1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc. 4 * Author: Joerg Roedel <jroedel@suse.de> 5 */ 6 7 #define pr_fmt(fmt) "iommu: " fmt 8 9 #include <linux/amba/bus.h> 10 #include <linux/device.h> 11 #include <linux/kernel.h> 12 #include <linux/bits.h> 13 #include <linux/bug.h> 14 #include <linux/types.h> 15 #include <linux/init.h> 16 #include <linux/export.h> 17 #include <linux/slab.h> 18 #include <linux/errno.h> 19 #include <linux/host1x_context_bus.h> 20 #include <linux/iommu.h> 21 #include <linux/idr.h> 22 #include <linux/err.h> 23 #include <linux/pci.h> 24 #include <linux/pci-ats.h> 25 #include <linux/bitops.h> 26 #include <linux/platform_device.h> 27 #include <linux/property.h> 28 #include <linux/fsl/mc.h> 29 #include <linux/module.h> 30 #include <linux/cc_platform.h> 31 #include <linux/cdx/cdx_bus.h> 32 #include <trace/events/iommu.h> 33 #include <linux/sched/mm.h> 34 #include <linux/msi.h> 35 36 #include "dma-iommu.h" 37 #include "iommu-priv.h" 38 39 static struct kset *iommu_group_kset; 40 static DEFINE_IDA(iommu_group_ida); 41 static DEFINE_IDA(iommu_global_pasid_ida); 42 43 static unsigned int iommu_def_domain_type __read_mostly; 44 static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_STRICT); 45 static u32 iommu_cmd_line __read_mostly; 46 47 struct iommu_group { 48 struct kobject kobj; 49 struct kobject *devices_kobj; 50 struct list_head devices; 51 struct xarray pasid_array; 52 struct mutex mutex; 53 void *iommu_data; 54 void (*iommu_data_release)(void *iommu_data); 55 char *name; 56 int id; 57 struct iommu_domain *default_domain; 58 struct iommu_domain *blocking_domain; 59 struct iommu_domain *domain; 60 struct list_head entry; 61 unsigned int owner_cnt; 62 void *owner; 63 }; 64 65 struct group_device { 66 struct list_head list; 67 struct device *dev; 68 char *name; 69 }; 70 71 /* Iterate over each struct group_device in a struct iommu_group */ 72 #define for_each_group_device(group, pos) \ 73 list_for_each_entry(pos, &(group)->devices, list) 74 75 struct iommu_group_attribute { 76 struct attribute attr; 77 ssize_t (*show)(struct iommu_group *group, char *buf); 78 ssize_t (*store)(struct iommu_group *group, 79 const char *buf, size_t count); 80 }; 81 82 static const char * const iommu_group_resv_type_string[] = { 83 [IOMMU_RESV_DIRECT] = "direct", 84 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable", 85 [IOMMU_RESV_RESERVED] = "reserved", 86 [IOMMU_RESV_MSI] = "msi", 87 [IOMMU_RESV_SW_MSI] = "msi", 88 }; 89 90 #define IOMMU_CMD_LINE_DMA_API BIT(0) 91 #define IOMMU_CMD_LINE_STRICT BIT(1) 92 93 static int iommu_bus_notifier(struct notifier_block *nb, 94 unsigned long action, void *data); 95 static void iommu_release_device(struct device *dev); 96 static struct iommu_domain * 97 __iommu_group_domain_alloc(struct iommu_group *group, unsigned int type); 98 static int __iommu_attach_device(struct iommu_domain *domain, 99 struct device *dev); 100 static int __iommu_attach_group(struct iommu_domain *domain, 101 struct iommu_group *group); 102 103 enum { 104 IOMMU_SET_DOMAIN_MUST_SUCCEED = 1 << 0, 105 }; 106 107 static int __iommu_device_set_domain(struct iommu_group *group, 108 struct device *dev, 109 struct iommu_domain *new_domain, 110 unsigned int flags); 111 static int __iommu_group_set_domain_internal(struct iommu_group *group, 112 struct iommu_domain *new_domain, 113 unsigned int flags); 114 static int __iommu_group_set_domain(struct iommu_group *group, 115 struct iommu_domain *new_domain) 116 { 117 return __iommu_group_set_domain_internal(group, new_domain, 0); 118 } 119 static void __iommu_group_set_domain_nofail(struct iommu_group *group, 120 struct iommu_domain *new_domain) 121 { 122 WARN_ON(__iommu_group_set_domain_internal( 123 group, new_domain, IOMMU_SET_DOMAIN_MUST_SUCCEED)); 124 } 125 126 static int iommu_setup_default_domain(struct iommu_group *group, 127 int target_type); 128 static int iommu_create_device_direct_mappings(struct iommu_domain *domain, 129 struct device *dev); 130 static ssize_t iommu_group_store_type(struct iommu_group *group, 131 const char *buf, size_t count); 132 static struct group_device *iommu_group_alloc_device(struct iommu_group *group, 133 struct device *dev); 134 static void __iommu_group_free_device(struct iommu_group *group, 135 struct group_device *grp_dev); 136 137 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \ 138 struct iommu_group_attribute iommu_group_attr_##_name = \ 139 __ATTR(_name, _mode, _show, _store) 140 141 #define to_iommu_group_attr(_attr) \ 142 container_of(_attr, struct iommu_group_attribute, attr) 143 #define to_iommu_group(_kobj) \ 144 container_of(_kobj, struct iommu_group, kobj) 145 146 static LIST_HEAD(iommu_device_list); 147 static DEFINE_SPINLOCK(iommu_device_lock); 148 149 static const struct bus_type * const iommu_buses[] = { 150 &platform_bus_type, 151 #ifdef CONFIG_PCI 152 &pci_bus_type, 153 #endif 154 #ifdef CONFIG_ARM_AMBA 155 &amba_bustype, 156 #endif 157 #ifdef CONFIG_FSL_MC_BUS 158 &fsl_mc_bus_type, 159 #endif 160 #ifdef CONFIG_TEGRA_HOST1X_CONTEXT_BUS 161 &host1x_context_device_bus_type, 162 #endif 163 #ifdef CONFIG_CDX_BUS 164 &cdx_bus_type, 165 #endif 166 }; 167 168 /* 169 * Use a function instead of an array here because the domain-type is a 170 * bit-field, so an array would waste memory. 171 */ 172 static const char *iommu_domain_type_str(unsigned int t) 173 { 174 switch (t) { 175 case IOMMU_DOMAIN_BLOCKED: 176 return "Blocked"; 177 case IOMMU_DOMAIN_IDENTITY: 178 return "Passthrough"; 179 case IOMMU_DOMAIN_UNMANAGED: 180 return "Unmanaged"; 181 case IOMMU_DOMAIN_DMA: 182 case IOMMU_DOMAIN_DMA_FQ: 183 return "Translated"; 184 case IOMMU_DOMAIN_PLATFORM: 185 return "Platform"; 186 default: 187 return "Unknown"; 188 } 189 } 190 191 static int __init iommu_subsys_init(void) 192 { 193 struct notifier_block *nb; 194 195 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) { 196 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH)) 197 iommu_set_default_passthrough(false); 198 else 199 iommu_set_default_translated(false); 200 201 if (iommu_default_passthrough() && cc_platform_has(CC_ATTR_MEM_ENCRYPT)) { 202 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n"); 203 iommu_set_default_translated(false); 204 } 205 } 206 207 if (!iommu_default_passthrough() && !iommu_dma_strict) 208 iommu_def_domain_type = IOMMU_DOMAIN_DMA_FQ; 209 210 pr_info("Default domain type: %s%s\n", 211 iommu_domain_type_str(iommu_def_domain_type), 212 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ? 213 " (set via kernel command line)" : ""); 214 215 if (!iommu_default_passthrough()) 216 pr_info("DMA domain TLB invalidation policy: %s mode%s\n", 217 iommu_dma_strict ? "strict" : "lazy", 218 (iommu_cmd_line & IOMMU_CMD_LINE_STRICT) ? 219 " (set via kernel command line)" : ""); 220 221 nb = kcalloc(ARRAY_SIZE(iommu_buses), sizeof(*nb), GFP_KERNEL); 222 if (!nb) 223 return -ENOMEM; 224 225 for (int i = 0; i < ARRAY_SIZE(iommu_buses); i++) { 226 nb[i].notifier_call = iommu_bus_notifier; 227 bus_register_notifier(iommu_buses[i], &nb[i]); 228 } 229 230 return 0; 231 } 232 subsys_initcall(iommu_subsys_init); 233 234 static int remove_iommu_group(struct device *dev, void *data) 235 { 236 if (dev->iommu && dev->iommu->iommu_dev == data) 237 iommu_release_device(dev); 238 239 return 0; 240 } 241 242 /** 243 * iommu_device_register() - Register an IOMMU hardware instance 244 * @iommu: IOMMU handle for the instance 245 * @ops: IOMMU ops to associate with the instance 246 * @hwdev: (optional) actual instance device, used for fwnode lookup 247 * 248 * Return: 0 on success, or an error. 249 */ 250 int iommu_device_register(struct iommu_device *iommu, 251 const struct iommu_ops *ops, struct device *hwdev) 252 { 253 int err = 0; 254 255 /* We need to be able to take module references appropriately */ 256 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner)) 257 return -EINVAL; 258 259 iommu->ops = ops; 260 if (hwdev) 261 iommu->fwnode = dev_fwnode(hwdev); 262 263 spin_lock(&iommu_device_lock); 264 list_add_tail(&iommu->list, &iommu_device_list); 265 spin_unlock(&iommu_device_lock); 266 267 for (int i = 0; i < ARRAY_SIZE(iommu_buses) && !err; i++) 268 err = bus_iommu_probe(iommu_buses[i]); 269 if (err) 270 iommu_device_unregister(iommu); 271 return err; 272 } 273 EXPORT_SYMBOL_GPL(iommu_device_register); 274 275 void iommu_device_unregister(struct iommu_device *iommu) 276 { 277 for (int i = 0; i < ARRAY_SIZE(iommu_buses); i++) 278 bus_for_each_dev(iommu_buses[i], NULL, iommu, remove_iommu_group); 279 280 spin_lock(&iommu_device_lock); 281 list_del(&iommu->list); 282 spin_unlock(&iommu_device_lock); 283 284 /* Pairs with the alloc in generic_single_device_group() */ 285 iommu_group_put(iommu->singleton_group); 286 iommu->singleton_group = NULL; 287 } 288 EXPORT_SYMBOL_GPL(iommu_device_unregister); 289 290 #if IS_ENABLED(CONFIG_IOMMUFD_TEST) 291 void iommu_device_unregister_bus(struct iommu_device *iommu, 292 const struct bus_type *bus, 293 struct notifier_block *nb) 294 { 295 bus_unregister_notifier(bus, nb); 296 iommu_device_unregister(iommu); 297 } 298 EXPORT_SYMBOL_GPL(iommu_device_unregister_bus); 299 300 /* 301 * Register an iommu driver against a single bus. This is only used by iommufd 302 * selftest to create a mock iommu driver. The caller must provide 303 * some memory to hold a notifier_block. 304 */ 305 int iommu_device_register_bus(struct iommu_device *iommu, 306 const struct iommu_ops *ops, 307 const struct bus_type *bus, 308 struct notifier_block *nb) 309 { 310 int err; 311 312 iommu->ops = ops; 313 nb->notifier_call = iommu_bus_notifier; 314 err = bus_register_notifier(bus, nb); 315 if (err) 316 return err; 317 318 spin_lock(&iommu_device_lock); 319 list_add_tail(&iommu->list, &iommu_device_list); 320 spin_unlock(&iommu_device_lock); 321 322 err = bus_iommu_probe(bus); 323 if (err) { 324 iommu_device_unregister_bus(iommu, bus, nb); 325 return err; 326 } 327 return 0; 328 } 329 EXPORT_SYMBOL_GPL(iommu_device_register_bus); 330 #endif 331 332 static struct dev_iommu *dev_iommu_get(struct device *dev) 333 { 334 struct dev_iommu *param = dev->iommu; 335 336 lockdep_assert_held(&iommu_probe_device_lock); 337 338 if (param) 339 return param; 340 341 param = kzalloc(sizeof(*param), GFP_KERNEL); 342 if (!param) 343 return NULL; 344 345 mutex_init(¶m->lock); 346 dev->iommu = param; 347 return param; 348 } 349 350 static void dev_iommu_free(struct device *dev) 351 { 352 struct dev_iommu *param = dev->iommu; 353 354 dev->iommu = NULL; 355 if (param->fwspec) { 356 fwnode_handle_put(param->fwspec->iommu_fwnode); 357 kfree(param->fwspec); 358 } 359 kfree(param); 360 } 361 362 /* 363 * Internal equivalent of device_iommu_mapped() for when we care that a device 364 * actually has API ops, and don't want false positives from VFIO-only groups. 365 */ 366 static bool dev_has_iommu(struct device *dev) 367 { 368 return dev->iommu && dev->iommu->iommu_dev; 369 } 370 371 static u32 dev_iommu_get_max_pasids(struct device *dev) 372 { 373 u32 max_pasids = 0, bits = 0; 374 int ret; 375 376 if (dev_is_pci(dev)) { 377 ret = pci_max_pasids(to_pci_dev(dev)); 378 if (ret > 0) 379 max_pasids = ret; 380 } else { 381 ret = device_property_read_u32(dev, "pasid-num-bits", &bits); 382 if (!ret) 383 max_pasids = 1UL << bits; 384 } 385 386 return min_t(u32, max_pasids, dev->iommu->iommu_dev->max_pasids); 387 } 388 389 void dev_iommu_priv_set(struct device *dev, void *priv) 390 { 391 /* FSL_PAMU does something weird */ 392 if (!IS_ENABLED(CONFIG_FSL_PAMU)) 393 lockdep_assert_held(&iommu_probe_device_lock); 394 dev->iommu->priv = priv; 395 } 396 EXPORT_SYMBOL_GPL(dev_iommu_priv_set); 397 398 /* 399 * Init the dev->iommu and dev->iommu_group in the struct device and get the 400 * driver probed 401 */ 402 static int iommu_init_device(struct device *dev, const struct iommu_ops *ops) 403 { 404 struct iommu_device *iommu_dev; 405 struct iommu_group *group; 406 int ret; 407 408 if (!dev_iommu_get(dev)) 409 return -ENOMEM; 410 411 if (!try_module_get(ops->owner)) { 412 ret = -EINVAL; 413 goto err_free; 414 } 415 416 iommu_dev = ops->probe_device(dev); 417 if (IS_ERR(iommu_dev)) { 418 ret = PTR_ERR(iommu_dev); 419 goto err_module_put; 420 } 421 dev->iommu->iommu_dev = iommu_dev; 422 423 ret = iommu_device_link(iommu_dev, dev); 424 if (ret) 425 goto err_release; 426 427 group = ops->device_group(dev); 428 if (WARN_ON_ONCE(group == NULL)) 429 group = ERR_PTR(-EINVAL); 430 if (IS_ERR(group)) { 431 ret = PTR_ERR(group); 432 goto err_unlink; 433 } 434 dev->iommu_group = group; 435 436 dev->iommu->max_pasids = dev_iommu_get_max_pasids(dev); 437 if (ops->is_attach_deferred) 438 dev->iommu->attach_deferred = ops->is_attach_deferred(dev); 439 return 0; 440 441 err_unlink: 442 iommu_device_unlink(iommu_dev, dev); 443 err_release: 444 if (ops->release_device) 445 ops->release_device(dev); 446 err_module_put: 447 module_put(ops->owner); 448 err_free: 449 dev->iommu->iommu_dev = NULL; 450 dev_iommu_free(dev); 451 return ret; 452 } 453 454 static void iommu_deinit_device(struct device *dev) 455 { 456 struct iommu_group *group = dev->iommu_group; 457 const struct iommu_ops *ops = dev_iommu_ops(dev); 458 459 lockdep_assert_held(&group->mutex); 460 461 iommu_device_unlink(dev->iommu->iommu_dev, dev); 462 463 /* 464 * release_device() must stop using any attached domain on the device. 465 * If there are still other devices in the group, they are not affected 466 * by this callback. 467 * 468 * If the iommu driver provides release_domain, the core code ensures 469 * that domain is attached prior to calling release_device. Drivers can 470 * use this to enforce a translation on the idle iommu. Typically, the 471 * global static blocked_domain is a good choice. 472 * 473 * Otherwise, the iommu driver must set the device to either an identity 474 * or a blocking translation in release_device() and stop using any 475 * domain pointer, as it is going to be freed. 476 * 477 * Regardless, if a delayed attach never occurred, then the release 478 * should still avoid touching any hardware configuration either. 479 */ 480 if (!dev->iommu->attach_deferred && ops->release_domain) 481 ops->release_domain->ops->attach_dev(ops->release_domain, dev); 482 483 if (ops->release_device) 484 ops->release_device(dev); 485 486 /* 487 * If this is the last driver to use the group then we must free the 488 * domains before we do the module_put(). 489 */ 490 if (list_empty(&group->devices)) { 491 if (group->default_domain) { 492 iommu_domain_free(group->default_domain); 493 group->default_domain = NULL; 494 } 495 if (group->blocking_domain) { 496 iommu_domain_free(group->blocking_domain); 497 group->blocking_domain = NULL; 498 } 499 group->domain = NULL; 500 } 501 502 /* Caller must put iommu_group */ 503 dev->iommu_group = NULL; 504 module_put(ops->owner); 505 dev_iommu_free(dev); 506 } 507 508 DEFINE_MUTEX(iommu_probe_device_lock); 509 510 static int __iommu_probe_device(struct device *dev, struct list_head *group_list) 511 { 512 const struct iommu_ops *ops; 513 struct iommu_group *group; 514 struct group_device *gdev; 515 int ret; 516 517 /* 518 * For FDT-based systems and ACPI IORT/VIOT, drivers register IOMMU 519 * instances with non-NULL fwnodes, and client devices should have been 520 * identified with a fwspec by this point. Otherwise, we can currently 521 * assume that only one of Intel, AMD, s390, PAMU or legacy SMMUv2 can 522 * be present, and that any of their registered instances has suitable 523 * ops for probing, and thus cheekily co-opt the same mechanism. 524 */ 525 ops = iommu_fwspec_ops(dev_iommu_fwspec_get(dev)); 526 if (!ops) 527 return -ENODEV; 528 /* 529 * Serialise to avoid races between IOMMU drivers registering in 530 * parallel and/or the "replay" calls from ACPI/OF code via client 531 * driver probe. Once the latter have been cleaned up we should 532 * probably be able to use device_lock() here to minimise the scope, 533 * but for now enforcing a simple global ordering is fine. 534 */ 535 lockdep_assert_held(&iommu_probe_device_lock); 536 537 /* Device is probed already if in a group */ 538 if (dev->iommu_group) 539 return 0; 540 541 ret = iommu_init_device(dev, ops); 542 if (ret) 543 return ret; 544 545 group = dev->iommu_group; 546 gdev = iommu_group_alloc_device(group, dev); 547 mutex_lock(&group->mutex); 548 if (IS_ERR(gdev)) { 549 ret = PTR_ERR(gdev); 550 goto err_put_group; 551 } 552 553 /* 554 * The gdev must be in the list before calling 555 * iommu_setup_default_domain() 556 */ 557 list_add_tail(&gdev->list, &group->devices); 558 WARN_ON(group->default_domain && !group->domain); 559 if (group->default_domain) 560 iommu_create_device_direct_mappings(group->default_domain, dev); 561 if (group->domain) { 562 ret = __iommu_device_set_domain(group, dev, group->domain, 0); 563 if (ret) 564 goto err_remove_gdev; 565 } else if (!group->default_domain && !group_list) { 566 ret = iommu_setup_default_domain(group, 0); 567 if (ret) 568 goto err_remove_gdev; 569 } else if (!group->default_domain) { 570 /* 571 * With a group_list argument we defer the default_domain setup 572 * to the caller by providing a de-duplicated list of groups 573 * that need further setup. 574 */ 575 if (list_empty(&group->entry)) 576 list_add_tail(&group->entry, group_list); 577 } 578 579 if (group->default_domain) 580 iommu_setup_dma_ops(dev); 581 582 mutex_unlock(&group->mutex); 583 584 return 0; 585 586 err_remove_gdev: 587 list_del(&gdev->list); 588 __iommu_group_free_device(group, gdev); 589 err_put_group: 590 iommu_deinit_device(dev); 591 mutex_unlock(&group->mutex); 592 iommu_group_put(group); 593 594 return ret; 595 } 596 597 int iommu_probe_device(struct device *dev) 598 { 599 const struct iommu_ops *ops; 600 int ret; 601 602 mutex_lock(&iommu_probe_device_lock); 603 ret = __iommu_probe_device(dev, NULL); 604 mutex_unlock(&iommu_probe_device_lock); 605 if (ret) 606 return ret; 607 608 ops = dev_iommu_ops(dev); 609 if (ops->probe_finalize) 610 ops->probe_finalize(dev); 611 612 return 0; 613 } 614 615 static void __iommu_group_free_device(struct iommu_group *group, 616 struct group_device *grp_dev) 617 { 618 struct device *dev = grp_dev->dev; 619 620 sysfs_remove_link(group->devices_kobj, grp_dev->name); 621 sysfs_remove_link(&dev->kobj, "iommu_group"); 622 623 trace_remove_device_from_group(group->id, dev); 624 625 /* 626 * If the group has become empty then ownership must have been 627 * released, and the current domain must be set back to NULL or 628 * the default domain. 629 */ 630 if (list_empty(&group->devices)) 631 WARN_ON(group->owner_cnt || 632 group->domain != group->default_domain); 633 634 kfree(grp_dev->name); 635 kfree(grp_dev); 636 } 637 638 /* Remove the iommu_group from the struct device. */ 639 static void __iommu_group_remove_device(struct device *dev) 640 { 641 struct iommu_group *group = dev->iommu_group; 642 struct group_device *device; 643 644 mutex_lock(&group->mutex); 645 for_each_group_device(group, device) { 646 if (device->dev != dev) 647 continue; 648 649 list_del(&device->list); 650 __iommu_group_free_device(group, device); 651 if (dev_has_iommu(dev)) 652 iommu_deinit_device(dev); 653 else 654 dev->iommu_group = NULL; 655 break; 656 } 657 mutex_unlock(&group->mutex); 658 659 /* 660 * Pairs with the get in iommu_init_device() or 661 * iommu_group_add_device() 662 */ 663 iommu_group_put(group); 664 } 665 666 static void iommu_release_device(struct device *dev) 667 { 668 struct iommu_group *group = dev->iommu_group; 669 670 if (group) 671 __iommu_group_remove_device(dev); 672 673 /* Free any fwspec if no iommu_driver was ever attached */ 674 if (dev->iommu) 675 dev_iommu_free(dev); 676 } 677 678 static int __init iommu_set_def_domain_type(char *str) 679 { 680 bool pt; 681 int ret; 682 683 ret = kstrtobool(str, &pt); 684 if (ret) 685 return ret; 686 687 if (pt) 688 iommu_set_default_passthrough(true); 689 else 690 iommu_set_default_translated(true); 691 692 return 0; 693 } 694 early_param("iommu.passthrough", iommu_set_def_domain_type); 695 696 static int __init iommu_dma_setup(char *str) 697 { 698 int ret = kstrtobool(str, &iommu_dma_strict); 699 700 if (!ret) 701 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT; 702 return ret; 703 } 704 early_param("iommu.strict", iommu_dma_setup); 705 706 void iommu_set_dma_strict(void) 707 { 708 iommu_dma_strict = true; 709 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA_FQ) 710 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 711 } 712 713 static ssize_t iommu_group_attr_show(struct kobject *kobj, 714 struct attribute *__attr, char *buf) 715 { 716 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 717 struct iommu_group *group = to_iommu_group(kobj); 718 ssize_t ret = -EIO; 719 720 if (attr->show) 721 ret = attr->show(group, buf); 722 return ret; 723 } 724 725 static ssize_t iommu_group_attr_store(struct kobject *kobj, 726 struct attribute *__attr, 727 const char *buf, size_t count) 728 { 729 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 730 struct iommu_group *group = to_iommu_group(kobj); 731 ssize_t ret = -EIO; 732 733 if (attr->store) 734 ret = attr->store(group, buf, count); 735 return ret; 736 } 737 738 static const struct sysfs_ops iommu_group_sysfs_ops = { 739 .show = iommu_group_attr_show, 740 .store = iommu_group_attr_store, 741 }; 742 743 static int iommu_group_create_file(struct iommu_group *group, 744 struct iommu_group_attribute *attr) 745 { 746 return sysfs_create_file(&group->kobj, &attr->attr); 747 } 748 749 static void iommu_group_remove_file(struct iommu_group *group, 750 struct iommu_group_attribute *attr) 751 { 752 sysfs_remove_file(&group->kobj, &attr->attr); 753 } 754 755 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf) 756 { 757 return sysfs_emit(buf, "%s\n", group->name); 758 } 759 760 /** 761 * iommu_insert_resv_region - Insert a new region in the 762 * list of reserved regions. 763 * @new: new region to insert 764 * @regions: list of regions 765 * 766 * Elements are sorted by start address and overlapping segments 767 * of the same type are merged. 768 */ 769 static int iommu_insert_resv_region(struct iommu_resv_region *new, 770 struct list_head *regions) 771 { 772 struct iommu_resv_region *iter, *tmp, *nr, *top; 773 LIST_HEAD(stack); 774 775 nr = iommu_alloc_resv_region(new->start, new->length, 776 new->prot, new->type, GFP_KERNEL); 777 if (!nr) 778 return -ENOMEM; 779 780 /* First add the new element based on start address sorting */ 781 list_for_each_entry(iter, regions, list) { 782 if (nr->start < iter->start || 783 (nr->start == iter->start && nr->type <= iter->type)) 784 break; 785 } 786 list_add_tail(&nr->list, &iter->list); 787 788 /* Merge overlapping segments of type nr->type in @regions, if any */ 789 list_for_each_entry_safe(iter, tmp, regions, list) { 790 phys_addr_t top_end, iter_end = iter->start + iter->length - 1; 791 792 /* no merge needed on elements of different types than @new */ 793 if (iter->type != new->type) { 794 list_move_tail(&iter->list, &stack); 795 continue; 796 } 797 798 /* look for the last stack element of same type as @iter */ 799 list_for_each_entry_reverse(top, &stack, list) 800 if (top->type == iter->type) 801 goto check_overlap; 802 803 list_move_tail(&iter->list, &stack); 804 continue; 805 806 check_overlap: 807 top_end = top->start + top->length - 1; 808 809 if (iter->start > top_end + 1) { 810 list_move_tail(&iter->list, &stack); 811 } else { 812 top->length = max(top_end, iter_end) - top->start + 1; 813 list_del(&iter->list); 814 kfree(iter); 815 } 816 } 817 list_splice(&stack, regions); 818 return 0; 819 } 820 821 static int 822 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions, 823 struct list_head *group_resv_regions) 824 { 825 struct iommu_resv_region *entry; 826 int ret = 0; 827 828 list_for_each_entry(entry, dev_resv_regions, list) { 829 ret = iommu_insert_resv_region(entry, group_resv_regions); 830 if (ret) 831 break; 832 } 833 return ret; 834 } 835 836 int iommu_get_group_resv_regions(struct iommu_group *group, 837 struct list_head *head) 838 { 839 struct group_device *device; 840 int ret = 0; 841 842 mutex_lock(&group->mutex); 843 for_each_group_device(group, device) { 844 struct list_head dev_resv_regions; 845 846 /* 847 * Non-API groups still expose reserved_regions in sysfs, 848 * so filter out calls that get here that way. 849 */ 850 if (!dev_has_iommu(device->dev)) 851 break; 852 853 INIT_LIST_HEAD(&dev_resv_regions); 854 iommu_get_resv_regions(device->dev, &dev_resv_regions); 855 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head); 856 iommu_put_resv_regions(device->dev, &dev_resv_regions); 857 if (ret) 858 break; 859 } 860 mutex_unlock(&group->mutex); 861 return ret; 862 } 863 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions); 864 865 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group, 866 char *buf) 867 { 868 struct iommu_resv_region *region, *next; 869 struct list_head group_resv_regions; 870 int offset = 0; 871 872 INIT_LIST_HEAD(&group_resv_regions); 873 iommu_get_group_resv_regions(group, &group_resv_regions); 874 875 list_for_each_entry_safe(region, next, &group_resv_regions, list) { 876 offset += sysfs_emit_at(buf, offset, "0x%016llx 0x%016llx %s\n", 877 (long long)region->start, 878 (long long)(region->start + 879 region->length - 1), 880 iommu_group_resv_type_string[region->type]); 881 kfree(region); 882 } 883 884 return offset; 885 } 886 887 static ssize_t iommu_group_show_type(struct iommu_group *group, 888 char *buf) 889 { 890 char *type = "unknown"; 891 892 mutex_lock(&group->mutex); 893 if (group->default_domain) { 894 switch (group->default_domain->type) { 895 case IOMMU_DOMAIN_BLOCKED: 896 type = "blocked"; 897 break; 898 case IOMMU_DOMAIN_IDENTITY: 899 type = "identity"; 900 break; 901 case IOMMU_DOMAIN_UNMANAGED: 902 type = "unmanaged"; 903 break; 904 case IOMMU_DOMAIN_DMA: 905 type = "DMA"; 906 break; 907 case IOMMU_DOMAIN_DMA_FQ: 908 type = "DMA-FQ"; 909 break; 910 } 911 } 912 mutex_unlock(&group->mutex); 913 914 return sysfs_emit(buf, "%s\n", type); 915 } 916 917 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL); 918 919 static IOMMU_GROUP_ATTR(reserved_regions, 0444, 920 iommu_group_show_resv_regions, NULL); 921 922 static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type, 923 iommu_group_store_type); 924 925 static void iommu_group_release(struct kobject *kobj) 926 { 927 struct iommu_group *group = to_iommu_group(kobj); 928 929 pr_debug("Releasing group %d\n", group->id); 930 931 if (group->iommu_data_release) 932 group->iommu_data_release(group->iommu_data); 933 934 ida_free(&iommu_group_ida, group->id); 935 936 /* Domains are free'd by iommu_deinit_device() */ 937 WARN_ON(group->default_domain); 938 WARN_ON(group->blocking_domain); 939 940 kfree(group->name); 941 kfree(group); 942 } 943 944 static const struct kobj_type iommu_group_ktype = { 945 .sysfs_ops = &iommu_group_sysfs_ops, 946 .release = iommu_group_release, 947 }; 948 949 /** 950 * iommu_group_alloc - Allocate a new group 951 * 952 * This function is called by an iommu driver to allocate a new iommu 953 * group. The iommu group represents the minimum granularity of the iommu. 954 * Upon successful return, the caller holds a reference to the supplied 955 * group in order to hold the group until devices are added. Use 956 * iommu_group_put() to release this extra reference count, allowing the 957 * group to be automatically reclaimed once it has no devices or external 958 * references. 959 */ 960 struct iommu_group *iommu_group_alloc(void) 961 { 962 struct iommu_group *group; 963 int ret; 964 965 group = kzalloc(sizeof(*group), GFP_KERNEL); 966 if (!group) 967 return ERR_PTR(-ENOMEM); 968 969 group->kobj.kset = iommu_group_kset; 970 mutex_init(&group->mutex); 971 INIT_LIST_HEAD(&group->devices); 972 INIT_LIST_HEAD(&group->entry); 973 xa_init(&group->pasid_array); 974 975 ret = ida_alloc(&iommu_group_ida, GFP_KERNEL); 976 if (ret < 0) { 977 kfree(group); 978 return ERR_PTR(ret); 979 } 980 group->id = ret; 981 982 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype, 983 NULL, "%d", group->id); 984 if (ret) { 985 kobject_put(&group->kobj); 986 return ERR_PTR(ret); 987 } 988 989 group->devices_kobj = kobject_create_and_add("devices", &group->kobj); 990 if (!group->devices_kobj) { 991 kobject_put(&group->kobj); /* triggers .release & free */ 992 return ERR_PTR(-ENOMEM); 993 } 994 995 /* 996 * The devices_kobj holds a reference on the group kobject, so 997 * as long as that exists so will the group. We can therefore 998 * use the devices_kobj for reference counting. 999 */ 1000 kobject_put(&group->kobj); 1001 1002 ret = iommu_group_create_file(group, 1003 &iommu_group_attr_reserved_regions); 1004 if (ret) { 1005 kobject_put(group->devices_kobj); 1006 return ERR_PTR(ret); 1007 } 1008 1009 ret = iommu_group_create_file(group, &iommu_group_attr_type); 1010 if (ret) { 1011 kobject_put(group->devices_kobj); 1012 return ERR_PTR(ret); 1013 } 1014 1015 pr_debug("Allocated group %d\n", group->id); 1016 1017 return group; 1018 } 1019 EXPORT_SYMBOL_GPL(iommu_group_alloc); 1020 1021 /** 1022 * iommu_group_get_iommudata - retrieve iommu_data registered for a group 1023 * @group: the group 1024 * 1025 * iommu drivers can store data in the group for use when doing iommu 1026 * operations. This function provides a way to retrieve it. Caller 1027 * should hold a group reference. 1028 */ 1029 void *iommu_group_get_iommudata(struct iommu_group *group) 1030 { 1031 return group->iommu_data; 1032 } 1033 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata); 1034 1035 /** 1036 * iommu_group_set_iommudata - set iommu_data for a group 1037 * @group: the group 1038 * @iommu_data: new data 1039 * @release: release function for iommu_data 1040 * 1041 * iommu drivers can store data in the group for use when doing iommu 1042 * operations. This function provides a way to set the data after 1043 * the group has been allocated. Caller should hold a group reference. 1044 */ 1045 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data, 1046 void (*release)(void *iommu_data)) 1047 { 1048 group->iommu_data = iommu_data; 1049 group->iommu_data_release = release; 1050 } 1051 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata); 1052 1053 /** 1054 * iommu_group_set_name - set name for a group 1055 * @group: the group 1056 * @name: name 1057 * 1058 * Allow iommu driver to set a name for a group. When set it will 1059 * appear in a name attribute file under the group in sysfs. 1060 */ 1061 int iommu_group_set_name(struct iommu_group *group, const char *name) 1062 { 1063 int ret; 1064 1065 if (group->name) { 1066 iommu_group_remove_file(group, &iommu_group_attr_name); 1067 kfree(group->name); 1068 group->name = NULL; 1069 if (!name) 1070 return 0; 1071 } 1072 1073 group->name = kstrdup(name, GFP_KERNEL); 1074 if (!group->name) 1075 return -ENOMEM; 1076 1077 ret = iommu_group_create_file(group, &iommu_group_attr_name); 1078 if (ret) { 1079 kfree(group->name); 1080 group->name = NULL; 1081 return ret; 1082 } 1083 1084 return 0; 1085 } 1086 EXPORT_SYMBOL_GPL(iommu_group_set_name); 1087 1088 static int iommu_create_device_direct_mappings(struct iommu_domain *domain, 1089 struct device *dev) 1090 { 1091 struct iommu_resv_region *entry; 1092 struct list_head mappings; 1093 unsigned long pg_size; 1094 int ret = 0; 1095 1096 pg_size = domain->pgsize_bitmap ? 1UL << __ffs(domain->pgsize_bitmap) : 0; 1097 INIT_LIST_HEAD(&mappings); 1098 1099 if (WARN_ON_ONCE(iommu_is_dma_domain(domain) && !pg_size)) 1100 return -EINVAL; 1101 1102 iommu_get_resv_regions(dev, &mappings); 1103 1104 /* We need to consider overlapping regions for different devices */ 1105 list_for_each_entry(entry, &mappings, list) { 1106 dma_addr_t start, end, addr; 1107 size_t map_size = 0; 1108 1109 if (entry->type == IOMMU_RESV_DIRECT) 1110 dev->iommu->require_direct = 1; 1111 1112 if ((entry->type != IOMMU_RESV_DIRECT && 1113 entry->type != IOMMU_RESV_DIRECT_RELAXABLE) || 1114 !iommu_is_dma_domain(domain)) 1115 continue; 1116 1117 start = ALIGN(entry->start, pg_size); 1118 end = ALIGN(entry->start + entry->length, pg_size); 1119 1120 for (addr = start; addr <= end; addr += pg_size) { 1121 phys_addr_t phys_addr; 1122 1123 if (addr == end) 1124 goto map_end; 1125 1126 phys_addr = iommu_iova_to_phys(domain, addr); 1127 if (!phys_addr) { 1128 map_size += pg_size; 1129 continue; 1130 } 1131 1132 map_end: 1133 if (map_size) { 1134 ret = iommu_map(domain, addr - map_size, 1135 addr - map_size, map_size, 1136 entry->prot, GFP_KERNEL); 1137 if (ret) 1138 goto out; 1139 map_size = 0; 1140 } 1141 } 1142 1143 } 1144 1145 if (!list_empty(&mappings) && iommu_is_dma_domain(domain)) 1146 iommu_flush_iotlb_all(domain); 1147 1148 out: 1149 iommu_put_resv_regions(dev, &mappings); 1150 1151 return ret; 1152 } 1153 1154 /* This is undone by __iommu_group_free_device() */ 1155 static struct group_device *iommu_group_alloc_device(struct iommu_group *group, 1156 struct device *dev) 1157 { 1158 int ret, i = 0; 1159 struct group_device *device; 1160 1161 device = kzalloc(sizeof(*device), GFP_KERNEL); 1162 if (!device) 1163 return ERR_PTR(-ENOMEM); 1164 1165 device->dev = dev; 1166 1167 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group"); 1168 if (ret) 1169 goto err_free_device; 1170 1171 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj)); 1172 rename: 1173 if (!device->name) { 1174 ret = -ENOMEM; 1175 goto err_remove_link; 1176 } 1177 1178 ret = sysfs_create_link_nowarn(group->devices_kobj, 1179 &dev->kobj, device->name); 1180 if (ret) { 1181 if (ret == -EEXIST && i >= 0) { 1182 /* 1183 * Account for the slim chance of collision 1184 * and append an instance to the name. 1185 */ 1186 kfree(device->name); 1187 device->name = kasprintf(GFP_KERNEL, "%s.%d", 1188 kobject_name(&dev->kobj), i++); 1189 goto rename; 1190 } 1191 goto err_free_name; 1192 } 1193 1194 trace_add_device_to_group(group->id, dev); 1195 1196 dev_info(dev, "Adding to iommu group %d\n", group->id); 1197 1198 return device; 1199 1200 err_free_name: 1201 kfree(device->name); 1202 err_remove_link: 1203 sysfs_remove_link(&dev->kobj, "iommu_group"); 1204 err_free_device: 1205 kfree(device); 1206 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret); 1207 return ERR_PTR(ret); 1208 } 1209 1210 /** 1211 * iommu_group_add_device - add a device to an iommu group 1212 * @group: the group into which to add the device (reference should be held) 1213 * @dev: the device 1214 * 1215 * This function is called by an iommu driver to add a device into a 1216 * group. Adding a device increments the group reference count. 1217 */ 1218 int iommu_group_add_device(struct iommu_group *group, struct device *dev) 1219 { 1220 struct group_device *gdev; 1221 1222 gdev = iommu_group_alloc_device(group, dev); 1223 if (IS_ERR(gdev)) 1224 return PTR_ERR(gdev); 1225 1226 iommu_group_ref_get(group); 1227 dev->iommu_group = group; 1228 1229 mutex_lock(&group->mutex); 1230 list_add_tail(&gdev->list, &group->devices); 1231 mutex_unlock(&group->mutex); 1232 return 0; 1233 } 1234 EXPORT_SYMBOL_GPL(iommu_group_add_device); 1235 1236 /** 1237 * iommu_group_remove_device - remove a device from it's current group 1238 * @dev: device to be removed 1239 * 1240 * This function is called by an iommu driver to remove the device from 1241 * it's current group. This decrements the iommu group reference count. 1242 */ 1243 void iommu_group_remove_device(struct device *dev) 1244 { 1245 struct iommu_group *group = dev->iommu_group; 1246 1247 if (!group) 1248 return; 1249 1250 dev_info(dev, "Removing from iommu group %d\n", group->id); 1251 1252 __iommu_group_remove_device(dev); 1253 } 1254 EXPORT_SYMBOL_GPL(iommu_group_remove_device); 1255 1256 #if IS_ENABLED(CONFIG_LOCKDEP) && IS_ENABLED(CONFIG_IOMMU_API) 1257 /** 1258 * iommu_group_mutex_assert - Check device group mutex lock 1259 * @dev: the device that has group param set 1260 * 1261 * This function is called by an iommu driver to check whether it holds 1262 * group mutex lock for the given device or not. 1263 * 1264 * Note that this function must be called after device group param is set. 1265 */ 1266 void iommu_group_mutex_assert(struct device *dev) 1267 { 1268 struct iommu_group *group = dev->iommu_group; 1269 1270 lockdep_assert_held(&group->mutex); 1271 } 1272 EXPORT_SYMBOL_GPL(iommu_group_mutex_assert); 1273 #endif 1274 1275 static struct device *iommu_group_first_dev(struct iommu_group *group) 1276 { 1277 lockdep_assert_held(&group->mutex); 1278 return list_first_entry(&group->devices, struct group_device, list)->dev; 1279 } 1280 1281 /** 1282 * iommu_group_for_each_dev - iterate over each device in the group 1283 * @group: the group 1284 * @data: caller opaque data to be passed to callback function 1285 * @fn: caller supplied callback function 1286 * 1287 * This function is called by group users to iterate over group devices. 1288 * Callers should hold a reference count to the group during callback. 1289 * The group->mutex is held across callbacks, which will block calls to 1290 * iommu_group_add/remove_device. 1291 */ 1292 int iommu_group_for_each_dev(struct iommu_group *group, void *data, 1293 int (*fn)(struct device *, void *)) 1294 { 1295 struct group_device *device; 1296 int ret = 0; 1297 1298 mutex_lock(&group->mutex); 1299 for_each_group_device(group, device) { 1300 ret = fn(device->dev, data); 1301 if (ret) 1302 break; 1303 } 1304 mutex_unlock(&group->mutex); 1305 1306 return ret; 1307 } 1308 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev); 1309 1310 /** 1311 * iommu_group_get - Return the group for a device and increment reference 1312 * @dev: get the group that this device belongs to 1313 * 1314 * This function is called by iommu drivers and users to get the group 1315 * for the specified device. If found, the group is returned and the group 1316 * reference in incremented, else NULL. 1317 */ 1318 struct iommu_group *iommu_group_get(struct device *dev) 1319 { 1320 struct iommu_group *group = dev->iommu_group; 1321 1322 if (group) 1323 kobject_get(group->devices_kobj); 1324 1325 return group; 1326 } 1327 EXPORT_SYMBOL_GPL(iommu_group_get); 1328 1329 /** 1330 * iommu_group_ref_get - Increment reference on a group 1331 * @group: the group to use, must not be NULL 1332 * 1333 * This function is called by iommu drivers to take additional references on an 1334 * existing group. Returns the given group for convenience. 1335 */ 1336 struct iommu_group *iommu_group_ref_get(struct iommu_group *group) 1337 { 1338 kobject_get(group->devices_kobj); 1339 return group; 1340 } 1341 EXPORT_SYMBOL_GPL(iommu_group_ref_get); 1342 1343 /** 1344 * iommu_group_put - Decrement group reference 1345 * @group: the group to use 1346 * 1347 * This function is called by iommu drivers and users to release the 1348 * iommu group. Once the reference count is zero, the group is released. 1349 */ 1350 void iommu_group_put(struct iommu_group *group) 1351 { 1352 if (group) 1353 kobject_put(group->devices_kobj); 1354 } 1355 EXPORT_SYMBOL_GPL(iommu_group_put); 1356 1357 /** 1358 * iommu_group_id - Return ID for a group 1359 * @group: the group to ID 1360 * 1361 * Return the unique ID for the group matching the sysfs group number. 1362 */ 1363 int iommu_group_id(struct iommu_group *group) 1364 { 1365 return group->id; 1366 } 1367 EXPORT_SYMBOL_GPL(iommu_group_id); 1368 1369 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1370 unsigned long *devfns); 1371 1372 /* 1373 * To consider a PCI device isolated, we require ACS to support Source 1374 * Validation, Request Redirection, Completer Redirection, and Upstream 1375 * Forwarding. This effectively means that devices cannot spoof their 1376 * requester ID, requests and completions cannot be redirected, and all 1377 * transactions are forwarded upstream, even as it passes through a 1378 * bridge where the target device is downstream. 1379 */ 1380 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF) 1381 1382 /* 1383 * For multifunction devices which are not isolated from each other, find 1384 * all the other non-isolated functions and look for existing groups. For 1385 * each function, we also need to look for aliases to or from other devices 1386 * that may already have a group. 1387 */ 1388 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev, 1389 unsigned long *devfns) 1390 { 1391 struct pci_dev *tmp = NULL; 1392 struct iommu_group *group; 1393 1394 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS)) 1395 return NULL; 1396 1397 for_each_pci_dev(tmp) { 1398 if (tmp == pdev || tmp->bus != pdev->bus || 1399 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) || 1400 pci_acs_enabled(tmp, REQ_ACS_FLAGS)) 1401 continue; 1402 1403 group = get_pci_alias_group(tmp, devfns); 1404 if (group) { 1405 pci_dev_put(tmp); 1406 return group; 1407 } 1408 } 1409 1410 return NULL; 1411 } 1412 1413 /* 1414 * Look for aliases to or from the given device for existing groups. DMA 1415 * aliases are only supported on the same bus, therefore the search 1416 * space is quite small (especially since we're really only looking at pcie 1417 * device, and therefore only expect multiple slots on the root complex or 1418 * downstream switch ports). It's conceivable though that a pair of 1419 * multifunction devices could have aliases between them that would cause a 1420 * loop. To prevent this, we use a bitmap to track where we've been. 1421 */ 1422 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1423 unsigned long *devfns) 1424 { 1425 struct pci_dev *tmp = NULL; 1426 struct iommu_group *group; 1427 1428 if (test_and_set_bit(pdev->devfn & 0xff, devfns)) 1429 return NULL; 1430 1431 group = iommu_group_get(&pdev->dev); 1432 if (group) 1433 return group; 1434 1435 for_each_pci_dev(tmp) { 1436 if (tmp == pdev || tmp->bus != pdev->bus) 1437 continue; 1438 1439 /* We alias them or they alias us */ 1440 if (pci_devs_are_dma_aliases(pdev, tmp)) { 1441 group = get_pci_alias_group(tmp, devfns); 1442 if (group) { 1443 pci_dev_put(tmp); 1444 return group; 1445 } 1446 1447 group = get_pci_function_alias_group(tmp, devfns); 1448 if (group) { 1449 pci_dev_put(tmp); 1450 return group; 1451 } 1452 } 1453 } 1454 1455 return NULL; 1456 } 1457 1458 struct group_for_pci_data { 1459 struct pci_dev *pdev; 1460 struct iommu_group *group; 1461 }; 1462 1463 /* 1464 * DMA alias iterator callback, return the last seen device. Stop and return 1465 * the IOMMU group if we find one along the way. 1466 */ 1467 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque) 1468 { 1469 struct group_for_pci_data *data = opaque; 1470 1471 data->pdev = pdev; 1472 data->group = iommu_group_get(&pdev->dev); 1473 1474 return data->group != NULL; 1475 } 1476 1477 /* 1478 * Generic device_group call-back function. It just allocates one 1479 * iommu-group per device. 1480 */ 1481 struct iommu_group *generic_device_group(struct device *dev) 1482 { 1483 return iommu_group_alloc(); 1484 } 1485 EXPORT_SYMBOL_GPL(generic_device_group); 1486 1487 /* 1488 * Generic device_group call-back function. It just allocates one 1489 * iommu-group per iommu driver instance shared by every device 1490 * probed by that iommu driver. 1491 */ 1492 struct iommu_group *generic_single_device_group(struct device *dev) 1493 { 1494 struct iommu_device *iommu = dev->iommu->iommu_dev; 1495 1496 if (!iommu->singleton_group) { 1497 struct iommu_group *group; 1498 1499 group = iommu_group_alloc(); 1500 if (IS_ERR(group)) 1501 return group; 1502 iommu->singleton_group = group; 1503 } 1504 return iommu_group_ref_get(iommu->singleton_group); 1505 } 1506 EXPORT_SYMBOL_GPL(generic_single_device_group); 1507 1508 /* 1509 * Use standard PCI bus topology, isolation features, and DMA alias quirks 1510 * to find or create an IOMMU group for a device. 1511 */ 1512 struct iommu_group *pci_device_group(struct device *dev) 1513 { 1514 struct pci_dev *pdev = to_pci_dev(dev); 1515 struct group_for_pci_data data; 1516 struct pci_bus *bus; 1517 struct iommu_group *group = NULL; 1518 u64 devfns[4] = { 0 }; 1519 1520 if (WARN_ON(!dev_is_pci(dev))) 1521 return ERR_PTR(-EINVAL); 1522 1523 /* 1524 * Find the upstream DMA alias for the device. A device must not 1525 * be aliased due to topology in order to have its own IOMMU group. 1526 * If we find an alias along the way that already belongs to a 1527 * group, use it. 1528 */ 1529 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data)) 1530 return data.group; 1531 1532 pdev = data.pdev; 1533 1534 /* 1535 * Continue upstream from the point of minimum IOMMU granularity 1536 * due to aliases to the point where devices are protected from 1537 * peer-to-peer DMA by PCI ACS. Again, if we find an existing 1538 * group, use it. 1539 */ 1540 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) { 1541 if (!bus->self) 1542 continue; 1543 1544 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS)) 1545 break; 1546 1547 pdev = bus->self; 1548 1549 group = iommu_group_get(&pdev->dev); 1550 if (group) 1551 return group; 1552 } 1553 1554 /* 1555 * Look for existing groups on device aliases. If we alias another 1556 * device or another device aliases us, use the same group. 1557 */ 1558 group = get_pci_alias_group(pdev, (unsigned long *)devfns); 1559 if (group) 1560 return group; 1561 1562 /* 1563 * Look for existing groups on non-isolated functions on the same 1564 * slot and aliases of those funcions, if any. No need to clear 1565 * the search bitmap, the tested devfns are still valid. 1566 */ 1567 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns); 1568 if (group) 1569 return group; 1570 1571 /* No shared group found, allocate new */ 1572 return iommu_group_alloc(); 1573 } 1574 EXPORT_SYMBOL_GPL(pci_device_group); 1575 1576 /* Get the IOMMU group for device on fsl-mc bus */ 1577 struct iommu_group *fsl_mc_device_group(struct device *dev) 1578 { 1579 struct device *cont_dev = fsl_mc_cont_dev(dev); 1580 struct iommu_group *group; 1581 1582 group = iommu_group_get(cont_dev); 1583 if (!group) 1584 group = iommu_group_alloc(); 1585 return group; 1586 } 1587 EXPORT_SYMBOL_GPL(fsl_mc_device_group); 1588 1589 static struct iommu_domain * 1590 __iommu_group_alloc_default_domain(struct iommu_group *group, int req_type) 1591 { 1592 if (group->default_domain && group->default_domain->type == req_type) 1593 return group->default_domain; 1594 return __iommu_group_domain_alloc(group, req_type); 1595 } 1596 1597 /* 1598 * req_type of 0 means "auto" which means to select a domain based on 1599 * iommu_def_domain_type or what the driver actually supports. 1600 */ 1601 static struct iommu_domain * 1602 iommu_group_alloc_default_domain(struct iommu_group *group, int req_type) 1603 { 1604 const struct iommu_ops *ops = dev_iommu_ops(iommu_group_first_dev(group)); 1605 struct iommu_domain *dom; 1606 1607 lockdep_assert_held(&group->mutex); 1608 1609 /* 1610 * Allow legacy drivers to specify the domain that will be the default 1611 * domain. This should always be either an IDENTITY/BLOCKED/PLATFORM 1612 * domain. Do not use in new drivers. 1613 */ 1614 if (ops->default_domain) { 1615 if (req_type != ops->default_domain->type) 1616 return ERR_PTR(-EINVAL); 1617 return ops->default_domain; 1618 } 1619 1620 if (req_type) 1621 return __iommu_group_alloc_default_domain(group, req_type); 1622 1623 /* The driver gave no guidance on what type to use, try the default */ 1624 dom = __iommu_group_alloc_default_domain(group, iommu_def_domain_type); 1625 if (!IS_ERR(dom)) 1626 return dom; 1627 1628 /* Otherwise IDENTITY and DMA_FQ defaults will try DMA */ 1629 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA) 1630 return ERR_PTR(-EINVAL); 1631 dom = __iommu_group_alloc_default_domain(group, IOMMU_DOMAIN_DMA); 1632 if (IS_ERR(dom)) 1633 return dom; 1634 1635 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA", 1636 iommu_def_domain_type, group->name); 1637 return dom; 1638 } 1639 1640 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group) 1641 { 1642 return group->default_domain; 1643 } 1644 1645 static int probe_iommu_group(struct device *dev, void *data) 1646 { 1647 struct list_head *group_list = data; 1648 int ret; 1649 1650 mutex_lock(&iommu_probe_device_lock); 1651 ret = __iommu_probe_device(dev, group_list); 1652 mutex_unlock(&iommu_probe_device_lock); 1653 if (ret == -ENODEV) 1654 ret = 0; 1655 1656 return ret; 1657 } 1658 1659 static int iommu_bus_notifier(struct notifier_block *nb, 1660 unsigned long action, void *data) 1661 { 1662 struct device *dev = data; 1663 1664 if (action == BUS_NOTIFY_ADD_DEVICE) { 1665 int ret; 1666 1667 ret = iommu_probe_device(dev); 1668 return (ret) ? NOTIFY_DONE : NOTIFY_OK; 1669 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) { 1670 iommu_release_device(dev); 1671 return NOTIFY_OK; 1672 } 1673 1674 return 0; 1675 } 1676 1677 /* 1678 * Combine the driver's chosen def_domain_type across all the devices in a 1679 * group. Drivers must give a consistent result. 1680 */ 1681 static int iommu_get_def_domain_type(struct iommu_group *group, 1682 struct device *dev, int cur_type) 1683 { 1684 const struct iommu_ops *ops = dev_iommu_ops(dev); 1685 int type; 1686 1687 if (ops->default_domain) { 1688 /* 1689 * Drivers that declare a global static default_domain will 1690 * always choose that. 1691 */ 1692 type = ops->default_domain->type; 1693 } else { 1694 if (ops->def_domain_type) 1695 type = ops->def_domain_type(dev); 1696 else 1697 return cur_type; 1698 } 1699 if (!type || cur_type == type) 1700 return cur_type; 1701 if (!cur_type) 1702 return type; 1703 1704 dev_err_ratelimited( 1705 dev, 1706 "IOMMU driver error, requesting conflicting def_domain_type, %s and %s, for devices in group %u.\n", 1707 iommu_domain_type_str(cur_type), iommu_domain_type_str(type), 1708 group->id); 1709 1710 /* 1711 * Try to recover, drivers are allowed to force IDENITY or DMA, IDENTITY 1712 * takes precedence. 1713 */ 1714 if (type == IOMMU_DOMAIN_IDENTITY) 1715 return type; 1716 return cur_type; 1717 } 1718 1719 /* 1720 * A target_type of 0 will select the best domain type. 0 can be returned in 1721 * this case meaning the global default should be used. 1722 */ 1723 static int iommu_get_default_domain_type(struct iommu_group *group, 1724 int target_type) 1725 { 1726 struct device *untrusted = NULL; 1727 struct group_device *gdev; 1728 int driver_type = 0; 1729 1730 lockdep_assert_held(&group->mutex); 1731 1732 /* 1733 * ARM32 drivers supporting CONFIG_ARM_DMA_USE_IOMMU can declare an 1734 * identity_domain and it will automatically become their default 1735 * domain. Later on ARM_DMA_USE_IOMMU will install its UNMANAGED domain. 1736 * Override the selection to IDENTITY. 1737 */ 1738 if (IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU)) { 1739 static_assert(!(IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU) && 1740 IS_ENABLED(CONFIG_IOMMU_DMA))); 1741 driver_type = IOMMU_DOMAIN_IDENTITY; 1742 } 1743 1744 for_each_group_device(group, gdev) { 1745 driver_type = iommu_get_def_domain_type(group, gdev->dev, 1746 driver_type); 1747 1748 if (dev_is_pci(gdev->dev) && to_pci_dev(gdev->dev)->untrusted) { 1749 /* 1750 * No ARM32 using systems will set untrusted, it cannot 1751 * work. 1752 */ 1753 if (WARN_ON(IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU))) 1754 return -1; 1755 untrusted = gdev->dev; 1756 } 1757 } 1758 1759 /* 1760 * If the common dma ops are not selected in kconfig then we cannot use 1761 * IOMMU_DOMAIN_DMA at all. Force IDENTITY if nothing else has been 1762 * selected. 1763 */ 1764 if (!IS_ENABLED(CONFIG_IOMMU_DMA)) { 1765 if (WARN_ON(driver_type == IOMMU_DOMAIN_DMA)) 1766 return -1; 1767 if (!driver_type) 1768 driver_type = IOMMU_DOMAIN_IDENTITY; 1769 } 1770 1771 if (untrusted) { 1772 if (driver_type && driver_type != IOMMU_DOMAIN_DMA) { 1773 dev_err_ratelimited( 1774 untrusted, 1775 "Device is not trusted, but driver is overriding group %u to %s, refusing to probe.\n", 1776 group->id, iommu_domain_type_str(driver_type)); 1777 return -1; 1778 } 1779 driver_type = IOMMU_DOMAIN_DMA; 1780 } 1781 1782 if (target_type) { 1783 if (driver_type && target_type != driver_type) 1784 return -1; 1785 return target_type; 1786 } 1787 return driver_type; 1788 } 1789 1790 static void iommu_group_do_probe_finalize(struct device *dev) 1791 { 1792 const struct iommu_ops *ops = dev_iommu_ops(dev); 1793 1794 if (ops->probe_finalize) 1795 ops->probe_finalize(dev); 1796 } 1797 1798 int bus_iommu_probe(const struct bus_type *bus) 1799 { 1800 struct iommu_group *group, *next; 1801 LIST_HEAD(group_list); 1802 int ret; 1803 1804 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group); 1805 if (ret) 1806 return ret; 1807 1808 list_for_each_entry_safe(group, next, &group_list, entry) { 1809 struct group_device *gdev; 1810 1811 mutex_lock(&group->mutex); 1812 1813 /* Remove item from the list */ 1814 list_del_init(&group->entry); 1815 1816 /* 1817 * We go to the trouble of deferred default domain creation so 1818 * that the cross-group default domain type and the setup of the 1819 * IOMMU_RESV_DIRECT will work correctly in non-hotpug scenarios. 1820 */ 1821 ret = iommu_setup_default_domain(group, 0); 1822 if (ret) { 1823 mutex_unlock(&group->mutex); 1824 return ret; 1825 } 1826 for_each_group_device(group, gdev) 1827 iommu_setup_dma_ops(gdev->dev); 1828 mutex_unlock(&group->mutex); 1829 1830 /* 1831 * FIXME: Mis-locked because the ops->probe_finalize() call-back 1832 * of some IOMMU drivers calls arm_iommu_attach_device() which 1833 * in-turn might call back into IOMMU core code, where it tries 1834 * to take group->mutex, resulting in a deadlock. 1835 */ 1836 for_each_group_device(group, gdev) 1837 iommu_group_do_probe_finalize(gdev->dev); 1838 } 1839 1840 return 0; 1841 } 1842 1843 /** 1844 * iommu_present() - make platform-specific assumptions about an IOMMU 1845 * @bus: bus to check 1846 * 1847 * Do not use this function. You want device_iommu_mapped() instead. 1848 * 1849 * Return: true if some IOMMU is present and aware of devices on the given bus; 1850 * in general it may not be the only IOMMU, and it may not have anything to do 1851 * with whatever device you are ultimately interested in. 1852 */ 1853 bool iommu_present(const struct bus_type *bus) 1854 { 1855 bool ret = false; 1856 1857 for (int i = 0; i < ARRAY_SIZE(iommu_buses); i++) { 1858 if (iommu_buses[i] == bus) { 1859 spin_lock(&iommu_device_lock); 1860 ret = !list_empty(&iommu_device_list); 1861 spin_unlock(&iommu_device_lock); 1862 } 1863 } 1864 return ret; 1865 } 1866 EXPORT_SYMBOL_GPL(iommu_present); 1867 1868 /** 1869 * device_iommu_capable() - check for a general IOMMU capability 1870 * @dev: device to which the capability would be relevant, if available 1871 * @cap: IOMMU capability 1872 * 1873 * Return: true if an IOMMU is present and supports the given capability 1874 * for the given device, otherwise false. 1875 */ 1876 bool device_iommu_capable(struct device *dev, enum iommu_cap cap) 1877 { 1878 const struct iommu_ops *ops; 1879 1880 if (!dev_has_iommu(dev)) 1881 return false; 1882 1883 ops = dev_iommu_ops(dev); 1884 if (!ops->capable) 1885 return false; 1886 1887 return ops->capable(dev, cap); 1888 } 1889 EXPORT_SYMBOL_GPL(device_iommu_capable); 1890 1891 /** 1892 * iommu_group_has_isolated_msi() - Compute msi_device_has_isolated_msi() 1893 * for a group 1894 * @group: Group to query 1895 * 1896 * IOMMU groups should not have differing values of 1897 * msi_device_has_isolated_msi() for devices in a group. However nothing 1898 * directly prevents this, so ensure mistakes don't result in isolation failures 1899 * by checking that all the devices are the same. 1900 */ 1901 bool iommu_group_has_isolated_msi(struct iommu_group *group) 1902 { 1903 struct group_device *group_dev; 1904 bool ret = true; 1905 1906 mutex_lock(&group->mutex); 1907 for_each_group_device(group, group_dev) 1908 ret &= msi_device_has_isolated_msi(group_dev->dev); 1909 mutex_unlock(&group->mutex); 1910 return ret; 1911 } 1912 EXPORT_SYMBOL_GPL(iommu_group_has_isolated_msi); 1913 1914 /** 1915 * iommu_set_fault_handler() - set a fault handler for an iommu domain 1916 * @domain: iommu domain 1917 * @handler: fault handler 1918 * @token: user data, will be passed back to the fault handler 1919 * 1920 * This function should be used by IOMMU users which want to be notified 1921 * whenever an IOMMU fault happens. 1922 * 1923 * The fault handler itself should return 0 on success, and an appropriate 1924 * error code otherwise. 1925 */ 1926 void iommu_set_fault_handler(struct iommu_domain *domain, 1927 iommu_fault_handler_t handler, 1928 void *token) 1929 { 1930 BUG_ON(!domain); 1931 1932 domain->handler = handler; 1933 domain->handler_token = token; 1934 } 1935 EXPORT_SYMBOL_GPL(iommu_set_fault_handler); 1936 1937 static struct iommu_domain *__iommu_domain_alloc(const struct iommu_ops *ops, 1938 struct device *dev, 1939 unsigned int type) 1940 { 1941 struct iommu_domain *domain; 1942 unsigned int alloc_type = type & IOMMU_DOMAIN_ALLOC_FLAGS; 1943 1944 if (alloc_type == IOMMU_DOMAIN_IDENTITY && ops->identity_domain) 1945 return ops->identity_domain; 1946 else if (alloc_type == IOMMU_DOMAIN_BLOCKED && ops->blocked_domain) 1947 return ops->blocked_domain; 1948 else if (type & __IOMMU_DOMAIN_PAGING && ops->domain_alloc_paging) 1949 domain = ops->domain_alloc_paging(dev); 1950 else if (ops->domain_alloc) 1951 domain = ops->domain_alloc(alloc_type); 1952 else 1953 return ERR_PTR(-EOPNOTSUPP); 1954 1955 /* 1956 * Many domain_alloc ops now return ERR_PTR, make things easier for the 1957 * driver by accepting ERR_PTR from all domain_alloc ops instead of 1958 * having two rules. 1959 */ 1960 if (IS_ERR(domain)) 1961 return domain; 1962 if (!domain) 1963 return ERR_PTR(-ENOMEM); 1964 1965 domain->type = type; 1966 domain->owner = ops; 1967 /* 1968 * If not already set, assume all sizes by default; the driver 1969 * may override this later 1970 */ 1971 if (!domain->pgsize_bitmap) 1972 domain->pgsize_bitmap = ops->pgsize_bitmap; 1973 1974 if (!domain->ops) 1975 domain->ops = ops->default_domain_ops; 1976 1977 if (iommu_is_dma_domain(domain)) { 1978 int rc; 1979 1980 rc = iommu_get_dma_cookie(domain); 1981 if (rc) { 1982 iommu_domain_free(domain); 1983 return ERR_PTR(rc); 1984 } 1985 } 1986 return domain; 1987 } 1988 1989 static struct iommu_domain * 1990 __iommu_group_domain_alloc(struct iommu_group *group, unsigned int type) 1991 { 1992 struct device *dev = iommu_group_first_dev(group); 1993 1994 return __iommu_domain_alloc(dev_iommu_ops(dev), dev, type); 1995 } 1996 1997 static int __iommu_domain_alloc_dev(struct device *dev, void *data) 1998 { 1999 const struct iommu_ops **ops = data; 2000 2001 if (!dev_has_iommu(dev)) 2002 return 0; 2003 2004 if (WARN_ONCE(*ops && *ops != dev_iommu_ops(dev), 2005 "Multiple IOMMU drivers present for bus %s, which the public IOMMU API can't fully support yet. You will still need to disable one or more for this to work, sorry!\n", 2006 dev_bus_name(dev))) 2007 return -EBUSY; 2008 2009 *ops = dev_iommu_ops(dev); 2010 return 0; 2011 } 2012 2013 /* 2014 * The iommu ops in bus has been retired. Do not use this interface in 2015 * new drivers. 2016 */ 2017 struct iommu_domain *iommu_domain_alloc(const struct bus_type *bus) 2018 { 2019 const struct iommu_ops *ops = NULL; 2020 int err = bus_for_each_dev(bus, NULL, &ops, __iommu_domain_alloc_dev); 2021 struct iommu_domain *domain; 2022 2023 if (err || !ops) 2024 return NULL; 2025 2026 domain = __iommu_domain_alloc(ops, NULL, IOMMU_DOMAIN_UNMANAGED); 2027 if (IS_ERR(domain)) 2028 return NULL; 2029 return domain; 2030 } 2031 EXPORT_SYMBOL_GPL(iommu_domain_alloc); 2032 2033 /** 2034 * iommu_paging_domain_alloc() - Allocate a paging domain 2035 * @dev: device for which the domain is allocated 2036 * 2037 * Allocate a paging domain which will be managed by a kernel driver. Return 2038 * allocated domain if successful, or a ERR pointer for failure. 2039 */ 2040 struct iommu_domain *iommu_paging_domain_alloc(struct device *dev) 2041 { 2042 if (!dev_has_iommu(dev)) 2043 return ERR_PTR(-ENODEV); 2044 2045 return __iommu_domain_alloc(dev_iommu_ops(dev), dev, IOMMU_DOMAIN_UNMANAGED); 2046 } 2047 EXPORT_SYMBOL_GPL(iommu_paging_domain_alloc); 2048 2049 void iommu_domain_free(struct iommu_domain *domain) 2050 { 2051 if (domain->type == IOMMU_DOMAIN_SVA) 2052 mmdrop(domain->mm); 2053 iommu_put_dma_cookie(domain); 2054 if (domain->ops->free) 2055 domain->ops->free(domain); 2056 } 2057 EXPORT_SYMBOL_GPL(iommu_domain_free); 2058 2059 /* 2060 * Put the group's domain back to the appropriate core-owned domain - either the 2061 * standard kernel-mode DMA configuration or an all-DMA-blocked domain. 2062 */ 2063 static void __iommu_group_set_core_domain(struct iommu_group *group) 2064 { 2065 struct iommu_domain *new_domain; 2066 2067 if (group->owner) 2068 new_domain = group->blocking_domain; 2069 else 2070 new_domain = group->default_domain; 2071 2072 __iommu_group_set_domain_nofail(group, new_domain); 2073 } 2074 2075 static int __iommu_attach_device(struct iommu_domain *domain, 2076 struct device *dev) 2077 { 2078 int ret; 2079 2080 if (unlikely(domain->ops->attach_dev == NULL)) 2081 return -ENODEV; 2082 2083 ret = domain->ops->attach_dev(domain, dev); 2084 if (ret) 2085 return ret; 2086 dev->iommu->attach_deferred = 0; 2087 trace_attach_device_to_domain(dev); 2088 return 0; 2089 } 2090 2091 /** 2092 * iommu_attach_device - Attach an IOMMU domain to a device 2093 * @domain: IOMMU domain to attach 2094 * @dev: Device that will be attached 2095 * 2096 * Returns 0 on success and error code on failure 2097 * 2098 * Note that EINVAL can be treated as a soft failure, indicating 2099 * that certain configuration of the domain is incompatible with 2100 * the device. In this case attaching a different domain to the 2101 * device may succeed. 2102 */ 2103 int iommu_attach_device(struct iommu_domain *domain, struct device *dev) 2104 { 2105 /* Caller must be a probed driver on dev */ 2106 struct iommu_group *group = dev->iommu_group; 2107 int ret; 2108 2109 if (!group) 2110 return -ENODEV; 2111 2112 /* 2113 * Lock the group to make sure the device-count doesn't 2114 * change while we are attaching 2115 */ 2116 mutex_lock(&group->mutex); 2117 ret = -EINVAL; 2118 if (list_count_nodes(&group->devices) != 1) 2119 goto out_unlock; 2120 2121 ret = __iommu_attach_group(domain, group); 2122 2123 out_unlock: 2124 mutex_unlock(&group->mutex); 2125 return ret; 2126 } 2127 EXPORT_SYMBOL_GPL(iommu_attach_device); 2128 2129 int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain) 2130 { 2131 if (dev->iommu && dev->iommu->attach_deferred) 2132 return __iommu_attach_device(domain, dev); 2133 2134 return 0; 2135 } 2136 2137 void iommu_detach_device(struct iommu_domain *domain, struct device *dev) 2138 { 2139 /* Caller must be a probed driver on dev */ 2140 struct iommu_group *group = dev->iommu_group; 2141 2142 if (!group) 2143 return; 2144 2145 mutex_lock(&group->mutex); 2146 if (WARN_ON(domain != group->domain) || 2147 WARN_ON(list_count_nodes(&group->devices) != 1)) 2148 goto out_unlock; 2149 __iommu_group_set_core_domain(group); 2150 2151 out_unlock: 2152 mutex_unlock(&group->mutex); 2153 } 2154 EXPORT_SYMBOL_GPL(iommu_detach_device); 2155 2156 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev) 2157 { 2158 /* Caller must be a probed driver on dev */ 2159 struct iommu_group *group = dev->iommu_group; 2160 2161 if (!group) 2162 return NULL; 2163 2164 return group->domain; 2165 } 2166 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev); 2167 2168 /* 2169 * For IOMMU_DOMAIN_DMA implementations which already provide their own 2170 * guarantees that the group and its default domain are valid and correct. 2171 */ 2172 struct iommu_domain *iommu_get_dma_domain(struct device *dev) 2173 { 2174 return dev->iommu_group->default_domain; 2175 } 2176 2177 static int __iommu_attach_group(struct iommu_domain *domain, 2178 struct iommu_group *group) 2179 { 2180 struct device *dev; 2181 2182 if (group->domain && group->domain != group->default_domain && 2183 group->domain != group->blocking_domain) 2184 return -EBUSY; 2185 2186 dev = iommu_group_first_dev(group); 2187 if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner) 2188 return -EINVAL; 2189 2190 return __iommu_group_set_domain(group, domain); 2191 } 2192 2193 /** 2194 * iommu_attach_group - Attach an IOMMU domain to an IOMMU group 2195 * @domain: IOMMU domain to attach 2196 * @group: IOMMU group that will be attached 2197 * 2198 * Returns 0 on success and error code on failure 2199 * 2200 * Note that EINVAL can be treated as a soft failure, indicating 2201 * that certain configuration of the domain is incompatible with 2202 * the group. In this case attaching a different domain to the 2203 * group may succeed. 2204 */ 2205 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group) 2206 { 2207 int ret; 2208 2209 mutex_lock(&group->mutex); 2210 ret = __iommu_attach_group(domain, group); 2211 mutex_unlock(&group->mutex); 2212 2213 return ret; 2214 } 2215 EXPORT_SYMBOL_GPL(iommu_attach_group); 2216 2217 /** 2218 * iommu_group_replace_domain - replace the domain that a group is attached to 2219 * @new_domain: new IOMMU domain to replace with 2220 * @group: IOMMU group that will be attached to the new domain 2221 * 2222 * This API allows the group to switch domains without being forced to go to 2223 * the blocking domain in-between. 2224 * 2225 * If the currently attached domain is a core domain (e.g. a default_domain), 2226 * it will act just like the iommu_attach_group(). 2227 */ 2228 int iommu_group_replace_domain(struct iommu_group *group, 2229 struct iommu_domain *new_domain) 2230 { 2231 int ret; 2232 2233 if (!new_domain) 2234 return -EINVAL; 2235 2236 mutex_lock(&group->mutex); 2237 ret = __iommu_group_set_domain(group, new_domain); 2238 mutex_unlock(&group->mutex); 2239 return ret; 2240 } 2241 EXPORT_SYMBOL_NS_GPL(iommu_group_replace_domain, IOMMUFD_INTERNAL); 2242 2243 static int __iommu_device_set_domain(struct iommu_group *group, 2244 struct device *dev, 2245 struct iommu_domain *new_domain, 2246 unsigned int flags) 2247 { 2248 int ret; 2249 2250 /* 2251 * If the device requires IOMMU_RESV_DIRECT then we cannot allow 2252 * the blocking domain to be attached as it does not contain the 2253 * required 1:1 mapping. This test effectively excludes the device 2254 * being used with iommu_group_claim_dma_owner() which will block 2255 * vfio and iommufd as well. 2256 */ 2257 if (dev->iommu->require_direct && 2258 (new_domain->type == IOMMU_DOMAIN_BLOCKED || 2259 new_domain == group->blocking_domain)) { 2260 dev_warn(dev, 2261 "Firmware has requested this device have a 1:1 IOMMU mapping, rejecting configuring the device without a 1:1 mapping. Contact your platform vendor.\n"); 2262 return -EINVAL; 2263 } 2264 2265 if (dev->iommu->attach_deferred) { 2266 if (new_domain == group->default_domain) 2267 return 0; 2268 dev->iommu->attach_deferred = 0; 2269 } 2270 2271 ret = __iommu_attach_device(new_domain, dev); 2272 if (ret) { 2273 /* 2274 * If we have a blocking domain then try to attach that in hopes 2275 * of avoiding a UAF. Modern drivers should implement blocking 2276 * domains as global statics that cannot fail. 2277 */ 2278 if ((flags & IOMMU_SET_DOMAIN_MUST_SUCCEED) && 2279 group->blocking_domain && 2280 group->blocking_domain != new_domain) 2281 __iommu_attach_device(group->blocking_domain, dev); 2282 return ret; 2283 } 2284 return 0; 2285 } 2286 2287 /* 2288 * If 0 is returned the group's domain is new_domain. If an error is returned 2289 * then the group's domain will be set back to the existing domain unless 2290 * IOMMU_SET_DOMAIN_MUST_SUCCEED, otherwise an error is returned and the group's 2291 * domains is left inconsistent. This is a driver bug to fail attach with a 2292 * previously good domain. We try to avoid a kernel UAF because of this. 2293 * 2294 * IOMMU groups are really the natural working unit of the IOMMU, but the IOMMU 2295 * API works on domains and devices. Bridge that gap by iterating over the 2296 * devices in a group. Ideally we'd have a single device which represents the 2297 * requestor ID of the group, but we also allow IOMMU drivers to create policy 2298 * defined minimum sets, where the physical hardware may be able to distiguish 2299 * members, but we wish to group them at a higher level (ex. untrusted 2300 * multi-function PCI devices). Thus we attach each device. 2301 */ 2302 static int __iommu_group_set_domain_internal(struct iommu_group *group, 2303 struct iommu_domain *new_domain, 2304 unsigned int flags) 2305 { 2306 struct group_device *last_gdev; 2307 struct group_device *gdev; 2308 int result; 2309 int ret; 2310 2311 lockdep_assert_held(&group->mutex); 2312 2313 if (group->domain == new_domain) 2314 return 0; 2315 2316 if (WARN_ON(!new_domain)) 2317 return -EINVAL; 2318 2319 /* 2320 * Changing the domain is done by calling attach_dev() on the new 2321 * domain. This switch does not have to be atomic and DMA can be 2322 * discarded during the transition. DMA must only be able to access 2323 * either new_domain or group->domain, never something else. 2324 */ 2325 result = 0; 2326 for_each_group_device(group, gdev) { 2327 ret = __iommu_device_set_domain(group, gdev->dev, new_domain, 2328 flags); 2329 if (ret) { 2330 result = ret; 2331 /* 2332 * Keep trying the other devices in the group. If a 2333 * driver fails attach to an otherwise good domain, and 2334 * does not support blocking domains, it should at least 2335 * drop its reference on the current domain so we don't 2336 * UAF. 2337 */ 2338 if (flags & IOMMU_SET_DOMAIN_MUST_SUCCEED) 2339 continue; 2340 goto err_revert; 2341 } 2342 } 2343 group->domain = new_domain; 2344 return result; 2345 2346 err_revert: 2347 /* 2348 * This is called in error unwind paths. A well behaved driver should 2349 * always allow us to attach to a domain that was already attached. 2350 */ 2351 last_gdev = gdev; 2352 for_each_group_device(group, gdev) { 2353 /* 2354 * A NULL domain can happen only for first probe, in which case 2355 * we leave group->domain as NULL and let release clean 2356 * everything up. 2357 */ 2358 if (group->domain) 2359 WARN_ON(__iommu_device_set_domain( 2360 group, gdev->dev, group->domain, 2361 IOMMU_SET_DOMAIN_MUST_SUCCEED)); 2362 if (gdev == last_gdev) 2363 break; 2364 } 2365 return ret; 2366 } 2367 2368 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group) 2369 { 2370 mutex_lock(&group->mutex); 2371 __iommu_group_set_core_domain(group); 2372 mutex_unlock(&group->mutex); 2373 } 2374 EXPORT_SYMBOL_GPL(iommu_detach_group); 2375 2376 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova) 2377 { 2378 if (domain->type == IOMMU_DOMAIN_IDENTITY) 2379 return iova; 2380 2381 if (domain->type == IOMMU_DOMAIN_BLOCKED) 2382 return 0; 2383 2384 return domain->ops->iova_to_phys(domain, iova); 2385 } 2386 EXPORT_SYMBOL_GPL(iommu_iova_to_phys); 2387 2388 static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova, 2389 phys_addr_t paddr, size_t size, size_t *count) 2390 { 2391 unsigned int pgsize_idx, pgsize_idx_next; 2392 unsigned long pgsizes; 2393 size_t offset, pgsize, pgsize_next; 2394 unsigned long addr_merge = paddr | iova; 2395 2396 /* Page sizes supported by the hardware and small enough for @size */ 2397 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0); 2398 2399 /* Constrain the page sizes further based on the maximum alignment */ 2400 if (likely(addr_merge)) 2401 pgsizes &= GENMASK(__ffs(addr_merge), 0); 2402 2403 /* Make sure we have at least one suitable page size */ 2404 BUG_ON(!pgsizes); 2405 2406 /* Pick the biggest page size remaining */ 2407 pgsize_idx = __fls(pgsizes); 2408 pgsize = BIT(pgsize_idx); 2409 if (!count) 2410 return pgsize; 2411 2412 /* Find the next biggest support page size, if it exists */ 2413 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0); 2414 if (!pgsizes) 2415 goto out_set_count; 2416 2417 pgsize_idx_next = __ffs(pgsizes); 2418 pgsize_next = BIT(pgsize_idx_next); 2419 2420 /* 2421 * There's no point trying a bigger page size unless the virtual 2422 * and physical addresses are similarly offset within the larger page. 2423 */ 2424 if ((iova ^ paddr) & (pgsize_next - 1)) 2425 goto out_set_count; 2426 2427 /* Calculate the offset to the next page size alignment boundary */ 2428 offset = pgsize_next - (addr_merge & (pgsize_next - 1)); 2429 2430 /* 2431 * If size is big enough to accommodate the larger page, reduce 2432 * the number of smaller pages. 2433 */ 2434 if (offset + pgsize_next <= size) 2435 size = offset; 2436 2437 out_set_count: 2438 *count = size >> pgsize_idx; 2439 return pgsize; 2440 } 2441 2442 static int __iommu_map(struct iommu_domain *domain, unsigned long iova, 2443 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2444 { 2445 const struct iommu_domain_ops *ops = domain->ops; 2446 unsigned long orig_iova = iova; 2447 unsigned int min_pagesz; 2448 size_t orig_size = size; 2449 phys_addr_t orig_paddr = paddr; 2450 int ret = 0; 2451 2452 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2453 return -EINVAL; 2454 2455 if (WARN_ON(!ops->map_pages || domain->pgsize_bitmap == 0UL)) 2456 return -ENODEV; 2457 2458 /* find out the minimum page size supported */ 2459 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2460 2461 /* 2462 * both the virtual address and the physical one, as well as 2463 * the size of the mapping, must be aligned (at least) to the 2464 * size of the smallest page supported by the hardware 2465 */ 2466 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) { 2467 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n", 2468 iova, &paddr, size, min_pagesz); 2469 return -EINVAL; 2470 } 2471 2472 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size); 2473 2474 while (size) { 2475 size_t pgsize, count, mapped = 0; 2476 2477 pgsize = iommu_pgsize(domain, iova, paddr, size, &count); 2478 2479 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n", 2480 iova, &paddr, pgsize, count); 2481 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot, 2482 gfp, &mapped); 2483 /* 2484 * Some pages may have been mapped, even if an error occurred, 2485 * so we should account for those so they can be unmapped. 2486 */ 2487 size -= mapped; 2488 2489 if (ret) 2490 break; 2491 2492 iova += mapped; 2493 paddr += mapped; 2494 } 2495 2496 /* unroll mapping in case something went wrong */ 2497 if (ret) 2498 iommu_unmap(domain, orig_iova, orig_size - size); 2499 else 2500 trace_map(orig_iova, orig_paddr, orig_size); 2501 2502 return ret; 2503 } 2504 2505 int iommu_map(struct iommu_domain *domain, unsigned long iova, 2506 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2507 { 2508 const struct iommu_domain_ops *ops = domain->ops; 2509 int ret; 2510 2511 might_sleep_if(gfpflags_allow_blocking(gfp)); 2512 2513 /* Discourage passing strange GFP flags */ 2514 if (WARN_ON_ONCE(gfp & (__GFP_COMP | __GFP_DMA | __GFP_DMA32 | 2515 __GFP_HIGHMEM))) 2516 return -EINVAL; 2517 2518 ret = __iommu_map(domain, iova, paddr, size, prot, gfp); 2519 if (ret == 0 && ops->iotlb_sync_map) { 2520 ret = ops->iotlb_sync_map(domain, iova, size); 2521 if (ret) 2522 goto out_err; 2523 } 2524 2525 return ret; 2526 2527 out_err: 2528 /* undo mappings already done */ 2529 iommu_unmap(domain, iova, size); 2530 2531 return ret; 2532 } 2533 EXPORT_SYMBOL_GPL(iommu_map); 2534 2535 static size_t __iommu_unmap(struct iommu_domain *domain, 2536 unsigned long iova, size_t size, 2537 struct iommu_iotlb_gather *iotlb_gather) 2538 { 2539 const struct iommu_domain_ops *ops = domain->ops; 2540 size_t unmapped_page, unmapped = 0; 2541 unsigned long orig_iova = iova; 2542 unsigned int min_pagesz; 2543 2544 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2545 return 0; 2546 2547 if (WARN_ON(!ops->unmap_pages || domain->pgsize_bitmap == 0UL)) 2548 return 0; 2549 2550 /* find out the minimum page size supported */ 2551 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2552 2553 /* 2554 * The virtual address, as well as the size of the mapping, must be 2555 * aligned (at least) to the size of the smallest page supported 2556 * by the hardware 2557 */ 2558 if (!IS_ALIGNED(iova | size, min_pagesz)) { 2559 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n", 2560 iova, size, min_pagesz); 2561 return 0; 2562 } 2563 2564 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size); 2565 2566 /* 2567 * Keep iterating until we either unmap 'size' bytes (or more) 2568 * or we hit an area that isn't mapped. 2569 */ 2570 while (unmapped < size) { 2571 size_t pgsize, count; 2572 2573 pgsize = iommu_pgsize(domain, iova, iova, size - unmapped, &count); 2574 unmapped_page = ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather); 2575 if (!unmapped_page) 2576 break; 2577 2578 pr_debug("unmapped: iova 0x%lx size 0x%zx\n", 2579 iova, unmapped_page); 2580 2581 iova += unmapped_page; 2582 unmapped += unmapped_page; 2583 } 2584 2585 trace_unmap(orig_iova, size, unmapped); 2586 return unmapped; 2587 } 2588 2589 size_t iommu_unmap(struct iommu_domain *domain, 2590 unsigned long iova, size_t size) 2591 { 2592 struct iommu_iotlb_gather iotlb_gather; 2593 size_t ret; 2594 2595 iommu_iotlb_gather_init(&iotlb_gather); 2596 ret = __iommu_unmap(domain, iova, size, &iotlb_gather); 2597 iommu_iotlb_sync(domain, &iotlb_gather); 2598 2599 return ret; 2600 } 2601 EXPORT_SYMBOL_GPL(iommu_unmap); 2602 2603 size_t iommu_unmap_fast(struct iommu_domain *domain, 2604 unsigned long iova, size_t size, 2605 struct iommu_iotlb_gather *iotlb_gather) 2606 { 2607 return __iommu_unmap(domain, iova, size, iotlb_gather); 2608 } 2609 EXPORT_SYMBOL_GPL(iommu_unmap_fast); 2610 2611 ssize_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2612 struct scatterlist *sg, unsigned int nents, int prot, 2613 gfp_t gfp) 2614 { 2615 const struct iommu_domain_ops *ops = domain->ops; 2616 size_t len = 0, mapped = 0; 2617 phys_addr_t start; 2618 unsigned int i = 0; 2619 int ret; 2620 2621 might_sleep_if(gfpflags_allow_blocking(gfp)); 2622 2623 /* Discourage passing strange GFP flags */ 2624 if (WARN_ON_ONCE(gfp & (__GFP_COMP | __GFP_DMA | __GFP_DMA32 | 2625 __GFP_HIGHMEM))) 2626 return -EINVAL; 2627 2628 while (i <= nents) { 2629 phys_addr_t s_phys = sg_phys(sg); 2630 2631 if (len && s_phys != start + len) { 2632 ret = __iommu_map(domain, iova + mapped, start, 2633 len, prot, gfp); 2634 2635 if (ret) 2636 goto out_err; 2637 2638 mapped += len; 2639 len = 0; 2640 } 2641 2642 if (sg_dma_is_bus_address(sg)) 2643 goto next; 2644 2645 if (len) { 2646 len += sg->length; 2647 } else { 2648 len = sg->length; 2649 start = s_phys; 2650 } 2651 2652 next: 2653 if (++i < nents) 2654 sg = sg_next(sg); 2655 } 2656 2657 if (ops->iotlb_sync_map) { 2658 ret = ops->iotlb_sync_map(domain, iova, mapped); 2659 if (ret) 2660 goto out_err; 2661 } 2662 return mapped; 2663 2664 out_err: 2665 /* undo mappings already done */ 2666 iommu_unmap(domain, iova, mapped); 2667 2668 return ret; 2669 } 2670 EXPORT_SYMBOL_GPL(iommu_map_sg); 2671 2672 /** 2673 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework 2674 * @domain: the iommu domain where the fault has happened 2675 * @dev: the device where the fault has happened 2676 * @iova: the faulting address 2677 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...) 2678 * 2679 * This function should be called by the low-level IOMMU implementations 2680 * whenever IOMMU faults happen, to allow high-level users, that are 2681 * interested in such events, to know about them. 2682 * 2683 * This event may be useful for several possible use cases: 2684 * - mere logging of the event 2685 * - dynamic TLB/PTE loading 2686 * - if restarting of the faulting device is required 2687 * 2688 * Returns 0 on success and an appropriate error code otherwise (if dynamic 2689 * PTE/TLB loading will one day be supported, implementations will be able 2690 * to tell whether it succeeded or not according to this return value). 2691 * 2692 * Specifically, -ENOSYS is returned if a fault handler isn't installed 2693 * (though fault handlers can also return -ENOSYS, in case they want to 2694 * elicit the default behavior of the IOMMU drivers). 2695 */ 2696 int report_iommu_fault(struct iommu_domain *domain, struct device *dev, 2697 unsigned long iova, int flags) 2698 { 2699 int ret = -ENOSYS; 2700 2701 /* 2702 * if upper layers showed interest and installed a fault handler, 2703 * invoke it. 2704 */ 2705 if (domain->handler) 2706 ret = domain->handler(domain, dev, iova, flags, 2707 domain->handler_token); 2708 2709 trace_io_page_fault(dev, iova, flags); 2710 return ret; 2711 } 2712 EXPORT_SYMBOL_GPL(report_iommu_fault); 2713 2714 static int __init iommu_init(void) 2715 { 2716 iommu_group_kset = kset_create_and_add("iommu_groups", 2717 NULL, kernel_kobj); 2718 BUG_ON(!iommu_group_kset); 2719 2720 iommu_debugfs_setup(); 2721 2722 return 0; 2723 } 2724 core_initcall(iommu_init); 2725 2726 int iommu_enable_nesting(struct iommu_domain *domain) 2727 { 2728 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2729 return -EINVAL; 2730 if (!domain->ops->enable_nesting) 2731 return -EINVAL; 2732 return domain->ops->enable_nesting(domain); 2733 } 2734 EXPORT_SYMBOL_GPL(iommu_enable_nesting); 2735 2736 int iommu_set_pgtable_quirks(struct iommu_domain *domain, 2737 unsigned long quirk) 2738 { 2739 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2740 return -EINVAL; 2741 if (!domain->ops->set_pgtable_quirks) 2742 return -EINVAL; 2743 return domain->ops->set_pgtable_quirks(domain, quirk); 2744 } 2745 EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks); 2746 2747 /** 2748 * iommu_get_resv_regions - get reserved regions 2749 * @dev: device for which to get reserved regions 2750 * @list: reserved region list for device 2751 * 2752 * This returns a list of reserved IOVA regions specific to this device. 2753 * A domain user should not map IOVA in these ranges. 2754 */ 2755 void iommu_get_resv_regions(struct device *dev, struct list_head *list) 2756 { 2757 const struct iommu_ops *ops = dev_iommu_ops(dev); 2758 2759 if (ops->get_resv_regions) 2760 ops->get_resv_regions(dev, list); 2761 } 2762 EXPORT_SYMBOL_GPL(iommu_get_resv_regions); 2763 2764 /** 2765 * iommu_put_resv_regions - release reserved regions 2766 * @dev: device for which to free reserved regions 2767 * @list: reserved region list for device 2768 * 2769 * This releases a reserved region list acquired by iommu_get_resv_regions(). 2770 */ 2771 void iommu_put_resv_regions(struct device *dev, struct list_head *list) 2772 { 2773 struct iommu_resv_region *entry, *next; 2774 2775 list_for_each_entry_safe(entry, next, list, list) { 2776 if (entry->free) 2777 entry->free(dev, entry); 2778 else 2779 kfree(entry); 2780 } 2781 } 2782 EXPORT_SYMBOL(iommu_put_resv_regions); 2783 2784 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start, 2785 size_t length, int prot, 2786 enum iommu_resv_type type, 2787 gfp_t gfp) 2788 { 2789 struct iommu_resv_region *region; 2790 2791 region = kzalloc(sizeof(*region), gfp); 2792 if (!region) 2793 return NULL; 2794 2795 INIT_LIST_HEAD(®ion->list); 2796 region->start = start; 2797 region->length = length; 2798 region->prot = prot; 2799 region->type = type; 2800 return region; 2801 } 2802 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region); 2803 2804 void iommu_set_default_passthrough(bool cmd_line) 2805 { 2806 if (cmd_line) 2807 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2808 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; 2809 } 2810 2811 void iommu_set_default_translated(bool cmd_line) 2812 { 2813 if (cmd_line) 2814 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2815 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 2816 } 2817 2818 bool iommu_default_passthrough(void) 2819 { 2820 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY; 2821 } 2822 EXPORT_SYMBOL_GPL(iommu_default_passthrough); 2823 2824 const struct iommu_ops *iommu_ops_from_fwnode(const struct fwnode_handle *fwnode) 2825 { 2826 const struct iommu_ops *ops = NULL; 2827 struct iommu_device *iommu; 2828 2829 spin_lock(&iommu_device_lock); 2830 list_for_each_entry(iommu, &iommu_device_list, list) 2831 if (iommu->fwnode == fwnode) { 2832 ops = iommu->ops; 2833 break; 2834 } 2835 spin_unlock(&iommu_device_lock); 2836 return ops; 2837 } 2838 2839 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode) 2840 { 2841 const struct iommu_ops *ops = iommu_ops_from_fwnode(iommu_fwnode); 2842 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2843 2844 if (!ops) 2845 return -EPROBE_DEFER; 2846 2847 if (fwspec) 2848 return ops == iommu_fwspec_ops(fwspec) ? 0 : -EINVAL; 2849 2850 if (!dev_iommu_get(dev)) 2851 return -ENOMEM; 2852 2853 /* Preallocate for the overwhelmingly common case of 1 ID */ 2854 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL); 2855 if (!fwspec) 2856 return -ENOMEM; 2857 2858 fwnode_handle_get(iommu_fwnode); 2859 fwspec->iommu_fwnode = iommu_fwnode; 2860 dev_iommu_fwspec_set(dev, fwspec); 2861 return 0; 2862 } 2863 EXPORT_SYMBOL_GPL(iommu_fwspec_init); 2864 2865 void iommu_fwspec_free(struct device *dev) 2866 { 2867 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2868 2869 if (fwspec) { 2870 fwnode_handle_put(fwspec->iommu_fwnode); 2871 kfree(fwspec); 2872 dev_iommu_fwspec_set(dev, NULL); 2873 } 2874 } 2875 EXPORT_SYMBOL_GPL(iommu_fwspec_free); 2876 2877 int iommu_fwspec_add_ids(struct device *dev, const u32 *ids, int num_ids) 2878 { 2879 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2880 int i, new_num; 2881 2882 if (!fwspec) 2883 return -EINVAL; 2884 2885 new_num = fwspec->num_ids + num_ids; 2886 if (new_num > 1) { 2887 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num), 2888 GFP_KERNEL); 2889 if (!fwspec) 2890 return -ENOMEM; 2891 2892 dev_iommu_fwspec_set(dev, fwspec); 2893 } 2894 2895 for (i = 0; i < num_ids; i++) 2896 fwspec->ids[fwspec->num_ids + i] = ids[i]; 2897 2898 fwspec->num_ids = new_num; 2899 return 0; 2900 } 2901 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids); 2902 2903 /* 2904 * Per device IOMMU features. 2905 */ 2906 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat) 2907 { 2908 if (dev_has_iommu(dev)) { 2909 const struct iommu_ops *ops = dev_iommu_ops(dev); 2910 2911 if (ops->dev_enable_feat) 2912 return ops->dev_enable_feat(dev, feat); 2913 } 2914 2915 return -ENODEV; 2916 } 2917 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature); 2918 2919 /* 2920 * The device drivers should do the necessary cleanups before calling this. 2921 */ 2922 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat) 2923 { 2924 if (dev_has_iommu(dev)) { 2925 const struct iommu_ops *ops = dev_iommu_ops(dev); 2926 2927 if (ops->dev_disable_feat) 2928 return ops->dev_disable_feat(dev, feat); 2929 } 2930 2931 return -EBUSY; 2932 } 2933 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature); 2934 2935 /** 2936 * iommu_setup_default_domain - Set the default_domain for the group 2937 * @group: Group to change 2938 * @target_type: Domain type to set as the default_domain 2939 * 2940 * Allocate a default domain and set it as the current domain on the group. If 2941 * the group already has a default domain it will be changed to the target_type. 2942 * When target_type is 0 the default domain is selected based on driver and 2943 * system preferences. 2944 */ 2945 static int iommu_setup_default_domain(struct iommu_group *group, 2946 int target_type) 2947 { 2948 struct iommu_domain *old_dom = group->default_domain; 2949 struct group_device *gdev; 2950 struct iommu_domain *dom; 2951 bool direct_failed; 2952 int req_type; 2953 int ret; 2954 2955 lockdep_assert_held(&group->mutex); 2956 2957 req_type = iommu_get_default_domain_type(group, target_type); 2958 if (req_type < 0) 2959 return -EINVAL; 2960 2961 dom = iommu_group_alloc_default_domain(group, req_type); 2962 if (IS_ERR(dom)) 2963 return PTR_ERR(dom); 2964 2965 if (group->default_domain == dom) 2966 return 0; 2967 2968 /* 2969 * IOMMU_RESV_DIRECT and IOMMU_RESV_DIRECT_RELAXABLE regions must be 2970 * mapped before their device is attached, in order to guarantee 2971 * continuity with any FW activity 2972 */ 2973 direct_failed = false; 2974 for_each_group_device(group, gdev) { 2975 if (iommu_create_device_direct_mappings(dom, gdev->dev)) { 2976 direct_failed = true; 2977 dev_warn_once( 2978 gdev->dev->iommu->iommu_dev->dev, 2979 "IOMMU driver was not able to establish FW requested direct mapping."); 2980 } 2981 } 2982 2983 /* We must set default_domain early for __iommu_device_set_domain */ 2984 group->default_domain = dom; 2985 if (!group->domain) { 2986 /* 2987 * Drivers are not allowed to fail the first domain attach. 2988 * The only way to recover from this is to fail attaching the 2989 * iommu driver and call ops->release_device. Put the domain 2990 * in group->default_domain so it is freed after. 2991 */ 2992 ret = __iommu_group_set_domain_internal( 2993 group, dom, IOMMU_SET_DOMAIN_MUST_SUCCEED); 2994 if (WARN_ON(ret)) 2995 goto out_free_old; 2996 } else { 2997 ret = __iommu_group_set_domain(group, dom); 2998 if (ret) 2999 goto err_restore_def_domain; 3000 } 3001 3002 /* 3003 * Drivers are supposed to allow mappings to be installed in a domain 3004 * before device attachment, but some don't. Hack around this defect by 3005 * trying again after attaching. If this happens it means the device 3006 * will not continuously have the IOMMU_RESV_DIRECT map. 3007 */ 3008 if (direct_failed) { 3009 for_each_group_device(group, gdev) { 3010 ret = iommu_create_device_direct_mappings(dom, gdev->dev); 3011 if (ret) 3012 goto err_restore_domain; 3013 } 3014 } 3015 3016 out_free_old: 3017 if (old_dom) 3018 iommu_domain_free(old_dom); 3019 return ret; 3020 3021 err_restore_domain: 3022 if (old_dom) 3023 __iommu_group_set_domain_internal( 3024 group, old_dom, IOMMU_SET_DOMAIN_MUST_SUCCEED); 3025 err_restore_def_domain: 3026 if (old_dom) { 3027 iommu_domain_free(dom); 3028 group->default_domain = old_dom; 3029 } 3030 return ret; 3031 } 3032 3033 /* 3034 * Changing the default domain through sysfs requires the users to unbind the 3035 * drivers from the devices in the iommu group, except for a DMA -> DMA-FQ 3036 * transition. Return failure if this isn't met. 3037 * 3038 * We need to consider the race between this and the device release path. 3039 * group->mutex is used here to guarantee that the device release path 3040 * will not be entered at the same time. 3041 */ 3042 static ssize_t iommu_group_store_type(struct iommu_group *group, 3043 const char *buf, size_t count) 3044 { 3045 struct group_device *gdev; 3046 int ret, req_type; 3047 3048 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) 3049 return -EACCES; 3050 3051 if (WARN_ON(!group) || !group->default_domain) 3052 return -EINVAL; 3053 3054 if (sysfs_streq(buf, "identity")) 3055 req_type = IOMMU_DOMAIN_IDENTITY; 3056 else if (sysfs_streq(buf, "DMA")) 3057 req_type = IOMMU_DOMAIN_DMA; 3058 else if (sysfs_streq(buf, "DMA-FQ")) 3059 req_type = IOMMU_DOMAIN_DMA_FQ; 3060 else if (sysfs_streq(buf, "auto")) 3061 req_type = 0; 3062 else 3063 return -EINVAL; 3064 3065 mutex_lock(&group->mutex); 3066 /* We can bring up a flush queue without tearing down the domain. */ 3067 if (req_type == IOMMU_DOMAIN_DMA_FQ && 3068 group->default_domain->type == IOMMU_DOMAIN_DMA) { 3069 ret = iommu_dma_init_fq(group->default_domain); 3070 if (ret) 3071 goto out_unlock; 3072 3073 group->default_domain->type = IOMMU_DOMAIN_DMA_FQ; 3074 ret = count; 3075 goto out_unlock; 3076 } 3077 3078 /* Otherwise, ensure that device exists and no driver is bound. */ 3079 if (list_empty(&group->devices) || group->owner_cnt) { 3080 ret = -EPERM; 3081 goto out_unlock; 3082 } 3083 3084 ret = iommu_setup_default_domain(group, req_type); 3085 if (ret) 3086 goto out_unlock; 3087 3088 /* Make sure dma_ops is appropriatley set */ 3089 for_each_group_device(group, gdev) 3090 iommu_setup_dma_ops(gdev->dev); 3091 3092 out_unlock: 3093 mutex_unlock(&group->mutex); 3094 return ret ?: count; 3095 } 3096 3097 /** 3098 * iommu_device_use_default_domain() - Device driver wants to handle device 3099 * DMA through the kernel DMA API. 3100 * @dev: The device. 3101 * 3102 * The device driver about to bind @dev wants to do DMA through the kernel 3103 * DMA API. Return 0 if it is allowed, otherwise an error. 3104 */ 3105 int iommu_device_use_default_domain(struct device *dev) 3106 { 3107 /* Caller is the driver core during the pre-probe path */ 3108 struct iommu_group *group = dev->iommu_group; 3109 int ret = 0; 3110 3111 if (!group) 3112 return 0; 3113 3114 mutex_lock(&group->mutex); 3115 if (group->owner_cnt) { 3116 if (group->domain != group->default_domain || group->owner || 3117 !xa_empty(&group->pasid_array)) { 3118 ret = -EBUSY; 3119 goto unlock_out; 3120 } 3121 } 3122 3123 group->owner_cnt++; 3124 3125 unlock_out: 3126 mutex_unlock(&group->mutex); 3127 return ret; 3128 } 3129 3130 /** 3131 * iommu_device_unuse_default_domain() - Device driver stops handling device 3132 * DMA through the kernel DMA API. 3133 * @dev: The device. 3134 * 3135 * The device driver doesn't want to do DMA through kernel DMA API anymore. 3136 * It must be called after iommu_device_use_default_domain(). 3137 */ 3138 void iommu_device_unuse_default_domain(struct device *dev) 3139 { 3140 /* Caller is the driver core during the post-probe path */ 3141 struct iommu_group *group = dev->iommu_group; 3142 3143 if (!group) 3144 return; 3145 3146 mutex_lock(&group->mutex); 3147 if (!WARN_ON(!group->owner_cnt || !xa_empty(&group->pasid_array))) 3148 group->owner_cnt--; 3149 3150 mutex_unlock(&group->mutex); 3151 } 3152 3153 static int __iommu_group_alloc_blocking_domain(struct iommu_group *group) 3154 { 3155 struct iommu_domain *domain; 3156 3157 if (group->blocking_domain) 3158 return 0; 3159 3160 domain = __iommu_group_domain_alloc(group, IOMMU_DOMAIN_BLOCKED); 3161 if (IS_ERR(domain)) { 3162 /* 3163 * For drivers that do not yet understand IOMMU_DOMAIN_BLOCKED 3164 * create an empty domain instead. 3165 */ 3166 domain = __iommu_group_domain_alloc(group, 3167 IOMMU_DOMAIN_UNMANAGED); 3168 if (IS_ERR(domain)) 3169 return PTR_ERR(domain); 3170 } 3171 group->blocking_domain = domain; 3172 return 0; 3173 } 3174 3175 static int __iommu_take_dma_ownership(struct iommu_group *group, void *owner) 3176 { 3177 int ret; 3178 3179 if ((group->domain && group->domain != group->default_domain) || 3180 !xa_empty(&group->pasid_array)) 3181 return -EBUSY; 3182 3183 ret = __iommu_group_alloc_blocking_domain(group); 3184 if (ret) 3185 return ret; 3186 ret = __iommu_group_set_domain(group, group->blocking_domain); 3187 if (ret) 3188 return ret; 3189 3190 group->owner = owner; 3191 group->owner_cnt++; 3192 return 0; 3193 } 3194 3195 /** 3196 * iommu_group_claim_dma_owner() - Set DMA ownership of a group 3197 * @group: The group. 3198 * @owner: Caller specified pointer. Used for exclusive ownership. 3199 * 3200 * This is to support backward compatibility for vfio which manages the dma 3201 * ownership in iommu_group level. New invocations on this interface should be 3202 * prohibited. Only a single owner may exist for a group. 3203 */ 3204 int iommu_group_claim_dma_owner(struct iommu_group *group, void *owner) 3205 { 3206 int ret = 0; 3207 3208 if (WARN_ON(!owner)) 3209 return -EINVAL; 3210 3211 mutex_lock(&group->mutex); 3212 if (group->owner_cnt) { 3213 ret = -EPERM; 3214 goto unlock_out; 3215 } 3216 3217 ret = __iommu_take_dma_ownership(group, owner); 3218 unlock_out: 3219 mutex_unlock(&group->mutex); 3220 3221 return ret; 3222 } 3223 EXPORT_SYMBOL_GPL(iommu_group_claim_dma_owner); 3224 3225 /** 3226 * iommu_device_claim_dma_owner() - Set DMA ownership of a device 3227 * @dev: The device. 3228 * @owner: Caller specified pointer. Used for exclusive ownership. 3229 * 3230 * Claim the DMA ownership of a device. Multiple devices in the same group may 3231 * concurrently claim ownership if they present the same owner value. Returns 0 3232 * on success and error code on failure 3233 */ 3234 int iommu_device_claim_dma_owner(struct device *dev, void *owner) 3235 { 3236 /* Caller must be a probed driver on dev */ 3237 struct iommu_group *group = dev->iommu_group; 3238 int ret = 0; 3239 3240 if (WARN_ON(!owner)) 3241 return -EINVAL; 3242 3243 if (!group) 3244 return -ENODEV; 3245 3246 mutex_lock(&group->mutex); 3247 if (group->owner_cnt) { 3248 if (group->owner != owner) { 3249 ret = -EPERM; 3250 goto unlock_out; 3251 } 3252 group->owner_cnt++; 3253 goto unlock_out; 3254 } 3255 3256 ret = __iommu_take_dma_ownership(group, owner); 3257 unlock_out: 3258 mutex_unlock(&group->mutex); 3259 return ret; 3260 } 3261 EXPORT_SYMBOL_GPL(iommu_device_claim_dma_owner); 3262 3263 static void __iommu_release_dma_ownership(struct iommu_group *group) 3264 { 3265 if (WARN_ON(!group->owner_cnt || !group->owner || 3266 !xa_empty(&group->pasid_array))) 3267 return; 3268 3269 group->owner_cnt = 0; 3270 group->owner = NULL; 3271 __iommu_group_set_domain_nofail(group, group->default_domain); 3272 } 3273 3274 /** 3275 * iommu_group_release_dma_owner() - Release DMA ownership of a group 3276 * @group: The group 3277 * 3278 * Release the DMA ownership claimed by iommu_group_claim_dma_owner(). 3279 */ 3280 void iommu_group_release_dma_owner(struct iommu_group *group) 3281 { 3282 mutex_lock(&group->mutex); 3283 __iommu_release_dma_ownership(group); 3284 mutex_unlock(&group->mutex); 3285 } 3286 EXPORT_SYMBOL_GPL(iommu_group_release_dma_owner); 3287 3288 /** 3289 * iommu_device_release_dma_owner() - Release DMA ownership of a device 3290 * @dev: The device. 3291 * 3292 * Release the DMA ownership claimed by iommu_device_claim_dma_owner(). 3293 */ 3294 void iommu_device_release_dma_owner(struct device *dev) 3295 { 3296 /* Caller must be a probed driver on dev */ 3297 struct iommu_group *group = dev->iommu_group; 3298 3299 mutex_lock(&group->mutex); 3300 if (group->owner_cnt > 1) 3301 group->owner_cnt--; 3302 else 3303 __iommu_release_dma_ownership(group); 3304 mutex_unlock(&group->mutex); 3305 } 3306 EXPORT_SYMBOL_GPL(iommu_device_release_dma_owner); 3307 3308 /** 3309 * iommu_group_dma_owner_claimed() - Query group dma ownership status 3310 * @group: The group. 3311 * 3312 * This provides status query on a given group. It is racy and only for 3313 * non-binding status reporting. 3314 */ 3315 bool iommu_group_dma_owner_claimed(struct iommu_group *group) 3316 { 3317 unsigned int user; 3318 3319 mutex_lock(&group->mutex); 3320 user = group->owner_cnt; 3321 mutex_unlock(&group->mutex); 3322 3323 return user; 3324 } 3325 EXPORT_SYMBOL_GPL(iommu_group_dma_owner_claimed); 3326 3327 static int __iommu_set_group_pasid(struct iommu_domain *domain, 3328 struct iommu_group *group, ioasid_t pasid) 3329 { 3330 struct group_device *device, *last_gdev; 3331 int ret; 3332 3333 for_each_group_device(group, device) { 3334 ret = domain->ops->set_dev_pasid(domain, device->dev, pasid); 3335 if (ret) 3336 goto err_revert; 3337 } 3338 3339 return 0; 3340 3341 err_revert: 3342 last_gdev = device; 3343 for_each_group_device(group, device) { 3344 const struct iommu_ops *ops = dev_iommu_ops(device->dev); 3345 3346 if (device == last_gdev) 3347 break; 3348 ops->remove_dev_pasid(device->dev, pasid, domain); 3349 } 3350 return ret; 3351 } 3352 3353 static void __iommu_remove_group_pasid(struct iommu_group *group, 3354 ioasid_t pasid, 3355 struct iommu_domain *domain) 3356 { 3357 struct group_device *device; 3358 const struct iommu_ops *ops; 3359 3360 for_each_group_device(group, device) { 3361 ops = dev_iommu_ops(device->dev); 3362 ops->remove_dev_pasid(device->dev, pasid, domain); 3363 } 3364 } 3365 3366 /* 3367 * iommu_attach_device_pasid() - Attach a domain to pasid of device 3368 * @domain: the iommu domain. 3369 * @dev: the attached device. 3370 * @pasid: the pasid of the device. 3371 * @handle: the attach handle. 3372 * 3373 * Return: 0 on success, or an error. 3374 */ 3375 int iommu_attach_device_pasid(struct iommu_domain *domain, 3376 struct device *dev, ioasid_t pasid, 3377 struct iommu_attach_handle *handle) 3378 { 3379 /* Caller must be a probed driver on dev */ 3380 struct iommu_group *group = dev->iommu_group; 3381 struct group_device *device; 3382 int ret; 3383 3384 if (!domain->ops->set_dev_pasid) 3385 return -EOPNOTSUPP; 3386 3387 if (!group) 3388 return -ENODEV; 3389 3390 if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner || 3391 pasid == IOMMU_NO_PASID) 3392 return -EINVAL; 3393 3394 mutex_lock(&group->mutex); 3395 for_each_group_device(group, device) { 3396 if (pasid >= device->dev->iommu->max_pasids) { 3397 ret = -EINVAL; 3398 goto out_unlock; 3399 } 3400 } 3401 3402 if (handle) 3403 handle->domain = domain; 3404 3405 ret = xa_insert(&group->pasid_array, pasid, handle, GFP_KERNEL); 3406 if (ret) 3407 goto out_unlock; 3408 3409 ret = __iommu_set_group_pasid(domain, group, pasid); 3410 if (ret) 3411 xa_erase(&group->pasid_array, pasid); 3412 out_unlock: 3413 mutex_unlock(&group->mutex); 3414 return ret; 3415 } 3416 EXPORT_SYMBOL_GPL(iommu_attach_device_pasid); 3417 3418 /* 3419 * iommu_detach_device_pasid() - Detach the domain from pasid of device 3420 * @domain: the iommu domain. 3421 * @dev: the attached device. 3422 * @pasid: the pasid of the device. 3423 * 3424 * The @domain must have been attached to @pasid of the @dev with 3425 * iommu_attach_device_pasid(). 3426 */ 3427 void iommu_detach_device_pasid(struct iommu_domain *domain, struct device *dev, 3428 ioasid_t pasid) 3429 { 3430 /* Caller must be a probed driver on dev */ 3431 struct iommu_group *group = dev->iommu_group; 3432 3433 mutex_lock(&group->mutex); 3434 __iommu_remove_group_pasid(group, pasid, domain); 3435 xa_erase(&group->pasid_array, pasid); 3436 mutex_unlock(&group->mutex); 3437 } 3438 EXPORT_SYMBOL_GPL(iommu_detach_device_pasid); 3439 3440 ioasid_t iommu_alloc_global_pasid(struct device *dev) 3441 { 3442 int ret; 3443 3444 /* max_pasids == 0 means that the device does not support PASID */ 3445 if (!dev->iommu->max_pasids) 3446 return IOMMU_PASID_INVALID; 3447 3448 /* 3449 * max_pasids is set up by vendor driver based on number of PASID bits 3450 * supported but the IDA allocation is inclusive. 3451 */ 3452 ret = ida_alloc_range(&iommu_global_pasid_ida, IOMMU_FIRST_GLOBAL_PASID, 3453 dev->iommu->max_pasids - 1, GFP_KERNEL); 3454 return ret < 0 ? IOMMU_PASID_INVALID : ret; 3455 } 3456 EXPORT_SYMBOL_GPL(iommu_alloc_global_pasid); 3457 3458 void iommu_free_global_pasid(ioasid_t pasid) 3459 { 3460 if (WARN_ON(pasid == IOMMU_PASID_INVALID)) 3461 return; 3462 3463 ida_free(&iommu_global_pasid_ida, pasid); 3464 } 3465 EXPORT_SYMBOL_GPL(iommu_free_global_pasid); 3466 3467 /** 3468 * iommu_attach_handle_get - Return the attach handle 3469 * @group: the iommu group that domain was attached to 3470 * @pasid: the pasid within the group 3471 * @type: matched domain type, 0 for any match 3472 * 3473 * Return handle or ERR_PTR(-ENOENT) on none, ERR_PTR(-EBUSY) on mismatch. 3474 * 3475 * Return the attach handle to the caller. The life cycle of an iommu attach 3476 * handle is from the time when the domain is attached to the time when the 3477 * domain is detached. Callers are required to synchronize the call of 3478 * iommu_attach_handle_get() with domain attachment and detachment. The attach 3479 * handle can only be used during its life cycle. 3480 */ 3481 struct iommu_attach_handle * 3482 iommu_attach_handle_get(struct iommu_group *group, ioasid_t pasid, unsigned int type) 3483 { 3484 struct iommu_attach_handle *handle; 3485 3486 xa_lock(&group->pasid_array); 3487 handle = xa_load(&group->pasid_array, pasid); 3488 if (!handle) 3489 handle = ERR_PTR(-ENOENT); 3490 else if (type && handle->domain->type != type) 3491 handle = ERR_PTR(-EBUSY); 3492 xa_unlock(&group->pasid_array); 3493 3494 return handle; 3495 } 3496 EXPORT_SYMBOL_NS_GPL(iommu_attach_handle_get, IOMMUFD_INTERNAL); 3497 3498 /** 3499 * iommu_attach_group_handle - Attach an IOMMU domain to an IOMMU group 3500 * @domain: IOMMU domain to attach 3501 * @group: IOMMU group that will be attached 3502 * @handle: attach handle 3503 * 3504 * Returns 0 on success and error code on failure. 3505 * 3506 * This is a variant of iommu_attach_group(). It allows the caller to provide 3507 * an attach handle and use it when the domain is attached. This is currently 3508 * used by IOMMUFD to deliver the I/O page faults. 3509 */ 3510 int iommu_attach_group_handle(struct iommu_domain *domain, 3511 struct iommu_group *group, 3512 struct iommu_attach_handle *handle) 3513 { 3514 int ret; 3515 3516 if (handle) 3517 handle->domain = domain; 3518 3519 mutex_lock(&group->mutex); 3520 ret = xa_insert(&group->pasid_array, IOMMU_NO_PASID, handle, GFP_KERNEL); 3521 if (ret) 3522 goto err_unlock; 3523 3524 ret = __iommu_attach_group(domain, group); 3525 if (ret) 3526 goto err_erase; 3527 mutex_unlock(&group->mutex); 3528 3529 return 0; 3530 err_erase: 3531 xa_erase(&group->pasid_array, IOMMU_NO_PASID); 3532 err_unlock: 3533 mutex_unlock(&group->mutex); 3534 return ret; 3535 } 3536 EXPORT_SYMBOL_NS_GPL(iommu_attach_group_handle, IOMMUFD_INTERNAL); 3537 3538 /** 3539 * iommu_detach_group_handle - Detach an IOMMU domain from an IOMMU group 3540 * @domain: IOMMU domain to attach 3541 * @group: IOMMU group that will be attached 3542 * 3543 * Detach the specified IOMMU domain from the specified IOMMU group. 3544 * It must be used in conjunction with iommu_attach_group_handle(). 3545 */ 3546 void iommu_detach_group_handle(struct iommu_domain *domain, 3547 struct iommu_group *group) 3548 { 3549 mutex_lock(&group->mutex); 3550 __iommu_group_set_core_domain(group); 3551 xa_erase(&group->pasid_array, IOMMU_NO_PASID); 3552 mutex_unlock(&group->mutex); 3553 } 3554 EXPORT_SYMBOL_NS_GPL(iommu_detach_group_handle, IOMMUFD_INTERNAL); 3555 3556 /** 3557 * iommu_replace_group_handle - replace the domain that a group is attached to 3558 * @group: IOMMU group that will be attached to the new domain 3559 * @new_domain: new IOMMU domain to replace with 3560 * @handle: attach handle 3561 * 3562 * This is a variant of iommu_group_replace_domain(). It allows the caller to 3563 * provide an attach handle for the new domain and use it when the domain is 3564 * attached. 3565 */ 3566 int iommu_replace_group_handle(struct iommu_group *group, 3567 struct iommu_domain *new_domain, 3568 struct iommu_attach_handle *handle) 3569 { 3570 void *curr; 3571 int ret; 3572 3573 if (!new_domain) 3574 return -EINVAL; 3575 3576 mutex_lock(&group->mutex); 3577 if (handle) { 3578 ret = xa_reserve(&group->pasid_array, IOMMU_NO_PASID, GFP_KERNEL); 3579 if (ret) 3580 goto err_unlock; 3581 } 3582 3583 ret = __iommu_group_set_domain(group, new_domain); 3584 if (ret) 3585 goto err_release; 3586 3587 curr = xa_store(&group->pasid_array, IOMMU_NO_PASID, handle, GFP_KERNEL); 3588 WARN_ON(xa_is_err(curr)); 3589 3590 mutex_unlock(&group->mutex); 3591 3592 return 0; 3593 err_release: 3594 xa_release(&group->pasid_array, IOMMU_NO_PASID); 3595 err_unlock: 3596 mutex_unlock(&group->mutex); 3597 return ret; 3598 } 3599 EXPORT_SYMBOL_NS_GPL(iommu_replace_group_handle, IOMMUFD_INTERNAL); 3600