1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * IOMMU API for QCOM secure IOMMUs.  Somewhat based on arm-smmu.c
4  *
5  * Copyright (C) 2013 ARM Limited
6  * Copyright (C) 2017 Red Hat
7  */
8 
9 #include <linux/atomic.h>
10 #include <linux/bitfield.h>
11 #include <linux/clk.h>
12 #include <linux/delay.h>
13 #include <linux/dma-iommu.h>
14 #include <linux/dma-mapping.h>
15 #include <linux/err.h>
16 #include <linux/interrupt.h>
17 #include <linux/io.h>
18 #include <linux/io-64-nonatomic-hi-lo.h>
19 #include <linux/io-pgtable.h>
20 #include <linux/iommu.h>
21 #include <linux/iopoll.h>
22 #include <linux/kconfig.h>
23 #include <linux/init.h>
24 #include <linux/mutex.h>
25 #include <linux/of.h>
26 #include <linux/of_address.h>
27 #include <linux/of_device.h>
28 #include <linux/of_iommu.h>
29 #include <linux/platform_device.h>
30 #include <linux/pm.h>
31 #include <linux/pm_runtime.h>
32 #include <linux/qcom_scm.h>
33 #include <linux/slab.h>
34 #include <linux/spinlock.h>
35 
36 #include "arm-smmu.h"
37 
38 #define SMMU_INTR_SEL_NS     0x2000
39 
40 enum qcom_iommu_clk {
41 	CLK_IFACE,
42 	CLK_BUS,
43 	CLK_TBU,
44 	CLK_NUM,
45 };
46 
47 struct qcom_iommu_ctx;
48 
49 struct qcom_iommu_dev {
50 	/* IOMMU core code handle */
51 	struct iommu_device	 iommu;
52 	struct device		*dev;
53 	struct clk_bulk_data clks[CLK_NUM];
54 	void __iomem		*local_base;
55 	u32			 sec_id;
56 	u8			 num_ctxs;
57 	struct qcom_iommu_ctx	*ctxs[];   /* indexed by asid-1 */
58 };
59 
60 struct qcom_iommu_ctx {
61 	struct device		*dev;
62 	void __iomem		*base;
63 	bool			 secure_init;
64 	u8			 asid;      /* asid and ctx bank # are 1:1 */
65 	struct iommu_domain	*domain;
66 };
67 
68 struct qcom_iommu_domain {
69 	struct io_pgtable_ops	*pgtbl_ops;
70 	spinlock_t		 pgtbl_lock;
71 	struct mutex		 init_mutex; /* Protects iommu pointer */
72 	struct iommu_domain	 domain;
73 	struct qcom_iommu_dev	*iommu;
74 	struct iommu_fwspec	*fwspec;
75 };
76 
77 static struct qcom_iommu_domain *to_qcom_iommu_domain(struct iommu_domain *dom)
78 {
79 	return container_of(dom, struct qcom_iommu_domain, domain);
80 }
81 
82 static const struct iommu_ops qcom_iommu_ops;
83 
84 static struct qcom_iommu_dev * to_iommu(struct device *dev)
85 {
86 	struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
87 
88 	if (!fwspec || fwspec->ops != &qcom_iommu_ops)
89 		return NULL;
90 
91 	return dev_iommu_priv_get(dev);
92 }
93 
94 static struct qcom_iommu_ctx * to_ctx(struct qcom_iommu_domain *d, unsigned asid)
95 {
96 	struct qcom_iommu_dev *qcom_iommu = d->iommu;
97 	if (!qcom_iommu)
98 		return NULL;
99 	return qcom_iommu->ctxs[asid - 1];
100 }
101 
102 static inline void
103 iommu_writel(struct qcom_iommu_ctx *ctx, unsigned reg, u32 val)
104 {
105 	writel_relaxed(val, ctx->base + reg);
106 }
107 
108 static inline void
109 iommu_writeq(struct qcom_iommu_ctx *ctx, unsigned reg, u64 val)
110 {
111 	writeq_relaxed(val, ctx->base + reg);
112 }
113 
114 static inline u32
115 iommu_readl(struct qcom_iommu_ctx *ctx, unsigned reg)
116 {
117 	return readl_relaxed(ctx->base + reg);
118 }
119 
120 static inline u64
121 iommu_readq(struct qcom_iommu_ctx *ctx, unsigned reg)
122 {
123 	return readq_relaxed(ctx->base + reg);
124 }
125 
126 static void qcom_iommu_tlb_sync(void *cookie)
127 {
128 	struct qcom_iommu_domain *qcom_domain = cookie;
129 	struct iommu_fwspec *fwspec = qcom_domain->fwspec;
130 	unsigned i;
131 
132 	for (i = 0; i < fwspec->num_ids; i++) {
133 		struct qcom_iommu_ctx *ctx = to_ctx(qcom_domain, fwspec->ids[i]);
134 		unsigned int val, ret;
135 
136 		iommu_writel(ctx, ARM_SMMU_CB_TLBSYNC, 0);
137 
138 		ret = readl_poll_timeout(ctx->base + ARM_SMMU_CB_TLBSTATUS, val,
139 					 (val & 0x1) == 0, 0, 5000000);
140 		if (ret)
141 			dev_err(ctx->dev, "timeout waiting for TLB SYNC\n");
142 	}
143 }
144 
145 static void qcom_iommu_tlb_inv_context(void *cookie)
146 {
147 	struct qcom_iommu_domain *qcom_domain = cookie;
148 	struct iommu_fwspec *fwspec = qcom_domain->fwspec;
149 	unsigned i;
150 
151 	for (i = 0; i < fwspec->num_ids; i++) {
152 		struct qcom_iommu_ctx *ctx = to_ctx(qcom_domain, fwspec->ids[i]);
153 		iommu_writel(ctx, ARM_SMMU_CB_S1_TLBIASID, ctx->asid);
154 	}
155 
156 	qcom_iommu_tlb_sync(cookie);
157 }
158 
159 static void qcom_iommu_tlb_inv_range_nosync(unsigned long iova, size_t size,
160 					    size_t granule, bool leaf, void *cookie)
161 {
162 	struct qcom_iommu_domain *qcom_domain = cookie;
163 	struct iommu_fwspec *fwspec = qcom_domain->fwspec;
164 	unsigned i, reg;
165 
166 	reg = leaf ? ARM_SMMU_CB_S1_TLBIVAL : ARM_SMMU_CB_S1_TLBIVA;
167 
168 	for (i = 0; i < fwspec->num_ids; i++) {
169 		struct qcom_iommu_ctx *ctx = to_ctx(qcom_domain, fwspec->ids[i]);
170 		size_t s = size;
171 
172 		iova = (iova >> 12) << 12;
173 		iova |= ctx->asid;
174 		do {
175 			iommu_writel(ctx, reg, iova);
176 			iova += granule;
177 		} while (s -= granule);
178 	}
179 }
180 
181 static void qcom_iommu_tlb_flush_walk(unsigned long iova, size_t size,
182 				      size_t granule, void *cookie)
183 {
184 	qcom_iommu_tlb_inv_range_nosync(iova, size, granule, false, cookie);
185 	qcom_iommu_tlb_sync(cookie);
186 }
187 
188 static void qcom_iommu_tlb_flush_leaf(unsigned long iova, size_t size,
189 				      size_t granule, void *cookie)
190 {
191 	qcom_iommu_tlb_inv_range_nosync(iova, size, granule, true, cookie);
192 	qcom_iommu_tlb_sync(cookie);
193 }
194 
195 static void qcom_iommu_tlb_add_page(struct iommu_iotlb_gather *gather,
196 				    unsigned long iova, size_t granule,
197 				    void *cookie)
198 {
199 	qcom_iommu_tlb_inv_range_nosync(iova, granule, granule, true, cookie);
200 }
201 
202 static const struct iommu_flush_ops qcom_flush_ops = {
203 	.tlb_flush_all	= qcom_iommu_tlb_inv_context,
204 	.tlb_flush_walk = qcom_iommu_tlb_flush_walk,
205 	.tlb_flush_leaf = qcom_iommu_tlb_flush_leaf,
206 	.tlb_add_page	= qcom_iommu_tlb_add_page,
207 };
208 
209 static irqreturn_t qcom_iommu_fault(int irq, void *dev)
210 {
211 	struct qcom_iommu_ctx *ctx = dev;
212 	u32 fsr, fsynr;
213 	u64 iova;
214 
215 	fsr = iommu_readl(ctx, ARM_SMMU_CB_FSR);
216 
217 	if (!(fsr & ARM_SMMU_FSR_FAULT))
218 		return IRQ_NONE;
219 
220 	fsynr = iommu_readl(ctx, ARM_SMMU_CB_FSYNR0);
221 	iova = iommu_readq(ctx, ARM_SMMU_CB_FAR);
222 
223 	if (!report_iommu_fault(ctx->domain, ctx->dev, iova, 0)) {
224 		dev_err_ratelimited(ctx->dev,
225 				    "Unhandled context fault: fsr=0x%x, "
226 				    "iova=0x%016llx, fsynr=0x%x, cb=%d\n",
227 				    fsr, iova, fsynr, ctx->asid);
228 	}
229 
230 	iommu_writel(ctx, ARM_SMMU_CB_FSR, fsr);
231 	iommu_writel(ctx, ARM_SMMU_CB_RESUME, ARM_SMMU_RESUME_TERMINATE);
232 
233 	return IRQ_HANDLED;
234 }
235 
236 static int qcom_iommu_init_domain(struct iommu_domain *domain,
237 				  struct qcom_iommu_dev *qcom_iommu,
238 				  struct device *dev)
239 {
240 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
241 	struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
242 	struct io_pgtable_ops *pgtbl_ops;
243 	struct io_pgtable_cfg pgtbl_cfg;
244 	int i, ret = 0;
245 	u32 reg;
246 
247 	mutex_lock(&qcom_domain->init_mutex);
248 	if (qcom_domain->iommu)
249 		goto out_unlock;
250 
251 	pgtbl_cfg = (struct io_pgtable_cfg) {
252 		.pgsize_bitmap	= qcom_iommu_ops.pgsize_bitmap,
253 		.ias		= 32,
254 		.oas		= 40,
255 		.tlb		= &qcom_flush_ops,
256 		.iommu_dev	= qcom_iommu->dev,
257 	};
258 
259 	qcom_domain->iommu = qcom_iommu;
260 	qcom_domain->fwspec = fwspec;
261 
262 	pgtbl_ops = alloc_io_pgtable_ops(ARM_32_LPAE_S1, &pgtbl_cfg, qcom_domain);
263 	if (!pgtbl_ops) {
264 		dev_err(qcom_iommu->dev, "failed to allocate pagetable ops\n");
265 		ret = -ENOMEM;
266 		goto out_clear_iommu;
267 	}
268 
269 	/* Update the domain's page sizes to reflect the page table format */
270 	domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
271 	domain->geometry.aperture_end = (1ULL << pgtbl_cfg.ias) - 1;
272 	domain->geometry.force_aperture = true;
273 
274 	for (i = 0; i < fwspec->num_ids; i++) {
275 		struct qcom_iommu_ctx *ctx = to_ctx(qcom_domain, fwspec->ids[i]);
276 
277 		if (!ctx->secure_init) {
278 			ret = qcom_scm_restore_sec_cfg(qcom_iommu->sec_id, ctx->asid);
279 			if (ret) {
280 				dev_err(qcom_iommu->dev, "secure init failed: %d\n", ret);
281 				goto out_clear_iommu;
282 			}
283 			ctx->secure_init = true;
284 		}
285 
286 		/* TTBRs */
287 		iommu_writeq(ctx, ARM_SMMU_CB_TTBR0,
288 				pgtbl_cfg.arm_lpae_s1_cfg.ttbr |
289 				FIELD_PREP(ARM_SMMU_TTBRn_ASID, ctx->asid));
290 		iommu_writeq(ctx, ARM_SMMU_CB_TTBR1, 0);
291 
292 		/* TCR */
293 		iommu_writel(ctx, ARM_SMMU_CB_TCR2,
294 				arm_smmu_lpae_tcr2(&pgtbl_cfg));
295 		iommu_writel(ctx, ARM_SMMU_CB_TCR,
296 			     arm_smmu_lpae_tcr(&pgtbl_cfg) | ARM_SMMU_TCR_EAE);
297 
298 		/* MAIRs (stage-1 only) */
299 		iommu_writel(ctx, ARM_SMMU_CB_S1_MAIR0,
300 				pgtbl_cfg.arm_lpae_s1_cfg.mair);
301 		iommu_writel(ctx, ARM_SMMU_CB_S1_MAIR1,
302 				pgtbl_cfg.arm_lpae_s1_cfg.mair >> 32);
303 
304 		/* SCTLR */
305 		reg = ARM_SMMU_SCTLR_CFIE | ARM_SMMU_SCTLR_CFRE |
306 		      ARM_SMMU_SCTLR_AFE | ARM_SMMU_SCTLR_TRE |
307 		      ARM_SMMU_SCTLR_M | ARM_SMMU_SCTLR_S1_ASIDPNE |
308 		      ARM_SMMU_SCTLR_CFCFG;
309 
310 		if (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
311 			reg |= ARM_SMMU_SCTLR_E;
312 
313 		iommu_writel(ctx, ARM_SMMU_CB_SCTLR, reg);
314 
315 		ctx->domain = domain;
316 	}
317 
318 	mutex_unlock(&qcom_domain->init_mutex);
319 
320 	/* Publish page table ops for map/unmap */
321 	qcom_domain->pgtbl_ops = pgtbl_ops;
322 
323 	return 0;
324 
325 out_clear_iommu:
326 	qcom_domain->iommu = NULL;
327 out_unlock:
328 	mutex_unlock(&qcom_domain->init_mutex);
329 	return ret;
330 }
331 
332 static struct iommu_domain *qcom_iommu_domain_alloc(unsigned type)
333 {
334 	struct qcom_iommu_domain *qcom_domain;
335 
336 	if (type != IOMMU_DOMAIN_UNMANAGED && type != IOMMU_DOMAIN_DMA)
337 		return NULL;
338 	/*
339 	 * Allocate the domain and initialise some of its data structures.
340 	 * We can't really do anything meaningful until we've added a
341 	 * master.
342 	 */
343 	qcom_domain = kzalloc(sizeof(*qcom_domain), GFP_KERNEL);
344 	if (!qcom_domain)
345 		return NULL;
346 
347 	if (type == IOMMU_DOMAIN_DMA &&
348 	    iommu_get_dma_cookie(&qcom_domain->domain)) {
349 		kfree(qcom_domain);
350 		return NULL;
351 	}
352 
353 	mutex_init(&qcom_domain->init_mutex);
354 	spin_lock_init(&qcom_domain->pgtbl_lock);
355 
356 	return &qcom_domain->domain;
357 }
358 
359 static void qcom_iommu_domain_free(struct iommu_domain *domain)
360 {
361 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
362 
363 	iommu_put_dma_cookie(domain);
364 
365 	if (qcom_domain->iommu) {
366 		/*
367 		 * NOTE: unmap can be called after client device is powered
368 		 * off, for example, with GPUs or anything involving dma-buf.
369 		 * So we cannot rely on the device_link.  Make sure the IOMMU
370 		 * is on to avoid unclocked accesses in the TLB inv path:
371 		 */
372 		pm_runtime_get_sync(qcom_domain->iommu->dev);
373 		free_io_pgtable_ops(qcom_domain->pgtbl_ops);
374 		pm_runtime_put_sync(qcom_domain->iommu->dev);
375 	}
376 
377 	kfree(qcom_domain);
378 }
379 
380 static int qcom_iommu_attach_dev(struct iommu_domain *domain, struct device *dev)
381 {
382 	struct qcom_iommu_dev *qcom_iommu = to_iommu(dev);
383 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
384 	int ret;
385 
386 	if (!qcom_iommu) {
387 		dev_err(dev, "cannot attach to IOMMU, is it on the same bus?\n");
388 		return -ENXIO;
389 	}
390 
391 	/* Ensure that the domain is finalized */
392 	pm_runtime_get_sync(qcom_iommu->dev);
393 	ret = qcom_iommu_init_domain(domain, qcom_iommu, dev);
394 	pm_runtime_put_sync(qcom_iommu->dev);
395 	if (ret < 0)
396 		return ret;
397 
398 	/*
399 	 * Sanity check the domain. We don't support domains across
400 	 * different IOMMUs.
401 	 */
402 	if (qcom_domain->iommu != qcom_iommu) {
403 		dev_err(dev, "cannot attach to IOMMU %s while already "
404 			"attached to domain on IOMMU %s\n",
405 			dev_name(qcom_domain->iommu->dev),
406 			dev_name(qcom_iommu->dev));
407 		return -EINVAL;
408 	}
409 
410 	return 0;
411 }
412 
413 static void qcom_iommu_detach_dev(struct iommu_domain *domain, struct device *dev)
414 {
415 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
416 	struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
417 	struct qcom_iommu_dev *qcom_iommu = to_iommu(dev);
418 	unsigned i;
419 
420 	if (WARN_ON(!qcom_domain->iommu))
421 		return;
422 
423 	pm_runtime_get_sync(qcom_iommu->dev);
424 	for (i = 0; i < fwspec->num_ids; i++) {
425 		struct qcom_iommu_ctx *ctx = to_ctx(qcom_domain, fwspec->ids[i]);
426 
427 		/* Disable the context bank: */
428 		iommu_writel(ctx, ARM_SMMU_CB_SCTLR, 0);
429 
430 		ctx->domain = NULL;
431 	}
432 	pm_runtime_put_sync(qcom_iommu->dev);
433 }
434 
435 static int qcom_iommu_map(struct iommu_domain *domain, unsigned long iova,
436 			  phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
437 {
438 	int ret;
439 	unsigned long flags;
440 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
441 	struct io_pgtable_ops *ops = qcom_domain->pgtbl_ops;
442 
443 	if (!ops)
444 		return -ENODEV;
445 
446 	spin_lock_irqsave(&qcom_domain->pgtbl_lock, flags);
447 	ret = ops->map(ops, iova, paddr, size, prot, GFP_ATOMIC);
448 	spin_unlock_irqrestore(&qcom_domain->pgtbl_lock, flags);
449 	return ret;
450 }
451 
452 static size_t qcom_iommu_unmap(struct iommu_domain *domain, unsigned long iova,
453 			       size_t size, struct iommu_iotlb_gather *gather)
454 {
455 	size_t ret;
456 	unsigned long flags;
457 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
458 	struct io_pgtable_ops *ops = qcom_domain->pgtbl_ops;
459 
460 	if (!ops)
461 		return 0;
462 
463 	/* NOTE: unmap can be called after client device is powered off,
464 	 * for example, with GPUs or anything involving dma-buf.  So we
465 	 * cannot rely on the device_link.  Make sure the IOMMU is on to
466 	 * avoid unclocked accesses in the TLB inv path:
467 	 */
468 	pm_runtime_get_sync(qcom_domain->iommu->dev);
469 	spin_lock_irqsave(&qcom_domain->pgtbl_lock, flags);
470 	ret = ops->unmap(ops, iova, size, gather);
471 	spin_unlock_irqrestore(&qcom_domain->pgtbl_lock, flags);
472 	pm_runtime_put_sync(qcom_domain->iommu->dev);
473 
474 	return ret;
475 }
476 
477 static void qcom_iommu_flush_iotlb_all(struct iommu_domain *domain)
478 {
479 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
480 	struct io_pgtable *pgtable = container_of(qcom_domain->pgtbl_ops,
481 						  struct io_pgtable, ops);
482 	if (!qcom_domain->pgtbl_ops)
483 		return;
484 
485 	pm_runtime_get_sync(qcom_domain->iommu->dev);
486 	qcom_iommu_tlb_sync(pgtable->cookie);
487 	pm_runtime_put_sync(qcom_domain->iommu->dev);
488 }
489 
490 static void qcom_iommu_iotlb_sync(struct iommu_domain *domain,
491 				  struct iommu_iotlb_gather *gather)
492 {
493 	qcom_iommu_flush_iotlb_all(domain);
494 }
495 
496 static phys_addr_t qcom_iommu_iova_to_phys(struct iommu_domain *domain,
497 					   dma_addr_t iova)
498 {
499 	phys_addr_t ret;
500 	unsigned long flags;
501 	struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
502 	struct io_pgtable_ops *ops = qcom_domain->pgtbl_ops;
503 
504 	if (!ops)
505 		return 0;
506 
507 	spin_lock_irqsave(&qcom_domain->pgtbl_lock, flags);
508 	ret = ops->iova_to_phys(ops, iova);
509 	spin_unlock_irqrestore(&qcom_domain->pgtbl_lock, flags);
510 
511 	return ret;
512 }
513 
514 static bool qcom_iommu_capable(enum iommu_cap cap)
515 {
516 	switch (cap) {
517 	case IOMMU_CAP_CACHE_COHERENCY:
518 		/*
519 		 * Return true here as the SMMU can always send out coherent
520 		 * requests.
521 		 */
522 		return true;
523 	case IOMMU_CAP_NOEXEC:
524 		return true;
525 	default:
526 		return false;
527 	}
528 }
529 
530 static struct iommu_device *qcom_iommu_probe_device(struct device *dev)
531 {
532 	struct qcom_iommu_dev *qcom_iommu = to_iommu(dev);
533 	struct device_link *link;
534 
535 	if (!qcom_iommu)
536 		return ERR_PTR(-ENODEV);
537 
538 	/*
539 	 * Establish the link between iommu and master, so that the
540 	 * iommu gets runtime enabled/disabled as per the master's
541 	 * needs.
542 	 */
543 	link = device_link_add(dev, qcom_iommu->dev, DL_FLAG_PM_RUNTIME);
544 	if (!link) {
545 		dev_err(qcom_iommu->dev, "Unable to create device link between %s and %s\n",
546 			dev_name(qcom_iommu->dev), dev_name(dev));
547 		return ERR_PTR(-ENODEV);
548 	}
549 
550 	return &qcom_iommu->iommu;
551 }
552 
553 static void qcom_iommu_release_device(struct device *dev)
554 {
555 	struct qcom_iommu_dev *qcom_iommu = to_iommu(dev);
556 
557 	if (!qcom_iommu)
558 		return;
559 
560 	iommu_fwspec_free(dev);
561 }
562 
563 static int qcom_iommu_of_xlate(struct device *dev, struct of_phandle_args *args)
564 {
565 	struct qcom_iommu_dev *qcom_iommu;
566 	struct platform_device *iommu_pdev;
567 	unsigned asid = args->args[0];
568 
569 	if (args->args_count != 1) {
570 		dev_err(dev, "incorrect number of iommu params found for %s "
571 			"(found %d, expected 1)\n",
572 			args->np->full_name, args->args_count);
573 		return -EINVAL;
574 	}
575 
576 	iommu_pdev = of_find_device_by_node(args->np);
577 	if (WARN_ON(!iommu_pdev))
578 		return -EINVAL;
579 
580 	qcom_iommu = platform_get_drvdata(iommu_pdev);
581 
582 	/* make sure the asid specified in dt is valid, so we don't have
583 	 * to sanity check this elsewhere, since 'asid - 1' is used to
584 	 * index into qcom_iommu->ctxs:
585 	 */
586 	if (WARN_ON(asid < 1) ||
587 	    WARN_ON(asid > qcom_iommu->num_ctxs)) {
588 		put_device(&iommu_pdev->dev);
589 		return -EINVAL;
590 	}
591 
592 	if (!dev_iommu_priv_get(dev)) {
593 		dev_iommu_priv_set(dev, qcom_iommu);
594 	} else {
595 		/* make sure devices iommus dt node isn't referring to
596 		 * multiple different iommu devices.  Multiple context
597 		 * banks are ok, but multiple devices are not:
598 		 */
599 		if (WARN_ON(qcom_iommu != dev_iommu_priv_get(dev))) {
600 			put_device(&iommu_pdev->dev);
601 			return -EINVAL;
602 		}
603 	}
604 
605 	return iommu_fwspec_add_ids(dev, &asid, 1);
606 }
607 
608 static const struct iommu_ops qcom_iommu_ops = {
609 	.capable	= qcom_iommu_capable,
610 	.domain_alloc	= qcom_iommu_domain_alloc,
611 	.domain_free	= qcom_iommu_domain_free,
612 	.attach_dev	= qcom_iommu_attach_dev,
613 	.detach_dev	= qcom_iommu_detach_dev,
614 	.map		= qcom_iommu_map,
615 	.unmap		= qcom_iommu_unmap,
616 	.flush_iotlb_all = qcom_iommu_flush_iotlb_all,
617 	.iotlb_sync	= qcom_iommu_iotlb_sync,
618 	.iova_to_phys	= qcom_iommu_iova_to_phys,
619 	.probe_device	= qcom_iommu_probe_device,
620 	.release_device	= qcom_iommu_release_device,
621 	.device_group	= generic_device_group,
622 	.of_xlate	= qcom_iommu_of_xlate,
623 	.pgsize_bitmap	= SZ_4K | SZ_64K | SZ_1M | SZ_16M,
624 };
625 
626 static int qcom_iommu_sec_ptbl_init(struct device *dev)
627 {
628 	size_t psize = 0;
629 	unsigned int spare = 0;
630 	void *cpu_addr;
631 	dma_addr_t paddr;
632 	unsigned long attrs;
633 	static bool allocated = false;
634 	int ret;
635 
636 	if (allocated)
637 		return 0;
638 
639 	ret = qcom_scm_iommu_secure_ptbl_size(spare, &psize);
640 	if (ret) {
641 		dev_err(dev, "failed to get iommu secure pgtable size (%d)\n",
642 			ret);
643 		return ret;
644 	}
645 
646 	dev_info(dev, "iommu sec: pgtable size: %zu\n", psize);
647 
648 	attrs = DMA_ATTR_NO_KERNEL_MAPPING;
649 
650 	cpu_addr = dma_alloc_attrs(dev, psize, &paddr, GFP_KERNEL, attrs);
651 	if (!cpu_addr) {
652 		dev_err(dev, "failed to allocate %zu bytes for pgtable\n",
653 			psize);
654 		return -ENOMEM;
655 	}
656 
657 	ret = qcom_scm_iommu_secure_ptbl_init(paddr, psize, spare);
658 	if (ret) {
659 		dev_err(dev, "failed to init iommu pgtable (%d)\n", ret);
660 		goto free_mem;
661 	}
662 
663 	allocated = true;
664 	return 0;
665 
666 free_mem:
667 	dma_free_attrs(dev, psize, cpu_addr, paddr, attrs);
668 	return ret;
669 }
670 
671 static int get_asid(const struct device_node *np)
672 {
673 	u32 reg;
674 
675 	/* read the "reg" property directly to get the relative address
676 	 * of the context bank, and calculate the asid from that:
677 	 */
678 	if (of_property_read_u32_index(np, "reg", 0, &reg))
679 		return -ENODEV;
680 
681 	return reg / 0x1000;      /* context banks are 0x1000 apart */
682 }
683 
684 static int qcom_iommu_ctx_probe(struct platform_device *pdev)
685 {
686 	struct qcom_iommu_ctx *ctx;
687 	struct device *dev = &pdev->dev;
688 	struct qcom_iommu_dev *qcom_iommu = dev_get_drvdata(dev->parent);
689 	struct resource *res;
690 	int ret, irq;
691 
692 	ctx = devm_kzalloc(dev, sizeof(*ctx), GFP_KERNEL);
693 	if (!ctx)
694 		return -ENOMEM;
695 
696 	ctx->dev = dev;
697 	platform_set_drvdata(pdev, ctx);
698 
699 	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
700 	ctx->base = devm_ioremap_resource(dev, res);
701 	if (IS_ERR(ctx->base))
702 		return PTR_ERR(ctx->base);
703 
704 	irq = platform_get_irq(pdev, 0);
705 	if (irq < 0)
706 		return -ENODEV;
707 
708 	/* clear IRQs before registering fault handler, just in case the
709 	 * boot-loader left us a surprise:
710 	 */
711 	iommu_writel(ctx, ARM_SMMU_CB_FSR, iommu_readl(ctx, ARM_SMMU_CB_FSR));
712 
713 	ret = devm_request_irq(dev, irq,
714 			       qcom_iommu_fault,
715 			       IRQF_SHARED,
716 			       "qcom-iommu-fault",
717 			       ctx);
718 	if (ret) {
719 		dev_err(dev, "failed to request IRQ %u\n", irq);
720 		return ret;
721 	}
722 
723 	ret = get_asid(dev->of_node);
724 	if (ret < 0) {
725 		dev_err(dev, "missing reg property\n");
726 		return ret;
727 	}
728 
729 	ctx->asid = ret;
730 
731 	dev_dbg(dev, "found asid %u\n", ctx->asid);
732 
733 	qcom_iommu->ctxs[ctx->asid - 1] = ctx;
734 
735 	return 0;
736 }
737 
738 static int qcom_iommu_ctx_remove(struct platform_device *pdev)
739 {
740 	struct qcom_iommu_dev *qcom_iommu = dev_get_drvdata(pdev->dev.parent);
741 	struct qcom_iommu_ctx *ctx = platform_get_drvdata(pdev);
742 
743 	platform_set_drvdata(pdev, NULL);
744 
745 	qcom_iommu->ctxs[ctx->asid - 1] = NULL;
746 
747 	return 0;
748 }
749 
750 static const struct of_device_id ctx_of_match[] = {
751 	{ .compatible = "qcom,msm-iommu-v1-ns" },
752 	{ .compatible = "qcom,msm-iommu-v1-sec" },
753 	{ /* sentinel */ }
754 };
755 
756 static struct platform_driver qcom_iommu_ctx_driver = {
757 	.driver	= {
758 		.name		= "qcom-iommu-ctx",
759 		.of_match_table	= ctx_of_match,
760 	},
761 	.probe	= qcom_iommu_ctx_probe,
762 	.remove = qcom_iommu_ctx_remove,
763 };
764 
765 static bool qcom_iommu_has_secure_context(struct qcom_iommu_dev *qcom_iommu)
766 {
767 	struct device_node *child;
768 
769 	for_each_child_of_node(qcom_iommu->dev->of_node, child)
770 		if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec"))
771 			return true;
772 
773 	return false;
774 }
775 
776 static int qcom_iommu_device_probe(struct platform_device *pdev)
777 {
778 	struct device_node *child;
779 	struct qcom_iommu_dev *qcom_iommu;
780 	struct device *dev = &pdev->dev;
781 	struct resource *res;
782 	struct clk *clk;
783 	int ret, max_asid = 0;
784 
785 	/* find the max asid (which is 1:1 to ctx bank idx), so we know how
786 	 * many child ctx devices we have:
787 	 */
788 	for_each_child_of_node(dev->of_node, child)
789 		max_asid = max(max_asid, get_asid(child));
790 
791 	qcom_iommu = devm_kzalloc(dev, struct_size(qcom_iommu, ctxs, max_asid),
792 				  GFP_KERNEL);
793 	if (!qcom_iommu)
794 		return -ENOMEM;
795 	qcom_iommu->num_ctxs = max_asid;
796 	qcom_iommu->dev = dev;
797 
798 	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
799 	if (res) {
800 		qcom_iommu->local_base = devm_ioremap_resource(dev, res);
801 		if (IS_ERR(qcom_iommu->local_base))
802 			return PTR_ERR(qcom_iommu->local_base);
803 	}
804 
805 	clk = devm_clk_get(dev, "iface");
806 	if (IS_ERR(clk)) {
807 		dev_err(dev, "failed to get iface clock\n");
808 		return PTR_ERR(clk);
809 	}
810 	qcom_iommu->clks[CLK_IFACE].clk = clk;
811 
812 	clk = devm_clk_get(dev, "bus");
813 	if (IS_ERR(clk)) {
814 		dev_err(dev, "failed to get bus clock\n");
815 		return PTR_ERR(clk);
816 	}
817 	qcom_iommu->clks[CLK_BUS].clk = clk;
818 
819 	clk = devm_clk_get_optional(dev, "tbu");
820 	if (IS_ERR(clk)) {
821 		dev_err(dev, "failed to get tbu clock\n");
822 		return PTR_ERR(clk);
823 	}
824 	qcom_iommu->clks[CLK_TBU].clk = clk;
825 
826 	if (of_property_read_u32(dev->of_node, "qcom,iommu-secure-id",
827 				 &qcom_iommu->sec_id)) {
828 		dev_err(dev, "missing qcom,iommu-secure-id property\n");
829 		return -ENODEV;
830 	}
831 
832 	if (qcom_iommu_has_secure_context(qcom_iommu)) {
833 		ret = qcom_iommu_sec_ptbl_init(dev);
834 		if (ret) {
835 			dev_err(dev, "cannot init secure pg table(%d)\n", ret);
836 			return ret;
837 		}
838 	}
839 
840 	platform_set_drvdata(pdev, qcom_iommu);
841 
842 	pm_runtime_enable(dev);
843 
844 	/* register context bank devices, which are child nodes: */
845 	ret = devm_of_platform_populate(dev);
846 	if (ret) {
847 		dev_err(dev, "Failed to populate iommu contexts\n");
848 		return ret;
849 	}
850 
851 	ret = iommu_device_sysfs_add(&qcom_iommu->iommu, dev, NULL,
852 				     dev_name(dev));
853 	if (ret) {
854 		dev_err(dev, "Failed to register iommu in sysfs\n");
855 		return ret;
856 	}
857 
858 	iommu_device_set_ops(&qcom_iommu->iommu, &qcom_iommu_ops);
859 	iommu_device_set_fwnode(&qcom_iommu->iommu, dev->fwnode);
860 
861 	ret = iommu_device_register(&qcom_iommu->iommu);
862 	if (ret) {
863 		dev_err(dev, "Failed to register iommu\n");
864 		return ret;
865 	}
866 
867 	bus_set_iommu(&platform_bus_type, &qcom_iommu_ops);
868 
869 	if (qcom_iommu->local_base) {
870 		pm_runtime_get_sync(dev);
871 		writel_relaxed(0xffffffff, qcom_iommu->local_base + SMMU_INTR_SEL_NS);
872 		pm_runtime_put_sync(dev);
873 	}
874 
875 	return 0;
876 }
877 
878 static int qcom_iommu_device_remove(struct platform_device *pdev)
879 {
880 	struct qcom_iommu_dev *qcom_iommu = platform_get_drvdata(pdev);
881 
882 	bus_set_iommu(&platform_bus_type, NULL);
883 
884 	pm_runtime_force_suspend(&pdev->dev);
885 	platform_set_drvdata(pdev, NULL);
886 	iommu_device_sysfs_remove(&qcom_iommu->iommu);
887 	iommu_device_unregister(&qcom_iommu->iommu);
888 
889 	return 0;
890 }
891 
892 static int __maybe_unused qcom_iommu_resume(struct device *dev)
893 {
894 	struct qcom_iommu_dev *qcom_iommu = dev_get_drvdata(dev);
895 
896 	return clk_bulk_prepare_enable(CLK_NUM, qcom_iommu->clks);
897 }
898 
899 static int __maybe_unused qcom_iommu_suspend(struct device *dev)
900 {
901 	struct qcom_iommu_dev *qcom_iommu = dev_get_drvdata(dev);
902 
903 	clk_bulk_disable_unprepare(CLK_NUM, qcom_iommu->clks);
904 
905 	return 0;
906 }
907 
908 static const struct dev_pm_ops qcom_iommu_pm_ops = {
909 	SET_RUNTIME_PM_OPS(qcom_iommu_suspend, qcom_iommu_resume, NULL)
910 	SET_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend,
911 				pm_runtime_force_resume)
912 };
913 
914 static const struct of_device_id qcom_iommu_of_match[] = {
915 	{ .compatible = "qcom,msm-iommu-v1" },
916 	{ /* sentinel */ }
917 };
918 
919 static struct platform_driver qcom_iommu_driver = {
920 	.driver	= {
921 		.name		= "qcom-iommu",
922 		.of_match_table	= qcom_iommu_of_match,
923 		.pm		= &qcom_iommu_pm_ops,
924 	},
925 	.probe	= qcom_iommu_device_probe,
926 	.remove	= qcom_iommu_device_remove,
927 };
928 
929 static int __init qcom_iommu_init(void)
930 {
931 	int ret;
932 
933 	ret = platform_driver_register(&qcom_iommu_ctx_driver);
934 	if (ret)
935 		return ret;
936 
937 	ret = platform_driver_register(&qcom_iommu_driver);
938 	if (ret)
939 		platform_driver_unregister(&qcom_iommu_ctx_driver);
940 
941 	return ret;
942 }
943 device_initcall(qcom_iommu_init);
944