1 /* 2 * QEMU emulation of an Intel IOMMU (VT-d) 3 * (DMA Remapping device) 4 * 5 * Copyright (C) 2013 Knut Omang, Oracle <knut.omang@oracle.com> 6 * Copyright (C) 2014 Le Tan, <tamlokveer@gmail.com> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 18 * You should have received a copy of the GNU General Public License along 19 * with this program; if not, see <http://www.gnu.org/licenses/>. 20 */ 21 22 #ifndef INTEL_IOMMU_H 23 #define INTEL_IOMMU_H 24 25 #include "hw/i386/x86-iommu.h" 26 #include "qemu/iova-tree.h" 27 #include "qom/object.h" 28 29 #define TYPE_INTEL_IOMMU_DEVICE "intel-iommu" 30 OBJECT_DECLARE_SIMPLE_TYPE(IntelIOMMUState, INTEL_IOMMU_DEVICE) 31 32 #define TYPE_INTEL_IOMMU_MEMORY_REGION "intel-iommu-iommu-memory-region" 33 34 /* DMAR Hardware Unit Definition address (IOMMU unit) */ 35 #define Q35_HOST_BRIDGE_IOMMU_ADDR 0xfed90000ULL 36 37 #define VTD_PCI_BUS_MAX 256 38 #define VTD_PCI_SLOT_MAX 32 39 #define VTD_PCI_FUNC_MAX 8 40 #define VTD_PCI_SLOT(devfn) (((devfn) >> 3) & 0x1f) 41 #define VTD_PCI_FUNC(devfn) ((devfn) & 0x07) 42 #define VTD_SID_TO_BUS(sid) (((sid) >> 8) & 0xff) 43 #define VTD_SID_TO_DEVFN(sid) ((sid) & 0xff) 44 45 #define DMAR_REG_SIZE 0x230 46 #define VTD_HOST_AW_39BIT 39 47 #define VTD_HOST_AW_48BIT 48 48 #define VTD_HOST_ADDRESS_WIDTH VTD_HOST_AW_48BIT 49 #define VTD_HAW_MASK(aw) ((1ULL << (aw)) - 1) 50 #define VTD_MGAW_FROM_CAP(cap) ((cap >> 16) & 0x3fULL) 51 52 #define DMAR_REPORT_F_INTR (1) 53 54 #define VTD_MSI_ADDR_HI_MASK (0xffffffff00000000ULL) 55 #define VTD_MSI_ADDR_HI_SHIFT (32) 56 #define VTD_MSI_ADDR_LO_MASK (0x00000000ffffffffULL) 57 58 typedef struct VTDContextEntry VTDContextEntry; 59 typedef struct VTDContextCacheEntry VTDContextCacheEntry; 60 typedef struct VTDAddressSpace VTDAddressSpace; 61 typedef struct VTDIOTLBEntry VTDIOTLBEntry; 62 typedef union VTD_IR_TableEntry VTD_IR_TableEntry; 63 typedef union VTD_IR_MSIAddress VTD_IR_MSIAddress; 64 typedef struct VTDPASIDDirEntry VTDPASIDDirEntry; 65 typedef struct VTDPASIDEntry VTDPASIDEntry; 66 67 /* Context-Entry */ 68 struct VTDContextEntry { 69 union { 70 struct { 71 uint64_t lo; 72 uint64_t hi; 73 }; 74 struct { 75 uint64_t val[4]; 76 }; 77 }; 78 }; 79 80 struct VTDContextCacheEntry { 81 /* The cache entry is obsolete if 82 * context_cache_gen!=IntelIOMMUState.context_cache_gen 83 */ 84 uint32_t context_cache_gen; 85 struct VTDContextEntry context_entry; 86 }; 87 88 /* PASID Directory Entry */ 89 struct VTDPASIDDirEntry { 90 uint64_t val; 91 }; 92 93 /* PASID Table Entry */ 94 struct VTDPASIDEntry { 95 uint64_t val[8]; 96 }; 97 98 typedef struct VTDPASIDCacheEntry { 99 struct VTDPASIDEntry pasid_entry; 100 bool valid; 101 } VTDPASIDCacheEntry; 102 103 struct VTDAddressSpace { 104 PCIBus *bus; 105 uint8_t devfn; 106 uint32_t pasid; 107 AddressSpace as; 108 IOMMUMemoryRegion iommu; 109 MemoryRegion root; /* The root container of the device */ 110 MemoryRegion nodmar; /* The alias of shared nodmar MR */ 111 MemoryRegion iommu_ir; /* Interrupt region: 0xfeeXXXXX */ 112 MemoryRegion iommu_ir_fault; /* Interrupt region for catching fault */ 113 IntelIOMMUState *iommu_state; 114 VTDContextCacheEntry context_cache_entry; 115 VTDPASIDCacheEntry pasid_cache_entry; 116 QLIST_ENTRY(VTDAddressSpace) next; 117 /* Superset of notifier flags that this address space has */ 118 IOMMUNotifierFlag notifier_flags; 119 IOMMUPRINotifier *pri_notifier; 120 /* 121 * @iova_tree traces mapped IOVA ranges. 122 * 123 * The tree is not needed if no MAP notifier is registered with current 124 * VTD address space, because all guest invalidate commands can be 125 * directly passed to the IOMMU UNMAP notifiers without any further 126 * reshuffling. 127 * 128 * The tree OTOH is required for MAP typed iommu notifiers for a few 129 * reasons. 130 * 131 * Firstly, there's no way to identify whether an PSI (Page Selective 132 * Invalidations) or DSI (Domain Selective Invalidations) event is an 133 * MAP or UNMAP event within the message itself. Without having prior 134 * knowledge of existing state vIOMMU doesn't know whether it should 135 * notify MAP or UNMAP for a PSI message it received when caching mode 136 * is enabled (for MAP notifiers). 137 * 138 * Secondly, PSI messages received from guest driver can be enlarged in 139 * range, covers but not limited to what the guest driver wanted to 140 * invalidate. When the range to invalidates gets bigger than the 141 * limit of a PSI message, it can even become a DSI which will 142 * invalidate the whole domain. If the vIOMMU directly notifies the 143 * registered device with the unmodified range, it may confuse the 144 * registered drivers (e.g. vfio-pci) on either: 145 * 146 * (1) Trying to map the same region more than once (for 147 * VFIO_IOMMU_MAP_DMA, -EEXIST will trigger), or, 148 * 149 * (2) Trying to UNMAP a range that is still partially mapped. 150 * 151 * That accuracy is not required for UNMAP-only notifiers, but it is a 152 * must-to-have for notifiers registered with MAP events, because the 153 * vIOMMU needs to make sure the shadow page table is always in sync 154 * with the guest IOMMU pgtables for a device. 155 */ 156 IOVATree *iova_tree; 157 }; 158 159 struct VTDIOTLBEntry { 160 uint64_t gfn; 161 uint16_t domain_id; 162 uint32_t pasid; 163 uint64_t pte; 164 uint64_t mask; 165 uint8_t access_flags; 166 uint8_t pgtt; 167 }; 168 169 /* VT-d Source-ID Qualifier types */ 170 enum { 171 VTD_SQ_FULL = 0x00, /* Full SID verification */ 172 VTD_SQ_IGN_3 = 0x01, /* Ignore bit 3 */ 173 VTD_SQ_IGN_2_3 = 0x02, /* Ignore bits 2 & 3 */ 174 VTD_SQ_IGN_1_3 = 0x03, /* Ignore bits 1-3 */ 175 VTD_SQ_MAX, 176 }; 177 178 /* VT-d Source Validation Types */ 179 enum { 180 VTD_SVT_NONE = 0x00, /* No validation */ 181 VTD_SVT_ALL = 0x01, /* Do full validation */ 182 VTD_SVT_BUS = 0x02, /* Validate bus range */ 183 VTD_SVT_MAX, 184 }; 185 186 /* Interrupt Remapping Table Entry Definition */ 187 union VTD_IR_TableEntry { 188 struct { 189 #if HOST_BIG_ENDIAN 190 uint64_t dest_id:32; /* Destination ID */ 191 uint64_t __reserved_1:8; /* Reserved 1 */ 192 uint64_t vector:8; /* Interrupt Vector */ 193 uint64_t irte_mode:1; /* IRTE Mode */ 194 uint64_t __reserved_0:3; /* Reserved 0 */ 195 uint64_t __avail:4; /* Available spaces for software */ 196 uint64_t delivery_mode:3; /* Delivery Mode */ 197 uint64_t trigger_mode:1; /* Trigger Mode */ 198 uint64_t redir_hint:1; /* Redirection Hint */ 199 uint64_t dest_mode:1; /* Destination Mode */ 200 uint64_t fault_disable:1; /* Fault Processing Disable */ 201 uint64_t present:1; /* Whether entry present/available */ 202 #else 203 uint64_t present:1; /* Whether entry present/available */ 204 uint64_t fault_disable:1; /* Fault Processing Disable */ 205 uint64_t dest_mode:1; /* Destination Mode */ 206 uint64_t redir_hint:1; /* Redirection Hint */ 207 uint64_t trigger_mode:1; /* Trigger Mode */ 208 uint64_t delivery_mode:3; /* Delivery Mode */ 209 uint64_t __avail:4; /* Available spaces for software */ 210 uint64_t __reserved_0:3; /* Reserved 0 */ 211 uint64_t irte_mode:1; /* IRTE Mode */ 212 uint64_t vector:8; /* Interrupt Vector */ 213 uint64_t __reserved_1:8; /* Reserved 1 */ 214 uint64_t dest_id:32; /* Destination ID */ 215 #endif 216 #if HOST_BIG_ENDIAN 217 uint64_t __reserved_2:44; /* Reserved 2 */ 218 uint64_t sid_vtype:2; /* Source-ID Validation Type */ 219 uint64_t sid_q:2; /* Source-ID Qualifier */ 220 uint64_t source_id:16; /* Source-ID */ 221 #else 222 uint64_t source_id:16; /* Source-ID */ 223 uint64_t sid_q:2; /* Source-ID Qualifier */ 224 uint64_t sid_vtype:2; /* Source-ID Validation Type */ 225 uint64_t __reserved_2:44; /* Reserved 2 */ 226 #endif 227 } QEMU_PACKED irte; 228 uint64_t data[2]; 229 }; 230 231 #define VTD_IR_INT_FORMAT_COMPAT (0) /* Compatible Interrupt */ 232 #define VTD_IR_INT_FORMAT_REMAP (1) /* Remappable Interrupt */ 233 234 /* Programming format for MSI/MSI-X addresses */ 235 union VTD_IR_MSIAddress { 236 struct { 237 #if HOST_BIG_ENDIAN 238 uint32_t __head:12; /* Should always be: 0x0fee */ 239 uint32_t index_l:15; /* Interrupt index bit 14-0 */ 240 uint32_t int_mode:1; /* Interrupt format */ 241 uint32_t sub_valid:1; /* SHV: Sub-Handle Valid bit */ 242 uint32_t index_h:1; /* Interrupt index bit 15 */ 243 uint32_t __not_care:2; 244 #else 245 uint32_t __not_care:2; 246 uint32_t index_h:1; /* Interrupt index bit 15 */ 247 uint32_t sub_valid:1; /* SHV: Sub-Handle Valid bit */ 248 uint32_t int_mode:1; /* Interrupt format */ 249 uint32_t index_l:15; /* Interrupt index bit 14-0 */ 250 uint32_t __head:12; /* Should always be: 0x0fee */ 251 #endif 252 } QEMU_PACKED addr; 253 uint32_t data; 254 }; 255 256 /* When IR is enabled, all MSI/MSI-X data bits should be zero */ 257 #define VTD_IR_MSI_DATA (0) 258 259 /* The iommu (DMAR) device state struct */ 260 struct IntelIOMMUState { 261 X86IOMMUState x86_iommu; 262 MemoryRegion csrmem; 263 MemoryRegion mr_nodmar; 264 MemoryRegion mr_ir; 265 MemoryRegion mr_sys_alias; 266 uint8_t csr[DMAR_REG_SIZE]; /* register values */ 267 uint8_t wmask[DMAR_REG_SIZE]; /* R/W bytes */ 268 uint8_t w1cmask[DMAR_REG_SIZE]; /* RW1C(Write 1 to Clear) bytes */ 269 uint8_t womask[DMAR_REG_SIZE]; /* WO (write only - read returns 0) */ 270 uint32_t version; 271 272 bool caching_mode; /* RO - is cap CM enabled? */ 273 bool scalable_mode; /* RO - is Scalable Mode supported? */ 274 bool flts; /* RO - is stage-1 translation supported? */ 275 bool snoop_control; /* RO - is SNP filed supported? */ 276 277 dma_addr_t root; /* Current root table pointer */ 278 bool root_scalable; /* Type of root table (scalable or not) */ 279 bool dmar_enabled; /* Set if DMA remapping is enabled */ 280 281 uint16_t iq_head; /* Current invalidation queue head */ 282 uint16_t iq_tail; /* Current invalidation queue tail */ 283 dma_addr_t iq; /* Current invalidation queue pointer */ 284 uint16_t iq_size; /* IQ Size in number of entries */ 285 bool iq_dw; /* IQ descriptor width 256bit or not */ 286 bool qi_enabled; /* Set if the QI is enabled */ 287 uint8_t iq_last_desc_type; /* The type of last completed descriptor */ 288 289 /* The index of the Fault Recording Register to be used next. 290 * Wraps around from N-1 to 0, where N is the number of FRCD_REG. 291 */ 292 uint16_t next_frcd_reg; 293 294 uint64_t cap; /* The value of capability reg */ 295 uint64_t ecap; /* The value of extended capability reg */ 296 297 uint32_t context_cache_gen; /* Should be in [1,MAX] */ 298 GHashTable *iotlb; /* IOTLB */ 299 300 GHashTable *vtd_address_spaces; /* VTD address spaces */ 301 VTDAddressSpace *vtd_as_cache[VTD_PCI_BUS_MAX]; /* VTD address space cache */ 302 /* list of registered notifiers */ 303 QLIST_HEAD(, VTDAddressSpace) vtd_as_with_notifiers; 304 305 GHashTable *vtd_host_iommu_dev; /* HostIOMMUDevice */ 306 307 /* interrupt remapping */ 308 bool intr_enabled; /* Whether guest enabled IR */ 309 dma_addr_t intr_root; /* Interrupt remapping table pointer */ 310 uint32_t intr_size; /* Number of IR table entries */ 311 bool intr_eime; /* Extended interrupt mode enabled */ 312 OnOffAuto intr_eim; /* Toggle for EIM cabability */ 313 bool buggy_eim; /* Force buggy EIM unless eim=off */ 314 uint8_t aw_bits; /* Host/IOVA address width (in bits) */ 315 bool dma_drain; /* Whether DMA r/w draining enabled */ 316 bool pasid; /* Whether to support PASID */ 317 bool fs1gp; /* First Stage 1-GByte Page Support */ 318 319 /* Transient Mapping, Reserved(0) since VTD spec revision 3.2 */ 320 bool stale_tm; 321 322 /* 323 * Protects IOMMU states in general. Currently it protects the 324 * per-IOMMU IOTLB cache, and context entry cache in VTDAddressSpace. 325 */ 326 QemuMutex iommu_lock; 327 }; 328 329 /* Find the VTD Address space associated with the given bus pointer, 330 * create a new one if none exists 331 */ 332 VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, PCIBus *bus, 333 int devfn, unsigned int pasid); 334 335 #endif 336