  * @scsw: I/O results of the channel program and also the target to be
849  *        updated
850  *
851  * @scsw contains the I/O results of the channel program that pointed
852  * to by @cp. However what @scsw->cpa stores is a host physical
853  * address, which is meaningless for the guest, which is waiting for
854  * the I/O results.
855  *
856  * This function updates @scsw->cpa to its coressponding guest physical
857  * address.
858  */
859 void cp_update_scsw(struct channel_program *cp, union scsw *scsw)
860 {
861 	struct ccwchain *chain;
862 	u32 cpa = scsw->cmd.cpa;
863 	u32 ccw_head;
864 
865 	/*
866 	 * LATER:
867 	 * For now, only update the cmd.cpa part. We may need to deal with
868 	 * other portions of the schib as well, even if we don't return them
869 	 * in the ioctl directly. Path status changes etc.
870 	 */
871 	list_for_each_entry(chain, &cp->ccwchain_list, next) {
872 		ccw_head = (u32)(u64)chain->ch_ccw;
873 		if (is_cpa_within_range(cpa, ccw_head, chain->ch_len)) {
874 			/*
875 			 * (cpa - ccw_head) is the offset value of the host
876 			 * physical ccw to its chain head.
877 			 * Adding this value to the guest physical ccw chain
878 			 * head gets us the guest cpa.
879 			 */
880 			cpa = chain->ch_iova + (cpa - ccw_head);
881 			break;
882 		}
883 	}
884 
885 	scsw->cmd.cpa = cpa;
886 }
887 
888 /**
889  * cp_iova_pinned() - check if an iova is pinned for a ccw chain.
890  * @cp: channel_program on which to perform the operation
891  * @iova: the iova to check
892  *
893  * If the @iova is currently pinned for the ccw chain, return true;
894  * else return false.
895  */
896 bool cp_iova_pinned(struct channel_program *cp, u64 iova)
897 {
898 	struct ccwchain *chain;
899 	int i;
900 
901 	list_for_each_entry(chain, &cp->ccwchain_list, next) {
902 		for (i = 0; i < chain->ch_len; i++)
903 			if (pfn_array_table_iova_pinned(chain->ch_pat + i,
904 							iova))
905 				return true;
906 	}
907 
908 	return false;
909 }
910