1 /*
2  * CPU-agnostic ARM page table allocator.
3  *
4  * ARMv7 Short-descriptor format, supporting
5  * - Basic memory attributes
6  * - Simplified access permissions (AP[2:1] model)
7  * - Backwards-compatible TEX remap
8  * - Large pages/supersections (if indicated by the caller)
9  *
10  * Not supporting:
11  * - Legacy access permissions (AP[2:0] model)
12  *
13  * Almost certainly never supporting:
14  * - PXN
15  * - Domains
16  *
17  * This program is free software; you can redistribute it and/or modify
18  * it under the terms of the GNU General Public License version 2 as
19  * published by the Free Software Foundation.
20  *
21  * This program is distributed in the hope that it will be useful,
22  * but WITHOUT ANY WARRANTY; without even the implied warranty of
23  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24  * GNU General Public License for more details.
25  *
26  * You should have received a copy of the GNU General Public License
27  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
28  *
29  * Copyright (C) 2014-2015 ARM Limited
30  * Copyright (c) 2014-2015 MediaTek Inc.
31  */
32 
33 #define pr_fmt(fmt)	"arm-v7s io-pgtable: " fmt
34 
35 #include <linux/atomic.h>
36 #include <linux/dma-mapping.h>
37 #include <linux/gfp.h>
38 #include <linux/iommu.h>
39 #include <linux/kernel.h>
40 #include <linux/kmemleak.h>
41 #include <linux/sizes.h>
42 #include <linux/slab.h>
43 #include <linux/spinlock.h>
44 #include <linux/types.h>
45 
46 #include <asm/barrier.h>
47 
48 #include "io-pgtable.h"
49 
50 /* Struct accessors */
51 #define io_pgtable_to_data(x)						\
52 	container_of((x), struct arm_v7s_io_pgtable, iop)
53 
54 #define io_pgtable_ops_to_data(x)					\
55 	io_pgtable_to_data(io_pgtable_ops_to_pgtable(x))
56 
57 /*
58  * We have 32 bits total; 12 bits resolved at level 1, 8 bits at level 2,
59  * and 12 bits in a page. With some carefully-chosen coefficients we can
60  * hide the ugly inconsistencies behind these macros and at least let the
61  * rest of the code pretend to be somewhat sane.
62  */
63 #define ARM_V7S_ADDR_BITS		32
64 #define _ARM_V7S_LVL_BITS(lvl)		(16 - (lvl) * 4)
65 #define ARM_V7S_LVL_SHIFT(lvl)		(ARM_V7S_ADDR_BITS - (4 + 8 * (lvl)))
66 #define ARM_V7S_TABLE_SHIFT		10
67 
68 #define ARM_V7S_PTES_PER_LVL(lvl)	(1 << _ARM_V7S_LVL_BITS(lvl))
69 #define ARM_V7S_TABLE_SIZE(lvl)						\
70 	(ARM_V7S_PTES_PER_LVL(lvl) * sizeof(arm_v7s_iopte))
71 
72 #define ARM_V7S_BLOCK_SIZE(lvl)		(1UL << ARM_V7S_LVL_SHIFT(lvl))
73 #define ARM_V7S_LVL_MASK(lvl)		((u32)(~0U << ARM_V7S_LVL_SHIFT(lvl)))
74 #define ARM_V7S_TABLE_MASK		((u32)(~0U << ARM_V7S_TABLE_SHIFT))
75 #define _ARM_V7S_IDX_MASK(lvl)		(ARM_V7S_PTES_PER_LVL(lvl) - 1)
76 #define ARM_V7S_LVL_IDX(addr, lvl)	({				\
77 	int _l = lvl;							\
78 	((u32)(addr) >> ARM_V7S_LVL_SHIFT(_l)) & _ARM_V7S_IDX_MASK(_l); \
79 })
80 
81 /*
82  * Large page/supersection entries are effectively a block of 16 page/section
83  * entries, along the lines of the LPAE contiguous hint, but all with the
84  * same output address. For want of a better common name we'll call them
85  * "contiguous" versions of their respective page/section entries here, but
86  * noting the distinction (WRT to TLB maintenance) that they represent *one*
87  * entry repeated 16 times, not 16 separate entries (as in the LPAE case).
88  */
89 #define ARM_V7S_CONT_PAGES		16
90 
91 /* PTE type bits: these are all mixed up with XN/PXN bits in most cases */
92 #define ARM_V7S_PTE_TYPE_TABLE		0x1
93 #define ARM_V7S_PTE_TYPE_PAGE		0x2
94 #define ARM_V7S_PTE_TYPE_CONT_PAGE	0x1
95 
96 #define ARM_V7S_PTE_IS_VALID(pte)	(((pte) & 0x3) != 0)
97 #define ARM_V7S_PTE_IS_TABLE(pte, lvl) \
98 	((lvl) == 1 && (((pte) & 0x3) == ARM_V7S_PTE_TYPE_TABLE))
99 
100 /* Page table bits */
101 #define ARM_V7S_ATTR_XN(lvl)		BIT(4 * (2 - (lvl)))
102 #define ARM_V7S_ATTR_B			BIT(2)
103 #define ARM_V7S_ATTR_C			BIT(3)
104 #define ARM_V7S_ATTR_NS_TABLE		BIT(3)
105 #define ARM_V7S_ATTR_NS_SECTION		BIT(19)
106 
107 #define ARM_V7S_CONT_SECTION		BIT(18)
108 #define ARM_V7S_CONT_PAGE_XN_SHIFT	15
109 
110 /*
111  * The attribute bits are consistently ordered*, but occupy bits [17:10] of
112  * a level 1 PTE vs. bits [11:4] at level 2. Thus we define the individual
113  * fields relative to that 8-bit block, plus a total shift relative to the PTE.
114  */
115 #define ARM_V7S_ATTR_SHIFT(lvl)		(16 - (lvl) * 6)
116 
117 #define ARM_V7S_ATTR_MASK		0xff
118 #define ARM_V7S_ATTR_AP0		BIT(0)
119 #define ARM_V7S_ATTR_AP1		BIT(1)
120 #define ARM_V7S_ATTR_AP2		BIT(5)
121 #define ARM_V7S_ATTR_S			BIT(6)
122 #define ARM_V7S_ATTR_NG			BIT(7)
123 #define ARM_V7S_TEX_SHIFT		2
124 #define ARM_V7S_TEX_MASK		0x7
125 #define ARM_V7S_ATTR_TEX(val)		(((val) & ARM_V7S_TEX_MASK) << ARM_V7S_TEX_SHIFT)
126 
127 #define ARM_V7S_ATTR_MTK_4GB		BIT(9) /* MTK extend it for 4GB mode */
128 
129 /* *well, except for TEX on level 2 large pages, of course :( */
130 #define ARM_V7S_CONT_PAGE_TEX_SHIFT	6
131 #define ARM_V7S_CONT_PAGE_TEX_MASK	(ARM_V7S_TEX_MASK << ARM_V7S_CONT_PAGE_TEX_SHIFT)
132 
133 /* Simplified access permissions */
134 #define ARM_V7S_PTE_AF			ARM_V7S_ATTR_AP0
135 #define ARM_V7S_PTE_AP_UNPRIV		ARM_V7S_ATTR_AP1
136 #define ARM_V7S_PTE_AP_RDONLY		ARM_V7S_ATTR_AP2
137 
138 /* Register bits */
139 #define ARM_V7S_RGN_NC			0
140 #define ARM_V7S_RGN_WBWA		1
141 #define ARM_V7S_RGN_WT			2
142 #define ARM_V7S_RGN_WB			3
143 
144 #define ARM_V7S_PRRR_TYPE_DEVICE	1
145 #define ARM_V7S_PRRR_TYPE_NORMAL	2
146 #define ARM_V7S_PRRR_TR(n, type)	(((type) & 0x3) << ((n) * 2))
147 #define ARM_V7S_PRRR_DS0		BIT(16)
148 #define ARM_V7S_PRRR_DS1		BIT(17)
149 #define ARM_V7S_PRRR_NS0		BIT(18)
150 #define ARM_V7S_PRRR_NS1		BIT(19)
151 #define ARM_V7S_PRRR_NOS(n)		BIT((n) + 24)
152 
153 #define ARM_V7S_NMRR_IR(n, attr)	(((attr) & 0x3) << ((n) * 2))
154 #define ARM_V7S_NMRR_OR(n, attr)	(((attr) & 0x3) << ((n) * 2 + 16))
155 
156 #define ARM_V7S_TTBR_S			BIT(1)
157 #define ARM_V7S_TTBR_NOS		BIT(5)
158 #define ARM_V7S_TTBR_ORGN_ATTR(attr)	(((attr) & 0x3) << 3)
159 #define ARM_V7S_TTBR_IRGN_ATTR(attr)					\
160 	((((attr) & 0x1) << 6) | (((attr) & 0x2) >> 1))
161 
162 #define ARM_V7S_TCR_PD1			BIT(5)
163 
164 typedef u32 arm_v7s_iopte;
165 
166 static bool selftest_running;
167 
168 struct arm_v7s_io_pgtable {
169 	struct io_pgtable	iop;
170 
171 	arm_v7s_iopte		*pgd;
172 	struct kmem_cache	*l2_tables;
173 	spinlock_t		split_lock;
174 };
175 
176 static dma_addr_t __arm_v7s_dma_addr(void *pages)
177 {
178 	return (dma_addr_t)virt_to_phys(pages);
179 }
180 
181 static arm_v7s_iopte *iopte_deref(arm_v7s_iopte pte, int lvl)
182 {
183 	if (ARM_V7S_PTE_IS_TABLE(pte, lvl))
184 		pte &= ARM_V7S_TABLE_MASK;
185 	else
186 		pte &= ARM_V7S_LVL_MASK(lvl);
187 	return phys_to_virt(pte);
188 }
189 
190 static void *__arm_v7s_alloc_table(int lvl, gfp_t gfp,
191 				   struct arm_v7s_io_pgtable *data)
192 {
193 	struct io_pgtable_cfg *cfg = &data->iop.cfg;
194 	struct device *dev = cfg->iommu_dev;
195 	dma_addr_t dma;
196 	size_t size = ARM_V7S_TABLE_SIZE(lvl);
197 	void *table = NULL;
198 
199 	if (lvl == 1)
200 		table = (void *)__get_dma_pages(__GFP_ZERO, get_order(size));
201 	else if (lvl == 2)
202 		table = kmem_cache_zalloc(data->l2_tables, gfp | GFP_DMA);
203 	if (table && !(cfg->quirks & IO_PGTABLE_QUIRK_NO_DMA)) {
204 		dma = dma_map_single(dev, table, size, DMA_TO_DEVICE);
205 		if (dma_mapping_error(dev, dma))
206 			goto out_free;
207 		/*
208 		 * We depend on the IOMMU being able to work with any physical
209 		 * address directly, so if the DMA layer suggests otherwise by
210 		 * translating or truncating them, that bodes very badly...
211 		 */
212 		if (dma != virt_to_phys(table))
213 			goto out_unmap;
214 	}
215 	kmemleak_ignore(table);
216 	return table;
217 
218 out_unmap:
219 	dev_err(dev, "Cannot accommodate DMA translation for IOMMU page tables\n");
220 	dma_unmap_single(dev, dma, size, DMA_TO_DEVICE);
221 out_free:
222 	if (lvl == 1)
223 		free_pages((unsigned long)table, get_order(size));
224 	else
225 		kmem_cache_free(data->l2_tables, table);
226 	return NULL;
227 }
228 
229 static void __arm_v7s_free_table(void *table, int lvl,
230 				 struct arm_v7s_io_pgtable *data)
231 {
232 	struct io_pgtable_cfg *cfg = &data->iop.cfg;
233 	struct device *dev = cfg->iommu_dev;
234 	size_t size = ARM_V7S_TABLE_SIZE(lvl);
235 
236 	if (!(cfg->quirks & IO_PGTABLE_QUIRK_NO_DMA))
237 		dma_unmap_single(dev, __arm_v7s_dma_addr(table), size,
238 				 DMA_TO_DEVICE);
239 	if (lvl == 1)
240 		free_pages((unsigned long)table, get_order(size));
241 	else
242 		kmem_cache_free(data->l2_tables, table);
243 }
244 
245 static void __arm_v7s_pte_sync(arm_v7s_iopte *ptep, int num_entries,
246 			       struct io_pgtable_cfg *cfg)
247 {
248 	if (cfg->quirks & IO_PGTABLE_QUIRK_NO_DMA)
249 		return;
250 
251 	dma_sync_single_for_device(cfg->iommu_dev, __arm_v7s_dma_addr(ptep),
252 				   num_entries * sizeof(*ptep), DMA_TO_DEVICE);
253 }
254 static void __arm_v7s_set_pte(arm_v7s_iopte *ptep, arm_v7s_iopte pte,
255 			      int num_entries, struct io_pgtable_cfg *cfg)
256 {
257 	int i;
258 
259 	for (i = 0; i < num_entries; i++)
260 		ptep[i] = pte;
261 
262 	__arm_v7s_pte_sync(ptep, num_entries, cfg);
263 }
264 
265 static arm_v7s_iopte arm_v7s_prot_to_pte(int prot, int lvl,
266 					 struct io_pgtable_cfg *cfg)
267 {
268 	bool ap = !(cfg->quirks & IO_PGTABLE_QUIRK_NO_PERMS);
269 	arm_v7s_iopte pte = ARM_V7S_ATTR_NG | ARM_V7S_ATTR_S;
270 
271 	if (!(prot & IOMMU_MMIO))
272 		pte |= ARM_V7S_ATTR_TEX(1);
273 	if (ap) {
274 		pte |= ARM_V7S_PTE_AF;
275 		if (!(prot & IOMMU_PRIV))
276 			pte |= ARM_V7S_PTE_AP_UNPRIV;
277 		if (!(prot & IOMMU_WRITE))
278 			pte |= ARM_V7S_PTE_AP_RDONLY;
279 	}
280 	pte <<= ARM_V7S_ATTR_SHIFT(lvl);
281 
282 	if ((prot & IOMMU_NOEXEC) && ap)
283 		pte |= ARM_V7S_ATTR_XN(lvl);
284 	if (prot & IOMMU_MMIO)
285 		pte |= ARM_V7S_ATTR_B;
286 	else if (prot & IOMMU_CACHE)
287 		pte |= ARM_V7S_ATTR_B | ARM_V7S_ATTR_C;
288 
289 	pte |= ARM_V7S_PTE_TYPE_PAGE;
290 	if (lvl == 1 && (cfg->quirks & IO_PGTABLE_QUIRK_ARM_NS))
291 		pte |= ARM_V7S_ATTR_NS_SECTION;
292 
293 	if (cfg->quirks & IO_PGTABLE_QUIRK_ARM_MTK_4GB)
294 		pte |= ARM_V7S_ATTR_MTK_4GB;
295 
296 	return pte;
297 }
298 
299 static int arm_v7s_pte_to_prot(arm_v7s_iopte pte, int lvl)
300 {
301 	int prot = IOMMU_READ;
302 	arm_v7s_iopte attr = pte >> ARM_V7S_ATTR_SHIFT(lvl);
303 
304 	if (!(attr & ARM_V7S_PTE_AP_RDONLY))
305 		prot |= IOMMU_WRITE;
306 	if (!(attr & ARM_V7S_PTE_AP_UNPRIV))
307 		prot |= IOMMU_PRIV;
308 	if ((attr & (ARM_V7S_TEX_MASK << ARM_V7S_TEX_SHIFT)) == 0)
309 		prot |= IOMMU_MMIO;
310 	else if (pte & ARM_V7S_ATTR_C)
311 		prot |= IOMMU_CACHE;
312 	if (pte & ARM_V7S_ATTR_XN(lvl))
313 		prot |= IOMMU_NOEXEC;
314 
315 	return prot;
316 }
317 
318 static arm_v7s_iopte arm_v7s_pte_to_cont(arm_v7s_iopte pte, int lvl)
319 {
320 	if (lvl == 1) {
321 		pte |= ARM_V7S_CONT_SECTION;
322 	} else if (lvl == 2) {
323 		arm_v7s_iopte xn = pte & ARM_V7S_ATTR_XN(lvl);
324 		arm_v7s_iopte tex = pte & ARM_V7S_CONT_PAGE_TEX_MASK;
325 
326 		pte ^= xn | tex | ARM_V7S_PTE_TYPE_PAGE;
327 		pte |= (xn << ARM_V7S_CONT_PAGE_XN_SHIFT) |
328 		       (tex << ARM_V7S_CONT_PAGE_TEX_SHIFT) |
329 		       ARM_V7S_PTE_TYPE_CONT_PAGE;
330 	}
331 	return pte;
332 }
333 
334 static arm_v7s_iopte arm_v7s_cont_to_pte(arm_v7s_iopte pte, int lvl)
335 {
336 	if (lvl == 1) {
337 		pte &= ~ARM_V7S_CONT_SECTION;
338 	} else if (lvl == 2) {
339 		arm_v7s_iopte xn = pte & BIT(ARM_V7S_CONT_PAGE_XN_SHIFT);
340 		arm_v7s_iopte tex = pte & (ARM_V7S_CONT_PAGE_TEX_MASK <<
341 					   ARM_V7S_CONT_PAGE_TEX_SHIFT);
342 
343 		pte ^= xn | tex | ARM_V7S_PTE_TYPE_CONT_PAGE;
344 		pte |= (xn >> ARM_V7S_CONT_PAGE_XN_SHIFT) |
345 		       (tex >> ARM_V7S_CONT_PAGE_TEX_SHIFT) |
346 		       ARM_V7S_PTE_TYPE_PAGE;
347 	}
348 	return pte;
349 }
350 
351 static bool arm_v7s_pte_is_cont(arm_v7s_iopte pte, int lvl)
352 {
353 	if (lvl == 1 && !ARM_V7S_PTE_IS_TABLE(pte, lvl))
354 		return pte & ARM_V7S_CONT_SECTION;
355 	else if (lvl == 2)
356 		return !(pte & ARM_V7S_PTE_TYPE_PAGE);
357 	return false;
358 }
359 
360 static int __arm_v7s_unmap(struct arm_v7s_io_pgtable *, unsigned long,
361 			   size_t, int, arm_v7s_iopte *);
362 
363 static int arm_v7s_init_pte(struct arm_v7s_io_pgtable *data,
364 			    unsigned long iova, phys_addr_t paddr, int prot,
365 			    int lvl, int num_entries, arm_v7s_iopte *ptep)
366 {
367 	struct io_pgtable_cfg *cfg = &data->iop.cfg;
368 	arm_v7s_iopte pte;
369 	int i;
370 
371 	for (i = 0; i < num_entries; i++)
372 		if (ARM_V7S_PTE_IS_TABLE(ptep[i], lvl)) {
373 			/*
374 			 * We need to unmap and free the old table before
375 			 * overwriting it with a block entry.
376 			 */
377 			arm_v7s_iopte *tblp;
378 			size_t sz = ARM_V7S_BLOCK_SIZE(lvl);
379 
380 			tblp = ptep - ARM_V7S_LVL_IDX(iova, lvl);
381 			if (WARN_ON(__arm_v7s_unmap(data, iova + i * sz,
382 						    sz, lvl, tblp) != sz))
383 				return -EINVAL;
384 		} else if (ptep[i]) {
385 			/* We require an unmap first */
386 			WARN_ON(!selftest_running);
387 			return -EEXIST;
388 		}
389 
390 	pte = arm_v7s_prot_to_pte(prot, lvl, cfg);
391 	if (num_entries > 1)
392 		pte = arm_v7s_pte_to_cont(pte, lvl);
393 
394 	pte |= paddr & ARM_V7S_LVL_MASK(lvl);
395 
396 	__arm_v7s_set_pte(ptep, pte, num_entries, cfg);
397 	return 0;
398 }
399 
400 static arm_v7s_iopte arm_v7s_install_table(arm_v7s_iopte *table,
401 					   arm_v7s_iopte *ptep,
402 					   arm_v7s_iopte curr,
403 					   struct io_pgtable_cfg *cfg)
404 {
405 	arm_v7s_iopte old, new;
406 
407 	new = virt_to_phys(table) | ARM_V7S_PTE_TYPE_TABLE;
408 	if (cfg->quirks & IO_PGTABLE_QUIRK_ARM_NS)
409 		new |= ARM_V7S_ATTR_NS_TABLE;
410 
411 	/*
412 	 * Ensure the table itself is visible before its PTE can be.
413 	 * Whilst we could get away with cmpxchg64_release below, this
414 	 * doesn't have any ordering semantics when !CONFIG_SMP.
415 	 */
416 	dma_wmb();
417 
418 	old = cmpxchg_relaxed(ptep, curr, new);
419 	__arm_v7s_pte_sync(ptep, 1, cfg);
420 
421 	return old;
422 }
423 
424 static int __arm_v7s_map(struct arm_v7s_io_pgtable *data, unsigned long iova,
425 			 phys_addr_t paddr, size_t size, int prot,
426 			 int lvl, arm_v7s_iopte *ptep)
427 {
428 	struct io_pgtable_cfg *cfg = &data->iop.cfg;
429 	arm_v7s_iopte pte, *cptep;
430 	int num_entries = size >> ARM_V7S_LVL_SHIFT(lvl);
431 
432 	/* Find our entry at the current level */
433 	ptep += ARM_V7S_LVL_IDX(iova, lvl);
434 
435 	/* If we can install a leaf entry at this level, then do so */
436 	if (num_entries)
437 		return arm_v7s_init_pte(data, iova, paddr, prot,
438 					lvl, num_entries, ptep);
439 
440 	/* We can't allocate tables at the final level */
441 	if (WARN_ON(lvl == 2))
442 		return -EINVAL;
443 
444 	/* Grab a pointer to the next level */
445 	pte = READ_ONCE(*ptep);
446 	if (!pte) {
447 		cptep = __arm_v7s_alloc_table(lvl + 1, GFP_ATOMIC, data);
448 		if (!cptep)
449 			return -ENOMEM;
450 
451 		pte = arm_v7s_install_table(cptep, ptep, 0, cfg);
452 		if (pte)
453 			__arm_v7s_free_table(cptep, lvl + 1, data);
454 	} else {
455 		/* We've no easy way of knowing if it's synced yet, so... */
456 		__arm_v7s_pte_sync(ptep, 1, cfg);
457 	}
458 
459 	if (ARM_V7S_PTE_IS_TABLE(pte, lvl)) {
460 		cptep = iopte_deref(pte, lvl);
461 	} else if (pte) {
462 		/* We require an unmap first */
463 		WARN_ON(!selftest_running);
464 		return -EEXIST;
465 	}
466 
467 	/* Rinse, repeat */
468 	return __arm_v7s_map(data, iova, paddr, size, prot, lvl + 1, cptep);
469 }
470 
471 static int arm_v7s_map(struct io_pgtable_ops *ops, unsigned long iova,
472 			phys_addr_t paddr, size_t size, int prot)
473 {
474 	struct arm_v7s_io_pgtable *data = io_pgtable_ops_to_data(ops);
475 	struct io_pgtable *iop = &data->iop;
476 	int ret;
477 
478 	/* If no access, then nothing to do */
479 	if (!(prot & (IOMMU_READ | IOMMU_WRITE)))
480 		return 0;
481 
482 	if (WARN_ON(upper_32_bits(iova) || upper_32_bits(paddr)))
483 		return -ERANGE;
484 
485 	ret = __arm_v7s_map(data, iova, paddr, size, prot, 1, data->pgd);
486 	/*
487 	 * Synchronise all PTE updates for the new mapping before there's
488 	 * a chance for anything to kick off a table walk for the new iova.
489 	 */
490 	if (iop->cfg.quirks & IO_PGTABLE_QUIRK_TLBI_ON_MAP) {
491 		io_pgtable_tlb_add_flush(iop, iova, size,
492 					 ARM_V7S_BLOCK_SIZE(2), false);
493 		io_pgtable_tlb_sync(iop);
494 	} else {
495 		wmb();
496 	}
497 
498 	return ret;
499 }
500 
501 static void arm_v7s_free_pgtable(struct io_pgtable *iop)
502 {
503 	struct arm_v7s_io_pgtable *data = io_pgtable_to_data(iop);
504 	int i;
505 
506 	for (i = 0; i < ARM_V7S_PTES_PER_LVL(1); i++) {
507 		arm_v7s_iopte pte = data->pgd[i];
508 
509 		if (ARM_V7S_PTE_IS_TABLE(pte, 1))
510 			__arm_v7s_free_table(iopte_deref(pte, 1), 2, data);
511 	}
512 	__arm_v7s_free_table(data->pgd, 1, data);
513 	kmem_cache_destroy(data->l2_tables);
514 	kfree(data);
515 }
516 
517 static arm_v7s_iopte arm_v7s_split_cont(struct arm_v7s_io_pgtable *data,
518 					unsigned long iova, int idx, int lvl,
519 					arm_v7s_iopte *ptep)
520 {
521 	struct io_pgtable *iop = &data->iop;
522 	arm_v7s_iopte pte;
523 	size_t size = ARM_V7S_BLOCK_SIZE(lvl);
524 	int i;
525 
526 	/* Check that we didn't lose a race to get the lock */
527 	pte = *ptep;
528 	if (!arm_v7s_pte_is_cont(pte, lvl))
529 		return pte;
530 
531 	ptep -= idx & (ARM_V7S_CONT_PAGES - 1);
532 	pte = arm_v7s_cont_to_pte(pte, lvl);
533 	for (i = 0; i < ARM_V7S_CONT_PAGES; i++)
534 		ptep[i] = pte + i * size;
535 
536 	__arm_v7s_pte_sync(ptep, ARM_V7S_CONT_PAGES, &iop->cfg);
537 
538 	size *= ARM_V7S_CONT_PAGES;
539 	io_pgtable_tlb_add_flush(iop, iova, size, size, true);
540 	io_pgtable_tlb_sync(iop);
541 	return pte;
542 }
543 
544 static int arm_v7s_split_blk_unmap(struct arm_v7s_io_pgtable *data,
545 				   unsigned long iova, size_t size,
546 				   arm_v7s_iopte blk_pte, arm_v7s_iopte *ptep)
547 {
548 	struct io_pgtable_cfg *cfg = &data->iop.cfg;
549 	arm_v7s_iopte pte, *tablep;
550 	int i, unmap_idx, num_entries, num_ptes;
551 
552 	tablep = __arm_v7s_alloc_table(2, GFP_ATOMIC, data);
553 	if (!tablep)
554 		return 0; /* Bytes unmapped */
555 
556 	num_ptes = ARM_V7S_PTES_PER_LVL(2);
557 	num_entries = size >> ARM_V7S_LVL_SHIFT(2);
558 	unmap_idx = ARM_V7S_LVL_IDX(iova, 2);
559 
560 	pte = arm_v7s_prot_to_pte(arm_v7s_pte_to_prot(blk_pte, 1), 2, cfg);
561 	if (num_entries > 1)
562 		pte = arm_v7s_pte_to_cont(pte, 2);
563 
564 	for (i = 0; i < num_ptes; i += num_entries, pte += size) {
565 		/* Unmap! */
566 		if (i == unmap_idx)
567 			continue;
568 
569 		__arm_v7s_set_pte(&tablep[i], pte, num_entries, cfg);
570 	}
571 
572 	pte = arm_v7s_install_table(tablep, ptep, blk_pte, cfg);
573 	if (pte != blk_pte) {
574 		__arm_v7s_free_table(tablep, 2, data);
575 
576 		if (!ARM_V7S_PTE_IS_TABLE(pte, 1))
577 			return 0;
578 
579 		tablep = iopte_deref(pte, 1);
580 		return __arm_v7s_unmap(data, iova, size, 2, tablep);
581 	}
582 
583 	io_pgtable_tlb_add_flush(&data->iop, iova, size, size, true);
584 	return size;
585 }
586 
587 static int __arm_v7s_unmap(struct arm_v7s_io_pgtable *data,
588 			    unsigned long iova, size_t size, int lvl,
589 			    arm_v7s_iopte *ptep)
590 {
591 	arm_v7s_iopte pte[ARM_V7S_CONT_PAGES];
592 	struct io_pgtable *iop = &data->iop;
593 	int idx, i = 0, num_entries = size >> ARM_V7S_LVL_SHIFT(lvl);
594 
595 	/* Something went horribly wrong and we ran out of page table */
596 	if (WARN_ON(lvl > 2))
597 		return 0;
598 
599 	idx = ARM_V7S_LVL_IDX(iova, lvl);
600 	ptep += idx;
601 	do {
602 		pte[i] = READ_ONCE(ptep[i]);
603 		if (WARN_ON(!ARM_V7S_PTE_IS_VALID(pte[i])))
604 			return 0;
605 	} while (++i < num_entries);
606 
607 	/*
608 	 * If we've hit a contiguous 'large page' entry at this level, it
609 	 * needs splitting first, unless we're unmapping the whole lot.
610 	 *
611 	 * For splitting, we can't rewrite 16 PTEs atomically, and since we
612 	 * can't necessarily assume TEX remap we don't have a software bit to
613 	 * mark live entries being split. In practice (i.e. DMA API code), we
614 	 * will never be splitting large pages anyway, so just wrap this edge
615 	 * case in a lock for the sake of correctness and be done with it.
616 	 */
617 	if (num_entries <= 1 && arm_v7s_pte_is_cont(pte[0], lvl)) {
618 		unsigned long flags;
619 
620 		spin_lock_irqsave(&data->split_lock, flags);
621 		pte[0] = arm_v7s_split_cont(data, iova, idx, lvl, ptep);
622 		spin_unlock_irqrestore(&data->split_lock, flags);
623 	}
624 
625 	/* If the size matches this level, we're in the right place */
626 	if (num_entries) {
627 		size_t blk_size = ARM_V7S_BLOCK_SIZE(lvl);
628 
629 		__arm_v7s_set_pte(ptep, 0, num_entries, &iop->cfg);
630 
631 		for (i = 0; i < num_entries; i++) {
632 			if (ARM_V7S_PTE_IS_TABLE(pte[i], lvl)) {
633 				/* Also flush any partial walks */
634 				io_pgtable_tlb_add_flush(iop, iova, blk_size,
635 					ARM_V7S_BLOCK_SIZE(lvl + 1), false);
636 				io_pgtable_tlb_sync(iop);
637 				ptep = iopte_deref(pte[i], lvl);
638 				__arm_v7s_free_table(ptep, lvl + 1, data);
639 			} else {
640 				io_pgtable_tlb_add_flush(iop, iova, blk_size,
641 							 blk_size, true);
642 			}
643 			iova += blk_size;
644 		}
645 		return size;
646 	} else if (lvl == 1 && !ARM_V7S_PTE_IS_TABLE(pte[0], lvl)) {
647 		/*
648 		 * Insert a table at the next level to map the old region,
649 		 * minus the part we want to unmap
650 		 */
651 		return arm_v7s_split_blk_unmap(data, iova, size, pte[0], ptep);
652 	}
653 
654 	/* Keep on walkin' */
655 	ptep = iopte_deref(pte[0], lvl);
656 	return __arm_v7s_unmap(data, iova, size, lvl + 1, ptep);
657 }
658 
659 static int arm_v7s_unmap(struct io_pgtable_ops *ops, unsigned long iova,
660 			 size_t size)
661 {
662 	struct arm_v7s_io_pgtable *data = io_pgtable_ops_to_data(ops);
663 	size_t unmapped;
664 
665 	if (WARN_ON(upper_32_bits(iova)))
666 		return 0;
667 
668 	unmapped = __arm_v7s_unmap(data, iova, size, 1, data->pgd);
669 	if (unmapped)
670 		io_pgtable_tlb_sync(&data->iop);
671 
672 	return unmapped;
673 }
674 
675 static phys_addr_t arm_v7s_iova_to_phys(struct io_pgtable_ops *ops,
676 					unsigned long iova)
677 {
678 	struct arm_v7s_io_pgtable *data = io_pgtable_ops_to_data(ops);
679 	arm_v7s_iopte *ptep = data->pgd, pte;
680 	int lvl = 0;
681 	u32 mask;
682 
683 	do {
684 		ptep += ARM_V7S_LVL_IDX(iova, ++lvl);
685 		pte = READ_ONCE(*ptep);
686 		ptep = iopte_deref(pte, lvl);
687 	} while (ARM_V7S_PTE_IS_TABLE(pte, lvl));
688 
689 	if (!ARM_V7S_PTE_IS_VALID(pte))
690 		return 0;
691 
692 	mask = ARM_V7S_LVL_MASK(lvl);
693 	if (arm_v7s_pte_is_cont(pte, lvl))
694 		mask *= ARM_V7S_CONT_PAGES;
695 	return (pte & mask) | (iova & ~mask);
696 }
697 
698 static struct io_pgtable *arm_v7s_alloc_pgtable(struct io_pgtable_cfg *cfg,
699 						void *cookie)
700 {
701 	struct arm_v7s_io_pgtable *data;
702 
703 #ifdef PHYS_OFFSET
704 	if (upper_32_bits(PHYS_OFFSET))
705 		return NULL;
706 #endif
707 	if (cfg->ias > ARM_V7S_ADDR_BITS || cfg->oas > ARM_V7S_ADDR_BITS)
708 		return NULL;
709 
710 	if (cfg->quirks & ~(IO_PGTABLE_QUIRK_ARM_NS |
711 			    IO_PGTABLE_QUIRK_NO_PERMS |
712 			    IO_PGTABLE_QUIRK_TLBI_ON_MAP |
713 			    IO_PGTABLE_QUIRK_ARM_MTK_4GB |
714 			    IO_PGTABLE_QUIRK_NO_DMA))
715 		return NULL;
716 
717 	/* If ARM_MTK_4GB is enabled, the NO_PERMS is also expected. */
718 	if (cfg->quirks & IO_PGTABLE_QUIRK_ARM_MTK_4GB &&
719 	    !(cfg->quirks & IO_PGTABLE_QUIRK_NO_PERMS))
720 			return NULL;
721 
722 	data = kmalloc(sizeof(*data), GFP_KERNEL);
723 	if (!data)
724 		return NULL;
725 
726 	spin_lock_init(&data->split_lock);
727 	data->l2_tables = kmem_cache_create("io-pgtable_armv7s_l2",
728 					    ARM_V7S_TABLE_SIZE(2),
729 					    ARM_V7S_TABLE_SIZE(2),
730 					    SLAB_CACHE_DMA, NULL);
731 	if (!data->l2_tables)
732 		goto out_free_data;
733 
734 	data->iop.ops = (struct io_pgtable_ops) {
735 		.map		= arm_v7s_map,
736 		.unmap		= arm_v7s_unmap,
737 		.iova_to_phys	= arm_v7s_iova_to_phys,
738 	};
739 
740 	/* We have to do this early for __arm_v7s_alloc_table to work... */
741 	data->iop.cfg = *cfg;
742 
743 	/*
744 	 * Unless the IOMMU driver indicates supersection support by
745 	 * having SZ_16M set in the initial bitmap, they won't be used.
746 	 */
747 	cfg->pgsize_bitmap &= SZ_4K | SZ_64K | SZ_1M | SZ_16M;
748 
749 	/* TCR: T0SZ=0, disable TTBR1 */
750 	cfg->arm_v7s_cfg.tcr = ARM_V7S_TCR_PD1;
751 
752 	/*
753 	 * TEX remap: the indices used map to the closest equivalent types
754 	 * under the non-TEX-remap interpretation of those attribute bits,
755 	 * excepting various implementation-defined aspects of shareability.
756 	 */
757 	cfg->arm_v7s_cfg.prrr = ARM_V7S_PRRR_TR(1, ARM_V7S_PRRR_TYPE_DEVICE) |
758 				ARM_V7S_PRRR_TR(4, ARM_V7S_PRRR_TYPE_NORMAL) |
759 				ARM_V7S_PRRR_TR(7, ARM_V7S_PRRR_TYPE_NORMAL) |
760 				ARM_V7S_PRRR_DS0 | ARM_V7S_PRRR_DS1 |
761 				ARM_V7S_PRRR_NS1 | ARM_V7S_PRRR_NOS(7);
762 	cfg->arm_v7s_cfg.nmrr = ARM_V7S_NMRR_IR(7, ARM_V7S_RGN_WBWA) |
763 				ARM_V7S_NMRR_OR(7, ARM_V7S_RGN_WBWA);
764 
765 	/* Looking good; allocate a pgd */
766 	data->pgd = __arm_v7s_alloc_table(1, GFP_KERNEL, data);
767 	if (!data->pgd)
768 		goto out_free_data;
769 
770 	/* Ensure the empty pgd is visible before any actual TTBR write */
771 	wmb();
772 
773 	/* TTBRs */
774 	cfg->arm_v7s_cfg.ttbr[0] = virt_to_phys(data->pgd) |
775 				   ARM_V7S_TTBR_S | ARM_V7S_TTBR_NOS |
776 				   ARM_V7S_TTBR_IRGN_ATTR(ARM_V7S_RGN_WBWA) |
777 				   ARM_V7S_TTBR_ORGN_ATTR(ARM_V7S_RGN_WBWA);
778 	cfg->arm_v7s_cfg.ttbr[1] = 0;
779 	return &data->iop;
780 
781 out_free_data:
782 	kmem_cache_destroy(data->l2_tables);
783 	kfree(data);
784 	return NULL;
785 }
786 
787 struct io_pgtable_init_fns io_pgtable_arm_v7s_init_fns = {
788 	.alloc	= arm_v7s_alloc_pgtable,
789 	.free	= arm_v7s_free_pgtable,
790 };
791 
792 #ifdef CONFIG_IOMMU_IO_PGTABLE_ARMV7S_SELFTEST
793 
794 static struct io_pgtable_cfg *cfg_cookie;
795 
796 static void dummy_tlb_flush_all(void *cookie)
797 {
798 	WARN_ON(cookie != cfg_cookie);
799 }
800 
801 static void dummy_tlb_add_flush(unsigned long iova, size_t size,
802 				size_t granule, bool leaf, void *cookie)
803 {
804 	WARN_ON(cookie != cfg_cookie);
805 	WARN_ON(!(size & cfg_cookie->pgsize_bitmap));
806 }
807 
808 static void dummy_tlb_sync(void *cookie)
809 {
810 	WARN_ON(cookie != cfg_cookie);
811 }
812 
813 static const struct iommu_gather_ops dummy_tlb_ops = {
814 	.tlb_flush_all	= dummy_tlb_flush_all,
815 	.tlb_add_flush	= dummy_tlb_add_flush,
816 	.tlb_sync	= dummy_tlb_sync,
817 };
818 
819 #define __FAIL(ops)	({				\
820 		WARN(1, "selftest: test failed\n");	\
821 		selftest_running = false;		\
822 		-EFAULT;				\
823 })
824 
825 static int __init arm_v7s_do_selftests(void)
826 {
827 	struct io_pgtable_ops *ops;
828 	struct io_pgtable_cfg cfg = {
829 		.tlb = &dummy_tlb_ops,
830 		.oas = 32,
831 		.ias = 32,
832 		.quirks = IO_PGTABLE_QUIRK_ARM_NS | IO_PGTABLE_QUIRK_NO_DMA,
833 		.pgsize_bitmap = SZ_4K | SZ_64K | SZ_1M | SZ_16M,
834 	};
835 	unsigned int iova, size, iova_start;
836 	unsigned int i, loopnr = 0;
837 
838 	selftest_running = true;
839 
840 	cfg_cookie = &cfg;
841 
842 	ops = alloc_io_pgtable_ops(ARM_V7S, &cfg, &cfg);
843 	if (!ops) {
844 		pr_err("selftest: failed to allocate io pgtable ops\n");
845 		return -EINVAL;
846 	}
847 
848 	/*
849 	 * Initial sanity checks.
850 	 * Empty page tables shouldn't provide any translations.
851 	 */
852 	if (ops->iova_to_phys(ops, 42))
853 		return __FAIL(ops);
854 
855 	if (ops->iova_to_phys(ops, SZ_1G + 42))
856 		return __FAIL(ops);
857 
858 	if (ops->iova_to_phys(ops, SZ_2G + 42))
859 		return __FAIL(ops);
860 
861 	/*
862 	 * Distinct mappings of different granule sizes.
863 	 */
864 	iova = 0;
865 	for_each_set_bit(i, &cfg.pgsize_bitmap, BITS_PER_LONG) {
866 		size = 1UL << i;
867 		if (ops->map(ops, iova, iova, size, IOMMU_READ |
868 						    IOMMU_WRITE |
869 						    IOMMU_NOEXEC |
870 						    IOMMU_CACHE))
871 			return __FAIL(ops);
872 
873 		/* Overlapping mappings */
874 		if (!ops->map(ops, iova, iova + size, size,
875 			      IOMMU_READ | IOMMU_NOEXEC))
876 			return __FAIL(ops);
877 
878 		if (ops->iova_to_phys(ops, iova + 42) != (iova + 42))
879 			return __FAIL(ops);
880 
881 		iova += SZ_16M;
882 		loopnr++;
883 	}
884 
885 	/* Partial unmap */
886 	i = 1;
887 	size = 1UL << __ffs(cfg.pgsize_bitmap);
888 	while (i < loopnr) {
889 		iova_start = i * SZ_16M;
890 		if (ops->unmap(ops, iova_start + size, size) != size)
891 			return __FAIL(ops);
892 
893 		/* Remap of partial unmap */
894 		if (ops->map(ops, iova_start + size, size, size, IOMMU_READ))
895 			return __FAIL(ops);
896 
897 		if (ops->iova_to_phys(ops, iova_start + size + 42)
898 		    != (size + 42))
899 			return __FAIL(ops);
900 		i++;
901 	}
902 
903 	/* Full unmap */
904 	iova = 0;
905 	i = find_first_bit(&cfg.pgsize_bitmap, BITS_PER_LONG);
906 	while (i != BITS_PER_LONG) {
907 		size = 1UL << i;
908 
909 		if (ops->unmap(ops, iova, size) != size)
910 			return __FAIL(ops);
911 
912 		if (ops->iova_to_phys(ops, iova + 42))
913 			return __FAIL(ops);
914 
915 		/* Remap full block */
916 		if (ops->map(ops, iova, iova, size, IOMMU_WRITE))
917 			return __FAIL(ops);
918 
919 		if (ops->iova_to_phys(ops, iova + 42) != (iova + 42))
920 			return __FAIL(ops);
921 
922 		iova += SZ_16M;
923 		i++;
924 		i = find_next_bit(&cfg.pgsize_bitmap, BITS_PER_LONG, i);
925 	}
926 
927 	free_io_pgtable_ops(ops);
928 
929 	selftest_running = false;
930 
931 	pr_info("self test ok\n");
932 	return 0;
933 }
934 subsys_initcall(arm_v7s_do_selftests);
935 #endif
936