[qemu.git] / hw / vfio / platform.c

/*
 * vfio based device assignment support - platform devices
 *
 * Copyright Linaro Limited, 2014
 *
 * Authors:
 *  Kim Phillips <[email protected]>
 *  Eric Auger <[email protected]>
 *
 * This work is licensed under the terms of the GNU GPL, version 2.  See
 * the COPYING file in the top-level directory.
 *
 * Based on vfio based PCI device assignment support:
 *  Copyright Red Hat, Inc. 2012
 */

#include <linux/vfio.h>
#include <sys/ioctl.h>

#include "hw/vfio/vfio-platform.h"
#include "qemu/error-report.h"
#include "qemu/range.h"
#include "sysemu/sysemu.h"
#include "exec/memory.h"
#include "qemu/queue.h"
#include "hw/sysbus.h"
#include "trace.h"
#include "hw/platform-bus.h"

/*
 * Functions used whatever the injection method
 */

/**
 * vfio_init_intp - allocate, initialize the IRQ struct pointer
 * and add it into the list of IRQs
 * @vbasedev: the VFIO device handle
 * @info: irq info struct retrieved from VFIO driver
 */
static VFIOINTp *vfio_init_intp(VFIODevice *vbasedev,
                                struct vfio_irq_info info)
{
    int ret;
    VFIOPlatformDevice *vdev =
        container_of(vbasedev, VFIOPlatformDevice, vbasedev);
    SysBusDevice *sbdev = SYS_BUS_DEVICE(vdev);
    VFIOINTp *intp;

    intp = g_malloc0(sizeof(*intp));
    intp->vdev = vdev;
    intp->pin = info.index;
    intp->flags = info.flags;
    intp->state = VFIO_IRQ_INACTIVE;

    sysbus_init_irq(sbdev, &intp->qemuirq);

    /* Get an eventfd for trigger */
    ret = event_notifier_init(&intp->interrupt, 0);
    if (ret) {
        g_free(intp);
        error_report("vfio: Error: trigger event_notifier_init failed ");
        return NULL;
    }

    QLIST_INSERT_HEAD(&vdev->intp_list, intp, next);
    return intp;
}

/**
 * vfio_set_trigger_eventfd - set VFIO eventfd handling
 *
 * @intp: IRQ struct handle
 * @handler: handler to be called on eventfd signaling
 *
 * Setup VFIO signaling and attach an optional user-side handler
 * to the eventfd
 */
static int vfio_set_trigger_eventfd(VFIOINTp *intp,
                                    eventfd_user_side_handler_t handler)
{
    VFIODevice *vbasedev = &intp->vdev->vbasedev;
    struct vfio_irq_set *irq_set;
    int argsz, ret;
    int32_t *pfd;

    argsz = sizeof(*irq_set) + sizeof(*pfd);
    irq_set = g_malloc0(argsz);
    irq_set->argsz = argsz;
    irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_TRIGGER;
    irq_set->index = intp->pin;
    irq_set->start = 0;
    irq_set->count = 1;
    pfd = (int32_t *)&irq_set->data;
    *pfd = event_notifier_get_fd(&intp->interrupt);
    qemu_set_fd_handler(*pfd, (IOHandler *)handler, NULL, intp);
    ret = ioctl(vbasedev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
    g_free(irq_set);
    if (ret < 0) {
        error_report("vfio: Failed to set trigger eventfd: %m");
        qemu_set_fd_handler(*pfd, NULL, NULL, NULL);
    }
    return ret;
}

/*
 * Functions only used when eventfds are handled on user-side
 * ie. without irqfd
 */

/**
 * vfio_mmap_set_enabled - enable/disable the fast path mode
 * @vdev: the VFIO platform device
 * @enabled: the target mmap state
 *
 * enabled = true ~ fast path = MMIO region is mmaped (no KVM TRAP);
 * enabled = false ~ slow path = MMIO region is trapped and region callbacks
 * are called; slow path enables to trap the device IRQ status register reset
*/

static void vfio_mmap_set_enabled(VFIOPlatformDevice *vdev, bool enabled)
{
    int i;

    trace_vfio_platform_mmap_set_enabled(enabled);

    for (i = 0; i < vdev->vbasedev.num_regions; i++) {
        VFIORegion *region = vdev->regions[i];

        memory_region_set_enabled(&region->mmap_mem, enabled);
    }
}

/**
 * vfio_intp_mmap_enable - timer function, restores the fast path
 * if there is no more active IRQ
 * @opaque: actually points to the VFIO platform device
 *
 * Called on mmap timer timout, this function checks whether the
 * IRQ is still active and if not, restores the fast path.
 * by construction a single eventfd is handled at a time.
 * if the IRQ is still active, the timer is re-programmed.
 */
static void vfio_intp_mmap_enable(void *opaque)
{
    VFIOINTp *tmp;
    VFIOPlatformDevice *vdev = (VFIOPlatformDevice *)opaque;

    qemu_mutex_lock(&vdev->intp_mutex);
    QLIST_FOREACH(tmp, &vdev->intp_list, next) {
        if (tmp->state == VFIO_IRQ_ACTIVE) {
            trace_vfio_platform_intp_mmap_enable(tmp->pin);
            /* re-program the timer to check active status later */
            timer_mod(vdev->mmap_timer,
                      qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
                          vdev->mmap_timeout);
            qemu_mutex_unlock(&vdev->intp_mutex);
            return;
        }
    }
    vfio_mmap_set_enabled(vdev, true);
    qemu_mutex_unlock(&vdev->intp_mutex);
}

/**
 * vfio_intp_inject_pending_lockheld - Injects a pending IRQ
 * @opaque: opaque pointer, in practice the VFIOINTp handle
 *
 * The function is called on a previous IRQ completion, from
 * vfio_platform_eoi, while the intp_mutex is locked.
 * Also in such situation, the slow path already is set and
 * the mmap timer was already programmed.
 */
static void vfio_intp_inject_pending_lockheld(VFIOINTp *intp)
{
    trace_vfio_platform_intp_inject_pending_lockheld(intp->pin,
                              event_notifier_get_fd(&intp->interrupt));

    intp->state = VFIO_IRQ_ACTIVE;

    /* trigger the virtual IRQ */
    qemu_set_irq(intp->qemuirq, 1);
}

/**
 * vfio_intp_interrupt - The user-side eventfd handler
 * @opaque: opaque pointer which in practice is the VFIOINTp handle
 *
 * the function is entered in event handler context:
 * the vIRQ is injected into the guest if there is no other active
 * or pending IRQ.
 */
static void vfio_intp_interrupt(VFIOINTp *intp)
{
    int ret;
    VFIOINTp *tmp;
    VFIOPlatformDevice *vdev = intp->vdev;
    bool delay_handling = false;

    qemu_mutex_lock(&vdev->intp_mutex);
    if (intp->state == VFIO_IRQ_INACTIVE) {
        QLIST_FOREACH(tmp, &vdev->intp_list, next) {
            if (tmp->state == VFIO_IRQ_ACTIVE ||
                tmp->state == VFIO_IRQ_PENDING) {
                delay_handling = true;
                break;
            }
        }
    }
    if (delay_handling) {
        /*
         * the new IRQ gets a pending status and is pushed in
         * the pending queue
         */
        intp->state = VFIO_IRQ_PENDING;
        trace_vfio_intp_interrupt_set_pending(intp->pin);
        QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue,
                             intp, pqnext);
        ret = event_notifier_test_and_clear(&intp->interrupt);
        qemu_mutex_unlock(&vdev->intp_mutex);
        return;
    }

    trace_vfio_platform_intp_interrupt(intp->pin,
                              event_notifier_get_fd(&intp->interrupt));

    ret = event_notifier_test_and_clear(&intp->interrupt);
    if (!ret) {
        error_report("Error when clearing fd=%d (ret = %d)\n",
                     event_notifier_get_fd(&intp->interrupt), ret);
    }

    intp->state = VFIO_IRQ_ACTIVE;

    /* sets slow path */
    vfio_mmap_set_enabled(vdev, false);

    /* trigger the virtual IRQ */
    qemu_set_irq(intp->qemuirq, 1);

    /*
     * Schedule the mmap timer which will restore fastpath when no IRQ
     * is active anymore
     */
    if (vdev->mmap_timeout) {
        timer_mod(vdev->mmap_timer,
                  qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
                      vdev->mmap_timeout);
    }
    qemu_mutex_unlock(&vdev->intp_mutex);
}

/**
 * vfio_platform_eoi - IRQ completion routine
 * @vbasedev: the VFIO device handle
 *
 * De-asserts the active virtual IRQ and unmasks the physical IRQ
 * (effective for level sensitive IRQ auto-masked by the  VFIO driver).
 * Then it handles next pending IRQ if any.
 * eoi function is called on the first access to any MMIO region
 * after an IRQ was triggered, trapped since slow path was set.
 * It is assumed this access corresponds to the IRQ status
 * register reset. With such a mechanism, a single IRQ can be
 * handled at a time since there is no way to know which IRQ
 * was completed by the guest (we would need additional details
 * about the IRQ status register mask).
 */
static void vfio_platform_eoi(VFIODevice *vbasedev)
{
    VFIOINTp *intp;
    VFIOPlatformDevice *vdev =
        container_of(vbasedev, VFIOPlatformDevice, vbasedev);

    qemu_mutex_lock(&vdev->intp_mutex);
    QLIST_FOREACH(intp, &vdev->intp_list, next) {
        if (intp->state == VFIO_IRQ_ACTIVE) {
            trace_vfio_platform_eoi(intp->pin,
                                event_notifier_get_fd(&intp->interrupt));
            intp->state = VFIO_IRQ_INACTIVE;

            /* deassert the virtual IRQ */
            qemu_set_irq(intp->qemuirq, 0);

            if (intp->flags & VFIO_IRQ_INFO_AUTOMASKED) {
                /* unmasks the physical level-sensitive IRQ */
                vfio_unmask_single_irqindex(vbasedev, intp->pin);
            }

            /* a single IRQ can be active at a time */
            break;
        }
    }
    /* in case there are pending IRQs, handle the first one */
    if (!QSIMPLEQ_EMPTY(&vdev->pending_intp_queue)) {
        intp = QSIMPLEQ_FIRST(&vdev->pending_intp_queue);
        vfio_intp_inject_pending_lockheld(intp);
        QSIMPLEQ_REMOVE_HEAD(&vdev->pending_intp_queue, pqnext);
    }
    qemu_mutex_unlock(&vdev->intp_mutex);
}

/**
 * vfio_start_eventfd_injection - starts the virtual IRQ injection using
 * user-side handled eventfds
 * @intp: the IRQ struct pointer
 */

static int vfio_start_eventfd_injection(VFIOINTp *intp)
{
    int ret;

    ret = vfio_set_trigger_eventfd(intp, vfio_intp_interrupt);
    if (ret) {
        error_report("vfio: Error: Failed to pass IRQ fd to the driver: %m");
    }
    return ret;
}

/* VFIO skeleton */

static void vfio_platform_compute_needs_reset(VFIODevice *vbasedev)
{
    vbasedev->needs_reset = true;
}

/* not implemented yet */
static int vfio_platform_hot_reset_multi(VFIODevice *vbasedev)
{
    return -1;
}

/**
 * vfio_populate_device - Allocate and populate MMIO region
 * and IRQ structs according to driver returned information
 * @vbasedev: the VFIO device handle
 *
 */
static int vfio_populate_device(VFIODevice *vbasedev)
{
    VFIOINTp *intp, *tmp;
    int i, ret = -1;
    VFIOPlatformDevice *vdev =
        container_of(vbasedev, VFIOPlatformDevice, vbasedev);

    if (!(vbasedev->flags & VFIO_DEVICE_FLAGS_PLATFORM)) {
        error_report("vfio: Um, this isn't a platform device");
        return ret;
    }

    vdev->regions = g_new0(VFIORegion *, vbasedev->num_regions);

    for (i = 0; i < vbasedev->num_regions; i++) {
        struct vfio_region_info reg_info = { .argsz = sizeof(reg_info) };
        VFIORegion *ptr;

        vdev->regions[i] = g_malloc0(sizeof(VFIORegion));
        ptr = vdev->regions[i];
        reg_info.index = i;
        ret = ioctl(vbasedev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
        if (ret) {
            error_report("vfio: Error getting region %d info: %m", i);
            goto reg_error;
        }
        ptr->flags = reg_info.flags;
        ptr->size = reg_info.size;
        ptr->fd_offset = reg_info.offset;
        ptr->nr = i;
        ptr->vbasedev = vbasedev;

        trace_vfio_platform_populate_regions(ptr->nr,
                            (unsigned long)ptr->flags,
                            (unsigned long)ptr->size,
                            ptr->vbasedev->fd,
                            (unsigned long)ptr->fd_offset);
    }

    vdev->mmap_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
                                    vfio_intp_mmap_enable, vdev);

    QSIMPLEQ_INIT(&vdev->pending_intp_queue);

    for (i = 0; i < vbasedev->num_irqs; i++) {
        struct vfio_irq_info irq = { .argsz = sizeof(irq) };

        irq.index = i;
        ret = ioctl(vbasedev->fd, VFIO_DEVICE_GET_IRQ_INFO, &irq);
        if (ret) {
            error_printf("vfio: error getting device %s irq info",
                         vbasedev->name);
            goto irq_err;
        } else {
            trace_vfio_platform_populate_interrupts(irq.index,
                                                    irq.count,
                                                    irq.flags);
            intp = vfio_init_intp(vbasedev, irq);
            if (!intp) {
                error_report("vfio: Error installing IRQ %d up", i);
                goto irq_err;
            }
        }
    }
    return 0;
irq_err:
    timer_del(vdev->mmap_timer);
    QLIST_FOREACH_SAFE(intp, &vdev->intp_list, next, tmp) {
        QLIST_REMOVE(intp, next);
        g_free(intp);
    }
reg_error:
    for (i = 0; i < vbasedev->num_regions; i++) {
        g_free(vdev->regions[i]);
    }
    g_free(vdev->regions);
    return ret;
}

/* specialized functions for VFIO Platform devices */
static VFIODeviceOps vfio_platform_ops = {
    .vfio_compute_needs_reset = vfio_platform_compute_needs_reset,
    .vfio_hot_reset_multi = vfio_platform_hot_reset_multi,
    .vfio_eoi = vfio_platform_eoi,
};

/**
 * vfio_base_device_init - perform preliminary VFIO setup
 * @vbasedev: the VFIO device handle
 *
 * Implement the VFIO command sequence that allows to discover
 * assigned device resources: group extraction, device
 * fd retrieval, resource query.
 * Precondition: the device name must be initialized
 */
static int vfio_base_device_init(VFIODevice *vbasedev)
{
    VFIOGroup *group;
    VFIODevice *vbasedev_iter;
    char path[PATH_MAX], iommu_group_path[PATH_MAX], *group_name;
    ssize_t len;
    struct stat st;
    int groupid;
    int ret;

    /* name must be set prior to the call */
    if (!vbasedev->name || strchr(vbasedev->name, '/')) {
        return -EINVAL;
    }

    /* Check that the host device exists */
    g_snprintf(path, sizeof(path), "/sys/bus/platform/devices/%s/",
               vbasedev->name);

    if (stat(path, &st) < 0) {
        error_report("vfio: error: no such host device: %s", path);
        return -errno;
    }

    g_strlcat(path, "iommu_group", sizeof(path));
    len = readlink(path, iommu_group_path, sizeof(iommu_group_path));
    if (len < 0 || len >= sizeof(iommu_group_path)) {
        error_report("vfio: error no iommu_group for device");
        return len < 0 ? -errno : -ENAMETOOLONG;
    }

    iommu_group_path[len] = 0;
    group_name = basename(iommu_group_path);

    if (sscanf(group_name, "%d", &groupid) != 1) {
        error_report("vfio: error reading %s: %m", path);
        return -errno;
    }

    trace_vfio_platform_base_device_init(vbasedev->name, groupid);

    group = vfio_get_group(groupid, &address_space_memory);
    if (!group) {
        error_report("vfio: failed to get group %d", groupid);
        return -ENOENT;
    }

    g_snprintf(path, sizeof(path), "%s", vbasedev->name);

    QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
        if (strcmp(vbasedev_iter->name, vbasedev->name) == 0) {
            error_report("vfio: error: device %s is already attached", path);
            vfio_put_group(group);
            return -EBUSY;
        }
    }
    ret = vfio_get_device(group, path, vbasedev);
    if (ret) {
        error_report("vfio: failed to get device %s", path);
        vfio_put_group(group);
        return ret;
    }

    ret = vfio_populate_device(vbasedev);
    if (ret) {
        error_report("vfio: failed to populate device %s", path);
        vfio_put_group(group);
    }

    return ret;
}

/**
 * vfio_map_region - initialize the 2 memory regions for a given
 * MMIO region index
 * @vdev: the VFIO platform device handle
 * @nr: the index of the region
 *
 * Init the top memory region and the mmapped memory region beneath
 * VFIOPlatformDevice is used since VFIODevice is not a QOM Object
 * and could not be passed to memory region functions
*/
static void vfio_map_region(VFIOPlatformDevice *vdev, int nr)
{
    VFIORegion *region = vdev->regions[nr];
    uint64_t size = region->size;
    char name[64];

    if (!size) {
        return;
    }

    g_snprintf(name, sizeof(name), "VFIO %s region %d",
               vdev->vbasedev.name, nr);

    /* A "slow" read/write mapping underlies all regions */
    memory_region_init_io(&region->mem, OBJECT(vdev), &vfio_region_ops,
                          region, name, size);

    g_strlcat(name, " mmap", sizeof(name));

    if (vfio_mmap_region(OBJECT(vdev), region, &region->mem,
                         &region->mmap_mem, &region->mmap, size, 0, name)) {
        error_report("%s unsupported. Performance may be slow", name);
    }
}

/**
 * vfio_platform_realize  - the device realize function
 * @dev: device state pointer
 * @errp: error
 *
 * initialize the device, its memory regions and IRQ structures
 * IRQ are started separately
 */
static void vfio_platform_realize(DeviceState *dev, Error **errp)
{
    VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(dev);
    SysBusDevice *sbdev = SYS_BUS_DEVICE(dev);
    VFIODevice *vbasedev = &vdev->vbasedev;
    VFIOINTp *intp;
    int i, ret;

    vbasedev->type = VFIO_DEVICE_TYPE_PLATFORM;
    vbasedev->ops = &vfio_platform_ops;

    trace_vfio_platform_realize(vbasedev->name, vdev->compat);

    ret = vfio_base_device_init(vbasedev);
    if (ret) {
        error_setg(errp, "vfio: vfio_base_device_init failed for %s",
                   vbasedev->name);
        return;
    }

    for (i = 0; i < vbasedev->num_regions; i++) {
        vfio_map_region(vdev, i);
        sysbus_init_mmio(sbdev, &vdev->regions[i]->mem);
    }

    QLIST_FOREACH(intp, &vdev->intp_list, next) {
        vfio_start_eventfd_injection(intp);
    }
}

static const VMStateDescription vfio_platform_vmstate = {
    .name = TYPE_VFIO_PLATFORM,
    .unmigratable = 1,
};

static Property vfio_platform_dev_properties[] = {
    DEFINE_PROP_STRING("host", VFIOPlatformDevice, vbasedev.name),
    DEFINE_PROP_BOOL("x-mmap", VFIOPlatformDevice, vbasedev.allow_mmap, true),
    DEFINE_PROP_UINT32("mmap-timeout-ms", VFIOPlatformDevice,
                       mmap_timeout, 1100),
    DEFINE_PROP_END_OF_LIST(),
};

static void vfio_platform_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *dc = DEVICE_CLASS(klass);

    dc->realize = vfio_platform_realize;
    dc->props = vfio_platform_dev_properties;
    dc->vmsd = &vfio_platform_vmstate;
    dc->desc = "VFIO-based platform device assignment";
    set_bit(DEVICE_CATEGORY_MISC, dc->categories);
}

static const TypeInfo vfio_platform_dev_info = {
    .name = TYPE_VFIO_PLATFORM,
    .parent = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(VFIOPlatformDevice),
    .class_init = vfio_platform_class_init,
    .class_size = sizeof(VFIOPlatformDeviceClass),
    .abstract   = true,
};

static void register_vfio_platform_dev_type(void)
{
    type_register_static(&vfio_platform_dev_info);
}

type_init(register_vfio_platform_dev_type)
Commit	Line	Data
0ea2730b EA	1	/*
	2	* vfio based device assignment support - platform devices
	3	*
	4	* Copyright Linaro Limited, 2014
	5	*
	6	* Authors:
	7	* Kim Phillips <[email protected]>
	8	* Eric Auger <[email protected]>
	9	*
	10	* This work is licensed under the terms of the GNU GPL, version 2. See
	11	* the COPYING file in the top-level directory.
	12	*
	13	* Based on vfio based PCI device assignment support:
	14	* Copyright Red Hat, Inc. 2012
	15	*/
	16
	17	#include <linux/vfio.h>
	18	#include <sys/ioctl.h>
	19
	20	#include "hw/vfio/vfio-platform.h"
	21	#include "qemu/error-report.h"
	22	#include "qemu/range.h"
	23	#include "sysemu/sysemu.h"
	24	#include "exec/memory.h"
38559979	25	#include "qemu/queue.h"
0ea2730b EA	26	#include "hw/sysbus.h"
	27	#include "trace.h"
	28	#include "hw/platform-bus.h"
	29
38559979 EA	30	/*
	31	* Functions used whatever the injection method
	32	*/
	33
	34	/**
	35	* vfio_init_intp - allocate, initialize the IRQ struct pointer
	36	* and add it into the list of IRQs
	37	* @vbasedev: the VFIO device handle
	38	* @info: irq info struct retrieved from VFIO driver
	39	*/
	40	static VFIOINTp vfio_init_intp(VFIODevice vbasedev,
	41	struct vfio_irq_info info)
	42	{
	43	int ret;
	44	VFIOPlatformDevice *vdev =
	45	container_of(vbasedev, VFIOPlatformDevice, vbasedev);
	46	SysBusDevice *sbdev = SYS_BUS_DEVICE(vdev);
	47	VFIOINTp *intp;
	48
	49	intp = g_malloc0(sizeof(*intp));
	50	intp->vdev = vdev;
	51	intp->pin = info.index;
	52	intp->flags = info.flags;
	53	intp->state = VFIO_IRQ_INACTIVE;
	54
	55	sysbus_init_irq(sbdev, &intp->qemuirq);
	56
	57	/* Get an eventfd for trigger */
	58	ret = event_notifier_init(&intp->interrupt, 0);
	59	if (ret) {
	60	g_free(intp);
	61	error_report("vfio: Error: trigger event_notifier_init failed ");
	62	return NULL;
	63	}
	64
	65	QLIST_INSERT_HEAD(&vdev->intp_list, intp, next);
	66	return intp;
	67	}
	68
	69	/**
	70	* vfio_set_trigger_eventfd - set VFIO eventfd handling
	71	*
	72	* @intp: IRQ struct handle
	73	* @handler: handler to be called on eventfd signaling
	74	*
	75	* Setup VFIO signaling and attach an optional user-side handler
	76	* to the eventfd
	77	*/
	78	static int vfio_set_trigger_eventfd(VFIOINTp *intp,
	79	eventfd_user_side_handler_t handler)
	80	{
	81	VFIODevice *vbasedev = &intp->vdev->vbasedev;
	82	struct vfio_irq_set *irq_set;
	83	int argsz, ret;
	84	int32_t *pfd;
	85
	86	argsz = sizeof(irq_set) + sizeof(pfd);
	87	irq_set = g_malloc0(argsz);
	88	irq_set->argsz = argsz;
	89	irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD \| VFIO_IRQ_SET_ACTION_TRIGGER;
	90	irq_set->index = intp->pin;
	91	irq_set->start = 0;
	92	irq_set->count = 1;
	93	pfd = (int32_t *)&irq_set->data;
94	*pfd = event_notifier_get_fd(&intp->interrupt);
95	qemu_set_fd_handler(pfd, (IOHandler )handler, NULL, intp);
96	ret = ioctl(vbasedev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
97	g_free(irq_set);
98	if (ret < 0) {
99	error_report("vfio: Failed to set trigger eventfd: %m");
100	qemu_set_fd_handler(*pfd, NULL, NULL, NULL);
101	}
102	return ret;
103	}
104
105	/*
106	* Functions only used when eventfds are handled on user-side
107	* ie. without irqfd
108	*/
109
110	/**
111	* vfio_mmap_set_enabled - enable/disable the fast path mode
112	* @vdev: the VFIO platform device
113	* @enabled: the target mmap state
114	*
115	* enabled = true ~ fast path = MMIO region is mmaped (no KVM TRAP);
116	* enabled = false ~ slow path = MMIO region is trapped and region callbacks
117	* are called; slow path enables to trap the device IRQ status register reset
118	*/
119
120	static void vfio_mmap_set_enabled(VFIOPlatformDevice *vdev, bool enabled)
121	{
122	int i;
123
124	trace_vfio_platform_mmap_set_enabled(enabled);
125
126	for (i = 0; i < vdev->vbasedev.num_regions; i++) {
127	VFIORegion *region = vdev->regions[i];
128
129	memory_region_set_enabled(&region->mmap_mem, enabled);
130	}
131	}
132
133	/**
134	* vfio_intp_mmap_enable - timer function, restores the fast path
135	* if there is no more active IRQ
136	* @opaque: actually points to the VFIO platform device
137	*
138	* Called on mmap timer timout, this function checks whether the
139	* IRQ is still active and if not, restores the fast path.
140	* by construction a single eventfd is handled at a time.
141	* if the IRQ is still active, the timer is re-programmed.
142	*/
143	static void vfio_intp_mmap_enable(void *opaque)
144	{
145	VFIOINTp *tmp;
146	VFIOPlatformDevice vdev = (VFIOPlatformDevice )opaque;
147
148	qemu_mutex_lock(&vdev->intp_mutex);
149	QLIST_FOREACH(tmp, &vdev->intp_list, next) {
150	if (tmp->state == VFIO_IRQ_ACTIVE) {
151	trace_vfio_platform_intp_mmap_enable(tmp->pin);
152	/* re-program the timer to check active status later */
153	timer_mod(vdev->mmap_timer,
154	qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
155	vdev->mmap_timeout);
156	qemu_mutex_unlock(&vdev->intp_mutex);
157	return;
158	}
159	}
160	vfio_mmap_set_enabled(vdev, true);
161	qemu_mutex_unlock(&vdev->intp_mutex);
162	}
163
164	/**
165	* vfio_intp_inject_pending_lockheld - Injects a pending IRQ
166	* @opaque: opaque pointer, in practice the VFIOINTp handle
167	*
168	* The function is called on a previous IRQ completion, from
169	* vfio_platform_eoi, while the intp_mutex is locked.
170	* Also in such situation, the slow path already is set and
171	* the mmap timer was already programmed.
172	*/
173	static void vfio_intp_inject_pending_lockheld(VFIOINTp *intp)
174	{
175	trace_vfio_platform_intp_inject_pending_lockheld(intp->pin,
176	event_notifier_get_fd(&intp->interrupt));
177
178	intp->state = VFIO_IRQ_ACTIVE;
179
180	/* trigger the virtual IRQ */
181	qemu_set_irq(intp->qemuirq, 1);
182	}
183
184	/**
185	* vfio_intp_interrupt - The user-side eventfd handler
186	* @opaque: opaque pointer which in practice is the VFIOINTp handle
187	*
188	* the function is entered in event handler context:
189	* the vIRQ is injected into the guest if there is no other active
190	* or pending IRQ.
191	*/
192	static void vfio_intp_interrupt(VFIOINTp *intp)
193	{
194	int ret;
195	VFIOINTp *tmp;
196	VFIOPlatformDevice *vdev = intp->vdev;
197	bool delay_handling = false;
198
199	qemu_mutex_lock(&vdev->intp_mutex);
200	if (intp->state == VFIO_IRQ_INACTIVE) {
201	QLIST_FOREACH(tmp, &vdev->intp_list, next) {
202	if (tmp->state == VFIO_IRQ_ACTIVE \|\|
203	tmp->state == VFIO_IRQ_PENDING) {
204	delay_handling = true;
205	break;
206	}
207	}
208	}
209	if (delay_handling) {
210	/*
211	* the new IRQ gets a pending status and is pushed in
212	* the pending queue
213	*/
214	intp->state = VFIO_IRQ_PENDING;
215	trace_vfio_intp_interrupt_set_pending(intp->pin);
216	QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue,
217	intp, pqnext);
218	ret = event_notifier_test_and_clear(&intp->interrupt);
219	qemu_mutex_unlock(&vdev->intp_mutex);
220	return;
221	}
222
223	trace_vfio_platform_intp_interrupt(intp->pin,
224	event_notifier_get_fd(&intp->interrupt));
225
226	ret = event_notifier_test_and_clear(&intp->interrupt);
227	if (!ret) {
228	error_report("Error when clearing fd=%d (ret = %d)\n",
229	event_notifier_get_fd(&intp->interrupt), ret);
230	}
231
232	intp->state = VFIO_IRQ_ACTIVE;
233
234	/* sets slow path */
235	vfio_mmap_set_enabled(vdev, false);
236
237	/* trigger the virtual IRQ */
238	qemu_set_irq(intp->qemuirq, 1);
239
240	/*
241	* Schedule the mmap timer which will restore fastpath when no IRQ
242	* is active anymore
243	*/
244	if (vdev->mmap_timeout) {
245	timer_mod(vdev->mmap_timer,
246	qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
247	vdev->mmap_timeout);
248	}
249	qemu_mutex_unlock(&vdev->intp_mutex);
250	}
251
252	/**
253	* vfio_platform_eoi - IRQ completion routine
254	* @vbasedev: the VFIO device handle
255	*
256	* De-asserts the active virtual IRQ and unmasks the physical IRQ
257	* (effective for level sensitive IRQ auto-masked by the VFIO driver).
258	* Then it handles next pending IRQ if any.
259	* eoi function is called on the first access to any MMIO region
260	* after an IRQ was triggered, trapped since slow path was set.
261	* It is assumed this access corresponds to the IRQ status
262	* register reset. With such a mechanism, a single IRQ can be
263	* handled at a time since there is no way to know which IRQ
264	* was completed by the guest (we would need additional details
265	* about the IRQ status register mask).
266	*/
267	static void vfio_platform_eoi(VFIODevice *vbasedev)
268	{
269	VFIOINTp *intp;
270	VFIOPlatformDevice *vdev =
271	container_of(vbasedev, VFIOPlatformDevice, vbasedev);
272
273	qemu_mutex_lock(&vdev->intp_mutex);
274	QLIST_FOREACH(intp, &vdev->intp_list, next) {
275	if (intp->state == VFIO_IRQ_ACTIVE) {
276	trace_vfio_platform_eoi(intp->pin,
277	event_notifier_get_fd(&intp->interrupt));
278	intp->state = VFIO_IRQ_INACTIVE;
279
280	/* deassert the virtual IRQ */
281	qemu_set_irq(intp->qemuirq, 0);
282
283	if (intp->flags & VFIO_IRQ_INFO_AUTOMASKED) {
284	/* unmasks the physical level-sensitive IRQ */
285	vfio_unmask_single_irqindex(vbasedev, intp->pin);
286	}
287
288	/* a single IRQ can be active at a time */
289	break;
290	}
291	}
292	/* in case there are pending IRQs, handle the first one */
293	if (!QSIMPLEQ_EMPTY(&vdev->pending_intp_queue)) {
294	intp = QSIMPLEQ_FIRST(&vdev->pending_intp_queue);
295	vfio_intp_inject_pending_lockheld(intp);
296	QSIMPLEQ_REMOVE_HEAD(&vdev->pending_intp_queue, pqnext);
297	}
298	qemu_mutex_unlock(&vdev->intp_mutex);
299	}
300
301	/**
302	* vfio_start_eventfd_injection - starts the virtual IRQ injection using
303	* user-side handled eventfds
304	* @intp: the IRQ struct pointer
305	*/
306
307	static int vfio_start_eventfd_injection(VFIOINTp *intp)
308	{
309	int ret;
310
311	ret = vfio_set_trigger_eventfd(intp, vfio_intp_interrupt);
312	if (ret) {
313	error_report("vfio: Error: Failed to pass IRQ fd to the driver: %m");
314	}
315	return ret;
316	}
317
0ea2730b EA	318	/* VFIO skeleton */
	319
	320	static void vfio_platform_compute_needs_reset(VFIODevice *vbasedev)
	321	{
	322	vbasedev->needs_reset = true;
	323	}
	324
	325	/* not implemented yet */
	326	static int vfio_platform_hot_reset_multi(VFIODevice *vbasedev)
	327	{
	328	return -1;
	329	}
	330
	331	/**
	332	* vfio_populate_device - Allocate and populate MMIO region
38559979	333	* and IRQ structs according to driver returned information
0ea2730b EA	334	* @vbasedev: the VFIO device handle
	335	*
	336	*/
	337	static int vfio_populate_device(VFIODevice *vbasedev)
	338	{
38559979	339	VFIOINTp intp, tmp;
0ea2730b EA	340	int i, ret = -1;
	341	VFIOPlatformDevice *vdev =
	342	container_of(vbasedev, VFIOPlatformDevice, vbasedev);
	343
	344	if (!(vbasedev->flags & VFIO_DEVICE_FLAGS_PLATFORM)) {
	345	error_report("vfio: Um, this isn't a platform device");
	346	return ret;
	347	}
	348
0b70743d	349	vdev->regions = g_new0(VFIORegion *, vbasedev->num_regions);
0ea2730b EA	350
	351	for (i = 0; i < vbasedev->num_regions; i++) {
	352	struct vfio_region_info reg_info = { .argsz = sizeof(reg_info) };
	353	VFIORegion *ptr;
	354
	355	vdev->regions[i] = g_malloc0(sizeof(VFIORegion));
	356	ptr = vdev->regions[i];
	357	reg_info.index = i;
	358	ret = ioctl(vbasedev->fd, VFIO_DEVICE_GET_REGION_INFO, &reg_info);
	359	if (ret) {
	360	error_report("vfio: Error getting region %d info: %m", i);
	361	goto reg_error;
	362	}
	363	ptr->flags = reg_info.flags;
	364	ptr->size = reg_info.size;
	365	ptr->fd_offset = reg_info.offset;
	366	ptr->nr = i;
	367	ptr->vbasedev = vbasedev;
	368
	369	trace_vfio_platform_populate_regions(ptr->nr,
	370	(unsigned long)ptr->flags,
	371	(unsigned long)ptr->size,
	372	ptr->vbasedev->fd,
	373	(unsigned long)ptr->fd_offset);
	374	}
	375
38559979 EA	376	vdev->mmap_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
	377	vfio_intp_mmap_enable, vdev);
	378
	379	QSIMPLEQ_INIT(&vdev->pending_intp_queue);
	380
	381	for (i = 0; i < vbasedev->num_irqs; i++) {
	382	struct vfio_irq_info irq = { .argsz = sizeof(irq) };
	383
	384	irq.index = i;
	385	ret = ioctl(vbasedev->fd, VFIO_DEVICE_GET_IRQ_INFO, &irq);
	386	if (ret) {
	387	error_printf("vfio: error getting device %s irq info",
	388	vbasedev->name);
	389	goto irq_err;
	390	} else {
	391	trace_vfio_platform_populate_interrupts(irq.index,
	392	irq.count,
	393	irq.flags);
	394	intp = vfio_init_intp(vbasedev, irq);
	395	if (!intp) {
	396	error_report("vfio: Error installing IRQ %d up", i);
	397	goto irq_err;
	398	}
	399	}
	400	}
0ea2730b	401	return 0;
38559979 EA	402	irq_err:
	403	timer_del(vdev->mmap_timer);
	404	QLIST_FOREACH_SAFE(intp, &vdev->intp_list, next, tmp) {
	405	QLIST_REMOVE(intp, next);
	406	g_free(intp);
	407	}
0ea2730b EA	408	reg_error:
	409	for (i = 0; i < vbasedev->num_regions; i++) {
	410	g_free(vdev->regions[i]);
	411	}
	412	g_free(vdev->regions);
	413	return ret;
	414	}
	415
	416	/* specialized functions for VFIO Platform devices */
	417	static VFIODeviceOps vfio_platform_ops = {
	418	.vfio_compute_needs_reset = vfio_platform_compute_needs_reset,
	419	.vfio_hot_reset_multi = vfio_platform_hot_reset_multi,
38559979	420	.vfio_eoi = vfio_platform_eoi,
0ea2730b EA	421	};
	422
	423	/**
	424	* vfio_base_device_init - perform preliminary VFIO setup
	425	* @vbasedev: the VFIO device handle
	426	*
	427	* Implement the VFIO command sequence that allows to discover
	428	* assigned device resources: group extraction, device
	429	* fd retrieval, resource query.
	430	* Precondition: the device name must be initialized
	431	*/
	432	static int vfio_base_device_init(VFIODevice *vbasedev)
	433	{
	434	VFIOGroup *group;
	435	VFIODevice *vbasedev_iter;
	436	char path[PATH_MAX], iommu_group_path[PATH_MAX], *group_name;
	437	ssize_t len;
	438	struct stat st;
	439	int groupid;
	440	int ret;
	441
	442	/* name must be set prior to the call */
	443	if (!vbasedev->name \|\| strchr(vbasedev->name, '/')) {
	444	return -EINVAL;
	445	}
	446
	447	/* Check that the host device exists */
	448	g_snprintf(path, sizeof(path), "/sys/bus/platform/devices/%s/",
	449	vbasedev->name);
	450
	451	if (stat(path, &st) < 0) {
	452	error_report("vfio: error: no such host device: %s", path);
	453	return -errno;
	454	}
	455
	456	g_strlcat(path, "iommu_group", sizeof(path));
	457	len = readlink(path, iommu_group_path, sizeof(iommu_group_path));
	458	if (len < 0 \|\| len >= sizeof(iommu_group_path)) {
	459	error_report("vfio: error no iommu_group for device");
	460	return len < 0 ? -errno : -ENAMETOOLONG;
	461	}
	462
	463	iommu_group_path[len] = 0;
	464	group_name = basename(iommu_group_path);
	465
	466	if (sscanf(group_name, "%d", &groupid) != 1) {
	467	error_report("vfio: error reading %s: %m", path);
	468	return -errno;
	469	}
	470
	471	trace_vfio_platform_base_device_init(vbasedev->name, groupid);
	472
	473	group = vfio_get_group(groupid, &address_space_memory);
	474	if (!group) {
	475	error_report("vfio: failed to get group %d", groupid);
	476	return -ENOENT;
	477	}
	478
	479	g_snprintf(path, sizeof(path), "%s", vbasedev->name);
	480
	481	QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
	482	if (strcmp(vbasedev_iter->name, vbasedev->name) == 0) {
	483	error_report("vfio: error: device %s is already attached", path);
	484	vfio_put_group(group);
485	return -EBUSY;
486	}
487	}
488	ret = vfio_get_device(group, path, vbasedev);
489	if (ret) {
490	error_report("vfio: failed to get device %s", path);
491	vfio_put_group(group);
492	return ret;
493	}
494
495	ret = vfio_populate_device(vbasedev);
496	if (ret) {
497	error_report("vfio: failed to populate device %s", path);
498	vfio_put_group(group);
499	}
500
501	return ret;
502	}
503
504	/**
505	* vfio_map_region - initialize the 2 memory regions for a given
506	* MMIO region index
507	* @vdev: the VFIO platform device handle
508	* @nr: the index of the region
509	*
510	* Init the top memory region and the mmapped memory region beneath
511	* VFIOPlatformDevice is used since VFIODevice is not a QOM Object
512	* and could not be passed to memory region functions
513	*/
514	static void vfio_map_region(VFIOPlatformDevice *vdev, int nr)
515	{
516	VFIORegion *region = vdev->regions[nr];
517	uint64_t size = region->size;
518	char name[64];
519
520	if (!size) {
521	return;
522	}
523
524	g_snprintf(name, sizeof(name), "VFIO %s region %d",
525	vdev->vbasedev.name, nr);
526
527	/* A "slow" read/write mapping underlies all regions */
528	memory_region_init_io(&region->mem, OBJECT(vdev), &vfio_region_ops,
529	region, name, size);
530
531	g_strlcat(name, " mmap", sizeof(name));
532
533	if (vfio_mmap_region(OBJECT(vdev), region, &region->mem,
534	&region->mmap_mem, &region->mmap, size, 0, name)) {
535	error_report("%s unsupported. Performance may be slow", name);
536	}
537	}
538
539	/**
540	* vfio_platform_realize - the device realize function
541	* @dev: device state pointer
542	* @errp: error
543	*
544	* initialize the device, its memory regions and IRQ structures
545	* IRQ are started separately
546	*/
547	static void vfio_platform_realize(DeviceState dev, Error *errp)
548	{
549	VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(dev);
550	SysBusDevice *sbdev = SYS_BUS_DEVICE(dev);
551	VFIODevice *vbasedev = &vdev->vbasedev;
38559979	552	VFIOINTp *intp;
0ea2730b EA	553	int i, ret;
	554
	555	vbasedev->type = VFIO_DEVICE_TYPE_PLATFORM;
	556	vbasedev->ops = &vfio_platform_ops;
	557
	558	trace_vfio_platform_realize(vbasedev->name, vdev->compat);
	559
	560	ret = vfio_base_device_init(vbasedev);
	561	if (ret) {
	562	error_setg(errp, "vfio: vfio_base_device_init failed for %s",
	563	vbasedev->name);
	564	return;
	565	}
	566
	567	for (i = 0; i < vbasedev->num_regions; i++) {
	568	vfio_map_region(vdev, i);
	569	sysbus_init_mmio(sbdev, &vdev->regions[i]->mem);
	570	}
38559979 EA	571
	572	QLIST_FOREACH(intp, &vdev->intp_list, next) {
	573	vfio_start_eventfd_injection(intp);
	574	}
0ea2730b EA	575	}
	576
	577	static const VMStateDescription vfio_platform_vmstate = {
	578	.name = TYPE_VFIO_PLATFORM,
	579	.unmigratable = 1,
	580	};
	581
	582	static Property vfio_platform_dev_properties[] = {
	583	DEFINE_PROP_STRING("host", VFIOPlatformDevice, vbasedev.name),
	584	DEFINE_PROP_BOOL("x-mmap", VFIOPlatformDevice, vbasedev.allow_mmap, true),
38559979 EA	585	DEFINE_PROP_UINT32("mmap-timeout-ms", VFIOPlatformDevice,
38559979 EA	586	mmap_timeout, 1100),
0ea2730b EA	587	DEFINE_PROP_END_OF_LIST(),
	588	};
	589
	590	static void vfio_platform_class_init(ObjectClass klass, void data)
	591	{
	592	DeviceClass *dc = DEVICE_CLASS(klass);
	593
	594	dc->realize = vfio_platform_realize;
	595	dc->props = vfio_platform_dev_properties;
	596	dc->vmsd = &vfio_platform_vmstate;
	597	dc->desc = "VFIO-based platform device assignment";
	598	set_bit(DEVICE_CATEGORY_MISC, dc->categories);
	599	}
	600
	601	static const TypeInfo vfio_platform_dev_info = {
	602	.name = TYPE_VFIO_PLATFORM,
	603	.parent = TYPE_SYS_BUS_DEVICE,
	604	.instance_size = sizeof(VFIOPlatformDevice),
	605	.class_init = vfio_platform_class_init,
	606	.class_size = sizeof(VFIOPlatformDeviceClass),
	607	.abstract = true,
	608	};
	609
	610	static void register_vfio_platform_dev_type(void)
	611	{
	612	type_register_static(&vfio_platform_dev_info);
	613	}
	614
	615	type_init(register_vfio_platform_dev_type)