1 // SPDX-License-Identifier: GPL-2.0+
2 // Copyright 2017 IBM Corp.
3 #include <linux/sched/mm.h>
4 #include <linux/mutex.h>
6 #include <linux/mm_types.h>
7 #include <linux/mmu_context.h>
8 #include <linux/mmu_notifier.h>
9 #include <linux/irqdomain.h>
10 #include <asm/copro.h>
11 #include <asm/pnv-ocxl.h>
13 #include <misc/ocxl.h>
14 #include "ocxl_internal.h"
18 #define SPA_PASID_BITS 15
19 #define SPA_PASID_MAX ((1 << SPA_PASID_BITS) - 1)
20 #define SPA_PE_MASK SPA_PASID_MAX
21 #define SPA_SPA_SIZE_LOG 22 /* Each SPA is 4 Mb */
23 #define SPA_CFG_SF (1ull << (63-0))
24 #define SPA_CFG_TA (1ull << (63-1))
25 #define SPA_CFG_HV (1ull << (63-3))
26 #define SPA_CFG_UV (1ull << (63-4))
27 #define SPA_CFG_XLAT_hpt (0ull << (63-6)) /* Hashed page table (HPT) mode */
28 #define SPA_CFG_XLAT_roh (2ull << (63-6)) /* Radix on HPT mode */
29 #define SPA_CFG_XLAT_ror (3ull << (63-6)) /* Radix on Radix mode */
30 #define SPA_CFG_PR (1ull << (63-49))
31 #define SPA_CFG_TC (1ull << (63-54))
32 #define SPA_CFG_DR (1ull << (63-59))
34 #define SPA_XSL_TF (1ull << (63-3)) /* Translation fault */
35 #define SPA_XSL_S (1ull << (63-38)) /* Store operation */
37 #define SPA_PE_VALID 0x80000000
43 /* callback to trigger when a translation fault occurs */
44 void (*xsl_err_cb)(void *data, u64 addr, u64 dsisr);
45 /* opaque pointer to be passed to the above callback */
48 struct ocxl_link *link;
49 struct mmu_notifier mmu_notifier;
53 struct ocxl_process_element *spa_mem;
55 struct mutex spa_lock;
56 struct radix_tree_root pe_tree; /* Maps PE handles to pe_data */
59 void __iomem *reg_dsisr;
60 void __iomem *reg_dar;
61 void __iomem *reg_tfc;
62 void __iomem *reg_pe_handle;
64 * The following field are used by the memory fault
65 * interrupt handler. We can only have one interrupt at a
66 * time. The NPU won't raise another interrupt until the
67 * previous one has been ack'd by writing to the TFC register
70 struct work_struct fault_work;
74 struct pe_data pe_data;
79 * A opencapi link can be used be by several PCI functions. We have
80 * one link per device slot.
82 * A linked list of opencapi links should suffice, as there's a
83 * limited number of opencapi slots on a system and lookup is only
84 * done when the device is probed
87 struct list_head list;
92 void __iomem *arva; /* ATSD register virtual address */
93 spinlock_t atsd_lock; /* to serialize shootdowns */
94 atomic_t irq_available;
98 static LIST_HEAD(links_list);
99 static DEFINE_MUTEX(links_list_lock);
108 static void read_irq(struct spa *spa, u64 *dsisr, u64 *dar, u64 *pe)
112 *dsisr = in_be64(spa->reg_dsisr);
113 *dar = in_be64(spa->reg_dar);
114 reg = in_be64(spa->reg_pe_handle);
115 *pe = reg & SPA_PE_MASK;
118 static void ack_irq(struct spa *spa, enum xsl_response r)
122 /* continue is not supported */
125 else if (r == ADDRESS_ERROR)
128 WARN(1, "Invalid irq response %d\n", r);
131 trace_ocxl_fault_ack(spa->spa_mem, spa->xsl_fault.pe,
132 spa->xsl_fault.dsisr, spa->xsl_fault.dar, reg);
133 out_be64(spa->reg_tfc, reg);
137 static void xsl_fault_handler_bh(struct work_struct *fault_work)
140 unsigned long access, flags, inv_flags = 0;
142 struct xsl_fault *fault = container_of(fault_work, struct xsl_fault,
144 struct spa *spa = container_of(fault, struct spa, xsl_fault);
149 * We must release a reference on mm_users whenever exiting this
150 * function (taken in the memory fault interrupt handler)
152 rc = copro_handle_mm_fault(fault->pe_data.mm, fault->dar, fault->dsisr,
155 pr_debug("copro_handle_mm_fault failed: %d\n", rc);
156 if (fault->pe_data.xsl_err_cb) {
157 fault->pe_data.xsl_err_cb(
158 fault->pe_data.xsl_err_data,
159 fault->dar, fault->dsisr);
165 if (!radix_enabled()) {
167 * update_mmu_cache() will not have loaded the hash
168 * since current->trap is not a 0x400 or 0x300, so
169 * just call hash_page_mm() here.
171 access = _PAGE_PRESENT | _PAGE_READ;
172 if (fault->dsisr & SPA_XSL_S)
173 access |= _PAGE_WRITE;
175 if (get_region_id(fault->dar) != USER_REGION_ID)
176 access |= _PAGE_PRIVILEGED;
178 local_irq_save(flags);
179 hash_page_mm(fault->pe_data.mm, fault->dar, access, 0x300,
181 local_irq_restore(flags);
185 mmput(fault->pe_data.mm);
189 static irqreturn_t xsl_fault_handler(int irq, void *data)
191 struct ocxl_link *link = (struct ocxl_link *) data;
192 struct spa *spa = link->spa;
193 u64 dsisr, dar, pe_handle;
194 struct pe_data *pe_data;
195 struct ocxl_process_element *pe;
197 bool schedule = false;
199 read_irq(spa, &dsisr, &dar, &pe_handle);
200 trace_ocxl_fault(spa->spa_mem, pe_handle, dsisr, dar, -1);
202 WARN_ON(pe_handle > SPA_PE_MASK);
203 pe = spa->spa_mem + pe_handle;
204 pid = be32_to_cpu(pe->pid);
205 /* We could be reading all null values here if the PE is being
206 * removed while an interrupt kicks in. It's not supposed to
207 * happen if the driver notified the AFU to terminate the
208 * PASID, and the AFU waited for pending operations before
209 * acknowledging. But even if it happens, we won't find a
210 * memory context below and fail silently, so it should be ok.
212 if (!(dsisr & SPA_XSL_TF)) {
213 WARN(1, "Invalid xsl interrupt fault register %#llx\n", dsisr);
214 ack_irq(spa, ADDRESS_ERROR);
219 pe_data = radix_tree_lookup(&spa->pe_tree, pe_handle);
222 * Could only happen if the driver didn't notify the
223 * AFU about PASID termination before removing the PE,
224 * or the AFU didn't wait for all memory access to
227 * Either way, we fail early, but we shouldn't log an
228 * error message, as it is a valid (if unexpected)
232 pr_debug("Unknown mm context for xsl interrupt\n");
233 ack_irq(spa, ADDRESS_ERROR);
239 * translation fault from a kernel context - an OpenCAPI
240 * device tried to access a bad kernel address
243 pr_warn("Unresolved OpenCAPI xsl fault in kernel context\n");
244 ack_irq(spa, ADDRESS_ERROR);
247 WARN_ON(pe_data->mm->context.id != pid);
249 if (mmget_not_zero(pe_data->mm)) {
250 spa->xsl_fault.pe = pe_handle;
251 spa->xsl_fault.dar = dar;
252 spa->xsl_fault.dsisr = dsisr;
253 spa->xsl_fault.pe_data = *pe_data;
255 /* mm_users count released by bottom half */
259 schedule_work(&spa->xsl_fault.fault_work);
261 ack_irq(spa, ADDRESS_ERROR);
265 static void unmap_irq_registers(struct spa *spa)
267 pnv_ocxl_unmap_xsl_regs(spa->reg_dsisr, spa->reg_dar, spa->reg_tfc,
271 static int map_irq_registers(struct pci_dev *dev, struct spa *spa)
273 return pnv_ocxl_map_xsl_regs(dev, &spa->reg_dsisr, &spa->reg_dar,
274 &spa->reg_tfc, &spa->reg_pe_handle);
277 static int setup_xsl_irq(struct pci_dev *dev, struct ocxl_link *link)
279 struct spa *spa = link->spa;
283 rc = pnv_ocxl_get_xsl_irq(dev, &hwirq);
287 rc = map_irq_registers(dev, spa);
291 spa->irq_name = kasprintf(GFP_KERNEL, "ocxl-xsl-%x-%x-%x",
292 link->domain, link->bus, link->dev);
293 if (!spa->irq_name) {
294 dev_err(&dev->dev, "Can't allocate name for xsl interrupt\n");
299 * At some point, we'll need to look into allowing a higher
300 * number of interrupts. Could we have an IRQ domain per link?
302 spa->virq = irq_create_mapping(NULL, hwirq);
305 "irq_create_mapping failed for translation interrupt\n");
310 dev_dbg(&dev->dev, "hwirq %d mapped to virq %d\n", hwirq, spa->virq);
312 rc = request_irq(spa->virq, xsl_fault_handler, 0, spa->irq_name,
316 "request_irq failed for translation interrupt: %d\n",
324 irq_dispose_mapping(spa->virq);
326 kfree(spa->irq_name);
328 unmap_irq_registers(spa);
332 static void release_xsl_irq(struct ocxl_link *link)
334 struct spa *spa = link->spa;
337 free_irq(spa->virq, link);
338 irq_dispose_mapping(spa->virq);
340 kfree(spa->irq_name);
341 unmap_irq_registers(spa);
344 static int alloc_spa(struct pci_dev *dev, struct ocxl_link *link)
348 spa = kzalloc(sizeof(struct spa), GFP_KERNEL);
352 mutex_init(&spa->spa_lock);
353 INIT_RADIX_TREE(&spa->pe_tree, GFP_KERNEL);
354 INIT_WORK(&spa->xsl_fault.fault_work, xsl_fault_handler_bh);
356 spa->spa_order = SPA_SPA_SIZE_LOG - PAGE_SHIFT;
357 spa->spa_mem = (struct ocxl_process_element *)
358 __get_free_pages(GFP_KERNEL | __GFP_ZERO, spa->spa_order);
360 dev_err(&dev->dev, "Can't allocate Shared Process Area\n");
364 pr_debug("Allocated SPA for %x:%x:%x at %p\n", link->domain, link->bus,
365 link->dev, spa->spa_mem);
371 static void free_spa(struct ocxl_link *link)
373 struct spa *spa = link->spa;
375 pr_debug("Freeing SPA for %x:%x:%x\n", link->domain, link->bus,
378 if (spa && spa->spa_mem) {
379 free_pages((unsigned long) spa->spa_mem, spa->spa_order);
385 static int alloc_link(struct pci_dev *dev, int PE_mask, struct ocxl_link **out_link)
387 struct ocxl_link *link;
390 link = kzalloc(sizeof(struct ocxl_link), GFP_KERNEL);
394 kref_init(&link->ref);
395 link->domain = pci_domain_nr(dev->bus);
396 link->bus = dev->bus->number;
397 link->dev = PCI_SLOT(dev->devfn);
398 atomic_set(&link->irq_available, MAX_IRQ_PER_LINK);
399 spin_lock_init(&link->atsd_lock);
401 rc = alloc_spa(dev, link);
405 rc = setup_xsl_irq(dev, link);
409 /* platform specific hook */
410 rc = pnv_ocxl_spa_setup(dev, link->spa->spa_mem, PE_mask,
411 &link->platform_data);
415 /* if link->arva is not defeined, MMIO registers are not used to
416 * generate TLB invalidate. PowerBus snooping is enabled.
417 * Otherwise, PowerBus snooping is disabled. TLB Invalidates are
418 * initiated using MMIO registers.
420 pnv_ocxl_map_lpar(dev, mfspr(SPRN_LPID), 0, &link->arva);
426 release_xsl_irq(link);
434 static void free_link(struct ocxl_link *link)
436 release_xsl_irq(link);
441 int ocxl_link_setup(struct pci_dev *dev, int PE_mask, void **link_handle)
444 struct ocxl_link *link;
446 mutex_lock(&links_list_lock);
447 list_for_each_entry(link, &links_list, list) {
448 /* The functions of a device all share the same link */
449 if (link->domain == pci_domain_nr(dev->bus) &&
450 link->bus == dev->bus->number &&
451 link->dev == PCI_SLOT(dev->devfn)) {
452 kref_get(&link->ref);
457 rc = alloc_link(dev, PE_mask, &link);
461 list_add(&link->list, &links_list);
464 mutex_unlock(&links_list_lock);
467 EXPORT_SYMBOL_GPL(ocxl_link_setup);
469 static void release_xsl(struct kref *ref)
471 struct ocxl_link *link = container_of(ref, struct ocxl_link, ref);
474 pnv_ocxl_unmap_lpar(link->arva);
478 list_del(&link->list);
479 /* call platform code before releasing data */
480 pnv_ocxl_spa_release(link->platform_data);
484 void ocxl_link_release(struct pci_dev *dev, void *link_handle)
486 struct ocxl_link *link = (struct ocxl_link *) link_handle;
488 mutex_lock(&links_list_lock);
489 kref_put(&link->ref, release_xsl);
490 mutex_unlock(&links_list_lock);
492 EXPORT_SYMBOL_GPL(ocxl_link_release);
494 static void arch_invalidate_secondary_tlbs(struct mmu_notifier *mn,
495 struct mm_struct *mm,
496 unsigned long start, unsigned long end)
498 struct pe_data *pe_data = container_of(mn, struct pe_data, mmu_notifier);
499 struct ocxl_link *link = pe_data->link;
500 unsigned long addr, pid, page_size = PAGE_SIZE;
502 pid = mm->context.id;
503 trace_ocxl_mmu_notifier_range(start, end, pid);
505 spin_lock(&link->atsd_lock);
506 for (addr = start; addr < end; addr += page_size)
507 pnv_ocxl_tlb_invalidate(link->arva, pid, addr, page_size);
508 spin_unlock(&link->atsd_lock);
511 static const struct mmu_notifier_ops ocxl_mmu_notifier_ops = {
512 .arch_invalidate_secondary_tlbs = arch_invalidate_secondary_tlbs,
515 static u64 calculate_cfg_state(bool kernel)
520 if (mfspr(SPRN_LPCR) & LPCR_TC)
523 state |= SPA_CFG_XLAT_ror;
525 state |= SPA_CFG_XLAT_hpt;
528 if (mfmsr() & MSR_SF)
532 if (!test_tsk_thread_flag(current, TIF_32BIT))
538 int ocxl_link_add_pe(void *link_handle, int pasid, u32 pidr, u32 tidr,
539 u64 amr, u16 bdf, struct mm_struct *mm,
540 void (*xsl_err_cb)(void *data, u64 addr, u64 dsisr),
543 struct ocxl_link *link = (struct ocxl_link *) link_handle;
544 struct spa *spa = link->spa;
545 struct ocxl_process_element *pe;
546 int pe_handle, rc = 0;
547 struct pe_data *pe_data;
549 BUILD_BUG_ON(sizeof(struct ocxl_process_element) != 128);
550 if (pasid > SPA_PASID_MAX)
553 mutex_lock(&spa->spa_lock);
554 pe_handle = pasid & SPA_PE_MASK;
555 pe = spa->spa_mem + pe_handle;
557 if (pe->software_state) {
562 pe_data = kmalloc(sizeof(*pe_data), GFP_KERNEL);
569 pe_data->xsl_err_cb = xsl_err_cb;
570 pe_data->xsl_err_data = xsl_err_data;
571 pe_data->link = link;
572 pe_data->mmu_notifier.ops = &ocxl_mmu_notifier_ops;
574 memset(pe, 0, sizeof(struct ocxl_process_element));
575 pe->config_state = cpu_to_be64(calculate_cfg_state(pidr == 0));
576 pe->pasid = cpu_to_be32(pasid << (31 - 19));
577 pe->bdf = cpu_to_be16(bdf);
578 pe->lpid = cpu_to_be32(mfspr(SPRN_LPID));
579 pe->pid = cpu_to_be32(pidr);
580 pe->tid = cpu_to_be32(tidr);
581 pe->amr = cpu_to_be64(amr);
582 pe->software_state = cpu_to_be32(SPA_PE_VALID);
585 * For user contexts, register a copro so that TLBIs are seen
586 * by the nest MMU. If we have a kernel context, TLBIs are
590 mm_context_add_copro(mm);
592 /* Use MMIO registers for the TLB Invalidate
595 trace_ocxl_init_mmu_notifier(pasid, mm->context.id);
596 mmu_notifier_register(&pe_data->mmu_notifier, mm);
601 * Barrier is to make sure PE is visible in the SPA before it
602 * is used by the device. It also helps with the global TLBI
606 radix_tree_insert(&spa->pe_tree, pe_handle, pe_data);
609 * The mm must stay valid for as long as the device uses it. We
610 * lower the count when the context is removed from the SPA.
612 * We grab mm_count (and not mm_users), as we don't want to
613 * end up in a circular dependency if a process mmaps its
614 * mmio, therefore incrementing the file ref count when
615 * calling mmap(), and forgets to unmap before exiting. In
616 * that scenario, when the kernel handles the death of the
617 * process, the file is not cleaned because unmap was not
618 * called, and the mm wouldn't be freed because we would still
619 * have a reference on mm_users. Incrementing mm_count solves
624 trace_ocxl_context_add(current->pid, spa->spa_mem, pasid, pidr, tidr);
626 mutex_unlock(&spa->spa_lock);
629 EXPORT_SYMBOL_GPL(ocxl_link_add_pe);
631 int ocxl_link_update_pe(void *link_handle, int pasid, __u16 tid)
633 struct ocxl_link *link = (struct ocxl_link *) link_handle;
634 struct spa *spa = link->spa;
635 struct ocxl_process_element *pe;
638 if (pasid > SPA_PASID_MAX)
641 pe_handle = pasid & SPA_PE_MASK;
642 pe = spa->spa_mem + pe_handle;
644 mutex_lock(&spa->spa_lock);
646 pe->tid = cpu_to_be32(tid);
649 * The barrier makes sure the PE is updated
650 * before we clear the NPU context cache below, so that the
651 * old PE cannot be reloaded erroneously.
656 * hook to platform code
657 * On powerpc, the entry needs to be cleared from the context
660 rc = pnv_ocxl_spa_remove_pe_from_cache(link->platform_data, pe_handle);
663 mutex_unlock(&spa->spa_lock);
667 int ocxl_link_remove_pe(void *link_handle, int pasid)
669 struct ocxl_link *link = (struct ocxl_link *) link_handle;
670 struct spa *spa = link->spa;
671 struct ocxl_process_element *pe;
672 struct pe_data *pe_data;
675 if (pasid > SPA_PASID_MAX)
679 * About synchronization with our memory fault handler:
681 * Before removing the PE, the driver is supposed to have
682 * notified the AFU, which should have cleaned up and make
683 * sure the PASID is no longer in use, including pending
684 * interrupts. However, there's no way to be sure...
686 * We clear the PE and remove the context from our radix
687 * tree. From that point on, any new interrupt for that
688 * context will fail silently, which is ok. As mentioned
689 * above, that's not expected, but it could happen if the
690 * driver or AFU didn't do the right thing.
692 * There could still be a bottom half running, but we don't
693 * need to wait/flush, as it is managing a reference count on
694 * the mm it reads from the radix tree.
696 pe_handle = pasid & SPA_PE_MASK;
697 pe = spa->spa_mem + pe_handle;
699 mutex_lock(&spa->spa_lock);
701 if (!(be32_to_cpu(pe->software_state) & SPA_PE_VALID)) {
706 trace_ocxl_context_remove(current->pid, spa->spa_mem, pasid,
707 be32_to_cpu(pe->pid), be32_to_cpu(pe->tid));
709 memset(pe, 0, sizeof(struct ocxl_process_element));
711 * The barrier makes sure the PE is removed from the SPA
712 * before we clear the NPU context cache below, so that the
713 * old PE cannot be reloaded erroneously.
718 * hook to platform code
719 * On powerpc, the entry needs to be cleared from the context
722 rc = pnv_ocxl_spa_remove_pe_from_cache(link->platform_data, pe_handle);
725 pe_data = radix_tree_delete(&spa->pe_tree, pe_handle);
727 WARN(1, "Couldn't find pe data when removing PE\n");
731 trace_ocxl_release_mmu_notifier(pasid,
732 pe_data->mm->context.id);
733 mmu_notifier_unregister(&pe_data->mmu_notifier,
735 spin_lock(&link->atsd_lock);
736 pnv_ocxl_tlb_invalidate(link->arva,
737 pe_data->mm->context.id,
740 spin_unlock(&link->atsd_lock);
742 mm_context_remove_copro(pe_data->mm);
745 kfree_rcu(pe_data, rcu);
748 mutex_unlock(&spa->spa_lock);
751 EXPORT_SYMBOL_GPL(ocxl_link_remove_pe);
753 int ocxl_link_irq_alloc(void *link_handle, int *hw_irq)
755 struct ocxl_link *link = (struct ocxl_link *) link_handle;
758 if (atomic_dec_if_positive(&link->irq_available) < 0)
761 irq = xive_native_alloc_irq();
763 atomic_inc(&link->irq_available);
770 EXPORT_SYMBOL_GPL(ocxl_link_irq_alloc);
772 void ocxl_link_free_irq(void *link_handle, int hw_irq)
774 struct ocxl_link *link = (struct ocxl_link *) link_handle;
776 xive_native_free_irq(hw_irq);
777 atomic_inc(&link->irq_available);
779 EXPORT_SYMBOL_GPL(ocxl_link_free_irq);
projects / platform / kernel / linux-starfive.git / blob