1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) Microsoft Corporation.
4 *
5 * Author:
6 * Jake Oshins <jakeo@microsoft.com>
7 *
8 * This driver acts as a paravirtual front-end for PCI Express root buses.
9 * When a PCI Express function (either an entire device or an SR-IOV
10 * Virtual Function) is being passed through to the VM, this driver exposes
11 * a new bus to the guest VM. This is modeled as a root PCI bus because
12 * no bridges are being exposed to the VM. In fact, with a "Generation 2"
13 * VM within Hyper-V, there may seem to be no PCI bus at all in the VM
14 * until a device as been exposed using this driver.
15 *
16 * Each root PCI bus has its own PCI domain, which is called "Segment" in
17 * the PCI Firmware Specifications. Thus while each device passed through
18 * to the VM using this front-end will appear at "device 0", the domain will
19 * be unique. Typically, each bus will have one PCI function on it, though
20 * this driver does support more than one.
21 *
22 * In order to map the interrupts from the device through to the guest VM,
23 * this driver also implements an IRQ Domain, which handles interrupts (either
24 * MSI or MSI-X) associated with the functions on the bus. As interrupts are
25 * set up, torn down, or reaffined, this driver communicates with the
26 * underlying hypervisor to adjust the mappings in the I/O MMU so that each
27 * interrupt will be delivered to the correct virtual processor at the right
28 * vector. This driver does not support level-triggered (line-based)
29 * interrupts, and will report that the Interrupt Line register in the
30 * function's configuration space is zero.
31 *
32 * The rest of this driver mostly maps PCI concepts onto underlying Hyper-V
33 * facilities. For instance, the configuration space of a function exposed
34 * by Hyper-V is mapped into a single page of memory space, and the
35 * read and write handlers for config space must be aware of this mechanism.
36 * Similarly, device setup and teardown involves messages sent to and from
37 * the PCI back-end driver in Hyper-V.
38 */
39
40 #include <linux/kernel.h>
41 #include <linux/module.h>
42 #include <linux/pci.h>
43 #include <linux/delay.h>
44 #include <linux/semaphore.h>
45 #include <linux/irqdomain.h>
46 #include <asm/irqdomain.h>
47 #include <asm/apic.h>
48 #include <linux/irq.h>
49 #include <linux/msi.h>
50 #include <linux/hyperv.h>
51 #include <linux/refcount.h>
52 #include <asm/mshyperv.h>
53
54 /*
55 * Protocol versions. The low word is the minor version, the high word the
56 * major version.
57 */
58
59 #define PCI_MAKE_VERSION(major, minor) ((u32)(((major) << 16) | (minor)))
60 #define PCI_MAJOR_VERSION(version) ((u32)(version) >> 16)
61 #define PCI_MINOR_VERSION(version) ((u32)(version) & 0xff)
62
63 enum pci_protocol_version_t {
64 PCI_PROTOCOL_VERSION_1_1 = PCI_MAKE_VERSION(1, 1), /* Win10 */
65 PCI_PROTOCOL_VERSION_1_2 = PCI_MAKE_VERSION(1, 2), /* RS1 */
66 };
67
68 #define CPU_AFFINITY_ALL -1ULL
69
70 /*
71 * Supported protocol versions in the order of probing - highest go
72 * first.
73 */
74 static enum pci_protocol_version_t pci_protocol_versions[] = {
75 PCI_PROTOCOL_VERSION_1_2,
76 PCI_PROTOCOL_VERSION_1_1,
77 };
78
79 /*
80 * Protocol version negotiated by hv_pci_protocol_negotiation().
81 */
82 static enum pci_protocol_version_t pci_protocol_version;
83
84 #define PCI_CONFIG_MMIO_LENGTH 0x2000
85 #define CFG_PAGE_OFFSET 0x1000
86 #define CFG_PAGE_SIZE (PCI_CONFIG_MMIO_LENGTH - CFG_PAGE_OFFSET)
87
88 #define MAX_SUPPORTED_MSI_MESSAGES 0x400
89
90 #define STATUS_REVISION_MISMATCH 0xC0000059
91
92 /* space for 32bit serial number as string */
93 #define SLOT_NAME_SIZE 11
94
95 /*
96 * Message Types
97 */
98
99 enum pci_message_type {
100 /*
101 * Version 1.1
102 */
103 PCI_MESSAGE_BASE = 0x42490000,
104 PCI_BUS_RELATIONS = PCI_MESSAGE_BASE + 0,
105 PCI_QUERY_BUS_RELATIONS = PCI_MESSAGE_BASE + 1,
106 PCI_POWER_STATE_CHANGE = PCI_MESSAGE_BASE + 4,
107 PCI_QUERY_RESOURCE_REQUIREMENTS = PCI_MESSAGE_BASE + 5,
108 PCI_QUERY_RESOURCE_RESOURCES = PCI_MESSAGE_BASE + 6,
109 PCI_BUS_D0ENTRY = PCI_MESSAGE_BASE + 7,
110 PCI_BUS_D0EXIT = PCI_MESSAGE_BASE + 8,
111 PCI_READ_BLOCK = PCI_MESSAGE_BASE + 9,
112 PCI_WRITE_BLOCK = PCI_MESSAGE_BASE + 0xA,
113 PCI_EJECT = PCI_MESSAGE_BASE + 0xB,
114 PCI_QUERY_STOP = PCI_MESSAGE_BASE + 0xC,
115 PCI_REENABLE = PCI_MESSAGE_BASE + 0xD,
116 PCI_QUERY_STOP_FAILED = PCI_MESSAGE_BASE + 0xE,
117 PCI_EJECTION_COMPLETE = PCI_MESSAGE_BASE + 0xF,
118 PCI_RESOURCES_ASSIGNED = PCI_MESSAGE_BASE + 0x10,
119 PCI_RESOURCES_RELEASED = PCI_MESSAGE_BASE + 0x11,
120 PCI_INVALIDATE_BLOCK = PCI_MESSAGE_BASE + 0x12,
121 PCI_QUERY_PROTOCOL_VERSION = PCI_MESSAGE_BASE + 0x13,
122 PCI_CREATE_INTERRUPT_MESSAGE = PCI_MESSAGE_BASE + 0x14,
123 PCI_DELETE_INTERRUPT_MESSAGE = PCI_MESSAGE_BASE + 0x15,
124 PCI_RESOURCES_ASSIGNED2 = PCI_MESSAGE_BASE + 0x16,
125 PCI_CREATE_INTERRUPT_MESSAGE2 = PCI_MESSAGE_BASE + 0x17,
126 PCI_DELETE_INTERRUPT_MESSAGE2 = PCI_MESSAGE_BASE + 0x18, /* unused */
127 PCI_MESSAGE_MAXIMUM
128 };
129
130 /*
131 * Structures defining the virtual PCI Express protocol.
132 */
133
134 union pci_version {
135 struct {
136 u16 minor_version;
137 u16 major_version;
138 } parts;
139 u32 version;
140 } __packed;
141
142 /*
143 * Function numbers are 8-bits wide on Express, as interpreted through ARI,
144 * which is all this driver does. This representation is the one used in
145 * Windows, which is what is expected when sending this back and forth with
146 * the Hyper-V parent partition.
147 */
148 union win_slot_encoding {
149 struct {
150 u32 dev:5;
151 u32 func:3;
152 u32 reserved:24;
153 } bits;
154 u32 slot;
155 } __packed;
156
157 /*
158 * Pretty much as defined in the PCI Specifications.
159 */
160 struct pci_function_description {
161 u16 v_id; /* vendor ID */
162 u16 d_id; /* device ID */
163 u8 rev;
164 u8 prog_intf;
165 u8 subclass;
166 u8 base_class;
167 u32 subsystem_id;
168 union win_slot_encoding win_slot;
169 u32 ser; /* serial number */
170 } __packed;
171
172 /**
173 * struct hv_msi_desc
174 * @vector: IDT entry
175 * @delivery_mode: As defined in Intel's Programmer's
176 * Reference Manual, Volume 3, Chapter 8.
177 * @vector_count: Number of contiguous entries in the
178 * Interrupt Descriptor Table that are
179 * occupied by this Message-Signaled
180 * Interrupt. For "MSI", as first defined
181 * in PCI 2.2, this can be between 1 and
182 * 32. For "MSI-X," as first defined in PCI
183 * 3.0, this must be 1, as each MSI-X table
184 * entry would have its own descriptor.
185 * @reserved: Empty space
186 * @cpu_mask: All the target virtual processors.
187 */
188 struct hv_msi_desc {
189 u8 vector;
190 u8 delivery_mode;
191 u16 vector_count;
192 u32 reserved;
193 u64 cpu_mask;
194 } __packed;
195
196 /**
197 * struct hv_msi_desc2 - 1.2 version of hv_msi_desc
198 * @vector: IDT entry
199 * @delivery_mode: As defined in Intel's Programmer's
200 * Reference Manual, Volume 3, Chapter 8.
201 * @vector_count: Number of contiguous entries in the
202 * Interrupt Descriptor Table that are
203 * occupied by this Message-Signaled
204 * Interrupt. For "MSI", as first defined
205 * in PCI 2.2, this can be between 1 and
206 * 32. For "MSI-X," as first defined in PCI
207 * 3.0, this must be 1, as each MSI-X table
208 * entry would have its own descriptor.
209 * @processor_count: number of bits enabled in array.
210 * @processor_array: All the target virtual processors.
211 */
212 struct hv_msi_desc2 {
213 u8 vector;
214 u8 delivery_mode;
215 u16 vector_count;
216 u16 processor_count;
217 u16 processor_array[32];
218 } __packed;
219
220 /**
221 * struct tran_int_desc
222 * @reserved: unused, padding
223 * @vector_count: same as in hv_msi_desc
224 * @data: This is the "data payload" value that is
225 * written by the device when it generates
226 * a message-signaled interrupt, either MSI
227 * or MSI-X.
228 * @address: This is the address to which the data
229 * payload is written on interrupt
230 * generation.
231 */
232 struct tran_int_desc {
233 u16 reserved;
234 u16 vector_count;
235 u32 data;
236 u64 address;
237 } __packed;
238
239 /*
240 * A generic message format for virtual PCI.
241 * Specific message formats are defined later in the file.
242 */
243
244 struct pci_message {
245 u32 type;
246 } __packed;
247
248 struct pci_child_message {
249 struct pci_message message_type;
250 union win_slot_encoding wslot;
251 } __packed;
252
253 struct pci_incoming_message {
254 struct vmpacket_descriptor hdr;
255 struct pci_message message_type;
256 } __packed;
257
258 struct pci_response {
259 struct vmpacket_descriptor hdr;
260 s32 status; /* negative values are failures */
261 } __packed;
262
263 struct pci_packet {
264 void (*completion_func)(void *context, struct pci_response *resp,
265 int resp_packet_size);
266 void *compl_ctxt;
267
268 struct pci_message message[0];
269 };
270
271 /*
272 * Specific message types supporting the PCI protocol.
273 */
274
275 /*
276 * Version negotiation message. Sent from the guest to the host.
277 * The guest is free to try different versions until the host
278 * accepts the version.
279 *
280 * pci_version: The protocol version requested.
281 * is_last_attempt: If TRUE, this is the last version guest will request.
282 * reservedz: Reserved field, set to zero.
283 */
284
285 struct pci_version_request {
286 struct pci_message message_type;
287 u32 protocol_version;
288 } __packed;
289
290 /*
291 * Bus D0 Entry. This is sent from the guest to the host when the virtual
292 * bus (PCI Express port) is ready for action.
293 */
294
295 struct pci_bus_d0_entry {
296 struct pci_message message_type;
297 u32 reserved;
298 u64 mmio_base;
299 } __packed;
300
301 struct pci_bus_relations {
302 struct pci_incoming_message incoming;
303 u32 device_count;
304 struct pci_function_description func[0];
305 } __packed;
306
307 struct pci_q_res_req_response {
308 struct vmpacket_descriptor hdr;
309 s32 status; /* negative values are failures */
310 u32 probed_bar[6];
311 } __packed;
312
313 struct pci_set_power {
314 struct pci_message message_type;
315 union win_slot_encoding wslot;
316 u32 power_state; /* In Windows terms */
317 u32 reserved;
318 } __packed;
319
320 struct pci_set_power_response {
321 struct vmpacket_descriptor hdr;
322 s32 status; /* negative values are failures */
323 union win_slot_encoding wslot;
324 u32 resultant_state; /* In Windows terms */
325 u32 reserved;
326 } __packed;
327
328 struct pci_resources_assigned {
329 struct pci_message message_type;
330 union win_slot_encoding wslot;
331 u8 memory_range[0x14][6]; /* not used here */
332 u32 msi_descriptors;
333 u32 reserved[4];
334 } __packed;
335
336 struct pci_resources_assigned2 {
337 struct pci_message message_type;
338 union win_slot_encoding wslot;
339 u8 memory_range[0x14][6]; /* not used here */
340 u32 msi_descriptor_count;
341 u8 reserved[70];
342 } __packed;
343
344 struct pci_create_interrupt {
345 struct pci_message message_type;
346 union win_slot_encoding wslot;
347 struct hv_msi_desc int_desc;
348 } __packed;
349
350 struct pci_create_int_response {
351 struct pci_response response;
352 u32 reserved;
353 struct tran_int_desc int_desc;
354 } __packed;
355
356 struct pci_create_interrupt2 {
357 struct pci_message message_type;
358 union win_slot_encoding wslot;
359 struct hv_msi_desc2 int_desc;
360 } __packed;
361
362 struct pci_delete_interrupt {
363 struct pci_message message_type;
364 union win_slot_encoding wslot;
365 struct tran_int_desc int_desc;
366 } __packed;
367
368 /*
369 * Note: the VM must pass a valid block id, wslot and bytes_requested.
370 */
371 struct pci_read_block {
372 struct pci_message message_type;
373 u32 block_id;
374 union win_slot_encoding wslot;
375 u32 bytes_requested;
376 } __packed;
377
378 struct pci_read_block_response {
379 struct vmpacket_descriptor hdr;
380 u32 status;
381 u8 bytes[HV_CONFIG_BLOCK_SIZE_MAX];
382 } __packed;
383
384 /*
385 * Note: the VM must pass a valid block id, wslot and byte_count.
386 */
387 struct pci_write_block {
388 struct pci_message message_type;
389 u32 block_id;
390 union win_slot_encoding wslot;
391 u32 byte_count;
392 u8 bytes[HV_CONFIG_BLOCK_SIZE_MAX];
393 } __packed;
394
395 struct pci_dev_inval_block {
396 struct pci_incoming_message incoming;
397 union win_slot_encoding wslot;
398 u64 block_mask;
399 } __packed;
400
401 struct pci_dev_incoming {
402 struct pci_incoming_message incoming;
403 union win_slot_encoding wslot;
404 } __packed;
405
406 struct pci_eject_response {
407 struct pci_message message_type;
408 union win_slot_encoding wslot;
409 u32 status;
410 } __packed;
411
412 static int pci_ring_size = (4 * PAGE_SIZE);
413
414 /*
415 * Definitions or interrupt steering hypercall.
416 */
417 #define HV_PARTITION_ID_SELF ((u64)-1)
418 #define HVCALL_RETARGET_INTERRUPT 0x7e
419
420 struct hv_interrupt_entry {
421 u32 source; /* 1 for MSI(-X) */
422 u32 reserved1;
423 u32 address;
424 u32 data;
425 };
426
427 /*
428 * flags for hv_device_interrupt_target.flags
429 */
430 #define HV_DEVICE_INTERRUPT_TARGET_MULTICAST 1
431 #define HV_DEVICE_INTERRUPT_TARGET_PROCESSOR_SET 2
432
433 struct hv_device_interrupt_target {
434 u32 vector;
435 u32 flags;
436 union {
437 u64 vp_mask;
438 struct hv_vpset vp_set;
439 };
440 };
441
442 struct retarget_msi_interrupt {
443 u64 partition_id; /* use "self" */
444 u64 device_id;
445 struct hv_interrupt_entry int_entry;
446 u64 reserved2;
447 struct hv_device_interrupt_target int_target;
448 } __packed __aligned(8);
449
450 /*
451 * Driver specific state.
452 */
453
454 enum hv_pcibus_state {
455 hv_pcibus_init = 0,
456 hv_pcibus_probed,
457 hv_pcibus_installed,
458 hv_pcibus_removed,
459 hv_pcibus_maximum
460 };
461
462 struct hv_pcibus_device {
463 struct pci_sysdata sysdata;
464 enum hv_pcibus_state state;
465 refcount_t remove_lock;
466 struct hv_device *hdev;
467 resource_size_t low_mmio_space;
468 resource_size_t high_mmio_space;
469 struct resource *mem_config;
470 struct resource *low_mmio_res;
471 struct resource *high_mmio_res;
472 struct completion *survey_event;
473 struct completion remove_event;
474 struct pci_bus *pci_bus;
475 spinlock_t config_lock; /* Avoid two threads writing index page */
476 spinlock_t device_list_lock; /* Protect lists below */
477 void __iomem *cfg_addr;
478
479 struct list_head resources_for_children;
480
481 struct list_head children;
482 struct list_head dr_list;
483
484 struct msi_domain_info msi_info;
485 struct msi_controller msi_chip;
486 struct irq_domain *irq_domain;
487
488 spinlock_t retarget_msi_interrupt_lock;
489
490 struct workqueue_struct *wq;
491
492 /* hypercall arg, must not cross page boundary */
493 struct retarget_msi_interrupt retarget_msi_interrupt_params;
494
495 /*
496 * Don't put anything here: retarget_msi_interrupt_params must be last
497 */
498 };
499
500 /*
501 * Tracks "Device Relations" messages from the host, which must be both
502 * processed in order and deferred so that they don't run in the context
503 * of the incoming packet callback.
504 */
505 struct hv_dr_work {
506 struct work_struct wrk;
507 struct hv_pcibus_device *bus;
508 };
509
510 struct hv_dr_state {
511 struct list_head list_entry;
512 u32 device_count;
513 struct pci_function_description func[0];
514 };
515
516 enum hv_pcichild_state {
517 hv_pcichild_init = 0,
518 hv_pcichild_requirements,
519 hv_pcichild_resourced,
520 hv_pcichild_ejecting,
521 hv_pcichild_maximum
522 };
523
524 struct hv_pci_dev {
525 /* List protected by pci_rescan_remove_lock */
526 struct list_head list_entry;
527 refcount_t refs;
528 enum hv_pcichild_state state;
529 struct pci_slot *pci_slot;
530 struct pci_function_description desc;
531 bool reported_missing;
532 struct hv_pcibus_device *hbus;
533 struct work_struct wrk;
534
535 void (*block_invalidate)(void *context, u64 block_mask);
536 void *invalidate_context;
537
538 /*
539 * What would be observed if one wrote 0xFFFFFFFF to a BAR and then
540 * read it back, for each of the BAR offsets within config space.
541 */
542 u32 probed_bar[6];
543 };
544
545 struct hv_pci_compl {
546 struct completion host_event;
547 s32 completion_status;
548 };
549
550 static void hv_pci_onchannelcallback(void *context);
551
552 /**
553 * hv_pci_generic_compl() - Invoked for a completion packet
554 * @context: Set up by the sender of the packet.
555 * @resp: The response packet
556 * @resp_packet_size: Size in bytes of the packet
557 *
558 * This function is used to trigger an event and report status
559 * for any message for which the completion packet contains a
560 * status and nothing else.
561 */
hv_pci_generic_compl(void * context,struct pci_response * resp,int resp_packet_size)562 static void hv_pci_generic_compl(void *context, struct pci_response *resp,
563 int resp_packet_size)
564 {
565 struct hv_pci_compl *comp_pkt = context;
566
567 if (resp_packet_size >= offsetofend(struct pci_response, status))
568 comp_pkt->completion_status = resp->status;
569 else
570 comp_pkt->completion_status = -1;
571
572 complete(&comp_pkt->host_event);
573 }
574
575 static struct hv_pci_dev *get_pcichild_wslot(struct hv_pcibus_device *hbus,
576 u32 wslot);
577
get_pcichild(struct hv_pci_dev * hpdev)578 static void get_pcichild(struct hv_pci_dev *hpdev)
579 {
580 refcount_inc(&hpdev->refs);
581 }
582
put_pcichild(struct hv_pci_dev * hpdev)583 static void put_pcichild(struct hv_pci_dev *hpdev)
584 {
585 if (refcount_dec_and_test(&hpdev->refs))
586 kfree(hpdev);
587 }
588
589 static void get_hvpcibus(struct hv_pcibus_device *hv_pcibus);
590 static void put_hvpcibus(struct hv_pcibus_device *hv_pcibus);
591
592 /*
593 * There is no good way to get notified from vmbus_onoffer_rescind(),
594 * so let's use polling here, since this is not a hot path.
595 */
wait_for_response(struct hv_device * hdev,struct completion * comp)596 static int wait_for_response(struct hv_device *hdev,
597 struct completion *comp)
598 {
599 while (true) {
600 if (hdev->channel->rescind) {
601 dev_warn_once(&hdev->device, "The device is gone.\n");
602 return -ENODEV;
603 }
604
605 if (wait_for_completion_timeout(comp, HZ / 10))
606 break;
607 }
608
609 return 0;
610 }
611
612 /**
613 * devfn_to_wslot() - Convert from Linux PCI slot to Windows
614 * @devfn: The Linux representation of PCI slot
615 *
616 * Windows uses a slightly different representation of PCI slot.
617 *
618 * Return: The Windows representation
619 */
devfn_to_wslot(int devfn)620 static u32 devfn_to_wslot(int devfn)
621 {
622 union win_slot_encoding wslot;
623
624 wslot.slot = 0;
625 wslot.bits.dev = PCI_SLOT(devfn);
626 wslot.bits.func = PCI_FUNC(devfn);
627
628 return wslot.slot;
629 }
630
631 /**
632 * wslot_to_devfn() - Convert from Windows PCI slot to Linux
633 * @wslot: The Windows representation of PCI slot
634 *
635 * Windows uses a slightly different representation of PCI slot.
636 *
637 * Return: The Linux representation
638 */
wslot_to_devfn(u32 wslot)639 static int wslot_to_devfn(u32 wslot)
640 {
641 union win_slot_encoding slot_no;
642
643 slot_no.slot = wslot;
644 return PCI_DEVFN(slot_no.bits.dev, slot_no.bits.func);
645 }
646
647 /*
648 * PCI Configuration Space for these root PCI buses is implemented as a pair
649 * of pages in memory-mapped I/O space. Writing to the first page chooses
650 * the PCI function being written or read. Once the first page has been
651 * written to, the following page maps in the entire configuration space of
652 * the function.
653 */
654
655 /**
656 * _hv_pcifront_read_config() - Internal PCI config read
657 * @hpdev: The PCI driver's representation of the device
658 * @where: Offset within config space
659 * @size: Size of the transfer
660 * @val: Pointer to the buffer receiving the data
661 */
_hv_pcifront_read_config(struct hv_pci_dev * hpdev,int where,int size,u32 * val)662 static void _hv_pcifront_read_config(struct hv_pci_dev *hpdev, int where,
663 int size, u32 *val)
664 {
665 unsigned long flags;
666 void __iomem *addr = hpdev->hbus->cfg_addr + CFG_PAGE_OFFSET + where;
667
668 /*
669 * If the attempt is to read the IDs or the ROM BAR, simulate that.
670 */
671 if (where + size <= PCI_COMMAND) {
672 memcpy(val, ((u8 *)&hpdev->desc.v_id) + where, size);
673 } else if (where >= PCI_CLASS_REVISION && where + size <=
674 PCI_CACHE_LINE_SIZE) {
675 memcpy(val, ((u8 *)&hpdev->desc.rev) + where -
676 PCI_CLASS_REVISION, size);
677 } else if (where >= PCI_SUBSYSTEM_VENDOR_ID && where + size <=
678 PCI_ROM_ADDRESS) {
679 memcpy(val, (u8 *)&hpdev->desc.subsystem_id + where -
680 PCI_SUBSYSTEM_VENDOR_ID, size);
681 } else if (where >= PCI_ROM_ADDRESS && where + size <=
682 PCI_CAPABILITY_LIST) {
683 /* ROM BARs are unimplemented */
684 *val = 0;
685 } else if (where >= PCI_INTERRUPT_LINE && where + size <=
686 PCI_INTERRUPT_PIN) {
687 /*
688 * Interrupt Line and Interrupt PIN are hard-wired to zero
689 * because this front-end only supports message-signaled
690 * interrupts.
691 */
692 *val = 0;
693 } else if (where + size <= CFG_PAGE_SIZE) {
694 spin_lock_irqsave(&hpdev->hbus->config_lock, flags);
695 /* Choose the function to be read. (See comment above) */
696 writel(hpdev->desc.win_slot.slot, hpdev->hbus->cfg_addr);
697 /* Make sure the function was chosen before we start reading. */
698 mb();
699 /* Read from that function's config space. */
700 switch (size) {
701 case 1:
702 *val = readb(addr);
703 break;
704 case 2:
705 *val = readw(addr);
706 break;
707 default:
708 *val = readl(addr);
709 break;
710 }
711 /*
712 * Make sure the read was done before we release the spinlock
713 * allowing consecutive reads/writes.
714 */
715 mb();
716 spin_unlock_irqrestore(&hpdev->hbus->config_lock, flags);
717 } else {
718 dev_err(&hpdev->hbus->hdev->device,
719 "Attempt to read beyond a function's config space.\n");
720 }
721 }
722
hv_pcifront_get_vendor_id(struct hv_pci_dev * hpdev)723 static u16 hv_pcifront_get_vendor_id(struct hv_pci_dev *hpdev)
724 {
725 u16 ret;
726 unsigned long flags;
727 void __iomem *addr = hpdev->hbus->cfg_addr + CFG_PAGE_OFFSET +
728 PCI_VENDOR_ID;
729
730 spin_lock_irqsave(&hpdev->hbus->config_lock, flags);
731
732 /* Choose the function to be read. (See comment above) */
733 writel(hpdev->desc.win_slot.slot, hpdev->hbus->cfg_addr);
734 /* Make sure the function was chosen before we start reading. */
735 mb();
736 /* Read from that function's config space. */
737 ret = readw(addr);
738 /*
739 * mb() is not required here, because the spin_unlock_irqrestore()
740 * is a barrier.
741 */
742
743 spin_unlock_irqrestore(&hpdev->hbus->config_lock, flags);
744
745 return ret;
746 }
747
748 /**
749 * _hv_pcifront_write_config() - Internal PCI config write
750 * @hpdev: The PCI driver's representation of the device
751 * @where: Offset within config space
752 * @size: Size of the transfer
753 * @val: The data being transferred
754 */
_hv_pcifront_write_config(struct hv_pci_dev * hpdev,int where,int size,u32 val)755 static void _hv_pcifront_write_config(struct hv_pci_dev *hpdev, int where,
756 int size, u32 val)
757 {
758 unsigned long flags;
759 void __iomem *addr = hpdev->hbus->cfg_addr + CFG_PAGE_OFFSET + where;
760
761 if (where >= PCI_SUBSYSTEM_VENDOR_ID &&
762 where + size <= PCI_CAPABILITY_LIST) {
763 /* SSIDs and ROM BARs are read-only */
764 } else if (where >= PCI_COMMAND && where + size <= CFG_PAGE_SIZE) {
765 spin_lock_irqsave(&hpdev->hbus->config_lock, flags);
766 /* Choose the function to be written. (See comment above) */
767 writel(hpdev->desc.win_slot.slot, hpdev->hbus->cfg_addr);
768 /* Make sure the function was chosen before we start writing. */
769 wmb();
770 /* Write to that function's config space. */
771 switch (size) {
772 case 1:
773 writeb(val, addr);
774 break;
775 case 2:
776 writew(val, addr);
777 break;
778 default:
779 writel(val, addr);
780 break;
781 }
782 /*
783 * Make sure the write was done before we release the spinlock
784 * allowing consecutive reads/writes.
785 */
786 mb();
787 spin_unlock_irqrestore(&hpdev->hbus->config_lock, flags);
788 } else {
789 dev_err(&hpdev->hbus->hdev->device,
790 "Attempt to write beyond a function's config space.\n");
791 }
792 }
793
794 /**
795 * hv_pcifront_read_config() - Read configuration space
796 * @bus: PCI Bus structure
797 * @devfn: Device/function
798 * @where: Offset from base
799 * @size: Byte/word/dword
800 * @val: Value to be read
801 *
802 * Return: PCIBIOS_SUCCESSFUL on success
803 * PCIBIOS_DEVICE_NOT_FOUND on failure
804 */
hv_pcifront_read_config(struct pci_bus * bus,unsigned int devfn,int where,int size,u32 * val)805 static int hv_pcifront_read_config(struct pci_bus *bus, unsigned int devfn,
806 int where, int size, u32 *val)
807 {
808 struct hv_pcibus_device *hbus =
809 container_of(bus->sysdata, struct hv_pcibus_device, sysdata);
810 struct hv_pci_dev *hpdev;
811
812 hpdev = get_pcichild_wslot(hbus, devfn_to_wslot(devfn));
813 if (!hpdev)
814 return PCIBIOS_DEVICE_NOT_FOUND;
815
816 _hv_pcifront_read_config(hpdev, where, size, val);
817
818 put_pcichild(hpdev);
819 return PCIBIOS_SUCCESSFUL;
820 }
821
822 /**
823 * hv_pcifront_write_config() - Write configuration space
824 * @bus: PCI Bus structure
825 * @devfn: Device/function
826 * @where: Offset from base
827 * @size: Byte/word/dword
828 * @val: Value to be written to device
829 *
830 * Return: PCIBIOS_SUCCESSFUL on success
831 * PCIBIOS_DEVICE_NOT_FOUND on failure
832 */
hv_pcifront_write_config(struct pci_bus * bus,unsigned int devfn,int where,int size,u32 val)833 static int hv_pcifront_write_config(struct pci_bus *bus, unsigned int devfn,
834 int where, int size, u32 val)
835 {
836 struct hv_pcibus_device *hbus =
837 container_of(bus->sysdata, struct hv_pcibus_device, sysdata);
838 struct hv_pci_dev *hpdev;
839
840 hpdev = get_pcichild_wslot(hbus, devfn_to_wslot(devfn));
841 if (!hpdev)
842 return PCIBIOS_DEVICE_NOT_FOUND;
843
844 _hv_pcifront_write_config(hpdev, where, size, val);
845
846 put_pcichild(hpdev);
847 return PCIBIOS_SUCCESSFUL;
848 }
849
850 /* PCIe operations */
851 static struct pci_ops hv_pcifront_ops = {
852 .read = hv_pcifront_read_config,
853 .write = hv_pcifront_write_config,
854 };
855
856 /*
857 * Paravirtual backchannel
858 *
859 * Hyper-V SR-IOV provides a backchannel mechanism in software for
860 * communication between a VF driver and a PF driver. These
861 * "configuration blocks" are similar in concept to PCI configuration space,
862 * but instead of doing reads and writes in 32-bit chunks through a very slow
863 * path, packets of up to 128 bytes can be sent or received asynchronously.
864 *
865 * Nearly every SR-IOV device contains just such a communications channel in
866 * hardware, so using this one in software is usually optional. Using the
867 * software channel, however, allows driver implementers to leverage software
868 * tools that fuzz the communications channel looking for vulnerabilities.
869 *
870 * The usage model for these packets puts the responsibility for reading or
871 * writing on the VF driver. The VF driver sends a read or a write packet,
872 * indicating which "block" is being referred to by number.
873 *
874 * If the PF driver wishes to initiate communication, it can "invalidate" one or
875 * more of the first 64 blocks. This invalidation is delivered via a callback
876 * supplied by the VF driver by this driver.
877 *
878 * No protocol is implied, except that supplied by the PF and VF drivers.
879 */
880
881 struct hv_read_config_compl {
882 struct hv_pci_compl comp_pkt;
883 void *buf;
884 unsigned int len;
885 unsigned int bytes_returned;
886 };
887
888 /**
889 * hv_pci_read_config_compl() - Invoked when a response packet
890 * for a read config block operation arrives.
891 * @context: Identifies the read config operation
892 * @resp: The response packet itself
893 * @resp_packet_size: Size in bytes of the response packet
894 */
hv_pci_read_config_compl(void * context,struct pci_response * resp,int resp_packet_size)895 static void hv_pci_read_config_compl(void *context, struct pci_response *resp,
896 int resp_packet_size)
897 {
898 struct hv_read_config_compl *comp = context;
899 struct pci_read_block_response *read_resp =
900 (struct pci_read_block_response *)resp;
901 unsigned int data_len, hdr_len;
902
903 hdr_len = offsetof(struct pci_read_block_response, bytes);
904 if (resp_packet_size < hdr_len) {
905 comp->comp_pkt.completion_status = -1;
906 goto out;
907 }
908
909 data_len = resp_packet_size - hdr_len;
910 if (data_len > 0 && read_resp->status == 0) {
911 comp->bytes_returned = min(comp->len, data_len);
912 memcpy(comp->buf, read_resp->bytes, comp->bytes_returned);
913 } else {
914 comp->bytes_returned = 0;
915 }
916
917 comp->comp_pkt.completion_status = read_resp->status;
918 out:
919 complete(&comp->comp_pkt.host_event);
920 }
921
922 /**
923 * hv_read_config_block() - Sends a read config block request to
924 * the back-end driver running in the Hyper-V parent partition.
925 * @pdev: The PCI driver's representation for this device.
926 * @buf: Buffer into which the config block will be copied.
927 * @len: Size in bytes of buf.
928 * @block_id: Identifies the config block which has been requested.
929 * @bytes_returned: Size which came back from the back-end driver.
930 *
931 * Return: 0 on success, -errno on failure
932 */
hv_read_config_block(struct pci_dev * pdev,void * buf,unsigned int len,unsigned int block_id,unsigned int * bytes_returned)933 int hv_read_config_block(struct pci_dev *pdev, void *buf, unsigned int len,
934 unsigned int block_id, unsigned int *bytes_returned)
935 {
936 struct hv_pcibus_device *hbus =
937 container_of(pdev->bus->sysdata, struct hv_pcibus_device,
938 sysdata);
939 struct {
940 struct pci_packet pkt;
941 char buf[sizeof(struct pci_read_block)];
942 } pkt;
943 struct hv_read_config_compl comp_pkt;
944 struct pci_read_block *read_blk;
945 int ret;
946
947 if (len == 0 || len > HV_CONFIG_BLOCK_SIZE_MAX)
948 return -EINVAL;
949
950 init_completion(&comp_pkt.comp_pkt.host_event);
951 comp_pkt.buf = buf;
952 comp_pkt.len = len;
953
954 memset(&pkt, 0, sizeof(pkt));
955 pkt.pkt.completion_func = hv_pci_read_config_compl;
956 pkt.pkt.compl_ctxt = &comp_pkt;
957 read_blk = (struct pci_read_block *)&pkt.pkt.message;
958 read_blk->message_type.type = PCI_READ_BLOCK;
959 read_blk->wslot.slot = devfn_to_wslot(pdev->devfn);
960 read_blk->block_id = block_id;
961 read_blk->bytes_requested = len;
962
963 ret = vmbus_sendpacket(hbus->hdev->channel, read_blk,
964 sizeof(*read_blk), (unsigned long)&pkt.pkt,
965 VM_PKT_DATA_INBAND,
966 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
967 if (ret)
968 return ret;
969
970 ret = wait_for_response(hbus->hdev, &comp_pkt.comp_pkt.host_event);
971 if (ret)
972 return ret;
973
974 if (comp_pkt.comp_pkt.completion_status != 0 ||
975 comp_pkt.bytes_returned == 0) {
976 dev_err(&hbus->hdev->device,
977 "Read Config Block failed: 0x%x, bytes_returned=%d\n",
978 comp_pkt.comp_pkt.completion_status,
979 comp_pkt.bytes_returned);
980 return -EIO;
981 }
982
983 *bytes_returned = comp_pkt.bytes_returned;
984 return 0;
985 }
986
987 /**
988 * hv_pci_write_config_compl() - Invoked when a response packet for a write
989 * config block operation arrives.
990 * @context: Identifies the write config operation
991 * @resp: The response packet itself
992 * @resp_packet_size: Size in bytes of the response packet
993 */
hv_pci_write_config_compl(void * context,struct pci_response * resp,int resp_packet_size)994 static void hv_pci_write_config_compl(void *context, struct pci_response *resp,
995 int resp_packet_size)
996 {
997 struct hv_pci_compl *comp_pkt = context;
998
999 comp_pkt->completion_status = resp->status;
1000 complete(&comp_pkt->host_event);
1001 }
1002
1003 /**
1004 * hv_write_config_block() - Sends a write config block request to the
1005 * back-end driver running in the Hyper-V parent partition.
1006 * @pdev: The PCI driver's representation for this device.
1007 * @buf: Buffer from which the config block will be copied.
1008 * @len: Size in bytes of buf.
1009 * @block_id: Identifies the config block which is being written.
1010 *
1011 * Return: 0 on success, -errno on failure
1012 */
hv_write_config_block(struct pci_dev * pdev,void * buf,unsigned int len,unsigned int block_id)1013 int hv_write_config_block(struct pci_dev *pdev, void *buf, unsigned int len,
1014 unsigned int block_id)
1015 {
1016 struct hv_pcibus_device *hbus =
1017 container_of(pdev->bus->sysdata, struct hv_pcibus_device,
1018 sysdata);
1019 struct {
1020 struct pci_packet pkt;
1021 char buf[sizeof(struct pci_write_block)];
1022 u32 reserved;
1023 } pkt;
1024 struct hv_pci_compl comp_pkt;
1025 struct pci_write_block *write_blk;
1026 u32 pkt_size;
1027 int ret;
1028
1029 if (len == 0 || len > HV_CONFIG_BLOCK_SIZE_MAX)
1030 return -EINVAL;
1031
1032 init_completion(&comp_pkt.host_event);
1033
1034 memset(&pkt, 0, sizeof(pkt));
1035 pkt.pkt.completion_func = hv_pci_write_config_compl;
1036 pkt.pkt.compl_ctxt = &comp_pkt;
1037 write_blk = (struct pci_write_block *)&pkt.pkt.message;
1038 write_blk->message_type.type = PCI_WRITE_BLOCK;
1039 write_blk->wslot.slot = devfn_to_wslot(pdev->devfn);
1040 write_blk->block_id = block_id;
1041 write_blk->byte_count = len;
1042 memcpy(write_blk->bytes, buf, len);
1043 pkt_size = offsetof(struct pci_write_block, bytes) + len;
1044 /*
1045 * This quirk is required on some hosts shipped around 2018, because
1046 * these hosts don't check the pkt_size correctly (new hosts have been
1047 * fixed since early 2019). The quirk is also safe on very old hosts
1048 * and new hosts, because, on them, what really matters is the length
1049 * specified in write_blk->byte_count.
1050 */
1051 pkt_size += sizeof(pkt.reserved);
1052
1053 ret = vmbus_sendpacket(hbus->hdev->channel, write_blk, pkt_size,
1054 (unsigned long)&pkt.pkt, VM_PKT_DATA_INBAND,
1055 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
1056 if (ret)
1057 return ret;
1058
1059 ret = wait_for_response(hbus->hdev, &comp_pkt.host_event);
1060 if (ret)
1061 return ret;
1062
1063 if (comp_pkt.completion_status != 0) {
1064 dev_err(&hbus->hdev->device,
1065 "Write Config Block failed: 0x%x\n",
1066 comp_pkt.completion_status);
1067 return -EIO;
1068 }
1069
1070 return 0;
1071 }
1072
1073 /**
1074 * hv_register_block_invalidate() - Invoked when a config block invalidation
1075 * arrives from the back-end driver.
1076 * @pdev: The PCI driver's representation for this device.
1077 * @context: Identifies the device.
1078 * @block_invalidate: Identifies all of the blocks being invalidated.
1079 *
1080 * Return: 0 on success, -errno on failure
1081 */
hv_register_block_invalidate(struct pci_dev * pdev,void * context,void (* block_invalidate)(void * context,u64 block_mask))1082 int hv_register_block_invalidate(struct pci_dev *pdev, void *context,
1083 void (*block_invalidate)(void *context,
1084 u64 block_mask))
1085 {
1086 struct hv_pcibus_device *hbus =
1087 container_of(pdev->bus->sysdata, struct hv_pcibus_device,
1088 sysdata);
1089 struct hv_pci_dev *hpdev;
1090
1091 hpdev = get_pcichild_wslot(hbus, devfn_to_wslot(pdev->devfn));
1092 if (!hpdev)
1093 return -ENODEV;
1094
1095 hpdev->block_invalidate = block_invalidate;
1096 hpdev->invalidate_context = context;
1097
1098 put_pcichild(hpdev);
1099 return 0;
1100
1101 }
1102
1103 /* Interrupt management hooks */
hv_int_desc_free(struct hv_pci_dev * hpdev,struct tran_int_desc * int_desc)1104 static void hv_int_desc_free(struct hv_pci_dev *hpdev,
1105 struct tran_int_desc *int_desc)
1106 {
1107 struct pci_delete_interrupt *int_pkt;
1108 struct {
1109 struct pci_packet pkt;
1110 u8 buffer[sizeof(struct pci_delete_interrupt)];
1111 } ctxt;
1112
1113 memset(&ctxt, 0, sizeof(ctxt));
1114 int_pkt = (struct pci_delete_interrupt *)&ctxt.pkt.message;
1115 int_pkt->message_type.type =
1116 PCI_DELETE_INTERRUPT_MESSAGE;
1117 int_pkt->wslot.slot = hpdev->desc.win_slot.slot;
1118 int_pkt->int_desc = *int_desc;
1119 vmbus_sendpacket(hpdev->hbus->hdev->channel, int_pkt, sizeof(*int_pkt),
1120 (unsigned long)&ctxt.pkt, VM_PKT_DATA_INBAND, 0);
1121 kfree(int_desc);
1122 }
1123
1124 /**
1125 * hv_msi_free() - Free the MSI.
1126 * @domain: The interrupt domain pointer
1127 * @info: Extra MSI-related context
1128 * @irq: Identifies the IRQ.
1129 *
1130 * The Hyper-V parent partition and hypervisor are tracking the
1131 * messages that are in use, keeping the interrupt redirection
1132 * table up to date. This callback sends a message that frees
1133 * the IRT entry and related tracking nonsense.
1134 */
hv_msi_free(struct irq_domain * domain,struct msi_domain_info * info,unsigned int irq)1135 static void hv_msi_free(struct irq_domain *domain, struct msi_domain_info *info,
1136 unsigned int irq)
1137 {
1138 struct hv_pcibus_device *hbus;
1139 struct hv_pci_dev *hpdev;
1140 struct pci_dev *pdev;
1141 struct tran_int_desc *int_desc;
1142 struct irq_data *irq_data = irq_domain_get_irq_data(domain, irq);
1143 struct msi_desc *msi = irq_data_get_msi_desc(irq_data);
1144
1145 pdev = msi_desc_to_pci_dev(msi);
1146 hbus = info->data;
1147 int_desc = irq_data_get_irq_chip_data(irq_data);
1148 if (!int_desc)
1149 return;
1150
1151 irq_data->chip_data = NULL;
1152 hpdev = get_pcichild_wslot(hbus, devfn_to_wslot(pdev->devfn));
1153 if (!hpdev) {
1154 kfree(int_desc);
1155 return;
1156 }
1157
1158 hv_int_desc_free(hpdev, int_desc);
1159 put_pcichild(hpdev);
1160 }
1161
hv_set_affinity(struct irq_data * data,const struct cpumask * dest,bool force)1162 static int hv_set_affinity(struct irq_data *data, const struct cpumask *dest,
1163 bool force)
1164 {
1165 struct irq_data *parent = data->parent_data;
1166
1167 return parent->chip->irq_set_affinity(parent, dest, force);
1168 }
1169
hv_irq_mask(struct irq_data * data)1170 static void hv_irq_mask(struct irq_data *data)
1171 {
1172 pci_msi_mask_irq(data);
1173 }
1174
1175 /**
1176 * hv_irq_unmask() - "Unmask" the IRQ by setting its current
1177 * affinity.
1178 * @data: Describes the IRQ
1179 *
1180 * Build new a destination for the MSI and make a hypercall to
1181 * update the Interrupt Redirection Table. "Device Logical ID"
1182 * is built out of this PCI bus's instance GUID and the function
1183 * number of the device.
1184 */
hv_irq_unmask(struct irq_data * data)1185 static void hv_irq_unmask(struct irq_data *data)
1186 {
1187 struct msi_desc *msi_desc = irq_data_get_msi_desc(data);
1188 struct irq_cfg *cfg = irqd_cfg(data);
1189 struct retarget_msi_interrupt *params;
1190 struct hv_pcibus_device *hbus;
1191 struct cpumask *dest;
1192 cpumask_var_t tmp;
1193 struct pci_bus *pbus;
1194 struct pci_dev *pdev;
1195 unsigned long flags;
1196 u32 var_size = 0;
1197 int cpu, nr_bank;
1198 u64 res;
1199
1200 dest = irq_data_get_effective_affinity_mask(data);
1201 pdev = msi_desc_to_pci_dev(msi_desc);
1202 pbus = pdev->bus;
1203 hbus = container_of(pbus->sysdata, struct hv_pcibus_device, sysdata);
1204
1205 spin_lock_irqsave(&hbus->retarget_msi_interrupt_lock, flags);
1206
1207 params = &hbus->retarget_msi_interrupt_params;
1208 memset(params, 0, sizeof(*params));
1209 params->partition_id = HV_PARTITION_ID_SELF;
1210 params->int_entry.source = 1; /* MSI(-X) */
1211 params->int_entry.address = msi_desc->msg.address_lo;
1212 params->int_entry.data = msi_desc->msg.data;
1213 params->device_id = (hbus->hdev->dev_instance.b[5] << 24) |
1214 (hbus->hdev->dev_instance.b[4] << 16) |
1215 (hbus->hdev->dev_instance.b[7] << 8) |
1216 (hbus->hdev->dev_instance.b[6] & 0xf8) |
1217 PCI_FUNC(pdev->devfn);
1218 params->int_target.vector = cfg->vector;
1219
1220 /*
1221 * Honoring apic->irq_delivery_mode set to dest_Fixed by
1222 * setting the HV_DEVICE_INTERRUPT_TARGET_MULTICAST flag results in a
1223 * spurious interrupt storm. Not doing so does not seem to have a
1224 * negative effect (yet?).
1225 */
1226
1227 if (pci_protocol_version >= PCI_PROTOCOL_VERSION_1_2) {
1228 /*
1229 * PCI_PROTOCOL_VERSION_1_2 supports the VP_SET version of the
1230 * HVCALL_RETARGET_INTERRUPT hypercall, which also coincides
1231 * with >64 VP support.
1232 * ms_hyperv.hints & HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED
1233 * is not sufficient for this hypercall.
1234 */
1235 params->int_target.flags |=
1236 HV_DEVICE_INTERRUPT_TARGET_PROCESSOR_SET;
1237
1238 if (!alloc_cpumask_var(&tmp, GFP_ATOMIC)) {
1239 res = 1;
1240 goto exit_unlock;
1241 }
1242
1243 cpumask_and(tmp, dest, cpu_online_mask);
1244 nr_bank = cpumask_to_vpset(¶ms->int_target.vp_set, tmp);
1245 free_cpumask_var(tmp);
1246
1247 if (nr_bank <= 0) {
1248 res = 1;
1249 goto exit_unlock;
1250 }
1251
1252 /*
1253 * var-sized hypercall, var-size starts after vp_mask (thus
1254 * vp_set.format does not count, but vp_set.valid_bank_mask
1255 * does).
1256 */
1257 var_size = 1 + nr_bank;
1258 } else {
1259 for_each_cpu_and(cpu, dest, cpu_online_mask) {
1260 params->int_target.vp_mask |=
1261 (1ULL << hv_cpu_number_to_vp_number(cpu));
1262 }
1263 }
1264
1265 res = hv_do_hypercall(HVCALL_RETARGET_INTERRUPT | (var_size << 17),
1266 params, NULL);
1267
1268 exit_unlock:
1269 spin_unlock_irqrestore(&hbus->retarget_msi_interrupt_lock, flags);
1270
1271 if (res) {
1272 dev_err(&hbus->hdev->device,
1273 "%s() failed: %#llx", __func__, res);
1274 return;
1275 }
1276
1277 pci_msi_unmask_irq(data);
1278 }
1279
1280 struct compose_comp_ctxt {
1281 struct hv_pci_compl comp_pkt;
1282 struct tran_int_desc int_desc;
1283 };
1284
hv_pci_compose_compl(void * context,struct pci_response * resp,int resp_packet_size)1285 static void hv_pci_compose_compl(void *context, struct pci_response *resp,
1286 int resp_packet_size)
1287 {
1288 struct compose_comp_ctxt *comp_pkt = context;
1289 struct pci_create_int_response *int_resp =
1290 (struct pci_create_int_response *)resp;
1291
1292 comp_pkt->comp_pkt.completion_status = resp->status;
1293 comp_pkt->int_desc = int_resp->int_desc;
1294 complete(&comp_pkt->comp_pkt.host_event);
1295 }
1296
hv_compose_msi_req_v1(struct pci_create_interrupt * int_pkt,struct cpumask * affinity,u32 slot,u8 vector)1297 static u32 hv_compose_msi_req_v1(
1298 struct pci_create_interrupt *int_pkt, struct cpumask *affinity,
1299 u32 slot, u8 vector)
1300 {
1301 int_pkt->message_type.type = PCI_CREATE_INTERRUPT_MESSAGE;
1302 int_pkt->wslot.slot = slot;
1303 int_pkt->int_desc.vector = vector;
1304 int_pkt->int_desc.vector_count = 1;
1305 int_pkt->int_desc.delivery_mode = dest_Fixed;
1306
1307 /*
1308 * Create MSI w/ dummy vCPU set, overwritten by subsequent retarget in
1309 * hv_irq_unmask().
1310 */
1311 int_pkt->int_desc.cpu_mask = CPU_AFFINITY_ALL;
1312
1313 return sizeof(*int_pkt);
1314 }
1315
hv_compose_msi_req_v2(struct pci_create_interrupt2 * int_pkt,struct cpumask * affinity,u32 slot,u8 vector)1316 static u32 hv_compose_msi_req_v2(
1317 struct pci_create_interrupt2 *int_pkt, struct cpumask *affinity,
1318 u32 slot, u8 vector)
1319 {
1320 int cpu;
1321
1322 int_pkt->message_type.type = PCI_CREATE_INTERRUPT_MESSAGE2;
1323 int_pkt->wslot.slot = slot;
1324 int_pkt->int_desc.vector = vector;
1325 int_pkt->int_desc.vector_count = 1;
1326 int_pkt->int_desc.delivery_mode = dest_Fixed;
1327
1328 /*
1329 * Create MSI w/ dummy vCPU set targeting just one vCPU, overwritten
1330 * by subsequent retarget in hv_irq_unmask().
1331 */
1332 cpu = cpumask_first_and(affinity, cpu_online_mask);
1333 int_pkt->int_desc.processor_array[0] =
1334 hv_cpu_number_to_vp_number(cpu);
1335 int_pkt->int_desc.processor_count = 1;
1336
1337 return sizeof(*int_pkt);
1338 }
1339
1340 /**
1341 * hv_compose_msi_msg() - Supplies a valid MSI address/data
1342 * @data: Everything about this MSI
1343 * @msg: Buffer that is filled in by this function
1344 *
1345 * This function unpacks the IRQ looking for target CPU set, IDT
1346 * vector and mode and sends a message to the parent partition
1347 * asking for a mapping for that tuple in this partition. The
1348 * response supplies a data value and address to which that data
1349 * should be written to trigger that interrupt.
1350 */
hv_compose_msi_msg(struct irq_data * data,struct msi_msg * msg)1351 static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg)
1352 {
1353 struct irq_cfg *cfg = irqd_cfg(data);
1354 struct hv_pcibus_device *hbus;
1355 struct hv_pci_dev *hpdev;
1356 struct pci_bus *pbus;
1357 struct pci_dev *pdev;
1358 struct cpumask *dest;
1359 unsigned long flags;
1360 struct compose_comp_ctxt comp;
1361 struct tran_int_desc *int_desc;
1362 struct {
1363 struct pci_packet pci_pkt;
1364 union {
1365 struct pci_create_interrupt v1;
1366 struct pci_create_interrupt2 v2;
1367 } int_pkts;
1368 } __packed ctxt;
1369
1370 u32 size;
1371 int ret;
1372
1373 pdev = msi_desc_to_pci_dev(irq_data_get_msi_desc(data));
1374 dest = irq_data_get_effective_affinity_mask(data);
1375 pbus = pdev->bus;
1376 hbus = container_of(pbus->sysdata, struct hv_pcibus_device, sysdata);
1377 hpdev = get_pcichild_wslot(hbus, devfn_to_wslot(pdev->devfn));
1378 if (!hpdev)
1379 goto return_null_message;
1380
1381 /* Free any previous message that might have already been composed. */
1382 if (data->chip_data) {
1383 int_desc = data->chip_data;
1384 data->chip_data = NULL;
1385 hv_int_desc_free(hpdev, int_desc);
1386 }
1387
1388 int_desc = kzalloc(sizeof(*int_desc), GFP_ATOMIC);
1389 if (!int_desc)
1390 goto drop_reference;
1391
1392 memset(&ctxt, 0, sizeof(ctxt));
1393 init_completion(&comp.comp_pkt.host_event);
1394 ctxt.pci_pkt.completion_func = hv_pci_compose_compl;
1395 ctxt.pci_pkt.compl_ctxt = ∁
1396
1397 switch (pci_protocol_version) {
1398 case PCI_PROTOCOL_VERSION_1_1:
1399 size = hv_compose_msi_req_v1(&ctxt.int_pkts.v1,
1400 dest,
1401 hpdev->desc.win_slot.slot,
1402 cfg->vector);
1403 break;
1404
1405 case PCI_PROTOCOL_VERSION_1_2:
1406 size = hv_compose_msi_req_v2(&ctxt.int_pkts.v2,
1407 dest,
1408 hpdev->desc.win_slot.slot,
1409 cfg->vector);
1410 break;
1411
1412 default:
1413 /* As we only negotiate protocol versions known to this driver,
1414 * this path should never hit. However, this is it not a hot
1415 * path so we print a message to aid future updates.
1416 */
1417 dev_err(&hbus->hdev->device,
1418 "Unexpected vPCI protocol, update driver.");
1419 goto free_int_desc;
1420 }
1421
1422 ret = vmbus_sendpacket(hpdev->hbus->hdev->channel, &ctxt.int_pkts,
1423 size, (unsigned long)&ctxt.pci_pkt,
1424 VM_PKT_DATA_INBAND,
1425 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
1426 if (ret) {
1427 dev_err(&hbus->hdev->device,
1428 "Sending request for interrupt failed: 0x%x",
1429 comp.comp_pkt.completion_status);
1430 goto free_int_desc;
1431 }
1432
1433 /*
1434 * Since this function is called with IRQ locks held, can't
1435 * do normal wait for completion; instead poll.
1436 */
1437 while (!try_wait_for_completion(&comp.comp_pkt.host_event)) {
1438 /* 0xFFFF means an invalid PCI VENDOR ID. */
1439 if (hv_pcifront_get_vendor_id(hpdev) == 0xFFFF) {
1440 dev_err_once(&hbus->hdev->device,
1441 "the device has gone\n");
1442 goto free_int_desc;
1443 }
1444
1445 /*
1446 * When the higher level interrupt code calls us with
1447 * interrupt disabled, we must poll the channel by calling
1448 * the channel callback directly when channel->target_cpu is
1449 * the current CPU. When the higher level interrupt code
1450 * calls us with interrupt enabled, let's add the
1451 * local_irq_save()/restore() to avoid race:
1452 * hv_pci_onchannelcallback() can also run in tasklet.
1453 */
1454 local_irq_save(flags);
1455
1456 if (hbus->hdev->channel->target_cpu == smp_processor_id())
1457 hv_pci_onchannelcallback(hbus);
1458
1459 local_irq_restore(flags);
1460
1461 if (hpdev->state == hv_pcichild_ejecting) {
1462 dev_err_once(&hbus->hdev->device,
1463 "the device is being ejected\n");
1464 goto free_int_desc;
1465 }
1466
1467 udelay(100);
1468 }
1469
1470 if (comp.comp_pkt.completion_status < 0) {
1471 dev_err(&hbus->hdev->device,
1472 "Request for interrupt failed: 0x%x",
1473 comp.comp_pkt.completion_status);
1474 goto free_int_desc;
1475 }
1476
1477 /*
1478 * Record the assignment so that this can be unwound later. Using
1479 * irq_set_chip_data() here would be appropriate, but the lock it takes
1480 * is already held.
1481 */
1482 *int_desc = comp.int_desc;
1483 data->chip_data = int_desc;
1484
1485 /* Pass up the result. */
1486 msg->address_hi = comp.int_desc.address >> 32;
1487 msg->address_lo = comp.int_desc.address & 0xffffffff;
1488 msg->data = comp.int_desc.data;
1489
1490 put_pcichild(hpdev);
1491 return;
1492
1493 free_int_desc:
1494 kfree(int_desc);
1495 drop_reference:
1496 put_pcichild(hpdev);
1497 return_null_message:
1498 msg->address_hi = 0;
1499 msg->address_lo = 0;
1500 msg->data = 0;
1501 }
1502
1503 /* HW Interrupt Chip Descriptor */
1504 static struct irq_chip hv_msi_irq_chip = {
1505 .name = "Hyper-V PCIe MSI",
1506 .irq_compose_msi_msg = hv_compose_msi_msg,
1507 .irq_set_affinity = hv_set_affinity,
1508 .irq_ack = irq_chip_ack_parent,
1509 .irq_mask = hv_irq_mask,
1510 .irq_unmask = hv_irq_unmask,
1511 };
1512
hv_msi_domain_ops_get_hwirq(struct msi_domain_info * info,msi_alloc_info_t * arg)1513 static irq_hw_number_t hv_msi_domain_ops_get_hwirq(struct msi_domain_info *info,
1514 msi_alloc_info_t *arg)
1515 {
1516 return arg->msi_hwirq;
1517 }
1518
1519 static struct msi_domain_ops hv_msi_ops = {
1520 .get_hwirq = hv_msi_domain_ops_get_hwirq,
1521 .msi_prepare = pci_msi_prepare,
1522 .set_desc = pci_msi_set_desc,
1523 .msi_free = hv_msi_free,
1524 };
1525
1526 /**
1527 * hv_pcie_init_irq_domain() - Initialize IRQ domain
1528 * @hbus: The root PCI bus
1529 *
1530 * This function creates an IRQ domain which will be used for
1531 * interrupts from devices that have been passed through. These
1532 * devices only support MSI and MSI-X, not line-based interrupts
1533 * or simulations of line-based interrupts through PCIe's
1534 * fabric-layer messages. Because interrupts are remapped, we
1535 * can support multi-message MSI here.
1536 *
1537 * Return: '0' on success and error value on failure
1538 */
hv_pcie_init_irq_domain(struct hv_pcibus_device * hbus)1539 static int hv_pcie_init_irq_domain(struct hv_pcibus_device *hbus)
1540 {
1541 hbus->msi_info.chip = &hv_msi_irq_chip;
1542 hbus->msi_info.ops = &hv_msi_ops;
1543 hbus->msi_info.flags = (MSI_FLAG_USE_DEF_DOM_OPS |
1544 MSI_FLAG_USE_DEF_CHIP_OPS | MSI_FLAG_MULTI_PCI_MSI |
1545 MSI_FLAG_PCI_MSIX);
1546 hbus->msi_info.handler = handle_edge_irq;
1547 hbus->msi_info.handler_name = "edge";
1548 hbus->msi_info.data = hbus;
1549 hbus->irq_domain = pci_msi_create_irq_domain(hbus->sysdata.fwnode,
1550 &hbus->msi_info,
1551 x86_vector_domain);
1552 if (!hbus->irq_domain) {
1553 dev_err(&hbus->hdev->device,
1554 "Failed to build an MSI IRQ domain\n");
1555 return -ENODEV;
1556 }
1557
1558 return 0;
1559 }
1560
1561 /**
1562 * get_bar_size() - Get the address space consumed by a BAR
1563 * @bar_val: Value that a BAR returned after -1 was written
1564 * to it.
1565 *
1566 * This function returns the size of the BAR, rounded up to 1
1567 * page. It has to be rounded up because the hypervisor's page
1568 * table entry that maps the BAR into the VM can't specify an
1569 * offset within a page. The invariant is that the hypervisor
1570 * must place any BARs of smaller than page length at the
1571 * beginning of a page.
1572 *
1573 * Return: Size in bytes of the consumed MMIO space.
1574 */
get_bar_size(u64 bar_val)1575 static u64 get_bar_size(u64 bar_val)
1576 {
1577 return round_up((1 + ~(bar_val & PCI_BASE_ADDRESS_MEM_MASK)),
1578 PAGE_SIZE);
1579 }
1580
1581 /**
1582 * survey_child_resources() - Total all MMIO requirements
1583 * @hbus: Root PCI bus, as understood by this driver
1584 */
survey_child_resources(struct hv_pcibus_device * hbus)1585 static void survey_child_resources(struct hv_pcibus_device *hbus)
1586 {
1587 struct hv_pci_dev *hpdev;
1588 resource_size_t bar_size = 0;
1589 unsigned long flags;
1590 struct completion *event;
1591 u64 bar_val;
1592 int i;
1593
1594 /* If nobody is waiting on the answer, don't compute it. */
1595 event = xchg(&hbus->survey_event, NULL);
1596 if (!event)
1597 return;
1598
1599 /* If the answer has already been computed, go with it. */
1600 if (hbus->low_mmio_space || hbus->high_mmio_space) {
1601 complete(event);
1602 return;
1603 }
1604
1605 spin_lock_irqsave(&hbus->device_list_lock, flags);
1606
1607 /*
1608 * Due to an interesting quirk of the PCI spec, all memory regions
1609 * for a child device are a power of 2 in size and aligned in memory,
1610 * so it's sufficient to just add them up without tracking alignment.
1611 */
1612 list_for_each_entry(hpdev, &hbus->children, list_entry) {
1613 for (i = 0; i < 6; i++) {
1614 if (hpdev->probed_bar[i] & PCI_BASE_ADDRESS_SPACE_IO)
1615 dev_err(&hbus->hdev->device,
1616 "There's an I/O BAR in this list!\n");
1617
1618 if (hpdev->probed_bar[i] != 0) {
1619 /*
1620 * A probed BAR has all the upper bits set that
1621 * can be changed.
1622 */
1623
1624 bar_val = hpdev->probed_bar[i];
1625 if (bar_val & PCI_BASE_ADDRESS_MEM_TYPE_64)
1626 bar_val |=
1627 ((u64)hpdev->probed_bar[++i] << 32);
1628 else
1629 bar_val |= 0xffffffff00000000ULL;
1630
1631 bar_size = get_bar_size(bar_val);
1632
1633 if (bar_val & PCI_BASE_ADDRESS_MEM_TYPE_64)
1634 hbus->high_mmio_space += bar_size;
1635 else
1636 hbus->low_mmio_space += bar_size;
1637 }
1638 }
1639 }
1640
1641 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
1642 complete(event);
1643 }
1644
1645 /**
1646 * prepopulate_bars() - Fill in BARs with defaults
1647 * @hbus: Root PCI bus, as understood by this driver
1648 *
1649 * The core PCI driver code seems much, much happier if the BARs
1650 * for a device have values upon first scan. So fill them in.
1651 * The algorithm below works down from large sizes to small,
1652 * attempting to pack the assignments optimally. The assumption,
1653 * enforced in other parts of the code, is that the beginning of
1654 * the memory-mapped I/O space will be aligned on the largest
1655 * BAR size.
1656 */
prepopulate_bars(struct hv_pcibus_device * hbus)1657 static void prepopulate_bars(struct hv_pcibus_device *hbus)
1658 {
1659 resource_size_t high_size = 0;
1660 resource_size_t low_size = 0;
1661 resource_size_t high_base = 0;
1662 resource_size_t low_base = 0;
1663 resource_size_t bar_size;
1664 struct hv_pci_dev *hpdev;
1665 unsigned long flags;
1666 u64 bar_val;
1667 u32 command;
1668 bool high;
1669 int i;
1670
1671 if (hbus->low_mmio_space) {
1672 low_size = 1ULL << (63 - __builtin_clzll(hbus->low_mmio_space));
1673 low_base = hbus->low_mmio_res->start;
1674 }
1675
1676 if (hbus->high_mmio_space) {
1677 high_size = 1ULL <<
1678 (63 - __builtin_clzll(hbus->high_mmio_space));
1679 high_base = hbus->high_mmio_res->start;
1680 }
1681
1682 spin_lock_irqsave(&hbus->device_list_lock, flags);
1683
1684 /* Pick addresses for the BARs. */
1685 do {
1686 list_for_each_entry(hpdev, &hbus->children, list_entry) {
1687 for (i = 0; i < 6; i++) {
1688 bar_val = hpdev->probed_bar[i];
1689 if (bar_val == 0)
1690 continue;
1691 high = bar_val & PCI_BASE_ADDRESS_MEM_TYPE_64;
1692 if (high) {
1693 bar_val |=
1694 ((u64)hpdev->probed_bar[i + 1]
1695 << 32);
1696 } else {
1697 bar_val |= 0xffffffffULL << 32;
1698 }
1699 bar_size = get_bar_size(bar_val);
1700 if (high) {
1701 if (high_size != bar_size) {
1702 i++;
1703 continue;
1704 }
1705 _hv_pcifront_write_config(hpdev,
1706 PCI_BASE_ADDRESS_0 + (4 * i),
1707 4,
1708 (u32)(high_base & 0xffffff00));
1709 i++;
1710 _hv_pcifront_write_config(hpdev,
1711 PCI_BASE_ADDRESS_0 + (4 * i),
1712 4, (u32)(high_base >> 32));
1713 high_base += bar_size;
1714 } else {
1715 if (low_size != bar_size)
1716 continue;
1717 _hv_pcifront_write_config(hpdev,
1718 PCI_BASE_ADDRESS_0 + (4 * i),
1719 4,
1720 (u32)(low_base & 0xffffff00));
1721 low_base += bar_size;
1722 }
1723 }
1724 if (high_size <= 1 && low_size <= 1) {
1725 /* Set the memory enable bit. */
1726 _hv_pcifront_read_config(hpdev, PCI_COMMAND, 2,
1727 &command);
1728 command |= PCI_COMMAND_MEMORY;
1729 _hv_pcifront_write_config(hpdev, PCI_COMMAND, 2,
1730 command);
1731 break;
1732 }
1733 }
1734
1735 high_size >>= 1;
1736 low_size >>= 1;
1737 } while (high_size || low_size);
1738
1739 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
1740 }
1741
1742 /*
1743 * Assign entries in sysfs pci slot directory.
1744 *
1745 * Note that this function does not need to lock the children list
1746 * because it is called from pci_devices_present_work which
1747 * is serialized with hv_eject_device_work because they are on the
1748 * same ordered workqueue. Therefore hbus->children list will not change
1749 * even when pci_create_slot sleeps.
1750 */
hv_pci_assign_slots(struct hv_pcibus_device * hbus)1751 static void hv_pci_assign_slots(struct hv_pcibus_device *hbus)
1752 {
1753 struct hv_pci_dev *hpdev;
1754 char name[SLOT_NAME_SIZE];
1755 int slot_nr;
1756
1757 list_for_each_entry(hpdev, &hbus->children, list_entry) {
1758 if (hpdev->pci_slot)
1759 continue;
1760
1761 slot_nr = PCI_SLOT(wslot_to_devfn(hpdev->desc.win_slot.slot));
1762 snprintf(name, SLOT_NAME_SIZE, "%u", hpdev->desc.ser);
1763 hpdev->pci_slot = pci_create_slot(hbus->pci_bus, slot_nr,
1764 name, NULL);
1765 if (IS_ERR(hpdev->pci_slot)) {
1766 pr_warn("pci_create slot %s failed\n", name);
1767 hpdev->pci_slot = NULL;
1768 }
1769 }
1770 }
1771
1772 /*
1773 * Remove entries in sysfs pci slot directory.
1774 */
hv_pci_remove_slots(struct hv_pcibus_device * hbus)1775 static void hv_pci_remove_slots(struct hv_pcibus_device *hbus)
1776 {
1777 struct hv_pci_dev *hpdev;
1778
1779 list_for_each_entry(hpdev, &hbus->children, list_entry) {
1780 if (!hpdev->pci_slot)
1781 continue;
1782 pci_destroy_slot(hpdev->pci_slot);
1783 hpdev->pci_slot = NULL;
1784 }
1785 }
1786
1787 /**
1788 * create_root_hv_pci_bus() - Expose a new root PCI bus
1789 * @hbus: Root PCI bus, as understood by this driver
1790 *
1791 * Return: 0 on success, -errno on failure
1792 */
create_root_hv_pci_bus(struct hv_pcibus_device * hbus)1793 static int create_root_hv_pci_bus(struct hv_pcibus_device *hbus)
1794 {
1795 /* Register the device */
1796 hbus->pci_bus = pci_create_root_bus(&hbus->hdev->device,
1797 0, /* bus number is always zero */
1798 &hv_pcifront_ops,
1799 &hbus->sysdata,
1800 &hbus->resources_for_children);
1801 if (!hbus->pci_bus)
1802 return -ENODEV;
1803
1804 hbus->pci_bus->msi = &hbus->msi_chip;
1805 hbus->pci_bus->msi->dev = &hbus->hdev->device;
1806
1807 pci_lock_rescan_remove();
1808 pci_scan_child_bus(hbus->pci_bus);
1809 pci_bus_assign_resources(hbus->pci_bus);
1810 hv_pci_assign_slots(hbus);
1811 pci_bus_add_devices(hbus->pci_bus);
1812 pci_unlock_rescan_remove();
1813 hbus->state = hv_pcibus_installed;
1814 return 0;
1815 }
1816
1817 struct q_res_req_compl {
1818 struct completion host_event;
1819 struct hv_pci_dev *hpdev;
1820 };
1821
1822 /**
1823 * q_resource_requirements() - Query Resource Requirements
1824 * @context: The completion context.
1825 * @resp: The response that came from the host.
1826 * @resp_packet_size: The size in bytes of resp.
1827 *
1828 * This function is invoked on completion of a Query Resource
1829 * Requirements packet.
1830 */
q_resource_requirements(void * context,struct pci_response * resp,int resp_packet_size)1831 static void q_resource_requirements(void *context, struct pci_response *resp,
1832 int resp_packet_size)
1833 {
1834 struct q_res_req_compl *completion = context;
1835 struct pci_q_res_req_response *q_res_req =
1836 (struct pci_q_res_req_response *)resp;
1837 int i;
1838
1839 if (resp->status < 0) {
1840 dev_err(&completion->hpdev->hbus->hdev->device,
1841 "query resource requirements failed: %x\n",
1842 resp->status);
1843 } else {
1844 for (i = 0; i < 6; i++) {
1845 completion->hpdev->probed_bar[i] =
1846 q_res_req->probed_bar[i];
1847 }
1848 }
1849
1850 complete(&completion->host_event);
1851 }
1852
1853 /**
1854 * new_pcichild_device() - Create a new child device
1855 * @hbus: The internal struct tracking this root PCI bus.
1856 * @desc: The information supplied so far from the host
1857 * about the device.
1858 *
1859 * This function creates the tracking structure for a new child
1860 * device and kicks off the process of figuring out what it is.
1861 *
1862 * Return: Pointer to the new tracking struct
1863 */
new_pcichild_device(struct hv_pcibus_device * hbus,struct pci_function_description * desc)1864 static struct hv_pci_dev *new_pcichild_device(struct hv_pcibus_device *hbus,
1865 struct pci_function_description *desc)
1866 {
1867 struct hv_pci_dev *hpdev;
1868 struct pci_child_message *res_req;
1869 struct q_res_req_compl comp_pkt;
1870 struct {
1871 struct pci_packet init_packet;
1872 u8 buffer[sizeof(struct pci_child_message)];
1873 } pkt;
1874 unsigned long flags;
1875 int ret;
1876
1877 hpdev = kzalloc(sizeof(*hpdev), GFP_KERNEL);
1878 if (!hpdev)
1879 return NULL;
1880
1881 hpdev->hbus = hbus;
1882
1883 memset(&pkt, 0, sizeof(pkt));
1884 init_completion(&comp_pkt.host_event);
1885 comp_pkt.hpdev = hpdev;
1886 pkt.init_packet.compl_ctxt = &comp_pkt;
1887 pkt.init_packet.completion_func = q_resource_requirements;
1888 res_req = (struct pci_child_message *)&pkt.init_packet.message;
1889 res_req->message_type.type = PCI_QUERY_RESOURCE_REQUIREMENTS;
1890 res_req->wslot.slot = desc->win_slot.slot;
1891
1892 ret = vmbus_sendpacket(hbus->hdev->channel, res_req,
1893 sizeof(struct pci_child_message),
1894 (unsigned long)&pkt.init_packet,
1895 VM_PKT_DATA_INBAND,
1896 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
1897 if (ret)
1898 goto error;
1899
1900 if (wait_for_response(hbus->hdev, &comp_pkt.host_event))
1901 goto error;
1902
1903 hpdev->desc = *desc;
1904 refcount_set(&hpdev->refs, 1);
1905 get_pcichild(hpdev);
1906 spin_lock_irqsave(&hbus->device_list_lock, flags);
1907
1908 list_add_tail(&hpdev->list_entry, &hbus->children);
1909 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
1910 return hpdev;
1911
1912 error:
1913 kfree(hpdev);
1914 return NULL;
1915 }
1916
1917 /**
1918 * get_pcichild_wslot() - Find device from slot
1919 * @hbus: Root PCI bus, as understood by this driver
1920 * @wslot: Location on the bus
1921 *
1922 * This function looks up a PCI device and returns the internal
1923 * representation of it. It acquires a reference on it, so that
1924 * the device won't be deleted while somebody is using it. The
1925 * caller is responsible for calling put_pcichild() to release
1926 * this reference.
1927 *
1928 * Return: Internal representation of a PCI device
1929 */
get_pcichild_wslot(struct hv_pcibus_device * hbus,u32 wslot)1930 static struct hv_pci_dev *get_pcichild_wslot(struct hv_pcibus_device *hbus,
1931 u32 wslot)
1932 {
1933 unsigned long flags;
1934 struct hv_pci_dev *iter, *hpdev = NULL;
1935
1936 spin_lock_irqsave(&hbus->device_list_lock, flags);
1937 list_for_each_entry(iter, &hbus->children, list_entry) {
1938 if (iter->desc.win_slot.slot == wslot) {
1939 hpdev = iter;
1940 get_pcichild(hpdev);
1941 break;
1942 }
1943 }
1944 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
1945
1946 return hpdev;
1947 }
1948
1949 /**
1950 * pci_devices_present_work() - Handle new list of child devices
1951 * @work: Work struct embedded in struct hv_dr_work
1952 *
1953 * "Bus Relations" is the Windows term for "children of this
1954 * bus." The terminology is preserved here for people trying to
1955 * debug the interaction between Hyper-V and Linux. This
1956 * function is called when the parent partition reports a list
1957 * of functions that should be observed under this PCI Express
1958 * port (bus).
1959 *
1960 * This function updates the list, and must tolerate being
1961 * called multiple times with the same information. The typical
1962 * number of child devices is one, with very atypical cases
1963 * involving three or four, so the algorithms used here can be
1964 * simple and inefficient.
1965 *
1966 * It must also treat the omission of a previously observed device as
1967 * notification that the device no longer exists.
1968 *
1969 * Note that this function is serialized with hv_eject_device_work(),
1970 * because both are pushed to the ordered workqueue hbus->wq.
1971 */
pci_devices_present_work(struct work_struct * work)1972 static void pci_devices_present_work(struct work_struct *work)
1973 {
1974 u32 child_no;
1975 bool found;
1976 struct pci_function_description *new_desc;
1977 struct hv_pci_dev *hpdev;
1978 struct hv_pcibus_device *hbus;
1979 struct list_head removed;
1980 struct hv_dr_work *dr_wrk;
1981 struct hv_dr_state *dr = NULL;
1982 unsigned long flags;
1983
1984 dr_wrk = container_of(work, struct hv_dr_work, wrk);
1985 hbus = dr_wrk->bus;
1986 kfree(dr_wrk);
1987
1988 INIT_LIST_HEAD(&removed);
1989
1990 /* Pull this off the queue and process it if it was the last one. */
1991 spin_lock_irqsave(&hbus->device_list_lock, flags);
1992 while (!list_empty(&hbus->dr_list)) {
1993 dr = list_first_entry(&hbus->dr_list, struct hv_dr_state,
1994 list_entry);
1995 list_del(&dr->list_entry);
1996
1997 /* Throw this away if the list still has stuff in it. */
1998 if (!list_empty(&hbus->dr_list)) {
1999 kfree(dr);
2000 continue;
2001 }
2002 }
2003 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
2004
2005 if (!dr) {
2006 put_hvpcibus(hbus);
2007 return;
2008 }
2009
2010 /* First, mark all existing children as reported missing. */
2011 spin_lock_irqsave(&hbus->device_list_lock, flags);
2012 list_for_each_entry(hpdev, &hbus->children, list_entry) {
2013 hpdev->reported_missing = true;
2014 }
2015 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
2016
2017 /* Next, add back any reported devices. */
2018 for (child_no = 0; child_no < dr->device_count; child_no++) {
2019 found = false;
2020 new_desc = &dr->func[child_no];
2021
2022 spin_lock_irqsave(&hbus->device_list_lock, flags);
2023 list_for_each_entry(hpdev, &hbus->children, list_entry) {
2024 if ((hpdev->desc.win_slot.slot == new_desc->win_slot.slot) &&
2025 (hpdev->desc.v_id == new_desc->v_id) &&
2026 (hpdev->desc.d_id == new_desc->d_id) &&
2027 (hpdev->desc.ser == new_desc->ser)) {
2028 hpdev->reported_missing = false;
2029 found = true;
2030 }
2031 }
2032 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
2033
2034 if (!found) {
2035 hpdev = new_pcichild_device(hbus, new_desc);
2036 if (!hpdev)
2037 dev_err(&hbus->hdev->device,
2038 "couldn't record a child device.\n");
2039 }
2040 }
2041
2042 /* Move missing children to a list on the stack. */
2043 spin_lock_irqsave(&hbus->device_list_lock, flags);
2044 do {
2045 found = false;
2046 list_for_each_entry(hpdev, &hbus->children, list_entry) {
2047 if (hpdev->reported_missing) {
2048 found = true;
2049 put_pcichild(hpdev);
2050 list_move_tail(&hpdev->list_entry, &removed);
2051 break;
2052 }
2053 }
2054 } while (found);
2055 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
2056
2057 /* Delete everything that should no longer exist. */
2058 while (!list_empty(&removed)) {
2059 hpdev = list_first_entry(&removed, struct hv_pci_dev,
2060 list_entry);
2061 list_del(&hpdev->list_entry);
2062
2063 if (hpdev->pci_slot)
2064 pci_destroy_slot(hpdev->pci_slot);
2065
2066 put_pcichild(hpdev);
2067 }
2068
2069 switch (hbus->state) {
2070 case hv_pcibus_installed:
2071 /*
2072 * Tell the core to rescan bus
2073 * because there may have been changes.
2074 */
2075 pci_lock_rescan_remove();
2076 pci_scan_child_bus(hbus->pci_bus);
2077 hv_pci_assign_slots(hbus);
2078 pci_unlock_rescan_remove();
2079 break;
2080
2081 case hv_pcibus_init:
2082 case hv_pcibus_probed:
2083 survey_child_resources(hbus);
2084 break;
2085
2086 default:
2087 break;
2088 }
2089
2090 put_hvpcibus(hbus);
2091 kfree(dr);
2092 }
2093
2094 /**
2095 * hv_pci_devices_present() - Handles list of new children
2096 * @hbus: Root PCI bus, as understood by this driver
2097 * @relations: Packet from host listing children
2098 *
2099 * This function is invoked whenever a new list of devices for
2100 * this bus appears.
2101 */
hv_pci_devices_present(struct hv_pcibus_device * hbus,struct pci_bus_relations * relations)2102 static void hv_pci_devices_present(struct hv_pcibus_device *hbus,
2103 struct pci_bus_relations *relations)
2104 {
2105 struct hv_dr_state *dr;
2106 struct hv_dr_work *dr_wrk;
2107 unsigned long flags;
2108 bool pending_dr;
2109
2110 dr_wrk = kzalloc(sizeof(*dr_wrk), GFP_NOWAIT);
2111 if (!dr_wrk)
2112 return;
2113
2114 dr = kzalloc(offsetof(struct hv_dr_state, func) +
2115 (sizeof(struct pci_function_description) *
2116 (relations->device_count)), GFP_NOWAIT);
2117 if (!dr) {
2118 kfree(dr_wrk);
2119 return;
2120 }
2121
2122 INIT_WORK(&dr_wrk->wrk, pci_devices_present_work);
2123 dr_wrk->bus = hbus;
2124 dr->device_count = relations->device_count;
2125 if (dr->device_count != 0) {
2126 memcpy(dr->func, relations->func,
2127 sizeof(struct pci_function_description) *
2128 dr->device_count);
2129 }
2130
2131 spin_lock_irqsave(&hbus->device_list_lock, flags);
2132 /*
2133 * If pending_dr is true, we have already queued a work,
2134 * which will see the new dr. Otherwise, we need to
2135 * queue a new work.
2136 */
2137 pending_dr = !list_empty(&hbus->dr_list);
2138 list_add_tail(&dr->list_entry, &hbus->dr_list);
2139 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
2140
2141 if (pending_dr) {
2142 kfree(dr_wrk);
2143 } else {
2144 get_hvpcibus(hbus);
2145 queue_work(hbus->wq, &dr_wrk->wrk);
2146 }
2147 }
2148
2149 /**
2150 * hv_eject_device_work() - Asynchronously handles ejection
2151 * @work: Work struct embedded in internal device struct
2152 *
2153 * This function handles ejecting a device. Windows will
2154 * attempt to gracefully eject a device, waiting 60 seconds to
2155 * hear back from the guest OS that this completed successfully.
2156 * If this timer expires, the device will be forcibly removed.
2157 */
hv_eject_device_work(struct work_struct * work)2158 static void hv_eject_device_work(struct work_struct *work)
2159 {
2160 struct pci_eject_response *ejct_pkt;
2161 struct hv_pcibus_device *hbus;
2162 struct hv_pci_dev *hpdev;
2163 struct pci_dev *pdev;
2164 unsigned long flags;
2165 int wslot;
2166 struct {
2167 struct pci_packet pkt;
2168 u8 buffer[sizeof(struct pci_eject_response)];
2169 } ctxt;
2170
2171 hpdev = container_of(work, struct hv_pci_dev, wrk);
2172 hbus = hpdev->hbus;
2173
2174 WARN_ON(hpdev->state != hv_pcichild_ejecting);
2175
2176 /*
2177 * Ejection can come before or after the PCI bus has been set up, so
2178 * attempt to find it and tear down the bus state, if it exists. This
2179 * must be done without constructs like pci_domain_nr(hbus->pci_bus)
2180 * because hbus->pci_bus may not exist yet.
2181 */
2182 wslot = wslot_to_devfn(hpdev->desc.win_slot.slot);
2183 pdev = pci_get_domain_bus_and_slot(hbus->sysdata.domain, 0, wslot);
2184 if (pdev) {
2185 pci_lock_rescan_remove();
2186 pci_stop_and_remove_bus_device(pdev);
2187 pci_dev_put(pdev);
2188 pci_unlock_rescan_remove();
2189 }
2190
2191 spin_lock_irqsave(&hbus->device_list_lock, flags);
2192 list_del(&hpdev->list_entry);
2193 spin_unlock_irqrestore(&hbus->device_list_lock, flags);
2194
2195 if (hpdev->pci_slot)
2196 pci_destroy_slot(hpdev->pci_slot);
2197
2198 memset(&ctxt, 0, sizeof(ctxt));
2199 ejct_pkt = (struct pci_eject_response *)&ctxt.pkt.message;
2200 ejct_pkt->message_type.type = PCI_EJECTION_COMPLETE;
2201 ejct_pkt->wslot.slot = hpdev->desc.win_slot.slot;
2202 vmbus_sendpacket(hbus->hdev->channel, ejct_pkt,
2203 sizeof(*ejct_pkt), (unsigned long)&ctxt.pkt,
2204 VM_PKT_DATA_INBAND, 0);
2205
2206 /* For the get_pcichild() in hv_pci_eject_device() */
2207 put_pcichild(hpdev);
2208 /* For the two refs got in new_pcichild_device() */
2209 put_pcichild(hpdev);
2210 put_pcichild(hpdev);
2211 /* hpdev has been freed. Do not use it any more. */
2212
2213 put_hvpcibus(hbus);
2214 }
2215
2216 /**
2217 * hv_pci_eject_device() - Handles device ejection
2218 * @hpdev: Internal device tracking struct
2219 *
2220 * This function is invoked when an ejection packet arrives. It
2221 * just schedules work so that we don't re-enter the packet
2222 * delivery code handling the ejection.
2223 */
hv_pci_eject_device(struct hv_pci_dev * hpdev)2224 static void hv_pci_eject_device(struct hv_pci_dev *hpdev)
2225 {
2226 hpdev->state = hv_pcichild_ejecting;
2227 get_pcichild(hpdev);
2228 INIT_WORK(&hpdev->wrk, hv_eject_device_work);
2229 get_hvpcibus(hpdev->hbus);
2230 queue_work(hpdev->hbus->wq, &hpdev->wrk);
2231 }
2232
2233 /**
2234 * hv_pci_onchannelcallback() - Handles incoming packets
2235 * @context: Internal bus tracking struct
2236 *
2237 * This function is invoked whenever the host sends a packet to
2238 * this channel (which is private to this root PCI bus).
2239 */
hv_pci_onchannelcallback(void * context)2240 static void hv_pci_onchannelcallback(void *context)
2241 {
2242 const int packet_size = 0x100;
2243 int ret;
2244 struct hv_pcibus_device *hbus = context;
2245 u32 bytes_recvd;
2246 u64 req_id;
2247 struct vmpacket_descriptor *desc;
2248 unsigned char *buffer;
2249 int bufferlen = packet_size;
2250 struct pci_packet *comp_packet;
2251 struct pci_response *response;
2252 struct pci_incoming_message *new_message;
2253 struct pci_bus_relations *bus_rel;
2254 struct pci_dev_inval_block *inval;
2255 struct pci_dev_incoming *dev_message;
2256 struct hv_pci_dev *hpdev;
2257
2258 buffer = kmalloc(bufferlen, GFP_ATOMIC);
2259 if (!buffer)
2260 return;
2261
2262 while (1) {
2263 ret = vmbus_recvpacket_raw(hbus->hdev->channel, buffer,
2264 bufferlen, &bytes_recvd, &req_id);
2265
2266 if (ret == -ENOBUFS) {
2267 kfree(buffer);
2268 /* Handle large packet */
2269 bufferlen = bytes_recvd;
2270 buffer = kmalloc(bytes_recvd, GFP_ATOMIC);
2271 if (!buffer)
2272 return;
2273 continue;
2274 }
2275
2276 /* Zero length indicates there are no more packets. */
2277 if (ret || !bytes_recvd)
2278 break;
2279
2280 /*
2281 * All incoming packets must be at least as large as a
2282 * response.
2283 */
2284 if (bytes_recvd <= sizeof(struct pci_response))
2285 continue;
2286 desc = (struct vmpacket_descriptor *)buffer;
2287
2288 switch (desc->type) {
2289 case VM_PKT_COMP:
2290
2291 /*
2292 * The host is trusted, and thus it's safe to interpret
2293 * this transaction ID as a pointer.
2294 */
2295 comp_packet = (struct pci_packet *)req_id;
2296 response = (struct pci_response *)buffer;
2297 comp_packet->completion_func(comp_packet->compl_ctxt,
2298 response,
2299 bytes_recvd);
2300 break;
2301
2302 case VM_PKT_DATA_INBAND:
2303
2304 new_message = (struct pci_incoming_message *)buffer;
2305 switch (new_message->message_type.type) {
2306 case PCI_BUS_RELATIONS:
2307
2308 bus_rel = (struct pci_bus_relations *)buffer;
2309 if (bytes_recvd <
2310 offsetof(struct pci_bus_relations, func) +
2311 (sizeof(struct pci_function_description) *
2312 (bus_rel->device_count))) {
2313 dev_err(&hbus->hdev->device,
2314 "bus relations too small\n");
2315 break;
2316 }
2317
2318 hv_pci_devices_present(hbus, bus_rel);
2319 break;
2320
2321 case PCI_EJECT:
2322
2323 dev_message = (struct pci_dev_incoming *)buffer;
2324 hpdev = get_pcichild_wslot(hbus,
2325 dev_message->wslot.slot);
2326 if (hpdev) {
2327 hv_pci_eject_device(hpdev);
2328 put_pcichild(hpdev);
2329 }
2330 break;
2331
2332 case PCI_INVALIDATE_BLOCK:
2333
2334 inval = (struct pci_dev_inval_block *)buffer;
2335 hpdev = get_pcichild_wslot(hbus,
2336 inval->wslot.slot);
2337 if (hpdev) {
2338 if (hpdev->block_invalidate) {
2339 hpdev->block_invalidate(
2340 hpdev->invalidate_context,
2341 inval->block_mask);
2342 }
2343 put_pcichild(hpdev);
2344 }
2345 break;
2346
2347 default:
2348 dev_warn(&hbus->hdev->device,
2349 "Unimplemented protocol message %x\n",
2350 new_message->message_type.type);
2351 break;
2352 }
2353 break;
2354
2355 default:
2356 dev_err(&hbus->hdev->device,
2357 "unhandled packet type %d, tid %llx len %d\n",
2358 desc->type, req_id, bytes_recvd);
2359 break;
2360 }
2361 }
2362
2363 kfree(buffer);
2364 }
2365
2366 /**
2367 * hv_pci_protocol_negotiation() - Set up protocol
2368 * @hdev: VMBus's tracking struct for this root PCI bus
2369 *
2370 * This driver is intended to support running on Windows 10
2371 * (server) and later versions. It will not run on earlier
2372 * versions, as they assume that many of the operations which
2373 * Linux needs accomplished with a spinlock held were done via
2374 * asynchronous messaging via VMBus. Windows 10 increases the
2375 * surface area of PCI emulation so that these actions can take
2376 * place by suspending a virtual processor for their duration.
2377 *
2378 * This function negotiates the channel protocol version,
2379 * failing if the host doesn't support the necessary protocol
2380 * level.
2381 */
hv_pci_protocol_negotiation(struct hv_device * hdev)2382 static int hv_pci_protocol_negotiation(struct hv_device *hdev)
2383 {
2384 struct pci_version_request *version_req;
2385 struct hv_pci_compl comp_pkt;
2386 struct pci_packet *pkt;
2387 int ret;
2388 int i;
2389
2390 /*
2391 * Initiate the handshake with the host and negotiate
2392 * a version that the host can support. We start with the
2393 * highest version number and go down if the host cannot
2394 * support it.
2395 */
2396 pkt = kzalloc(sizeof(*pkt) + sizeof(*version_req), GFP_KERNEL);
2397 if (!pkt)
2398 return -ENOMEM;
2399
2400 init_completion(&comp_pkt.host_event);
2401 pkt->completion_func = hv_pci_generic_compl;
2402 pkt->compl_ctxt = &comp_pkt;
2403 version_req = (struct pci_version_request *)&pkt->message;
2404 version_req->message_type.type = PCI_QUERY_PROTOCOL_VERSION;
2405
2406 for (i = 0; i < ARRAY_SIZE(pci_protocol_versions); i++) {
2407 version_req->protocol_version = pci_protocol_versions[i];
2408 ret = vmbus_sendpacket(hdev->channel, version_req,
2409 sizeof(struct pci_version_request),
2410 (unsigned long)pkt, VM_PKT_DATA_INBAND,
2411 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
2412 if (!ret)
2413 ret = wait_for_response(hdev, &comp_pkt.host_event);
2414
2415 if (ret) {
2416 dev_err(&hdev->device,
2417 "PCI Pass-through VSP failed to request version: %d",
2418 ret);
2419 goto exit;
2420 }
2421
2422 if (comp_pkt.completion_status >= 0) {
2423 pci_protocol_version = pci_protocol_versions[i];
2424 dev_info(&hdev->device,
2425 "PCI VMBus probing: Using version %#x\n",
2426 pci_protocol_version);
2427 goto exit;
2428 }
2429
2430 if (comp_pkt.completion_status != STATUS_REVISION_MISMATCH) {
2431 dev_err(&hdev->device,
2432 "PCI Pass-through VSP failed version request: %#x",
2433 comp_pkt.completion_status);
2434 ret = -EPROTO;
2435 goto exit;
2436 }
2437
2438 reinit_completion(&comp_pkt.host_event);
2439 }
2440
2441 dev_err(&hdev->device,
2442 "PCI pass-through VSP failed to find supported version");
2443 ret = -EPROTO;
2444
2445 exit:
2446 kfree(pkt);
2447 return ret;
2448 }
2449
2450 /**
2451 * hv_pci_free_bridge_windows() - Release memory regions for the
2452 * bus
2453 * @hbus: Root PCI bus, as understood by this driver
2454 */
hv_pci_free_bridge_windows(struct hv_pcibus_device * hbus)2455 static void hv_pci_free_bridge_windows(struct hv_pcibus_device *hbus)
2456 {
2457 /*
2458 * Set the resources back to the way they looked when they
2459 * were allocated by setting IORESOURCE_BUSY again.
2460 */
2461
2462 if (hbus->low_mmio_space && hbus->low_mmio_res) {
2463 hbus->low_mmio_res->flags |= IORESOURCE_BUSY;
2464 vmbus_free_mmio(hbus->low_mmio_res->start,
2465 resource_size(hbus->low_mmio_res));
2466 }
2467
2468 if (hbus->high_mmio_space && hbus->high_mmio_res) {
2469 hbus->high_mmio_res->flags |= IORESOURCE_BUSY;
2470 vmbus_free_mmio(hbus->high_mmio_res->start,
2471 resource_size(hbus->high_mmio_res));
2472 }
2473 }
2474
2475 /**
2476 * hv_pci_allocate_bridge_windows() - Allocate memory regions
2477 * for the bus
2478 * @hbus: Root PCI bus, as understood by this driver
2479 *
2480 * This function calls vmbus_allocate_mmio(), which is itself a
2481 * bit of a compromise. Ideally, we might change the pnp layer
2482 * in the kernel such that it comprehends either PCI devices
2483 * which are "grandchildren of ACPI," with some intermediate bus
2484 * node (in this case, VMBus) or change it such that it
2485 * understands VMBus. The pnp layer, however, has been declared
2486 * deprecated, and not subject to change.
2487 *
2488 * The workaround, implemented here, is to ask VMBus to allocate
2489 * MMIO space for this bus. VMBus itself knows which ranges are
2490 * appropriate by looking at its own ACPI objects. Then, after
2491 * these ranges are claimed, they're modified to look like they
2492 * would have looked if the ACPI and pnp code had allocated
2493 * bridge windows. These descriptors have to exist in this form
2494 * in order to satisfy the code which will get invoked when the
2495 * endpoint PCI function driver calls request_mem_region() or
2496 * request_mem_region_exclusive().
2497 *
2498 * Return: 0 on success, -errno on failure
2499 */
hv_pci_allocate_bridge_windows(struct hv_pcibus_device * hbus)2500 static int hv_pci_allocate_bridge_windows(struct hv_pcibus_device *hbus)
2501 {
2502 resource_size_t align;
2503 int ret;
2504
2505 if (hbus->low_mmio_space) {
2506 align = 1ULL << (63 - __builtin_clzll(hbus->low_mmio_space));
2507 ret = vmbus_allocate_mmio(&hbus->low_mmio_res, hbus->hdev, 0,
2508 (u64)(u32)0xffffffff,
2509 hbus->low_mmio_space,
2510 align, false);
2511 if (ret) {
2512 dev_err(&hbus->hdev->device,
2513 "Need %#llx of low MMIO space. Consider reconfiguring the VM.\n",
2514 hbus->low_mmio_space);
2515 return ret;
2516 }
2517
2518 /* Modify this resource to become a bridge window. */
2519 hbus->low_mmio_res->flags |= IORESOURCE_WINDOW;
2520 hbus->low_mmio_res->flags &= ~IORESOURCE_BUSY;
2521 pci_add_resource(&hbus->resources_for_children,
2522 hbus->low_mmio_res);
2523 }
2524
2525 if (hbus->high_mmio_space) {
2526 align = 1ULL << (63 - __builtin_clzll(hbus->high_mmio_space));
2527 ret = vmbus_allocate_mmio(&hbus->high_mmio_res, hbus->hdev,
2528 0x100000000, -1,
2529 hbus->high_mmio_space, align,
2530 false);
2531 if (ret) {
2532 dev_err(&hbus->hdev->device,
2533 "Need %#llx of high MMIO space. Consider reconfiguring the VM.\n",
2534 hbus->high_mmio_space);
2535 goto release_low_mmio;
2536 }
2537
2538 /* Modify this resource to become a bridge window. */
2539 hbus->high_mmio_res->flags |= IORESOURCE_WINDOW;
2540 hbus->high_mmio_res->flags &= ~IORESOURCE_BUSY;
2541 pci_add_resource(&hbus->resources_for_children,
2542 hbus->high_mmio_res);
2543 }
2544
2545 return 0;
2546
2547 release_low_mmio:
2548 if (hbus->low_mmio_res) {
2549 vmbus_free_mmio(hbus->low_mmio_res->start,
2550 resource_size(hbus->low_mmio_res));
2551 }
2552
2553 return ret;
2554 }
2555
2556 /**
2557 * hv_allocate_config_window() - Find MMIO space for PCI Config
2558 * @hbus: Root PCI bus, as understood by this driver
2559 *
2560 * This function claims memory-mapped I/O space for accessing
2561 * configuration space for the functions on this bus.
2562 *
2563 * Return: 0 on success, -errno on failure
2564 */
hv_allocate_config_window(struct hv_pcibus_device * hbus)2565 static int hv_allocate_config_window(struct hv_pcibus_device *hbus)
2566 {
2567 int ret;
2568
2569 /*
2570 * Set up a region of MMIO space to use for accessing configuration
2571 * space.
2572 */
2573 ret = vmbus_allocate_mmio(&hbus->mem_config, hbus->hdev, 0, -1,
2574 PCI_CONFIG_MMIO_LENGTH, 0x1000, false);
2575 if (ret)
2576 return ret;
2577
2578 /*
2579 * vmbus_allocate_mmio() gets used for allocating both device endpoint
2580 * resource claims (those which cannot be overlapped) and the ranges
2581 * which are valid for the children of this bus, which are intended
2582 * to be overlapped by those children. Set the flag on this claim
2583 * meaning that this region can't be overlapped.
2584 */
2585
2586 hbus->mem_config->flags |= IORESOURCE_BUSY;
2587
2588 return 0;
2589 }
2590
hv_free_config_window(struct hv_pcibus_device * hbus)2591 static void hv_free_config_window(struct hv_pcibus_device *hbus)
2592 {
2593 vmbus_free_mmio(hbus->mem_config->start, PCI_CONFIG_MMIO_LENGTH);
2594 }
2595
2596 /**
2597 * hv_pci_enter_d0() - Bring the "bus" into the D0 power state
2598 * @hdev: VMBus's tracking struct for this root PCI bus
2599 *
2600 * Return: 0 on success, -errno on failure
2601 */
hv_pci_enter_d0(struct hv_device * hdev)2602 static int hv_pci_enter_d0(struct hv_device *hdev)
2603 {
2604 struct hv_pcibus_device *hbus = hv_get_drvdata(hdev);
2605 struct pci_bus_d0_entry *d0_entry;
2606 struct hv_pci_compl comp_pkt;
2607 struct pci_packet *pkt;
2608 int ret;
2609
2610 /*
2611 * Tell the host that the bus is ready to use, and moved into the
2612 * powered-on state. This includes telling the host which region
2613 * of memory-mapped I/O space has been chosen for configuration space
2614 * access.
2615 */
2616 pkt = kzalloc(sizeof(*pkt) + sizeof(*d0_entry), GFP_KERNEL);
2617 if (!pkt)
2618 return -ENOMEM;
2619
2620 init_completion(&comp_pkt.host_event);
2621 pkt->completion_func = hv_pci_generic_compl;
2622 pkt->compl_ctxt = &comp_pkt;
2623 d0_entry = (struct pci_bus_d0_entry *)&pkt->message;
2624 d0_entry->message_type.type = PCI_BUS_D0ENTRY;
2625 d0_entry->mmio_base = hbus->mem_config->start;
2626
2627 ret = vmbus_sendpacket(hdev->channel, d0_entry, sizeof(*d0_entry),
2628 (unsigned long)pkt, VM_PKT_DATA_INBAND,
2629 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
2630 if (!ret)
2631 ret = wait_for_response(hdev, &comp_pkt.host_event);
2632
2633 if (ret)
2634 goto exit;
2635
2636 if (comp_pkt.completion_status < 0) {
2637 dev_err(&hdev->device,
2638 "PCI Pass-through VSP failed D0 Entry with status %x\n",
2639 comp_pkt.completion_status);
2640 ret = -EPROTO;
2641 goto exit;
2642 }
2643
2644 ret = 0;
2645
2646 exit:
2647 kfree(pkt);
2648 return ret;
2649 }
2650
2651 /**
2652 * hv_pci_query_relations() - Ask host to send list of child
2653 * devices
2654 * @hdev: VMBus's tracking struct for this root PCI bus
2655 *
2656 * Return: 0 on success, -errno on failure
2657 */
hv_pci_query_relations(struct hv_device * hdev)2658 static int hv_pci_query_relations(struct hv_device *hdev)
2659 {
2660 struct hv_pcibus_device *hbus = hv_get_drvdata(hdev);
2661 struct pci_message message;
2662 struct completion comp;
2663 int ret;
2664
2665 /* Ask the host to send along the list of child devices */
2666 init_completion(&comp);
2667 if (cmpxchg(&hbus->survey_event, NULL, &comp))
2668 return -ENOTEMPTY;
2669
2670 memset(&message, 0, sizeof(message));
2671 message.type = PCI_QUERY_BUS_RELATIONS;
2672
2673 ret = vmbus_sendpacket(hdev->channel, &message, sizeof(message),
2674 0, VM_PKT_DATA_INBAND, 0);
2675 if (!ret)
2676 ret = wait_for_response(hdev, &comp);
2677
2678 return ret;
2679 }
2680
2681 /**
2682 * hv_send_resources_allocated() - Report local resource choices
2683 * @hdev: VMBus's tracking struct for this root PCI bus
2684 *
2685 * The host OS is expecting to be sent a request as a message
2686 * which contains all the resources that the device will use.
2687 * The response contains those same resources, "translated"
2688 * which is to say, the values which should be used by the
2689 * hardware, when it delivers an interrupt. (MMIO resources are
2690 * used in local terms.) This is nice for Windows, and lines up
2691 * with the FDO/PDO split, which doesn't exist in Linux. Linux
2692 * is deeply expecting to scan an emulated PCI configuration
2693 * space. So this message is sent here only to drive the state
2694 * machine on the host forward.
2695 *
2696 * Return: 0 on success, -errno on failure
2697 */
hv_send_resources_allocated(struct hv_device * hdev)2698 static int hv_send_resources_allocated(struct hv_device *hdev)
2699 {
2700 struct hv_pcibus_device *hbus = hv_get_drvdata(hdev);
2701 struct pci_resources_assigned *res_assigned;
2702 struct pci_resources_assigned2 *res_assigned2;
2703 struct hv_pci_compl comp_pkt;
2704 struct hv_pci_dev *hpdev;
2705 struct pci_packet *pkt;
2706 size_t size_res;
2707 u32 wslot;
2708 int ret;
2709
2710 size_res = (pci_protocol_version < PCI_PROTOCOL_VERSION_1_2)
2711 ? sizeof(*res_assigned) : sizeof(*res_assigned2);
2712
2713 pkt = kmalloc(sizeof(*pkt) + size_res, GFP_KERNEL);
2714 if (!pkt)
2715 return -ENOMEM;
2716
2717 ret = 0;
2718
2719 for (wslot = 0; wslot < 256; wslot++) {
2720 hpdev = get_pcichild_wslot(hbus, wslot);
2721 if (!hpdev)
2722 continue;
2723
2724 memset(pkt, 0, sizeof(*pkt) + size_res);
2725 init_completion(&comp_pkt.host_event);
2726 pkt->completion_func = hv_pci_generic_compl;
2727 pkt->compl_ctxt = &comp_pkt;
2728
2729 if (pci_protocol_version < PCI_PROTOCOL_VERSION_1_2) {
2730 res_assigned =
2731 (struct pci_resources_assigned *)&pkt->message;
2732 res_assigned->message_type.type =
2733 PCI_RESOURCES_ASSIGNED;
2734 res_assigned->wslot.slot = hpdev->desc.win_slot.slot;
2735 } else {
2736 res_assigned2 =
2737 (struct pci_resources_assigned2 *)&pkt->message;
2738 res_assigned2->message_type.type =
2739 PCI_RESOURCES_ASSIGNED2;
2740 res_assigned2->wslot.slot = hpdev->desc.win_slot.slot;
2741 }
2742 put_pcichild(hpdev);
2743
2744 ret = vmbus_sendpacket(hdev->channel, &pkt->message,
2745 size_res, (unsigned long)pkt,
2746 VM_PKT_DATA_INBAND,
2747 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
2748 if (!ret)
2749 ret = wait_for_response(hdev, &comp_pkt.host_event);
2750 if (ret)
2751 break;
2752
2753 if (comp_pkt.completion_status < 0) {
2754 ret = -EPROTO;
2755 dev_err(&hdev->device,
2756 "resource allocated returned 0x%x",
2757 comp_pkt.completion_status);
2758 break;
2759 }
2760 }
2761
2762 kfree(pkt);
2763 return ret;
2764 }
2765
2766 /**
2767 * hv_send_resources_released() - Report local resources
2768 * released
2769 * @hdev: VMBus's tracking struct for this root PCI bus
2770 *
2771 * Return: 0 on success, -errno on failure
2772 */
hv_send_resources_released(struct hv_device * hdev)2773 static int hv_send_resources_released(struct hv_device *hdev)
2774 {
2775 struct hv_pcibus_device *hbus = hv_get_drvdata(hdev);
2776 struct pci_child_message pkt;
2777 struct hv_pci_dev *hpdev;
2778 u32 wslot;
2779 int ret;
2780
2781 for (wslot = 0; wslot < 256; wslot++) {
2782 hpdev = get_pcichild_wslot(hbus, wslot);
2783 if (!hpdev)
2784 continue;
2785
2786 memset(&pkt, 0, sizeof(pkt));
2787 pkt.message_type.type = PCI_RESOURCES_RELEASED;
2788 pkt.wslot.slot = hpdev->desc.win_slot.slot;
2789
2790 put_pcichild(hpdev);
2791
2792 ret = vmbus_sendpacket(hdev->channel, &pkt, sizeof(pkt), 0,
2793 VM_PKT_DATA_INBAND, 0);
2794 if (ret)
2795 return ret;
2796 }
2797
2798 return 0;
2799 }
2800
get_hvpcibus(struct hv_pcibus_device * hbus)2801 static void get_hvpcibus(struct hv_pcibus_device *hbus)
2802 {
2803 refcount_inc(&hbus->remove_lock);
2804 }
2805
put_hvpcibus(struct hv_pcibus_device * hbus)2806 static void put_hvpcibus(struct hv_pcibus_device *hbus)
2807 {
2808 if (refcount_dec_and_test(&hbus->remove_lock))
2809 complete(&hbus->remove_event);
2810 }
2811
2812 #define HVPCI_DOM_MAP_SIZE (64 * 1024)
2813 static DECLARE_BITMAP(hvpci_dom_map, HVPCI_DOM_MAP_SIZE);
2814
2815 /*
2816 * PCI domain number 0 is used by emulated devices on Gen1 VMs, so define 0
2817 * as invalid for passthrough PCI devices of this driver.
2818 */
2819 #define HVPCI_DOM_INVALID 0
2820
2821 /**
2822 * hv_get_dom_num() - Get a valid PCI domain number
2823 * Check if the PCI domain number is in use, and return another number if
2824 * it is in use.
2825 *
2826 * @dom: Requested domain number
2827 *
2828 * return: domain number on success, HVPCI_DOM_INVALID on failure
2829 */
hv_get_dom_num(u16 dom)2830 static u16 hv_get_dom_num(u16 dom)
2831 {
2832 unsigned int i;
2833
2834 if (test_and_set_bit(dom, hvpci_dom_map) == 0)
2835 return dom;
2836
2837 for_each_clear_bit(i, hvpci_dom_map, HVPCI_DOM_MAP_SIZE) {
2838 if (test_and_set_bit(i, hvpci_dom_map) == 0)
2839 return i;
2840 }
2841
2842 return HVPCI_DOM_INVALID;
2843 }
2844
2845 /**
2846 * hv_put_dom_num() - Mark the PCI domain number as free
2847 * @dom: Domain number to be freed
2848 */
hv_put_dom_num(u16 dom)2849 static void hv_put_dom_num(u16 dom)
2850 {
2851 clear_bit(dom, hvpci_dom_map);
2852 }
2853
2854 /**
2855 * hv_pci_probe() - New VMBus channel probe, for a root PCI bus
2856 * @hdev: VMBus's tracking struct for this root PCI bus
2857 * @dev_id: Identifies the device itself
2858 *
2859 * Return: 0 on success, -errno on failure
2860 */
hv_pci_probe(struct hv_device * hdev,const struct hv_vmbus_device_id * dev_id)2861 static int hv_pci_probe(struct hv_device *hdev,
2862 const struct hv_vmbus_device_id *dev_id)
2863 {
2864 struct hv_pcibus_device *hbus;
2865 u16 dom_req, dom;
2866 char *name;
2867 int ret;
2868
2869 /*
2870 * hv_pcibus_device contains the hypercall arguments for retargeting in
2871 * hv_irq_unmask(). Those must not cross a page boundary.
2872 */
2873 BUILD_BUG_ON(sizeof(*hbus) > PAGE_SIZE);
2874
2875 hbus = (struct hv_pcibus_device *)get_zeroed_page(GFP_KERNEL);
2876 if (!hbus)
2877 return -ENOMEM;
2878 hbus->state = hv_pcibus_init;
2879
2880 /*
2881 * The PCI bus "domain" is what is called "segment" in ACPI and other
2882 * specs. Pull it from the instance ID, to get something usually
2883 * unique. In rare cases of collision, we will find out another number
2884 * not in use.
2885 *
2886 * Note that, since this code only runs in a Hyper-V VM, Hyper-V
2887 * together with this guest driver can guarantee that (1) The only
2888 * domain used by Gen1 VMs for something that looks like a physical
2889 * PCI bus (which is actually emulated by the hypervisor) is domain 0.
2890 * (2) There will be no overlap between domains (after fixing possible
2891 * collisions) in the same VM.
2892 */
2893 dom_req = hdev->dev_instance.b[5] << 8 | hdev->dev_instance.b[4];
2894 dom = hv_get_dom_num(dom_req);
2895
2896 if (dom == HVPCI_DOM_INVALID) {
2897 dev_err(&hdev->device,
2898 "Unable to use dom# 0x%hx or other numbers", dom_req);
2899 ret = -EINVAL;
2900 goto free_bus;
2901 }
2902
2903 if (dom != dom_req)
2904 dev_info(&hdev->device,
2905 "PCI dom# 0x%hx has collision, using 0x%hx",
2906 dom_req, dom);
2907
2908 hbus->sysdata.domain = dom;
2909
2910 hbus->hdev = hdev;
2911 refcount_set(&hbus->remove_lock, 1);
2912 INIT_LIST_HEAD(&hbus->children);
2913 INIT_LIST_HEAD(&hbus->dr_list);
2914 INIT_LIST_HEAD(&hbus->resources_for_children);
2915 spin_lock_init(&hbus->config_lock);
2916 spin_lock_init(&hbus->device_list_lock);
2917 spin_lock_init(&hbus->retarget_msi_interrupt_lock);
2918 init_completion(&hbus->remove_event);
2919 hbus->wq = alloc_ordered_workqueue("hv_pci_%x", 0,
2920 hbus->sysdata.domain);
2921 if (!hbus->wq) {
2922 ret = -ENOMEM;
2923 goto free_dom;
2924 }
2925
2926 ret = vmbus_open(hdev->channel, pci_ring_size, pci_ring_size, NULL, 0,
2927 hv_pci_onchannelcallback, hbus);
2928 if (ret)
2929 goto destroy_wq;
2930
2931 hv_set_drvdata(hdev, hbus);
2932
2933 ret = hv_pci_protocol_negotiation(hdev);
2934 if (ret)
2935 goto close;
2936
2937 ret = hv_allocate_config_window(hbus);
2938 if (ret)
2939 goto close;
2940
2941 hbus->cfg_addr = ioremap(hbus->mem_config->start,
2942 PCI_CONFIG_MMIO_LENGTH);
2943 if (!hbus->cfg_addr) {
2944 dev_err(&hdev->device,
2945 "Unable to map a virtual address for config space\n");
2946 ret = -ENOMEM;
2947 goto free_config;
2948 }
2949
2950 name = kasprintf(GFP_KERNEL, "%pUL", &hdev->dev_instance);
2951 if (!name) {
2952 ret = -ENOMEM;
2953 goto unmap;
2954 }
2955
2956 hbus->sysdata.fwnode = irq_domain_alloc_named_fwnode(name);
2957 kfree(name);
2958 if (!hbus->sysdata.fwnode) {
2959 ret = -ENOMEM;
2960 goto unmap;
2961 }
2962
2963 ret = hv_pcie_init_irq_domain(hbus);
2964 if (ret)
2965 goto free_fwnode;
2966
2967 ret = hv_pci_query_relations(hdev);
2968 if (ret)
2969 goto free_irq_domain;
2970
2971 ret = hv_pci_enter_d0(hdev);
2972 if (ret)
2973 goto free_irq_domain;
2974
2975 ret = hv_pci_allocate_bridge_windows(hbus);
2976 if (ret)
2977 goto free_irq_domain;
2978
2979 ret = hv_send_resources_allocated(hdev);
2980 if (ret)
2981 goto free_windows;
2982
2983 prepopulate_bars(hbus);
2984
2985 hbus->state = hv_pcibus_probed;
2986
2987 ret = create_root_hv_pci_bus(hbus);
2988 if (ret)
2989 goto free_windows;
2990
2991 return 0;
2992
2993 free_windows:
2994 hv_pci_free_bridge_windows(hbus);
2995 free_irq_domain:
2996 irq_domain_remove(hbus->irq_domain);
2997 free_fwnode:
2998 irq_domain_free_fwnode(hbus->sysdata.fwnode);
2999 unmap:
3000 iounmap(hbus->cfg_addr);
3001 free_config:
3002 hv_free_config_window(hbus);
3003 close:
3004 vmbus_close(hdev->channel);
3005 destroy_wq:
3006 destroy_workqueue(hbus->wq);
3007 free_dom:
3008 hv_put_dom_num(hbus->sysdata.domain);
3009 free_bus:
3010 free_page((unsigned long)hbus);
3011 return ret;
3012 }
3013
hv_pci_bus_exit(struct hv_device * hdev)3014 static void hv_pci_bus_exit(struct hv_device *hdev)
3015 {
3016 struct hv_pcibus_device *hbus = hv_get_drvdata(hdev);
3017 struct {
3018 struct pci_packet teardown_packet;
3019 u8 buffer[sizeof(struct pci_message)];
3020 } pkt;
3021 struct pci_bus_relations relations;
3022 struct hv_pci_compl comp_pkt;
3023 int ret;
3024
3025 /*
3026 * After the host sends the RESCIND_CHANNEL message, it doesn't
3027 * access the per-channel ringbuffer any longer.
3028 */
3029 if (hdev->channel->rescind)
3030 return;
3031
3032 /* Delete any children which might still exist. */
3033 memset(&relations, 0, sizeof(relations));
3034 hv_pci_devices_present(hbus, &relations);
3035
3036 ret = hv_send_resources_released(hdev);
3037 if (ret)
3038 dev_err(&hdev->device,
3039 "Couldn't send resources released packet(s)\n");
3040
3041 memset(&pkt.teardown_packet, 0, sizeof(pkt.teardown_packet));
3042 init_completion(&comp_pkt.host_event);
3043 pkt.teardown_packet.completion_func = hv_pci_generic_compl;
3044 pkt.teardown_packet.compl_ctxt = &comp_pkt;
3045 pkt.teardown_packet.message[0].type = PCI_BUS_D0EXIT;
3046
3047 ret = vmbus_sendpacket(hdev->channel, &pkt.teardown_packet.message,
3048 sizeof(struct pci_message),
3049 (unsigned long)&pkt.teardown_packet,
3050 VM_PKT_DATA_INBAND,
3051 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
3052 if (!ret)
3053 wait_for_completion_timeout(&comp_pkt.host_event, 10 * HZ);
3054 }
3055
3056 /**
3057 * hv_pci_remove() - Remove routine for this VMBus channel
3058 * @hdev: VMBus's tracking struct for this root PCI bus
3059 *
3060 * Return: 0 on success, -errno on failure
3061 */
hv_pci_remove(struct hv_device * hdev)3062 static int hv_pci_remove(struct hv_device *hdev)
3063 {
3064 struct hv_pcibus_device *hbus;
3065
3066 hbus = hv_get_drvdata(hdev);
3067 if (hbus->state == hv_pcibus_installed) {
3068 /* Remove the bus from PCI's point of view. */
3069 pci_lock_rescan_remove();
3070 pci_stop_root_bus(hbus->pci_bus);
3071 hv_pci_remove_slots(hbus);
3072 pci_remove_root_bus(hbus->pci_bus);
3073 pci_unlock_rescan_remove();
3074 hbus->state = hv_pcibus_removed;
3075 }
3076
3077 hv_pci_bus_exit(hdev);
3078
3079 vmbus_close(hdev->channel);
3080
3081 iounmap(hbus->cfg_addr);
3082 hv_free_config_window(hbus);
3083 pci_free_resource_list(&hbus->resources_for_children);
3084 hv_pci_free_bridge_windows(hbus);
3085 irq_domain_remove(hbus->irq_domain);
3086 irq_domain_free_fwnode(hbus->sysdata.fwnode);
3087 put_hvpcibus(hbus);
3088 wait_for_completion(&hbus->remove_event);
3089 destroy_workqueue(hbus->wq);
3090
3091 hv_put_dom_num(hbus->sysdata.domain);
3092
3093 free_page((unsigned long)hbus);
3094 return 0;
3095 }
3096
3097 static const struct hv_vmbus_device_id hv_pci_id_table[] = {
3098 /* PCI Pass-through Class ID */
3099 /* 44C4F61D-4444-4400-9D52-802E27EDE19F */
3100 { HV_PCIE_GUID, },
3101 { },
3102 };
3103
3104 MODULE_DEVICE_TABLE(vmbus, hv_pci_id_table);
3105
3106 static struct hv_driver hv_pci_drv = {
3107 .name = "hv_pci",
3108 .id_table = hv_pci_id_table,
3109 .probe = hv_pci_probe,
3110 .remove = hv_pci_remove,
3111 };
3112
exit_hv_pci_drv(void)3113 static void __exit exit_hv_pci_drv(void)
3114 {
3115 vmbus_driver_unregister(&hv_pci_drv);
3116
3117 hvpci_block_ops.read_block = NULL;
3118 hvpci_block_ops.write_block = NULL;
3119 hvpci_block_ops.reg_blk_invalidate = NULL;
3120 }
3121
init_hv_pci_drv(void)3122 static int __init init_hv_pci_drv(void)
3123 {
3124 /* Set the invalid domain number's bit, so it will not be used */
3125 set_bit(HVPCI_DOM_INVALID, hvpci_dom_map);
3126
3127 /* Initialize PCI block r/w interface */
3128 hvpci_block_ops.read_block = hv_read_config_block;
3129 hvpci_block_ops.write_block = hv_write_config_block;
3130 hvpci_block_ops.reg_blk_invalidate = hv_register_block_invalidate;
3131
3132 return vmbus_driver_register(&hv_pci_drv);
3133 }
3134
3135 module_init(init_hv_pci_drv);
3136 module_exit(exit_hv_pci_drv);
3137
3138 MODULE_DESCRIPTION("Hyper-V PCI");
3139 MODULE_LICENSE("GPL v2");
3140
