1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * nested.c - nested mode translation support 4 * 5 * Copyright (C) 2023 Intel Corporation 6 * 7 * Author: Lu Baolu <baolu.lu@linux.intel.com> 8 * Jacob Pan <jacob.jun.pan@linux.intel.com> 9 * Yi Liu <yi.l.liu@intel.com> 10 */ 11 12 #define pr_fmt(fmt) "DMAR: " fmt 13 14 #include <linux/iommu.h> 15 #include <linux/pci.h> 16 #include <linux/pci-ats.h> 17 18 #include "iommu.h" 19 #include "pasid.h" 20 21 static int intel_nested_attach_dev(struct iommu_domain *domain, 22 struct device *dev) 23 { 24 struct device_domain_info *info = dev_iommu_priv_get(dev); 25 struct dmar_domain *dmar_domain = to_dmar_domain(domain); 26 struct intel_iommu *iommu = info->iommu; 27 unsigned long flags; 28 int ret = 0; 29 30 if (info->domain) 31 device_block_translation(dev); 32 33 if (iommu->agaw < dmar_domain->s2_domain->agaw) { 34 dev_err_ratelimited(dev, "Adjusted guest address width not compatible\n"); 35 return -ENODEV; 36 } 37 38 /* 39 * Stage-1 domain cannot work alone, it is nested on a s2_domain. 40 * The s2_domain will be used in nested translation, hence needs 41 * to ensure the s2_domain is compatible with this IOMMU. 42 */ 43 ret = prepare_domain_attach_device(&dmar_domain->s2_domain->domain, dev); 44 if (ret) { 45 dev_err_ratelimited(dev, "s2 domain is not compatible\n"); 46 return ret; 47 } 48 49 ret = domain_attach_iommu(dmar_domain, iommu); 50 if (ret) { 51 dev_err_ratelimited(dev, "Failed to attach domain to iommu\n"); 52 return ret; 53 } 54 55 ret = intel_pasid_setup_nested(iommu, dev, 56 IOMMU_NO_PASID, dmar_domain); 57 if (ret) { 58 domain_detach_iommu(dmar_domain, iommu); 59 dev_err_ratelimited(dev, "Failed to setup pasid entry\n"); 60 return ret; 61 } 62 63 info->domain = dmar_domain; 64 spin_lock_irqsave(&dmar_domain->lock, flags); 65 list_add(&info->link, &dmar_domain->devices); 66 spin_unlock_irqrestore(&dmar_domain->lock, flags); 67 68 return 0; 69 } 70 71 static void intel_nested_domain_free(struct iommu_domain *domain) 72 { 73 kfree(to_dmar_domain(domain)); 74 } 75 76 static void nested_flush_dev_iotlb(struct dmar_domain *domain, u64 addr, 77 unsigned int mask) 78 { 79 struct device_domain_info *info; 80 unsigned long flags; 81 u16 sid, qdep; 82 83 spin_lock_irqsave(&domain->lock, flags); 84 list_for_each_entry(info, &domain->devices, link) { 85 if (!info->ats_enabled) 86 continue; 87 sid = info->bus << 8 | info->devfn; 88 qdep = info->ats_qdep; 89 qi_flush_dev_iotlb(info->iommu, sid, info->pfsid, 90 qdep, addr, mask); 91 quirk_extra_dev_tlb_flush(info, addr, mask, 92 IOMMU_NO_PASID, qdep); 93 } 94 spin_unlock_irqrestore(&domain->lock, flags); 95 } 96 97 static void intel_nested_flush_cache(struct dmar_domain *domain, u64 addr, 98 unsigned long npages, bool ih) 99 { 100 struct iommu_domain_info *info; 101 unsigned int mask; 102 unsigned long i; 103 104 xa_for_each(&domain->iommu_array, i, info) 105 qi_flush_piotlb(info->iommu, 106 domain_id_iommu(domain, info->iommu), 107 IOMMU_NO_PASID, addr, npages, ih); 108 109 if (!domain->has_iotlb_device) 110 return; 111 112 if (npages == U64_MAX) 113 mask = 64 - VTD_PAGE_SHIFT; 114 else 115 mask = ilog2(__roundup_pow_of_two(npages)); 116 117 nested_flush_dev_iotlb(domain, addr, mask); 118 } 119 120 static int intel_nested_cache_invalidate_user(struct iommu_domain *domain, 121 struct iommu_user_data_array *array) 122 { 123 struct dmar_domain *dmar_domain = to_dmar_domain(domain); 124 struct iommu_hwpt_vtd_s1_invalidate inv_entry; 125 u32 index, processed = 0; 126 int ret = 0; 127 128 if (array->type != IOMMU_HWPT_INVALIDATE_DATA_VTD_S1) { 129 ret = -EINVAL; 130 goto out; 131 } 132 133 for (index = 0; index < array->entry_num; index++) { 134 ret = iommu_copy_struct_from_user_array(&inv_entry, array, 135 IOMMU_HWPT_INVALIDATE_DATA_VTD_S1, 136 index, __reserved); 137 if (ret) 138 break; 139 140 if ((inv_entry.flags & ~IOMMU_VTD_INV_FLAGS_LEAF) || 141 inv_entry.__reserved) { 142 ret = -EOPNOTSUPP; 143 break; 144 } 145 146 if (!IS_ALIGNED(inv_entry.addr, VTD_PAGE_SIZE) || 147 ((inv_entry.npages == U64_MAX) && inv_entry.addr)) { 148 ret = -EINVAL; 149 break; 150 } 151 152 intel_nested_flush_cache(dmar_domain, inv_entry.addr, 153 inv_entry.npages, 154 inv_entry.flags & IOMMU_VTD_INV_FLAGS_LEAF); 155 processed++; 156 } 157 158 out: 159 array->entry_num = processed; 160 return ret; 161 } 162 163 static const struct iommu_domain_ops intel_nested_domain_ops = { 164 .attach_dev = intel_nested_attach_dev, 165 .free = intel_nested_domain_free, 166 .cache_invalidate_user = intel_nested_cache_invalidate_user, 167 }; 168 169 struct iommu_domain *intel_nested_domain_alloc(struct iommu_domain *parent, 170 const struct iommu_user_data *user_data) 171 { 172 struct dmar_domain *s2_domain = to_dmar_domain(parent); 173 struct iommu_hwpt_vtd_s1 vtd; 174 struct dmar_domain *domain; 175 int ret; 176 177 /* Must be nested domain */ 178 if (user_data->type != IOMMU_HWPT_DATA_VTD_S1) 179 return ERR_PTR(-EOPNOTSUPP); 180 if (parent->ops != intel_iommu_ops.default_domain_ops || 181 !s2_domain->nested_parent) 182 return ERR_PTR(-EINVAL); 183 184 ret = iommu_copy_struct_from_user(&vtd, user_data, 185 IOMMU_HWPT_DATA_VTD_S1, __reserved); 186 if (ret) 187 return ERR_PTR(ret); 188 189 domain = kzalloc(sizeof(*domain), GFP_KERNEL_ACCOUNT); 190 if (!domain) 191 return ERR_PTR(-ENOMEM); 192 193 domain->use_first_level = true; 194 domain->s2_domain = s2_domain; 195 domain->s1_pgtbl = vtd.pgtbl_addr; 196 domain->s1_cfg = vtd; 197 domain->domain.ops = &intel_nested_domain_ops; 198 domain->domain.type = IOMMU_DOMAIN_NESTED; 199 INIT_LIST_HEAD(&domain->devices); 200 INIT_LIST_HEAD(&domain->dev_pasids); 201 spin_lock_init(&domain->lock); 202 xa_init(&domain->iommu_array); 203 204 return &domain->domain; 205 } 206