]> git.proxmox.com Git - mirror_qemu.git/blob - hw/s390x/s390-pci-bus.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
s390: Plug memory leak on s390_pci_generate_event() error path
[mirror_qemu.git] / hw / s390x / s390-pci-bus.c
1 /*
2 * s390 PCI BUS
3 *
4 * Copyright 2014 IBM Corp.
5 * Author(s): Frank Blaschka <frank.blaschka@de.ibm.com>
6 * Hong Bo Li <lihbbj@cn.ibm.com>
7 * Yi Min Zhao <zyimin@cn.ibm.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2 or (at
10 * your option) any later version. See the COPYING file in the top-level
11 * directory.
12 */
13
14 #include "s390-pci-bus.h"
15 #include <hw/pci/pci_bus.h>
16 #include <hw/pci/msi.h>
17 #include <qemu/error-report.h>
18
19 /* #define DEBUG_S390PCI_BUS */
20 #ifdef DEBUG_S390PCI_BUS
21 #define DPRINTF(fmt, ...) \
22 do { fprintf(stderr, "S390pci-bus: " fmt, ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) \
25 do { } while (0)
26 #endif
27
28 int chsc_sei_nt2_get_event(void *res)
29 {
30 ChscSeiNt2Res *nt2_res = (ChscSeiNt2Res *)res;
31 PciCcdfAvail *accdf;
32 PciCcdfErr *eccdf;
33 int rc = 1;
34 SeiContainer *sei_cont;
35 S390pciState *s = S390_PCI_HOST_BRIDGE(
36 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
37
38 if (!s) {
39 return rc;
40 }
41
42 sei_cont = QTAILQ_FIRST(&s->pending_sei);
43 if (sei_cont) {
44 QTAILQ_REMOVE(&s->pending_sei, sei_cont, link);
45 nt2_res->nt = 2;
46 nt2_res->cc = sei_cont->cc;
47 switch (sei_cont->cc) {
48 case 1: /* error event */
49 eccdf = (PciCcdfErr *)nt2_res->ccdf;
50 eccdf->fid = cpu_to_be32(sei_cont->fid);
51 eccdf->fh = cpu_to_be32(sei_cont->fh);
52 eccdf->e = cpu_to_be32(sei_cont->e);
53 eccdf->faddr = cpu_to_be64(sei_cont->faddr);
54 eccdf->pec = cpu_to_be16(sei_cont->pec);
55 break;
56 case 2: /* availability event */
57 accdf = (PciCcdfAvail *)nt2_res->ccdf;
58 accdf->fid = cpu_to_be32(sei_cont->fid);
59 accdf->fh = cpu_to_be32(sei_cont->fh);
60 accdf->pec = cpu_to_be16(sei_cont->pec);
61 break;
62 default:
63 abort();
64 }
65 g_free(sei_cont);
66 rc = 0;
67 }
68
69 return rc;
70 }
71
72 int chsc_sei_nt2_have_event(void)
73 {
74 S390pciState *s = S390_PCI_HOST_BRIDGE(
75 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
76
77 if (!s) {
78 return 0;
79 }
80
81 return !QTAILQ_EMPTY(&s->pending_sei);
82 }
83
84 S390PCIBusDevice *s390_pci_find_dev_by_fid(uint32_t fid)
85 {
86 S390PCIBusDevice *pbdev;
87 int i;
88 S390pciState *s = S390_PCI_HOST_BRIDGE(
89 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
90
91 if (!s) {
92 return NULL;
93 }
94
95 for (i = 0; i < PCI_SLOT_MAX; i++) {
96 pbdev = &s->pbdev[i];
97 if ((pbdev->fh != 0) && (pbdev->fid == fid)) {
98 return pbdev;
99 }
100 }
101
102 return NULL;
103 }
104
105 void s390_pci_sclp_configure(int configure, SCCB *sccb)
106 {
107 PciCfgSccb *psccb = (PciCfgSccb *)sccb;
108 S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
109 uint16_t rc;
110
111 if (pbdev) {
112 if ((configure == 1 && pbdev->configured == true) ||
113 (configure == 0 && pbdev->configured == false)) {
114 rc = SCLP_RC_NO_ACTION_REQUIRED;
115 } else {
116 pbdev->configured = !pbdev->configured;
117 rc = SCLP_RC_NORMAL_COMPLETION;
118 }
119 } else {
120 DPRINTF("sclp config %d no dev found\n", configure);
121 rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
122 }
123
124 psccb->header.response_code = cpu_to_be16(rc);
125 return;
126 }
127
128 static uint32_t s390_pci_get_pfid(PCIDevice *pdev)
129 {
130 return PCI_SLOT(pdev->devfn);
131 }
132
133 static uint32_t s390_pci_get_pfh(PCIDevice *pdev)
134 {
135 return PCI_SLOT(pdev->devfn) | FH_VIRT;
136 }
137
138 S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
139 {
140 S390PCIBusDevice *pbdev;
141 int i;
142 int j = 0;
143 S390pciState *s = S390_PCI_HOST_BRIDGE(
144 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
145
146 if (!s) {
147 return NULL;
148 }
149
150 for (i = 0; i < PCI_SLOT_MAX; i++) {
151 pbdev = &s->pbdev[i];
152
153 if (pbdev->fh == 0) {
154 continue;
155 }
156
157 if (j == idx) {
158 return pbdev;
159 }
160 j++;
161 }
162
163 return NULL;
164 }
165
166 S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
167 {
168 S390PCIBusDevice *pbdev;
169 int i;
170 S390pciState *s = S390_PCI_HOST_BRIDGE(
171 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
172
173 if (!s) {
174 return NULL;
175 }
176
177 for (i = 0; i < PCI_SLOT_MAX; i++) {
178 pbdev = &s->pbdev[i];
179 if (pbdev->fh == fh) {
180 return pbdev;
181 }
182 }
183
184 return NULL;
185 }
186
187 static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh,
188 uint32_t fid, uint64_t faddr, uint32_t e)
189 {
190 SeiContainer *sei_cont;
191 S390pciState *s = S390_PCI_HOST_BRIDGE(
192 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
193
194 if (!s) {
195 return;
196 }
197
198 sei_cont = g_malloc0(sizeof(SeiContainer));
199 sei_cont->fh = fh;
200 sei_cont->fid = fid;
201 sei_cont->cc = cc;
202 sei_cont->pec = pec;
203 sei_cont->faddr = faddr;
204 sei_cont->e = e;
205
206 QTAILQ_INSERT_TAIL(&s->pending_sei, sei_cont, link);
207 css_generate_css_crws(0);
208 }
209
210 static void s390_pci_generate_plug_event(uint16_t pec, uint32_t fh,
211 uint32_t fid)
212 {
213 s390_pci_generate_event(2, pec, fh, fid, 0, 0);
214 }
215
216 static void s390_pci_generate_error_event(uint16_t pec, uint32_t fh,
217 uint32_t fid, uint64_t faddr,
218 uint32_t e)
219 {
220 s390_pci_generate_event(1, pec, fh, fid, faddr, e);
221 }
222
223 static void s390_pci_set_irq(void *opaque, int irq, int level)
224 {
225 /* nothing to do */
226 }
227
228 static int s390_pci_map_irq(PCIDevice *pci_dev, int irq_num)
229 {
230 /* nothing to do */
231 return 0;
232 }
233
234 static uint64_t s390_pci_get_table_origin(uint64_t iota)
235 {
236 return iota & ~ZPCI_IOTA_RTTO_FLAG;
237 }
238
239 static unsigned int calc_rtx(dma_addr_t ptr)
240 {
241 return ((unsigned long) ptr >> ZPCI_RT_SHIFT) & ZPCI_INDEX_MASK;
242 }
243
244 static unsigned int calc_sx(dma_addr_t ptr)
245 {
246 return ((unsigned long) ptr >> ZPCI_ST_SHIFT) & ZPCI_INDEX_MASK;
247 }
248
249 static unsigned int calc_px(dma_addr_t ptr)
250 {
251 return ((unsigned long) ptr >> PAGE_SHIFT) & ZPCI_PT_MASK;
252 }
253
254 static uint64_t get_rt_sto(uint64_t entry)
255 {
256 return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_RTX)
257 ? (entry & ZPCI_RTE_ADDR_MASK)
258 : 0;
259 }
260
261 static uint64_t get_st_pto(uint64_t entry)
262 {
263 return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_SX)
264 ? (entry & ZPCI_STE_ADDR_MASK)
265 : 0;
266 }
267
268 static uint64_t s390_guest_io_table_walk(uint64_t guest_iota,
269 uint64_t guest_dma_address)
270 {
271 uint64_t sto_a, pto_a, px_a;
272 uint64_t sto, pto, pte;
273 uint32_t rtx, sx, px;
274
275 rtx = calc_rtx(guest_dma_address);
276 sx = calc_sx(guest_dma_address);
277 px = calc_px(guest_dma_address);
278
279 sto_a = guest_iota + rtx * sizeof(uint64_t);
280 sto = ldq_phys(&address_space_memory, sto_a);
281 sto = get_rt_sto(sto);
282 if (!sto) {
283 pte = 0;
284 goto out;
285 }
286
287 pto_a = sto + sx * sizeof(uint64_t);
288 pto = ldq_phys(&address_space_memory, pto_a);
289 pto = get_st_pto(pto);
290 if (!pto) {
291 pte = 0;
292 goto out;
293 }
294
295 px_a = pto + px * sizeof(uint64_t);
296 pte = ldq_phys(&address_space_memory, px_a);
297
298 out:
299 return pte;
300 }
301
302 static IOMMUTLBEntry s390_translate_iommu(MemoryRegion *iommu, hwaddr addr,
303 bool is_write)
304 {
305 uint64_t pte;
306 uint32_t flags;
307 S390PCIBusDevice *pbdev = container_of(iommu, S390PCIBusDevice, mr);
308 S390pciState *s = S390_PCI_HOST_BRIDGE(pci_device_root_bus(pbdev->pdev)
309 ->qbus.parent);
310 IOMMUTLBEntry ret = {
311 .target_as = &address_space_memory,
312 .iova = 0,
313 .translated_addr = 0,
314 .addr_mask = ~(hwaddr)0,
315 .perm = IOMMU_NONE,
316 };
317
318 DPRINTF("iommu trans addr 0x%" PRIx64 "\n", addr);
319
320 /* s390 does not have an APIC mapped to main storage so we use
321 * a separate AddressSpace only for msix notifications
322 */
323 if (addr == ZPCI_MSI_ADDR) {
324 ret.target_as = &s->msix_notify_as;
325 ret.iova = addr;
326 ret.translated_addr = addr;
327 ret.addr_mask = 0xfff;
328 ret.perm = IOMMU_RW;
329 return ret;
330 }
331
332 if (!pbdev->g_iota) {
333 pbdev->error_state = true;
334 pbdev->lgstg_blocked = true;
335 s390_pci_generate_error_event(ERR_EVENT_INVALAS, pbdev->fh, pbdev->fid,
336 addr, 0);
337 return ret;
338 }
339
340 if (addr < pbdev->pba || addr > pbdev->pal) {
341 pbdev->error_state = true;
342 pbdev->lgstg_blocked = true;
343 s390_pci_generate_error_event(ERR_EVENT_OORANGE, pbdev->fh, pbdev->fid,
344 addr, 0);
345 return ret;
346 }
347
348 pte = s390_guest_io_table_walk(s390_pci_get_table_origin(pbdev->g_iota),
349 addr);
350
351 if (!pte) {
352 pbdev->error_state = true;
353 pbdev->lgstg_blocked = true;
354 s390_pci_generate_error_event(ERR_EVENT_SERR, pbdev->fh, pbdev->fid,
355 addr, ERR_EVENT_Q_BIT);
356 return ret;
357 }
358
359 flags = pte & ZPCI_PTE_FLAG_MASK;
360 ret.iova = addr;
361 ret.translated_addr = pte & ZPCI_PTE_ADDR_MASK;
362 ret.addr_mask = 0xfff;
363
364 if (flags & ZPCI_PTE_INVALID) {
365 ret.perm = IOMMU_NONE;
366 } else {
367 ret.perm = IOMMU_RW;
368 }
369
370 return ret;
371 }
372
373 static const MemoryRegionIOMMUOps s390_iommu_ops = {
374 .translate = s390_translate_iommu,
375 };
376
377 static AddressSpace *s390_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
378 {
379 S390pciState *s = opaque;
380
381 return &s->pbdev[PCI_SLOT(devfn)].as;
382 }
383
384 static uint8_t set_ind_atomic(uint64_t ind_loc, uint8_t to_be_set)
385 {
386 uint8_t ind_old, ind_new;
387 hwaddr len = 1;
388 uint8_t *ind_addr;
389
390 ind_addr = cpu_physical_memory_map(ind_loc, &len, 1);
391 if (!ind_addr) {
392 s390_pci_generate_error_event(ERR_EVENT_AIRERR, 0, 0, 0, 0);
393 return -1;
394 }
395 do {
396 ind_old = *ind_addr;
397 ind_new = ind_old | to_be_set;
398 } while (atomic_cmpxchg(ind_addr, ind_old, ind_new) != ind_old);
399 cpu_physical_memory_unmap(ind_addr, len, 1, len);
400
401 return ind_old;
402 }
403
404 static void s390_msi_ctrl_write(void *opaque, hwaddr addr, uint64_t data,
405 unsigned int size)
406 {
407 S390PCIBusDevice *pbdev;
408 uint32_t io_int_word;
409 uint32_t fid = data >> ZPCI_MSI_VEC_BITS;
410 uint32_t vec = data & ZPCI_MSI_VEC_MASK;
411 uint64_t ind_bit;
412 uint32_t sum_bit;
413 uint32_t e = 0;
414
415 DPRINTF("write_msix data 0x%" PRIx64 " fid %d vec 0x%x\n", data, fid, vec);
416
417 pbdev = s390_pci_find_dev_by_fid(fid);
418 if (!pbdev) {
419 e |= (vec << ERR_EVENT_MVN_OFFSET);
420 s390_pci_generate_error_event(ERR_EVENT_NOMSI, 0, fid, addr, e);
421 return;
422 }
423
424 ind_bit = pbdev->routes.adapter.ind_offset;
425 sum_bit = pbdev->routes.adapter.summary_offset;
426
427 set_ind_atomic(pbdev->routes.adapter.ind_addr + (ind_bit + vec) / 8,
428 0x80 >> ((ind_bit + vec) % 8));
429 if (!set_ind_atomic(pbdev->routes.adapter.summary_addr + sum_bit / 8,
430 0x80 >> (sum_bit % 8))) {
431 io_int_word = (pbdev->isc << 27) | IO_INT_WORD_AI;
432 s390_io_interrupt(0, 0, 0, io_int_word);
433 }
434
435 return;
436 }
437
438 static uint64_t s390_msi_ctrl_read(void *opaque, hwaddr addr, unsigned size)
439 {
440 return 0xffffffff;
441 }
442
443 static const MemoryRegionOps s390_msi_ctrl_ops = {
444 .write = s390_msi_ctrl_write,
445 .read = s390_msi_ctrl_read,
446 .endianness = DEVICE_LITTLE_ENDIAN,
447 };
448
449 static void s390_pcihost_init_as(S390pciState *s)
450 {
451 int i;
452
453 for (i = 0; i < PCI_SLOT_MAX; i++) {
454 memory_region_init_iommu(&s->pbdev[i].mr, OBJECT(s),
455 &s390_iommu_ops, "iommu-s390", UINT64_MAX);
456 address_space_init(&s->pbdev[i].as, &s->pbdev[i].mr, "iommu-pci");
457 }
458
459 memory_region_init_io(&s->msix_notify_mr, OBJECT(s),
460 &s390_msi_ctrl_ops, s, "msix-s390", UINT64_MAX);
461 address_space_init(&s->msix_notify_as, &s->msix_notify_mr, "msix-pci");
462 }
463
464 static int s390_pcihost_init(SysBusDevice *dev)
465 {
466 PCIBus *b;
467 BusState *bus;
468 PCIHostState *phb = PCI_HOST_BRIDGE(dev);
469 S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
470
471 DPRINTF("host_init\n");
472
473 b = pci_register_bus(DEVICE(dev), NULL,
474 s390_pci_set_irq, s390_pci_map_irq, NULL,
475 get_system_memory(), get_system_io(), 0, 64,
476 TYPE_PCI_BUS);
477 s390_pcihost_init_as(s);
478 pci_setup_iommu(b, s390_pci_dma_iommu, s);
479
480 bus = BUS(b);
481 qbus_set_hotplug_handler(bus, DEVICE(dev), NULL);
482 phb->bus = b;
483 QTAILQ_INIT(&s->pending_sei);
484 return 0;
485 }
486
487 static int s390_pcihost_setup_msix(S390PCIBusDevice *pbdev)
488 {
489 uint8_t pos;
490 uint16_t ctrl;
491 uint32_t table, pba;
492
493 pos = pci_find_capability(pbdev->pdev, PCI_CAP_ID_MSIX);
494 if (!pos) {
495 pbdev->msix.available = false;
496 return 0;
497 }
498
499 ctrl = pci_host_config_read_common(pbdev->pdev, pos + PCI_CAP_FLAGS,
500 pci_config_size(pbdev->pdev), sizeof(ctrl));
501 table = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_TABLE,
502 pci_config_size(pbdev->pdev), sizeof(table));
503 pba = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_PBA,
504 pci_config_size(pbdev->pdev), sizeof(pba));
505
506 pbdev->msix.table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
507 pbdev->msix.table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
508 pbdev->msix.pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
509 pbdev->msix.pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK;
510 pbdev->msix.entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1;
511 pbdev->msix.available = true;
512 return 0;
513 }
514
515 static void s390_pcihost_hot_plug(HotplugHandler *hotplug_dev,
516 DeviceState *dev, Error **errp)
517 {
518 PCIDevice *pci_dev = PCI_DEVICE(dev);
519 S390PCIBusDevice *pbdev;
520 S390pciState *s = S390_PCI_HOST_BRIDGE(pci_device_root_bus(pci_dev)
521 ->qbus.parent);
522
523 pbdev = &s->pbdev[PCI_SLOT(pci_dev->devfn)];
524
525 pbdev->fid = s390_pci_get_pfid(pci_dev);
526 pbdev->pdev = pci_dev;
527 pbdev->configured = true;
528 pbdev->fh = s390_pci_get_pfh(pci_dev);
529
530 s390_pcihost_setup_msix(pbdev);
531
532 if (dev->hotplugged) {
533 s390_pci_generate_plug_event(HP_EVENT_RESERVED_TO_STANDBY,
534 pbdev->fh, pbdev->fid);
535 s390_pci_generate_plug_event(HP_EVENT_TO_CONFIGURED,
536 pbdev->fh, pbdev->fid);
537 }
538 return;
539 }
540
541 static void s390_pcihost_hot_unplug(HotplugHandler *hotplug_dev,
542 DeviceState *dev, Error **errp)
543 {
544 PCIDevice *pci_dev = PCI_DEVICE(dev);
545 S390pciState *s = S390_PCI_HOST_BRIDGE(pci_device_root_bus(pci_dev)
546 ->qbus.parent);
547 S390PCIBusDevice *pbdev = &s->pbdev[PCI_SLOT(pci_dev->devfn)];
548
549 if (pbdev->configured) {
550 pbdev->configured = false;
551 s390_pci_generate_plug_event(HP_EVENT_CONFIGURED_TO_STBRES,
552 pbdev->fh, pbdev->fid);
553 }
554
555 s390_pci_generate_plug_event(HP_EVENT_STANDBY_TO_RESERVED,
556 pbdev->fh, pbdev->fid);
557 pbdev->fh = 0;
558 pbdev->fid = 0;
559 pbdev->pdev = NULL;
560 object_unparent(OBJECT(pci_dev));
561 }
562
563 static void s390_pcihost_class_init(ObjectClass *klass, void *data)
564 {
565 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
566 DeviceClass *dc = DEVICE_CLASS(klass);
567 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
568
569 dc->cannot_instantiate_with_device_add_yet = true;
570 k->init = s390_pcihost_init;
571 hc->plug = s390_pcihost_hot_plug;
572 hc->unplug = s390_pcihost_hot_unplug;
573 msi_supported = true;
574 }
575
576 static const TypeInfo s390_pcihost_info = {
577 .name = TYPE_S390_PCI_HOST_BRIDGE,
578 .parent = TYPE_PCI_HOST_BRIDGE,
579 .instance_size = sizeof(S390pciState),
580 .class_init = s390_pcihost_class_init,
581 .interfaces = (InterfaceInfo[]) {
582 { TYPE_HOTPLUG_HANDLER },
583 { }
584 }
585 };
586
587 static void s390_pci_register_types(void)
588 {
589 type_register_static(&s390_pcihost_info);
590 }
591
592 type_init(s390_pci_register_types)
QEMU mirror