search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bridge: fix a possible use after free
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / xen / xen-pciback / pci_stub.c
blobaec214ac0a14134cfeebe0d24f50ff7918488ebd
1 /*
2 * PCI Stub Driver - Grabs devices in backend to be exported later
3 *
4 * Ryan Wilson <hap9@epoch.ncsc.mil>
5 * Chris Bookholt <hap10@epoch.ncsc.mil>
6 */
7 #include <linux/module.h>
8 #include <linux/init.h>
9 #include <linux/rwsem.h>
10 #include <linux/list.h>
11 #include <linux/spinlock.h>
12 #include <linux/kref.h>
13 #include <linux/pci.h>
14 #include <linux/wait.h>
15 #include <linux/sched.h>
16 #include <linux/atomic.h>
17 #include <xen/events.h>
18 #include <asm/xen/pci.h>
19 #include <asm/xen/hypervisor.h>
20 #include "pciback.h"
21 #include "conf_space.h"
22 #include "conf_space_quirks.h"
23
24 #define DRV_NAME "xen-pciback"
25
26 static char *pci_devs_to_hide;
27 wait_queue_head_t xen_pcibk_aer_wait_queue;
28 /*Add sem for sync AER handling and xen_pcibk remove/reconfigue ops,
29 * We want to avoid in middle of AER ops, xen_pcibk devices is being removed
30 */
31 static DECLARE_RWSEM(pcistub_sem);
32 module_param_named(hide, pci_devs_to_hide, charp, 0444);
33
34 struct pcistub_device_id {
35 struct list_head slot_list;
36 int domain;
37 unsigned char bus;
38 unsigned int devfn;
39 };
40 static LIST_HEAD(pcistub_device_ids);
41 static DEFINE_SPINLOCK(device_ids_lock);
42
43 struct pcistub_device {
44 struct kref kref;
45 struct list_head dev_list;
46 spinlock_t lock;
47
48 struct pci_dev *dev;
49 struct xen_pcibk_device *pdev;/* non-NULL if struct pci_dev is in use */
50 };
51
52 /* Access to pcistub_devices & seized_devices lists and the initialize_devices
53 * flag must be locked with pcistub_devices_lock
54 */
55 static DEFINE_SPINLOCK(pcistub_devices_lock);
56 static LIST_HEAD(pcistub_devices);
57
58 /* wait for device_initcall before initializing our devices
59 * (see pcistub_init_devices_late)
60 */
61 static int initialize_devices;
62 static LIST_HEAD(seized_devices);
63
64 static struct pcistub_device *pcistub_device_alloc(struct pci_dev *dev)
65 {
66 struct pcistub_device *psdev;
67
68 dev_dbg(&dev->dev, "pcistub_device_alloc\n");
69
70 psdev = kzalloc(sizeof(*psdev), GFP_ATOMIC);
71 if (!psdev)
72 return NULL;
73
74 psdev->dev = pci_dev_get(dev);
75 if (!psdev->dev) {
76 kfree(psdev);
77 return NULL;
78 }
79
80 kref_init(&psdev->kref);
81 spin_lock_init(&psdev->lock);
82
83 return psdev;
84 }
85
86 /* Don't call this directly as it's called by pcistub_device_put */
87 static void pcistub_device_release(struct kref *kref)
88 {
89 struct pcistub_device *psdev;
90
91 psdev = container_of(kref, struct pcistub_device, kref);
92
93 dev_dbg(&psdev->dev->dev, "pcistub_device_release\n");
94
95 xen_unregister_device_domain_owner(psdev->dev);
96
97 /* Clean-up the device */
98 xen_pcibk_reset_device(psdev->dev);
99 xen_pcibk_config_free_dyn_fields(psdev->dev);
100 xen_pcibk_config_free_dev(psdev->dev);
101 kfree(pci_get_drvdata(psdev->dev));
102 pci_set_drvdata(psdev->dev, NULL);
103
104 pci_dev_put(psdev->dev);
105
106 kfree(psdev);
107 }
108
109 static inline void pcistub_device_get(struct pcistub_device *psdev)
110 {
111 kref_get(&psdev->kref);
112 }
113
114 static inline void pcistub_device_put(struct pcistub_device *psdev)
115 {
116 kref_put(&psdev->kref, pcistub_device_release);
117 }
118
119 static struct pcistub_device *pcistub_device_find(int domain, int bus,
120 int slot, int func)
121 {
122 struct pcistub_device *psdev = NULL;
123 unsigned long flags;
124
125 spin_lock_irqsave(&pcistub_devices_lock, flags);
126
127 list_for_each_entry(psdev, &pcistub_devices, dev_list) {
128 if (psdev->dev != NULL
129 && domain == pci_domain_nr(psdev->dev->bus)
130 && bus == psdev->dev->bus->number
131 && PCI_DEVFN(slot, func) == psdev->dev->devfn) {
132 pcistub_device_get(psdev);
133 goto out;
134 }
135 }
136
137 /* didn't find it */
138 psdev = NULL;
139
140 out:
141 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
142 return psdev;
143 }
144
145 static struct pci_dev *pcistub_device_get_pci_dev(struct xen_pcibk_device *pdev,
146 struct pcistub_device *psdev)
147 {
148 struct pci_dev *pci_dev = NULL;
149 unsigned long flags;
150
151 pcistub_device_get(psdev);
152
153 spin_lock_irqsave(&psdev->lock, flags);
154 if (!psdev->pdev) {
155 psdev->pdev = pdev;
156 pci_dev = psdev->dev;
157 }
158 spin_unlock_irqrestore(&psdev->lock, flags);
159
160 if (!pci_dev)
161 pcistub_device_put(psdev);
162
163 return pci_dev;
164 }
165
166 struct pci_dev *pcistub_get_pci_dev_by_slot(struct xen_pcibk_device *pdev,
167 int domain, int bus,
168 int slot, int func)
169 {
170 struct pcistub_device *psdev;
171 struct pci_dev *found_dev = NULL;
172 unsigned long flags;
173
174 spin_lock_irqsave(&pcistub_devices_lock, flags);
175
176 list_for_each_entry(psdev, &pcistub_devices, dev_list) {
177 if (psdev->dev != NULL
178 && domain == pci_domain_nr(psdev->dev->bus)
179 && bus == psdev->dev->bus->number
180 && PCI_DEVFN(slot, func) == psdev->dev->devfn) {
181 found_dev = pcistub_device_get_pci_dev(pdev, psdev);
182 break;
183 }
184 }
185
186 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
187 return found_dev;
188 }
189
190 struct pci_dev *pcistub_get_pci_dev(struct xen_pcibk_device *pdev,
191 struct pci_dev *dev)
192 {
193 struct pcistub_device *psdev;
194 struct pci_dev *found_dev = NULL;
195 unsigned long flags;
196
197 spin_lock_irqsave(&pcistub_devices_lock, flags);
198
199 list_for_each_entry(psdev, &pcistub_devices, dev_list) {
200 if (psdev->dev == dev) {
201 found_dev = pcistub_device_get_pci_dev(pdev, psdev);
202 break;
203 }
204 }
205
206 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
207 return found_dev;
208 }
209
210 void pcistub_put_pci_dev(struct pci_dev *dev)
211 {
212 struct pcistub_device *psdev, *found_psdev = NULL;
213 unsigned long flags;
214
215 spin_lock_irqsave(&pcistub_devices_lock, flags);
216
217 list_for_each_entry(psdev, &pcistub_devices, dev_list) {
218 if (psdev->dev == dev) {
219 found_psdev = psdev;
220 break;
221 }
222 }
223
224 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
225
226 /*hold this lock for avoiding breaking link between
227 * pcistub and xen_pcibk when AER is in processing
228 */
229 down_write(&pcistub_sem);
230 /* Cleanup our device
231 * (so it's ready for the next domain)
232 */
233 xen_pcibk_reset_device(found_psdev->dev);
234 xen_pcibk_config_free_dyn_fields(found_psdev->dev);
235 xen_pcibk_config_reset_dev(found_psdev->dev);
236
237 spin_lock_irqsave(&found_psdev->lock, flags);
238 found_psdev->pdev = NULL;
239 spin_unlock_irqrestore(&found_psdev->lock, flags);
240
241 pcistub_device_put(found_psdev);
242 up_write(&pcistub_sem);
243 }
244
245 static int __devinit pcistub_match_one(struct pci_dev *dev,
246 struct pcistub_device_id *pdev_id)
247 {
248 /* Match the specified device by domain, bus, slot, func and also if
249 * any of the device's parent bridges match.
250 */
251 for (; dev != NULL; dev = dev->bus->self) {
252 if (pci_domain_nr(dev->bus) == pdev_id->domain
253 && dev->bus->number == pdev_id->bus
254 && dev->devfn == pdev_id->devfn)
255 return 1;
256
257 /* Sometimes topmost bridge links to itself. */
258 if (dev == dev->bus->self)
259 break;
260 }
261
262 return 0;
263 }
264
265 static int __devinit pcistub_match(struct pci_dev *dev)
266 {
267 struct pcistub_device_id *pdev_id;
268 unsigned long flags;
269 int found = 0;
270
271 spin_lock_irqsave(&device_ids_lock, flags);
272 list_for_each_entry(pdev_id, &pcistub_device_ids, slot_list) {
273 if (pcistub_match_one(dev, pdev_id)) {
274 found = 1;
275 break;
276 }
277 }
278 spin_unlock_irqrestore(&device_ids_lock, flags);
279
280 return found;
281 }
282
283 static int __devinit pcistub_init_device(struct pci_dev *dev)
284 {
285 struct xen_pcibk_dev_data *dev_data;
286 int err = 0;
287
288 dev_dbg(&dev->dev, "initializing...\n");
289
290 /* The PCI backend is not intended to be a module (or to work with
291 * removable PCI devices (yet). If it were, xen_pcibk_config_free()
292 * would need to be called somewhere to free the memory allocated
293 * here and then to call kfree(pci_get_drvdata(psdev->dev)).
294 */
295 dev_data = kzalloc(sizeof(*dev_data) + strlen(DRV_NAME "[]")
296 + strlen(pci_name(dev)) + 1, GFP_ATOMIC);
297 if (!dev_data) {
298 err = -ENOMEM;
299 goto out;
300 }
301 pci_set_drvdata(dev, dev_data);
302
303 /*
304 * Setup name for fake IRQ handler. It will only be enabled
305 * once the device is turned on by the guest.
306 */
307 sprintf(dev_data->irq_name, DRV_NAME "[%s]", pci_name(dev));
308
309 dev_dbg(&dev->dev, "initializing config\n");
310
311 init_waitqueue_head(&xen_pcibk_aer_wait_queue);
312 err = xen_pcibk_config_init_dev(dev);
313 if (err)
314 goto out;
315
316 /* HACK: Force device (& ACPI) to determine what IRQ it's on - we
317 * must do this here because pcibios_enable_device may specify
318 * the pci device's true irq (and possibly its other resources)
319 * if they differ from what's in the configuration space.
320 * This makes the assumption that the device's resources won't
321 * change after this point (otherwise this code may break!)
322 */
323 dev_dbg(&dev->dev, "enabling device\n");
324 err = pci_enable_device(dev);
325 if (err)
326 goto config_release;
327
328 /* Now disable the device (this also ensures some private device
329 * data is setup before we export)
330 */
331 dev_dbg(&dev->dev, "reset device\n");
332 xen_pcibk_reset_device(dev);
333
334 return 0;
335
336 config_release:
337 xen_pcibk_config_free_dev(dev);
338
339 out:
340 pci_set_drvdata(dev, NULL);
341 kfree(dev_data);
342 return err;
343 }
344
345 /*
346 * Because some initialization still happens on
347 * devices during fs_initcall, we need to defer
348 * full initialization of our devices until
349 * device_initcall.
350 */
351 static int __init pcistub_init_devices_late(void)
352 {
353 struct pcistub_device *psdev;
354 unsigned long flags;
355 int err = 0;
356
357 pr_debug(DRV_NAME ": pcistub_init_devices_late\n");
358
359 spin_lock_irqsave(&pcistub_devices_lock, flags);
360
361 while (!list_empty(&seized_devices)) {
362 psdev = container_of(seized_devices.next,
363 struct pcistub_device, dev_list);
364 list_del(&psdev->dev_list);
365
366 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
367
368 err = pcistub_init_device(psdev->dev);
369 if (err) {
370 dev_err(&psdev->dev->dev,
371 "error %d initializing device\n", err);
372 kfree(psdev);
373 psdev = NULL;
374 }
375
376 spin_lock_irqsave(&pcistub_devices_lock, flags);
377
378 if (psdev)
379 list_add_tail(&psdev->dev_list, &pcistub_devices);
380 }
381
382 initialize_devices = 1;
383
384 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
385
386 return 0;
387 }
388
389 static int __devinit pcistub_seize(struct pci_dev *dev)
390 {
391 struct pcistub_device *psdev;
392 unsigned long flags;
393 int err = 0;
394
395 psdev = pcistub_device_alloc(dev);
396 if (!psdev)
397 return -ENOMEM;
398
399 spin_lock_irqsave(&pcistub_devices_lock, flags);
400
401 if (initialize_devices) {
402 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
403
404 /* don't want irqs disabled when calling pcistub_init_device */
405 err = pcistub_init_device(psdev->dev);
406
407 spin_lock_irqsave(&pcistub_devices_lock, flags);
408
409 if (!err)
410 list_add(&psdev->dev_list, &pcistub_devices);
411 } else {
412 dev_dbg(&dev->dev, "deferring initialization\n");
413 list_add(&psdev->dev_list, &seized_devices);
414 }
415
416 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
417
418 if (err)
419 pcistub_device_put(psdev);
420
421 return err;
422 }
423
424 static int __devinit pcistub_probe(struct pci_dev *dev,
425 const struct pci_device_id *id)
426 {
427 int err = 0;
428
429 dev_dbg(&dev->dev, "probing...\n");
430
431 if (pcistub_match(dev)) {
432
433 if (dev->hdr_type != PCI_HEADER_TYPE_NORMAL
434 && dev->hdr_type != PCI_HEADER_TYPE_BRIDGE) {
435 dev_err(&dev->dev, "can't export pci devices that "
436 "don't have a normal (0) or bridge (1) "
437 "header type!\n");
438 err = -ENODEV;
439 goto out;
440 }
441
442 dev_info(&dev->dev, "seizing device\n");
443 err = pcistub_seize(dev);
444 } else
445 /* Didn't find the device */
446 err = -ENODEV;
447
448 out:
449 return err;
450 }
451
452 static void pcistub_remove(struct pci_dev *dev)
453 {
454 struct pcistub_device *psdev, *found_psdev = NULL;
455 unsigned long flags;
456
457 dev_dbg(&dev->dev, "removing\n");
458
459 spin_lock_irqsave(&pcistub_devices_lock, flags);
460
461 xen_pcibk_config_quirk_release(dev);
462
463 list_for_each_entry(psdev, &pcistub_devices, dev_list) {
464 if (psdev->dev == dev) {
465 found_psdev = psdev;
466 break;
467 }
468 }
469
470 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
471
472 if (found_psdev) {
473 dev_dbg(&dev->dev, "found device to remove - in use? %p\n",
474 found_psdev->pdev);
475
476 if (found_psdev->pdev) {
477 printk(KERN_WARNING DRV_NAME ": ****** removing device "
478 "%s while still in-use! ******\n",
479 pci_name(found_psdev->dev));
480 printk(KERN_WARNING DRV_NAME ": ****** driver domain may"
481 " still access this device's i/o resources!\n");
482 printk(KERN_WARNING DRV_NAME ": ****** shutdown driver "
483 "domain before binding device\n");
484 printk(KERN_WARNING DRV_NAME ": ****** to other drivers "
485 "or domains\n");
486
487 xen_pcibk_release_pci_dev(found_psdev->pdev,
488 found_psdev->dev);
489 }
490
491 spin_lock_irqsave(&pcistub_devices_lock, flags);
492 list_del(&found_psdev->dev_list);
493 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
494
495 /* the final put for releasing from the list */
496 pcistub_device_put(found_psdev);
497 }
498 }
499
500 static DEFINE_PCI_DEVICE_TABLE(pcistub_ids) = {
501 {
502 .vendor = PCI_ANY_ID,
503 .device = PCI_ANY_ID,
504 .subvendor = PCI_ANY_ID,
505 .subdevice = PCI_ANY_ID,
506 },
507 {0,},
508 };
509
510 #define PCI_NODENAME_MAX 40
511 static void kill_domain_by_device(struct pcistub_device *psdev)
512 {
513 struct xenbus_transaction xbt;
514 int err;
515 char nodename[PCI_NODENAME_MAX];
516
517 if (!psdev)
518 dev_err(&psdev->dev->dev,
519 "device is NULL when do AER recovery/kill_domain\n");
520 snprintf(nodename, PCI_NODENAME_MAX, "/local/domain/0/backend/pci/%d/0",
521 psdev->pdev->xdev->otherend_id);
522 nodename[strlen(nodename)] = '\0';
523
524 again:
525 err = xenbus_transaction_start(&xbt);
526 if (err) {
527 dev_err(&psdev->dev->dev,
528 "error %d when start xenbus transaction\n", err);
529 return;
530 }
531 /*PV AER handlers will set this flag*/
532 xenbus_printf(xbt, nodename, "aerState" , "aerfail");
533 err = xenbus_transaction_end(xbt, 0);
534 if (err) {
535 if (err == -EAGAIN)
536 goto again;
537 dev_err(&psdev->dev->dev,
538 "error %d when end xenbus transaction\n", err);
539 return;
540 }
541 }
542
543 /* For each aer recovery step error_detected, mmio_enabled, etc, front_end and
544 * backend need to have cooperation. In xen_pcibk, those steps will do similar
545 * jobs: send service request and waiting for front_end response.
546 */
547 static pci_ers_result_t common_process(struct pcistub_device *psdev,
548 pci_channel_state_t state, int aer_cmd,
549 pci_ers_result_t result)
550 {
551 pci_ers_result_t res = result;
552 struct xen_pcie_aer_op *aer_op;
553 int ret;
554
555 /*with PV AER drivers*/
556 aer_op = &(psdev->pdev->sh_info->aer_op);
557 aer_op->cmd = aer_cmd ;
558 /*useful for error_detected callback*/
559 aer_op->err = state;
560 /*pcifront_end BDF*/
561 ret = xen_pcibk_get_pcifront_dev(psdev->dev, psdev->pdev,
562 &aer_op->domain, &aer_op->bus, &aer_op->devfn);
563 if (!ret) {
564 dev_err(&psdev->dev->dev,
565 DRV_NAME ": failed to get pcifront device\n");
566 return PCI_ERS_RESULT_NONE;
567 }
568 wmb();
569
570 dev_dbg(&psdev->dev->dev,
571 DRV_NAME ": aer_op %x dom %x bus %x devfn %x\n",
572 aer_cmd, aer_op->domain, aer_op->bus, aer_op->devfn);
573 /*local flag to mark there's aer request, xen_pcibk callback will use
574 * this flag to judge whether we need to check pci-front give aer
575 * service ack signal
576 */
577 set_bit(_PCIB_op_pending, (unsigned long *)&psdev->pdev->flags);
578
579 /*It is possible that a pcifront conf_read_write ops request invokes
580 * the callback which cause the spurious execution of wake_up.
581 * Yet it is harmless and better than a spinlock here
582 */
583 set_bit(_XEN_PCIB_active,
584 (unsigned long *)&psdev->pdev->sh_info->flags);
585 wmb();
586 notify_remote_via_irq(psdev->pdev->evtchn_irq);
587
588 ret = wait_event_timeout(xen_pcibk_aer_wait_queue,
589 !(test_bit(_XEN_PCIB_active, (unsigned long *)
590 &psdev->pdev->sh_info->flags)), 300*HZ);
591
592 if (!ret) {
593 if (test_bit(_XEN_PCIB_active,
594 (unsigned long *)&psdev->pdev->sh_info->flags)) {
595 dev_err(&psdev->dev->dev,
596 "pcifront aer process not responding!\n");
597 clear_bit(_XEN_PCIB_active,
598 (unsigned long *)&psdev->pdev->sh_info->flags);
599 aer_op->err = PCI_ERS_RESULT_NONE;
600 return res;
601 }
602 }
603 clear_bit(_PCIB_op_pending, (unsigned long *)&psdev->pdev->flags);
604
605 if (test_bit(_XEN_PCIF_active,
606 (unsigned long *)&psdev->pdev->sh_info->flags)) {
607 dev_dbg(&psdev->dev->dev,
608 "schedule pci_conf service in xen_pcibk\n");
609 xen_pcibk_test_and_schedule_op(psdev->pdev);
610 }
611
612 res = (pci_ers_result_t)aer_op->err;
613 return res;
614 }
615
616 /*
617 * xen_pcibk_slot_reset: it will send the slot_reset request to pcifront in case
618 * of the device driver could provide this service, and then wait for pcifront
619 * ack.
620 * @dev: pointer to PCI devices
621 * return value is used by aer_core do_recovery policy
622 */
623 static pci_ers_result_t xen_pcibk_slot_reset(struct pci_dev *dev)
624 {
625 struct pcistub_device *psdev;
626 pci_ers_result_t result;
627
628 result = PCI_ERS_RESULT_RECOVERED;
629 dev_dbg(&dev->dev, "xen_pcibk_slot_reset(bus:%x,devfn:%x)\n",
630 dev->bus->number, dev->devfn);
631
632 down_write(&pcistub_sem);
633 psdev = pcistub_device_find(pci_domain_nr(dev->bus),
634 dev->bus->number,
635 PCI_SLOT(dev->devfn),
636 PCI_FUNC(dev->devfn));
637
638 if (!psdev || !psdev->pdev) {
639 dev_err(&dev->dev,
640 DRV_NAME " device is not found/assigned\n");
641 goto end;
642 }
643
644 if (!psdev->pdev->sh_info) {
645 dev_err(&dev->dev, DRV_NAME " device is not connected or owned"
646 " by HVM, kill it\n");
647 kill_domain_by_device(psdev);
648 goto release;
649 }
650
651 if (!test_bit(_XEN_PCIB_AERHANDLER,
652 (unsigned long *)&psdev->pdev->sh_info->flags)) {
653 dev_err(&dev->dev,
654 "guest with no AER driver should have been killed\n");
655 goto release;
656 }
657 result = common_process(psdev, 1, XEN_PCI_OP_aer_slotreset, result);
658
659 if (result == PCI_ERS_RESULT_NONE ||
660 result == PCI_ERS_RESULT_DISCONNECT) {
661 dev_dbg(&dev->dev,
662 "No AER slot_reset service or disconnected!\n");
663 kill_domain_by_device(psdev);
664 }
665 release:
666 pcistub_device_put(psdev);
667 end:
668 up_write(&pcistub_sem);
669 return result;
670
671 }
672
673
674 /*xen_pcibk_mmio_enabled: it will send the mmio_enabled request to pcifront
675 * in case of the device driver could provide this service, and then wait
676 * for pcifront ack
677 * @dev: pointer to PCI devices
678 * return value is used by aer_core do_recovery policy
679 */
680
681 static pci_ers_result_t xen_pcibk_mmio_enabled(struct pci_dev *dev)
682 {
683 struct pcistub_device *psdev;
684 pci_ers_result_t result;
685
686 result = PCI_ERS_RESULT_RECOVERED;
687 dev_dbg(&dev->dev, "xen_pcibk_mmio_enabled(bus:%x,devfn:%x)\n",
688 dev->bus->number, dev->devfn);
689
690 down_write(&pcistub_sem);
691 psdev = pcistub_device_find(pci_domain_nr(dev->bus),
692 dev->bus->number,
693 PCI_SLOT(dev->devfn),
694 PCI_FUNC(dev->devfn));
695
696 if (!psdev || !psdev->pdev) {
697 dev_err(&dev->dev,
698 DRV_NAME " device is not found/assigned\n");
699 goto end;
700 }
701
702 if (!psdev->pdev->sh_info) {
703 dev_err(&dev->dev, DRV_NAME " device is not connected or owned"
704 " by HVM, kill it\n");
705 kill_domain_by_device(psdev);
706 goto release;
707 }
708
709 if (!test_bit(_XEN_PCIB_AERHANDLER,
710 (unsigned long *)&psdev->pdev->sh_info->flags)) {
711 dev_err(&dev->dev,
712 "guest with no AER driver should have been killed\n");
713 goto release;
714 }
715 result = common_process(psdev, 1, XEN_PCI_OP_aer_mmio, result);
716
717 if (result == PCI_ERS_RESULT_NONE ||
718 result == PCI_ERS_RESULT_DISCONNECT) {
719 dev_dbg(&dev->dev,
720 "No AER mmio_enabled service or disconnected!\n");
721 kill_domain_by_device(psdev);
722 }
723 release:
724 pcistub_device_put(psdev);
725 end:
726 up_write(&pcistub_sem);
727 return result;
728 }
729
730 /*xen_pcibk_error_detected: it will send the error_detected request to pcifront
731 * in case of the device driver could provide this service, and then wait
732 * for pcifront ack.
733 * @dev: pointer to PCI devices
734 * @error: the current PCI connection state
735 * return value is used by aer_core do_recovery policy
736 */
737
738 static pci_ers_result_t xen_pcibk_error_detected(struct pci_dev *dev,
739 pci_channel_state_t error)
740 {
741 struct pcistub_device *psdev;
742 pci_ers_result_t result;
743
744 result = PCI_ERS_RESULT_CAN_RECOVER;
745 dev_dbg(&dev->dev, "xen_pcibk_error_detected(bus:%x,devfn:%x)\n",
746 dev->bus->number, dev->devfn);
747
748 down_write(&pcistub_sem);
749 psdev = pcistub_device_find(pci_domain_nr(dev->bus),
750 dev->bus->number,
751 PCI_SLOT(dev->devfn),
752 PCI_FUNC(dev->devfn));
753
754 if (!psdev || !psdev->pdev) {
755 dev_err(&dev->dev,
756 DRV_NAME " device is not found/assigned\n");
757 goto end;
758 }
759
760 if (!psdev->pdev->sh_info) {
761 dev_err(&dev->dev, DRV_NAME " device is not connected or owned"
762 " by HVM, kill it\n");
763 kill_domain_by_device(psdev);
764 goto release;
765 }
766
767 /*Guest owns the device yet no aer handler regiested, kill guest*/
768 if (!test_bit(_XEN_PCIB_AERHANDLER,
769 (unsigned long *)&psdev->pdev->sh_info->flags)) {
770 dev_dbg(&dev->dev, "guest may have no aer driver, kill it\n");
771 kill_domain_by_device(psdev);
772 goto release;
773 }
774 result = common_process(psdev, error, XEN_PCI_OP_aer_detected, result);
775
776 if (result == PCI_ERS_RESULT_NONE ||
777 result == PCI_ERS_RESULT_DISCONNECT) {
778 dev_dbg(&dev->dev,
779 "No AER error_detected service or disconnected!\n");
780 kill_domain_by_device(psdev);
781 }
782 release:
783 pcistub_device_put(psdev);
784 end:
785 up_write(&pcistub_sem);
786 return result;
787 }
788
789 /*xen_pcibk_error_resume: it will send the error_resume request to pcifront
790 * in case of the device driver could provide this service, and then wait
791 * for pcifront ack.
792 * @dev: pointer to PCI devices
793 */
794
795 static void xen_pcibk_error_resume(struct pci_dev *dev)
796 {
797 struct pcistub_device *psdev;
798
799 dev_dbg(&dev->dev, "xen_pcibk_error_resume(bus:%x,devfn:%x)\n",
800 dev->bus->number, dev->devfn);
801
802 down_write(&pcistub_sem);
803 psdev = pcistub_device_find(pci_domain_nr(dev->bus),
804 dev->bus->number,
805 PCI_SLOT(dev->devfn),
806 PCI_FUNC(dev->devfn));
807
808 if (!psdev || !psdev->pdev) {
809 dev_err(&dev->dev,
810 DRV_NAME " device is not found/assigned\n");
811 goto end;
812 }
813
814 if (!psdev->pdev->sh_info) {
815 dev_err(&dev->dev, DRV_NAME " device is not connected or owned"
816 " by HVM, kill it\n");
817 kill_domain_by_device(psdev);
818 goto release;
819 }
820
821 if (!test_bit(_XEN_PCIB_AERHANDLER,
822 (unsigned long *)&psdev->pdev->sh_info->flags)) {
823 dev_err(&dev->dev,
824 "guest with no AER driver should have been killed\n");
825 kill_domain_by_device(psdev);
826 goto release;
827 }
828 common_process(psdev, 1, XEN_PCI_OP_aer_resume,
829 PCI_ERS_RESULT_RECOVERED);
830 release:
831 pcistub_device_put(psdev);
832 end:
833 up_write(&pcistub_sem);
834 return;
835 }
836
837 /*add xen_pcibk AER handling*/
838 static struct pci_error_handlers xen_pcibk_error_handler = {
839 .error_detected = xen_pcibk_error_detected,
840 .mmio_enabled = xen_pcibk_mmio_enabled,
841 .slot_reset = xen_pcibk_slot_reset,
842 .resume = xen_pcibk_error_resume,
843 };
844
845 /*
846 * Note: There is no MODULE_DEVICE_TABLE entry here because this isn't
847 * for a normal device. I don't want it to be loaded automatically.
848 */
849
850 static struct pci_driver xen_pcibk_pci_driver = {
851 /* The name should be xen_pciback, but until the tools are updated
852 * we will keep it as pciback. */
853 .name = "pciback",
854 .id_table = pcistub_ids,
855 .probe = pcistub_probe,
856 .remove = pcistub_remove,
857 .err_handler = &xen_pcibk_error_handler,
858 };
859
860 static inline int str_to_slot(const char *buf, int *domain, int *bus,
861 int *slot, int *func)
862 {
863 int err;
864
865 err = sscanf(buf, " %x:%x:%x.%x", domain, bus, slot, func);
866 if (err == 4)
867 return 0;
868 else if (err < 0)
869 return -EINVAL;
870
871 /* try again without domain */
872 *domain = 0;
873 err = sscanf(buf, " %x:%x.%x", bus, slot, func);
874 if (err == 3)
875 return 0;
876
877 return -EINVAL;
878 }
879
880 static inline int str_to_quirk(const char *buf, int *domain, int *bus, int
881 *slot, int *func, int *reg, int *size, int *mask)
882 {
883 int err;
884
885 err =
886 sscanf(buf, " %04x:%02x:%02x.%1x-%08x:%1x:%08x", domain, bus, slot,
887 func, reg, size, mask);
888 if (err == 7)
889 return 0;
890 return -EINVAL;
891 }
892
893 static int pcistub_device_id_add(int domain, int bus, int slot, int func)
894 {
895 struct pcistub_device_id *pci_dev_id;
896 unsigned long flags;
897
898 pci_dev_id = kmalloc(sizeof(*pci_dev_id), GFP_KERNEL);
899 if (!pci_dev_id)
900 return -ENOMEM;
901
902 pci_dev_id->domain = domain;
903 pci_dev_id->bus = bus;
904 pci_dev_id->devfn = PCI_DEVFN(slot, func);
905
906 pr_debug(DRV_NAME ": wants to seize %04x:%02x:%02x.%01x\n",
907 domain, bus, slot, func);
908
909 spin_lock_irqsave(&device_ids_lock, flags);
910 list_add_tail(&pci_dev_id->slot_list, &pcistub_device_ids);
911 spin_unlock_irqrestore(&device_ids_lock, flags);
912
913 return 0;
914 }
915
916 static int pcistub_device_id_remove(int domain, int bus, int slot, int func)
917 {
918 struct pcistub_device_id *pci_dev_id, *t;
919 int devfn = PCI_DEVFN(slot, func);
920 int err = -ENOENT;
921 unsigned long flags;
922
923 spin_lock_irqsave(&device_ids_lock, flags);
924 list_for_each_entry_safe(pci_dev_id, t, &pcistub_device_ids,
925 slot_list) {
926 if (pci_dev_id->domain == domain
927 && pci_dev_id->bus == bus && pci_dev_id->devfn == devfn) {
928 /* Don't break; here because it's possible the same
929 * slot could be in the list more than once
930 */
931 list_del(&pci_dev_id->slot_list);
932 kfree(pci_dev_id);
933
934 err = 0;
935
936 pr_debug(DRV_NAME ": removed %04x:%02x:%02x.%01x from "
937 "seize list\n", domain, bus, slot, func);
938 }
939 }
940 spin_unlock_irqrestore(&device_ids_lock, flags);
941
942 return err;
943 }
944
945 static int pcistub_reg_add(int domain, int bus, int slot, int func, int reg,
946 int size, int mask)
947 {
948 int err = 0;
949 struct pcistub_device *psdev;
950 struct pci_dev *dev;
951 struct config_field *field;
952
953 psdev = pcistub_device_find(domain, bus, slot, func);
954 if (!psdev || !psdev->dev) {
955 err = -ENODEV;
956 goto out;
957 }
958 dev = psdev->dev;
959
960 field = kzalloc(sizeof(*field), GFP_ATOMIC);
961 if (!field) {
962 err = -ENOMEM;
963 goto out;
964 }
965
966 field->offset = reg;
967 field->size = size;
968 field->mask = mask;
969 field->init = NULL;
970 field->reset = NULL;
971 field->release = NULL;
972 field->clean = xen_pcibk_config_field_free;
973
974 err = xen_pcibk_config_quirks_add_field(dev, field);
975 if (err)
976 kfree(field);
977 out:
978 return err;
979 }
980
981 static ssize_t pcistub_slot_add(struct device_driver *drv, const char *buf,
982 size_t count)
983 {
984 int domain, bus, slot, func;
985 int err;
986
987 err = str_to_slot(buf, &domain, &bus, &slot, &func);
988 if (err)
989 goto out;
990
991 err = pcistub_device_id_add(domain, bus, slot, func);
992
993 out:
994 if (!err)
995 err = count;
996 return err;
997 }
998
999 DRIVER_ATTR(new_slot, S_IWUSR, NULL, pcistub_slot_add);
1000
1001 static ssize_t pcistub_slot_remove(struct device_driver *drv, const char *buf,
1002 size_t count)
1003 {
1004 int domain, bus, slot, func;
1005 int err;
1006
1007 err = str_to_slot(buf, &domain, &bus, &slot, &func);
1008 if (err)
1009 goto out;
1010
1011 err = pcistub_device_id_remove(domain, bus, slot, func);
1012
1013 out:
1014 if (!err)
1015 err = count;
1016 return err;
1017 }
1018
1019 DRIVER_ATTR(remove_slot, S_IWUSR, NULL, pcistub_slot_remove);
1020
1021 static ssize_t pcistub_slot_show(struct device_driver *drv, char *buf)
1022 {
1023 struct pcistub_device_id *pci_dev_id;
1024 size_t count = 0;
1025 unsigned long flags;
1026
1027 spin_lock_irqsave(&device_ids_lock, flags);
1028 list_for_each_entry(pci_dev_id, &pcistub_device_ids, slot_list) {
1029 if (count >= PAGE_SIZE)
1030 break;
1031
1032 count += scnprintf(buf + count, PAGE_SIZE - count,
1033 "%04x:%02x:%02x.%01x\n",
1034 pci_dev_id->domain, pci_dev_id->bus,
1035 PCI_SLOT(pci_dev_id->devfn),
1036 PCI_FUNC(pci_dev_id->devfn));
1037 }
1038 spin_unlock_irqrestore(&device_ids_lock, flags);
1039
1040 return count;
1041 }
1042
1043 DRIVER_ATTR(slots, S_IRUSR, pcistub_slot_show, NULL);
1044
1045 static ssize_t pcistub_irq_handler_show(struct device_driver *drv, char *buf)
1046 {
1047 struct pcistub_device *psdev;
1048 struct xen_pcibk_dev_data *dev_data;
1049 size_t count = 0;
1050 unsigned long flags;
1051
1052 spin_lock_irqsave(&pcistub_devices_lock, flags);
1053 list_for_each_entry(psdev, &pcistub_devices, dev_list) {
1054 if (count >= PAGE_SIZE)
1055 break;
1056 if (!psdev->dev)
1057 continue;
1058 dev_data = pci_get_drvdata(psdev->dev);
1059 if (!dev_data)
1060 continue;
1061 count +=
1062 scnprintf(buf + count, PAGE_SIZE - count,
1063 "%s:%s:%sing:%ld\n",
1064 pci_name(psdev->dev),
1065 dev_data->isr_on ? "on" : "off",
1066 dev_data->ack_intr ? "ack" : "not ack",
1067 dev_data->handled);
1068 }
1069 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
1070 return count;
1071 }
1072
1073 DRIVER_ATTR(irq_handlers, S_IRUSR, pcistub_irq_handler_show, NULL);
1074
1075 static ssize_t pcistub_irq_handler_switch(struct device_driver *drv,
1076 const char *buf,
1077 size_t count)
1078 {
1079 struct pcistub_device *psdev;
1080 struct xen_pcibk_dev_data *dev_data;
1081 int domain, bus, slot, func;
1082 int err = -ENOENT;
1083
1084 err = str_to_slot(buf, &domain, &bus, &slot, &func);
1085 if (err)
1086 goto out;
1087
1088 psdev = pcistub_device_find(domain, bus, slot, func);
1089
1090 if (!psdev)
1091 goto out;
1092
1093 dev_data = pci_get_drvdata(psdev->dev);
1094 if (!dev_data)
1095 goto out;
1096
1097 dev_dbg(&psdev->dev->dev, "%s fake irq handler: %d->%d\n",
1098 dev_data->irq_name, dev_data->isr_on,
1099 !dev_data->isr_on);
1100
1101 dev_data->isr_on = !(dev_data->isr_on);
1102 if (dev_data->isr_on)
1103 dev_data->ack_intr = 1;
1104 out:
1105 if (!err)
1106 err = count;
1107 return err;
1108 }
1109 DRIVER_ATTR(irq_handler_state, S_IWUSR, NULL, pcistub_irq_handler_switch);
1110
1111 static ssize_t pcistub_quirk_add(struct device_driver *drv, const char *buf,
1112 size_t count)
1113 {
1114 int domain, bus, slot, func, reg, size, mask;
1115 int err;
1116
1117 err = str_to_quirk(buf, &domain, &bus, &slot, &func, &reg, &size,
1118 &mask);
1119 if (err)
1120 goto out;
1121
1122 err = pcistub_reg_add(domain, bus, slot, func, reg, size, mask);
1123
1124 out:
1125 if (!err)
1126 err = count;
1127 return err;
1128 }
1129
1130 static ssize_t pcistub_quirk_show(struct device_driver *drv, char *buf)
1131 {
1132 int count = 0;
1133 unsigned long flags;
1134 struct xen_pcibk_config_quirk *quirk;
1135 struct xen_pcibk_dev_data *dev_data;
1136 const struct config_field *field;
1137 const struct config_field_entry *cfg_entry;
1138
1139 spin_lock_irqsave(&device_ids_lock, flags);
1140 list_for_each_entry(quirk, &xen_pcibk_quirks, quirks_list) {
1141 if (count >= PAGE_SIZE)
1142 goto out;
1143
1144 count += scnprintf(buf + count, PAGE_SIZE - count,
1145 "%02x:%02x.%01x\n\t%04x:%04x:%04x:%04x\n",
1146 quirk->pdev->bus->number,
1147 PCI_SLOT(quirk->pdev->devfn),
1148 PCI_FUNC(quirk->pdev->devfn),
1149 quirk->devid.vendor, quirk->devid.device,
1150 quirk->devid.subvendor,
1151 quirk->devid.subdevice);
1152
1153 dev_data = pci_get_drvdata(quirk->pdev);
1154
1155 list_for_each_entry(cfg_entry, &dev_data->config_fields, list) {
1156 field = cfg_entry->field;
1157 if (count >= PAGE_SIZE)
1158 goto out;
1159
1160 count += scnprintf(buf + count, PAGE_SIZE - count,
1161 "\t\t%08x:%01x:%08x\n",
1162 cfg_entry->base_offset +
1163 field->offset, field->size,
1164 field->mask);
1165 }
1166 }
1167
1168 out:
1169 spin_unlock_irqrestore(&device_ids_lock, flags);
1170
1171 return count;
1172 }
1173
1174 DRIVER_ATTR(quirks, S_IRUSR | S_IWUSR, pcistub_quirk_show, pcistub_quirk_add);
1175
1176 static ssize_t permissive_add(struct device_driver *drv, const char *buf,
1177 size_t count)
1178 {
1179 int domain, bus, slot, func;
1180 int err;
1181 struct pcistub_device *psdev;
1182 struct xen_pcibk_dev_data *dev_data;
1183 err = str_to_slot(buf, &domain, &bus, &slot, &func);
1184 if (err)
1185 goto out;
1186 psdev = pcistub_device_find(domain, bus, slot, func);
1187 if (!psdev) {
1188 err = -ENODEV;
1189 goto out;
1190 }
1191 if (!psdev->dev) {
1192 err = -ENODEV;
1193 goto release;
1194 }
1195 dev_data = pci_get_drvdata(psdev->dev);
1196 /* the driver data for a device should never be null at this point */
1197 if (!dev_data) {
1198 err = -ENXIO;
1199 goto release;
1200 }
1201 if (!dev_data->permissive) {
1202 dev_data->permissive = 1;
1203 /* Let user know that what they're doing could be unsafe */
1204 dev_warn(&psdev->dev->dev, "enabling permissive mode "
1205 "configuration space accesses!\n");
1206 dev_warn(&psdev->dev->dev,
1207 "permissive mode is potentially unsafe!\n");
1208 }
1209 release:
1210 pcistub_device_put(psdev);
1211 out:
1212 if (!err)
1213 err = count;
1214 return err;
1215 }
1216
1217 static ssize_t permissive_show(struct device_driver *drv, char *buf)
1218 {
1219 struct pcistub_device *psdev;
1220 struct xen_pcibk_dev_data *dev_data;
1221 size_t count = 0;
1222 unsigned long flags;
1223 spin_lock_irqsave(&pcistub_devices_lock, flags);
1224 list_for_each_entry(psdev, &pcistub_devices, dev_list) {
1225 if (count >= PAGE_SIZE)
1226 break;
1227 if (!psdev->dev)
1228 continue;
1229 dev_data = pci_get_drvdata(psdev->dev);
1230 if (!dev_data || !dev_data->permissive)
1231 continue;
1232 count +=
1233 scnprintf(buf + count, PAGE_SIZE - count, "%s\n",
1234 pci_name(psdev->dev));
1235 }
1236 spin_unlock_irqrestore(&pcistub_devices_lock, flags);
1237 return count;
1238 }
1239
1240 DRIVER_ATTR(permissive, S_IRUSR | S_IWUSR, permissive_show, permissive_add);
1241
1242 static void pcistub_exit(void)
1243 {
1244 driver_remove_file(&xen_pcibk_pci_driver.driver, &driver_attr_new_slot);
1245 driver_remove_file(&xen_pcibk_pci_driver.driver,
1246 &driver_attr_remove_slot);
1247 driver_remove_file(&xen_pcibk_pci_driver.driver, &driver_attr_slots);
1248 driver_remove_file(&xen_pcibk_pci_driver.driver, &driver_attr_quirks);
1249 driver_remove_file(&xen_pcibk_pci_driver.driver,
1250 &driver_attr_permissive);
1251 driver_remove_file(&xen_pcibk_pci_driver.driver,
1252 &driver_attr_irq_handlers);
1253 driver_remove_file(&xen_pcibk_pci_driver.driver,
1254 &driver_attr_irq_handler_state);
1255 pci_unregister_driver(&xen_pcibk_pci_driver);
1256 }
1257
1258 static int __init pcistub_init(void)
1259 {
1260 int pos = 0;
1261 int err = 0;
1262 int domain, bus, slot, func;
1263 int parsed;
1264
1265 if (pci_devs_to_hide && *pci_devs_to_hide) {
1266 do {
1267 parsed = 0;
1268
1269 err = sscanf(pci_devs_to_hide + pos,
1270 " (%x:%x:%x.%x) %n",
1271 &domain, &bus, &slot, &func, &parsed);
1272 if (err != 4) {
1273 domain = 0;
1274 err = sscanf(pci_devs_to_hide + pos,
1275 " (%x:%x.%x) %n",
1276 &bus, &slot, &func, &parsed);
1277 if (err != 3)
1278 goto parse_error;
1279 }
1280
1281 err = pcistub_device_id_add(domain, bus, slot, func);
1282 if (err)
1283 goto out;
1284
1285 /* if parsed<=0, we've reached the end of the string */
1286 pos += parsed;
1287 } while (parsed > 0 && pci_devs_to_hide[pos]);
1288 }
1289
1290 /* If we're the first PCI Device Driver to register, we're the
1291 * first one to get offered PCI devices as they become
1292 * available (and thus we can be the first to grab them)
1293 */
1294 err = pci_register_driver(&xen_pcibk_pci_driver);
1295 if (err < 0)
1296 goto out;
1297
1298 err = driver_create_file(&xen_pcibk_pci_driver.driver,
1299 &driver_attr_new_slot);
1300 if (!err)
1301 err = driver_create_file(&xen_pcibk_pci_driver.driver,
1302 &driver_attr_remove_slot);
1303 if (!err)
1304 err = driver_create_file(&xen_pcibk_pci_driver.driver,
1305 &driver_attr_slots);
1306 if (!err)
1307 err = driver_create_file(&xen_pcibk_pci_driver.driver,
1308 &driver_attr_quirks);
1309 if (!err)
1310 err = driver_create_file(&xen_pcibk_pci_driver.driver,
1311 &driver_attr_permissive);
1312
1313 if (!err)
1314 err = driver_create_file(&xen_pcibk_pci_driver.driver,
1315 &driver_attr_irq_handlers);
1316 if (!err)
1317 err = driver_create_file(&xen_pcibk_pci_driver.driver,
1318 &driver_attr_irq_handler_state);
1319 if (err)
1320 pcistub_exit();
1321
1322 out:
1323 return err;
1324
1325 parse_error:
1326 printk(KERN_ERR DRV_NAME ": Error parsing pci_devs_to_hide at \"%s\"\n",
1327 pci_devs_to_hide + pos);
1328 return -EINVAL;
1329 }
1330
1331 #ifndef MODULE
1332 /*
1333 * fs_initcall happens before device_initcall
1334 * so xen_pcibk *should* get called first (b/c we
1335 * want to suck up any device before other drivers
1336 * get a chance by being the first pci device
1337 * driver to register)
1338 */
1339 fs_initcall(pcistub_init);
1340 #endif
1341
1342 static int __init xen_pcibk_init(void)
1343 {
1344 int err;
1345
1346 if (!xen_initial_domain())
1347 return -ENODEV;
1348
1349 err = xen_pcibk_config_init();
1350 if (err)
1351 return err;
1352
1353 #ifdef MODULE
1354 err = pcistub_init();
1355 if (err < 0)
1356 return err;
1357 #endif
1358
1359 pcistub_init_devices_late();
1360 err = xen_pcibk_xenbus_register();
1361 if (err)
1362 pcistub_exit();
1363
1364 return err;
1365 }
1366
1367 static void __exit xen_pcibk_cleanup(void)
1368 {
1369 xen_pcibk_xenbus_unregister();
1370 pcistub_exit();
1371 }
1372
1373 module_init(xen_pcibk_init);
1374 module_exit(xen_pcibk_cleanup);
1375
1376 MODULE_LICENSE("Dual BSD/GPL");
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree