xen/pciback: Fix conf_space read/write overlap check.
[pandora-kernel.git] / drivers / xen / xen-pciback / conf_space.c
1 /*
2  * PCI Backend - Functions for creating a virtual configuration space for
3  *               exported PCI Devices.
4  *               It's dangerous to allow PCI Driver Domains to change their
5  *               device's resources (memory, i/o ports, interrupts). We need to
6  *               restrict changes to certain PCI Configuration registers:
7  *               BARs, INTERRUPT_PIN, most registers in the header...
8  *
9  * Author: Ryan Wilson <hap9@epoch.ncsc.mil>
10  */
11
12 #include <linux/kernel.h>
13 #include <linux/module.h>
14 #include <linux/pci.h>
15 #include "pciback.h"
16 #include "conf_space.h"
17 #include "conf_space_quirks.h"
18
19 bool xen_pcibk_permissive;
20 module_param_named(permissive, xen_pcibk_permissive, bool, 0644);
21
22 /* This is where xen_pcibk_read_config_byte, xen_pcibk_read_config_word,
23  * xen_pcibk_write_config_word, and xen_pcibk_write_config_byte are created. */
24 #define DEFINE_PCI_CONFIG(op, size, type)                       \
25 int xen_pcibk_##op##_config_##size                              \
26 (struct pci_dev *dev, int offset, type value, void *data)       \
27 {                                                               \
28         return pci_##op##_config_##size(dev, offset, value);    \
29 }
30
31 DEFINE_PCI_CONFIG(read, byte, u8 *)
32 DEFINE_PCI_CONFIG(read, word, u16 *)
33 DEFINE_PCI_CONFIG(read, dword, u32 *)
34
35 DEFINE_PCI_CONFIG(write, byte, u8)
36 DEFINE_PCI_CONFIG(write, word, u16)
37 DEFINE_PCI_CONFIG(write, dword, u32)
38
39 static int conf_space_read(struct pci_dev *dev,
40                            const struct config_field_entry *entry,
41                            int offset, u32 *value)
42 {
43         int ret = 0;
44         const struct config_field *field = entry->field;
45
46         *value = 0;
47
48         switch (field->size) {
49         case 1:
50                 if (field->u.b.read)
51                         ret = field->u.b.read(dev, offset, (u8 *) value,
52                                               entry->data);
53                 break;
54         case 2:
55                 if (field->u.w.read)
56                         ret = field->u.w.read(dev, offset, (u16 *) value,
57                                               entry->data);
58                 break;
59         case 4:
60                 if (field->u.dw.read)
61                         ret = field->u.dw.read(dev, offset, value, entry->data);
62                 break;
63         }
64         return ret;
65 }
66
67 static int conf_space_write(struct pci_dev *dev,
68                             const struct config_field_entry *entry,
69                             int offset, u32 value)
70 {
71         int ret = 0;
72         const struct config_field *field = entry->field;
73
74         switch (field->size) {
75         case 1:
76                 if (field->u.b.write)
77                         ret = field->u.b.write(dev, offset, (u8) value,
78                                                entry->data);
79                 break;
80         case 2:
81                 if (field->u.w.write)
82                         ret = field->u.w.write(dev, offset, (u16) value,
83                                                entry->data);
84                 break;
85         case 4:
86                 if (field->u.dw.write)
87                         ret = field->u.dw.write(dev, offset, value,
88                                                 entry->data);
89                 break;
90         }
91         return ret;
92 }
93
94 static inline u32 get_mask(int size)
95 {
96         if (size == 1)
97                 return 0xff;
98         else if (size == 2)
99                 return 0xffff;
100         else
101                 return 0xffffffff;
102 }
103
104 static inline int valid_request(int offset, int size)
105 {
106         /* Validate request (no un-aligned requests) */
107         if ((size == 1 || size == 2 || size == 4) && (offset % size) == 0)
108                 return 1;
109         return 0;
110 }
111
112 static inline u32 merge_value(u32 val, u32 new_val, u32 new_val_mask,
113                               int offset)
114 {
115         if (offset >= 0) {
116                 new_val_mask <<= (offset * 8);
117                 new_val <<= (offset * 8);
118         } else {
119                 new_val_mask >>= (offset * -8);
120                 new_val >>= (offset * -8);
121         }
122         val = (val & ~new_val_mask) | (new_val & new_val_mask);
123
124         return val;
125 }
126
127 static int pcibios_err_to_errno(int err)
128 {
129         switch (err) {
130         case PCIBIOS_SUCCESSFUL:
131                 return XEN_PCI_ERR_success;
132         case PCIBIOS_DEVICE_NOT_FOUND:
133                 return XEN_PCI_ERR_dev_not_found;
134         case PCIBIOS_BAD_REGISTER_NUMBER:
135                 return XEN_PCI_ERR_invalid_offset;
136         case PCIBIOS_FUNC_NOT_SUPPORTED:
137                 return XEN_PCI_ERR_not_implemented;
138         case PCIBIOS_SET_FAILED:
139                 return XEN_PCI_ERR_access_denied;
140         }
141         return err;
142 }
143
144 int xen_pcibk_config_read(struct pci_dev *dev, int offset, int size,
145                           u32 *ret_val)
146 {
147         int err = 0;
148         struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(dev);
149         const struct config_field_entry *cfg_entry;
150         const struct config_field *field;
151         int req_start, req_end, field_start, field_end;
152         /* if read fails for any reason, return 0
153          * (as if device didn't respond) */
154         u32 value = 0, tmp_val;
155
156         if (unlikely(verbose_request))
157                 printk(KERN_DEBUG DRV_NAME ": %s: read %d bytes at 0x%x\n",
158                        pci_name(dev), size, offset);
159
160         if (!valid_request(offset, size)) {
161                 err = XEN_PCI_ERR_invalid_offset;
162                 goto out;
163         }
164
165         /* Get the real value first, then modify as appropriate */
166         switch (size) {
167         case 1:
168                 err = pci_read_config_byte(dev, offset, (u8 *) &value);
169                 break;
170         case 2:
171                 err = pci_read_config_word(dev, offset, (u16 *) &value);
172                 break;
173         case 4:
174                 err = pci_read_config_dword(dev, offset, &value);
175                 break;
176         }
177
178         list_for_each_entry(cfg_entry, &dev_data->config_fields, list) {
179                 field = cfg_entry->field;
180
181                 req_start = offset;
182                 req_end = offset + size;
183                 field_start = OFFSET(cfg_entry);
184                 field_end = OFFSET(cfg_entry) + field->size;
185
186                  if (req_end > field_start && field_end > req_start) {
187                         err = conf_space_read(dev, cfg_entry, field_start,
188                                               &tmp_val);
189                         if (err)
190                                 goto out;
191
192                         value = merge_value(value, tmp_val,
193                                             get_mask(field->size),
194                                             field_start - req_start);
195                 }
196         }
197
198 out:
199         if (unlikely(verbose_request))
200                 printk(KERN_DEBUG DRV_NAME ": %s: read %d bytes at 0x%x = %x\n",
201                        pci_name(dev), size, offset, value);
202
203         *ret_val = value;
204         return pcibios_err_to_errno(err);
205 }
206
207 int xen_pcibk_config_write(struct pci_dev *dev, int offset, int size, u32 value)
208 {
209         int err = 0, handled = 0;
210         struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(dev);
211         const struct config_field_entry *cfg_entry;
212         const struct config_field *field;
213         u32 tmp_val;
214         int req_start, req_end, field_start, field_end;
215
216         if (unlikely(verbose_request))
217                 printk(KERN_DEBUG
218                        DRV_NAME ": %s: write request %d bytes at 0x%x = %x\n",
219                        pci_name(dev), size, offset, value);
220
221         if (!valid_request(offset, size))
222                 return XEN_PCI_ERR_invalid_offset;
223
224         list_for_each_entry(cfg_entry, &dev_data->config_fields, list) {
225                 field = cfg_entry->field;
226
227                 req_start = offset;
228                 req_end = offset + size;
229                 field_start = OFFSET(cfg_entry);
230                 field_end = OFFSET(cfg_entry) + field->size;
231
232                  if (req_end > field_start && field_end > req_start) {
233                         tmp_val = 0;
234
235                         err = xen_pcibk_config_read(dev, field_start,
236                                                   field->size, &tmp_val);
237                         if (err)
238                                 break;
239
240                         tmp_val = merge_value(tmp_val, value, get_mask(size),
241                                               req_start - field_start);
242
243                         err = conf_space_write(dev, cfg_entry, field_start,
244                                                tmp_val);
245
246                         /* handled is set true here, but not every byte
247                          * may have been written! Properly detecting if
248                          * every byte is handled is unnecessary as the
249                          * flag is used to detect devices that need
250                          * special helpers to work correctly.
251                          */
252                         handled = 1;
253                 }
254         }
255
256         if (!handled && !err) {
257                 /* By default, anything not specificially handled above is
258                  * read-only. The permissive flag changes this behavior so
259                  * that anything not specifically handled above is writable.
260                  * This means that some fields may still be read-only because
261                  * they have entries in the config_field list that intercept
262                  * the write and do nothing. */
263                 if (dev_data->permissive || xen_pcibk_permissive) {
264                         switch (size) {
265                         case 1:
266                                 err = pci_write_config_byte(dev, offset,
267                                                             (u8) value);
268                                 break;
269                         case 2:
270                                 err = pci_write_config_word(dev, offset,
271                                                             (u16) value);
272                                 break;
273                         case 4:
274                                 err = pci_write_config_dword(dev, offset,
275                                                              (u32) value);
276                                 break;
277                         }
278                 } else if (!dev_data->warned_on_write) {
279                         dev_data->warned_on_write = 1;
280                         dev_warn(&dev->dev, "Driver tried to write to a "
281                                  "read-only configuration space field at offset"
282                                  " 0x%x, size %d. This may be harmless, but if "
283                                  "you have problems with your device:\n"
284                                  "1) see permissive attribute in sysfs\n"
285                                  "2) report problems to the xen-devel "
286                                  "mailing list along with details of your "
287                                  "device obtained from lspci.\n", offset, size);
288                 }
289         }
290
291         return pcibios_err_to_errno(err);
292 }
293
294 void xen_pcibk_config_free_dyn_fields(struct pci_dev *dev)
295 {
296         struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(dev);
297         struct config_field_entry *cfg_entry, *t;
298         const struct config_field *field;
299
300         dev_dbg(&dev->dev, "free-ing dynamically allocated virtual "
301                            "configuration space fields\n");
302         if (!dev_data)
303                 return;
304
305         list_for_each_entry_safe(cfg_entry, t, &dev_data->config_fields, list) {
306                 field = cfg_entry->field;
307
308                 if (field->clean) {
309                         field->clean((struct config_field *)field);
310
311                         kfree(cfg_entry->data);
312
313                         list_del(&cfg_entry->list);
314                         kfree(cfg_entry);
315                 }
316
317         }
318 }
319
320 void xen_pcibk_config_reset_dev(struct pci_dev *dev)
321 {
322         struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(dev);
323         const struct config_field_entry *cfg_entry;
324         const struct config_field *field;
325
326         dev_dbg(&dev->dev, "resetting virtual configuration space\n");
327         if (!dev_data)
328                 return;
329
330         list_for_each_entry(cfg_entry, &dev_data->config_fields, list) {
331                 field = cfg_entry->field;
332
333                 if (field->reset)
334                         field->reset(dev, OFFSET(cfg_entry), cfg_entry->data);
335         }
336 }
337
338 void xen_pcibk_config_free_dev(struct pci_dev *dev)
339 {
340         struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(dev);
341         struct config_field_entry *cfg_entry, *t;
342         const struct config_field *field;
343
344         dev_dbg(&dev->dev, "free-ing virtual configuration space fields\n");
345         if (!dev_data)
346                 return;
347
348         list_for_each_entry_safe(cfg_entry, t, &dev_data->config_fields, list) {
349                 list_del(&cfg_entry->list);
350
351                 field = cfg_entry->field;
352
353                 if (field->release)
354                         field->release(dev, OFFSET(cfg_entry), cfg_entry->data);
355
356                 kfree(cfg_entry);
357         }
358 }
359
360 int xen_pcibk_config_add_field_offset(struct pci_dev *dev,
361                                     const struct config_field *field,
362                                     unsigned int base_offset)
363 {
364         int err = 0;
365         struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(dev);
366         struct config_field_entry *cfg_entry;
367         void *tmp;
368
369         cfg_entry = kmalloc(sizeof(*cfg_entry), GFP_KERNEL);
370         if (!cfg_entry) {
371                 err = -ENOMEM;
372                 goto out;
373         }
374
375         cfg_entry->data = NULL;
376         cfg_entry->field = field;
377         cfg_entry->base_offset = base_offset;
378
379         /* silently ignore duplicate fields */
380         err = xen_pcibk_field_is_dup(dev, OFFSET(cfg_entry));
381         if (err)
382                 goto out;
383
384         if (field->init) {
385                 tmp = field->init(dev, OFFSET(cfg_entry));
386
387                 if (IS_ERR(tmp)) {
388                         err = PTR_ERR(tmp);
389                         goto out;
390                 }
391
392                 cfg_entry->data = tmp;
393         }
394
395         dev_dbg(&dev->dev, "added config field at offset 0x%02x\n",
396                 OFFSET(cfg_entry));
397         list_add_tail(&cfg_entry->list, &dev_data->config_fields);
398
399 out:
400         if (err)
401                 kfree(cfg_entry);
402
403         return err;
404 }
405
406 /* This sets up the device's virtual configuration space to keep track of
407  * certain registers (like the base address registers (BARs) so that we can
408  * keep the client from manipulating them directly.
409  */
410 int xen_pcibk_config_init_dev(struct pci_dev *dev)
411 {
412         int err = 0;
413         struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(dev);
414
415         dev_dbg(&dev->dev, "initializing virtual configuration space\n");
416
417         INIT_LIST_HEAD(&dev_data->config_fields);
418
419         err = xen_pcibk_config_header_add_fields(dev);
420         if (err)
421                 goto out;
422
423         err = xen_pcibk_config_capability_add_fields(dev);
424         if (err)
425                 goto out;
426
427         err = xen_pcibk_config_quirks_init(dev);
428
429 out:
430         return err;
431 }
432
433 int xen_pcibk_config_init(void)
434 {
435         return xen_pcibk_config_capability_init();
436 }