Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
4 * Author: Joerg Roedel <jroedel@suse.de>
5 */
6
7#define pr_fmt(fmt) "iommu: " fmt
8
9#include <linux/amba/bus.h>
10#include <linux/device.h>
11#include <linux/kernel.h>
12#include <linux/bits.h>
13#include <linux/bug.h>
14#include <linux/types.h>
15#include <linux/init.h>
16#include <linux/export.h>
17#include <linux/slab.h>
18#include <linux/errno.h>
19#include <linux/host1x_context_bus.h>
20#include <linux/iommu.h>
21#include <linux/idr.h>
22#include <linux/err.h>
23#include <linux/pci.h>
24#include <linux/pci-ats.h>
25#include <linux/bitops.h>
26#include <linux/platform_device.h>
27#include <linux/property.h>
28#include <linux/fsl/mc.h>
29#include <linux/module.h>
30#include <linux/cc_platform.h>
31#include <trace/events/iommu.h>
32#include <linux/sched/mm.h>
33
34#include "dma-iommu.h"
35
36#include "iommu-sva.h"
37
38static struct kset *iommu_group_kset;
39static DEFINE_IDA(iommu_group_ida);
40
41static unsigned int iommu_def_domain_type __read_mostly;
42static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_STRICT);
43static u32 iommu_cmd_line __read_mostly;
44
45struct iommu_group {
46 struct kobject kobj;
47 struct kobject *devices_kobj;
48 struct list_head devices;
49 struct xarray pasid_array;
50 struct mutex mutex;
51 void *iommu_data;
52 void (*iommu_data_release)(void *iommu_data);
53 char *name;
54 int id;
55 struct iommu_domain *default_domain;
56 struct iommu_domain *blocking_domain;
57 struct iommu_domain *domain;
58 struct list_head entry;
59 unsigned int owner_cnt;
60 void *owner;
61};
62
63struct group_device {
64 struct list_head list;
65 struct device *dev;
66 char *name;
67};
68
69struct iommu_group_attribute {
70 struct attribute attr;
71 ssize_t (*show)(struct iommu_group *group, char *buf);
72 ssize_t (*store)(struct iommu_group *group,
73 const char *buf, size_t count);
74};
75
76static const char * const iommu_group_resv_type_string[] = {
77 [IOMMU_RESV_DIRECT] = "direct",
78 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable",
79 [IOMMU_RESV_RESERVED] = "reserved",
80 [IOMMU_RESV_MSI] = "msi",
81 [IOMMU_RESV_SW_MSI] = "msi",
82};
83
84#define IOMMU_CMD_LINE_DMA_API BIT(0)
85#define IOMMU_CMD_LINE_STRICT BIT(1)
86
87static int iommu_bus_notifier(struct notifier_block *nb,
88 unsigned long action, void *data);
89static int iommu_alloc_default_domain(struct iommu_group *group,
90 struct device *dev);
91static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
92 unsigned type);
93static int __iommu_attach_device(struct iommu_domain *domain,
94 struct device *dev);
95static int __iommu_attach_group(struct iommu_domain *domain,
96 struct iommu_group *group);
97static int __iommu_group_set_domain(struct iommu_group *group,
98 struct iommu_domain *new_domain);
99static int iommu_create_device_direct_mappings(struct iommu_group *group,
100 struct device *dev);
101static struct iommu_group *iommu_group_get_for_dev(struct device *dev);
102static ssize_t iommu_group_store_type(struct iommu_group *group,
103 const char *buf, size_t count);
104
105#define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \
106struct iommu_group_attribute iommu_group_attr_##_name = \
107 __ATTR(_name, _mode, _show, _store)
108
109#define to_iommu_group_attr(_attr) \
110 container_of(_attr, struct iommu_group_attribute, attr)
111#define to_iommu_group(_kobj) \
112 container_of(_kobj, struct iommu_group, kobj)
113
114static LIST_HEAD(iommu_device_list);
115static DEFINE_SPINLOCK(iommu_device_lock);
116
117static struct bus_type * const iommu_buses[] = {
118 &platform_bus_type,
119#ifdef CONFIG_PCI
120 &pci_bus_type,
121#endif
122#ifdef CONFIG_ARM_AMBA
123 &amba_bustype,
124#endif
125#ifdef CONFIG_FSL_MC_BUS
126 &fsl_mc_bus_type,
127#endif
128#ifdef CONFIG_TEGRA_HOST1X_CONTEXT_BUS
129 &host1x_context_device_bus_type,
130#endif
131};
132
133/*
134 * Use a function instead of an array here because the domain-type is a
135 * bit-field, so an array would waste memory.
136 */
137static const char *iommu_domain_type_str(unsigned int t)
138{
139 switch (t) {
140 case IOMMU_DOMAIN_BLOCKED:
141 return "Blocked";
142 case IOMMU_DOMAIN_IDENTITY:
143 return "Passthrough";
144 case IOMMU_DOMAIN_UNMANAGED:
145 return "Unmanaged";
146 case IOMMU_DOMAIN_DMA:
147 case IOMMU_DOMAIN_DMA_FQ:
148 return "Translated";
149 default:
150 return "Unknown";
151 }
152}
153
154static int __init iommu_subsys_init(void)
155{
156 struct notifier_block *nb;
157
158 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) {
159 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH))
160 iommu_set_default_passthrough(false);
161 else
162 iommu_set_default_translated(false);
163
164 if (iommu_default_passthrough() && cc_platform_has(CC_ATTR_MEM_ENCRYPT)) {
165 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n");
166 iommu_set_default_translated(false);
167 }
168 }
169
170 if (!iommu_default_passthrough() && !iommu_dma_strict)
171 iommu_def_domain_type = IOMMU_DOMAIN_DMA_FQ;
172
173 pr_info("Default domain type: %s %s\n",
174 iommu_domain_type_str(iommu_def_domain_type),
175 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ?
176 "(set via kernel command line)" : "");
177
178 if (!iommu_default_passthrough())
179 pr_info("DMA domain TLB invalidation policy: %s mode %s\n",
180 iommu_dma_strict ? "strict" : "lazy",
181 (iommu_cmd_line & IOMMU_CMD_LINE_STRICT) ?
182 "(set via kernel command line)" : "");
183
184 nb = kcalloc(ARRAY_SIZE(iommu_buses), sizeof(*nb), GFP_KERNEL);
185 if (!nb)
186 return -ENOMEM;
187
188 for (int i = 0; i < ARRAY_SIZE(iommu_buses); i++) {
189 nb[i].notifier_call = iommu_bus_notifier;
190 bus_register_notifier(iommu_buses[i], &nb[i]);
191 }
192
193 return 0;
194}
195subsys_initcall(iommu_subsys_init);
196
197static int remove_iommu_group(struct device *dev, void *data)
198{
199 if (dev->iommu && dev->iommu->iommu_dev == data)
200 iommu_release_device(dev);
201
202 return 0;
203}
204
205/**
206 * iommu_device_register() - Register an IOMMU hardware instance
207 * @iommu: IOMMU handle for the instance
208 * @ops: IOMMU ops to associate with the instance
209 * @hwdev: (optional) actual instance device, used for fwnode lookup
210 *
211 * Return: 0 on success, or an error.
212 */
213int iommu_device_register(struct iommu_device *iommu,
214 const struct iommu_ops *ops, struct device *hwdev)
215{
216 int err = 0;
217
218 /* We need to be able to take module references appropriately */
219 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner))
220 return -EINVAL;
221 /*
222 * Temporarily enforce global restriction to a single driver. This was
223 * already the de-facto behaviour, since any possible combination of
224 * existing drivers would compete for at least the PCI or platform bus.
225 */
226 if (iommu_buses[0]->iommu_ops && iommu_buses[0]->iommu_ops != ops)
227 return -EBUSY;
228
229 iommu->ops = ops;
230 if (hwdev)
231 iommu->fwnode = dev_fwnode(hwdev);
232
233 spin_lock(&iommu_device_lock);
234 list_add_tail(&iommu->list, &iommu_device_list);
235 spin_unlock(&iommu_device_lock);
236
237 for (int i = 0; i < ARRAY_SIZE(iommu_buses) && !err; i++) {
238 iommu_buses[i]->iommu_ops = ops;
239 err = bus_iommu_probe(iommu_buses[i]);
240 }
241 if (err)
242 iommu_device_unregister(iommu);
243 return err;
244}
245EXPORT_SYMBOL_GPL(iommu_device_register);
246
247void iommu_device_unregister(struct iommu_device *iommu)
248{
249 for (int i = 0; i < ARRAY_SIZE(iommu_buses); i++)
250 bus_for_each_dev(iommu_buses[i], NULL, iommu, remove_iommu_group);
251
252 spin_lock(&iommu_device_lock);
253 list_del(&iommu->list);
254 spin_unlock(&iommu_device_lock);
255}
256EXPORT_SYMBOL_GPL(iommu_device_unregister);
257
258static struct dev_iommu *dev_iommu_get(struct device *dev)
259{
260 struct dev_iommu *param = dev->iommu;
261
262 if (param)
263 return param;
264
265 param = kzalloc(sizeof(*param), GFP_KERNEL);
266 if (!param)
267 return NULL;
268
269 mutex_init(¶m->lock);
270 dev->iommu = param;
271 return param;
272}
273
274static void dev_iommu_free(struct device *dev)
275{
276 struct dev_iommu *param = dev->iommu;
277
278 dev->iommu = NULL;
279 if (param->fwspec) {
280 fwnode_handle_put(param->fwspec->iommu_fwnode);
281 kfree(param->fwspec);
282 }
283 kfree(param);
284}
285
286static u32 dev_iommu_get_max_pasids(struct device *dev)
287{
288 u32 max_pasids = 0, bits = 0;
289 int ret;
290
291 if (dev_is_pci(dev)) {
292 ret = pci_max_pasids(to_pci_dev(dev));
293 if (ret > 0)
294 max_pasids = ret;
295 } else {
296 ret = device_property_read_u32(dev, "pasid-num-bits", &bits);
297 if (!ret)
298 max_pasids = 1UL << bits;
299 }
300
301 return min_t(u32, max_pasids, dev->iommu->iommu_dev->max_pasids);
302}
303
304static int __iommu_probe_device(struct device *dev, struct list_head *group_list)
305{
306 const struct iommu_ops *ops = dev->bus->iommu_ops;
307 struct iommu_device *iommu_dev;
308 struct iommu_group *group;
309 static DEFINE_MUTEX(iommu_probe_device_lock);
310 int ret;
311
312 if (!ops)
313 return -ENODEV;
314 /*
315 * Serialise to avoid races between IOMMU drivers registering in
316 * parallel and/or the "replay" calls from ACPI/OF code via client
317 * driver probe. Once the latter have been cleaned up we should
318 * probably be able to use device_lock() here to minimise the scope,
319 * but for now enforcing a simple global ordering is fine.
320 */
321 mutex_lock(&iommu_probe_device_lock);
322 if (!dev_iommu_get(dev)) {
323 ret = -ENOMEM;
324 goto err_unlock;
325 }
326
327 if (!try_module_get(ops->owner)) {
328 ret = -EINVAL;
329 goto err_free;
330 }
331
332 iommu_dev = ops->probe_device(dev);
333 if (IS_ERR(iommu_dev)) {
334 ret = PTR_ERR(iommu_dev);
335 goto out_module_put;
336 }
337
338 dev->iommu->iommu_dev = iommu_dev;
339 dev->iommu->max_pasids = dev_iommu_get_max_pasids(dev);
340
341 group = iommu_group_get_for_dev(dev);
342 if (IS_ERR(group)) {
343 ret = PTR_ERR(group);
344 goto out_release;
345 }
346
347 mutex_lock(&group->mutex);
348 if (group_list && !group->default_domain && list_empty(&group->entry))
349 list_add_tail(&group->entry, group_list);
350 mutex_unlock(&group->mutex);
351 iommu_group_put(group);
352
353 mutex_unlock(&iommu_probe_device_lock);
354 iommu_device_link(iommu_dev, dev);
355
356 return 0;
357
358out_release:
359 if (ops->release_device)
360 ops->release_device(dev);
361
362out_module_put:
363 module_put(ops->owner);
364
365err_free:
366 dev_iommu_free(dev);
367
368err_unlock:
369 mutex_unlock(&iommu_probe_device_lock);
370
371 return ret;
372}
373
374int iommu_probe_device(struct device *dev)
375{
376 const struct iommu_ops *ops;
377 struct iommu_group *group;
378 int ret;
379
380 ret = __iommu_probe_device(dev, NULL);
381 if (ret)
382 goto err_out;
383
384 group = iommu_group_get(dev);
385 if (!group) {
386 ret = -ENODEV;
387 goto err_release;
388 }
389
390 /*
391 * Try to allocate a default domain - needs support from the
392 * IOMMU driver. There are still some drivers which don't
393 * support default domains, so the return value is not yet
394 * checked.
395 */
396 mutex_lock(&group->mutex);
397 iommu_alloc_default_domain(group, dev);
398
399 /*
400 * If device joined an existing group which has been claimed, don't
401 * attach the default domain.
402 */
403 if (group->default_domain && !group->owner) {
404 ret = __iommu_attach_device(group->default_domain, dev);
405 if (ret) {
406 mutex_unlock(&group->mutex);
407 iommu_group_put(group);
408 goto err_release;
409 }
410 }
411
412 iommu_create_device_direct_mappings(group, dev);
413
414 mutex_unlock(&group->mutex);
415 iommu_group_put(group);
416
417 ops = dev_iommu_ops(dev);
418 if (ops->probe_finalize)
419 ops->probe_finalize(dev);
420
421 return 0;
422
423err_release:
424 iommu_release_device(dev);
425
426err_out:
427 return ret;
428
429}
430
431void iommu_release_device(struct device *dev)
432{
433 const struct iommu_ops *ops;
434
435 if (!dev->iommu)
436 return;
437
438 iommu_device_unlink(dev->iommu->iommu_dev, dev);
439
440 ops = dev_iommu_ops(dev);
441 if (ops->release_device)
442 ops->release_device(dev);
443
444 iommu_group_remove_device(dev);
445 module_put(ops->owner);
446 dev_iommu_free(dev);
447}
448
449static int __init iommu_set_def_domain_type(char *str)
450{
451 bool pt;
452 int ret;
453
454 ret = kstrtobool(str, &pt);
455 if (ret)
456 return ret;
457
458 if (pt)
459 iommu_set_default_passthrough(true);
460 else
461 iommu_set_default_translated(true);
462
463 return 0;
464}
465early_param("iommu.passthrough", iommu_set_def_domain_type);
466
467static int __init iommu_dma_setup(char *str)
468{
469 int ret = kstrtobool(str, &iommu_dma_strict);
470
471 if (!ret)
472 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT;
473 return ret;
474}
475early_param("iommu.strict", iommu_dma_setup);
476
477void iommu_set_dma_strict(void)
478{
479 iommu_dma_strict = true;
480 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA_FQ)
481 iommu_def_domain_type = IOMMU_DOMAIN_DMA;
482}
483
484static ssize_t iommu_group_attr_show(struct kobject *kobj,
485 struct attribute *__attr, char *buf)
486{
487 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
488 struct iommu_group *group = to_iommu_group(kobj);
489 ssize_t ret = -EIO;
490
491 if (attr->show)
492 ret = attr->show(group, buf);
493 return ret;
494}
495
496static ssize_t iommu_group_attr_store(struct kobject *kobj,
497 struct attribute *__attr,
498 const char *buf, size_t count)
499{
500 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
501 struct iommu_group *group = to_iommu_group(kobj);
502 ssize_t ret = -EIO;
503
504 if (attr->store)
505 ret = attr->store(group, buf, count);
506 return ret;
507}
508
509static const struct sysfs_ops iommu_group_sysfs_ops = {
510 .show = iommu_group_attr_show,
511 .store = iommu_group_attr_store,
512};
513
514static int iommu_group_create_file(struct iommu_group *group,
515 struct iommu_group_attribute *attr)
516{
517 return sysfs_create_file(&group->kobj, &attr->attr);
518}
519
520static void iommu_group_remove_file(struct iommu_group *group,
521 struct iommu_group_attribute *attr)
522{
523 sysfs_remove_file(&group->kobj, &attr->attr);
524}
525
526static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf)
527{
528 return sprintf(buf, "%s\n", group->name);
529}
530
531/**
532 * iommu_insert_resv_region - Insert a new region in the
533 * list of reserved regions.
534 * @new: new region to insert
535 * @regions: list of regions
536 *
537 * Elements are sorted by start address and overlapping segments
538 * of the same type are merged.
539 */
540static int iommu_insert_resv_region(struct iommu_resv_region *new,
541 struct list_head *regions)
542{
543 struct iommu_resv_region *iter, *tmp, *nr, *top;
544 LIST_HEAD(stack);
545
546 nr = iommu_alloc_resv_region(new->start, new->length,
547 new->prot, new->type, GFP_KERNEL);
548 if (!nr)
549 return -ENOMEM;
550
551 /* First add the new element based on start address sorting */
552 list_for_each_entry(iter, regions, list) {
553 if (nr->start < iter->start ||
554 (nr->start == iter->start && nr->type <= iter->type))
555 break;
556 }
557 list_add_tail(&nr->list, &iter->list);
558
559 /* Merge overlapping segments of type nr->type in @regions, if any */
560 list_for_each_entry_safe(iter, tmp, regions, list) {
561 phys_addr_t top_end, iter_end = iter->start + iter->length - 1;
562
563 /* no merge needed on elements of different types than @new */
564 if (iter->type != new->type) {
565 list_move_tail(&iter->list, &stack);
566 continue;
567 }
568
569 /* look for the last stack element of same type as @iter */
570 list_for_each_entry_reverse(top, &stack, list)
571 if (top->type == iter->type)
572 goto check_overlap;
573
574 list_move_tail(&iter->list, &stack);
575 continue;
576
577check_overlap:
578 top_end = top->start + top->length - 1;
579
580 if (iter->start > top_end + 1) {
581 list_move_tail(&iter->list, &stack);
582 } else {
583 top->length = max(top_end, iter_end) - top->start + 1;
584 list_del(&iter->list);
585 kfree(iter);
586 }
587 }
588 list_splice(&stack, regions);
589 return 0;
590}
591
592static int
593iommu_insert_device_resv_regions(struct list_head *dev_resv_regions,
594 struct list_head *group_resv_regions)
595{
596 struct iommu_resv_region *entry;
597 int ret = 0;
598
599 list_for_each_entry(entry, dev_resv_regions, list) {
600 ret = iommu_insert_resv_region(entry, group_resv_regions);
601 if (ret)
602 break;
603 }
604 return ret;
605}
606
607int iommu_get_group_resv_regions(struct iommu_group *group,
608 struct list_head *head)
609{
610 struct group_device *device;
611 int ret = 0;
612
613 mutex_lock(&group->mutex);
614 list_for_each_entry(device, &group->devices, list) {
615 struct list_head dev_resv_regions;
616
617 /*
618 * Non-API groups still expose reserved_regions in sysfs,
619 * so filter out calls that get here that way.
620 */
621 if (!device->dev->iommu)
622 break;
623
624 INIT_LIST_HEAD(&dev_resv_regions);
625 iommu_get_resv_regions(device->dev, &dev_resv_regions);
626 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head);
627 iommu_put_resv_regions(device->dev, &dev_resv_regions);
628 if (ret)
629 break;
630 }
631 mutex_unlock(&group->mutex);
632 return ret;
633}
634EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions);
635
636static ssize_t iommu_group_show_resv_regions(struct iommu_group *group,
637 char *buf)
638{
639 struct iommu_resv_region *region, *next;
640 struct list_head group_resv_regions;
641 char *str = buf;
642
643 INIT_LIST_HEAD(&group_resv_regions);
644 iommu_get_group_resv_regions(group, &group_resv_regions);
645
646 list_for_each_entry_safe(region, next, &group_resv_regions, list) {
647 str += sprintf(str, "0x%016llx 0x%016llx %s\n",
648 (long long int)region->start,
649 (long long int)(region->start +
650 region->length - 1),
651 iommu_group_resv_type_string[region->type]);
652 kfree(region);
653 }
654
655 return (str - buf);
656}
657
658static ssize_t iommu_group_show_type(struct iommu_group *group,
659 char *buf)
660{
661 char *type = "unknown\n";
662
663 mutex_lock(&group->mutex);
664 if (group->default_domain) {
665 switch (group->default_domain->type) {
666 case IOMMU_DOMAIN_BLOCKED:
667 type = "blocked\n";
668 break;
669 case IOMMU_DOMAIN_IDENTITY:
670 type = "identity\n";
671 break;
672 case IOMMU_DOMAIN_UNMANAGED:
673 type = "unmanaged\n";
674 break;
675 case IOMMU_DOMAIN_DMA:
676 type = "DMA\n";
677 break;
678 case IOMMU_DOMAIN_DMA_FQ:
679 type = "DMA-FQ\n";
680 break;
681 }
682 }
683 mutex_unlock(&group->mutex);
684 strcpy(buf, type);
685
686 return strlen(type);
687}
688
689static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL);
690
691static IOMMU_GROUP_ATTR(reserved_regions, 0444,
692 iommu_group_show_resv_regions, NULL);
693
694static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type,
695 iommu_group_store_type);
696
697static void iommu_group_release(struct kobject *kobj)
698{
699 struct iommu_group *group = to_iommu_group(kobj);
700
701 pr_debug("Releasing group %d\n", group->id);
702
703 if (group->iommu_data_release)
704 group->iommu_data_release(group->iommu_data);
705
706 ida_free(&iommu_group_ida, group->id);
707
708 if (group->default_domain)
709 iommu_domain_free(group->default_domain);
710 if (group->blocking_domain)
711 iommu_domain_free(group->blocking_domain);
712
713 kfree(group->name);
714 kfree(group);
715}
716
717static struct kobj_type iommu_group_ktype = {
718 .sysfs_ops = &iommu_group_sysfs_ops,
719 .release = iommu_group_release,
720};
721
722/**
723 * iommu_group_alloc - Allocate a new group
724 *
725 * This function is called by an iommu driver to allocate a new iommu
726 * group. The iommu group represents the minimum granularity of the iommu.
727 * Upon successful return, the caller holds a reference to the supplied
728 * group in order to hold the group until devices are added. Use
729 * iommu_group_put() to release this extra reference count, allowing the
730 * group to be automatically reclaimed once it has no devices or external
731 * references.
732 */
733struct iommu_group *iommu_group_alloc(void)
734{
735 struct iommu_group *group;
736 int ret;
737
738 group = kzalloc(sizeof(*group), GFP_KERNEL);
739 if (!group)
740 return ERR_PTR(-ENOMEM);
741
742 group->kobj.kset = iommu_group_kset;
743 mutex_init(&group->mutex);
744 INIT_LIST_HEAD(&group->devices);
745 INIT_LIST_HEAD(&group->entry);
746 xa_init(&group->pasid_array);
747
748 ret = ida_alloc(&iommu_group_ida, GFP_KERNEL);
749 if (ret < 0) {
750 kfree(group);
751 return ERR_PTR(ret);
752 }
753 group->id = ret;
754
755 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype,
756 NULL, "%d", group->id);
757 if (ret) {
758 kobject_put(&group->kobj);
759 return ERR_PTR(ret);
760 }
761
762 group->devices_kobj = kobject_create_and_add("devices", &group->kobj);
763 if (!group->devices_kobj) {
764 kobject_put(&group->kobj); /* triggers .release & free */
765 return ERR_PTR(-ENOMEM);
766 }
767
768 /*
769 * The devices_kobj holds a reference on the group kobject, so
770 * as long as that exists so will the group. We can therefore
771 * use the devices_kobj for reference counting.
772 */
773 kobject_put(&group->kobj);
774
775 ret = iommu_group_create_file(group,
776 &iommu_group_attr_reserved_regions);
777 if (ret)
778 return ERR_PTR(ret);
779
780 ret = iommu_group_create_file(group, &iommu_group_attr_type);
781 if (ret)
782 return ERR_PTR(ret);
783
784 pr_debug("Allocated group %d\n", group->id);
785
786 return group;
787}
788EXPORT_SYMBOL_GPL(iommu_group_alloc);
789
790struct iommu_group *iommu_group_get_by_id(int id)
791{
792 struct kobject *group_kobj;
793 struct iommu_group *group;
794 const char *name;
795
796 if (!iommu_group_kset)
797 return NULL;
798
799 name = kasprintf(GFP_KERNEL, "%d", id);
800 if (!name)
801 return NULL;
802
803 group_kobj = kset_find_obj(iommu_group_kset, name);
804 kfree(name);
805
806 if (!group_kobj)
807 return NULL;
808
809 group = container_of(group_kobj, struct iommu_group, kobj);
810 BUG_ON(group->id != id);
811
812 kobject_get(group->devices_kobj);
813 kobject_put(&group->kobj);
814
815 return group;
816}
817EXPORT_SYMBOL_GPL(iommu_group_get_by_id);
818
819/**
820 * iommu_group_get_iommudata - retrieve iommu_data registered for a group
821 * @group: the group
822 *
823 * iommu drivers can store data in the group for use when doing iommu
824 * operations. This function provides a way to retrieve it. Caller
825 * should hold a group reference.
826 */
827void *iommu_group_get_iommudata(struct iommu_group *group)
828{
829 return group->iommu_data;
830}
831EXPORT_SYMBOL_GPL(iommu_group_get_iommudata);
832
833/**
834 * iommu_group_set_iommudata - set iommu_data for a group
835 * @group: the group
836 * @iommu_data: new data
837 * @release: release function for iommu_data
838 *
839 * iommu drivers can store data in the group for use when doing iommu
840 * operations. This function provides a way to set the data after
841 * the group has been allocated. Caller should hold a group reference.
842 */
843void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data,
844 void (*release)(void *iommu_data))
845{
846 group->iommu_data = iommu_data;
847 group->iommu_data_release = release;
848}
849EXPORT_SYMBOL_GPL(iommu_group_set_iommudata);
850
851/**
852 * iommu_group_set_name - set name for a group
853 * @group: the group
854 * @name: name
855 *
856 * Allow iommu driver to set a name for a group. When set it will
857 * appear in a name attribute file under the group in sysfs.
858 */
859int iommu_group_set_name(struct iommu_group *group, const char *name)
860{
861 int ret;
862
863 if (group->name) {
864 iommu_group_remove_file(group, &iommu_group_attr_name);
865 kfree(group->name);
866 group->name = NULL;
867 if (!name)
868 return 0;
869 }
870
871 group->name = kstrdup(name, GFP_KERNEL);
872 if (!group->name)
873 return -ENOMEM;
874
875 ret = iommu_group_create_file(group, &iommu_group_attr_name);
876 if (ret) {
877 kfree(group->name);
878 group->name = NULL;
879 return ret;
880 }
881
882 return 0;
883}
884EXPORT_SYMBOL_GPL(iommu_group_set_name);
885
886static int iommu_create_device_direct_mappings(struct iommu_group *group,
887 struct device *dev)
888{
889 struct iommu_domain *domain = group->default_domain;
890 struct iommu_resv_region *entry;
891 struct list_head mappings;
892 unsigned long pg_size;
893 int ret = 0;
894
895 if (!domain || !iommu_is_dma_domain(domain))
896 return 0;
897
898 BUG_ON(!domain->pgsize_bitmap);
899
900 pg_size = 1UL << __ffs(domain->pgsize_bitmap);
901 INIT_LIST_HEAD(&mappings);
902
903 iommu_get_resv_regions(dev, &mappings);
904
905 /* We need to consider overlapping regions for different devices */
906 list_for_each_entry(entry, &mappings, list) {
907 dma_addr_t start, end, addr;
908 size_t map_size = 0;
909
910 start = ALIGN(entry->start, pg_size);
911 end = ALIGN(entry->start + entry->length, pg_size);
912
913 if (entry->type != IOMMU_RESV_DIRECT &&
914 entry->type != IOMMU_RESV_DIRECT_RELAXABLE)
915 continue;
916
917 for (addr = start; addr <= end; addr += pg_size) {
918 phys_addr_t phys_addr;
919
920 if (addr == end)
921 goto map_end;
922
923 phys_addr = iommu_iova_to_phys(domain, addr);
924 if (!phys_addr) {
925 map_size += pg_size;
926 continue;
927 }
928
929map_end:
930 if (map_size) {
931 ret = iommu_map(domain, addr - map_size,
932 addr - map_size, map_size,
933 entry->prot);
934 if (ret)
935 goto out;
936 map_size = 0;
937 }
938 }
939
940 }
941
942 iommu_flush_iotlb_all(domain);
943
944out:
945 iommu_put_resv_regions(dev, &mappings);
946
947 return ret;
948}
949
950static bool iommu_is_attach_deferred(struct device *dev)
951{
952 const struct iommu_ops *ops = dev_iommu_ops(dev);
953
954 if (ops->is_attach_deferred)
955 return ops->is_attach_deferred(dev);
956
957 return false;
958}
959
960/**
961 * iommu_group_add_device - add a device to an iommu group
962 * @group: the group into which to add the device (reference should be held)
963 * @dev: the device
964 *
965 * This function is called by an iommu driver to add a device into a
966 * group. Adding a device increments the group reference count.
967 */
968int iommu_group_add_device(struct iommu_group *group, struct device *dev)
969{
970 int ret, i = 0;
971 struct group_device *device;
972
973 device = kzalloc(sizeof(*device), GFP_KERNEL);
974 if (!device)
975 return -ENOMEM;
976
977 device->dev = dev;
978
979 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group");
980 if (ret)
981 goto err_free_device;
982
983 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj));
984rename:
985 if (!device->name) {
986 ret = -ENOMEM;
987 goto err_remove_link;
988 }
989
990 ret = sysfs_create_link_nowarn(group->devices_kobj,
991 &dev->kobj, device->name);
992 if (ret) {
993 if (ret == -EEXIST && i >= 0) {
994 /*
995 * Account for the slim chance of collision
996 * and append an instance to the name.
997 */
998 kfree(device->name);
999 device->name = kasprintf(GFP_KERNEL, "%s.%d",
1000 kobject_name(&dev->kobj), i++);
1001 goto rename;
1002 }
1003 goto err_free_name;
1004 }
1005
1006 kobject_get(group->devices_kobj);
1007
1008 dev->iommu_group = group;
1009
1010 mutex_lock(&group->mutex);
1011 list_add_tail(&device->list, &group->devices);
1012 if (group->domain && !iommu_is_attach_deferred(dev))
1013 ret = __iommu_attach_device(group->domain, dev);
1014 mutex_unlock(&group->mutex);
1015 if (ret)
1016 goto err_put_group;
1017
1018 trace_add_device_to_group(group->id, dev);
1019
1020 dev_info(dev, "Adding to iommu group %d\n", group->id);
1021
1022 return 0;
1023
1024err_put_group:
1025 mutex_lock(&group->mutex);
1026 list_del(&device->list);
1027 mutex_unlock(&group->mutex);
1028 dev->iommu_group = NULL;
1029 kobject_put(group->devices_kobj);
1030 sysfs_remove_link(group->devices_kobj, device->name);
1031err_free_name:
1032 kfree(device->name);
1033err_remove_link:
1034 sysfs_remove_link(&dev->kobj, "iommu_group");
1035err_free_device:
1036 kfree(device);
1037 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret);
1038 return ret;
1039}
1040EXPORT_SYMBOL_GPL(iommu_group_add_device);
1041
1042/**
1043 * iommu_group_remove_device - remove a device from it's current group
1044 * @dev: device to be removed
1045 *
1046 * This function is called by an iommu driver to remove the device from
1047 * it's current group. This decrements the iommu group reference count.
1048 */
1049void iommu_group_remove_device(struct device *dev)
1050{
1051 struct iommu_group *group = dev->iommu_group;
1052 struct group_device *tmp_device, *device = NULL;
1053
1054 if (!group)
1055 return;
1056
1057 dev_info(dev, "Removing from iommu group %d\n", group->id);
1058
1059 mutex_lock(&group->mutex);
1060 list_for_each_entry(tmp_device, &group->devices, list) {
1061 if (tmp_device->dev == dev) {
1062 device = tmp_device;
1063 list_del(&device->list);
1064 break;
1065 }
1066 }
1067 mutex_unlock(&group->mutex);
1068
1069 if (!device)
1070 return;
1071
1072 sysfs_remove_link(group->devices_kobj, device->name);
1073 sysfs_remove_link(&dev->kobj, "iommu_group");
1074
1075 trace_remove_device_from_group(group->id, dev);
1076
1077 kfree(device->name);
1078 kfree(device);
1079 dev->iommu_group = NULL;
1080 kobject_put(group->devices_kobj);
1081}
1082EXPORT_SYMBOL_GPL(iommu_group_remove_device);
1083
1084static int iommu_group_device_count(struct iommu_group *group)
1085{
1086 struct group_device *entry;
1087 int ret = 0;
1088
1089 list_for_each_entry(entry, &group->devices, list)
1090 ret++;
1091
1092 return ret;
1093}
1094
1095static int __iommu_group_for_each_dev(struct iommu_group *group, void *data,
1096 int (*fn)(struct device *, void *))
1097{
1098 struct group_device *device;
1099 int ret = 0;
1100
1101 list_for_each_entry(device, &group->devices, list) {
1102 ret = fn(device->dev, data);
1103 if (ret)
1104 break;
1105 }
1106 return ret;
1107}
1108
1109/**
1110 * iommu_group_for_each_dev - iterate over each device in the group
1111 * @group: the group
1112 * @data: caller opaque data to be passed to callback function
1113 * @fn: caller supplied callback function
1114 *
1115 * This function is called by group users to iterate over group devices.
1116 * Callers should hold a reference count to the group during callback.
1117 * The group->mutex is held across callbacks, which will block calls to
1118 * iommu_group_add/remove_device.
1119 */
1120int iommu_group_for_each_dev(struct iommu_group *group, void *data,
1121 int (*fn)(struct device *, void *))
1122{
1123 int ret;
1124
1125 mutex_lock(&group->mutex);
1126 ret = __iommu_group_for_each_dev(group, data, fn);
1127 mutex_unlock(&group->mutex);
1128
1129 return ret;
1130}
1131EXPORT_SYMBOL_GPL(iommu_group_for_each_dev);
1132
1133/**
1134 * iommu_group_get - Return the group for a device and increment reference
1135 * @dev: get the group that this device belongs to
1136 *
1137 * This function is called by iommu drivers and users to get the group
1138 * for the specified device. If found, the group is returned and the group
1139 * reference in incremented, else NULL.
1140 */
1141struct iommu_group *iommu_group_get(struct device *dev)
1142{
1143 struct iommu_group *group = dev->iommu_group;
1144
1145 if (group)
1146 kobject_get(group->devices_kobj);
1147
1148 return group;
1149}
1150EXPORT_SYMBOL_GPL(iommu_group_get);
1151
1152/**
1153 * iommu_group_ref_get - Increment reference on a group
1154 * @group: the group to use, must not be NULL
1155 *
1156 * This function is called by iommu drivers to take additional references on an
1157 * existing group. Returns the given group for convenience.
1158 */
1159struct iommu_group *iommu_group_ref_get(struct iommu_group *group)
1160{
1161 kobject_get(group->devices_kobj);
1162 return group;
1163}
1164EXPORT_SYMBOL_GPL(iommu_group_ref_get);
1165
1166/**
1167 * iommu_group_put - Decrement group reference
1168 * @group: the group to use
1169 *
1170 * This function is called by iommu drivers and users to release the
1171 * iommu group. Once the reference count is zero, the group is released.
1172 */
1173void iommu_group_put(struct iommu_group *group)
1174{
1175 if (group)
1176 kobject_put(group->devices_kobj);
1177}
1178EXPORT_SYMBOL_GPL(iommu_group_put);
1179
1180/**
1181 * iommu_register_device_fault_handler() - Register a device fault handler
1182 * @dev: the device
1183 * @handler: the fault handler
1184 * @data: private data passed as argument to the handler
1185 *
1186 * When an IOMMU fault event is received, this handler gets called with the
1187 * fault event and data as argument. The handler should return 0 on success. If
1188 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also
1189 * complete the fault by calling iommu_page_response() with one of the following
1190 * response code:
1191 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation
1192 * - IOMMU_PAGE_RESP_INVALID: terminate the fault
1193 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting
1194 * page faults if possible.
1195 *
1196 * Return 0 if the fault handler was installed successfully, or an error.
1197 */
1198int iommu_register_device_fault_handler(struct device *dev,
1199 iommu_dev_fault_handler_t handler,
1200 void *data)
1201{
1202 struct dev_iommu *param = dev->iommu;
1203 int ret = 0;
1204
1205 if (!param)
1206 return -EINVAL;
1207
1208 mutex_lock(¶m->lock);
1209 /* Only allow one fault handler registered for each device */
1210 if (param->fault_param) {
1211 ret = -EBUSY;
1212 goto done_unlock;
1213 }
1214
1215 get_device(dev);
1216 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL);
1217 if (!param->fault_param) {
1218 put_device(dev);
1219 ret = -ENOMEM;
1220 goto done_unlock;
1221 }
1222 param->fault_param->handler = handler;
1223 param->fault_param->data = data;
1224 mutex_init(¶m->fault_param->lock);
1225 INIT_LIST_HEAD(¶m->fault_param->faults);
1226
1227done_unlock:
1228 mutex_unlock(¶m->lock);
1229
1230 return ret;
1231}
1232EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler);
1233
1234/**
1235 * iommu_unregister_device_fault_handler() - Unregister the device fault handler
1236 * @dev: the device
1237 *
1238 * Remove the device fault handler installed with
1239 * iommu_register_device_fault_handler().
1240 *
1241 * Return 0 on success, or an error.
1242 */
1243int iommu_unregister_device_fault_handler(struct device *dev)
1244{
1245 struct dev_iommu *param = dev->iommu;
1246 int ret = 0;
1247
1248 if (!param)
1249 return -EINVAL;
1250
1251 mutex_lock(¶m->lock);
1252
1253 if (!param->fault_param)
1254 goto unlock;
1255
1256 /* we cannot unregister handler if there are pending faults */
1257 if (!list_empty(¶m->fault_param->faults)) {
1258 ret = -EBUSY;
1259 goto unlock;
1260 }
1261
1262 kfree(param->fault_param);
1263 param->fault_param = NULL;
1264 put_device(dev);
1265unlock:
1266 mutex_unlock(¶m->lock);
1267
1268 return ret;
1269}
1270EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler);
1271
1272/**
1273 * iommu_report_device_fault() - Report fault event to device driver
1274 * @dev: the device
1275 * @evt: fault event data
1276 *
1277 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ
1278 * handler. When this function fails and the fault is recoverable, it is the
1279 * caller's responsibility to complete the fault.
1280 *
1281 * Return 0 on success, or an error.
1282 */
1283int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt)
1284{
1285 struct dev_iommu *param = dev->iommu;
1286 struct iommu_fault_event *evt_pending = NULL;
1287 struct iommu_fault_param *fparam;
1288 int ret = 0;
1289
1290 if (!param || !evt)
1291 return -EINVAL;
1292
1293 /* we only report device fault if there is a handler registered */
1294 mutex_lock(¶m->lock);
1295 fparam = param->fault_param;
1296 if (!fparam || !fparam->handler) {
1297 ret = -EINVAL;
1298 goto done_unlock;
1299 }
1300
1301 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ &&
1302 (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) {
1303 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event),
1304 GFP_KERNEL);
1305 if (!evt_pending) {
1306 ret = -ENOMEM;
1307 goto done_unlock;
1308 }
1309 mutex_lock(&fparam->lock);
1310 list_add_tail(&evt_pending->list, &fparam->faults);
1311 mutex_unlock(&fparam->lock);
1312 }
1313
1314 ret = fparam->handler(&evt->fault, fparam->data);
1315 if (ret && evt_pending) {
1316 mutex_lock(&fparam->lock);
1317 list_del(&evt_pending->list);
1318 mutex_unlock(&fparam->lock);
1319 kfree(evt_pending);
1320 }
1321done_unlock:
1322 mutex_unlock(¶m->lock);
1323 return ret;
1324}
1325EXPORT_SYMBOL_GPL(iommu_report_device_fault);
1326
1327int iommu_page_response(struct device *dev,
1328 struct iommu_page_response *msg)
1329{
1330 bool needs_pasid;
1331 int ret = -EINVAL;
1332 struct iommu_fault_event *evt;
1333 struct iommu_fault_page_request *prm;
1334 struct dev_iommu *param = dev->iommu;
1335 const struct iommu_ops *ops = dev_iommu_ops(dev);
1336 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID;
1337
1338 if (!ops->page_response)
1339 return -ENODEV;
1340
1341 if (!param || !param->fault_param)
1342 return -EINVAL;
1343
1344 if (msg->version != IOMMU_PAGE_RESP_VERSION_1 ||
1345 msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID)
1346 return -EINVAL;
1347
1348 /* Only send response if there is a fault report pending */
1349 mutex_lock(¶m->fault_param->lock);
1350 if (list_empty(¶m->fault_param->faults)) {
1351 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n");
1352 goto done_unlock;
1353 }
1354 /*
1355 * Check if we have a matching page request pending to respond,
1356 * otherwise return -EINVAL
1357 */
1358 list_for_each_entry(evt, ¶m->fault_param->faults, list) {
1359 prm = &evt->fault.prm;
1360 if (prm->grpid != msg->grpid)
1361 continue;
1362
1363 /*
1364 * If the PASID is required, the corresponding request is
1365 * matched using the group ID, the PASID valid bit and the PASID
1366 * value. Otherwise only the group ID matches request and
1367 * response.
1368 */
1369 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID;
1370 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid))
1371 continue;
1372
1373 if (!needs_pasid && has_pasid) {
1374 /* No big deal, just clear it. */
1375 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID;
1376 msg->pasid = 0;
1377 }
1378
1379 ret = ops->page_response(dev, evt, msg);
1380 list_del(&evt->list);
1381 kfree(evt);
1382 break;
1383 }
1384
1385done_unlock:
1386 mutex_unlock(¶m->fault_param->lock);
1387 return ret;
1388}
1389EXPORT_SYMBOL_GPL(iommu_page_response);
1390
1391/**
1392 * iommu_group_id - Return ID for a group
1393 * @group: the group to ID
1394 *
1395 * Return the unique ID for the group matching the sysfs group number.
1396 */
1397int iommu_group_id(struct iommu_group *group)
1398{
1399 return group->id;
1400}
1401EXPORT_SYMBOL_GPL(iommu_group_id);
1402
1403static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1404 unsigned long *devfns);
1405
1406/*
1407 * To consider a PCI device isolated, we require ACS to support Source
1408 * Validation, Request Redirection, Completer Redirection, and Upstream
1409 * Forwarding. This effectively means that devices cannot spoof their
1410 * requester ID, requests and completions cannot be redirected, and all
1411 * transactions are forwarded upstream, even as it passes through a
1412 * bridge where the target device is downstream.
1413 */
1414#define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
1415
1416/*
1417 * For multifunction devices which are not isolated from each other, find
1418 * all the other non-isolated functions and look for existing groups. For
1419 * each function, we also need to look for aliases to or from other devices
1420 * that may already have a group.
1421 */
1422static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev,
1423 unsigned long *devfns)
1424{
1425 struct pci_dev *tmp = NULL;
1426 struct iommu_group *group;
1427
1428 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS))
1429 return NULL;
1430
1431 for_each_pci_dev(tmp) {
1432 if (tmp == pdev || tmp->bus != pdev->bus ||
1433 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
1434 pci_acs_enabled(tmp, REQ_ACS_FLAGS))
1435 continue;
1436
1437 group = get_pci_alias_group(tmp, devfns);
1438 if (group) {
1439 pci_dev_put(tmp);
1440 return group;
1441 }
1442 }
1443
1444 return NULL;
1445}
1446
1447/*
1448 * Look for aliases to or from the given device for existing groups. DMA
1449 * aliases are only supported on the same bus, therefore the search
1450 * space is quite small (especially since we're really only looking at pcie
1451 * device, and therefore only expect multiple slots on the root complex or
1452 * downstream switch ports). It's conceivable though that a pair of
1453 * multifunction devices could have aliases between them that would cause a
1454 * loop. To prevent this, we use a bitmap to track where we've been.
1455 */
1456static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1457 unsigned long *devfns)
1458{
1459 struct pci_dev *tmp = NULL;
1460 struct iommu_group *group;
1461
1462 if (test_and_set_bit(pdev->devfn & 0xff, devfns))
1463 return NULL;
1464
1465 group = iommu_group_get(&pdev->dev);
1466 if (group)
1467 return group;
1468
1469 for_each_pci_dev(tmp) {
1470 if (tmp == pdev || tmp->bus != pdev->bus)
1471 continue;
1472
1473 /* We alias them or they alias us */
1474 if (pci_devs_are_dma_aliases(pdev, tmp)) {
1475 group = get_pci_alias_group(tmp, devfns);
1476 if (group) {
1477 pci_dev_put(tmp);
1478 return group;
1479 }
1480
1481 group = get_pci_function_alias_group(tmp, devfns);
1482 if (group) {
1483 pci_dev_put(tmp);
1484 return group;
1485 }
1486 }
1487 }
1488
1489 return NULL;
1490}
1491
1492struct group_for_pci_data {
1493 struct pci_dev *pdev;
1494 struct iommu_group *group;
1495};
1496
1497/*
1498 * DMA alias iterator callback, return the last seen device. Stop and return
1499 * the IOMMU group if we find one along the way.
1500 */
1501static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque)
1502{
1503 struct group_for_pci_data *data = opaque;
1504
1505 data->pdev = pdev;
1506 data->group = iommu_group_get(&pdev->dev);
1507
1508 return data->group != NULL;
1509}
1510
1511/*
1512 * Generic device_group call-back function. It just allocates one
1513 * iommu-group per device.
1514 */
1515struct iommu_group *generic_device_group(struct device *dev)
1516{
1517 return iommu_group_alloc();
1518}
1519EXPORT_SYMBOL_GPL(generic_device_group);
1520
1521/*
1522 * Use standard PCI bus topology, isolation features, and DMA alias quirks
1523 * to find or create an IOMMU group for a device.
1524 */
1525struct iommu_group *pci_device_group(struct device *dev)
1526{
1527 struct pci_dev *pdev = to_pci_dev(dev);
1528 struct group_for_pci_data data;
1529 struct pci_bus *bus;
1530 struct iommu_group *group = NULL;
1531 u64 devfns[4] = { 0 };
1532
1533 if (WARN_ON(!dev_is_pci(dev)))
1534 return ERR_PTR(-EINVAL);
1535
1536 /*
1537 * Find the upstream DMA alias for the device. A device must not
1538 * be aliased due to topology in order to have its own IOMMU group.
1539 * If we find an alias along the way that already belongs to a
1540 * group, use it.
1541 */
1542 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data))
1543 return data.group;
1544
1545 pdev = data.pdev;
1546
1547 /*
1548 * Continue upstream from the point of minimum IOMMU granularity
1549 * due to aliases to the point where devices are protected from
1550 * peer-to-peer DMA by PCI ACS. Again, if we find an existing
1551 * group, use it.
1552 */
1553 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) {
1554 if (!bus->self)
1555 continue;
1556
1557 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS))
1558 break;
1559
1560 pdev = bus->self;
1561
1562 group = iommu_group_get(&pdev->dev);
1563 if (group)
1564 return group;
1565 }
1566
1567 /*
1568 * Look for existing groups on device aliases. If we alias another
1569 * device or another device aliases us, use the same group.
1570 */
1571 group = get_pci_alias_group(pdev, (unsigned long *)devfns);
1572 if (group)
1573 return group;
1574
1575 /*
1576 * Look for existing groups on non-isolated functions on the same
1577 * slot and aliases of those funcions, if any. No need to clear
1578 * the search bitmap, the tested devfns are still valid.
1579 */
1580 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns);
1581 if (group)
1582 return group;
1583
1584 /* No shared group found, allocate new */
1585 return iommu_group_alloc();
1586}
1587EXPORT_SYMBOL_GPL(pci_device_group);
1588
1589/* Get the IOMMU group for device on fsl-mc bus */
1590struct iommu_group *fsl_mc_device_group(struct device *dev)
1591{
1592 struct device *cont_dev = fsl_mc_cont_dev(dev);
1593 struct iommu_group *group;
1594
1595 group = iommu_group_get(cont_dev);
1596 if (!group)
1597 group = iommu_group_alloc();
1598 return group;
1599}
1600EXPORT_SYMBOL_GPL(fsl_mc_device_group);
1601
1602static int iommu_get_def_domain_type(struct device *dev)
1603{
1604 const struct iommu_ops *ops = dev_iommu_ops(dev);
1605
1606 if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted)
1607 return IOMMU_DOMAIN_DMA;
1608
1609 if (ops->def_domain_type)
1610 return ops->def_domain_type(dev);
1611
1612 return 0;
1613}
1614
1615static int iommu_group_alloc_default_domain(struct bus_type *bus,
1616 struct iommu_group *group,
1617 unsigned int type)
1618{
1619 struct iommu_domain *dom;
1620
1621 dom = __iommu_domain_alloc(bus, type);
1622 if (!dom && type != IOMMU_DOMAIN_DMA) {
1623 dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA);
1624 if (dom)
1625 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA",
1626 type, group->name);
1627 }
1628
1629 if (!dom)
1630 return -ENOMEM;
1631
1632 group->default_domain = dom;
1633 if (!group->domain)
1634 group->domain = dom;
1635 return 0;
1636}
1637
1638static int iommu_alloc_default_domain(struct iommu_group *group,
1639 struct device *dev)
1640{
1641 unsigned int type;
1642
1643 if (group->default_domain)
1644 return 0;
1645
1646 type = iommu_get_def_domain_type(dev) ? : iommu_def_domain_type;
1647
1648 return iommu_group_alloc_default_domain(dev->bus, group, type);
1649}
1650
1651/**
1652 * iommu_group_get_for_dev - Find or create the IOMMU group for a device
1653 * @dev: target device
1654 *
1655 * This function is intended to be called by IOMMU drivers and extended to
1656 * support common, bus-defined algorithms when determining or creating the
1657 * IOMMU group for a device. On success, the caller will hold a reference
1658 * to the returned IOMMU group, which will already include the provided
1659 * device. The reference should be released with iommu_group_put().
1660 */
1661static struct iommu_group *iommu_group_get_for_dev(struct device *dev)
1662{
1663 const struct iommu_ops *ops = dev_iommu_ops(dev);
1664 struct iommu_group *group;
1665 int ret;
1666
1667 group = iommu_group_get(dev);
1668 if (group)
1669 return group;
1670
1671 group = ops->device_group(dev);
1672 if (WARN_ON_ONCE(group == NULL))
1673 return ERR_PTR(-EINVAL);
1674
1675 if (IS_ERR(group))
1676 return group;
1677
1678 ret = iommu_group_add_device(group, dev);
1679 if (ret)
1680 goto out_put_group;
1681
1682 return group;
1683
1684out_put_group:
1685 iommu_group_put(group);
1686
1687 return ERR_PTR(ret);
1688}
1689
1690struct iommu_domain *iommu_group_default_domain(struct iommu_group *group)
1691{
1692 return group->default_domain;
1693}
1694
1695static int probe_iommu_group(struct device *dev, void *data)
1696{
1697 struct list_head *group_list = data;
1698 struct iommu_group *group;
1699 int ret;
1700
1701 /* Device is probed already if in a group */
1702 group = iommu_group_get(dev);
1703 if (group) {
1704 iommu_group_put(group);
1705 return 0;
1706 }
1707
1708 ret = __iommu_probe_device(dev, group_list);
1709 if (ret == -ENODEV)
1710 ret = 0;
1711
1712 return ret;
1713}
1714
1715static int iommu_bus_notifier(struct notifier_block *nb,
1716 unsigned long action, void *data)
1717{
1718 struct device *dev = data;
1719
1720 if (action == BUS_NOTIFY_ADD_DEVICE) {
1721 int ret;
1722
1723 ret = iommu_probe_device(dev);
1724 return (ret) ? NOTIFY_DONE : NOTIFY_OK;
1725 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) {
1726 iommu_release_device(dev);
1727 return NOTIFY_OK;
1728 }
1729
1730 return 0;
1731}
1732
1733struct __group_domain_type {
1734 struct device *dev;
1735 unsigned int type;
1736};
1737
1738static int probe_get_default_domain_type(struct device *dev, void *data)
1739{
1740 struct __group_domain_type *gtype = data;
1741 unsigned int type = iommu_get_def_domain_type(dev);
1742
1743 if (type) {
1744 if (gtype->type && gtype->type != type) {
1745 dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n",
1746 iommu_domain_type_str(type),
1747 dev_name(gtype->dev),
1748 iommu_domain_type_str(gtype->type));
1749 gtype->type = 0;
1750 }
1751
1752 if (!gtype->dev) {
1753 gtype->dev = dev;
1754 gtype->type = type;
1755 }
1756 }
1757
1758 return 0;
1759}
1760
1761static void probe_alloc_default_domain(struct bus_type *bus,
1762 struct iommu_group *group)
1763{
1764 struct __group_domain_type gtype;
1765
1766 memset(>ype, 0, sizeof(gtype));
1767
1768 /* Ask for default domain requirements of all devices in the group */
1769 __iommu_group_for_each_dev(group, >ype,
1770 probe_get_default_domain_type);
1771
1772 if (!gtype.type)
1773 gtype.type = iommu_def_domain_type;
1774
1775 iommu_group_alloc_default_domain(bus, group, gtype.type);
1776
1777}
1778
1779static int iommu_group_do_dma_attach(struct device *dev, void *data)
1780{
1781 struct iommu_domain *domain = data;
1782 int ret = 0;
1783
1784 if (!iommu_is_attach_deferred(dev))
1785 ret = __iommu_attach_device(domain, dev);
1786
1787 return ret;
1788}
1789
1790static int __iommu_group_dma_attach(struct iommu_group *group)
1791{
1792 return __iommu_group_for_each_dev(group, group->default_domain,
1793 iommu_group_do_dma_attach);
1794}
1795
1796static int iommu_group_do_probe_finalize(struct device *dev, void *data)
1797{
1798 const struct iommu_ops *ops = dev_iommu_ops(dev);
1799
1800 if (ops->probe_finalize)
1801 ops->probe_finalize(dev);
1802
1803 return 0;
1804}
1805
1806static void __iommu_group_dma_finalize(struct iommu_group *group)
1807{
1808 __iommu_group_for_each_dev(group, group->default_domain,
1809 iommu_group_do_probe_finalize);
1810}
1811
1812static int iommu_do_create_direct_mappings(struct device *dev, void *data)
1813{
1814 struct iommu_group *group = data;
1815
1816 iommu_create_device_direct_mappings(group, dev);
1817
1818 return 0;
1819}
1820
1821static int iommu_group_create_direct_mappings(struct iommu_group *group)
1822{
1823 return __iommu_group_for_each_dev(group, group,
1824 iommu_do_create_direct_mappings);
1825}
1826
1827int bus_iommu_probe(struct bus_type *bus)
1828{
1829 struct iommu_group *group, *next;
1830 LIST_HEAD(group_list);
1831 int ret;
1832
1833 /*
1834 * This code-path does not allocate the default domain when
1835 * creating the iommu group, so do it after the groups are
1836 * created.
1837 */
1838 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group);
1839 if (ret)
1840 return ret;
1841
1842 list_for_each_entry_safe(group, next, &group_list, entry) {
1843 mutex_lock(&group->mutex);
1844
1845 /* Remove item from the list */
1846 list_del_init(&group->entry);
1847
1848 /* Try to allocate default domain */
1849 probe_alloc_default_domain(bus, group);
1850
1851 if (!group->default_domain) {
1852 mutex_unlock(&group->mutex);
1853 continue;
1854 }
1855
1856 iommu_group_create_direct_mappings(group);
1857
1858 ret = __iommu_group_dma_attach(group);
1859
1860 mutex_unlock(&group->mutex);
1861
1862 if (ret)
1863 break;
1864
1865 __iommu_group_dma_finalize(group);
1866 }
1867
1868 return ret;
1869}
1870
1871bool iommu_present(struct bus_type *bus)
1872{
1873 return bus->iommu_ops != NULL;
1874}
1875EXPORT_SYMBOL_GPL(iommu_present);
1876
1877/**
1878 * device_iommu_capable() - check for a general IOMMU capability
1879 * @dev: device to which the capability would be relevant, if available
1880 * @cap: IOMMU capability
1881 *
1882 * Return: true if an IOMMU is present and supports the given capability
1883 * for the given device, otherwise false.
1884 */
1885bool device_iommu_capable(struct device *dev, enum iommu_cap cap)
1886{
1887 const struct iommu_ops *ops;
1888
1889 if (!dev->iommu || !dev->iommu->iommu_dev)
1890 return false;
1891
1892 ops = dev_iommu_ops(dev);
1893 if (!ops->capable)
1894 return false;
1895
1896 return ops->capable(dev, cap);
1897}
1898EXPORT_SYMBOL_GPL(device_iommu_capable);
1899
1900/**
1901 * iommu_set_fault_handler() - set a fault handler for an iommu domain
1902 * @domain: iommu domain
1903 * @handler: fault handler
1904 * @token: user data, will be passed back to the fault handler
1905 *
1906 * This function should be used by IOMMU users which want to be notified
1907 * whenever an IOMMU fault happens.
1908 *
1909 * The fault handler itself should return 0 on success, and an appropriate
1910 * error code otherwise.
1911 */
1912void iommu_set_fault_handler(struct iommu_domain *domain,
1913 iommu_fault_handler_t handler,
1914 void *token)
1915{
1916 BUG_ON(!domain);
1917
1918 domain->handler = handler;
1919 domain->handler_token = token;
1920}
1921EXPORT_SYMBOL_GPL(iommu_set_fault_handler);
1922
1923static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
1924 unsigned type)
1925{
1926 struct iommu_domain *domain;
1927
1928 if (bus == NULL || bus->iommu_ops == NULL)
1929 return NULL;
1930
1931 domain = bus->iommu_ops->domain_alloc(type);
1932 if (!domain)
1933 return NULL;
1934
1935 domain->type = type;
1936 /* Assume all sizes by default; the driver may override this later */
1937 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap;
1938 if (!domain->ops)
1939 domain->ops = bus->iommu_ops->default_domain_ops;
1940
1941 if (iommu_is_dma_domain(domain) && iommu_get_dma_cookie(domain)) {
1942 iommu_domain_free(domain);
1943 domain = NULL;
1944 }
1945 return domain;
1946}
1947
1948struct iommu_domain *iommu_domain_alloc(struct bus_type *bus)
1949{
1950 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED);
1951}
1952EXPORT_SYMBOL_GPL(iommu_domain_alloc);
1953
1954void iommu_domain_free(struct iommu_domain *domain)
1955{
1956 if (domain->type == IOMMU_DOMAIN_SVA)
1957 mmdrop(domain->mm);
1958 iommu_put_dma_cookie(domain);
1959 domain->ops->free(domain);
1960}
1961EXPORT_SYMBOL_GPL(iommu_domain_free);
1962
1963/*
1964 * Put the group's domain back to the appropriate core-owned domain - either the
1965 * standard kernel-mode DMA configuration or an all-DMA-blocked domain.
1966 */
1967static void __iommu_group_set_core_domain(struct iommu_group *group)
1968{
1969 struct iommu_domain *new_domain;
1970 int ret;
1971
1972 if (group->owner)
1973 new_domain = group->blocking_domain;
1974 else
1975 new_domain = group->default_domain;
1976
1977 ret = __iommu_group_set_domain(group, new_domain);
1978 WARN(ret, "iommu driver failed to attach the default/blocking domain");
1979}
1980
1981static int __iommu_attach_device(struct iommu_domain *domain,
1982 struct device *dev)
1983{
1984 int ret;
1985
1986 if (unlikely(domain->ops->attach_dev == NULL))
1987 return -ENODEV;
1988
1989 ret = domain->ops->attach_dev(domain, dev);
1990 if (!ret)
1991 trace_attach_device_to_domain(dev);
1992 return ret;
1993}
1994
1995/**
1996 * iommu_attach_device - Attach an IOMMU domain to a device
1997 * @domain: IOMMU domain to attach
1998 * @dev: Device that will be attached
1999 *
2000 * Returns 0 on success and error code on failure
2001 *
2002 * Note that EINVAL can be treated as a soft failure, indicating
2003 * that certain configuration of the domain is incompatible with
2004 * the device. In this case attaching a different domain to the
2005 * device may succeed.
2006 */
2007int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
2008{
2009 struct iommu_group *group;
2010 int ret;
2011
2012 group = iommu_group_get(dev);
2013 if (!group)
2014 return -ENODEV;
2015
2016 /*
2017 * Lock the group to make sure the device-count doesn't
2018 * change while we are attaching
2019 */
2020 mutex_lock(&group->mutex);
2021 ret = -EINVAL;
2022 if (iommu_group_device_count(group) != 1)
2023 goto out_unlock;
2024
2025 ret = __iommu_attach_group(domain, group);
2026
2027out_unlock:
2028 mutex_unlock(&group->mutex);
2029 iommu_group_put(group);
2030
2031 return ret;
2032}
2033EXPORT_SYMBOL_GPL(iommu_attach_device);
2034
2035int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain)
2036{
2037 if (iommu_is_attach_deferred(dev))
2038 return __iommu_attach_device(domain, dev);
2039
2040 return 0;
2041}
2042
2043static void __iommu_detach_device(struct iommu_domain *domain,
2044 struct device *dev)
2045{
2046 if (iommu_is_attach_deferred(dev))
2047 return;
2048
2049 domain->ops->detach_dev(domain, dev);
2050 trace_detach_device_from_domain(dev);
2051}
2052
2053void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
2054{
2055 struct iommu_group *group;
2056
2057 group = iommu_group_get(dev);
2058 if (!group)
2059 return;
2060
2061 mutex_lock(&group->mutex);
2062 if (WARN_ON(domain != group->domain) ||
2063 WARN_ON(iommu_group_device_count(group) != 1))
2064 goto out_unlock;
2065 __iommu_group_set_core_domain(group);
2066
2067out_unlock:
2068 mutex_unlock(&group->mutex);
2069 iommu_group_put(group);
2070}
2071EXPORT_SYMBOL_GPL(iommu_detach_device);
2072
2073struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
2074{
2075 struct iommu_domain *domain;
2076 struct iommu_group *group;
2077
2078 group = iommu_group_get(dev);
2079 if (!group)
2080 return NULL;
2081
2082 domain = group->domain;
2083
2084 iommu_group_put(group);
2085
2086 return domain;
2087}
2088EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev);
2089
2090/*
2091 * For IOMMU_DOMAIN_DMA implementations which already provide their own
2092 * guarantees that the group and its default domain are valid and correct.
2093 */
2094struct iommu_domain *iommu_get_dma_domain(struct device *dev)
2095{
2096 return dev->iommu_group->default_domain;
2097}
2098
2099/*
2100 * IOMMU groups are really the natural working unit of the IOMMU, but
2101 * the IOMMU API works on domains and devices. Bridge that gap by
2102 * iterating over the devices in a group. Ideally we'd have a single
2103 * device which represents the requestor ID of the group, but we also
2104 * allow IOMMU drivers to create policy defined minimum sets, where
2105 * the physical hardware may be able to distiguish members, but we
2106 * wish to group them at a higher level (ex. untrusted multi-function
2107 * PCI devices). Thus we attach each device.
2108 */
2109static int iommu_group_do_attach_device(struct device *dev, void *data)
2110{
2111 struct iommu_domain *domain = data;
2112
2113 return __iommu_attach_device(domain, dev);
2114}
2115
2116static int __iommu_attach_group(struct iommu_domain *domain,
2117 struct iommu_group *group)
2118{
2119 int ret;
2120
2121 if (group->domain && group->domain != group->default_domain &&
2122 group->domain != group->blocking_domain)
2123 return -EBUSY;
2124
2125 ret = __iommu_group_for_each_dev(group, domain,
2126 iommu_group_do_attach_device);
2127 if (ret == 0)
2128 group->domain = domain;
2129
2130 return ret;
2131}
2132
2133/**
2134 * iommu_attach_group - Attach an IOMMU domain to an IOMMU group
2135 * @domain: IOMMU domain to attach
2136 * @group: IOMMU group that will be attached
2137 *
2138 * Returns 0 on success and error code on failure
2139 *
2140 * Note that EINVAL can be treated as a soft failure, indicating
2141 * that certain configuration of the domain is incompatible with
2142 * the group. In this case attaching a different domain to the
2143 * group may succeed.
2144 */
2145int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
2146{
2147 int ret;
2148
2149 mutex_lock(&group->mutex);
2150 ret = __iommu_attach_group(domain, group);
2151 mutex_unlock(&group->mutex);
2152
2153 return ret;
2154}
2155EXPORT_SYMBOL_GPL(iommu_attach_group);
2156
2157static int iommu_group_do_detach_device(struct device *dev, void *data)
2158{
2159 struct iommu_domain *domain = data;
2160
2161 __iommu_detach_device(domain, dev);
2162
2163 return 0;
2164}
2165
2166static int __iommu_group_set_domain(struct iommu_group *group,
2167 struct iommu_domain *new_domain)
2168{
2169 int ret;
2170
2171 if (group->domain == new_domain)
2172 return 0;
2173
2174 /*
2175 * New drivers should support default domains and so the detach_dev() op
2176 * will never be called. Otherwise the NULL domain represents some
2177 * platform specific behavior.
2178 */
2179 if (!new_domain) {
2180 if (WARN_ON(!group->domain->ops->detach_dev))
2181 return -EINVAL;
2182 __iommu_group_for_each_dev(group, group->domain,
2183 iommu_group_do_detach_device);
2184 group->domain = NULL;
2185 return 0;
2186 }
2187
2188 /*
2189 * Changing the domain is done by calling attach_dev() on the new
2190 * domain. This switch does not have to be atomic and DMA can be
2191 * discarded during the transition. DMA must only be able to access
2192 * either new_domain or group->domain, never something else.
2193 *
2194 * Note that this is called in error unwind paths, attaching to a
2195 * domain that has already been attached cannot fail.
2196 */
2197 ret = __iommu_group_for_each_dev(group, new_domain,
2198 iommu_group_do_attach_device);
2199 if (ret)
2200 return ret;
2201 group->domain = new_domain;
2202 return 0;
2203}
2204
2205void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group)
2206{
2207 mutex_lock(&group->mutex);
2208 __iommu_group_set_core_domain(group);
2209 mutex_unlock(&group->mutex);
2210}
2211EXPORT_SYMBOL_GPL(iommu_detach_group);
2212
2213phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2214{
2215 if (domain->type == IOMMU_DOMAIN_IDENTITY)
2216 return iova;
2217
2218 if (domain->type == IOMMU_DOMAIN_BLOCKED)
2219 return 0;
2220
2221 return domain->ops->iova_to_phys(domain, iova);
2222}
2223EXPORT_SYMBOL_GPL(iommu_iova_to_phys);
2224
2225static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova,
2226 phys_addr_t paddr, size_t size, size_t *count)
2227{
2228 unsigned int pgsize_idx, pgsize_idx_next;
2229 unsigned long pgsizes;
2230 size_t offset, pgsize, pgsize_next;
2231 unsigned long addr_merge = paddr | iova;
2232
2233 /* Page sizes supported by the hardware and small enough for @size */
2234 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0);
2235
2236 /* Constrain the page sizes further based on the maximum alignment */
2237 if (likely(addr_merge))
2238 pgsizes &= GENMASK(__ffs(addr_merge), 0);
2239
2240 /* Make sure we have at least one suitable page size */
2241 BUG_ON(!pgsizes);
2242
2243 /* Pick the biggest page size remaining */
2244 pgsize_idx = __fls(pgsizes);
2245 pgsize = BIT(pgsize_idx);
2246 if (!count)
2247 return pgsize;
2248
2249 /* Find the next biggest support page size, if it exists */
2250 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0);
2251 if (!pgsizes)
2252 goto out_set_count;
2253
2254 pgsize_idx_next = __ffs(pgsizes);
2255 pgsize_next = BIT(pgsize_idx_next);
2256
2257 /*
2258 * There's no point trying a bigger page size unless the virtual
2259 * and physical addresses are similarly offset within the larger page.
2260 */
2261 if ((iova ^ paddr) & (pgsize_next - 1))
2262 goto out_set_count;
2263
2264 /* Calculate the offset to the next page size alignment boundary */
2265 offset = pgsize_next - (addr_merge & (pgsize_next - 1));
2266
2267 /*
2268 * If size is big enough to accommodate the larger page, reduce
2269 * the number of smaller pages.
2270 */
2271 if (offset + pgsize_next <= size)
2272 size = offset;
2273
2274out_set_count:
2275 *count = size >> pgsize_idx;
2276 return pgsize;
2277}
2278
2279static int __iommu_map_pages(struct iommu_domain *domain, unsigned long iova,
2280 phys_addr_t paddr, size_t size, int prot,
2281 gfp_t gfp, size_t *mapped)
2282{
2283 const struct iommu_domain_ops *ops = domain->ops;
2284 size_t pgsize, count;
2285 int ret;
2286
2287 pgsize = iommu_pgsize(domain, iova, paddr, size, &count);
2288
2289 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n",
2290 iova, &paddr, pgsize, count);
2291
2292 if (ops->map_pages) {
2293 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot,
2294 gfp, mapped);
2295 } else {
2296 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp);
2297 *mapped = ret ? 0 : pgsize;
2298 }
2299
2300 return ret;
2301}
2302
2303static int __iommu_map(struct iommu_domain *domain, unsigned long iova,
2304 phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2305{
2306 const struct iommu_domain_ops *ops = domain->ops;
2307 unsigned long orig_iova = iova;
2308 unsigned int min_pagesz;
2309 size_t orig_size = size;
2310 phys_addr_t orig_paddr = paddr;
2311 int ret = 0;
2312
2313 if (unlikely(!(ops->map || ops->map_pages) ||
2314 domain->pgsize_bitmap == 0UL))
2315 return -ENODEV;
2316
2317 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2318 return -EINVAL;
2319
2320 /* find out the minimum page size supported */
2321 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2322
2323 /*
2324 * both the virtual address and the physical one, as well as
2325 * the size of the mapping, must be aligned (at least) to the
2326 * size of the smallest page supported by the hardware
2327 */
2328 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) {
2329 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n",
2330 iova, &paddr, size, min_pagesz);
2331 return -EINVAL;
2332 }
2333
2334 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size);
2335
2336 while (size) {
2337 size_t mapped = 0;
2338
2339 ret = __iommu_map_pages(domain, iova, paddr, size, prot, gfp,
2340 &mapped);
2341 /*
2342 * Some pages may have been mapped, even if an error occurred,
2343 * so we should account for those so they can be unmapped.
2344 */
2345 size -= mapped;
2346
2347 if (ret)
2348 break;
2349
2350 iova += mapped;
2351 paddr += mapped;
2352 }
2353
2354 /* unroll mapping in case something went wrong */
2355 if (ret)
2356 iommu_unmap(domain, orig_iova, orig_size - size);
2357 else
2358 trace_map(orig_iova, orig_paddr, orig_size);
2359
2360 return ret;
2361}
2362
2363static int _iommu_map(struct iommu_domain *domain, unsigned long iova,
2364 phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2365{
2366 const struct iommu_domain_ops *ops = domain->ops;
2367 int ret;
2368
2369 ret = __iommu_map(domain, iova, paddr, size, prot, gfp);
2370 if (ret == 0 && ops->iotlb_sync_map)
2371 ops->iotlb_sync_map(domain, iova, size);
2372
2373 return ret;
2374}
2375
2376int iommu_map(struct iommu_domain *domain, unsigned long iova,
2377 phys_addr_t paddr, size_t size, int prot)
2378{
2379 might_sleep();
2380 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL);
2381}
2382EXPORT_SYMBOL_GPL(iommu_map);
2383
2384int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova,
2385 phys_addr_t paddr, size_t size, int prot)
2386{
2387 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC);
2388}
2389EXPORT_SYMBOL_GPL(iommu_map_atomic);
2390
2391static size_t __iommu_unmap_pages(struct iommu_domain *domain,
2392 unsigned long iova, size_t size,
2393 struct iommu_iotlb_gather *iotlb_gather)
2394{
2395 const struct iommu_domain_ops *ops = domain->ops;
2396 size_t pgsize, count;
2397
2398 pgsize = iommu_pgsize(domain, iova, iova, size, &count);
2399 return ops->unmap_pages ?
2400 ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather) :
2401 ops->unmap(domain, iova, pgsize, iotlb_gather);
2402}
2403
2404static size_t __iommu_unmap(struct iommu_domain *domain,
2405 unsigned long iova, size_t size,
2406 struct iommu_iotlb_gather *iotlb_gather)
2407{
2408 const struct iommu_domain_ops *ops = domain->ops;
2409 size_t unmapped_page, unmapped = 0;
2410 unsigned long orig_iova = iova;
2411 unsigned int min_pagesz;
2412
2413 if (unlikely(!(ops->unmap || ops->unmap_pages) ||
2414 domain->pgsize_bitmap == 0UL))
2415 return 0;
2416
2417 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2418 return 0;
2419
2420 /* find out the minimum page size supported */
2421 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2422
2423 /*
2424 * The virtual address, as well as the size of the mapping, must be
2425 * aligned (at least) to the size of the smallest page supported
2426 * by the hardware
2427 */
2428 if (!IS_ALIGNED(iova | size, min_pagesz)) {
2429 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n",
2430 iova, size, min_pagesz);
2431 return 0;
2432 }
2433
2434 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size);
2435
2436 /*
2437 * Keep iterating until we either unmap 'size' bytes (or more)
2438 * or we hit an area that isn't mapped.
2439 */
2440 while (unmapped < size) {
2441 unmapped_page = __iommu_unmap_pages(domain, iova,
2442 size - unmapped,
2443 iotlb_gather);
2444 if (!unmapped_page)
2445 break;
2446
2447 pr_debug("unmapped: iova 0x%lx size 0x%zx\n",
2448 iova, unmapped_page);
2449
2450 iova += unmapped_page;
2451 unmapped += unmapped_page;
2452 }
2453
2454 trace_unmap(orig_iova, size, unmapped);
2455 return unmapped;
2456}
2457
2458size_t iommu_unmap(struct iommu_domain *domain,
2459 unsigned long iova, size_t size)
2460{
2461 struct iommu_iotlb_gather iotlb_gather;
2462 size_t ret;
2463
2464 iommu_iotlb_gather_init(&iotlb_gather);
2465 ret = __iommu_unmap(domain, iova, size, &iotlb_gather);
2466 iommu_iotlb_sync(domain, &iotlb_gather);
2467
2468 return ret;
2469}
2470EXPORT_SYMBOL_GPL(iommu_unmap);
2471
2472size_t iommu_unmap_fast(struct iommu_domain *domain,
2473 unsigned long iova, size_t size,
2474 struct iommu_iotlb_gather *iotlb_gather)
2475{
2476 return __iommu_unmap(domain, iova, size, iotlb_gather);
2477}
2478EXPORT_SYMBOL_GPL(iommu_unmap_fast);
2479
2480static ssize_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2481 struct scatterlist *sg, unsigned int nents, int prot,
2482 gfp_t gfp)
2483{
2484 const struct iommu_domain_ops *ops = domain->ops;
2485 size_t len = 0, mapped = 0;
2486 phys_addr_t start;
2487 unsigned int i = 0;
2488 int ret;
2489
2490 while (i <= nents) {
2491 phys_addr_t s_phys = sg_phys(sg);
2492
2493 if (len && s_phys != start + len) {
2494 ret = __iommu_map(domain, iova + mapped, start,
2495 len, prot, gfp);
2496
2497 if (ret)
2498 goto out_err;
2499
2500 mapped += len;
2501 len = 0;
2502 }
2503
2504 if (sg_is_dma_bus_address(sg))
2505 goto next;
2506
2507 if (len) {
2508 len += sg->length;
2509 } else {
2510 len = sg->length;
2511 start = s_phys;
2512 }
2513
2514next:
2515 if (++i < nents)
2516 sg = sg_next(sg);
2517 }
2518
2519 if (ops->iotlb_sync_map)
2520 ops->iotlb_sync_map(domain, iova, mapped);
2521 return mapped;
2522
2523out_err:
2524 /* undo mappings already done */
2525 iommu_unmap(domain, iova, mapped);
2526
2527 return ret;
2528}
2529
2530ssize_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2531 struct scatterlist *sg, unsigned int nents, int prot)
2532{
2533 might_sleep();
2534 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL);
2535}
2536EXPORT_SYMBOL_GPL(iommu_map_sg);
2537
2538ssize_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova,
2539 struct scatterlist *sg, unsigned int nents, int prot)
2540{
2541 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC);
2542}
2543
2544/**
2545 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework
2546 * @domain: the iommu domain where the fault has happened
2547 * @dev: the device where the fault has happened
2548 * @iova: the faulting address
2549 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...)
2550 *
2551 * This function should be called by the low-level IOMMU implementations
2552 * whenever IOMMU faults happen, to allow high-level users, that are
2553 * interested in such events, to know about them.
2554 *
2555 * This event may be useful for several possible use cases:
2556 * - mere logging of the event
2557 * - dynamic TLB/PTE loading
2558 * - if restarting of the faulting device is required
2559 *
2560 * Returns 0 on success and an appropriate error code otherwise (if dynamic
2561 * PTE/TLB loading will one day be supported, implementations will be able
2562 * to tell whether it succeeded or not according to this return value).
2563 *
2564 * Specifically, -ENOSYS is returned if a fault handler isn't installed
2565 * (though fault handlers can also return -ENOSYS, in case they want to
2566 * elicit the default behavior of the IOMMU drivers).
2567 */
2568int report_iommu_fault(struct iommu_domain *domain, struct device *dev,
2569 unsigned long iova, int flags)
2570{
2571 int ret = -ENOSYS;
2572
2573 /*
2574 * if upper layers showed interest and installed a fault handler,
2575 * invoke it.
2576 */
2577 if (domain->handler)
2578 ret = domain->handler(domain, dev, iova, flags,
2579 domain->handler_token);
2580
2581 trace_io_page_fault(dev, iova, flags);
2582 return ret;
2583}
2584EXPORT_SYMBOL_GPL(report_iommu_fault);
2585
2586static int __init iommu_init(void)
2587{
2588 iommu_group_kset = kset_create_and_add("iommu_groups",
2589 NULL, kernel_kobj);
2590 BUG_ON(!iommu_group_kset);
2591
2592 iommu_debugfs_setup();
2593
2594 return 0;
2595}
2596core_initcall(iommu_init);
2597
2598int iommu_enable_nesting(struct iommu_domain *domain)
2599{
2600 if (domain->type != IOMMU_DOMAIN_UNMANAGED)
2601 return -EINVAL;
2602 if (!domain->ops->enable_nesting)
2603 return -EINVAL;
2604 return domain->ops->enable_nesting(domain);
2605}
2606EXPORT_SYMBOL_GPL(iommu_enable_nesting);
2607
2608int iommu_set_pgtable_quirks(struct iommu_domain *domain,
2609 unsigned long quirk)
2610{
2611 if (domain->type != IOMMU_DOMAIN_UNMANAGED)
2612 return -EINVAL;
2613 if (!domain->ops->set_pgtable_quirks)
2614 return -EINVAL;
2615 return domain->ops->set_pgtable_quirks(domain, quirk);
2616}
2617EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks);
2618
2619void iommu_get_resv_regions(struct device *dev, struct list_head *list)
2620{
2621 const struct iommu_ops *ops = dev_iommu_ops(dev);
2622
2623 if (ops->get_resv_regions)
2624 ops->get_resv_regions(dev, list);
2625}
2626
2627/**
2628 * iommu_put_resv_regions - release resered regions
2629 * @dev: device for which to free reserved regions
2630 * @list: reserved region list for device
2631 *
2632 * This releases a reserved region list acquired by iommu_get_resv_regions().
2633 */
2634void iommu_put_resv_regions(struct device *dev, struct list_head *list)
2635{
2636 struct iommu_resv_region *entry, *next;
2637
2638 list_for_each_entry_safe(entry, next, list, list) {
2639 if (entry->free)
2640 entry->free(dev, entry);
2641 else
2642 kfree(entry);
2643 }
2644}
2645EXPORT_SYMBOL(iommu_put_resv_regions);
2646
2647struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start,
2648 size_t length, int prot,
2649 enum iommu_resv_type type,
2650 gfp_t gfp)
2651{
2652 struct iommu_resv_region *region;
2653
2654 region = kzalloc(sizeof(*region), gfp);
2655 if (!region)
2656 return NULL;
2657
2658 INIT_LIST_HEAD(®ion->list);
2659 region->start = start;
2660 region->length = length;
2661 region->prot = prot;
2662 region->type = type;
2663 return region;
2664}
2665EXPORT_SYMBOL_GPL(iommu_alloc_resv_region);
2666
2667void iommu_set_default_passthrough(bool cmd_line)
2668{
2669 if (cmd_line)
2670 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
2671 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY;
2672}
2673
2674void iommu_set_default_translated(bool cmd_line)
2675{
2676 if (cmd_line)
2677 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
2678 iommu_def_domain_type = IOMMU_DOMAIN_DMA;
2679}
2680
2681bool iommu_default_passthrough(void)
2682{
2683 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY;
2684}
2685EXPORT_SYMBOL_GPL(iommu_default_passthrough);
2686
2687const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode)
2688{
2689 const struct iommu_ops *ops = NULL;
2690 struct iommu_device *iommu;
2691
2692 spin_lock(&iommu_device_lock);
2693 list_for_each_entry(iommu, &iommu_device_list, list)
2694 if (iommu->fwnode == fwnode) {
2695 ops = iommu->ops;
2696 break;
2697 }
2698 spin_unlock(&iommu_device_lock);
2699 return ops;
2700}
2701
2702int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode,
2703 const struct iommu_ops *ops)
2704{
2705 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2706
2707 if (fwspec)
2708 return ops == fwspec->ops ? 0 : -EINVAL;
2709
2710 if (!dev_iommu_get(dev))
2711 return -ENOMEM;
2712
2713 /* Preallocate for the overwhelmingly common case of 1 ID */
2714 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL);
2715 if (!fwspec)
2716 return -ENOMEM;
2717
2718 of_node_get(to_of_node(iommu_fwnode));
2719 fwspec->iommu_fwnode = iommu_fwnode;
2720 fwspec->ops = ops;
2721 dev_iommu_fwspec_set(dev, fwspec);
2722 return 0;
2723}
2724EXPORT_SYMBOL_GPL(iommu_fwspec_init);
2725
2726void iommu_fwspec_free(struct device *dev)
2727{
2728 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2729
2730 if (fwspec) {
2731 fwnode_handle_put(fwspec->iommu_fwnode);
2732 kfree(fwspec);
2733 dev_iommu_fwspec_set(dev, NULL);
2734 }
2735}
2736EXPORT_SYMBOL_GPL(iommu_fwspec_free);
2737
2738int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids)
2739{
2740 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2741 int i, new_num;
2742
2743 if (!fwspec)
2744 return -EINVAL;
2745
2746 new_num = fwspec->num_ids + num_ids;
2747 if (new_num > 1) {
2748 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num),
2749 GFP_KERNEL);
2750 if (!fwspec)
2751 return -ENOMEM;
2752
2753 dev_iommu_fwspec_set(dev, fwspec);
2754 }
2755
2756 for (i = 0; i < num_ids; i++)
2757 fwspec->ids[fwspec->num_ids + i] = ids[i];
2758
2759 fwspec->num_ids = new_num;
2760 return 0;
2761}
2762EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids);
2763
2764/*
2765 * Per device IOMMU features.
2766 */
2767int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat)
2768{
2769 if (dev->iommu && dev->iommu->iommu_dev) {
2770 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
2771
2772 if (ops->dev_enable_feat)
2773 return ops->dev_enable_feat(dev, feat);
2774 }
2775
2776 return -ENODEV;
2777}
2778EXPORT_SYMBOL_GPL(iommu_dev_enable_feature);
2779
2780/*
2781 * The device drivers should do the necessary cleanups before calling this.
2782 */
2783int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat)
2784{
2785 if (dev->iommu && dev->iommu->iommu_dev) {
2786 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
2787
2788 if (ops->dev_disable_feat)
2789 return ops->dev_disable_feat(dev, feat);
2790 }
2791
2792 return -EBUSY;
2793}
2794EXPORT_SYMBOL_GPL(iommu_dev_disable_feature);
2795
2796/*
2797 * Changes the default domain of an iommu group that has *only* one device
2798 *
2799 * @group: The group for which the default domain should be changed
2800 * @prev_dev: The device in the group (this is used to make sure that the device
2801 * hasn't changed after the caller has called this function)
2802 * @type: The type of the new default domain that gets associated with the group
2803 *
2804 * Returns 0 on success and error code on failure
2805 *
2806 * Note:
2807 * 1. Presently, this function is called only when user requests to change the
2808 * group's default domain type through /sys/kernel/iommu_groups/<grp_id>/type
2809 * Please take a closer look if intended to use for other purposes.
2810 */
2811static int iommu_change_dev_def_domain(struct iommu_group *group,
2812 struct device *prev_dev, int type)
2813{
2814 struct iommu_domain *prev_dom;
2815 struct group_device *grp_dev;
2816 int ret, dev_def_dom;
2817 struct device *dev;
2818
2819 mutex_lock(&group->mutex);
2820
2821 if (group->default_domain != group->domain) {
2822 dev_err_ratelimited(prev_dev, "Group not assigned to default domain\n");
2823 ret = -EBUSY;
2824 goto out;
2825 }
2826
2827 /*
2828 * iommu group wasn't locked while acquiring device lock in
2829 * iommu_group_store_type(). So, make sure that the device count hasn't
2830 * changed while acquiring device lock.
2831 *
2832 * Changing default domain of an iommu group with two or more devices
2833 * isn't supported because there could be a potential deadlock. Consider
2834 * the following scenario. T1 is trying to acquire device locks of all
2835 * the devices in the group and before it could acquire all of them,
2836 * there could be another thread T2 (from different sub-system and use
2837 * case) that has already acquired some of the device locks and might be
2838 * waiting for T1 to release other device locks.
2839 */
2840 if (iommu_group_device_count(group) != 1) {
2841 dev_err_ratelimited(prev_dev, "Cannot change default domain: Group has more than one device\n");
2842 ret = -EINVAL;
2843 goto out;
2844 }
2845
2846 /* Since group has only one device */
2847 grp_dev = list_first_entry(&group->devices, struct group_device, list);
2848 dev = grp_dev->dev;
2849
2850 if (prev_dev != dev) {
2851 dev_err_ratelimited(prev_dev, "Cannot change default domain: Device has been changed\n");
2852 ret = -EBUSY;
2853 goto out;
2854 }
2855
2856 prev_dom = group->default_domain;
2857 if (!prev_dom) {
2858 ret = -EINVAL;
2859 goto out;
2860 }
2861
2862 dev_def_dom = iommu_get_def_domain_type(dev);
2863 if (!type) {
2864 /*
2865 * If the user hasn't requested any specific type of domain and
2866 * if the device supports both the domains, then default to the
2867 * domain the device was booted with
2868 */
2869 type = dev_def_dom ? : iommu_def_domain_type;
2870 } else if (dev_def_dom && type != dev_def_dom) {
2871 dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n",
2872 iommu_domain_type_str(type));
2873 ret = -EINVAL;
2874 goto out;
2875 }
2876
2877 /*
2878 * Switch to a new domain only if the requested domain type is different
2879 * from the existing default domain type
2880 */
2881 if (prev_dom->type == type) {
2882 ret = 0;
2883 goto out;
2884 }
2885
2886 /* We can bring up a flush queue without tearing down the domain */
2887 if (type == IOMMU_DOMAIN_DMA_FQ && prev_dom->type == IOMMU_DOMAIN_DMA) {
2888 ret = iommu_dma_init_fq(prev_dom);
2889 if (!ret)
2890 prev_dom->type = IOMMU_DOMAIN_DMA_FQ;
2891 goto out;
2892 }
2893
2894 /* Sets group->default_domain to the newly allocated domain */
2895 ret = iommu_group_alloc_default_domain(dev->bus, group, type);
2896 if (ret)
2897 goto out;
2898
2899 ret = iommu_create_device_direct_mappings(group, dev);
2900 if (ret)
2901 goto free_new_domain;
2902
2903 ret = __iommu_attach_device(group->default_domain, dev);
2904 if (ret)
2905 goto free_new_domain;
2906
2907 group->domain = group->default_domain;
2908
2909 /*
2910 * Release the mutex here because ops->probe_finalize() call-back of
2911 * some vendor IOMMU drivers calls arm_iommu_attach_device() which
2912 * in-turn might call back into IOMMU core code, where it tries to take
2913 * group->mutex, resulting in a deadlock.
2914 */
2915 mutex_unlock(&group->mutex);
2916
2917 /* Make sure dma_ops is appropriatley set */
2918 iommu_group_do_probe_finalize(dev, group->default_domain);
2919 iommu_domain_free(prev_dom);
2920 return 0;
2921
2922free_new_domain:
2923 iommu_domain_free(group->default_domain);
2924 group->default_domain = prev_dom;
2925 group->domain = prev_dom;
2926
2927out:
2928 mutex_unlock(&group->mutex);
2929
2930 return ret;
2931}
2932
2933/*
2934 * Changing the default domain through sysfs requires the users to unbind the
2935 * drivers from the devices in the iommu group, except for a DMA -> DMA-FQ
2936 * transition. Return failure if this isn't met.
2937 *
2938 * We need to consider the race between this and the device release path.
2939 * device_lock(dev) is used here to guarantee that the device release path
2940 * will not be entered at the same time.
2941 */
2942static ssize_t iommu_group_store_type(struct iommu_group *group,
2943 const char *buf, size_t count)
2944{
2945 struct group_device *grp_dev;
2946 struct device *dev;
2947 int ret, req_type;
2948
2949 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2950 return -EACCES;
2951
2952 if (WARN_ON(!group) || !group->default_domain)
2953 return -EINVAL;
2954
2955 if (sysfs_streq(buf, "identity"))
2956 req_type = IOMMU_DOMAIN_IDENTITY;
2957 else if (sysfs_streq(buf, "DMA"))
2958 req_type = IOMMU_DOMAIN_DMA;
2959 else if (sysfs_streq(buf, "DMA-FQ"))
2960 req_type = IOMMU_DOMAIN_DMA_FQ;
2961 else if (sysfs_streq(buf, "auto"))
2962 req_type = 0;
2963 else
2964 return -EINVAL;
2965
2966 /*
2967 * Lock/Unlock the group mutex here before device lock to
2968 * 1. Make sure that the iommu group has only one device (this is a
2969 * prerequisite for step 2)
2970 * 2. Get struct *dev which is needed to lock device
2971 */
2972 mutex_lock(&group->mutex);
2973 if (iommu_group_device_count(group) != 1) {
2974 mutex_unlock(&group->mutex);
2975 pr_err_ratelimited("Cannot change default domain: Group has more than one device\n");
2976 return -EINVAL;
2977 }
2978
2979 /* Since group has only one device */
2980 grp_dev = list_first_entry(&group->devices, struct group_device, list);
2981 dev = grp_dev->dev;
2982 get_device(dev);
2983
2984 /*
2985 * Don't hold the group mutex because taking group mutex first and then
2986 * the device lock could potentially cause a deadlock as below. Assume
2987 * two threads T1 and T2. T1 is trying to change default domain of an
2988 * iommu group and T2 is trying to hot unplug a device or release [1] VF
2989 * of a PCIe device which is in the same iommu group. T1 takes group
2990 * mutex and before it could take device lock assume T2 has taken device
2991 * lock and is yet to take group mutex. Now, both the threads will be
2992 * waiting for the other thread to release lock. Below, lock order was
2993 * suggested.
2994 * device_lock(dev);
2995 * mutex_lock(&group->mutex);
2996 * iommu_change_dev_def_domain();
2997 * mutex_unlock(&group->mutex);
2998 * device_unlock(dev);
2999 *
3000 * [1] Typical device release path
3001 * device_lock() from device/driver core code
3002 * -> bus_notifier()
3003 * -> iommu_bus_notifier()
3004 * -> iommu_release_device()
3005 * -> ops->release_device() vendor driver calls back iommu core code
3006 * -> mutex_lock() from iommu core code
3007 */
3008 mutex_unlock(&group->mutex);
3009
3010 /* Check if the device in the group still has a driver bound to it */
3011 device_lock(dev);
3012 if (device_is_bound(dev) && !(req_type == IOMMU_DOMAIN_DMA_FQ &&
3013 group->default_domain->type == IOMMU_DOMAIN_DMA)) {
3014 pr_err_ratelimited("Device is still bound to driver\n");
3015 ret = -EBUSY;
3016 goto out;
3017 }
3018
3019 ret = iommu_change_dev_def_domain(group, dev, req_type);
3020 ret = ret ?: count;
3021
3022out:
3023 device_unlock(dev);
3024 put_device(dev);
3025
3026 return ret;
3027}
3028
3029static bool iommu_is_default_domain(struct iommu_group *group)
3030{
3031 if (group->domain == group->default_domain)
3032 return true;
3033
3034 /*
3035 * If the default domain was set to identity and it is still an identity
3036 * domain then we consider this a pass. This happens because of
3037 * amd_iommu_init_device() replacing the default idenytity domain with an
3038 * identity domain that has a different configuration for AMDGPU.
3039 */
3040 if (group->default_domain &&
3041 group->default_domain->type == IOMMU_DOMAIN_IDENTITY &&
3042 group->domain && group->domain->type == IOMMU_DOMAIN_IDENTITY)
3043 return true;
3044 return false;
3045}
3046
3047/**
3048 * iommu_device_use_default_domain() - Device driver wants to handle device
3049 * DMA through the kernel DMA API.
3050 * @dev: The device.
3051 *
3052 * The device driver about to bind @dev wants to do DMA through the kernel
3053 * DMA API. Return 0 if it is allowed, otherwise an error.
3054 */
3055int iommu_device_use_default_domain(struct device *dev)
3056{
3057 struct iommu_group *group = iommu_group_get(dev);
3058 int ret = 0;
3059
3060 if (!group)
3061 return 0;
3062
3063 mutex_lock(&group->mutex);
3064 if (group->owner_cnt) {
3065 if (group->owner || !iommu_is_default_domain(group) ||
3066 !xa_empty(&group->pasid_array)) {
3067 ret = -EBUSY;
3068 goto unlock_out;
3069 }
3070 }
3071
3072 group->owner_cnt++;
3073
3074unlock_out:
3075 mutex_unlock(&group->mutex);
3076 iommu_group_put(group);
3077
3078 return ret;
3079}
3080
3081/**
3082 * iommu_device_unuse_default_domain() - Device driver stops handling device
3083 * DMA through the kernel DMA API.
3084 * @dev: The device.
3085 *
3086 * The device driver doesn't want to do DMA through kernel DMA API anymore.
3087 * It must be called after iommu_device_use_default_domain().
3088 */
3089void iommu_device_unuse_default_domain(struct device *dev)
3090{
3091 struct iommu_group *group = iommu_group_get(dev);
3092
3093 if (!group)
3094 return;
3095
3096 mutex_lock(&group->mutex);
3097 if (!WARN_ON(!group->owner_cnt || !xa_empty(&group->pasid_array)))
3098 group->owner_cnt--;
3099
3100 mutex_unlock(&group->mutex);
3101 iommu_group_put(group);
3102}
3103
3104static int __iommu_group_alloc_blocking_domain(struct iommu_group *group)
3105{
3106 struct group_device *dev =
3107 list_first_entry(&group->devices, struct group_device, list);
3108
3109 if (group->blocking_domain)
3110 return 0;
3111
3112 group->blocking_domain =
3113 __iommu_domain_alloc(dev->dev->bus, IOMMU_DOMAIN_BLOCKED);
3114 if (!group->blocking_domain) {
3115 /*
3116 * For drivers that do not yet understand IOMMU_DOMAIN_BLOCKED
3117 * create an empty domain instead.
3118 */
3119 group->blocking_domain = __iommu_domain_alloc(
3120 dev->dev->bus, IOMMU_DOMAIN_UNMANAGED);
3121 if (!group->blocking_domain)
3122 return -EINVAL;
3123 }
3124 return 0;
3125}
3126
3127static int __iommu_take_dma_ownership(struct iommu_group *group, void *owner)
3128{
3129 int ret;
3130
3131 if ((group->domain && group->domain != group->default_domain) ||
3132 !xa_empty(&group->pasid_array))
3133 return -EBUSY;
3134
3135 ret = __iommu_group_alloc_blocking_domain(group);
3136 if (ret)
3137 return ret;
3138 ret = __iommu_group_set_domain(group, group->blocking_domain);
3139 if (ret)
3140 return ret;
3141
3142 group->owner = owner;
3143 group->owner_cnt++;
3144 return 0;
3145}
3146
3147/**
3148 * iommu_group_claim_dma_owner() - Set DMA ownership of a group
3149 * @group: The group.
3150 * @owner: Caller specified pointer. Used for exclusive ownership.
3151 *
3152 * This is to support backward compatibility for vfio which manages the dma
3153 * ownership in iommu_group level. New invocations on this interface should be
3154 * prohibited. Only a single owner may exist for a group.
3155 */
3156int iommu_group_claim_dma_owner(struct iommu_group *group, void *owner)
3157{
3158 int ret = 0;
3159
3160 if (WARN_ON(!owner))
3161 return -EINVAL;
3162
3163 mutex_lock(&group->mutex);
3164 if (group->owner_cnt) {
3165 ret = -EPERM;
3166 goto unlock_out;
3167 }
3168
3169 ret = __iommu_take_dma_ownership(group, owner);
3170unlock_out:
3171 mutex_unlock(&group->mutex);
3172
3173 return ret;
3174}
3175EXPORT_SYMBOL_GPL(iommu_group_claim_dma_owner);
3176
3177/**
3178 * iommu_device_claim_dma_owner() - Set DMA ownership of a device
3179 * @dev: The device.
3180 * @owner: Caller specified pointer. Used for exclusive ownership.
3181 *
3182 * Claim the DMA ownership of a device. Multiple devices in the same group may
3183 * concurrently claim ownership if they present the same owner value. Returns 0
3184 * on success and error code on failure
3185 */
3186int iommu_device_claim_dma_owner(struct device *dev, void *owner)
3187{
3188 struct iommu_group *group;
3189 int ret = 0;
3190
3191 if (WARN_ON(!owner))
3192 return -EINVAL;
3193
3194 group = iommu_group_get(dev);
3195 if (!group)
3196 return -ENODEV;
3197
3198 mutex_lock(&group->mutex);
3199 if (group->owner_cnt) {
3200 if (group->owner != owner) {
3201 ret = -EPERM;
3202 goto unlock_out;
3203 }
3204 group->owner_cnt++;
3205 goto unlock_out;
3206 }
3207
3208 ret = __iommu_take_dma_ownership(group, owner);
3209unlock_out:
3210 mutex_unlock(&group->mutex);
3211 iommu_group_put(group);
3212
3213 return ret;
3214}
3215EXPORT_SYMBOL_GPL(iommu_device_claim_dma_owner);
3216
3217static void __iommu_release_dma_ownership(struct iommu_group *group)
3218{
3219 int ret;
3220
3221 if (WARN_ON(!group->owner_cnt || !group->owner ||
3222 !xa_empty(&group->pasid_array)))
3223 return;
3224
3225 group->owner_cnt = 0;
3226 group->owner = NULL;
3227 ret = __iommu_group_set_domain(group, group->default_domain);
3228 WARN(ret, "iommu driver failed to attach the default domain");
3229}
3230
3231/**
3232 * iommu_group_release_dma_owner() - Release DMA ownership of a group
3233 * @dev: The device
3234 *
3235 * Release the DMA ownership claimed by iommu_group_claim_dma_owner().
3236 */
3237void iommu_group_release_dma_owner(struct iommu_group *group)
3238{
3239 mutex_lock(&group->mutex);
3240 __iommu_release_dma_ownership(group);
3241 mutex_unlock(&group->mutex);
3242}
3243EXPORT_SYMBOL_GPL(iommu_group_release_dma_owner);
3244
3245/**
3246 * iommu_device_release_dma_owner() - Release DMA ownership of a device
3247 * @group: The device.
3248 *
3249 * Release the DMA ownership claimed by iommu_device_claim_dma_owner().
3250 */
3251void iommu_device_release_dma_owner(struct device *dev)
3252{
3253 struct iommu_group *group = iommu_group_get(dev);
3254
3255 mutex_lock(&group->mutex);
3256 if (group->owner_cnt > 1)
3257 group->owner_cnt--;
3258 else
3259 __iommu_release_dma_ownership(group);
3260 mutex_unlock(&group->mutex);
3261 iommu_group_put(group);
3262}
3263EXPORT_SYMBOL_GPL(iommu_device_release_dma_owner);
3264
3265/**
3266 * iommu_group_dma_owner_claimed() - Query group dma ownership status
3267 * @group: The group.
3268 *
3269 * This provides status query on a given group. It is racy and only for
3270 * non-binding status reporting.
3271 */
3272bool iommu_group_dma_owner_claimed(struct iommu_group *group)
3273{
3274 unsigned int user;
3275
3276 mutex_lock(&group->mutex);
3277 user = group->owner_cnt;
3278 mutex_unlock(&group->mutex);
3279
3280 return user;
3281}
3282EXPORT_SYMBOL_GPL(iommu_group_dma_owner_claimed);
3283
3284static int __iommu_set_group_pasid(struct iommu_domain *domain,
3285 struct iommu_group *group, ioasid_t pasid)
3286{
3287 struct group_device *device;
3288 int ret = 0;
3289
3290 list_for_each_entry(device, &group->devices, list) {
3291 ret = domain->ops->set_dev_pasid(domain, device->dev, pasid);
3292 if (ret)
3293 break;
3294 }
3295
3296 return ret;
3297}
3298
3299static void __iommu_remove_group_pasid(struct iommu_group *group,
3300 ioasid_t pasid)
3301{
3302 struct group_device *device;
3303 const struct iommu_ops *ops;
3304
3305 list_for_each_entry(device, &group->devices, list) {
3306 ops = dev_iommu_ops(device->dev);
3307 ops->remove_dev_pasid(device->dev, pasid);
3308 }
3309}
3310
3311/*
3312 * iommu_attach_device_pasid() - Attach a domain to pasid of device
3313 * @domain: the iommu domain.
3314 * @dev: the attached device.
3315 * @pasid: the pasid of the device.
3316 *
3317 * Return: 0 on success, or an error.
3318 */
3319int iommu_attach_device_pasid(struct iommu_domain *domain,
3320 struct device *dev, ioasid_t pasid)
3321{
3322 struct iommu_group *group;
3323 void *curr;
3324 int ret;
3325
3326 if (!domain->ops->set_dev_pasid)
3327 return -EOPNOTSUPP;
3328
3329 group = iommu_group_get(dev);
3330 if (!group)
3331 return -ENODEV;
3332
3333 mutex_lock(&group->mutex);
3334 curr = xa_cmpxchg(&group->pasid_array, pasid, NULL, domain, GFP_KERNEL);
3335 if (curr) {
3336 ret = xa_err(curr) ? : -EBUSY;
3337 goto out_unlock;
3338 }
3339
3340 ret = __iommu_set_group_pasid(domain, group, pasid);
3341 if (ret) {
3342 __iommu_remove_group_pasid(group, pasid);
3343 xa_erase(&group->pasid_array, pasid);
3344 }
3345out_unlock:
3346 mutex_unlock(&group->mutex);
3347 iommu_group_put(group);
3348
3349 return ret;
3350}
3351EXPORT_SYMBOL_GPL(iommu_attach_device_pasid);
3352
3353/*
3354 * iommu_detach_device_pasid() - Detach the domain from pasid of device
3355 * @domain: the iommu domain.
3356 * @dev: the attached device.
3357 * @pasid: the pasid of the device.
3358 *
3359 * The @domain must have been attached to @pasid of the @dev with
3360 * iommu_attach_device_pasid().
3361 */
3362void iommu_detach_device_pasid(struct iommu_domain *domain, struct device *dev,
3363 ioasid_t pasid)
3364{
3365 struct iommu_group *group = iommu_group_get(dev);
3366
3367 mutex_lock(&group->mutex);
3368 __iommu_remove_group_pasid(group, pasid);
3369 WARN_ON(xa_erase(&group->pasid_array, pasid) != domain);
3370 mutex_unlock(&group->mutex);
3371
3372 iommu_group_put(group);
3373}
3374EXPORT_SYMBOL_GPL(iommu_detach_device_pasid);
3375
3376/*
3377 * iommu_get_domain_for_dev_pasid() - Retrieve domain for @pasid of @dev
3378 * @dev: the queried device
3379 * @pasid: the pasid of the device
3380 * @type: matched domain type, 0 for any match
3381 *
3382 * This is a variant of iommu_get_domain_for_dev(). It returns the existing
3383 * domain attached to pasid of a device. Callers must hold a lock around this
3384 * function, and both iommu_attach/detach_dev_pasid() whenever a domain of
3385 * type is being manipulated. This API does not internally resolve races with
3386 * attach/detach.
3387 *
3388 * Return: attached domain on success, NULL otherwise.
3389 */
3390struct iommu_domain *iommu_get_domain_for_dev_pasid(struct device *dev,
3391 ioasid_t pasid,
3392 unsigned int type)
3393{
3394 struct iommu_domain *domain;
3395 struct iommu_group *group;
3396
3397 group = iommu_group_get(dev);
3398 if (!group)
3399 return NULL;
3400
3401 xa_lock(&group->pasid_array);
3402 domain = xa_load(&group->pasid_array, pasid);
3403 if (type && domain && domain->type != type)
3404 domain = ERR_PTR(-EBUSY);
3405 xa_unlock(&group->pasid_array);
3406 iommu_group_put(group);
3407
3408 return domain;
3409}
3410EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev_pasid);
3411
3412struct iommu_domain *iommu_sva_domain_alloc(struct device *dev,
3413 struct mm_struct *mm)
3414{
3415 const struct iommu_ops *ops = dev_iommu_ops(dev);
3416 struct iommu_domain *domain;
3417
3418 domain = ops->domain_alloc(IOMMU_DOMAIN_SVA);
3419 if (!domain)
3420 return NULL;
3421
3422 domain->type = IOMMU_DOMAIN_SVA;
3423 mmgrab(mm);
3424 domain->mm = mm;
3425 domain->iopf_handler = iommu_sva_handle_iopf;
3426 domain->fault_data = mm;
3427
3428 return domain;
3429}
1/*
2 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
3 * Author: Joerg Roedel <jroedel@suse.de>
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published
7 * by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18
19#define pr_fmt(fmt) "iommu: " fmt
20
21#include <linux/device.h>
22#include <linux/kernel.h>
23#include <linux/bug.h>
24#include <linux/types.h>
25#include <linux/module.h>
26#include <linux/slab.h>
27#include <linux/errno.h>
28#include <linux/iommu.h>
29#include <linux/idr.h>
30#include <linux/notifier.h>
31#include <linux/err.h>
32#include <linux/pci.h>
33#include <linux/bitops.h>
34#include <trace/events/iommu.h>
35
36static struct kset *iommu_group_kset;
37static struct ida iommu_group_ida;
38static struct mutex iommu_group_mutex;
39
40struct iommu_callback_data {
41 const struct iommu_ops *ops;
42};
43
44struct iommu_group {
45 struct kobject kobj;
46 struct kobject *devices_kobj;
47 struct list_head devices;
48 struct mutex mutex;
49 struct blocking_notifier_head notifier;
50 void *iommu_data;
51 void (*iommu_data_release)(void *iommu_data);
52 char *name;
53 int id;
54 struct iommu_domain *default_domain;
55 struct iommu_domain *domain;
56};
57
58struct iommu_device {
59 struct list_head list;
60 struct device *dev;
61 char *name;
62};
63
64struct iommu_group_attribute {
65 struct attribute attr;
66 ssize_t (*show)(struct iommu_group *group, char *buf);
67 ssize_t (*store)(struct iommu_group *group,
68 const char *buf, size_t count);
69};
70
71#define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \
72struct iommu_group_attribute iommu_group_attr_##_name = \
73 __ATTR(_name, _mode, _show, _store)
74
75#define to_iommu_group_attr(_attr) \
76 container_of(_attr, struct iommu_group_attribute, attr)
77#define to_iommu_group(_kobj) \
78 container_of(_kobj, struct iommu_group, kobj)
79
80static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
81 unsigned type);
82static int __iommu_attach_device(struct iommu_domain *domain,
83 struct device *dev);
84static int __iommu_attach_group(struct iommu_domain *domain,
85 struct iommu_group *group);
86static void __iommu_detach_group(struct iommu_domain *domain,
87 struct iommu_group *group);
88
89static ssize_t iommu_group_attr_show(struct kobject *kobj,
90 struct attribute *__attr, char *buf)
91{
92 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
93 struct iommu_group *group = to_iommu_group(kobj);
94 ssize_t ret = -EIO;
95
96 if (attr->show)
97 ret = attr->show(group, buf);
98 return ret;
99}
100
101static ssize_t iommu_group_attr_store(struct kobject *kobj,
102 struct attribute *__attr,
103 const char *buf, size_t count)
104{
105 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
106 struct iommu_group *group = to_iommu_group(kobj);
107 ssize_t ret = -EIO;
108
109 if (attr->store)
110 ret = attr->store(group, buf, count);
111 return ret;
112}
113
114static const struct sysfs_ops iommu_group_sysfs_ops = {
115 .show = iommu_group_attr_show,
116 .store = iommu_group_attr_store,
117};
118
119static int iommu_group_create_file(struct iommu_group *group,
120 struct iommu_group_attribute *attr)
121{
122 return sysfs_create_file(&group->kobj, &attr->attr);
123}
124
125static void iommu_group_remove_file(struct iommu_group *group,
126 struct iommu_group_attribute *attr)
127{
128 sysfs_remove_file(&group->kobj, &attr->attr);
129}
130
131static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf)
132{
133 return sprintf(buf, "%s\n", group->name);
134}
135
136static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL);
137
138static void iommu_group_release(struct kobject *kobj)
139{
140 struct iommu_group *group = to_iommu_group(kobj);
141
142 pr_debug("Releasing group %d\n", group->id);
143
144 if (group->iommu_data_release)
145 group->iommu_data_release(group->iommu_data);
146
147 mutex_lock(&iommu_group_mutex);
148 ida_remove(&iommu_group_ida, group->id);
149 mutex_unlock(&iommu_group_mutex);
150
151 if (group->default_domain)
152 iommu_domain_free(group->default_domain);
153
154 kfree(group->name);
155 kfree(group);
156}
157
158static struct kobj_type iommu_group_ktype = {
159 .sysfs_ops = &iommu_group_sysfs_ops,
160 .release = iommu_group_release,
161};
162
163/**
164 * iommu_group_alloc - Allocate a new group
165 * @name: Optional name to associate with group, visible in sysfs
166 *
167 * This function is called by an iommu driver to allocate a new iommu
168 * group. The iommu group represents the minimum granularity of the iommu.
169 * Upon successful return, the caller holds a reference to the supplied
170 * group in order to hold the group until devices are added. Use
171 * iommu_group_put() to release this extra reference count, allowing the
172 * group to be automatically reclaimed once it has no devices or external
173 * references.
174 */
175struct iommu_group *iommu_group_alloc(void)
176{
177 struct iommu_group *group;
178 int ret;
179
180 group = kzalloc(sizeof(*group), GFP_KERNEL);
181 if (!group)
182 return ERR_PTR(-ENOMEM);
183
184 group->kobj.kset = iommu_group_kset;
185 mutex_init(&group->mutex);
186 INIT_LIST_HEAD(&group->devices);
187 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
188
189 mutex_lock(&iommu_group_mutex);
190
191again:
192 if (unlikely(0 == ida_pre_get(&iommu_group_ida, GFP_KERNEL))) {
193 kfree(group);
194 mutex_unlock(&iommu_group_mutex);
195 return ERR_PTR(-ENOMEM);
196 }
197
198 if (-EAGAIN == ida_get_new(&iommu_group_ida, &group->id))
199 goto again;
200
201 mutex_unlock(&iommu_group_mutex);
202
203 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype,
204 NULL, "%d", group->id);
205 if (ret) {
206 mutex_lock(&iommu_group_mutex);
207 ida_remove(&iommu_group_ida, group->id);
208 mutex_unlock(&iommu_group_mutex);
209 kfree(group);
210 return ERR_PTR(ret);
211 }
212
213 group->devices_kobj = kobject_create_and_add("devices", &group->kobj);
214 if (!group->devices_kobj) {
215 kobject_put(&group->kobj); /* triggers .release & free */
216 return ERR_PTR(-ENOMEM);
217 }
218
219 /*
220 * The devices_kobj holds a reference on the group kobject, so
221 * as long as that exists so will the group. We can therefore
222 * use the devices_kobj for reference counting.
223 */
224 kobject_put(&group->kobj);
225
226 pr_debug("Allocated group %d\n", group->id);
227
228 return group;
229}
230EXPORT_SYMBOL_GPL(iommu_group_alloc);
231
232struct iommu_group *iommu_group_get_by_id(int id)
233{
234 struct kobject *group_kobj;
235 struct iommu_group *group;
236 const char *name;
237
238 if (!iommu_group_kset)
239 return NULL;
240
241 name = kasprintf(GFP_KERNEL, "%d", id);
242 if (!name)
243 return NULL;
244
245 group_kobj = kset_find_obj(iommu_group_kset, name);
246 kfree(name);
247
248 if (!group_kobj)
249 return NULL;
250
251 group = container_of(group_kobj, struct iommu_group, kobj);
252 BUG_ON(group->id != id);
253
254 kobject_get(group->devices_kobj);
255 kobject_put(&group->kobj);
256
257 return group;
258}
259EXPORT_SYMBOL_GPL(iommu_group_get_by_id);
260
261/**
262 * iommu_group_get_iommudata - retrieve iommu_data registered for a group
263 * @group: the group
264 *
265 * iommu drivers can store data in the group for use when doing iommu
266 * operations. This function provides a way to retrieve it. Caller
267 * should hold a group reference.
268 */
269void *iommu_group_get_iommudata(struct iommu_group *group)
270{
271 return group->iommu_data;
272}
273EXPORT_SYMBOL_GPL(iommu_group_get_iommudata);
274
275/**
276 * iommu_group_set_iommudata - set iommu_data for a group
277 * @group: the group
278 * @iommu_data: new data
279 * @release: release function for iommu_data
280 *
281 * iommu drivers can store data in the group for use when doing iommu
282 * operations. This function provides a way to set the data after
283 * the group has been allocated. Caller should hold a group reference.
284 */
285void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data,
286 void (*release)(void *iommu_data))
287{
288 group->iommu_data = iommu_data;
289 group->iommu_data_release = release;
290}
291EXPORT_SYMBOL_GPL(iommu_group_set_iommudata);
292
293/**
294 * iommu_group_set_name - set name for a group
295 * @group: the group
296 * @name: name
297 *
298 * Allow iommu driver to set a name for a group. When set it will
299 * appear in a name attribute file under the group in sysfs.
300 */
301int iommu_group_set_name(struct iommu_group *group, const char *name)
302{
303 int ret;
304
305 if (group->name) {
306 iommu_group_remove_file(group, &iommu_group_attr_name);
307 kfree(group->name);
308 group->name = NULL;
309 if (!name)
310 return 0;
311 }
312
313 group->name = kstrdup(name, GFP_KERNEL);
314 if (!group->name)
315 return -ENOMEM;
316
317 ret = iommu_group_create_file(group, &iommu_group_attr_name);
318 if (ret) {
319 kfree(group->name);
320 group->name = NULL;
321 return ret;
322 }
323
324 return 0;
325}
326EXPORT_SYMBOL_GPL(iommu_group_set_name);
327
328static int iommu_group_create_direct_mappings(struct iommu_group *group,
329 struct device *dev)
330{
331 struct iommu_domain *domain = group->default_domain;
332 struct iommu_dm_region *entry;
333 struct list_head mappings;
334 unsigned long pg_size;
335 int ret = 0;
336
337 if (!domain || domain->type != IOMMU_DOMAIN_DMA)
338 return 0;
339
340 BUG_ON(!domain->ops->pgsize_bitmap);
341
342 pg_size = 1UL << __ffs(domain->ops->pgsize_bitmap);
343 INIT_LIST_HEAD(&mappings);
344
345 iommu_get_dm_regions(dev, &mappings);
346
347 /* We need to consider overlapping regions for different devices */
348 list_for_each_entry(entry, &mappings, list) {
349 dma_addr_t start, end, addr;
350
351 start = ALIGN(entry->start, pg_size);
352 end = ALIGN(entry->start + entry->length, pg_size);
353
354 for (addr = start; addr < end; addr += pg_size) {
355 phys_addr_t phys_addr;
356
357 phys_addr = iommu_iova_to_phys(domain, addr);
358 if (phys_addr)
359 continue;
360
361 ret = iommu_map(domain, addr, addr, pg_size, entry->prot);
362 if (ret)
363 goto out;
364 }
365
366 }
367
368out:
369 iommu_put_dm_regions(dev, &mappings);
370
371 return ret;
372}
373
374/**
375 * iommu_group_add_device - add a device to an iommu group
376 * @group: the group into which to add the device (reference should be held)
377 * @dev: the device
378 *
379 * This function is called by an iommu driver to add a device into a
380 * group. Adding a device increments the group reference count.
381 */
382int iommu_group_add_device(struct iommu_group *group, struct device *dev)
383{
384 int ret, i = 0;
385 struct iommu_device *device;
386
387 device = kzalloc(sizeof(*device), GFP_KERNEL);
388 if (!device)
389 return -ENOMEM;
390
391 device->dev = dev;
392
393 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group");
394 if (ret) {
395 kfree(device);
396 return ret;
397 }
398
399 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj));
400rename:
401 if (!device->name) {
402 sysfs_remove_link(&dev->kobj, "iommu_group");
403 kfree(device);
404 return -ENOMEM;
405 }
406
407 ret = sysfs_create_link_nowarn(group->devices_kobj,
408 &dev->kobj, device->name);
409 if (ret) {
410 kfree(device->name);
411 if (ret == -EEXIST && i >= 0) {
412 /*
413 * Account for the slim chance of collision
414 * and append an instance to the name.
415 */
416 device->name = kasprintf(GFP_KERNEL, "%s.%d",
417 kobject_name(&dev->kobj), i++);
418 goto rename;
419 }
420
421 sysfs_remove_link(&dev->kobj, "iommu_group");
422 kfree(device);
423 return ret;
424 }
425
426 kobject_get(group->devices_kobj);
427
428 dev->iommu_group = group;
429
430 iommu_group_create_direct_mappings(group, dev);
431
432 mutex_lock(&group->mutex);
433 list_add_tail(&device->list, &group->devices);
434 if (group->domain)
435 __iommu_attach_device(group->domain, dev);
436 mutex_unlock(&group->mutex);
437
438 /* Notify any listeners about change to group. */
439 blocking_notifier_call_chain(&group->notifier,
440 IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev);
441
442 trace_add_device_to_group(group->id, dev);
443
444 pr_info("Adding device %s to group %d\n", dev_name(dev), group->id);
445
446 return 0;
447}
448EXPORT_SYMBOL_GPL(iommu_group_add_device);
449
450/**
451 * iommu_group_remove_device - remove a device from it's current group
452 * @dev: device to be removed
453 *
454 * This function is called by an iommu driver to remove the device from
455 * it's current group. This decrements the iommu group reference count.
456 */
457void iommu_group_remove_device(struct device *dev)
458{
459 struct iommu_group *group = dev->iommu_group;
460 struct iommu_device *tmp_device, *device = NULL;
461
462 pr_info("Removing device %s from group %d\n", dev_name(dev), group->id);
463
464 /* Pre-notify listeners that a device is being removed. */
465 blocking_notifier_call_chain(&group->notifier,
466 IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);
467
468 mutex_lock(&group->mutex);
469 list_for_each_entry(tmp_device, &group->devices, list) {
470 if (tmp_device->dev == dev) {
471 device = tmp_device;
472 list_del(&device->list);
473 break;
474 }
475 }
476 mutex_unlock(&group->mutex);
477
478 if (!device)
479 return;
480
481 sysfs_remove_link(group->devices_kobj, device->name);
482 sysfs_remove_link(&dev->kobj, "iommu_group");
483
484 trace_remove_device_from_group(group->id, dev);
485
486 kfree(device->name);
487 kfree(device);
488 dev->iommu_group = NULL;
489 kobject_put(group->devices_kobj);
490}
491EXPORT_SYMBOL_GPL(iommu_group_remove_device);
492
493static int iommu_group_device_count(struct iommu_group *group)
494{
495 struct iommu_device *entry;
496 int ret = 0;
497
498 list_for_each_entry(entry, &group->devices, list)
499 ret++;
500
501 return ret;
502}
503
504/**
505 * iommu_group_for_each_dev - iterate over each device in the group
506 * @group: the group
507 * @data: caller opaque data to be passed to callback function
508 * @fn: caller supplied callback function
509 *
510 * This function is called by group users to iterate over group devices.
511 * Callers should hold a reference count to the group during callback.
512 * The group->mutex is held across callbacks, which will block calls to
513 * iommu_group_add/remove_device.
514 */
515static int __iommu_group_for_each_dev(struct iommu_group *group, void *data,
516 int (*fn)(struct device *, void *))
517{
518 struct iommu_device *device;
519 int ret = 0;
520
521 list_for_each_entry(device, &group->devices, list) {
522 ret = fn(device->dev, data);
523 if (ret)
524 break;
525 }
526 return ret;
527}
528
529
530int iommu_group_for_each_dev(struct iommu_group *group, void *data,
531 int (*fn)(struct device *, void *))
532{
533 int ret;
534
535 mutex_lock(&group->mutex);
536 ret = __iommu_group_for_each_dev(group, data, fn);
537 mutex_unlock(&group->mutex);
538
539 return ret;
540}
541EXPORT_SYMBOL_GPL(iommu_group_for_each_dev);
542
543/**
544 * iommu_group_get - Return the group for a device and increment reference
545 * @dev: get the group that this device belongs to
546 *
547 * This function is called by iommu drivers and users to get the group
548 * for the specified device. If found, the group is returned and the group
549 * reference in incremented, else NULL.
550 */
551struct iommu_group *iommu_group_get(struct device *dev)
552{
553 struct iommu_group *group = dev->iommu_group;
554
555 if (group)
556 kobject_get(group->devices_kobj);
557
558 return group;
559}
560EXPORT_SYMBOL_GPL(iommu_group_get);
561
562/**
563 * iommu_group_put - Decrement group reference
564 * @group: the group to use
565 *
566 * This function is called by iommu drivers and users to release the
567 * iommu group. Once the reference count is zero, the group is released.
568 */
569void iommu_group_put(struct iommu_group *group)
570{
571 if (group)
572 kobject_put(group->devices_kobj);
573}
574EXPORT_SYMBOL_GPL(iommu_group_put);
575
576/**
577 * iommu_group_register_notifier - Register a notifier for group changes
578 * @group: the group to watch
579 * @nb: notifier block to signal
580 *
581 * This function allows iommu group users to track changes in a group.
582 * See include/linux/iommu.h for actions sent via this notifier. Caller
583 * should hold a reference to the group throughout notifier registration.
584 */
585int iommu_group_register_notifier(struct iommu_group *group,
586 struct notifier_block *nb)
587{
588 return blocking_notifier_chain_register(&group->notifier, nb);
589}
590EXPORT_SYMBOL_GPL(iommu_group_register_notifier);
591
592/**
593 * iommu_group_unregister_notifier - Unregister a notifier
594 * @group: the group to watch
595 * @nb: notifier block to signal
596 *
597 * Unregister a previously registered group notifier block.
598 */
599int iommu_group_unregister_notifier(struct iommu_group *group,
600 struct notifier_block *nb)
601{
602 return blocking_notifier_chain_unregister(&group->notifier, nb);
603}
604EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier);
605
606/**
607 * iommu_group_id - Return ID for a group
608 * @group: the group to ID
609 *
610 * Return the unique ID for the group matching the sysfs group number.
611 */
612int iommu_group_id(struct iommu_group *group)
613{
614 return group->id;
615}
616EXPORT_SYMBOL_GPL(iommu_group_id);
617
618static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
619 unsigned long *devfns);
620
621/*
622 * To consider a PCI device isolated, we require ACS to support Source
623 * Validation, Request Redirection, Completer Redirection, and Upstream
624 * Forwarding. This effectively means that devices cannot spoof their
625 * requester ID, requests and completions cannot be redirected, and all
626 * transactions are forwarded upstream, even as it passes through a
627 * bridge where the target device is downstream.
628 */
629#define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
630
631/*
632 * For multifunction devices which are not isolated from each other, find
633 * all the other non-isolated functions and look for existing groups. For
634 * each function, we also need to look for aliases to or from other devices
635 * that may already have a group.
636 */
637static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev,
638 unsigned long *devfns)
639{
640 struct pci_dev *tmp = NULL;
641 struct iommu_group *group;
642
643 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS))
644 return NULL;
645
646 for_each_pci_dev(tmp) {
647 if (tmp == pdev || tmp->bus != pdev->bus ||
648 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
649 pci_acs_enabled(tmp, REQ_ACS_FLAGS))
650 continue;
651
652 group = get_pci_alias_group(tmp, devfns);
653 if (group) {
654 pci_dev_put(tmp);
655 return group;
656 }
657 }
658
659 return NULL;
660}
661
662/*
663 * Look for aliases to or from the given device for exisiting groups. The
664 * dma_alias_devfn only supports aliases on the same bus, therefore the search
665 * space is quite small (especially since we're really only looking at pcie
666 * device, and therefore only expect multiple slots on the root complex or
667 * downstream switch ports). It's conceivable though that a pair of
668 * multifunction devices could have aliases between them that would cause a
669 * loop. To prevent this, we use a bitmap to track where we've been.
670 */
671static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
672 unsigned long *devfns)
673{
674 struct pci_dev *tmp = NULL;
675 struct iommu_group *group;
676
677 if (test_and_set_bit(pdev->devfn & 0xff, devfns))
678 return NULL;
679
680 group = iommu_group_get(&pdev->dev);
681 if (group)
682 return group;
683
684 for_each_pci_dev(tmp) {
685 if (tmp == pdev || tmp->bus != pdev->bus)
686 continue;
687
688 /* We alias them or they alias us */
689 if (((pdev->dev_flags & PCI_DEV_FLAGS_DMA_ALIAS_DEVFN) &&
690 pdev->dma_alias_devfn == tmp->devfn) ||
691 ((tmp->dev_flags & PCI_DEV_FLAGS_DMA_ALIAS_DEVFN) &&
692 tmp->dma_alias_devfn == pdev->devfn)) {
693
694 group = get_pci_alias_group(tmp, devfns);
695 if (group) {
696 pci_dev_put(tmp);
697 return group;
698 }
699
700 group = get_pci_function_alias_group(tmp, devfns);
701 if (group) {
702 pci_dev_put(tmp);
703 return group;
704 }
705 }
706 }
707
708 return NULL;
709}
710
711struct group_for_pci_data {
712 struct pci_dev *pdev;
713 struct iommu_group *group;
714};
715
716/*
717 * DMA alias iterator callback, return the last seen device. Stop and return
718 * the IOMMU group if we find one along the way.
719 */
720static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque)
721{
722 struct group_for_pci_data *data = opaque;
723
724 data->pdev = pdev;
725 data->group = iommu_group_get(&pdev->dev);
726
727 return data->group != NULL;
728}
729
730/*
731 * Generic device_group call-back function. It just allocates one
732 * iommu-group per device.
733 */
734struct iommu_group *generic_device_group(struct device *dev)
735{
736 struct iommu_group *group;
737
738 group = iommu_group_alloc();
739 if (IS_ERR(group))
740 return NULL;
741
742 return group;
743}
744
745/*
746 * Use standard PCI bus topology, isolation features, and DMA alias quirks
747 * to find or create an IOMMU group for a device.
748 */
749struct iommu_group *pci_device_group(struct device *dev)
750{
751 struct pci_dev *pdev = to_pci_dev(dev);
752 struct group_for_pci_data data;
753 struct pci_bus *bus;
754 struct iommu_group *group = NULL;
755 u64 devfns[4] = { 0 };
756
757 if (WARN_ON(!dev_is_pci(dev)))
758 return ERR_PTR(-EINVAL);
759
760 /*
761 * Find the upstream DMA alias for the device. A device must not
762 * be aliased due to topology in order to have its own IOMMU group.
763 * If we find an alias along the way that already belongs to a
764 * group, use it.
765 */
766 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data))
767 return data.group;
768
769 pdev = data.pdev;
770
771 /*
772 * Continue upstream from the point of minimum IOMMU granularity
773 * due to aliases to the point where devices are protected from
774 * peer-to-peer DMA by PCI ACS. Again, if we find an existing
775 * group, use it.
776 */
777 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) {
778 if (!bus->self)
779 continue;
780
781 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS))
782 break;
783
784 pdev = bus->self;
785
786 group = iommu_group_get(&pdev->dev);
787 if (group)
788 return group;
789 }
790
791 /*
792 * Look for existing groups on device aliases. If we alias another
793 * device or another device aliases us, use the same group.
794 */
795 group = get_pci_alias_group(pdev, (unsigned long *)devfns);
796 if (group)
797 return group;
798
799 /*
800 * Look for existing groups on non-isolated functions on the same
801 * slot and aliases of those funcions, if any. No need to clear
802 * the search bitmap, the tested devfns are still valid.
803 */
804 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns);
805 if (group)
806 return group;
807
808 /* No shared group found, allocate new */
809 group = iommu_group_alloc();
810 if (IS_ERR(group))
811 return NULL;
812
813 return group;
814}
815
816/**
817 * iommu_group_get_for_dev - Find or create the IOMMU group for a device
818 * @dev: target device
819 *
820 * This function is intended to be called by IOMMU drivers and extended to
821 * support common, bus-defined algorithms when determining or creating the
822 * IOMMU group for a device. On success, the caller will hold a reference
823 * to the returned IOMMU group, which will already include the provided
824 * device. The reference should be released with iommu_group_put().
825 */
826struct iommu_group *iommu_group_get_for_dev(struct device *dev)
827{
828 const struct iommu_ops *ops = dev->bus->iommu_ops;
829 struct iommu_group *group;
830 int ret;
831
832 group = iommu_group_get(dev);
833 if (group)
834 return group;
835
836 group = ERR_PTR(-EINVAL);
837
838 if (ops && ops->device_group)
839 group = ops->device_group(dev);
840
841 if (IS_ERR(group))
842 return group;
843
844 /*
845 * Try to allocate a default domain - needs support from the
846 * IOMMU driver.
847 */
848 if (!group->default_domain) {
849 group->default_domain = __iommu_domain_alloc(dev->bus,
850 IOMMU_DOMAIN_DMA);
851 if (!group->domain)
852 group->domain = group->default_domain;
853 }
854
855 ret = iommu_group_add_device(group, dev);
856 if (ret) {
857 iommu_group_put(group);
858 return ERR_PTR(ret);
859 }
860
861 return group;
862}
863
864struct iommu_domain *iommu_group_default_domain(struct iommu_group *group)
865{
866 return group->default_domain;
867}
868
869static int add_iommu_group(struct device *dev, void *data)
870{
871 struct iommu_callback_data *cb = data;
872 const struct iommu_ops *ops = cb->ops;
873 int ret;
874
875 if (!ops->add_device)
876 return 0;
877
878 WARN_ON(dev->iommu_group);
879
880 ret = ops->add_device(dev);
881
882 /*
883 * We ignore -ENODEV errors for now, as they just mean that the
884 * device is not translated by an IOMMU. We still care about
885 * other errors and fail to initialize when they happen.
886 */
887 if (ret == -ENODEV)
888 ret = 0;
889
890 return ret;
891}
892
893static int remove_iommu_group(struct device *dev, void *data)
894{
895 struct iommu_callback_data *cb = data;
896 const struct iommu_ops *ops = cb->ops;
897
898 if (ops->remove_device && dev->iommu_group)
899 ops->remove_device(dev);
900
901 return 0;
902}
903
904static int iommu_bus_notifier(struct notifier_block *nb,
905 unsigned long action, void *data)
906{
907 struct device *dev = data;
908 const struct iommu_ops *ops = dev->bus->iommu_ops;
909 struct iommu_group *group;
910 unsigned long group_action = 0;
911
912 /*
913 * ADD/DEL call into iommu driver ops if provided, which may
914 * result in ADD/DEL notifiers to group->notifier
915 */
916 if (action == BUS_NOTIFY_ADD_DEVICE) {
917 if (ops->add_device)
918 return ops->add_device(dev);
919 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) {
920 if (ops->remove_device && dev->iommu_group) {
921 ops->remove_device(dev);
922 return 0;
923 }
924 }
925
926 /*
927 * Remaining BUS_NOTIFYs get filtered and republished to the
928 * group, if anyone is listening
929 */
930 group = iommu_group_get(dev);
931 if (!group)
932 return 0;
933
934 switch (action) {
935 case BUS_NOTIFY_BIND_DRIVER:
936 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER;
937 break;
938 case BUS_NOTIFY_BOUND_DRIVER:
939 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER;
940 break;
941 case BUS_NOTIFY_UNBIND_DRIVER:
942 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER;
943 break;
944 case BUS_NOTIFY_UNBOUND_DRIVER:
945 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER;
946 break;
947 }
948
949 if (group_action)
950 blocking_notifier_call_chain(&group->notifier,
951 group_action, dev);
952
953 iommu_group_put(group);
954 return 0;
955}
956
957static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops)
958{
959 int err;
960 struct notifier_block *nb;
961 struct iommu_callback_data cb = {
962 .ops = ops,
963 };
964
965 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
966 if (!nb)
967 return -ENOMEM;
968
969 nb->notifier_call = iommu_bus_notifier;
970
971 err = bus_register_notifier(bus, nb);
972 if (err)
973 goto out_free;
974
975 err = bus_for_each_dev(bus, NULL, &cb, add_iommu_group);
976 if (err)
977 goto out_err;
978
979
980 return 0;
981
982out_err:
983 /* Clean up */
984 bus_for_each_dev(bus, NULL, &cb, remove_iommu_group);
985 bus_unregister_notifier(bus, nb);
986
987out_free:
988 kfree(nb);
989
990 return err;
991}
992
993/**
994 * bus_set_iommu - set iommu-callbacks for the bus
995 * @bus: bus.
996 * @ops: the callbacks provided by the iommu-driver
997 *
998 * This function is called by an iommu driver to set the iommu methods
999 * used for a particular bus. Drivers for devices on that bus can use
1000 * the iommu-api after these ops are registered.
1001 * This special function is needed because IOMMUs are usually devices on
1002 * the bus itself, so the iommu drivers are not initialized when the bus
1003 * is set up. With this function the iommu-driver can set the iommu-ops
1004 * afterwards.
1005 */
1006int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops)
1007{
1008 int err;
1009
1010 if (bus->iommu_ops != NULL)
1011 return -EBUSY;
1012
1013 bus->iommu_ops = ops;
1014
1015 /* Do IOMMU specific setup for this bus-type */
1016 err = iommu_bus_init(bus, ops);
1017 if (err)
1018 bus->iommu_ops = NULL;
1019
1020 return err;
1021}
1022EXPORT_SYMBOL_GPL(bus_set_iommu);
1023
1024bool iommu_present(struct bus_type *bus)
1025{
1026 return bus->iommu_ops != NULL;
1027}
1028EXPORT_SYMBOL_GPL(iommu_present);
1029
1030bool iommu_capable(struct bus_type *bus, enum iommu_cap cap)
1031{
1032 if (!bus->iommu_ops || !bus->iommu_ops->capable)
1033 return false;
1034
1035 return bus->iommu_ops->capable(cap);
1036}
1037EXPORT_SYMBOL_GPL(iommu_capable);
1038
1039/**
1040 * iommu_set_fault_handler() - set a fault handler for an iommu domain
1041 * @domain: iommu domain
1042 * @handler: fault handler
1043 * @token: user data, will be passed back to the fault handler
1044 *
1045 * This function should be used by IOMMU users which want to be notified
1046 * whenever an IOMMU fault happens.
1047 *
1048 * The fault handler itself should return 0 on success, and an appropriate
1049 * error code otherwise.
1050 */
1051void iommu_set_fault_handler(struct iommu_domain *domain,
1052 iommu_fault_handler_t handler,
1053 void *token)
1054{
1055 BUG_ON(!domain);
1056
1057 domain->handler = handler;
1058 domain->handler_token = token;
1059}
1060EXPORT_SYMBOL_GPL(iommu_set_fault_handler);
1061
1062static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
1063 unsigned type)
1064{
1065 struct iommu_domain *domain;
1066
1067 if (bus == NULL || bus->iommu_ops == NULL)
1068 return NULL;
1069
1070 domain = bus->iommu_ops->domain_alloc(type);
1071 if (!domain)
1072 return NULL;
1073
1074 domain->ops = bus->iommu_ops;
1075 domain->type = type;
1076
1077 return domain;
1078}
1079
1080struct iommu_domain *iommu_domain_alloc(struct bus_type *bus)
1081{
1082 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED);
1083}
1084EXPORT_SYMBOL_GPL(iommu_domain_alloc);
1085
1086void iommu_domain_free(struct iommu_domain *domain)
1087{
1088 domain->ops->domain_free(domain);
1089}
1090EXPORT_SYMBOL_GPL(iommu_domain_free);
1091
1092static int __iommu_attach_device(struct iommu_domain *domain,
1093 struct device *dev)
1094{
1095 int ret;
1096 if (unlikely(domain->ops->attach_dev == NULL))
1097 return -ENODEV;
1098
1099 ret = domain->ops->attach_dev(domain, dev);
1100 if (!ret)
1101 trace_attach_device_to_domain(dev);
1102 return ret;
1103}
1104
1105int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
1106{
1107 struct iommu_group *group;
1108 int ret;
1109
1110 group = iommu_group_get(dev);
1111 /* FIXME: Remove this when groups a mandatory for iommu drivers */
1112 if (group == NULL)
1113 return __iommu_attach_device(domain, dev);
1114
1115 /*
1116 * We have a group - lock it to make sure the device-count doesn't
1117 * change while we are attaching
1118 */
1119 mutex_lock(&group->mutex);
1120 ret = -EINVAL;
1121 if (iommu_group_device_count(group) != 1)
1122 goto out_unlock;
1123
1124 ret = __iommu_attach_group(domain, group);
1125
1126out_unlock:
1127 mutex_unlock(&group->mutex);
1128 iommu_group_put(group);
1129
1130 return ret;
1131}
1132EXPORT_SYMBOL_GPL(iommu_attach_device);
1133
1134static void __iommu_detach_device(struct iommu_domain *domain,
1135 struct device *dev)
1136{
1137 if (unlikely(domain->ops->detach_dev == NULL))
1138 return;
1139
1140 domain->ops->detach_dev(domain, dev);
1141 trace_detach_device_from_domain(dev);
1142}
1143
1144void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
1145{
1146 struct iommu_group *group;
1147
1148 group = iommu_group_get(dev);
1149 /* FIXME: Remove this when groups a mandatory for iommu drivers */
1150 if (group == NULL)
1151 return __iommu_detach_device(domain, dev);
1152
1153 mutex_lock(&group->mutex);
1154 if (iommu_group_device_count(group) != 1) {
1155 WARN_ON(1);
1156 goto out_unlock;
1157 }
1158
1159 __iommu_detach_group(domain, group);
1160
1161out_unlock:
1162 mutex_unlock(&group->mutex);
1163 iommu_group_put(group);
1164}
1165EXPORT_SYMBOL_GPL(iommu_detach_device);
1166
1167struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
1168{
1169 struct iommu_domain *domain;
1170 struct iommu_group *group;
1171
1172 group = iommu_group_get(dev);
1173 /* FIXME: Remove this when groups a mandatory for iommu drivers */
1174 if (group == NULL)
1175 return NULL;
1176
1177 domain = group->domain;
1178
1179 iommu_group_put(group);
1180
1181 return domain;
1182}
1183EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev);
1184
1185/*
1186 * IOMMU groups are really the natrual working unit of the IOMMU, but
1187 * the IOMMU API works on domains and devices. Bridge that gap by
1188 * iterating over the devices in a group. Ideally we'd have a single
1189 * device which represents the requestor ID of the group, but we also
1190 * allow IOMMU drivers to create policy defined minimum sets, where
1191 * the physical hardware may be able to distiguish members, but we
1192 * wish to group them at a higher level (ex. untrusted multi-function
1193 * PCI devices). Thus we attach each device.
1194 */
1195static int iommu_group_do_attach_device(struct device *dev, void *data)
1196{
1197 struct iommu_domain *domain = data;
1198
1199 return __iommu_attach_device(domain, dev);
1200}
1201
1202static int __iommu_attach_group(struct iommu_domain *domain,
1203 struct iommu_group *group)
1204{
1205 int ret;
1206
1207 if (group->default_domain && group->domain != group->default_domain)
1208 return -EBUSY;
1209
1210 ret = __iommu_group_for_each_dev(group, domain,
1211 iommu_group_do_attach_device);
1212 if (ret == 0)
1213 group->domain = domain;
1214
1215 return ret;
1216}
1217
1218int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
1219{
1220 int ret;
1221
1222 mutex_lock(&group->mutex);
1223 ret = __iommu_attach_group(domain, group);
1224 mutex_unlock(&group->mutex);
1225
1226 return ret;
1227}
1228EXPORT_SYMBOL_GPL(iommu_attach_group);
1229
1230static int iommu_group_do_detach_device(struct device *dev, void *data)
1231{
1232 struct iommu_domain *domain = data;
1233
1234 __iommu_detach_device(domain, dev);
1235
1236 return 0;
1237}
1238
1239static void __iommu_detach_group(struct iommu_domain *domain,
1240 struct iommu_group *group)
1241{
1242 int ret;
1243
1244 if (!group->default_domain) {
1245 __iommu_group_for_each_dev(group, domain,
1246 iommu_group_do_detach_device);
1247 group->domain = NULL;
1248 return;
1249 }
1250
1251 if (group->domain == group->default_domain)
1252 return;
1253
1254 /* Detach by re-attaching to the default domain */
1255 ret = __iommu_group_for_each_dev(group, group->default_domain,
1256 iommu_group_do_attach_device);
1257 if (ret != 0)
1258 WARN_ON(1);
1259 else
1260 group->domain = group->default_domain;
1261}
1262
1263void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group)
1264{
1265 mutex_lock(&group->mutex);
1266 __iommu_detach_group(domain, group);
1267 mutex_unlock(&group->mutex);
1268}
1269EXPORT_SYMBOL_GPL(iommu_detach_group);
1270
1271phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
1272{
1273 if (unlikely(domain->ops->iova_to_phys == NULL))
1274 return 0;
1275
1276 return domain->ops->iova_to_phys(domain, iova);
1277}
1278EXPORT_SYMBOL_GPL(iommu_iova_to_phys);
1279
1280static size_t iommu_pgsize(struct iommu_domain *domain,
1281 unsigned long addr_merge, size_t size)
1282{
1283 unsigned int pgsize_idx;
1284 size_t pgsize;
1285
1286 /* Max page size that still fits into 'size' */
1287 pgsize_idx = __fls(size);
1288
1289 /* need to consider alignment requirements ? */
1290 if (likely(addr_merge)) {
1291 /* Max page size allowed by address */
1292 unsigned int align_pgsize_idx = __ffs(addr_merge);
1293 pgsize_idx = min(pgsize_idx, align_pgsize_idx);
1294 }
1295
1296 /* build a mask of acceptable page sizes */
1297 pgsize = (1UL << (pgsize_idx + 1)) - 1;
1298
1299 /* throw away page sizes not supported by the hardware */
1300 pgsize &= domain->ops->pgsize_bitmap;
1301
1302 /* make sure we're still sane */
1303 BUG_ON(!pgsize);
1304
1305 /* pick the biggest page */
1306 pgsize_idx = __fls(pgsize);
1307 pgsize = 1UL << pgsize_idx;
1308
1309 return pgsize;
1310}
1311
1312int iommu_map(struct iommu_domain *domain, unsigned long iova,
1313 phys_addr_t paddr, size_t size, int prot)
1314{
1315 unsigned long orig_iova = iova;
1316 unsigned int min_pagesz;
1317 size_t orig_size = size;
1318 phys_addr_t orig_paddr = paddr;
1319 int ret = 0;
1320
1321 if (unlikely(domain->ops->map == NULL ||
1322 domain->ops->pgsize_bitmap == 0UL))
1323 return -ENODEV;
1324
1325 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
1326 return -EINVAL;
1327
1328 /* find out the minimum page size supported */
1329 min_pagesz = 1 << __ffs(domain->ops->pgsize_bitmap);
1330
1331 /*
1332 * both the virtual address and the physical one, as well as
1333 * the size of the mapping, must be aligned (at least) to the
1334 * size of the smallest page supported by the hardware
1335 */
1336 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) {
1337 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n",
1338 iova, &paddr, size, min_pagesz);
1339 return -EINVAL;
1340 }
1341
1342 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size);
1343
1344 while (size) {
1345 size_t pgsize = iommu_pgsize(domain, iova | paddr, size);
1346
1347 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx\n",
1348 iova, &paddr, pgsize);
1349
1350 ret = domain->ops->map(domain, iova, paddr, pgsize, prot);
1351 if (ret)
1352 break;
1353
1354 iova += pgsize;
1355 paddr += pgsize;
1356 size -= pgsize;
1357 }
1358
1359 /* unroll mapping in case something went wrong */
1360 if (ret)
1361 iommu_unmap(domain, orig_iova, orig_size - size);
1362 else
1363 trace_map(orig_iova, orig_paddr, orig_size);
1364
1365 return ret;
1366}
1367EXPORT_SYMBOL_GPL(iommu_map);
1368
1369size_t iommu_unmap(struct iommu_domain *domain, unsigned long iova, size_t size)
1370{
1371 size_t unmapped_page, unmapped = 0;
1372 unsigned int min_pagesz;
1373 unsigned long orig_iova = iova;
1374
1375 if (unlikely(domain->ops->unmap == NULL ||
1376 domain->ops->pgsize_bitmap == 0UL))
1377 return -ENODEV;
1378
1379 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
1380 return -EINVAL;
1381
1382 /* find out the minimum page size supported */
1383 min_pagesz = 1 << __ffs(domain->ops->pgsize_bitmap);
1384
1385 /*
1386 * The virtual address, as well as the size of the mapping, must be
1387 * aligned (at least) to the size of the smallest page supported
1388 * by the hardware
1389 */
1390 if (!IS_ALIGNED(iova | size, min_pagesz)) {
1391 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n",
1392 iova, size, min_pagesz);
1393 return -EINVAL;
1394 }
1395
1396 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size);
1397
1398 /*
1399 * Keep iterating until we either unmap 'size' bytes (or more)
1400 * or we hit an area that isn't mapped.
1401 */
1402 while (unmapped < size) {
1403 size_t pgsize = iommu_pgsize(domain, iova, size - unmapped);
1404
1405 unmapped_page = domain->ops->unmap(domain, iova, pgsize);
1406 if (!unmapped_page)
1407 break;
1408
1409 pr_debug("unmapped: iova 0x%lx size 0x%zx\n",
1410 iova, unmapped_page);
1411
1412 iova += unmapped_page;
1413 unmapped += unmapped_page;
1414 }
1415
1416 trace_unmap(orig_iova, size, unmapped);
1417 return unmapped;
1418}
1419EXPORT_SYMBOL_GPL(iommu_unmap);
1420
1421size_t default_iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
1422 struct scatterlist *sg, unsigned int nents, int prot)
1423{
1424 struct scatterlist *s;
1425 size_t mapped = 0;
1426 unsigned int i, min_pagesz;
1427 int ret;
1428
1429 if (unlikely(domain->ops->pgsize_bitmap == 0UL))
1430 return 0;
1431
1432 min_pagesz = 1 << __ffs(domain->ops->pgsize_bitmap);
1433
1434 for_each_sg(sg, s, nents, i) {
1435 phys_addr_t phys = page_to_phys(sg_page(s)) + s->offset;
1436
1437 /*
1438 * We are mapping on IOMMU page boundaries, so offset within
1439 * the page must be 0. However, the IOMMU may support pages
1440 * smaller than PAGE_SIZE, so s->offset may still represent
1441 * an offset of that boundary within the CPU page.
1442 */
1443 if (!IS_ALIGNED(s->offset, min_pagesz))
1444 goto out_err;
1445
1446 ret = iommu_map(domain, iova + mapped, phys, s->length, prot);
1447 if (ret)
1448 goto out_err;
1449
1450 mapped += s->length;
1451 }
1452
1453 return mapped;
1454
1455out_err:
1456 /* undo mappings already done */
1457 iommu_unmap(domain, iova, mapped);
1458
1459 return 0;
1460
1461}
1462EXPORT_SYMBOL_GPL(default_iommu_map_sg);
1463
1464int iommu_domain_window_enable(struct iommu_domain *domain, u32 wnd_nr,
1465 phys_addr_t paddr, u64 size, int prot)
1466{
1467 if (unlikely(domain->ops->domain_window_enable == NULL))
1468 return -ENODEV;
1469
1470 return domain->ops->domain_window_enable(domain, wnd_nr, paddr, size,
1471 prot);
1472}
1473EXPORT_SYMBOL_GPL(iommu_domain_window_enable);
1474
1475void iommu_domain_window_disable(struct iommu_domain *domain, u32 wnd_nr)
1476{
1477 if (unlikely(domain->ops->domain_window_disable == NULL))
1478 return;
1479
1480 return domain->ops->domain_window_disable(domain, wnd_nr);
1481}
1482EXPORT_SYMBOL_GPL(iommu_domain_window_disable);
1483
1484static int __init iommu_init(void)
1485{
1486 iommu_group_kset = kset_create_and_add("iommu_groups",
1487 NULL, kernel_kobj);
1488 ida_init(&iommu_group_ida);
1489 mutex_init(&iommu_group_mutex);
1490
1491 BUG_ON(!iommu_group_kset);
1492
1493 return 0;
1494}
1495core_initcall(iommu_init);
1496
1497int iommu_domain_get_attr(struct iommu_domain *domain,
1498 enum iommu_attr attr, void *data)
1499{
1500 struct iommu_domain_geometry *geometry;
1501 bool *paging;
1502 int ret = 0;
1503 u32 *count;
1504
1505 switch (attr) {
1506 case DOMAIN_ATTR_GEOMETRY:
1507 geometry = data;
1508 *geometry = domain->geometry;
1509
1510 break;
1511 case DOMAIN_ATTR_PAGING:
1512 paging = data;
1513 *paging = (domain->ops->pgsize_bitmap != 0UL);
1514 break;
1515 case DOMAIN_ATTR_WINDOWS:
1516 count = data;
1517
1518 if (domain->ops->domain_get_windows != NULL)
1519 *count = domain->ops->domain_get_windows(domain);
1520 else
1521 ret = -ENODEV;
1522
1523 break;
1524 default:
1525 if (!domain->ops->domain_get_attr)
1526 return -EINVAL;
1527
1528 ret = domain->ops->domain_get_attr(domain, attr, data);
1529 }
1530
1531 return ret;
1532}
1533EXPORT_SYMBOL_GPL(iommu_domain_get_attr);
1534
1535int iommu_domain_set_attr(struct iommu_domain *domain,
1536 enum iommu_attr attr, void *data)
1537{
1538 int ret = 0;
1539 u32 *count;
1540
1541 switch (attr) {
1542 case DOMAIN_ATTR_WINDOWS:
1543 count = data;
1544
1545 if (domain->ops->domain_set_windows != NULL)
1546 ret = domain->ops->domain_set_windows(domain, *count);
1547 else
1548 ret = -ENODEV;
1549
1550 break;
1551 default:
1552 if (domain->ops->domain_set_attr == NULL)
1553 return -EINVAL;
1554
1555 ret = domain->ops->domain_set_attr(domain, attr, data);
1556 }
1557
1558 return ret;
1559}
1560EXPORT_SYMBOL_GPL(iommu_domain_set_attr);
1561
1562void iommu_get_dm_regions(struct device *dev, struct list_head *list)
1563{
1564 const struct iommu_ops *ops = dev->bus->iommu_ops;
1565
1566 if (ops && ops->get_dm_regions)
1567 ops->get_dm_regions(dev, list);
1568}
1569
1570void iommu_put_dm_regions(struct device *dev, struct list_head *list)
1571{
1572 const struct iommu_ops *ops = dev->bus->iommu_ops;
1573
1574 if (ops && ops->put_dm_regions)
1575 ops->put_dm_regions(dev, list);
1576}
1577
1578/* Request that a device is direct mapped by the IOMMU */
1579int iommu_request_dm_for_dev(struct device *dev)
1580{
1581 struct iommu_domain *dm_domain;
1582 struct iommu_group *group;
1583 int ret;
1584
1585 /* Device must already be in a group before calling this function */
1586 group = iommu_group_get_for_dev(dev);
1587 if (IS_ERR(group))
1588 return PTR_ERR(group);
1589
1590 mutex_lock(&group->mutex);
1591
1592 /* Check if the default domain is already direct mapped */
1593 ret = 0;
1594 if (group->default_domain &&
1595 group->default_domain->type == IOMMU_DOMAIN_IDENTITY)
1596 goto out;
1597
1598 /* Don't change mappings of existing devices */
1599 ret = -EBUSY;
1600 if (iommu_group_device_count(group) != 1)
1601 goto out;
1602
1603 /* Allocate a direct mapped domain */
1604 ret = -ENOMEM;
1605 dm_domain = __iommu_domain_alloc(dev->bus, IOMMU_DOMAIN_IDENTITY);
1606 if (!dm_domain)
1607 goto out;
1608
1609 /* Attach the device to the domain */
1610 ret = __iommu_attach_group(dm_domain, group);
1611 if (ret) {
1612 iommu_domain_free(dm_domain);
1613 goto out;
1614 }
1615
1616 /* Make the direct mapped domain the default for this group */
1617 if (group->default_domain)
1618 iommu_domain_free(group->default_domain);
1619 group->default_domain = dm_domain;
1620
1621 pr_info("Using direct mapping for device %s\n", dev_name(dev));
1622
1623 ret = 0;
1624out:
1625 mutex_unlock(&group->mutex);
1626 iommu_group_put(group);
1627
1628 return ret;
1629}