]> git.proxmox.com Git - qemu.git/blob - hw/ppc/spapr_iommu.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
pseries: Factor out check for out-of-bounds LIOBN
[qemu.git] / hw / ppc / spapr_iommu.c
1 /*
2 * QEMU sPAPR IOMMU (TCE) code
3 *
4 * Copyright (c) 2010 David Gibson, IBM Corporation <dwg@au1.ibm.com>
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "hw/hw.h"
20 #include "sysemu/kvm.h"
21 #include "hw/qdev.h"
22 #include "kvm_ppc.h"
23 #include "sysemu/dma.h"
24 #include "exec/address-spaces.h"
25
26 #include "hw/ppc/spapr.h"
27
28 #include <libfdt.h>
29
30 /* #define DEBUG_TCE */
31
32 enum sPAPRTCEAccess {
33 SPAPR_TCE_FAULT = 0,
34 SPAPR_TCE_RO = 1,
35 SPAPR_TCE_WO = 2,
36 SPAPR_TCE_RW = 3,
37 };
38
39 typedef struct sPAPRTCETable sPAPRTCETable;
40
41 struct sPAPRTCETable {
42 DMAContext dma;
43 uint32_t liobn;
44 uint32_t window_size;
45 sPAPRTCE *table;
46 bool bypass;
47 int fd;
48 QLIST_ENTRY(sPAPRTCETable) list;
49 };
50
51
52 QLIST_HEAD(spapr_tce_tables, sPAPRTCETable) spapr_tce_tables;
53
54 static sPAPRTCETable *spapr_tce_find_by_liobn(uint32_t liobn)
55 {
56 sPAPRTCETable *tcet;
57
58 if (liobn & 0xFFFFFFFF00000000ULL) {
59 hcall_dprintf("Request for out-of-bounds LIOBN 0x" TARGET_FMT_lx "\n",
60 liobn);
61 return NULL;
62 }
63
64 QLIST_FOREACH(tcet, &spapr_tce_tables, list) {
65 if (tcet->liobn == liobn) {
66 return tcet;
67 }
68 }
69
70 return NULL;
71 }
72
73 static int spapr_tce_translate(DMAContext *dma,
74 dma_addr_t addr,
75 hwaddr *paddr,
76 hwaddr *len,
77 DMADirection dir)
78 {
79 sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
80 enum sPAPRTCEAccess access = (dir == DMA_DIRECTION_FROM_DEVICE)
81 ? SPAPR_TCE_WO : SPAPR_TCE_RO;
82 uint64_t tce;
83
84 #ifdef DEBUG_TCE
85 fprintf(stderr, "spapr_tce_translate liobn=0x%" PRIx32 " addr=0x"
86 DMA_ADDR_FMT "\n", tcet->liobn, addr);
87 #endif
88
89 if (tcet->bypass) {
90 *paddr = addr;
91 *len = (hwaddr)-1;
92 return 0;
93 }
94
95 /* Check if we are in bound */
96 if (addr >= tcet->window_size) {
97 #ifdef DEBUG_TCE
98 fprintf(stderr, "spapr_tce_translate out of bounds\n");
99 #endif
100 return -EFAULT;
101 }
102
103 tce = tcet->table[addr >> SPAPR_TCE_PAGE_SHIFT].tce;
104
105 /* Check TCE */
106 if (!(tce & access)) {
107 return -EPERM;
108 }
109
110 /* How much til end of page ? */
111 *len = ((~addr) & SPAPR_TCE_PAGE_MASK) + 1;
112
113 /* Translate */
114 *paddr = (tce & ~SPAPR_TCE_PAGE_MASK) |
115 (addr & SPAPR_TCE_PAGE_MASK);
116
117 #ifdef DEBUG_TCE
118 fprintf(stderr, " -> *paddr=0x" TARGET_FMT_plx ", *len=0x"
119 TARGET_FMT_plx "\n", *paddr, *len);
120 #endif
121
122 return 0;
123 }
124
125 DMAContext *spapr_tce_new_dma_context(uint32_t liobn, size_t window_size)
126 {
127 sPAPRTCETable *tcet;
128
129 if (spapr_tce_find_by_liobn(liobn)) {
130 fprintf(stderr, "Attempted to create TCE table with duplicate"
131 " LIOBN 0x%x\n", liobn);
132 return NULL;
133 }
134
135 if (!window_size) {
136 return NULL;
137 }
138
139 tcet = g_malloc0(sizeof(*tcet));
140 dma_context_init(&tcet->dma, &address_space_memory, spapr_tce_translate, NULL, NULL);
141
142 tcet->liobn = liobn;
143 tcet->window_size = window_size;
144
145 if (kvm_enabled()) {
146 tcet->table = kvmppc_create_spapr_tce(liobn,
147 window_size,
148 &tcet->fd);
149 }
150
151 if (!tcet->table) {
152 size_t table_size = (window_size >> SPAPR_TCE_PAGE_SHIFT)
153 * sizeof(sPAPRTCE);
154 tcet->table = g_malloc0(table_size);
155 }
156
157 #ifdef DEBUG_TCE
158 fprintf(stderr, "spapr_iommu: New TCE table, liobn=0x%x, context @ %p, "
159 "table @ %p, fd=%d\n", liobn, &tcet->dma, tcet->table, tcet->fd);
160 #endif
161
162 QLIST_INSERT_HEAD(&spapr_tce_tables, tcet, list);
163
164 return &tcet->dma;
165 }
166
167 void spapr_tce_free(DMAContext *dma)
168 {
169
170 if (dma) {
171 sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
172
173 QLIST_REMOVE(tcet, list);
174
175 if (!kvm_enabled() ||
176 (kvmppc_remove_spapr_tce(tcet->table, tcet->fd,
177 tcet->window_size) != 0)) {
178 g_free(tcet->table);
179 }
180
181 g_free(tcet);
182 }
183 }
184
185 void spapr_tce_set_bypass(DMAContext *dma, bool bypass)
186 {
187 sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
188
189 tcet->bypass = bypass;
190 }
191
192 void spapr_tce_reset(DMAContext *dma)
193 {
194 sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, dma);
195 size_t table_size = (tcet->window_size >> SPAPR_TCE_PAGE_SHIFT)
196 * sizeof(sPAPRTCE);
197
198 tcet->bypass = false;
199 memset(tcet->table, 0, table_size);
200 }
201
202 static target_ulong put_tce_emu(sPAPRTCETable *tcet, target_ulong ioba,
203 target_ulong tce)
204 {
205 sPAPRTCE *tcep;
206
207 if (ioba >= tcet->window_size) {
208 hcall_dprintf("spapr_vio_put_tce on out-of-boards IOBA 0x"
209 TARGET_FMT_lx "\n", ioba);
210 return H_PARAMETER;
211 }
212
213 tcep = tcet->table + (ioba >> SPAPR_TCE_PAGE_SHIFT);
214 tcep->tce = tce;
215
216 return H_SUCCESS;
217 }
218
219 static target_ulong h_put_tce(PowerPCCPU *cpu, sPAPREnvironment *spapr,
220 target_ulong opcode, target_ulong *args)
221 {
222 target_ulong liobn = args[0];
223 target_ulong ioba = args[1];
224 target_ulong tce = args[2];
225 sPAPRTCETable *tcet = spapr_tce_find_by_liobn(liobn);
226
227 ioba &= ~(SPAPR_TCE_PAGE_SIZE - 1);
228
229 if (tcet) {
230 return put_tce_emu(tcet, ioba, tce);
231 }
232 #ifdef DEBUG_TCE
233 fprintf(stderr, "%s on liobn=" TARGET_FMT_lx /*%s*/
234 " ioba 0x" TARGET_FMT_lx " TCE 0x" TARGET_FMT_lx "\n",
235 __func__, liobn, /*dev->qdev.id, */ioba, tce);
236 #endif
237
238 return H_PARAMETER;
239 }
240
241 void spapr_iommu_init(void)
242 {
243 QLIST_INIT(&spapr_tce_tables);
244
245 /* hcall-tce */
246 spapr_register_hypercall(H_PUT_TCE, h_put_tce);
247 }
248
249 int spapr_dma_dt(void *fdt, int node_off, const char *propname,
250 uint32_t liobn, uint64_t window, uint32_t size)
251 {
252 uint32_t dma_prop[5];
253 int ret;
254
255 dma_prop[0] = cpu_to_be32(liobn);
256 dma_prop[1] = cpu_to_be32(window >> 32);
257 dma_prop[2] = cpu_to_be32(window & 0xFFFFFFFF);
258 dma_prop[3] = 0; /* window size is 32 bits */
259 dma_prop[4] = cpu_to_be32(size);
260
261 ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-address-cells", 2);
262 if (ret < 0) {
263 return ret;
264 }
265
266 ret = fdt_setprop_cell(fdt, node_off, "ibm,#dma-size-cells", 2);
267 if (ret < 0) {
268 return ret;
269 }
270
271 ret = fdt_setprop(fdt, node_off, propname, dma_prop, sizeof(dma_prop));
272 if (ret < 0) {
273 return ret;
274 }
275
276 return 0;
277 }
278
279 int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
280 DMAContext *iommu)
281 {
282 if (!iommu) {
283 return 0;
284 }
285
286 if (iommu->translate == spapr_tce_translate) {
287 sPAPRTCETable *tcet = DO_UPCAST(sPAPRTCETable, dma, iommu);
288 return spapr_dma_dt(fdt, node_off, propname,
289 tcet->liobn, 0, tcet->window_size);
290 }
291
292 return -1;
293 }
Qemu copy for testing