1 /*
2 * Copyright (C) 2007-2010 Advanced Micro Devices, Inc.
3 * Author: Joerg Roedel <joerg.roedel@amd.com>
4 * Leo Duran <leo.duran@amd.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19
20 #include <linux/pci.h>
21 #include <linux/bitmap.h>
22 #include <linux/slab.h>
23 #include <linux/debugfs.h>
24 #include <linux/scatterlist.h>
25 #include <linux/dma-mapping.h>
26 #include <linux/iommu-helper.h>
27 #include <linux/iommu.h>
28 #include <asm/proto.h>
29 #include <asm/iommu.h>
30 #include <asm/gart.h>
31 #include <asm/amd_iommu_proto.h>
32 #include <asm/amd_iommu_types.h>
33 #include <asm/amd_iommu.h>
34
35 #define CMD_SET_TYPE(cmd, t) ((cmd)->data[1] |= ((t) << 28))
36
37 #define EXIT_LOOP_COUNT 10000000
38
39 static DEFINE_RWLOCK(amd_iommu_devtable_lock);
40
41 /* A list of preallocated protection domains */
42 static LIST_HEAD(iommu_pd_list);
43 static DEFINE_SPINLOCK(iommu_pd_list_lock);
44
45 /*
46 * Domain for untranslated devices - only allocated
47 * if iommu=pt passed on kernel cmd line.
48 */
49 static struct protection_domain *pt_domain;
50
51 static struct iommu_ops amd_iommu_ops;
52
53 /*
54 * general struct to manage commands send to an IOMMU
55 */
56 struct iommu_cmd {
57 u32 data[4];
58 };
59
60 static void reset_iommu_command_buffer(struct amd_iommu *iommu);
61 static void update_domain(struct protection_domain *domain);
62
63 /****************************************************************************
64 *
65 * Helper functions
66 *
67 ****************************************************************************/
68
get_device_id(struct device * dev)69 static inline u16 get_device_id(struct device *dev)
70 {
71 struct pci_dev *pdev = to_pci_dev(dev);
72
73 return calc_devid(pdev->bus->number, pdev->devfn);
74 }
75
get_dev_data(struct device * dev)76 static struct iommu_dev_data *get_dev_data(struct device *dev)
77 {
78 return dev->archdata.iommu;
79 }
80
81 /*
82 * In this function the list of preallocated protection domains is traversed to
83 * find the domain for a specific device
84 */
find_protection_domain(u16 devid)85 static struct dma_ops_domain *find_protection_domain(u16 devid)
86 {
87 struct dma_ops_domain *entry, *ret = NULL;
88 unsigned long flags;
89 u16 alias = amd_iommu_alias_table[devid];
90
91 if (list_empty(&iommu_pd_list))
92 return NULL;
93
94 spin_lock_irqsave(&iommu_pd_list_lock, flags);
95
96 list_for_each_entry(entry, &iommu_pd_list, list) {
97 if (entry->target_dev == devid ||
98 entry->target_dev == alias) {
99 ret = entry;
100 break;
101 }
102 }
103
104 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
105
106 return ret;
107 }
108
109 /*
110 * This function checks if the driver got a valid device from the caller to
111 * avoid dereferencing invalid pointers.
112 */
check_device(struct device * dev)113 static bool check_device(struct device *dev)
114 {
115 u16 devid;
116
117 if (!dev || !dev->dma_mask)
118 return false;
119
120 /* No device or no PCI device */
121 if (dev->bus != &pci_bus_type)
122 return false;
123
124 devid = get_device_id(dev);
125
126 /* Out of our scope? */
127 if (devid > amd_iommu_last_bdf)
128 return false;
129
130 if (amd_iommu_rlookup_table[devid] == NULL)
131 return false;
132
133 return true;
134 }
135
iommu_init_device(struct device * dev)136 static int iommu_init_device(struct device *dev)
137 {
138 struct iommu_dev_data *dev_data;
139 struct pci_dev *pdev;
140 u16 devid, alias;
141
142 if (dev->archdata.iommu)
143 return 0;
144
145 dev_data = kzalloc(sizeof(*dev_data), GFP_KERNEL);
146 if (!dev_data)
147 return -ENOMEM;
148
149 dev_data->dev = dev;
150
151 devid = get_device_id(dev);
152 alias = amd_iommu_alias_table[devid];
153 pdev = pci_get_bus_and_slot(PCI_BUS(alias), alias & 0xff);
154 if (pdev)
155 dev_data->alias = &pdev->dev;
156
157 atomic_set(&dev_data->bind, 0);
158
159 dev->archdata.iommu = dev_data;
160
161
162 return 0;
163 }
164
iommu_uninit_device(struct device * dev)165 static void iommu_uninit_device(struct device *dev)
166 {
167 kfree(dev->archdata.iommu);
168 }
169
amd_iommu_uninit_devices(void)170 void __init amd_iommu_uninit_devices(void)
171 {
172 struct pci_dev *pdev = NULL;
173
174 for_each_pci_dev(pdev) {
175
176 if (!check_device(&pdev->dev))
177 continue;
178
179 iommu_uninit_device(&pdev->dev);
180 }
181 }
182
amd_iommu_init_devices(void)183 int __init amd_iommu_init_devices(void)
184 {
185 struct pci_dev *pdev = NULL;
186 int ret = 0;
187
188 for_each_pci_dev(pdev) {
189
190 if (!check_device(&pdev->dev))
191 continue;
192
193 ret = iommu_init_device(&pdev->dev);
194 if (ret)
195 goto out_free;
196 }
197
198 return 0;
199
200 out_free:
201
202 amd_iommu_uninit_devices();
203
204 return ret;
205 }
206 #ifdef CONFIG_AMD_IOMMU_STATS
207
208 /*
209 * Initialization code for statistics collection
210 */
211
212 DECLARE_STATS_COUNTER(compl_wait);
213 DECLARE_STATS_COUNTER(cnt_map_single);
214 DECLARE_STATS_COUNTER(cnt_unmap_single);
215 DECLARE_STATS_COUNTER(cnt_map_sg);
216 DECLARE_STATS_COUNTER(cnt_unmap_sg);
217 DECLARE_STATS_COUNTER(cnt_alloc_coherent);
218 DECLARE_STATS_COUNTER(cnt_free_coherent);
219 DECLARE_STATS_COUNTER(cross_page);
220 DECLARE_STATS_COUNTER(domain_flush_single);
221 DECLARE_STATS_COUNTER(domain_flush_all);
222 DECLARE_STATS_COUNTER(alloced_io_mem);
223 DECLARE_STATS_COUNTER(total_map_requests);
224
225 static struct dentry *stats_dir;
226 static struct dentry *de_fflush;
227
amd_iommu_stats_add(struct __iommu_counter * cnt)228 static void amd_iommu_stats_add(struct __iommu_counter *cnt)
229 {
230 if (stats_dir == NULL)
231 return;
232
233 cnt->dent = debugfs_create_u64(cnt->name, 0444, stats_dir,
234 &cnt->value);
235 }
236
amd_iommu_stats_init(void)237 static void amd_iommu_stats_init(void)
238 {
239 stats_dir = debugfs_create_dir("amd-iommu", NULL);
240 if (stats_dir == NULL)
241 return;
242
243 de_fflush = debugfs_create_bool("fullflush", 0444, stats_dir,
244 (u32 *)&amd_iommu_unmap_flush);
245
246 amd_iommu_stats_add(&compl_wait);
247 amd_iommu_stats_add(&cnt_map_single);
248 amd_iommu_stats_add(&cnt_unmap_single);
249 amd_iommu_stats_add(&cnt_map_sg);
250 amd_iommu_stats_add(&cnt_unmap_sg);
251 amd_iommu_stats_add(&cnt_alloc_coherent);
252 amd_iommu_stats_add(&cnt_free_coherent);
253 amd_iommu_stats_add(&cross_page);
254 amd_iommu_stats_add(&domain_flush_single);
255 amd_iommu_stats_add(&domain_flush_all);
256 amd_iommu_stats_add(&alloced_io_mem);
257 amd_iommu_stats_add(&total_map_requests);
258 }
259
260 #endif
261
262 /****************************************************************************
263 *
264 * Interrupt handling functions
265 *
266 ****************************************************************************/
267
dump_dte_entry(u16 devid)268 static void dump_dte_entry(u16 devid)
269 {
270 int i;
271
272 for (i = 0; i < 8; ++i)
273 pr_err("AMD-Vi: DTE[%d]: %08x\n", i,
274 amd_iommu_dev_table[devid].data[i]);
275 }
276
dump_command(unsigned long phys_addr)277 static void dump_command(unsigned long phys_addr)
278 {
279 struct iommu_cmd *cmd = phys_to_virt(phys_addr);
280 int i;
281
282 for (i = 0; i < 4; ++i)
283 pr_err("AMD-Vi: CMD[%d]: %08x\n", i, cmd->data[i]);
284 }
285
iommu_print_event(struct amd_iommu * iommu,void * __evt)286 static void iommu_print_event(struct amd_iommu *iommu, void *__evt)
287 {
288 u32 *event = __evt;
289 int type = (event[1] >> EVENT_TYPE_SHIFT) & EVENT_TYPE_MASK;
290 int devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK;
291 int domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK;
292 int flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK;
293 u64 address = (u64)(((u64)event[3]) << 32) | event[2];
294
295 printk(KERN_ERR "AMD-Vi: Event logged [");
296
297 switch (type) {
298 case EVENT_TYPE_ILL_DEV:
299 printk("ILLEGAL_DEV_TABLE_ENTRY device=%02x:%02x.%x "
300 "address=0x%016llx flags=0x%04x]\n",
301 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
302 address, flags);
303 dump_dte_entry(devid);
304 break;
305 case EVENT_TYPE_IO_FAULT:
306 printk("IO_PAGE_FAULT device=%02x:%02x.%x "
307 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
308 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
309 domid, address, flags);
310 break;
311 case EVENT_TYPE_DEV_TAB_ERR:
312 printk("DEV_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
313 "address=0x%016llx flags=0x%04x]\n",
314 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
315 address, flags);
316 break;
317 case EVENT_TYPE_PAGE_TAB_ERR:
318 printk("PAGE_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
319 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
320 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
321 domid, address, flags);
322 break;
323 case EVENT_TYPE_ILL_CMD:
324 printk("ILLEGAL_COMMAND_ERROR address=0x%016llx]\n", address);
325 iommu->reset_in_progress = true;
326 reset_iommu_command_buffer(iommu);
327 dump_command(address);
328 break;
329 case EVENT_TYPE_CMD_HARD_ERR:
330 printk("COMMAND_HARDWARE_ERROR address=0x%016llx "
331 "flags=0x%04x]\n", address, flags);
332 break;
333 case EVENT_TYPE_IOTLB_INV_TO:
334 printk("IOTLB_INV_TIMEOUT device=%02x:%02x.%x "
335 "address=0x%016llx]\n",
336 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
337 address);
338 break;
339 case EVENT_TYPE_INV_DEV_REQ:
340 printk("INVALID_DEVICE_REQUEST device=%02x:%02x.%x "
341 "address=0x%016llx flags=0x%04x]\n",
342 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
343 address, flags);
344 break;
345 default:
346 printk(KERN_ERR "UNKNOWN type=0x%02x]\n", type);
347 }
348 }
349
iommu_poll_events(struct amd_iommu * iommu)350 static void iommu_poll_events(struct amd_iommu *iommu)
351 {
352 u32 head, tail;
353 unsigned long flags;
354
355 spin_lock_irqsave(&iommu->lock, flags);
356
357 head = readl(iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
358 tail = readl(iommu->mmio_base + MMIO_EVT_TAIL_OFFSET);
359
360 while (head != tail) {
361 iommu_print_event(iommu, iommu->evt_buf + head);
362 head = (head + EVENT_ENTRY_SIZE) % iommu->evt_buf_size;
363 }
364
365 writel(head, iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
366
367 spin_unlock_irqrestore(&iommu->lock, flags);
368 }
369
amd_iommu_int_handler(int irq,void * data)370 irqreturn_t amd_iommu_int_handler(int irq, void *data)
371 {
372 struct amd_iommu *iommu;
373
374 for_each_iommu(iommu)
375 iommu_poll_events(iommu);
376
377 return IRQ_HANDLED;
378 }
379
380 /****************************************************************************
381 *
382 * IOMMU command queuing functions
383 *
384 ****************************************************************************/
385
386 /*
387 * Writes the command to the IOMMUs command buffer and informs the
388 * hardware about the new command. Must be called with iommu->lock held.
389 */
__iommu_queue_command(struct amd_iommu * iommu,struct iommu_cmd * cmd)390 static int __iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
391 {
392 u32 tail, head;
393 u8 *target;
394
395 WARN_ON(iommu->cmd_buf_size & CMD_BUFFER_UNINITIALIZED);
396 tail = readl(iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
397 target = iommu->cmd_buf + tail;
398 memcpy_toio(target, cmd, sizeof(*cmd));
399 tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
400 head = readl(iommu->mmio_base + MMIO_CMD_HEAD_OFFSET);
401 if (tail == head)
402 return -ENOMEM;
403 writel(tail, iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
404
405 return 0;
406 }
407
408 /*
409 * General queuing function for commands. Takes iommu->lock and calls
410 * __iommu_queue_command().
411 */
iommu_queue_command(struct amd_iommu * iommu,struct iommu_cmd * cmd)412 static int iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
413 {
414 unsigned long flags;
415 int ret;
416
417 spin_lock_irqsave(&iommu->lock, flags);
418 ret = __iommu_queue_command(iommu, cmd);
419 if (!ret)
420 iommu->need_sync = true;
421 spin_unlock_irqrestore(&iommu->lock, flags);
422
423 return ret;
424 }
425
426 /*
427 * This function waits until an IOMMU has completed a completion
428 * wait command
429 */
__iommu_wait_for_completion(struct amd_iommu * iommu)430 static void __iommu_wait_for_completion(struct amd_iommu *iommu)
431 {
432 int ready = 0;
433 unsigned status = 0;
434 unsigned long i = 0;
435
436 INC_STATS_COUNTER(compl_wait);
437
438 while (!ready && (i < EXIT_LOOP_COUNT)) {
439 ++i;
440 /* wait for the bit to become one */
441 status = readl(iommu->mmio_base + MMIO_STATUS_OFFSET);
442 ready = status & MMIO_STATUS_COM_WAIT_INT_MASK;
443 }
444
445 /* set bit back to zero */
446 status &= ~MMIO_STATUS_COM_WAIT_INT_MASK;
447 writel(status, iommu->mmio_base + MMIO_STATUS_OFFSET);
448
449 if (unlikely(i == EXIT_LOOP_COUNT))
450 iommu->reset_in_progress = true;
451 }
452
453 /*
454 * This function queues a completion wait command into the command
455 * buffer of an IOMMU
456 */
__iommu_completion_wait(struct amd_iommu * iommu)457 static int __iommu_completion_wait(struct amd_iommu *iommu)
458 {
459 struct iommu_cmd cmd;
460
461 memset(&cmd, 0, sizeof(cmd));
462 cmd.data[0] = CMD_COMPL_WAIT_INT_MASK;
463 CMD_SET_TYPE(&cmd, CMD_COMPL_WAIT);
464
465 return __iommu_queue_command(iommu, &cmd);
466 }
467
468 /*
469 * This function is called whenever we need to ensure that the IOMMU has
470 * completed execution of all commands we sent. It sends a
471 * COMPLETION_WAIT command and waits for it to finish. The IOMMU informs
472 * us about that by writing a value to a physical address we pass with
473 * the command.
474 */
iommu_completion_wait(struct amd_iommu * iommu)475 static int iommu_completion_wait(struct amd_iommu *iommu)
476 {
477 int ret = 0;
478 unsigned long flags;
479
480 spin_lock_irqsave(&iommu->lock, flags);
481
482 if (!iommu->need_sync)
483 goto out;
484
485 ret = __iommu_completion_wait(iommu);
486
487 iommu->need_sync = false;
488
489 if (ret)
490 goto out;
491
492 __iommu_wait_for_completion(iommu);
493
494 out:
495 spin_unlock_irqrestore(&iommu->lock, flags);
496
497 if (iommu->reset_in_progress)
498 reset_iommu_command_buffer(iommu);
499
500 return 0;
501 }
502
iommu_flush_complete(struct protection_domain * domain)503 static void iommu_flush_complete(struct protection_domain *domain)
504 {
505 int i;
506
507 for (i = 0; i < amd_iommus_present; ++i) {
508 if (!domain->dev_iommu[i])
509 continue;
510
511 /*
512 * Devices of this domain are behind this IOMMU
513 * We need to wait for completion of all commands.
514 */
515 iommu_completion_wait(amd_iommus[i]);
516 }
517 }
518
519 /*
520 * Command send function for invalidating a device table entry
521 */
iommu_flush_device(struct device * dev)522 static int iommu_flush_device(struct device *dev)
523 {
524 struct amd_iommu *iommu;
525 struct iommu_cmd cmd;
526 u16 devid;
527
528 devid = get_device_id(dev);
529 iommu = amd_iommu_rlookup_table[devid];
530
531 /* Build command */
532 memset(&cmd, 0, sizeof(cmd));
533 CMD_SET_TYPE(&cmd, CMD_INV_DEV_ENTRY);
534 cmd.data[0] = devid;
535
536 return iommu_queue_command(iommu, &cmd);
537 }
538
__iommu_build_inv_iommu_pages(struct iommu_cmd * cmd,u64 address,u16 domid,int pde,int s)539 static void __iommu_build_inv_iommu_pages(struct iommu_cmd *cmd, u64 address,
540 u16 domid, int pde, int s)
541 {
542 memset(cmd, 0, sizeof(*cmd));
543 address &= PAGE_MASK;
544 CMD_SET_TYPE(cmd, CMD_INV_IOMMU_PAGES);
545 cmd->data[1] |= domid;
546 cmd->data[2] = lower_32_bits(address);
547 cmd->data[3] = upper_32_bits(address);
548 if (s) /* size bit - we flush more than one 4kb page */
549 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
550 if (pde) /* PDE bit - we wan't flush everything not only the PTEs */
551 cmd->data[2] |= CMD_INV_IOMMU_PAGES_PDE_MASK;
552 }
553
554 /*
555 * Generic command send function for invalidaing TLB entries
556 */
iommu_queue_inv_iommu_pages(struct amd_iommu * iommu,u64 address,u16 domid,int pde,int s)557 static int iommu_queue_inv_iommu_pages(struct amd_iommu *iommu,
558 u64 address, u16 domid, int pde, int s)
559 {
560 struct iommu_cmd cmd;
561 int ret;
562
563 __iommu_build_inv_iommu_pages(&cmd, address, domid, pde, s);
564
565 ret = iommu_queue_command(iommu, &cmd);
566
567 return ret;
568 }
569
570 /*
571 * TLB invalidation function which is called from the mapping functions.
572 * It invalidates a single PTE if the range to flush is within a single
573 * page. Otherwise it flushes the whole TLB of the IOMMU.
574 */
__iommu_flush_pages(struct protection_domain * domain,u64 address,size_t size,int pde)575 static void __iommu_flush_pages(struct protection_domain *domain,
576 u64 address, size_t size, int pde)
577 {
578 int s = 0, i;
579 unsigned long pages = iommu_num_pages(address, size, PAGE_SIZE);
580
581 address &= PAGE_MASK;
582
583 if (pages > 1) {
584 /*
585 * If we have to flush more than one page, flush all
586 * TLB entries for this domain
587 */
588 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
589 s = 1;
590 }
591
592
593 for (i = 0; i < amd_iommus_present; ++i) {
594 if (!domain->dev_iommu[i])
595 continue;
596
597 /*
598 * Devices of this domain are behind this IOMMU
599 * We need a TLB flush
600 */
601 iommu_queue_inv_iommu_pages(amd_iommus[i], address,
602 domain->id, pde, s);
603 }
604
605 return;
606 }
607
iommu_flush_pages(struct protection_domain * domain,u64 address,size_t size)608 static void iommu_flush_pages(struct protection_domain *domain,
609 u64 address, size_t size)
610 {
611 __iommu_flush_pages(domain, address, size, 0);
612 }
613
614 /* Flush the whole IO/TLB for a given protection domain */
iommu_flush_tlb(struct protection_domain * domain)615 static void iommu_flush_tlb(struct protection_domain *domain)
616 {
617 __iommu_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 0);
618 }
619
620 /* Flush the whole IO/TLB for a given protection domain - including PDE */
iommu_flush_tlb_pde(struct protection_domain * domain)621 static void iommu_flush_tlb_pde(struct protection_domain *domain)
622 {
623 __iommu_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 1);
624 }
625
626
627 /*
628 * This function flushes the DTEs for all devices in domain
629 */
iommu_flush_domain_devices(struct protection_domain * domain)630 static void iommu_flush_domain_devices(struct protection_domain *domain)
631 {
632 struct iommu_dev_data *dev_data;
633 unsigned long flags;
634
635 spin_lock_irqsave(&domain->lock, flags);
636
637 list_for_each_entry(dev_data, &domain->dev_list, list)
638 iommu_flush_device(dev_data->dev);
639
640 spin_unlock_irqrestore(&domain->lock, flags);
641 }
642
iommu_flush_all_domain_devices(void)643 static void iommu_flush_all_domain_devices(void)
644 {
645 struct protection_domain *domain;
646 unsigned long flags;
647
648 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
649
650 list_for_each_entry(domain, &amd_iommu_pd_list, list) {
651 iommu_flush_domain_devices(domain);
652 iommu_flush_complete(domain);
653 }
654
655 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
656 }
657
amd_iommu_flush_all_devices(void)658 void amd_iommu_flush_all_devices(void)
659 {
660 iommu_flush_all_domain_devices();
661 }
662
663 /*
664 * This function uses heavy locking and may disable irqs for some time. But
665 * this is no issue because it is only called during resume.
666 */
amd_iommu_flush_all_domains(void)667 void amd_iommu_flush_all_domains(void)
668 {
669 struct protection_domain *domain;
670 unsigned long flags;
671
672 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
673
674 list_for_each_entry(domain, &amd_iommu_pd_list, list) {
675 spin_lock(&domain->lock);
676 iommu_flush_tlb_pde(domain);
677 iommu_flush_complete(domain);
678 spin_unlock(&domain->lock);
679 }
680
681 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
682 }
683
reset_iommu_command_buffer(struct amd_iommu * iommu)684 static void reset_iommu_command_buffer(struct amd_iommu *iommu)
685 {
686 pr_err("AMD-Vi: Resetting IOMMU command buffer\n");
687
688 if (iommu->reset_in_progress)
689 panic("AMD-Vi: ILLEGAL_COMMAND_ERROR while resetting command buffer\n");
690
691 amd_iommu_reset_cmd_buffer(iommu);
692 amd_iommu_flush_all_devices();
693 amd_iommu_flush_all_domains();
694
695 iommu->reset_in_progress = false;
696 }
697
698 /****************************************************************************
699 *
700 * The functions below are used the create the page table mappings for
701 * unity mapped regions.
702 *
703 ****************************************************************************/
704
705 /*
706 * This function is used to add another level to an IO page table. Adding
707 * another level increases the size of the address space by 9 bits to a size up
708 * to 64 bits.
709 */
increase_address_space(struct protection_domain * domain,gfp_t gfp)710 static bool increase_address_space(struct protection_domain *domain,
711 gfp_t gfp)
712 {
713 u64 *pte;
714
715 if (domain->mode == PAGE_MODE_6_LEVEL)
716 /* address space already 64 bit large */
717 return false;
718
719 pte = (void *)get_zeroed_page(gfp);
720 if (!pte)
721 return false;
722
723 *pte = PM_LEVEL_PDE(domain->mode,
724 virt_to_phys(domain->pt_root));
725 domain->pt_root = pte;
726 domain->mode += 1;
727 domain->updated = true;
728
729 return true;
730 }
731
alloc_pte(struct protection_domain * domain,unsigned long address,unsigned long page_size,u64 ** pte_page,gfp_t gfp)732 static u64 *alloc_pte(struct protection_domain *domain,
733 unsigned long address,
734 unsigned long page_size,
735 u64 **pte_page,
736 gfp_t gfp)
737 {
738 int level, end_lvl;
739 u64 *pte, *page;
740
741 BUG_ON(!is_power_of_2(page_size));
742
743 while (address > PM_LEVEL_SIZE(domain->mode))
744 increase_address_space(domain, gfp);
745
746 level = domain->mode - 1;
747 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
748 address = PAGE_SIZE_ALIGN(address, page_size);
749 end_lvl = PAGE_SIZE_LEVEL(page_size);
750
751 while (level > end_lvl) {
752 if (!IOMMU_PTE_PRESENT(*pte)) {
753 page = (u64 *)get_zeroed_page(gfp);
754 if (!page)
755 return NULL;
756 *pte = PM_LEVEL_PDE(level, virt_to_phys(page));
757 }
758
759 /* No level skipping support yet */
760 if (PM_PTE_LEVEL(*pte) != level)
761 return NULL;
762
763 level -= 1;
764
765 pte = IOMMU_PTE_PAGE(*pte);
766
767 if (pte_page && level == end_lvl)
768 *pte_page = pte;
769
770 pte = &pte[PM_LEVEL_INDEX(level, address)];
771 }
772
773 return pte;
774 }
775
776 /*
777 * This function checks if there is a PTE for a given dma address. If
778 * there is one, it returns the pointer to it.
779 */
fetch_pte(struct protection_domain * domain,unsigned long address)780 static u64 *fetch_pte(struct protection_domain *domain, unsigned long address)
781 {
782 int level;
783 u64 *pte;
784
785 if (address > PM_LEVEL_SIZE(domain->mode))
786 return NULL;
787
788 level = domain->mode - 1;
789 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
790
791 while (level > 0) {
792
793 /* Not Present */
794 if (!IOMMU_PTE_PRESENT(*pte))
795 return NULL;
796
797 /* Large PTE */
798 if (PM_PTE_LEVEL(*pte) == 0x07) {
799 unsigned long pte_mask, __pte;
800
801 /*
802 * If we have a series of large PTEs, make
803 * sure to return a pointer to the first one.
804 */
805 pte_mask = PTE_PAGE_SIZE(*pte);
806 pte_mask = ~((PAGE_SIZE_PTE_COUNT(pte_mask) << 3) - 1);
807 __pte = ((unsigned long)pte) & pte_mask;
808
809 return (u64 *)__pte;
810 }
811
812 /* No level skipping support yet */
813 if (PM_PTE_LEVEL(*pte) != level)
814 return NULL;
815
816 level -= 1;
817
818 /* Walk to the next level */
819 pte = IOMMU_PTE_PAGE(*pte);
820 pte = &pte[PM_LEVEL_INDEX(level, address)];
821 }
822
823 return pte;
824 }
825
826 /*
827 * Generic mapping functions. It maps a physical address into a DMA
828 * address space. It allocates the page table pages if necessary.
829 * In the future it can be extended to a generic mapping function
830 * supporting all features of AMD IOMMU page tables like level skipping
831 * and full 64 bit address spaces.
832 */
iommu_map_page(struct protection_domain * dom,unsigned long bus_addr,unsigned long phys_addr,int prot,unsigned long page_size)833 static int iommu_map_page(struct protection_domain *dom,
834 unsigned long bus_addr,
835 unsigned long phys_addr,
836 int prot,
837 unsigned long page_size)
838 {
839 u64 __pte, *pte;
840 int i, count;
841
842 if (!(prot & IOMMU_PROT_MASK))
843 return -EINVAL;
844
845 bus_addr = PAGE_ALIGN(bus_addr);
846 phys_addr = PAGE_ALIGN(phys_addr);
847 count = PAGE_SIZE_PTE_COUNT(page_size);
848 pte = alloc_pte(dom, bus_addr, page_size, NULL, GFP_KERNEL);
849
850 for (i = 0; i < count; ++i)
851 if (IOMMU_PTE_PRESENT(pte[i]))
852 return -EBUSY;
853
854 if (page_size > PAGE_SIZE) {
855 __pte = PAGE_SIZE_PTE(phys_addr, page_size);
856 __pte |= PM_LEVEL_ENC(7) | IOMMU_PTE_P | IOMMU_PTE_FC;
857 } else
858 __pte = phys_addr | IOMMU_PTE_P | IOMMU_PTE_FC;
859
860 if (prot & IOMMU_PROT_IR)
861 __pte |= IOMMU_PTE_IR;
862 if (prot & IOMMU_PROT_IW)
863 __pte |= IOMMU_PTE_IW;
864
865 for (i = 0; i < count; ++i)
866 pte[i] = __pte;
867
868 update_domain(dom);
869
870 return 0;
871 }
872
iommu_unmap_page(struct protection_domain * dom,unsigned long bus_addr,unsigned long page_size)873 static unsigned long iommu_unmap_page(struct protection_domain *dom,
874 unsigned long bus_addr,
875 unsigned long page_size)
876 {
877 unsigned long long unmap_size, unmapped;
878 u64 *pte;
879
880 BUG_ON(!is_power_of_2(page_size));
881
882 unmapped = 0;
883
884 while (unmapped < page_size) {
885
886 pte = fetch_pte(dom, bus_addr);
887
888 if (!pte) {
889 /*
890 * No PTE for this address
891 * move forward in 4kb steps
892 */
893 unmap_size = PAGE_SIZE;
894 } else if (PM_PTE_LEVEL(*pte) == 0) {
895 /* 4kb PTE found for this address */
896 unmap_size = PAGE_SIZE;
897 *pte = 0ULL;
898 } else {
899 int count, i;
900
901 /* Large PTE found which maps this address */
902 unmap_size = PTE_PAGE_SIZE(*pte);
903 count = PAGE_SIZE_PTE_COUNT(unmap_size);
904 for (i = 0; i < count; i++)
905 pte[i] = 0ULL;
906 }
907
908 bus_addr = (bus_addr & ~(unmap_size - 1)) + unmap_size;
909 unmapped += unmap_size;
910 }
911
912 BUG_ON(!is_power_of_2(unmapped));
913
914 return unmapped;
915 }
916
917 /*
918 * This function checks if a specific unity mapping entry is needed for
919 * this specific IOMMU.
920 */
iommu_for_unity_map(struct amd_iommu * iommu,struct unity_map_entry * entry)921 static int iommu_for_unity_map(struct amd_iommu *iommu,
922 struct unity_map_entry *entry)
923 {
924 u16 bdf, i;
925
926 for (i = entry->devid_start; i <= entry->devid_end; ++i) {
927 bdf = amd_iommu_alias_table[i];
928 if (amd_iommu_rlookup_table[bdf] == iommu)
929 return 1;
930 }
931
932 return 0;
933 }
934
935 /*
936 * This function actually applies the mapping to the page table of the
937 * dma_ops domain.
938 */
dma_ops_unity_map(struct dma_ops_domain * dma_dom,struct unity_map_entry * e)939 static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
940 struct unity_map_entry *e)
941 {
942 u64 addr;
943 int ret;
944
945 for (addr = e->address_start; addr < e->address_end;
946 addr += PAGE_SIZE) {
947 ret = iommu_map_page(&dma_dom->domain, addr, addr, e->prot,
948 PAGE_SIZE);
949 if (ret)
950 return ret;
951 /*
952 * if unity mapping is in aperture range mark the page
953 * as allocated in the aperture
954 */
955 if (addr < dma_dom->aperture_size)
956 __set_bit(addr >> PAGE_SHIFT,
957 dma_dom->aperture[0]->bitmap);
958 }
959
960 return 0;
961 }
962
963 /*
964 * Init the unity mappings for a specific IOMMU in the system
965 *
966 * Basically iterates over all unity mapping entries and applies them to
967 * the default domain DMA of that IOMMU if necessary.
968 */
iommu_init_unity_mappings(struct amd_iommu * iommu)969 static int iommu_init_unity_mappings(struct amd_iommu *iommu)
970 {
971 struct unity_map_entry *entry;
972 int ret;
973
974 list_for_each_entry(entry, &amd_iommu_unity_map, list) {
975 if (!iommu_for_unity_map(iommu, entry))
976 continue;
977 ret = dma_ops_unity_map(iommu->default_dom, entry);
978 if (ret)
979 return ret;
980 }
981
982 return 0;
983 }
984
985 /*
986 * Inits the unity mappings required for a specific device
987 */
init_unity_mappings_for_device(struct dma_ops_domain * dma_dom,u16 devid)988 static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
989 u16 devid)
990 {
991 struct unity_map_entry *e;
992 int ret;
993
994 list_for_each_entry(e, &amd_iommu_unity_map, list) {
995 if (!(devid >= e->devid_start && devid <= e->devid_end))
996 continue;
997 ret = dma_ops_unity_map(dma_dom, e);
998 if (ret)
999 return ret;
1000 }
1001
1002 return 0;
1003 }
1004
1005 /****************************************************************************
1006 *
1007 * The next functions belong to the address allocator for the dma_ops
1008 * interface functions. They work like the allocators in the other IOMMU
1009 * drivers. Its basically a bitmap which marks the allocated pages in
1010 * the aperture. Maybe it could be enhanced in the future to a more
1011 * efficient allocator.
1012 *
1013 ****************************************************************************/
1014
1015 /*
1016 * The address allocator core functions.
1017 *
1018 * called with domain->lock held
1019 */
1020
1021 /*
1022 * Used to reserve address ranges in the aperture (e.g. for exclusion
1023 * ranges.
1024 */
dma_ops_reserve_addresses(struct dma_ops_domain * dom,unsigned long start_page,unsigned int pages)1025 static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
1026 unsigned long start_page,
1027 unsigned int pages)
1028 {
1029 unsigned int i, last_page = dom->aperture_size >> PAGE_SHIFT;
1030
1031 if (start_page + pages > last_page)
1032 pages = last_page - start_page;
1033
1034 for (i = start_page; i < start_page + pages; ++i) {
1035 int index = i / APERTURE_RANGE_PAGES;
1036 int page = i % APERTURE_RANGE_PAGES;
1037 __set_bit(page, dom->aperture[index]->bitmap);
1038 }
1039 }
1040
1041 /*
1042 * This function is used to add a new aperture range to an existing
1043 * aperture in case of dma_ops domain allocation or address allocation
1044 * failure.
1045 */
alloc_new_range(struct dma_ops_domain * dma_dom,bool populate,gfp_t gfp)1046 static int alloc_new_range(struct dma_ops_domain *dma_dom,
1047 bool populate, gfp_t gfp)
1048 {
1049 int index = dma_dom->aperture_size >> APERTURE_RANGE_SHIFT;
1050 struct amd_iommu *iommu;
1051 unsigned long i;
1052
1053 #ifdef CONFIG_IOMMU_STRESS
1054 populate = false;
1055 #endif
1056
1057 if (index >= APERTURE_MAX_RANGES)
1058 return -ENOMEM;
1059
1060 dma_dom->aperture[index] = kzalloc(sizeof(struct aperture_range), gfp);
1061 if (!dma_dom->aperture[index])
1062 return -ENOMEM;
1063
1064 dma_dom->aperture[index]->bitmap = (void *)get_zeroed_page(gfp);
1065 if (!dma_dom->aperture[index]->bitmap)
1066 goto out_free;
1067
1068 dma_dom->aperture[index]->offset = dma_dom->aperture_size;
1069
1070 if (populate) {
1071 unsigned long address = dma_dom->aperture_size;
1072 int i, num_ptes = APERTURE_RANGE_PAGES / 512;
1073 u64 *pte, *pte_page;
1074
1075 for (i = 0; i < num_ptes; ++i) {
1076 pte = alloc_pte(&dma_dom->domain, address, PAGE_SIZE,
1077 &pte_page, gfp);
1078 if (!pte)
1079 goto out_free;
1080
1081 dma_dom->aperture[index]->pte_pages[i] = pte_page;
1082
1083 address += APERTURE_RANGE_SIZE / 64;
1084 }
1085 }
1086
1087 dma_dom->aperture_size += APERTURE_RANGE_SIZE;
1088
1089 /* Initialize the exclusion range if necessary */
1090 for_each_iommu(iommu) {
1091 if (iommu->exclusion_start &&
1092 iommu->exclusion_start >= dma_dom->aperture[index]->offset
1093 && iommu->exclusion_start < dma_dom->aperture_size) {
1094 unsigned long startpage;
1095 int pages = iommu_num_pages(iommu->exclusion_start,
1096 iommu->exclusion_length,
1097 PAGE_SIZE);
1098 startpage = iommu->exclusion_start >> PAGE_SHIFT;
1099 dma_ops_reserve_addresses(dma_dom, startpage, pages);
1100 }
1101 }
1102
1103 /*
1104 * Check for areas already mapped as present in the new aperture
1105 * range and mark those pages as reserved in the allocator. Such
1106 * mappings may already exist as a result of requested unity
1107 * mappings for devices.
1108 */
1109 for (i = dma_dom->aperture[index]->offset;
1110 i < dma_dom->aperture_size;
1111 i += PAGE_SIZE) {
1112 u64 *pte = fetch_pte(&dma_dom->domain, i);
1113 if (!pte || !IOMMU_PTE_PRESENT(*pte))
1114 continue;
1115
1116 dma_ops_reserve_addresses(dma_dom, i << PAGE_SHIFT, 1);
1117 }
1118
1119 update_domain(&dma_dom->domain);
1120
1121 return 0;
1122
1123 out_free:
1124 update_domain(&dma_dom->domain);
1125
1126 free_page((unsigned long)dma_dom->aperture[index]->bitmap);
1127
1128 kfree(dma_dom->aperture[index]);
1129 dma_dom->aperture[index] = NULL;
1130
1131 return -ENOMEM;
1132 }
1133
dma_ops_area_alloc(struct device * dev,struct dma_ops_domain * dom,unsigned int pages,unsigned long align_mask,u64 dma_mask,unsigned long start)1134 static unsigned long dma_ops_area_alloc(struct device *dev,
1135 struct dma_ops_domain *dom,
1136 unsigned int pages,
1137 unsigned long align_mask,
1138 u64 dma_mask,
1139 unsigned long start)
1140 {
1141 unsigned long next_bit = dom->next_address % APERTURE_RANGE_SIZE;
1142 int max_index = dom->aperture_size >> APERTURE_RANGE_SHIFT;
1143 int i = start >> APERTURE_RANGE_SHIFT;
1144 unsigned long boundary_size;
1145 unsigned long address = -1;
1146 unsigned long limit;
1147
1148 next_bit >>= PAGE_SHIFT;
1149
1150 boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
1151 PAGE_SIZE) >> PAGE_SHIFT;
1152
1153 for (;i < max_index; ++i) {
1154 unsigned long offset = dom->aperture[i]->offset >> PAGE_SHIFT;
1155
1156 if (dom->aperture[i]->offset >= dma_mask)
1157 break;
1158
1159 limit = iommu_device_max_index(APERTURE_RANGE_PAGES, offset,
1160 dma_mask >> PAGE_SHIFT);
1161
1162 address = iommu_area_alloc(dom->aperture[i]->bitmap,
1163 limit, next_bit, pages, 0,
1164 boundary_size, align_mask);
1165 if (address != -1) {
1166 address = dom->aperture[i]->offset +
1167 (address << PAGE_SHIFT);
1168 dom->next_address = address + (pages << PAGE_SHIFT);
1169 break;
1170 }
1171
1172 next_bit = 0;
1173 }
1174
1175 return address;
1176 }
1177
dma_ops_alloc_addresses(struct device * dev,struct dma_ops_domain * dom,unsigned int pages,unsigned long align_mask,u64 dma_mask)1178 static unsigned long dma_ops_alloc_addresses(struct device *dev,
1179 struct dma_ops_domain *dom,
1180 unsigned int pages,
1181 unsigned long align_mask,
1182 u64 dma_mask)
1183 {
1184 unsigned long address;
1185
1186 #ifdef CONFIG_IOMMU_STRESS
1187 dom->next_address = 0;
1188 dom->need_flush = true;
1189 #endif
1190
1191 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1192 dma_mask, dom->next_address);
1193
1194 if (address == -1) {
1195 dom->next_address = 0;
1196 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1197 dma_mask, 0);
1198 dom->need_flush = true;
1199 }
1200
1201 if (unlikely(address == -1))
1202 address = DMA_ERROR_CODE;
1203
1204 WARN_ON((address + (PAGE_SIZE*pages)) > dom->aperture_size);
1205
1206 return address;
1207 }
1208
1209 /*
1210 * The address free function.
1211 *
1212 * called with domain->lock held
1213 */
dma_ops_free_addresses(struct dma_ops_domain * dom,unsigned long address,unsigned int pages)1214 static void dma_ops_free_addresses(struct dma_ops_domain *dom,
1215 unsigned long address,
1216 unsigned int pages)
1217 {
1218 unsigned i = address >> APERTURE_RANGE_SHIFT;
1219 struct aperture_range *range = dom->aperture[i];
1220
1221 BUG_ON(i >= APERTURE_MAX_RANGES || range == NULL);
1222
1223 #ifdef CONFIG_IOMMU_STRESS
1224 if (i < 4)
1225 return;
1226 #endif
1227
1228 if (address >= dom->next_address)
1229 dom->need_flush = true;
1230
1231 address = (address % APERTURE_RANGE_SIZE) >> PAGE_SHIFT;
1232
1233 bitmap_clear(range->bitmap, address, pages);
1234
1235 }
1236
1237 /****************************************************************************
1238 *
1239 * The next functions belong to the domain allocation. A domain is
1240 * allocated for every IOMMU as the default domain. If device isolation
1241 * is enabled, every device get its own domain. The most important thing
1242 * about domains is the page table mapping the DMA address space they
1243 * contain.
1244 *
1245 ****************************************************************************/
1246
1247 /*
1248 * This function adds a protection domain to the global protection domain list
1249 */
add_domain_to_list(struct protection_domain * domain)1250 static void add_domain_to_list(struct protection_domain *domain)
1251 {
1252 unsigned long flags;
1253
1254 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1255 list_add(&domain->list, &amd_iommu_pd_list);
1256 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1257 }
1258
1259 /*
1260 * This function removes a protection domain to the global
1261 * protection domain list
1262 */
del_domain_from_list(struct protection_domain * domain)1263 static void del_domain_from_list(struct protection_domain *domain)
1264 {
1265 unsigned long flags;
1266
1267 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1268 list_del(&domain->list);
1269 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1270 }
1271
domain_id_alloc(void)1272 static u16 domain_id_alloc(void)
1273 {
1274 unsigned long flags;
1275 int id;
1276
1277 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1278 id = find_first_zero_bit(amd_iommu_pd_alloc_bitmap, MAX_DOMAIN_ID);
1279 BUG_ON(id == 0);
1280 if (id > 0 && id < MAX_DOMAIN_ID)
1281 __set_bit(id, amd_iommu_pd_alloc_bitmap);
1282 else
1283 id = 0;
1284 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1285
1286 return id;
1287 }
1288
domain_id_free(int id)1289 static void domain_id_free(int id)
1290 {
1291 unsigned long flags;
1292
1293 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1294 if (id > 0 && id < MAX_DOMAIN_ID)
1295 __clear_bit(id, amd_iommu_pd_alloc_bitmap);
1296 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1297 }
1298
free_pagetable(struct protection_domain * domain)1299 static void free_pagetable(struct protection_domain *domain)
1300 {
1301 int i, j;
1302 u64 *p1, *p2, *p3;
1303
1304 p1 = domain->pt_root;
1305
1306 if (!p1)
1307 return;
1308
1309 for (i = 0; i < 512; ++i) {
1310 if (!IOMMU_PTE_PRESENT(p1[i]))
1311 continue;
1312
1313 p2 = IOMMU_PTE_PAGE(p1[i]);
1314 for (j = 0; j < 512; ++j) {
1315 if (!IOMMU_PTE_PRESENT(p2[j]))
1316 continue;
1317 p3 = IOMMU_PTE_PAGE(p2[j]);
1318 free_page((unsigned long)p3);
1319 }
1320
1321 free_page((unsigned long)p2);
1322 }
1323
1324 free_page((unsigned long)p1);
1325
1326 domain->pt_root = NULL;
1327 }
1328
1329 /*
1330 * Free a domain, only used if something went wrong in the
1331 * allocation path and we need to free an already allocated page table
1332 */
dma_ops_domain_free(struct dma_ops_domain * dom)1333 static void dma_ops_domain_free(struct dma_ops_domain *dom)
1334 {
1335 int i;
1336
1337 if (!dom)
1338 return;
1339
1340 del_domain_from_list(&dom->domain);
1341
1342 free_pagetable(&dom->domain);
1343
1344 for (i = 0; i < APERTURE_MAX_RANGES; ++i) {
1345 if (!dom->aperture[i])
1346 continue;
1347 free_page((unsigned long)dom->aperture[i]->bitmap);
1348 kfree(dom->aperture[i]);
1349 }
1350
1351 kfree(dom);
1352 }
1353
1354 /*
1355 * Allocates a new protection domain usable for the dma_ops functions.
1356 * It also initializes the page table and the address allocator data
1357 * structures required for the dma_ops interface
1358 */
dma_ops_domain_alloc(void)1359 static struct dma_ops_domain *dma_ops_domain_alloc(void)
1360 {
1361 struct dma_ops_domain *dma_dom;
1362
1363 dma_dom = kzalloc(sizeof(struct dma_ops_domain), GFP_KERNEL);
1364 if (!dma_dom)
1365 return NULL;
1366
1367 spin_lock_init(&dma_dom->domain.lock);
1368
1369 dma_dom->domain.id = domain_id_alloc();
1370 if (dma_dom->domain.id == 0)
1371 goto free_dma_dom;
1372 INIT_LIST_HEAD(&dma_dom->domain.dev_list);
1373 dma_dom->domain.mode = PAGE_MODE_2_LEVEL;
1374 dma_dom->domain.pt_root = (void *)get_zeroed_page(GFP_KERNEL);
1375 dma_dom->domain.flags = PD_DMA_OPS_MASK;
1376 dma_dom->domain.priv = dma_dom;
1377 if (!dma_dom->domain.pt_root)
1378 goto free_dma_dom;
1379
1380 dma_dom->need_flush = false;
1381 dma_dom->target_dev = 0xffff;
1382
1383 add_domain_to_list(&dma_dom->domain);
1384
1385 if (alloc_new_range(dma_dom, true, GFP_KERNEL))
1386 goto free_dma_dom;
1387
1388 /*
1389 * mark the first page as allocated so we never return 0 as
1390 * a valid dma-address. So we can use 0 as error value
1391 */
1392 dma_dom->aperture[0]->bitmap[0] = 1;
1393 dma_dom->next_address = 0;
1394
1395
1396 return dma_dom;
1397
1398 free_dma_dom:
1399 dma_ops_domain_free(dma_dom);
1400
1401 return NULL;
1402 }
1403
1404 /*
1405 * little helper function to check whether a given protection domain is a
1406 * dma_ops domain
1407 */
dma_ops_domain(struct protection_domain * domain)1408 static bool dma_ops_domain(struct protection_domain *domain)
1409 {
1410 return domain->flags & PD_DMA_OPS_MASK;
1411 }
1412
set_dte_entry(u16 devid,struct protection_domain * domain)1413 static void set_dte_entry(u16 devid, struct protection_domain *domain)
1414 {
1415 u64 pte_root = virt_to_phys(domain->pt_root);
1416
1417 pte_root |= (domain->mode & DEV_ENTRY_MODE_MASK)
1418 << DEV_ENTRY_MODE_SHIFT;
1419 pte_root |= IOMMU_PTE_IR | IOMMU_PTE_IW | IOMMU_PTE_P | IOMMU_PTE_TV;
1420
1421 amd_iommu_dev_table[devid].data[2] = domain->id;
1422 amd_iommu_dev_table[devid].data[1] = upper_32_bits(pte_root);
1423 amd_iommu_dev_table[devid].data[0] = lower_32_bits(pte_root);
1424 }
1425
clear_dte_entry(u16 devid)1426 static void clear_dte_entry(u16 devid)
1427 {
1428 /* remove entry from the device table seen by the hardware */
1429 amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
1430 amd_iommu_dev_table[devid].data[1] = 0;
1431 amd_iommu_dev_table[devid].data[2] = 0;
1432
1433 amd_iommu_apply_erratum_63(devid);
1434 }
1435
do_attach(struct device * dev,struct protection_domain * domain)1436 static void do_attach(struct device *dev, struct protection_domain *domain)
1437 {
1438 struct iommu_dev_data *dev_data;
1439 struct amd_iommu *iommu;
1440 u16 devid;
1441
1442 devid = get_device_id(dev);
1443 iommu = amd_iommu_rlookup_table[devid];
1444 dev_data = get_dev_data(dev);
1445
1446 /* Update data structures */
1447 dev_data->domain = domain;
1448 list_add(&dev_data->list, &domain->dev_list);
1449 set_dte_entry(devid, domain);
1450
1451 /* Do reference counting */
1452 domain->dev_iommu[iommu->index] += 1;
1453 domain->dev_cnt += 1;
1454
1455 /* Flush the DTE entry */
1456 iommu_flush_device(dev);
1457 }
1458
do_detach(struct device * dev)1459 static void do_detach(struct device *dev)
1460 {
1461 struct iommu_dev_data *dev_data;
1462 struct amd_iommu *iommu;
1463 u16 devid;
1464
1465 devid = get_device_id(dev);
1466 iommu = amd_iommu_rlookup_table[devid];
1467 dev_data = get_dev_data(dev);
1468
1469 /* decrease reference counters */
1470 dev_data->domain->dev_iommu[iommu->index] -= 1;
1471 dev_data->domain->dev_cnt -= 1;
1472
1473 /* Update data structures */
1474 dev_data->domain = NULL;
1475 list_del(&dev_data->list);
1476 clear_dte_entry(devid);
1477
1478 /* Flush the DTE entry */
1479 iommu_flush_device(dev);
1480 }
1481
1482 /*
1483 * If a device is not yet associated with a domain, this function does
1484 * assigns it visible for the hardware
1485 */
__attach_device(struct device * dev,struct protection_domain * domain)1486 static int __attach_device(struct device *dev,
1487 struct protection_domain *domain)
1488 {
1489 struct iommu_dev_data *dev_data, *alias_data;
1490 int ret;
1491
1492 dev_data = get_dev_data(dev);
1493 alias_data = get_dev_data(dev_data->alias);
1494
1495 if (!alias_data)
1496 return -EINVAL;
1497
1498 /* lock domain */
1499 spin_lock(&domain->lock);
1500
1501 /* Some sanity checks */
1502 ret = -EBUSY;
1503 if (alias_data->domain != NULL &&
1504 alias_data->domain != domain)
1505 goto out_unlock;
1506
1507 if (dev_data->domain != NULL &&
1508 dev_data->domain != domain)
1509 goto out_unlock;
1510
1511 /* Do real assignment */
1512 if (dev_data->alias != dev) {
1513 alias_data = get_dev_data(dev_data->alias);
1514 if (alias_data->domain == NULL)
1515 do_attach(dev_data->alias, domain);
1516
1517 atomic_inc(&alias_data->bind);
1518 }
1519
1520 if (dev_data->domain == NULL)
1521 do_attach(dev, domain);
1522
1523 atomic_inc(&dev_data->bind);
1524
1525 ret = 0;
1526
1527 out_unlock:
1528
1529 /* ready */
1530 spin_unlock(&domain->lock);
1531
1532 return ret;
1533 }
1534
1535 /*
1536 * If a device is not yet associated with a domain, this function does
1537 * assigns it visible for the hardware
1538 */
attach_device(struct device * dev,struct protection_domain * domain)1539 static int attach_device(struct device *dev,
1540 struct protection_domain *domain)
1541 {
1542 unsigned long flags;
1543 int ret;
1544
1545 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1546 ret = __attach_device(dev, domain);
1547 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1548
1549 /*
1550 * We might boot into a crash-kernel here. The crashed kernel
1551 * left the caches in the IOMMU dirty. So we have to flush
1552 * here to evict all dirty stuff.
1553 */
1554 iommu_flush_tlb_pde(domain);
1555
1556 return ret;
1557 }
1558
1559 /*
1560 * Removes a device from a protection domain (unlocked)
1561 */
__detach_device(struct device * dev)1562 static void __detach_device(struct device *dev)
1563 {
1564 struct iommu_dev_data *dev_data = get_dev_data(dev);
1565 struct iommu_dev_data *alias_data;
1566 struct protection_domain *domain;
1567 unsigned long flags;
1568
1569 BUG_ON(!dev_data->domain);
1570
1571 domain = dev_data->domain;
1572
1573 spin_lock_irqsave(&domain->lock, flags);
1574
1575 if (dev_data->alias != dev) {
1576 alias_data = get_dev_data(dev_data->alias);
1577 if (atomic_dec_and_test(&alias_data->bind))
1578 do_detach(dev_data->alias);
1579 }
1580
1581 if (atomic_dec_and_test(&dev_data->bind))
1582 do_detach(dev);
1583
1584 spin_unlock_irqrestore(&domain->lock, flags);
1585
1586 /*
1587 * If we run in passthrough mode the device must be assigned to the
1588 * passthrough domain if it is detached from any other domain.
1589 * Make sure we can deassign from the pt_domain itself.
1590 */
1591 if (iommu_pass_through &&
1592 (dev_data->domain == NULL && domain != pt_domain))
1593 __attach_device(dev, pt_domain);
1594 }
1595
1596 /*
1597 * Removes a device from a protection domain (with devtable_lock held)
1598 */
detach_device(struct device * dev)1599 static void detach_device(struct device *dev)
1600 {
1601 unsigned long flags;
1602
1603 /* lock device table */
1604 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1605 __detach_device(dev);
1606 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1607 }
1608
1609 /*
1610 * Find out the protection domain structure for a given PCI device. This
1611 * will give us the pointer to the page table root for example.
1612 */
domain_for_device(struct device * dev)1613 static struct protection_domain *domain_for_device(struct device *dev)
1614 {
1615 struct protection_domain *dom;
1616 struct iommu_dev_data *dev_data, *alias_data;
1617 unsigned long flags;
1618 u16 devid, alias;
1619
1620 devid = get_device_id(dev);
1621 alias = amd_iommu_alias_table[devid];
1622 dev_data = get_dev_data(dev);
1623 alias_data = get_dev_data(dev_data->alias);
1624 if (!alias_data)
1625 return NULL;
1626
1627 read_lock_irqsave(&amd_iommu_devtable_lock, flags);
1628 dom = dev_data->domain;
1629 if (dom == NULL &&
1630 alias_data->domain != NULL) {
1631 __attach_device(dev, alias_data->domain);
1632 dom = alias_data->domain;
1633 }
1634
1635 read_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1636
1637 return dom;
1638 }
1639
device_change_notifier(struct notifier_block * nb,unsigned long action,void * data)1640 static int device_change_notifier(struct notifier_block *nb,
1641 unsigned long action, void *data)
1642 {
1643 struct device *dev = data;
1644 u16 devid;
1645 struct protection_domain *domain;
1646 struct dma_ops_domain *dma_domain;
1647 struct amd_iommu *iommu;
1648 unsigned long flags;
1649
1650 if (!check_device(dev))
1651 return 0;
1652
1653 devid = get_device_id(dev);
1654 iommu = amd_iommu_rlookup_table[devid];
1655
1656 switch (action) {
1657 case BUS_NOTIFY_UNBOUND_DRIVER:
1658
1659 domain = domain_for_device(dev);
1660
1661 if (!domain)
1662 goto out;
1663 if (iommu_pass_through)
1664 break;
1665 detach_device(dev);
1666 break;
1667 case BUS_NOTIFY_ADD_DEVICE:
1668
1669 iommu_init_device(dev);
1670
1671 domain = domain_for_device(dev);
1672
1673 /* allocate a protection domain if a device is added */
1674 dma_domain = find_protection_domain(devid);
1675 if (dma_domain)
1676 goto out;
1677 dma_domain = dma_ops_domain_alloc();
1678 if (!dma_domain)
1679 goto out;
1680 dma_domain->target_dev = devid;
1681
1682 spin_lock_irqsave(&iommu_pd_list_lock, flags);
1683 list_add_tail(&dma_domain->list, &iommu_pd_list);
1684 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
1685
1686 break;
1687 case BUS_NOTIFY_DEL_DEVICE:
1688
1689 iommu_uninit_device(dev);
1690
1691 default:
1692 goto out;
1693 }
1694
1695 iommu_flush_device(dev);
1696 iommu_completion_wait(iommu);
1697
1698 out:
1699 return 0;
1700 }
1701
1702 static struct notifier_block device_nb = {
1703 .notifier_call = device_change_notifier,
1704 };
1705
amd_iommu_init_notifier(void)1706 void amd_iommu_init_notifier(void)
1707 {
1708 bus_register_notifier(&pci_bus_type, &device_nb);
1709 }
1710
1711 /*****************************************************************************
1712 *
1713 * The next functions belong to the dma_ops mapping/unmapping code.
1714 *
1715 *****************************************************************************/
1716
1717 /*
1718 * In the dma_ops path we only have the struct device. This function
1719 * finds the corresponding IOMMU, the protection domain and the
1720 * requestor id for a given device.
1721 * If the device is not yet associated with a domain this is also done
1722 * in this function.
1723 */
get_domain(struct device * dev)1724 static struct protection_domain *get_domain(struct device *dev)
1725 {
1726 struct protection_domain *domain;
1727 struct dma_ops_domain *dma_dom;
1728 u16 devid = get_device_id(dev);
1729
1730 if (!check_device(dev))
1731 return ERR_PTR(-EINVAL);
1732
1733 domain = domain_for_device(dev);
1734 if (domain != NULL && !dma_ops_domain(domain))
1735 return ERR_PTR(-EBUSY);
1736
1737 if (domain != NULL)
1738 return domain;
1739
1740 /* Device not bount yet - bind it */
1741 dma_dom = find_protection_domain(devid);
1742 if (!dma_dom)
1743 dma_dom = amd_iommu_rlookup_table[devid]->default_dom;
1744 attach_device(dev, &dma_dom->domain);
1745 DUMP_printk("Using protection domain %d for device %s\n",
1746 dma_dom->domain.id, dev_name(dev));
1747
1748 return &dma_dom->domain;
1749 }
1750
update_device_table(struct protection_domain * domain)1751 static void update_device_table(struct protection_domain *domain)
1752 {
1753 struct iommu_dev_data *dev_data;
1754
1755 list_for_each_entry(dev_data, &domain->dev_list, list) {
1756 u16 devid = get_device_id(dev_data->dev);
1757 set_dte_entry(devid, domain);
1758 }
1759 }
1760
update_domain(struct protection_domain * domain)1761 static void update_domain(struct protection_domain *domain)
1762 {
1763 if (!domain->updated)
1764 return;
1765
1766 update_device_table(domain);
1767 iommu_flush_domain_devices(domain);
1768 iommu_flush_tlb_pde(domain);
1769
1770 domain->updated = false;
1771 }
1772
1773 /*
1774 * This function fetches the PTE for a given address in the aperture
1775 */
dma_ops_get_pte(struct dma_ops_domain * dom,unsigned long address)1776 static u64* dma_ops_get_pte(struct dma_ops_domain *dom,
1777 unsigned long address)
1778 {
1779 struct aperture_range *aperture;
1780 u64 *pte, *pte_page;
1781
1782 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
1783 if (!aperture)
1784 return NULL;
1785
1786 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
1787 if (!pte) {
1788 pte = alloc_pte(&dom->domain, address, PAGE_SIZE, &pte_page,
1789 GFP_ATOMIC);
1790 aperture->pte_pages[APERTURE_PAGE_INDEX(address)] = pte_page;
1791 } else
1792 pte += PM_LEVEL_INDEX(0, address);
1793
1794 update_domain(&dom->domain);
1795
1796 return pte;
1797 }
1798
1799 /*
1800 * This is the generic map function. It maps one 4kb page at paddr to
1801 * the given address in the DMA address space for the domain.
1802 */
dma_ops_domain_map(struct dma_ops_domain * dom,unsigned long address,phys_addr_t paddr,int direction)1803 static dma_addr_t dma_ops_domain_map(struct dma_ops_domain *dom,
1804 unsigned long address,
1805 phys_addr_t paddr,
1806 int direction)
1807 {
1808 u64 *pte, __pte;
1809
1810 WARN_ON(address > dom->aperture_size);
1811
1812 paddr &= PAGE_MASK;
1813
1814 pte = dma_ops_get_pte(dom, address);
1815 if (!pte)
1816 return DMA_ERROR_CODE;
1817
1818 __pte = paddr | IOMMU_PTE_P | IOMMU_PTE_FC;
1819
1820 if (direction == DMA_TO_DEVICE)
1821 __pte |= IOMMU_PTE_IR;
1822 else if (direction == DMA_FROM_DEVICE)
1823 __pte |= IOMMU_PTE_IW;
1824 else if (direction == DMA_BIDIRECTIONAL)
1825 __pte |= IOMMU_PTE_IR | IOMMU_PTE_IW;
1826
1827 WARN_ON(*pte);
1828
1829 *pte = __pte;
1830
1831 return (dma_addr_t)address;
1832 }
1833
1834 /*
1835 * The generic unmapping function for on page in the DMA address space.
1836 */
dma_ops_domain_unmap(struct dma_ops_domain * dom,unsigned long address)1837 static void dma_ops_domain_unmap(struct dma_ops_domain *dom,
1838 unsigned long address)
1839 {
1840 struct aperture_range *aperture;
1841 u64 *pte;
1842
1843 if (address >= dom->aperture_size)
1844 return;
1845
1846 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
1847 if (!aperture)
1848 return;
1849
1850 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
1851 if (!pte)
1852 return;
1853
1854 pte += PM_LEVEL_INDEX(0, address);
1855
1856 WARN_ON(!*pte);
1857
1858 *pte = 0ULL;
1859 }
1860
1861 /*
1862 * This function contains common code for mapping of a physically
1863 * contiguous memory region into DMA address space. It is used by all
1864 * mapping functions provided with this IOMMU driver.
1865 * Must be called with the domain lock held.
1866 */
__map_single(struct device * dev,struct dma_ops_domain * dma_dom,phys_addr_t paddr,size_t size,int dir,bool align,u64 dma_mask)1867 static dma_addr_t __map_single(struct device *dev,
1868 struct dma_ops_domain *dma_dom,
1869 phys_addr_t paddr,
1870 size_t size,
1871 int dir,
1872 bool align,
1873 u64 dma_mask)
1874 {
1875 dma_addr_t offset = paddr & ~PAGE_MASK;
1876 dma_addr_t address, start, ret;
1877 unsigned int pages;
1878 unsigned long align_mask = 0;
1879 int i;
1880
1881 pages = iommu_num_pages(paddr, size, PAGE_SIZE);
1882 paddr &= PAGE_MASK;
1883
1884 INC_STATS_COUNTER(total_map_requests);
1885
1886 if (pages > 1)
1887 INC_STATS_COUNTER(cross_page);
1888
1889 if (align)
1890 align_mask = (1UL << get_order(size)) - 1;
1891
1892 retry:
1893 address = dma_ops_alloc_addresses(dev, dma_dom, pages, align_mask,
1894 dma_mask);
1895 if (unlikely(address == DMA_ERROR_CODE)) {
1896 /*
1897 * setting next_address here will let the address
1898 * allocator only scan the new allocated range in the
1899 * first run. This is a small optimization.
1900 */
1901 dma_dom->next_address = dma_dom->aperture_size;
1902
1903 if (alloc_new_range(dma_dom, false, GFP_ATOMIC))
1904 goto out;
1905
1906 /*
1907 * aperture was successfully enlarged by 128 MB, try
1908 * allocation again
1909 */
1910 goto retry;
1911 }
1912
1913 start = address;
1914 for (i = 0; i < pages; ++i) {
1915 ret = dma_ops_domain_map(dma_dom, start, paddr, dir);
1916 if (ret == DMA_ERROR_CODE)
1917 goto out_unmap;
1918
1919 paddr += PAGE_SIZE;
1920 start += PAGE_SIZE;
1921 }
1922 address += offset;
1923
1924 ADD_STATS_COUNTER(alloced_io_mem, size);
1925
1926 if (unlikely(dma_dom->need_flush && !amd_iommu_unmap_flush)) {
1927 iommu_flush_tlb(&dma_dom->domain);
1928 dma_dom->need_flush = false;
1929 } else if (unlikely(amd_iommu_np_cache))
1930 iommu_flush_pages(&dma_dom->domain, address, size);
1931
1932 out:
1933 return address;
1934
1935 out_unmap:
1936
1937 for (--i; i >= 0; --i) {
1938 start -= PAGE_SIZE;
1939 dma_ops_domain_unmap(dma_dom, start);
1940 }
1941
1942 dma_ops_free_addresses(dma_dom, address, pages);
1943
1944 return DMA_ERROR_CODE;
1945 }
1946
1947 /*
1948 * Does the reverse of the __map_single function. Must be called with
1949 * the domain lock held too
1950 */
__unmap_single(struct dma_ops_domain * dma_dom,dma_addr_t dma_addr,size_t size,int dir)1951 static void __unmap_single(struct dma_ops_domain *dma_dom,
1952 dma_addr_t dma_addr,
1953 size_t size,
1954 int dir)
1955 {
1956 dma_addr_t flush_addr;
1957 dma_addr_t i, start;
1958 unsigned int pages;
1959
1960 if ((dma_addr == DMA_ERROR_CODE) ||
1961 (dma_addr + size > dma_dom->aperture_size))
1962 return;
1963
1964 flush_addr = dma_addr;
1965 pages = iommu_num_pages(dma_addr, size, PAGE_SIZE);
1966 dma_addr &= PAGE_MASK;
1967 start = dma_addr;
1968
1969 for (i = 0; i < pages; ++i) {
1970 dma_ops_domain_unmap(dma_dom, start);
1971 start += PAGE_SIZE;
1972 }
1973
1974 SUB_STATS_COUNTER(alloced_io_mem, size);
1975
1976 dma_ops_free_addresses(dma_dom, dma_addr, pages);
1977
1978 if (amd_iommu_unmap_flush || dma_dom->need_flush) {
1979 iommu_flush_pages(&dma_dom->domain, flush_addr, size);
1980 dma_dom->need_flush = false;
1981 }
1982 }
1983
1984 /*
1985 * The exported map_single function for dma_ops.
1986 */
map_page(struct device * dev,struct page * page,unsigned long offset,size_t size,enum dma_data_direction dir,struct dma_attrs * attrs)1987 static dma_addr_t map_page(struct device *dev, struct page *page,
1988 unsigned long offset, size_t size,
1989 enum dma_data_direction dir,
1990 struct dma_attrs *attrs)
1991 {
1992 unsigned long flags;
1993 struct protection_domain *domain;
1994 dma_addr_t addr;
1995 u64 dma_mask;
1996 phys_addr_t paddr = page_to_phys(page) + offset;
1997
1998 INC_STATS_COUNTER(cnt_map_single);
1999
2000 domain = get_domain(dev);
2001 if (PTR_ERR(domain) == -EINVAL)
2002 return (dma_addr_t)paddr;
2003 else if (IS_ERR(domain))
2004 return DMA_ERROR_CODE;
2005
2006 dma_mask = *dev->dma_mask;
2007
2008 spin_lock_irqsave(&domain->lock, flags);
2009
2010 addr = __map_single(dev, domain->priv, paddr, size, dir, false,
2011 dma_mask);
2012 if (addr == DMA_ERROR_CODE)
2013 goto out;
2014
2015 iommu_flush_complete(domain);
2016
2017 out:
2018 spin_unlock_irqrestore(&domain->lock, flags);
2019
2020 return addr;
2021 }
2022
2023 /*
2024 * The exported unmap_single function for dma_ops.
2025 */
unmap_page(struct device * dev,dma_addr_t dma_addr,size_t size,enum dma_data_direction dir,struct dma_attrs * attrs)2026 static void unmap_page(struct device *dev, dma_addr_t dma_addr, size_t size,
2027 enum dma_data_direction dir, struct dma_attrs *attrs)
2028 {
2029 unsigned long flags;
2030 struct protection_domain *domain;
2031
2032 INC_STATS_COUNTER(cnt_unmap_single);
2033
2034 domain = get_domain(dev);
2035 if (IS_ERR(domain))
2036 return;
2037
2038 spin_lock_irqsave(&domain->lock, flags);
2039
2040 __unmap_single(domain->priv, dma_addr, size, dir);
2041
2042 iommu_flush_complete(domain);
2043
2044 spin_unlock_irqrestore(&domain->lock, flags);
2045 }
2046
2047 /*
2048 * This is a special map_sg function which is used if we should map a
2049 * device which is not handled by an AMD IOMMU in the system.
2050 */
map_sg_no_iommu(struct device * dev,struct scatterlist * sglist,int nelems,int dir)2051 static int map_sg_no_iommu(struct device *dev, struct scatterlist *sglist,
2052 int nelems, int dir)
2053 {
2054 struct scatterlist *s;
2055 int i;
2056
2057 for_each_sg(sglist, s, nelems, i) {
2058 s->dma_address = (dma_addr_t)sg_phys(s);
2059 s->dma_length = s->length;
2060 }
2061
2062 return nelems;
2063 }
2064
2065 /*
2066 * The exported map_sg function for dma_ops (handles scatter-gather
2067 * lists).
2068 */
map_sg(struct device * dev,struct scatterlist * sglist,int nelems,enum dma_data_direction dir,struct dma_attrs * attrs)2069 static int map_sg(struct device *dev, struct scatterlist *sglist,
2070 int nelems, enum dma_data_direction dir,
2071 struct dma_attrs *attrs)
2072 {
2073 unsigned long flags;
2074 struct protection_domain *domain;
2075 int i;
2076 struct scatterlist *s;
2077 phys_addr_t paddr;
2078 int mapped_elems = 0;
2079 u64 dma_mask;
2080
2081 INC_STATS_COUNTER(cnt_map_sg);
2082
2083 domain = get_domain(dev);
2084 if (PTR_ERR(domain) == -EINVAL)
2085 return map_sg_no_iommu(dev, sglist, nelems, dir);
2086 else if (IS_ERR(domain))
2087 return 0;
2088
2089 dma_mask = *dev->dma_mask;
2090
2091 spin_lock_irqsave(&domain->lock, flags);
2092
2093 for_each_sg(sglist, s, nelems, i) {
2094 paddr = sg_phys(s);
2095
2096 s->dma_address = __map_single(dev, domain->priv,
2097 paddr, s->length, dir, false,
2098 dma_mask);
2099
2100 if (s->dma_address) {
2101 s->dma_length = s->length;
2102 mapped_elems++;
2103 } else
2104 goto unmap;
2105 }
2106
2107 iommu_flush_complete(domain);
2108
2109 out:
2110 spin_unlock_irqrestore(&domain->lock, flags);
2111
2112 return mapped_elems;
2113 unmap:
2114 for_each_sg(sglist, s, mapped_elems, i) {
2115 if (s->dma_address)
2116 __unmap_single(domain->priv, s->dma_address,
2117 s->dma_length, dir);
2118 s->dma_address = s->dma_length = 0;
2119 }
2120
2121 mapped_elems = 0;
2122
2123 goto out;
2124 }
2125
2126 /*
2127 * The exported map_sg function for dma_ops (handles scatter-gather
2128 * lists).
2129 */
unmap_sg(struct device * dev,struct scatterlist * sglist,int nelems,enum dma_data_direction dir,struct dma_attrs * attrs)2130 static void unmap_sg(struct device *dev, struct scatterlist *sglist,
2131 int nelems, enum dma_data_direction dir,
2132 struct dma_attrs *attrs)
2133 {
2134 unsigned long flags;
2135 struct protection_domain *domain;
2136 struct scatterlist *s;
2137 int i;
2138
2139 INC_STATS_COUNTER(cnt_unmap_sg);
2140
2141 domain = get_domain(dev);
2142 if (IS_ERR(domain))
2143 return;
2144
2145 spin_lock_irqsave(&domain->lock, flags);
2146
2147 for_each_sg(sglist, s, nelems, i) {
2148 __unmap_single(domain->priv, s->dma_address,
2149 s->dma_length, dir);
2150 s->dma_address = s->dma_length = 0;
2151 }
2152
2153 iommu_flush_complete(domain);
2154
2155 spin_unlock_irqrestore(&domain->lock, flags);
2156 }
2157
2158 /*
2159 * The exported alloc_coherent function for dma_ops.
2160 */
alloc_coherent(struct device * dev,size_t size,dma_addr_t * dma_addr,gfp_t flag)2161 static void *alloc_coherent(struct device *dev, size_t size,
2162 dma_addr_t *dma_addr, gfp_t flag)
2163 {
2164 unsigned long flags;
2165 void *virt_addr;
2166 struct protection_domain *domain;
2167 phys_addr_t paddr;
2168 u64 dma_mask = dev->coherent_dma_mask;
2169
2170 INC_STATS_COUNTER(cnt_alloc_coherent);
2171
2172 domain = get_domain(dev);
2173 if (PTR_ERR(domain) == -EINVAL) {
2174 virt_addr = (void *)__get_free_pages(flag, get_order(size));
2175 *dma_addr = __pa(virt_addr);
2176 return virt_addr;
2177 } else if (IS_ERR(domain))
2178 return NULL;
2179
2180 dma_mask = dev->coherent_dma_mask;
2181 flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
2182 flag |= __GFP_ZERO;
2183
2184 virt_addr = (void *)__get_free_pages(flag, get_order(size));
2185 if (!virt_addr)
2186 return NULL;
2187
2188 paddr = virt_to_phys(virt_addr);
2189
2190 if (!dma_mask)
2191 dma_mask = *dev->dma_mask;
2192
2193 spin_lock_irqsave(&domain->lock, flags);
2194
2195 *dma_addr = __map_single(dev, domain->priv, paddr,
2196 size, DMA_BIDIRECTIONAL, true, dma_mask);
2197
2198 if (*dma_addr == DMA_ERROR_CODE) {
2199 spin_unlock_irqrestore(&domain->lock, flags);
2200 goto out_free;
2201 }
2202
2203 iommu_flush_complete(domain);
2204
2205 spin_unlock_irqrestore(&domain->lock, flags);
2206
2207 return virt_addr;
2208
2209 out_free:
2210
2211 free_pages((unsigned long)virt_addr, get_order(size));
2212
2213 return NULL;
2214 }
2215
2216 /*
2217 * The exported free_coherent function for dma_ops.
2218 */
free_coherent(struct device * dev,size_t size,void * virt_addr,dma_addr_t dma_addr)2219 static void free_coherent(struct device *dev, size_t size,
2220 void *virt_addr, dma_addr_t dma_addr)
2221 {
2222 unsigned long flags;
2223 struct protection_domain *domain;
2224
2225 INC_STATS_COUNTER(cnt_free_coherent);
2226
2227 domain = get_domain(dev);
2228 if (IS_ERR(domain))
2229 goto free_mem;
2230
2231 spin_lock_irqsave(&domain->lock, flags);
2232
2233 __unmap_single(domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
2234
2235 iommu_flush_complete(domain);
2236
2237 spin_unlock_irqrestore(&domain->lock, flags);
2238
2239 free_mem:
2240 free_pages((unsigned long)virt_addr, get_order(size));
2241 }
2242
2243 /*
2244 * This function is called by the DMA layer to find out if we can handle a
2245 * particular device. It is part of the dma_ops.
2246 */
amd_iommu_dma_supported(struct device * dev,u64 mask)2247 static int amd_iommu_dma_supported(struct device *dev, u64 mask)
2248 {
2249 return check_device(dev);
2250 }
2251
2252 /*
2253 * The function for pre-allocating protection domains.
2254 *
2255 * If the driver core informs the DMA layer if a driver grabs a device
2256 * we don't need to preallocate the protection domains anymore.
2257 * For now we have to.
2258 */
prealloc_protection_domains(void)2259 static void prealloc_protection_domains(void)
2260 {
2261 struct pci_dev *dev = NULL;
2262 struct dma_ops_domain *dma_dom;
2263 u16 devid;
2264
2265 for_each_pci_dev(dev) {
2266
2267 /* Do we handle this device? */
2268 if (!check_device(&dev->dev))
2269 continue;
2270
2271 /* Is there already any domain for it? */
2272 if (domain_for_device(&dev->dev))
2273 continue;
2274
2275 devid = get_device_id(&dev->dev);
2276
2277 dma_dom = dma_ops_domain_alloc();
2278 if (!dma_dom)
2279 continue;
2280 init_unity_mappings_for_device(dma_dom, devid);
2281 dma_dom->target_dev = devid;
2282
2283 attach_device(&dev->dev, &dma_dom->domain);
2284
2285 list_add_tail(&dma_dom->list, &iommu_pd_list);
2286 }
2287 }
2288
2289 static struct dma_map_ops amd_iommu_dma_ops = {
2290 .alloc_coherent = alloc_coherent,
2291 .free_coherent = free_coherent,
2292 .map_page = map_page,
2293 .unmap_page = unmap_page,
2294 .map_sg = map_sg,
2295 .unmap_sg = unmap_sg,
2296 .dma_supported = amd_iommu_dma_supported,
2297 };
2298
2299 /*
2300 * The function which clues the AMD IOMMU driver into dma_ops.
2301 */
2302
amd_iommu_init_api(void)2303 void __init amd_iommu_init_api(void)
2304 {
2305 register_iommu(&amd_iommu_ops);
2306 }
2307
amd_iommu_init_dma_ops(void)2308 int __init amd_iommu_init_dma_ops(void)
2309 {
2310 struct amd_iommu *iommu;
2311 int ret;
2312
2313 /*
2314 * first allocate a default protection domain for every IOMMU we
2315 * found in the system. Devices not assigned to any other
2316 * protection domain will be assigned to the default one.
2317 */
2318 for_each_iommu(iommu) {
2319 iommu->default_dom = dma_ops_domain_alloc();
2320 if (iommu->default_dom == NULL)
2321 return -ENOMEM;
2322 iommu->default_dom->domain.flags |= PD_DEFAULT_MASK;
2323 ret = iommu_init_unity_mappings(iommu);
2324 if (ret)
2325 goto free_domains;
2326 }
2327
2328 /*
2329 * Pre-allocate the protection domains for each device.
2330 */
2331 prealloc_protection_domains();
2332
2333 iommu_detected = 1;
2334 swiotlb = 0;
2335
2336 /* Make the driver finally visible to the drivers */
2337 dma_ops = &amd_iommu_dma_ops;
2338
2339 amd_iommu_stats_init();
2340
2341 return 0;
2342
2343 free_domains:
2344
2345 for_each_iommu(iommu) {
2346 if (iommu->default_dom)
2347 dma_ops_domain_free(iommu->default_dom);
2348 }
2349
2350 return ret;
2351 }
2352
2353 /*****************************************************************************
2354 *
2355 * The following functions belong to the exported interface of AMD IOMMU
2356 *
2357 * This interface allows access to lower level functions of the IOMMU
2358 * like protection domain handling and assignement of devices to domains
2359 * which is not possible with the dma_ops interface.
2360 *
2361 *****************************************************************************/
2362
cleanup_domain(struct protection_domain * domain)2363 static void cleanup_domain(struct protection_domain *domain)
2364 {
2365 struct iommu_dev_data *dev_data, *next;
2366 unsigned long flags;
2367
2368 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
2369
2370 list_for_each_entry_safe(dev_data, next, &domain->dev_list, list) {
2371 struct device *dev = dev_data->dev;
2372
2373 __detach_device(dev);
2374 atomic_set(&dev_data->bind, 0);
2375 }
2376
2377 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
2378 }
2379
protection_domain_free(struct protection_domain * domain)2380 static void protection_domain_free(struct protection_domain *domain)
2381 {
2382 if (!domain)
2383 return;
2384
2385 del_domain_from_list(domain);
2386
2387 if (domain->id)
2388 domain_id_free(domain->id);
2389
2390 kfree(domain);
2391 }
2392
protection_domain_alloc(void)2393 static struct protection_domain *protection_domain_alloc(void)
2394 {
2395 struct protection_domain *domain;
2396
2397 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
2398 if (!domain)
2399 return NULL;
2400
2401 spin_lock_init(&domain->lock);
2402 mutex_init(&domain->api_lock);
2403 domain->id = domain_id_alloc();
2404 if (!domain->id)
2405 goto out_err;
2406 INIT_LIST_HEAD(&domain->dev_list);
2407
2408 add_domain_to_list(domain);
2409
2410 return domain;
2411
2412 out_err:
2413 kfree(domain);
2414
2415 return NULL;
2416 }
2417
amd_iommu_domain_init(struct iommu_domain * dom)2418 static int amd_iommu_domain_init(struct iommu_domain *dom)
2419 {
2420 struct protection_domain *domain;
2421
2422 domain = protection_domain_alloc();
2423 if (!domain)
2424 goto out_free;
2425
2426 domain->mode = PAGE_MODE_3_LEVEL;
2427 domain->pt_root = (void *)get_zeroed_page(GFP_KERNEL);
2428 if (!domain->pt_root)
2429 goto out_free;
2430
2431 dom->priv = domain;
2432
2433 return 0;
2434
2435 out_free:
2436 protection_domain_free(domain);
2437
2438 return -ENOMEM;
2439 }
2440
amd_iommu_domain_destroy(struct iommu_domain * dom)2441 static void amd_iommu_domain_destroy(struct iommu_domain *dom)
2442 {
2443 struct protection_domain *domain = dom->priv;
2444
2445 if (!domain)
2446 return;
2447
2448 if (domain->dev_cnt > 0)
2449 cleanup_domain(domain);
2450
2451 BUG_ON(domain->dev_cnt != 0);
2452
2453 free_pagetable(domain);
2454
2455 protection_domain_free(domain);
2456
2457 dom->priv = NULL;
2458 }
2459
amd_iommu_detach_device(struct iommu_domain * dom,struct device * dev)2460 static void amd_iommu_detach_device(struct iommu_domain *dom,
2461 struct device *dev)
2462 {
2463 struct iommu_dev_data *dev_data = dev->archdata.iommu;
2464 struct amd_iommu *iommu;
2465 u16 devid;
2466
2467 if (!check_device(dev))
2468 return;
2469
2470 devid = get_device_id(dev);
2471
2472 if (dev_data->domain != NULL)
2473 detach_device(dev);
2474
2475 iommu = amd_iommu_rlookup_table[devid];
2476 if (!iommu)
2477 return;
2478
2479 iommu_flush_device(dev);
2480 iommu_completion_wait(iommu);
2481 }
2482
amd_iommu_attach_device(struct iommu_domain * dom,struct device * dev)2483 static int amd_iommu_attach_device(struct iommu_domain *dom,
2484 struct device *dev)
2485 {
2486 struct protection_domain *domain = dom->priv;
2487 struct iommu_dev_data *dev_data;
2488 struct amd_iommu *iommu;
2489 int ret;
2490 u16 devid;
2491
2492 if (!check_device(dev))
2493 return -EINVAL;
2494
2495 dev_data = dev->archdata.iommu;
2496
2497 devid = get_device_id(dev);
2498
2499 iommu = amd_iommu_rlookup_table[devid];
2500 if (!iommu)
2501 return -EINVAL;
2502
2503 if (dev_data->domain)
2504 detach_device(dev);
2505
2506 ret = attach_device(dev, domain);
2507
2508 iommu_completion_wait(iommu);
2509
2510 return ret;
2511 }
2512
amd_iommu_map(struct iommu_domain * dom,unsigned long iova,phys_addr_t paddr,int gfp_order,int iommu_prot)2513 static int amd_iommu_map(struct iommu_domain *dom, unsigned long iova,
2514 phys_addr_t paddr, int gfp_order, int iommu_prot)
2515 {
2516 unsigned long page_size = 0x1000UL << gfp_order;
2517 struct protection_domain *domain = dom->priv;
2518 int prot = 0;
2519 int ret;
2520
2521 if (iommu_prot & IOMMU_READ)
2522 prot |= IOMMU_PROT_IR;
2523 if (iommu_prot & IOMMU_WRITE)
2524 prot |= IOMMU_PROT_IW;
2525
2526 mutex_lock(&domain->api_lock);
2527 ret = iommu_map_page(domain, iova, paddr, prot, page_size);
2528 mutex_unlock(&domain->api_lock);
2529
2530 return ret;
2531 }
2532
amd_iommu_unmap(struct iommu_domain * dom,unsigned long iova,int gfp_order)2533 static int amd_iommu_unmap(struct iommu_domain *dom, unsigned long iova,
2534 int gfp_order)
2535 {
2536 struct protection_domain *domain = dom->priv;
2537 unsigned long page_size, unmap_size;
2538
2539 page_size = 0x1000UL << gfp_order;
2540
2541 mutex_lock(&domain->api_lock);
2542 unmap_size = iommu_unmap_page(domain, iova, page_size);
2543 mutex_unlock(&domain->api_lock);
2544
2545 iommu_flush_tlb_pde(domain);
2546
2547 return get_order(unmap_size);
2548 }
2549
amd_iommu_iova_to_phys(struct iommu_domain * dom,unsigned long iova)2550 static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom,
2551 unsigned long iova)
2552 {
2553 struct protection_domain *domain = dom->priv;
2554 unsigned long offset_mask;
2555 phys_addr_t paddr;
2556 u64 *pte, __pte;
2557
2558 pte = fetch_pte(domain, iova);
2559
2560 if (!pte || !IOMMU_PTE_PRESENT(*pte))
2561 return 0;
2562
2563 if (PM_PTE_LEVEL(*pte) == 0)
2564 offset_mask = PAGE_SIZE - 1;
2565 else
2566 offset_mask = PTE_PAGE_SIZE(*pte) - 1;
2567
2568 __pte = *pte & PM_ADDR_MASK;
2569 paddr = (__pte & ~offset_mask) | (iova & offset_mask);
2570
2571 return paddr;
2572 }
2573
amd_iommu_domain_has_cap(struct iommu_domain * domain,unsigned long cap)2574 static int amd_iommu_domain_has_cap(struct iommu_domain *domain,
2575 unsigned long cap)
2576 {
2577 switch (cap) {
2578 case IOMMU_CAP_CACHE_COHERENCY:
2579 return 1;
2580 }
2581
2582 return 0;
2583 }
2584
2585 static struct iommu_ops amd_iommu_ops = {
2586 .domain_init = amd_iommu_domain_init,
2587 .domain_destroy = amd_iommu_domain_destroy,
2588 .attach_dev = amd_iommu_attach_device,
2589 .detach_dev = amd_iommu_detach_device,
2590 .map = amd_iommu_map,
2591 .unmap = amd_iommu_unmap,
2592 .iova_to_phys = amd_iommu_iova_to_phys,
2593 .domain_has_cap = amd_iommu_domain_has_cap,
2594 };
2595
2596 /*****************************************************************************
2597 *
2598 * The next functions do a basic initialization of IOMMU for pass through
2599 * mode
2600 *
2601 * In passthrough mode the IOMMU is initialized and enabled but not used for
2602 * DMA-API translation.
2603 *
2604 *****************************************************************************/
2605
amd_iommu_init_passthrough(void)2606 int __init amd_iommu_init_passthrough(void)
2607 {
2608 struct amd_iommu *iommu;
2609 struct pci_dev *dev = NULL;
2610 u16 devid;
2611
2612 /* allocate passthrough domain */
2613 pt_domain = protection_domain_alloc();
2614 if (!pt_domain)
2615 return -ENOMEM;
2616
2617 pt_domain->mode |= PAGE_MODE_NONE;
2618
2619 for_each_pci_dev(dev) {
2620 if (!check_device(&dev->dev))
2621 continue;
2622
2623 devid = get_device_id(&dev->dev);
2624
2625 iommu = amd_iommu_rlookup_table[devid];
2626 if (!iommu)
2627 continue;
2628
2629 attach_device(&dev->dev, pt_domain);
2630 }
2631
2632 pr_info("AMD-Vi: Initialized for Passthrough Mode\n");
2633
2634 return 0;
2635 }
2636