1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
4 * Author: Joerg Roedel <jroedel@suse.de>
5 */
6
7 #define pr_fmt(fmt) "iommu: " fmt
8
9 #include <linux/device.h>
10 #include <linux/kernel.h>
11 #include <linux/bits.h>
12 #include <linux/bug.h>
13 #include <linux/types.h>
14 #include <linux/init.h>
15 #include <linux/export.h>
16 #include <linux/slab.h>
17 #include <linux/errno.h>
18 #include <linux/iommu.h>
19 #include <linux/idr.h>
20 #include <linux/notifier.h>
21 #include <linux/err.h>
22 #include <linux/pci.h>
23 #include <linux/bitops.h>
24 #include <linux/property.h>
25 #include <linux/fsl/mc.h>
26 #include <linux/module.h>
27 #include <trace/events/iommu.h>
28
29 static struct kset *iommu_group_kset;
30 static DEFINE_IDA(iommu_group_ida);
31
32 static unsigned int iommu_def_domain_type __read_mostly;
33 static bool iommu_dma_strict __read_mostly = true;
34 static u32 iommu_cmd_line __read_mostly;
35
36 struct iommu_group {
37 struct kobject kobj;
38 struct kobject *devices_kobj;
39 struct list_head devices;
40 struct mutex mutex;
41 struct blocking_notifier_head notifier;
42 void *iommu_data;
43 void (*iommu_data_release)(void *iommu_data);
44 char *name;
45 int id;
46 struct iommu_domain *default_domain;
47 struct iommu_domain *domain;
48 struct list_head entry;
49 };
50
51 struct group_device {
52 struct list_head list;
53 struct device *dev;
54 char *name;
55 };
56
57 struct iommu_group_attribute {
58 struct attribute attr;
59 ssize_t (*show)(struct iommu_group *group, char *buf);
60 ssize_t (*store)(struct iommu_group *group, const char *buf, size_t count);
61 };
62
63 static const char *const iommu_group_resv_type_string[] = {
64 [IOMMU_RESV_DIRECT] = "direct", [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable",
65 [IOMMU_RESV_RESERVED] = "reserved", [IOMMU_RESV_MSI] = "msi",
66 [IOMMU_RESV_SW_MSI] = "msi",
67 };
68
69 #define IOMMU_CMD_LINE_DMA_API BIT(0)
70
iommu_set_cmd_line_dma_api(void)71 static void iommu_set_cmd_line_dma_api(void)
72 {
73 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
74 }
75
iommu_cmd_line_dma_api(void)76 static bool iommu_cmd_line_dma_api(void)
77 {
78 return !!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API);
79 }
80
81 static int iommu_alloc_default_domain(struct iommu_group *group, struct device *dev);
82 static struct iommu_domain *iommu_domain_alloc_ext(struct bus_type *bus, unsigned type);
83 static int iommu_attach_device_ext(struct iommu_domain *domain, struct device *dev);
84 static int iommu_attach_group_ext(struct iommu_domain *domain, struct iommu_group *group);
85 static void iommu_detach_group_ext(struct iommu_domain *domain, struct iommu_group *group);
86 static int iommu_create_device_direct_mappings(struct iommu_group *group, struct device *dev);
87 static struct iommu_group *iommu_group_get_for_dev(struct device *dev);
88
89 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \
90 struct iommu_group_attribute iommu_group_attr_##_name = __ATTR(_name, _mode, _show, _store)
91
92 #define to_iommu_group_attr(_attr) container_of(_attr, struct iommu_group_attribute, attr)
93 #define to_iommu_group(_kobj) container_of(_kobj, struct iommu_group, kobj)
94
95 static LIST_HEAD(iommu_device_list);
96 static DEFINE_SPINLOCK(iommu_device_lock);
97
98 /*
99 * Use a function instead of an array here because the domain-type is a
100 * bit-field, so an array would waste memory.
101 */
iommu_domain_type_str(unsigned int t)102 static const char *iommu_domain_type_str(unsigned int t)
103 {
104 switch (t) {
105 case IOMMU_DOMAIN_BLOCKED:
106 return "Blocked";
107 case IOMMU_DOMAIN_IDENTITY:
108 return "Passthrough";
109 case IOMMU_DOMAIN_UNMANAGED:
110 return "Unmanaged";
111 case IOMMU_DOMAIN_DMA:
112 return "Translated";
113 default:
114 return "Unknown";
115 }
116 }
117
iommu_subsys_init(void)118 static int __init iommu_subsys_init(void)
119 {
120 bool cmd_line = iommu_cmd_line_dma_api();
121
122 if (!cmd_line) {
123 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH)) {
124 iommu_set_default_passthrough(false);
125 } else {
126 iommu_set_default_translated(false);
127 }
128
129 if (iommu_default_passthrough() && mem_encrypt_active()) {
130 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n");
131 iommu_set_default_translated(false);
132 }
133 }
134
135 pr_info("Default domain type: %s %s\n", iommu_domain_type_str(iommu_def_domain_type),
136 cmd_line ? "(set via kernel command line)" : "");
137
138 return 0;
139 }
140 subsys_initcall(iommu_subsys_init);
141
iommu_device_register(struct iommu_device *iommu)142 int iommu_device_register(struct iommu_device *iommu)
143 {
144 spin_lock(&iommu_device_lock);
145 list_add_tail(&iommu->list, &iommu_device_list);
146 spin_unlock(&iommu_device_lock);
147 return 0;
148 }
149 EXPORT_SYMBOL_GPL(iommu_device_register);
150
iommu_device_unregister(struct iommu_device *iommu)151 void iommu_device_unregister(struct iommu_device *iommu)
152 {
153 spin_lock(&iommu_device_lock);
154 list_del(&iommu->list);
155 spin_unlock(&iommu_device_lock);
156 }
157 EXPORT_SYMBOL_GPL(iommu_device_unregister);
158
dev_iommu_get(struct device *dev)159 static struct dev_iommu *dev_iommu_get(struct device *dev)
160 {
161 struct dev_iommu *param = dev->iommu;
162
163 if (param) {
164 return param;
165 }
166
167 param = kzalloc(sizeof(*param), GFP_KERNEL);
168 if (!param) {
169 return NULL;
170 }
171
172 mutex_init(¶m->lock);
173 dev->iommu = param;
174 return param;
175 }
176
dev_iommu_free(struct device *dev)177 static void dev_iommu_free(struct device *dev)
178 {
179 struct dev_iommu *param = dev->iommu;
180
181 dev->iommu = NULL;
182 if (param->fwspec) {
183 fwnode_handle_put(param->fwspec->iommu_fwnode);
184 kfree(param->fwspec);
185 }
186 kfree(param);
187 }
188
iommu_probe_device_ext(struct device *dev, struct list_head *group_list)189 static int iommu_probe_device_ext(struct device *dev, struct list_head *group_list)
190 {
191 const struct iommu_ops *ops = dev->bus->iommu_ops;
192 struct iommu_device *iommu_dev;
193 struct iommu_group *group;
194 int ret;
195
196 if (!ops) {
197 return -ENODEV;
198 }
199
200 if (!dev_iommu_get(dev)) {
201 return -ENOMEM;
202 }
203
204 if (!try_module_get(ops->owner)) {
205 ret = -EINVAL;
206 goto err_free;
207 }
208
209 iommu_dev = ops->probe_device(dev);
210 if (IS_ERR(iommu_dev)) {
211 ret = PTR_ERR(iommu_dev);
212 goto out_module_put;
213 }
214
215 dev->iommu->iommu_dev = iommu_dev;
216
217 group = iommu_group_get_for_dev(dev);
218 if (IS_ERR(group)) {
219 ret = PTR_ERR(group);
220 goto out_release;
221 }
222 iommu_group_put(group);
223
224 if (group_list && !group->default_domain && list_empty(&group->entry)) {
225 list_add_tail(&group->entry, group_list);
226 }
227
228 iommu_device_link(iommu_dev, dev);
229
230 return 0;
231
232 out_release:
233 ops->release_device(dev);
234
235 out_module_put:
236 module_put(ops->owner);
237
238 err_free:
239 dev_iommu_free(dev);
240
241 return ret;
242 }
243
iommu_probe_device(struct device *dev)244 int iommu_probe_device(struct device *dev)
245 {
246 const struct iommu_ops *ops = dev->bus->iommu_ops;
247 struct iommu_group *group;
248 int ret;
249
250 ret = iommu_probe_device_ext(dev, NULL);
251 if (ret) {
252 goto err_out;
253 }
254
255 group = iommu_group_get(dev);
256 if (!group) {
257 goto err_release;
258 }
259
260 /*
261 * Try to allocate a default domain - needs support from the
262 * IOMMU driver. There are still some drivers which don't
263 * support default domains, so the return value is not yet
264 * checked.
265 */
266 iommu_alloc_default_domain(group, dev);
267
268 if (group->default_domain) {
269 ret = iommu_attach_device_ext(group->default_domain, dev);
270 if (ret) {
271 iommu_group_put(group);
272 goto err_release;
273 }
274 }
275
276 iommu_create_device_direct_mappings(group, dev);
277
278 iommu_group_put(group);
279
280 if (ops->probe_finalize) {
281 ops->probe_finalize(dev);
282 }
283
284 return 0;
285
286 err_release:
287 iommu_release_device(dev);
288
289 err_out:
290 return ret;
291 }
292
iommu_release_device(struct device *dev)293 void iommu_release_device(struct device *dev)
294 {
295 const struct iommu_ops *ops = dev->bus->iommu_ops;
296
297 if (!dev->iommu) {
298 return;
299 }
300
301 iommu_device_unlink(dev->iommu->iommu_dev, dev);
302
303 ops->release_device(dev);
304
305 iommu_group_remove_device(dev);
306 module_put(ops->owner);
307 dev_iommu_free(dev);
308 }
309
iommu_set_def_domain_type(char *str)310 static int __init iommu_set_def_domain_type(char *str)
311 {
312 bool pt;
313 int ret;
314
315 ret = kstrtobool(str, &pt);
316 if (ret) {
317 return ret;
318 }
319
320 if (pt) {
321 iommu_set_default_passthrough(true);
322 } else {
323 iommu_set_default_translated(true);
324 }
325
326 return 0;
327 }
328 early_param("iommu.passthrough", iommu_set_def_domain_type);
329
iommu_dma_setup(char *str)330 static int __init iommu_dma_setup(char *str)
331 {
332 return kstrtobool(str, &iommu_dma_strict);
333 }
334 early_param("iommu.strict", iommu_dma_setup);
335
iommu_group_attr_show(struct kobject *kobj, struct attribute *__attr, char *buf)336 static ssize_t iommu_group_attr_show(struct kobject *kobj, struct attribute *__attr, char *buf)
337 {
338 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
339 struct iommu_group *group = to_iommu_group(kobj);
340 ssize_t ret = -EIO;
341
342 if (attr->show) {
343 ret = attr->show(group, buf);
344 }
345 return ret;
346 }
347
iommu_group_attr_store(struct kobject *kobj, struct attribute *__attr, const char *buf, size_t count)348 static ssize_t iommu_group_attr_store(struct kobject *kobj, struct attribute *__attr, const char *buf, size_t count)
349 {
350 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
351 struct iommu_group *group = to_iommu_group(kobj);
352 ssize_t ret = -EIO;
353
354 if (attr->store) {
355 ret = attr->store(group, buf, count);
356 }
357 return ret;
358 }
359
360 static const struct sysfs_ops iommu_group_sysfs_ops = {
361 .show = iommu_group_attr_show,
362 .store = iommu_group_attr_store,
363 };
364
iommu_group_create_file(struct iommu_group *group, struct iommu_group_attribute *attr)365 static int iommu_group_create_file(struct iommu_group *group, struct iommu_group_attribute *attr)
366 {
367 return sysfs_create_file(&group->kobj, &attr->attr);
368 }
369
iommu_group_remove_file(struct iommu_group *group, struct iommu_group_attribute *attr)370 static void iommu_group_remove_file(struct iommu_group *group, struct iommu_group_attribute *attr)
371 {
372 sysfs_remove_file(&group->kobj, &attr->attr);
373 }
374
iommu_group_show_name(struct iommu_group *group, char *buf)375 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf)
376 {
377 return sprintf(buf, "%s\n", group->name);
378 }
379
380 /**
381 * iommu_insert_resv_region - Insert a new region in the
382 * list of reserved regions.
383 * @new: new region to insert
384 * @regions: list of regions
385 *
386 * Elements are sorted by start address and overlapping segments
387 * of the same type are merged.
388 */
iommu_insert_resv_region(struct iommu_resv_region *new, struct list_head *regions)389 static int iommu_insert_resv_region(struct iommu_resv_region *new, struct list_head *regions)
390 {
391 struct iommu_resv_region *iter, *tmp, *nr, *top;
392 LIST_HEAD(stack);
393
394 nr = iommu_alloc_resv_region(new->start, new->length, new->prot, new->type);
395 if (!nr) {
396 return -ENOMEM;
397 }
398
399 /* First add the new element based on start address sorting */
400 list_for_each_entry(iter, regions, list)
401 {
402 if (nr->start < iter->start || (nr->start == iter->start && nr->type <= iter->type)) {
403 break;
404 }
405 }
406 list_add_tail(&nr->list, &iter->list);
407
408 /* Merge overlapping segments of type nr->type in @regions, if any */
409 list_for_each_entry_safe(iter, tmp, regions, list)
410 {
411 phys_addr_t top_end, iter_end = iter->start + iter->length - 1;
412
413 /* no merge needed on elements of different types than @new */
414 if (iter->type != new->type) {
415 list_move_tail(&iter->list, &stack);
416 continue;
417 }
418
419 /* look for the last stack element of same type as @iter */
420 list_for_each_entry_reverse(top, &stack, list) if (top->type == iter->type) goto check_overlap;
421
422 list_move_tail(&iter->list, &stack);
423 continue;
424
425 check_overlap:
426 top_end = top->start + top->length - 1;
427
428 if (iter->start > top_end + 1) {
429 list_move_tail(&iter->list, &stack);
430 } else {
431 top->length = max(top_end, iter_end) - top->start + 1;
432 list_del(&iter->list);
433 kfree(iter);
434 }
435 }
436 list_splice(&stack, regions);
437 return 0;
438 }
439
iommu_insert_device_resv_regions(struct list_head *dev_resv_regions, struct list_head *group_resv_regions)440 static int iommu_insert_device_resv_regions(struct list_head *dev_resv_regions, struct list_head *group_resv_regions)
441 {
442 struct iommu_resv_region *entry;
443 int ret = 0;
444
445 list_for_each_entry(entry, dev_resv_regions, list)
446 {
447 ret = iommu_insert_resv_region(entry, group_resv_regions);
448 if (ret) {
449 break;
450 }
451 }
452 return ret;
453 }
454
iommu_get_group_resv_regions(struct iommu_group *group, struct list_head *head)455 int iommu_get_group_resv_regions(struct iommu_group *group, struct list_head *head)
456 {
457 struct group_device *device;
458 int ret = 0;
459
460 mutex_lock(&group->mutex);
461 list_for_each_entry(device, &group->devices, list)
462 {
463 struct list_head dev_resv_regions;
464
465 INIT_LIST_HEAD(&dev_resv_regions);
466 iommu_get_resv_regions(device->dev, &dev_resv_regions);
467 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head);
468 iommu_put_resv_regions(device->dev, &dev_resv_regions);
469 if (ret) {
470 break;
471 }
472 }
473 mutex_unlock(&group->mutex);
474 return ret;
475 }
476 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions);
477
iommu_group_show_resv_regions(struct iommu_group *group, char *buf)478 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group, char *buf)
479 {
480 struct iommu_resv_region *region, *next;
481 struct list_head group_resv_regions;
482 char *str = buf;
483
484 INIT_LIST_HEAD(&group_resv_regions);
485 iommu_get_group_resv_regions(group, &group_resv_regions);
486
487 list_for_each_entry_safe(region, next, &group_resv_regions, list)
488 {
489 str += sprintf(str, "0x%016llx 0x%016llx %s\n", (long long int)region->start,
490 (long long int)(region->start + region->length - 1), iommu_group_resv_type_string[region->type]);
491 kfree(region);
492 }
493
494 return (str - buf);
495 }
496
iommu_group_show_type(struct iommu_group *group, char *buf)497 static ssize_t iommu_group_show_type(struct iommu_group *group, char *buf)
498 {
499 char *type = "unknown\n";
500
501 if (group->default_domain) {
502 switch (group->default_domain->type) {
503 case IOMMU_DOMAIN_BLOCKED:
504 type = "blocked\n";
505 break;
506 case IOMMU_DOMAIN_IDENTITY:
507 type = "identity\n";
508 break;
509 case IOMMU_DOMAIN_UNMANAGED:
510 type = "unmanaged\n";
511 break;
512 case IOMMU_DOMAIN_DMA:
513 type = "DMA\n";
514 break;
515 }
516 }
517 strcpy(buf, type);
518
519 return strlen(type);
520 }
521
522 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL);
523
524 static IOMMU_GROUP_ATTR(reserved_regions, 0444, iommu_group_show_resv_regions, NULL);
525
526 static IOMMU_GROUP_ATTR(type, 0444, iommu_group_show_type, NULL);
527
iommu_group_release(struct kobject *kobj)528 static void iommu_group_release(struct kobject *kobj)
529 {
530 struct iommu_group *group = to_iommu_group(kobj);
531
532 pr_debug("Releasing group %d\n", group->id);
533
534 if (group->iommu_data_release) {
535 group->iommu_data_release(group->iommu_data);
536 }
537
538 ida_simple_remove(&iommu_group_ida, group->id);
539
540 if (group->default_domain) {
541 iommu_domain_free(group->default_domain);
542 }
543
544 kfree(group->name);
545 kfree(group);
546 }
547
548 static struct kobj_type iommu_group_ktype = {
549 .sysfs_ops = &iommu_group_sysfs_ops,
550 .release = iommu_group_release,
551 };
552
553 /**
554 * iommu_group_alloc - Allocate a new group
555 *
556 * This function is called by an iommu driver to allocate a new iommu
557 * group. The iommu group represents the minimum granularity of the iommu.
558 * Upon successful return, the caller holds a reference to the supplied
559 * group in order to hold the group until devices are added. Use
560 * iommu_group_put() to release this extra reference count, allowing the
561 * group to be automatically reclaimed once it has no devices or external
562 * references.
563 */
iommu_group_alloc(void)564 struct iommu_group *iommu_group_alloc(void)
565 {
566 struct iommu_group *group;
567 int ret;
568
569 group = kzalloc(sizeof(*group), GFP_KERNEL);
570 if (!group) {
571 return ERR_PTR(-ENOMEM);
572 }
573
574 group->kobj.kset = iommu_group_kset;
575 mutex_init(&group->mutex);
576 INIT_LIST_HEAD(&group->devices);
577 INIT_LIST_HEAD(&group->entry);
578 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
579
580 ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL);
581 if (ret < 0) {
582 kfree(group);
583 return ERR_PTR(ret);
584 }
585 group->id = ret;
586
587 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype, NULL, "%d", group->id);
588 if (ret) {
589 ida_simple_remove(&iommu_group_ida, group->id);
590 kobject_put(&group->kobj);
591 return ERR_PTR(ret);
592 }
593
594 group->devices_kobj = kobject_create_and_add("devices", &group->kobj);
595 if (!group->devices_kobj) {
596 kobject_put(&group->kobj); /* triggers .release & free */
597 return ERR_PTR(-ENOMEM);
598 }
599
600 /*
601 * The devices_kobj holds a reference on the group kobject, so
602 * as long as that exists so will the group. We can therefore
603 * use the devices_kobj for reference counting.
604 */
605 kobject_put(&group->kobj);
606
607 ret = iommu_group_create_file(group, &iommu_group_attr_reserved_regions);
608 if (ret) {
609 return ERR_PTR(ret);
610 }
611
612 ret = iommu_group_create_file(group, &iommu_group_attr_type);
613 if (ret) {
614 return ERR_PTR(ret);
615 }
616
617 pr_debug("Allocated group %d\n", group->id);
618
619 return group;
620 }
621 EXPORT_SYMBOL_GPL(iommu_group_alloc);
622
iommu_group_get_by_id(int id)623 struct iommu_group *iommu_group_get_by_id(int id)
624 {
625 struct kobject *group_kobj;
626 struct iommu_group *group;
627 const char *name;
628
629 if (!iommu_group_kset) {
630 return NULL;
631 }
632
633 name = kasprintf(GFP_KERNEL, "%d", id);
634 if (!name) {
635 return NULL;
636 }
637
638 group_kobj = kset_find_obj(iommu_group_kset, name);
639 kfree(name);
640
641 if (!group_kobj) {
642 return NULL;
643 }
644
645 group = container_of(group_kobj, struct iommu_group, kobj);
646 BUG_ON(group->id != id);
647
648 kobject_get(group->devices_kobj);
649 kobject_put(&group->kobj);
650
651 return group;
652 }
653 EXPORT_SYMBOL_GPL(iommu_group_get_by_id);
654
655 /**
656 * iommu_group_get_iommudata - retrieve iommu_data registered for a group
657 * @group: the group
658 *
659 * iommu drivers can store data in the group for use when doing iommu
660 * operations. This function provides a way to retrieve it. Caller
661 * should hold a group reference.
662 */
iommu_group_get_iommudata(struct iommu_group *group)663 void *iommu_group_get_iommudata(struct iommu_group *group)
664 {
665 return group->iommu_data;
666 }
667 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata);
668
669 /**
670 * iommu_group_set_iommudata - set iommu_data for a group
671 * @group: the group
672 * @iommu_data: new data
673 * @release: release function for iommu_data
674 *
675 * iommu drivers can store data in the group for use when doing iommu
676 * operations. This function provides a way to set the data after
677 * the group has been allocated. Caller should hold a group reference.
678 */
iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data, void (*release)(void *iommu_data))679 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data, void (*release)(void *iommu_data))
680 {
681 group->iommu_data = iommu_data;
682 group->iommu_data_release = release;
683 }
684 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata);
685
686 /**
687 * iommu_group_set_name - set name for a group
688 * @group: the group
689 * @name: name
690 *
691 * Allow iommu driver to set a name for a group. When set it will
692 * appear in a name attribute file under the group in sysfs.
693 */
iommu_group_set_name(struct iommu_group *group, const char *name)694 int iommu_group_set_name(struct iommu_group *group, const char *name)
695 {
696 int ret;
697
698 if (group->name) {
699 iommu_group_remove_file(group, &iommu_group_attr_name);
700 kfree(group->name);
701 group->name = NULL;
702 if (!name) {
703 return 0;
704 }
705 }
706
707 group->name = kstrdup(name, GFP_KERNEL);
708 if (!group->name) {
709 return -ENOMEM;
710 }
711
712 ret = iommu_group_create_file(group, &iommu_group_attr_name);
713 if (ret) {
714 kfree(group->name);
715 group->name = NULL;
716 return ret;
717 }
718
719 return 0;
720 }
721 EXPORT_SYMBOL_GPL(iommu_group_set_name);
722
iommu_create_device_direct_mappings(struct iommu_group *group, struct device *dev)723 static int iommu_create_device_direct_mappings(struct iommu_group *group, struct device *dev)
724 {
725 struct iommu_domain *domain = group->default_domain;
726 struct iommu_resv_region *entry;
727 struct list_head mappings;
728 unsigned long pg_size;
729 int ret = 0;
730
731 if (!domain || domain->type != IOMMU_DOMAIN_DMA) {
732 return 0;
733 }
734
735 BUG_ON(!domain->pgsize_bitmap);
736
737 pg_size = 1UL << __ffs(domain->pgsize_bitmap);
738 INIT_LIST_HEAD(&mappings);
739
740 iommu_get_resv_regions(dev, &mappings);
741
742 /* We need to consider overlapping regions for different devices */
743 list_for_each_entry(entry, &mappings, list)
744 {
745 dma_addr_t start, end, addr;
746
747 if (domain->ops->apply_resv_region) {
748 domain->ops->apply_resv_region(dev, domain, entry);
749 }
750
751 start = ALIGN(entry->start, pg_size);
752 end = ALIGN(entry->start + entry->length, pg_size);
753
754 if (entry->type != IOMMU_RESV_DIRECT && entry->type != IOMMU_RESV_DIRECT_RELAXABLE) {
755 continue;
756 }
757
758 for (addr = start; addr < end; addr += pg_size) {
759 phys_addr_t phys_addr;
760
761 phys_addr = iommu_iova_to_phys(domain, addr);
762 if (phys_addr) {
763 continue;
764 }
765
766 ret = iommu_map(domain, addr, addr, pg_size, entry->prot);
767 if (ret) {
768 goto out;
769 }
770 }
771 }
772
773 iommu_flush_iotlb_all(domain);
774
775 out:
776 iommu_put_resv_regions(dev, &mappings);
777
778 return ret;
779 }
780
iommu_is_attach_deferred(struct iommu_domain *domain, struct device *dev)781 static bool iommu_is_attach_deferred(struct iommu_domain *domain, struct device *dev)
782 {
783 if (domain->ops->is_attach_deferred) {
784 return domain->ops->is_attach_deferred(domain, dev);
785 }
786
787 return false;
788 }
789
790 /**
791 * iommu_group_add_device - add a device to an iommu group
792 * @group: the group into which to add the device (reference should be held)
793 * @dev: the device
794 *
795 * This function is called by an iommu driver to add a device into a
796 * group. Adding a device increments the group reference count.
797 */
iommu_group_add_device(struct iommu_group *group, struct device *dev)798 int iommu_group_add_device(struct iommu_group *group, struct device *dev)
799 {
800 int ret, i = 0;
801 struct group_device *device;
802
803 device = kzalloc(sizeof(*device), GFP_KERNEL);
804 if (!device) {
805 return -ENOMEM;
806 }
807
808 device->dev = dev;
809
810 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group");
811 if (ret) {
812 goto err_free_device;
813 }
814
815 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj));
816 while (1) {
817 if (!device->name) {
818 ret = -ENOMEM;
819 goto err_remove_link;
820 }
821
822 ret = sysfs_create_link_nowarn(group->devices_kobj, &dev->kobj, device->name);
823 if (ret) {
824 if (ret == -EEXIST && i >= 0) {
825 /*
826 * Account for the slim chance of collision
827 * and append an instance to the name.
828 */
829 kfree(device->name);
830 device->name = kasprintf(GFP_KERNEL, "%s.%d", kobject_name(&dev->kobj), i++);
831 continue;
832 }
833 goto err_free_name;
834 }
835 break;
836 }
837
838 kobject_get(group->devices_kobj);
839
840 dev->iommu_group = group;
841
842 mutex_lock(&group->mutex);
843 list_add_tail(&device->list, &group->devices);
844 if (group->domain && !iommu_is_attach_deferred(group->domain, dev)) {
845 ret = iommu_attach_device_ext(group->domain, dev);
846 }
847 mutex_unlock(&group->mutex);
848 if (ret) {
849 goto err_put_group;
850 }
851
852 /* Notify any listeners about change to group. */
853 blocking_notifier_call_chain(&group->notifier, IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev);
854
855 trace_add_device_to_group(group->id, dev);
856
857 dev_info(dev, "Adding to iommu group %d\n", group->id);
858
859 return 0;
860
861 err_put_group:
862 mutex_lock(&group->mutex);
863 list_del(&device->list);
864 mutex_unlock(&group->mutex);
865 dev->iommu_group = NULL;
866 kobject_put(group->devices_kobj);
867 sysfs_remove_link(group->devices_kobj, device->name);
868 err_free_name:
869 kfree(device->name);
870 err_remove_link:
871 sysfs_remove_link(&dev->kobj, "iommu_group");
872 err_free_device:
873 kfree(device);
874 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret);
875 return ret;
876 }
877 EXPORT_SYMBOL_GPL(iommu_group_add_device);
878
879 /**
880 * iommu_group_remove_device - remove a device from it's current group
881 * @dev: device to be removed
882 *
883 * This function is called by an iommu driver to remove the device from
884 * it's current group. This decrements the iommu group reference count.
885 */
iommu_group_remove_device(struct device *dev)886 void iommu_group_remove_device(struct device *dev)
887 {
888 struct iommu_group *group = dev->iommu_group;
889 struct group_device *tmp_device, *device = NULL;
890
891 if (!group) {
892 return;
893 }
894
895 dev_info(dev, "Removing from iommu group %d\n", group->id);
896
897 /* Pre-notify listeners that a device is being removed. */
898 blocking_notifier_call_chain(&group->notifier, IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);
899
900 mutex_lock(&group->mutex);
901 list_for_each_entry(tmp_device, &group->devices, list)
902 {
903 if (tmp_device->dev == dev) {
904 device = tmp_device;
905 list_del(&device->list);
906 break;
907 }
908 }
909 mutex_unlock(&group->mutex);
910
911 if (!device) {
912 return;
913 }
914
915 sysfs_remove_link(group->devices_kobj, device->name);
916 sysfs_remove_link(&dev->kobj, "iommu_group");
917
918 trace_remove_device_from_group(group->id, dev);
919
920 kfree(device->name);
921 kfree(device);
922 dev->iommu_group = NULL;
923 kobject_put(group->devices_kobj);
924 }
925 EXPORT_SYMBOL_GPL(iommu_group_remove_device);
926
iommu_group_device_count(struct iommu_group *group)927 static int iommu_group_device_count(struct iommu_group *group)
928 {
929 struct group_device *entry;
930 int ret = 0;
931
932 list_for_each_entry(entry, &group->devices, list) ret++;
933
934 return ret;
935 }
936
937 /**
938 * iommu_group_for_each_dev - iterate over each device in the group
939 * @group: the group
940 * @data: caller opaque data to be passed to callback function
941 * @fn: caller supplied callback function
942 *
943 * This function is called by group users to iterate over group devices.
944 * Callers should hold a reference count to the group during callback.
945 * The group->mutex is held across callbacks, which will block calls to
946 * iommu_group_add/remove_device.
947 */
iommu_group_for_each_dev_ext(struct iommu_group *group, void *data, int (*fn)(struct device *, void *))948 static int iommu_group_for_each_dev_ext(struct iommu_group *group, void *data, int (*fn)(struct device *, void *))
949 {
950 struct group_device *device;
951 int ret = 0;
952
953 list_for_each_entry(device, &group->devices, list)
954 {
955 ret = fn(device->dev, data);
956 if (ret) {
957 break;
958 }
959 }
960 return ret;
961 }
962
iommu_group_for_each_dev(struct iommu_group *group, void *data, int (*fn)(struct device *, void *))963 int iommu_group_for_each_dev(struct iommu_group *group, void *data, int (*fn)(struct device *, void *))
964 {
965 int ret;
966
967 mutex_lock(&group->mutex);
968 ret = iommu_group_for_each_dev_ext(group, data, fn);
969 mutex_unlock(&group->mutex);
970
971 return ret;
972 }
973 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev);
974
975 /**
976 * iommu_group_get - Return the group for a device and increment reference
977 * @dev: get the group that this device belongs to
978 *
979 * This function is called by iommu drivers and users to get the group
980 * for the specified device. If found, the group is returned and the group
981 * reference in incremented, else NULL.
982 */
iommu_group_get(struct device *dev)983 struct iommu_group *iommu_group_get(struct device *dev)
984 {
985 struct iommu_group *group = dev->iommu_group;
986
987 if (group) {
988 kobject_get(group->devices_kobj);
989 }
990
991 return group;
992 }
993 EXPORT_SYMBOL_GPL(iommu_group_get);
994
995 /**
996 * iommu_group_ref_get - Increment reference on a group
997 * @group: the group to use, must not be NULL
998 *
999 * This function is called by iommu drivers to take additional references on an
1000 * existing group. Returns the given group for convenience.
1001 */
iommu_group_ref_get(struct iommu_group *group)1002 struct iommu_group *iommu_group_ref_get(struct iommu_group *group)
1003 {
1004 kobject_get(group->devices_kobj);
1005 return group;
1006 }
1007 EXPORT_SYMBOL_GPL(iommu_group_ref_get);
1008
1009 /**
1010 * iommu_group_put - Decrement group reference
1011 * @group: the group to use
1012 *
1013 * This function is called by iommu drivers and users to release the
1014 * iommu group. Once the reference count is zero, the group is released.
1015 */
iommu_group_put(struct iommu_group *group)1016 void iommu_group_put(struct iommu_group *group)
1017 {
1018 if (group) {
1019 kobject_put(group->devices_kobj);
1020 }
1021 }
1022 EXPORT_SYMBOL_GPL(iommu_group_put);
1023
1024 /**
1025 * iommu_group_register_notifier - Register a notifier for group changes
1026 * @group: the group to watch
1027 * @nb: notifier block to signal
1028 *
1029 * This function allows iommu group users to track changes in a group.
1030 * See include/linux/iommu.h for actions sent via this notifier. Caller
1031 * should hold a reference to the group throughout notifier registration.
1032 */
iommu_group_register_notifier(struct iommu_group *group, struct notifier_block *nb)1033 int iommu_group_register_notifier(struct iommu_group *group, struct notifier_block *nb)
1034 {
1035 return blocking_notifier_chain_register(&group->notifier, nb);
1036 }
1037 EXPORT_SYMBOL_GPL(iommu_group_register_notifier);
1038
1039 /**
1040 * iommu_group_unregister_notifier - Unregister a notifier
1041 * @group: the group to watch
1042 * @nb: notifier block to signal
1043 *
1044 * Unregister a previously registered group notifier block.
1045 */
iommu_group_unregister_notifier(struct iommu_group *group, struct notifier_block *nb)1046 int iommu_group_unregister_notifier(struct iommu_group *group, struct notifier_block *nb)
1047 {
1048 return blocking_notifier_chain_unregister(&group->notifier, nb);
1049 }
1050 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier);
1051
1052 /**
1053 * iommu_register_device_fault_handler() - Register a device fault handler
1054 * @dev: the device
1055 * @handler: the fault handler
1056 * @data: private data passed as argument to the handler
1057 *
1058 * When an IOMMU fault event is received, this handler gets called with the
1059 * fault event and data as argument. The handler should return 0 on success. If
1060 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also
1061 * complete the fault by calling iommu_page_response() with one of the following
1062 * response code
1063 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation
1064 * - IOMMU_PAGE_RESP_INVALID: terminate the fault
1065 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting
1066 * page faults if possible.
1067 *
1068 * Return 0 if the fault handler was installed successfully, or an error.
1069 */
iommu_register_device_fault_handler(struct device *dev, iommu_dev_fault_handler_t handler, void *data)1070 int iommu_register_device_fault_handler(struct device *dev, iommu_dev_fault_handler_t handler, void *data)
1071 {
1072 struct dev_iommu *param = dev->iommu;
1073 int ret = 0;
1074
1075 if (!param) {
1076 return -EINVAL;
1077 }
1078
1079 mutex_lock(¶m->lock);
1080 /* Only allow one fault handler registered for each device */
1081 if (param->fault_param) {
1082 ret = -EBUSY;
1083 goto done_unlock;
1084 }
1085
1086 get_device(dev);
1087 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL);
1088 if (!param->fault_param) {
1089 put_device(dev);
1090 ret = -ENOMEM;
1091 goto done_unlock;
1092 }
1093 param->fault_param->handler = handler;
1094 param->fault_param->data = data;
1095 mutex_init(¶m->fault_param->lock);
1096 INIT_LIST_HEAD(¶m->fault_param->faults);
1097
1098 done_unlock:
1099 mutex_unlock(¶m->lock);
1100
1101 return ret;
1102 }
1103 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler);
1104
1105 /**
1106 * iommu_unregister_device_fault_handler() - Unregister the device fault handler
1107 * @dev: the device
1108 *
1109 * Remove the device fault handler installed with
1110 * iommu_register_device_fault_handler().
1111 *
1112 * Return 0 on success, or an error.
1113 */
iommu_unregister_device_fault_handler(struct device *dev)1114 int iommu_unregister_device_fault_handler(struct device *dev)
1115 {
1116 struct dev_iommu *param = dev->iommu;
1117 int ret = 0;
1118
1119 if (!param) {
1120 return -EINVAL;
1121 }
1122
1123 mutex_lock(¶m->lock);
1124
1125 if (!param->fault_param) {
1126 goto unlock;
1127 }
1128
1129 /* we cannot unregister handler if there are pending faults */
1130 if (!list_empty(¶m->fault_param->faults)) {
1131 ret = -EBUSY;
1132 goto unlock;
1133 }
1134
1135 kfree(param->fault_param);
1136 param->fault_param = NULL;
1137 put_device(dev);
1138 unlock:
1139 mutex_unlock(¶m->lock);
1140
1141 return ret;
1142 }
1143 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler);
1144
1145 /**
1146 * iommu_report_device_fault() - Report fault event to device driver
1147 * @dev: the device
1148 * @evt: fault event data
1149 *
1150 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ
1151 * handler. When this function fails and the fault is recoverable, it is the
1152 * caller's responsibility to complete the fault.
1153 *
1154 * Return 0 on success, or an error.
1155 */
iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt)1156 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt)
1157 {
1158 struct dev_iommu *param = dev->iommu;
1159 struct iommu_fault_event *evt_pending = NULL;
1160 struct iommu_fault_param *fparam;
1161 int ret = 0;
1162
1163 if (!param || !evt) {
1164 return -EINVAL;
1165 }
1166
1167 /* we only report device fault if there is a handler registered */
1168 mutex_lock(¶m->lock);
1169 fparam = param->fault_param;
1170 if (!fparam || !fparam->handler) {
1171 ret = -EINVAL;
1172 goto done_unlock;
1173 }
1174
1175 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ && (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) {
1176 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event), GFP_KERNEL);
1177 if (!evt_pending) {
1178 ret = -ENOMEM;
1179 goto done_unlock;
1180 }
1181 mutex_lock(&fparam->lock);
1182 list_add_tail(&evt_pending->list, &fparam->faults);
1183 mutex_unlock(&fparam->lock);
1184 }
1185
1186 ret = fparam->handler(&evt->fault, fparam->data);
1187 if (ret && evt_pending) {
1188 mutex_lock(&fparam->lock);
1189 list_del(&evt_pending->list);
1190 mutex_unlock(&fparam->lock);
1191 kfree(evt_pending);
1192 }
1193 done_unlock:
1194 mutex_unlock(¶m->lock);
1195 return ret;
1196 }
1197 EXPORT_SYMBOL_GPL(iommu_report_device_fault);
1198
iommu_page_response(struct device *dev, struct iommu_page_response *msg)1199 int iommu_page_response(struct device *dev, struct iommu_page_response *msg)
1200 {
1201 bool needs_pasid;
1202 int ret = -EINVAL;
1203 struct iommu_fault_event *evt;
1204 struct iommu_fault_page_request *prm;
1205 struct dev_iommu *param = dev->iommu;
1206 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID;
1207 struct iommu_domain *domain = iommu_get_domain_for_dev(dev);
1208
1209 if (!domain || !domain->ops->page_response) {
1210 return -ENODEV;
1211 }
1212
1213 if (!param || !param->fault_param) {
1214 return -EINVAL;
1215 }
1216
1217 if ((msg->version != IOMMU_PAGE_RESP_VERSION_1) || (msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID)) {
1218 return -EINVAL;
1219 }
1220
1221 /* Only send response if there is a fault report pending */
1222 mutex_lock(¶m->fault_param->lock);
1223 if (list_empty(¶m->fault_param->faults)) {
1224 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n");
1225 goto done_unlock;
1226 }
1227 /*
1228 * Check if we have a matching page request pending to respond,
1229 * otherwise return -EINVAL
1230 */
1231 list_for_each_entry(evt, ¶m->fault_param->faults, list)
1232 {
1233 prm = &evt->fault.prm;
1234 if (prm->grpid != msg->grpid) {
1235 continue;
1236 }
1237
1238 /*
1239 * If the PASID is required, the corresponding request is
1240 * matched using the group ID, the PASID valid bit and the PASID
1241 * value. Otherwise only the group ID matches request and
1242 * response.
1243 */
1244 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID;
1245 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid)) {
1246 continue;
1247 }
1248
1249 if (!needs_pasid && has_pasid) {
1250 /* No big deal, just clear it. */
1251 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID;
1252 msg->pasid = 0;
1253 }
1254
1255 ret = domain->ops->page_response(dev, evt, msg);
1256 list_del(&evt->list);
1257 kfree(evt);
1258 break;
1259 }
1260
1261 done_unlock:
1262 mutex_unlock(¶m->fault_param->lock);
1263 return ret;
1264 }
1265 EXPORT_SYMBOL_GPL(iommu_page_response);
1266
1267 /**
1268 * iommu_group_id - Return ID for a group
1269 * @group: the group to ID
1270 *
1271 * Return the unique ID for the group matching the sysfs group number.
1272 */
iommu_group_id(struct iommu_group *group)1273 int iommu_group_id(struct iommu_group *group)
1274 {
1275 return group->id;
1276 }
1277 EXPORT_SYMBOL_GPL(iommu_group_id);
1278
1279 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, unsigned long *devfns);
1280
1281 /*
1282 * To consider a PCI device isolated, we require ACS to support Source
1283 * Validation, Request Redirection, Completer Redirection, and Upstream
1284 * Forwarding. This effectively means that devices cannot spoof their
1285 * requester ID, requests and completions cannot be redirected, and all
1286 * transactions are forwarded upstream, even as it passes through a
1287 * bridge where the target device is downstream.
1288 */
1289 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
1290
1291 /*
1292 * For multifunction devices which are not isolated from each other, find
1293 * all the other non-isolated functions and look for existing groups. For
1294 * each function, we also need to look for aliases to or from other devices
1295 * that may already have a group.
1296 */
get_pci_function_alias_group(struct pci_dev *pdev, unsigned long *devfns)1297 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev, unsigned long *devfns)
1298 {
1299 struct pci_dev *tmp = NULL;
1300 struct iommu_group *group;
1301
1302 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS)) {
1303 return NULL;
1304 }
1305
1306 for_each_pci_dev(tmp)
1307 {
1308 if (tmp == pdev || tmp->bus != pdev->bus || PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
1309 pci_acs_enabled(tmp, REQ_ACS_FLAGS)) {
1310 continue;
1311 }
1312
1313 group = get_pci_alias_group(tmp, devfns);
1314 if (group) {
1315 pci_dev_put(tmp);
1316 return group;
1317 }
1318 }
1319
1320 return NULL;
1321 }
1322
1323 /*
1324 * Look for aliases to or from the given device for existing groups. DMA
1325 * aliases are only supported on the same bus, therefore the search
1326 * space is quite small (especially since we're really only looking at pcie
1327 * device, and therefore only expect multiple slots on the root complex or
1328 * downstream switch ports). It's conceivable though that a pair of
1329 * multifunction devices could have aliases between them that would cause a
1330 * loop. To prevent this, we use a bitmap to track where we've been.
1331 */
get_pci_alias_group(struct pci_dev *pdev, unsigned long *devfns)1332 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, unsigned long *devfns)
1333 {
1334 struct pci_dev *tmp = NULL;
1335 struct iommu_group *group;
1336
1337 if (test_and_set_bit(pdev->devfn & 0xff, devfns)) {
1338 return NULL;
1339 }
1340
1341 group = iommu_group_get(&pdev->dev);
1342 if (group) {
1343 return group;
1344 }
1345
1346 for_each_pci_dev(tmp)
1347 {
1348 if (tmp == pdev || tmp->bus != pdev->bus) {
1349 continue;
1350 }
1351
1352 /* We alias them or they alias us */
1353 if (pci_devs_are_dma_aliases(pdev, tmp)) {
1354 group = get_pci_alias_group(tmp, devfns);
1355 if (group) {
1356 pci_dev_put(tmp);
1357 return group;
1358 }
1359
1360 group = get_pci_function_alias_group(tmp, devfns);
1361 if (group) {
1362 pci_dev_put(tmp);
1363 return group;
1364 }
1365 }
1366 }
1367
1368 return NULL;
1369 }
1370
1371 struct group_for_pci_data {
1372 struct pci_dev *pdev;
1373 struct iommu_group *group;
1374 };
1375
1376 /*
1377 * DMA alias iterator callback, return the last seen device. Stop and return
1378 * the IOMMU group if we find one along the way.
1379 */
get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque)1380 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque)
1381 {
1382 struct group_for_pci_data *data = opaque;
1383
1384 data->pdev = pdev;
1385 data->group = iommu_group_get(&pdev->dev);
1386
1387 return data->group != NULL;
1388 }
1389
1390 /*
1391 * Generic device_group call-back function. It just allocates one
1392 * iommu-group per device.
1393 */
generic_device_group(struct device *dev)1394 struct iommu_group *generic_device_group(struct device *dev)
1395 {
1396 return iommu_group_alloc();
1397 }
1398 EXPORT_SYMBOL_GPL(generic_device_group);
1399
1400 /*
1401 * Use standard PCI bus topology, isolation features, and DMA alias quirks
1402 * to find or create an IOMMU group for a device.
1403 */
pci_device_group(struct device *dev)1404 struct iommu_group *pci_device_group(struct device *dev)
1405 {
1406 struct pci_dev *pdev = to_pci_dev(dev);
1407 struct group_for_pci_data data;
1408 struct pci_bus *bus;
1409 struct iommu_group *group = NULL;
1410 u64 devfns[4] = {0};
1411
1412 if (WARN_ON(!dev_is_pci(dev))) {
1413 return ERR_PTR(-EINVAL);
1414 }
1415
1416 /*
1417 * Find the upstream DMA alias for the device. A device must not
1418 * be aliased due to topology in order to have its own IOMMU group.
1419 * If we find an alias along the way that already belongs to a
1420 * group, use it.
1421 */
1422 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data)) {
1423 return data.group;
1424 }
1425
1426 pdev = data.pdev;
1427
1428 /*
1429 * Continue upstream from the point of minimum IOMMU granularity
1430 * due to aliases to the point where devices are protected from
1431 * peer-to-peer DMA by PCI ACS. Again, if we find an existing
1432 * group, use it.
1433 */
1434 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) {
1435 if (!bus->self) {
1436 continue;
1437 }
1438
1439 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS)) {
1440 break;
1441 }
1442
1443 pdev = bus->self;
1444
1445 group = iommu_group_get(&pdev->dev);
1446 if (group) {
1447 return group;
1448 }
1449 }
1450
1451 /*
1452 * Look for existing groups on device aliases. If we alias another
1453 * device or another device aliases us, use the same group.
1454 */
1455 group = get_pci_alias_group(pdev, (unsigned long *)devfns);
1456 if (group) {
1457 return group;
1458 }
1459
1460 /*
1461 * Look for existing groups on non-isolated functions on the same
1462 * slot and aliases of those funcions, if any. No need to clear
1463 * the search bitmap, the tested devfns are still valid.
1464 */
1465 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns);
1466 if (group) {
1467 return group;
1468 }
1469
1470 /* No shared group found, allocate new */
1471 return iommu_group_alloc();
1472 }
1473 EXPORT_SYMBOL_GPL(pci_device_group);
1474
1475 /* Get the IOMMU group for device on fsl-mc bus */
fsl_mc_device_group(struct device *dev)1476 struct iommu_group *fsl_mc_device_group(struct device *dev)
1477 {
1478 struct device *cont_dev = fsl_mc_cont_dev(dev);
1479 struct iommu_group *group;
1480
1481 group = iommu_group_get(cont_dev);
1482 if (!group) {
1483 group = iommu_group_alloc();
1484 }
1485 return group;
1486 }
1487 EXPORT_SYMBOL_GPL(fsl_mc_device_group);
1488
iommu_get_def_domain_type(struct device *dev)1489 static int iommu_get_def_domain_type(struct device *dev)
1490 {
1491 const struct iommu_ops *ops = dev->bus->iommu_ops;
1492 unsigned int type = 0;
1493
1494 if (ops->def_domain_type) {
1495 type = ops->def_domain_type(dev);
1496 }
1497
1498 return (type == 0) ? iommu_def_domain_type : type;
1499 }
1500
iommu_group_alloc_default_domain(struct bus_type *bus, struct iommu_group *group, unsigned int type)1501 static int iommu_group_alloc_default_domain(struct bus_type *bus, struct iommu_group *group, unsigned int type)
1502 {
1503 struct iommu_domain *dom;
1504
1505 dom = iommu_domain_alloc_ext(bus, type);
1506 if (!dom && type != IOMMU_DOMAIN_DMA) {
1507 dom = iommu_domain_alloc_ext(bus, IOMMU_DOMAIN_DMA);
1508 if (dom) {
1509 pr_warn(
1510 "Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA",
1511 type, group->name);
1512 }
1513 }
1514
1515 if (!dom) {
1516 return -ENOMEM;
1517 }
1518
1519 group->default_domain = dom;
1520 if (!group->domain) {
1521 group->domain = dom;
1522 }
1523
1524 if (!iommu_dma_strict) {
1525 int attr = 1;
1526 iommu_domain_set_attr(dom, DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE, &attr);
1527 }
1528
1529 return 0;
1530 }
1531
iommu_alloc_default_domain(struct iommu_group *group, struct device *dev)1532 static int iommu_alloc_default_domain(struct iommu_group *group, struct device *dev)
1533 {
1534 unsigned int type;
1535
1536 if (group->default_domain) {
1537 return 0;
1538 }
1539
1540 type = iommu_get_def_domain_type(dev);
1541
1542 return iommu_group_alloc_default_domain(dev->bus, group, type);
1543 }
1544
1545 /**
1546 * iommu_group_get_for_dev - Find or create the IOMMU group for a device
1547 * @dev: target device
1548 *
1549 * This function is intended to be called by IOMMU drivers and extended to
1550 * support common, bus-defined algorithms when determining or creating the
1551 * IOMMU group for a device. On success, the caller will hold a reference
1552 * to the returned IOMMU group, which will already include the provided
1553 * device. The reference should be released with iommu_group_put().
1554 */
iommu_group_get_for_dev(struct device *dev)1555 static struct iommu_group *iommu_group_get_for_dev(struct device *dev)
1556 {
1557 const struct iommu_ops *ops = dev->bus->iommu_ops;
1558 struct iommu_group *group;
1559 int ret;
1560
1561 group = iommu_group_get(dev);
1562 if (group) {
1563 return group;
1564 }
1565
1566 if (!ops) {
1567 return ERR_PTR(-EINVAL);
1568 }
1569
1570 group = ops->device_group(dev);
1571 if (WARN_ON_ONCE(group == NULL)) {
1572 return ERR_PTR(-EINVAL);
1573 }
1574
1575 if (IS_ERR(group)) {
1576 return group;
1577 }
1578
1579 ret = iommu_group_add_device(group, dev);
1580 if (ret) {
1581 goto out_put_group;
1582 }
1583
1584 return group;
1585
1586 out_put_group:
1587 iommu_group_put(group);
1588
1589 return ERR_PTR(ret);
1590 }
1591
iommu_group_default_domain(struct iommu_group *group)1592 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group)
1593 {
1594 return group->default_domain;
1595 }
1596
probe_iommu_group(struct device *dev, void *data)1597 static int probe_iommu_group(struct device *dev, void *data)
1598 {
1599 struct list_head *group_list = data;
1600 struct iommu_group *group;
1601 int ret;
1602
1603 /* Device is probed already if in a group */
1604 group = iommu_group_get(dev);
1605 if (group) {
1606 iommu_group_put(group);
1607 return 0;
1608 }
1609
1610 ret = iommu_probe_device_ext(dev, group_list);
1611 if (ret == -ENODEV) {
1612 ret = 0;
1613 }
1614
1615 return ret;
1616 }
1617
remove_iommu_group(struct device *dev, void *data)1618 static int remove_iommu_group(struct device *dev, void *data)
1619 {
1620 iommu_release_device(dev);
1621
1622 return 0;
1623 }
1624
iommu_bus_notifier(struct notifier_block *nb, unsigned long action, void *data)1625 static int iommu_bus_notifier(struct notifier_block *nb, unsigned long action, void *data)
1626 {
1627 unsigned long group_action = 0;
1628 struct device *dev = data;
1629 struct iommu_group *group;
1630
1631 /*
1632 * ADD/DEL call into iommu driver ops if provided, which may
1633 * result in ADD/DEL notifiers to group->notifier
1634 */
1635 if (action == BUS_NOTIFY_ADD_DEVICE) {
1636 int ret;
1637
1638 ret = iommu_probe_device(dev);
1639 return (ret) ? NOTIFY_DONE : NOTIFY_OK;
1640 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) {
1641 iommu_release_device(dev);
1642 return NOTIFY_OK;
1643 }
1644
1645 /*
1646 * Remaining BUS_NOTIFYs get filtered and republished to the
1647 * group, if anyone is listening
1648 */
1649 group = iommu_group_get(dev);
1650 if (!group) {
1651 return 0;
1652 }
1653
1654 switch (action) {
1655 case BUS_NOTIFY_BIND_DRIVER:
1656 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER;
1657 break;
1658 case BUS_NOTIFY_BOUND_DRIVER:
1659 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER;
1660 break;
1661 case BUS_NOTIFY_UNBIND_DRIVER:
1662 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER;
1663 break;
1664 case BUS_NOTIFY_UNBOUND_DRIVER:
1665 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER;
1666 break;
1667 default:
1668 break;
1669 }
1670
1671 if (group_action) {
1672 blocking_notifier_call_chain(&group->notifier, group_action, dev);
1673 }
1674
1675 iommu_group_put(group);
1676 return 0;
1677 }
1678
1679 struct __group_domain_type {
1680 struct device *dev;
1681 unsigned int type;
1682 };
1683
probe_get_default_domain_type(struct device *dev, void *data)1684 static int probe_get_default_domain_type(struct device *dev, void *data)
1685 {
1686 const struct iommu_ops *ops = dev->bus->iommu_ops;
1687 struct __group_domain_type *gtype = data;
1688 unsigned int type = 0;
1689
1690 if (ops->def_domain_type) {
1691 type = ops->def_domain_type(dev);
1692 }
1693
1694 if (type) {
1695 if (gtype->type && gtype->type != type) {
1696 dev_warn(
1697 dev,
1698 "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n",
1699 iommu_domain_type_str(type), dev_name(gtype->dev), iommu_domain_type_str(gtype->type));
1700 gtype->type = 0;
1701 }
1702
1703 if (!gtype->dev) {
1704 gtype->dev = dev;
1705 gtype->type = type;
1706 }
1707 }
1708
1709 return 0;
1710 }
1711
probe_alloc_default_domain(struct bus_type *bus, struct iommu_group *group)1712 static void probe_alloc_default_domain(struct bus_type *bus, struct iommu_group *group)
1713 {
1714 struct __group_domain_type gtype;
1715
1716 memset(>ype, 0, sizeof(gtype));
1717
1718 /* Ask for default domain requirements of all devices in the group */
1719 iommu_group_for_each_dev_ext(group, >ype, probe_get_default_domain_type);
1720
1721 if (!gtype.type) {
1722 gtype.type = iommu_def_domain_type;
1723 }
1724
1725 iommu_group_alloc_default_domain(bus, group, gtype.type);
1726 }
1727
iommu_group_do_dma_attach(struct device *dev, void *data)1728 static int iommu_group_do_dma_attach(struct device *dev, void *data)
1729 {
1730 struct iommu_domain *domain = data;
1731 int ret = 0;
1732
1733 if (!iommu_is_attach_deferred(domain, dev)) {
1734 ret = iommu_attach_device_ext(domain, dev);
1735 }
1736
1737 return ret;
1738 }
1739
iommu_group_dma_attach_ext(struct iommu_group *group)1740 static int iommu_group_dma_attach_ext(struct iommu_group *group)
1741 {
1742 return iommu_group_for_each_dev_ext(group, group->default_domain, iommu_group_do_dma_attach);
1743 }
1744
iommu_group_do_probe_finalize(struct device *dev, void *data)1745 static int iommu_group_do_probe_finalize(struct device *dev, void *data)
1746 {
1747 struct iommu_domain *domain = data;
1748
1749 if (domain->ops->probe_finalize) {
1750 domain->ops->probe_finalize(dev);
1751 }
1752
1753 return 0;
1754 }
1755
iommu_group_dma_finalize_ext(struct iommu_group *group)1756 static void iommu_group_dma_finalize_ext(struct iommu_group *group)
1757 {
1758 iommu_group_for_each_dev_ext(group, group->default_domain, iommu_group_do_probe_finalize);
1759 }
1760
iommu_do_create_direct_mappings(struct device *dev, void *data)1761 static int iommu_do_create_direct_mappings(struct device *dev, void *data)
1762 {
1763 struct iommu_group *group = data;
1764
1765 iommu_create_device_direct_mappings(group, dev);
1766
1767 return 0;
1768 }
1769
iommu_group_create_direct_mappings(struct iommu_group *group)1770 static int iommu_group_create_direct_mappings(struct iommu_group *group)
1771 {
1772 return iommu_group_for_each_dev_ext(group, group, iommu_do_create_direct_mappings);
1773 }
1774
bus_iommu_probe(struct bus_type *bus)1775 int bus_iommu_probe(struct bus_type *bus)
1776 {
1777 struct iommu_group *group, *next;
1778 LIST_HEAD(group_list);
1779 int ret;
1780
1781 /*
1782 * This code-path does not allocate the default domain when
1783 * creating the iommu group, so do it after the groups are
1784 * created.
1785 */
1786 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group);
1787 if (ret) {
1788 return ret;
1789 }
1790
1791 list_for_each_entry_safe(group, next, &group_list, entry)
1792 {
1793 /* Remove item from the list */
1794 list_del_init(&group->entry);
1795
1796 mutex_lock(&group->mutex);
1797
1798 /* Try to allocate default domain */
1799 probe_alloc_default_domain(bus, group);
1800
1801 if (!group->default_domain) {
1802 mutex_unlock(&group->mutex);
1803 continue;
1804 }
1805
1806 iommu_group_create_direct_mappings(group);
1807
1808 ret = iommu_group_dma_attach_ext(group);
1809
1810 mutex_unlock(&group->mutex);
1811
1812 if (ret) {
1813 break;
1814 }
1815
1816 iommu_group_dma_finalize_ext(group);
1817 }
1818
1819 return ret;
1820 }
1821
iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops)1822 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops)
1823 {
1824 struct notifier_block *nb;
1825 int err;
1826
1827 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
1828 if (!nb) {
1829 return -ENOMEM;
1830 }
1831
1832 nb->notifier_call = iommu_bus_notifier;
1833
1834 err = bus_register_notifier(bus, nb);
1835 if (err) {
1836 goto out_free;
1837 }
1838
1839 err = bus_iommu_probe(bus);
1840 if (err) {
1841 goto out_err;
1842 }
1843
1844 return 0;
1845
1846 out_err:
1847 /* Clean up */
1848 bus_for_each_dev(bus, NULL, NULL, remove_iommu_group);
1849 bus_unregister_notifier(bus, nb);
1850
1851 out_free:
1852 kfree(nb);
1853
1854 return err;
1855 }
1856
1857 /**
1858 * bus_set_iommu - set iommu-callbacks for the bus
1859 * @bus: bus.
1860 * @ops: the callbacks provided by the iommu-driver
1861 *
1862 * This function is called by an iommu driver to set the iommu methods
1863 * used for a particular bus. Drivers for devices on that bus can use
1864 * the iommu-api after these ops are registered.
1865 * This special function is needed because IOMMUs are usually devices on
1866 * the bus itself, so the iommu drivers are not initialized when the bus
1867 * is set up. With this function the iommu-driver can set the iommu-ops
1868 * afterwards.
1869 */
bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops)1870 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops)
1871 {
1872 int err;
1873
1874 if (ops == NULL) {
1875 bus->iommu_ops = NULL;
1876 return 0;
1877 }
1878
1879 if (bus->iommu_ops != NULL) {
1880 return -EBUSY;
1881 }
1882
1883 bus->iommu_ops = ops;
1884
1885 /* Do IOMMU specific setup for this bus-type */
1886 err = iommu_bus_init(bus, ops);
1887 if (err) {
1888 bus->iommu_ops = NULL;
1889 }
1890
1891 return err;
1892 }
1893 EXPORT_SYMBOL_GPL(bus_set_iommu);
1894
iommu_present(struct bus_type *bus)1895 bool iommu_present(struct bus_type *bus)
1896 {
1897 return bus->iommu_ops != NULL;
1898 }
1899 EXPORT_SYMBOL_GPL(iommu_present);
1900
iommu_capable(struct bus_type *bus, enum iommu_cap cap)1901 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap)
1902 {
1903 if (!bus->iommu_ops || !bus->iommu_ops->capable) {
1904 return false;
1905 }
1906
1907 return bus->iommu_ops->capable(cap);
1908 }
1909 EXPORT_SYMBOL_GPL(iommu_capable);
1910
1911 /**
1912 * iommu_set_fault_handler() - set a fault handler for an iommu domain
1913 * @domain: iommu domain
1914 * @handler: fault handler
1915 * @token: user data, will be passed back to the fault handler
1916 *
1917 * This function should be used by IOMMU users which want to be notified
1918 * whenever an IOMMU fault happens.
1919 *
1920 * The fault handler itself should return 0 on success, and an appropriate
1921 * error code otherwise.
1922 */
iommu_set_fault_handler(struct iommu_domain *domain, iommu_fault_handler_t handler, void *token)1923 void iommu_set_fault_handler(struct iommu_domain *domain, iommu_fault_handler_t handler, void *token)
1924 {
1925 BUG_ON(!domain);
1926
1927 domain->handler = handler;
1928 domain->handler_token = token;
1929 }
1930 EXPORT_SYMBOL_GPL(iommu_set_fault_handler);
1931
iommu_domain_alloc_ext(struct bus_type *bus, unsigned type)1932 static struct iommu_domain *iommu_domain_alloc_ext(struct bus_type *bus, unsigned type)
1933 {
1934 struct iommu_domain *domain;
1935
1936 if (bus == NULL || bus->iommu_ops == NULL) {
1937 return NULL;
1938 }
1939
1940 domain = bus->iommu_ops->domain_alloc(type);
1941 if (!domain) {
1942 return NULL;
1943 }
1944
1945 domain->ops = bus->iommu_ops;
1946 domain->type = type;
1947 /* Assume all sizes by default; the driver may override this later */
1948 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap;
1949
1950 return domain;
1951 }
1952
iommu_domain_alloc(struct bus_type *bus)1953 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus)
1954 {
1955 return iommu_domain_alloc_ext(bus, IOMMU_DOMAIN_UNMANAGED);
1956 }
1957 EXPORT_SYMBOL_GPL(iommu_domain_alloc);
1958
iommu_domain_free(struct iommu_domain *domain)1959 void iommu_domain_free(struct iommu_domain *domain)
1960 {
1961 domain->ops->domain_free(domain);
1962 }
1963 EXPORT_SYMBOL_GPL(iommu_domain_free);
1964
iommu_attach_device_ext(struct iommu_domain *domain, struct device *dev)1965 static int iommu_attach_device_ext(struct iommu_domain *domain, struct device *dev)
1966 {
1967 int ret;
1968
1969 if (unlikely(domain->ops->attach_dev == NULL)) {
1970 return -ENODEV;
1971 }
1972
1973 ret = domain->ops->attach_dev(domain, dev);
1974 if (!ret) {
1975 trace_attach_device_to_domain(dev);
1976 }
1977 return ret;
1978 }
1979
iommu_attach_device(struct iommu_domain *domain, struct device *dev)1980 int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
1981 {
1982 struct iommu_group *group;
1983 int ret;
1984
1985 group = iommu_group_get(dev);
1986 if (!group) {
1987 return -ENODEV;
1988 }
1989
1990 /*
1991 * Lock the group to make sure the device-count doesn't
1992 * change while we are attaching
1993 */
1994 mutex_lock(&group->mutex);
1995 ret = -EINVAL;
1996 if (iommu_group_device_count(group) != 1) {
1997 goto out_unlock;
1998 }
1999
2000 ret = iommu_attach_group_ext(domain, group);
2001
2002 out_unlock:
2003 mutex_unlock(&group->mutex);
2004 iommu_group_put(group);
2005
2006 return ret;
2007 }
2008 EXPORT_SYMBOL_GPL(iommu_attach_device);
2009
2010 /*
2011 * Check flags and other user provided data for valid combinations. We also
2012 * make sure no reserved fields or unused flags are set. This is to ensure
2013 * not breaking userspace in the future when these fields or flags are used.
2014 */
iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info)2015 static int iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info)
2016 {
2017 u32 mask;
2018 int i;
2019
2020 if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1) {
2021 return -EINVAL;
2022 }
2023
2024 mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1;
2025 if (info->cache & ~mask) {
2026 return -EINVAL;
2027 }
2028
2029 if (info->granularity >= IOMMU_INV_GRANU_NR) {
2030 return -EINVAL;
2031 }
2032
2033 switch (info->granularity) {
2034 case IOMMU_INV_GRANU_ADDR:
2035 if (info->cache & IOMMU_CACHE_INV_TYPE_PASID) {
2036 return -EINVAL;
2037 }
2038
2039 mask = IOMMU_INV_ADDR_FLAGS_PASID | IOMMU_INV_ADDR_FLAGS_ARCHID | IOMMU_INV_ADDR_FLAGS_LEAF;
2040
2041 if (info->granu.addr_info.flags & ~mask) {
2042 return -EINVAL;
2043 }
2044 break;
2045 case IOMMU_INV_GRANU_PASID:
2046 mask = IOMMU_INV_PASID_FLAGS_PASID | IOMMU_INV_PASID_FLAGS_ARCHID;
2047 if (info->granu.pasid_info.flags & ~mask) {
2048 return -EINVAL;
2049 }
2050
2051 break;
2052 case IOMMU_INV_GRANU_DOMAIN:
2053 if (info->cache & IOMMU_CACHE_INV_TYPE_DEV_IOTLB) {
2054 return -EINVAL;
2055 }
2056 break;
2057 default:
2058 return -EINVAL;
2059 }
2060
2061 /* Check reserved padding fields */
2062 for (i = 0; i < sizeof(info->padding); i++) {
2063 if (info->padding[i]) {
2064 return -EINVAL;
2065 }
2066 }
2067
2068 return 0;
2069 }
2070
iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev, void __user *uinfo)2071 int iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev, void __user *uinfo)
2072 {
2073 struct iommu_cache_invalidate_info inv_info = {0};
2074 u32 minsz;
2075 int ret;
2076
2077 if (unlikely(!domain->ops->cache_invalidate)) {
2078 return -ENODEV;
2079 }
2080
2081 /*
2082 * No new spaces can be added before the variable sized union, the
2083 * minimum size is the offset to the union.
2084 */
2085 minsz = offsetof(struct iommu_cache_invalidate_info, granu);
2086
2087 /* Copy minsz from user to get flags and argsz */
2088 if (copy_from_user(&inv_info, uinfo, minsz)) {
2089 return -EFAULT;
2090 }
2091
2092 /* Fields before the variable size union are mandatory */
2093 if (inv_info.argsz < minsz) {
2094 return -EINVAL;
2095 }
2096
2097 /* PASID and address granu require additional info beyond minsz */
2098 if (inv_info.granularity == IOMMU_INV_GRANU_PASID &&
2099 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.pasid_info)) {
2100 return -EINVAL;
2101 }
2102
2103 if (inv_info.granularity == IOMMU_INV_GRANU_ADDR &&
2104 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.addr_info)) {
2105 return -EINVAL;
2106 }
2107
2108 /*
2109 * User might be using a newer UAPI header which has a larger data
2110 * size, we shall support the existing flags within the current
2111 * size. Copy the remaining user data _after_ minsz but not more
2112 * than the current kernel supported size.
2113 */
2114 if (copy_from_user((void *)&inv_info + minsz, uinfo + minsz,
2115 min_t(u32, inv_info.argsz, sizeof(inv_info)) - minsz)) {
2116 return -EFAULT;
2117 }
2118
2119 /* Now the argsz is validated, check the content */
2120 ret = iommu_check_cache_invl_data(&inv_info);
2121 if (ret) {
2122 return ret;
2123 }
2124
2125 return domain->ops->cache_invalidate(domain, dev, &inv_info);
2126 }
2127 EXPORT_SYMBOL_GPL(iommu_uapi_cache_invalidate);
2128
iommu_check_bind_data(struct iommu_gpasid_bind_data *data)2129 static int iommu_check_bind_data(struct iommu_gpasid_bind_data *data)
2130 {
2131 u64 mask;
2132 int i;
2133
2134 if (data->version != IOMMU_GPASID_BIND_VERSION_1) {
2135 return -EINVAL;
2136 }
2137
2138 /* Check the range of supported formats */
2139 if (data->format >= IOMMU_PASID_FORMAT_LAST) {
2140 return -EINVAL;
2141 }
2142
2143 /* Check all flags */
2144 mask = IOMMU_SVA_GPASID_VAL;
2145 if (data->flags & ~mask) {
2146 return -EINVAL;
2147 }
2148
2149 /* Check reserved padding fields */
2150 for (i = 0; i < sizeof(data->padding); i++) {
2151 if (data->padding[i]) {
2152 return -EINVAL;
2153 }
2154 }
2155
2156 return 0;
2157 }
2158
iommu_sva_prepare_bind_data(void __user *udata, struct iommu_gpasid_bind_data *data)2159 static int iommu_sva_prepare_bind_data(void __user *udata, struct iommu_gpasid_bind_data *data)
2160 {
2161 u32 minsz;
2162
2163 /*
2164 * No new spaces can be added before the variable sized union, the
2165 * minimum size is the offset to the union.
2166 */
2167 minsz = offsetof(struct iommu_gpasid_bind_data, vendor);
2168
2169 /* Copy minsz from user to get flags and argsz */
2170 if (copy_from_user(data, udata, minsz)) {
2171 return -EFAULT;
2172 }
2173
2174 /* Fields before the variable size union are mandatory */
2175 if (data->argsz < minsz) {
2176 return -EINVAL;
2177 }
2178 /*
2179 * User might be using a newer UAPI header, we shall let IOMMU vendor
2180 * driver decide on what size it needs. Since the guest PASID bind data
2181 * can be vendor specific, larger argsz could be the result of extension
2182 * for one vendor but it should not affect another vendor.
2183 * Copy the remaining user data _after_ minsz
2184 */
2185 if (copy_from_user((void *)data + minsz, udata + minsz, min_t(u32, data->argsz, sizeof(*data)) - minsz)) {
2186 return -EFAULT;
2187 }
2188
2189 return iommu_check_bind_data(data);
2190 }
2191
iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev, void __user *udata)2192 int iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev, void __user *udata)
2193 {
2194 struct iommu_gpasid_bind_data data = {0};
2195 int ret;
2196
2197 if (unlikely(!domain->ops->sva_bind_gpasid)) {
2198 return -ENODEV;
2199 }
2200
2201 ret = iommu_sva_prepare_bind_data(udata, &data);
2202 if (ret) {
2203 return ret;
2204 }
2205
2206 return domain->ops->sva_bind_gpasid(domain, dev, &data);
2207 }
2208 EXPORT_SYMBOL_GPL(iommu_uapi_sva_bind_gpasid);
2209
iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, ioasid_t pasid)2210 int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, ioasid_t pasid)
2211 {
2212 if (unlikely(!domain->ops->sva_unbind_gpasid)) {
2213 return -ENODEV;
2214 }
2215
2216 return domain->ops->sva_unbind_gpasid(dev, pasid);
2217 }
2218 EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid);
2219
iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, void __user *udata)2220 int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, void __user *udata)
2221 {
2222 struct iommu_gpasid_bind_data data = {0};
2223 int ret;
2224
2225 if (unlikely(!domain->ops->sva_bind_gpasid)) {
2226 return -ENODEV;
2227 }
2228
2229 ret = iommu_sva_prepare_bind_data(udata, &data);
2230 if (ret) {
2231 return ret;
2232 }
2233
2234 return iommu_sva_unbind_gpasid(domain, dev, data.hpasid);
2235 }
2236 EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid);
2237
__iommu_detach_device(struct iommu_domain *domain, struct device *dev)2238 static void __iommu_detach_device(struct iommu_domain *domain, struct device *dev)
2239 {
2240 if (iommu_is_attach_deferred(domain, dev)) {
2241 return;
2242 }
2243
2244 if (unlikely(domain->ops->detach_dev == NULL)) {
2245 return;
2246 }
2247
2248 domain->ops->detach_dev(domain, dev);
2249 trace_detach_device_from_domain(dev);
2250 }
2251
iommu_detach_device(struct iommu_domain *domain, struct device *dev)2252 void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
2253 {
2254 struct iommu_group *group;
2255
2256 group = iommu_group_get(dev);
2257 if (!group) {
2258 return;
2259 }
2260
2261 mutex_lock(&group->mutex);
2262 /* Don't break detach if iommu shared by more than one master */
2263 if (iommu_group_device_count(group) < 1) {
2264 WARN_ON(1);
2265 goto out_unlock;
2266 }
2267
2268 iommu_detach_group_ext(domain, group);
2269
2270 out_unlock:
2271 mutex_unlock(&group->mutex);
2272 iommu_group_put(group);
2273 }
2274 EXPORT_SYMBOL_GPL(iommu_detach_device);
2275
iommu_get_domain_for_dev(struct device *dev)2276 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
2277 {
2278 struct iommu_domain *domain;
2279 struct iommu_group *group;
2280
2281 group = iommu_group_get(dev);
2282 if (!group) {
2283 return NULL;
2284 }
2285
2286 domain = group->domain;
2287
2288 iommu_group_put(group);
2289
2290 return domain;
2291 }
2292 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev);
2293
2294 /*
2295 * For IOMMU_DOMAIN_DMA implementations which already provide their own
2296 * guarantees that the group and its default domain are valid and correct.
2297 */
iommu_get_dma_domain(struct device *dev)2298 struct iommu_domain *iommu_get_dma_domain(struct device *dev)
2299 {
2300 return dev->iommu_group->default_domain;
2301 }
2302
2303 /*
2304 * IOMMU groups are really the natural working unit of the IOMMU, but
2305 * the IOMMU API works on domains and devices. Bridge that gap by
2306 * iterating over the devices in a group. Ideally we'd have a single
2307 * device which represents the requestor ID of the group, but we also
2308 * allow IOMMU drivers to create policy defined minimum sets, where
2309 * the physical hardware may be able to distiguish members, but we
2310 * wish to group them at a higher level (ex. untrusted multi-function
2311 * PCI devices). Thus we attach each device.
2312 */
iommu_group_do_attach_device(struct device *dev, void *data)2313 static int iommu_group_do_attach_device(struct device *dev, void *data)
2314 {
2315 struct iommu_domain *domain = data;
2316
2317 return iommu_attach_device_ext(domain, dev);
2318 }
2319
iommu_attach_group_ext(struct iommu_domain *domain, struct iommu_group *group)2320 static int iommu_attach_group_ext(struct iommu_domain *domain, struct iommu_group *group)
2321 {
2322 int ret;
2323
2324 if (group->default_domain && group->domain != group->default_domain) {
2325 return -EBUSY;
2326 }
2327
2328 ret = iommu_group_for_each_dev_ext(group, domain, iommu_group_do_attach_device);
2329 if (ret == 0) {
2330 group->domain = domain;
2331 }
2332
2333 return ret;
2334 }
2335
iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)2336 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
2337 {
2338 int ret;
2339
2340 mutex_lock(&group->mutex);
2341 ret = iommu_attach_group_ext(domain, group);
2342 mutex_unlock(&group->mutex);
2343
2344 return ret;
2345 }
2346 EXPORT_SYMBOL_GPL(iommu_attach_group);
2347
iommu_group_do_detach_device(struct device *dev, void *data)2348 static int iommu_group_do_detach_device(struct device *dev, void *data)
2349 {
2350 struct iommu_domain *domain = data;
2351
2352 __iommu_detach_device(domain, dev);
2353
2354 return 0;
2355 }
2356
iommu_detach_group_ext(struct iommu_domain *domain, struct iommu_group *group)2357 static void iommu_detach_group_ext(struct iommu_domain *domain, struct iommu_group *group)
2358 {
2359 int ret;
2360
2361 if (!group->default_domain) {
2362 iommu_group_for_each_dev_ext(group, domain, iommu_group_do_detach_device);
2363 group->domain = NULL;
2364 return;
2365 }
2366
2367 if (group->domain == group->default_domain) {
2368 return;
2369 }
2370
2371 /* Detach by re-attaching to the default domain */
2372 ret = iommu_group_for_each_dev_ext(group, group->default_domain, iommu_group_do_attach_device);
2373 if (ret != 0) {
2374 WARN_ON(1);
2375 } else {
2376 group->domain = group->default_domain;
2377 }
2378 }
2379
iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group)2380 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group)
2381 {
2382 mutex_lock(&group->mutex);
2383 iommu_detach_group_ext(domain, group);
2384 mutex_unlock(&group->mutex);
2385 }
2386 EXPORT_SYMBOL_GPL(iommu_detach_group);
2387
iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)2388 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2389 {
2390 if (unlikely(domain->ops->iova_to_phys == NULL)) {
2391 return 0;
2392 }
2393
2394 return domain->ops->iova_to_phys(domain, iova);
2395 }
2396 EXPORT_SYMBOL_GPL(iommu_iova_to_phys);
2397
iommu_pgsize(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, size_t *count)2398 static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size,
2399 size_t *count)
2400 {
2401 unsigned int pgsize_idx, pgsize_idx_next;
2402 unsigned long pgsizes;
2403 size_t offset, pgsize, pgsize_next;
2404 unsigned long addr_merge = paddr | iova;
2405 /* Page sizes supported by the hardware and small enough for @size */
2406 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0);
2407 /* Constrain the page sizes further based on the maximum alignment */
2408 if (likely(addr_merge)) {
2409 pgsizes &= GENMASK(__ffs(addr_merge), 0);
2410 }
2411 /* Make sure we have at least one suitable page size */
2412 BUG_ON(!pgsizes);
2413 /* Pick the biggest page size remaining */
2414 pgsize_idx = __fls(pgsizes);
2415 pgsize = BIT(pgsize_idx);
2416 if (!count) {
2417 return pgsize;
2418 }
2419 /* Find the next biggest support page size, if it exists */
2420 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0);
2421 if (!pgsizes) {
2422 goto out_set_count;
2423 }
2424 pgsize_idx_next = __ffs(pgsizes);
2425 pgsize_next = BIT(pgsize_idx_next);
2426 /*
2427 * There's no point trying a bigger page size unless the virtual
2428 * and physical addresses are similarly offset within the larger page.
2429 */
2430 if ((iova ^ paddr) & (pgsize_next - 1)) {
2431 goto out_set_count;
2432 }
2433 /* Calculate the offset to the next page size alignment boundary */
2434 offset = pgsize_next - (addr_merge & (pgsize_next - 1));
2435 /*
2436 * If size is big enough to accommodate the larger page, reduce
2437 * the number of smaller pages.
2438 */
2439 if (offset + pgsize_next <= size) {
2440 size = offset;
2441 }
2442
2443 out_set_count:
2444 *count = size >> pgsize_idx;
2445 return pgsize;
2446 }
2447
iommu_map_pages_ext(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot, gfp_t gfp, size_t *mapped)2448 static int iommu_map_pages_ext(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size,
2449 int prot, gfp_t gfp, size_t *mapped)
2450 {
2451 const struct iommu_ops *ops = domain->ops;
2452 size_t pgsize, count;
2453 int ret;
2454
2455 pgsize = iommu_pgsize(domain, iova, paddr, size, &count);
2456
2457 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n", iova, &paddr, pgsize, count);
2458
2459 if (ops->map_pages) {
2460 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot, gfp, mapped);
2461 } else {
2462 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp);
2463 *mapped = ret ? 0 : pgsize;
2464 }
2465
2466 return ret;
2467 }
2468
iommu_map_ext(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot, gfp_t gfp)2469 static int iommu_map_ext(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot,
2470 gfp_t gfp)
2471 {
2472 const struct iommu_ops *ops = domain->ops;
2473 unsigned long orig_iova = iova;
2474 unsigned int min_pagesz;
2475 size_t orig_size = size;
2476 phys_addr_t orig_paddr = paddr;
2477 int ret = 0;
2478
2479 if (unlikely(!(ops->map || ops->map_pages) || domain->pgsize_bitmap == 0UL)) {
2480 return -ENODEV;
2481 }
2482
2483 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) {
2484 return -EINVAL;
2485 }
2486
2487 /* find out the minimum page size supported */
2488 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2489 /*
2490 * both the virtual address and the physical one, as well as
2491 * the size of the mapping, must be aligned (at least) to the
2492 * size of the smallest page supported by the hardware
2493 */
2494 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) {
2495 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n", iova, &paddr, size, min_pagesz);
2496 return -EINVAL;
2497 }
2498
2499 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size);
2500
2501 while (size) {
2502 size_t mapped = 0;
2503
2504 ret = iommu_map_pages_ext(domain, iova, paddr, size, prot, gfp, &mapped);
2505 /*
2506 * Some pages may have been mapped, even if an error occurred,
2507 * so we should account for those so they can be unmapped.
2508 */
2509 size -= mapped;
2510
2511 if (ret) {
2512 break;
2513 }
2514
2515 iova += mapped;
2516 paddr += mapped;
2517 }
2518
2519 /* unroll mapping in case something went wrong */
2520 if (ret) {
2521 iommu_unmap(domain, orig_iova, orig_size - size);
2522 } else {
2523 trace_map(orig_iova, orig_paddr, orig_size);
2524 }
2525
2526 return ret;
2527 }
2528
_iommu_map(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot, gfp_t gfp)2529 static int _iommu_map(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot,
2530 gfp_t gfp)
2531 {
2532 const struct iommu_ops *ops = domain->ops;
2533 int ret;
2534
2535 ret = iommu_map_ext(domain, iova, paddr, size, prot, gfp);
2536 if (ret == 0 && ops->iotlb_sync_map) {
2537 ops->iotlb_sync_map(domain, iova, size);
2538 }
2539
2540 return ret;
2541 }
2542
iommu_map(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot)2543 int iommu_map(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot)
2544 {
2545 might_sleep();
2546 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL);
2547 }
2548 EXPORT_SYMBOL_GPL(iommu_map);
2549
iommu_map_atomic(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot)2550 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova, phys_addr_t paddr, size_t size, int prot)
2551 {
2552 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC);
2553 }
2554 EXPORT_SYMBOL_GPL(iommu_map_atomic);
2555
iommu_unmap_pages_ext(struct iommu_domain *domain, unsigned long iova, size_t size, struct iommu_iotlb_gather *iotlb_gather)2556 static size_t iommu_unmap_pages_ext(struct iommu_domain *domain, unsigned long iova, size_t size,
2557 struct iommu_iotlb_gather *iotlb_gather)
2558 {
2559 const struct iommu_ops *ops = domain->ops;
2560 size_t pgsize, count;
2561
2562 pgsize = iommu_pgsize(domain, iova, iova, size, &count);
2563 return ops->unmap_pages ? ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather)
2564 : ops->unmap(domain, iova, pgsize, iotlb_gather);
2565 }
2566
iommu_unmap_ext(struct iommu_domain *domain, unsigned long iova, size_t size, struct iommu_iotlb_gather *iotlb_gather)2567 static size_t iommu_unmap_ext(struct iommu_domain *domain, unsigned long iova, size_t size,
2568 struct iommu_iotlb_gather *iotlb_gather)
2569 {
2570 const struct iommu_ops *ops = domain->ops;
2571 size_t unmapped_page, unmapped = 0;
2572 unsigned long orig_iova = iova;
2573 unsigned int min_pagesz;
2574
2575 if (unlikely(!(ops->unmap || ops->unmap_pages) || domain->pgsize_bitmap == 0UL)) {
2576 return 0;
2577 }
2578
2579 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) {
2580 return 0;
2581 }
2582 /* find out the minimum page size supported */
2583 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2584 /*
2585 * The virtual address, as well as the size of the mapping, must be
2586 * aligned (at least) to the size of the smallest page supported
2587 * by the hardware
2588 */
2589 if (!IS_ALIGNED(iova | size, min_pagesz)) {
2590 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n", iova, size, min_pagesz);
2591 return 0;
2592 }
2593
2594 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size);
2595
2596 /*
2597 * Keep iterating until we either unmap 'size' bytes (or more)
2598 * or we hit an area that isn't mapped.
2599 */
2600 while (unmapped < size) {
2601 unmapped_page = iommu_unmap_pages_ext(domain, iova, size - unmapped, iotlb_gather);
2602 if (!unmapped_page) {
2603 break;
2604 }
2605
2606 pr_debug("unmapped: iova 0x%lx size 0x%zx\n", iova, unmapped_page);
2607
2608 iova += unmapped_page;
2609 unmapped += unmapped_page;
2610 }
2611
2612 trace_unmap(orig_iova, size, unmapped);
2613 return unmapped;
2614 }
2615
iommu_unmap(struct iommu_domain *domain, unsigned long iova, size_t size)2616 size_t iommu_unmap(struct iommu_domain *domain, unsigned long iova, size_t size)
2617 {
2618 struct iommu_iotlb_gather iotlb_gather;
2619 size_t ret;
2620
2621 iommu_iotlb_gather_init(&iotlb_gather);
2622 ret = iommu_unmap_ext(domain, iova, size, &iotlb_gather);
2623 iommu_iotlb_sync(domain, &iotlb_gather);
2624
2625 return ret;
2626 }
2627 EXPORT_SYMBOL_GPL(iommu_unmap);
2628
iommu_unmap_fast(struct iommu_domain *domain, unsigned long iova, size_t size, struct iommu_iotlb_gather *iotlb_gather)2629 size_t iommu_unmap_fast(struct iommu_domain *domain, unsigned long iova, size_t size,
2630 struct iommu_iotlb_gather *iotlb_gather)
2631 {
2632 return iommu_unmap_ext(domain, iova, size, iotlb_gather);
2633 }
2634 EXPORT_SYMBOL_GPL(iommu_unmap_fast);
2635
iommu_map_sg_ext(struct iommu_domain *domain, unsigned long iova, struct scatterlist *sg, unsigned int nents, int prot, gfp_t gfp)2636 static size_t iommu_map_sg_ext(struct iommu_domain *domain, unsigned long iova, struct scatterlist *sg,
2637 unsigned int nents, int prot, gfp_t gfp)
2638 {
2639 const struct iommu_ops *ops = domain->ops;
2640 size_t len = 0, mapped = 0;
2641 phys_addr_t start;
2642 unsigned int i = 0;
2643 int ret;
2644
2645 if (ops->map_sg) {
2646 ret = ops->map_sg(domain, iova, sg, nents, prot, gfp, &mapped);
2647
2648 if (ops->iotlb_sync_map) {
2649 ops->iotlb_sync_map(domain, iova, mapped);
2650 }
2651
2652 if (ret) {
2653 goto out_err;
2654 }
2655
2656 return mapped;
2657 }
2658
2659 while (i <= nents) {
2660 phys_addr_t s_phys = sg_phys(sg);
2661 if (len && s_phys != start + len) {
2662 ret = iommu_map_ext(domain, iova + mapped, start, len, prot, gfp);
2663 if (ret) {
2664 goto out_err;
2665 }
2666
2667 mapped += len;
2668 len = 0;
2669 }
2670
2671 if (len) {
2672 len += sg->length;
2673 } else {
2674 len = sg->length;
2675 start = s_phys;
2676 }
2677
2678 if (++i < nents) {
2679 sg = sg_next(sg);
2680 }
2681 }
2682
2683 if (ops->iotlb_sync_map) {
2684 ops->iotlb_sync_map(domain, iova, mapped);
2685 }
2686
2687 #ifdef IOMMU_TLB_SHOT_ENTIRE
2688 if (domain->ops->flush_iotlb_all && (prot & IOMMU_TLB_SHOT_ENTIRE)) {
2689 domain->ops->flush_iotlb_all(domain);
2690 }
2691 #endif
2692
2693 return mapped;
2694
2695 out_err:
2696 /* undo mappings already done */
2697 iommu_unmap(domain, iova, mapped);
2698
2699 return 0;
2700 }
2701
iommu_map_sg(struct iommu_domain *domain, unsigned long iova, struct scatterlist *sg, unsigned int nents, int prot)2702 size_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova, struct scatterlist *sg, unsigned int nents,
2703 int prot)
2704 {
2705 might_sleep();
2706 return iommu_map_sg_ext(domain, iova, sg, nents, prot, GFP_KERNEL);
2707 }
2708 EXPORT_SYMBOL_GPL(iommu_map_sg);
2709
iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova, struct scatterlist *sg, unsigned int nents, int prot)2710 size_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova, struct scatterlist *sg, unsigned int nents,
2711 int prot)
2712 {
2713 return iommu_map_sg_ext(domain, iova, sg, nents, prot, GFP_ATOMIC);
2714 }
2715 EXPORT_SYMBOL_GPL(iommu_map_sg_atomic);
2716
iommu_domain_window_enable(struct iommu_domain *domain, u32 wnd_nr, phys_addr_t paddr, u64 size, int prot)2717 int iommu_domain_window_enable(struct iommu_domain *domain, u32 wnd_nr, phys_addr_t paddr, u64 size, int prot)
2718 {
2719 if (unlikely(domain->ops->domain_window_enable == NULL)) {
2720 return -ENODEV;
2721 }
2722
2723 return domain->ops->domain_window_enable(domain, wnd_nr, paddr, size, prot);
2724 }
2725 EXPORT_SYMBOL_GPL(iommu_domain_window_enable);
2726
iommu_domain_window_disable(struct iommu_domain *domain, u32 wnd_nr)2727 void iommu_domain_window_disable(struct iommu_domain *domain, u32 wnd_nr)
2728 {
2729 if (unlikely(domain->ops->domain_window_disable == NULL)) {
2730 return;
2731 }
2732
2733 return domain->ops->domain_window_disable(domain, wnd_nr);
2734 }
2735 EXPORT_SYMBOL_GPL(iommu_domain_window_disable);
2736
2737 /**
2738 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework
2739 * @domain: the iommu domain where the fault has happened
2740 * @dev: the device where the fault has happened
2741 * @iova: the faulting address
2742 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...)
2743 *
2744 * This function should be called by the low-level IOMMU implementations
2745 * whenever IOMMU faults happen, to allow high-level users, that are
2746 * interested in such events, to know about them.
2747 *
2748 * This event may be useful for several possible use cases:
2749 * - mere logging of the event
2750 * - dynamic TLB/PTE loading
2751 * - if restarting of the faulting device is required
2752 *
2753 * Returns 0 on success and an appropriate error code otherwise (if dynamic
2754 * PTE/TLB loading will one day be supported, implementations will be able
2755 * to tell whether it succeeded or not according to this return value).
2756 *
2757 * Specifically, -ENOSYS is returned if a fault handler isn't installed
2758 * (though fault handlers can also return -ENOSYS, in case they want to
2759 * elicit the default behavior of the IOMMU drivers).
2760 */
report_iommu_fault(struct iommu_domain *domain, struct device *dev, unsigned long iova, int flags)2761 int report_iommu_fault(struct iommu_domain *domain, struct device *dev, unsigned long iova, int flags)
2762 {
2763 int ret = -ENOSYS;
2764
2765 /*
2766 * if upper layers showed interest and installed a fault handler,
2767 * invoke it.
2768 */
2769 if (domain->handler) {
2770 ret = domain->handler(domain, dev, iova, flags, domain->handler_token);
2771 }
2772
2773 trace_io_page_fault(dev, iova, flags);
2774 return ret;
2775 }
2776 EXPORT_SYMBOL_GPL(report_iommu_fault);
2777
iommu_init(void)2778 static int __init iommu_init(void)
2779 {
2780 iommu_group_kset = kset_create_and_add("iommu_groups", NULL, kernel_kobj);
2781 BUG_ON(!iommu_group_kset);
2782
2783 iommu_debugfs_setup();
2784
2785 return 0;
2786 }
2787 core_initcall(iommu_init);
2788
iommu_domain_get_attr(struct iommu_domain *domain, enum iommu_attr attr, void *data)2789 int iommu_domain_get_attr(struct iommu_domain *domain, enum iommu_attr attr, void *data)
2790 {
2791 struct iommu_domain_geometry *geometry;
2792 bool *paging;
2793 int ret = 0;
2794
2795 switch (attr) {
2796 case DOMAIN_ATTR_GEOMETRY:
2797 geometry = data;
2798 *geometry = domain->geometry;
2799
2800 break;
2801 case DOMAIN_ATTR_PAGING:
2802 paging = data;
2803 *paging = (domain->pgsize_bitmap != 0UL);
2804 break;
2805 default:
2806 if (!domain->ops->domain_get_attr) {
2807 return -EINVAL;
2808 }
2809
2810 ret = domain->ops->domain_get_attr(domain, attr, data);
2811 }
2812
2813 return ret;
2814 }
2815 EXPORT_SYMBOL_GPL(iommu_domain_get_attr);
2816
iommu_domain_set_attr(struct iommu_domain *domain, enum iommu_attr attr, void *data)2817 int iommu_domain_set_attr(struct iommu_domain *domain, enum iommu_attr attr, void *data)
2818 {
2819 int ret = 0;
2820
2821 if (domain->ops->domain_set_attr == NULL) {
2822 return -EINVAL;
2823 }
2824
2825 ret = domain->ops->domain_set_attr(domain, attr, data);
2826 return ret;
2827 }
2828 EXPORT_SYMBOL_GPL(iommu_domain_set_attr);
2829
iommu_get_resv_regions(struct device *dev, struct list_head *list)2830 void iommu_get_resv_regions(struct device *dev, struct list_head *list)
2831 {
2832 const struct iommu_ops *ops = dev->bus->iommu_ops;
2833
2834 if (ops && ops->get_resv_regions) {
2835 ops->get_resv_regions(dev, list);
2836 }
2837 }
2838
iommu_put_resv_regions(struct device *dev, struct list_head *list)2839 void iommu_put_resv_regions(struct device *dev, struct list_head *list)
2840 {
2841 const struct iommu_ops *ops = dev->bus->iommu_ops;
2842
2843 if (ops && ops->put_resv_regions) {
2844 ops->put_resv_regions(dev, list);
2845 }
2846 }
2847
2848 /**
2849 * generic_iommu_put_resv_regions - Reserved region driver helper
2850 * @dev: device for which to free reserved regions
2851 * @list: reserved region list for device
2852 *
2853 * IOMMU drivers can use this to implement their .put_resv_regions() callback
2854 * for simple reservations. Memory allocated for each reserved region will be
2855 * freed. If an IOMMU driver allocates additional resources per region, it is
2856 * going to have to implement a custom callback.
2857 */
generic_iommu_put_resv_regions(struct device *dev, struct list_head *list)2858 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list)
2859 {
2860 struct iommu_resv_region *entry, *next;
2861
2862 list_for_each_entry_safe(entry, next, list, list) kfree(entry);
2863 }
2864 EXPORT_SYMBOL(generic_iommu_put_resv_regions);
2865
iommu_alloc_resv_region(phys_addr_t start, size_t length, int prot, enum iommu_resv_type type)2866 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start, size_t length, int prot, enum iommu_resv_type type)
2867 {
2868 struct iommu_resv_region *region;
2869
2870 region = kzalloc(sizeof(*region), GFP_KERNEL);
2871 if (!region) {
2872 return NULL;
2873 }
2874
2875 INIT_LIST_HEAD(®ion->list);
2876 region->start = start;
2877 region->length = length;
2878 region->prot = prot;
2879 region->type = type;
2880 return region;
2881 }
2882 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region);
2883
iommu_set_default_passthrough(bool cmd_line)2884 void iommu_set_default_passthrough(bool cmd_line)
2885 {
2886 if (cmd_line) {
2887 iommu_set_cmd_line_dma_api();
2888 }
2889
2890 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY;
2891 }
2892
iommu_set_default_translated(bool cmd_line)2893 void iommu_set_default_translated(bool cmd_line)
2894 {
2895 if (cmd_line) {
2896 iommu_set_cmd_line_dma_api();
2897 }
2898
2899 iommu_def_domain_type = IOMMU_DOMAIN_DMA;
2900 }
2901
iommu_default_passthrough(void)2902 bool iommu_default_passthrough(void)
2903 {
2904 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY;
2905 }
2906 EXPORT_SYMBOL_GPL(iommu_default_passthrough);
2907
iommu_ops_from_fwnode(struct fwnode_handle *fwnode)2908 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode)
2909 {
2910 const struct iommu_ops *ops = NULL;
2911 struct iommu_device *iommu;
2912
2913 spin_lock(&iommu_device_lock);
2914 list_for_each_entry(iommu, &iommu_device_list, list)
2915 {
2916 if (iommu->fwnode == fwnode) {
2917 ops = iommu->ops;
2918 break;
2919 }
2920 }
2921 spin_unlock(&iommu_device_lock);
2922 return ops;
2923 }
2924
iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode, const struct iommu_ops *ops)2925 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode, const struct iommu_ops *ops)
2926 {
2927 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2928
2929 if (fwspec) {
2930 return ops == fwspec->ops ? 0 : -EINVAL;
2931 }
2932
2933 if (!dev_iommu_get(dev)) {
2934 return -ENOMEM;
2935 }
2936
2937 /* Preallocate for the overwhelmingly common case of 1 ID */
2938 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL);
2939 if (!fwspec) {
2940 return -ENOMEM;
2941 }
2942
2943 of_node_get(to_of_node(iommu_fwnode));
2944 fwspec->iommu_fwnode = iommu_fwnode;
2945 fwspec->ops = ops;
2946 dev_iommu_fwspec_set(dev, fwspec);
2947 return 0;
2948 }
2949 EXPORT_SYMBOL_GPL(iommu_fwspec_init);
2950
iommu_fwspec_free(struct device *dev)2951 void iommu_fwspec_free(struct device *dev)
2952 {
2953 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2954
2955 if (fwspec) {
2956 fwnode_handle_put(fwspec->iommu_fwnode);
2957 kfree(fwspec);
2958 dev_iommu_fwspec_set(dev, NULL);
2959 }
2960 }
2961 EXPORT_SYMBOL_GPL(iommu_fwspec_free);
2962
iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids)2963 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids)
2964 {
2965 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2966 int i, new_num;
2967
2968 if (!fwspec) {
2969 return -EINVAL;
2970 }
2971
2972 new_num = fwspec->num_ids + num_ids;
2973 if (new_num > 1) {
2974 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num), GFP_KERNEL);
2975 if (!fwspec) {
2976 return -ENOMEM;
2977 }
2978
2979 dev_iommu_fwspec_set(dev, fwspec);
2980 }
2981
2982 for (i = 0; i < num_ids; i++) {
2983 fwspec->ids[fwspec->num_ids + i] = ids[i];
2984 }
2985
2986 fwspec->num_ids = new_num;
2987 return 0;
2988 }
2989 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids);
2990
2991 /*
2992 * Per device IOMMU features.
2993 */
iommu_dev_has_feature(struct device *dev, enum iommu_dev_features feat)2994 bool iommu_dev_has_feature(struct device *dev, enum iommu_dev_features feat)
2995 {
2996 const struct iommu_ops *ops = dev->bus->iommu_ops;
2997
2998 if (ops && ops->dev_has_feat) {
2999 return ops->dev_has_feat(dev, feat);
3000 }
3001
3002 return false;
3003 }
3004 EXPORT_SYMBOL_GPL(iommu_dev_has_feature);
3005
iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat)3006 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat)
3007 {
3008 if (dev->iommu && dev->iommu->iommu_dev) {
3009 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
3010
3011 if (ops->dev_enable_feat) {
3012 return ops->dev_enable_feat(dev, feat);
3013 }
3014 }
3015
3016 return -ENODEV;
3017 }
3018 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature);
3019
3020 /*
3021 * The device drivers should do the necessary cleanups before calling this.
3022 * For example, before disabling the aux-domain feature, the device driver
3023 * should detach all aux-domains. Otherwise, this will return -EBUSY.
3024 */
iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat)3025 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat)
3026 {
3027 if (dev->iommu && dev->iommu->iommu_dev) {
3028 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
3029
3030 if (ops->dev_disable_feat) {
3031 return ops->dev_disable_feat(dev, feat);
3032 }
3033 }
3034
3035 return -EBUSY;
3036 }
3037 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature);
3038
iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat)3039 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat)
3040 {
3041 if (dev->iommu && dev->iommu->iommu_dev) {
3042 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
3043
3044 if (ops->dev_feat_enabled) {
3045 return ops->dev_feat_enabled(dev, feat);
3046 }
3047 }
3048
3049 return false;
3050 }
3051 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled);
3052
3053 /*
3054 * Aux-domain specific attach/detach.
3055 *
3056 * Only works if iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX) returns
3057 * true. Also, as long as domains are attached to a device through this
3058 * interface, any tries to call iommu_attach_device() should fail
3059 * (iommu_detach_device() can't fail, so we fail when trying to re-attach).
3060 * This should make us safe against a device being attached to a guest as a
3061 * whole while there are still pasid users on it (aux and sva).
3062 */
iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev)3063 int iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev)
3064 {
3065 int ret = -ENODEV;
3066
3067 if (domain->ops->aux_attach_dev) {
3068 ret = domain->ops->aux_attach_dev(domain, dev);
3069 }
3070
3071 if (!ret) {
3072 trace_attach_device_to_domain(dev);
3073 }
3074
3075 return ret;
3076 }
3077 EXPORT_SYMBOL_GPL(iommu_aux_attach_device);
3078
iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev)3079 void iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev)
3080 {
3081 if (domain->ops->aux_detach_dev) {
3082 domain->ops->aux_detach_dev(domain, dev);
3083 trace_detach_device_from_domain(dev);
3084 }
3085 }
3086 EXPORT_SYMBOL_GPL(iommu_aux_detach_device);
3087
iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev)3088 int iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev)
3089 {
3090 int ret = -ENODEV;
3091
3092 if (domain->ops->aux_get_pasid) {
3093 ret = domain->ops->aux_get_pasid(domain, dev);
3094 }
3095
3096 return ret;
3097 }
3098 EXPORT_SYMBOL_GPL(iommu_aux_get_pasid);
3099
3100 /**
3101 * iommu_sva_bind_device() - Bind a process address space to a device
3102 * @dev: the device
3103 * @mm: the mm to bind, caller must hold a reference to it
3104 *
3105 * Create a bond between device and address space, allowing the device to access
3106 * the mm using the returned PASID. If a bond already exists between @device and
3107 * @mm, it is returned and an additional reference is taken. Caller must call
3108 * iommu_sva_unbind_device() to release each reference.
3109 *
3110 * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to
3111 * initialize the required SVA features.
3112 *
3113 * On error, returns an ERR_PTR value.
3114 */
iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata)3115 struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata)
3116 {
3117 struct iommu_group *group;
3118 struct iommu_sva *handle = ERR_PTR(-EINVAL);
3119 const struct iommu_ops *ops = dev->bus->iommu_ops;
3120
3121 if (!ops || !ops->sva_bind) {
3122 return ERR_PTR(-ENODEV);
3123 }
3124
3125 group = iommu_group_get(dev);
3126 if (!group) {
3127 return ERR_PTR(-ENODEV);
3128 }
3129
3130 /* Ensure device count and domain don't change while we're binding */
3131 mutex_lock(&group->mutex);
3132
3133 /*
3134 * To keep things simple, SVA currently doesn't support IOMMU groups
3135 * with more than one device. Existing SVA-capable systems are not
3136 * affected by the problems that required IOMMU groups (lack of ACS
3137 * isolation, device ID aliasing and other hardware issues).
3138 */
3139 if (iommu_group_device_count(group) != 1) {
3140 goto out_unlock;
3141 }
3142
3143 handle = ops->sva_bind(dev, mm, drvdata);
3144
3145 out_unlock:
3146 mutex_unlock(&group->mutex);
3147 iommu_group_put(group);
3148
3149 return handle;
3150 }
3151 EXPORT_SYMBOL_GPL(iommu_sva_bind_device);
3152
3153 /**
3154 * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device
3155 * @handle: the handle returned by iommu_sva_bind_device()
3156 *
3157 * Put reference to a bond between device and address space. The device should
3158 * not be issuing any more transaction for this PASID. All outstanding page
3159 * requests for this PASID must have been flushed to the IOMMU.
3160 *
3161 * Returns 0 on success, or an error value
3162 */
iommu_sva_unbind_device(struct iommu_sva *handle)3163 void iommu_sva_unbind_device(struct iommu_sva *handle)
3164 {
3165 struct iommu_group *group;
3166 struct device *dev = handle->dev;
3167 const struct iommu_ops *ops = dev->bus->iommu_ops;
3168
3169 if (!ops || !ops->sva_unbind) {
3170 return;
3171 }
3172
3173 group = iommu_group_get(dev);
3174 if (!group) {
3175 return;
3176 }
3177
3178 mutex_lock(&group->mutex);
3179 ops->sva_unbind(handle);
3180 mutex_unlock(&group->mutex);
3181
3182 iommu_group_put(group);
3183 }
3184 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device);
3185
iommu_sva_get_pasid(struct iommu_sva *handle)3186 u32 iommu_sva_get_pasid(struct iommu_sva *handle)
3187 {
3188 const struct iommu_ops *ops = handle->dev->bus->iommu_ops;
3189
3190 if (!ops || !ops->sva_get_pasid) {
3191 return IOMMU_PASID_INVALID;
3192 }
3193
3194 return ops->sva_get_pasid(handle);
3195 }
3196 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
3197