PCIe 6.0 introduces the "Integrity & Data Encryption (IDE)" feature which adds a new capability with id=0x30. Add the new id to the list of capabilities. Add new flags from pciutils. Add a module with a helper to control selective IDE capability. TODO: get rid of lots of magic numbers. It is one annoying flexible capability to deal with. Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx> --- drivers/pci/Makefile | 1 + include/linux/pci-ide.h | 18 ++ include/uapi/linux/pci_regs.h | 76 +++++++- drivers/pci/ide.c | 186 ++++++++++++++++++++ drivers/pci/Kconfig | 4 + 5 files changed, 284 insertions(+), 1 deletion(-) diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile index 1452e4ba7f00..034f17f9297a 100644 --- a/drivers/pci/Makefile +++ b/drivers/pci/Makefile @@ -34,6 +34,7 @@ obj-$(CONFIG_PCI_P2PDMA) += p2pdma.o obj-$(CONFIG_XEN_PCIDEV_FRONTEND) += xen-pcifront.o obj-$(CONFIG_VGA_ARB) += vgaarb.o obj-$(CONFIG_PCI_DOE) += doe.o +obj-$(CONFIG_PCI_IDE) += ide.o obj-$(CONFIG_PCI_DYNAMIC_OF_NODES) += of_property.o obj-$(CONFIG_PCI_CMA) += cma.o cma.asn1.o diff --git a/include/linux/pci-ide.h b/include/linux/pci-ide.h new file mode 100644 index 000000000000..983a8daf1199 --- /dev/null +++ b/include/linux/pci-ide.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Integrity & Data Encryption (IDE) + * PCIe r6.0, sec 6.33 DOE + */ + +#ifndef LINUX_PCI_IDE_H +#define LINUX_PCI_IDE_H + +int pci_ide_set_sel(struct pci_dev *pdev, unsigned int sel_index, unsigned int streamid, + bool enable, bool def, bool tee_limited, bool ide_cfg); +int pci_ide_set_sel_rid_assoc(struct pci_dev *pdev, unsigned int sel_index, + bool valid, u8 seg_base, u16 rid_base, u16 rid_limit); +int pci_ide_set_sel_addr_assoc(struct pci_dev *pdev, unsigned int sel_index, unsigned int blocknum, + bool valid, u64 base, u64 limit); +int pci_ide_get_sel_sta(struct pci_dev *pdev, unsigned int sel_index, u32 *status); + +#endif diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h index 0011a301b8c5..80962b07719a 100644 --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -743,7 +743,8 @@ #define PCI_EXT_CAP_ID_PL_16GT 0x26 /* Physical Layer 16.0 GT/s */ #define PCI_EXT_CAP_ID_PL_32GT 0x2A /* Physical Layer 32.0 GT/s */ #define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ -#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE +#define PCI_EXT_CAP_ID_IDE 0x30 /* Integrity and Data Encryption (IDE) */ +#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_IDE #define PCI_EXT_CAP_DSN_SIZEOF 12 #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40 @@ -1150,9 +1151,82 @@ #define PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL 0x00ff0000 #define PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX 0xff000000 + /* Compute Express Link (CXL r3.1, sec 8.1.5) */ #define PCI_DVSEC_CXL_PORT 3 #define PCI_DVSEC_CXL_PORT_CTL 0x0c #define PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR 0x00000001 +/* Integrity and Data Encryption Extended Capability */ +#define PCI_IDE_CAP 0x4 +#define PCI_IDE_CAP_LINK_IDE_SUPP 0x1 /* Link IDE Stream Supported */ +#define PCI_IDE_CAP_SELECTIVE_IDE_SUPP 0x2 /* Selective IDE Streams Supported */ +#define PCI_IDE_CAP_FLOWTHROUGH_IDE_SUPP 0x4 /* Flow-Through IDE Stream Supported */ +#define PCI_IDE_CAP_PARTIAL_HEADER_ENC_SUPP 0x8 /* Partial Header Encryption Supported */ +#define PCI_IDE_CAP_AGGREGATION_SUPP 0x10 /* Aggregation Supported */ +#define PCI_IDE_CAP_PCRC_SUPP 0x20 /* PCRC Supported */ +#define PCI_IDE_CAP_IDE_KM_SUPP 0x40 /* IDE_KM Protocol Supported */ +#define PCI_IDE_CAP_ALG(x) (((x) >> 8) & 0x1f) /* Supported Algorithms */ +#define PCI_IDE_CAP_ALG_AES_GCM_256 0 /* AES-GCM 256 key size, 96b MAC */ +#define PCI_IDE_CAP_LINK_TC_NUM(x) (((x) >> 13) & 0x7) /* Link IDE TCs */ +#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) (((x) >> 16) & 0xff) /* Selective IDE Streams */ +#define PCI_IDE_CAP_TEE_LIMITED_SUPP 0x1000000 /* TEE-Limited Stream Supported */ +#define PCI_IDE_CTL 0x8 +#define PCI_IDE_CTL_FLOWTHROUGH_IDE 0x4 /* Flow-Through IDE Stream Enabled */ +#define PCI_IDE_LINK_STREAM 0xC +/* Link IDE Stream block, up to PCI_IDE_CAP_LINK_TC_NUM */ +/* Link IDE Stream Control Register */ +#define PCI_IDE_LINK_CTL_EN 0x1 /* Link IDE Stream Enable */ +#define PCI_IDE_LINK_CTL_TX_AGGR_NPR(x)(((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ +#define PCI_IDE_LINK_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ +#define PCI_IDE_LINK_CTL_TX_AGGR_CPL(x)(((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ +#define PCI_IDE_LINK_CTL_PCRC_EN 0x100 /* PCRC Enable */ +#define PCI_IDE_LINK_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ +#define PCI_IDE_LINK_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ +#define PCI_IDE_LINK_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ +#define PCI_IDE_LINK_CTL_ID(x) (((x) >> 24) & 0xff) /* Stream ID */ +#define PCI_IDE_LINK_CTL_ID_MASK 0xff000000 + +/* Link IDE Stream Status Register */ +#define PCI_IDE_LINK_STS_STATUS(x) ((x) & 0xf) /* Link IDE Stream State */ +#define PCI_IDE_LINK_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ +/* Selective IDE Stream block, up to PCI_IDE_CAP_SELECTIVE_STREAMS_NUM */ +/* Selective IDE Stream Capability Register */ +#define PCI_IDE_SEL_CAP_BLOCKS_NUM(x) ((x) & 0xf) /*Address Association Register Blocks Number */ +/* Selective IDE Stream Control Register */ +#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */ +#define PCI_IDE_SEL_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ +#define PCI_IDE_SEL_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ +#define PCI_IDE_SEL_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ +#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */ +#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */ +#define PCI_IDE_SEL_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ +#define PCI_IDE_SEL_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ +#define PCI_IDE_SEL_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ +#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */ +#define PCI_IDE_SEL_CTL_TEE_LIMITED (1 << 23) /* TEE-Limited Stream */ +#define PCI_IDE_SEL_CTL_ID(x) (((x) >> 24) & 0xff) /* Stream ID */ +/* Selective IDE Stream Status Register */ +#define PCI_IDE_SEL_STS_STATUS(x) ((x) & 0xf) /* Selective IDE Stream State */ +#define PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ +/* IDE RID Association Register 1 */ +#define PCI_IDE_SEL_RID_1_LIMIT(x) (((x) >> 8) & 0xffff) /* RID Limit */ +#define PCI_IDE_SEL_RID_1(rid_limit) (((rid_limit) & 0xffff) << 8) +/* IDE RID Association Register 2 */ +#define PCI_IDE_SEL_RID_2_VALID 0x1 /* Valid */ +#define PCI_IDE_SEL_RID_2_BASE(x) (((x) >> 8) & 0xffff) /* RID Base */ +#define PCI_IDE_SEL_RID_2_SEG_BASE(x) (((x) >> 24) & 0xff) /* Segmeng Base */ +#define PCI_IDE_SEL_RID_2(v, rid_base, seg_base) ((((seg_base) & 0xff) << 24) | \ + (((rid_base) & 0xffff) << 8) | ((v) ? 1 : 0)) +/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_BLOCKS_NUM */ +#define PCI_IDE_SEL_ADDR_1_VALID 0x1 /* Valid */ +#define PCI_IDE_SEL_ADDR_1_BASE_LOW(x) (((x) >> 8) & 0xfff) /* Memory Base Lower */ +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW(x)(((x) >> 20) & 0xfff) /* Memory Limit Lower */ +/* IDE Address Association Register 2 is "Memory Limit Upper" */ +/* IDE Address Association Register 3 is "Memory Base Upper" */ +#define PCI_IDE_SEL_ADDR_1(v, base, limit) ((FIELD_GET(0xfff00000, (limit)) << 20) | \ + (FIELD_GET(0xfff00000, (base)) << 8) | ((v) ? 1 : 0)) +#define PCI_IDE_SEL_ADDR_2(limit) ((limit) >> 32) +#define PCI_IDE_SEL_ADDR_3(base) ((base) >> 32) + #endif /* LINUX_PCI_REGS_H */ diff --git a/drivers/pci/ide.c b/drivers/pci/ide.c new file mode 100644 index 000000000000..dc0632e836e7 --- /dev/null +++ b/drivers/pci/ide.c @@ -0,0 +1,186 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Integrity & Data Encryption (IDE) + * PCIe r6.0, sec 6.33 DOE + */ + +#define dev_fmt(fmt) "IDE: " fmt + +#include <linux/pci.h> +#include <linux/pci-ide.h> +#include <linux/bitfield.h> +#include <linux/module.h> + +#define DRIVER_VERSION "0.1" +#define DRIVER_AUTHOR "aik@xxxxxxx" +#define DRIVER_DESC "Integrity and Data Encryption driver" + +/* Returns an offset of the specific IDE stream block */ +static u16 sel_off(struct pci_dev *pdev, unsigned int sel_index) +{ + u16 offset = pci_find_next_ext_capability(pdev, 0, PCI_EXT_CAP_ID_IDE); + unsigned int linknum = 0, selnum = 0, i; + u16 seloff; + u32 cap = 0; + + if (!offset) + return 0; + + pci_read_config_dword(pdev, offset + PCI_IDE_CAP, &cap); + if (cap & PCI_IDE_CAP_SELECTIVE_IDE_SUPP) + selnum = PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(cap) + 1; + + if (!selnum || sel_index >= selnum) + return 0; + + if (cap & PCI_IDE_CAP_LINK_IDE_SUPP) + linknum = PCI_IDE_CAP_LINK_TC_NUM(cap) + 1; + + seloff = offset + PCI_IDE_LINK_STREAM + linknum * 2 * 4; + for (i = 0; i < sel_index; ++i) { + u32 selcap = 0; + + pci_read_config_dword(pdev, seloff, &selcap); + + /* Selective Cap+Ctrl+Sta + Addr#*8 */ + seloff += 3 * 4 + PCI_IDE_SEL_CAP_BLOCKS_NUM(selcap) * 2 * 4; + } + + return seloff; +} + +static u16 sel_off_addr_block(struct pci_dev *pdev, u16 offset, unsigned int blocknum) +{ + unsigned int blocks; + u32 selcap = 0; + + pci_read_config_dword(pdev, offset, &selcap); + + blocks = PCI_IDE_SEL_CAP_BLOCKS_NUM(selcap); + if (!blocks) + return 0; + + return offset + 3 * 4 + // Skip Cap, Ctl, Sta + 2 * 4 + // RID Association Register 1 and 2 + blocknum * 3 * 4; // Each block is Address Association Register 1, 2, 3 +} + +static int set_sel(struct pci_dev *pdev, unsigned int sel_index, u32 value) +{ + u16 offset = sel_off(pdev, sel_index); + u32 status = 0; + + if (!offset) + return -EINVAL; + + pci_read_config_dword(pdev, offset + 8, &status); + if (status & PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK) { + pci_warn(pdev, "[%x] Clearing \"Received integrity check\"\n", offset + 4); + pci_write_config_dword(pdev, offset + 8, + status & ~PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK); + } + + /* Selective IDE Stream Control Register */ + pci_write_config_dword(pdev, offset + 4, value); + return 0; +} + +int pci_ide_set_sel(struct pci_dev *pdev, unsigned int sel_index, unsigned int streamid, + bool enable, bool def, bool tee_limited, bool ide_cfg) +{ + return set_sel(pdev, sel_index, + FIELD_PREP(PCI_IDE_LINK_CTL_ID_MASK, streamid) | + (def ? PCI_IDE_SEL_CTL_DEFAULT : 0) | + (enable ? PCI_IDE_SEL_CTL_EN : 0) | + (tee_limited ? PCI_IDE_SEL_CTL_TEE_LIMITED : 0) | + (ide_cfg ? PCI_IDE_SEL_CTL_CFG_EN : 0) + ); +} +EXPORT_SYMBOL_GPL(pci_ide_set_sel); + +int pci_ide_set_sel_rid_assoc(struct pci_dev *pdev, unsigned int sel_index, + bool valid, u8 seg_base, u16 rid_base, u16 rid_limit) +{ + u16 offset = sel_off(pdev, sel_index); + u32 rid1 = PCI_IDE_SEL_RID_1(rid_limit); + u32 rid2 = PCI_IDE_SEL_RID_2(valid, rid_base, seg_base); + u32 ctl = 0; + + if (!offset) + return -EINVAL; + + pci_read_config_dword(pdev, offset + 4, &ctl); + if (ctl & PCI_IDE_SEL_CTL_EN) + pci_warn(pdev, "Setting RID when En=off triggers Integrity Check Fail Message"); + + /* IDE RID Association Register 1 */ + pci_write_config_dword(pdev, offset + 0xC, rid1); + /* IDE RID Association Register 2 */ + pci_write_config_dword(pdev, offset + 0x10, rid2); + return 0; +} +EXPORT_SYMBOL_GPL(pci_ide_set_sel_rid_assoc); + +int pci_ide_set_sel_addr_assoc(struct pci_dev *pdev, unsigned int sel_index, unsigned int blocknum, + bool valid, u64 base, u64 limit) +{ + u16 offset = sel_off(pdev, sel_index), offset_ab; + u32 a1 = PCI_IDE_SEL_ADDR_1(1, base, limit); + u32 a2 = PCI_IDE_SEL_ADDR_2(limit); + u32 a3 = PCI_IDE_SEL_ADDR_3(base); + + if (!offset) + return -EINVAL; + + offset_ab = sel_off_addr_block(pdev, offset, blocknum); + if (!offset_ab || offset_ab <= offset) + return -EINVAL; + + /* IDE Address Association Register 1 */ + pci_write_config_dword(pdev, offset_ab, a1); + /* IDE Address Association Register 2 */ + pci_write_config_dword(pdev, offset_ab + 4, a2); + /* IDE Address Association Register 1 */ + pci_write_config_dword(pdev, offset_ab + 8, a3); + return 0; +} +EXPORT_SYMBOL_GPL(pci_ide_set_sel_addr_assoc); + +int pci_ide_get_sel_sta(struct pci_dev *pdev, unsigned int sel_index, u32 *status) +{ + u16 offset = sel_off(pdev, sel_index); + u32 s = 0; + int ret; + + if (!offset) + return -EINVAL; + + + ret = pci_read_config_dword(pdev, offset + 8, &s); + if (ret) + return ret; + + *status = s; + return 0; +} +EXPORT_SYMBOL_GPL(pci_ide_get_sel_sta); + +static int __init ide_init(void) +{ + int ret = 0; + + pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n"); + return ret; +} + +static void __exit ide_cleanup(void) +{ +} + +module_init(ide_init); +module_exit(ide_cleanup); + +MODULE_VERSION(DRIVER_VERSION); +MODULE_LICENSE("GPL"); +MODULE_AUTHOR(DRIVER_AUTHOR); +MODULE_DESCRIPTION(DRIVER_DESC); diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig index b0b14468ba5d..8e908d684c77 100644 --- a/drivers/pci/Kconfig +++ b/drivers/pci/Kconfig @@ -137,6 +137,10 @@ config PCI_CMA config PCI_DOE bool +config PCI_IDE + tristate + default m + config PCI_ECAM bool -- 2.45.2