1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Mediated virtual PCI serial host device driver
4  *
5  * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
6  *     Author: Neo Jia <cjia@nvidia.com>
7  *             Kirti Wankhede <kwankhede@nvidia.com>
8  *
9  * Sample driver that creates mdev device that simulates serial port over PCI
10  * card.
11  */
12 
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/kernel.h>
16 #include <linux/fs.h>
17 #include <linux/poll.h>
18 #include <linux/slab.h>
19 #include <linux/cdev.h>
20 #include <linux/sched.h>
21 #include <linux/wait.h>
22 #include <linux/vfio.h>
23 #include <linux/iommu.h>
24 #include <linux/sysfs.h>
25 #include <linux/ctype.h>
26 #include <linux/file.h>
27 #include <linux/mdev.h>
28 #include <linux/pci.h>
29 #include <linux/serial.h>
30 #include <uapi/linux/serial_reg.h>
31 #include <linux/eventfd.h>
32 #include <linux/anon_inodes.h>
33 
34 /*
35  * #defines
36  */
37 
38 #define VERSION_STRING  "0.1"
39 #define DRIVER_AUTHOR   "NVIDIA Corporation"
40 
41 #define MTTY_CLASS_NAME "mtty"
42 
43 #define MTTY_NAME       "mtty"
44 
45 #define MTTY_STRING_LEN		16
46 
47 #define MTTY_CONFIG_SPACE_SIZE  0xff
48 #define MTTY_IO_BAR_SIZE        0x8
49 #define MTTY_MMIO_BAR_SIZE      0x100000
50 
51 #define STORE_LE16(addr, val)   (*(u16 *)addr = val)
52 #define STORE_LE32(addr, val)   (*(u32 *)addr = val)
53 
54 #define MAX_FIFO_SIZE   16
55 
56 #define CIRCULAR_BUF_INC_IDX(idx)    (idx = (idx + 1) & (MAX_FIFO_SIZE - 1))
57 
58 #define MTTY_VFIO_PCI_OFFSET_SHIFT   40
59 
60 #define MTTY_VFIO_PCI_OFFSET_TO_INDEX(off)   (off >> MTTY_VFIO_PCI_OFFSET_SHIFT)
61 #define MTTY_VFIO_PCI_INDEX_TO_OFFSET(index) \
62 				((u64)(index) << MTTY_VFIO_PCI_OFFSET_SHIFT)
63 #define MTTY_VFIO_PCI_OFFSET_MASK    \
64 				(((u64)(1) << MTTY_VFIO_PCI_OFFSET_SHIFT) - 1)
65 #define MAX_MTTYS	24
66 
67 /*
68  * Global Structures
69  */
70 
71 static struct mtty_dev {
72 	dev_t		vd_devt;
73 	struct class	*vd_class;
74 	struct cdev	vd_cdev;
75 	struct idr	vd_idr;
76 	struct device	dev;
77 	struct mdev_parent parent;
78 } mtty_dev;
79 
80 struct mdev_region_info {
81 	u64 start;
82 	u64 phys_start;
83 	u32 size;
84 	u64 vfio_offset;
85 };
86 
87 #if defined(DEBUG_REGS)
88 static const char *wr_reg[] = {
89 	"TX",
90 	"IER",
91 	"FCR",
92 	"LCR",
93 	"MCR",
94 	"LSR",
95 	"MSR",
96 	"SCR"
97 };
98 
99 static const char *rd_reg[] = {
100 	"RX",
101 	"IER",
102 	"IIR",
103 	"LCR",
104 	"MCR",
105 	"LSR",
106 	"MSR",
107 	"SCR"
108 };
109 #endif
110 
111 /* loop back buffer */
112 struct rxtx {
113 	u8 fifo[MAX_FIFO_SIZE];
114 	u8 head, tail;
115 	u8 count;
116 };
117 
118 struct serial_port {
119 	u8 uart_reg[8];         /* 8 registers */
120 	struct rxtx rxtx;       /* loop back buffer */
121 	bool dlab;
122 	bool overrun;
123 	u16 divisor;
124 	u8 fcr;                 /* FIFO control register */
125 	u8 max_fifo_size;
126 	u8 intr_trigger_level;  /* interrupt trigger level */
127 };
128 
129 struct mtty_data {
130 	u64 magic;
131 #define MTTY_MAGIC 0x7e9d09898c3e2c4e /* Nothing clever, just random */
132 	u32 major_ver;
133 #define MTTY_MAJOR_VER 1
134 	u32 minor_ver;
135 #define MTTY_MINOR_VER 0
136 	u32 nr_ports;
137 	u32 flags;
138 	struct serial_port ports[2];
139 };
140 
141 struct mdev_state;
142 
143 struct mtty_migration_file {
144 	struct file *filp;
145 	struct mutex lock;
146 	struct mdev_state *mdev_state;
147 	struct mtty_data data;
148 	ssize_t filled_size;
149 	u8 disabled:1;
150 };
151 
152 /* State of each mdev device */
153 struct mdev_state {
154 	struct vfio_device vdev;
155 	struct eventfd_ctx *intx_evtfd;
156 	struct eventfd_ctx *msi_evtfd;
157 	int irq_index;
158 	u8 *vconfig;
159 	struct mutex ops_lock;
160 	struct mdev_device *mdev;
161 	struct mdev_region_info region_info[VFIO_PCI_NUM_REGIONS];
162 	u32 bar_mask[VFIO_PCI_NUM_REGIONS];
163 	struct list_head next;
164 	struct serial_port s[2];
165 	struct mutex rxtx_lock;
166 	struct vfio_device_info dev_info;
167 	int nr_ports;
168 	enum vfio_device_mig_state state;
169 	struct mutex state_mutex;
170 	struct mutex reset_mutex;
171 	struct mtty_migration_file *saving_migf;
172 	struct mtty_migration_file *resuming_migf;
173 	u8 deferred_reset:1;
174 	u8 intx_mask:1;
175 };
176 
177 static struct mtty_type {
178 	struct mdev_type type;
179 	int nr_ports;
180 } mtty_types[2] = {
181 	{ .nr_ports = 1, .type.sysfs_name = "1",
182 	  .type.pretty_name = "Single port serial" },
183 	{ .nr_ports = 2, .type.sysfs_name = "2",
184 	  .type.pretty_name = "Dual port serial" },
185 };
186 
187 static struct mdev_type *mtty_mdev_types[] = {
188 	&mtty_types[0].type,
189 	&mtty_types[1].type,
190 };
191 
192 static atomic_t mdev_avail_ports = ATOMIC_INIT(MAX_MTTYS);
193 
194 static const struct file_operations vd_fops = {
195 	.owner          = THIS_MODULE,
196 };
197 
198 static const struct vfio_device_ops mtty_dev_ops;
199 
200 /* Helper functions */
201 
dump_buffer(u8 * buf,uint32_t count)202 static void dump_buffer(u8 *buf, uint32_t count)
203 {
204 #if defined(DEBUG)
205 	int i;
206 
207 	pr_info("Buffer:\n");
208 	for (i = 0; i < count; i++) {
209 		pr_info("%2x ", *(buf + i));
210 		if ((i + 1) % 16 == 0)
211 			pr_info("\n");
212 	}
213 #endif
214 }
215 
is_intx(struct mdev_state * mdev_state)216 static bool is_intx(struct mdev_state *mdev_state)
217 {
218 	return mdev_state->irq_index == VFIO_PCI_INTX_IRQ_INDEX;
219 }
220 
is_msi(struct mdev_state * mdev_state)221 static bool is_msi(struct mdev_state *mdev_state)
222 {
223 	return mdev_state->irq_index == VFIO_PCI_MSI_IRQ_INDEX;
224 }
225 
is_noirq(struct mdev_state * mdev_state)226 static bool is_noirq(struct mdev_state *mdev_state)
227 {
228 	return !is_intx(mdev_state) && !is_msi(mdev_state);
229 }
230 
mtty_trigger_interrupt(struct mdev_state * mdev_state)231 static void mtty_trigger_interrupt(struct mdev_state *mdev_state)
232 {
233 	lockdep_assert_held(&mdev_state->ops_lock);
234 
235 	if (is_msi(mdev_state)) {
236 		if (mdev_state->msi_evtfd)
237 			eventfd_signal(mdev_state->msi_evtfd);
238 	} else if (is_intx(mdev_state)) {
239 		if (mdev_state->intx_evtfd && !mdev_state->intx_mask) {
240 			eventfd_signal(mdev_state->intx_evtfd);
241 			mdev_state->intx_mask = true;
242 		}
243 	}
244 }
245 
mtty_create_config_space(struct mdev_state * mdev_state)246 static void mtty_create_config_space(struct mdev_state *mdev_state)
247 {
248 	/* PCI dev ID */
249 	STORE_LE32((u32 *) &mdev_state->vconfig[0x0], 0x32534348);
250 
251 	/* Control: I/O+, Mem-, BusMaster- */
252 	STORE_LE16((u16 *) &mdev_state->vconfig[0x4], 0x0001);
253 
254 	/* Status: capabilities list absent */
255 	STORE_LE16((u16 *) &mdev_state->vconfig[0x6], 0x0200);
256 
257 	/* Rev ID */
258 	mdev_state->vconfig[0x8] =  0x10;
259 
260 	/* programming interface class : 16550-compatible serial controller */
261 	mdev_state->vconfig[0x9] =  0x02;
262 
263 	/* Sub class : 00 */
264 	mdev_state->vconfig[0xa] =  0x00;
265 
266 	/* Base class : Simple Communication controllers */
267 	mdev_state->vconfig[0xb] =  0x07;
268 
269 	/* base address registers */
270 	/* BAR0: IO space */
271 	STORE_LE32((u32 *) &mdev_state->vconfig[0x10], 0x000001);
272 	mdev_state->bar_mask[0] = ~(MTTY_IO_BAR_SIZE) + 1;
273 
274 	if (mdev_state->nr_ports == 2) {
275 		/* BAR1: IO space */
276 		STORE_LE32((u32 *) &mdev_state->vconfig[0x14], 0x000001);
277 		mdev_state->bar_mask[1] = ~(MTTY_IO_BAR_SIZE) + 1;
278 	}
279 
280 	/* Subsystem ID */
281 	STORE_LE32((u32 *) &mdev_state->vconfig[0x2c], 0x32534348);
282 
283 	mdev_state->vconfig[0x34] =  0x00;   /* Cap Ptr */
284 	mdev_state->vconfig[0x3d] =  0x01;   /* interrupt pin (INTA#) */
285 
286 	/* Vendor specific data */
287 	mdev_state->vconfig[0x40] =  0x23;
288 	mdev_state->vconfig[0x43] =  0x80;
289 	mdev_state->vconfig[0x44] =  0x23;
290 	mdev_state->vconfig[0x48] =  0x23;
291 	mdev_state->vconfig[0x4c] =  0x23;
292 
293 	mdev_state->vconfig[0x60] =  0x50;
294 	mdev_state->vconfig[0x61] =  0x43;
295 	mdev_state->vconfig[0x62] =  0x49;
296 	mdev_state->vconfig[0x63] =  0x20;
297 	mdev_state->vconfig[0x64] =  0x53;
298 	mdev_state->vconfig[0x65] =  0x65;
299 	mdev_state->vconfig[0x66] =  0x72;
300 	mdev_state->vconfig[0x67] =  0x69;
301 	mdev_state->vconfig[0x68] =  0x61;
302 	mdev_state->vconfig[0x69] =  0x6c;
303 	mdev_state->vconfig[0x6a] =  0x2f;
304 	mdev_state->vconfig[0x6b] =  0x55;
305 	mdev_state->vconfig[0x6c] =  0x41;
306 	mdev_state->vconfig[0x6d] =  0x52;
307 	mdev_state->vconfig[0x6e] =  0x54;
308 }
309 
handle_pci_cfg_write(struct mdev_state * mdev_state,u16 offset,u8 * buf,u32 count)310 static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
311 				 u8 *buf, u32 count)
312 {
313 	u32 cfg_addr, bar_mask, bar_index = 0;
314 
315 	switch (offset) {
316 	case 0x04: /* device control */
317 	case 0x06: /* device status */
318 		/* do nothing */
319 		break;
320 	case 0x3c:  /* interrupt line */
321 		mdev_state->vconfig[0x3c] = buf[0];
322 		break;
323 	case 0x3d:
324 		/*
325 		 * Interrupt Pin is hardwired to INTA.
326 		 * This field is write protected by hardware
327 		 */
328 		break;
329 	case 0x10:  /* BAR0 */
330 	case 0x14:  /* BAR1 */
331 		if (offset == 0x10)
332 			bar_index = 0;
333 		else if (offset == 0x14)
334 			bar_index = 1;
335 
336 		if ((mdev_state->nr_ports == 1) && (bar_index == 1)) {
337 			STORE_LE32(&mdev_state->vconfig[offset], 0);
338 			break;
339 		}
340 
341 		cfg_addr = *(u32 *)buf;
342 		pr_info("BAR%d addr 0x%x\n", bar_index, cfg_addr);
343 
344 		if (cfg_addr == 0xffffffff) {
345 			bar_mask = mdev_state->bar_mask[bar_index];
346 			cfg_addr = (cfg_addr & bar_mask);
347 		}
348 
349 		cfg_addr |= (mdev_state->vconfig[offset] & 0x3ul);
350 		STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
351 		break;
352 	case 0x18:  /* BAR2 */
353 	case 0x1c:  /* BAR3 */
354 	case 0x20:  /* BAR4 */
355 		STORE_LE32(&mdev_state->vconfig[offset], 0);
356 		break;
357 	default:
358 		pr_info("PCI config write @0x%x of %d bytes not handled\n",
359 			offset, count);
360 		break;
361 	}
362 }
363 
handle_bar_write(unsigned int index,struct mdev_state * mdev_state,u16 offset,u8 * buf,u32 count)364 static void handle_bar_write(unsigned int index, struct mdev_state *mdev_state,
365 				u16 offset, u8 *buf, u32 count)
366 {
367 	u8 data = *buf;
368 
369 	/* Handle data written by guest */
370 	switch (offset) {
371 	case UART_TX:
372 		/* if DLAB set, data is LSB of divisor */
373 		if (mdev_state->s[index].dlab) {
374 			mdev_state->s[index].divisor |= data;
375 			break;
376 		}
377 
378 		mutex_lock(&mdev_state->rxtx_lock);
379 
380 		/* save in TX buffer */
381 		if (mdev_state->s[index].rxtx.count <
382 				mdev_state->s[index].max_fifo_size) {
383 			mdev_state->s[index].rxtx.fifo[
384 					mdev_state->s[index].rxtx.head] = data;
385 			mdev_state->s[index].rxtx.count++;
386 			CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.head);
387 			mdev_state->s[index].overrun = false;
388 
389 			/*
390 			 * Trigger interrupt if receive data interrupt is
391 			 * enabled and fifo reached trigger level
392 			 */
393 			if ((mdev_state->s[index].uart_reg[UART_IER] &
394 						UART_IER_RDI) &&
395 			   (mdev_state->s[index].rxtx.count ==
396 				    mdev_state->s[index].intr_trigger_level)) {
397 				/* trigger interrupt */
398 #if defined(DEBUG_INTR)
399 				pr_err("Serial port %d: Fifo level trigger\n",
400 					index);
401 #endif
402 				mtty_trigger_interrupt(mdev_state);
403 			}
404 		} else {
405 #if defined(DEBUG_INTR)
406 			pr_err("Serial port %d: Buffer Overflow\n", index);
407 #endif
408 			mdev_state->s[index].overrun = true;
409 
410 			/*
411 			 * Trigger interrupt if receiver line status interrupt
412 			 * is enabled
413 			 */
414 			if (mdev_state->s[index].uart_reg[UART_IER] &
415 								UART_IER_RLSI)
416 				mtty_trigger_interrupt(mdev_state);
417 		}
418 		mutex_unlock(&mdev_state->rxtx_lock);
419 		break;
420 
421 	case UART_IER:
422 		/* if DLAB set, data is MSB of divisor */
423 		if (mdev_state->s[index].dlab)
424 			mdev_state->s[index].divisor |= (u16)data << 8;
425 		else {
426 			mdev_state->s[index].uart_reg[offset] = data;
427 			mutex_lock(&mdev_state->rxtx_lock);
428 			if ((data & UART_IER_THRI) &&
429 			    (mdev_state->s[index].rxtx.head ==
430 					mdev_state->s[index].rxtx.tail)) {
431 #if defined(DEBUG_INTR)
432 				pr_err("Serial port %d: IER_THRI write\n",
433 					index);
434 #endif
435 				mtty_trigger_interrupt(mdev_state);
436 			}
437 
438 			mutex_unlock(&mdev_state->rxtx_lock);
439 		}
440 
441 		break;
442 
443 	case UART_FCR:
444 		mdev_state->s[index].fcr = data;
445 
446 		mutex_lock(&mdev_state->rxtx_lock);
447 		if (data & (UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT)) {
448 			/* clear loop back FIFO */
449 			mdev_state->s[index].rxtx.count = 0;
450 			mdev_state->s[index].rxtx.head = 0;
451 			mdev_state->s[index].rxtx.tail = 0;
452 		}
453 		mutex_unlock(&mdev_state->rxtx_lock);
454 
455 		switch (data & UART_FCR_TRIGGER_MASK) {
456 		case UART_FCR_TRIGGER_1:
457 			mdev_state->s[index].intr_trigger_level = 1;
458 			break;
459 
460 		case UART_FCR_TRIGGER_4:
461 			mdev_state->s[index].intr_trigger_level = 4;
462 			break;
463 
464 		case UART_FCR_TRIGGER_8:
465 			mdev_state->s[index].intr_trigger_level = 8;
466 			break;
467 
468 		case UART_FCR_TRIGGER_14:
469 			mdev_state->s[index].intr_trigger_level = 14;
470 			break;
471 		}
472 
473 		/*
474 		 * Set trigger level to 1 otherwise or  implement timer with
475 		 * timeout of 4 characters and on expiring that timer set
476 		 * Recevice data timeout in IIR register
477 		 */
478 		mdev_state->s[index].intr_trigger_level = 1;
479 		if (data & UART_FCR_ENABLE_FIFO)
480 			mdev_state->s[index].max_fifo_size = MAX_FIFO_SIZE;
481 		else {
482 			mdev_state->s[index].max_fifo_size = 1;
483 			mdev_state->s[index].intr_trigger_level = 1;
484 		}
485 
486 		break;
487 
488 	case UART_LCR:
489 		if (data & UART_LCR_DLAB) {
490 			mdev_state->s[index].dlab = true;
491 			mdev_state->s[index].divisor = 0;
492 		} else
493 			mdev_state->s[index].dlab = false;
494 
495 		mdev_state->s[index].uart_reg[offset] = data;
496 		break;
497 
498 	case UART_MCR:
499 		mdev_state->s[index].uart_reg[offset] = data;
500 
501 		if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
502 				(data & UART_MCR_OUT2)) {
503 #if defined(DEBUG_INTR)
504 			pr_err("Serial port %d: MCR_OUT2 write\n", index);
505 #endif
506 			mtty_trigger_interrupt(mdev_state);
507 		}
508 
509 		if ((mdev_state->s[index].uart_reg[UART_IER] & UART_IER_MSI) &&
510 				(data & (UART_MCR_RTS | UART_MCR_DTR))) {
511 #if defined(DEBUG_INTR)
512 			pr_err("Serial port %d: MCR RTS/DTR write\n", index);
513 #endif
514 			mtty_trigger_interrupt(mdev_state);
515 		}
516 		break;
517 
518 	case UART_LSR:
519 	case UART_MSR:
520 		/* do nothing */
521 		break;
522 
523 	case UART_SCR:
524 		mdev_state->s[index].uart_reg[offset] = data;
525 		break;
526 
527 	default:
528 		break;
529 	}
530 }
531 
handle_bar_read(unsigned int index,struct mdev_state * mdev_state,u16 offset,u8 * buf,u32 count)532 static void handle_bar_read(unsigned int index, struct mdev_state *mdev_state,
533 			    u16 offset, u8 *buf, u32 count)
534 {
535 	/* Handle read requests by guest */
536 	switch (offset) {
537 	case UART_RX:
538 		/* if DLAB set, data is LSB of divisor */
539 		if (mdev_state->s[index].dlab) {
540 			*buf  = (u8)mdev_state->s[index].divisor;
541 			break;
542 		}
543 
544 		mutex_lock(&mdev_state->rxtx_lock);
545 		/* return data in tx buffer */
546 		if (mdev_state->s[index].rxtx.head !=
547 				 mdev_state->s[index].rxtx.tail) {
548 			*buf = mdev_state->s[index].rxtx.fifo[
549 						mdev_state->s[index].rxtx.tail];
550 			mdev_state->s[index].rxtx.count--;
551 			CIRCULAR_BUF_INC_IDX(mdev_state->s[index].rxtx.tail);
552 		}
553 
554 		if (mdev_state->s[index].rxtx.head ==
555 				mdev_state->s[index].rxtx.tail) {
556 		/*
557 		 *  Trigger interrupt if tx buffer empty interrupt is
558 		 *  enabled and fifo is empty
559 		 */
560 #if defined(DEBUG_INTR)
561 			pr_err("Serial port %d: Buffer Empty\n", index);
562 #endif
563 			if (mdev_state->s[index].uart_reg[UART_IER] &
564 							 UART_IER_THRI)
565 				mtty_trigger_interrupt(mdev_state);
566 		}
567 		mutex_unlock(&mdev_state->rxtx_lock);
568 
569 		break;
570 
571 	case UART_IER:
572 		if (mdev_state->s[index].dlab) {
573 			*buf = (u8)(mdev_state->s[index].divisor >> 8);
574 			break;
575 		}
576 		*buf = mdev_state->s[index].uart_reg[offset] & 0x0f;
577 		break;
578 
579 	case UART_IIR:
580 	{
581 		u8 ier = mdev_state->s[index].uart_reg[UART_IER];
582 		*buf = 0;
583 
584 		mutex_lock(&mdev_state->rxtx_lock);
585 		/* Interrupt priority 1: Parity, overrun, framing or break */
586 		if ((ier & UART_IER_RLSI) && mdev_state->s[index].overrun)
587 			*buf |= UART_IIR_RLSI;
588 
589 		/* Interrupt priority 2: Fifo trigger level reached */
590 		if ((ier & UART_IER_RDI) &&
591 		    (mdev_state->s[index].rxtx.count >=
592 		      mdev_state->s[index].intr_trigger_level))
593 			*buf |= UART_IIR_RDI;
594 
595 		/* Interrupt priotiry 3: transmitter holding register empty */
596 		if ((ier & UART_IER_THRI) &&
597 		    (mdev_state->s[index].rxtx.head ==
598 				mdev_state->s[index].rxtx.tail))
599 			*buf |= UART_IIR_THRI;
600 
601 		/* Interrupt priotiry 4: Modem status: CTS, DSR, RI or DCD  */
602 		if ((ier & UART_IER_MSI) &&
603 		    (mdev_state->s[index].uart_reg[UART_MCR] &
604 				 (UART_MCR_RTS | UART_MCR_DTR)))
605 			*buf |= UART_IIR_MSI;
606 
607 		/* bit0: 0=> interrupt pending, 1=> no interrupt is pending */
608 		if (*buf == 0)
609 			*buf = UART_IIR_NO_INT;
610 
611 		/* set bit 6 & 7 to be 16550 compatible */
612 		*buf |= 0xC0;
613 		mutex_unlock(&mdev_state->rxtx_lock);
614 	}
615 	break;
616 
617 	case UART_LCR:
618 	case UART_MCR:
619 		*buf = mdev_state->s[index].uart_reg[offset];
620 		break;
621 
622 	case UART_LSR:
623 	{
624 		u8 lsr = 0;
625 
626 		mutex_lock(&mdev_state->rxtx_lock);
627 		/* atleast one char in FIFO */
628 		if (mdev_state->s[index].rxtx.head !=
629 				 mdev_state->s[index].rxtx.tail)
630 			lsr |= UART_LSR_DR;
631 
632 		/* if FIFO overrun */
633 		if (mdev_state->s[index].overrun)
634 			lsr |= UART_LSR_OE;
635 
636 		/* transmit FIFO empty and tramsitter empty */
637 		if (mdev_state->s[index].rxtx.head ==
638 				 mdev_state->s[index].rxtx.tail)
639 			lsr |= UART_LSR_TEMT | UART_LSR_THRE;
640 
641 		mutex_unlock(&mdev_state->rxtx_lock);
642 		*buf = lsr;
643 		break;
644 	}
645 	case UART_MSR:
646 		*buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD;
647 
648 		mutex_lock(&mdev_state->rxtx_lock);
649 		/* if AFE is 1 and FIFO have space, set CTS bit */
650 		if (mdev_state->s[index].uart_reg[UART_MCR] &
651 						 UART_MCR_AFE) {
652 			if (mdev_state->s[index].rxtx.count <
653 					mdev_state->s[index].max_fifo_size)
654 				*buf |= UART_MSR_CTS | UART_MSR_DCTS;
655 		} else
656 			*buf |= UART_MSR_CTS | UART_MSR_DCTS;
657 		mutex_unlock(&mdev_state->rxtx_lock);
658 
659 		break;
660 
661 	case UART_SCR:
662 		*buf = mdev_state->s[index].uart_reg[offset];
663 		break;
664 
665 	default:
666 		break;
667 	}
668 }
669 
mdev_read_base(struct mdev_state * mdev_state)670 static void mdev_read_base(struct mdev_state *mdev_state)
671 {
672 	int index, pos;
673 	u32 start_lo, start_hi;
674 	u32 mem_type;
675 
676 	pos = PCI_BASE_ADDRESS_0;
677 
678 	for (index = 0; index <= VFIO_PCI_BAR5_REGION_INDEX; index++) {
679 
680 		if (!mdev_state->region_info[index].size)
681 			continue;
682 
683 		start_lo = (*(u32 *)(mdev_state->vconfig + pos)) &
684 			PCI_BASE_ADDRESS_MEM_MASK;
685 		mem_type = (*(u32 *)(mdev_state->vconfig + pos)) &
686 			PCI_BASE_ADDRESS_MEM_TYPE_MASK;
687 
688 		switch (mem_type) {
689 		case PCI_BASE_ADDRESS_MEM_TYPE_64:
690 			start_hi = (*(u32 *)(mdev_state->vconfig + pos + 4));
691 			pos += 4;
692 			break;
693 		case PCI_BASE_ADDRESS_MEM_TYPE_32:
694 		case PCI_BASE_ADDRESS_MEM_TYPE_1M:
695 			/* 1M mem BAR treated as 32-bit BAR */
696 		default:
697 			/* mem unknown type treated as 32-bit BAR */
698 			start_hi = 0;
699 			break;
700 		}
701 		pos += 4;
702 		mdev_state->region_info[index].start = ((u64)start_hi << 32) |
703 							start_lo;
704 	}
705 }
706 
mdev_access(struct mdev_state * mdev_state,u8 * buf,size_t count,loff_t pos,bool is_write)707 static ssize_t mdev_access(struct mdev_state *mdev_state, u8 *buf, size_t count,
708 			   loff_t pos, bool is_write)
709 {
710 	unsigned int index;
711 	loff_t offset;
712 	int ret = 0;
713 
714 	if (!buf)
715 		return -EINVAL;
716 
717 	mutex_lock(&mdev_state->ops_lock);
718 
719 	index = MTTY_VFIO_PCI_OFFSET_TO_INDEX(pos);
720 	offset = pos & MTTY_VFIO_PCI_OFFSET_MASK;
721 	switch (index) {
722 	case VFIO_PCI_CONFIG_REGION_INDEX:
723 
724 #if defined(DEBUG)
725 		pr_info("%s: PCI config space %s at offset 0x%llx\n",
726 			 __func__, is_write ? "write" : "read", offset);
727 #endif
728 		if (is_write) {
729 			dump_buffer(buf, count);
730 			handle_pci_cfg_write(mdev_state, offset, buf, count);
731 		} else {
732 			memcpy(buf, (mdev_state->vconfig + offset), count);
733 			dump_buffer(buf, count);
734 		}
735 
736 		break;
737 
738 	case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX:
739 		if (!mdev_state->region_info[index].start)
740 			mdev_read_base(mdev_state);
741 
742 		if (is_write) {
743 			dump_buffer(buf, count);
744 
745 #if defined(DEBUG_REGS)
746 			pr_info("%s: BAR%d  WR @0x%llx %s val:0x%02x dlab:%d\n",
747 				__func__, index, offset, wr_reg[offset],
748 				*buf, mdev_state->s[index].dlab);
749 #endif
750 			handle_bar_write(index, mdev_state, offset, buf, count);
751 		} else {
752 			handle_bar_read(index, mdev_state, offset, buf, count);
753 			dump_buffer(buf, count);
754 
755 #if defined(DEBUG_REGS)
756 			pr_info("%s: BAR%d  RD @0x%llx %s val:0x%02x dlab:%d\n",
757 				__func__, index, offset, rd_reg[offset],
758 				*buf, mdev_state->s[index].dlab);
759 #endif
760 		}
761 		break;
762 
763 	default:
764 		ret = -1;
765 		goto accessfailed;
766 	}
767 
768 	ret = count;
769 
770 
771 accessfailed:
772 	mutex_unlock(&mdev_state->ops_lock);
773 
774 	return ret;
775 }
776 
mtty_data_size(struct mdev_state * mdev_state)777 static size_t mtty_data_size(struct mdev_state *mdev_state)
778 {
779 	return offsetof(struct mtty_data, ports) +
780 		(mdev_state->nr_ports * sizeof(struct serial_port));
781 }
782 
mtty_disable_file(struct mtty_migration_file * migf)783 static void mtty_disable_file(struct mtty_migration_file *migf)
784 {
785 	mutex_lock(&migf->lock);
786 	migf->disabled = true;
787 	migf->filled_size = 0;
788 	migf->filp->f_pos = 0;
789 	mutex_unlock(&migf->lock);
790 }
791 
mtty_disable_files(struct mdev_state * mdev_state)792 static void mtty_disable_files(struct mdev_state *mdev_state)
793 {
794 	if (mdev_state->saving_migf) {
795 		mtty_disable_file(mdev_state->saving_migf);
796 		fput(mdev_state->saving_migf->filp);
797 		mdev_state->saving_migf = NULL;
798 	}
799 
800 	if (mdev_state->resuming_migf) {
801 		mtty_disable_file(mdev_state->resuming_migf);
802 		fput(mdev_state->resuming_migf->filp);
803 		mdev_state->resuming_migf = NULL;
804 	}
805 }
806 
mtty_state_mutex_unlock(struct mdev_state * mdev_state)807 static void mtty_state_mutex_unlock(struct mdev_state *mdev_state)
808 {
809 again:
810 	mutex_lock(&mdev_state->reset_mutex);
811 	if (mdev_state->deferred_reset) {
812 		mdev_state->deferred_reset = false;
813 		mutex_unlock(&mdev_state->reset_mutex);
814 		mdev_state->state = VFIO_DEVICE_STATE_RUNNING;
815 		mtty_disable_files(mdev_state);
816 		goto again;
817 	}
818 	mutex_unlock(&mdev_state->state_mutex);
819 	mutex_unlock(&mdev_state->reset_mutex);
820 }
821 
mtty_release_migf(struct inode * inode,struct file * filp)822 static int mtty_release_migf(struct inode *inode, struct file *filp)
823 {
824 	struct mtty_migration_file *migf = filp->private_data;
825 
826 	mtty_disable_file(migf);
827 	mutex_destroy(&migf->lock);
828 	kfree(migf);
829 
830 	return 0;
831 }
832 
mtty_precopy_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)833 static long mtty_precopy_ioctl(struct file *filp, unsigned int cmd,
834 			       unsigned long arg)
835 {
836 	struct mtty_migration_file *migf = filp->private_data;
837 	struct mdev_state *mdev_state = migf->mdev_state;
838 	loff_t *pos = &filp->f_pos;
839 	struct vfio_precopy_info info = {};
840 	unsigned long minsz;
841 	int ret;
842 
843 	if (cmd != VFIO_MIG_GET_PRECOPY_INFO)
844 		return -ENOTTY;
845 
846 	minsz = offsetofend(struct vfio_precopy_info, dirty_bytes);
847 
848 	if (copy_from_user(&info, (void __user *)arg, minsz))
849 		return -EFAULT;
850 	if (info.argsz < minsz)
851 		return -EINVAL;
852 
853 	mutex_lock(&mdev_state->state_mutex);
854 	if (mdev_state->state != VFIO_DEVICE_STATE_PRE_COPY &&
855 	    mdev_state->state != VFIO_DEVICE_STATE_PRE_COPY_P2P) {
856 		ret = -EINVAL;
857 		goto unlock;
858 	}
859 
860 	mutex_lock(&migf->lock);
861 
862 	if (migf->disabled) {
863 		mutex_unlock(&migf->lock);
864 		ret = -ENODEV;
865 		goto unlock;
866 	}
867 
868 	if (*pos > migf->filled_size) {
869 		mutex_unlock(&migf->lock);
870 		ret = -EINVAL;
871 		goto unlock;
872 	}
873 
874 	info.dirty_bytes = 0;
875 	info.initial_bytes = migf->filled_size - *pos;
876 	mutex_unlock(&migf->lock);
877 
878 	ret = copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
879 unlock:
880 	mtty_state_mutex_unlock(mdev_state);
881 	return ret;
882 }
883 
mtty_save_read(struct file * filp,char __user * buf,size_t len,loff_t * pos)884 static ssize_t mtty_save_read(struct file *filp, char __user *buf,
885 			      size_t len, loff_t *pos)
886 {
887 	struct mtty_migration_file *migf = filp->private_data;
888 	ssize_t ret = 0;
889 
890 	if (pos)
891 		return -ESPIPE;
892 
893 	pos = &filp->f_pos;
894 
895 	mutex_lock(&migf->lock);
896 
897 	dev_dbg(migf->mdev_state->vdev.dev, "%s ask %zu\n", __func__, len);
898 
899 	if (migf->disabled) {
900 		ret = -ENODEV;
901 		goto out_unlock;
902 	}
903 
904 	if (*pos > migf->filled_size) {
905 		ret = -EINVAL;
906 		goto out_unlock;
907 	}
908 
909 	len = min_t(size_t, migf->filled_size - *pos, len);
910 	if (len) {
911 		if (copy_to_user(buf, (void *)&migf->data + *pos, len)) {
912 			ret = -EFAULT;
913 			goto out_unlock;
914 		}
915 		*pos += len;
916 		ret = len;
917 	}
918 out_unlock:
919 	dev_dbg(migf->mdev_state->vdev.dev, "%s read %zu\n", __func__, ret);
920 	mutex_unlock(&migf->lock);
921 	return ret;
922 }
923 
924 static const struct file_operations mtty_save_fops = {
925 	.owner = THIS_MODULE,
926 	.read = mtty_save_read,
927 	.unlocked_ioctl = mtty_precopy_ioctl,
928 	.compat_ioctl = compat_ptr_ioctl,
929 	.release = mtty_release_migf,
930 };
931 
mtty_save_state(struct mdev_state * mdev_state)932 static void mtty_save_state(struct mdev_state *mdev_state)
933 {
934 	struct mtty_migration_file *migf = mdev_state->saving_migf;
935 	int i;
936 
937 	mutex_lock(&migf->lock);
938 	for (i = 0; i < mdev_state->nr_ports; i++) {
939 		memcpy(&migf->data.ports[i],
940 			&mdev_state->s[i], sizeof(struct serial_port));
941 		migf->filled_size += sizeof(struct serial_port);
942 	}
943 	dev_dbg(mdev_state->vdev.dev,
944 		"%s filled to %zu\n", __func__, migf->filled_size);
945 	mutex_unlock(&migf->lock);
946 }
947 
mtty_load_state(struct mdev_state * mdev_state)948 static int mtty_load_state(struct mdev_state *mdev_state)
949 {
950 	struct mtty_migration_file *migf = mdev_state->resuming_migf;
951 	int i;
952 
953 	mutex_lock(&migf->lock);
954 	/* magic and version already tested by resume write fn */
955 	if (migf->filled_size < mtty_data_size(mdev_state)) {
956 		dev_dbg(mdev_state->vdev.dev, "%s expected %zu, got %zu\n",
957 			__func__, mtty_data_size(mdev_state),
958 			migf->filled_size);
959 		mutex_unlock(&migf->lock);
960 		return -EINVAL;
961 	}
962 
963 	for (i = 0; i < mdev_state->nr_ports; i++)
964 		memcpy(&mdev_state->s[i],
965 		       &migf->data.ports[i], sizeof(struct serial_port));
966 
967 	mutex_unlock(&migf->lock);
968 	return 0;
969 }
970 
971 static struct mtty_migration_file *
mtty_save_device_data(struct mdev_state * mdev_state,enum vfio_device_mig_state state)972 mtty_save_device_data(struct mdev_state *mdev_state,
973 		      enum vfio_device_mig_state state)
974 {
975 	struct mtty_migration_file *migf = mdev_state->saving_migf;
976 	struct mtty_migration_file *ret = NULL;
977 
978 	if (migf) {
979 		if (state == VFIO_DEVICE_STATE_STOP_COPY)
980 			goto fill_data;
981 		return ret;
982 	}
983 
984 	migf = kzalloc(sizeof(*migf), GFP_KERNEL_ACCOUNT);
985 	if (!migf)
986 		return ERR_PTR(-ENOMEM);
987 
988 	migf->filp = anon_inode_getfile("mtty_mig", &mtty_save_fops,
989 					migf, O_RDONLY);
990 	if (IS_ERR(migf->filp)) {
991 		int rc = PTR_ERR(migf->filp);
992 
993 		kfree(migf);
994 		return ERR_PTR(rc);
995 	}
996 
997 	stream_open(migf->filp->f_inode, migf->filp);
998 	mutex_init(&migf->lock);
999 	migf->mdev_state = mdev_state;
1000 
1001 	migf->data.magic = MTTY_MAGIC;
1002 	migf->data.major_ver = MTTY_MAJOR_VER;
1003 	migf->data.minor_ver = MTTY_MINOR_VER;
1004 	migf->data.nr_ports = mdev_state->nr_ports;
1005 
1006 	migf->filled_size = offsetof(struct mtty_data, ports);
1007 
1008 	dev_dbg(mdev_state->vdev.dev, "%s filled header to %zu\n",
1009 		__func__, migf->filled_size);
1010 
1011 	ret = mdev_state->saving_migf = migf;
1012 
1013 fill_data:
1014 	if (state == VFIO_DEVICE_STATE_STOP_COPY)
1015 		mtty_save_state(mdev_state);
1016 
1017 	return ret;
1018 }
1019 
mtty_resume_write(struct file * filp,const char __user * buf,size_t len,loff_t * pos)1020 static ssize_t mtty_resume_write(struct file *filp, const char __user *buf,
1021 				 size_t len, loff_t *pos)
1022 {
1023 	struct mtty_migration_file *migf = filp->private_data;
1024 	struct mdev_state *mdev_state = migf->mdev_state;
1025 	loff_t requested_length;
1026 	ssize_t ret = 0;
1027 
1028 	if (pos)
1029 		return -ESPIPE;
1030 
1031 	pos = &filp->f_pos;
1032 
1033 	if (*pos < 0 ||
1034 	    check_add_overflow((loff_t)len, *pos, &requested_length))
1035 		return -EINVAL;
1036 
1037 	if (requested_length > mtty_data_size(mdev_state))
1038 		return -ENOMEM;
1039 
1040 	mutex_lock(&migf->lock);
1041 
1042 	if (migf->disabled) {
1043 		ret = -ENODEV;
1044 		goto out_unlock;
1045 	}
1046 
1047 	if (copy_from_user((void *)&migf->data + *pos, buf, len)) {
1048 		ret = -EFAULT;
1049 		goto out_unlock;
1050 	}
1051 
1052 	*pos += len;
1053 	ret = len;
1054 
1055 	dev_dbg(migf->mdev_state->vdev.dev, "%s received %zu, total %zu\n",
1056 		__func__, len, migf->filled_size + len);
1057 
1058 	if (migf->filled_size < offsetof(struct mtty_data, ports) &&
1059 	    migf->filled_size + len >= offsetof(struct mtty_data, ports)) {
1060 		if (migf->data.magic != MTTY_MAGIC || migf->data.flags ||
1061 		    migf->data.major_ver != MTTY_MAJOR_VER ||
1062 		    migf->data.minor_ver != MTTY_MINOR_VER ||
1063 		    migf->data.nr_ports != mdev_state->nr_ports) {
1064 			dev_dbg(migf->mdev_state->vdev.dev,
1065 				"%s failed validation\n", __func__);
1066 			ret = -EFAULT;
1067 		} else {
1068 			dev_dbg(migf->mdev_state->vdev.dev,
1069 				"%s header validated\n", __func__);
1070 		}
1071 	}
1072 
1073 	migf->filled_size += len;
1074 
1075 out_unlock:
1076 	mutex_unlock(&migf->lock);
1077 	return ret;
1078 }
1079 
1080 static const struct file_operations mtty_resume_fops = {
1081 	.owner = THIS_MODULE,
1082 	.write = mtty_resume_write,
1083 	.release = mtty_release_migf,
1084 };
1085 
1086 static struct mtty_migration_file *
mtty_resume_device_data(struct mdev_state * mdev_state)1087 mtty_resume_device_data(struct mdev_state *mdev_state)
1088 {
1089 	struct mtty_migration_file *migf;
1090 	int ret;
1091 
1092 	migf = kzalloc(sizeof(*migf), GFP_KERNEL_ACCOUNT);
1093 	if (!migf)
1094 		return ERR_PTR(-ENOMEM);
1095 
1096 	migf->filp = anon_inode_getfile("mtty_mig", &mtty_resume_fops,
1097 					migf, O_WRONLY);
1098 	if (IS_ERR(migf->filp)) {
1099 		ret = PTR_ERR(migf->filp);
1100 		kfree(migf);
1101 		return ERR_PTR(ret);
1102 	}
1103 
1104 	stream_open(migf->filp->f_inode, migf->filp);
1105 	mutex_init(&migf->lock);
1106 	migf->mdev_state = mdev_state;
1107 
1108 	mdev_state->resuming_migf = migf;
1109 
1110 	return migf;
1111 }
1112 
mtty_step_state(struct mdev_state * mdev_state,enum vfio_device_mig_state new)1113 static struct file *mtty_step_state(struct mdev_state *mdev_state,
1114 				     enum vfio_device_mig_state new)
1115 {
1116 	enum vfio_device_mig_state cur = mdev_state->state;
1117 
1118 	dev_dbg(mdev_state->vdev.dev, "%s: %d -> %d\n", __func__, cur, new);
1119 
1120 	/*
1121 	 * The following state transitions are no-op considering
1122 	 * mtty does not do DMA nor require any explicit start/stop.
1123 	 *
1124 	 *         RUNNING -> RUNNING_P2P
1125 	 *         RUNNING_P2P -> RUNNING
1126 	 *         RUNNING_P2P -> STOP
1127 	 *         PRE_COPY -> PRE_COPY_P2P
1128 	 *         PRE_COPY_P2P -> PRE_COPY
1129 	 *         STOP -> RUNNING_P2P
1130 	 */
1131 	if ((cur == VFIO_DEVICE_STATE_RUNNING &&
1132 	     new == VFIO_DEVICE_STATE_RUNNING_P2P) ||
1133 	    (cur == VFIO_DEVICE_STATE_RUNNING_P2P &&
1134 	     (new == VFIO_DEVICE_STATE_RUNNING ||
1135 	      new == VFIO_DEVICE_STATE_STOP)) ||
1136 	    (cur == VFIO_DEVICE_STATE_PRE_COPY &&
1137 	     new == VFIO_DEVICE_STATE_PRE_COPY_P2P) ||
1138 	    (cur == VFIO_DEVICE_STATE_PRE_COPY_P2P &&
1139 	     new == VFIO_DEVICE_STATE_PRE_COPY) ||
1140 	    (cur == VFIO_DEVICE_STATE_STOP &&
1141 	     new == VFIO_DEVICE_STATE_RUNNING_P2P))
1142 		return NULL;
1143 
1144 	/*
1145 	 * The following state transitions simply close migration files,
1146 	 * with the exception of RESUMING -> STOP, which needs to load
1147 	 * the state first.
1148 	 *
1149 	 *         RESUMING -> STOP
1150 	 *         PRE_COPY -> RUNNING
1151 	 *         PRE_COPY_P2P -> RUNNING_P2P
1152 	 *         STOP_COPY -> STOP
1153 	 */
1154 	if (cur == VFIO_DEVICE_STATE_RESUMING &&
1155 	    new == VFIO_DEVICE_STATE_STOP) {
1156 		int ret;
1157 
1158 		ret = mtty_load_state(mdev_state);
1159 		if (ret)
1160 			return ERR_PTR(ret);
1161 		mtty_disable_files(mdev_state);
1162 		return NULL;
1163 	}
1164 
1165 	if ((cur == VFIO_DEVICE_STATE_PRE_COPY &&
1166 	     new == VFIO_DEVICE_STATE_RUNNING) ||
1167 	    (cur == VFIO_DEVICE_STATE_PRE_COPY_P2P &&
1168 	     new == VFIO_DEVICE_STATE_RUNNING_P2P) ||
1169 	    (cur == VFIO_DEVICE_STATE_STOP_COPY &&
1170 	     new == VFIO_DEVICE_STATE_STOP)) {
1171 		mtty_disable_files(mdev_state);
1172 		return NULL;
1173 	}
1174 
1175 	/*
1176 	 * The following state transitions return migration files.
1177 	 *
1178 	 *         RUNNING -> PRE_COPY
1179 	 *         RUNNING_P2P -> PRE_COPY_P2P
1180 	 *         STOP -> STOP_COPY
1181 	 *         STOP -> RESUMING
1182 	 *         PRE_COPY_P2P -> STOP_COPY
1183 	 */
1184 	if ((cur == VFIO_DEVICE_STATE_RUNNING &&
1185 	     new == VFIO_DEVICE_STATE_PRE_COPY) ||
1186 	    (cur == VFIO_DEVICE_STATE_RUNNING_P2P &&
1187 	     new == VFIO_DEVICE_STATE_PRE_COPY_P2P) ||
1188 	    (cur == VFIO_DEVICE_STATE_STOP &&
1189 	     new == VFIO_DEVICE_STATE_STOP_COPY) ||
1190 	    (cur == VFIO_DEVICE_STATE_PRE_COPY_P2P &&
1191 	     new == VFIO_DEVICE_STATE_STOP_COPY)) {
1192 		struct mtty_migration_file *migf;
1193 
1194 		migf = mtty_save_device_data(mdev_state, new);
1195 		if (IS_ERR(migf))
1196 			return ERR_CAST(migf);
1197 
1198 		if (migf) {
1199 			get_file(migf->filp);
1200 
1201 			return migf->filp;
1202 		}
1203 		return NULL;
1204 	}
1205 
1206 	if (cur == VFIO_DEVICE_STATE_STOP &&
1207 	    new == VFIO_DEVICE_STATE_RESUMING) {
1208 		struct mtty_migration_file *migf;
1209 
1210 		migf = mtty_resume_device_data(mdev_state);
1211 		if (IS_ERR(migf))
1212 			return ERR_CAST(migf);
1213 
1214 		get_file(migf->filp);
1215 
1216 		return migf->filp;
1217 	}
1218 
1219 	/* vfio_mig_get_next_state() does not use arcs other than the above */
1220 	WARN_ON(true);
1221 	return ERR_PTR(-EINVAL);
1222 }
1223 
mtty_set_state(struct vfio_device * vdev,enum vfio_device_mig_state new_state)1224 static struct file *mtty_set_state(struct vfio_device *vdev,
1225 				   enum vfio_device_mig_state new_state)
1226 {
1227 	struct mdev_state *mdev_state =
1228 		container_of(vdev, struct mdev_state, vdev);
1229 	struct file *ret = NULL;
1230 
1231 	dev_dbg(vdev->dev, "%s -> %d\n", __func__, new_state);
1232 
1233 	mutex_lock(&mdev_state->state_mutex);
1234 	while (mdev_state->state != new_state) {
1235 		enum vfio_device_mig_state next_state;
1236 		int rc = vfio_mig_get_next_state(vdev, mdev_state->state,
1237 						 new_state, &next_state);
1238 		if (rc) {
1239 			ret = ERR_PTR(rc);
1240 			break;
1241 		}
1242 
1243 		ret = mtty_step_state(mdev_state, next_state);
1244 		if (IS_ERR(ret))
1245 			break;
1246 
1247 		mdev_state->state = next_state;
1248 
1249 		if (WARN_ON(ret && new_state != next_state)) {
1250 			fput(ret);
1251 			ret = ERR_PTR(-EINVAL);
1252 			break;
1253 		}
1254 	}
1255 	mtty_state_mutex_unlock(mdev_state);
1256 	return ret;
1257 }
1258 
mtty_get_state(struct vfio_device * vdev,enum vfio_device_mig_state * current_state)1259 static int mtty_get_state(struct vfio_device *vdev,
1260 			  enum vfio_device_mig_state *current_state)
1261 {
1262 	struct mdev_state *mdev_state =
1263 		container_of(vdev, struct mdev_state, vdev);
1264 
1265 	mutex_lock(&mdev_state->state_mutex);
1266 	*current_state = mdev_state->state;
1267 	mtty_state_mutex_unlock(mdev_state);
1268 	return 0;
1269 }
1270 
mtty_get_data_size(struct vfio_device * vdev,unsigned long * stop_copy_length)1271 static int mtty_get_data_size(struct vfio_device *vdev,
1272 			      unsigned long *stop_copy_length)
1273 {
1274 	struct mdev_state *mdev_state =
1275 		container_of(vdev, struct mdev_state, vdev);
1276 
1277 	*stop_copy_length = mtty_data_size(mdev_state);
1278 	return 0;
1279 }
1280 
1281 static const struct vfio_migration_ops mtty_migration_ops = {
1282 	.migration_set_state = mtty_set_state,
1283 	.migration_get_state = mtty_get_state,
1284 	.migration_get_data_size = mtty_get_data_size,
1285 };
1286 
mtty_log_start(struct vfio_device * vdev,struct rb_root_cached * ranges,u32 nnodes,u64 * page_size)1287 static int mtty_log_start(struct vfio_device *vdev,
1288 			  struct rb_root_cached *ranges,
1289 			  u32 nnodes, u64 *page_size)
1290 {
1291 	return 0;
1292 }
1293 
mtty_log_stop(struct vfio_device * vdev)1294 static int mtty_log_stop(struct vfio_device *vdev)
1295 {
1296 	return 0;
1297 }
1298 
mtty_log_read_and_clear(struct vfio_device * vdev,unsigned long iova,unsigned long length,struct iova_bitmap * dirty)1299 static int mtty_log_read_and_clear(struct vfio_device *vdev,
1300 				   unsigned long iova, unsigned long length,
1301 				   struct iova_bitmap *dirty)
1302 {
1303 	return 0;
1304 }
1305 
1306 static const struct vfio_log_ops mtty_log_ops = {
1307 	.log_start = mtty_log_start,
1308 	.log_stop = mtty_log_stop,
1309 	.log_read_and_clear = mtty_log_read_and_clear,
1310 };
1311 
mtty_init_dev(struct vfio_device * vdev)1312 static int mtty_init_dev(struct vfio_device *vdev)
1313 {
1314 	struct mdev_state *mdev_state =
1315 		container_of(vdev, struct mdev_state, vdev);
1316 	struct mdev_device *mdev = to_mdev_device(vdev->dev);
1317 	struct mtty_type *type =
1318 		container_of(mdev->type, struct mtty_type, type);
1319 	int avail_ports = atomic_read(&mdev_avail_ports);
1320 	int ret;
1321 
1322 	do {
1323 		if (avail_ports < type->nr_ports)
1324 			return -ENOSPC;
1325 	} while (!atomic_try_cmpxchg(&mdev_avail_ports,
1326 				     &avail_ports,
1327 				     avail_ports - type->nr_ports));
1328 
1329 	mdev_state->nr_ports = type->nr_ports;
1330 	mdev_state->irq_index = -1;
1331 	mdev_state->s[0].max_fifo_size = MAX_FIFO_SIZE;
1332 	mdev_state->s[1].max_fifo_size = MAX_FIFO_SIZE;
1333 	mutex_init(&mdev_state->rxtx_lock);
1334 
1335 	mdev_state->vconfig = kzalloc(MTTY_CONFIG_SPACE_SIZE, GFP_KERNEL);
1336 	if (!mdev_state->vconfig) {
1337 		ret = -ENOMEM;
1338 		goto err_nr_ports;
1339 	}
1340 
1341 	mutex_init(&mdev_state->ops_lock);
1342 	mdev_state->mdev = mdev;
1343 	mtty_create_config_space(mdev_state);
1344 
1345 	mutex_init(&mdev_state->state_mutex);
1346 	mutex_init(&mdev_state->reset_mutex);
1347 	vdev->migration_flags = VFIO_MIGRATION_STOP_COPY |
1348 				VFIO_MIGRATION_P2P |
1349 				VFIO_MIGRATION_PRE_COPY;
1350 	vdev->mig_ops = &mtty_migration_ops;
1351 	vdev->log_ops = &mtty_log_ops;
1352 	mdev_state->state = VFIO_DEVICE_STATE_RUNNING;
1353 
1354 	return 0;
1355 
1356 err_nr_ports:
1357 	atomic_add(type->nr_ports, &mdev_avail_ports);
1358 	return ret;
1359 }
1360 
mtty_probe(struct mdev_device * mdev)1361 static int mtty_probe(struct mdev_device *mdev)
1362 {
1363 	struct mdev_state *mdev_state;
1364 	int ret;
1365 
1366 	mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
1367 				       &mtty_dev_ops);
1368 	if (IS_ERR(mdev_state))
1369 		return PTR_ERR(mdev_state);
1370 
1371 	ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev);
1372 	if (ret)
1373 		goto err_put_vdev;
1374 	dev_set_drvdata(&mdev->dev, mdev_state);
1375 	return 0;
1376 
1377 err_put_vdev:
1378 	vfio_put_device(&mdev_state->vdev);
1379 	return ret;
1380 }
1381 
mtty_release_dev(struct vfio_device * vdev)1382 static void mtty_release_dev(struct vfio_device *vdev)
1383 {
1384 	struct mdev_state *mdev_state =
1385 		container_of(vdev, struct mdev_state, vdev);
1386 
1387 	mutex_destroy(&mdev_state->reset_mutex);
1388 	mutex_destroy(&mdev_state->state_mutex);
1389 	atomic_add(mdev_state->nr_ports, &mdev_avail_ports);
1390 	kfree(mdev_state->vconfig);
1391 }
1392 
mtty_remove(struct mdev_device * mdev)1393 static void mtty_remove(struct mdev_device *mdev)
1394 {
1395 	struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev);
1396 
1397 	vfio_unregister_group_dev(&mdev_state->vdev);
1398 	vfio_put_device(&mdev_state->vdev);
1399 }
1400 
mtty_reset(struct mdev_state * mdev_state)1401 static int mtty_reset(struct mdev_state *mdev_state)
1402 {
1403 	pr_info("%s: called\n", __func__);
1404 
1405 	mutex_lock(&mdev_state->reset_mutex);
1406 	mdev_state->deferred_reset = true;
1407 	if (!mutex_trylock(&mdev_state->state_mutex)) {
1408 		mutex_unlock(&mdev_state->reset_mutex);
1409 		return 0;
1410 	}
1411 	mutex_unlock(&mdev_state->reset_mutex);
1412 	mtty_state_mutex_unlock(mdev_state);
1413 
1414 	return 0;
1415 }
1416 
mtty_read(struct vfio_device * vdev,char __user * buf,size_t count,loff_t * ppos)1417 static ssize_t mtty_read(struct vfio_device *vdev, char __user *buf,
1418 			 size_t count, loff_t *ppos)
1419 {
1420 	struct mdev_state *mdev_state =
1421 		container_of(vdev, struct mdev_state, vdev);
1422 	unsigned int done = 0;
1423 	int ret;
1424 
1425 	while (count) {
1426 		size_t filled;
1427 
1428 		if (count >= 4 && !(*ppos % 4)) {
1429 			u32 val;
1430 
1431 			ret =  mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1432 					   *ppos, false);
1433 			if (ret <= 0)
1434 				goto read_err;
1435 
1436 			if (copy_to_user(buf, &val, sizeof(val)))
1437 				goto read_err;
1438 
1439 			filled = 4;
1440 		} else if (count >= 2 && !(*ppos % 2)) {
1441 			u16 val;
1442 
1443 			ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1444 					  *ppos, false);
1445 			if (ret <= 0)
1446 				goto read_err;
1447 
1448 			if (copy_to_user(buf, &val, sizeof(val)))
1449 				goto read_err;
1450 
1451 			filled = 2;
1452 		} else {
1453 			u8 val;
1454 
1455 			ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1456 					  *ppos, false);
1457 			if (ret <= 0)
1458 				goto read_err;
1459 
1460 			if (copy_to_user(buf, &val, sizeof(val)))
1461 				goto read_err;
1462 
1463 			filled = 1;
1464 		}
1465 
1466 		count -= filled;
1467 		done += filled;
1468 		*ppos += filled;
1469 		buf += filled;
1470 	}
1471 
1472 	return done;
1473 
1474 read_err:
1475 	return -EFAULT;
1476 }
1477 
mtty_write(struct vfio_device * vdev,const char __user * buf,size_t count,loff_t * ppos)1478 static ssize_t mtty_write(struct vfio_device *vdev, const char __user *buf,
1479 		   size_t count, loff_t *ppos)
1480 {
1481 	struct mdev_state *mdev_state =
1482 		container_of(vdev, struct mdev_state, vdev);
1483 	unsigned int done = 0;
1484 	int ret;
1485 
1486 	while (count) {
1487 		size_t filled;
1488 
1489 		if (count >= 4 && !(*ppos % 4)) {
1490 			u32 val;
1491 
1492 			if (copy_from_user(&val, buf, sizeof(val)))
1493 				goto write_err;
1494 
1495 			ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1496 					  *ppos, true);
1497 			if (ret <= 0)
1498 				goto write_err;
1499 
1500 			filled = 4;
1501 		} else if (count >= 2 && !(*ppos % 2)) {
1502 			u16 val;
1503 
1504 			if (copy_from_user(&val, buf, sizeof(val)))
1505 				goto write_err;
1506 
1507 			ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1508 					  *ppos, true);
1509 			if (ret <= 0)
1510 				goto write_err;
1511 
1512 			filled = 2;
1513 		} else {
1514 			u8 val;
1515 
1516 			if (copy_from_user(&val, buf, sizeof(val)))
1517 				goto write_err;
1518 
1519 			ret = mdev_access(mdev_state, (u8 *)&val, sizeof(val),
1520 					  *ppos, true);
1521 			if (ret <= 0)
1522 				goto write_err;
1523 
1524 			filled = 1;
1525 		}
1526 		count -= filled;
1527 		done += filled;
1528 		*ppos += filled;
1529 		buf += filled;
1530 	}
1531 
1532 	return done;
1533 write_err:
1534 	return -EFAULT;
1535 }
1536 
mtty_disable_intx(struct mdev_state * mdev_state)1537 static void mtty_disable_intx(struct mdev_state *mdev_state)
1538 {
1539 	if (mdev_state->intx_evtfd) {
1540 		eventfd_ctx_put(mdev_state->intx_evtfd);
1541 		mdev_state->intx_evtfd = NULL;
1542 		mdev_state->intx_mask = false;
1543 		mdev_state->irq_index = -1;
1544 	}
1545 }
1546 
mtty_disable_msi(struct mdev_state * mdev_state)1547 static void mtty_disable_msi(struct mdev_state *mdev_state)
1548 {
1549 	if (mdev_state->msi_evtfd) {
1550 		eventfd_ctx_put(mdev_state->msi_evtfd);
1551 		mdev_state->msi_evtfd = NULL;
1552 		mdev_state->irq_index = -1;
1553 	}
1554 }
1555 
mtty_set_irqs(struct mdev_state * mdev_state,uint32_t flags,unsigned int index,unsigned int start,unsigned int count,void * data)1556 static int mtty_set_irqs(struct mdev_state *mdev_state, uint32_t flags,
1557 			 unsigned int index, unsigned int start,
1558 			 unsigned int count, void *data)
1559 {
1560 	int ret = 0;
1561 
1562 	mutex_lock(&mdev_state->ops_lock);
1563 	switch (index) {
1564 	case VFIO_PCI_INTX_IRQ_INDEX:
1565 		switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
1566 		case VFIO_IRQ_SET_ACTION_MASK:
1567 			if (!is_intx(mdev_state) || start != 0 || count != 1) {
1568 				ret = -EINVAL;
1569 				break;
1570 			}
1571 
1572 			if (flags & VFIO_IRQ_SET_DATA_NONE) {
1573 				mdev_state->intx_mask = true;
1574 			} else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1575 				uint8_t mask = *(uint8_t *)data;
1576 
1577 				if (mask)
1578 					mdev_state->intx_mask = true;
1579 			} else if (flags &  VFIO_IRQ_SET_DATA_EVENTFD) {
1580 				ret = -ENOTTY; /* No support for mask fd */
1581 			}
1582 			break;
1583 		case VFIO_IRQ_SET_ACTION_UNMASK:
1584 			if (!is_intx(mdev_state) || start != 0 || count != 1) {
1585 				ret = -EINVAL;
1586 				break;
1587 			}
1588 
1589 			if (flags & VFIO_IRQ_SET_DATA_NONE) {
1590 				mdev_state->intx_mask = false;
1591 			} else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1592 				uint8_t mask = *(uint8_t *)data;
1593 
1594 				if (mask)
1595 					mdev_state->intx_mask = false;
1596 			} else if (flags &  VFIO_IRQ_SET_DATA_EVENTFD) {
1597 				ret = -ENOTTY; /* No support for unmask fd */
1598 			}
1599 			break;
1600 		case VFIO_IRQ_SET_ACTION_TRIGGER:
1601 			if (is_intx(mdev_state) && !count &&
1602 			    (flags & VFIO_IRQ_SET_DATA_NONE)) {
1603 				mtty_disable_intx(mdev_state);
1604 				break;
1605 			}
1606 
1607 			if (!(is_intx(mdev_state) || is_noirq(mdev_state)) ||
1608 			    start != 0 || count != 1) {
1609 				ret = -EINVAL;
1610 				break;
1611 			}
1612 
1613 			if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
1614 				int fd = *(int *)data;
1615 				struct eventfd_ctx *evt;
1616 
1617 				mtty_disable_intx(mdev_state);
1618 
1619 				if (fd < 0)
1620 					break;
1621 
1622 				evt = eventfd_ctx_fdget(fd);
1623 				if (IS_ERR(evt)) {
1624 					ret = PTR_ERR(evt);
1625 					break;
1626 				}
1627 				mdev_state->intx_evtfd = evt;
1628 				mdev_state->irq_index = index;
1629 				break;
1630 			}
1631 
1632 			if (!is_intx(mdev_state)) {
1633 				ret = -EINVAL;
1634 				break;
1635 			}
1636 
1637 			if (flags & VFIO_IRQ_SET_DATA_NONE) {
1638 				mtty_trigger_interrupt(mdev_state);
1639 			} else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1640 				uint8_t trigger = *(uint8_t *)data;
1641 
1642 				if (trigger)
1643 					mtty_trigger_interrupt(mdev_state);
1644 			}
1645 			break;
1646 		}
1647 		break;
1648 	case VFIO_PCI_MSI_IRQ_INDEX:
1649 		switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
1650 		case VFIO_IRQ_SET_ACTION_MASK:
1651 		case VFIO_IRQ_SET_ACTION_UNMASK:
1652 			ret = -ENOTTY;
1653 			break;
1654 		case VFIO_IRQ_SET_ACTION_TRIGGER:
1655 			if (is_msi(mdev_state) && !count &&
1656 			    (flags & VFIO_IRQ_SET_DATA_NONE)) {
1657 				mtty_disable_msi(mdev_state);
1658 				break;
1659 			}
1660 
1661 			if (!(is_msi(mdev_state) || is_noirq(mdev_state)) ||
1662 			    start != 0 || count != 1) {
1663 				ret = -EINVAL;
1664 				break;
1665 			}
1666 
1667 			if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
1668 				int fd = *(int *)data;
1669 				struct eventfd_ctx *evt;
1670 
1671 				mtty_disable_msi(mdev_state);
1672 
1673 				if (fd < 0)
1674 					break;
1675 
1676 				evt = eventfd_ctx_fdget(fd);
1677 				if (IS_ERR(evt)) {
1678 					ret = PTR_ERR(evt);
1679 					break;
1680 				}
1681 				mdev_state->msi_evtfd = evt;
1682 				mdev_state->irq_index = index;
1683 				break;
1684 			}
1685 
1686 			if (!is_msi(mdev_state)) {
1687 				ret = -EINVAL;
1688 				break;
1689 			}
1690 
1691 			if (flags & VFIO_IRQ_SET_DATA_NONE) {
1692 				mtty_trigger_interrupt(mdev_state);
1693 			} else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
1694 				uint8_t trigger = *(uint8_t *)data;
1695 
1696 				if (trigger)
1697 					mtty_trigger_interrupt(mdev_state);
1698 			}
1699 			break;
1700 		}
1701 		break;
1702 	case VFIO_PCI_MSIX_IRQ_INDEX:
1703 		dev_dbg(mdev_state->vdev.dev, "%s: MSIX_IRQ\n", __func__);
1704 		ret = -ENOTTY;
1705 		break;
1706 	case VFIO_PCI_ERR_IRQ_INDEX:
1707 		dev_dbg(mdev_state->vdev.dev, "%s: ERR_IRQ\n", __func__);
1708 		ret = -ENOTTY;
1709 		break;
1710 	case VFIO_PCI_REQ_IRQ_INDEX:
1711 		dev_dbg(mdev_state->vdev.dev, "%s: REQ_IRQ\n", __func__);
1712 		ret = -ENOTTY;
1713 		break;
1714 	}
1715 
1716 	mutex_unlock(&mdev_state->ops_lock);
1717 	return ret;
1718 }
1719 
mtty_get_region_info(struct mdev_state * mdev_state,struct vfio_region_info * region_info,u16 * cap_type_id,void ** cap_type)1720 static int mtty_get_region_info(struct mdev_state *mdev_state,
1721 			 struct vfio_region_info *region_info,
1722 			 u16 *cap_type_id, void **cap_type)
1723 {
1724 	unsigned int size = 0;
1725 	u32 bar_index;
1726 
1727 	bar_index = region_info->index;
1728 	if (bar_index >= VFIO_PCI_NUM_REGIONS)
1729 		return -EINVAL;
1730 
1731 	mutex_lock(&mdev_state->ops_lock);
1732 
1733 	switch (bar_index) {
1734 	case VFIO_PCI_CONFIG_REGION_INDEX:
1735 		size = MTTY_CONFIG_SPACE_SIZE;
1736 		break;
1737 	case VFIO_PCI_BAR0_REGION_INDEX:
1738 		size = MTTY_IO_BAR_SIZE;
1739 		break;
1740 	case VFIO_PCI_BAR1_REGION_INDEX:
1741 		if (mdev_state->nr_ports == 2)
1742 			size = MTTY_IO_BAR_SIZE;
1743 		break;
1744 	default:
1745 		size = 0;
1746 		break;
1747 	}
1748 
1749 	mdev_state->region_info[bar_index].size = size;
1750 	mdev_state->region_info[bar_index].vfio_offset =
1751 		MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1752 
1753 	region_info->size = size;
1754 	region_info->offset = MTTY_VFIO_PCI_INDEX_TO_OFFSET(bar_index);
1755 	region_info->flags = VFIO_REGION_INFO_FLAG_READ |
1756 		VFIO_REGION_INFO_FLAG_WRITE;
1757 	mutex_unlock(&mdev_state->ops_lock);
1758 	return 0;
1759 }
1760 
mtty_get_irq_info(struct vfio_irq_info * irq_info)1761 static int mtty_get_irq_info(struct vfio_irq_info *irq_info)
1762 {
1763 	if (irq_info->index != VFIO_PCI_INTX_IRQ_INDEX &&
1764 	    irq_info->index != VFIO_PCI_MSI_IRQ_INDEX)
1765 		return -EINVAL;
1766 
1767 	irq_info->flags = VFIO_IRQ_INFO_EVENTFD;
1768 	irq_info->count = 1;
1769 
1770 	if (irq_info->index == VFIO_PCI_INTX_IRQ_INDEX)
1771 		irq_info->flags |= VFIO_IRQ_INFO_MASKABLE |
1772 				   VFIO_IRQ_INFO_AUTOMASKED;
1773 	else
1774 		irq_info->flags |= VFIO_IRQ_INFO_NORESIZE;
1775 
1776 	return 0;
1777 }
1778 
mtty_get_device_info(struct vfio_device_info * dev_info)1779 static int mtty_get_device_info(struct vfio_device_info *dev_info)
1780 {
1781 	dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1782 	dev_info->num_regions = VFIO_PCI_NUM_REGIONS;
1783 	dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1784 
1785 	return 0;
1786 }
1787 
mtty_ioctl(struct vfio_device * vdev,unsigned int cmd,unsigned long arg)1788 static long mtty_ioctl(struct vfio_device *vdev, unsigned int cmd,
1789 			unsigned long arg)
1790 {
1791 	struct mdev_state *mdev_state =
1792 		container_of(vdev, struct mdev_state, vdev);
1793 	int ret = 0;
1794 	unsigned long minsz;
1795 
1796 	switch (cmd) {
1797 	case VFIO_DEVICE_GET_INFO:
1798 	{
1799 		struct vfio_device_info info;
1800 
1801 		minsz = offsetofend(struct vfio_device_info, num_irqs);
1802 
1803 		if (copy_from_user(&info, (void __user *)arg, minsz))
1804 			return -EFAULT;
1805 
1806 		if (info.argsz < minsz)
1807 			return -EINVAL;
1808 
1809 		ret = mtty_get_device_info(&info);
1810 		if (ret)
1811 			return ret;
1812 
1813 		memcpy(&mdev_state->dev_info, &info, sizeof(info));
1814 
1815 		if (copy_to_user((void __user *)arg, &info, minsz))
1816 			return -EFAULT;
1817 
1818 		return 0;
1819 	}
1820 	case VFIO_DEVICE_GET_REGION_INFO:
1821 	{
1822 		struct vfio_region_info info;
1823 		u16 cap_type_id = 0;
1824 		void *cap_type = NULL;
1825 
1826 		minsz = offsetofend(struct vfio_region_info, offset);
1827 
1828 		if (copy_from_user(&info, (void __user *)arg, minsz))
1829 			return -EFAULT;
1830 
1831 		if (info.argsz < minsz)
1832 			return -EINVAL;
1833 
1834 		ret = mtty_get_region_info(mdev_state, &info, &cap_type_id,
1835 					   &cap_type);
1836 		if (ret)
1837 			return ret;
1838 
1839 		if (copy_to_user((void __user *)arg, &info, minsz))
1840 			return -EFAULT;
1841 
1842 		return 0;
1843 	}
1844 
1845 	case VFIO_DEVICE_GET_IRQ_INFO:
1846 	{
1847 		struct vfio_irq_info info;
1848 
1849 		minsz = offsetofend(struct vfio_irq_info, count);
1850 
1851 		if (copy_from_user(&info, (void __user *)arg, minsz))
1852 			return -EFAULT;
1853 
1854 		if ((info.argsz < minsz) ||
1855 		    (info.index >= mdev_state->dev_info.num_irqs))
1856 			return -EINVAL;
1857 
1858 		ret = mtty_get_irq_info(&info);
1859 		if (ret)
1860 			return ret;
1861 
1862 		if (copy_to_user((void __user *)arg, &info, minsz))
1863 			return -EFAULT;
1864 
1865 		return 0;
1866 	}
1867 	case VFIO_DEVICE_SET_IRQS:
1868 	{
1869 		struct vfio_irq_set hdr;
1870 		u8 *data = NULL, *ptr = NULL;
1871 		size_t data_size = 0;
1872 
1873 		minsz = offsetofend(struct vfio_irq_set, count);
1874 
1875 		if (copy_from_user(&hdr, (void __user *)arg, minsz))
1876 			return -EFAULT;
1877 
1878 		ret = vfio_set_irqs_validate_and_prepare(&hdr,
1879 						mdev_state->dev_info.num_irqs,
1880 						VFIO_PCI_NUM_IRQS,
1881 						&data_size);
1882 		if (ret)
1883 			return ret;
1884 
1885 		if (data_size) {
1886 			ptr = data = memdup_user((void __user *)(arg + minsz),
1887 						 data_size);
1888 			if (IS_ERR(data))
1889 				return PTR_ERR(data);
1890 		}
1891 
1892 		ret = mtty_set_irqs(mdev_state, hdr.flags, hdr.index, hdr.start,
1893 				    hdr.count, data);
1894 
1895 		kfree(ptr);
1896 		return ret;
1897 	}
1898 	case VFIO_DEVICE_RESET:
1899 		return mtty_reset(mdev_state);
1900 	}
1901 	return -ENOTTY;
1902 }
1903 
1904 static ssize_t
sample_mdev_dev_show(struct device * dev,struct device_attribute * attr,char * buf)1905 sample_mdev_dev_show(struct device *dev, struct device_attribute *attr,
1906 		     char *buf)
1907 {
1908 	return sprintf(buf, "This is MDEV %s\n", dev_name(dev));
1909 }
1910 
1911 static DEVICE_ATTR_RO(sample_mdev_dev);
1912 
1913 static struct attribute *mdev_dev_attrs[] = {
1914 	&dev_attr_sample_mdev_dev.attr,
1915 	NULL,
1916 };
1917 
1918 static const struct attribute_group mdev_dev_group = {
1919 	.name  = "vendor",
1920 	.attrs = mdev_dev_attrs,
1921 };
1922 
1923 static const struct attribute_group *mdev_dev_groups[] = {
1924 	&mdev_dev_group,
1925 	NULL,
1926 };
1927 
mtty_get_available(struct mdev_type * mtype)1928 static unsigned int mtty_get_available(struct mdev_type *mtype)
1929 {
1930 	struct mtty_type *type = container_of(mtype, struct mtty_type, type);
1931 
1932 	return atomic_read(&mdev_avail_ports) / type->nr_ports;
1933 }
1934 
mtty_close(struct vfio_device * vdev)1935 static void mtty_close(struct vfio_device *vdev)
1936 {
1937 	struct mdev_state *mdev_state =
1938 				container_of(vdev, struct mdev_state, vdev);
1939 
1940 	mtty_disable_files(mdev_state);
1941 	mtty_disable_intx(mdev_state);
1942 	mtty_disable_msi(mdev_state);
1943 }
1944 
1945 static const struct vfio_device_ops mtty_dev_ops = {
1946 	.name = "vfio-mtty",
1947 	.init = mtty_init_dev,
1948 	.release = mtty_release_dev,
1949 	.read = mtty_read,
1950 	.write = mtty_write,
1951 	.ioctl = mtty_ioctl,
1952 	.bind_iommufd	= vfio_iommufd_emulated_bind,
1953 	.unbind_iommufd	= vfio_iommufd_emulated_unbind,
1954 	.attach_ioas	= vfio_iommufd_emulated_attach_ioas,
1955 	.detach_ioas	= vfio_iommufd_emulated_detach_ioas,
1956 	.close_device	= mtty_close,
1957 };
1958 
1959 static struct mdev_driver mtty_driver = {
1960 	.device_api = VFIO_DEVICE_API_PCI_STRING,
1961 	.driver = {
1962 		.name = "mtty",
1963 		.owner = THIS_MODULE,
1964 		.mod_name = KBUILD_MODNAME,
1965 		.dev_groups = mdev_dev_groups,
1966 	},
1967 	.probe = mtty_probe,
1968 	.remove	= mtty_remove,
1969 	.get_available = mtty_get_available,
1970 };
1971 
mtty_device_release(struct device * dev)1972 static void mtty_device_release(struct device *dev)
1973 {
1974 	dev_dbg(dev, "mtty: released\n");
1975 }
1976 
mtty_dev_init(void)1977 static int __init mtty_dev_init(void)
1978 {
1979 	int ret = 0;
1980 
1981 	pr_info("mtty_dev: %s\n", __func__);
1982 
1983 	memset(&mtty_dev, 0, sizeof(mtty_dev));
1984 
1985 	idr_init(&mtty_dev.vd_idr);
1986 
1987 	ret = alloc_chrdev_region(&mtty_dev.vd_devt, 0, MINORMASK + 1,
1988 				  MTTY_NAME);
1989 
1990 	if (ret < 0) {
1991 		pr_err("Error: failed to register mtty_dev, err:%d\n", ret);
1992 		return ret;
1993 	}
1994 
1995 	cdev_init(&mtty_dev.vd_cdev, &vd_fops);
1996 	cdev_add(&mtty_dev.vd_cdev, mtty_dev.vd_devt, MINORMASK + 1);
1997 
1998 	pr_info("major_number:%d\n", MAJOR(mtty_dev.vd_devt));
1999 
2000 	ret = mdev_register_driver(&mtty_driver);
2001 	if (ret)
2002 		goto err_cdev;
2003 
2004 	mtty_dev.vd_class = class_create(MTTY_CLASS_NAME);
2005 
2006 	if (IS_ERR(mtty_dev.vd_class)) {
2007 		pr_err("Error: failed to register mtty_dev class\n");
2008 		ret = PTR_ERR(mtty_dev.vd_class);
2009 		goto err_driver;
2010 	}
2011 
2012 	mtty_dev.dev.class = mtty_dev.vd_class;
2013 	mtty_dev.dev.release = mtty_device_release;
2014 	dev_set_name(&mtty_dev.dev, "%s", MTTY_NAME);
2015 
2016 	ret = device_register(&mtty_dev.dev);
2017 	if (ret)
2018 		goto err_put;
2019 
2020 	ret = mdev_register_parent(&mtty_dev.parent, &mtty_dev.dev,
2021 				   &mtty_driver, mtty_mdev_types,
2022 				   ARRAY_SIZE(mtty_mdev_types));
2023 	if (ret)
2024 		goto err_device;
2025 	return 0;
2026 
2027 err_device:
2028 	device_del(&mtty_dev.dev);
2029 err_put:
2030 	put_device(&mtty_dev.dev);
2031 	class_destroy(mtty_dev.vd_class);
2032 err_driver:
2033 	mdev_unregister_driver(&mtty_driver);
2034 err_cdev:
2035 	cdev_del(&mtty_dev.vd_cdev);
2036 	unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
2037 	return ret;
2038 }
2039 
mtty_dev_exit(void)2040 static void __exit mtty_dev_exit(void)
2041 {
2042 	mtty_dev.dev.bus = NULL;
2043 	mdev_unregister_parent(&mtty_dev.parent);
2044 
2045 	device_unregister(&mtty_dev.dev);
2046 	idr_destroy(&mtty_dev.vd_idr);
2047 	mdev_unregister_driver(&mtty_driver);
2048 	cdev_del(&mtty_dev.vd_cdev);
2049 	unregister_chrdev_region(mtty_dev.vd_devt, MINORMASK + 1);
2050 	class_destroy(mtty_dev.vd_class);
2051 	mtty_dev.vd_class = NULL;
2052 	pr_info("mtty_dev: Unloaded!\n");
2053 }
2054 
2055 module_init(mtty_dev_init)
2056 module_exit(mtty_dev_exit)
2057 
2058 MODULE_LICENSE("GPL v2");
2059 MODULE_DESCRIPTION("Test driver that simulate serial port over PCI");
2060 MODULE_VERSION(VERSION_STRING);
2061 MODULE_AUTHOR(DRIVER_AUTHOR);
2062