1/*
2 * VFIO PCI config space virtualization
3 *
4 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
5 * Author: Alex Williamson <alex.williamson@redhat.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 *
11 * Derived from original vfio:
12 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
13 * Author: Tom Lyon, pugs@cisco.com
14 */
15
16/*
17 * This code handles reading and writing of PCI configuration registers.
18 * This is hairy because we want to allow a lot of flexibility to the
19 * user driver, but cannot trust it with all of the config fields.
20 * Tables determine which fields can be read and written, as well as
21 * which fields are 'virtualized' - special actions and translations to
22 * make it appear to the user that he has control, when in fact things
23 * must be negotiated with the underlying OS.
24 */
25
26#include <linux/fs.h>
27#include <linux/pci.h>
28#include <linux/uaccess.h>
29#include <linux/vfio.h>
30#include <linux/slab.h>
31
32#include "vfio_pci_private.h"
33
34/* Fake capability ID for standard config space */
35#define PCI_CAP_ID_BASIC 0
36
37#define is_bar(offset) \
38 ((offset >= PCI_BASE_ADDRESS_0 && offset < PCI_BASE_ADDRESS_5 + 4) || \
39 (offset >= PCI_ROM_ADDRESS && offset < PCI_ROM_ADDRESS + 4))
40
41/*
42 * Lengths of PCI Config Capabilities
43 * 0: Removed from the user visible capability list
44 * FF: Variable length
45 */
46static const u8 pci_cap_length[PCI_CAP_ID_MAX + 1] = {
47 [PCI_CAP_ID_BASIC] = PCI_STD_HEADER_SIZEOF, /* pci config header */
48 [PCI_CAP_ID_PM] = PCI_PM_SIZEOF,
49 [PCI_CAP_ID_AGP] = PCI_AGP_SIZEOF,
50 [PCI_CAP_ID_VPD] = PCI_CAP_VPD_SIZEOF,
51 [PCI_CAP_ID_SLOTID] = 0, /* bridge - don't care */
52 [PCI_CAP_ID_MSI] = 0xFF, /* 10, 14, 20, or 24 */
53 [PCI_CAP_ID_CHSWP] = 0, /* cpci - not yet */
54 [PCI_CAP_ID_PCIX] = 0xFF, /* 8 or 24 */
55 [PCI_CAP_ID_HT] = 0xFF, /* hypertransport */
56 [PCI_CAP_ID_VNDR] = 0xFF, /* variable */
57 [PCI_CAP_ID_DBG] = 0, /* debug - don't care */
58 [PCI_CAP_ID_CCRC] = 0, /* cpci - not yet */
59 [PCI_CAP_ID_SHPC] = 0, /* hotswap - not yet */
60 [PCI_CAP_ID_SSVID] = 0, /* bridge - don't care */
61 [PCI_CAP_ID_AGP3] = 0, /* AGP8x - not yet */
62 [PCI_CAP_ID_SECDEV] = 0, /* secure device not yet */
63 [PCI_CAP_ID_EXP] = 0xFF, /* 20 or 44 */
64 [PCI_CAP_ID_MSIX] = PCI_CAP_MSIX_SIZEOF,
65 [PCI_CAP_ID_SATA] = 0xFF,
66 [PCI_CAP_ID_AF] = PCI_CAP_AF_SIZEOF,
67};
68
69/*
70 * Lengths of PCIe/PCI-X Extended Config Capabilities
71 * 0: Removed or masked from the user visible capability list
72 * FF: Variable length
73 */
74static const u16 pci_ext_cap_length[PCI_EXT_CAP_ID_MAX + 1] = {
75 [PCI_EXT_CAP_ID_ERR] = PCI_ERR_ROOT_COMMAND,
76 [PCI_EXT_CAP_ID_VC] = 0xFF,
77 [PCI_EXT_CAP_ID_DSN] = PCI_EXT_CAP_DSN_SIZEOF,
78 [PCI_EXT_CAP_ID_PWR] = PCI_EXT_CAP_PWR_SIZEOF,
79 [PCI_EXT_CAP_ID_RCLD] = 0, /* root only - don't care */
80 [PCI_EXT_CAP_ID_RCILC] = 0, /* root only - don't care */
81 [PCI_EXT_CAP_ID_RCEC] = 0, /* root only - don't care */
82 [PCI_EXT_CAP_ID_MFVC] = 0xFF,
83 [PCI_EXT_CAP_ID_VC9] = 0xFF, /* same as CAP_ID_VC */
84 [PCI_EXT_CAP_ID_RCRB] = 0, /* root only - don't care */
85 [PCI_EXT_CAP_ID_VNDR] = 0xFF,
86 [PCI_EXT_CAP_ID_CAC] = 0, /* obsolete */
87 [PCI_EXT_CAP_ID_ACS] = 0xFF,
88 [PCI_EXT_CAP_ID_ARI] = PCI_EXT_CAP_ARI_SIZEOF,
89 [PCI_EXT_CAP_ID_ATS] = PCI_EXT_CAP_ATS_SIZEOF,
90 [PCI_EXT_CAP_ID_SRIOV] = PCI_EXT_CAP_SRIOV_SIZEOF,
91 [PCI_EXT_CAP_ID_MRIOV] = 0, /* not yet */
92 [PCI_EXT_CAP_ID_MCAST] = PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF,
93 [PCI_EXT_CAP_ID_PRI] = PCI_EXT_CAP_PRI_SIZEOF,
94 [PCI_EXT_CAP_ID_AMD_XXX] = 0, /* not yet */
95 [PCI_EXT_CAP_ID_REBAR] = 0xFF,
96 [PCI_EXT_CAP_ID_DPA] = 0xFF,
97 [PCI_EXT_CAP_ID_TPH] = 0xFF,
98 [PCI_EXT_CAP_ID_LTR] = PCI_EXT_CAP_LTR_SIZEOF,
99 [PCI_EXT_CAP_ID_SECPCI] = 0, /* not yet */
100 [PCI_EXT_CAP_ID_PMUX] = 0, /* not yet */
101 [PCI_EXT_CAP_ID_PASID] = 0, /* not yet */
102};
103
104/*
105 * Read/Write Permission Bits - one bit for each bit in capability
106 * Any field can be read if it exists, but what is read depends on
107 * whether the field is 'virtualized', or just pass thru to the
108 * hardware. Any virtualized field is also virtualized for writes.
109 * Writes are only permitted if they have a 1 bit here.
110 */
111struct perm_bits {
112 u8 *virt; /* read/write virtual data, not hw */
113 u8 *write; /* writeable bits */
114 int (*readfn)(struct vfio_pci_device *vdev, int pos, int count,
115 struct perm_bits *perm, int offset, __le32 *val);
116 int (*writefn)(struct vfio_pci_device *vdev, int pos, int count,
117 struct perm_bits *perm, int offset, __le32 val);
118};
119
120#define NO_VIRT 0
121#define ALL_VIRT 0xFFFFFFFFU
122#define NO_WRITE 0
123#define ALL_WRITE 0xFFFFFFFFU
124
125static int vfio_user_config_read(struct pci_dev *pdev, int offset,
126 __le32 *val, int count)
127{
128 int ret = -EINVAL;
129 u32 tmp_val = 0;
130
131 switch (count) {
132 case 1:
133 {
134 u8 tmp;
135 ret = pci_user_read_config_byte(pdev, offset, &tmp);
136 tmp_val = tmp;
137 break;
138 }
139 case 2:
140 {
141 u16 tmp;
142 ret = pci_user_read_config_word(pdev, offset, &tmp);
143 tmp_val = tmp;
144 break;
145 }
146 case 4:
147 ret = pci_user_read_config_dword(pdev, offset, &tmp_val);
148 break;
149 }
150
151 *val = cpu_to_le32(tmp_val);
152
153 return ret;
154}
155
156static int vfio_user_config_write(struct pci_dev *pdev, int offset,
157 __le32 val, int count)
158{
159 int ret = -EINVAL;
160 u32 tmp_val = le32_to_cpu(val);
161
162 switch (count) {
163 case 1:
164 ret = pci_user_write_config_byte(pdev, offset, tmp_val);
165 break;
166 case 2:
167 ret = pci_user_write_config_word(pdev, offset, tmp_val);
168 break;
169 case 4:
170 ret = pci_user_write_config_dword(pdev, offset, tmp_val);
171 break;
172 }
173
174 return ret;
175}
176
177static int vfio_default_config_read(struct vfio_pci_device *vdev, int pos,
178 int count, struct perm_bits *perm,
179 int offset, __le32 *val)
180{
181 __le32 virt = 0;
182
183 memcpy(val, vdev->vconfig + pos, count);
184
185 memcpy(&virt, perm->virt + offset, count);
186
187 /* Any non-virtualized bits? */
188 if (cpu_to_le32(~0U >> (32 - (count * 8))) != virt) {
189 struct pci_dev *pdev = vdev->pdev;
190 __le32 phys_val = 0;
191 int ret;
192
193 ret = vfio_user_config_read(pdev, pos, &phys_val, count);
194 if (ret)
195 return ret;
196
197 *val = (phys_val & ~virt) | (*val & virt);
198 }
199
200 return count;
201}
202
203static int vfio_default_config_write(struct vfio_pci_device *vdev, int pos,
204 int count, struct perm_bits *perm,
205 int offset, __le32 val)
206{
207 __le32 virt = 0, write = 0;
208
209 memcpy(&write, perm->write + offset, count);
210
211 if (!write)
212 return count; /* drop, no writable bits */
213
214 memcpy(&virt, perm->virt + offset, count);
215
216 /* Virtualized and writable bits go to vconfig */
217 if (write & virt) {
218 __le32 virt_val = 0;
219
220 memcpy(&virt_val, vdev->vconfig + pos, count);
221
222 virt_val &= ~(write & virt);
223 virt_val |= (val & (write & virt));
224
225 memcpy(vdev->vconfig + pos, &virt_val, count);
226 }
227
228 /* Non-virtualzed and writable bits go to hardware */
229 if (write & ~virt) {
230 struct pci_dev *pdev = vdev->pdev;
231 __le32 phys_val = 0;
232 int ret;
233
234 ret = vfio_user_config_read(pdev, pos, &phys_val, count);
235 if (ret)
236 return ret;
237
238 phys_val &= ~(write & ~virt);
239 phys_val |= (val & (write & ~virt));
240
241 ret = vfio_user_config_write(pdev, pos, phys_val, count);
242 if (ret)
243 return ret;
244 }
245
246 return count;
247}
248
249/* Allow direct read from hardware, except for capability next pointer */
250static int vfio_direct_config_read(struct vfio_pci_device *vdev, int pos,
251 int count, struct perm_bits *perm,
252 int offset, __le32 *val)
253{
254 int ret;
255
256 ret = vfio_user_config_read(vdev->pdev, pos, val, count);
257 if (ret)
258 return ret;
259
260 if (pos >= PCI_CFG_SPACE_SIZE) { /* Extended cap header mangling */
261 if (offset < 4)
262 memcpy(val, vdev->vconfig + pos, count);
263 } else if (pos >= PCI_STD_HEADER_SIZEOF) { /* Std cap mangling */
264 if (offset == PCI_CAP_LIST_ID && count > 1)
265 memcpy(val, vdev->vconfig + pos,
266 min(PCI_CAP_FLAGS, count));
267 else if (offset == PCI_CAP_LIST_NEXT)
268 memcpy(val, vdev->vconfig + pos, 1);
269 }
270
271 return count;
272}
273
274/* Raw access skips any kind of virtualization */
275static int vfio_raw_config_write(struct vfio_pci_device *vdev, int pos,
276 int count, struct perm_bits *perm,
277 int offset, __le32 val)
278{
279 int ret;
280
281 ret = vfio_user_config_write(vdev->pdev, pos, val, count);
282 if (ret)
283 return ret;
284
285 return count;
286}
287
288static int vfio_raw_config_read(struct vfio_pci_device *vdev, int pos,
289 int count, struct perm_bits *perm,
290 int offset, __le32 *val)
291{
292 int ret;
293
294 ret = vfio_user_config_read(vdev->pdev, pos, val, count);
295 if (ret)
296 return ret;
297
298 return count;
299}
300
301/* Virt access uses only virtualization */
302static int vfio_virt_config_write(struct vfio_pci_device *vdev, int pos,
303 int count, struct perm_bits *perm,
304 int offset, __le32 val)
305{
306 memcpy(vdev->vconfig + pos, &val, count);
307 return count;
308}
309
310static int vfio_virt_config_read(struct vfio_pci_device *vdev, int pos,
311 int count, struct perm_bits *perm,
312 int offset, __le32 *val)
313{
314 memcpy(val, vdev->vconfig + pos, count);
315 return count;
316}
317
318/* Default capability regions to read-only, no-virtualization */
319static struct perm_bits cap_perms[PCI_CAP_ID_MAX + 1] = {
320 [0 ... PCI_CAP_ID_MAX] = { .readfn = vfio_direct_config_read }
321};
322static struct perm_bits ecap_perms[PCI_EXT_CAP_ID_MAX + 1] = {
323 [0 ... PCI_EXT_CAP_ID_MAX] = { .readfn = vfio_direct_config_read }
324};
325/*
326 * Default unassigned regions to raw read-write access. Some devices
327 * require this to function as they hide registers between the gaps in
328 * config space (be2net). Like MMIO and I/O port registers, we have
329 * to trust the hardware isolation.
330 */
331static struct perm_bits unassigned_perms = {
332 .readfn = vfio_raw_config_read,
333 .writefn = vfio_raw_config_write
334};
335
336static struct perm_bits virt_perms = {
337 .readfn = vfio_virt_config_read,
338 .writefn = vfio_virt_config_write
339};
340
341static void free_perm_bits(struct perm_bits *perm)
342{
343 kfree(perm->virt);
344 kfree(perm->write);
345 perm->virt = NULL;
346 perm->write = NULL;
347}
348
349static int alloc_perm_bits(struct perm_bits *perm, int size)
350{
351 /*
352 * Round up all permission bits to the next dword, this lets us
353 * ignore whether a read/write exceeds the defined capability
354 * structure. We can do this because:
355 * - Standard config space is already dword aligned
356 * - Capabilities are all dword aligned (bits 0:1 of next reserved)
357 * - Express capabilities defined as dword aligned
358 */
359 size = round_up(size, 4);
360
361 /*
362 * Zero state is
363 * - All Readable, None Writeable, None Virtualized
364 */
365 perm->virt = kzalloc(size, GFP_KERNEL);
366 perm->write = kzalloc(size, GFP_KERNEL);
367 if (!perm->virt || !perm->write) {
368 free_perm_bits(perm);
369 return -ENOMEM;
370 }
371
372 perm->readfn = vfio_default_config_read;
373 perm->writefn = vfio_default_config_write;
374
375 return 0;
376}
377
378/*
379 * Helper functions for filling in permission tables
380 */
381static inline void p_setb(struct perm_bits *p, int off, u8 virt, u8 write)
382{
383 p->virt[off] = virt;
384 p->write[off] = write;
385}
386
387/* Handle endian-ness - pci and tables are little-endian */
388static inline void p_setw(struct perm_bits *p, int off, u16 virt, u16 write)
389{
390 *(__le16 *)(&p->virt[off]) = cpu_to_le16(virt);
391 *(__le16 *)(&p->write[off]) = cpu_to_le16(write);
392}
393
394/* Handle endian-ness - pci and tables are little-endian */
395static inline void p_setd(struct perm_bits *p, int off, u32 virt, u32 write)
396{
397 *(__le32 *)(&p->virt[off]) = cpu_to_le32(virt);
398 *(__le32 *)(&p->write[off]) = cpu_to_le32(write);
399}
400
401/*
402 * Restore the *real* BARs after we detect a FLR or backdoor reset.
403 * (backdoor = some device specific technique that we didn't catch)
404 */
405static void vfio_bar_restore(struct vfio_pci_device *vdev)
406{
407 struct pci_dev *pdev = vdev->pdev;
408 u32 *rbar = vdev->rbar;
409 u16 cmd;
410 int i;
411
412 if (pdev->is_virtfn)
413 return;
414
415 pr_info("%s: %s reset recovery - restoring bars\n",
416 __func__, dev_name(&pdev->dev));
417
418 for (i = PCI_BASE_ADDRESS_0; i <= PCI_BASE_ADDRESS_5; i += 4, rbar++)
419 pci_user_write_config_dword(pdev, i, *rbar);
420
421 pci_user_write_config_dword(pdev, PCI_ROM_ADDRESS, *rbar);
422
423 if (vdev->nointx) {
424 pci_user_read_config_word(pdev, PCI_COMMAND, &cmd);
425 cmd |= PCI_COMMAND_INTX_DISABLE;
426 pci_user_write_config_word(pdev, PCI_COMMAND, cmd);
427 }
428}
429
430static __le32 vfio_generate_bar_flags(struct pci_dev *pdev, int bar)
431{
432 unsigned long flags = pci_resource_flags(pdev, bar);
433 u32 val;
434
435 if (flags & IORESOURCE_IO)
436 return cpu_to_le32(PCI_BASE_ADDRESS_SPACE_IO);
437
438 val = PCI_BASE_ADDRESS_SPACE_MEMORY;
439
440 if (flags & IORESOURCE_PREFETCH)
441 val |= PCI_BASE_ADDRESS_MEM_PREFETCH;
442
443 if (flags & IORESOURCE_MEM_64)
444 val |= PCI_BASE_ADDRESS_MEM_TYPE_64;
445
446 return cpu_to_le32(val);
447}
448
449/*
450 * Pretend we're hardware and tweak the values of the *virtual* PCI BARs
451 * to reflect the hardware capabilities. This implements BAR sizing.
452 */
453static void vfio_bar_fixup(struct vfio_pci_device *vdev)
454{
455 struct pci_dev *pdev = vdev->pdev;
456 int i;
457 __le32 *bar;
458 u64 mask;
459
460 bar = (__le32 *)&vdev->vconfig[PCI_BASE_ADDRESS_0];
461
462 for (i = PCI_STD_RESOURCES; i <= PCI_STD_RESOURCE_END; i++, bar++) {
463 if (!pci_resource_start(pdev, i)) {
464 *bar = 0; /* Unmapped by host = unimplemented to user */
465 continue;
466 }
467
468 mask = ~(pci_resource_len(pdev, i) - 1);
469
470 *bar &= cpu_to_le32((u32)mask);
471 *bar |= vfio_generate_bar_flags(pdev, i);
472
473 if (*bar & cpu_to_le32(PCI_BASE_ADDRESS_MEM_TYPE_64)) {
474 bar++;
475 *bar &= cpu_to_le32((u32)(mask >> 32));
476 i++;
477 }
478 }
479
480 bar = (__le32 *)&vdev->vconfig[PCI_ROM_ADDRESS];
481
482 /*
483 * NB. REGION_INFO will have reported zero size if we weren't able
484 * to read the ROM, but we still return the actual BAR size here if
485 * it exists (or the shadow ROM space).
486 */
487 if (pci_resource_start(pdev, PCI_ROM_RESOURCE)) {
488 mask = ~(pci_resource_len(pdev, PCI_ROM_RESOURCE) - 1);
489 mask |= PCI_ROM_ADDRESS_ENABLE;
490 *bar &= cpu_to_le32((u32)mask);
491 } else if (pdev->resource[PCI_ROM_RESOURCE].flags &
492 IORESOURCE_ROM_SHADOW) {
493 mask = ~(0x20000 - 1);
494 mask |= PCI_ROM_ADDRESS_ENABLE;
495 *bar &= cpu_to_le32((u32)mask);
496 } else
497 *bar = 0;
498
499 vdev->bardirty = false;
500}
501
502static int vfio_basic_config_read(struct vfio_pci_device *vdev, int pos,
503 int count, struct perm_bits *perm,
504 int offset, __le32 *val)
505{
506 if (is_bar(offset)) /* pos == offset for basic config */
507 vfio_bar_fixup(vdev);
508
509 count = vfio_default_config_read(vdev, pos, count, perm, offset, val);
510
511 /* Mask in virtual memory enable for SR-IOV devices */
512 if (offset == PCI_COMMAND && vdev->pdev->is_virtfn) {
513 u16 cmd = le16_to_cpu(*(__le16 *)&vdev->vconfig[PCI_COMMAND]);
514 u32 tmp_val = le32_to_cpu(*val);
515
516 tmp_val |= cmd & PCI_COMMAND_MEMORY;
517 *val = cpu_to_le32(tmp_val);
518 }
519
520 return count;
521}
522
523/* Test whether BARs match the value we think they should contain */
524static bool vfio_need_bar_restore(struct vfio_pci_device *vdev)
525{
526 int i = 0, pos = PCI_BASE_ADDRESS_0, ret;
527 u32 bar;
528
529 for (; pos <= PCI_BASE_ADDRESS_5; i++, pos += 4) {
530 if (vdev->rbar[i]) {
531 ret = pci_user_read_config_dword(vdev->pdev, pos, &bar);
532 if (ret || vdev->rbar[i] != bar)
533 return true;
534 }
535 }
536
537 return false;
538}
539
540static int vfio_basic_config_write(struct vfio_pci_device *vdev, int pos,
541 int count, struct perm_bits *perm,
542 int offset, __le32 val)
543{
544 struct pci_dev *pdev = vdev->pdev;
545 __le16 *virt_cmd;
546 u16 new_cmd = 0;
547 int ret;
548
549 virt_cmd = (__le16 *)&vdev->vconfig[PCI_COMMAND];
550
551 if (offset == PCI_COMMAND) {
552 bool phys_mem, virt_mem, new_mem, phys_io, virt_io, new_io;
553 u16 phys_cmd;
554
555 ret = pci_user_read_config_word(pdev, PCI_COMMAND, &phys_cmd);
556 if (ret)
557 return ret;
558
559 new_cmd = le32_to_cpu(val);
560
561 phys_mem = !!(phys_cmd & PCI_COMMAND_MEMORY);
562 virt_mem = !!(le16_to_cpu(*virt_cmd) & PCI_COMMAND_MEMORY);
563 new_mem = !!(new_cmd & PCI_COMMAND_MEMORY);
564
565 phys_io = !!(phys_cmd & PCI_COMMAND_IO);
566 virt_io = !!(le16_to_cpu(*virt_cmd) & PCI_COMMAND_IO);
567 new_io = !!(new_cmd & PCI_COMMAND_IO);
568
569 /*
570 * If the user is writing mem/io enable (new_mem/io) and we
571 * think it's already enabled (virt_mem/io), but the hardware
572 * shows it disabled (phys_mem/io, then the device has
573 * undergone some kind of backdoor reset and needs to be
574 * restored before we allow it to enable the bars.
575 * SR-IOV devices will trigger this, but we catch them later
576 */
577 if ((new_mem && virt_mem && !phys_mem) ||
578 (new_io && virt_io && !phys_io) ||
579 vfio_need_bar_restore(vdev))
580 vfio_bar_restore(vdev);
581 }
582
583 count = vfio_default_config_write(vdev, pos, count, perm, offset, val);
584 if (count < 0)
585 return count;
586
587 /*
588 * Save current memory/io enable bits in vconfig to allow for
589 * the test above next time.
590 */
591 if (offset == PCI_COMMAND) {
592 u16 mask = PCI_COMMAND_MEMORY | PCI_COMMAND_IO;
593
594 *virt_cmd &= cpu_to_le16(~mask);
595 *virt_cmd |= cpu_to_le16(new_cmd & mask);
596 }
597
598 /* Emulate INTx disable */
599 if (offset >= PCI_COMMAND && offset <= PCI_COMMAND + 1) {
600 bool virt_intx_disable;
601
602 virt_intx_disable = !!(le16_to_cpu(*virt_cmd) &
603 PCI_COMMAND_INTX_DISABLE);
604
605 if (virt_intx_disable && !vdev->virq_disabled) {
606 vdev->virq_disabled = true;
607 vfio_pci_intx_mask(vdev);
608 } else if (!virt_intx_disable && vdev->virq_disabled) {
609 vdev->virq_disabled = false;
610 vfio_pci_intx_unmask(vdev);
611 }
612 }
613
614 if (is_bar(offset))
615 vdev->bardirty = true;
616
617 return count;
618}
619
620/* Permissions for the Basic PCI Header */
621static int __init init_pci_cap_basic_perm(struct perm_bits *perm)
622{
623 if (alloc_perm_bits(perm, PCI_STD_HEADER_SIZEOF))
624 return -ENOMEM;
625
626 perm->readfn = vfio_basic_config_read;
627 perm->writefn = vfio_basic_config_write;
628
629 /* Virtualized for SR-IOV functions, which just have FFFF */
630 p_setw(perm, PCI_VENDOR_ID, (u16)ALL_VIRT, NO_WRITE);
631 p_setw(perm, PCI_DEVICE_ID, (u16)ALL_VIRT, NO_WRITE);
632
633 /*
634 * Virtualize INTx disable, we use it internally for interrupt
635 * control and can emulate it for non-PCI 2.3 devices.
636 */
637 p_setw(perm, PCI_COMMAND, PCI_COMMAND_INTX_DISABLE, (u16)ALL_WRITE);
638
639 /* Virtualize capability list, we might want to skip/disable */
640 p_setw(perm, PCI_STATUS, PCI_STATUS_CAP_LIST, NO_WRITE);
641
642 /* No harm to write */
643 p_setb(perm, PCI_CACHE_LINE_SIZE, NO_VIRT, (u8)ALL_WRITE);
644 p_setb(perm, PCI_LATENCY_TIMER, NO_VIRT, (u8)ALL_WRITE);
645 p_setb(perm, PCI_BIST, NO_VIRT, (u8)ALL_WRITE);
646
647 /* Virtualize all bars, can't touch the real ones */
648 p_setd(perm, PCI_BASE_ADDRESS_0, ALL_VIRT, ALL_WRITE);
649 p_setd(perm, PCI_BASE_ADDRESS_1, ALL_VIRT, ALL_WRITE);
650 p_setd(perm, PCI_BASE_ADDRESS_2, ALL_VIRT, ALL_WRITE);
651 p_setd(perm, PCI_BASE_ADDRESS_3, ALL_VIRT, ALL_WRITE);
652 p_setd(perm, PCI_BASE_ADDRESS_4, ALL_VIRT, ALL_WRITE);
653 p_setd(perm, PCI_BASE_ADDRESS_5, ALL_VIRT, ALL_WRITE);
654 p_setd(perm, PCI_ROM_ADDRESS, ALL_VIRT, ALL_WRITE);
655
656 /* Allow us to adjust capability chain */
657 p_setb(perm, PCI_CAPABILITY_LIST, (u8)ALL_VIRT, NO_WRITE);
658
659 /* Sometimes used by sw, just virtualize */
660 p_setb(perm, PCI_INTERRUPT_LINE, (u8)ALL_VIRT, (u8)ALL_WRITE);
661
662 /* Virtualize interrupt pin to allow hiding INTx */
663 p_setb(perm, PCI_INTERRUPT_PIN, (u8)ALL_VIRT, (u8)NO_WRITE);
664
665 return 0;
666}
667
668static int vfio_pm_config_write(struct vfio_pci_device *vdev, int pos,
669 int count, struct perm_bits *perm,
670 int offset, __le32 val)
671{
672 count = vfio_default_config_write(vdev, pos, count, perm, offset, val);
673 if (count < 0)
674 return count;
675
676 if (offset == PCI_PM_CTRL) {
677 pci_power_t state;
678
679 switch (le32_to_cpu(val) & PCI_PM_CTRL_STATE_MASK) {
680 case 0:
681 state = PCI_D0;
682 break;
683 case 1:
684 state = PCI_D1;
685 break;
686 case 2:
687 state = PCI_D2;
688 break;
689 case 3:
690 state = PCI_D3hot;
691 break;
692 }
693
694 vfio_pci_set_power_state(vdev, state);
695 }
696
697 return count;
698}
699
700/* Permissions for the Power Management capability */
701static int __init init_pci_cap_pm_perm(struct perm_bits *perm)
702{
703 if (alloc_perm_bits(perm, pci_cap_length[PCI_CAP_ID_PM]))
704 return -ENOMEM;
705
706 perm->writefn = vfio_pm_config_write;
707
708 /*
709 * We always virtualize the next field so we can remove
710 * capabilities from the chain if we want to.
711 */
712 p_setb(perm, PCI_CAP_LIST_NEXT, (u8)ALL_VIRT, NO_WRITE);
713
714 /*
715 * Power management is defined *per function*, so we can let
716 * the user change power state, but we trap and initiate the
717 * change ourselves, so the state bits are read-only.
718 */
719 p_setd(perm, PCI_PM_CTRL, NO_VIRT, ~PCI_PM_CTRL_STATE_MASK);
720 return 0;
721}
722
723static int vfio_vpd_config_write(struct vfio_pci_device *vdev, int pos,
724 int count, struct perm_bits *perm,
725 int offset, __le32 val)
726{
727 struct pci_dev *pdev = vdev->pdev;
728 __le16 *paddr = (__le16 *)(vdev->vconfig + pos - offset + PCI_VPD_ADDR);
729 __le32 *pdata = (__le32 *)(vdev->vconfig + pos - offset + PCI_VPD_DATA);
730 u16 addr;
731 u32 data;
732
733 /*
734 * Write through to emulation. If the write includes the upper byte
735 * of PCI_VPD_ADDR, then the PCI_VPD_ADDR_F bit is written and we
736 * have work to do.
737 */
738 count = vfio_default_config_write(vdev, pos, count, perm, offset, val);
739 if (count < 0 || offset > PCI_VPD_ADDR + 1 ||
740 offset + count <= PCI_VPD_ADDR + 1)
741 return count;
742
743 addr = le16_to_cpu(*paddr);
744
745 if (addr & PCI_VPD_ADDR_F) {
746 data = le32_to_cpu(*pdata);
747 if (pci_write_vpd(pdev, addr & ~PCI_VPD_ADDR_F, 4, &data) != 4)
748 return count;
749 } else {
750 data = 0;
751 if (pci_read_vpd(pdev, addr, 4, &data) < 0)
752 return count;
753 *pdata = cpu_to_le32(data);
754 }
755
756 /*
757 * Toggle PCI_VPD_ADDR_F in the emulated PCI_VPD_ADDR register to
758 * signal completion. If an error occurs above, we assume that not
759 * toggling this bit will induce a driver timeout.
760 */
761 addr ^= PCI_VPD_ADDR_F;
762 *paddr = cpu_to_le16(addr);
763
764 return count;
765}
766
767/* Permissions for Vital Product Data capability */
768static int __init init_pci_cap_vpd_perm(struct perm_bits *perm)
769{
770 if (alloc_perm_bits(perm, pci_cap_length[PCI_CAP_ID_VPD]))
771 return -ENOMEM;
772
773 perm->writefn = vfio_vpd_config_write;
774
775 /*
776 * We always virtualize the next field so we can remove
777 * capabilities from the chain if we want to.
778 */
779 p_setb(perm, PCI_CAP_LIST_NEXT, (u8)ALL_VIRT, NO_WRITE);
780
781 /*
782 * Both the address and data registers are virtualized to
783 * enable access through the pci_vpd_read/write functions
784 */
785 p_setw(perm, PCI_VPD_ADDR, (u16)ALL_VIRT, (u16)ALL_WRITE);
786 p_setd(perm, PCI_VPD_DATA, ALL_VIRT, ALL_WRITE);
787
788 return 0;
789}
790
791/* Permissions for PCI-X capability */
792static int __init init_pci_cap_pcix_perm(struct perm_bits *perm)
793{
794 /* Alloc 24, but only 8 are used in v0 */
795 if (alloc_perm_bits(perm, PCI_CAP_PCIX_SIZEOF_V2))
796 return -ENOMEM;
797
798 p_setb(perm, PCI_CAP_LIST_NEXT, (u8)ALL_VIRT, NO_WRITE);
799
800 p_setw(perm, PCI_X_CMD, NO_VIRT, (u16)ALL_WRITE);
801 p_setd(perm, PCI_X_ECC_CSR, NO_VIRT, ALL_WRITE);
802 return 0;
803}
804
805static int vfio_exp_config_write(struct vfio_pci_device *vdev, int pos,
806 int count, struct perm_bits *perm,
807 int offset, __le32 val)
808{
809 __le16 *ctrl = (__le16 *)(vdev->vconfig + pos -
810 offset + PCI_EXP_DEVCTL);
811 int readrq = le16_to_cpu(*ctrl) & PCI_EXP_DEVCTL_READRQ;
812
813 count = vfio_default_config_write(vdev, pos, count, perm, offset, val);
814 if (count < 0)
815 return count;
816
817 /*
818 * The FLR bit is virtualized, if set and the device supports PCIe
819 * FLR, issue a reset_function. Regardless, clear the bit, the spec
820 * requires it to be always read as zero. NB, reset_function might
821 * not use a PCIe FLR, we don't have that level of granularity.
822 */
823 if (*ctrl & cpu_to_le16(PCI_EXP_DEVCTL_BCR_FLR)) {
824 u32 cap;
825 int ret;
826
827 *ctrl &= ~cpu_to_le16(PCI_EXP_DEVCTL_BCR_FLR);
828
829 ret = pci_user_read_config_dword(vdev->pdev,
830 pos - offset + PCI_EXP_DEVCAP,
831 &cap);
832
833 if (!ret && (cap & PCI_EXP_DEVCAP_FLR))
834 pci_try_reset_function(vdev->pdev);
835 }
836
837 /*
838 * MPS is virtualized to the user, writes do not change the physical
839 * register since determining a proper MPS value requires a system wide
840 * device view. The MRRS is largely independent of MPS, but since the
841 * user does not have that system-wide view, they might set a safe, but
842 * inefficiently low value. Here we allow writes through to hardware,
843 * but we set the floor to the physical device MPS setting, so that
844 * we can at least use full TLPs, as defined by the MPS value.
845 *
846 * NB, if any devices actually depend on an artificially low MRRS
847 * setting, this will need to be revisited, perhaps with a quirk
848 * though pcie_set_readrq().
849 */
850 if (readrq != (le16_to_cpu(*ctrl) & PCI_EXP_DEVCTL_READRQ)) {
851 readrq = 128 <<
852 ((le16_to_cpu(*ctrl) & PCI_EXP_DEVCTL_READRQ) >> 12);
853 readrq = max(readrq, pcie_get_mps(vdev->pdev));
854
855 pcie_set_readrq(vdev->pdev, readrq);
856 }
857
858 return count;
859}
860
861/* Permissions for PCI Express capability */
862static int __init init_pci_cap_exp_perm(struct perm_bits *perm)
863{
864 /* Alloc largest of possible sizes */
865 if (alloc_perm_bits(perm, PCI_CAP_EXP_ENDPOINT_SIZEOF_V2))
866 return -ENOMEM;
867
868 perm->writefn = vfio_exp_config_write;
869
870 p_setb(perm, PCI_CAP_LIST_NEXT, (u8)ALL_VIRT, NO_WRITE);
871
872 /*
873 * Allow writes to device control fields, except devctl_phantom,
874 * which could confuse IOMMU, MPS, which can break communication
875 * with other physical devices, and the ARI bit in devctl2, which
876 * is set at probe time. FLR and MRRS get virtualized via our
877 * writefn.
878 */
879 p_setw(perm, PCI_EXP_DEVCTL,
880 PCI_EXP_DEVCTL_BCR_FLR | PCI_EXP_DEVCTL_PAYLOAD |
881 PCI_EXP_DEVCTL_READRQ, ~PCI_EXP_DEVCTL_PHANTOM);
882 p_setw(perm, PCI_EXP_DEVCTL2, NO_VIRT, ~PCI_EXP_DEVCTL2_ARI);
883 return 0;
884}
885
886static int vfio_af_config_write(struct vfio_pci_device *vdev, int pos,
887 int count, struct perm_bits *perm,
888 int offset, __le32 val)
889{
890 u8 *ctrl = vdev->vconfig + pos - offset + PCI_AF_CTRL;
891
892 count = vfio_default_config_write(vdev, pos, count, perm, offset, val);
893 if (count < 0)
894 return count;
895
896 /*
897 * The FLR bit is virtualized, if set and the device supports AF
898 * FLR, issue a reset_function. Regardless, clear the bit, the spec
899 * requires it to be always read as zero. NB, reset_function might
900 * not use an AF FLR, we don't have that level of granularity.
901 */
902 if (*ctrl & PCI_AF_CTRL_FLR) {
903 u8 cap;
904 int ret;
905
906 *ctrl &= ~PCI_AF_CTRL_FLR;
907
908 ret = pci_user_read_config_byte(vdev->pdev,
909 pos - offset + PCI_AF_CAP,
910 &cap);
911
912 if (!ret && (cap & PCI_AF_CAP_FLR) && (cap & PCI_AF_CAP_TP))
913 pci_try_reset_function(vdev->pdev);
914 }
915
916 return count;
917}
918
919/* Permissions for Advanced Function capability */
920static int __init init_pci_cap_af_perm(struct perm_bits *perm)
921{
922 if (alloc_perm_bits(perm, pci_cap_length[PCI_CAP_ID_AF]))
923 return -ENOMEM;
924
925 perm->writefn = vfio_af_config_write;
926
927 p_setb(perm, PCI_CAP_LIST_NEXT, (u8)ALL_VIRT, NO_WRITE);
928 p_setb(perm, PCI_AF_CTRL, PCI_AF_CTRL_FLR, PCI_AF_CTRL_FLR);
929 return 0;
930}
931
932/* Permissions for Advanced Error Reporting extended capability */
933static int __init init_pci_ext_cap_err_perm(struct perm_bits *perm)
934{
935 u32 mask;
936
937 if (alloc_perm_bits(perm, pci_ext_cap_length[PCI_EXT_CAP_ID_ERR]))
938 return -ENOMEM;
939
940 /*
941 * Virtualize the first dword of all express capabilities
942 * because it includes the next pointer. This lets us later
943 * remove capabilities from the chain if we need to.
944 */
945 p_setd(perm, 0, ALL_VIRT, NO_WRITE);
946
947 /* Writable bits mask */
948 mask = PCI_ERR_UNC_UND | /* Undefined */
949 PCI_ERR_UNC_DLP | /* Data Link Protocol */
950 PCI_ERR_UNC_SURPDN | /* Surprise Down */
951 PCI_ERR_UNC_POISON_TLP | /* Poisoned TLP */
952 PCI_ERR_UNC_FCP | /* Flow Control Protocol */
953 PCI_ERR_UNC_COMP_TIME | /* Completion Timeout */
954 PCI_ERR_UNC_COMP_ABORT | /* Completer Abort */
955 PCI_ERR_UNC_UNX_COMP | /* Unexpected Completion */
956 PCI_ERR_UNC_RX_OVER | /* Receiver Overflow */
957 PCI_ERR_UNC_MALF_TLP | /* Malformed TLP */
958 PCI_ERR_UNC_ECRC | /* ECRC Error Status */
959 PCI_ERR_UNC_UNSUP | /* Unsupported Request */
960 PCI_ERR_UNC_ACSV | /* ACS Violation */
961 PCI_ERR_UNC_INTN | /* internal error */
962 PCI_ERR_UNC_MCBTLP | /* MC blocked TLP */
963 PCI_ERR_UNC_ATOMEG | /* Atomic egress blocked */
964 PCI_ERR_UNC_TLPPRE; /* TLP prefix blocked */
965 p_setd(perm, PCI_ERR_UNCOR_STATUS, NO_VIRT, mask);
966 p_setd(perm, PCI_ERR_UNCOR_MASK, NO_VIRT, mask);
967 p_setd(perm, PCI_ERR_UNCOR_SEVER, NO_VIRT, mask);
968
969 mask = PCI_ERR_COR_RCVR | /* Receiver Error Status */
970 PCI_ERR_COR_BAD_TLP | /* Bad TLP Status */
971 PCI_ERR_COR_BAD_DLLP | /* Bad DLLP Status */
972 PCI_ERR_COR_REP_ROLL | /* REPLAY_NUM Rollover */
973 PCI_ERR_COR_REP_TIMER | /* Replay Timer Timeout */
974 PCI_ERR_COR_ADV_NFAT | /* Advisory Non-Fatal */
975 PCI_ERR_COR_INTERNAL | /* Corrected Internal */
976 PCI_ERR_COR_LOG_OVER; /* Header Log Overflow */
977 p_setd(perm, PCI_ERR_COR_STATUS, NO_VIRT, mask);
978 p_setd(perm, PCI_ERR_COR_MASK, NO_VIRT, mask);
979
980 mask = PCI_ERR_CAP_ECRC_GENE | /* ECRC Generation Enable */
981 PCI_ERR_CAP_ECRC_CHKE; /* ECRC Check Enable */
982 p_setd(perm, PCI_ERR_CAP, NO_VIRT, mask);
983 return 0;
984}
985
986/* Permissions for Power Budgeting extended capability */
987static int __init init_pci_ext_cap_pwr_perm(struct perm_bits *perm)
988{
989 if (alloc_perm_bits(perm, pci_ext_cap_length[PCI_EXT_CAP_ID_PWR]))
990 return -ENOMEM;
991
992 p_setd(perm, 0, ALL_VIRT, NO_WRITE);
993
994 /* Writing the data selector is OK, the info is still read-only */
995 p_setb(perm, PCI_PWR_DATA, NO_VIRT, (u8)ALL_WRITE);
996 return 0;
997}
998
999/*
1000 * Initialize the shared permission tables
1001 */
1002void vfio_pci_uninit_perm_bits(void)
1003{
1004 free_perm_bits(&cap_perms[PCI_CAP_ID_BASIC]);
1005
1006 free_perm_bits(&cap_perms[PCI_CAP_ID_PM]);
1007 free_perm_bits(&cap_perms[PCI_CAP_ID_VPD]);
1008 free_perm_bits(&cap_perms[PCI_CAP_ID_PCIX]);
1009 free_perm_bits(&cap_perms[PCI_CAP_ID_EXP]);
1010 free_perm_bits(&cap_perms[PCI_CAP_ID_AF]);
1011
1012 free_perm_bits(&ecap_perms[PCI_EXT_CAP_ID_ERR]);
1013 free_perm_bits(&ecap_perms[PCI_EXT_CAP_ID_PWR]);
1014}
1015
1016int __init vfio_pci_init_perm_bits(void)
1017{
1018 int ret;
1019
1020 /* Basic config space */
1021 ret = init_pci_cap_basic_perm(&cap_perms[PCI_CAP_ID_BASIC]);
1022
1023 /* Capabilities */
1024 ret |= init_pci_cap_pm_perm(&cap_perms[PCI_CAP_ID_PM]);
1025 ret |= init_pci_cap_vpd_perm(&cap_perms[PCI_CAP_ID_VPD]);
1026 ret |= init_pci_cap_pcix_perm(&cap_perms[PCI_CAP_ID_PCIX]);
1027 cap_perms[PCI_CAP_ID_VNDR].writefn = vfio_raw_config_write;
1028 ret |= init_pci_cap_exp_perm(&cap_perms[PCI_CAP_ID_EXP]);
1029 ret |= init_pci_cap_af_perm(&cap_perms[PCI_CAP_ID_AF]);
1030
1031 /* Extended capabilities */
1032 ret |= init_pci_ext_cap_err_perm(&ecap_perms[PCI_EXT_CAP_ID_ERR]);
1033 ret |= init_pci_ext_cap_pwr_perm(&ecap_perms[PCI_EXT_CAP_ID_PWR]);
1034 ecap_perms[PCI_EXT_CAP_ID_VNDR].writefn = vfio_raw_config_write;
1035
1036 if (ret)
1037 vfio_pci_uninit_perm_bits();
1038
1039 return ret;
1040}
1041
1042static int vfio_find_cap_start(struct vfio_pci_device *vdev, int pos)
1043{
1044 u8 cap;
1045 int base = (pos >= PCI_CFG_SPACE_SIZE) ? PCI_CFG_SPACE_SIZE :
1046 PCI_STD_HEADER_SIZEOF;
1047 cap = vdev->pci_config_map[pos];
1048
1049 if (cap == PCI_CAP_ID_BASIC)
1050 return 0;
1051
1052 /* XXX Can we have to abutting capabilities of the same type? */
1053 while (pos - 1 >= base && vdev->pci_config_map[pos - 1] == cap)
1054 pos--;
1055
1056 return pos;
1057}
1058
1059static int vfio_msi_config_read(struct vfio_pci_device *vdev, int pos,
1060 int count, struct perm_bits *perm,
1061 int offset, __le32 *val)
1062{
1063 /* Update max available queue size from msi_qmax */
1064 if (offset <= PCI_MSI_FLAGS && offset + count >= PCI_MSI_FLAGS) {
1065 __le16 *flags;
1066 int start;
1067
1068 start = vfio_find_cap_start(vdev, pos);
1069
1070 flags = (__le16 *)&vdev->vconfig[start];
1071
1072 *flags &= cpu_to_le16(~PCI_MSI_FLAGS_QMASK);
1073 *flags |= cpu_to_le16(vdev->msi_qmax << 1);
1074 }
1075
1076 return vfio_default_config_read(vdev, pos, count, perm, offset, val);
1077}
1078
1079static int vfio_msi_config_write(struct vfio_pci_device *vdev, int pos,
1080 int count, struct perm_bits *perm,
1081 int offset, __le32 val)
1082{
1083 count = vfio_default_config_write(vdev, pos, count, perm, offset, val);
1084 if (count < 0)
1085 return count;
1086
1087 /* Fixup and write configured queue size and enable to hardware */
1088 if (offset <= PCI_MSI_FLAGS && offset + count >= PCI_MSI_FLAGS) {
1089 __le16 *pflags;
1090 u16 flags;
1091 int start, ret;
1092
1093 start = vfio_find_cap_start(vdev, pos);
1094
1095 pflags = (__le16 *)&vdev->vconfig[start + PCI_MSI_FLAGS];
1096
1097 flags = le16_to_cpu(*pflags);
1098
1099 /* MSI is enabled via ioctl */
1100 if (!is_msi(vdev))
1101 flags &= ~PCI_MSI_FLAGS_ENABLE;
1102
1103 /* Check queue size */
1104 if ((flags & PCI_MSI_FLAGS_QSIZE) >> 4 > vdev->msi_qmax) {
1105 flags &= ~PCI_MSI_FLAGS_QSIZE;
1106 flags |= vdev->msi_qmax << 4;
1107 }
1108
1109 /* Write back to virt and to hardware */
1110 *pflags = cpu_to_le16(flags);
1111 ret = pci_user_write_config_word(vdev->pdev,
1112 start + PCI_MSI_FLAGS,
1113 flags);
1114 if (ret)
1115 return ret;
1116 }
1117
1118 return count;
1119}
1120
1121/*
1122 * MSI determination is per-device, so this routine gets used beyond
1123 * initialization time. Don't add __init
1124 */
1125static int init_pci_cap_msi_perm(struct perm_bits *perm, int len, u16 flags)
1126{
1127 if (alloc_perm_bits(perm, len))
1128 return -ENOMEM;
1129
1130 perm->readfn = vfio_msi_config_read;
1131 perm->writefn = vfio_msi_config_write;
1132
1133 p_setb(perm, PCI_CAP_LIST_NEXT, (u8)ALL_VIRT, NO_WRITE);
1134
1135 /*
1136 * The upper byte of the control register is reserved,
1137 * just setup the lower byte.
1138 */
1139 p_setb(perm, PCI_MSI_FLAGS, (u8)ALL_VIRT, (u8)ALL_WRITE);
1140 p_setd(perm, PCI_MSI_ADDRESS_LO, ALL_VIRT, ALL_WRITE);
1141 if (flags & PCI_MSI_FLAGS_64BIT) {
1142 p_setd(perm, PCI_MSI_ADDRESS_HI, ALL_VIRT, ALL_WRITE);
1143 p_setw(perm, PCI_MSI_DATA_64, (u16)ALL_VIRT, (u16)ALL_WRITE);
1144 if (flags & PCI_MSI_FLAGS_MASKBIT) {
1145 p_setd(perm, PCI_MSI_MASK_64, NO_VIRT, ALL_WRITE);
1146 p_setd(perm, PCI_MSI_PENDING_64, NO_VIRT, ALL_WRITE);
1147 }
1148 } else {
1149 p_setw(perm, PCI_MSI_DATA_32, (u16)ALL_VIRT, (u16)ALL_WRITE);
1150 if (flags & PCI_MSI_FLAGS_MASKBIT) {
1151 p_setd(perm, PCI_MSI_MASK_32, NO_VIRT, ALL_WRITE);
1152 p_setd(perm, PCI_MSI_PENDING_32, NO_VIRT, ALL_WRITE);
1153 }
1154 }
1155 return 0;
1156}
1157
1158/* Determine MSI CAP field length; initialize msi_perms on 1st call per vdev */
1159static int vfio_msi_cap_len(struct vfio_pci_device *vdev, u8 pos)
1160{
1161 struct pci_dev *pdev = vdev->pdev;
1162 int len, ret;
1163 u16 flags;
1164
1165 ret = pci_read_config_word(pdev, pos + PCI_MSI_FLAGS, &flags);
1166 if (ret)
1167 return pcibios_err_to_errno(ret);
1168
1169 len = 10; /* Minimum size */
1170 if (flags & PCI_MSI_FLAGS_64BIT)
1171 len += 4;
1172 if (flags & PCI_MSI_FLAGS_MASKBIT)
1173 len += 10;
1174
1175 if (vdev->msi_perm)
1176 return len;
1177
1178 vdev->msi_perm = kmalloc(sizeof(struct perm_bits), GFP_KERNEL);
1179 if (!vdev->msi_perm)
1180 return -ENOMEM;
1181
1182 ret = init_pci_cap_msi_perm(vdev->msi_perm, len, flags);
1183 if (ret) {
1184 kfree(vdev->msi_perm);
1185 return ret;
1186 }
1187
1188 return len;
1189}
1190
1191/* Determine extended capability length for VC (2 & 9) and MFVC */
1192static int vfio_vc_cap_len(struct vfio_pci_device *vdev, u16 pos)
1193{
1194 struct pci_dev *pdev = vdev->pdev;
1195 u32 tmp;
1196 int ret, evcc, phases, vc_arb;
1197 int len = PCI_CAP_VC_BASE_SIZEOF;
1198
1199 ret = pci_read_config_dword(pdev, pos + PCI_VC_PORT_CAP1, &tmp);
1200 if (ret)
1201 return pcibios_err_to_errno(ret);
1202
1203 evcc = tmp & PCI_VC_CAP1_EVCC; /* extended vc count */
1204 ret = pci_read_config_dword(pdev, pos + PCI_VC_PORT_CAP2, &tmp);
1205 if (ret)
1206 return pcibios_err_to_errno(ret);
1207
1208 if (tmp & PCI_VC_CAP2_128_PHASE)
1209 phases = 128;
1210 else if (tmp & PCI_VC_CAP2_64_PHASE)
1211 phases = 64;
1212 else if (tmp & PCI_VC_CAP2_32_PHASE)
1213 phases = 32;
1214 else
1215 phases = 0;
1216
1217 vc_arb = phases * 4;
1218
1219 /*
1220 * Port arbitration tables are root & switch only;
1221 * function arbitration tables are function 0 only.
1222 * In either case, we'll never let user write them so
1223 * we don't care how big they are
1224 */
1225 len += (1 + evcc) * PCI_CAP_VC_PER_VC_SIZEOF;
1226 if (vc_arb) {
1227 len = round_up(len, 16);
1228 len += vc_arb / 8;
1229 }
1230 return len;
1231}
1232
1233static int vfio_cap_len(struct vfio_pci_device *vdev, u8 cap, u8 pos)
1234{
1235 struct pci_dev *pdev = vdev->pdev;
1236 u32 dword;
1237 u16 word;
1238 u8 byte;
1239 int ret;
1240
1241 switch (cap) {
1242 case PCI_CAP_ID_MSI:
1243 return vfio_msi_cap_len(vdev, pos);
1244 case PCI_CAP_ID_PCIX:
1245 ret = pci_read_config_word(pdev, pos + PCI_X_CMD, &word);
1246 if (ret)
1247 return pcibios_err_to_errno(ret);
1248
1249 if (PCI_X_CMD_VERSION(word)) {
1250 if (pdev->cfg_size > PCI_CFG_SPACE_SIZE) {
1251 /* Test for extended capabilities */
1252 pci_read_config_dword(pdev, PCI_CFG_SPACE_SIZE,
1253 &dword);
1254 vdev->extended_caps = (dword != 0);
1255 }
1256 return PCI_CAP_PCIX_SIZEOF_V2;
1257 } else
1258 return PCI_CAP_PCIX_SIZEOF_V0;
1259 case PCI_CAP_ID_VNDR:
1260 /* length follows next field */
1261 ret = pci_read_config_byte(pdev, pos + PCI_CAP_FLAGS, &byte);
1262 if (ret)
1263 return pcibios_err_to_errno(ret);
1264
1265 return byte;
1266 case PCI_CAP_ID_EXP:
1267 if (pdev->cfg_size > PCI_CFG_SPACE_SIZE) {
1268 /* Test for extended capabilities */
1269 pci_read_config_dword(pdev, PCI_CFG_SPACE_SIZE, &dword);
1270 vdev->extended_caps = (dword != 0);
1271 }
1272
1273 /* length based on version and type */
1274 if ((pcie_caps_reg(pdev) & PCI_EXP_FLAGS_VERS) == 1) {
1275 if (pci_pcie_type(pdev) == PCI_EXP_TYPE_RC_END)
1276 return 0xc; /* "All Devices" only, no link */
1277 return PCI_CAP_EXP_ENDPOINT_SIZEOF_V1;
1278 } else {
1279 if (pci_pcie_type(pdev) == PCI_EXP_TYPE_RC_END)
1280 return 0x2c; /* No link */
1281 return PCI_CAP_EXP_ENDPOINT_SIZEOF_V2;
1282 }
1283 case PCI_CAP_ID_HT:
1284 ret = pci_read_config_byte(pdev, pos + 3, &byte);
1285 if (ret)
1286 return pcibios_err_to_errno(ret);
1287
1288 return (byte & HT_3BIT_CAP_MASK) ?
1289 HT_CAP_SIZEOF_SHORT : HT_CAP_SIZEOF_LONG;
1290 case PCI_CAP_ID_SATA:
1291 ret = pci_read_config_byte(pdev, pos + PCI_SATA_REGS, &byte);
1292 if (ret)
1293 return pcibios_err_to_errno(ret);
1294
1295 byte &= PCI_SATA_REGS_MASK;
1296 if (byte == PCI_SATA_REGS_INLINE)
1297 return PCI_SATA_SIZEOF_LONG;
1298 else
1299 return PCI_SATA_SIZEOF_SHORT;
1300 default:
1301 pr_warn("%s: %s unknown length for pci cap 0x%x@0x%x\n",
1302 dev_name(&pdev->dev), __func__, cap, pos);
1303 }
1304
1305 return 0;
1306}
1307
1308static int vfio_ext_cap_len(struct vfio_pci_device *vdev, u16 ecap, u16 epos)
1309{
1310 struct pci_dev *pdev = vdev->pdev;
1311 u8 byte;
1312 u32 dword;
1313 int ret;
1314
1315 switch (ecap) {
1316 case PCI_EXT_CAP_ID_VNDR:
1317 ret = pci_read_config_dword(pdev, epos + PCI_VSEC_HDR, &dword);
1318 if (ret)
1319 return pcibios_err_to_errno(ret);
1320
1321 return dword >> PCI_VSEC_HDR_LEN_SHIFT;
1322 case PCI_EXT_CAP_ID_VC:
1323 case PCI_EXT_CAP_ID_VC9:
1324 case PCI_EXT_CAP_ID_MFVC:
1325 return vfio_vc_cap_len(vdev, epos);
1326 case PCI_EXT_CAP_ID_ACS:
1327 ret = pci_read_config_byte(pdev, epos + PCI_ACS_CAP, &byte);
1328 if (ret)
1329 return pcibios_err_to_errno(ret);
1330
1331 if (byte & PCI_ACS_EC) {
1332 int bits;
1333
1334 ret = pci_read_config_byte(pdev,
1335 epos + PCI_ACS_EGRESS_BITS,
1336 &byte);
1337 if (ret)
1338 return pcibios_err_to_errno(ret);
1339
1340 bits = byte ? round_up(byte, 32) : 256;
1341 return 8 + (bits / 8);
1342 }
1343 return 8;
1344
1345 case PCI_EXT_CAP_ID_REBAR:
1346 ret = pci_read_config_byte(pdev, epos + PCI_REBAR_CTRL, &byte);
1347 if (ret)
1348 return pcibios_err_to_errno(ret);
1349
1350 byte &= PCI_REBAR_CTRL_NBAR_MASK;
1351 byte >>= PCI_REBAR_CTRL_NBAR_SHIFT;
1352
1353 return 4 + (byte * 8);
1354 case PCI_EXT_CAP_ID_DPA:
1355 ret = pci_read_config_byte(pdev, epos + PCI_DPA_CAP, &byte);
1356 if (ret)
1357 return pcibios_err_to_errno(ret);
1358
1359 byte &= PCI_DPA_CAP_SUBSTATE_MASK;
1360 return PCI_DPA_BASE_SIZEOF + byte + 1;
1361 case PCI_EXT_CAP_ID_TPH:
1362 ret = pci_read_config_dword(pdev, epos + PCI_TPH_CAP, &dword);
1363 if (ret)
1364 return pcibios_err_to_errno(ret);
1365
1366 if ((dword & PCI_TPH_CAP_LOC_MASK) == PCI_TPH_LOC_CAP) {
1367 int sts;
1368
1369 sts = dword & PCI_TPH_CAP_ST_MASK;
1370 sts >>= PCI_TPH_CAP_ST_SHIFT;
1371 return PCI_TPH_BASE_SIZEOF + (sts * 2) + 2;
1372 }
1373 return PCI_TPH_BASE_SIZEOF;
1374 default:
1375 pr_warn("%s: %s unknown length for pci ecap 0x%x@0x%x\n",
1376 dev_name(&pdev->dev), __func__, ecap, epos);
1377 }
1378
1379 return 0;
1380}
1381
1382static int vfio_fill_vconfig_bytes(struct vfio_pci_device *vdev,
1383 int offset, int size)
1384{
1385 struct pci_dev *pdev = vdev->pdev;
1386 int ret = 0;
1387
1388 /*
1389 * We try to read physical config space in the largest chunks
1390 * we can, assuming that all of the fields support dword access.
1391 * pci_save_state() makes this same assumption and seems to do ok.
1392 */
1393 while (size) {
1394 int filled;
1395
1396 if (size >= 4 && !(offset % 4)) {
1397 __le32 *dwordp = (__le32 *)&vdev->vconfig[offset];
1398 u32 dword;
1399
1400 ret = pci_read_config_dword(pdev, offset, &dword);
1401 if (ret)
1402 return ret;
1403 *dwordp = cpu_to_le32(dword);
1404 filled = 4;
1405 } else if (size >= 2 && !(offset % 2)) {
1406 __le16 *wordp = (__le16 *)&vdev->vconfig[offset];
1407 u16 word;
1408
1409 ret = pci_read_config_word(pdev, offset, &word);
1410 if (ret)
1411 return ret;
1412 *wordp = cpu_to_le16(word);
1413 filled = 2;
1414 } else {
1415 u8 *byte = &vdev->vconfig[offset];
1416 ret = pci_read_config_byte(pdev, offset, byte);
1417 if (ret)
1418 return ret;
1419 filled = 1;
1420 }
1421
1422 offset += filled;
1423 size -= filled;
1424 }
1425
1426 return ret;
1427}
1428
1429static int vfio_cap_init(struct vfio_pci_device *vdev)
1430{
1431 struct pci_dev *pdev = vdev->pdev;
1432 u8 *map = vdev->pci_config_map;
1433 u16 status;
1434 u8 pos, *prev, cap;
1435 int loops, ret, caps = 0;
1436
1437 /* Any capabilities? */
1438 ret = pci_read_config_word(pdev, PCI_STATUS, &status);
1439 if (ret)
1440 return ret;
1441
1442 if (!(status & PCI_STATUS_CAP_LIST))
1443 return 0; /* Done */
1444
1445 ret = pci_read_config_byte(pdev, PCI_CAPABILITY_LIST, &pos);
1446 if (ret)
1447 return ret;
1448
1449 /* Mark the previous position in case we want to skip a capability */
1450 prev = &vdev->vconfig[PCI_CAPABILITY_LIST];
1451
1452 /* We can bound our loop, capabilities are dword aligned */
1453 loops = (PCI_CFG_SPACE_SIZE - PCI_STD_HEADER_SIZEOF) / PCI_CAP_SIZEOF;
1454 while (pos && loops--) {
1455 u8 next;
1456 int i, len = 0;
1457
1458 ret = pci_read_config_byte(pdev, pos, &cap);
1459 if (ret)
1460 return ret;
1461
1462 ret = pci_read_config_byte(pdev,
1463 pos + PCI_CAP_LIST_NEXT, &next);
1464 if (ret)
1465 return ret;
1466
1467 if (cap <= PCI_CAP_ID_MAX) {
1468 len = pci_cap_length[cap];
1469 if (len == 0xFF) { /* Variable length */
1470 len = vfio_cap_len(vdev, cap, pos);
1471 if (len < 0)
1472 return len;
1473 }
1474 }
1475
1476 if (!len) {
1477 pr_info("%s: %s hiding cap 0x%x\n",
1478 __func__, dev_name(&pdev->dev), cap);
1479 *prev = next;
1480 pos = next;
1481 continue;
1482 }
1483
1484 /* Sanity check, do we overlap other capabilities? */
1485 for (i = 0; i < len; i++) {
1486 if (likely(map[pos + i] == PCI_CAP_ID_INVALID))
1487 continue;
1488
1489 pr_warn("%s: %s pci config conflict @0x%x, was cap 0x%x now cap 0x%x\n",
1490 __func__, dev_name(&pdev->dev),
1491 pos + i, map[pos + i], cap);
1492 }
1493
1494 BUILD_BUG_ON(PCI_CAP_ID_MAX >= PCI_CAP_ID_INVALID_VIRT);
1495
1496 memset(map + pos, cap, len);
1497 ret = vfio_fill_vconfig_bytes(vdev, pos, len);
1498 if (ret)
1499 return ret;
1500
1501 prev = &vdev->vconfig[pos + PCI_CAP_LIST_NEXT];
1502 pos = next;
1503 caps++;
1504 }
1505
1506 /* If we didn't fill any capabilities, clear the status flag */
1507 if (!caps) {
1508 __le16 *vstatus = (__le16 *)&vdev->vconfig[PCI_STATUS];
1509 *vstatus &= ~cpu_to_le16(PCI_STATUS_CAP_LIST);
1510 }
1511
1512 return 0;
1513}
1514
1515static int vfio_ecap_init(struct vfio_pci_device *vdev)
1516{
1517 struct pci_dev *pdev = vdev->pdev;
1518 u8 *map = vdev->pci_config_map;
1519 u16 epos;
1520 __le32 *prev = NULL;
1521 int loops, ret, ecaps = 0;
1522
1523 if (!vdev->extended_caps)
1524 return 0;
1525
1526 epos = PCI_CFG_SPACE_SIZE;
1527
1528 loops = (pdev->cfg_size - PCI_CFG_SPACE_SIZE) / PCI_CAP_SIZEOF;
1529
1530 while (loops-- && epos >= PCI_CFG_SPACE_SIZE) {
1531 u32 header;
1532 u16 ecap;
1533 int i, len = 0;
1534 bool hidden = false;
1535
1536 ret = pci_read_config_dword(pdev, epos, &header);
1537 if (ret)
1538 return ret;
1539
1540 ecap = PCI_EXT_CAP_ID(header);
1541
1542 if (ecap <= PCI_EXT_CAP_ID_MAX) {
1543 len = pci_ext_cap_length[ecap];
1544 if (len == 0xFF) {
1545 len = vfio_ext_cap_len(vdev, ecap, epos);
1546 if (len < 0)
1547 return ret;
1548 }
1549 }
1550
1551 if (!len) {
1552 pr_info("%s: %s hiding ecap 0x%x@0x%x\n",
1553 __func__, dev_name(&pdev->dev), ecap, epos);
1554
1555 /* If not the first in the chain, we can skip over it */
1556 if (prev) {
1557 u32 val = epos = PCI_EXT_CAP_NEXT(header);
1558 *prev &= cpu_to_le32(~(0xffcU << 20));
1559 *prev |= cpu_to_le32(val << 20);
1560 continue;
1561 }
1562
1563 /*
1564 * Otherwise, fill in a placeholder, the direct
1565 * readfn will virtualize this automatically
1566 */
1567 len = PCI_CAP_SIZEOF;
1568 hidden = true;
1569 }
1570
1571 for (i = 0; i < len; i++) {
1572 if (likely(map[epos + i] == PCI_CAP_ID_INVALID))
1573 continue;
1574
1575 pr_warn("%s: %s pci config conflict @0x%x, was ecap 0x%x now ecap 0x%x\n",
1576 __func__, dev_name(&pdev->dev),
1577 epos + i, map[epos + i], ecap);
1578 }
1579
1580 /*
1581 * Even though ecap is 2 bytes, we're currently a long way
1582 * from exceeding 1 byte capabilities. If we ever make it
1583 * up to 0xFE we'll need to up this to a two-byte, byte map.
1584 */
1585 BUILD_BUG_ON(PCI_EXT_CAP_ID_MAX >= PCI_CAP_ID_INVALID_VIRT);
1586
1587 memset(map + epos, ecap, len);
1588 ret = vfio_fill_vconfig_bytes(vdev, epos, len);
1589 if (ret)
1590 return ret;
1591
1592 /*
1593 * If we're just using this capability to anchor the list,
1594 * hide the real ID. Only count real ecaps. XXX PCI spec
1595 * indicates to use cap id = 0, version = 0, next = 0 if
1596 * ecaps are absent, hope users check all the way to next.
1597 */
1598 if (hidden)
1599 *(__le32 *)&vdev->vconfig[epos] &=
1600 cpu_to_le32((0xffcU << 20));
1601 else
1602 ecaps++;
1603
1604 prev = (__le32 *)&vdev->vconfig[epos];
1605 epos = PCI_EXT_CAP_NEXT(header);
1606 }
1607
1608 if (!ecaps)
1609 *(u32 *)&vdev->vconfig[PCI_CFG_SPACE_SIZE] = 0;
1610
1611 return 0;
1612}
1613
1614/*
1615 * Nag about hardware bugs, hopefully to have vendors fix them, but at least
1616 * to collect a list of dependencies for the VF INTx pin quirk below.
1617 */
1618static const struct pci_device_id known_bogus_vf_intx_pin[] = {
1619 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x270c) },
1620 {}
1621};
1622
1623/*
1624 * For each device we allocate a pci_config_map that indicates the
1625 * capability occupying each dword and thus the struct perm_bits we
1626 * use for read and write. We also allocate a virtualized config
1627 * space which tracks reads and writes to bits that we emulate for
1628 * the user. Initial values filled from device.
1629 *
1630 * Using shared struct perm_bits between all vfio-pci devices saves
1631 * us from allocating cfg_size buffers for virt and write for every
1632 * device. We could remove vconfig and allocate individual buffers
1633 * for each area requiring emulated bits, but the array of pointers
1634 * would be comparable in size (at least for standard config space).
1635 */
1636int vfio_config_init(struct vfio_pci_device *vdev)
1637{
1638 struct pci_dev *pdev = vdev->pdev;
1639 u8 *map, *vconfig;
1640 int ret;
1641
1642 /*
1643 * Config space, caps and ecaps are all dword aligned, so we could
1644 * use one byte per dword to record the type. However, there are
1645 * no requiremenst on the length of a capability, so the gap between
1646 * capabilities needs byte granularity.
1647 */
1648 map = kmalloc(pdev->cfg_size, GFP_KERNEL);
1649 if (!map)
1650 return -ENOMEM;
1651
1652 vconfig = kmalloc(pdev->cfg_size, GFP_KERNEL);
1653 if (!vconfig) {
1654 kfree(map);
1655 return -ENOMEM;
1656 }
1657
1658 vdev->pci_config_map = map;
1659 vdev->vconfig = vconfig;
1660
1661 memset(map, PCI_CAP_ID_BASIC, PCI_STD_HEADER_SIZEOF);
1662 memset(map + PCI_STD_HEADER_SIZEOF, PCI_CAP_ID_INVALID,
1663 pdev->cfg_size - PCI_STD_HEADER_SIZEOF);
1664
1665 ret = vfio_fill_vconfig_bytes(vdev, 0, PCI_STD_HEADER_SIZEOF);
1666 if (ret)
1667 goto out;
1668
1669 vdev->bardirty = true;
1670
1671 /*
1672 * XXX can we just pci_load_saved_state/pci_restore_state?
1673 * may need to rebuild vconfig after that
1674 */
1675
1676 /* For restore after reset */
1677 vdev->rbar[0] = le32_to_cpu(*(__le32 *)&vconfig[PCI_BASE_ADDRESS_0]);
1678 vdev->rbar[1] = le32_to_cpu(*(__le32 *)&vconfig[PCI_BASE_ADDRESS_1]);
1679 vdev->rbar[2] = le32_to_cpu(*(__le32 *)&vconfig[PCI_BASE_ADDRESS_2]);
1680 vdev->rbar[3] = le32_to_cpu(*(__le32 *)&vconfig[PCI_BASE_ADDRESS_3]);
1681 vdev->rbar[4] = le32_to_cpu(*(__le32 *)&vconfig[PCI_BASE_ADDRESS_4]);
1682 vdev->rbar[5] = le32_to_cpu(*(__le32 *)&vconfig[PCI_BASE_ADDRESS_5]);
1683 vdev->rbar[6] = le32_to_cpu(*(__le32 *)&vconfig[PCI_ROM_ADDRESS]);
1684
1685 if (pdev->is_virtfn) {
1686 *(__le16 *)&vconfig[PCI_VENDOR_ID] = cpu_to_le16(pdev->vendor);
1687 *(__le16 *)&vconfig[PCI_DEVICE_ID] = cpu_to_le16(pdev->device);
1688
1689 /*
1690 * Per SR-IOV spec rev 1.1, 3.4.1.18 the interrupt pin register
1691 * does not apply to VFs and VFs must implement this register
1692 * as read-only with value zero. Userspace is not readily able
1693 * to identify whether a device is a VF and thus that the pin
1694 * definition on the device is bogus should it violate this
1695 * requirement. We already virtualize the pin register for
1696 * other purposes, so we simply need to replace the bogus value
1697 * and consider VFs when we determine INTx IRQ count.
1698 */
1699 if (vconfig[PCI_INTERRUPT_PIN] &&
1700 !pci_match_id(known_bogus_vf_intx_pin, pdev))
1701 pci_warn(pdev,
1702 "Hardware bug: VF reports bogus INTx pin %d\n",
1703 vconfig[PCI_INTERRUPT_PIN]);
1704
1705 vconfig[PCI_INTERRUPT_PIN] = 0; /* Gratuitous for good VFs */
1706 }
1707
1708 if (!IS_ENABLED(CONFIG_VFIO_PCI_INTX) || vdev->nointx)
1709 vconfig[PCI_INTERRUPT_PIN] = 0;
1710
1711 ret = vfio_cap_init(vdev);
1712 if (ret)
1713 goto out;
1714
1715 ret = vfio_ecap_init(vdev);
1716 if (ret)
1717 goto out;
1718
1719 return 0;
1720
1721out:
1722 kfree(map);
1723 vdev->pci_config_map = NULL;
1724 kfree(vconfig);
1725 vdev->vconfig = NULL;
1726 return pcibios_err_to_errno(ret);
1727}
1728
1729void vfio_config_free(struct vfio_pci_device *vdev)
1730{
1731 kfree(vdev->vconfig);
1732 vdev->vconfig = NULL;
1733 kfree(vdev->pci_config_map);
1734 vdev->pci_config_map = NULL;
1735 kfree(vdev->msi_perm);
1736 vdev->msi_perm = NULL;
1737}
1738
1739/*
1740 * Find the remaining number of bytes in a dword that match the given
1741 * position. Stop at either the end of the capability or the dword boundary.
1742 */
1743static size_t vfio_pci_cap_remaining_dword(struct vfio_pci_device *vdev,
1744 loff_t pos)
1745{
1746 u8 cap = vdev->pci_config_map[pos];
1747 size_t i;
1748
1749 for (i = 1; (pos + i) % 4 && vdev->pci_config_map[pos + i] == cap; i++)
1750 /* nop */;
1751
1752 return i;
1753}
1754
1755static ssize_t vfio_config_do_rw(struct vfio_pci_device *vdev, char __user *buf,
1756 size_t count, loff_t *ppos, bool iswrite)
1757{
1758 struct pci_dev *pdev = vdev->pdev;
1759 struct perm_bits *perm;
1760 __le32 val = 0;
1761 int cap_start = 0, offset;
1762 u8 cap_id;
1763 ssize_t ret;
1764
1765 if (*ppos < 0 || *ppos >= pdev->cfg_size ||
1766 *ppos + count > pdev->cfg_size)
1767 return -EFAULT;
1768
1769 /*
1770 * Chop accesses into aligned chunks containing no more than a
1771 * single capability. Caller increments to the next chunk.
1772 */
1773 count = min(count, vfio_pci_cap_remaining_dword(vdev, *ppos));
1774 if (count >= 4 && !(*ppos % 4))
1775 count = 4;
1776 else if (count >= 2 && !(*ppos % 2))
1777 count = 2;
1778 else
1779 count = 1;
1780
1781 ret = count;
1782
1783 cap_id = vdev->pci_config_map[*ppos];
1784
1785 if (cap_id == PCI_CAP_ID_INVALID) {
1786 perm = &unassigned_perms;
1787 cap_start = *ppos;
1788 } else if (cap_id == PCI_CAP_ID_INVALID_VIRT) {
1789 perm = &virt_perms;
1790 cap_start = *ppos;
1791 } else {
1792 if (*ppos >= PCI_CFG_SPACE_SIZE) {
1793 WARN_ON(cap_id > PCI_EXT_CAP_ID_MAX);
1794
1795 perm = &ecap_perms[cap_id];
1796 cap_start = vfio_find_cap_start(vdev, *ppos);
1797 } else {
1798 WARN_ON(cap_id > PCI_CAP_ID_MAX);
1799
1800 perm = &cap_perms[cap_id];
1801
1802 if (cap_id == PCI_CAP_ID_MSI)
1803 perm = vdev->msi_perm;
1804
1805 if (cap_id > PCI_CAP_ID_BASIC)
1806 cap_start = vfio_find_cap_start(vdev, *ppos);
1807 }
1808 }
1809
1810 WARN_ON(!cap_start && cap_id != PCI_CAP_ID_BASIC);
1811 WARN_ON(cap_start > *ppos);
1812
1813 offset = *ppos - cap_start;
1814
1815 if (iswrite) {
1816 if (!perm->writefn)
1817 return ret;
1818
1819 if (copy_from_user(&val, buf, count))
1820 return -EFAULT;
1821
1822 ret = perm->writefn(vdev, *ppos, count, perm, offset, val);
1823 } else {
1824 if (perm->readfn) {
1825 ret = perm->readfn(vdev, *ppos, count,
1826 perm, offset, &val);
1827 if (ret < 0)
1828 return ret;
1829 }
1830
1831 if (copy_to_user(buf, &val, count))
1832 return -EFAULT;
1833 }
1834
1835 return ret;
1836}
1837
1838ssize_t vfio_pci_config_rw(struct vfio_pci_device *vdev, char __user *buf,
1839 size_t count, loff_t *ppos, bool iswrite)
1840{
1841 size_t done = 0;
1842 int ret = 0;
1843 loff_t pos = *ppos;
1844
1845 pos &= VFIO_PCI_OFFSET_MASK;
1846
1847 while (count) {
1848 ret = vfio_config_do_rw(vdev, buf, count, &pos, iswrite);
1849 if (ret < 0)
1850 return ret;
1851
1852 count -= ret;
1853 done += ret;
1854 buf += ret;
1855 pos += ret;
1856 }
1857
1858 *ppos += done;
1859
1860 return done;
1861}
1862