xref: /linux/drivers/iommu/intel/nested.c (revision 4e73826089ce899357580bbf6e0afe4e6f9900b7)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * nested.c - nested mode translation support
4  *
5  * Copyright (C) 2023 Intel Corporation
6  *
7  * Author: Lu Baolu <baolu.lu@linux.intel.com>
8  *         Jacob Pan <jacob.jun.pan@linux.intel.com>
9  *         Yi Liu <yi.l.liu@intel.com>
10  */
11 
12 #define pr_fmt(fmt)	"DMAR: " fmt
13 
14 #include <linux/iommu.h>
15 #include <linux/pci.h>
16 #include <linux/pci-ats.h>
17 
18 #include "iommu.h"
19 #include "pasid.h"
20 
21 static int intel_nested_attach_dev(struct iommu_domain *domain,
22 				   struct device *dev)
23 {
24 	struct device_domain_info *info = dev_iommu_priv_get(dev);
25 	struct dmar_domain *dmar_domain = to_dmar_domain(domain);
26 	struct intel_iommu *iommu = info->iommu;
27 	unsigned long flags;
28 	int ret = 0;
29 
30 	if (info->domain)
31 		device_block_translation(dev);
32 
33 	if (iommu->agaw < dmar_domain->s2_domain->agaw) {
34 		dev_err_ratelimited(dev, "Adjusted guest address width not compatible\n");
35 		return -ENODEV;
36 	}
37 
38 	/*
39 	 * Stage-1 domain cannot work alone, it is nested on a s2_domain.
40 	 * The s2_domain will be used in nested translation, hence needs
41 	 * to ensure the s2_domain is compatible with this IOMMU.
42 	 */
43 	ret = prepare_domain_attach_device(&dmar_domain->s2_domain->domain, dev);
44 	if (ret) {
45 		dev_err_ratelimited(dev, "s2 domain is not compatible\n");
46 		return ret;
47 	}
48 
49 	ret = domain_attach_iommu(dmar_domain, iommu);
50 	if (ret) {
51 		dev_err_ratelimited(dev, "Failed to attach domain to iommu\n");
52 		return ret;
53 	}
54 
55 	ret = intel_pasid_setup_nested(iommu, dev,
56 				       IOMMU_NO_PASID, dmar_domain);
57 	if (ret) {
58 		domain_detach_iommu(dmar_domain, iommu);
59 		dev_err_ratelimited(dev, "Failed to setup pasid entry\n");
60 		return ret;
61 	}
62 
63 	info->domain = dmar_domain;
64 	spin_lock_irqsave(&dmar_domain->lock, flags);
65 	list_add(&info->link, &dmar_domain->devices);
66 	spin_unlock_irqrestore(&dmar_domain->lock, flags);
67 
68 	return 0;
69 }
70 
71 static void intel_nested_domain_free(struct iommu_domain *domain)
72 {
73 	kfree(to_dmar_domain(domain));
74 }
75 
76 static void nested_flush_dev_iotlb(struct dmar_domain *domain, u64 addr,
77 				   unsigned int mask)
78 {
79 	struct device_domain_info *info;
80 	unsigned long flags;
81 	u16 sid, qdep;
82 
83 	spin_lock_irqsave(&domain->lock, flags);
84 	list_for_each_entry(info, &domain->devices, link) {
85 		if (!info->ats_enabled)
86 			continue;
87 		sid = info->bus << 8 | info->devfn;
88 		qdep = info->ats_qdep;
89 		qi_flush_dev_iotlb(info->iommu, sid, info->pfsid,
90 				   qdep, addr, mask);
91 		quirk_extra_dev_tlb_flush(info, addr, mask,
92 					  IOMMU_NO_PASID, qdep);
93 	}
94 	spin_unlock_irqrestore(&domain->lock, flags);
95 }
96 
97 static void intel_nested_flush_cache(struct dmar_domain *domain, u64 addr,
98 				     unsigned long npages, bool ih)
99 {
100 	struct iommu_domain_info *info;
101 	unsigned int mask;
102 	unsigned long i;
103 
104 	xa_for_each(&domain->iommu_array, i, info)
105 		qi_flush_piotlb(info->iommu,
106 				domain_id_iommu(domain, info->iommu),
107 				IOMMU_NO_PASID, addr, npages, ih);
108 
109 	if (!domain->has_iotlb_device)
110 		return;
111 
112 	if (npages == U64_MAX)
113 		mask = 64 - VTD_PAGE_SHIFT;
114 	else
115 		mask = ilog2(__roundup_pow_of_two(npages));
116 
117 	nested_flush_dev_iotlb(domain, addr, mask);
118 }
119 
120 static int intel_nested_cache_invalidate_user(struct iommu_domain *domain,
121 					      struct iommu_user_data_array *array)
122 {
123 	struct dmar_domain *dmar_domain = to_dmar_domain(domain);
124 	struct iommu_hwpt_vtd_s1_invalidate inv_entry;
125 	u32 index, processed = 0;
126 	int ret = 0;
127 
128 	if (array->type != IOMMU_HWPT_INVALIDATE_DATA_VTD_S1) {
129 		ret = -EINVAL;
130 		goto out;
131 	}
132 
133 	for (index = 0; index < array->entry_num; index++) {
134 		ret = iommu_copy_struct_from_user_array(&inv_entry, array,
135 							IOMMU_HWPT_INVALIDATE_DATA_VTD_S1,
136 							index, __reserved);
137 		if (ret)
138 			break;
139 
140 		if ((inv_entry.flags & ~IOMMU_VTD_INV_FLAGS_LEAF) ||
141 		    inv_entry.__reserved) {
142 			ret = -EOPNOTSUPP;
143 			break;
144 		}
145 
146 		if (!IS_ALIGNED(inv_entry.addr, VTD_PAGE_SIZE) ||
147 		    ((inv_entry.npages == U64_MAX) && inv_entry.addr)) {
148 			ret = -EINVAL;
149 			break;
150 		}
151 
152 		intel_nested_flush_cache(dmar_domain, inv_entry.addr,
153 					 inv_entry.npages,
154 					 inv_entry.flags & IOMMU_VTD_INV_FLAGS_LEAF);
155 		processed++;
156 	}
157 
158 out:
159 	array->entry_num = processed;
160 	return ret;
161 }
162 
163 static const struct iommu_domain_ops intel_nested_domain_ops = {
164 	.attach_dev		= intel_nested_attach_dev,
165 	.free			= intel_nested_domain_free,
166 	.cache_invalidate_user	= intel_nested_cache_invalidate_user,
167 };
168 
169 struct iommu_domain *intel_nested_domain_alloc(struct iommu_domain *parent,
170 					       const struct iommu_user_data *user_data)
171 {
172 	struct dmar_domain *s2_domain = to_dmar_domain(parent);
173 	struct iommu_hwpt_vtd_s1 vtd;
174 	struct dmar_domain *domain;
175 	int ret;
176 
177 	/* Must be nested domain */
178 	if (user_data->type != IOMMU_HWPT_DATA_VTD_S1)
179 		return ERR_PTR(-EOPNOTSUPP);
180 	if (parent->ops != intel_iommu_ops.default_domain_ops ||
181 	    !s2_domain->nested_parent)
182 		return ERR_PTR(-EINVAL);
183 
184 	ret = iommu_copy_struct_from_user(&vtd, user_data,
185 					  IOMMU_HWPT_DATA_VTD_S1, __reserved);
186 	if (ret)
187 		return ERR_PTR(ret);
188 
189 	domain = kzalloc(sizeof(*domain), GFP_KERNEL_ACCOUNT);
190 	if (!domain)
191 		return ERR_PTR(-ENOMEM);
192 
193 	domain->use_first_level = true;
194 	domain->s2_domain = s2_domain;
195 	domain->s1_pgtbl = vtd.pgtbl_addr;
196 	domain->s1_cfg = vtd;
197 	domain->domain.ops = &intel_nested_domain_ops;
198 	domain->domain.type = IOMMU_DOMAIN_NESTED;
199 	INIT_LIST_HEAD(&domain->devices);
200 	INIT_LIST_HEAD(&domain->dev_pasids);
201 	spin_lock_init(&domain->lock);
202 	xa_init(&domain->iommu_array);
203 
204 	return &domain->domain;
205 }
206