projects / deliverable / linux.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
iommu/amd: Return the pte page-size in fetch_pte
[deliverable/linux.git] / drivers / iommu / amd_iommu.c
... / ...
CommitLineData
1/*
2 * Copyright (C) 2007-2010 Advanced Micro Devices, Inc.
3 * Author: Joerg Roedel <jroedel@suse.de>
4 * Leo Duran <leo.duran@amd.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19
20#include <linux/ratelimit.h>
21#include <linux/pci.h>
22#include <linux/pci-ats.h>
23#include <linux/bitmap.h>
24#include <linux/slab.h>
25#include <linux/debugfs.h>
26#include <linux/scatterlist.h>
27#include <linux/dma-mapping.h>
28#include <linux/iommu-helper.h>
29#include <linux/iommu.h>
30#include <linux/delay.h>
31#include <linux/amd-iommu.h>
32#include <linux/notifier.h>
33#include <linux/export.h>
34#include <linux/irq.h>
35#include <linux/msi.h>
36#include <linux/dma-contiguous.h>
37#include <asm/irq_remapping.h>
38#include <asm/io_apic.h>
39#include <asm/apic.h>
40#include <asm/hw_irq.h>
41#include <asm/msidef.h>
42#include <asm/proto.h>
43#include <asm/iommu.h>
44#include <asm/gart.h>
45#include <asm/dma.h>
46
47#include "amd_iommu_proto.h"
48#include "amd_iommu_types.h"
49#include "irq_remapping.h"
50
51#define CMD_SET_TYPE(cmd, t) ((cmd)->data[1] |= ((t) << 28))
52
53#define LOOP_TIMEOUT 100000
54
55/*
56 * This bitmap is used to advertise the page sizes our hardware support
57 * to the IOMMU core, which will then use this information to split
58 * physically contiguous memory regions it is mapping into page sizes
59 * that we support.
60 *
61 * 512GB Pages are not supported due to a hardware bug
62 */
63#define AMD_IOMMU_PGSIZES ((~0xFFFUL) & ~(2ULL << 38))
64
65static DEFINE_RWLOCK(amd_iommu_devtable_lock);
66
67/* A list of preallocated protection domains */
68static LIST_HEAD(iommu_pd_list);
69static DEFINE_SPINLOCK(iommu_pd_list_lock);
70
71/* List of all available dev_data structures */
72static LIST_HEAD(dev_data_list);
73static DEFINE_SPINLOCK(dev_data_list_lock);
74
75LIST_HEAD(ioapic_map);
76LIST_HEAD(hpet_map);
77
78/*
79 * Domain for untranslated devices - only allocated
80 * if iommu=pt passed on kernel cmd line.
81 */
82static struct protection_domain *pt_domain;
83
84static const struct iommu_ops amd_iommu_ops;
85
86static ATOMIC_NOTIFIER_HEAD(ppr_notifier);
87int amd_iommu_max_glx_val = -1;
88
89static struct dma_map_ops amd_iommu_dma_ops;
90
91/*
92 * This struct contains device specific data for the IOMMU
93 */
94struct iommu_dev_data {
95 struct list_head list; /* For domain->dev_list */
96 struct list_head dev_data_list; /* For global dev_data_list */
97 struct list_head alias_list; /* Link alias-groups together */
98 struct iommu_dev_data *alias_data;/* The alias dev_data */
99 struct protection_domain *domain; /* Domain the device is bound to */
100 u16 devid; /* PCI Device ID */
101 bool iommu_v2; /* Device can make use of IOMMUv2 */
102 bool passthrough; /* Default for device is pt_domain */
103 struct {
104 bool enabled;
105 int qdep;
106 } ats; /* ATS state */
107 bool pri_tlp; /* PASID TLB required for
108 PPR completions */
109 u32 errata; /* Bitmap for errata to apply */
110};
111
112/*
113 * general struct to manage commands send to an IOMMU
114 */
115struct iommu_cmd {
116 u32 data[4];
117};
118
119struct kmem_cache *amd_iommu_irq_cache;
120
121static void update_domain(struct protection_domain *domain);
122static int __init alloc_passthrough_domain(void);
123
124/****************************************************************************
125 *
126 * Helper functions
127 *
128 ****************************************************************************/
129
130static struct iommu_dev_data *alloc_dev_data(u16 devid)
131{
132 struct iommu_dev_data *dev_data;
133 unsigned long flags;
134
135 dev_data = kzalloc(sizeof(*dev_data), GFP_KERNEL);
136 if (!dev_data)
137 return NULL;
138
139 INIT_LIST_HEAD(&dev_data->alias_list);
140
141 dev_data->devid = devid;
142
143 spin_lock_irqsave(&dev_data_list_lock, flags);
144 list_add_tail(&dev_data->dev_data_list, &dev_data_list);
145 spin_unlock_irqrestore(&dev_data_list_lock, flags);
146
147 return dev_data;
148}
149
150static void free_dev_data(struct iommu_dev_data *dev_data)
151{
152 unsigned long flags;
153
154 spin_lock_irqsave(&dev_data_list_lock, flags);
155 list_del(&dev_data->dev_data_list);
156 spin_unlock_irqrestore(&dev_data_list_lock, flags);
157
158 kfree(dev_data);
159}
160
161static struct iommu_dev_data *search_dev_data(u16 devid)
162{
163 struct iommu_dev_data *dev_data;
164 unsigned long flags;
165
166 spin_lock_irqsave(&dev_data_list_lock, flags);
167 list_for_each_entry(dev_data, &dev_data_list, dev_data_list) {
168 if (dev_data->devid == devid)
169 goto out_unlock;
170 }
171
172 dev_data = NULL;
173
174out_unlock:
175 spin_unlock_irqrestore(&dev_data_list_lock, flags);
176
177 return dev_data;
178}
179
180static struct iommu_dev_data *find_dev_data(u16 devid)
181{
182 struct iommu_dev_data *dev_data;
183
184 dev_data = search_dev_data(devid);
185
186 if (dev_data == NULL)
187 dev_data = alloc_dev_data(devid);
188
189 return dev_data;
190}
191
192static inline u16 get_device_id(struct device *dev)
193{
194 struct pci_dev *pdev = to_pci_dev(dev);
195
196 return PCI_DEVID(pdev->bus->number, pdev->devfn);
197}
198
199static struct iommu_dev_data *get_dev_data(struct device *dev)
200{
201 return dev->archdata.iommu;
202}
203
204static bool pci_iommuv2_capable(struct pci_dev *pdev)
205{
206 static const int caps[] = {
207 PCI_EXT_CAP_ID_ATS,
208 PCI_EXT_CAP_ID_PRI,
209 PCI_EXT_CAP_ID_PASID,
210 };
211 int i, pos;
212
213 for (i = 0; i < 3; ++i) {
214 pos = pci_find_ext_capability(pdev, caps[i]);
215 if (pos == 0)
216 return false;
217 }
218
219 return true;
220}
221
222static bool pdev_pri_erratum(struct pci_dev *pdev, u32 erratum)
223{
224 struct iommu_dev_data *dev_data;
225
226 dev_data = get_dev_data(&pdev->dev);
227
228 return dev_data->errata & (1 << erratum) ? true : false;
229}
230
231/*
232 * In this function the list of preallocated protection domains is traversed to
233 * find the domain for a specific device
234 */
235static struct dma_ops_domain *find_protection_domain(u16 devid)
236{
237 struct dma_ops_domain *entry, *ret = NULL;
238 unsigned long flags;
239 u16 alias = amd_iommu_alias_table[devid];
240
241 if (list_empty(&iommu_pd_list))
242 return NULL;
243
244 spin_lock_irqsave(&iommu_pd_list_lock, flags);
245
246 list_for_each_entry(entry, &iommu_pd_list, list) {
247 if (entry->target_dev == devid ||
248 entry->target_dev == alias) {
249 ret = entry;
250 break;
251 }
252 }
253
254 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
255
256 return ret;
257}
258
259/*
260 * This function checks if the driver got a valid device from the caller to
261 * avoid dereferencing invalid pointers.
262 */
263static bool check_device(struct device *dev)
264{
265 u16 devid;
266
267 if (!dev || !dev->dma_mask)
268 return false;
269
270 /* No PCI device */
271 if (!dev_is_pci(dev))
272 return false;
273
274 devid = get_device_id(dev);
275
276 /* Out of our scope? */
277 if (devid > amd_iommu_last_bdf)
278 return false;
279
280 if (amd_iommu_rlookup_table[devid] == NULL)
281 return false;
282
283 return true;
284}
285
286static void init_iommu_group(struct device *dev)
287{
288 struct iommu_group *group;
289
290 group = iommu_group_get_for_dev(dev);
291 if (!IS_ERR(group))
292 iommu_group_put(group);
293}
294
295static int __last_alias(struct pci_dev *pdev, u16 alias, void *data)
296{
297 *(u16 *)data = alias;
298 return 0;
299}
300
301static u16 get_alias(struct device *dev)
302{
303 struct pci_dev *pdev = to_pci_dev(dev);
304 u16 devid, ivrs_alias, pci_alias;
305
306 devid = get_device_id(dev);
307 ivrs_alias = amd_iommu_alias_table[devid];
308 pci_for_each_dma_alias(pdev, __last_alias, &pci_alias);
309
310 if (ivrs_alias == pci_alias)
311 return ivrs_alias;
312
313 /*
314 * DMA alias showdown
315 *
316 * The IVRS is fairly reliable in telling us about aliases, but it
317 * can't know about every screwy device. If we don't have an IVRS
318 * reported alias, use the PCI reported alias. In that case we may
319 * still need to initialize the rlookup and dev_table entries if the
320 * alias is to a non-existent device.
321 */
322 if (ivrs_alias == devid) {
323 if (!amd_iommu_rlookup_table[pci_alias]) {
324 amd_iommu_rlookup_table[pci_alias] =
325 amd_iommu_rlookup_table[devid];
326 memcpy(amd_iommu_dev_table[pci_alias].data,
327 amd_iommu_dev_table[devid].data,
328 sizeof(amd_iommu_dev_table[pci_alias].data));
329 }
330
331 return pci_alias;
332 }
333
334 pr_info("AMD-Vi: Using IVRS reported alias %02x:%02x.%d "
335 "for device %s[%04x:%04x], kernel reported alias "
336 "%02x:%02x.%d\n", PCI_BUS_NUM(ivrs_alias), PCI_SLOT(ivrs_alias),
337 PCI_FUNC(ivrs_alias), dev_name(dev), pdev->vendor, pdev->device,
338 PCI_BUS_NUM(pci_alias), PCI_SLOT(pci_alias),
339 PCI_FUNC(pci_alias));
340
341 /*
342 * If we don't have a PCI DMA alias and the IVRS alias is on the same
343 * bus, then the IVRS table may know about a quirk that we don't.
344 */
345 if (pci_alias == devid &&
346 PCI_BUS_NUM(ivrs_alias) == pdev->bus->number) {
347 pdev->dev_flags |= PCI_DEV_FLAGS_DMA_ALIAS_DEVFN;
348 pdev->dma_alias_devfn = ivrs_alias & 0xff;
349 pr_info("AMD-Vi: Added PCI DMA alias %02x.%d for %s\n",
350 PCI_SLOT(ivrs_alias), PCI_FUNC(ivrs_alias),
351 dev_name(dev));
352 }
353
354 return ivrs_alias;
355}
356
357static int iommu_init_device(struct device *dev)
358{
359 struct pci_dev *pdev = to_pci_dev(dev);
360 struct iommu_dev_data *dev_data;
361 u16 alias;
362
363 if (dev->archdata.iommu)
364 return 0;
365
366 dev_data = find_dev_data(get_device_id(dev));
367 if (!dev_data)
368 return -ENOMEM;
369
370 alias = get_alias(dev);
371
372 if (alias != dev_data->devid) {
373 struct iommu_dev_data *alias_data;
374
375 alias_data = find_dev_data(alias);
376 if (alias_data == NULL) {
377 pr_err("AMD-Vi: Warning: Unhandled device %s\n",
378 dev_name(dev));
379 free_dev_data(dev_data);
380 return -ENOTSUPP;
381 }
382 dev_data->alias_data = alias_data;
383
384 /* Add device to the alias_list */
385 list_add(&dev_data->alias_list, &alias_data->alias_list);
386 }
387
388 if (pci_iommuv2_capable(pdev)) {
389 struct amd_iommu *iommu;
390
391 iommu = amd_iommu_rlookup_table[dev_data->devid];
392 dev_data->iommu_v2 = iommu->is_iommu_v2;
393 }
394
395 dev->archdata.iommu = dev_data;
396
397 iommu_device_link(amd_iommu_rlookup_table[dev_data->devid]->iommu_dev,
398 dev);
399
400 return 0;
401}
402
403static void iommu_ignore_device(struct device *dev)
404{
405 u16 devid, alias;
406
407 devid = get_device_id(dev);
408 alias = amd_iommu_alias_table[devid];
409
410 memset(&amd_iommu_dev_table[devid], 0, sizeof(struct dev_table_entry));
411 memset(&amd_iommu_dev_table[alias], 0, sizeof(struct dev_table_entry));
412
413 amd_iommu_rlookup_table[devid] = NULL;
414 amd_iommu_rlookup_table[alias] = NULL;
415}
416
417static void iommu_uninit_device(struct device *dev)
418{
419 struct iommu_dev_data *dev_data = search_dev_data(get_device_id(dev));
420
421 if (!dev_data)
422 return;
423
424 iommu_device_unlink(amd_iommu_rlookup_table[dev_data->devid]->iommu_dev,
425 dev);
426
427 iommu_group_remove_device(dev);
428
429 /* Unlink from alias, it may change if another device is re-plugged */
430 dev_data->alias_data = NULL;
431
432 /*
433 * We keep dev_data around for unplugged devices and reuse it when the
434 * device is re-plugged - not doing so would introduce a ton of races.
435 */
436}
437
438void __init amd_iommu_uninit_devices(void)
439{
440 struct iommu_dev_data *dev_data, *n;
441 struct pci_dev *pdev = NULL;
442
443 for_each_pci_dev(pdev) {
444
445 if (!check_device(&pdev->dev))
446 continue;
447
448 iommu_uninit_device(&pdev->dev);
449 }
450
451 /* Free all of our dev_data structures */
452 list_for_each_entry_safe(dev_data, n, &dev_data_list, dev_data_list)
453 free_dev_data(dev_data);
454}
455
456int __init amd_iommu_init_devices(void)
457{
458 struct pci_dev *pdev = NULL;
459 int ret = 0;
460
461 for_each_pci_dev(pdev) {
462
463 if (!check_device(&pdev->dev))
464 continue;
465
466 ret = iommu_init_device(&pdev->dev);
467 if (ret == -ENOTSUPP)
468 iommu_ignore_device(&pdev->dev);
469 else if (ret)
470 goto out_free;
471 }
472
473 /*
474 * Initialize IOMMU groups only after iommu_init_device() has
475 * had a chance to populate any IVRS defined aliases.
476 */
477 for_each_pci_dev(pdev) {
478 if (check_device(&pdev->dev))
479 init_iommu_group(&pdev->dev);
480 }
481
482 return 0;
483
484out_free:
485
486 amd_iommu_uninit_devices();
487
488 return ret;
489}
490#ifdef CONFIG_AMD_IOMMU_STATS
491
492/*
493 * Initialization code for statistics collection
494 */
495
496DECLARE_STATS_COUNTER(compl_wait);
497DECLARE_STATS_COUNTER(cnt_map_single);
498DECLARE_STATS_COUNTER(cnt_unmap_single);
499DECLARE_STATS_COUNTER(cnt_map_sg);
500DECLARE_STATS_COUNTER(cnt_unmap_sg);
501DECLARE_STATS_COUNTER(cnt_alloc_coherent);
502DECLARE_STATS_COUNTER(cnt_free_coherent);
503DECLARE_STATS_COUNTER(cross_page);
504DECLARE_STATS_COUNTER(domain_flush_single);
505DECLARE_STATS_COUNTER(domain_flush_all);
506DECLARE_STATS_COUNTER(alloced_io_mem);
507DECLARE_STATS_COUNTER(total_map_requests);
508DECLARE_STATS_COUNTER(complete_ppr);
509DECLARE_STATS_COUNTER(invalidate_iotlb);
510DECLARE_STATS_COUNTER(invalidate_iotlb_all);
511DECLARE_STATS_COUNTER(pri_requests);
512
513static struct dentry *stats_dir;
514static struct dentry *de_fflush;
515
516static void amd_iommu_stats_add(struct __iommu_counter *cnt)
517{
518 if (stats_dir == NULL)
519 return;
520
521 cnt->dent = debugfs_create_u64(cnt->name, 0444, stats_dir,
522 &cnt->value);
523}
524
525static void amd_iommu_stats_init(void)
526{
527 stats_dir = debugfs_create_dir("amd-iommu", NULL);
528 if (stats_dir == NULL)
529 return;
530
531 de_fflush = debugfs_create_bool("fullflush", 0444, stats_dir,
532 &amd_iommu_unmap_flush);
533
534 amd_iommu_stats_add(&compl_wait);
535 amd_iommu_stats_add(&cnt_map_single);
536 amd_iommu_stats_add(&cnt_unmap_single);
537 amd_iommu_stats_add(&cnt_map_sg);
538 amd_iommu_stats_add(&cnt_unmap_sg);
539 amd_iommu_stats_add(&cnt_alloc_coherent);
540 amd_iommu_stats_add(&cnt_free_coherent);
541 amd_iommu_stats_add(&cross_page);
542 amd_iommu_stats_add(&domain_flush_single);
543 amd_iommu_stats_add(&domain_flush_all);
544 amd_iommu_stats_add(&alloced_io_mem);
545 amd_iommu_stats_add(&total_map_requests);
546 amd_iommu_stats_add(&complete_ppr);
547 amd_iommu_stats_add(&invalidate_iotlb);
548 amd_iommu_stats_add(&invalidate_iotlb_all);
549 amd_iommu_stats_add(&pri_requests);
550}
551
552#endif
553
554/****************************************************************************
555 *
556 * Interrupt handling functions
557 *
558 ****************************************************************************/
559
560static void dump_dte_entry(u16 devid)
561{
562 int i;
563
564 for (i = 0; i < 4; ++i)
565 pr_err("AMD-Vi: DTE[%d]: %016llx\n", i,
566 amd_iommu_dev_table[devid].data[i]);
567}
568
569static void dump_command(unsigned long phys_addr)
570{
571 struct iommu_cmd *cmd = phys_to_virt(phys_addr);
572 int i;
573
574 for (i = 0; i < 4; ++i)
575 pr_err("AMD-Vi: CMD[%d]: %08x\n", i, cmd->data[i]);
576}
577
578static void iommu_print_event(struct amd_iommu *iommu, void *__evt)
579{
580 int type, devid, domid, flags;
581 volatile u32 *event = __evt;
582 int count = 0;
583 u64 address;
584
585retry:
586 type = (event[1] >> EVENT_TYPE_SHIFT) & EVENT_TYPE_MASK;
587 devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK;
588 domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK;
589 flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK;
590 address = (u64)(((u64)event[3]) << 32) | event[2];
591
592 if (type == 0) {
593 /* Did we hit the erratum? */
594 if (++count == LOOP_TIMEOUT) {
595 pr_err("AMD-Vi: No event written to event log\n");
596 return;
597 }
598 udelay(1);
599 goto retry;
600 }
601
602 printk(KERN_ERR "AMD-Vi: Event logged [");
603
604 switch (type) {
605 case EVENT_TYPE_ILL_DEV:
606 printk("ILLEGAL_DEV_TABLE_ENTRY device=%02x:%02x.%x "
607 "address=0x%016llx flags=0x%04x]\n",
608 PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid),
609 address, flags);
610 dump_dte_entry(devid);
611 break;
612 case EVENT_TYPE_IO_FAULT:
613 printk("IO_PAGE_FAULT device=%02x:%02x.%x "
614 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
615 PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid),
616 domid, address, flags);
617 break;
618 case EVENT_TYPE_DEV_TAB_ERR:
619 printk("DEV_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
620 "address=0x%016llx flags=0x%04x]\n",
621 PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid),
622 address, flags);
623 break;
624 case EVENT_TYPE_PAGE_TAB_ERR:
625 printk("PAGE_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
626 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
627 PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid),
628 domid, address, flags);
629 break;
630 case EVENT_TYPE_ILL_CMD:
631 printk("ILLEGAL_COMMAND_ERROR address=0x%016llx]\n", address);
632 dump_command(address);
633 break;
634 case EVENT_TYPE_CMD_HARD_ERR:
635 printk("COMMAND_HARDWARE_ERROR address=0x%016llx "
636 "flags=0x%04x]\n", address, flags);
637 break;
638 case EVENT_TYPE_IOTLB_INV_TO:
639 printk("IOTLB_INV_TIMEOUT device=%02x:%02x.%x "
640 "address=0x%016llx]\n",
641 PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid),
642 address);
643 break;
644 case EVENT_TYPE_INV_DEV_REQ:
645 printk("INVALID_DEVICE_REQUEST device=%02x:%02x.%x "
646 "address=0x%016llx flags=0x%04x]\n",
647 PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid),
648 address, flags);
649 break;
650 default:
651 printk(KERN_ERR "UNKNOWN type=0x%02x]\n", type);
652 }
653
654 memset(__evt, 0, 4 * sizeof(u32));
655}
656
657static void iommu_poll_events(struct amd_iommu *iommu)
658{
659 u32 head, tail;
660
661 head = readl(iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
662 tail = readl(iommu->mmio_base + MMIO_EVT_TAIL_OFFSET);
663
664 while (head != tail) {
665 iommu_print_event(iommu, iommu->evt_buf + head);
666 head = (head + EVENT_ENTRY_SIZE) % iommu->evt_buf_size;
667 }
668
669 writel(head, iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
670}
671
672static void iommu_handle_ppr_entry(struct amd_iommu *iommu, u64 *raw)
673{
674 struct amd_iommu_fault fault;
675
676 INC_STATS_COUNTER(pri_requests);
677
678 if (PPR_REQ_TYPE(raw[0]) != PPR_REQ_FAULT) {
679 pr_err_ratelimited("AMD-Vi: Unknown PPR request received\n");
680 return;
681 }
682
683 fault.address = raw[1];
684 fault.pasid = PPR_PASID(raw[0]);
685 fault.device_id = PPR_DEVID(raw[0]);
686 fault.tag = PPR_TAG(raw[0]);
687 fault.flags = PPR_FLAGS(raw[0]);
688
689 atomic_notifier_call_chain(&ppr_notifier, 0, &fault);
690}
691
692static void iommu_poll_ppr_log(struct amd_iommu *iommu)
693{
694 u32 head, tail;
695
696 if (iommu->ppr_log == NULL)
697 return;
698
699 head = readl(iommu->mmio_base + MMIO_PPR_HEAD_OFFSET);
700 tail = readl(iommu->mmio_base + MMIO_PPR_TAIL_OFFSET);
701
702 while (head != tail) {
703 volatile u64 *raw;
704 u64 entry[2];
705 int i;
706
707 raw = (u64 *)(iommu->ppr_log + head);
708
709 /*
710 * Hardware bug: Interrupt may arrive before the entry is
711 * written to memory. If this happens we need to wait for the
712 * entry to arrive.
713 */
714 for (i = 0; i < LOOP_TIMEOUT; ++i) {
715 if (PPR_REQ_TYPE(raw[0]) != 0)
716 break;
717 udelay(1);
718 }
719
720 /* Avoid memcpy function-call overhead */
721 entry[0] = raw[0];
722 entry[1] = raw[1];
723
724 /*
725 * To detect the hardware bug we need to clear the entry
726 * back to zero.
727 */
728 raw[0] = raw[1] = 0UL;
729
730 /* Update head pointer of hardware ring-buffer */
731 head = (head + PPR_ENTRY_SIZE) % PPR_LOG_SIZE;
732 writel(head, iommu->mmio_base + MMIO_PPR_HEAD_OFFSET);
733
734 /* Handle PPR entry */
735 iommu_handle_ppr_entry(iommu, entry);
736
737 /* Refresh ring-buffer information */
738 head = readl(iommu->mmio_base + MMIO_PPR_HEAD_OFFSET);
739 tail = readl(iommu->mmio_base + MMIO_PPR_TAIL_OFFSET);
740 }
741}
742
743irqreturn_t amd_iommu_int_thread(int irq, void *data)
744{
745 struct amd_iommu *iommu = (struct amd_iommu *) data;
746 u32 status = readl(iommu->mmio_base + MMIO_STATUS_OFFSET);
747
748 while (status & (MMIO_STATUS_EVT_INT_MASK | MMIO_STATUS_PPR_INT_MASK)) {
749 /* Enable EVT and PPR interrupts again */
750 writel((MMIO_STATUS_EVT_INT_MASK | MMIO_STATUS_PPR_INT_MASK),
751 iommu->mmio_base + MMIO_STATUS_OFFSET);
752
753 if (status & MMIO_STATUS_EVT_INT_MASK) {
754 pr_devel("AMD-Vi: Processing IOMMU Event Log\n");
755 iommu_poll_events(iommu);
756 }
757
758 if (status & MMIO_STATUS_PPR_INT_MASK) {
759 pr_devel("AMD-Vi: Processing IOMMU PPR Log\n");
760 iommu_poll_ppr_log(iommu);
761 }
762
763 /*
764 * Hardware bug: ERBT1312
765 * When re-enabling interrupt (by writing 1
766 * to clear the bit), the hardware might also try to set
767 * the interrupt bit in the event status register.
768 * In this scenario, the bit will be set, and disable
769 * subsequent interrupts.
770 *
771 * Workaround: The IOMMU driver should read back the
772 * status register and check if the interrupt bits are cleared.
773 * If not, driver will need to go through the interrupt handler
774 * again and re-clear the bits
775 */
776 status = readl(iommu->mmio_base + MMIO_STATUS_OFFSET);
777 }
778 return IRQ_HANDLED;
779}
780
781irqreturn_t amd_iommu_int_handler(int irq, void *data)
782{
783 return IRQ_WAKE_THREAD;
784}
785
786/****************************************************************************
787 *
788 * IOMMU command queuing functions
789 *
790 ****************************************************************************/
791
792static int wait_on_sem(volatile u64 *sem)
793{
794 int i = 0;
795
796 while (*sem == 0 && i < LOOP_TIMEOUT) {
797 udelay(1);
798 i += 1;
799 }
800
801 if (i == LOOP_TIMEOUT) {
802 pr_alert("AMD-Vi: Completion-Wait loop timed out\n");
803 return -EIO;
804 }
805
806 return 0;
807}
808
809static void copy_cmd_to_buffer(struct amd_iommu *iommu,
810 struct iommu_cmd *cmd,
811 u32 tail)
812{
813 u8 *target;
814
815 target = iommu->cmd_buf + tail;
816 tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
817
818 /* Copy command to buffer */
819 memcpy(target, cmd, sizeof(*cmd));
820
821 /* Tell the IOMMU about it */
822 writel(tail, iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
823}
824
825static void build_completion_wait(struct iommu_cmd *cmd, u64 address)
826{
827 WARN_ON(address & 0x7ULL);
828
829 memset(cmd, 0, sizeof(*cmd));
830 cmd->data[0] = lower_32_bits(__pa(address)) | CMD_COMPL_WAIT_STORE_MASK;
831 cmd->data[1] = upper_32_bits(__pa(address));
832 cmd->data[2] = 1;
833 CMD_SET_TYPE(cmd, CMD_COMPL_WAIT);
834}
835
836static void build_inv_dte(struct iommu_cmd *cmd, u16 devid)
837{
838 memset(cmd, 0, sizeof(*cmd));
839 cmd->data[0] = devid;
840 CMD_SET_TYPE(cmd, CMD_INV_DEV_ENTRY);
841}
842
843static void build_inv_iommu_pages(struct iommu_cmd *cmd, u64 address,
844 size_t size, u16 domid, int pde)
845{
846 u64 pages;
847 bool s;
848
849 pages = iommu_num_pages(address, size, PAGE_SIZE);
850 s = false;
851
852 if (pages > 1) {
853 /*
854 * If we have to flush more than one page, flush all
855 * TLB entries for this domain
856 */
857 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
858 s = true;
859 }
860
861 address &= PAGE_MASK;
862
863 memset(cmd, 0, sizeof(*cmd));
864 cmd->data[1] |= domid;
865 cmd->data[2] = lower_32_bits(address);
866 cmd->data[3] = upper_32_bits(address);
867 CMD_SET_TYPE(cmd, CMD_INV_IOMMU_PAGES);
868 if (s) /* size bit - we flush more than one 4kb page */
869 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
870 if (pde) /* PDE bit - we want to flush everything, not only the PTEs */
871 cmd->data[2] |= CMD_INV_IOMMU_PAGES_PDE_MASK;
872}
873
874static void build_inv_iotlb_pages(struct iommu_cmd *cmd, u16 devid, int qdep,
875 u64 address, size_t size)
876{
877 u64 pages;
878 bool s;
879
880 pages = iommu_num_pages(address, size, PAGE_SIZE);
881 s = false;
882
883 if (pages > 1) {
884 /*
885 * If we have to flush more than one page, flush all
886 * TLB entries for this domain
887 */
888 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
889 s = true;
890 }
891
892 address &= PAGE_MASK;
893
894 memset(cmd, 0, sizeof(*cmd));
895 cmd->data[0] = devid;
896 cmd->data[0] |= (qdep & 0xff) << 24;
897 cmd->data[1] = devid;
898 cmd->data[2] = lower_32_bits(address);
899 cmd->data[3] = upper_32_bits(address);
900 CMD_SET_TYPE(cmd, CMD_INV_IOTLB_PAGES);
901 if (s)
902 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
903}
904
905static void build_inv_iommu_pasid(struct iommu_cmd *cmd, u16 domid, int pasid,
906 u64 address, bool size)
907{
908 memset(cmd, 0, sizeof(*cmd));
909
910 address &= ~(0xfffULL);
911
912 cmd->data[0] = pasid;
913 cmd->data[1] = domid;
914 cmd->data[2] = lower_32_bits(address);
915 cmd->data[3] = upper_32_bits(address);
916 cmd->data[2] |= CMD_INV_IOMMU_PAGES_PDE_MASK;
917 cmd->data[2] |= CMD_INV_IOMMU_PAGES_GN_MASK;
918 if (size)
919 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
920 CMD_SET_TYPE(cmd, CMD_INV_IOMMU_PAGES);
921}
922
923static void build_inv_iotlb_pasid(struct iommu_cmd *cmd, u16 devid, int pasid,
924 int qdep, u64 address, bool size)
925{
926 memset(cmd, 0, sizeof(*cmd));
927
928 address &= ~(0xfffULL);
929
930 cmd->data[0] = devid;
931 cmd->data[0] |= ((pasid >> 8) & 0xff) << 16;
932 cmd->data[0] |= (qdep & 0xff) << 24;
933 cmd->data[1] = devid;
934 cmd->data[1] |= (pasid & 0xff) << 16;
935 cmd->data[2] = lower_32_bits(address);
936 cmd->data[2] |= CMD_INV_IOMMU_PAGES_GN_MASK;
937 cmd->data[3] = upper_32_bits(address);
938 if (size)
939 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
940 CMD_SET_TYPE(cmd, CMD_INV_IOTLB_PAGES);
941}
942
943static void build_complete_ppr(struct iommu_cmd *cmd, u16 devid, int pasid,
944 int status, int tag, bool gn)
945{
946 memset(cmd, 0, sizeof(*cmd));
947
948 cmd->data[0] = devid;
949 if (gn) {
950 cmd->data[1] = pasid;
951 cmd->data[2] = CMD_INV_IOMMU_PAGES_GN_MASK;
952 }
953 cmd->data[3] = tag & 0x1ff;
954 cmd->data[3] |= (status & PPR_STATUS_MASK) << PPR_STATUS_SHIFT;
955
956 CMD_SET_TYPE(cmd, CMD_COMPLETE_PPR);
957}
958
959static void build_inv_all(struct iommu_cmd *cmd)
960{
961 memset(cmd, 0, sizeof(*cmd));
962 CMD_SET_TYPE(cmd, CMD_INV_ALL);
963}
964
965static void build_inv_irt(struct iommu_cmd *cmd, u16 devid)
966{
967 memset(cmd, 0, sizeof(*cmd));
968 cmd->data[0] = devid;
969 CMD_SET_TYPE(cmd, CMD_INV_IRT);
970}
971
972/*
973 * Writes the command to the IOMMUs command buffer and informs the
974 * hardware about the new command.
975 */
976static int iommu_queue_command_sync(struct amd_iommu *iommu,
977 struct iommu_cmd *cmd,
978 bool sync)
979{
980 u32 left, tail, head, next_tail;
981 unsigned long flags;
982
983 WARN_ON(iommu->cmd_buf_size & CMD_BUFFER_UNINITIALIZED);
984
985again:
986 spin_lock_irqsave(&iommu->lock, flags);
987
988 head = readl(iommu->mmio_base + MMIO_CMD_HEAD_OFFSET);
989 tail = readl(iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
990 next_tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
991 left = (head - next_tail) % iommu->cmd_buf_size;
992
993 if (left <= 2) {
994 struct iommu_cmd sync_cmd;
995 volatile u64 sem = 0;
996 int ret;
997
998 build_completion_wait(&sync_cmd, (u64)&sem);
999 copy_cmd_to_buffer(iommu, &sync_cmd, tail);
1000
1001 spin_unlock_irqrestore(&iommu->lock, flags);
1002
1003 if ((ret = wait_on_sem(&sem)) != 0)
1004 return ret;
1005
1006 goto again;
1007 }
1008
1009 copy_cmd_to_buffer(iommu, cmd, tail);
1010
1011 /* We need to sync now to make sure all commands are processed */
1012 iommu->need_sync = sync;
1013
1014 spin_unlock_irqrestore(&iommu->lock, flags);
1015
1016 return 0;
1017}
1018
1019static int iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
1020{
1021 return iommu_queue_command_sync(iommu, cmd, true);
1022}
1023
1024/*
1025 * This function queues a completion wait command into the command
1026 * buffer of an IOMMU
1027 */
1028static int iommu_completion_wait(struct amd_iommu *iommu)
1029{
1030 struct iommu_cmd cmd;
1031 volatile u64 sem = 0;
1032 int ret;
1033
1034 if (!iommu->need_sync)
1035 return 0;
1036
1037 build_completion_wait(&cmd, (u64)&sem);
1038
1039 ret = iommu_queue_command_sync(iommu, &cmd, false);
1040 if (ret)
1041 return ret;
1042
1043 return wait_on_sem(&sem);
1044}
1045
1046static int iommu_flush_dte(struct amd_iommu *iommu, u16 devid)
1047{
1048 struct iommu_cmd cmd;
1049
1050 build_inv_dte(&cmd, devid);
1051
1052 return iommu_queue_command(iommu, &cmd);
1053}
1054
1055static void iommu_flush_dte_all(struct amd_iommu *iommu)
1056{
1057 u32 devid;
1058
1059 for (devid = 0; devid <= 0xffff; ++devid)
1060 iommu_flush_dte(iommu, devid);
1061
1062 iommu_completion_wait(iommu);
1063}
1064
1065/*
1066 * This function uses heavy locking and may disable irqs for some time. But
1067 * this is no issue because it is only called during resume.
1068 */
1069static void iommu_flush_tlb_all(struct amd_iommu *iommu)
1070{
1071 u32 dom_id;
1072
1073 for (dom_id = 0; dom_id <= 0xffff; ++dom_id) {
1074 struct iommu_cmd cmd;
1075 build_inv_iommu_pages(&cmd, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS,
1076 dom_id, 1);
1077 iommu_queue_command(iommu, &cmd);
1078 }
1079
1080 iommu_completion_wait(iommu);
1081}
1082
1083static void iommu_flush_all(struct amd_iommu *iommu)
1084{
1085 struct iommu_cmd cmd;
1086
1087 build_inv_all(&cmd);
1088
1089 iommu_queue_command(iommu, &cmd);
1090 iommu_completion_wait(iommu);
1091}
1092
1093static void iommu_flush_irt(struct amd_iommu *iommu, u16 devid)
1094{
1095 struct iommu_cmd cmd;
1096
1097 build_inv_irt(&cmd, devid);
1098
1099 iommu_queue_command(iommu, &cmd);
1100}
1101
1102static void iommu_flush_irt_all(struct amd_iommu *iommu)
1103{
1104 u32 devid;
1105
1106 for (devid = 0; devid <= MAX_DEV_TABLE_ENTRIES; devid++)
1107 iommu_flush_irt(iommu, devid);
1108
1109 iommu_completion_wait(iommu);
1110}
1111
1112void iommu_flush_all_caches(struct amd_iommu *iommu)
1113{
1114 if (iommu_feature(iommu, FEATURE_IA)) {
1115 iommu_flush_all(iommu);
1116 } else {
1117 iommu_flush_dte_all(iommu);
1118 iommu_flush_irt_all(iommu);
1119 iommu_flush_tlb_all(iommu);
1120 }
1121}
1122
1123/*
1124 * Command send function for flushing on-device TLB
1125 */
1126static int device_flush_iotlb(struct iommu_dev_data *dev_data,
1127 u64 address, size_t size)
1128{
1129 struct amd_iommu *iommu;
1130 struct iommu_cmd cmd;
1131 int qdep;
1132
1133 qdep = dev_data->ats.qdep;
1134 iommu = amd_iommu_rlookup_table[dev_data->devid];
1135
1136 build_inv_iotlb_pages(&cmd, dev_data->devid, qdep, address, size);
1137
1138 return iommu_queue_command(iommu, &cmd);
1139}
1140
1141/*
1142 * Command send function for invalidating a device table entry
1143 */
1144static int device_flush_dte(struct iommu_dev_data *dev_data)
1145{
1146 struct amd_iommu *iommu;
1147 int ret;
1148
1149 iommu = amd_iommu_rlookup_table[dev_data->devid];
1150
1151 ret = iommu_flush_dte(iommu, dev_data->devid);
1152 if (ret)
1153 return ret;
1154
1155 if (dev_data->ats.enabled)
1156 ret = device_flush_iotlb(dev_data, 0, ~0UL);
1157
1158 return ret;
1159}
1160
1161/*
1162 * TLB invalidation function which is called from the mapping functions.
1163 * It invalidates a single PTE if the range to flush is within a single
1164 * page. Otherwise it flushes the whole TLB of the IOMMU.
1165 */
1166static void __domain_flush_pages(struct protection_domain *domain,
1167 u64 address, size_t size, int pde)
1168{
1169 struct iommu_dev_data *dev_data;
1170 struct iommu_cmd cmd;
1171 int ret = 0, i;
1172
1173 build_inv_iommu_pages(&cmd, address, size, domain->id, pde);
1174
1175 for (i = 0; i < amd_iommus_present; ++i) {
1176 if (!domain->dev_iommu[i])
1177 continue;
1178
1179 /*
1180 * Devices of this domain are behind this IOMMU
1181 * We need a TLB flush
1182 */
1183 ret |= iommu_queue_command(amd_iommus[i], &cmd);
1184 }
1185
1186 list_for_each_entry(dev_data, &domain->dev_list, list) {
1187
1188 if (!dev_data->ats.enabled)
1189 continue;
1190
1191 ret |= device_flush_iotlb(dev_data, address, size);
1192 }
1193
1194 WARN_ON(ret);
1195}
1196
1197static void domain_flush_pages(struct protection_domain *domain,
1198 u64 address, size_t size)
1199{
1200 __domain_flush_pages(domain, address, size, 0);
1201}
1202
1203/* Flush the whole IO/TLB for a given protection domain */
1204static void domain_flush_tlb(struct protection_domain *domain)
1205{
1206 __domain_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 0);
1207}
1208
1209/* Flush the whole IO/TLB for a given protection domain - including PDE */
1210static void domain_flush_tlb_pde(struct protection_domain *domain)
1211{
1212 __domain_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 1);
1213}
1214
1215static void domain_flush_complete(struct protection_domain *domain)
1216{
1217 int i;
1218
1219 for (i = 0; i < amd_iommus_present; ++i) {
1220 if (!domain->dev_iommu[i])
1221 continue;
1222
1223 /*
1224 * Devices of this domain are behind this IOMMU
1225 * We need to wait for completion of all commands.
1226 */
1227 iommu_completion_wait(amd_iommus[i]);
1228 }
1229}
1230
1231
1232/*
1233 * This function flushes the DTEs for all devices in domain
1234 */
1235static void domain_flush_devices(struct protection_domain *domain)
1236{
1237 struct iommu_dev_data *dev_data;
1238
1239 list_for_each_entry(dev_data, &domain->dev_list, list)
1240 device_flush_dte(dev_data);
1241}
1242
1243/****************************************************************************
1244 *
1245 * The functions below are used the create the page table mappings for
1246 * unity mapped regions.
1247 *
1248 ****************************************************************************/
1249
1250/*
1251 * This function is used to add another level to an IO page table. Adding
1252 * another level increases the size of the address space by 9 bits to a size up
1253 * to 64 bits.
1254 */
1255static bool increase_address_space(struct protection_domain *domain,
1256 gfp_t gfp)
1257{
1258 u64 *pte;
1259
1260 if (domain->mode == PAGE_MODE_6_LEVEL)
1261 /* address space already 64 bit large */
1262 return false;
1263
1264 pte = (void *)get_zeroed_page(gfp);
1265 if (!pte)
1266 return false;
1267
1268 *pte = PM_LEVEL_PDE(domain->mode,
1269 virt_to_phys(domain->pt_root));
1270 domain->pt_root = pte;
1271 domain->mode += 1;
1272 domain->updated = true;
1273
1274 return true;
1275}
1276
1277static u64 *alloc_pte(struct protection_domain *domain,
1278 unsigned long address,
1279 unsigned long page_size,
1280 u64 **pte_page,
1281 gfp_t gfp)
1282{
1283 int level, end_lvl;
1284 u64 *pte, *page;
1285
1286 BUG_ON(!is_power_of_2(page_size));
1287
1288 while (address > PM_LEVEL_SIZE(domain->mode))
1289 increase_address_space(domain, gfp);
1290
1291 level = domain->mode - 1;
1292 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
1293 address = PAGE_SIZE_ALIGN(address, page_size);
1294 end_lvl = PAGE_SIZE_LEVEL(page_size);
1295
1296 while (level > end_lvl) {
1297 if (!IOMMU_PTE_PRESENT(*pte)) {
1298 page = (u64 *)get_zeroed_page(gfp);
1299 if (!page)
1300 return NULL;
1301 *pte = PM_LEVEL_PDE(level, virt_to_phys(page));
1302 }
1303
1304 /* No level skipping support yet */
1305 if (PM_PTE_LEVEL(*pte) != level)
1306 return NULL;
1307
1308 level -= 1;
1309
1310 pte = IOMMU_PTE_PAGE(*pte);
1311
1312 if (pte_page && level == end_lvl)
1313 *pte_page = pte;
1314
1315 pte = &pte[PM_LEVEL_INDEX(level, address)];
1316 }
1317
1318 return pte;
1319}
1320
1321/*
1322 * This function checks if there is a PTE for a given dma address. If
1323 * there is one, it returns the pointer to it.
1324 */
1325static u64 *fetch_pte(struct protection_domain *domain,
1326 unsigned long address,
1327 unsigned long *page_size)
1328{
1329 int level;
1330 u64 *pte;
1331
1332 if (address > PM_LEVEL_SIZE(domain->mode))
1333 return NULL;
1334
1335 level = domain->mode - 1;
1336 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
1337 *page_size = PTE_LEVEL_PAGE_SIZE(level);
1338
1339 while (level > 0) {
1340
1341 /* Not Present */
1342 if (!IOMMU_PTE_PRESENT(*pte))
1343 return NULL;
1344
1345 /* Large PTE */
1346 if (PM_PTE_LEVEL(*pte) == 7 ||
1347 PM_PTE_LEVEL(*pte) == 0)
1348 break;
1349
1350 /* No level skipping support yet */
1351 if (PM_PTE_LEVEL(*pte) != level)
1352 return NULL;
1353
1354 level -= 1;
1355
1356 /* Walk to the next level */
1357 pte = IOMMU_PTE_PAGE(*pte);
1358 pte = &pte[PM_LEVEL_INDEX(level, address)];
1359 *page_size = PTE_LEVEL_PAGE_SIZE(level);
1360 }
1361
1362 if (PM_PTE_LEVEL(*pte) == 0x07) {
1363 unsigned long pte_mask;
1364
1365 /*
1366 * If we have a series of large PTEs, make
1367 * sure to return a pointer to the first one.
1368 */
1369 *page_size = pte_mask = PTE_PAGE_SIZE(*pte);
1370 pte_mask = ~((PAGE_SIZE_PTE_COUNT(pte_mask) << 3) - 1);
1371 pte = (u64 *)(((unsigned long)pte) & pte_mask);
1372 }
1373
1374 return pte;
1375}
1376
1377/*
1378 * Generic mapping functions. It maps a physical address into a DMA
1379 * address space. It allocates the page table pages if necessary.
1380 * In the future it can be extended to a generic mapping function
1381 * supporting all features of AMD IOMMU page tables like level skipping
1382 * and full 64 bit address spaces.
1383 */
1384static int iommu_map_page(struct protection_domain *dom,
1385 unsigned long bus_addr,
1386 unsigned long phys_addr,
1387 int prot,
1388 unsigned long page_size)
1389{
1390 u64 __pte, *pte;
1391 int i, count;
1392
1393 if (!(prot & IOMMU_PROT_MASK))
1394 return -EINVAL;
1395
1396 bus_addr = PAGE_ALIGN(bus_addr);
1397 phys_addr = PAGE_ALIGN(phys_addr);
1398 count = PAGE_SIZE_PTE_COUNT(page_size);
1399 pte = alloc_pte(dom, bus_addr, page_size, NULL, GFP_KERNEL);
1400
1401 if (!pte)
1402 return -ENOMEM;
1403
1404 for (i = 0; i < count; ++i)
1405 if (IOMMU_PTE_PRESENT(pte[i]))
1406 return -EBUSY;
1407
1408 if (page_size > PAGE_SIZE) {
1409 __pte = PAGE_SIZE_PTE(phys_addr, page_size);
1410 __pte |= PM_LEVEL_ENC(7) | IOMMU_PTE_P | IOMMU_PTE_FC;
1411 } else
1412 __pte = phys_addr | IOMMU_PTE_P | IOMMU_PTE_FC;
1413
1414 if (prot & IOMMU_PROT_IR)
1415 __pte |= IOMMU_PTE_IR;
1416 if (prot & IOMMU_PROT_IW)
1417 __pte |= IOMMU_PTE_IW;
1418
1419 for (i = 0; i < count; ++i)
1420 pte[i] = __pte;
1421
1422 update_domain(dom);
1423
1424 return 0;
1425}
1426
1427static unsigned long iommu_unmap_page(struct protection_domain *dom,
1428 unsigned long bus_addr,
1429 unsigned long page_size)
1430{
1431 unsigned long long unmap_size, unmapped;
1432 unsigned long pte_pgsize;
1433 u64 *pte;
1434
1435 BUG_ON(!is_power_of_2(page_size));
1436
1437 unmapped = 0;
1438
1439 while (unmapped < page_size) {
1440
1441 pte = fetch_pte(dom, bus_addr, &pte_pgsize);
1442
1443 if (!pte) {
1444 /*
1445 * No PTE for this address
1446 * move forward in 4kb steps
1447 */
1448 unmap_size = PAGE_SIZE;
1449 } else if (PM_PTE_LEVEL(*pte) == 0) {
1450 /* 4kb PTE found for this address */
1451 unmap_size = PAGE_SIZE;
1452 *pte = 0ULL;
1453 } else {
1454 int count, i;
1455
1456 /* Large PTE found which maps this address */
1457 unmap_size = PTE_PAGE_SIZE(*pte);
1458
1459 /* Only unmap from the first pte in the page */
1460 if ((unmap_size - 1) & bus_addr)
1461 break;
1462 count = PAGE_SIZE_PTE_COUNT(unmap_size);
1463 for (i = 0; i < count; i++)
1464 pte[i] = 0ULL;
1465 }
1466
1467 bus_addr = (bus_addr & ~(unmap_size - 1)) + unmap_size;
1468 unmapped += unmap_size;
1469 }
1470
1471 BUG_ON(unmapped && !is_power_of_2(unmapped));
1472
1473 return unmapped;
1474}
1475
1476/*
1477 * This function checks if a specific unity mapping entry is needed for
1478 * this specific IOMMU.
1479 */
1480static int iommu_for_unity_map(struct amd_iommu *iommu,
1481 struct unity_map_entry *entry)
1482{
1483 u16 bdf, i;
1484
1485 for (i = entry->devid_start; i <= entry->devid_end; ++i) {
1486 bdf = amd_iommu_alias_table[i];
1487 if (amd_iommu_rlookup_table[bdf] == iommu)
1488 return 1;
1489 }
1490
1491 return 0;
1492}
1493
1494/*
1495 * This function actually applies the mapping to the page table of the
1496 * dma_ops domain.
1497 */
1498static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
1499 struct unity_map_entry *e)
1500{
1501 u64 addr;
1502 int ret;
1503
1504 for (addr = e->address_start; addr < e->address_end;
1505 addr += PAGE_SIZE) {
1506 ret = iommu_map_page(&dma_dom->domain, addr, addr, e->prot,
1507 PAGE_SIZE);
1508 if (ret)
1509 return ret;
1510 /*
1511 * if unity mapping is in aperture range mark the page
1512 * as allocated in the aperture
1513 */
1514 if (addr < dma_dom->aperture_size)
1515 __set_bit(addr >> PAGE_SHIFT,
1516 dma_dom->aperture[0]->bitmap);
1517 }
1518
1519 return 0;
1520}
1521
1522/*
1523 * Init the unity mappings for a specific IOMMU in the system
1524 *
1525 * Basically iterates over all unity mapping entries and applies them to
1526 * the default domain DMA of that IOMMU if necessary.
1527 */
1528static int iommu_init_unity_mappings(struct amd_iommu *iommu)
1529{
1530 struct unity_map_entry *entry;
1531 int ret;
1532
1533 list_for_each_entry(entry, &amd_iommu_unity_map, list) {
1534 if (!iommu_for_unity_map(iommu, entry))
1535 continue;
1536 ret = dma_ops_unity_map(iommu->default_dom, entry);
1537 if (ret)
1538 return ret;
1539 }
1540
1541 return 0;
1542}
1543
1544/*
1545 * Inits the unity mappings required for a specific device
1546 */
1547static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
1548 u16 devid)
1549{
1550 struct unity_map_entry *e;
1551 int ret;
1552
1553 list_for_each_entry(e, &amd_iommu_unity_map, list) {
1554 if (!(devid >= e->devid_start && devid <= e->devid_end))
1555 continue;
1556 ret = dma_ops_unity_map(dma_dom, e);
1557 if (ret)
1558 return ret;
1559 }
1560
1561 return 0;
1562}
1563
1564/****************************************************************************
1565 *
1566 * The next functions belong to the address allocator for the dma_ops
1567 * interface functions. They work like the allocators in the other IOMMU
1568 * drivers. Its basically a bitmap which marks the allocated pages in
1569 * the aperture. Maybe it could be enhanced in the future to a more
1570 * efficient allocator.
1571 *
1572 ****************************************************************************/
1573
1574/*
1575 * The address allocator core functions.
1576 *
1577 * called with domain->lock held
1578 */
1579
1580/*
1581 * Used to reserve address ranges in the aperture (e.g. for exclusion
1582 * ranges.
1583 */
1584static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
1585 unsigned long start_page,
1586 unsigned int pages)
1587{
1588 unsigned int i, last_page = dom->aperture_size >> PAGE_SHIFT;
1589
1590 if (start_page + pages > last_page)
1591 pages = last_page - start_page;
1592
1593 for (i = start_page; i < start_page + pages; ++i) {
1594 int index = i / APERTURE_RANGE_PAGES;
1595 int page = i % APERTURE_RANGE_PAGES;
1596 __set_bit(page, dom->aperture[index]->bitmap);
1597 }
1598}
1599
1600/*
1601 * This function is used to add a new aperture range to an existing
1602 * aperture in case of dma_ops domain allocation or address allocation
1603 * failure.
1604 */
1605static int alloc_new_range(struct dma_ops_domain *dma_dom,
1606 bool populate, gfp_t gfp)
1607{
1608 int index = dma_dom->aperture_size >> APERTURE_RANGE_SHIFT;
1609 struct amd_iommu *iommu;
1610 unsigned long i, old_size;
1611
1612#ifdef CONFIG_IOMMU_STRESS
1613 populate = false;
1614#endif
1615
1616 if (index >= APERTURE_MAX_RANGES)
1617 return -ENOMEM;
1618
1619 dma_dom->aperture[index] = kzalloc(sizeof(struct aperture_range), gfp);
1620 if (!dma_dom->aperture[index])
1621 return -ENOMEM;
1622
1623 dma_dom->aperture[index]->bitmap = (void *)get_zeroed_page(gfp);
1624 if (!dma_dom->aperture[index]->bitmap)
1625 goto out_free;
1626
1627 dma_dom->aperture[index]->offset = dma_dom->aperture_size;
1628
1629 if (populate) {
1630 unsigned long address = dma_dom->aperture_size;
1631 int i, num_ptes = APERTURE_RANGE_PAGES / 512;
1632 u64 *pte, *pte_page;
1633
1634 for (i = 0; i < num_ptes; ++i) {
1635 pte = alloc_pte(&dma_dom->domain, address, PAGE_SIZE,
1636 &pte_page, gfp);
1637 if (!pte)
1638 goto out_free;
1639
1640 dma_dom->aperture[index]->pte_pages[i] = pte_page;
1641
1642 address += APERTURE_RANGE_SIZE / 64;
1643 }
1644 }
1645
1646 old_size = dma_dom->aperture_size;
1647 dma_dom->aperture_size += APERTURE_RANGE_SIZE;
1648
1649 /* Reserve address range used for MSI messages */
1650 if (old_size < MSI_ADDR_BASE_LO &&
1651 dma_dom->aperture_size > MSI_ADDR_BASE_LO) {
1652 unsigned long spage;
1653 int pages;
1654
1655 pages = iommu_num_pages(MSI_ADDR_BASE_LO, 0x10000, PAGE_SIZE);
1656 spage = MSI_ADDR_BASE_LO >> PAGE_SHIFT;
1657
1658 dma_ops_reserve_addresses(dma_dom, spage, pages);
1659 }
1660
1661 /* Initialize the exclusion range if necessary */
1662 for_each_iommu(iommu) {
1663 if (iommu->exclusion_start &&
1664 iommu->exclusion_start >= dma_dom->aperture[index]->offset
1665 && iommu->exclusion_start < dma_dom->aperture_size) {
1666 unsigned long startpage;
1667 int pages = iommu_num_pages(iommu->exclusion_start,
1668 iommu->exclusion_length,
1669 PAGE_SIZE);
1670 startpage = iommu->exclusion_start >> PAGE_SHIFT;
1671 dma_ops_reserve_addresses(dma_dom, startpage, pages);
1672 }
1673 }
1674
1675 /*
1676 * Check for areas already mapped as present in the new aperture
1677 * range and mark those pages as reserved in the allocator. Such
1678 * mappings may already exist as a result of requested unity
1679 * mappings for devices.
1680 */
1681 for (i = dma_dom->aperture[index]->offset;
1682 i < dma_dom->aperture_size;
1683 i += PAGE_SIZE) {
1684 unsigned long pte_pgsize;
1685 u64 *pte = fetch_pte(&dma_dom->domain, i, &pte_pgsize);
1686 if (!pte || !IOMMU_PTE_PRESENT(*pte))
1687 continue;
1688
1689 dma_ops_reserve_addresses(dma_dom, i >> PAGE_SHIFT, 1);
1690 }
1691
1692 update_domain(&dma_dom->domain);
1693
1694 return 0;
1695
1696out_free:
1697 update_domain(&dma_dom->domain);
1698
1699 free_page((unsigned long)dma_dom->aperture[index]->bitmap);
1700
1701 kfree(dma_dom->aperture[index]);
1702 dma_dom->aperture[index] = NULL;
1703
1704 return -ENOMEM;
1705}
1706
1707static unsigned long dma_ops_area_alloc(struct device *dev,
1708 struct dma_ops_domain *dom,
1709 unsigned int pages,
1710 unsigned long align_mask,
1711 u64 dma_mask,
1712 unsigned long start)
1713{
1714 unsigned long next_bit = dom->next_address % APERTURE_RANGE_SIZE;
1715 int max_index = dom->aperture_size >> APERTURE_RANGE_SHIFT;
1716 int i = start >> APERTURE_RANGE_SHIFT;
1717 unsigned long boundary_size;
1718 unsigned long address = -1;
1719 unsigned long limit;
1720
1721 next_bit >>= PAGE_SHIFT;
1722
1723 boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
1724 PAGE_SIZE) >> PAGE_SHIFT;
1725
1726 for (;i < max_index; ++i) {
1727 unsigned long offset = dom->aperture[i]->offset >> PAGE_SHIFT;
1728
1729 if (dom->aperture[i]->offset >= dma_mask)
1730 break;
1731
1732 limit = iommu_device_max_index(APERTURE_RANGE_PAGES, offset,
1733 dma_mask >> PAGE_SHIFT);
1734
1735 address = iommu_area_alloc(dom->aperture[i]->bitmap,
1736 limit, next_bit, pages, 0,
1737 boundary_size, align_mask);
1738 if (address != -1) {
1739 address = dom->aperture[i]->offset +
1740 (address << PAGE_SHIFT);
1741 dom->next_address = address + (pages << PAGE_SHIFT);
1742 break;
1743 }
1744
1745 next_bit = 0;
1746 }
1747
1748 return address;
1749}
1750
1751static unsigned long dma_ops_alloc_addresses(struct device *dev,
1752 struct dma_ops_domain *dom,
1753 unsigned int pages,
1754 unsigned long align_mask,
1755 u64 dma_mask)
1756{
1757 unsigned long address;
1758
1759#ifdef CONFIG_IOMMU_STRESS
1760 dom->next_address = 0;
1761 dom->need_flush = true;
1762#endif
1763
1764 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1765 dma_mask, dom->next_address);
1766
1767 if (address == -1) {
1768 dom->next_address = 0;
1769 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1770 dma_mask, 0);
1771 dom->need_flush = true;
1772 }
1773
1774 if (unlikely(address == -1))
1775 address = DMA_ERROR_CODE;
1776
1777 WARN_ON((address + (PAGE_SIZE*pages)) > dom->aperture_size);
1778
1779 return address;
1780}
1781
1782/*
1783 * The address free function.
1784 *
1785 * called with domain->lock held
1786 */
1787static void dma_ops_free_addresses(struct dma_ops_domain *dom,
1788 unsigned long address,
1789 unsigned int pages)
1790{
1791 unsigned i = address >> APERTURE_RANGE_SHIFT;
1792 struct aperture_range *range = dom->aperture[i];
1793
1794 BUG_ON(i >= APERTURE_MAX_RANGES || range == NULL);
1795
1796#ifdef CONFIG_IOMMU_STRESS
1797 if (i < 4)
1798 return;
1799#endif
1800
1801 if (address >= dom->next_address)
1802 dom->need_flush = true;
1803
1804 address = (address % APERTURE_RANGE_SIZE) >> PAGE_SHIFT;
1805
1806 bitmap_clear(range->bitmap, address, pages);
1807
1808}
1809
1810/****************************************************************************
1811 *
1812 * The next functions belong to the domain allocation. A domain is
1813 * allocated for every IOMMU as the default domain. If device isolation
1814 * is enabled, every device get its own domain. The most important thing
1815 * about domains is the page table mapping the DMA address space they
1816 * contain.
1817 *
1818 ****************************************************************************/
1819
1820/*
1821 * This function adds a protection domain to the global protection domain list
1822 */
1823static void add_domain_to_list(struct protection_domain *domain)
1824{
1825 unsigned long flags;
1826
1827 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1828 list_add(&domain->list, &amd_iommu_pd_list);
1829 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1830}
1831
1832/*
1833 * This function removes a protection domain to the global
1834 * protection domain list
1835 */
1836static void del_domain_from_list(struct protection_domain *domain)
1837{
1838 unsigned long flags;
1839
1840 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1841 list_del(&domain->list);
1842 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1843}
1844
1845static u16 domain_id_alloc(void)
1846{
1847 unsigned long flags;
1848 int id;
1849
1850 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1851 id = find_first_zero_bit(amd_iommu_pd_alloc_bitmap, MAX_DOMAIN_ID);
1852 BUG_ON(id == 0);
1853 if (id > 0 && id < MAX_DOMAIN_ID)
1854 __set_bit(id, amd_iommu_pd_alloc_bitmap);
1855 else
1856 id = 0;
1857 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1858
1859 return id;
1860}
1861
1862static void domain_id_free(int id)
1863{
1864 unsigned long flags;
1865
1866 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1867 if (id > 0 && id < MAX_DOMAIN_ID)
1868 __clear_bit(id, amd_iommu_pd_alloc_bitmap);
1869 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1870}
1871
1872#define DEFINE_FREE_PT_FN(LVL, FN) \
1873static void free_pt_##LVL (unsigned long __pt) \
1874{ \
1875 unsigned long p; \
1876 u64 *pt; \
1877 int i; \
1878 \
1879 pt = (u64 *)__pt; \
1880 \
1881 for (i = 0; i < 512; ++i) { \
1882 if (!IOMMU_PTE_PRESENT(pt[i])) \
1883 continue; \
1884 \
1885 p = (unsigned long)IOMMU_PTE_PAGE(pt[i]); \
1886 FN(p); \
1887 } \
1888 free_page((unsigned long)pt); \
1889}
1890
1891DEFINE_FREE_PT_FN(l2, free_page)
1892DEFINE_FREE_PT_FN(l3, free_pt_l2)
1893DEFINE_FREE_PT_FN(l4, free_pt_l3)
1894DEFINE_FREE_PT_FN(l5, free_pt_l4)
1895DEFINE_FREE_PT_FN(l6, free_pt_l5)
1896
1897static void free_pagetable(struct protection_domain *domain)
1898{
1899 unsigned long root = (unsigned long)domain->pt_root;
1900
1901 switch (domain->mode) {
1902 case PAGE_MODE_NONE:
1903 break;
1904 case PAGE_MODE_1_LEVEL:
1905 free_page(root);
1906 break;
1907 case PAGE_MODE_2_LEVEL:
1908 free_pt_l2(root);
1909 break;
1910 case PAGE_MODE_3_LEVEL:
1911 free_pt_l3(root);
1912 break;
1913 case PAGE_MODE_4_LEVEL:
1914 free_pt_l4(root);
1915 break;
1916 case PAGE_MODE_5_LEVEL:
1917 free_pt_l5(root);
1918 break;
1919 case PAGE_MODE_6_LEVEL:
1920 free_pt_l6(root);
1921 break;
1922 default:
1923 BUG();
1924 }
1925}
1926
1927static void free_gcr3_tbl_level1(u64 *tbl)
1928{
1929 u64 *ptr;
1930 int i;
1931
1932 for (i = 0; i < 512; ++i) {
1933 if (!(tbl[i] & GCR3_VALID))
1934 continue;
1935
1936 ptr = __va(tbl[i] & PAGE_MASK);
1937
1938 free_page((unsigned long)ptr);
1939 }
1940}
1941
1942static void free_gcr3_tbl_level2(u64 *tbl)
1943{
1944 u64 *ptr;
1945 int i;
1946
1947 for (i = 0; i < 512; ++i) {
1948 if (!(tbl[i] & GCR3_VALID))
1949 continue;
1950
1951 ptr = __va(tbl[i] & PAGE_MASK);
1952
1953 free_gcr3_tbl_level1(ptr);
1954 }
1955}
1956
1957static void free_gcr3_table(struct protection_domain *domain)
1958{
1959 if (domain->glx == 2)
1960 free_gcr3_tbl_level2(domain->gcr3_tbl);
1961 else if (domain->glx == 1)
1962 free_gcr3_tbl_level1(domain->gcr3_tbl);
1963 else if (domain->glx != 0)
1964 BUG();
1965
1966 free_page((unsigned long)domain->gcr3_tbl);
1967}
1968
1969/*
1970 * Free a domain, only used if something went wrong in the
1971 * allocation path and we need to free an already allocated page table
1972 */
1973static void dma_ops_domain_free(struct dma_ops_domain *dom)
1974{
1975 int i;
1976
1977 if (!dom)
1978 return;
1979
1980 del_domain_from_list(&dom->domain);
1981
1982 free_pagetable(&dom->domain);
1983
1984 for (i = 0; i < APERTURE_MAX_RANGES; ++i) {
1985 if (!dom->aperture[i])
1986 continue;
1987 free_page((unsigned long)dom->aperture[i]->bitmap);
1988 kfree(dom->aperture[i]);
1989 }
1990
1991 kfree(dom);
1992}
1993
1994/*
1995 * Allocates a new protection domain usable for the dma_ops functions.
1996 * It also initializes the page table and the address allocator data
1997 * structures required for the dma_ops interface
1998 */
1999static struct dma_ops_domain *dma_ops_domain_alloc(void)
2000{
2001 struct dma_ops_domain *dma_dom;
2002
2003 dma_dom = kzalloc(sizeof(struct dma_ops_domain), GFP_KERNEL);
2004 if (!dma_dom)
2005 return NULL;
2006
2007 spin_lock_init(&dma_dom->domain.lock);
2008
2009 dma_dom->domain.id = domain_id_alloc();
2010 if (dma_dom->domain.id == 0)
2011 goto free_dma_dom;
2012 INIT_LIST_HEAD(&dma_dom->domain.dev_list);
2013 dma_dom->domain.mode = PAGE_MODE_2_LEVEL;
2014 dma_dom->domain.pt_root = (void *)get_zeroed_page(GFP_KERNEL);
2015 dma_dom->domain.flags = PD_DMA_OPS_MASK;
2016 dma_dom->domain.priv = dma_dom;
2017 if (!dma_dom->domain.pt_root)
2018 goto free_dma_dom;
2019
2020 dma_dom->need_flush = false;
2021 dma_dom->target_dev = 0xffff;
2022
2023 add_domain_to_list(&dma_dom->domain);
2024
2025 if (alloc_new_range(dma_dom, true, GFP_KERNEL))
2026 goto free_dma_dom;
2027
2028 /*
2029 * mark the first page as allocated so we never return 0 as
2030 * a valid dma-address. So we can use 0 as error value
2031 */
2032 dma_dom->aperture[0]->bitmap[0] = 1;
2033 dma_dom->next_address = 0;
2034
2035
2036 return dma_dom;
2037
2038free_dma_dom:
2039 dma_ops_domain_free(dma_dom);
2040
2041 return NULL;
2042}
2043
2044/*
2045 * little helper function to check whether a given protection domain is a
2046 * dma_ops domain
2047 */
2048static bool dma_ops_domain(struct protection_domain *domain)
2049{
2050 return domain->flags & PD_DMA_OPS_MASK;
2051}
2052
2053static void set_dte_entry(u16 devid, struct protection_domain *domain, bool ats)
2054{
2055 u64 pte_root = 0;
2056 u64 flags = 0;
2057
2058 if (domain->mode != PAGE_MODE_NONE)
2059 pte_root = virt_to_phys(domain->pt_root);
2060
2061 pte_root |= (domain->mode & DEV_ENTRY_MODE_MASK)
2062 << DEV_ENTRY_MODE_SHIFT;
2063 pte_root |= IOMMU_PTE_IR | IOMMU_PTE_IW | IOMMU_PTE_P | IOMMU_PTE_TV;
2064
2065 flags = amd_iommu_dev_table[devid].data[1];
2066
2067 if (ats)
2068 flags |= DTE_FLAG_IOTLB;
2069
2070 if (domain->flags & PD_IOMMUV2_MASK) {
2071 u64 gcr3 = __pa(domain->gcr3_tbl);
2072 u64 glx = domain->glx;
2073 u64 tmp;
2074
2075 pte_root |= DTE_FLAG_GV;
2076 pte_root |= (glx & DTE_GLX_MASK) << DTE_GLX_SHIFT;
2077
2078 /* First mask out possible old values for GCR3 table */
2079 tmp = DTE_GCR3_VAL_B(~0ULL) << DTE_GCR3_SHIFT_B;
2080 flags &= ~tmp;
2081
2082 tmp = DTE_GCR3_VAL_C(~0ULL) << DTE_GCR3_SHIFT_C;
2083 flags &= ~tmp;
2084
2085 /* Encode GCR3 table into DTE */
2086 tmp = DTE_GCR3_VAL_A(gcr3) << DTE_GCR3_SHIFT_A;
2087 pte_root |= tmp;
2088
2089 tmp = DTE_GCR3_VAL_B(gcr3) << DTE_GCR3_SHIFT_B;
2090 flags |= tmp;
2091
2092 tmp = DTE_GCR3_VAL_C(gcr3) << DTE_GCR3_SHIFT_C;
2093 flags |= tmp;
2094 }
2095
2096 flags &= ~(0xffffUL);
2097 flags |= domain->id;
2098
2099 amd_iommu_dev_table[devid].data[1] = flags;
2100 amd_iommu_dev_table[devid].data[0] = pte_root;
2101}
2102
2103static void clear_dte_entry(u16 devid)
2104{
2105 /* remove entry from the device table seen by the hardware */
2106 amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
2107 amd_iommu_dev_table[devid].data[1] = 0;
2108
2109 amd_iommu_apply_erratum_63(devid);
2110}
2111
2112static void do_attach(struct iommu_dev_data *dev_data,
2113 struct protection_domain *domain)
2114{
2115 struct amd_iommu *iommu;
2116 bool ats;
2117
2118 iommu = amd_iommu_rlookup_table[dev_data->devid];
2119 ats = dev_data->ats.enabled;
2120
2121 /* Update data structures */
2122 dev_data->domain = domain;
2123 list_add(&dev_data->list, &domain->dev_list);
2124 set_dte_entry(dev_data->devid, domain, ats);
2125
2126 /* Do reference counting */
2127 domain->dev_iommu[iommu->index] += 1;
2128 domain->dev_cnt += 1;
2129
2130 /* Flush the DTE entry */
2131 device_flush_dte(dev_data);
2132}
2133
2134static void do_detach(struct iommu_dev_data *dev_data)
2135{
2136 struct amd_iommu *iommu;
2137
2138 iommu = amd_iommu_rlookup_table[dev_data->devid];
2139
2140 /* decrease reference counters */
2141 dev_data->domain->dev_iommu[iommu->index] -= 1;
2142 dev_data->domain->dev_cnt -= 1;
2143
2144 /* Update data structures */
2145 dev_data->domain = NULL;
2146 list_del(&dev_data->list);
2147 clear_dte_entry(dev_data->devid);
2148
2149 /* Flush the DTE entry */
2150 device_flush_dte(dev_data);
2151}
2152
2153/*
2154 * If a device is not yet associated with a domain, this function does
2155 * assigns it visible for the hardware
2156 */
2157static int __attach_device(struct iommu_dev_data *dev_data,
2158 struct protection_domain *domain)
2159{
2160 struct iommu_dev_data *head, *entry;
2161 int ret;
2162
2163 /* lock domain */
2164 spin_lock(&domain->lock);
2165
2166 head = dev_data;
2167
2168 if (head->alias_data != NULL)
2169 head = head->alias_data;
2170
2171 /* Now we have the root of the alias group, if any */
2172
2173 ret = -EBUSY;
2174 if (head->domain != NULL)
2175 goto out_unlock;
2176
2177 /* Attach alias group root */
2178 do_attach(head, domain);
2179
2180 /* Attach other devices in the alias group */
2181 list_for_each_entry(entry, &head->alias_list, alias_list)
2182 do_attach(entry, domain);
2183
2184 ret = 0;
2185
2186out_unlock:
2187
2188 /* ready */
2189 spin_unlock(&domain->lock);
2190
2191 return ret;
2192}
2193
2194
2195static void pdev_iommuv2_disable(struct pci_dev *pdev)
2196{
2197 pci_disable_ats(pdev);
2198 pci_disable_pri(pdev);
2199 pci_disable_pasid(pdev);
2200}
2201
2202/* FIXME: Change generic reset-function to do the same */
2203static int pri_reset_while_enabled(struct pci_dev *pdev)
2204{
2205 u16 control;
2206 int pos;
2207
2208 pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_PRI);
2209 if (!pos)
2210 return -EINVAL;
2211
2212 pci_read_config_word(pdev, pos + PCI_PRI_CTRL, &control);
2213 control |= PCI_PRI_CTRL_RESET;
2214 pci_write_config_word(pdev, pos + PCI_PRI_CTRL, control);
2215
2216 return 0;
2217}
2218
2219static int pdev_iommuv2_enable(struct pci_dev *pdev)
2220{
2221 bool reset_enable;
2222 int reqs, ret;
2223
2224 /* FIXME: Hardcode number of outstanding requests for now */
2225 reqs = 32;
2226 if (pdev_pri_erratum(pdev, AMD_PRI_DEV_ERRATUM_LIMIT_REQ_ONE))
2227 reqs = 1;
2228 reset_enable = pdev_pri_erratum(pdev, AMD_PRI_DEV_ERRATUM_ENABLE_RESET);
2229
2230 /* Only allow access to user-accessible pages */
2231 ret = pci_enable_pasid(pdev, 0);
2232 if (ret)
2233 goto out_err;
2234
2235 /* First reset the PRI state of the device */
2236 ret = pci_reset_pri(pdev);
2237 if (ret)
2238 goto out_err;
2239
2240 /* Enable PRI */
2241 ret = pci_enable_pri(pdev, reqs);
2242 if (ret)
2243 goto out_err;
2244
2245 if (reset_enable) {
2246 ret = pri_reset_while_enabled(pdev);
2247 if (ret)
2248 goto out_err;
2249 }
2250
2251 ret = pci_enable_ats(pdev, PAGE_SHIFT);
2252 if (ret)
2253 goto out_err;
2254
2255 return 0;
2256
2257out_err:
2258 pci_disable_pri(pdev);
2259 pci_disable_pasid(pdev);
2260
2261 return ret;
2262}
2263
2264/* FIXME: Move this to PCI code */
2265#define PCI_PRI_TLP_OFF (1 << 15)
2266
2267static bool pci_pri_tlp_required(struct pci_dev *pdev)
2268{
2269 u16 status;
2270 int pos;
2271
2272 pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_PRI);
2273 if (!pos)
2274 return false;
2275
2276 pci_read_config_word(pdev, pos + PCI_PRI_STATUS, &status);
2277
2278 return (status & PCI_PRI_TLP_OFF) ? true : false;
2279}
2280
2281/*
2282 * If a device is not yet associated with a domain, this function
2283 * assigns it visible for the hardware
2284 */
2285static int attach_device(struct device *dev,
2286 struct protection_domain *domain)
2287{
2288 struct pci_dev *pdev = to_pci_dev(dev);
2289 struct iommu_dev_data *dev_data;
2290 unsigned long flags;
2291 int ret;
2292
2293 dev_data = get_dev_data(dev);
2294
2295 if (domain->flags & PD_IOMMUV2_MASK) {
2296 if (!dev_data->iommu_v2 || !dev_data->passthrough)
2297 return -EINVAL;
2298
2299 if (pdev_iommuv2_enable(pdev) != 0)
2300 return -EINVAL;
2301
2302 dev_data->ats.enabled = true;
2303 dev_data->ats.qdep = pci_ats_queue_depth(pdev);
2304 dev_data->pri_tlp = pci_pri_tlp_required(pdev);
2305 } else if (amd_iommu_iotlb_sup &&
2306 pci_enable_ats(pdev, PAGE_SHIFT) == 0) {
2307 dev_data->ats.enabled = true;
2308 dev_data->ats.qdep = pci_ats_queue_depth(pdev);
2309 }
2310
2311 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
2312 ret = __attach_device(dev_data, domain);
2313 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
2314
2315 /*
2316 * We might boot into a crash-kernel here. The crashed kernel
2317 * left the caches in the IOMMU dirty. So we have to flush
2318 * here to evict all dirty stuff.
2319 */
2320 domain_flush_tlb_pde(domain);
2321
2322 return ret;
2323}
2324
2325/*
2326 * Removes a device from a protection domain (unlocked)
2327 */
2328static void __detach_device(struct iommu_dev_data *dev_data)
2329{
2330 struct iommu_dev_data *head, *entry;
2331 struct protection_domain *domain;
2332 unsigned long flags;
2333
2334 BUG_ON(!dev_data->domain);
2335
2336 domain = dev_data->domain;
2337
2338 spin_lock_irqsave(&domain->lock, flags);
2339
2340 head = dev_data;
2341 if (head->alias_data != NULL)
2342 head = head->alias_data;
2343
2344 list_for_each_entry(entry, &head->alias_list, alias_list)
2345 do_detach(entry);
2346
2347 do_detach(head);
2348
2349 spin_unlock_irqrestore(&domain->lock, flags);
2350
2351 /*
2352 * If we run in passthrough mode the device must be assigned to the
2353 * passthrough domain if it is detached from any other domain.
2354 * Make sure we can deassign from the pt_domain itself.
2355 */
2356 if (dev_data->passthrough &&
2357 (dev_data->domain == NULL && domain != pt_domain))
2358 __attach_device(dev_data, pt_domain);
2359}
2360
2361/*
2362 * Removes a device from a protection domain (with devtable_lock held)
2363 */
2364static void detach_device(struct device *dev)
2365{
2366 struct protection_domain *domain;
2367 struct iommu_dev_data *dev_data;
2368 unsigned long flags;
2369
2370 dev_data = get_dev_data(dev);
2371 domain = dev_data->domain;
2372
2373 /* lock device table */
2374 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
2375 __detach_device(dev_data);
2376 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
2377
2378 if (domain->flags & PD_IOMMUV2_MASK)
2379 pdev_iommuv2_disable(to_pci_dev(dev));
2380 else if (dev_data->ats.enabled)
2381 pci_disable_ats(to_pci_dev(dev));
2382
2383 dev_data->ats.enabled = false;
2384}
2385
2386/*
2387 * Find out the protection domain structure for a given PCI device. This
2388 * will give us the pointer to the page table root for example.
2389 */
2390static struct protection_domain *domain_for_device(struct device *dev)
2391{
2392 struct iommu_dev_data *dev_data;
2393 struct protection_domain *dom = NULL;
2394 unsigned long flags;
2395
2396 dev_data = get_dev_data(dev);
2397
2398 if (dev_data->domain)
2399 return dev_data->domain;
2400
2401 if (dev_data->alias_data != NULL) {
2402 struct iommu_dev_data *alias_data = dev_data->alias_data;
2403
2404 read_lock_irqsave(&amd_iommu_devtable_lock, flags);
2405 if (alias_data->domain != NULL) {
2406 __attach_device(dev_data, alias_data->domain);
2407 dom = alias_data->domain;
2408 }
2409 read_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
2410 }
2411
2412 return dom;
2413}
2414
2415static int device_change_notifier(struct notifier_block *nb,
2416 unsigned long action, void *data)
2417{
2418 struct dma_ops_domain *dma_domain;
2419 struct protection_domain *domain;
2420 struct iommu_dev_data *dev_data;
2421 struct device *dev = data;
2422 struct amd_iommu *iommu;
2423 unsigned long flags;
2424 u16 devid;
2425
2426 if (!check_device(dev))
2427 return 0;
2428
2429 devid = get_device_id(dev);
2430 iommu = amd_iommu_rlookup_table[devid];
2431 dev_data = get_dev_data(dev);
2432
2433 switch (action) {
2434 case BUS_NOTIFY_ADD_DEVICE:
2435
2436 iommu_init_device(dev);
2437 init_iommu_group(dev);
2438
2439 /*
2440 * dev_data is still NULL and
2441 * got initialized in iommu_init_device
2442 */
2443 dev_data = get_dev_data(dev);
2444
2445 if (iommu_pass_through || dev_data->iommu_v2) {
2446 dev_data->passthrough = true;
2447 attach_device(dev, pt_domain);
2448 break;
2449 }
2450
2451 domain = domain_for_device(dev);
2452
2453 /* allocate a protection domain if a device is added */
2454 dma_domain = find_protection_domain(devid);
2455 if (!dma_domain) {
2456 dma_domain = dma_ops_domain_alloc();
2457 if (!dma_domain)
2458 goto out;
2459 dma_domain->target_dev = devid;
2460
2461 spin_lock_irqsave(&iommu_pd_list_lock, flags);
2462 list_add_tail(&dma_domain->list, &iommu_pd_list);
2463 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
2464 }
2465
2466 dev->archdata.dma_ops = &amd_iommu_dma_ops;
2467
2468 break;
2469 case BUS_NOTIFY_REMOVED_DEVICE:
2470
2471 iommu_uninit_device(dev);
2472
2473 default:
2474 goto out;
2475 }
2476
2477 iommu_completion_wait(iommu);
2478
2479out:
2480 return 0;
2481}
2482
2483static struct notifier_block device_nb = {
2484 .notifier_call = device_change_notifier,
2485};
2486
2487void amd_iommu_init_notifier(void)
2488{
2489 bus_register_notifier(&pci_bus_type, &device_nb);
2490}
2491
2492/*****************************************************************************
2493 *
2494 * The next functions belong to the dma_ops mapping/unmapping code.
2495 *
2496 *****************************************************************************/
2497
2498/*
2499 * In the dma_ops path we only have the struct device. This function
2500 * finds the corresponding IOMMU, the protection domain and the
2501 * requestor id for a given device.
2502 * If the device is not yet associated with a domain this is also done
2503 * in this function.
2504 */
2505static struct protection_domain *get_domain(struct device *dev)
2506{
2507 struct protection_domain *domain;
2508 struct dma_ops_domain *dma_dom;
2509 u16 devid = get_device_id(dev);
2510
2511 if (!check_device(dev))
2512 return ERR_PTR(-EINVAL);
2513
2514 domain = domain_for_device(dev);
2515 if (domain != NULL && !dma_ops_domain(domain))
2516 return ERR_PTR(-EBUSY);
2517
2518 if (domain != NULL)
2519 return domain;
2520
2521 /* Device not bound yet - bind it */
2522 dma_dom = find_protection_domain(devid);
2523 if (!dma_dom)
2524 dma_dom = amd_iommu_rlookup_table[devid]->default_dom;
2525 attach_device(dev, &dma_dom->domain);
2526 DUMP_printk("Using protection domain %d for device %s\n",
2527 dma_dom->domain.id, dev_name(dev));
2528
2529 return &dma_dom->domain;
2530}
2531
2532static void update_device_table(struct protection_domain *domain)
2533{
2534 struct iommu_dev_data *dev_data;
2535
2536 list_for_each_entry(dev_data, &domain->dev_list, list)
2537 set_dte_entry(dev_data->devid, domain, dev_data->ats.enabled);
2538}
2539
2540static void update_domain(struct protection_domain *domain)
2541{
2542 if (!domain->updated)
2543 return;
2544
2545 update_device_table(domain);
2546
2547 domain_flush_devices(domain);
2548 domain_flush_tlb_pde(domain);
2549
2550 domain->updated = false;
2551}
2552
2553/*
2554 * This function fetches the PTE for a given address in the aperture
2555 */
2556static u64* dma_ops_get_pte(struct dma_ops_domain *dom,
2557 unsigned long address)
2558{
2559 struct aperture_range *aperture;
2560 u64 *pte, *pte_page;
2561
2562 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
2563 if (!aperture)
2564 return NULL;
2565
2566 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
2567 if (!pte) {
2568 pte = alloc_pte(&dom->domain, address, PAGE_SIZE, &pte_page,
2569 GFP_ATOMIC);
2570 aperture->pte_pages[APERTURE_PAGE_INDEX(address)] = pte_page;
2571 } else
2572 pte += PM_LEVEL_INDEX(0, address);
2573
2574 update_domain(&dom->domain);
2575
2576 return pte;
2577}
2578
2579/*
2580 * This is the generic map function. It maps one 4kb page at paddr to
2581 * the given address in the DMA address space for the domain.
2582 */
2583static dma_addr_t dma_ops_domain_map(struct dma_ops_domain *dom,
2584 unsigned long address,
2585 phys_addr_t paddr,
2586 int direction)
2587{
2588 u64 *pte, __pte;
2589
2590 WARN_ON(address > dom->aperture_size);
2591
2592 paddr &= PAGE_MASK;
2593
2594 pte = dma_ops_get_pte(dom, address);
2595 if (!pte)
2596 return DMA_ERROR_CODE;
2597
2598 __pte = paddr | IOMMU_PTE_P | IOMMU_PTE_FC;
2599
2600 if (direction == DMA_TO_DEVICE)
2601 __pte |= IOMMU_PTE_IR;
2602 else if (direction == DMA_FROM_DEVICE)
2603 __pte |= IOMMU_PTE_IW;
2604 else if (direction == DMA_BIDIRECTIONAL)
2605 __pte |= IOMMU_PTE_IR | IOMMU_PTE_IW;
2606
2607 WARN_ON(*pte);
2608
2609 *pte = __pte;
2610
2611 return (dma_addr_t)address;
2612}
2613
2614/*
2615 * The generic unmapping function for on page in the DMA address space.
2616 */
2617static void dma_ops_domain_unmap(struct dma_ops_domain *dom,
2618 unsigned long address)
2619{
2620 struct aperture_range *aperture;
2621 u64 *pte;
2622
2623 if (address >= dom->aperture_size)
2624 return;
2625
2626 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
2627 if (!aperture)
2628 return;
2629
2630 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
2631 if (!pte)
2632 return;
2633
2634 pte += PM_LEVEL_INDEX(0, address);
2635
2636 WARN_ON(!*pte);
2637
2638 *pte = 0ULL;
2639}
2640
2641/*
2642 * This function contains common code for mapping of a physically
2643 * contiguous memory region into DMA address space. It is used by all
2644 * mapping functions provided with this IOMMU driver.
2645 * Must be called with the domain lock held.
2646 */
2647static dma_addr_t __map_single(struct device *dev,
2648 struct dma_ops_domain *dma_dom,
2649 phys_addr_t paddr,
2650 size_t size,
2651 int dir,
2652 bool align,
2653 u64 dma_mask)
2654{
2655 dma_addr_t offset = paddr & ~PAGE_MASK;
2656 dma_addr_t address, start, ret;
2657 unsigned int pages;
2658 unsigned long align_mask = 0;
2659 int i;
2660
2661 pages = iommu_num_pages(paddr, size, PAGE_SIZE);
2662 paddr &= PAGE_MASK;
2663
2664 INC_STATS_COUNTER(total_map_requests);
2665
2666 if (pages > 1)
2667 INC_STATS_COUNTER(cross_page);
2668
2669 if (align)
2670 align_mask = (1UL << get_order(size)) - 1;
2671
2672retry:
2673 address = dma_ops_alloc_addresses(dev, dma_dom, pages, align_mask,
2674 dma_mask);
2675 if (unlikely(address == DMA_ERROR_CODE)) {
2676 /*
2677 * setting next_address here will let the address
2678 * allocator only scan the new allocated range in the
2679 * first run. This is a small optimization.
2680 */
2681 dma_dom->next_address = dma_dom->aperture_size;
2682
2683 if (alloc_new_range(dma_dom, false, GFP_ATOMIC))
2684 goto out;
2685
2686 /*
2687 * aperture was successfully enlarged by 128 MB, try
2688 * allocation again
2689 */
2690 goto retry;
2691 }
2692
2693 start = address;
2694 for (i = 0; i < pages; ++i) {
2695 ret = dma_ops_domain_map(dma_dom, start, paddr, dir);
2696 if (ret == DMA_ERROR_CODE)
2697 goto out_unmap;
2698
2699 paddr += PAGE_SIZE;
2700 start += PAGE_SIZE;
2701 }
2702 address += offset;
2703
2704 ADD_STATS_COUNTER(alloced_io_mem, size);
2705
2706 if (unlikely(dma_dom->need_flush && !amd_iommu_unmap_flush)) {
2707 domain_flush_tlb(&dma_dom->domain);
2708 dma_dom->need_flush = false;
2709 } else if (unlikely(amd_iommu_np_cache))
2710 domain_flush_pages(&dma_dom->domain, address, size);
2711
2712out:
2713 return address;
2714
2715out_unmap:
2716
2717 for (--i; i >= 0; --i) {
2718 start -= PAGE_SIZE;
2719 dma_ops_domain_unmap(dma_dom, start);
2720 }
2721
2722 dma_ops_free_addresses(dma_dom, address, pages);
2723
2724 return DMA_ERROR_CODE;
2725}
2726
2727/*
2728 * Does the reverse of the __map_single function. Must be called with
2729 * the domain lock held too
2730 */
2731static void __unmap_single(struct dma_ops_domain *dma_dom,
2732 dma_addr_t dma_addr,
2733 size_t size,
2734 int dir)
2735{
2736 dma_addr_t flush_addr;
2737 dma_addr_t i, start;
2738 unsigned int pages;
2739
2740 if ((dma_addr == DMA_ERROR_CODE) ||
2741 (dma_addr + size > dma_dom->aperture_size))
2742 return;
2743
2744 flush_addr = dma_addr;
2745 pages = iommu_num_pages(dma_addr, size, PAGE_SIZE);
2746 dma_addr &= PAGE_MASK;
2747 start = dma_addr;
2748
2749 for (i = 0; i < pages; ++i) {
2750 dma_ops_domain_unmap(dma_dom, start);
2751 start += PAGE_SIZE;
2752 }
2753
2754 SUB_STATS_COUNTER(alloced_io_mem, size);
2755
2756 dma_ops_free_addresses(dma_dom, dma_addr, pages);
2757
2758 if (amd_iommu_unmap_flush || dma_dom->need_flush) {
2759 domain_flush_pages(&dma_dom->domain, flush_addr, size);
2760 dma_dom->need_flush = false;
2761 }
2762}
2763
2764/*
2765 * The exported map_single function for dma_ops.
2766 */
2767static dma_addr_t map_page(struct device *dev, struct page *page,
2768 unsigned long offset, size_t size,
2769 enum dma_data_direction dir,
2770 struct dma_attrs *attrs)
2771{
2772 unsigned long flags;
2773 struct protection_domain *domain;
2774 dma_addr_t addr;
2775 u64 dma_mask;
2776 phys_addr_t paddr = page_to_phys(page) + offset;
2777
2778 INC_STATS_COUNTER(cnt_map_single);
2779
2780 domain = get_domain(dev);
2781 if (PTR_ERR(domain) == -EINVAL)
2782 return (dma_addr_t)paddr;
2783 else if (IS_ERR(domain))
2784 return DMA_ERROR_CODE;
2785
2786 dma_mask = *dev->dma_mask;
2787
2788 spin_lock_irqsave(&domain->lock, flags);
2789
2790 addr = __map_single(dev, domain->priv, paddr, size, dir, false,
2791 dma_mask);
2792 if (addr == DMA_ERROR_CODE)
2793 goto out;
2794
2795 domain_flush_complete(domain);
2796
2797out:
2798 spin_unlock_irqrestore(&domain->lock, flags);
2799
2800 return addr;
2801}
2802
2803/*
2804 * The exported unmap_single function for dma_ops.
2805 */
2806static void unmap_page(struct device *dev, dma_addr_t dma_addr, size_t size,
2807 enum dma_data_direction dir, struct dma_attrs *attrs)
2808{
2809 unsigned long flags;
2810 struct protection_domain *domain;
2811
2812 INC_STATS_COUNTER(cnt_unmap_single);
2813
2814 domain = get_domain(dev);
2815 if (IS_ERR(domain))
2816 return;
2817
2818 spin_lock_irqsave(&domain->lock, flags);
2819
2820 __unmap_single(domain->priv, dma_addr, size, dir);
2821
2822 domain_flush_complete(domain);
2823
2824 spin_unlock_irqrestore(&domain->lock, flags);
2825}
2826
2827/*
2828 * The exported map_sg function for dma_ops (handles scatter-gather
2829 * lists).
2830 */
2831static int map_sg(struct device *dev, struct scatterlist *sglist,
2832 int nelems, enum dma_data_direction dir,
2833 struct dma_attrs *attrs)
2834{
2835 unsigned long flags;
2836 struct protection_domain *domain;
2837 int i;
2838 struct scatterlist *s;
2839 phys_addr_t paddr;
2840 int mapped_elems = 0;
2841 u64 dma_mask;
2842
2843 INC_STATS_COUNTER(cnt_map_sg);
2844
2845 domain = get_domain(dev);
2846 if (IS_ERR(domain))
2847 return 0;
2848
2849 dma_mask = *dev->dma_mask;
2850
2851 spin_lock_irqsave(&domain->lock, flags);
2852
2853 for_each_sg(sglist, s, nelems, i) {
2854 paddr = sg_phys(s);
2855
2856 s->dma_address = __map_single(dev, domain->priv,
2857 paddr, s->length, dir, false,
2858 dma_mask);
2859
2860 if (s->dma_address) {
2861 s->dma_length = s->length;
2862 mapped_elems++;
2863 } else
2864 goto unmap;
2865 }
2866
2867 domain_flush_complete(domain);
2868
2869out:
2870 spin_unlock_irqrestore(&domain->lock, flags);
2871
2872 return mapped_elems;
2873unmap:
2874 for_each_sg(sglist, s, mapped_elems, i) {
2875 if (s->dma_address)
2876 __unmap_single(domain->priv, s->dma_address,
2877 s->dma_length, dir);
2878 s->dma_address = s->dma_length = 0;
2879 }
2880
2881 mapped_elems = 0;
2882
2883 goto out;
2884}
2885
2886/*
2887 * The exported map_sg function for dma_ops (handles scatter-gather
2888 * lists).
2889 */
2890static void unmap_sg(struct device *dev, struct scatterlist *sglist,
2891 int nelems, enum dma_data_direction dir,
2892 struct dma_attrs *attrs)
2893{
2894 unsigned long flags;
2895 struct protection_domain *domain;
2896 struct scatterlist *s;
2897 int i;
2898
2899 INC_STATS_COUNTER(cnt_unmap_sg);
2900
2901 domain = get_domain(dev);
2902 if (IS_ERR(domain))
2903 return;
2904
2905 spin_lock_irqsave(&domain->lock, flags);
2906
2907 for_each_sg(sglist, s, nelems, i) {
2908 __unmap_single(domain->priv, s->dma_address,
2909 s->dma_length, dir);
2910 s->dma_address = s->dma_length = 0;
2911 }
2912
2913 domain_flush_complete(domain);
2914
2915 spin_unlock_irqrestore(&domain->lock, flags);
2916}
2917
2918/*
2919 * The exported alloc_coherent function for dma_ops.
2920 */
2921static void *alloc_coherent(struct device *dev, size_t size,
2922 dma_addr_t *dma_addr, gfp_t flag,
2923 struct dma_attrs *attrs)
2924{
2925 u64 dma_mask = dev->coherent_dma_mask;
2926 struct protection_domain *domain;
2927 unsigned long flags;
2928 struct page *page;
2929
2930 INC_STATS_COUNTER(cnt_alloc_coherent);
2931
2932 domain = get_domain(dev);
2933 if (PTR_ERR(domain) == -EINVAL) {
2934 page = alloc_pages(flag, get_order(size));
2935 *dma_addr = page_to_phys(page);
2936 return page_address(page);
2937 } else if (IS_ERR(domain))
2938 return NULL;
2939
2940 size = PAGE_ALIGN(size);
2941 dma_mask = dev->coherent_dma_mask;
2942 flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
2943
2944 page = alloc_pages(flag | __GFP_NOWARN, get_order(size));
2945 if (!page) {
2946 if (!(flag & __GFP_WAIT))
2947 return NULL;
2948
2949 page = dma_alloc_from_contiguous(dev, size >> PAGE_SHIFT,
2950 get_order(size));
2951 if (!page)
2952 return NULL;
2953 }
2954
2955 if (!dma_mask)
2956 dma_mask = *dev->dma_mask;
2957
2958 spin_lock_irqsave(&domain->lock, flags);
2959
2960 *dma_addr = __map_single(dev, domain->priv, page_to_phys(page),
2961 size, DMA_BIDIRECTIONAL, true, dma_mask);
2962
2963 if (*dma_addr == DMA_ERROR_CODE) {
2964 spin_unlock_irqrestore(&domain->lock, flags);
2965 goto out_free;
2966 }
2967
2968 domain_flush_complete(domain);
2969
2970 spin_unlock_irqrestore(&domain->lock, flags);
2971
2972 return page_address(page);
2973
2974out_free:
2975
2976 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
2977 __free_pages(page, get_order(size));
2978
2979 return NULL;
2980}
2981
2982/*
2983 * The exported free_coherent function for dma_ops.
2984 */
2985static void free_coherent(struct device *dev, size_t size,
2986 void *virt_addr, dma_addr_t dma_addr,
2987 struct dma_attrs *attrs)
2988{
2989 struct protection_domain *domain;
2990 unsigned long flags;
2991 struct page *page;
2992
2993 INC_STATS_COUNTER(cnt_free_coherent);
2994
2995 page = virt_to_page(virt_addr);
2996 size = PAGE_ALIGN(size);
2997
2998 domain = get_domain(dev);
2999 if (IS_ERR(domain))
3000 goto free_mem;
3001
3002 spin_lock_irqsave(&domain->lock, flags);
3003
3004 __unmap_single(domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
3005
3006 domain_flush_complete(domain);
3007
3008 spin_unlock_irqrestore(&domain->lock, flags);
3009
3010free_mem:
3011 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3012 __free_pages(page, get_order(size));
3013}
3014
3015/*
3016 * This function is called by the DMA layer to find out if we can handle a
3017 * particular device. It is part of the dma_ops.
3018 */
3019static int amd_iommu_dma_supported(struct device *dev, u64 mask)
3020{
3021 return check_device(dev);
3022}
3023
3024/*
3025 * The function for pre-allocating protection domains.
3026 *
3027 * If the driver core informs the DMA layer if a driver grabs a device
3028 * we don't need to preallocate the protection domains anymore.
3029 * For now we have to.
3030 */
3031static void __init prealloc_protection_domains(void)
3032{
3033 struct iommu_dev_data *dev_data;
3034 struct dma_ops_domain *dma_dom;
3035 struct pci_dev *dev = NULL;
3036 u16 devid;
3037
3038 for_each_pci_dev(dev) {
3039
3040 /* Do we handle this device? */
3041 if (!check_device(&dev->dev))
3042 continue;
3043
3044 dev_data = get_dev_data(&dev->dev);
3045 if (!amd_iommu_force_isolation && dev_data->iommu_v2) {
3046 /* Make sure passthrough domain is allocated */
3047 alloc_passthrough_domain();
3048 dev_data->passthrough = true;
3049 attach_device(&dev->dev, pt_domain);
3050 pr_info("AMD-Vi: Using passthrough domain for device %s\n",
3051 dev_name(&dev->dev));
3052 }
3053
3054 /* Is there already any domain for it? */
3055 if (domain_for_device(&dev->dev))
3056 continue;
3057
3058 devid = get_device_id(&dev->dev);
3059
3060 dma_dom = dma_ops_domain_alloc();
3061 if (!dma_dom)
3062 continue;
3063 init_unity_mappings_for_device(dma_dom, devid);
3064 dma_dom->target_dev = devid;
3065
3066 attach_device(&dev->dev, &dma_dom->domain);
3067
3068 list_add_tail(&dma_dom->list, &iommu_pd_list);
3069 }
3070}
3071
3072static struct dma_map_ops amd_iommu_dma_ops = {
3073 .alloc = alloc_coherent,
3074 .free = free_coherent,
3075 .map_page = map_page,
3076 .unmap_page = unmap_page,
3077 .map_sg = map_sg,
3078 .unmap_sg = unmap_sg,
3079 .dma_supported = amd_iommu_dma_supported,
3080};
3081
3082static unsigned device_dma_ops_init(void)
3083{
3084 struct iommu_dev_data *dev_data;
3085 struct pci_dev *pdev = NULL;
3086 unsigned unhandled = 0;
3087
3088 for_each_pci_dev(pdev) {
3089 if (!check_device(&pdev->dev)) {
3090
3091 iommu_ignore_device(&pdev->dev);
3092
3093 unhandled += 1;
3094 continue;
3095 }
3096
3097 dev_data = get_dev_data(&pdev->dev);
3098
3099 if (!dev_data->passthrough)
3100 pdev->dev.archdata.dma_ops = &amd_iommu_dma_ops;
3101 else
3102 pdev->dev.archdata.dma_ops = &nommu_dma_ops;
3103 }
3104
3105 return unhandled;
3106}
3107
3108/*
3109 * The function which clues the AMD IOMMU driver into dma_ops.
3110 */
3111
3112void __init amd_iommu_init_api(void)
3113{
3114 bus_set_iommu(&pci_bus_type, &amd_iommu_ops);
3115}
3116
3117int __init amd_iommu_init_dma_ops(void)
3118{
3119 struct amd_iommu *iommu;
3120 int ret, unhandled;
3121
3122 /*
3123 * first allocate a default protection domain for every IOMMU we
3124 * found in the system. Devices not assigned to any other
3125 * protection domain will be assigned to the default one.
3126 */
3127 for_each_iommu(iommu) {
3128 iommu->default_dom = dma_ops_domain_alloc();
3129 if (iommu->default_dom == NULL)
3130 return -ENOMEM;
3131 iommu->default_dom->domain.flags |= PD_DEFAULT_MASK;
3132 ret = iommu_init_unity_mappings(iommu);
3133 if (ret)
3134 goto free_domains;
3135 }
3136
3137 /*
3138 * Pre-allocate the protection domains for each device.
3139 */
3140 prealloc_protection_domains();
3141
3142 iommu_detected = 1;
3143 swiotlb = 0;
3144
3145 /* Make the driver finally visible to the drivers */
3146 unhandled = device_dma_ops_init();
3147 if (unhandled && max_pfn > MAX_DMA32_PFN) {
3148 /* There are unhandled devices - initialize swiotlb for them */
3149 swiotlb = 1;
3150 }
3151
3152 amd_iommu_stats_init();
3153
3154 if (amd_iommu_unmap_flush)
3155 pr_info("AMD-Vi: IO/TLB flush on unmap enabled\n");
3156 else
3157 pr_info("AMD-Vi: Lazy IO/TLB flushing enabled\n");
3158
3159 return 0;
3160
3161free_domains:
3162
3163 for_each_iommu(iommu) {
3164 dma_ops_domain_free(iommu->default_dom);
3165 }
3166
3167 return ret;
3168}
3169
3170/*****************************************************************************
3171 *
3172 * The following functions belong to the exported interface of AMD IOMMU
3173 *
3174 * This interface allows access to lower level functions of the IOMMU
3175 * like protection domain handling and assignement of devices to domains
3176 * which is not possible with the dma_ops interface.
3177 *
3178 *****************************************************************************/
3179
3180static void cleanup_domain(struct protection_domain *domain)
3181{
3182 struct iommu_dev_data *entry;
3183 unsigned long flags;
3184
3185 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
3186
3187 while (!list_empty(&domain->dev_list)) {
3188 entry = list_first_entry(&domain->dev_list,
3189 struct iommu_dev_data, list);
3190 __detach_device(entry);
3191 }
3192
3193 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
3194}
3195
3196static void protection_domain_free(struct protection_domain *domain)
3197{
3198 if (!domain)
3199 return;
3200
3201 del_domain_from_list(domain);
3202
3203 if (domain->id)
3204 domain_id_free(domain->id);
3205
3206 kfree(domain);
3207}
3208
3209static struct protection_domain *protection_domain_alloc(void)
3210{
3211 struct protection_domain *domain;
3212
3213 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
3214 if (!domain)
3215 return NULL;
3216
3217 spin_lock_init(&domain->lock);
3218 mutex_init(&domain->api_lock);
3219 domain->id = domain_id_alloc();
3220 if (!domain->id)
3221 goto out_err;
3222 INIT_LIST_HEAD(&domain->dev_list);
3223
3224 add_domain_to_list(domain);
3225
3226 return domain;
3227
3228out_err:
3229 kfree(domain);
3230
3231 return NULL;
3232}
3233
3234static int __init alloc_passthrough_domain(void)
3235{
3236 if (pt_domain != NULL)
3237 return 0;
3238
3239 /* allocate passthrough domain */
3240 pt_domain = protection_domain_alloc();
3241 if (!pt_domain)
3242 return -ENOMEM;
3243
3244 pt_domain->mode = PAGE_MODE_NONE;
3245
3246 return 0;
3247}
3248static int amd_iommu_domain_init(struct iommu_domain *dom)
3249{
3250 struct protection_domain *domain;
3251
3252 domain = protection_domain_alloc();
3253 if (!domain)
3254 goto out_free;
3255
3256 domain->mode = PAGE_MODE_3_LEVEL;
3257 domain->pt_root = (void *)get_zeroed_page(GFP_KERNEL);
3258 if (!domain->pt_root)
3259 goto out_free;
3260
3261 domain->iommu_domain = dom;
3262
3263 dom->priv = domain;
3264
3265 dom->geometry.aperture_start = 0;
3266 dom->geometry.aperture_end = ~0ULL;
3267 dom->geometry.force_aperture = true;
3268
3269 return 0;
3270
3271out_free:
3272 protection_domain_free(domain);
3273
3274 return -ENOMEM;
3275}
3276
3277static void amd_iommu_domain_destroy(struct iommu_domain *dom)
3278{
3279 struct protection_domain *domain = dom->priv;
3280
3281 if (!domain)
3282 return;
3283
3284 if (domain->dev_cnt > 0)
3285 cleanup_domain(domain);
3286
3287 BUG_ON(domain->dev_cnt != 0);
3288
3289 if (domain->mode != PAGE_MODE_NONE)
3290 free_pagetable(domain);
3291
3292 if (domain->flags & PD_IOMMUV2_MASK)
3293 free_gcr3_table(domain);
3294
3295 protection_domain_free(domain);
3296
3297 dom->priv = NULL;
3298}
3299
3300static void amd_iommu_detach_device(struct iommu_domain *dom,
3301 struct device *dev)
3302{
3303 struct iommu_dev_data *dev_data = dev->archdata.iommu;
3304 struct amd_iommu *iommu;
3305 u16 devid;
3306
3307 if (!check_device(dev))
3308 return;
3309
3310 devid = get_device_id(dev);
3311
3312 if (dev_data->domain != NULL)
3313 detach_device(dev);
3314
3315 iommu = amd_iommu_rlookup_table[devid];
3316 if (!iommu)
3317 return;
3318
3319 iommu_completion_wait(iommu);
3320}
3321
3322static int amd_iommu_attach_device(struct iommu_domain *dom,
3323 struct device *dev)
3324{
3325 struct protection_domain *domain = dom->priv;
3326 struct iommu_dev_data *dev_data;
3327 struct amd_iommu *iommu;
3328 int ret;
3329
3330 if (!check_device(dev))
3331 return -EINVAL;
3332
3333 dev_data = dev->archdata.iommu;
3334
3335 iommu = amd_iommu_rlookup_table[dev_data->devid];
3336 if (!iommu)
3337 return -EINVAL;
3338
3339 if (dev_data->domain)
3340 detach_device(dev);
3341
3342 ret = attach_device(dev, domain);
3343
3344 iommu_completion_wait(iommu);
3345
3346 return ret;
3347}
3348
3349static int amd_iommu_map(struct iommu_domain *dom, unsigned long iova,
3350 phys_addr_t paddr, size_t page_size, int iommu_prot)
3351{
3352 struct protection_domain *domain = dom->priv;
3353 int prot = 0;
3354 int ret;
3355
3356 if (domain->mode == PAGE_MODE_NONE)
3357 return -EINVAL;
3358
3359 if (iommu_prot & IOMMU_READ)
3360 prot |= IOMMU_PROT_IR;
3361 if (iommu_prot & IOMMU_WRITE)
3362 prot |= IOMMU_PROT_IW;
3363
3364 mutex_lock(&domain->api_lock);
3365 ret = iommu_map_page(domain, iova, paddr, prot, page_size);
3366 mutex_unlock(&domain->api_lock);
3367
3368 return ret;
3369}
3370
3371static size_t amd_iommu_unmap(struct iommu_domain *dom, unsigned long iova,
3372 size_t page_size)
3373{
3374 struct protection_domain *domain = dom->priv;
3375 size_t unmap_size;
3376
3377 if (domain->mode == PAGE_MODE_NONE)
3378 return -EINVAL;
3379
3380 mutex_lock(&domain->api_lock);
3381 unmap_size = iommu_unmap_page(domain, iova, page_size);
3382 mutex_unlock(&domain->api_lock);
3383
3384 domain_flush_tlb_pde(domain);
3385
3386 return unmap_size;
3387}
3388
3389static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom,
3390 dma_addr_t iova)
3391{
3392 struct protection_domain *domain = dom->priv;
3393 unsigned long offset_mask, pte_pgsize;
3394 phys_addr_t paddr;
3395 u64 *pte, __pte;
3396
3397 if (domain->mode == PAGE_MODE_NONE)
3398 return iova;
3399
3400 pte = fetch_pte(domain, iova, &pte_pgsize);
3401
3402 if (!pte || !IOMMU_PTE_PRESENT(*pte))
3403 return 0;
3404
3405 if (PM_PTE_LEVEL(*pte) == 0)
3406 offset_mask = PAGE_SIZE - 1;
3407 else
3408 offset_mask = PTE_PAGE_SIZE(*pte) - 1;
3409
3410 __pte = *pte & PM_ADDR_MASK;
3411 paddr = (__pte & ~offset_mask) | (iova & offset_mask);
3412
3413 return paddr;
3414}
3415
3416static bool amd_iommu_capable(enum iommu_cap cap)
3417{
3418 switch (cap) {
3419 case IOMMU_CAP_CACHE_COHERENCY:
3420 return true;
3421 case IOMMU_CAP_INTR_REMAP:
3422 return (irq_remapping_enabled == 1);
3423 case IOMMU_CAP_NOEXEC:
3424 return false;
3425 }
3426
3427 return false;
3428}
3429
3430static const struct iommu_ops amd_iommu_ops = {
3431 .capable = amd_iommu_capable,
3432 .domain_init = amd_iommu_domain_init,
3433 .domain_destroy = amd_iommu_domain_destroy,
3434 .attach_dev = amd_iommu_attach_device,
3435 .detach_dev = amd_iommu_detach_device,
3436 .map = amd_iommu_map,
3437 .unmap = amd_iommu_unmap,
3438 .map_sg = default_iommu_map_sg,
3439 .iova_to_phys = amd_iommu_iova_to_phys,
3440 .pgsize_bitmap = AMD_IOMMU_PGSIZES,
3441};
3442
3443/*****************************************************************************
3444 *
3445 * The next functions do a basic initialization of IOMMU for pass through
3446 * mode
3447 *
3448 * In passthrough mode the IOMMU is initialized and enabled but not used for
3449 * DMA-API translation.
3450 *
3451 *****************************************************************************/
3452
3453int __init amd_iommu_init_passthrough(void)
3454{
3455 struct iommu_dev_data *dev_data;
3456 struct pci_dev *dev = NULL;
3457 int ret;
3458
3459 ret = alloc_passthrough_domain();
3460 if (ret)
3461 return ret;
3462
3463 for_each_pci_dev(dev) {
3464 if (!check_device(&dev->dev))
3465 continue;
3466
3467 dev_data = get_dev_data(&dev->dev);
3468 dev_data->passthrough = true;
3469
3470 attach_device(&dev->dev, pt_domain);
3471 }
3472
3473 amd_iommu_stats_init();
3474
3475 pr_info("AMD-Vi: Initialized for Passthrough Mode\n");
3476
3477 return 0;
3478}
3479
3480/* IOMMUv2 specific functions */
3481int amd_iommu_register_ppr_notifier(struct notifier_block *nb)
3482{
3483 return atomic_notifier_chain_register(&ppr_notifier, nb);
3484}
3485EXPORT_SYMBOL(amd_iommu_register_ppr_notifier);
3486
3487int amd_iommu_unregister_ppr_notifier(struct notifier_block *nb)
3488{
3489 return atomic_notifier_chain_unregister(&ppr_notifier, nb);
3490}
3491EXPORT_SYMBOL(amd_iommu_unregister_ppr_notifier);
3492
3493void amd_iommu_domain_direct_map(struct iommu_domain *dom)
3494{
3495 struct protection_domain *domain = dom->priv;
3496 unsigned long flags;
3497
3498 spin_lock_irqsave(&domain->lock, flags);
3499
3500 /* Update data structure */
3501 domain->mode = PAGE_MODE_NONE;
3502 domain->updated = true;
3503
3504 /* Make changes visible to IOMMUs */
3505 update_domain(domain);
3506
3507 /* Page-table is not visible to IOMMU anymore, so free it */
3508 free_pagetable(domain);
3509
3510 spin_unlock_irqrestore(&domain->lock, flags);
3511}
3512EXPORT_SYMBOL(amd_iommu_domain_direct_map);
3513
3514int amd_iommu_domain_enable_v2(struct iommu_domain *dom, int pasids)
3515{
3516 struct protection_domain *domain = dom->priv;
3517 unsigned long flags;
3518 int levels, ret;
3519
3520 if (pasids <= 0 || pasids > (PASID_MASK + 1))
3521 return -EINVAL;
3522
3523 /* Number of GCR3 table levels required */
3524 for (levels = 0; (pasids - 1) & ~0x1ff; pasids >>= 9)
3525 levels += 1;
3526
3527 if (levels > amd_iommu_max_glx_val)
3528 return -EINVAL;
3529
3530 spin_lock_irqsave(&domain->lock, flags);
3531
3532 /*
3533 * Save us all sanity checks whether devices already in the
3534 * domain support IOMMUv2. Just force that the domain has no
3535 * devices attached when it is switched into IOMMUv2 mode.
3536 */
3537 ret = -EBUSY;
3538 if (domain->dev_cnt > 0 || domain->flags & PD_IOMMUV2_MASK)
3539 goto out;
3540
3541 ret = -ENOMEM;
3542 domain->gcr3_tbl = (void *)get_zeroed_page(GFP_ATOMIC);
3543 if (domain->gcr3_tbl == NULL)
3544 goto out;
3545
3546 domain->glx = levels;
3547 domain->flags |= PD_IOMMUV2_MASK;
3548 domain->updated = true;
3549
3550 update_domain(domain);
3551
3552 ret = 0;
3553
3554out:
3555 spin_unlock_irqrestore(&domain->lock, flags);
3556
3557 return ret;
3558}
3559EXPORT_SYMBOL(amd_iommu_domain_enable_v2);
3560
3561static int __flush_pasid(struct protection_domain *domain, int pasid,
3562 u64 address, bool size)
3563{
3564 struct iommu_dev_data *dev_data;
3565 struct iommu_cmd cmd;
3566 int i, ret;
3567
3568 if (!(domain->flags & PD_IOMMUV2_MASK))
3569 return -EINVAL;
3570
3571 build_inv_iommu_pasid(&cmd, domain->id, pasid, address, size);
3572
3573 /*
3574 * IOMMU TLB needs to be flushed before Device TLB to
3575 * prevent device TLB refill from IOMMU TLB
3576 */
3577 for (i = 0; i < amd_iommus_present; ++i) {
3578 if (domain->dev_iommu[i] == 0)
3579 continue;
3580
3581 ret = iommu_queue_command(amd_iommus[i], &cmd);
3582 if (ret != 0)
3583 goto out;
3584 }
3585
3586 /* Wait until IOMMU TLB flushes are complete */
3587 domain_flush_complete(domain);
3588
3589 /* Now flush device TLBs */
3590 list_for_each_entry(dev_data, &domain->dev_list, list) {
3591 struct amd_iommu *iommu;
3592 int qdep;
3593
3594 BUG_ON(!dev_data->ats.enabled);
3595
3596 qdep = dev_data->ats.qdep;
3597 iommu = amd_iommu_rlookup_table[dev_data->devid];
3598
3599 build_inv_iotlb_pasid(&cmd, dev_data->devid, pasid,
3600 qdep, address, size);
3601
3602 ret = iommu_queue_command(iommu, &cmd);
3603 if (ret != 0)
3604 goto out;
3605 }
3606
3607 /* Wait until all device TLBs are flushed */
3608 domain_flush_complete(domain);
3609
3610 ret = 0;
3611
3612out:
3613
3614 return ret;
3615}
3616
3617static int __amd_iommu_flush_page(struct protection_domain *domain, int pasid,
3618 u64 address)
3619{
3620 INC_STATS_COUNTER(invalidate_iotlb);
3621
3622 return __flush_pasid(domain, pasid, address, false);
3623}
3624
3625int amd_iommu_flush_page(struct iommu_domain *dom, int pasid,
3626 u64 address)
3627{
3628 struct protection_domain *domain = dom->priv;
3629 unsigned long flags;
3630 int ret;
3631
3632 spin_lock_irqsave(&domain->lock, flags);
3633 ret = __amd_iommu_flush_page(domain, pasid, address);
3634 spin_unlock_irqrestore(&domain->lock, flags);
3635
3636 return ret;
3637}
3638EXPORT_SYMBOL(amd_iommu_flush_page);
3639
3640static int __amd_iommu_flush_tlb(struct protection_domain *domain, int pasid)
3641{
3642 INC_STATS_COUNTER(invalidate_iotlb_all);
3643
3644 return __flush_pasid(domain, pasid, CMD_INV_IOMMU_ALL_PAGES_ADDRESS,
3645 true);
3646}
3647
3648int amd_iommu_flush_tlb(struct iommu_domain *dom, int pasid)
3649{
3650 struct protection_domain *domain = dom->priv;
3651 unsigned long flags;
3652 int ret;
3653
3654 spin_lock_irqsave(&domain->lock, flags);
3655 ret = __amd_iommu_flush_tlb(domain, pasid);
3656 spin_unlock_irqrestore(&domain->lock, flags);
3657
3658 return ret;
3659}
3660EXPORT_SYMBOL(amd_iommu_flush_tlb);
3661
3662static u64 *__get_gcr3_pte(u64 *root, int level, int pasid, bool alloc)
3663{
3664 int index;
3665 u64 *pte;
3666
3667 while (true) {
3668
3669 index = (pasid >> (9 * level)) & 0x1ff;
3670 pte = &root[index];
3671
3672 if (level == 0)
3673 break;
3674
3675 if (!(*pte & GCR3_VALID)) {
3676 if (!alloc)
3677 return NULL;
3678
3679 root = (void *)get_zeroed_page(GFP_ATOMIC);
3680 if (root == NULL)
3681 return NULL;
3682
3683 *pte = __pa(root) | GCR3_VALID;
3684 }
3685
3686 root = __va(*pte & PAGE_MASK);
3687
3688 level -= 1;
3689 }
3690
3691 return pte;
3692}
3693
3694static int __set_gcr3(struct protection_domain *domain, int pasid,
3695 unsigned long cr3)
3696{
3697 u64 *pte;
3698
3699 if (domain->mode != PAGE_MODE_NONE)
3700 return -EINVAL;
3701
3702 pte = __get_gcr3_pte(domain->gcr3_tbl, domain->glx, pasid, true);
3703 if (pte == NULL)
3704 return -ENOMEM;
3705
3706 *pte = (cr3 & PAGE_MASK) | GCR3_VALID;
3707
3708 return __amd_iommu_flush_tlb(domain, pasid);
3709}
3710
3711static int __clear_gcr3(struct protection_domain *domain, int pasid)
3712{
3713 u64 *pte;
3714
3715 if (domain->mode != PAGE_MODE_NONE)
3716 return -EINVAL;
3717
3718 pte = __get_gcr3_pte(domain->gcr3_tbl, domain->glx, pasid, false);
3719 if (pte == NULL)
3720 return 0;
3721
3722 *pte = 0;
3723
3724 return __amd_iommu_flush_tlb(domain, pasid);
3725}
3726
3727int amd_iommu_domain_set_gcr3(struct iommu_domain *dom, int pasid,
3728 unsigned long cr3)
3729{
3730 struct protection_domain *domain = dom->priv;
3731 unsigned long flags;
3732 int ret;
3733
3734 spin_lock_irqsave(&domain->lock, flags);
3735 ret = __set_gcr3(domain, pasid, cr3);
3736 spin_unlock_irqrestore(&domain->lock, flags);
3737
3738 return ret;
3739}
3740EXPORT_SYMBOL(amd_iommu_domain_set_gcr3);
3741
3742int amd_iommu_domain_clear_gcr3(struct iommu_domain *dom, int pasid)
3743{
3744 struct protection_domain *domain = dom->priv;
3745 unsigned long flags;
3746 int ret;
3747
3748 spin_lock_irqsave(&domain->lock, flags);
3749 ret = __clear_gcr3(domain, pasid);
3750 spin_unlock_irqrestore(&domain->lock, flags);
3751
3752 return ret;
3753}
3754EXPORT_SYMBOL(amd_iommu_domain_clear_gcr3);
3755
3756int amd_iommu_complete_ppr(struct pci_dev *pdev, int pasid,
3757 int status, int tag)
3758{
3759 struct iommu_dev_data *dev_data;
3760 struct amd_iommu *iommu;
3761 struct iommu_cmd cmd;
3762
3763 INC_STATS_COUNTER(complete_ppr);
3764
3765 dev_data = get_dev_data(&pdev->dev);
3766 iommu = amd_iommu_rlookup_table[dev_data->devid];
3767
3768 build_complete_ppr(&cmd, dev_data->devid, pasid, status,
3769 tag, dev_data->pri_tlp);
3770
3771 return iommu_queue_command(iommu, &cmd);
3772}
3773EXPORT_SYMBOL(amd_iommu_complete_ppr);
3774
3775struct iommu_domain *amd_iommu_get_v2_domain(struct pci_dev *pdev)
3776{
3777 struct protection_domain *domain;
3778
3779 domain = get_domain(&pdev->dev);
3780 if (IS_ERR(domain))
3781 return NULL;
3782
3783 /* Only return IOMMUv2 domains */
3784 if (!(domain->flags & PD_IOMMUV2_MASK))
3785 return NULL;
3786
3787 return domain->iommu_domain;
3788}
3789EXPORT_SYMBOL(amd_iommu_get_v2_domain);
3790
3791void amd_iommu_enable_device_erratum(struct pci_dev *pdev, u32 erratum)
3792{
3793 struct iommu_dev_data *dev_data;
3794
3795 if (!amd_iommu_v2_supported())
3796 return;
3797
3798 dev_data = get_dev_data(&pdev->dev);
3799 dev_data->errata |= (1 << erratum);
3800}
3801EXPORT_SYMBOL(amd_iommu_enable_device_erratum);
3802
3803int amd_iommu_device_info(struct pci_dev *pdev,
3804 struct amd_iommu_device_info *info)
3805{
3806 int max_pasids;
3807 int pos;
3808
3809 if (pdev == NULL || info == NULL)
3810 return -EINVAL;
3811
3812 if (!amd_iommu_v2_supported())
3813 return -EINVAL;
3814
3815 memset(info, 0, sizeof(*info));
3816
3817 pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS);
3818 if (pos)
3819 info->flags |= AMD_IOMMU_DEVICE_FLAG_ATS_SUP;
3820
3821 pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_PRI);
3822 if (pos)
3823 info->flags |= AMD_IOMMU_DEVICE_FLAG_PRI_SUP;
3824
3825 pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_PASID);
3826 if (pos) {
3827 int features;
3828
3829 max_pasids = 1 << (9 * (amd_iommu_max_glx_val + 1));
3830 max_pasids = min(max_pasids, (1 << 20));
3831
3832 info->flags |= AMD_IOMMU_DEVICE_FLAG_PASID_SUP;
3833 info->max_pasids = min(pci_max_pasids(pdev), max_pasids);
3834
3835 features = pci_pasid_features(pdev);
3836 if (features & PCI_PASID_CAP_EXEC)
3837 info->flags |= AMD_IOMMU_DEVICE_FLAG_EXEC_SUP;
3838 if (features & PCI_PASID_CAP_PRIV)
3839 info->flags |= AMD_IOMMU_DEVICE_FLAG_PRIV_SUP;
3840 }
3841
3842 return 0;
3843}
3844EXPORT_SYMBOL(amd_iommu_device_info);
3845
3846#ifdef CONFIG_IRQ_REMAP
3847
3848/*****************************************************************************
3849 *
3850 * Interrupt Remapping Implementation
3851 *
3852 *****************************************************************************/
3853
3854union irte {
3855 u32 val;
3856 struct {
3857 u32 valid : 1,
3858 no_fault : 1,
3859 int_type : 3,
3860 rq_eoi : 1,
3861 dm : 1,
3862 rsvd_1 : 1,
3863 destination : 8,
3864 vector : 8,
3865 rsvd_2 : 8;
3866 } fields;
3867};
3868
3869#define DTE_IRQ_PHYS_ADDR_MASK (((1ULL << 45)-1) << 6)
3870#define DTE_IRQ_REMAP_INTCTL (2ULL << 60)
3871#define DTE_IRQ_TABLE_LEN (8ULL << 1)
3872#define DTE_IRQ_REMAP_ENABLE 1ULL
3873
3874static void set_dte_irq_entry(u16 devid, struct irq_remap_table *table)
3875{
3876 u64 dte;
3877
3878 dte = amd_iommu_dev_table[devid].data[2];
3879 dte &= ~DTE_IRQ_PHYS_ADDR_MASK;
3880 dte |= virt_to_phys(table->table);
3881 dte |= DTE_IRQ_REMAP_INTCTL;
3882 dte |= DTE_IRQ_TABLE_LEN;
3883 dte |= DTE_IRQ_REMAP_ENABLE;
3884
3885 amd_iommu_dev_table[devid].data[2] = dte;
3886}
3887
3888#define IRTE_ALLOCATED (~1U)
3889
3890static struct irq_remap_table *get_irq_table(u16 devid, bool ioapic)
3891{
3892 struct irq_remap_table *table = NULL;
3893 struct amd_iommu *iommu;
3894 unsigned long flags;
3895 u16 alias;
3896
3897 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
3898
3899 iommu = amd_iommu_rlookup_table[devid];
3900 if (!iommu)
3901 goto out_unlock;
3902
3903 table = irq_lookup_table[devid];
3904 if (table)
3905 goto out;
3906
3907 alias = amd_iommu_alias_table[devid];
3908 table = irq_lookup_table[alias];
3909 if (table) {
3910 irq_lookup_table[devid] = table;
3911 set_dte_irq_entry(devid, table);
3912 iommu_flush_dte(iommu, devid);
3913 goto out;
3914 }
3915
3916 /* Nothing there yet, allocate new irq remapping table */
3917 table = kzalloc(sizeof(*table), GFP_ATOMIC);
3918 if (!table)
3919 goto out;
3920
3921 /* Initialize table spin-lock */
3922 spin_lock_init(&table->lock);
3923
3924 if (ioapic)
3925 /* Keep the first 32 indexes free for IOAPIC interrupts */
3926 table->min_index = 32;
3927
3928 table->table = kmem_cache_alloc(amd_iommu_irq_cache, GFP_ATOMIC);
3929 if (!table->table) {
3930 kfree(table);
3931 table = NULL;
3932 goto out;
3933 }
3934
3935 memset(table->table, 0, MAX_IRQS_PER_TABLE * sizeof(u32));
3936
3937 if (ioapic) {
3938 int i;
3939
3940 for (i = 0; i < 32; ++i)
3941 table->table[i] = IRTE_ALLOCATED;
3942 }
3943
3944 irq_lookup_table[devid] = table;
3945 set_dte_irq_entry(devid, table);
3946 iommu_flush_dte(iommu, devid);
3947 if (devid != alias) {
3948 irq_lookup_table[alias] = table;
3949 set_dte_irq_entry(alias, table);
3950 iommu_flush_dte(iommu, alias);
3951 }
3952
3953out:
3954 iommu_completion_wait(iommu);
3955
3956out_unlock:
3957 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
3958
3959 return table;
3960}
3961
3962static int alloc_irq_index(struct irq_cfg *cfg, u16 devid, int count)
3963{
3964 struct irq_remap_table *table;
3965 unsigned long flags;
3966 int index, c;
3967
3968 table = get_irq_table(devid, false);
3969 if (!table)
3970 return -ENODEV;
3971
3972 spin_lock_irqsave(&table->lock, flags);
3973
3974 /* Scan table for free entries */
3975 for (c = 0, index = table->min_index;
3976 index < MAX_IRQS_PER_TABLE;
3977 ++index) {
3978 if (table->table[index] == 0)
3979 c += 1;
3980 else
3981 c = 0;
3982
3983 if (c == count) {
3984 struct irq_2_irte *irte_info;
3985
3986 for (; c != 0; --c)
3987 table->table[index - c + 1] = IRTE_ALLOCATED;
3988
3989 index -= count - 1;
3990
3991 cfg->remapped = 1;
3992 irte_info = &cfg->irq_2_irte;
3993 irte_info->devid = devid;
3994 irte_info->index = index;
3995
3996 goto out;
3997 }
3998 }
3999
4000 index = -ENOSPC;
4001
4002out:
4003 spin_unlock_irqrestore(&table->lock, flags);
4004
4005 return index;
4006}
4007
4008static int get_irte(u16 devid, int index, union irte *irte)
4009{
4010 struct irq_remap_table *table;
4011 unsigned long flags;
4012
4013 table = get_irq_table(devid, false);
4014 if (!table)
4015 return -ENOMEM;
4016
4017 spin_lock_irqsave(&table->lock, flags);
4018 irte->val = table->table[index];
4019 spin_unlock_irqrestore(&table->lock, flags);
4020
4021 return 0;
4022}
4023
4024static int modify_irte(u16 devid, int index, union irte irte)
4025{
4026 struct irq_remap_table *table;
4027 struct amd_iommu *iommu;
4028 unsigned long flags;
4029
4030 iommu = amd_iommu_rlookup_table[devid];
4031 if (iommu == NULL)
4032 return -EINVAL;
4033
4034 table = get_irq_table(devid, false);
4035 if (!table)
4036 return -ENOMEM;
4037
4038 spin_lock_irqsave(&table->lock, flags);
4039 table->table[index] = irte.val;
4040 spin_unlock_irqrestore(&table->lock, flags);
4041
4042 iommu_flush_irt(iommu, devid);
4043 iommu_completion_wait(iommu);
4044
4045 return 0;
4046}
4047
4048static void free_irte(u16 devid, int index)
4049{
4050 struct irq_remap_table *table;
4051 struct amd_iommu *iommu;
4052 unsigned long flags;
4053
4054 iommu = amd_iommu_rlookup_table[devid];
4055 if (iommu == NULL)
4056 return;
4057
4058 table = get_irq_table(devid, false);
4059 if (!table)
4060 return;
4061
4062 spin_lock_irqsave(&table->lock, flags);
4063 table->table[index] = 0;
4064 spin_unlock_irqrestore(&table->lock, flags);
4065
4066 iommu_flush_irt(iommu, devid);
4067 iommu_completion_wait(iommu);
4068}
4069
4070static int setup_ioapic_entry(int irq, struct IO_APIC_route_entry *entry,
4071 unsigned int destination, int vector,
4072 struct io_apic_irq_attr *attr)
4073{
4074 struct irq_remap_table *table;
4075 struct irq_2_irte *irte_info;
4076 struct irq_cfg *cfg;
4077 union irte irte;
4078 int ioapic_id;
4079 int index;
4080 int devid;
4081 int ret;
4082
4083 cfg = irq_cfg(irq);
4084 if (!cfg)
4085 return -EINVAL;
4086
4087 irte_info = &cfg->irq_2_irte;
4088 ioapic_id = mpc_ioapic_id(attr->ioapic);
4089 devid = get_ioapic_devid(ioapic_id);
4090
4091 if (devid < 0)
4092 return devid;
4093
4094 table = get_irq_table(devid, true);
4095 if (table == NULL)
4096 return -ENOMEM;
4097
4098 index = attr->ioapic_pin;
4099
4100 /* Setup IRQ remapping info */
4101 cfg->remapped = 1;
4102 irte_info->devid = devid;
4103 irte_info->index = index;
4104
4105 /* Setup IRTE for IOMMU */
4106 irte.val = 0;
4107 irte.fields.vector = vector;
4108 irte.fields.int_type = apic->irq_delivery_mode;
4109 irte.fields.destination = destination;
4110 irte.fields.dm = apic->irq_dest_mode;
4111 irte.fields.valid = 1;
4112
4113 ret = modify_irte(devid, index, irte);
4114 if (ret)
4115 return ret;
4116
4117 /* Setup IOAPIC entry */
4118 memset(entry, 0, sizeof(*entry));
4119
4120 entry->vector = index;
4121 entry->mask = 0;
4122 entry->trigger = attr->trigger;
4123 entry->polarity = attr->polarity;
4124
4125 /*
4126 * Mask level triggered irqs.
4127 */
4128 if (attr->trigger)
4129 entry->mask = 1;
4130
4131 return 0;
4132}
4133
4134static int set_affinity(struct irq_data *data, const struct cpumask *mask,
4135 bool force)
4136{
4137 struct irq_2_irte *irte_info;
4138 unsigned int dest, irq;
4139 struct irq_cfg *cfg;
4140 union irte irte;
4141 int err;
4142
4143 if (!config_enabled(CONFIG_SMP))
4144 return -1;
4145
4146 cfg = irqd_cfg(data);
4147 irq = data->irq;
4148 irte_info = &cfg->irq_2_irte;
4149
4150 if (!cpumask_intersects(mask, cpu_online_mask))
4151 return -EINVAL;
4152
4153 if (get_irte(irte_info->devid, irte_info->index, &irte))
4154 return -EBUSY;
4155
4156 if (assign_irq_vector(irq, cfg, mask))
4157 return -EBUSY;
4158
4159 err = apic->cpu_mask_to_apicid_and(cfg->domain, mask, &dest);
4160 if (err) {
4161 if (assign_irq_vector(irq, cfg, data->affinity))
4162 pr_err("AMD-Vi: Failed to recover vector for irq %d\n", irq);
4163 return err;
4164 }
4165
4166 irte.fields.vector = cfg->vector;
4167 irte.fields.destination = dest;
4168
4169 modify_irte(irte_info->devid, irte_info->index, irte);
4170
4171 if (cfg->move_in_progress)
4172 send_cleanup_vector(cfg);
4173
4174 cpumask_copy(data->affinity, mask);
4175
4176 return 0;
4177}
4178
4179static int free_irq(int irq)
4180{
4181 struct irq_2_irte *irte_info;
4182 struct irq_cfg *cfg;
4183
4184 cfg = irq_cfg(irq);
4185 if (!cfg)
4186 return -EINVAL;
4187
4188 irte_info = &cfg->irq_2_irte;
4189
4190 free_irte(irte_info->devid, irte_info->index);
4191
4192 return 0;
4193}
4194
4195static void compose_msi_msg(struct pci_dev *pdev,
4196 unsigned int irq, unsigned int dest,
4197 struct msi_msg *msg, u8 hpet_id)
4198{
4199 struct irq_2_irte *irte_info;
4200 struct irq_cfg *cfg;
4201 union irte irte;
4202
4203 cfg = irq_cfg(irq);
4204 if (!cfg)
4205 return;
4206
4207 irte_info = &cfg->irq_2_irte;
4208
4209 irte.val = 0;
4210 irte.fields.vector = cfg->vector;
4211 irte.fields.int_type = apic->irq_delivery_mode;
4212 irte.fields.destination = dest;
4213 irte.fields.dm = apic->irq_dest_mode;
4214 irte.fields.valid = 1;
4215
4216 modify_irte(irte_info->devid, irte_info->index, irte);
4217
4218 msg->address_hi = MSI_ADDR_BASE_HI;
4219 msg->address_lo = MSI_ADDR_BASE_LO;
4220 msg->data = irte_info->index;
4221}
4222
4223static int msi_alloc_irq(struct pci_dev *pdev, int irq, int nvec)
4224{
4225 struct irq_cfg *cfg;
4226 int index;
4227 u16 devid;
4228
4229 if (!pdev)
4230 return -EINVAL;
4231
4232 cfg = irq_cfg(irq);
4233 if (!cfg)
4234 return -EINVAL;
4235
4236 devid = get_device_id(&pdev->dev);
4237 index = alloc_irq_index(cfg, devid, nvec);
4238
4239 return index < 0 ? MAX_IRQS_PER_TABLE : index;
4240}
4241
4242static int msi_setup_irq(struct pci_dev *pdev, unsigned int irq,
4243 int index, int offset)
4244{
4245 struct irq_2_irte *irte_info;
4246 struct irq_cfg *cfg;
4247 u16 devid;
4248
4249 if (!pdev)
4250 return -EINVAL;
4251
4252 cfg = irq_cfg(irq);
4253 if (!cfg)
4254 return -EINVAL;
4255
4256 if (index >= MAX_IRQS_PER_TABLE)
4257 return 0;
4258
4259 devid = get_device_id(&pdev->dev);
4260 irte_info = &cfg->irq_2_irte;
4261
4262 cfg->remapped = 1;
4263 irte_info->devid = devid;
4264 irte_info->index = index + offset;
4265
4266 return 0;
4267}
4268
4269static int alloc_hpet_msi(unsigned int irq, unsigned int id)
4270{
4271 struct irq_2_irte *irte_info;
4272 struct irq_cfg *cfg;
4273 int index, devid;
4274
4275 cfg = irq_cfg(irq);
4276 if (!cfg)
4277 return -EINVAL;
4278
4279 irte_info = &cfg->irq_2_irte;
4280 devid = get_hpet_devid(id);
4281 if (devid < 0)
4282 return devid;
4283
4284 index = alloc_irq_index(cfg, devid, 1);
4285 if (index < 0)
4286 return index;
4287
4288 cfg->remapped = 1;
4289 irte_info->devid = devid;
4290 irte_info->index = index;
4291
4292 return 0;
4293}
4294
4295struct irq_remap_ops amd_iommu_irq_ops = {
4296 .prepare = amd_iommu_prepare,
4297 .enable = amd_iommu_enable,
4298 .disable = amd_iommu_disable,
4299 .reenable = amd_iommu_reenable,
4300 .enable_faulting = amd_iommu_enable_faulting,
4301 .setup_ioapic_entry = setup_ioapic_entry,
4302 .set_affinity = set_affinity,
4303 .free_irq = free_irq,
4304 .compose_msi_msg = compose_msi_msg,
4305 .msi_alloc_irq = msi_alloc_irq,
4306 .msi_setup_irq = msi_setup_irq,
4307 .alloc_hpet_msi = alloc_hpet_msi,
4308};
4309#endif
Linux kernel - Deliverables
This page took 0.03683 seconds and 5 git commands to generate.