1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * nested.c - nested mode translation support
4 *
5 * Copyright (C) 2023 Intel Corporation
6 *
7 * Author: Lu Baolu <baolu.lu@linux.intel.com>
8 * Jacob Pan <jacob.jun.pan@linux.intel.com>
9 * Yi Liu <yi.l.liu@intel.com>
10 */
11
12 #define pr_fmt(fmt) "DMAR: " fmt
13
14 #include <linux/iommu.h>
15 #include <linux/pci.h>
16 #include <linux/pci-ats.h>
17
18 #include "iommu.h"
19 #include "pasid.h"
20
intel_nested_attach_dev(struct iommu_domain * domain,struct device * dev)21 static int intel_nested_attach_dev(struct iommu_domain *domain,
22 struct device *dev)
23 {
24 struct device_domain_info *info = dev_iommu_priv_get(dev);
25 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
26 struct intel_iommu *iommu = info->iommu;
27 unsigned long flags;
28 int ret = 0;
29
30 device_block_translation(dev);
31
32 if (iommu->agaw < dmar_domain->s2_domain->agaw) {
33 dev_err_ratelimited(dev, "Adjusted guest address width not compatible\n");
34 return -ENODEV;
35 }
36
37 /*
38 * Stage-1 domain cannot work alone, it is nested on a s2_domain.
39 * The s2_domain will be used in nested translation, hence needs
40 * to ensure the s2_domain is compatible with this IOMMU.
41 */
42 ret = paging_domain_compatible(&dmar_domain->s2_domain->domain, dev);
43 if (ret) {
44 dev_err_ratelimited(dev, "s2 domain is not compatible\n");
45 return ret;
46 }
47
48 ret = domain_attach_iommu(dmar_domain, iommu);
49 if (ret) {
50 dev_err_ratelimited(dev, "Failed to attach domain to iommu\n");
51 return ret;
52 }
53
54 ret = cache_tag_assign_domain(dmar_domain, dev, IOMMU_NO_PASID);
55 if (ret)
56 goto detach_iommu;
57
58 ret = iopf_for_domain_set(domain, dev);
59 if (ret)
60 goto unassign_tag;
61
62 ret = intel_pasid_setup_nested(iommu, dev,
63 IOMMU_NO_PASID, dmar_domain);
64 if (ret)
65 goto disable_iopf;
66
67 info->domain = dmar_domain;
68 info->domain_attached = true;
69 spin_lock_irqsave(&dmar_domain->lock, flags);
70 list_add(&info->link, &dmar_domain->devices);
71 spin_unlock_irqrestore(&dmar_domain->lock, flags);
72
73 return 0;
74 disable_iopf:
75 iopf_for_domain_remove(domain, dev);
76 unassign_tag:
77 cache_tag_unassign_domain(dmar_domain, dev, IOMMU_NO_PASID);
78 detach_iommu:
79 domain_detach_iommu(dmar_domain, iommu);
80
81 return ret;
82 }
83
intel_nested_domain_free(struct iommu_domain * domain)84 static void intel_nested_domain_free(struct iommu_domain *domain)
85 {
86 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
87 struct dmar_domain *s2_domain = dmar_domain->s2_domain;
88
89 spin_lock(&s2_domain->s1_lock);
90 list_del(&dmar_domain->s2_link);
91 spin_unlock(&s2_domain->s1_lock);
92 kfree(dmar_domain->qi_batch);
93 kfree(dmar_domain);
94 }
95
intel_nested_cache_invalidate_user(struct iommu_domain * domain,struct iommu_user_data_array * array)96 static int intel_nested_cache_invalidate_user(struct iommu_domain *domain,
97 struct iommu_user_data_array *array)
98 {
99 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
100 struct iommu_hwpt_vtd_s1_invalidate inv_entry;
101 u32 index, processed = 0;
102 int ret = 0;
103
104 if (array->type != IOMMU_HWPT_INVALIDATE_DATA_VTD_S1) {
105 ret = -EINVAL;
106 goto out;
107 }
108
109 for (index = 0; index < array->entry_num; index++) {
110 ret = iommu_copy_struct_from_user_array(&inv_entry, array,
111 IOMMU_HWPT_INVALIDATE_DATA_VTD_S1,
112 index, __reserved);
113 if (ret)
114 break;
115
116 if ((inv_entry.flags & ~IOMMU_VTD_INV_FLAGS_LEAF) ||
117 inv_entry.__reserved) {
118 ret = -EOPNOTSUPP;
119 break;
120 }
121
122 if (!IS_ALIGNED(inv_entry.addr, VTD_PAGE_SIZE) ||
123 ((inv_entry.npages == U64_MAX) && inv_entry.addr)) {
124 ret = -EINVAL;
125 break;
126 }
127
128 cache_tag_flush_range(dmar_domain, inv_entry.addr,
129 inv_entry.addr + nrpages_to_size(inv_entry.npages) - 1,
130 inv_entry.flags & IOMMU_VTD_INV_FLAGS_LEAF);
131 processed++;
132 }
133
134 out:
135 array->entry_num = processed;
136 return ret;
137 }
138
domain_setup_nested(struct intel_iommu * iommu,struct dmar_domain * domain,struct device * dev,ioasid_t pasid,struct iommu_domain * old)139 static int domain_setup_nested(struct intel_iommu *iommu,
140 struct dmar_domain *domain,
141 struct device *dev, ioasid_t pasid,
142 struct iommu_domain *old)
143 {
144 if (!old)
145 return intel_pasid_setup_nested(iommu, dev, pasid, domain);
146 return intel_pasid_replace_nested(iommu, dev, pasid,
147 iommu_domain_did(old, iommu),
148 domain);
149 }
150
intel_nested_set_dev_pasid(struct iommu_domain * domain,struct device * dev,ioasid_t pasid,struct iommu_domain * old)151 static int intel_nested_set_dev_pasid(struct iommu_domain *domain,
152 struct device *dev, ioasid_t pasid,
153 struct iommu_domain *old)
154 {
155 struct device_domain_info *info = dev_iommu_priv_get(dev);
156 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
157 struct intel_iommu *iommu = info->iommu;
158 struct dev_pasid_info *dev_pasid;
159 int ret;
160
161 if (!pasid_supported(iommu) || dev_is_real_dma_subdevice(dev))
162 return -EOPNOTSUPP;
163
164 if (context_copied(iommu, info->bus, info->devfn))
165 return -EBUSY;
166
167 ret = paging_domain_compatible(&dmar_domain->s2_domain->domain, dev);
168 if (ret)
169 return ret;
170
171 dev_pasid = domain_add_dev_pasid(domain, dev, pasid);
172 if (IS_ERR(dev_pasid))
173 return PTR_ERR(dev_pasid);
174
175 ret = iopf_for_domain_replace(domain, old, dev);
176 if (ret)
177 goto out_remove_dev_pasid;
178
179 ret = domain_setup_nested(iommu, dmar_domain, dev, pasid, old);
180 if (ret)
181 goto out_unwind_iopf;
182
183 domain_remove_dev_pasid(old, dev, pasid);
184
185 return 0;
186
187 out_unwind_iopf:
188 iopf_for_domain_replace(old, domain, dev);
189 out_remove_dev_pasid:
190 domain_remove_dev_pasid(domain, dev, pasid);
191 return ret;
192 }
193
194 static const struct iommu_domain_ops intel_nested_domain_ops = {
195 .attach_dev = intel_nested_attach_dev,
196 .set_dev_pasid = intel_nested_set_dev_pasid,
197 .free = intel_nested_domain_free,
198 .cache_invalidate_user = intel_nested_cache_invalidate_user,
199 };
200
201 struct iommu_domain *
intel_iommu_domain_alloc_nested(struct device * dev,struct iommu_domain * parent,u32 flags,const struct iommu_user_data * user_data)202 intel_iommu_domain_alloc_nested(struct device *dev, struct iommu_domain *parent,
203 u32 flags,
204 const struct iommu_user_data *user_data)
205 {
206 struct device_domain_info *info = dev_iommu_priv_get(dev);
207 struct dmar_domain *s2_domain = to_dmar_domain(parent);
208 struct intel_iommu *iommu = info->iommu;
209 struct iommu_hwpt_vtd_s1 vtd;
210 struct dmar_domain *domain;
211 int ret;
212
213 if (!nested_supported(iommu) || flags & ~IOMMU_HWPT_ALLOC_PASID)
214 return ERR_PTR(-EOPNOTSUPP);
215
216 /* Must be nested domain */
217 if (user_data->type != IOMMU_HWPT_DATA_VTD_S1)
218 return ERR_PTR(-EOPNOTSUPP);
219 if (parent->ops != intel_iommu_ops.default_domain_ops ||
220 !s2_domain->nested_parent)
221 return ERR_PTR(-EINVAL);
222
223 ret = iommu_copy_struct_from_user(&vtd, user_data,
224 IOMMU_HWPT_DATA_VTD_S1, __reserved);
225 if (ret)
226 return ERR_PTR(ret);
227
228 domain = kzalloc(sizeof(*domain), GFP_KERNEL_ACCOUNT);
229 if (!domain)
230 return ERR_PTR(-ENOMEM);
231
232 domain->use_first_level = true;
233 domain->s2_domain = s2_domain;
234 domain->s1_cfg = vtd;
235 domain->domain.ops = &intel_nested_domain_ops;
236 domain->domain.type = IOMMU_DOMAIN_NESTED;
237 INIT_LIST_HEAD(&domain->devices);
238 INIT_LIST_HEAD(&domain->dev_pasids);
239 INIT_LIST_HEAD(&domain->cache_tags);
240 spin_lock_init(&domain->lock);
241 spin_lock_init(&domain->cache_lock);
242 xa_init(&domain->iommu_array);
243
244 spin_lock(&s2_domain->s1_lock);
245 list_add(&domain->s2_link, &s2_domain->s1_domains);
246 spin_unlock(&s2_domain->s1_lock);
247
248 return &domain->domain;
249 }
250