1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc. 4 * Author: Joerg Roedel <jroedel@suse.de> 5 */ 6 7 #define pr_fmt(fmt) "iommu: " fmt 8 9 #include <linux/device.h> 10 #include <linux/dma-iommu.h> 11 #include <linux/kernel.h> 12 #include <linux/bits.h> 13 #include <linux/bug.h> 14 #include <linux/types.h> 15 #include <linux/init.h> 16 #include <linux/export.h> 17 #include <linux/slab.h> 18 #include <linux/errno.h> 19 #include <linux/iommu.h> 20 #include <linux/idr.h> 21 #include <linux/notifier.h> 22 #include <linux/err.h> 23 #include <linux/pci.h> 24 #include <linux/bitops.h> 25 #include <linux/property.h> 26 #include <linux/fsl/mc.h> 27 #include <linux/module.h> 28 #include <trace/events/iommu.h> 29 30 static struct kset *iommu_group_kset; 31 static DEFINE_IDA(iommu_group_ida); 32 33 static unsigned int iommu_def_domain_type __read_mostly; 34 static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_STRICT); 35 static u32 iommu_cmd_line __read_mostly; 36 37 struct iommu_group { 38 struct kobject kobj; 39 struct kobject *devices_kobj; 40 struct list_head devices; 41 struct mutex mutex; 42 struct blocking_notifier_head notifier; 43 void *iommu_data; 44 void (*iommu_data_release)(void *iommu_data); 45 char *name; 46 int id; 47 struct iommu_domain *default_domain; 48 struct iommu_domain *domain; 49 struct list_head entry; 50 }; 51 52 struct group_device { 53 struct list_head list; 54 struct device *dev; 55 char *name; 56 }; 57 58 struct iommu_group_attribute { 59 struct attribute attr; 60 ssize_t (*show)(struct iommu_group *group, char *buf); 61 ssize_t (*store)(struct iommu_group *group, 62 const char *buf, size_t count); 63 }; 64 65 static const char * const iommu_group_resv_type_string[] = { 66 [IOMMU_RESV_DIRECT] = "direct", 67 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable", 68 [IOMMU_RESV_RESERVED] = "reserved", 69 [IOMMU_RESV_MSI] = "msi", 70 [IOMMU_RESV_SW_MSI] = "msi", 71 }; 72 73 #define IOMMU_CMD_LINE_DMA_API BIT(0) 74 #define IOMMU_CMD_LINE_STRICT BIT(1) 75 76 static int iommu_alloc_default_domain(struct iommu_group *group, 77 struct device *dev); 78 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 79 unsigned type); 80 static int __iommu_attach_device(struct iommu_domain *domain, 81 struct device *dev); 82 static int __iommu_attach_group(struct iommu_domain *domain, 83 struct iommu_group *group); 84 static void __iommu_detach_group(struct iommu_domain *domain, 85 struct iommu_group *group); 86 static int iommu_create_device_direct_mappings(struct iommu_group *group, 87 struct device *dev); 88 static struct iommu_group *iommu_group_get_for_dev(struct device *dev); 89 static ssize_t iommu_group_store_type(struct iommu_group *group, 90 const char *buf, size_t count); 91 92 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \ 93 struct iommu_group_attribute iommu_group_attr_##_name = \ 94 __ATTR(_name, _mode, _show, _store) 95 96 #define to_iommu_group_attr(_attr) \ 97 container_of(_attr, struct iommu_group_attribute, attr) 98 #define to_iommu_group(_kobj) \ 99 container_of(_kobj, struct iommu_group, kobj) 100 101 static LIST_HEAD(iommu_device_list); 102 static DEFINE_SPINLOCK(iommu_device_lock); 103 104 /* 105 * Use a function instead of an array here because the domain-type is a 106 * bit-field, so an array would waste memory. 107 */ 108 static const char *iommu_domain_type_str(unsigned int t) 109 { 110 switch (t) { 111 case IOMMU_DOMAIN_BLOCKED: 112 return "Blocked"; 113 case IOMMU_DOMAIN_IDENTITY: 114 return "Passthrough"; 115 case IOMMU_DOMAIN_UNMANAGED: 116 return "Unmanaged"; 117 case IOMMU_DOMAIN_DMA: 118 case IOMMU_DOMAIN_DMA_FQ: 119 return "Translated"; 120 default: 121 return "Unknown"; 122 } 123 } 124 125 static int __init iommu_subsys_init(void) 126 { 127 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) { 128 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH)) 129 iommu_set_default_passthrough(false); 130 else 131 iommu_set_default_translated(false); 132 133 if (iommu_default_passthrough() && mem_encrypt_active()) { 134 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n"); 135 iommu_set_default_translated(false); 136 } 137 } 138 139 if (!iommu_default_passthrough() && !iommu_dma_strict) 140 iommu_def_domain_type = IOMMU_DOMAIN_DMA_FQ; 141 142 pr_info("Default domain type: %s %s\n", 143 iommu_domain_type_str(iommu_def_domain_type), 144 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ? 145 "(set via kernel command line)" : ""); 146 147 pr_info("DMA domain TLB invalidation policy: %s mode %s\n", 148 iommu_dma_strict ? "strict" : "lazy", 149 (iommu_cmd_line & IOMMU_CMD_LINE_STRICT) ? 150 "(set via kernel command line)" : ""); 151 152 return 0; 153 } 154 subsys_initcall(iommu_subsys_init); 155 156 /** 157 * iommu_device_register() - Register an IOMMU hardware instance 158 * @iommu: IOMMU handle for the instance 159 * @ops: IOMMU ops to associate with the instance 160 * @hwdev: (optional) actual instance device, used for fwnode lookup 161 * 162 * Return: 0 on success, or an error. 163 */ 164 int iommu_device_register(struct iommu_device *iommu, 165 const struct iommu_ops *ops, struct device *hwdev) 166 { 167 /* We need to be able to take module references appropriately */ 168 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner)) 169 return -EINVAL; 170 171 iommu->ops = ops; 172 if (hwdev) 173 iommu->fwnode = hwdev->fwnode; 174 175 spin_lock(&iommu_device_lock); 176 list_add_tail(&iommu->list, &iommu_device_list); 177 spin_unlock(&iommu_device_lock); 178 return 0; 179 } 180 EXPORT_SYMBOL_GPL(iommu_device_register); 181 182 void iommu_device_unregister(struct iommu_device *iommu) 183 { 184 spin_lock(&iommu_device_lock); 185 list_del(&iommu->list); 186 spin_unlock(&iommu_device_lock); 187 } 188 EXPORT_SYMBOL_GPL(iommu_device_unregister); 189 190 static struct dev_iommu *dev_iommu_get(struct device *dev) 191 { 192 struct dev_iommu *param = dev->iommu; 193 194 if (param) 195 return param; 196 197 param = kzalloc(sizeof(*param), GFP_KERNEL); 198 if (!param) 199 return NULL; 200 201 mutex_init(¶m->lock); 202 dev->iommu = param; 203 return param; 204 } 205 206 static void dev_iommu_free(struct device *dev) 207 { 208 iommu_fwspec_free(dev); 209 kfree(dev->iommu); 210 dev->iommu = NULL; 211 } 212 213 static int __iommu_probe_device(struct device *dev, struct list_head *group_list) 214 { 215 const struct iommu_ops *ops = dev->bus->iommu_ops; 216 struct iommu_device *iommu_dev; 217 struct iommu_group *group; 218 int ret; 219 220 if (!ops) 221 return -ENODEV; 222 223 if (!dev_iommu_get(dev)) 224 return -ENOMEM; 225 226 if (!try_module_get(ops->owner)) { 227 ret = -EINVAL; 228 goto err_free; 229 } 230 231 iommu_dev = ops->probe_device(dev); 232 if (IS_ERR(iommu_dev)) { 233 ret = PTR_ERR(iommu_dev); 234 goto out_module_put; 235 } 236 237 dev->iommu->iommu_dev = iommu_dev; 238 239 group = iommu_group_get_for_dev(dev); 240 if (IS_ERR(group)) { 241 ret = PTR_ERR(group); 242 goto out_release; 243 } 244 iommu_group_put(group); 245 246 if (group_list && !group->default_domain && list_empty(&group->entry)) 247 list_add_tail(&group->entry, group_list); 248 249 iommu_device_link(iommu_dev, dev); 250 251 return 0; 252 253 out_release: 254 ops->release_device(dev); 255 256 out_module_put: 257 module_put(ops->owner); 258 259 err_free: 260 dev_iommu_free(dev); 261 262 return ret; 263 } 264 265 int iommu_probe_device(struct device *dev) 266 { 267 const struct iommu_ops *ops = dev->bus->iommu_ops; 268 struct iommu_group *group; 269 int ret; 270 271 ret = __iommu_probe_device(dev, NULL); 272 if (ret) 273 goto err_out; 274 275 group = iommu_group_get(dev); 276 if (!group) { 277 ret = -ENODEV; 278 goto err_release; 279 } 280 281 /* 282 * Try to allocate a default domain - needs support from the 283 * IOMMU driver. There are still some drivers which don't 284 * support default domains, so the return value is not yet 285 * checked. 286 */ 287 iommu_alloc_default_domain(group, dev); 288 289 if (group->default_domain) { 290 ret = __iommu_attach_device(group->default_domain, dev); 291 if (ret) { 292 iommu_group_put(group); 293 goto err_release; 294 } 295 } 296 297 iommu_create_device_direct_mappings(group, dev); 298 299 iommu_group_put(group); 300 301 if (ops->probe_finalize) 302 ops->probe_finalize(dev); 303 304 return 0; 305 306 err_release: 307 iommu_release_device(dev); 308 309 err_out: 310 return ret; 311 312 } 313 314 void iommu_release_device(struct device *dev) 315 { 316 const struct iommu_ops *ops = dev->bus->iommu_ops; 317 318 if (!dev->iommu) 319 return; 320 321 iommu_device_unlink(dev->iommu->iommu_dev, dev); 322 323 ops->release_device(dev); 324 325 iommu_group_remove_device(dev); 326 module_put(ops->owner); 327 dev_iommu_free(dev); 328 } 329 330 static int __init iommu_set_def_domain_type(char *str) 331 { 332 bool pt; 333 int ret; 334 335 ret = kstrtobool(str, &pt); 336 if (ret) 337 return ret; 338 339 if (pt) 340 iommu_set_default_passthrough(true); 341 else 342 iommu_set_default_translated(true); 343 344 return 0; 345 } 346 early_param("iommu.passthrough", iommu_set_def_domain_type); 347 348 static int __init iommu_dma_setup(char *str) 349 { 350 int ret = kstrtobool(str, &iommu_dma_strict); 351 352 if (!ret) 353 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT; 354 return ret; 355 } 356 early_param("iommu.strict", iommu_dma_setup); 357 358 void iommu_set_dma_strict(void) 359 { 360 iommu_dma_strict = true; 361 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA_FQ) 362 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 363 } 364 365 static ssize_t iommu_group_attr_show(struct kobject *kobj, 366 struct attribute *__attr, char *buf) 367 { 368 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 369 struct iommu_group *group = to_iommu_group(kobj); 370 ssize_t ret = -EIO; 371 372 if (attr->show) 373 ret = attr->show(group, buf); 374 return ret; 375 } 376 377 static ssize_t iommu_group_attr_store(struct kobject *kobj, 378 struct attribute *__attr, 379 const char *buf, size_t count) 380 { 381 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 382 struct iommu_group *group = to_iommu_group(kobj); 383 ssize_t ret = -EIO; 384 385 if (attr->store) 386 ret = attr->store(group, buf, count); 387 return ret; 388 } 389 390 static const struct sysfs_ops iommu_group_sysfs_ops = { 391 .show = iommu_group_attr_show, 392 .store = iommu_group_attr_store, 393 }; 394 395 static int iommu_group_create_file(struct iommu_group *group, 396 struct iommu_group_attribute *attr) 397 { 398 return sysfs_create_file(&group->kobj, &attr->attr); 399 } 400 401 static void iommu_group_remove_file(struct iommu_group *group, 402 struct iommu_group_attribute *attr) 403 { 404 sysfs_remove_file(&group->kobj, &attr->attr); 405 } 406 407 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf) 408 { 409 return sprintf(buf, "%s\n", group->name); 410 } 411 412 /** 413 * iommu_insert_resv_region - Insert a new region in the 414 * list of reserved regions. 415 * @new: new region to insert 416 * @regions: list of regions 417 * 418 * Elements are sorted by start address and overlapping segments 419 * of the same type are merged. 420 */ 421 static int iommu_insert_resv_region(struct iommu_resv_region *new, 422 struct list_head *regions) 423 { 424 struct iommu_resv_region *iter, *tmp, *nr, *top; 425 LIST_HEAD(stack); 426 427 nr = iommu_alloc_resv_region(new->start, new->length, 428 new->prot, new->type); 429 if (!nr) 430 return -ENOMEM; 431 432 /* First add the new element based on start address sorting */ 433 list_for_each_entry(iter, regions, list) { 434 if (nr->start < iter->start || 435 (nr->start == iter->start && nr->type <= iter->type)) 436 break; 437 } 438 list_add_tail(&nr->list, &iter->list); 439 440 /* Merge overlapping segments of type nr->type in @regions, if any */ 441 list_for_each_entry_safe(iter, tmp, regions, list) { 442 phys_addr_t top_end, iter_end = iter->start + iter->length - 1; 443 444 /* no merge needed on elements of different types than @new */ 445 if (iter->type != new->type) { 446 list_move_tail(&iter->list, &stack); 447 continue; 448 } 449 450 /* look for the last stack element of same type as @iter */ 451 list_for_each_entry_reverse(top, &stack, list) 452 if (top->type == iter->type) 453 goto check_overlap; 454 455 list_move_tail(&iter->list, &stack); 456 continue; 457 458 check_overlap: 459 top_end = top->start + top->length - 1; 460 461 if (iter->start > top_end + 1) { 462 list_move_tail(&iter->list, &stack); 463 } else { 464 top->length = max(top_end, iter_end) - top->start + 1; 465 list_del(&iter->list); 466 kfree(iter); 467 } 468 } 469 list_splice(&stack, regions); 470 return 0; 471 } 472 473 static int 474 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions, 475 struct list_head *group_resv_regions) 476 { 477 struct iommu_resv_region *entry; 478 int ret = 0; 479 480 list_for_each_entry(entry, dev_resv_regions, list) { 481 ret = iommu_insert_resv_region(entry, group_resv_regions); 482 if (ret) 483 break; 484 } 485 return ret; 486 } 487 488 int iommu_get_group_resv_regions(struct iommu_group *group, 489 struct list_head *head) 490 { 491 struct group_device *device; 492 int ret = 0; 493 494 mutex_lock(&group->mutex); 495 list_for_each_entry(device, &group->devices, list) { 496 struct list_head dev_resv_regions; 497 498 INIT_LIST_HEAD(&dev_resv_regions); 499 iommu_get_resv_regions(device->dev, &dev_resv_regions); 500 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head); 501 iommu_put_resv_regions(device->dev, &dev_resv_regions); 502 if (ret) 503 break; 504 } 505 mutex_unlock(&group->mutex); 506 return ret; 507 } 508 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions); 509 510 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group, 511 char *buf) 512 { 513 struct iommu_resv_region *region, *next; 514 struct list_head group_resv_regions; 515 char *str = buf; 516 517 INIT_LIST_HEAD(&group_resv_regions); 518 iommu_get_group_resv_regions(group, &group_resv_regions); 519 520 list_for_each_entry_safe(region, next, &group_resv_regions, list) { 521 str += sprintf(str, "0x%016llx 0x%016llx %s\n", 522 (long long int)region->start, 523 (long long int)(region->start + 524 region->length - 1), 525 iommu_group_resv_type_string[region->type]); 526 kfree(region); 527 } 528 529 return (str - buf); 530 } 531 532 static ssize_t iommu_group_show_type(struct iommu_group *group, 533 char *buf) 534 { 535 char *type = "unknown\n"; 536 537 mutex_lock(&group->mutex); 538 if (group->default_domain) { 539 switch (group->default_domain->type) { 540 case IOMMU_DOMAIN_BLOCKED: 541 type = "blocked\n"; 542 break; 543 case IOMMU_DOMAIN_IDENTITY: 544 type = "identity\n"; 545 break; 546 case IOMMU_DOMAIN_UNMANAGED: 547 type = "unmanaged\n"; 548 break; 549 case IOMMU_DOMAIN_DMA: 550 type = "DMA\n"; 551 break; 552 case IOMMU_DOMAIN_DMA_FQ: 553 type = "DMA-FQ\n"; 554 break; 555 } 556 } 557 mutex_unlock(&group->mutex); 558 strcpy(buf, type); 559 560 return strlen(type); 561 } 562 563 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL); 564 565 static IOMMU_GROUP_ATTR(reserved_regions, 0444, 566 iommu_group_show_resv_regions, NULL); 567 568 static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type, 569 iommu_group_store_type); 570 571 static void iommu_group_release(struct kobject *kobj) 572 { 573 struct iommu_group *group = to_iommu_group(kobj); 574 575 pr_debug("Releasing group %d\n", group->id); 576 577 if (group->iommu_data_release) 578 group->iommu_data_release(group->iommu_data); 579 580 ida_simple_remove(&iommu_group_ida, group->id); 581 582 if (group->default_domain) 583 iommu_domain_free(group->default_domain); 584 585 kfree(group->name); 586 kfree(group); 587 } 588 589 static struct kobj_type iommu_group_ktype = { 590 .sysfs_ops = &iommu_group_sysfs_ops, 591 .release = iommu_group_release, 592 }; 593 594 /** 595 * iommu_group_alloc - Allocate a new group 596 * 597 * This function is called by an iommu driver to allocate a new iommu 598 * group. The iommu group represents the minimum granularity of the iommu. 599 * Upon successful return, the caller holds a reference to the supplied 600 * group in order to hold the group until devices are added. Use 601 * iommu_group_put() to release this extra reference count, allowing the 602 * group to be automatically reclaimed once it has no devices or external 603 * references. 604 */ 605 struct iommu_group *iommu_group_alloc(void) 606 { 607 struct iommu_group *group; 608 int ret; 609 610 group = kzalloc(sizeof(*group), GFP_KERNEL); 611 if (!group) 612 return ERR_PTR(-ENOMEM); 613 614 group->kobj.kset = iommu_group_kset; 615 mutex_init(&group->mutex); 616 INIT_LIST_HEAD(&group->devices); 617 INIT_LIST_HEAD(&group->entry); 618 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier); 619 620 ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL); 621 if (ret < 0) { 622 kfree(group); 623 return ERR_PTR(ret); 624 } 625 group->id = ret; 626 627 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype, 628 NULL, "%d", group->id); 629 if (ret) { 630 ida_simple_remove(&iommu_group_ida, group->id); 631 kobject_put(&group->kobj); 632 return ERR_PTR(ret); 633 } 634 635 group->devices_kobj = kobject_create_and_add("devices", &group->kobj); 636 if (!group->devices_kobj) { 637 kobject_put(&group->kobj); /* triggers .release & free */ 638 return ERR_PTR(-ENOMEM); 639 } 640 641 /* 642 * The devices_kobj holds a reference on the group kobject, so 643 * as long as that exists so will the group. We can therefore 644 * use the devices_kobj for reference counting. 645 */ 646 kobject_put(&group->kobj); 647 648 ret = iommu_group_create_file(group, 649 &iommu_group_attr_reserved_regions); 650 if (ret) 651 return ERR_PTR(ret); 652 653 ret = iommu_group_create_file(group, &iommu_group_attr_type); 654 if (ret) 655 return ERR_PTR(ret); 656 657 pr_debug("Allocated group %d\n", group->id); 658 659 return group; 660 } 661 EXPORT_SYMBOL_GPL(iommu_group_alloc); 662 663 struct iommu_group *iommu_group_get_by_id(int id) 664 { 665 struct kobject *group_kobj; 666 struct iommu_group *group; 667 const char *name; 668 669 if (!iommu_group_kset) 670 return NULL; 671 672 name = kasprintf(GFP_KERNEL, "%d", id); 673 if (!name) 674 return NULL; 675 676 group_kobj = kset_find_obj(iommu_group_kset, name); 677 kfree(name); 678 679 if (!group_kobj) 680 return NULL; 681 682 group = container_of(group_kobj, struct iommu_group, kobj); 683 BUG_ON(group->id != id); 684 685 kobject_get(group->devices_kobj); 686 kobject_put(&group->kobj); 687 688 return group; 689 } 690 EXPORT_SYMBOL_GPL(iommu_group_get_by_id); 691 692 /** 693 * iommu_group_get_iommudata - retrieve iommu_data registered for a group 694 * @group: the group 695 * 696 * iommu drivers can store data in the group for use when doing iommu 697 * operations. This function provides a way to retrieve it. Caller 698 * should hold a group reference. 699 */ 700 void *iommu_group_get_iommudata(struct iommu_group *group) 701 { 702 return group->iommu_data; 703 } 704 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata); 705 706 /** 707 * iommu_group_set_iommudata - set iommu_data for a group 708 * @group: the group 709 * @iommu_data: new data 710 * @release: release function for iommu_data 711 * 712 * iommu drivers can store data in the group for use when doing iommu 713 * operations. This function provides a way to set the data after 714 * the group has been allocated. Caller should hold a group reference. 715 */ 716 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data, 717 void (*release)(void *iommu_data)) 718 { 719 group->iommu_data = iommu_data; 720 group->iommu_data_release = release; 721 } 722 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata); 723 724 /** 725 * iommu_group_set_name - set name for a group 726 * @group: the group 727 * @name: name 728 * 729 * Allow iommu driver to set a name for a group. When set it will 730 * appear in a name attribute file under the group in sysfs. 731 */ 732 int iommu_group_set_name(struct iommu_group *group, const char *name) 733 { 734 int ret; 735 736 if (group->name) { 737 iommu_group_remove_file(group, &iommu_group_attr_name); 738 kfree(group->name); 739 group->name = NULL; 740 if (!name) 741 return 0; 742 } 743 744 group->name = kstrdup(name, GFP_KERNEL); 745 if (!group->name) 746 return -ENOMEM; 747 748 ret = iommu_group_create_file(group, &iommu_group_attr_name); 749 if (ret) { 750 kfree(group->name); 751 group->name = NULL; 752 return ret; 753 } 754 755 return 0; 756 } 757 EXPORT_SYMBOL_GPL(iommu_group_set_name); 758 759 static int iommu_create_device_direct_mappings(struct iommu_group *group, 760 struct device *dev) 761 { 762 struct iommu_domain *domain = group->default_domain; 763 struct iommu_resv_region *entry; 764 struct list_head mappings; 765 unsigned long pg_size; 766 int ret = 0; 767 768 if (!domain || !iommu_is_dma_domain(domain)) 769 return 0; 770 771 BUG_ON(!domain->pgsize_bitmap); 772 773 pg_size = 1UL << __ffs(domain->pgsize_bitmap); 774 INIT_LIST_HEAD(&mappings); 775 776 iommu_get_resv_regions(dev, &mappings); 777 778 /* We need to consider overlapping regions for different devices */ 779 list_for_each_entry(entry, &mappings, list) { 780 dma_addr_t start, end, addr; 781 size_t map_size = 0; 782 783 if (domain->ops->apply_resv_region) 784 domain->ops->apply_resv_region(dev, domain, entry); 785 786 start = ALIGN(entry->start, pg_size); 787 end = ALIGN(entry->start + entry->length, pg_size); 788 789 if (entry->type != IOMMU_RESV_DIRECT && 790 entry->type != IOMMU_RESV_DIRECT_RELAXABLE) 791 continue; 792 793 for (addr = start; addr <= end; addr += pg_size) { 794 phys_addr_t phys_addr; 795 796 if (addr == end) 797 goto map_end; 798 799 phys_addr = iommu_iova_to_phys(domain, addr); 800 if (!phys_addr) { 801 map_size += pg_size; 802 continue; 803 } 804 805 map_end: 806 if (map_size) { 807 ret = iommu_map(domain, addr - map_size, 808 addr - map_size, map_size, 809 entry->prot); 810 if (ret) 811 goto out; 812 map_size = 0; 813 } 814 } 815 816 } 817 818 iommu_flush_iotlb_all(domain); 819 820 out: 821 iommu_put_resv_regions(dev, &mappings); 822 823 return ret; 824 } 825 826 static bool iommu_is_attach_deferred(struct iommu_domain *domain, 827 struct device *dev) 828 { 829 if (domain->ops->is_attach_deferred) 830 return domain->ops->is_attach_deferred(domain, dev); 831 832 return false; 833 } 834 835 /** 836 * iommu_group_add_device - add a device to an iommu group 837 * @group: the group into which to add the device (reference should be held) 838 * @dev: the device 839 * 840 * This function is called by an iommu driver to add a device into a 841 * group. Adding a device increments the group reference count. 842 */ 843 int iommu_group_add_device(struct iommu_group *group, struct device *dev) 844 { 845 int ret, i = 0; 846 struct group_device *device; 847 848 device = kzalloc(sizeof(*device), GFP_KERNEL); 849 if (!device) 850 return -ENOMEM; 851 852 device->dev = dev; 853 854 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group"); 855 if (ret) 856 goto err_free_device; 857 858 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj)); 859 rename: 860 if (!device->name) { 861 ret = -ENOMEM; 862 goto err_remove_link; 863 } 864 865 ret = sysfs_create_link_nowarn(group->devices_kobj, 866 &dev->kobj, device->name); 867 if (ret) { 868 if (ret == -EEXIST && i >= 0) { 869 /* 870 * Account for the slim chance of collision 871 * and append an instance to the name. 872 */ 873 kfree(device->name); 874 device->name = kasprintf(GFP_KERNEL, "%s.%d", 875 kobject_name(&dev->kobj), i++); 876 goto rename; 877 } 878 goto err_free_name; 879 } 880 881 kobject_get(group->devices_kobj); 882 883 dev->iommu_group = group; 884 885 mutex_lock(&group->mutex); 886 list_add_tail(&device->list, &group->devices); 887 if (group->domain && !iommu_is_attach_deferred(group->domain, dev)) 888 ret = __iommu_attach_device(group->domain, dev); 889 mutex_unlock(&group->mutex); 890 if (ret) 891 goto err_put_group; 892 893 /* Notify any listeners about change to group. */ 894 blocking_notifier_call_chain(&group->notifier, 895 IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev); 896 897 trace_add_device_to_group(group->id, dev); 898 899 dev_info(dev, "Adding to iommu group %d\n", group->id); 900 901 return 0; 902 903 err_put_group: 904 mutex_lock(&group->mutex); 905 list_del(&device->list); 906 mutex_unlock(&group->mutex); 907 dev->iommu_group = NULL; 908 kobject_put(group->devices_kobj); 909 sysfs_remove_link(group->devices_kobj, device->name); 910 err_free_name: 911 kfree(device->name); 912 err_remove_link: 913 sysfs_remove_link(&dev->kobj, "iommu_group"); 914 err_free_device: 915 kfree(device); 916 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret); 917 return ret; 918 } 919 EXPORT_SYMBOL_GPL(iommu_group_add_device); 920 921 /** 922 * iommu_group_remove_device - remove a device from it's current group 923 * @dev: device to be removed 924 * 925 * This function is called by an iommu driver to remove the device from 926 * it's current group. This decrements the iommu group reference count. 927 */ 928 void iommu_group_remove_device(struct device *dev) 929 { 930 struct iommu_group *group = dev->iommu_group; 931 struct group_device *tmp_device, *device = NULL; 932 933 dev_info(dev, "Removing from iommu group %d\n", group->id); 934 935 /* Pre-notify listeners that a device is being removed. */ 936 blocking_notifier_call_chain(&group->notifier, 937 IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev); 938 939 mutex_lock(&group->mutex); 940 list_for_each_entry(tmp_device, &group->devices, list) { 941 if (tmp_device->dev == dev) { 942 device = tmp_device; 943 list_del(&device->list); 944 break; 945 } 946 } 947 mutex_unlock(&group->mutex); 948 949 if (!device) 950 return; 951 952 sysfs_remove_link(group->devices_kobj, device->name); 953 sysfs_remove_link(&dev->kobj, "iommu_group"); 954 955 trace_remove_device_from_group(group->id, dev); 956 957 kfree(device->name); 958 kfree(device); 959 dev->iommu_group = NULL; 960 kobject_put(group->devices_kobj); 961 } 962 EXPORT_SYMBOL_GPL(iommu_group_remove_device); 963 964 static int iommu_group_device_count(struct iommu_group *group) 965 { 966 struct group_device *entry; 967 int ret = 0; 968 969 list_for_each_entry(entry, &group->devices, list) 970 ret++; 971 972 return ret; 973 } 974 975 /** 976 * iommu_group_for_each_dev - iterate over each device in the group 977 * @group: the group 978 * @data: caller opaque data to be passed to callback function 979 * @fn: caller supplied callback function 980 * 981 * This function is called by group users to iterate over group devices. 982 * Callers should hold a reference count to the group during callback. 983 * The group->mutex is held across callbacks, which will block calls to 984 * iommu_group_add/remove_device. 985 */ 986 static int __iommu_group_for_each_dev(struct iommu_group *group, void *data, 987 int (*fn)(struct device *, void *)) 988 { 989 struct group_device *device; 990 int ret = 0; 991 992 list_for_each_entry(device, &group->devices, list) { 993 ret = fn(device->dev, data); 994 if (ret) 995 break; 996 } 997 return ret; 998 } 999 1000 1001 int iommu_group_for_each_dev(struct iommu_group *group, void *data, 1002 int (*fn)(struct device *, void *)) 1003 { 1004 int ret; 1005 1006 mutex_lock(&group->mutex); 1007 ret = __iommu_group_for_each_dev(group, data, fn); 1008 mutex_unlock(&group->mutex); 1009 1010 return ret; 1011 } 1012 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev); 1013 1014 /** 1015 * iommu_group_get - Return the group for a device and increment reference 1016 * @dev: get the group that this device belongs to 1017 * 1018 * This function is called by iommu drivers and users to get the group 1019 * for the specified device. If found, the group is returned and the group 1020 * reference in incremented, else NULL. 1021 */ 1022 struct iommu_group *iommu_group_get(struct device *dev) 1023 { 1024 struct iommu_group *group = dev->iommu_group; 1025 1026 if (group) 1027 kobject_get(group->devices_kobj); 1028 1029 return group; 1030 } 1031 EXPORT_SYMBOL_GPL(iommu_group_get); 1032 1033 /** 1034 * iommu_group_ref_get - Increment reference on a group 1035 * @group: the group to use, must not be NULL 1036 * 1037 * This function is called by iommu drivers to take additional references on an 1038 * existing group. Returns the given group for convenience. 1039 */ 1040 struct iommu_group *iommu_group_ref_get(struct iommu_group *group) 1041 { 1042 kobject_get(group->devices_kobj); 1043 return group; 1044 } 1045 EXPORT_SYMBOL_GPL(iommu_group_ref_get); 1046 1047 /** 1048 * iommu_group_put - Decrement group reference 1049 * @group: the group to use 1050 * 1051 * This function is called by iommu drivers and users to release the 1052 * iommu group. Once the reference count is zero, the group is released. 1053 */ 1054 void iommu_group_put(struct iommu_group *group) 1055 { 1056 if (group) 1057 kobject_put(group->devices_kobj); 1058 } 1059 EXPORT_SYMBOL_GPL(iommu_group_put); 1060 1061 /** 1062 * iommu_group_register_notifier - Register a notifier for group changes 1063 * @group: the group to watch 1064 * @nb: notifier block to signal 1065 * 1066 * This function allows iommu group users to track changes in a group. 1067 * See include/linux/iommu.h for actions sent via this notifier. Caller 1068 * should hold a reference to the group throughout notifier registration. 1069 */ 1070 int iommu_group_register_notifier(struct iommu_group *group, 1071 struct notifier_block *nb) 1072 { 1073 return blocking_notifier_chain_register(&group->notifier, nb); 1074 } 1075 EXPORT_SYMBOL_GPL(iommu_group_register_notifier); 1076 1077 /** 1078 * iommu_group_unregister_notifier - Unregister a notifier 1079 * @group: the group to watch 1080 * @nb: notifier block to signal 1081 * 1082 * Unregister a previously registered group notifier block. 1083 */ 1084 int iommu_group_unregister_notifier(struct iommu_group *group, 1085 struct notifier_block *nb) 1086 { 1087 return blocking_notifier_chain_unregister(&group->notifier, nb); 1088 } 1089 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier); 1090 1091 /** 1092 * iommu_register_device_fault_handler() - Register a device fault handler 1093 * @dev: the device 1094 * @handler: the fault handler 1095 * @data: private data passed as argument to the handler 1096 * 1097 * When an IOMMU fault event is received, this handler gets called with the 1098 * fault event and data as argument. The handler should return 0 on success. If 1099 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also 1100 * complete the fault by calling iommu_page_response() with one of the following 1101 * response code: 1102 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation 1103 * - IOMMU_PAGE_RESP_INVALID: terminate the fault 1104 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting 1105 * page faults if possible. 1106 * 1107 * Return 0 if the fault handler was installed successfully, or an error. 1108 */ 1109 int iommu_register_device_fault_handler(struct device *dev, 1110 iommu_dev_fault_handler_t handler, 1111 void *data) 1112 { 1113 struct dev_iommu *param = dev->iommu; 1114 int ret = 0; 1115 1116 if (!param) 1117 return -EINVAL; 1118 1119 mutex_lock(¶m->lock); 1120 /* Only allow one fault handler registered for each device */ 1121 if (param->fault_param) { 1122 ret = -EBUSY; 1123 goto done_unlock; 1124 } 1125 1126 get_device(dev); 1127 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL); 1128 if (!param->fault_param) { 1129 put_device(dev); 1130 ret = -ENOMEM; 1131 goto done_unlock; 1132 } 1133 param->fault_param->handler = handler; 1134 param->fault_param->data = data; 1135 mutex_init(¶m->fault_param->lock); 1136 INIT_LIST_HEAD(¶m->fault_param->faults); 1137 1138 done_unlock: 1139 mutex_unlock(¶m->lock); 1140 1141 return ret; 1142 } 1143 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler); 1144 1145 /** 1146 * iommu_unregister_device_fault_handler() - Unregister the device fault handler 1147 * @dev: the device 1148 * 1149 * Remove the device fault handler installed with 1150 * iommu_register_device_fault_handler(). 1151 * 1152 * Return 0 on success, or an error. 1153 */ 1154 int iommu_unregister_device_fault_handler(struct device *dev) 1155 { 1156 struct dev_iommu *param = dev->iommu; 1157 int ret = 0; 1158 1159 if (!param) 1160 return -EINVAL; 1161 1162 mutex_lock(¶m->lock); 1163 1164 if (!param->fault_param) 1165 goto unlock; 1166 1167 /* we cannot unregister handler if there are pending faults */ 1168 if (!list_empty(¶m->fault_param->faults)) { 1169 ret = -EBUSY; 1170 goto unlock; 1171 } 1172 1173 kfree(param->fault_param); 1174 param->fault_param = NULL; 1175 put_device(dev); 1176 unlock: 1177 mutex_unlock(¶m->lock); 1178 1179 return ret; 1180 } 1181 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler); 1182 1183 /** 1184 * iommu_report_device_fault() - Report fault event to device driver 1185 * @dev: the device 1186 * @evt: fault event data 1187 * 1188 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ 1189 * handler. When this function fails and the fault is recoverable, it is the 1190 * caller's responsibility to complete the fault. 1191 * 1192 * Return 0 on success, or an error. 1193 */ 1194 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt) 1195 { 1196 struct dev_iommu *param = dev->iommu; 1197 struct iommu_fault_event *evt_pending = NULL; 1198 struct iommu_fault_param *fparam; 1199 int ret = 0; 1200 1201 if (!param || !evt) 1202 return -EINVAL; 1203 1204 /* we only report device fault if there is a handler registered */ 1205 mutex_lock(¶m->lock); 1206 fparam = param->fault_param; 1207 if (!fparam || !fparam->handler) { 1208 ret = -EINVAL; 1209 goto done_unlock; 1210 } 1211 1212 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ && 1213 (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) { 1214 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event), 1215 GFP_KERNEL); 1216 if (!evt_pending) { 1217 ret = -ENOMEM; 1218 goto done_unlock; 1219 } 1220 mutex_lock(&fparam->lock); 1221 list_add_tail(&evt_pending->list, &fparam->faults); 1222 mutex_unlock(&fparam->lock); 1223 } 1224 1225 ret = fparam->handler(&evt->fault, fparam->data); 1226 if (ret && evt_pending) { 1227 mutex_lock(&fparam->lock); 1228 list_del(&evt_pending->list); 1229 mutex_unlock(&fparam->lock); 1230 kfree(evt_pending); 1231 } 1232 done_unlock: 1233 mutex_unlock(¶m->lock); 1234 return ret; 1235 } 1236 EXPORT_SYMBOL_GPL(iommu_report_device_fault); 1237 1238 int iommu_page_response(struct device *dev, 1239 struct iommu_page_response *msg) 1240 { 1241 bool needs_pasid; 1242 int ret = -EINVAL; 1243 struct iommu_fault_event *evt; 1244 struct iommu_fault_page_request *prm; 1245 struct dev_iommu *param = dev->iommu; 1246 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID; 1247 struct iommu_domain *domain = iommu_get_domain_for_dev(dev); 1248 1249 if (!domain || !domain->ops->page_response) 1250 return -ENODEV; 1251 1252 if (!param || !param->fault_param) 1253 return -EINVAL; 1254 1255 if (msg->version != IOMMU_PAGE_RESP_VERSION_1 || 1256 msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID) 1257 return -EINVAL; 1258 1259 /* Only send response if there is a fault report pending */ 1260 mutex_lock(¶m->fault_param->lock); 1261 if (list_empty(¶m->fault_param->faults)) { 1262 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n"); 1263 goto done_unlock; 1264 } 1265 /* 1266 * Check if we have a matching page request pending to respond, 1267 * otherwise return -EINVAL 1268 */ 1269 list_for_each_entry(evt, ¶m->fault_param->faults, list) { 1270 prm = &evt->fault.prm; 1271 if (prm->grpid != msg->grpid) 1272 continue; 1273 1274 /* 1275 * If the PASID is required, the corresponding request is 1276 * matched using the group ID, the PASID valid bit and the PASID 1277 * value. Otherwise only the group ID matches request and 1278 * response. 1279 */ 1280 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID; 1281 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid)) 1282 continue; 1283 1284 if (!needs_pasid && has_pasid) { 1285 /* No big deal, just clear it. */ 1286 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID; 1287 msg->pasid = 0; 1288 } 1289 1290 ret = domain->ops->page_response(dev, evt, msg); 1291 list_del(&evt->list); 1292 kfree(evt); 1293 break; 1294 } 1295 1296 done_unlock: 1297 mutex_unlock(¶m->fault_param->lock); 1298 return ret; 1299 } 1300 EXPORT_SYMBOL_GPL(iommu_page_response); 1301 1302 /** 1303 * iommu_group_id - Return ID for a group 1304 * @group: the group to ID 1305 * 1306 * Return the unique ID for the group matching the sysfs group number. 1307 */ 1308 int iommu_group_id(struct iommu_group *group) 1309 { 1310 return group->id; 1311 } 1312 EXPORT_SYMBOL_GPL(iommu_group_id); 1313 1314 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1315 unsigned long *devfns); 1316 1317 /* 1318 * To consider a PCI device isolated, we require ACS to support Source 1319 * Validation, Request Redirection, Completer Redirection, and Upstream 1320 * Forwarding. This effectively means that devices cannot spoof their 1321 * requester ID, requests and completions cannot be redirected, and all 1322 * transactions are forwarded upstream, even as it passes through a 1323 * bridge where the target device is downstream. 1324 */ 1325 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF) 1326 1327 /* 1328 * For multifunction devices which are not isolated from each other, find 1329 * all the other non-isolated functions and look for existing groups. For 1330 * each function, we also need to look for aliases to or from other devices 1331 * that may already have a group. 1332 */ 1333 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev, 1334 unsigned long *devfns) 1335 { 1336 struct pci_dev *tmp = NULL; 1337 struct iommu_group *group; 1338 1339 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS)) 1340 return NULL; 1341 1342 for_each_pci_dev(tmp) { 1343 if (tmp == pdev || tmp->bus != pdev->bus || 1344 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) || 1345 pci_acs_enabled(tmp, REQ_ACS_FLAGS)) 1346 continue; 1347 1348 group = get_pci_alias_group(tmp, devfns); 1349 if (group) { 1350 pci_dev_put(tmp); 1351 return group; 1352 } 1353 } 1354 1355 return NULL; 1356 } 1357 1358 /* 1359 * Look for aliases to or from the given device for existing groups. DMA 1360 * aliases are only supported on the same bus, therefore the search 1361 * space is quite small (especially since we're really only looking at pcie 1362 * device, and therefore only expect multiple slots on the root complex or 1363 * downstream switch ports). It's conceivable though that a pair of 1364 * multifunction devices could have aliases between them that would cause a 1365 * loop. To prevent this, we use a bitmap to track where we've been. 1366 */ 1367 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1368 unsigned long *devfns) 1369 { 1370 struct pci_dev *tmp = NULL; 1371 struct iommu_group *group; 1372 1373 if (test_and_set_bit(pdev->devfn & 0xff, devfns)) 1374 return NULL; 1375 1376 group = iommu_group_get(&pdev->dev); 1377 if (group) 1378 return group; 1379 1380 for_each_pci_dev(tmp) { 1381 if (tmp == pdev || tmp->bus != pdev->bus) 1382 continue; 1383 1384 /* We alias them or they alias us */ 1385 if (pci_devs_are_dma_aliases(pdev, tmp)) { 1386 group = get_pci_alias_group(tmp, devfns); 1387 if (group) { 1388 pci_dev_put(tmp); 1389 return group; 1390 } 1391 1392 group = get_pci_function_alias_group(tmp, devfns); 1393 if (group) { 1394 pci_dev_put(tmp); 1395 return group; 1396 } 1397 } 1398 } 1399 1400 return NULL; 1401 } 1402 1403 struct group_for_pci_data { 1404 struct pci_dev *pdev; 1405 struct iommu_group *group; 1406 }; 1407 1408 /* 1409 * DMA alias iterator callback, return the last seen device. Stop and return 1410 * the IOMMU group if we find one along the way. 1411 */ 1412 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque) 1413 { 1414 struct group_for_pci_data *data = opaque; 1415 1416 data->pdev = pdev; 1417 data->group = iommu_group_get(&pdev->dev); 1418 1419 return data->group != NULL; 1420 } 1421 1422 /* 1423 * Generic device_group call-back function. It just allocates one 1424 * iommu-group per device. 1425 */ 1426 struct iommu_group *generic_device_group(struct device *dev) 1427 { 1428 return iommu_group_alloc(); 1429 } 1430 EXPORT_SYMBOL_GPL(generic_device_group); 1431 1432 /* 1433 * Use standard PCI bus topology, isolation features, and DMA alias quirks 1434 * to find or create an IOMMU group for a device. 1435 */ 1436 struct iommu_group *pci_device_group(struct device *dev) 1437 { 1438 struct pci_dev *pdev = to_pci_dev(dev); 1439 struct group_for_pci_data data; 1440 struct pci_bus *bus; 1441 struct iommu_group *group = NULL; 1442 u64 devfns[4] = { 0 }; 1443 1444 if (WARN_ON(!dev_is_pci(dev))) 1445 return ERR_PTR(-EINVAL); 1446 1447 /* 1448 * Find the upstream DMA alias for the device. A device must not 1449 * be aliased due to topology in order to have its own IOMMU group. 1450 * If we find an alias along the way that already belongs to a 1451 * group, use it. 1452 */ 1453 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data)) 1454 return data.group; 1455 1456 pdev = data.pdev; 1457 1458 /* 1459 * Continue upstream from the point of minimum IOMMU granularity 1460 * due to aliases to the point where devices are protected from 1461 * peer-to-peer DMA by PCI ACS. Again, if we find an existing 1462 * group, use it. 1463 */ 1464 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) { 1465 if (!bus->self) 1466 continue; 1467 1468 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS)) 1469 break; 1470 1471 pdev = bus->self; 1472 1473 group = iommu_group_get(&pdev->dev); 1474 if (group) 1475 return group; 1476 } 1477 1478 /* 1479 * Look for existing groups on device aliases. If we alias another 1480 * device or another device aliases us, use the same group. 1481 */ 1482 group = get_pci_alias_group(pdev, (unsigned long *)devfns); 1483 if (group) 1484 return group; 1485 1486 /* 1487 * Look for existing groups on non-isolated functions on the same 1488 * slot and aliases of those funcions, if any. No need to clear 1489 * the search bitmap, the tested devfns are still valid. 1490 */ 1491 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns); 1492 if (group) 1493 return group; 1494 1495 /* No shared group found, allocate new */ 1496 return iommu_group_alloc(); 1497 } 1498 EXPORT_SYMBOL_GPL(pci_device_group); 1499 1500 /* Get the IOMMU group for device on fsl-mc bus */ 1501 struct iommu_group *fsl_mc_device_group(struct device *dev) 1502 { 1503 struct device *cont_dev = fsl_mc_cont_dev(dev); 1504 struct iommu_group *group; 1505 1506 group = iommu_group_get(cont_dev); 1507 if (!group) 1508 group = iommu_group_alloc(); 1509 return group; 1510 } 1511 EXPORT_SYMBOL_GPL(fsl_mc_device_group); 1512 1513 static int iommu_get_def_domain_type(struct device *dev) 1514 { 1515 const struct iommu_ops *ops = dev->bus->iommu_ops; 1516 1517 if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted) 1518 return IOMMU_DOMAIN_DMA; 1519 1520 if (ops->def_domain_type) 1521 return ops->def_domain_type(dev); 1522 1523 return 0; 1524 } 1525 1526 static int iommu_group_alloc_default_domain(struct bus_type *bus, 1527 struct iommu_group *group, 1528 unsigned int type) 1529 { 1530 struct iommu_domain *dom; 1531 1532 dom = __iommu_domain_alloc(bus, type); 1533 if (!dom && type != IOMMU_DOMAIN_DMA) { 1534 dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA); 1535 if (dom) 1536 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA", 1537 type, group->name); 1538 } 1539 1540 if (!dom) 1541 return -ENOMEM; 1542 1543 group->default_domain = dom; 1544 if (!group->domain) 1545 group->domain = dom; 1546 return 0; 1547 } 1548 1549 static int iommu_alloc_default_domain(struct iommu_group *group, 1550 struct device *dev) 1551 { 1552 unsigned int type; 1553 1554 if (group->default_domain) 1555 return 0; 1556 1557 type = iommu_get_def_domain_type(dev) ? : iommu_def_domain_type; 1558 1559 return iommu_group_alloc_default_domain(dev->bus, group, type); 1560 } 1561 1562 /** 1563 * iommu_group_get_for_dev - Find or create the IOMMU group for a device 1564 * @dev: target device 1565 * 1566 * This function is intended to be called by IOMMU drivers and extended to 1567 * support common, bus-defined algorithms when determining or creating the 1568 * IOMMU group for a device. On success, the caller will hold a reference 1569 * to the returned IOMMU group, which will already include the provided 1570 * device. The reference should be released with iommu_group_put(). 1571 */ 1572 static struct iommu_group *iommu_group_get_for_dev(struct device *dev) 1573 { 1574 const struct iommu_ops *ops = dev->bus->iommu_ops; 1575 struct iommu_group *group; 1576 int ret; 1577 1578 group = iommu_group_get(dev); 1579 if (group) 1580 return group; 1581 1582 if (!ops) 1583 return ERR_PTR(-EINVAL); 1584 1585 group = ops->device_group(dev); 1586 if (WARN_ON_ONCE(group == NULL)) 1587 return ERR_PTR(-EINVAL); 1588 1589 if (IS_ERR(group)) 1590 return group; 1591 1592 ret = iommu_group_add_device(group, dev); 1593 if (ret) 1594 goto out_put_group; 1595 1596 return group; 1597 1598 out_put_group: 1599 iommu_group_put(group); 1600 1601 return ERR_PTR(ret); 1602 } 1603 1604 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group) 1605 { 1606 return group->default_domain; 1607 } 1608 1609 static int probe_iommu_group(struct device *dev, void *data) 1610 { 1611 struct list_head *group_list = data; 1612 struct iommu_group *group; 1613 int ret; 1614 1615 /* Device is probed already if in a group */ 1616 group = iommu_group_get(dev); 1617 if (group) { 1618 iommu_group_put(group); 1619 return 0; 1620 } 1621 1622 ret = __iommu_probe_device(dev, group_list); 1623 if (ret == -ENODEV) 1624 ret = 0; 1625 1626 return ret; 1627 } 1628 1629 static int remove_iommu_group(struct device *dev, void *data) 1630 { 1631 iommu_release_device(dev); 1632 1633 return 0; 1634 } 1635 1636 static int iommu_bus_notifier(struct notifier_block *nb, 1637 unsigned long action, void *data) 1638 { 1639 unsigned long group_action = 0; 1640 struct device *dev = data; 1641 struct iommu_group *group; 1642 1643 /* 1644 * ADD/DEL call into iommu driver ops if provided, which may 1645 * result in ADD/DEL notifiers to group->notifier 1646 */ 1647 if (action == BUS_NOTIFY_ADD_DEVICE) { 1648 int ret; 1649 1650 ret = iommu_probe_device(dev); 1651 return (ret) ? NOTIFY_DONE : NOTIFY_OK; 1652 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) { 1653 iommu_release_device(dev); 1654 return NOTIFY_OK; 1655 } 1656 1657 /* 1658 * Remaining BUS_NOTIFYs get filtered and republished to the 1659 * group, if anyone is listening 1660 */ 1661 group = iommu_group_get(dev); 1662 if (!group) 1663 return 0; 1664 1665 switch (action) { 1666 case BUS_NOTIFY_BIND_DRIVER: 1667 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER; 1668 break; 1669 case BUS_NOTIFY_BOUND_DRIVER: 1670 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER; 1671 break; 1672 case BUS_NOTIFY_UNBIND_DRIVER: 1673 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER; 1674 break; 1675 case BUS_NOTIFY_UNBOUND_DRIVER: 1676 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER; 1677 break; 1678 } 1679 1680 if (group_action) 1681 blocking_notifier_call_chain(&group->notifier, 1682 group_action, dev); 1683 1684 iommu_group_put(group); 1685 return 0; 1686 } 1687 1688 struct __group_domain_type { 1689 struct device *dev; 1690 unsigned int type; 1691 }; 1692 1693 static int probe_get_default_domain_type(struct device *dev, void *data) 1694 { 1695 struct __group_domain_type *gtype = data; 1696 unsigned int type = iommu_get_def_domain_type(dev); 1697 1698 if (type) { 1699 if (gtype->type && gtype->type != type) { 1700 dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n", 1701 iommu_domain_type_str(type), 1702 dev_name(gtype->dev), 1703 iommu_domain_type_str(gtype->type)); 1704 gtype->type = 0; 1705 } 1706 1707 if (!gtype->dev) { 1708 gtype->dev = dev; 1709 gtype->type = type; 1710 } 1711 } 1712 1713 return 0; 1714 } 1715 1716 static void probe_alloc_default_domain(struct bus_type *bus, 1717 struct iommu_group *group) 1718 { 1719 struct __group_domain_type gtype; 1720 1721 memset(>ype, 0, sizeof(gtype)); 1722 1723 /* Ask for default domain requirements of all devices in the group */ 1724 __iommu_group_for_each_dev(group, >ype, 1725 probe_get_default_domain_type); 1726 1727 if (!gtype.type) 1728 gtype.type = iommu_def_domain_type; 1729 1730 iommu_group_alloc_default_domain(bus, group, gtype.type); 1731 1732 } 1733 1734 static int iommu_group_do_dma_attach(struct device *dev, void *data) 1735 { 1736 struct iommu_domain *domain = data; 1737 int ret = 0; 1738 1739 if (!iommu_is_attach_deferred(domain, dev)) 1740 ret = __iommu_attach_device(domain, dev); 1741 1742 return ret; 1743 } 1744 1745 static int __iommu_group_dma_attach(struct iommu_group *group) 1746 { 1747 return __iommu_group_for_each_dev(group, group->default_domain, 1748 iommu_group_do_dma_attach); 1749 } 1750 1751 static int iommu_group_do_probe_finalize(struct device *dev, void *data) 1752 { 1753 struct iommu_domain *domain = data; 1754 1755 if (domain->ops->probe_finalize) 1756 domain->ops->probe_finalize(dev); 1757 1758 return 0; 1759 } 1760 1761 static void __iommu_group_dma_finalize(struct iommu_group *group) 1762 { 1763 __iommu_group_for_each_dev(group, group->default_domain, 1764 iommu_group_do_probe_finalize); 1765 } 1766 1767 static int iommu_do_create_direct_mappings(struct device *dev, void *data) 1768 { 1769 struct iommu_group *group = data; 1770 1771 iommu_create_device_direct_mappings(group, dev); 1772 1773 return 0; 1774 } 1775 1776 static int iommu_group_create_direct_mappings(struct iommu_group *group) 1777 { 1778 return __iommu_group_for_each_dev(group, group, 1779 iommu_do_create_direct_mappings); 1780 } 1781 1782 int bus_iommu_probe(struct bus_type *bus) 1783 { 1784 struct iommu_group *group, *next; 1785 LIST_HEAD(group_list); 1786 int ret; 1787 1788 /* 1789 * This code-path does not allocate the default domain when 1790 * creating the iommu group, so do it after the groups are 1791 * created. 1792 */ 1793 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group); 1794 if (ret) 1795 return ret; 1796 1797 list_for_each_entry_safe(group, next, &group_list, entry) { 1798 /* Remove item from the list */ 1799 list_del_init(&group->entry); 1800 1801 mutex_lock(&group->mutex); 1802 1803 /* Try to allocate default domain */ 1804 probe_alloc_default_domain(bus, group); 1805 1806 if (!group->default_domain) { 1807 mutex_unlock(&group->mutex); 1808 continue; 1809 } 1810 1811 iommu_group_create_direct_mappings(group); 1812 1813 ret = __iommu_group_dma_attach(group); 1814 1815 mutex_unlock(&group->mutex); 1816 1817 if (ret) 1818 break; 1819 1820 __iommu_group_dma_finalize(group); 1821 } 1822 1823 return ret; 1824 } 1825 1826 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops) 1827 { 1828 struct notifier_block *nb; 1829 int err; 1830 1831 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL); 1832 if (!nb) 1833 return -ENOMEM; 1834 1835 nb->notifier_call = iommu_bus_notifier; 1836 1837 err = bus_register_notifier(bus, nb); 1838 if (err) 1839 goto out_free; 1840 1841 err = bus_iommu_probe(bus); 1842 if (err) 1843 goto out_err; 1844 1845 1846 return 0; 1847 1848 out_err: 1849 /* Clean up */ 1850 bus_for_each_dev(bus, NULL, NULL, remove_iommu_group); 1851 bus_unregister_notifier(bus, nb); 1852 1853 out_free: 1854 kfree(nb); 1855 1856 return err; 1857 } 1858 1859 /** 1860 * bus_set_iommu - set iommu-callbacks for the bus 1861 * @bus: bus. 1862 * @ops: the callbacks provided by the iommu-driver 1863 * 1864 * This function is called by an iommu driver to set the iommu methods 1865 * used for a particular bus. Drivers for devices on that bus can use 1866 * the iommu-api after these ops are registered. 1867 * This special function is needed because IOMMUs are usually devices on 1868 * the bus itself, so the iommu drivers are not initialized when the bus 1869 * is set up. With this function the iommu-driver can set the iommu-ops 1870 * afterwards. 1871 */ 1872 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops) 1873 { 1874 int err; 1875 1876 if (ops == NULL) { 1877 bus->iommu_ops = NULL; 1878 return 0; 1879 } 1880 1881 if (bus->iommu_ops != NULL) 1882 return -EBUSY; 1883 1884 bus->iommu_ops = ops; 1885 1886 /* Do IOMMU specific setup for this bus-type */ 1887 err = iommu_bus_init(bus, ops); 1888 if (err) 1889 bus->iommu_ops = NULL; 1890 1891 return err; 1892 } 1893 EXPORT_SYMBOL_GPL(bus_set_iommu); 1894 1895 bool iommu_present(struct bus_type *bus) 1896 { 1897 return bus->iommu_ops != NULL; 1898 } 1899 EXPORT_SYMBOL_GPL(iommu_present); 1900 1901 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap) 1902 { 1903 if (!bus->iommu_ops || !bus->iommu_ops->capable) 1904 return false; 1905 1906 return bus->iommu_ops->capable(cap); 1907 } 1908 EXPORT_SYMBOL_GPL(iommu_capable); 1909 1910 /** 1911 * iommu_set_fault_handler() - set a fault handler for an iommu domain 1912 * @domain: iommu domain 1913 * @handler: fault handler 1914 * @token: user data, will be passed back to the fault handler 1915 * 1916 * This function should be used by IOMMU users which want to be notified 1917 * whenever an IOMMU fault happens. 1918 * 1919 * The fault handler itself should return 0 on success, and an appropriate 1920 * error code otherwise. 1921 */ 1922 void iommu_set_fault_handler(struct iommu_domain *domain, 1923 iommu_fault_handler_t handler, 1924 void *token) 1925 { 1926 BUG_ON(!domain); 1927 1928 domain->handler = handler; 1929 domain->handler_token = token; 1930 } 1931 EXPORT_SYMBOL_GPL(iommu_set_fault_handler); 1932 1933 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 1934 unsigned type) 1935 { 1936 struct iommu_domain *domain; 1937 1938 if (bus == NULL || bus->iommu_ops == NULL) 1939 return NULL; 1940 1941 domain = bus->iommu_ops->domain_alloc(type); 1942 if (!domain) 1943 return NULL; 1944 1945 domain->ops = bus->iommu_ops; 1946 domain->type = type; 1947 /* Assume all sizes by default; the driver may override this later */ 1948 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap; 1949 1950 /* Temporarily avoid -EEXIST while drivers still get their own cookies */ 1951 if (iommu_is_dma_domain(domain) && !domain->iova_cookie && iommu_get_dma_cookie(domain)) { 1952 iommu_domain_free(domain); 1953 domain = NULL; 1954 } 1955 return domain; 1956 } 1957 1958 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus) 1959 { 1960 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED); 1961 } 1962 EXPORT_SYMBOL_GPL(iommu_domain_alloc); 1963 1964 void iommu_domain_free(struct iommu_domain *domain) 1965 { 1966 iommu_put_dma_cookie(domain); 1967 domain->ops->domain_free(domain); 1968 } 1969 EXPORT_SYMBOL_GPL(iommu_domain_free); 1970 1971 static int __iommu_attach_device(struct iommu_domain *domain, 1972 struct device *dev) 1973 { 1974 int ret; 1975 1976 if (unlikely(domain->ops->attach_dev == NULL)) 1977 return -ENODEV; 1978 1979 ret = domain->ops->attach_dev(domain, dev); 1980 if (!ret) 1981 trace_attach_device_to_domain(dev); 1982 return ret; 1983 } 1984 1985 int iommu_attach_device(struct iommu_domain *domain, struct device *dev) 1986 { 1987 struct iommu_group *group; 1988 int ret; 1989 1990 group = iommu_group_get(dev); 1991 if (!group) 1992 return -ENODEV; 1993 1994 /* 1995 * Lock the group to make sure the device-count doesn't 1996 * change while we are attaching 1997 */ 1998 mutex_lock(&group->mutex); 1999 ret = -EINVAL; 2000 if (iommu_group_device_count(group) != 1) 2001 goto out_unlock; 2002 2003 ret = __iommu_attach_group(domain, group); 2004 2005 out_unlock: 2006 mutex_unlock(&group->mutex); 2007 iommu_group_put(group); 2008 2009 return ret; 2010 } 2011 EXPORT_SYMBOL_GPL(iommu_attach_device); 2012 2013 int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain) 2014 { 2015 const struct iommu_ops *ops = domain->ops; 2016 2017 if (ops->is_attach_deferred && ops->is_attach_deferred(domain, dev)) 2018 return __iommu_attach_device(domain, dev); 2019 2020 return 0; 2021 } 2022 2023 /* 2024 * Check flags and other user provided data for valid combinations. We also 2025 * make sure no reserved fields or unused flags are set. This is to ensure 2026 * not breaking userspace in the future when these fields or flags are used. 2027 */ 2028 static int iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info) 2029 { 2030 u32 mask; 2031 int i; 2032 2033 if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1) 2034 return -EINVAL; 2035 2036 mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1; 2037 if (info->cache & ~mask) 2038 return -EINVAL; 2039 2040 if (info->granularity >= IOMMU_INV_GRANU_NR) 2041 return -EINVAL; 2042 2043 switch (info->granularity) { 2044 case IOMMU_INV_GRANU_ADDR: 2045 if (info->cache & IOMMU_CACHE_INV_TYPE_PASID) 2046 return -EINVAL; 2047 2048 mask = IOMMU_INV_ADDR_FLAGS_PASID | 2049 IOMMU_INV_ADDR_FLAGS_ARCHID | 2050 IOMMU_INV_ADDR_FLAGS_LEAF; 2051 2052 if (info->granu.addr_info.flags & ~mask) 2053 return -EINVAL; 2054 break; 2055 case IOMMU_INV_GRANU_PASID: 2056 mask = IOMMU_INV_PASID_FLAGS_PASID | 2057 IOMMU_INV_PASID_FLAGS_ARCHID; 2058 if (info->granu.pasid_info.flags & ~mask) 2059 return -EINVAL; 2060 2061 break; 2062 case IOMMU_INV_GRANU_DOMAIN: 2063 if (info->cache & IOMMU_CACHE_INV_TYPE_DEV_IOTLB) 2064 return -EINVAL; 2065 break; 2066 default: 2067 return -EINVAL; 2068 } 2069 2070 /* Check reserved padding fields */ 2071 for (i = 0; i < sizeof(info->padding); i++) { 2072 if (info->padding[i]) 2073 return -EINVAL; 2074 } 2075 2076 return 0; 2077 } 2078 2079 int iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev, 2080 void __user *uinfo) 2081 { 2082 struct iommu_cache_invalidate_info inv_info = { 0 }; 2083 u32 minsz; 2084 int ret; 2085 2086 if (unlikely(!domain->ops->cache_invalidate)) 2087 return -ENODEV; 2088 2089 /* 2090 * No new spaces can be added before the variable sized union, the 2091 * minimum size is the offset to the union. 2092 */ 2093 minsz = offsetof(struct iommu_cache_invalidate_info, granu); 2094 2095 /* Copy minsz from user to get flags and argsz */ 2096 if (copy_from_user(&inv_info, uinfo, minsz)) 2097 return -EFAULT; 2098 2099 /* Fields before the variable size union are mandatory */ 2100 if (inv_info.argsz < minsz) 2101 return -EINVAL; 2102 2103 /* PASID and address granu require additional info beyond minsz */ 2104 if (inv_info.granularity == IOMMU_INV_GRANU_PASID && 2105 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.pasid_info)) 2106 return -EINVAL; 2107 2108 if (inv_info.granularity == IOMMU_INV_GRANU_ADDR && 2109 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.addr_info)) 2110 return -EINVAL; 2111 2112 /* 2113 * User might be using a newer UAPI header which has a larger data 2114 * size, we shall support the existing flags within the current 2115 * size. Copy the remaining user data _after_ minsz but not more 2116 * than the current kernel supported size. 2117 */ 2118 if (copy_from_user((void *)&inv_info + minsz, uinfo + minsz, 2119 min_t(u32, inv_info.argsz, sizeof(inv_info)) - minsz)) 2120 return -EFAULT; 2121 2122 /* Now the argsz is validated, check the content */ 2123 ret = iommu_check_cache_invl_data(&inv_info); 2124 if (ret) 2125 return ret; 2126 2127 return domain->ops->cache_invalidate(domain, dev, &inv_info); 2128 } 2129 EXPORT_SYMBOL_GPL(iommu_uapi_cache_invalidate); 2130 2131 static int iommu_check_bind_data(struct iommu_gpasid_bind_data *data) 2132 { 2133 u64 mask; 2134 int i; 2135 2136 if (data->version != IOMMU_GPASID_BIND_VERSION_1) 2137 return -EINVAL; 2138 2139 /* Check the range of supported formats */ 2140 if (data->format >= IOMMU_PASID_FORMAT_LAST) 2141 return -EINVAL; 2142 2143 /* Check all flags */ 2144 mask = IOMMU_SVA_GPASID_VAL; 2145 if (data->flags & ~mask) 2146 return -EINVAL; 2147 2148 /* Check reserved padding fields */ 2149 for (i = 0; i < sizeof(data->padding); i++) { 2150 if (data->padding[i]) 2151 return -EINVAL; 2152 } 2153 2154 return 0; 2155 } 2156 2157 static int iommu_sva_prepare_bind_data(void __user *udata, 2158 struct iommu_gpasid_bind_data *data) 2159 { 2160 u32 minsz; 2161 2162 /* 2163 * No new spaces can be added before the variable sized union, the 2164 * minimum size is the offset to the union. 2165 */ 2166 minsz = offsetof(struct iommu_gpasid_bind_data, vendor); 2167 2168 /* Copy minsz from user to get flags and argsz */ 2169 if (copy_from_user(data, udata, minsz)) 2170 return -EFAULT; 2171 2172 /* Fields before the variable size union are mandatory */ 2173 if (data->argsz < minsz) 2174 return -EINVAL; 2175 /* 2176 * User might be using a newer UAPI header, we shall let IOMMU vendor 2177 * driver decide on what size it needs. Since the guest PASID bind data 2178 * can be vendor specific, larger argsz could be the result of extension 2179 * for one vendor but it should not affect another vendor. 2180 * Copy the remaining user data _after_ minsz 2181 */ 2182 if (copy_from_user((void *)data + minsz, udata + minsz, 2183 min_t(u32, data->argsz, sizeof(*data)) - minsz)) 2184 return -EFAULT; 2185 2186 return iommu_check_bind_data(data); 2187 } 2188 2189 int iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev, 2190 void __user *udata) 2191 { 2192 struct iommu_gpasid_bind_data data = { 0 }; 2193 int ret; 2194 2195 if (unlikely(!domain->ops->sva_bind_gpasid)) 2196 return -ENODEV; 2197 2198 ret = iommu_sva_prepare_bind_data(udata, &data); 2199 if (ret) 2200 return ret; 2201 2202 return domain->ops->sva_bind_gpasid(domain, dev, &data); 2203 } 2204 EXPORT_SYMBOL_GPL(iommu_uapi_sva_bind_gpasid); 2205 2206 int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, 2207 ioasid_t pasid) 2208 { 2209 if (unlikely(!domain->ops->sva_unbind_gpasid)) 2210 return -ENODEV; 2211 2212 return domain->ops->sva_unbind_gpasid(dev, pasid); 2213 } 2214 EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid); 2215 2216 int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, 2217 void __user *udata) 2218 { 2219 struct iommu_gpasid_bind_data data = { 0 }; 2220 int ret; 2221 2222 if (unlikely(!domain->ops->sva_bind_gpasid)) 2223 return -ENODEV; 2224 2225 ret = iommu_sva_prepare_bind_data(udata, &data); 2226 if (ret) 2227 return ret; 2228 2229 return iommu_sva_unbind_gpasid(domain, dev, data.hpasid); 2230 } 2231 EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid); 2232 2233 static void __iommu_detach_device(struct iommu_domain *domain, 2234 struct device *dev) 2235 { 2236 if (iommu_is_attach_deferred(domain, dev)) 2237 return; 2238 2239 if (unlikely(domain->ops->detach_dev == NULL)) 2240 return; 2241 2242 domain->ops->detach_dev(domain, dev); 2243 trace_detach_device_from_domain(dev); 2244 } 2245 2246 void iommu_detach_device(struct iommu_domain *domain, struct device *dev) 2247 { 2248 struct iommu_group *group; 2249 2250 group = iommu_group_get(dev); 2251 if (!group) 2252 return; 2253 2254 mutex_lock(&group->mutex); 2255 if (iommu_group_device_count(group) != 1) { 2256 WARN_ON(1); 2257 goto out_unlock; 2258 } 2259 2260 __iommu_detach_group(domain, group); 2261 2262 out_unlock: 2263 mutex_unlock(&group->mutex); 2264 iommu_group_put(group); 2265 } 2266 EXPORT_SYMBOL_GPL(iommu_detach_device); 2267 2268 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev) 2269 { 2270 struct iommu_domain *domain; 2271 struct iommu_group *group; 2272 2273 group = iommu_group_get(dev); 2274 if (!group) 2275 return NULL; 2276 2277 domain = group->domain; 2278 2279 iommu_group_put(group); 2280 2281 return domain; 2282 } 2283 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev); 2284 2285 /* 2286 * For IOMMU_DOMAIN_DMA implementations which already provide their own 2287 * guarantees that the group and its default domain are valid and correct. 2288 */ 2289 struct iommu_domain *iommu_get_dma_domain(struct device *dev) 2290 { 2291 return dev->iommu_group->default_domain; 2292 } 2293 2294 /* 2295 * IOMMU groups are really the natural working unit of the IOMMU, but 2296 * the IOMMU API works on domains and devices. Bridge that gap by 2297 * iterating over the devices in a group. Ideally we'd have a single 2298 * device which represents the requestor ID of the group, but we also 2299 * allow IOMMU drivers to create policy defined minimum sets, where 2300 * the physical hardware may be able to distiguish members, but we 2301 * wish to group them at a higher level (ex. untrusted multi-function 2302 * PCI devices). Thus we attach each device. 2303 */ 2304 static int iommu_group_do_attach_device(struct device *dev, void *data) 2305 { 2306 struct iommu_domain *domain = data; 2307 2308 return __iommu_attach_device(domain, dev); 2309 } 2310 2311 static int __iommu_attach_group(struct iommu_domain *domain, 2312 struct iommu_group *group) 2313 { 2314 int ret; 2315 2316 if (group->default_domain && group->domain != group->default_domain) 2317 return -EBUSY; 2318 2319 ret = __iommu_group_for_each_dev(group, domain, 2320 iommu_group_do_attach_device); 2321 if (ret == 0) 2322 group->domain = domain; 2323 2324 return ret; 2325 } 2326 2327 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group) 2328 { 2329 int ret; 2330 2331 mutex_lock(&group->mutex); 2332 ret = __iommu_attach_group(domain, group); 2333 mutex_unlock(&group->mutex); 2334 2335 return ret; 2336 } 2337 EXPORT_SYMBOL_GPL(iommu_attach_group); 2338 2339 static int iommu_group_do_detach_device(struct device *dev, void *data) 2340 { 2341 struct iommu_domain *domain = data; 2342 2343 __iommu_detach_device(domain, dev); 2344 2345 return 0; 2346 } 2347 2348 static void __iommu_detach_group(struct iommu_domain *domain, 2349 struct iommu_group *group) 2350 { 2351 int ret; 2352 2353 if (!group->default_domain) { 2354 __iommu_group_for_each_dev(group, domain, 2355 iommu_group_do_detach_device); 2356 group->domain = NULL; 2357 return; 2358 } 2359 2360 if (group->domain == group->default_domain) 2361 return; 2362 2363 /* Detach by re-attaching to the default domain */ 2364 ret = __iommu_group_for_each_dev(group, group->default_domain, 2365 iommu_group_do_attach_device); 2366 if (ret != 0) 2367 WARN_ON(1); 2368 else 2369 group->domain = group->default_domain; 2370 } 2371 2372 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group) 2373 { 2374 mutex_lock(&group->mutex); 2375 __iommu_detach_group(domain, group); 2376 mutex_unlock(&group->mutex); 2377 } 2378 EXPORT_SYMBOL_GPL(iommu_detach_group); 2379 2380 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova) 2381 { 2382 if (domain->type == IOMMU_DOMAIN_IDENTITY) 2383 return iova; 2384 2385 if (domain->type == IOMMU_DOMAIN_BLOCKED) 2386 return 0; 2387 2388 return domain->ops->iova_to_phys(domain, iova); 2389 } 2390 EXPORT_SYMBOL_GPL(iommu_iova_to_phys); 2391 2392 static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova, 2393 phys_addr_t paddr, size_t size, size_t *count) 2394 { 2395 unsigned int pgsize_idx, pgsize_idx_next; 2396 unsigned long pgsizes; 2397 size_t offset, pgsize, pgsize_next; 2398 unsigned long addr_merge = paddr | iova; 2399 2400 /* Page sizes supported by the hardware and small enough for @size */ 2401 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0); 2402 2403 /* Constrain the page sizes further based on the maximum alignment */ 2404 if (likely(addr_merge)) 2405 pgsizes &= GENMASK(__ffs(addr_merge), 0); 2406 2407 /* Make sure we have at least one suitable page size */ 2408 BUG_ON(!pgsizes); 2409 2410 /* Pick the biggest page size remaining */ 2411 pgsize_idx = __fls(pgsizes); 2412 pgsize = BIT(pgsize_idx); 2413 if (!count) 2414 return pgsize; 2415 2416 /* Find the next biggest support page size, if it exists */ 2417 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0); 2418 if (!pgsizes) 2419 goto out_set_count; 2420 2421 pgsize_idx_next = __ffs(pgsizes); 2422 pgsize_next = BIT(pgsize_idx_next); 2423 2424 /* 2425 * There's no point trying a bigger page size unless the virtual 2426 * and physical addresses are similarly offset within the larger page. 2427 */ 2428 if ((iova ^ paddr) & (pgsize_next - 1)) 2429 goto out_set_count; 2430 2431 /* Calculate the offset to the next page size alignment boundary */ 2432 offset = pgsize_next - (addr_merge & (pgsize_next - 1)); 2433 2434 /* 2435 * If size is big enough to accommodate the larger page, reduce 2436 * the number of smaller pages. 2437 */ 2438 if (offset + pgsize_next <= size) 2439 size = offset; 2440 2441 out_set_count: 2442 *count = size >> pgsize_idx; 2443 return pgsize; 2444 } 2445 2446 static int __iommu_map_pages(struct iommu_domain *domain, unsigned long iova, 2447 phys_addr_t paddr, size_t size, int prot, 2448 gfp_t gfp, size_t *mapped) 2449 { 2450 const struct iommu_ops *ops = domain->ops; 2451 size_t pgsize, count; 2452 int ret; 2453 2454 pgsize = iommu_pgsize(domain, iova, paddr, size, &count); 2455 2456 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n", 2457 iova, &paddr, pgsize, count); 2458 2459 if (ops->map_pages) { 2460 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot, 2461 gfp, mapped); 2462 } else { 2463 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp); 2464 *mapped = ret ? 0 : pgsize; 2465 } 2466 2467 return ret; 2468 } 2469 2470 static int __iommu_map(struct iommu_domain *domain, unsigned long iova, 2471 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2472 { 2473 const struct iommu_ops *ops = domain->ops; 2474 unsigned long orig_iova = iova; 2475 unsigned int min_pagesz; 2476 size_t orig_size = size; 2477 phys_addr_t orig_paddr = paddr; 2478 int ret = 0; 2479 2480 if (unlikely(!(ops->map || ops->map_pages) || 2481 domain->pgsize_bitmap == 0UL)) 2482 return -ENODEV; 2483 2484 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2485 return -EINVAL; 2486 2487 /* find out the minimum page size supported */ 2488 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2489 2490 /* 2491 * both the virtual address and the physical one, as well as 2492 * the size of the mapping, must be aligned (at least) to the 2493 * size of the smallest page supported by the hardware 2494 */ 2495 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) { 2496 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n", 2497 iova, &paddr, size, min_pagesz); 2498 return -EINVAL; 2499 } 2500 2501 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size); 2502 2503 while (size) { 2504 size_t mapped = 0; 2505 2506 ret = __iommu_map_pages(domain, iova, paddr, size, prot, gfp, 2507 &mapped); 2508 /* 2509 * Some pages may have been mapped, even if an error occurred, 2510 * so we should account for those so they can be unmapped. 2511 */ 2512 size -= mapped; 2513 2514 if (ret) 2515 break; 2516 2517 iova += mapped; 2518 paddr += mapped; 2519 } 2520 2521 /* unroll mapping in case something went wrong */ 2522 if (ret) 2523 iommu_unmap(domain, orig_iova, orig_size - size); 2524 else 2525 trace_map(orig_iova, orig_paddr, orig_size); 2526 2527 return ret; 2528 } 2529 2530 static int _iommu_map(struct iommu_domain *domain, unsigned long iova, 2531 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2532 { 2533 const struct iommu_ops *ops = domain->ops; 2534 int ret; 2535 2536 ret = __iommu_map(domain, iova, paddr, size, prot, gfp); 2537 if (ret == 0 && ops->iotlb_sync_map) 2538 ops->iotlb_sync_map(domain, iova, size); 2539 2540 return ret; 2541 } 2542 2543 int iommu_map(struct iommu_domain *domain, unsigned long iova, 2544 phys_addr_t paddr, size_t size, int prot) 2545 { 2546 might_sleep(); 2547 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL); 2548 } 2549 EXPORT_SYMBOL_GPL(iommu_map); 2550 2551 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova, 2552 phys_addr_t paddr, size_t size, int prot) 2553 { 2554 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC); 2555 } 2556 EXPORT_SYMBOL_GPL(iommu_map_atomic); 2557 2558 static size_t __iommu_unmap_pages(struct iommu_domain *domain, 2559 unsigned long iova, size_t size, 2560 struct iommu_iotlb_gather *iotlb_gather) 2561 { 2562 const struct iommu_ops *ops = domain->ops; 2563 size_t pgsize, count; 2564 2565 pgsize = iommu_pgsize(domain, iova, iova, size, &count); 2566 return ops->unmap_pages ? 2567 ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather) : 2568 ops->unmap(domain, iova, pgsize, iotlb_gather); 2569 } 2570 2571 static size_t __iommu_unmap(struct iommu_domain *domain, 2572 unsigned long iova, size_t size, 2573 struct iommu_iotlb_gather *iotlb_gather) 2574 { 2575 const struct iommu_ops *ops = domain->ops; 2576 size_t unmapped_page, unmapped = 0; 2577 unsigned long orig_iova = iova; 2578 unsigned int min_pagesz; 2579 2580 if (unlikely(!(ops->unmap || ops->unmap_pages) || 2581 domain->pgsize_bitmap == 0UL)) 2582 return 0; 2583 2584 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2585 return 0; 2586 2587 /* find out the minimum page size supported */ 2588 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2589 2590 /* 2591 * The virtual address, as well as the size of the mapping, must be 2592 * aligned (at least) to the size of the smallest page supported 2593 * by the hardware 2594 */ 2595 if (!IS_ALIGNED(iova | size, min_pagesz)) { 2596 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n", 2597 iova, size, min_pagesz); 2598 return 0; 2599 } 2600 2601 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size); 2602 2603 /* 2604 * Keep iterating until we either unmap 'size' bytes (or more) 2605 * or we hit an area that isn't mapped. 2606 */ 2607 while (unmapped < size) { 2608 unmapped_page = __iommu_unmap_pages(domain, iova, 2609 size - unmapped, 2610 iotlb_gather); 2611 if (!unmapped_page) 2612 break; 2613 2614 pr_debug("unmapped: iova 0x%lx size 0x%zx\n", 2615 iova, unmapped_page); 2616 2617 iova += unmapped_page; 2618 unmapped += unmapped_page; 2619 } 2620 2621 trace_unmap(orig_iova, size, unmapped); 2622 return unmapped; 2623 } 2624 2625 size_t iommu_unmap(struct iommu_domain *domain, 2626 unsigned long iova, size_t size) 2627 { 2628 struct iommu_iotlb_gather iotlb_gather; 2629 size_t ret; 2630 2631 iommu_iotlb_gather_init(&iotlb_gather); 2632 ret = __iommu_unmap(domain, iova, size, &iotlb_gather); 2633 iommu_iotlb_sync(domain, &iotlb_gather); 2634 2635 return ret; 2636 } 2637 EXPORT_SYMBOL_GPL(iommu_unmap); 2638 2639 size_t iommu_unmap_fast(struct iommu_domain *domain, 2640 unsigned long iova, size_t size, 2641 struct iommu_iotlb_gather *iotlb_gather) 2642 { 2643 return __iommu_unmap(domain, iova, size, iotlb_gather); 2644 } 2645 EXPORT_SYMBOL_GPL(iommu_unmap_fast); 2646 2647 static size_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2648 struct scatterlist *sg, unsigned int nents, int prot, 2649 gfp_t gfp) 2650 { 2651 const struct iommu_ops *ops = domain->ops; 2652 size_t len = 0, mapped = 0; 2653 phys_addr_t start; 2654 unsigned int i = 0; 2655 int ret; 2656 2657 while (i <= nents) { 2658 phys_addr_t s_phys = sg_phys(sg); 2659 2660 if (len && s_phys != start + len) { 2661 ret = __iommu_map(domain, iova + mapped, start, 2662 len, prot, gfp); 2663 2664 if (ret) 2665 goto out_err; 2666 2667 mapped += len; 2668 len = 0; 2669 } 2670 2671 if (len) { 2672 len += sg->length; 2673 } else { 2674 len = sg->length; 2675 start = s_phys; 2676 } 2677 2678 if (++i < nents) 2679 sg = sg_next(sg); 2680 } 2681 2682 if (ops->iotlb_sync_map) 2683 ops->iotlb_sync_map(domain, iova, mapped); 2684 return mapped; 2685 2686 out_err: 2687 /* undo mappings already done */ 2688 iommu_unmap(domain, iova, mapped); 2689 2690 return 0; 2691 2692 } 2693 2694 size_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2695 struct scatterlist *sg, unsigned int nents, int prot) 2696 { 2697 might_sleep(); 2698 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL); 2699 } 2700 EXPORT_SYMBOL_GPL(iommu_map_sg); 2701 2702 size_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova, 2703 struct scatterlist *sg, unsigned int nents, int prot) 2704 { 2705 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC); 2706 } 2707 2708 /** 2709 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework 2710 * @domain: the iommu domain where the fault has happened 2711 * @dev: the device where the fault has happened 2712 * @iova: the faulting address 2713 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...) 2714 * 2715 * This function should be called by the low-level IOMMU implementations 2716 * whenever IOMMU faults happen, to allow high-level users, that are 2717 * interested in such events, to know about them. 2718 * 2719 * This event may be useful for several possible use cases: 2720 * - mere logging of the event 2721 * - dynamic TLB/PTE loading 2722 * - if restarting of the faulting device is required 2723 * 2724 * Returns 0 on success and an appropriate error code otherwise (if dynamic 2725 * PTE/TLB loading will one day be supported, implementations will be able 2726 * to tell whether it succeeded or not according to this return value). 2727 * 2728 * Specifically, -ENOSYS is returned if a fault handler isn't installed 2729 * (though fault handlers can also return -ENOSYS, in case they want to 2730 * elicit the default behavior of the IOMMU drivers). 2731 */ 2732 int report_iommu_fault(struct iommu_domain *domain, struct device *dev, 2733 unsigned long iova, int flags) 2734 { 2735 int ret = -ENOSYS; 2736 2737 /* 2738 * if upper layers showed interest and installed a fault handler, 2739 * invoke it. 2740 */ 2741 if (domain->handler) 2742 ret = domain->handler(domain, dev, iova, flags, 2743 domain->handler_token); 2744 2745 trace_io_page_fault(dev, iova, flags); 2746 return ret; 2747 } 2748 EXPORT_SYMBOL_GPL(report_iommu_fault); 2749 2750 static int __init iommu_init(void) 2751 { 2752 iommu_group_kset = kset_create_and_add("iommu_groups", 2753 NULL, kernel_kobj); 2754 BUG_ON(!iommu_group_kset); 2755 2756 iommu_debugfs_setup(); 2757 2758 return 0; 2759 } 2760 core_initcall(iommu_init); 2761 2762 int iommu_enable_nesting(struct iommu_domain *domain) 2763 { 2764 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2765 return -EINVAL; 2766 if (!domain->ops->enable_nesting) 2767 return -EINVAL; 2768 return domain->ops->enable_nesting(domain); 2769 } 2770 EXPORT_SYMBOL_GPL(iommu_enable_nesting); 2771 2772 int iommu_set_pgtable_quirks(struct iommu_domain *domain, 2773 unsigned long quirk) 2774 { 2775 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2776 return -EINVAL; 2777 if (!domain->ops->set_pgtable_quirks) 2778 return -EINVAL; 2779 return domain->ops->set_pgtable_quirks(domain, quirk); 2780 } 2781 EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks); 2782 2783 void iommu_get_resv_regions(struct device *dev, struct list_head *list) 2784 { 2785 const struct iommu_ops *ops = dev->bus->iommu_ops; 2786 2787 if (ops && ops->get_resv_regions) 2788 ops->get_resv_regions(dev, list); 2789 } 2790 2791 void iommu_put_resv_regions(struct device *dev, struct list_head *list) 2792 { 2793 const struct iommu_ops *ops = dev->bus->iommu_ops; 2794 2795 if (ops && ops->put_resv_regions) 2796 ops->put_resv_regions(dev, list); 2797 } 2798 2799 /** 2800 * generic_iommu_put_resv_regions - Reserved region driver helper 2801 * @dev: device for which to free reserved regions 2802 * @list: reserved region list for device 2803 * 2804 * IOMMU drivers can use this to implement their .put_resv_regions() callback 2805 * for simple reservations. Memory allocated for each reserved region will be 2806 * freed. If an IOMMU driver allocates additional resources per region, it is 2807 * going to have to implement a custom callback. 2808 */ 2809 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list) 2810 { 2811 struct iommu_resv_region *entry, *next; 2812 2813 list_for_each_entry_safe(entry, next, list, list) 2814 kfree(entry); 2815 } 2816 EXPORT_SYMBOL(generic_iommu_put_resv_regions); 2817 2818 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start, 2819 size_t length, int prot, 2820 enum iommu_resv_type type) 2821 { 2822 struct iommu_resv_region *region; 2823 2824 region = kzalloc(sizeof(*region), GFP_KERNEL); 2825 if (!region) 2826 return NULL; 2827 2828 INIT_LIST_HEAD(®ion->list); 2829 region->start = start; 2830 region->length = length; 2831 region->prot = prot; 2832 region->type = type; 2833 return region; 2834 } 2835 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region); 2836 2837 void iommu_set_default_passthrough(bool cmd_line) 2838 { 2839 if (cmd_line) 2840 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2841 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; 2842 } 2843 2844 void iommu_set_default_translated(bool cmd_line) 2845 { 2846 if (cmd_line) 2847 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2848 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 2849 } 2850 2851 bool iommu_default_passthrough(void) 2852 { 2853 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY; 2854 } 2855 EXPORT_SYMBOL_GPL(iommu_default_passthrough); 2856 2857 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode) 2858 { 2859 const struct iommu_ops *ops = NULL; 2860 struct iommu_device *iommu; 2861 2862 spin_lock(&iommu_device_lock); 2863 list_for_each_entry(iommu, &iommu_device_list, list) 2864 if (iommu->fwnode == fwnode) { 2865 ops = iommu->ops; 2866 break; 2867 } 2868 spin_unlock(&iommu_device_lock); 2869 return ops; 2870 } 2871 2872 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode, 2873 const struct iommu_ops *ops) 2874 { 2875 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2876 2877 if (fwspec) 2878 return ops == fwspec->ops ? 0 : -EINVAL; 2879 2880 if (!dev_iommu_get(dev)) 2881 return -ENOMEM; 2882 2883 /* Preallocate for the overwhelmingly common case of 1 ID */ 2884 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL); 2885 if (!fwspec) 2886 return -ENOMEM; 2887 2888 of_node_get(to_of_node(iommu_fwnode)); 2889 fwspec->iommu_fwnode = iommu_fwnode; 2890 fwspec->ops = ops; 2891 dev_iommu_fwspec_set(dev, fwspec); 2892 return 0; 2893 } 2894 EXPORT_SYMBOL_GPL(iommu_fwspec_init); 2895 2896 void iommu_fwspec_free(struct device *dev) 2897 { 2898 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2899 2900 if (fwspec) { 2901 fwnode_handle_put(fwspec->iommu_fwnode); 2902 kfree(fwspec); 2903 dev_iommu_fwspec_set(dev, NULL); 2904 } 2905 } 2906 EXPORT_SYMBOL_GPL(iommu_fwspec_free); 2907 2908 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids) 2909 { 2910 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2911 int i, new_num; 2912 2913 if (!fwspec) 2914 return -EINVAL; 2915 2916 new_num = fwspec->num_ids + num_ids; 2917 if (new_num > 1) { 2918 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num), 2919 GFP_KERNEL); 2920 if (!fwspec) 2921 return -ENOMEM; 2922 2923 dev_iommu_fwspec_set(dev, fwspec); 2924 } 2925 2926 for (i = 0; i < num_ids; i++) 2927 fwspec->ids[fwspec->num_ids + i] = ids[i]; 2928 2929 fwspec->num_ids = new_num; 2930 return 0; 2931 } 2932 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids); 2933 2934 /* 2935 * Per device IOMMU features. 2936 */ 2937 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat) 2938 { 2939 if (dev->iommu && dev->iommu->iommu_dev) { 2940 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2941 2942 if (ops->dev_enable_feat) 2943 return ops->dev_enable_feat(dev, feat); 2944 } 2945 2946 return -ENODEV; 2947 } 2948 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature); 2949 2950 /* 2951 * The device drivers should do the necessary cleanups before calling this. 2952 * For example, before disabling the aux-domain feature, the device driver 2953 * should detach all aux-domains. Otherwise, this will return -EBUSY. 2954 */ 2955 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat) 2956 { 2957 if (dev->iommu && dev->iommu->iommu_dev) { 2958 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2959 2960 if (ops->dev_disable_feat) 2961 return ops->dev_disable_feat(dev, feat); 2962 } 2963 2964 return -EBUSY; 2965 } 2966 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature); 2967 2968 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat) 2969 { 2970 if (dev->iommu && dev->iommu->iommu_dev) { 2971 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2972 2973 if (ops->dev_feat_enabled) 2974 return ops->dev_feat_enabled(dev, feat); 2975 } 2976 2977 return false; 2978 } 2979 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled); 2980 2981 /* 2982 * Aux-domain specific attach/detach. 2983 * 2984 * Only works if iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX) returns 2985 * true. Also, as long as domains are attached to a device through this 2986 * interface, any tries to call iommu_attach_device() should fail 2987 * (iommu_detach_device() can't fail, so we fail when trying to re-attach). 2988 * This should make us safe against a device being attached to a guest as a 2989 * whole while there are still pasid users on it (aux and sva). 2990 */ 2991 int iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev) 2992 { 2993 int ret = -ENODEV; 2994 2995 if (domain->ops->aux_attach_dev) 2996 ret = domain->ops->aux_attach_dev(domain, dev); 2997 2998 if (!ret) 2999 trace_attach_device_to_domain(dev); 3000 3001 return ret; 3002 } 3003 EXPORT_SYMBOL_GPL(iommu_aux_attach_device); 3004 3005 void iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev) 3006 { 3007 if (domain->ops->aux_detach_dev) { 3008 domain->ops->aux_detach_dev(domain, dev); 3009 trace_detach_device_from_domain(dev); 3010 } 3011 } 3012 EXPORT_SYMBOL_GPL(iommu_aux_detach_device); 3013 3014 int iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev) 3015 { 3016 int ret = -ENODEV; 3017 3018 if (domain->ops->aux_get_pasid) 3019 ret = domain->ops->aux_get_pasid(domain, dev); 3020 3021 return ret; 3022 } 3023 EXPORT_SYMBOL_GPL(iommu_aux_get_pasid); 3024 3025 /** 3026 * iommu_sva_bind_device() - Bind a process address space to a device 3027 * @dev: the device 3028 * @mm: the mm to bind, caller must hold a reference to it 3029 * 3030 * Create a bond between device and address space, allowing the device to access 3031 * the mm using the returned PASID. If a bond already exists between @device and 3032 * @mm, it is returned and an additional reference is taken. Caller must call 3033 * iommu_sva_unbind_device() to release each reference. 3034 * 3035 * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to 3036 * initialize the required SVA features. 3037 * 3038 * On error, returns an ERR_PTR value. 3039 */ 3040 struct iommu_sva * 3041 iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata) 3042 { 3043 struct iommu_group *group; 3044 struct iommu_sva *handle = ERR_PTR(-EINVAL); 3045 const struct iommu_ops *ops = dev->bus->iommu_ops; 3046 3047 if (!ops || !ops->sva_bind) 3048 return ERR_PTR(-ENODEV); 3049 3050 group = iommu_group_get(dev); 3051 if (!group) 3052 return ERR_PTR(-ENODEV); 3053 3054 /* Ensure device count and domain don't change while we're binding */ 3055 mutex_lock(&group->mutex); 3056 3057 /* 3058 * To keep things simple, SVA currently doesn't support IOMMU groups 3059 * with more than one device. Existing SVA-capable systems are not 3060 * affected by the problems that required IOMMU groups (lack of ACS 3061 * isolation, device ID aliasing and other hardware issues). 3062 */ 3063 if (iommu_group_device_count(group) != 1) 3064 goto out_unlock; 3065 3066 handle = ops->sva_bind(dev, mm, drvdata); 3067 3068 out_unlock: 3069 mutex_unlock(&group->mutex); 3070 iommu_group_put(group); 3071 3072 return handle; 3073 } 3074 EXPORT_SYMBOL_GPL(iommu_sva_bind_device); 3075 3076 /** 3077 * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device 3078 * @handle: the handle returned by iommu_sva_bind_device() 3079 * 3080 * Put reference to a bond between device and address space. The device should 3081 * not be issuing any more transaction for this PASID. All outstanding page 3082 * requests for this PASID must have been flushed to the IOMMU. 3083 */ 3084 void iommu_sva_unbind_device(struct iommu_sva *handle) 3085 { 3086 struct iommu_group *group; 3087 struct device *dev = handle->dev; 3088 const struct iommu_ops *ops = dev->bus->iommu_ops; 3089 3090 if (!ops || !ops->sva_unbind) 3091 return; 3092 3093 group = iommu_group_get(dev); 3094 if (!group) 3095 return; 3096 3097 mutex_lock(&group->mutex); 3098 ops->sva_unbind(handle); 3099 mutex_unlock(&group->mutex); 3100 3101 iommu_group_put(group); 3102 } 3103 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device); 3104 3105 u32 iommu_sva_get_pasid(struct iommu_sva *handle) 3106 { 3107 const struct iommu_ops *ops = handle->dev->bus->iommu_ops; 3108 3109 if (!ops || !ops->sva_get_pasid) 3110 return IOMMU_PASID_INVALID; 3111 3112 return ops->sva_get_pasid(handle); 3113 } 3114 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid); 3115 3116 /* 3117 * Changes the default domain of an iommu group that has *only* one device 3118 * 3119 * @group: The group for which the default domain should be changed 3120 * @prev_dev: The device in the group (this is used to make sure that the device 3121 * hasn't changed after the caller has called this function) 3122 * @type: The type of the new default domain that gets associated with the group 3123 * 3124 * Returns 0 on success and error code on failure 3125 * 3126 * Note: 3127 * 1. Presently, this function is called only when user requests to change the 3128 * group's default domain type through /sys/kernel/iommu_groups/<grp_id>/type 3129 * Please take a closer look if intended to use for other purposes. 3130 */ 3131 static int iommu_change_dev_def_domain(struct iommu_group *group, 3132 struct device *prev_dev, int type) 3133 { 3134 struct iommu_domain *prev_dom; 3135 struct group_device *grp_dev; 3136 int ret, dev_def_dom; 3137 struct device *dev; 3138 3139 mutex_lock(&group->mutex); 3140 3141 if (group->default_domain != group->domain) { 3142 dev_err_ratelimited(prev_dev, "Group not assigned to default domain\n"); 3143 ret = -EBUSY; 3144 goto out; 3145 } 3146 3147 /* 3148 * iommu group wasn't locked while acquiring device lock in 3149 * iommu_group_store_type(). So, make sure that the device count hasn't 3150 * changed while acquiring device lock. 3151 * 3152 * Changing default domain of an iommu group with two or more devices 3153 * isn't supported because there could be a potential deadlock. Consider 3154 * the following scenario. T1 is trying to acquire device locks of all 3155 * the devices in the group and before it could acquire all of them, 3156 * there could be another thread T2 (from different sub-system and use 3157 * case) that has already acquired some of the device locks and might be 3158 * waiting for T1 to release other device locks. 3159 */ 3160 if (iommu_group_device_count(group) != 1) { 3161 dev_err_ratelimited(prev_dev, "Cannot change default domain: Group has more than one device\n"); 3162 ret = -EINVAL; 3163 goto out; 3164 } 3165 3166 /* Since group has only one device */ 3167 grp_dev = list_first_entry(&group->devices, struct group_device, list); 3168 dev = grp_dev->dev; 3169 3170 if (prev_dev != dev) { 3171 dev_err_ratelimited(prev_dev, "Cannot change default domain: Device has been changed\n"); 3172 ret = -EBUSY; 3173 goto out; 3174 } 3175 3176 prev_dom = group->default_domain; 3177 if (!prev_dom) { 3178 ret = -EINVAL; 3179 goto out; 3180 } 3181 3182 dev_def_dom = iommu_get_def_domain_type(dev); 3183 if (!type) { 3184 /* 3185 * If the user hasn't requested any specific type of domain and 3186 * if the device supports both the domains, then default to the 3187 * domain the device was booted with 3188 */ 3189 type = dev_def_dom ? : iommu_def_domain_type; 3190 } else if (dev_def_dom && type != dev_def_dom) { 3191 dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n", 3192 iommu_domain_type_str(type)); 3193 ret = -EINVAL; 3194 goto out; 3195 } 3196 3197 /* 3198 * Switch to a new domain only if the requested domain type is different 3199 * from the existing default domain type 3200 */ 3201 if (prev_dom->type == type) { 3202 ret = 0; 3203 goto out; 3204 } 3205 3206 /* Sets group->default_domain to the newly allocated domain */ 3207 ret = iommu_group_alloc_default_domain(dev->bus, group, type); 3208 if (ret) 3209 goto out; 3210 3211 ret = iommu_create_device_direct_mappings(group, dev); 3212 if (ret) 3213 goto free_new_domain; 3214 3215 ret = __iommu_attach_device(group->default_domain, dev); 3216 if (ret) 3217 goto free_new_domain; 3218 3219 group->domain = group->default_domain; 3220 3221 /* 3222 * Release the mutex here because ops->probe_finalize() call-back of 3223 * some vendor IOMMU drivers calls arm_iommu_attach_device() which 3224 * in-turn might call back into IOMMU core code, where it tries to take 3225 * group->mutex, resulting in a deadlock. 3226 */ 3227 mutex_unlock(&group->mutex); 3228 3229 /* Make sure dma_ops is appropriatley set */ 3230 iommu_group_do_probe_finalize(dev, group->default_domain); 3231 iommu_domain_free(prev_dom); 3232 return 0; 3233 3234 free_new_domain: 3235 iommu_domain_free(group->default_domain); 3236 group->default_domain = prev_dom; 3237 group->domain = prev_dom; 3238 3239 out: 3240 mutex_unlock(&group->mutex); 3241 3242 return ret; 3243 } 3244 3245 /* 3246 * Changing the default domain through sysfs requires the users to ubind the 3247 * drivers from the devices in the iommu group. Return failure if this doesn't 3248 * meet. 3249 * 3250 * We need to consider the race between this and the device release path. 3251 * device_lock(dev) is used here to guarantee that the device release path 3252 * will not be entered at the same time. 3253 */ 3254 static ssize_t iommu_group_store_type(struct iommu_group *group, 3255 const char *buf, size_t count) 3256 { 3257 struct group_device *grp_dev; 3258 struct device *dev; 3259 int ret, req_type; 3260 3261 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) 3262 return -EACCES; 3263 3264 if (WARN_ON(!group)) 3265 return -EINVAL; 3266 3267 if (sysfs_streq(buf, "identity")) 3268 req_type = IOMMU_DOMAIN_IDENTITY; 3269 else if (sysfs_streq(buf, "DMA")) 3270 req_type = IOMMU_DOMAIN_DMA; 3271 else if (sysfs_streq(buf, "auto")) 3272 req_type = 0; 3273 else 3274 return -EINVAL; 3275 3276 /* 3277 * Lock/Unlock the group mutex here before device lock to 3278 * 1. Make sure that the iommu group has only one device (this is a 3279 * prerequisite for step 2) 3280 * 2. Get struct *dev which is needed to lock device 3281 */ 3282 mutex_lock(&group->mutex); 3283 if (iommu_group_device_count(group) != 1) { 3284 mutex_unlock(&group->mutex); 3285 pr_err_ratelimited("Cannot change default domain: Group has more than one device\n"); 3286 return -EINVAL; 3287 } 3288 3289 /* Since group has only one device */ 3290 grp_dev = list_first_entry(&group->devices, struct group_device, list); 3291 dev = grp_dev->dev; 3292 get_device(dev); 3293 3294 /* 3295 * Don't hold the group mutex because taking group mutex first and then 3296 * the device lock could potentially cause a deadlock as below. Assume 3297 * two threads T1 and T2. T1 is trying to change default domain of an 3298 * iommu group and T2 is trying to hot unplug a device or release [1] VF 3299 * of a PCIe device which is in the same iommu group. T1 takes group 3300 * mutex and before it could take device lock assume T2 has taken device 3301 * lock and is yet to take group mutex. Now, both the threads will be 3302 * waiting for the other thread to release lock. Below, lock order was 3303 * suggested. 3304 * device_lock(dev); 3305 * mutex_lock(&group->mutex); 3306 * iommu_change_dev_def_domain(); 3307 * mutex_unlock(&group->mutex); 3308 * device_unlock(dev); 3309 * 3310 * [1] Typical device release path 3311 * device_lock() from device/driver core code 3312 * -> bus_notifier() 3313 * -> iommu_bus_notifier() 3314 * -> iommu_release_device() 3315 * -> ops->release_device() vendor driver calls back iommu core code 3316 * -> mutex_lock() from iommu core code 3317 */ 3318 mutex_unlock(&group->mutex); 3319 3320 /* Check if the device in the group still has a driver bound to it */ 3321 device_lock(dev); 3322 if (device_is_bound(dev)) { 3323 pr_err_ratelimited("Device is still bound to driver\n"); 3324 ret = -EBUSY; 3325 goto out; 3326 } 3327 3328 ret = iommu_change_dev_def_domain(group, dev, req_type); 3329 ret = ret ?: count; 3330 3331 out: 3332 device_unlock(dev); 3333 put_device(dev); 3334 3335 return ret; 3336 } 3337