1
// SPDX-License-Identifier: GPL-2.0-only
2

3
// Interface to CCP/SEV-TIO for generic PCIe TDISP module
4

5
#include <linux/pci.h>
6
#include <linux/device.h>
7
#include <linux/tsm.h>
8
#include <linux/iommu.h>
9
#include <linux/pci-doe.h>
10
#include <linux/bitfield.h>
11
#include <linux/module.h>
12

13
#include <asm/sev-common.h>
14
#include <asm/sev.h>
15

16
#include "psp-dev.h"
17
#include "sev-dev.h"
18
#include "sev-dev-tio.h"
19

20
MODULE_IMPORT_NS("PCI_IDE");
21

22
#define TIO_DEFAULT_NR_IDE_STREAMS	1
23

24
static uint nr_ide_streams = TIO_DEFAULT_NR_IDE_STREAMS;
25
module_param_named(ide_nr, nr_ide_streams, uint, 0644);
26
MODULE_PARM_DESC(ide_nr, "Set the maximum number of IDE streams per PHB");
27

28
#define dev_to_sp(dev)		((struct sp_device *)dev_get_drvdata(dev))
29
#define dev_to_psp(dev)		((struct psp_device *)(dev_to_sp(dev)->psp_data))
30
#define dev_to_sev(dev)		((struct sev_device *)(dev_to_psp(dev)->sev_data))
31
#define tsm_dev_to_sev(tsmdev)	dev_to_sev((tsmdev)->dev.parent)
32

33
#define pdev_to_tio_dsm(pdev)	(container_of((pdev)->tsm, struct tio_dsm, tsm.base_tsm))
34

35
static int sev_tio_spdm_cmd(struct tio_dsm *dsm, int ret)
36
{
37
	struct tsm_dsm_tio *dev_data = &dsm->data;
38
	struct tsm_spdm *spdm = &dev_data->spdm;
39

40
	/* Check the main command handler response before entering the loop */
41
	if (ret == 0 && dev_data->psp_ret != SEV_RET_SUCCESS)
42
		return -EINVAL;
43

44
	if (ret <= 0)
45
		return ret;
46

47
	/* ret > 0 means "SPDM requested" */
48
	while (ret == PCI_DOE_FEATURE_CMA || ret == PCI_DOE_FEATURE_SSESSION) {
49
		ret = pci_doe(dsm->tsm.doe_mb, PCI_VENDOR_ID_PCI_SIG, ret,
50
			      spdm->req, spdm->req_len, spdm->rsp, spdm->rsp_len);
51
		if (ret < 0)
52
			break;
53

54
		WARN_ON_ONCE(ret == 0); /* The response should never be empty */
55
		spdm->rsp_len = ret;
56
		ret = sev_tio_continue(dev_data);
57
	}
58

59
	return ret;
60
}
61

62
static int stream_enable(struct pci_ide *ide)
63
{
64
	struct pci_dev *rp = pcie_find_root_port(ide->pdev);
65
	int ret;
66

67
	ret = pci_ide_stream_enable(rp, ide);
68
	if (ret)
69
		return ret;
70

71
	ret = pci_ide_stream_enable(ide->pdev, ide);
72
	if (ret)
73
		pci_ide_stream_disable(rp, ide);
74

75
	return ret;
76
}
77

78
static int streams_enable(struct pci_ide **ide)
79
{
80
	int ret = 0;
81

82
	for (int i = 0; i < TIO_IDE_MAX_TC; ++i) {
83
		if (ide[i]) {
84
			ret = stream_enable(ide[i]);
85
			if (ret)
86
				break;
87
		}
88
	}
89

90
	return ret;
91
}
92

93
static void stream_disable(struct pci_ide *ide)
94
{
95
	pci_ide_stream_disable(ide->pdev, ide);
96
	pci_ide_stream_disable(pcie_find_root_port(ide->pdev), ide);
97
}
98

99
static void streams_disable(struct pci_ide **ide)
100
{
101
	for (int i = 0; i < TIO_IDE_MAX_TC; ++i)
102
		if (ide[i])
103
			stream_disable(ide[i]);
104
}
105

106
static void stream_setup(struct pci_ide *ide)
107
{
108
	struct pci_dev *rp = pcie_find_root_port(ide->pdev);
109

110
	ide->partner[PCI_IDE_EP].rid_start = 0;
111
	ide->partner[PCI_IDE_EP].rid_end = 0xffff;
112
	ide->partner[PCI_IDE_RP].rid_start = 0;
113
	ide->partner[PCI_IDE_RP].rid_end = 0xffff;
114

115
	ide->pdev->ide_cfg = 0;
116
	ide->pdev->ide_tee_limit = 1;
117
	rp->ide_cfg = 1;
118
	rp->ide_tee_limit = 0;
119

120
	pci_warn(ide->pdev, "Forcing CFG/TEE for %s", pci_name(rp));
121
	pci_ide_stream_setup(ide->pdev, ide);
122
	pci_ide_stream_setup(rp, ide);
123
}
124

125
static u8 streams_setup(struct pci_ide **ide, u8 *ids)
126
{
127
	bool def = false;
128
	u8 tc_mask = 0;
129
	int i;
130

131
	for (i = 0; i < TIO_IDE_MAX_TC; ++i) {
132
		if (!ide[i]) {
133
			ids[i] = 0xFF;
134
			continue;
135
		}
136

137
		tc_mask |= BIT(i);
138
		ids[i] = ide[i]->stream_id;
139

140
		if (!def) {
141
			struct pci_ide_partner *settings;
142

143
			settings = pci_ide_to_settings(ide[i]->pdev, ide[i]);
144
			settings->default_stream = 1;
145
			def = true;
146
		}
147

148
		stream_setup(ide[i]);
149
	}
150

151
	return tc_mask;
152
}
153

154
static int streams_register(struct pci_ide **ide)
155
{
156
	int ret = 0, i;
157

158
	for (i = 0; i < TIO_IDE_MAX_TC; ++i) {
159
		if (ide[i]) {
160
			ret = pci_ide_stream_register(ide[i]);
161
			if (ret)
162
				break;
163
		}
164
	}
165

166
	return ret;
167
}
168

169
static void streams_unregister(struct pci_ide **ide)
170
{
171
	for (int i = 0; i < TIO_IDE_MAX_TC; ++i)
172
		if (ide[i])
173
			pci_ide_stream_unregister(ide[i]);
174
}
175

176
static void stream_teardown(struct pci_ide *ide)
177
{
178
	pci_ide_stream_teardown(ide->pdev, ide);
179
	pci_ide_stream_teardown(pcie_find_root_port(ide->pdev), ide);
180
}
181

182
static void streams_teardown(struct pci_ide **ide)
183
{
184
	for (int i = 0; i < TIO_IDE_MAX_TC; ++i) {
185
		if (ide[i]) {
186
			stream_teardown(ide[i]);
187
			pci_ide_stream_free(ide[i]);
188
			ide[i] = NULL;
189
		}
190
	}
191
}
192

193
static int stream_alloc(struct pci_dev *pdev, struct pci_ide **ide,
194
			unsigned int tc)
195
{
196
	struct pci_dev *rp = pcie_find_root_port(pdev);
197
	struct pci_ide *ide1;
198

199
	if (ide[tc]) {
200
		pci_err(pdev, "Stream for class=%d already registered", tc);
201
		return -EBUSY;
202
	}
203

204
	/* FIXME: find a better way */
205
	if (nr_ide_streams != TIO_DEFAULT_NR_IDE_STREAMS)
206
		pci_notice(pdev, "Enable non-default %d streams", nr_ide_streams);
207
	pci_ide_set_nr_streams(to_pci_host_bridge(rp->bus->bridge), nr_ide_streams);
208

209
	ide1 = pci_ide_stream_alloc(pdev);
210
	if (!ide1)
211
		return -EFAULT;
212

213
	/* Blindly assign streamid=0 to TC=0, and so on */
214
	ide1->stream_id = tc;
215

216
	ide[tc] = ide1;
217

218
	return 0;
219
}
220

221
static struct pci_tsm *tio_pf0_probe(struct pci_dev *pdev, struct sev_device *sev)
222
{
223
	struct tio_dsm *dsm __free(kfree) = kzalloc(sizeof(*dsm), GFP_KERNEL);
224
	int rc;
225

226
	if (!dsm)
227
		return NULL;
228

229
	rc = pci_tsm_pf0_constructor(pdev, &dsm->tsm, sev->tsmdev);
230
	if (rc)
231
		return NULL;
232

233
	pci_dbg(pdev, "TSM enabled\n");
234
	dsm->sev = sev;
235
	return &no_free_ptr(dsm)->tsm.base_tsm;
236
}
237

238
static struct pci_tsm *dsm_probe(struct tsm_dev *tsmdev, struct pci_dev *pdev)
239
{
240
	struct sev_device *sev = tsm_dev_to_sev(tsmdev);
241

242
	if (is_pci_tsm_pf0(pdev))
243
		return tio_pf0_probe(pdev, sev);
244
	return 0;
245
}
246

247
static void dsm_remove(struct pci_tsm *tsm)
248
{
249
	struct pci_dev *pdev = tsm->pdev;
250

251
	pci_dbg(pdev, "TSM disabled\n");
252

253
	if (is_pci_tsm_pf0(pdev)) {
254
		struct tio_dsm *dsm = container_of(tsm, struct tio_dsm, tsm.base_tsm);
255

256
		pci_tsm_pf0_destructor(&dsm->tsm);
257
		kfree(dsm);
258
	}
259
}
260

261
static int dsm_create(struct tio_dsm *dsm)
262
{
263
	struct pci_dev *pdev = dsm->tsm.base_tsm.pdev;
264
	u8 segment_id = pdev->bus ? pci_domain_nr(pdev->bus) : 0;
265
	struct pci_dev *rootport = pcie_find_root_port(pdev);
266
	u16 device_id = pci_dev_id(pdev);
267
	u16 root_port_id;
268
	u32 lnkcap = 0;
269

270
	if (pci_read_config_dword(rootport, pci_pcie_cap(rootport) + PCI_EXP_LNKCAP,
271
				  &lnkcap))
272
		return -ENODEV;
273

274
	root_port_id = FIELD_GET(PCI_EXP_LNKCAP_PN, lnkcap);
275

276
	return sev_tio_dev_create(&dsm->data, device_id, root_port_id, segment_id);
277
}
278

279
static int dsm_connect(struct pci_dev *pdev)
280
{
281
	struct tio_dsm *dsm = pdev_to_tio_dsm(pdev);
282
	struct tsm_dsm_tio *dev_data = &dsm->data;
283
	u8 ids[TIO_IDE_MAX_TC];
284
	u8 tc_mask;
285
	int ret;
286

287
	if (pci_find_doe_mailbox(pdev, PCI_VENDOR_ID_PCI_SIG,
288
				 PCI_DOE_FEATURE_SSESSION) != dsm->tsm.doe_mb) {
289
		pci_err(pdev, "CMA DOE MB must support SSESSION\n");
290
		return -EFAULT;
291
	}
292

293
	ret = stream_alloc(pdev, dev_data->ide, 0);
294
	if (ret)
295
		return ret;
296

297
	ret = dsm_create(dsm);
298
	if (ret)
299
		goto ide_free_exit;
300

301
	tc_mask = streams_setup(dev_data->ide, ids);
302

303
	ret = sev_tio_dev_connect(dev_data, tc_mask, ids, dev_data->cert_slot);
304
	ret = sev_tio_spdm_cmd(dsm, ret);
305
	if (ret)
306
		goto free_exit;
307

308
	streams_enable(dev_data->ide);
309

310
	ret = streams_register(dev_data->ide);
311
	if (ret)
312
		goto free_exit;
313

314
	return 0;
315

316
free_exit:
317
	sev_tio_dev_reclaim(dev_data);
318

319
	streams_disable(dev_data->ide);
320
ide_free_exit:
321

322
	streams_teardown(dev_data->ide);
323

324
	return ret;
325
}
326

327
static void dsm_disconnect(struct pci_dev *pdev)
328
{
329
	bool force = SYSTEM_HALT <= system_state && system_state <= SYSTEM_RESTART;
330
	struct tio_dsm *dsm = pdev_to_tio_dsm(pdev);
331
	struct tsm_dsm_tio *dev_data = &dsm->data;
332
	int ret;
333

334
	ret = sev_tio_dev_disconnect(dev_data, force);
335
	ret = sev_tio_spdm_cmd(dsm, ret);
336
	if (ret && !force) {
337
		ret = sev_tio_dev_disconnect(dev_data, true);
338
		sev_tio_spdm_cmd(dsm, ret);
339
	}
340

341
	sev_tio_dev_reclaim(dev_data);
342

343
	streams_disable(dev_data->ide);
344
	streams_unregister(dev_data->ide);
345
	streams_teardown(dev_data->ide);
346
}
347

348
static struct pci_tsm_ops sev_tsm_ops = {
349
	.probe = dsm_probe,
350
	.remove = dsm_remove,
351
	.connect = dsm_connect,
352
	.disconnect = dsm_disconnect,
353
};
354

355
void sev_tsm_init_locked(struct sev_device *sev, void *tio_status_page)
356
{
357
	struct sev_tio_status *t = kzalloc(sizeof(*t), GFP_KERNEL);
358
	struct tsm_dev *tsmdev;
359
	int ret;
360

361
	WARN_ON(sev->tio_status);
362

363
	if (!t)
364
		return;
365

366
	ret = sev_tio_init_locked(tio_status_page);
367
	if (ret) {
368
		pr_warn("SEV-TIO STATUS failed with %d\n", ret);
369
		goto error_exit;
370
	}
371

372
	tsmdev = tsm_register(sev->dev, &sev_tsm_ops);
373
	if (IS_ERR(tsmdev))
374
		goto error_exit;
375

376
	memcpy(t, tio_status_page, sizeof(*t));
377

378
	pr_notice("SEV-TIO status: EN=%d INIT_DONE=%d rq=%d..%d rs=%d..%d "
379
		  "scr=%d..%d out=%d..%d dev=%d tdi=%d algos=%x\n",
380
		  t->tio_en, t->tio_init_done,
381
		  t->spdm_req_size_min, t->spdm_req_size_max,
382
		  t->spdm_rsp_size_min, t->spdm_rsp_size_max,
383
		  t->spdm_scratch_size_min, t->spdm_scratch_size_max,
384
		  t->spdm_out_size_min, t->spdm_out_size_max,
385
		  t->devctx_size, t->tdictx_size,
386
		  t->tio_crypto_alg);
387

388
	sev->tsmdev = tsmdev;
389
	sev->tio_status = t;
390

391
	return;
392

393
error_exit:
394
	kfree(t);
395
	pr_err("Failed to enable SEV-TIO: ret=%d en=%d initdone=%d SEV=%d\n",
396
	       ret, t->tio_en, t->tio_init_done, boot_cpu_has(X86_FEATURE_SEV));
397
}
398

399
void sev_tsm_uninit(struct sev_device *sev)
400
{
401
	if (sev->tsmdev)
402
		tsm_unregister(sev->tsmdev);
403

404
	sev->tsmdev = NULL;
405
}
406

407