1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc. 4 * Author: Joerg Roedel <jroedel@suse.de> 5 */ 6 7 #define pr_fmt(fmt) "iommu: " fmt 8 9 #include <linux/device.h> 10 #include <linux/dma-iommu.h> 11 #include <linux/kernel.h> 12 #include <linux/bits.h> 13 #include <linux/bug.h> 14 #include <linux/types.h> 15 #include <linux/init.h> 16 #include <linux/export.h> 17 #include <linux/slab.h> 18 #include <linux/errno.h> 19 #include <linux/iommu.h> 20 #include <linux/idr.h> 21 #include <linux/notifier.h> 22 #include <linux/err.h> 23 #include <linux/pci.h> 24 #include <linux/bitops.h> 25 #include <linux/property.h> 26 #include <linux/fsl/mc.h> 27 #include <linux/module.h> 28 #include <linux/cc_platform.h> 29 #include <trace/events/iommu.h> 30 31 static struct kset *iommu_group_kset; 32 static DEFINE_IDA(iommu_group_ida); 33 34 static unsigned int iommu_def_domain_type __read_mostly; 35 static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_STRICT); 36 static u32 iommu_cmd_line __read_mostly; 37 38 struct iommu_group { 39 struct kobject kobj; 40 struct kobject *devices_kobj; 41 struct list_head devices; 42 struct mutex mutex; 43 struct blocking_notifier_head notifier; 44 void *iommu_data; 45 void (*iommu_data_release)(void *iommu_data); 46 char *name; 47 int id; 48 struct iommu_domain *default_domain; 49 struct iommu_domain *domain; 50 struct list_head entry; 51 }; 52 53 struct group_device { 54 struct list_head list; 55 struct device *dev; 56 char *name; 57 }; 58 59 struct iommu_group_attribute { 60 struct attribute attr; 61 ssize_t (*show)(struct iommu_group *group, char *buf); 62 ssize_t (*store)(struct iommu_group *group, 63 const char *buf, size_t count); 64 }; 65 66 static const char * const iommu_group_resv_type_string[] = { 67 [IOMMU_RESV_DIRECT] = "direct", 68 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable", 69 [IOMMU_RESV_RESERVED] = "reserved", 70 [IOMMU_RESV_MSI] = "msi", 71 [IOMMU_RESV_SW_MSI] = "msi", 72 }; 73 74 #define IOMMU_CMD_LINE_DMA_API BIT(0) 75 #define IOMMU_CMD_LINE_STRICT BIT(1) 76 77 static int iommu_alloc_default_domain(struct iommu_group *group, 78 struct device *dev); 79 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 80 unsigned type); 81 static int __iommu_attach_device(struct iommu_domain *domain, 82 struct device *dev); 83 static int __iommu_attach_group(struct iommu_domain *domain, 84 struct iommu_group *group); 85 static void __iommu_detach_group(struct iommu_domain *domain, 86 struct iommu_group *group); 87 static int iommu_create_device_direct_mappings(struct iommu_group *group, 88 struct device *dev); 89 static struct iommu_group *iommu_group_get_for_dev(struct device *dev); 90 static ssize_t iommu_group_store_type(struct iommu_group *group, 91 const char *buf, size_t count); 92 93 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \ 94 struct iommu_group_attribute iommu_group_attr_##_name = \ 95 __ATTR(_name, _mode, _show, _store) 96 97 #define to_iommu_group_attr(_attr) \ 98 container_of(_attr, struct iommu_group_attribute, attr) 99 #define to_iommu_group(_kobj) \ 100 container_of(_kobj, struct iommu_group, kobj) 101 102 static LIST_HEAD(iommu_device_list); 103 static DEFINE_SPINLOCK(iommu_device_lock); 104 105 /* 106 * Use a function instead of an array here because the domain-type is a 107 * bit-field, so an array would waste memory. 108 */ 109 static const char *iommu_domain_type_str(unsigned int t) 110 { 111 switch (t) { 112 case IOMMU_DOMAIN_BLOCKED: 113 return "Blocked"; 114 case IOMMU_DOMAIN_IDENTITY: 115 return "Passthrough"; 116 case IOMMU_DOMAIN_UNMANAGED: 117 return "Unmanaged"; 118 case IOMMU_DOMAIN_DMA: 119 case IOMMU_DOMAIN_DMA_FQ: 120 return "Translated"; 121 default: 122 return "Unknown"; 123 } 124 } 125 126 static int __init iommu_subsys_init(void) 127 { 128 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) { 129 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH)) 130 iommu_set_default_passthrough(false); 131 else 132 iommu_set_default_translated(false); 133 134 if (iommu_default_passthrough() && cc_platform_has(CC_ATTR_MEM_ENCRYPT)) { 135 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n"); 136 iommu_set_default_translated(false); 137 } 138 } 139 140 if (!iommu_default_passthrough() && !iommu_dma_strict) 141 iommu_def_domain_type = IOMMU_DOMAIN_DMA_FQ; 142 143 pr_info("Default domain type: %s %s\n", 144 iommu_domain_type_str(iommu_def_domain_type), 145 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ? 146 "(set via kernel command line)" : ""); 147 148 if (!iommu_default_passthrough()) 149 pr_info("DMA domain TLB invalidation policy: %s mode %s\n", 150 iommu_dma_strict ? "strict" : "lazy", 151 (iommu_cmd_line & IOMMU_CMD_LINE_STRICT) ? 152 "(set via kernel command line)" : ""); 153 154 return 0; 155 } 156 subsys_initcall(iommu_subsys_init); 157 158 /** 159 * iommu_device_register() - Register an IOMMU hardware instance 160 * @iommu: IOMMU handle for the instance 161 * @ops: IOMMU ops to associate with the instance 162 * @hwdev: (optional) actual instance device, used for fwnode lookup 163 * 164 * Return: 0 on success, or an error. 165 */ 166 int iommu_device_register(struct iommu_device *iommu, 167 const struct iommu_ops *ops, struct device *hwdev) 168 { 169 /* We need to be able to take module references appropriately */ 170 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner)) 171 return -EINVAL; 172 173 iommu->ops = ops; 174 if (hwdev) 175 iommu->fwnode = hwdev->fwnode; 176 177 spin_lock(&iommu_device_lock); 178 list_add_tail(&iommu->list, &iommu_device_list); 179 spin_unlock(&iommu_device_lock); 180 return 0; 181 } 182 EXPORT_SYMBOL_GPL(iommu_device_register); 183 184 void iommu_device_unregister(struct iommu_device *iommu) 185 { 186 spin_lock(&iommu_device_lock); 187 list_del(&iommu->list); 188 spin_unlock(&iommu_device_lock); 189 } 190 EXPORT_SYMBOL_GPL(iommu_device_unregister); 191 192 static struct dev_iommu *dev_iommu_get(struct device *dev) 193 { 194 struct dev_iommu *param = dev->iommu; 195 196 if (param) 197 return param; 198 199 param = kzalloc(sizeof(*param), GFP_KERNEL); 200 if (!param) 201 return NULL; 202 203 mutex_init(¶m->lock); 204 dev->iommu = param; 205 return param; 206 } 207 208 static void dev_iommu_free(struct device *dev) 209 { 210 iommu_fwspec_free(dev); 211 kfree(dev->iommu); 212 dev->iommu = NULL; 213 } 214 215 static int __iommu_probe_device(struct device *dev, struct list_head *group_list) 216 { 217 const struct iommu_ops *ops = dev->bus->iommu_ops; 218 struct iommu_device *iommu_dev; 219 struct iommu_group *group; 220 int ret; 221 222 if (!ops) 223 return -ENODEV; 224 225 if (!dev_iommu_get(dev)) 226 return -ENOMEM; 227 228 if (!try_module_get(ops->owner)) { 229 ret = -EINVAL; 230 goto err_free; 231 } 232 233 iommu_dev = ops->probe_device(dev); 234 if (IS_ERR(iommu_dev)) { 235 ret = PTR_ERR(iommu_dev); 236 goto out_module_put; 237 } 238 239 dev->iommu->iommu_dev = iommu_dev; 240 241 group = iommu_group_get_for_dev(dev); 242 if (IS_ERR(group)) { 243 ret = PTR_ERR(group); 244 goto out_release; 245 } 246 iommu_group_put(group); 247 248 if (group_list && !group->default_domain && list_empty(&group->entry)) 249 list_add_tail(&group->entry, group_list); 250 251 iommu_device_link(iommu_dev, dev); 252 253 return 0; 254 255 out_release: 256 ops->release_device(dev); 257 258 out_module_put: 259 module_put(ops->owner); 260 261 err_free: 262 dev_iommu_free(dev); 263 264 return ret; 265 } 266 267 int iommu_probe_device(struct device *dev) 268 { 269 const struct iommu_ops *ops = dev->bus->iommu_ops; 270 struct iommu_group *group; 271 int ret; 272 273 ret = __iommu_probe_device(dev, NULL); 274 if (ret) 275 goto err_out; 276 277 group = iommu_group_get(dev); 278 if (!group) { 279 ret = -ENODEV; 280 goto err_release; 281 } 282 283 /* 284 * Try to allocate a default domain - needs support from the 285 * IOMMU driver. There are still some drivers which don't 286 * support default domains, so the return value is not yet 287 * checked. 288 */ 289 mutex_lock(&group->mutex); 290 iommu_alloc_default_domain(group, dev); 291 292 if (group->default_domain) { 293 ret = __iommu_attach_device(group->default_domain, dev); 294 if (ret) { 295 mutex_unlock(&group->mutex); 296 iommu_group_put(group); 297 goto err_release; 298 } 299 } 300 301 iommu_create_device_direct_mappings(group, dev); 302 303 mutex_unlock(&group->mutex); 304 iommu_group_put(group); 305 306 if (ops->probe_finalize) 307 ops->probe_finalize(dev); 308 309 return 0; 310 311 err_release: 312 iommu_release_device(dev); 313 314 err_out: 315 return ret; 316 317 } 318 319 void iommu_release_device(struct device *dev) 320 { 321 const struct iommu_ops *ops = dev->bus->iommu_ops; 322 323 if (!dev->iommu) 324 return; 325 326 iommu_device_unlink(dev->iommu->iommu_dev, dev); 327 328 ops->release_device(dev); 329 330 iommu_group_remove_device(dev); 331 module_put(ops->owner); 332 dev_iommu_free(dev); 333 } 334 335 static int __init iommu_set_def_domain_type(char *str) 336 { 337 bool pt; 338 int ret; 339 340 ret = kstrtobool(str, &pt); 341 if (ret) 342 return ret; 343 344 if (pt) 345 iommu_set_default_passthrough(true); 346 else 347 iommu_set_default_translated(true); 348 349 return 0; 350 } 351 early_param("iommu.passthrough", iommu_set_def_domain_type); 352 353 static int __init iommu_dma_setup(char *str) 354 { 355 int ret = kstrtobool(str, &iommu_dma_strict); 356 357 if (!ret) 358 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT; 359 return ret; 360 } 361 early_param("iommu.strict", iommu_dma_setup); 362 363 void iommu_set_dma_strict(void) 364 { 365 iommu_dma_strict = true; 366 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA_FQ) 367 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 368 } 369 370 static ssize_t iommu_group_attr_show(struct kobject *kobj, 371 struct attribute *__attr, char *buf) 372 { 373 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 374 struct iommu_group *group = to_iommu_group(kobj); 375 ssize_t ret = -EIO; 376 377 if (attr->show) 378 ret = attr->show(group, buf); 379 return ret; 380 } 381 382 static ssize_t iommu_group_attr_store(struct kobject *kobj, 383 struct attribute *__attr, 384 const char *buf, size_t count) 385 { 386 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 387 struct iommu_group *group = to_iommu_group(kobj); 388 ssize_t ret = -EIO; 389 390 if (attr->store) 391 ret = attr->store(group, buf, count); 392 return ret; 393 } 394 395 static const struct sysfs_ops iommu_group_sysfs_ops = { 396 .show = iommu_group_attr_show, 397 .store = iommu_group_attr_store, 398 }; 399 400 static int iommu_group_create_file(struct iommu_group *group, 401 struct iommu_group_attribute *attr) 402 { 403 return sysfs_create_file(&group->kobj, &attr->attr); 404 } 405 406 static void iommu_group_remove_file(struct iommu_group *group, 407 struct iommu_group_attribute *attr) 408 { 409 sysfs_remove_file(&group->kobj, &attr->attr); 410 } 411 412 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf) 413 { 414 return sprintf(buf, "%s\n", group->name); 415 } 416 417 /** 418 * iommu_insert_resv_region - Insert a new region in the 419 * list of reserved regions. 420 * @new: new region to insert 421 * @regions: list of regions 422 * 423 * Elements are sorted by start address and overlapping segments 424 * of the same type are merged. 425 */ 426 static int iommu_insert_resv_region(struct iommu_resv_region *new, 427 struct list_head *regions) 428 { 429 struct iommu_resv_region *iter, *tmp, *nr, *top; 430 LIST_HEAD(stack); 431 432 nr = iommu_alloc_resv_region(new->start, new->length, 433 new->prot, new->type); 434 if (!nr) 435 return -ENOMEM; 436 437 /* First add the new element based on start address sorting */ 438 list_for_each_entry(iter, regions, list) { 439 if (nr->start < iter->start || 440 (nr->start == iter->start && nr->type <= iter->type)) 441 break; 442 } 443 list_add_tail(&nr->list, &iter->list); 444 445 /* Merge overlapping segments of type nr->type in @regions, if any */ 446 list_for_each_entry_safe(iter, tmp, regions, list) { 447 phys_addr_t top_end, iter_end = iter->start + iter->length - 1; 448 449 /* no merge needed on elements of different types than @new */ 450 if (iter->type != new->type) { 451 list_move_tail(&iter->list, &stack); 452 continue; 453 } 454 455 /* look for the last stack element of same type as @iter */ 456 list_for_each_entry_reverse(top, &stack, list) 457 if (top->type == iter->type) 458 goto check_overlap; 459 460 list_move_tail(&iter->list, &stack); 461 continue; 462 463 check_overlap: 464 top_end = top->start + top->length - 1; 465 466 if (iter->start > top_end + 1) { 467 list_move_tail(&iter->list, &stack); 468 } else { 469 top->length = max(top_end, iter_end) - top->start + 1; 470 list_del(&iter->list); 471 kfree(iter); 472 } 473 } 474 list_splice(&stack, regions); 475 return 0; 476 } 477 478 static int 479 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions, 480 struct list_head *group_resv_regions) 481 { 482 struct iommu_resv_region *entry; 483 int ret = 0; 484 485 list_for_each_entry(entry, dev_resv_regions, list) { 486 ret = iommu_insert_resv_region(entry, group_resv_regions); 487 if (ret) 488 break; 489 } 490 return ret; 491 } 492 493 int iommu_get_group_resv_regions(struct iommu_group *group, 494 struct list_head *head) 495 { 496 struct group_device *device; 497 int ret = 0; 498 499 mutex_lock(&group->mutex); 500 list_for_each_entry(device, &group->devices, list) { 501 struct list_head dev_resv_regions; 502 503 INIT_LIST_HEAD(&dev_resv_regions); 504 iommu_get_resv_regions(device->dev, &dev_resv_regions); 505 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head); 506 iommu_put_resv_regions(device->dev, &dev_resv_regions); 507 if (ret) 508 break; 509 } 510 mutex_unlock(&group->mutex); 511 return ret; 512 } 513 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions); 514 515 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group, 516 char *buf) 517 { 518 struct iommu_resv_region *region, *next; 519 struct list_head group_resv_regions; 520 char *str = buf; 521 522 INIT_LIST_HEAD(&group_resv_regions); 523 iommu_get_group_resv_regions(group, &group_resv_regions); 524 525 list_for_each_entry_safe(region, next, &group_resv_regions, list) { 526 str += sprintf(str, "0x%016llx 0x%016llx %s\n", 527 (long long int)region->start, 528 (long long int)(region->start + 529 region->length - 1), 530 iommu_group_resv_type_string[region->type]); 531 kfree(region); 532 } 533 534 return (str - buf); 535 } 536 537 static ssize_t iommu_group_show_type(struct iommu_group *group, 538 char *buf) 539 { 540 char *type = "unknown\n"; 541 542 mutex_lock(&group->mutex); 543 if (group->default_domain) { 544 switch (group->default_domain->type) { 545 case IOMMU_DOMAIN_BLOCKED: 546 type = "blocked\n"; 547 break; 548 case IOMMU_DOMAIN_IDENTITY: 549 type = "identity\n"; 550 break; 551 case IOMMU_DOMAIN_UNMANAGED: 552 type = "unmanaged\n"; 553 break; 554 case IOMMU_DOMAIN_DMA: 555 type = "DMA\n"; 556 break; 557 case IOMMU_DOMAIN_DMA_FQ: 558 type = "DMA-FQ\n"; 559 break; 560 } 561 } 562 mutex_unlock(&group->mutex); 563 strcpy(buf, type); 564 565 return strlen(type); 566 } 567 568 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL); 569 570 static IOMMU_GROUP_ATTR(reserved_regions, 0444, 571 iommu_group_show_resv_regions, NULL); 572 573 static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type, 574 iommu_group_store_type); 575 576 static void iommu_group_release(struct kobject *kobj) 577 { 578 struct iommu_group *group = to_iommu_group(kobj); 579 580 pr_debug("Releasing group %d\n", group->id); 581 582 if (group->iommu_data_release) 583 group->iommu_data_release(group->iommu_data); 584 585 ida_simple_remove(&iommu_group_ida, group->id); 586 587 if (group->default_domain) 588 iommu_domain_free(group->default_domain); 589 590 kfree(group->name); 591 kfree(group); 592 } 593 594 static struct kobj_type iommu_group_ktype = { 595 .sysfs_ops = &iommu_group_sysfs_ops, 596 .release = iommu_group_release, 597 }; 598 599 /** 600 * iommu_group_alloc - Allocate a new group 601 * 602 * This function is called by an iommu driver to allocate a new iommu 603 * group. The iommu group represents the minimum granularity of the iommu. 604 * Upon successful return, the caller holds a reference to the supplied 605 * group in order to hold the group until devices are added. Use 606 * iommu_group_put() to release this extra reference count, allowing the 607 * group to be automatically reclaimed once it has no devices or external 608 * references. 609 */ 610 struct iommu_group *iommu_group_alloc(void) 611 { 612 struct iommu_group *group; 613 int ret; 614 615 group = kzalloc(sizeof(*group), GFP_KERNEL); 616 if (!group) 617 return ERR_PTR(-ENOMEM); 618 619 group->kobj.kset = iommu_group_kset; 620 mutex_init(&group->mutex); 621 INIT_LIST_HEAD(&group->devices); 622 INIT_LIST_HEAD(&group->entry); 623 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier); 624 625 ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL); 626 if (ret < 0) { 627 kfree(group); 628 return ERR_PTR(ret); 629 } 630 group->id = ret; 631 632 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype, 633 NULL, "%d", group->id); 634 if (ret) { 635 ida_simple_remove(&iommu_group_ida, group->id); 636 kobject_put(&group->kobj); 637 return ERR_PTR(ret); 638 } 639 640 group->devices_kobj = kobject_create_and_add("devices", &group->kobj); 641 if (!group->devices_kobj) { 642 kobject_put(&group->kobj); /* triggers .release & free */ 643 return ERR_PTR(-ENOMEM); 644 } 645 646 /* 647 * The devices_kobj holds a reference on the group kobject, so 648 * as long as that exists so will the group. We can therefore 649 * use the devices_kobj for reference counting. 650 */ 651 kobject_put(&group->kobj); 652 653 ret = iommu_group_create_file(group, 654 &iommu_group_attr_reserved_regions); 655 if (ret) 656 return ERR_PTR(ret); 657 658 ret = iommu_group_create_file(group, &iommu_group_attr_type); 659 if (ret) 660 return ERR_PTR(ret); 661 662 pr_debug("Allocated group %d\n", group->id); 663 664 return group; 665 } 666 EXPORT_SYMBOL_GPL(iommu_group_alloc); 667 668 struct iommu_group *iommu_group_get_by_id(int id) 669 { 670 struct kobject *group_kobj; 671 struct iommu_group *group; 672 const char *name; 673 674 if (!iommu_group_kset) 675 return NULL; 676 677 name = kasprintf(GFP_KERNEL, "%d", id); 678 if (!name) 679 return NULL; 680 681 group_kobj = kset_find_obj(iommu_group_kset, name); 682 kfree(name); 683 684 if (!group_kobj) 685 return NULL; 686 687 group = container_of(group_kobj, struct iommu_group, kobj); 688 BUG_ON(group->id != id); 689 690 kobject_get(group->devices_kobj); 691 kobject_put(&group->kobj); 692 693 return group; 694 } 695 EXPORT_SYMBOL_GPL(iommu_group_get_by_id); 696 697 /** 698 * iommu_group_get_iommudata - retrieve iommu_data registered for a group 699 * @group: the group 700 * 701 * iommu drivers can store data in the group for use when doing iommu 702 * operations. This function provides a way to retrieve it. Caller 703 * should hold a group reference. 704 */ 705 void *iommu_group_get_iommudata(struct iommu_group *group) 706 { 707 return group->iommu_data; 708 } 709 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata); 710 711 /** 712 * iommu_group_set_iommudata - set iommu_data for a group 713 * @group: the group 714 * @iommu_data: new data 715 * @release: release function for iommu_data 716 * 717 * iommu drivers can store data in the group for use when doing iommu 718 * operations. This function provides a way to set the data after 719 * the group has been allocated. Caller should hold a group reference. 720 */ 721 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data, 722 void (*release)(void *iommu_data)) 723 { 724 group->iommu_data = iommu_data; 725 group->iommu_data_release = release; 726 } 727 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata); 728 729 /** 730 * iommu_group_set_name - set name for a group 731 * @group: the group 732 * @name: name 733 * 734 * Allow iommu driver to set a name for a group. When set it will 735 * appear in a name attribute file under the group in sysfs. 736 */ 737 int iommu_group_set_name(struct iommu_group *group, const char *name) 738 { 739 int ret; 740 741 if (group->name) { 742 iommu_group_remove_file(group, &iommu_group_attr_name); 743 kfree(group->name); 744 group->name = NULL; 745 if (!name) 746 return 0; 747 } 748 749 group->name = kstrdup(name, GFP_KERNEL); 750 if (!group->name) 751 return -ENOMEM; 752 753 ret = iommu_group_create_file(group, &iommu_group_attr_name); 754 if (ret) { 755 kfree(group->name); 756 group->name = NULL; 757 return ret; 758 } 759 760 return 0; 761 } 762 EXPORT_SYMBOL_GPL(iommu_group_set_name); 763 764 static int iommu_create_device_direct_mappings(struct iommu_group *group, 765 struct device *dev) 766 { 767 struct iommu_domain *domain = group->default_domain; 768 struct iommu_resv_region *entry; 769 struct list_head mappings; 770 unsigned long pg_size; 771 int ret = 0; 772 773 if (!domain || !iommu_is_dma_domain(domain)) 774 return 0; 775 776 BUG_ON(!domain->pgsize_bitmap); 777 778 pg_size = 1UL << __ffs(domain->pgsize_bitmap); 779 INIT_LIST_HEAD(&mappings); 780 781 iommu_get_resv_regions(dev, &mappings); 782 783 /* We need to consider overlapping regions for different devices */ 784 list_for_each_entry(entry, &mappings, list) { 785 dma_addr_t start, end, addr; 786 size_t map_size = 0; 787 788 if (domain->ops->apply_resv_region) 789 domain->ops->apply_resv_region(dev, domain, entry); 790 791 start = ALIGN(entry->start, pg_size); 792 end = ALIGN(entry->start + entry->length, pg_size); 793 794 if (entry->type != IOMMU_RESV_DIRECT && 795 entry->type != IOMMU_RESV_DIRECT_RELAXABLE) 796 continue; 797 798 for (addr = start; addr <= end; addr += pg_size) { 799 phys_addr_t phys_addr; 800 801 if (addr == end) 802 goto map_end; 803 804 phys_addr = iommu_iova_to_phys(domain, addr); 805 if (!phys_addr) { 806 map_size += pg_size; 807 continue; 808 } 809 810 map_end: 811 if (map_size) { 812 ret = iommu_map(domain, addr - map_size, 813 addr - map_size, map_size, 814 entry->prot); 815 if (ret) 816 goto out; 817 map_size = 0; 818 } 819 } 820 821 } 822 823 iommu_flush_iotlb_all(domain); 824 825 out: 826 iommu_put_resv_regions(dev, &mappings); 827 828 return ret; 829 } 830 831 static bool iommu_is_attach_deferred(struct iommu_domain *domain, 832 struct device *dev) 833 { 834 if (domain->ops->is_attach_deferred) 835 return domain->ops->is_attach_deferred(domain, dev); 836 837 return false; 838 } 839 840 /** 841 * iommu_group_add_device - add a device to an iommu group 842 * @group: the group into which to add the device (reference should be held) 843 * @dev: the device 844 * 845 * This function is called by an iommu driver to add a device into a 846 * group. Adding a device increments the group reference count. 847 */ 848 int iommu_group_add_device(struct iommu_group *group, struct device *dev) 849 { 850 int ret, i = 0; 851 struct group_device *device; 852 853 device = kzalloc(sizeof(*device), GFP_KERNEL); 854 if (!device) 855 return -ENOMEM; 856 857 device->dev = dev; 858 859 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group"); 860 if (ret) 861 goto err_free_device; 862 863 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj)); 864 rename: 865 if (!device->name) { 866 ret = -ENOMEM; 867 goto err_remove_link; 868 } 869 870 ret = sysfs_create_link_nowarn(group->devices_kobj, 871 &dev->kobj, device->name); 872 if (ret) { 873 if (ret == -EEXIST && i >= 0) { 874 /* 875 * Account for the slim chance of collision 876 * and append an instance to the name. 877 */ 878 kfree(device->name); 879 device->name = kasprintf(GFP_KERNEL, "%s.%d", 880 kobject_name(&dev->kobj), i++); 881 goto rename; 882 } 883 goto err_free_name; 884 } 885 886 kobject_get(group->devices_kobj); 887 888 dev->iommu_group = group; 889 890 mutex_lock(&group->mutex); 891 list_add_tail(&device->list, &group->devices); 892 if (group->domain && !iommu_is_attach_deferred(group->domain, dev)) 893 ret = __iommu_attach_device(group->domain, dev); 894 mutex_unlock(&group->mutex); 895 if (ret) 896 goto err_put_group; 897 898 /* Notify any listeners about change to group. */ 899 blocking_notifier_call_chain(&group->notifier, 900 IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev); 901 902 trace_add_device_to_group(group->id, dev); 903 904 dev_info(dev, "Adding to iommu group %d\n", group->id); 905 906 return 0; 907 908 err_put_group: 909 mutex_lock(&group->mutex); 910 list_del(&device->list); 911 mutex_unlock(&group->mutex); 912 dev->iommu_group = NULL; 913 kobject_put(group->devices_kobj); 914 sysfs_remove_link(group->devices_kobj, device->name); 915 err_free_name: 916 kfree(device->name); 917 err_remove_link: 918 sysfs_remove_link(&dev->kobj, "iommu_group"); 919 err_free_device: 920 kfree(device); 921 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret); 922 return ret; 923 } 924 EXPORT_SYMBOL_GPL(iommu_group_add_device); 925 926 /** 927 * iommu_group_remove_device - remove a device from it's current group 928 * @dev: device to be removed 929 * 930 * This function is called by an iommu driver to remove the device from 931 * it's current group. This decrements the iommu group reference count. 932 */ 933 void iommu_group_remove_device(struct device *dev) 934 { 935 struct iommu_group *group = dev->iommu_group; 936 struct group_device *tmp_device, *device = NULL; 937 938 if (!group) 939 return; 940 941 dev_info(dev, "Removing from iommu group %d\n", group->id); 942 943 /* Pre-notify listeners that a device is being removed. */ 944 blocking_notifier_call_chain(&group->notifier, 945 IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev); 946 947 mutex_lock(&group->mutex); 948 list_for_each_entry(tmp_device, &group->devices, list) { 949 if (tmp_device->dev == dev) { 950 device = tmp_device; 951 list_del(&device->list); 952 break; 953 } 954 } 955 mutex_unlock(&group->mutex); 956 957 if (!device) 958 return; 959 960 sysfs_remove_link(group->devices_kobj, device->name); 961 sysfs_remove_link(&dev->kobj, "iommu_group"); 962 963 trace_remove_device_from_group(group->id, dev); 964 965 kfree(device->name); 966 kfree(device); 967 dev->iommu_group = NULL; 968 kobject_put(group->devices_kobj); 969 } 970 EXPORT_SYMBOL_GPL(iommu_group_remove_device); 971 972 static int iommu_group_device_count(struct iommu_group *group) 973 { 974 struct group_device *entry; 975 int ret = 0; 976 977 list_for_each_entry(entry, &group->devices, list) 978 ret++; 979 980 return ret; 981 } 982 983 /** 984 * iommu_group_for_each_dev - iterate over each device in the group 985 * @group: the group 986 * @data: caller opaque data to be passed to callback function 987 * @fn: caller supplied callback function 988 * 989 * This function is called by group users to iterate over group devices. 990 * Callers should hold a reference count to the group during callback. 991 * The group->mutex is held across callbacks, which will block calls to 992 * iommu_group_add/remove_device. 993 */ 994 static int __iommu_group_for_each_dev(struct iommu_group *group, void *data, 995 int (*fn)(struct device *, void *)) 996 { 997 struct group_device *device; 998 int ret = 0; 999 1000 list_for_each_entry(device, &group->devices, list) { 1001 ret = fn(device->dev, data); 1002 if (ret) 1003 break; 1004 } 1005 return ret; 1006 } 1007 1008 1009 int iommu_group_for_each_dev(struct iommu_group *group, void *data, 1010 int (*fn)(struct device *, void *)) 1011 { 1012 int ret; 1013 1014 mutex_lock(&group->mutex); 1015 ret = __iommu_group_for_each_dev(group, data, fn); 1016 mutex_unlock(&group->mutex); 1017 1018 return ret; 1019 } 1020 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev); 1021 1022 /** 1023 * iommu_group_get - Return the group for a device and increment reference 1024 * @dev: get the group that this device belongs to 1025 * 1026 * This function is called by iommu drivers and users to get the group 1027 * for the specified device. If found, the group is returned and the group 1028 * reference in incremented, else NULL. 1029 */ 1030 struct iommu_group *iommu_group_get(struct device *dev) 1031 { 1032 struct iommu_group *group = dev->iommu_group; 1033 1034 if (group) 1035 kobject_get(group->devices_kobj); 1036 1037 return group; 1038 } 1039 EXPORT_SYMBOL_GPL(iommu_group_get); 1040 1041 /** 1042 * iommu_group_ref_get - Increment reference on a group 1043 * @group: the group to use, must not be NULL 1044 * 1045 * This function is called by iommu drivers to take additional references on an 1046 * existing group. Returns the given group for convenience. 1047 */ 1048 struct iommu_group *iommu_group_ref_get(struct iommu_group *group) 1049 { 1050 kobject_get(group->devices_kobj); 1051 return group; 1052 } 1053 EXPORT_SYMBOL_GPL(iommu_group_ref_get); 1054 1055 /** 1056 * iommu_group_put - Decrement group reference 1057 * @group: the group to use 1058 * 1059 * This function is called by iommu drivers and users to release the 1060 * iommu group. Once the reference count is zero, the group is released. 1061 */ 1062 void iommu_group_put(struct iommu_group *group) 1063 { 1064 if (group) 1065 kobject_put(group->devices_kobj); 1066 } 1067 EXPORT_SYMBOL_GPL(iommu_group_put); 1068 1069 /** 1070 * iommu_group_register_notifier - Register a notifier for group changes 1071 * @group: the group to watch 1072 * @nb: notifier block to signal 1073 * 1074 * This function allows iommu group users to track changes in a group. 1075 * See include/linux/iommu.h for actions sent via this notifier. Caller 1076 * should hold a reference to the group throughout notifier registration. 1077 */ 1078 int iommu_group_register_notifier(struct iommu_group *group, 1079 struct notifier_block *nb) 1080 { 1081 return blocking_notifier_chain_register(&group->notifier, nb); 1082 } 1083 EXPORT_SYMBOL_GPL(iommu_group_register_notifier); 1084 1085 /** 1086 * iommu_group_unregister_notifier - Unregister a notifier 1087 * @group: the group to watch 1088 * @nb: notifier block to signal 1089 * 1090 * Unregister a previously registered group notifier block. 1091 */ 1092 int iommu_group_unregister_notifier(struct iommu_group *group, 1093 struct notifier_block *nb) 1094 { 1095 return blocking_notifier_chain_unregister(&group->notifier, nb); 1096 } 1097 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier); 1098 1099 /** 1100 * iommu_register_device_fault_handler() - Register a device fault handler 1101 * @dev: the device 1102 * @handler: the fault handler 1103 * @data: private data passed as argument to the handler 1104 * 1105 * When an IOMMU fault event is received, this handler gets called with the 1106 * fault event and data as argument. The handler should return 0 on success. If 1107 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also 1108 * complete the fault by calling iommu_page_response() with one of the following 1109 * response code: 1110 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation 1111 * - IOMMU_PAGE_RESP_INVALID: terminate the fault 1112 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting 1113 * page faults if possible. 1114 * 1115 * Return 0 if the fault handler was installed successfully, or an error. 1116 */ 1117 int iommu_register_device_fault_handler(struct device *dev, 1118 iommu_dev_fault_handler_t handler, 1119 void *data) 1120 { 1121 struct dev_iommu *param = dev->iommu; 1122 int ret = 0; 1123 1124 if (!param) 1125 return -EINVAL; 1126 1127 mutex_lock(¶m->lock); 1128 /* Only allow one fault handler registered for each device */ 1129 if (param->fault_param) { 1130 ret = -EBUSY; 1131 goto done_unlock; 1132 } 1133 1134 get_device(dev); 1135 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL); 1136 if (!param->fault_param) { 1137 put_device(dev); 1138 ret = -ENOMEM; 1139 goto done_unlock; 1140 } 1141 param->fault_param->handler = handler; 1142 param->fault_param->data = data; 1143 mutex_init(¶m->fault_param->lock); 1144 INIT_LIST_HEAD(¶m->fault_param->faults); 1145 1146 done_unlock: 1147 mutex_unlock(¶m->lock); 1148 1149 return ret; 1150 } 1151 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler); 1152 1153 /** 1154 * iommu_unregister_device_fault_handler() - Unregister the device fault handler 1155 * @dev: the device 1156 * 1157 * Remove the device fault handler installed with 1158 * iommu_register_device_fault_handler(). 1159 * 1160 * Return 0 on success, or an error. 1161 */ 1162 int iommu_unregister_device_fault_handler(struct device *dev) 1163 { 1164 struct dev_iommu *param = dev->iommu; 1165 int ret = 0; 1166 1167 if (!param) 1168 return -EINVAL; 1169 1170 mutex_lock(¶m->lock); 1171 1172 if (!param->fault_param) 1173 goto unlock; 1174 1175 /* we cannot unregister handler if there are pending faults */ 1176 if (!list_empty(¶m->fault_param->faults)) { 1177 ret = -EBUSY; 1178 goto unlock; 1179 } 1180 1181 kfree(param->fault_param); 1182 param->fault_param = NULL; 1183 put_device(dev); 1184 unlock: 1185 mutex_unlock(¶m->lock); 1186 1187 return ret; 1188 } 1189 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler); 1190 1191 /** 1192 * iommu_report_device_fault() - Report fault event to device driver 1193 * @dev: the device 1194 * @evt: fault event data 1195 * 1196 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ 1197 * handler. When this function fails and the fault is recoverable, it is the 1198 * caller's responsibility to complete the fault. 1199 * 1200 * Return 0 on success, or an error. 1201 */ 1202 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt) 1203 { 1204 struct dev_iommu *param = dev->iommu; 1205 struct iommu_fault_event *evt_pending = NULL; 1206 struct iommu_fault_param *fparam; 1207 int ret = 0; 1208 1209 if (!param || !evt) 1210 return -EINVAL; 1211 1212 /* we only report device fault if there is a handler registered */ 1213 mutex_lock(¶m->lock); 1214 fparam = param->fault_param; 1215 if (!fparam || !fparam->handler) { 1216 ret = -EINVAL; 1217 goto done_unlock; 1218 } 1219 1220 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ && 1221 (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) { 1222 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event), 1223 GFP_KERNEL); 1224 if (!evt_pending) { 1225 ret = -ENOMEM; 1226 goto done_unlock; 1227 } 1228 mutex_lock(&fparam->lock); 1229 list_add_tail(&evt_pending->list, &fparam->faults); 1230 mutex_unlock(&fparam->lock); 1231 } 1232 1233 ret = fparam->handler(&evt->fault, fparam->data); 1234 if (ret && evt_pending) { 1235 mutex_lock(&fparam->lock); 1236 list_del(&evt_pending->list); 1237 mutex_unlock(&fparam->lock); 1238 kfree(evt_pending); 1239 } 1240 done_unlock: 1241 mutex_unlock(¶m->lock); 1242 return ret; 1243 } 1244 EXPORT_SYMBOL_GPL(iommu_report_device_fault); 1245 1246 int iommu_page_response(struct device *dev, 1247 struct iommu_page_response *msg) 1248 { 1249 bool needs_pasid; 1250 int ret = -EINVAL; 1251 struct iommu_fault_event *evt; 1252 struct iommu_fault_page_request *prm; 1253 struct dev_iommu *param = dev->iommu; 1254 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID; 1255 struct iommu_domain *domain = iommu_get_domain_for_dev(dev); 1256 1257 if (!domain || !domain->ops->page_response) 1258 return -ENODEV; 1259 1260 if (!param || !param->fault_param) 1261 return -EINVAL; 1262 1263 if (msg->version != IOMMU_PAGE_RESP_VERSION_1 || 1264 msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID) 1265 return -EINVAL; 1266 1267 /* Only send response if there is a fault report pending */ 1268 mutex_lock(¶m->fault_param->lock); 1269 if (list_empty(¶m->fault_param->faults)) { 1270 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n"); 1271 goto done_unlock; 1272 } 1273 /* 1274 * Check if we have a matching page request pending to respond, 1275 * otherwise return -EINVAL 1276 */ 1277 list_for_each_entry(evt, ¶m->fault_param->faults, list) { 1278 prm = &evt->fault.prm; 1279 if (prm->grpid != msg->grpid) 1280 continue; 1281 1282 /* 1283 * If the PASID is required, the corresponding request is 1284 * matched using the group ID, the PASID valid bit and the PASID 1285 * value. Otherwise only the group ID matches request and 1286 * response. 1287 */ 1288 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID; 1289 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid)) 1290 continue; 1291 1292 if (!needs_pasid && has_pasid) { 1293 /* No big deal, just clear it. */ 1294 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID; 1295 msg->pasid = 0; 1296 } 1297 1298 ret = domain->ops->page_response(dev, evt, msg); 1299 list_del(&evt->list); 1300 kfree(evt); 1301 break; 1302 } 1303 1304 done_unlock: 1305 mutex_unlock(¶m->fault_param->lock); 1306 return ret; 1307 } 1308 EXPORT_SYMBOL_GPL(iommu_page_response); 1309 1310 /** 1311 * iommu_group_id - Return ID for a group 1312 * @group: the group to ID 1313 * 1314 * Return the unique ID for the group matching the sysfs group number. 1315 */ 1316 int iommu_group_id(struct iommu_group *group) 1317 { 1318 return group->id; 1319 } 1320 EXPORT_SYMBOL_GPL(iommu_group_id); 1321 1322 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1323 unsigned long *devfns); 1324 1325 /* 1326 * To consider a PCI device isolated, we require ACS to support Source 1327 * Validation, Request Redirection, Completer Redirection, and Upstream 1328 * Forwarding. This effectively means that devices cannot spoof their 1329 * requester ID, requests and completions cannot be redirected, and all 1330 * transactions are forwarded upstream, even as it passes through a 1331 * bridge where the target device is downstream. 1332 */ 1333 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF) 1334 1335 /* 1336 * For multifunction devices which are not isolated from each other, find 1337 * all the other non-isolated functions and look for existing groups. For 1338 * each function, we also need to look for aliases to or from other devices 1339 * that may already have a group. 1340 */ 1341 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev, 1342 unsigned long *devfns) 1343 { 1344 struct pci_dev *tmp = NULL; 1345 struct iommu_group *group; 1346 1347 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS)) 1348 return NULL; 1349 1350 for_each_pci_dev(tmp) { 1351 if (tmp == pdev || tmp->bus != pdev->bus || 1352 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) || 1353 pci_acs_enabled(tmp, REQ_ACS_FLAGS)) 1354 continue; 1355 1356 group = get_pci_alias_group(tmp, devfns); 1357 if (group) { 1358 pci_dev_put(tmp); 1359 return group; 1360 } 1361 } 1362 1363 return NULL; 1364 } 1365 1366 /* 1367 * Look for aliases to or from the given device for existing groups. DMA 1368 * aliases are only supported on the same bus, therefore the search 1369 * space is quite small (especially since we're really only looking at pcie 1370 * device, and therefore only expect multiple slots on the root complex or 1371 * downstream switch ports). It's conceivable though that a pair of 1372 * multifunction devices could have aliases between them that would cause a 1373 * loop. To prevent this, we use a bitmap to track where we've been. 1374 */ 1375 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1376 unsigned long *devfns) 1377 { 1378 struct pci_dev *tmp = NULL; 1379 struct iommu_group *group; 1380 1381 if (test_and_set_bit(pdev->devfn & 0xff, devfns)) 1382 return NULL; 1383 1384 group = iommu_group_get(&pdev->dev); 1385 if (group) 1386 return group; 1387 1388 for_each_pci_dev(tmp) { 1389 if (tmp == pdev || tmp->bus != pdev->bus) 1390 continue; 1391 1392 /* We alias them or they alias us */ 1393 if (pci_devs_are_dma_aliases(pdev, tmp)) { 1394 group = get_pci_alias_group(tmp, devfns); 1395 if (group) { 1396 pci_dev_put(tmp); 1397 return group; 1398 } 1399 1400 group = get_pci_function_alias_group(tmp, devfns); 1401 if (group) { 1402 pci_dev_put(tmp); 1403 return group; 1404 } 1405 } 1406 } 1407 1408 return NULL; 1409 } 1410 1411 struct group_for_pci_data { 1412 struct pci_dev *pdev; 1413 struct iommu_group *group; 1414 }; 1415 1416 /* 1417 * DMA alias iterator callback, return the last seen device. Stop and return 1418 * the IOMMU group if we find one along the way. 1419 */ 1420 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque) 1421 { 1422 struct group_for_pci_data *data = opaque; 1423 1424 data->pdev = pdev; 1425 data->group = iommu_group_get(&pdev->dev); 1426 1427 return data->group != NULL; 1428 } 1429 1430 /* 1431 * Generic device_group call-back function. It just allocates one 1432 * iommu-group per device. 1433 */ 1434 struct iommu_group *generic_device_group(struct device *dev) 1435 { 1436 return iommu_group_alloc(); 1437 } 1438 EXPORT_SYMBOL_GPL(generic_device_group); 1439 1440 /* 1441 * Use standard PCI bus topology, isolation features, and DMA alias quirks 1442 * to find or create an IOMMU group for a device. 1443 */ 1444 struct iommu_group *pci_device_group(struct device *dev) 1445 { 1446 struct pci_dev *pdev = to_pci_dev(dev); 1447 struct group_for_pci_data data; 1448 struct pci_bus *bus; 1449 struct iommu_group *group = NULL; 1450 u64 devfns[4] = { 0 }; 1451 1452 if (WARN_ON(!dev_is_pci(dev))) 1453 return ERR_PTR(-EINVAL); 1454 1455 /* 1456 * Find the upstream DMA alias for the device. A device must not 1457 * be aliased due to topology in order to have its own IOMMU group. 1458 * If we find an alias along the way that already belongs to a 1459 * group, use it. 1460 */ 1461 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data)) 1462 return data.group; 1463 1464 pdev = data.pdev; 1465 1466 /* 1467 * Continue upstream from the point of minimum IOMMU granularity 1468 * due to aliases to the point where devices are protected from 1469 * peer-to-peer DMA by PCI ACS. Again, if we find an existing 1470 * group, use it. 1471 */ 1472 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) { 1473 if (!bus->self) 1474 continue; 1475 1476 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS)) 1477 break; 1478 1479 pdev = bus->self; 1480 1481 group = iommu_group_get(&pdev->dev); 1482 if (group) 1483 return group; 1484 } 1485 1486 /* 1487 * Look for existing groups on device aliases. If we alias another 1488 * device or another device aliases us, use the same group. 1489 */ 1490 group = get_pci_alias_group(pdev, (unsigned long *)devfns); 1491 if (group) 1492 return group; 1493 1494 /* 1495 * Look for existing groups on non-isolated functions on the same 1496 * slot and aliases of those funcions, if any. No need to clear 1497 * the search bitmap, the tested devfns are still valid. 1498 */ 1499 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns); 1500 if (group) 1501 return group; 1502 1503 /* No shared group found, allocate new */ 1504 return iommu_group_alloc(); 1505 } 1506 EXPORT_SYMBOL_GPL(pci_device_group); 1507 1508 /* Get the IOMMU group for device on fsl-mc bus */ 1509 struct iommu_group *fsl_mc_device_group(struct device *dev) 1510 { 1511 struct device *cont_dev = fsl_mc_cont_dev(dev); 1512 struct iommu_group *group; 1513 1514 group = iommu_group_get(cont_dev); 1515 if (!group) 1516 group = iommu_group_alloc(); 1517 return group; 1518 } 1519 EXPORT_SYMBOL_GPL(fsl_mc_device_group); 1520 1521 static int iommu_get_def_domain_type(struct device *dev) 1522 { 1523 const struct iommu_ops *ops = dev->bus->iommu_ops; 1524 1525 if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted) 1526 return IOMMU_DOMAIN_DMA; 1527 1528 if (ops->def_domain_type) 1529 return ops->def_domain_type(dev); 1530 1531 return 0; 1532 } 1533 1534 static int iommu_group_alloc_default_domain(struct bus_type *bus, 1535 struct iommu_group *group, 1536 unsigned int type) 1537 { 1538 struct iommu_domain *dom; 1539 1540 dom = __iommu_domain_alloc(bus, type); 1541 if (!dom && type != IOMMU_DOMAIN_DMA) { 1542 dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA); 1543 if (dom) 1544 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA", 1545 type, group->name); 1546 } 1547 1548 if (!dom) 1549 return -ENOMEM; 1550 1551 group->default_domain = dom; 1552 if (!group->domain) 1553 group->domain = dom; 1554 return 0; 1555 } 1556 1557 static int iommu_alloc_default_domain(struct iommu_group *group, 1558 struct device *dev) 1559 { 1560 unsigned int type; 1561 1562 if (group->default_domain) 1563 return 0; 1564 1565 type = iommu_get_def_domain_type(dev) ? : iommu_def_domain_type; 1566 1567 return iommu_group_alloc_default_domain(dev->bus, group, type); 1568 } 1569 1570 /** 1571 * iommu_group_get_for_dev - Find or create the IOMMU group for a device 1572 * @dev: target device 1573 * 1574 * This function is intended to be called by IOMMU drivers and extended to 1575 * support common, bus-defined algorithms when determining or creating the 1576 * IOMMU group for a device. On success, the caller will hold a reference 1577 * to the returned IOMMU group, which will already include the provided 1578 * device. The reference should be released with iommu_group_put(). 1579 */ 1580 static struct iommu_group *iommu_group_get_for_dev(struct device *dev) 1581 { 1582 const struct iommu_ops *ops = dev->bus->iommu_ops; 1583 struct iommu_group *group; 1584 int ret; 1585 1586 group = iommu_group_get(dev); 1587 if (group) 1588 return group; 1589 1590 if (!ops) 1591 return ERR_PTR(-EINVAL); 1592 1593 group = ops->device_group(dev); 1594 if (WARN_ON_ONCE(group == NULL)) 1595 return ERR_PTR(-EINVAL); 1596 1597 if (IS_ERR(group)) 1598 return group; 1599 1600 ret = iommu_group_add_device(group, dev); 1601 if (ret) 1602 goto out_put_group; 1603 1604 return group; 1605 1606 out_put_group: 1607 iommu_group_put(group); 1608 1609 return ERR_PTR(ret); 1610 } 1611 1612 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group) 1613 { 1614 return group->default_domain; 1615 } 1616 1617 static int probe_iommu_group(struct device *dev, void *data) 1618 { 1619 struct list_head *group_list = data; 1620 struct iommu_group *group; 1621 int ret; 1622 1623 /* Device is probed already if in a group */ 1624 group = iommu_group_get(dev); 1625 if (group) { 1626 iommu_group_put(group); 1627 return 0; 1628 } 1629 1630 ret = __iommu_probe_device(dev, group_list); 1631 if (ret == -ENODEV) 1632 ret = 0; 1633 1634 return ret; 1635 } 1636 1637 static int remove_iommu_group(struct device *dev, void *data) 1638 { 1639 iommu_release_device(dev); 1640 1641 return 0; 1642 } 1643 1644 static int iommu_bus_notifier(struct notifier_block *nb, 1645 unsigned long action, void *data) 1646 { 1647 unsigned long group_action = 0; 1648 struct device *dev = data; 1649 struct iommu_group *group; 1650 1651 /* 1652 * ADD/DEL call into iommu driver ops if provided, which may 1653 * result in ADD/DEL notifiers to group->notifier 1654 */ 1655 if (action == BUS_NOTIFY_ADD_DEVICE) { 1656 int ret; 1657 1658 ret = iommu_probe_device(dev); 1659 return (ret) ? NOTIFY_DONE : NOTIFY_OK; 1660 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) { 1661 iommu_release_device(dev); 1662 return NOTIFY_OK; 1663 } 1664 1665 /* 1666 * Remaining BUS_NOTIFYs get filtered and republished to the 1667 * group, if anyone is listening 1668 */ 1669 group = iommu_group_get(dev); 1670 if (!group) 1671 return 0; 1672 1673 switch (action) { 1674 case BUS_NOTIFY_BIND_DRIVER: 1675 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER; 1676 break; 1677 case BUS_NOTIFY_BOUND_DRIVER: 1678 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER; 1679 break; 1680 case BUS_NOTIFY_UNBIND_DRIVER: 1681 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER; 1682 break; 1683 case BUS_NOTIFY_UNBOUND_DRIVER: 1684 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER; 1685 break; 1686 } 1687 1688 if (group_action) 1689 blocking_notifier_call_chain(&group->notifier, 1690 group_action, dev); 1691 1692 iommu_group_put(group); 1693 return 0; 1694 } 1695 1696 struct __group_domain_type { 1697 struct device *dev; 1698 unsigned int type; 1699 }; 1700 1701 static int probe_get_default_domain_type(struct device *dev, void *data) 1702 { 1703 struct __group_domain_type *gtype = data; 1704 unsigned int type = iommu_get_def_domain_type(dev); 1705 1706 if (type) { 1707 if (gtype->type && gtype->type != type) { 1708 dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n", 1709 iommu_domain_type_str(type), 1710 dev_name(gtype->dev), 1711 iommu_domain_type_str(gtype->type)); 1712 gtype->type = 0; 1713 } 1714 1715 if (!gtype->dev) { 1716 gtype->dev = dev; 1717 gtype->type = type; 1718 } 1719 } 1720 1721 return 0; 1722 } 1723 1724 static void probe_alloc_default_domain(struct bus_type *bus, 1725 struct iommu_group *group) 1726 { 1727 struct __group_domain_type gtype; 1728 1729 memset(>ype, 0, sizeof(gtype)); 1730 1731 /* Ask for default domain requirements of all devices in the group */ 1732 __iommu_group_for_each_dev(group, >ype, 1733 probe_get_default_domain_type); 1734 1735 if (!gtype.type) 1736 gtype.type = iommu_def_domain_type; 1737 1738 iommu_group_alloc_default_domain(bus, group, gtype.type); 1739 1740 } 1741 1742 static int iommu_group_do_dma_attach(struct device *dev, void *data) 1743 { 1744 struct iommu_domain *domain = data; 1745 int ret = 0; 1746 1747 if (!iommu_is_attach_deferred(domain, dev)) 1748 ret = __iommu_attach_device(domain, dev); 1749 1750 return ret; 1751 } 1752 1753 static int __iommu_group_dma_attach(struct iommu_group *group) 1754 { 1755 return __iommu_group_for_each_dev(group, group->default_domain, 1756 iommu_group_do_dma_attach); 1757 } 1758 1759 static int iommu_group_do_probe_finalize(struct device *dev, void *data) 1760 { 1761 struct iommu_domain *domain = data; 1762 1763 if (domain->ops->probe_finalize) 1764 domain->ops->probe_finalize(dev); 1765 1766 return 0; 1767 } 1768 1769 static void __iommu_group_dma_finalize(struct iommu_group *group) 1770 { 1771 __iommu_group_for_each_dev(group, group->default_domain, 1772 iommu_group_do_probe_finalize); 1773 } 1774 1775 static int iommu_do_create_direct_mappings(struct device *dev, void *data) 1776 { 1777 struct iommu_group *group = data; 1778 1779 iommu_create_device_direct_mappings(group, dev); 1780 1781 return 0; 1782 } 1783 1784 static int iommu_group_create_direct_mappings(struct iommu_group *group) 1785 { 1786 return __iommu_group_for_each_dev(group, group, 1787 iommu_do_create_direct_mappings); 1788 } 1789 1790 int bus_iommu_probe(struct bus_type *bus) 1791 { 1792 struct iommu_group *group, *next; 1793 LIST_HEAD(group_list); 1794 int ret; 1795 1796 /* 1797 * This code-path does not allocate the default domain when 1798 * creating the iommu group, so do it after the groups are 1799 * created. 1800 */ 1801 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group); 1802 if (ret) 1803 return ret; 1804 1805 list_for_each_entry_safe(group, next, &group_list, entry) { 1806 /* Remove item from the list */ 1807 list_del_init(&group->entry); 1808 1809 mutex_lock(&group->mutex); 1810 1811 /* Try to allocate default domain */ 1812 probe_alloc_default_domain(bus, group); 1813 1814 if (!group->default_domain) { 1815 mutex_unlock(&group->mutex); 1816 continue; 1817 } 1818 1819 iommu_group_create_direct_mappings(group); 1820 1821 ret = __iommu_group_dma_attach(group); 1822 1823 mutex_unlock(&group->mutex); 1824 1825 if (ret) 1826 break; 1827 1828 __iommu_group_dma_finalize(group); 1829 } 1830 1831 return ret; 1832 } 1833 1834 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops) 1835 { 1836 struct notifier_block *nb; 1837 int err; 1838 1839 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL); 1840 if (!nb) 1841 return -ENOMEM; 1842 1843 nb->notifier_call = iommu_bus_notifier; 1844 1845 err = bus_register_notifier(bus, nb); 1846 if (err) 1847 goto out_free; 1848 1849 err = bus_iommu_probe(bus); 1850 if (err) 1851 goto out_err; 1852 1853 1854 return 0; 1855 1856 out_err: 1857 /* Clean up */ 1858 bus_for_each_dev(bus, NULL, NULL, remove_iommu_group); 1859 bus_unregister_notifier(bus, nb); 1860 1861 out_free: 1862 kfree(nb); 1863 1864 return err; 1865 } 1866 1867 /** 1868 * bus_set_iommu - set iommu-callbacks for the bus 1869 * @bus: bus. 1870 * @ops: the callbacks provided by the iommu-driver 1871 * 1872 * This function is called by an iommu driver to set the iommu methods 1873 * used for a particular bus. Drivers for devices on that bus can use 1874 * the iommu-api after these ops are registered. 1875 * This special function is needed because IOMMUs are usually devices on 1876 * the bus itself, so the iommu drivers are not initialized when the bus 1877 * is set up. With this function the iommu-driver can set the iommu-ops 1878 * afterwards. 1879 */ 1880 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops) 1881 { 1882 int err; 1883 1884 if (ops == NULL) { 1885 bus->iommu_ops = NULL; 1886 return 0; 1887 } 1888 1889 if (bus->iommu_ops != NULL) 1890 return -EBUSY; 1891 1892 bus->iommu_ops = ops; 1893 1894 /* Do IOMMU specific setup for this bus-type */ 1895 err = iommu_bus_init(bus, ops); 1896 if (err) 1897 bus->iommu_ops = NULL; 1898 1899 return err; 1900 } 1901 EXPORT_SYMBOL_GPL(bus_set_iommu); 1902 1903 bool iommu_present(struct bus_type *bus) 1904 { 1905 return bus->iommu_ops != NULL; 1906 } 1907 EXPORT_SYMBOL_GPL(iommu_present); 1908 1909 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap) 1910 { 1911 if (!bus->iommu_ops || !bus->iommu_ops->capable) 1912 return false; 1913 1914 return bus->iommu_ops->capable(cap); 1915 } 1916 EXPORT_SYMBOL_GPL(iommu_capable); 1917 1918 /** 1919 * iommu_set_fault_handler() - set a fault handler for an iommu domain 1920 * @domain: iommu domain 1921 * @handler: fault handler 1922 * @token: user data, will be passed back to the fault handler 1923 * 1924 * This function should be used by IOMMU users which want to be notified 1925 * whenever an IOMMU fault happens. 1926 * 1927 * The fault handler itself should return 0 on success, and an appropriate 1928 * error code otherwise. 1929 */ 1930 void iommu_set_fault_handler(struct iommu_domain *domain, 1931 iommu_fault_handler_t handler, 1932 void *token) 1933 { 1934 BUG_ON(!domain); 1935 1936 domain->handler = handler; 1937 domain->handler_token = token; 1938 } 1939 EXPORT_SYMBOL_GPL(iommu_set_fault_handler); 1940 1941 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 1942 unsigned type) 1943 { 1944 struct iommu_domain *domain; 1945 1946 if (bus == NULL || bus->iommu_ops == NULL) 1947 return NULL; 1948 1949 domain = bus->iommu_ops->domain_alloc(type); 1950 if (!domain) 1951 return NULL; 1952 1953 domain->ops = bus->iommu_ops; 1954 domain->type = type; 1955 /* Assume all sizes by default; the driver may override this later */ 1956 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap; 1957 1958 if (iommu_is_dma_domain(domain) && iommu_get_dma_cookie(domain)) { 1959 iommu_domain_free(domain); 1960 domain = NULL; 1961 } 1962 return domain; 1963 } 1964 1965 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus) 1966 { 1967 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED); 1968 } 1969 EXPORT_SYMBOL_GPL(iommu_domain_alloc); 1970 1971 void iommu_domain_free(struct iommu_domain *domain) 1972 { 1973 iommu_put_dma_cookie(domain); 1974 domain->ops->domain_free(domain); 1975 } 1976 EXPORT_SYMBOL_GPL(iommu_domain_free); 1977 1978 static int __iommu_attach_device(struct iommu_domain *domain, 1979 struct device *dev) 1980 { 1981 int ret; 1982 1983 if (unlikely(domain->ops->attach_dev == NULL)) 1984 return -ENODEV; 1985 1986 ret = domain->ops->attach_dev(domain, dev); 1987 if (!ret) 1988 trace_attach_device_to_domain(dev); 1989 return ret; 1990 } 1991 1992 int iommu_attach_device(struct iommu_domain *domain, struct device *dev) 1993 { 1994 struct iommu_group *group; 1995 int ret; 1996 1997 group = iommu_group_get(dev); 1998 if (!group) 1999 return -ENODEV; 2000 2001 /* 2002 * Lock the group to make sure the device-count doesn't 2003 * change while we are attaching 2004 */ 2005 mutex_lock(&group->mutex); 2006 ret = -EINVAL; 2007 if (iommu_group_device_count(group) != 1) 2008 goto out_unlock; 2009 2010 ret = __iommu_attach_group(domain, group); 2011 2012 out_unlock: 2013 mutex_unlock(&group->mutex); 2014 iommu_group_put(group); 2015 2016 return ret; 2017 } 2018 EXPORT_SYMBOL_GPL(iommu_attach_device); 2019 2020 int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain) 2021 { 2022 const struct iommu_ops *ops = domain->ops; 2023 2024 if (ops->is_attach_deferred && ops->is_attach_deferred(domain, dev)) 2025 return __iommu_attach_device(domain, dev); 2026 2027 return 0; 2028 } 2029 2030 /* 2031 * Check flags and other user provided data for valid combinations. We also 2032 * make sure no reserved fields or unused flags are set. This is to ensure 2033 * not breaking userspace in the future when these fields or flags are used. 2034 */ 2035 static int iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info) 2036 { 2037 u32 mask; 2038 int i; 2039 2040 if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1) 2041 return -EINVAL; 2042 2043 mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1; 2044 if (info->cache & ~mask) 2045 return -EINVAL; 2046 2047 if (info->granularity >= IOMMU_INV_GRANU_NR) 2048 return -EINVAL; 2049 2050 switch (info->granularity) { 2051 case IOMMU_INV_GRANU_ADDR: 2052 if (info->cache & IOMMU_CACHE_INV_TYPE_PASID) 2053 return -EINVAL; 2054 2055 mask = IOMMU_INV_ADDR_FLAGS_PASID | 2056 IOMMU_INV_ADDR_FLAGS_ARCHID | 2057 IOMMU_INV_ADDR_FLAGS_LEAF; 2058 2059 if (info->granu.addr_info.flags & ~mask) 2060 return -EINVAL; 2061 break; 2062 case IOMMU_INV_GRANU_PASID: 2063 mask = IOMMU_INV_PASID_FLAGS_PASID | 2064 IOMMU_INV_PASID_FLAGS_ARCHID; 2065 if (info->granu.pasid_info.flags & ~mask) 2066 return -EINVAL; 2067 2068 break; 2069 case IOMMU_INV_GRANU_DOMAIN: 2070 if (info->cache & IOMMU_CACHE_INV_TYPE_DEV_IOTLB) 2071 return -EINVAL; 2072 break; 2073 default: 2074 return -EINVAL; 2075 } 2076 2077 /* Check reserved padding fields */ 2078 for (i = 0; i < sizeof(info->padding); i++) { 2079 if (info->padding[i]) 2080 return -EINVAL; 2081 } 2082 2083 return 0; 2084 } 2085 2086 int iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev, 2087 void __user *uinfo) 2088 { 2089 struct iommu_cache_invalidate_info inv_info = { 0 }; 2090 u32 minsz; 2091 int ret; 2092 2093 if (unlikely(!domain->ops->cache_invalidate)) 2094 return -ENODEV; 2095 2096 /* 2097 * No new spaces can be added before the variable sized union, the 2098 * minimum size is the offset to the union. 2099 */ 2100 minsz = offsetof(struct iommu_cache_invalidate_info, granu); 2101 2102 /* Copy minsz from user to get flags and argsz */ 2103 if (copy_from_user(&inv_info, uinfo, minsz)) 2104 return -EFAULT; 2105 2106 /* Fields before the variable size union are mandatory */ 2107 if (inv_info.argsz < minsz) 2108 return -EINVAL; 2109 2110 /* PASID and address granu require additional info beyond minsz */ 2111 if (inv_info.granularity == IOMMU_INV_GRANU_PASID && 2112 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.pasid_info)) 2113 return -EINVAL; 2114 2115 if (inv_info.granularity == IOMMU_INV_GRANU_ADDR && 2116 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.addr_info)) 2117 return -EINVAL; 2118 2119 /* 2120 * User might be using a newer UAPI header which has a larger data 2121 * size, we shall support the existing flags within the current 2122 * size. Copy the remaining user data _after_ minsz but not more 2123 * than the current kernel supported size. 2124 */ 2125 if (copy_from_user((void *)&inv_info + minsz, uinfo + minsz, 2126 min_t(u32, inv_info.argsz, sizeof(inv_info)) - minsz)) 2127 return -EFAULT; 2128 2129 /* Now the argsz is validated, check the content */ 2130 ret = iommu_check_cache_invl_data(&inv_info); 2131 if (ret) 2132 return ret; 2133 2134 return domain->ops->cache_invalidate(domain, dev, &inv_info); 2135 } 2136 EXPORT_SYMBOL_GPL(iommu_uapi_cache_invalidate); 2137 2138 static int iommu_check_bind_data(struct iommu_gpasid_bind_data *data) 2139 { 2140 u64 mask; 2141 int i; 2142 2143 if (data->version != IOMMU_GPASID_BIND_VERSION_1) 2144 return -EINVAL; 2145 2146 /* Check the range of supported formats */ 2147 if (data->format >= IOMMU_PASID_FORMAT_LAST) 2148 return -EINVAL; 2149 2150 /* Check all flags */ 2151 mask = IOMMU_SVA_GPASID_VAL; 2152 if (data->flags & ~mask) 2153 return -EINVAL; 2154 2155 /* Check reserved padding fields */ 2156 for (i = 0; i < sizeof(data->padding); i++) { 2157 if (data->padding[i]) 2158 return -EINVAL; 2159 } 2160 2161 return 0; 2162 } 2163 2164 static int iommu_sva_prepare_bind_data(void __user *udata, 2165 struct iommu_gpasid_bind_data *data) 2166 { 2167 u32 minsz; 2168 2169 /* 2170 * No new spaces can be added before the variable sized union, the 2171 * minimum size is the offset to the union. 2172 */ 2173 minsz = offsetof(struct iommu_gpasid_bind_data, vendor); 2174 2175 /* Copy minsz from user to get flags and argsz */ 2176 if (copy_from_user(data, udata, minsz)) 2177 return -EFAULT; 2178 2179 /* Fields before the variable size union are mandatory */ 2180 if (data->argsz < minsz) 2181 return -EINVAL; 2182 /* 2183 * User might be using a newer UAPI header, we shall let IOMMU vendor 2184 * driver decide on what size it needs. Since the guest PASID bind data 2185 * can be vendor specific, larger argsz could be the result of extension 2186 * for one vendor but it should not affect another vendor. 2187 * Copy the remaining user data _after_ minsz 2188 */ 2189 if (copy_from_user((void *)data + minsz, udata + minsz, 2190 min_t(u32, data->argsz, sizeof(*data)) - minsz)) 2191 return -EFAULT; 2192 2193 return iommu_check_bind_data(data); 2194 } 2195 2196 int iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev, 2197 void __user *udata) 2198 { 2199 struct iommu_gpasid_bind_data data = { 0 }; 2200 int ret; 2201 2202 if (unlikely(!domain->ops->sva_bind_gpasid)) 2203 return -ENODEV; 2204 2205 ret = iommu_sva_prepare_bind_data(udata, &data); 2206 if (ret) 2207 return ret; 2208 2209 return domain->ops->sva_bind_gpasid(domain, dev, &data); 2210 } 2211 EXPORT_SYMBOL_GPL(iommu_uapi_sva_bind_gpasid); 2212 2213 int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, 2214 ioasid_t pasid) 2215 { 2216 if (unlikely(!domain->ops->sva_unbind_gpasid)) 2217 return -ENODEV; 2218 2219 return domain->ops->sva_unbind_gpasid(dev, pasid); 2220 } 2221 EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid); 2222 2223 int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, 2224 void __user *udata) 2225 { 2226 struct iommu_gpasid_bind_data data = { 0 }; 2227 int ret; 2228 2229 if (unlikely(!domain->ops->sva_bind_gpasid)) 2230 return -ENODEV; 2231 2232 ret = iommu_sva_prepare_bind_data(udata, &data); 2233 if (ret) 2234 return ret; 2235 2236 return iommu_sva_unbind_gpasid(domain, dev, data.hpasid); 2237 } 2238 EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid); 2239 2240 static void __iommu_detach_device(struct iommu_domain *domain, 2241 struct device *dev) 2242 { 2243 if (iommu_is_attach_deferred(domain, dev)) 2244 return; 2245 2246 if (unlikely(domain->ops->detach_dev == NULL)) 2247 return; 2248 2249 domain->ops->detach_dev(domain, dev); 2250 trace_detach_device_from_domain(dev); 2251 } 2252 2253 void iommu_detach_device(struct iommu_domain *domain, struct device *dev) 2254 { 2255 struct iommu_group *group; 2256 2257 group = iommu_group_get(dev); 2258 if (!group) 2259 return; 2260 2261 mutex_lock(&group->mutex); 2262 if (iommu_group_device_count(group) != 1) { 2263 WARN_ON(1); 2264 goto out_unlock; 2265 } 2266 2267 __iommu_detach_group(domain, group); 2268 2269 out_unlock: 2270 mutex_unlock(&group->mutex); 2271 iommu_group_put(group); 2272 } 2273 EXPORT_SYMBOL_GPL(iommu_detach_device); 2274 2275 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev) 2276 { 2277 struct iommu_domain *domain; 2278 struct iommu_group *group; 2279 2280 group = iommu_group_get(dev); 2281 if (!group) 2282 return NULL; 2283 2284 domain = group->domain; 2285 2286 iommu_group_put(group); 2287 2288 return domain; 2289 } 2290 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev); 2291 2292 /* 2293 * For IOMMU_DOMAIN_DMA implementations which already provide their own 2294 * guarantees that the group and its default domain are valid and correct. 2295 */ 2296 struct iommu_domain *iommu_get_dma_domain(struct device *dev) 2297 { 2298 return dev->iommu_group->default_domain; 2299 } 2300 2301 /* 2302 * IOMMU groups are really the natural working unit of the IOMMU, but 2303 * the IOMMU API works on domains and devices. Bridge that gap by 2304 * iterating over the devices in a group. Ideally we'd have a single 2305 * device which represents the requestor ID of the group, but we also 2306 * allow IOMMU drivers to create policy defined minimum sets, where 2307 * the physical hardware may be able to distiguish members, but we 2308 * wish to group them at a higher level (ex. untrusted multi-function 2309 * PCI devices). Thus we attach each device. 2310 */ 2311 static int iommu_group_do_attach_device(struct device *dev, void *data) 2312 { 2313 struct iommu_domain *domain = data; 2314 2315 return __iommu_attach_device(domain, dev); 2316 } 2317 2318 static int __iommu_attach_group(struct iommu_domain *domain, 2319 struct iommu_group *group) 2320 { 2321 int ret; 2322 2323 if (group->default_domain && group->domain != group->default_domain) 2324 return -EBUSY; 2325 2326 ret = __iommu_group_for_each_dev(group, domain, 2327 iommu_group_do_attach_device); 2328 if (ret == 0) 2329 group->domain = domain; 2330 2331 return ret; 2332 } 2333 2334 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group) 2335 { 2336 int ret; 2337 2338 mutex_lock(&group->mutex); 2339 ret = __iommu_attach_group(domain, group); 2340 mutex_unlock(&group->mutex); 2341 2342 return ret; 2343 } 2344 EXPORT_SYMBOL_GPL(iommu_attach_group); 2345 2346 static int iommu_group_do_detach_device(struct device *dev, void *data) 2347 { 2348 struct iommu_domain *domain = data; 2349 2350 __iommu_detach_device(domain, dev); 2351 2352 return 0; 2353 } 2354 2355 static void __iommu_detach_group(struct iommu_domain *domain, 2356 struct iommu_group *group) 2357 { 2358 int ret; 2359 2360 if (!group->default_domain) { 2361 __iommu_group_for_each_dev(group, domain, 2362 iommu_group_do_detach_device); 2363 group->domain = NULL; 2364 return; 2365 } 2366 2367 if (group->domain == group->default_domain) 2368 return; 2369 2370 /* Detach by re-attaching to the default domain */ 2371 ret = __iommu_group_for_each_dev(group, group->default_domain, 2372 iommu_group_do_attach_device); 2373 if (ret != 0) 2374 WARN_ON(1); 2375 else 2376 group->domain = group->default_domain; 2377 } 2378 2379 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group) 2380 { 2381 mutex_lock(&group->mutex); 2382 __iommu_detach_group(domain, group); 2383 mutex_unlock(&group->mutex); 2384 } 2385 EXPORT_SYMBOL_GPL(iommu_detach_group); 2386 2387 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova) 2388 { 2389 if (domain->type == IOMMU_DOMAIN_IDENTITY) 2390 return iova; 2391 2392 if (domain->type == IOMMU_DOMAIN_BLOCKED) 2393 return 0; 2394 2395 return domain->ops->iova_to_phys(domain, iova); 2396 } 2397 EXPORT_SYMBOL_GPL(iommu_iova_to_phys); 2398 2399 static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova, 2400 phys_addr_t paddr, size_t size, size_t *count) 2401 { 2402 unsigned int pgsize_idx, pgsize_idx_next; 2403 unsigned long pgsizes; 2404 size_t offset, pgsize, pgsize_next; 2405 unsigned long addr_merge = paddr | iova; 2406 2407 /* Page sizes supported by the hardware and small enough for @size */ 2408 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0); 2409 2410 /* Constrain the page sizes further based on the maximum alignment */ 2411 if (likely(addr_merge)) 2412 pgsizes &= GENMASK(__ffs(addr_merge), 0); 2413 2414 /* Make sure we have at least one suitable page size */ 2415 BUG_ON(!pgsizes); 2416 2417 /* Pick the biggest page size remaining */ 2418 pgsize_idx = __fls(pgsizes); 2419 pgsize = BIT(pgsize_idx); 2420 if (!count) 2421 return pgsize; 2422 2423 /* Find the next biggest support page size, if it exists */ 2424 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0); 2425 if (!pgsizes) 2426 goto out_set_count; 2427 2428 pgsize_idx_next = __ffs(pgsizes); 2429 pgsize_next = BIT(pgsize_idx_next); 2430 2431 /* 2432 * There's no point trying a bigger page size unless the virtual 2433 * and physical addresses are similarly offset within the larger page. 2434 */ 2435 if ((iova ^ paddr) & (pgsize_next - 1)) 2436 goto out_set_count; 2437 2438 /* Calculate the offset to the next page size alignment boundary */ 2439 offset = pgsize_next - (addr_merge & (pgsize_next - 1)); 2440 2441 /* 2442 * If size is big enough to accommodate the larger page, reduce 2443 * the number of smaller pages. 2444 */ 2445 if (offset + pgsize_next <= size) 2446 size = offset; 2447 2448 out_set_count: 2449 *count = size >> pgsize_idx; 2450 return pgsize; 2451 } 2452 2453 static int __iommu_map_pages(struct iommu_domain *domain, unsigned long iova, 2454 phys_addr_t paddr, size_t size, int prot, 2455 gfp_t gfp, size_t *mapped) 2456 { 2457 const struct iommu_ops *ops = domain->ops; 2458 size_t pgsize, count; 2459 int ret; 2460 2461 pgsize = iommu_pgsize(domain, iova, paddr, size, &count); 2462 2463 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n", 2464 iova, &paddr, pgsize, count); 2465 2466 if (ops->map_pages) { 2467 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot, 2468 gfp, mapped); 2469 } else { 2470 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp); 2471 *mapped = ret ? 0 : pgsize; 2472 } 2473 2474 return ret; 2475 } 2476 2477 static int __iommu_map(struct iommu_domain *domain, unsigned long iova, 2478 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2479 { 2480 const struct iommu_ops *ops = domain->ops; 2481 unsigned long orig_iova = iova; 2482 unsigned int min_pagesz; 2483 size_t orig_size = size; 2484 phys_addr_t orig_paddr = paddr; 2485 int ret = 0; 2486 2487 if (unlikely(!(ops->map || ops->map_pages) || 2488 domain->pgsize_bitmap == 0UL)) 2489 return -ENODEV; 2490 2491 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2492 return -EINVAL; 2493 2494 /* find out the minimum page size supported */ 2495 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2496 2497 /* 2498 * both the virtual address and the physical one, as well as 2499 * the size of the mapping, must be aligned (at least) to the 2500 * size of the smallest page supported by the hardware 2501 */ 2502 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) { 2503 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n", 2504 iova, &paddr, size, min_pagesz); 2505 return -EINVAL; 2506 } 2507 2508 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size); 2509 2510 while (size) { 2511 size_t mapped = 0; 2512 2513 ret = __iommu_map_pages(domain, iova, paddr, size, prot, gfp, 2514 &mapped); 2515 /* 2516 * Some pages may have been mapped, even if an error occurred, 2517 * so we should account for those so they can be unmapped. 2518 */ 2519 size -= mapped; 2520 2521 if (ret) 2522 break; 2523 2524 iova += mapped; 2525 paddr += mapped; 2526 } 2527 2528 /* unroll mapping in case something went wrong */ 2529 if (ret) 2530 iommu_unmap(domain, orig_iova, orig_size - size); 2531 else 2532 trace_map(orig_iova, orig_paddr, orig_size); 2533 2534 return ret; 2535 } 2536 2537 static int _iommu_map(struct iommu_domain *domain, unsigned long iova, 2538 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2539 { 2540 const struct iommu_ops *ops = domain->ops; 2541 int ret; 2542 2543 ret = __iommu_map(domain, iova, paddr, size, prot, gfp); 2544 if (ret == 0 && ops->iotlb_sync_map) 2545 ops->iotlb_sync_map(domain, iova, size); 2546 2547 return ret; 2548 } 2549 2550 int iommu_map(struct iommu_domain *domain, unsigned long iova, 2551 phys_addr_t paddr, size_t size, int prot) 2552 { 2553 might_sleep(); 2554 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL); 2555 } 2556 EXPORT_SYMBOL_GPL(iommu_map); 2557 2558 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova, 2559 phys_addr_t paddr, size_t size, int prot) 2560 { 2561 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC); 2562 } 2563 EXPORT_SYMBOL_GPL(iommu_map_atomic); 2564 2565 static size_t __iommu_unmap_pages(struct iommu_domain *domain, 2566 unsigned long iova, size_t size, 2567 struct iommu_iotlb_gather *iotlb_gather) 2568 { 2569 const struct iommu_ops *ops = domain->ops; 2570 size_t pgsize, count; 2571 2572 pgsize = iommu_pgsize(domain, iova, iova, size, &count); 2573 return ops->unmap_pages ? 2574 ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather) : 2575 ops->unmap(domain, iova, pgsize, iotlb_gather); 2576 } 2577 2578 static size_t __iommu_unmap(struct iommu_domain *domain, 2579 unsigned long iova, size_t size, 2580 struct iommu_iotlb_gather *iotlb_gather) 2581 { 2582 const struct iommu_ops *ops = domain->ops; 2583 size_t unmapped_page, unmapped = 0; 2584 unsigned long orig_iova = iova; 2585 unsigned int min_pagesz; 2586 2587 if (unlikely(!(ops->unmap || ops->unmap_pages) || 2588 domain->pgsize_bitmap == 0UL)) 2589 return 0; 2590 2591 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2592 return 0; 2593 2594 /* find out the minimum page size supported */ 2595 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2596 2597 /* 2598 * The virtual address, as well as the size of the mapping, must be 2599 * aligned (at least) to the size of the smallest page supported 2600 * by the hardware 2601 */ 2602 if (!IS_ALIGNED(iova | size, min_pagesz)) { 2603 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n", 2604 iova, size, min_pagesz); 2605 return 0; 2606 } 2607 2608 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size); 2609 2610 /* 2611 * Keep iterating until we either unmap 'size' bytes (or more) 2612 * or we hit an area that isn't mapped. 2613 */ 2614 while (unmapped < size) { 2615 unmapped_page = __iommu_unmap_pages(domain, iova, 2616 size - unmapped, 2617 iotlb_gather); 2618 if (!unmapped_page) 2619 break; 2620 2621 pr_debug("unmapped: iova 0x%lx size 0x%zx\n", 2622 iova, unmapped_page); 2623 2624 iova += unmapped_page; 2625 unmapped += unmapped_page; 2626 } 2627 2628 trace_unmap(orig_iova, size, unmapped); 2629 return unmapped; 2630 } 2631 2632 size_t iommu_unmap(struct iommu_domain *domain, 2633 unsigned long iova, size_t size) 2634 { 2635 struct iommu_iotlb_gather iotlb_gather; 2636 size_t ret; 2637 2638 iommu_iotlb_gather_init(&iotlb_gather); 2639 ret = __iommu_unmap(domain, iova, size, &iotlb_gather); 2640 iommu_iotlb_sync(domain, &iotlb_gather); 2641 2642 return ret; 2643 } 2644 EXPORT_SYMBOL_GPL(iommu_unmap); 2645 2646 size_t iommu_unmap_fast(struct iommu_domain *domain, 2647 unsigned long iova, size_t size, 2648 struct iommu_iotlb_gather *iotlb_gather) 2649 { 2650 return __iommu_unmap(domain, iova, size, iotlb_gather); 2651 } 2652 EXPORT_SYMBOL_GPL(iommu_unmap_fast); 2653 2654 static ssize_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2655 struct scatterlist *sg, unsigned int nents, int prot, 2656 gfp_t gfp) 2657 { 2658 const struct iommu_ops *ops = domain->ops; 2659 size_t len = 0, mapped = 0; 2660 phys_addr_t start; 2661 unsigned int i = 0; 2662 int ret; 2663 2664 while (i <= nents) { 2665 phys_addr_t s_phys = sg_phys(sg); 2666 2667 if (len && s_phys != start + len) { 2668 ret = __iommu_map(domain, iova + mapped, start, 2669 len, prot, gfp); 2670 2671 if (ret) 2672 goto out_err; 2673 2674 mapped += len; 2675 len = 0; 2676 } 2677 2678 if (len) { 2679 len += sg->length; 2680 } else { 2681 len = sg->length; 2682 start = s_phys; 2683 } 2684 2685 if (++i < nents) 2686 sg = sg_next(sg); 2687 } 2688 2689 if (ops->iotlb_sync_map) 2690 ops->iotlb_sync_map(domain, iova, mapped); 2691 return mapped; 2692 2693 out_err: 2694 /* undo mappings already done */ 2695 iommu_unmap(domain, iova, mapped); 2696 2697 return ret; 2698 } 2699 2700 ssize_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2701 struct scatterlist *sg, unsigned int nents, int prot) 2702 { 2703 might_sleep(); 2704 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL); 2705 } 2706 EXPORT_SYMBOL_GPL(iommu_map_sg); 2707 2708 ssize_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova, 2709 struct scatterlist *sg, unsigned int nents, int prot) 2710 { 2711 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC); 2712 } 2713 2714 /** 2715 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework 2716 * @domain: the iommu domain where the fault has happened 2717 * @dev: the device where the fault has happened 2718 * @iova: the faulting address 2719 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...) 2720 * 2721 * This function should be called by the low-level IOMMU implementations 2722 * whenever IOMMU faults happen, to allow high-level users, that are 2723 * interested in such events, to know about them. 2724 * 2725 * This event may be useful for several possible use cases: 2726 * - mere logging of the event 2727 * - dynamic TLB/PTE loading 2728 * - if restarting of the faulting device is required 2729 * 2730 * Returns 0 on success and an appropriate error code otherwise (if dynamic 2731 * PTE/TLB loading will one day be supported, implementations will be able 2732 * to tell whether it succeeded or not according to this return value). 2733 * 2734 * Specifically, -ENOSYS is returned if a fault handler isn't installed 2735 * (though fault handlers can also return -ENOSYS, in case they want to 2736 * elicit the default behavior of the IOMMU drivers). 2737 */ 2738 int report_iommu_fault(struct iommu_domain *domain, struct device *dev, 2739 unsigned long iova, int flags) 2740 { 2741 int ret = -ENOSYS; 2742 2743 /* 2744 * if upper layers showed interest and installed a fault handler, 2745 * invoke it. 2746 */ 2747 if (domain->handler) 2748 ret = domain->handler(domain, dev, iova, flags, 2749 domain->handler_token); 2750 2751 trace_io_page_fault(dev, iova, flags); 2752 return ret; 2753 } 2754 EXPORT_SYMBOL_GPL(report_iommu_fault); 2755 2756 static int __init iommu_init(void) 2757 { 2758 iommu_group_kset = kset_create_and_add("iommu_groups", 2759 NULL, kernel_kobj); 2760 BUG_ON(!iommu_group_kset); 2761 2762 iommu_debugfs_setup(); 2763 2764 return 0; 2765 } 2766 core_initcall(iommu_init); 2767 2768 int iommu_enable_nesting(struct iommu_domain *domain) 2769 { 2770 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2771 return -EINVAL; 2772 if (!domain->ops->enable_nesting) 2773 return -EINVAL; 2774 return domain->ops->enable_nesting(domain); 2775 } 2776 EXPORT_SYMBOL_GPL(iommu_enable_nesting); 2777 2778 int iommu_set_pgtable_quirks(struct iommu_domain *domain, 2779 unsigned long quirk) 2780 { 2781 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2782 return -EINVAL; 2783 if (!domain->ops->set_pgtable_quirks) 2784 return -EINVAL; 2785 return domain->ops->set_pgtable_quirks(domain, quirk); 2786 } 2787 EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks); 2788 2789 void iommu_get_resv_regions(struct device *dev, struct list_head *list) 2790 { 2791 const struct iommu_ops *ops = dev->bus->iommu_ops; 2792 2793 if (ops && ops->get_resv_regions) 2794 ops->get_resv_regions(dev, list); 2795 } 2796 2797 void iommu_put_resv_regions(struct device *dev, struct list_head *list) 2798 { 2799 const struct iommu_ops *ops = dev->bus->iommu_ops; 2800 2801 if (ops && ops->put_resv_regions) 2802 ops->put_resv_regions(dev, list); 2803 } 2804 2805 /** 2806 * generic_iommu_put_resv_regions - Reserved region driver helper 2807 * @dev: device for which to free reserved regions 2808 * @list: reserved region list for device 2809 * 2810 * IOMMU drivers can use this to implement their .put_resv_regions() callback 2811 * for simple reservations. Memory allocated for each reserved region will be 2812 * freed. If an IOMMU driver allocates additional resources per region, it is 2813 * going to have to implement a custom callback. 2814 */ 2815 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list) 2816 { 2817 struct iommu_resv_region *entry, *next; 2818 2819 list_for_each_entry_safe(entry, next, list, list) 2820 kfree(entry); 2821 } 2822 EXPORT_SYMBOL(generic_iommu_put_resv_regions); 2823 2824 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start, 2825 size_t length, int prot, 2826 enum iommu_resv_type type) 2827 { 2828 struct iommu_resv_region *region; 2829 2830 region = kzalloc(sizeof(*region), GFP_KERNEL); 2831 if (!region) 2832 return NULL; 2833 2834 INIT_LIST_HEAD(®ion->list); 2835 region->start = start; 2836 region->length = length; 2837 region->prot = prot; 2838 region->type = type; 2839 return region; 2840 } 2841 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region); 2842 2843 void iommu_set_default_passthrough(bool cmd_line) 2844 { 2845 if (cmd_line) 2846 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2847 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; 2848 } 2849 2850 void iommu_set_default_translated(bool cmd_line) 2851 { 2852 if (cmd_line) 2853 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2854 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 2855 } 2856 2857 bool iommu_default_passthrough(void) 2858 { 2859 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY; 2860 } 2861 EXPORT_SYMBOL_GPL(iommu_default_passthrough); 2862 2863 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode) 2864 { 2865 const struct iommu_ops *ops = NULL; 2866 struct iommu_device *iommu; 2867 2868 spin_lock(&iommu_device_lock); 2869 list_for_each_entry(iommu, &iommu_device_list, list) 2870 if (iommu->fwnode == fwnode) { 2871 ops = iommu->ops; 2872 break; 2873 } 2874 spin_unlock(&iommu_device_lock); 2875 return ops; 2876 } 2877 2878 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode, 2879 const struct iommu_ops *ops) 2880 { 2881 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2882 2883 if (fwspec) 2884 return ops == fwspec->ops ? 0 : -EINVAL; 2885 2886 if (!dev_iommu_get(dev)) 2887 return -ENOMEM; 2888 2889 /* Preallocate for the overwhelmingly common case of 1 ID */ 2890 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL); 2891 if (!fwspec) 2892 return -ENOMEM; 2893 2894 of_node_get(to_of_node(iommu_fwnode)); 2895 fwspec->iommu_fwnode = iommu_fwnode; 2896 fwspec->ops = ops; 2897 dev_iommu_fwspec_set(dev, fwspec); 2898 return 0; 2899 } 2900 EXPORT_SYMBOL_GPL(iommu_fwspec_init); 2901 2902 void iommu_fwspec_free(struct device *dev) 2903 { 2904 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2905 2906 if (fwspec) { 2907 fwnode_handle_put(fwspec->iommu_fwnode); 2908 kfree(fwspec); 2909 dev_iommu_fwspec_set(dev, NULL); 2910 } 2911 } 2912 EXPORT_SYMBOL_GPL(iommu_fwspec_free); 2913 2914 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids) 2915 { 2916 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2917 int i, new_num; 2918 2919 if (!fwspec) 2920 return -EINVAL; 2921 2922 new_num = fwspec->num_ids + num_ids; 2923 if (new_num > 1) { 2924 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num), 2925 GFP_KERNEL); 2926 if (!fwspec) 2927 return -ENOMEM; 2928 2929 dev_iommu_fwspec_set(dev, fwspec); 2930 } 2931 2932 for (i = 0; i < num_ids; i++) 2933 fwspec->ids[fwspec->num_ids + i] = ids[i]; 2934 2935 fwspec->num_ids = new_num; 2936 return 0; 2937 } 2938 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids); 2939 2940 /* 2941 * Per device IOMMU features. 2942 */ 2943 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat) 2944 { 2945 if (dev->iommu && dev->iommu->iommu_dev) { 2946 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2947 2948 if (ops->dev_enable_feat) 2949 return ops->dev_enable_feat(dev, feat); 2950 } 2951 2952 return -ENODEV; 2953 } 2954 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature); 2955 2956 /* 2957 * The device drivers should do the necessary cleanups before calling this. 2958 * For example, before disabling the aux-domain feature, the device driver 2959 * should detach all aux-domains. Otherwise, this will return -EBUSY. 2960 */ 2961 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat) 2962 { 2963 if (dev->iommu && dev->iommu->iommu_dev) { 2964 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2965 2966 if (ops->dev_disable_feat) 2967 return ops->dev_disable_feat(dev, feat); 2968 } 2969 2970 return -EBUSY; 2971 } 2972 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature); 2973 2974 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat) 2975 { 2976 if (dev->iommu && dev->iommu->iommu_dev) { 2977 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2978 2979 if (ops->dev_feat_enabled) 2980 return ops->dev_feat_enabled(dev, feat); 2981 } 2982 2983 return false; 2984 } 2985 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled); 2986 2987 /* 2988 * Aux-domain specific attach/detach. 2989 * 2990 * Only works if iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX) returns 2991 * true. Also, as long as domains are attached to a device through this 2992 * interface, any tries to call iommu_attach_device() should fail 2993 * (iommu_detach_device() can't fail, so we fail when trying to re-attach). 2994 * This should make us safe against a device being attached to a guest as a 2995 * whole while there are still pasid users on it (aux and sva). 2996 */ 2997 int iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev) 2998 { 2999 int ret = -ENODEV; 3000 3001 if (domain->ops->aux_attach_dev) 3002 ret = domain->ops->aux_attach_dev(domain, dev); 3003 3004 if (!ret) 3005 trace_attach_device_to_domain(dev); 3006 3007 return ret; 3008 } 3009 EXPORT_SYMBOL_GPL(iommu_aux_attach_device); 3010 3011 void iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev) 3012 { 3013 if (domain->ops->aux_detach_dev) { 3014 domain->ops->aux_detach_dev(domain, dev); 3015 trace_detach_device_from_domain(dev); 3016 } 3017 } 3018 EXPORT_SYMBOL_GPL(iommu_aux_detach_device); 3019 3020 int iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev) 3021 { 3022 int ret = -ENODEV; 3023 3024 if (domain->ops->aux_get_pasid) 3025 ret = domain->ops->aux_get_pasid(domain, dev); 3026 3027 return ret; 3028 } 3029 EXPORT_SYMBOL_GPL(iommu_aux_get_pasid); 3030 3031 /** 3032 * iommu_sva_bind_device() - Bind a process address space to a device 3033 * @dev: the device 3034 * @mm: the mm to bind, caller must hold a reference to it 3035 * 3036 * Create a bond between device and address space, allowing the device to access 3037 * the mm using the returned PASID. If a bond already exists between @device and 3038 * @mm, it is returned and an additional reference is taken. Caller must call 3039 * iommu_sva_unbind_device() to release each reference. 3040 * 3041 * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to 3042 * initialize the required SVA features. 3043 * 3044 * On error, returns an ERR_PTR value. 3045 */ 3046 struct iommu_sva * 3047 iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata) 3048 { 3049 struct iommu_group *group; 3050 struct iommu_sva *handle = ERR_PTR(-EINVAL); 3051 const struct iommu_ops *ops = dev->bus->iommu_ops; 3052 3053 if (!ops || !ops->sva_bind) 3054 return ERR_PTR(-ENODEV); 3055 3056 group = iommu_group_get(dev); 3057 if (!group) 3058 return ERR_PTR(-ENODEV); 3059 3060 /* Ensure device count and domain don't change while we're binding */ 3061 mutex_lock(&group->mutex); 3062 3063 /* 3064 * To keep things simple, SVA currently doesn't support IOMMU groups 3065 * with more than one device. Existing SVA-capable systems are not 3066 * affected by the problems that required IOMMU groups (lack of ACS 3067 * isolation, device ID aliasing and other hardware issues). 3068 */ 3069 if (iommu_group_device_count(group) != 1) 3070 goto out_unlock; 3071 3072 handle = ops->sva_bind(dev, mm, drvdata); 3073 3074 out_unlock: 3075 mutex_unlock(&group->mutex); 3076 iommu_group_put(group); 3077 3078 return handle; 3079 } 3080 EXPORT_SYMBOL_GPL(iommu_sva_bind_device); 3081 3082 /** 3083 * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device 3084 * @handle: the handle returned by iommu_sva_bind_device() 3085 * 3086 * Put reference to a bond between device and address space. The device should 3087 * not be issuing any more transaction for this PASID. All outstanding page 3088 * requests for this PASID must have been flushed to the IOMMU. 3089 */ 3090 void iommu_sva_unbind_device(struct iommu_sva *handle) 3091 { 3092 struct iommu_group *group; 3093 struct device *dev = handle->dev; 3094 const struct iommu_ops *ops = dev->bus->iommu_ops; 3095 3096 if (!ops || !ops->sva_unbind) 3097 return; 3098 3099 group = iommu_group_get(dev); 3100 if (!group) 3101 return; 3102 3103 mutex_lock(&group->mutex); 3104 ops->sva_unbind(handle); 3105 mutex_unlock(&group->mutex); 3106 3107 iommu_group_put(group); 3108 } 3109 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device); 3110 3111 u32 iommu_sva_get_pasid(struct iommu_sva *handle) 3112 { 3113 const struct iommu_ops *ops = handle->dev->bus->iommu_ops; 3114 3115 if (!ops || !ops->sva_get_pasid) 3116 return IOMMU_PASID_INVALID; 3117 3118 return ops->sva_get_pasid(handle); 3119 } 3120 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid); 3121 3122 /* 3123 * Changes the default domain of an iommu group that has *only* one device 3124 * 3125 * @group: The group for which the default domain should be changed 3126 * @prev_dev: The device in the group (this is used to make sure that the device 3127 * hasn't changed after the caller has called this function) 3128 * @type: The type of the new default domain that gets associated with the group 3129 * 3130 * Returns 0 on success and error code on failure 3131 * 3132 * Note: 3133 * 1. Presently, this function is called only when user requests to change the 3134 * group's default domain type through /sys/kernel/iommu_groups/<grp_id>/type 3135 * Please take a closer look if intended to use for other purposes. 3136 */ 3137 static int iommu_change_dev_def_domain(struct iommu_group *group, 3138 struct device *prev_dev, int type) 3139 { 3140 struct iommu_domain *prev_dom; 3141 struct group_device *grp_dev; 3142 int ret, dev_def_dom; 3143 struct device *dev; 3144 3145 mutex_lock(&group->mutex); 3146 3147 if (group->default_domain != group->domain) { 3148 dev_err_ratelimited(prev_dev, "Group not assigned to default domain\n"); 3149 ret = -EBUSY; 3150 goto out; 3151 } 3152 3153 /* 3154 * iommu group wasn't locked while acquiring device lock in 3155 * iommu_group_store_type(). So, make sure that the device count hasn't 3156 * changed while acquiring device lock. 3157 * 3158 * Changing default domain of an iommu group with two or more devices 3159 * isn't supported because there could be a potential deadlock. Consider 3160 * the following scenario. T1 is trying to acquire device locks of all 3161 * the devices in the group and before it could acquire all of them, 3162 * there could be another thread T2 (from different sub-system and use 3163 * case) that has already acquired some of the device locks and might be 3164 * waiting for T1 to release other device locks. 3165 */ 3166 if (iommu_group_device_count(group) != 1) { 3167 dev_err_ratelimited(prev_dev, "Cannot change default domain: Group has more than one device\n"); 3168 ret = -EINVAL; 3169 goto out; 3170 } 3171 3172 /* Since group has only one device */ 3173 grp_dev = list_first_entry(&group->devices, struct group_device, list); 3174 dev = grp_dev->dev; 3175 3176 if (prev_dev != dev) { 3177 dev_err_ratelimited(prev_dev, "Cannot change default domain: Device has been changed\n"); 3178 ret = -EBUSY; 3179 goto out; 3180 } 3181 3182 prev_dom = group->default_domain; 3183 if (!prev_dom) { 3184 ret = -EINVAL; 3185 goto out; 3186 } 3187 3188 dev_def_dom = iommu_get_def_domain_type(dev); 3189 if (!type) { 3190 /* 3191 * If the user hasn't requested any specific type of domain and 3192 * if the device supports both the domains, then default to the 3193 * domain the device was booted with 3194 */ 3195 type = dev_def_dom ? : iommu_def_domain_type; 3196 } else if (dev_def_dom && type != dev_def_dom) { 3197 dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n", 3198 iommu_domain_type_str(type)); 3199 ret = -EINVAL; 3200 goto out; 3201 } 3202 3203 /* 3204 * Switch to a new domain only if the requested domain type is different 3205 * from the existing default domain type 3206 */ 3207 if (prev_dom->type == type) { 3208 ret = 0; 3209 goto out; 3210 } 3211 3212 /* We can bring up a flush queue without tearing down the domain */ 3213 if (type == IOMMU_DOMAIN_DMA_FQ && prev_dom->type == IOMMU_DOMAIN_DMA) { 3214 ret = iommu_dma_init_fq(prev_dom); 3215 if (!ret) 3216 prev_dom->type = IOMMU_DOMAIN_DMA_FQ; 3217 goto out; 3218 } 3219 3220 /* Sets group->default_domain to the newly allocated domain */ 3221 ret = iommu_group_alloc_default_domain(dev->bus, group, type); 3222 if (ret) 3223 goto out; 3224 3225 ret = iommu_create_device_direct_mappings(group, dev); 3226 if (ret) 3227 goto free_new_domain; 3228 3229 ret = __iommu_attach_device(group->default_domain, dev); 3230 if (ret) 3231 goto free_new_domain; 3232 3233 group->domain = group->default_domain; 3234 3235 /* 3236 * Release the mutex here because ops->probe_finalize() call-back of 3237 * some vendor IOMMU drivers calls arm_iommu_attach_device() which 3238 * in-turn might call back into IOMMU core code, where it tries to take 3239 * group->mutex, resulting in a deadlock. 3240 */ 3241 mutex_unlock(&group->mutex); 3242 3243 /* Make sure dma_ops is appropriatley set */ 3244 iommu_group_do_probe_finalize(dev, group->default_domain); 3245 iommu_domain_free(prev_dom); 3246 return 0; 3247 3248 free_new_domain: 3249 iommu_domain_free(group->default_domain); 3250 group->default_domain = prev_dom; 3251 group->domain = prev_dom; 3252 3253 out: 3254 mutex_unlock(&group->mutex); 3255 3256 return ret; 3257 } 3258 3259 /* 3260 * Changing the default domain through sysfs requires the users to unbind the 3261 * drivers from the devices in the iommu group, except for a DMA -> DMA-FQ 3262 * transition. Return failure if this isn't met. 3263 * 3264 * We need to consider the race between this and the device release path. 3265 * device_lock(dev) is used here to guarantee that the device release path 3266 * will not be entered at the same time. 3267 */ 3268 static ssize_t iommu_group_store_type(struct iommu_group *group, 3269 const char *buf, size_t count) 3270 { 3271 struct group_device *grp_dev; 3272 struct device *dev; 3273 int ret, req_type; 3274 3275 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) 3276 return -EACCES; 3277 3278 if (WARN_ON(!group)) 3279 return -EINVAL; 3280 3281 if (sysfs_streq(buf, "identity")) 3282 req_type = IOMMU_DOMAIN_IDENTITY; 3283 else if (sysfs_streq(buf, "DMA")) 3284 req_type = IOMMU_DOMAIN_DMA; 3285 else if (sysfs_streq(buf, "DMA-FQ")) 3286 req_type = IOMMU_DOMAIN_DMA_FQ; 3287 else if (sysfs_streq(buf, "auto")) 3288 req_type = 0; 3289 else 3290 return -EINVAL; 3291 3292 /* 3293 * Lock/Unlock the group mutex here before device lock to 3294 * 1. Make sure that the iommu group has only one device (this is a 3295 * prerequisite for step 2) 3296 * 2. Get struct *dev which is needed to lock device 3297 */ 3298 mutex_lock(&group->mutex); 3299 if (iommu_group_device_count(group) != 1) { 3300 mutex_unlock(&group->mutex); 3301 pr_err_ratelimited("Cannot change default domain: Group has more than one device\n"); 3302 return -EINVAL; 3303 } 3304 3305 /* Since group has only one device */ 3306 grp_dev = list_first_entry(&group->devices, struct group_device, list); 3307 dev = grp_dev->dev; 3308 get_device(dev); 3309 3310 /* 3311 * Don't hold the group mutex because taking group mutex first and then 3312 * the device lock could potentially cause a deadlock as below. Assume 3313 * two threads T1 and T2. T1 is trying to change default domain of an 3314 * iommu group and T2 is trying to hot unplug a device or release [1] VF 3315 * of a PCIe device which is in the same iommu group. T1 takes group 3316 * mutex and before it could take device lock assume T2 has taken device 3317 * lock and is yet to take group mutex. Now, both the threads will be 3318 * waiting for the other thread to release lock. Below, lock order was 3319 * suggested. 3320 * device_lock(dev); 3321 * mutex_lock(&group->mutex); 3322 * iommu_change_dev_def_domain(); 3323 * mutex_unlock(&group->mutex); 3324 * device_unlock(dev); 3325 * 3326 * [1] Typical device release path 3327 * device_lock() from device/driver core code 3328 * -> bus_notifier() 3329 * -> iommu_bus_notifier() 3330 * -> iommu_release_device() 3331 * -> ops->release_device() vendor driver calls back iommu core code 3332 * -> mutex_lock() from iommu core code 3333 */ 3334 mutex_unlock(&group->mutex); 3335 3336 /* Check if the device in the group still has a driver bound to it */ 3337 device_lock(dev); 3338 if (device_is_bound(dev) && !(req_type == IOMMU_DOMAIN_DMA_FQ && 3339 group->default_domain->type == IOMMU_DOMAIN_DMA)) { 3340 pr_err_ratelimited("Device is still bound to driver\n"); 3341 ret = -EBUSY; 3342 goto out; 3343 } 3344 3345 ret = iommu_change_dev_def_domain(group, dev, req_type); 3346 ret = ret ?: count; 3347 3348 out: 3349 device_unlock(dev); 3350 put_device(dev); 3351 3352 return ret; 3353 } 3354