xref: /openbmc/linux/drivers/iommu/iommu.c (revision 5ed132db5ad4f58156ae9d28219396b6f764a9cb)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
4  * Author: Joerg Roedel <jroedel@suse.de>
5  */
6 
7 #define pr_fmt(fmt)    "iommu: " fmt
8 
9 #include <linux/device.h>
10 #include <linux/kernel.h>
11 #include <linux/bug.h>
12 #include <linux/types.h>
13 #include <linux/init.h>
14 #include <linux/export.h>
15 #include <linux/slab.h>
16 #include <linux/errno.h>
17 #include <linux/iommu.h>
18 #include <linux/idr.h>
19 #include <linux/notifier.h>
20 #include <linux/err.h>
21 #include <linux/pci.h>
22 #include <linux/bitops.h>
23 #include <linux/property.h>
24 #include <linux/fsl/mc.h>
25 #include <linux/module.h>
26 #include <trace/events/iommu.h>
27 
28 static struct kset *iommu_group_kset;
29 static DEFINE_IDA(iommu_group_ida);
30 
31 static unsigned int iommu_def_domain_type __read_mostly;
32 static bool iommu_dma_strict __read_mostly = true;
33 static u32 iommu_cmd_line __read_mostly;
34 
35 struct iommu_group {
36 	struct kobject kobj;
37 	struct kobject *devices_kobj;
38 	struct list_head devices;
39 	struct mutex mutex;
40 	struct blocking_notifier_head notifier;
41 	void *iommu_data;
42 	void (*iommu_data_release)(void *iommu_data);
43 	char *name;
44 	int id;
45 	struct iommu_domain *default_domain;
46 	struct iommu_domain *domain;
47 	struct list_head entry;
48 };
49 
50 struct group_device {
51 	struct list_head list;
52 	struct device *dev;
53 	char *name;
54 };
55 
56 struct iommu_group_attribute {
57 	struct attribute attr;
58 	ssize_t (*show)(struct iommu_group *group, char *buf);
59 	ssize_t (*store)(struct iommu_group *group,
60 			 const char *buf, size_t count);
61 };
62 
63 static const char * const iommu_group_resv_type_string[] = {
64 	[IOMMU_RESV_DIRECT]			= "direct",
65 	[IOMMU_RESV_DIRECT_RELAXABLE]		= "direct-relaxable",
66 	[IOMMU_RESV_RESERVED]			= "reserved",
67 	[IOMMU_RESV_MSI]			= "msi",
68 	[IOMMU_RESV_SW_MSI]			= "msi",
69 };
70 
71 #define IOMMU_CMD_LINE_DMA_API		BIT(0)
72 
73 static void iommu_set_cmd_line_dma_api(void)
74 {
75 	iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
76 }
77 
78 static bool iommu_cmd_line_dma_api(void)
79 {
80 	return !!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API);
81 }
82 
83 static int iommu_alloc_default_domain(struct iommu_group *group,
84 				      struct device *dev);
85 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
86 						 unsigned type);
87 static int __iommu_attach_device(struct iommu_domain *domain,
88 				 struct device *dev);
89 static int __iommu_attach_group(struct iommu_domain *domain,
90 				struct iommu_group *group);
91 static void __iommu_detach_group(struct iommu_domain *domain,
92 				 struct iommu_group *group);
93 static int iommu_create_device_direct_mappings(struct iommu_group *group,
94 					       struct device *dev);
95 static struct iommu_group *iommu_group_get_for_dev(struct device *dev);
96 
97 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store)		\
98 struct iommu_group_attribute iommu_group_attr_##_name =		\
99 	__ATTR(_name, _mode, _show, _store)
100 
101 #define to_iommu_group_attr(_attr)	\
102 	container_of(_attr, struct iommu_group_attribute, attr)
103 #define to_iommu_group(_kobj)		\
104 	container_of(_kobj, struct iommu_group, kobj)
105 
106 static LIST_HEAD(iommu_device_list);
107 static DEFINE_SPINLOCK(iommu_device_lock);
108 
109 /*
110  * Use a function instead of an array here because the domain-type is a
111  * bit-field, so an array would waste memory.
112  */
113 static const char *iommu_domain_type_str(unsigned int t)
114 {
115 	switch (t) {
116 	case IOMMU_DOMAIN_BLOCKED:
117 		return "Blocked";
118 	case IOMMU_DOMAIN_IDENTITY:
119 		return "Passthrough";
120 	case IOMMU_DOMAIN_UNMANAGED:
121 		return "Unmanaged";
122 	case IOMMU_DOMAIN_DMA:
123 		return "Translated";
124 	default:
125 		return "Unknown";
126 	}
127 }
128 
129 static int __init iommu_subsys_init(void)
130 {
131 	bool cmd_line = iommu_cmd_line_dma_api();
132 
133 	if (!cmd_line) {
134 		if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH))
135 			iommu_set_default_passthrough(false);
136 		else
137 			iommu_set_default_translated(false);
138 
139 		if (iommu_default_passthrough() && mem_encrypt_active()) {
140 			pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n");
141 			iommu_set_default_translated(false);
142 		}
143 	}
144 
145 	pr_info("Default domain type: %s %s\n",
146 		iommu_domain_type_str(iommu_def_domain_type),
147 		cmd_line ? "(set via kernel command line)" : "");
148 
149 	return 0;
150 }
151 subsys_initcall(iommu_subsys_init);
152 
153 int iommu_device_register(struct iommu_device *iommu)
154 {
155 	spin_lock(&iommu_device_lock);
156 	list_add_tail(&iommu->list, &iommu_device_list);
157 	spin_unlock(&iommu_device_lock);
158 	return 0;
159 }
160 EXPORT_SYMBOL_GPL(iommu_device_register);
161 
162 void iommu_device_unregister(struct iommu_device *iommu)
163 {
164 	spin_lock(&iommu_device_lock);
165 	list_del(&iommu->list);
166 	spin_unlock(&iommu_device_lock);
167 }
168 EXPORT_SYMBOL_GPL(iommu_device_unregister);
169 
170 static struct dev_iommu *dev_iommu_get(struct device *dev)
171 {
172 	struct dev_iommu *param = dev->iommu;
173 
174 	if (param)
175 		return param;
176 
177 	param = kzalloc(sizeof(*param), GFP_KERNEL);
178 	if (!param)
179 		return NULL;
180 
181 	mutex_init(&param->lock);
182 	dev->iommu = param;
183 	return param;
184 }
185 
186 static void dev_iommu_free(struct device *dev)
187 {
188 	iommu_fwspec_free(dev);
189 	kfree(dev->iommu);
190 	dev->iommu = NULL;
191 }
192 
193 static int __iommu_probe_device(struct device *dev, struct list_head *group_list)
194 {
195 	const struct iommu_ops *ops = dev->bus->iommu_ops;
196 	struct iommu_device *iommu_dev;
197 	struct iommu_group *group;
198 	int ret;
199 
200 	if (!ops)
201 		return -ENODEV;
202 
203 	if (!dev_iommu_get(dev))
204 		return -ENOMEM;
205 
206 	if (!try_module_get(ops->owner)) {
207 		ret = -EINVAL;
208 		goto err_free;
209 	}
210 
211 	iommu_dev = ops->probe_device(dev);
212 	if (IS_ERR(iommu_dev)) {
213 		ret = PTR_ERR(iommu_dev);
214 		goto out_module_put;
215 	}
216 
217 	dev->iommu->iommu_dev = iommu_dev;
218 
219 	group = iommu_group_get_for_dev(dev);
220 	if (IS_ERR(group)) {
221 		ret = PTR_ERR(group);
222 		goto out_release;
223 	}
224 	iommu_group_put(group);
225 
226 	if (group_list && !group->default_domain && list_empty(&group->entry))
227 		list_add_tail(&group->entry, group_list);
228 
229 	iommu_device_link(iommu_dev, dev);
230 
231 	return 0;
232 
233 out_release:
234 	ops->release_device(dev);
235 
236 out_module_put:
237 	module_put(ops->owner);
238 
239 err_free:
240 	dev_iommu_free(dev);
241 
242 	return ret;
243 }
244 
245 int iommu_probe_device(struct device *dev)
246 {
247 	const struct iommu_ops *ops = dev->bus->iommu_ops;
248 	struct iommu_group *group;
249 	int ret;
250 
251 	ret = __iommu_probe_device(dev, NULL);
252 	if (ret)
253 		goto err_out;
254 
255 	group = iommu_group_get(dev);
256 	if (!group)
257 		goto err_release;
258 
259 	/*
260 	 * Try to allocate a default domain - needs support from the
261 	 * IOMMU driver. There are still some drivers which don't
262 	 * support default domains, so the return value is not yet
263 	 * checked.
264 	 */
265 	iommu_alloc_default_domain(group, dev);
266 
267 	if (group->default_domain)
268 		ret = __iommu_attach_device(group->default_domain, dev);
269 
270 	iommu_create_device_direct_mappings(group, dev);
271 
272 	iommu_group_put(group);
273 
274 	if (ret)
275 		goto err_release;
276 
277 	if (ops->probe_finalize)
278 		ops->probe_finalize(dev);
279 
280 	return 0;
281 
282 err_release:
283 	iommu_release_device(dev);
284 
285 err_out:
286 	return ret;
287 
288 }
289 
290 void iommu_release_device(struct device *dev)
291 {
292 	const struct iommu_ops *ops = dev->bus->iommu_ops;
293 
294 	if (!dev->iommu)
295 		return;
296 
297 	iommu_device_unlink(dev->iommu->iommu_dev, dev);
298 
299 	ops->release_device(dev);
300 
301 	iommu_group_remove_device(dev);
302 	module_put(ops->owner);
303 	dev_iommu_free(dev);
304 }
305 
306 static int __init iommu_set_def_domain_type(char *str)
307 {
308 	bool pt;
309 	int ret;
310 
311 	ret = kstrtobool(str, &pt);
312 	if (ret)
313 		return ret;
314 
315 	if (pt)
316 		iommu_set_default_passthrough(true);
317 	else
318 		iommu_set_default_translated(true);
319 
320 	return 0;
321 }
322 early_param("iommu.passthrough", iommu_set_def_domain_type);
323 
324 static int __init iommu_dma_setup(char *str)
325 {
326 	return kstrtobool(str, &iommu_dma_strict);
327 }
328 early_param("iommu.strict", iommu_dma_setup);
329 
330 static ssize_t iommu_group_attr_show(struct kobject *kobj,
331 				     struct attribute *__attr, char *buf)
332 {
333 	struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
334 	struct iommu_group *group = to_iommu_group(kobj);
335 	ssize_t ret = -EIO;
336 
337 	if (attr->show)
338 		ret = attr->show(group, buf);
339 	return ret;
340 }
341 
342 static ssize_t iommu_group_attr_store(struct kobject *kobj,
343 				      struct attribute *__attr,
344 				      const char *buf, size_t count)
345 {
346 	struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
347 	struct iommu_group *group = to_iommu_group(kobj);
348 	ssize_t ret = -EIO;
349 
350 	if (attr->store)
351 		ret = attr->store(group, buf, count);
352 	return ret;
353 }
354 
355 static const struct sysfs_ops iommu_group_sysfs_ops = {
356 	.show = iommu_group_attr_show,
357 	.store = iommu_group_attr_store,
358 };
359 
360 static int iommu_group_create_file(struct iommu_group *group,
361 				   struct iommu_group_attribute *attr)
362 {
363 	return sysfs_create_file(&group->kobj, &attr->attr);
364 }
365 
366 static void iommu_group_remove_file(struct iommu_group *group,
367 				    struct iommu_group_attribute *attr)
368 {
369 	sysfs_remove_file(&group->kobj, &attr->attr);
370 }
371 
372 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf)
373 {
374 	return sprintf(buf, "%s\n", group->name);
375 }
376 
377 /**
378  * iommu_insert_resv_region - Insert a new region in the
379  * list of reserved regions.
380  * @new: new region to insert
381  * @regions: list of regions
382  *
383  * Elements are sorted by start address and overlapping segments
384  * of the same type are merged.
385  */
386 static int iommu_insert_resv_region(struct iommu_resv_region *new,
387 				    struct list_head *regions)
388 {
389 	struct iommu_resv_region *iter, *tmp, *nr, *top;
390 	LIST_HEAD(stack);
391 
392 	nr = iommu_alloc_resv_region(new->start, new->length,
393 				     new->prot, new->type);
394 	if (!nr)
395 		return -ENOMEM;
396 
397 	/* First add the new element based on start address sorting */
398 	list_for_each_entry(iter, regions, list) {
399 		if (nr->start < iter->start ||
400 		    (nr->start == iter->start && nr->type <= iter->type))
401 			break;
402 	}
403 	list_add_tail(&nr->list, &iter->list);
404 
405 	/* Merge overlapping segments of type nr->type in @regions, if any */
406 	list_for_each_entry_safe(iter, tmp, regions, list) {
407 		phys_addr_t top_end, iter_end = iter->start + iter->length - 1;
408 
409 		/* no merge needed on elements of different types than @new */
410 		if (iter->type != new->type) {
411 			list_move_tail(&iter->list, &stack);
412 			continue;
413 		}
414 
415 		/* look for the last stack element of same type as @iter */
416 		list_for_each_entry_reverse(top, &stack, list)
417 			if (top->type == iter->type)
418 				goto check_overlap;
419 
420 		list_move_tail(&iter->list, &stack);
421 		continue;
422 
423 check_overlap:
424 		top_end = top->start + top->length - 1;
425 
426 		if (iter->start > top_end + 1) {
427 			list_move_tail(&iter->list, &stack);
428 		} else {
429 			top->length = max(top_end, iter_end) - top->start + 1;
430 			list_del(&iter->list);
431 			kfree(iter);
432 		}
433 	}
434 	list_splice(&stack, regions);
435 	return 0;
436 }
437 
438 static int
439 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions,
440 				 struct list_head *group_resv_regions)
441 {
442 	struct iommu_resv_region *entry;
443 	int ret = 0;
444 
445 	list_for_each_entry(entry, dev_resv_regions, list) {
446 		ret = iommu_insert_resv_region(entry, group_resv_regions);
447 		if (ret)
448 			break;
449 	}
450 	return ret;
451 }
452 
453 int iommu_get_group_resv_regions(struct iommu_group *group,
454 				 struct list_head *head)
455 {
456 	struct group_device *device;
457 	int ret = 0;
458 
459 	mutex_lock(&group->mutex);
460 	list_for_each_entry(device, &group->devices, list) {
461 		struct list_head dev_resv_regions;
462 
463 		INIT_LIST_HEAD(&dev_resv_regions);
464 		iommu_get_resv_regions(device->dev, &dev_resv_regions);
465 		ret = iommu_insert_device_resv_regions(&dev_resv_regions, head);
466 		iommu_put_resv_regions(device->dev, &dev_resv_regions);
467 		if (ret)
468 			break;
469 	}
470 	mutex_unlock(&group->mutex);
471 	return ret;
472 }
473 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions);
474 
475 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group,
476 					     char *buf)
477 {
478 	struct iommu_resv_region *region, *next;
479 	struct list_head group_resv_regions;
480 	char *str = buf;
481 
482 	INIT_LIST_HEAD(&group_resv_regions);
483 	iommu_get_group_resv_regions(group, &group_resv_regions);
484 
485 	list_for_each_entry_safe(region, next, &group_resv_regions, list) {
486 		str += sprintf(str, "0x%016llx 0x%016llx %s\n",
487 			       (long long int)region->start,
488 			       (long long int)(region->start +
489 						region->length - 1),
490 			       iommu_group_resv_type_string[region->type]);
491 		kfree(region);
492 	}
493 
494 	return (str - buf);
495 }
496 
497 static ssize_t iommu_group_show_type(struct iommu_group *group,
498 				     char *buf)
499 {
500 	char *type = "unknown\n";
501 
502 	if (group->default_domain) {
503 		switch (group->default_domain->type) {
504 		case IOMMU_DOMAIN_BLOCKED:
505 			type = "blocked\n";
506 			break;
507 		case IOMMU_DOMAIN_IDENTITY:
508 			type = "identity\n";
509 			break;
510 		case IOMMU_DOMAIN_UNMANAGED:
511 			type = "unmanaged\n";
512 			break;
513 		case IOMMU_DOMAIN_DMA:
514 			type = "DMA\n";
515 			break;
516 		}
517 	}
518 	strcpy(buf, type);
519 
520 	return strlen(type);
521 }
522 
523 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL);
524 
525 static IOMMU_GROUP_ATTR(reserved_regions, 0444,
526 			iommu_group_show_resv_regions, NULL);
527 
528 static IOMMU_GROUP_ATTR(type, 0444, iommu_group_show_type, NULL);
529 
530 static void iommu_group_release(struct kobject *kobj)
531 {
532 	struct iommu_group *group = to_iommu_group(kobj);
533 
534 	pr_debug("Releasing group %d\n", group->id);
535 
536 	if (group->iommu_data_release)
537 		group->iommu_data_release(group->iommu_data);
538 
539 	ida_simple_remove(&iommu_group_ida, group->id);
540 
541 	if (group->default_domain)
542 		iommu_domain_free(group->default_domain);
543 
544 	kfree(group->name);
545 	kfree(group);
546 }
547 
548 static struct kobj_type iommu_group_ktype = {
549 	.sysfs_ops = &iommu_group_sysfs_ops,
550 	.release = iommu_group_release,
551 };
552 
553 /**
554  * iommu_group_alloc - Allocate a new group
555  *
556  * This function is called by an iommu driver to allocate a new iommu
557  * group.  The iommu group represents the minimum granularity of the iommu.
558  * Upon successful return, the caller holds a reference to the supplied
559  * group in order to hold the group until devices are added.  Use
560  * iommu_group_put() to release this extra reference count, allowing the
561  * group to be automatically reclaimed once it has no devices or external
562  * references.
563  */
564 struct iommu_group *iommu_group_alloc(void)
565 {
566 	struct iommu_group *group;
567 	int ret;
568 
569 	group = kzalloc(sizeof(*group), GFP_KERNEL);
570 	if (!group)
571 		return ERR_PTR(-ENOMEM);
572 
573 	group->kobj.kset = iommu_group_kset;
574 	mutex_init(&group->mutex);
575 	INIT_LIST_HEAD(&group->devices);
576 	INIT_LIST_HEAD(&group->entry);
577 	BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
578 
579 	ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL);
580 	if (ret < 0) {
581 		kfree(group);
582 		return ERR_PTR(ret);
583 	}
584 	group->id = ret;
585 
586 	ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype,
587 				   NULL, "%d", group->id);
588 	if (ret) {
589 		ida_simple_remove(&iommu_group_ida, group->id);
590 		kobject_put(&group->kobj);
591 		return ERR_PTR(ret);
592 	}
593 
594 	group->devices_kobj = kobject_create_and_add("devices", &group->kobj);
595 	if (!group->devices_kobj) {
596 		kobject_put(&group->kobj); /* triggers .release & free */
597 		return ERR_PTR(-ENOMEM);
598 	}
599 
600 	/*
601 	 * The devices_kobj holds a reference on the group kobject, so
602 	 * as long as that exists so will the group.  We can therefore
603 	 * use the devices_kobj for reference counting.
604 	 */
605 	kobject_put(&group->kobj);
606 
607 	ret = iommu_group_create_file(group,
608 				      &iommu_group_attr_reserved_regions);
609 	if (ret)
610 		return ERR_PTR(ret);
611 
612 	ret = iommu_group_create_file(group, &iommu_group_attr_type);
613 	if (ret)
614 		return ERR_PTR(ret);
615 
616 	pr_debug("Allocated group %d\n", group->id);
617 
618 	return group;
619 }
620 EXPORT_SYMBOL_GPL(iommu_group_alloc);
621 
622 struct iommu_group *iommu_group_get_by_id(int id)
623 {
624 	struct kobject *group_kobj;
625 	struct iommu_group *group;
626 	const char *name;
627 
628 	if (!iommu_group_kset)
629 		return NULL;
630 
631 	name = kasprintf(GFP_KERNEL, "%d", id);
632 	if (!name)
633 		return NULL;
634 
635 	group_kobj = kset_find_obj(iommu_group_kset, name);
636 	kfree(name);
637 
638 	if (!group_kobj)
639 		return NULL;
640 
641 	group = container_of(group_kobj, struct iommu_group, kobj);
642 	BUG_ON(group->id != id);
643 
644 	kobject_get(group->devices_kobj);
645 	kobject_put(&group->kobj);
646 
647 	return group;
648 }
649 EXPORT_SYMBOL_GPL(iommu_group_get_by_id);
650 
651 /**
652  * iommu_group_get_iommudata - retrieve iommu_data registered for a group
653  * @group: the group
654  *
655  * iommu drivers can store data in the group for use when doing iommu
656  * operations.  This function provides a way to retrieve it.  Caller
657  * should hold a group reference.
658  */
659 void *iommu_group_get_iommudata(struct iommu_group *group)
660 {
661 	return group->iommu_data;
662 }
663 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata);
664 
665 /**
666  * iommu_group_set_iommudata - set iommu_data for a group
667  * @group: the group
668  * @iommu_data: new data
669  * @release: release function for iommu_data
670  *
671  * iommu drivers can store data in the group for use when doing iommu
672  * operations.  This function provides a way to set the data after
673  * the group has been allocated.  Caller should hold a group reference.
674  */
675 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data,
676 			       void (*release)(void *iommu_data))
677 {
678 	group->iommu_data = iommu_data;
679 	group->iommu_data_release = release;
680 }
681 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata);
682 
683 /**
684  * iommu_group_set_name - set name for a group
685  * @group: the group
686  * @name: name
687  *
688  * Allow iommu driver to set a name for a group.  When set it will
689  * appear in a name attribute file under the group in sysfs.
690  */
691 int iommu_group_set_name(struct iommu_group *group, const char *name)
692 {
693 	int ret;
694 
695 	if (group->name) {
696 		iommu_group_remove_file(group, &iommu_group_attr_name);
697 		kfree(group->name);
698 		group->name = NULL;
699 		if (!name)
700 			return 0;
701 	}
702 
703 	group->name = kstrdup(name, GFP_KERNEL);
704 	if (!group->name)
705 		return -ENOMEM;
706 
707 	ret = iommu_group_create_file(group, &iommu_group_attr_name);
708 	if (ret) {
709 		kfree(group->name);
710 		group->name = NULL;
711 		return ret;
712 	}
713 
714 	return 0;
715 }
716 EXPORT_SYMBOL_GPL(iommu_group_set_name);
717 
718 static int iommu_create_device_direct_mappings(struct iommu_group *group,
719 					       struct device *dev)
720 {
721 	struct iommu_domain *domain = group->default_domain;
722 	struct iommu_resv_region *entry;
723 	struct list_head mappings;
724 	unsigned long pg_size;
725 	int ret = 0;
726 
727 	if (!domain || domain->type != IOMMU_DOMAIN_DMA)
728 		return 0;
729 
730 	BUG_ON(!domain->pgsize_bitmap);
731 
732 	pg_size = 1UL << __ffs(domain->pgsize_bitmap);
733 	INIT_LIST_HEAD(&mappings);
734 
735 	iommu_get_resv_regions(dev, &mappings);
736 
737 	/* We need to consider overlapping regions for different devices */
738 	list_for_each_entry(entry, &mappings, list) {
739 		dma_addr_t start, end, addr;
740 
741 		if (domain->ops->apply_resv_region)
742 			domain->ops->apply_resv_region(dev, domain, entry);
743 
744 		start = ALIGN(entry->start, pg_size);
745 		end   = ALIGN(entry->start + entry->length, pg_size);
746 
747 		if (entry->type != IOMMU_RESV_DIRECT &&
748 		    entry->type != IOMMU_RESV_DIRECT_RELAXABLE)
749 			continue;
750 
751 		for (addr = start; addr < end; addr += pg_size) {
752 			phys_addr_t phys_addr;
753 
754 			phys_addr = iommu_iova_to_phys(domain, addr);
755 			if (phys_addr)
756 				continue;
757 
758 			ret = iommu_map(domain, addr, addr, pg_size, entry->prot);
759 			if (ret)
760 				goto out;
761 		}
762 
763 	}
764 
765 	iommu_flush_iotlb_all(domain);
766 
767 out:
768 	iommu_put_resv_regions(dev, &mappings);
769 
770 	return ret;
771 }
772 
773 static bool iommu_is_attach_deferred(struct iommu_domain *domain,
774 				     struct device *dev)
775 {
776 	if (domain->ops->is_attach_deferred)
777 		return domain->ops->is_attach_deferred(domain, dev);
778 
779 	return false;
780 }
781 
782 /**
783  * iommu_group_add_device - add a device to an iommu group
784  * @group: the group into which to add the device (reference should be held)
785  * @dev: the device
786  *
787  * This function is called by an iommu driver to add a device into a
788  * group.  Adding a device increments the group reference count.
789  */
790 int iommu_group_add_device(struct iommu_group *group, struct device *dev)
791 {
792 	int ret, i = 0;
793 	struct group_device *device;
794 
795 	device = kzalloc(sizeof(*device), GFP_KERNEL);
796 	if (!device)
797 		return -ENOMEM;
798 
799 	device->dev = dev;
800 
801 	ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group");
802 	if (ret)
803 		goto err_free_device;
804 
805 	device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj));
806 rename:
807 	if (!device->name) {
808 		ret = -ENOMEM;
809 		goto err_remove_link;
810 	}
811 
812 	ret = sysfs_create_link_nowarn(group->devices_kobj,
813 				       &dev->kobj, device->name);
814 	if (ret) {
815 		if (ret == -EEXIST && i >= 0) {
816 			/*
817 			 * Account for the slim chance of collision
818 			 * and append an instance to the name.
819 			 */
820 			kfree(device->name);
821 			device->name = kasprintf(GFP_KERNEL, "%s.%d",
822 						 kobject_name(&dev->kobj), i++);
823 			goto rename;
824 		}
825 		goto err_free_name;
826 	}
827 
828 	kobject_get(group->devices_kobj);
829 
830 	dev->iommu_group = group;
831 
832 	mutex_lock(&group->mutex);
833 	list_add_tail(&device->list, &group->devices);
834 	if (group->domain  && !iommu_is_attach_deferred(group->domain, dev))
835 		ret = __iommu_attach_device(group->domain, dev);
836 	mutex_unlock(&group->mutex);
837 	if (ret)
838 		goto err_put_group;
839 
840 	/* Notify any listeners about change to group. */
841 	blocking_notifier_call_chain(&group->notifier,
842 				     IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev);
843 
844 	trace_add_device_to_group(group->id, dev);
845 
846 	dev_info(dev, "Adding to iommu group %d\n", group->id);
847 
848 	return 0;
849 
850 err_put_group:
851 	mutex_lock(&group->mutex);
852 	list_del(&device->list);
853 	mutex_unlock(&group->mutex);
854 	dev->iommu_group = NULL;
855 	kobject_put(group->devices_kobj);
856 	sysfs_remove_link(group->devices_kobj, device->name);
857 err_free_name:
858 	kfree(device->name);
859 err_remove_link:
860 	sysfs_remove_link(&dev->kobj, "iommu_group");
861 err_free_device:
862 	kfree(device);
863 	dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret);
864 	return ret;
865 }
866 EXPORT_SYMBOL_GPL(iommu_group_add_device);
867 
868 /**
869  * iommu_group_remove_device - remove a device from it's current group
870  * @dev: device to be removed
871  *
872  * This function is called by an iommu driver to remove the device from
873  * it's current group.  This decrements the iommu group reference count.
874  */
875 void iommu_group_remove_device(struct device *dev)
876 {
877 	struct iommu_group *group = dev->iommu_group;
878 	struct group_device *tmp_device, *device = NULL;
879 
880 	dev_info(dev, "Removing from iommu group %d\n", group->id);
881 
882 	/* Pre-notify listeners that a device is being removed. */
883 	blocking_notifier_call_chain(&group->notifier,
884 				     IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);
885 
886 	mutex_lock(&group->mutex);
887 	list_for_each_entry(tmp_device, &group->devices, list) {
888 		if (tmp_device->dev == dev) {
889 			device = tmp_device;
890 			list_del(&device->list);
891 			break;
892 		}
893 	}
894 	mutex_unlock(&group->mutex);
895 
896 	if (!device)
897 		return;
898 
899 	sysfs_remove_link(group->devices_kobj, device->name);
900 	sysfs_remove_link(&dev->kobj, "iommu_group");
901 
902 	trace_remove_device_from_group(group->id, dev);
903 
904 	kfree(device->name);
905 	kfree(device);
906 	dev->iommu_group = NULL;
907 	kobject_put(group->devices_kobj);
908 }
909 EXPORT_SYMBOL_GPL(iommu_group_remove_device);
910 
911 static int iommu_group_device_count(struct iommu_group *group)
912 {
913 	struct group_device *entry;
914 	int ret = 0;
915 
916 	list_for_each_entry(entry, &group->devices, list)
917 		ret++;
918 
919 	return ret;
920 }
921 
922 /**
923  * iommu_group_for_each_dev - iterate over each device in the group
924  * @group: the group
925  * @data: caller opaque data to be passed to callback function
926  * @fn: caller supplied callback function
927  *
928  * This function is called by group users to iterate over group devices.
929  * Callers should hold a reference count to the group during callback.
930  * The group->mutex is held across callbacks, which will block calls to
931  * iommu_group_add/remove_device.
932  */
933 static int __iommu_group_for_each_dev(struct iommu_group *group, void *data,
934 				      int (*fn)(struct device *, void *))
935 {
936 	struct group_device *device;
937 	int ret = 0;
938 
939 	list_for_each_entry(device, &group->devices, list) {
940 		ret = fn(device->dev, data);
941 		if (ret)
942 			break;
943 	}
944 	return ret;
945 }
946 
947 
948 int iommu_group_for_each_dev(struct iommu_group *group, void *data,
949 			     int (*fn)(struct device *, void *))
950 {
951 	int ret;
952 
953 	mutex_lock(&group->mutex);
954 	ret = __iommu_group_for_each_dev(group, data, fn);
955 	mutex_unlock(&group->mutex);
956 
957 	return ret;
958 }
959 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev);
960 
961 /**
962  * iommu_group_get - Return the group for a device and increment reference
963  * @dev: get the group that this device belongs to
964  *
965  * This function is called by iommu drivers and users to get the group
966  * for the specified device.  If found, the group is returned and the group
967  * reference in incremented, else NULL.
968  */
969 struct iommu_group *iommu_group_get(struct device *dev)
970 {
971 	struct iommu_group *group = dev->iommu_group;
972 
973 	if (group)
974 		kobject_get(group->devices_kobj);
975 
976 	return group;
977 }
978 EXPORT_SYMBOL_GPL(iommu_group_get);
979 
980 /**
981  * iommu_group_ref_get - Increment reference on a group
982  * @group: the group to use, must not be NULL
983  *
984  * This function is called by iommu drivers to take additional references on an
985  * existing group.  Returns the given group for convenience.
986  */
987 struct iommu_group *iommu_group_ref_get(struct iommu_group *group)
988 {
989 	kobject_get(group->devices_kobj);
990 	return group;
991 }
992 EXPORT_SYMBOL_GPL(iommu_group_ref_get);
993 
994 /**
995  * iommu_group_put - Decrement group reference
996  * @group: the group to use
997  *
998  * This function is called by iommu drivers and users to release the
999  * iommu group.  Once the reference count is zero, the group is released.
1000  */
1001 void iommu_group_put(struct iommu_group *group)
1002 {
1003 	if (group)
1004 		kobject_put(group->devices_kobj);
1005 }
1006 EXPORT_SYMBOL_GPL(iommu_group_put);
1007 
1008 /**
1009  * iommu_group_register_notifier - Register a notifier for group changes
1010  * @group: the group to watch
1011  * @nb: notifier block to signal
1012  *
1013  * This function allows iommu group users to track changes in a group.
1014  * See include/linux/iommu.h for actions sent via this notifier.  Caller
1015  * should hold a reference to the group throughout notifier registration.
1016  */
1017 int iommu_group_register_notifier(struct iommu_group *group,
1018 				  struct notifier_block *nb)
1019 {
1020 	return blocking_notifier_chain_register(&group->notifier, nb);
1021 }
1022 EXPORT_SYMBOL_GPL(iommu_group_register_notifier);
1023 
1024 /**
1025  * iommu_group_unregister_notifier - Unregister a notifier
1026  * @group: the group to watch
1027  * @nb: notifier block to signal
1028  *
1029  * Unregister a previously registered group notifier block.
1030  */
1031 int iommu_group_unregister_notifier(struct iommu_group *group,
1032 				    struct notifier_block *nb)
1033 {
1034 	return blocking_notifier_chain_unregister(&group->notifier, nb);
1035 }
1036 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier);
1037 
1038 /**
1039  * iommu_register_device_fault_handler() - Register a device fault handler
1040  * @dev: the device
1041  * @handler: the fault handler
1042  * @data: private data passed as argument to the handler
1043  *
1044  * When an IOMMU fault event is received, this handler gets called with the
1045  * fault event and data as argument. The handler should return 0 on success. If
1046  * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also
1047  * complete the fault by calling iommu_page_response() with one of the following
1048  * response code:
1049  * - IOMMU_PAGE_RESP_SUCCESS: retry the translation
1050  * - IOMMU_PAGE_RESP_INVALID: terminate the fault
1051  * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting
1052  *   page faults if possible.
1053  *
1054  * Return 0 if the fault handler was installed successfully, or an error.
1055  */
1056 int iommu_register_device_fault_handler(struct device *dev,
1057 					iommu_dev_fault_handler_t handler,
1058 					void *data)
1059 {
1060 	struct dev_iommu *param = dev->iommu;
1061 	int ret = 0;
1062 
1063 	if (!param)
1064 		return -EINVAL;
1065 
1066 	mutex_lock(&param->lock);
1067 	/* Only allow one fault handler registered for each device */
1068 	if (param->fault_param) {
1069 		ret = -EBUSY;
1070 		goto done_unlock;
1071 	}
1072 
1073 	get_device(dev);
1074 	param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL);
1075 	if (!param->fault_param) {
1076 		put_device(dev);
1077 		ret = -ENOMEM;
1078 		goto done_unlock;
1079 	}
1080 	param->fault_param->handler = handler;
1081 	param->fault_param->data = data;
1082 	mutex_init(&param->fault_param->lock);
1083 	INIT_LIST_HEAD(&param->fault_param->faults);
1084 
1085 done_unlock:
1086 	mutex_unlock(&param->lock);
1087 
1088 	return ret;
1089 }
1090 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler);
1091 
1092 /**
1093  * iommu_unregister_device_fault_handler() - Unregister the device fault handler
1094  * @dev: the device
1095  *
1096  * Remove the device fault handler installed with
1097  * iommu_register_device_fault_handler().
1098  *
1099  * Return 0 on success, or an error.
1100  */
1101 int iommu_unregister_device_fault_handler(struct device *dev)
1102 {
1103 	struct dev_iommu *param = dev->iommu;
1104 	int ret = 0;
1105 
1106 	if (!param)
1107 		return -EINVAL;
1108 
1109 	mutex_lock(&param->lock);
1110 
1111 	if (!param->fault_param)
1112 		goto unlock;
1113 
1114 	/* we cannot unregister handler if there are pending faults */
1115 	if (!list_empty(&param->fault_param->faults)) {
1116 		ret = -EBUSY;
1117 		goto unlock;
1118 	}
1119 
1120 	kfree(param->fault_param);
1121 	param->fault_param = NULL;
1122 	put_device(dev);
1123 unlock:
1124 	mutex_unlock(&param->lock);
1125 
1126 	return ret;
1127 }
1128 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler);
1129 
1130 /**
1131  * iommu_report_device_fault() - Report fault event to device driver
1132  * @dev: the device
1133  * @evt: fault event data
1134  *
1135  * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ
1136  * handler. When this function fails and the fault is recoverable, it is the
1137  * caller's responsibility to complete the fault.
1138  *
1139  * Return 0 on success, or an error.
1140  */
1141 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt)
1142 {
1143 	struct dev_iommu *param = dev->iommu;
1144 	struct iommu_fault_event *evt_pending = NULL;
1145 	struct iommu_fault_param *fparam;
1146 	int ret = 0;
1147 
1148 	if (!param || !evt)
1149 		return -EINVAL;
1150 
1151 	/* we only report device fault if there is a handler registered */
1152 	mutex_lock(&param->lock);
1153 	fparam = param->fault_param;
1154 	if (!fparam || !fparam->handler) {
1155 		ret = -EINVAL;
1156 		goto done_unlock;
1157 	}
1158 
1159 	if (evt->fault.type == IOMMU_FAULT_PAGE_REQ &&
1160 	    (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) {
1161 		evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event),
1162 				      GFP_KERNEL);
1163 		if (!evt_pending) {
1164 			ret = -ENOMEM;
1165 			goto done_unlock;
1166 		}
1167 		mutex_lock(&fparam->lock);
1168 		list_add_tail(&evt_pending->list, &fparam->faults);
1169 		mutex_unlock(&fparam->lock);
1170 	}
1171 
1172 	ret = fparam->handler(&evt->fault, fparam->data);
1173 	if (ret && evt_pending) {
1174 		mutex_lock(&fparam->lock);
1175 		list_del(&evt_pending->list);
1176 		mutex_unlock(&fparam->lock);
1177 		kfree(evt_pending);
1178 	}
1179 done_unlock:
1180 	mutex_unlock(&param->lock);
1181 	return ret;
1182 }
1183 EXPORT_SYMBOL_GPL(iommu_report_device_fault);
1184 
1185 int iommu_page_response(struct device *dev,
1186 			struct iommu_page_response *msg)
1187 {
1188 	bool needs_pasid;
1189 	int ret = -EINVAL;
1190 	struct iommu_fault_event *evt;
1191 	struct iommu_fault_page_request *prm;
1192 	struct dev_iommu *param = dev->iommu;
1193 	bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID;
1194 	struct iommu_domain *domain = iommu_get_domain_for_dev(dev);
1195 
1196 	if (!domain || !domain->ops->page_response)
1197 		return -ENODEV;
1198 
1199 	if (!param || !param->fault_param)
1200 		return -EINVAL;
1201 
1202 	if (msg->version != IOMMU_PAGE_RESP_VERSION_1 ||
1203 	    msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID)
1204 		return -EINVAL;
1205 
1206 	/* Only send response if there is a fault report pending */
1207 	mutex_lock(&param->fault_param->lock);
1208 	if (list_empty(&param->fault_param->faults)) {
1209 		dev_warn_ratelimited(dev, "no pending PRQ, drop response\n");
1210 		goto done_unlock;
1211 	}
1212 	/*
1213 	 * Check if we have a matching page request pending to respond,
1214 	 * otherwise return -EINVAL
1215 	 */
1216 	list_for_each_entry(evt, &param->fault_param->faults, list) {
1217 		prm = &evt->fault.prm;
1218 		if (prm->grpid != msg->grpid)
1219 			continue;
1220 
1221 		/*
1222 		 * If the PASID is required, the corresponding request is
1223 		 * matched using the group ID, the PASID valid bit and the PASID
1224 		 * value. Otherwise only the group ID matches request and
1225 		 * response.
1226 		 */
1227 		needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID;
1228 		if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid))
1229 			continue;
1230 
1231 		if (!needs_pasid && has_pasid) {
1232 			/* No big deal, just clear it. */
1233 			msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID;
1234 			msg->pasid = 0;
1235 		}
1236 
1237 		ret = domain->ops->page_response(dev, evt, msg);
1238 		list_del(&evt->list);
1239 		kfree(evt);
1240 		break;
1241 	}
1242 
1243 done_unlock:
1244 	mutex_unlock(&param->fault_param->lock);
1245 	return ret;
1246 }
1247 EXPORT_SYMBOL_GPL(iommu_page_response);
1248 
1249 /**
1250  * iommu_group_id - Return ID for a group
1251  * @group: the group to ID
1252  *
1253  * Return the unique ID for the group matching the sysfs group number.
1254  */
1255 int iommu_group_id(struct iommu_group *group)
1256 {
1257 	return group->id;
1258 }
1259 EXPORT_SYMBOL_GPL(iommu_group_id);
1260 
1261 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1262 					       unsigned long *devfns);
1263 
1264 /*
1265  * To consider a PCI device isolated, we require ACS to support Source
1266  * Validation, Request Redirection, Completer Redirection, and Upstream
1267  * Forwarding.  This effectively means that devices cannot spoof their
1268  * requester ID, requests and completions cannot be redirected, and all
1269  * transactions are forwarded upstream, even as it passes through a
1270  * bridge where the target device is downstream.
1271  */
1272 #define REQ_ACS_FLAGS   (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
1273 
1274 /*
1275  * For multifunction devices which are not isolated from each other, find
1276  * all the other non-isolated functions and look for existing groups.  For
1277  * each function, we also need to look for aliases to or from other devices
1278  * that may already have a group.
1279  */
1280 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev,
1281 							unsigned long *devfns)
1282 {
1283 	struct pci_dev *tmp = NULL;
1284 	struct iommu_group *group;
1285 
1286 	if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS))
1287 		return NULL;
1288 
1289 	for_each_pci_dev(tmp) {
1290 		if (tmp == pdev || tmp->bus != pdev->bus ||
1291 		    PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
1292 		    pci_acs_enabled(tmp, REQ_ACS_FLAGS))
1293 			continue;
1294 
1295 		group = get_pci_alias_group(tmp, devfns);
1296 		if (group) {
1297 			pci_dev_put(tmp);
1298 			return group;
1299 		}
1300 	}
1301 
1302 	return NULL;
1303 }
1304 
1305 /*
1306  * Look for aliases to or from the given device for existing groups. DMA
1307  * aliases are only supported on the same bus, therefore the search
1308  * space is quite small (especially since we're really only looking at pcie
1309  * device, and therefore only expect multiple slots on the root complex or
1310  * downstream switch ports).  It's conceivable though that a pair of
1311  * multifunction devices could have aliases between them that would cause a
1312  * loop.  To prevent this, we use a bitmap to track where we've been.
1313  */
1314 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1315 					       unsigned long *devfns)
1316 {
1317 	struct pci_dev *tmp = NULL;
1318 	struct iommu_group *group;
1319 
1320 	if (test_and_set_bit(pdev->devfn & 0xff, devfns))
1321 		return NULL;
1322 
1323 	group = iommu_group_get(&pdev->dev);
1324 	if (group)
1325 		return group;
1326 
1327 	for_each_pci_dev(tmp) {
1328 		if (tmp == pdev || tmp->bus != pdev->bus)
1329 			continue;
1330 
1331 		/* We alias them or they alias us */
1332 		if (pci_devs_are_dma_aliases(pdev, tmp)) {
1333 			group = get_pci_alias_group(tmp, devfns);
1334 			if (group) {
1335 				pci_dev_put(tmp);
1336 				return group;
1337 			}
1338 
1339 			group = get_pci_function_alias_group(tmp, devfns);
1340 			if (group) {
1341 				pci_dev_put(tmp);
1342 				return group;
1343 			}
1344 		}
1345 	}
1346 
1347 	return NULL;
1348 }
1349 
1350 struct group_for_pci_data {
1351 	struct pci_dev *pdev;
1352 	struct iommu_group *group;
1353 };
1354 
1355 /*
1356  * DMA alias iterator callback, return the last seen device.  Stop and return
1357  * the IOMMU group if we find one along the way.
1358  */
1359 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque)
1360 {
1361 	struct group_for_pci_data *data = opaque;
1362 
1363 	data->pdev = pdev;
1364 	data->group = iommu_group_get(&pdev->dev);
1365 
1366 	return data->group != NULL;
1367 }
1368 
1369 /*
1370  * Generic device_group call-back function. It just allocates one
1371  * iommu-group per device.
1372  */
1373 struct iommu_group *generic_device_group(struct device *dev)
1374 {
1375 	return iommu_group_alloc();
1376 }
1377 EXPORT_SYMBOL_GPL(generic_device_group);
1378 
1379 /*
1380  * Use standard PCI bus topology, isolation features, and DMA alias quirks
1381  * to find or create an IOMMU group for a device.
1382  */
1383 struct iommu_group *pci_device_group(struct device *dev)
1384 {
1385 	struct pci_dev *pdev = to_pci_dev(dev);
1386 	struct group_for_pci_data data;
1387 	struct pci_bus *bus;
1388 	struct iommu_group *group = NULL;
1389 	u64 devfns[4] = { 0 };
1390 
1391 	if (WARN_ON(!dev_is_pci(dev)))
1392 		return ERR_PTR(-EINVAL);
1393 
1394 	/*
1395 	 * Find the upstream DMA alias for the device.  A device must not
1396 	 * be aliased due to topology in order to have its own IOMMU group.
1397 	 * If we find an alias along the way that already belongs to a
1398 	 * group, use it.
1399 	 */
1400 	if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data))
1401 		return data.group;
1402 
1403 	pdev = data.pdev;
1404 
1405 	/*
1406 	 * Continue upstream from the point of minimum IOMMU granularity
1407 	 * due to aliases to the point where devices are protected from
1408 	 * peer-to-peer DMA by PCI ACS.  Again, if we find an existing
1409 	 * group, use it.
1410 	 */
1411 	for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) {
1412 		if (!bus->self)
1413 			continue;
1414 
1415 		if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS))
1416 			break;
1417 
1418 		pdev = bus->self;
1419 
1420 		group = iommu_group_get(&pdev->dev);
1421 		if (group)
1422 			return group;
1423 	}
1424 
1425 	/*
1426 	 * Look for existing groups on device aliases.  If we alias another
1427 	 * device or another device aliases us, use the same group.
1428 	 */
1429 	group = get_pci_alias_group(pdev, (unsigned long *)devfns);
1430 	if (group)
1431 		return group;
1432 
1433 	/*
1434 	 * Look for existing groups on non-isolated functions on the same
1435 	 * slot and aliases of those funcions, if any.  No need to clear
1436 	 * the search bitmap, the tested devfns are still valid.
1437 	 */
1438 	group = get_pci_function_alias_group(pdev, (unsigned long *)devfns);
1439 	if (group)
1440 		return group;
1441 
1442 	/* No shared group found, allocate new */
1443 	return iommu_group_alloc();
1444 }
1445 EXPORT_SYMBOL_GPL(pci_device_group);
1446 
1447 /* Get the IOMMU group for device on fsl-mc bus */
1448 struct iommu_group *fsl_mc_device_group(struct device *dev)
1449 {
1450 	struct device *cont_dev = fsl_mc_cont_dev(dev);
1451 	struct iommu_group *group;
1452 
1453 	group = iommu_group_get(cont_dev);
1454 	if (!group)
1455 		group = iommu_group_alloc();
1456 	return group;
1457 }
1458 EXPORT_SYMBOL_GPL(fsl_mc_device_group);
1459 
1460 static int iommu_get_def_domain_type(struct device *dev)
1461 {
1462 	const struct iommu_ops *ops = dev->bus->iommu_ops;
1463 	unsigned int type = 0;
1464 
1465 	if (ops->def_domain_type)
1466 		type = ops->def_domain_type(dev);
1467 
1468 	return (type == 0) ? iommu_def_domain_type : type;
1469 }
1470 
1471 static int iommu_group_alloc_default_domain(struct bus_type *bus,
1472 					    struct iommu_group *group,
1473 					    unsigned int type)
1474 {
1475 	struct iommu_domain *dom;
1476 
1477 	dom = __iommu_domain_alloc(bus, type);
1478 	if (!dom && type != IOMMU_DOMAIN_DMA) {
1479 		dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA);
1480 		if (dom)
1481 			pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA",
1482 				type, group->name);
1483 	}
1484 
1485 	if (!dom)
1486 		return -ENOMEM;
1487 
1488 	group->default_domain = dom;
1489 	if (!group->domain)
1490 		group->domain = dom;
1491 
1492 	if (!iommu_dma_strict) {
1493 		int attr = 1;
1494 		iommu_domain_set_attr(dom,
1495 				      DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE,
1496 				      &attr);
1497 	}
1498 
1499 	return 0;
1500 }
1501 
1502 static int iommu_alloc_default_domain(struct iommu_group *group,
1503 				      struct device *dev)
1504 {
1505 	unsigned int type;
1506 
1507 	if (group->default_domain)
1508 		return 0;
1509 
1510 	type = iommu_get_def_domain_type(dev);
1511 
1512 	return iommu_group_alloc_default_domain(dev->bus, group, type);
1513 }
1514 
1515 /**
1516  * iommu_group_get_for_dev - Find or create the IOMMU group for a device
1517  * @dev: target device
1518  *
1519  * This function is intended to be called by IOMMU drivers and extended to
1520  * support common, bus-defined algorithms when determining or creating the
1521  * IOMMU group for a device.  On success, the caller will hold a reference
1522  * to the returned IOMMU group, which will already include the provided
1523  * device.  The reference should be released with iommu_group_put().
1524  */
1525 static struct iommu_group *iommu_group_get_for_dev(struct device *dev)
1526 {
1527 	const struct iommu_ops *ops = dev->bus->iommu_ops;
1528 	struct iommu_group *group;
1529 	int ret;
1530 
1531 	group = iommu_group_get(dev);
1532 	if (group)
1533 		return group;
1534 
1535 	if (!ops)
1536 		return ERR_PTR(-EINVAL);
1537 
1538 	group = ops->device_group(dev);
1539 	if (WARN_ON_ONCE(group == NULL))
1540 		return ERR_PTR(-EINVAL);
1541 
1542 	if (IS_ERR(group))
1543 		return group;
1544 
1545 	ret = iommu_group_add_device(group, dev);
1546 	if (ret)
1547 		goto out_put_group;
1548 
1549 	return group;
1550 
1551 out_put_group:
1552 	iommu_group_put(group);
1553 
1554 	return ERR_PTR(ret);
1555 }
1556 
1557 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group)
1558 {
1559 	return group->default_domain;
1560 }
1561 
1562 static int probe_iommu_group(struct device *dev, void *data)
1563 {
1564 	struct list_head *group_list = data;
1565 	struct iommu_group *group;
1566 	int ret;
1567 
1568 	/* Device is probed already if in a group */
1569 	group = iommu_group_get(dev);
1570 	if (group) {
1571 		iommu_group_put(group);
1572 		return 0;
1573 	}
1574 
1575 	ret = __iommu_probe_device(dev, group_list);
1576 	if (ret == -ENODEV)
1577 		ret = 0;
1578 
1579 	return ret;
1580 }
1581 
1582 static int remove_iommu_group(struct device *dev, void *data)
1583 {
1584 	iommu_release_device(dev);
1585 
1586 	return 0;
1587 }
1588 
1589 static int iommu_bus_notifier(struct notifier_block *nb,
1590 			      unsigned long action, void *data)
1591 {
1592 	unsigned long group_action = 0;
1593 	struct device *dev = data;
1594 	struct iommu_group *group;
1595 
1596 	/*
1597 	 * ADD/DEL call into iommu driver ops if provided, which may
1598 	 * result in ADD/DEL notifiers to group->notifier
1599 	 */
1600 	if (action == BUS_NOTIFY_ADD_DEVICE) {
1601 		int ret;
1602 
1603 		ret = iommu_probe_device(dev);
1604 		return (ret) ? NOTIFY_DONE : NOTIFY_OK;
1605 	} else if (action == BUS_NOTIFY_REMOVED_DEVICE) {
1606 		iommu_release_device(dev);
1607 		return NOTIFY_OK;
1608 	}
1609 
1610 	/*
1611 	 * Remaining BUS_NOTIFYs get filtered and republished to the
1612 	 * group, if anyone is listening
1613 	 */
1614 	group = iommu_group_get(dev);
1615 	if (!group)
1616 		return 0;
1617 
1618 	switch (action) {
1619 	case BUS_NOTIFY_BIND_DRIVER:
1620 		group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER;
1621 		break;
1622 	case BUS_NOTIFY_BOUND_DRIVER:
1623 		group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER;
1624 		break;
1625 	case BUS_NOTIFY_UNBIND_DRIVER:
1626 		group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER;
1627 		break;
1628 	case BUS_NOTIFY_UNBOUND_DRIVER:
1629 		group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER;
1630 		break;
1631 	}
1632 
1633 	if (group_action)
1634 		blocking_notifier_call_chain(&group->notifier,
1635 					     group_action, dev);
1636 
1637 	iommu_group_put(group);
1638 	return 0;
1639 }
1640 
1641 struct __group_domain_type {
1642 	struct device *dev;
1643 	unsigned int type;
1644 };
1645 
1646 static int probe_get_default_domain_type(struct device *dev, void *data)
1647 {
1648 	const struct iommu_ops *ops = dev->bus->iommu_ops;
1649 	struct __group_domain_type *gtype = data;
1650 	unsigned int type = 0;
1651 
1652 	if (ops->def_domain_type)
1653 		type = ops->def_domain_type(dev);
1654 
1655 	if (type) {
1656 		if (gtype->type && gtype->type != type) {
1657 			dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n",
1658 				 iommu_domain_type_str(type),
1659 				 dev_name(gtype->dev),
1660 				 iommu_domain_type_str(gtype->type));
1661 			gtype->type = 0;
1662 		}
1663 
1664 		if (!gtype->dev) {
1665 			gtype->dev  = dev;
1666 			gtype->type = type;
1667 		}
1668 	}
1669 
1670 	return 0;
1671 }
1672 
1673 static void probe_alloc_default_domain(struct bus_type *bus,
1674 				       struct iommu_group *group)
1675 {
1676 	struct __group_domain_type gtype;
1677 
1678 	memset(&gtype, 0, sizeof(gtype));
1679 
1680 	/* Ask for default domain requirements of all devices in the group */
1681 	__iommu_group_for_each_dev(group, &gtype,
1682 				   probe_get_default_domain_type);
1683 
1684 	if (!gtype.type)
1685 		gtype.type = iommu_def_domain_type;
1686 
1687 	iommu_group_alloc_default_domain(bus, group, gtype.type);
1688 
1689 }
1690 
1691 static int iommu_group_do_dma_attach(struct device *dev, void *data)
1692 {
1693 	struct iommu_domain *domain = data;
1694 	int ret = 0;
1695 
1696 	if (!iommu_is_attach_deferred(domain, dev))
1697 		ret = __iommu_attach_device(domain, dev);
1698 
1699 	return ret;
1700 }
1701 
1702 static int __iommu_group_dma_attach(struct iommu_group *group)
1703 {
1704 	return __iommu_group_for_each_dev(group, group->default_domain,
1705 					  iommu_group_do_dma_attach);
1706 }
1707 
1708 static int iommu_group_do_probe_finalize(struct device *dev, void *data)
1709 {
1710 	struct iommu_domain *domain = data;
1711 
1712 	if (domain->ops->probe_finalize)
1713 		domain->ops->probe_finalize(dev);
1714 
1715 	return 0;
1716 }
1717 
1718 static void __iommu_group_dma_finalize(struct iommu_group *group)
1719 {
1720 	__iommu_group_for_each_dev(group, group->default_domain,
1721 				   iommu_group_do_probe_finalize);
1722 }
1723 
1724 static int iommu_do_create_direct_mappings(struct device *dev, void *data)
1725 {
1726 	struct iommu_group *group = data;
1727 
1728 	iommu_create_device_direct_mappings(group, dev);
1729 
1730 	return 0;
1731 }
1732 
1733 static int iommu_group_create_direct_mappings(struct iommu_group *group)
1734 {
1735 	return __iommu_group_for_each_dev(group, group,
1736 					  iommu_do_create_direct_mappings);
1737 }
1738 
1739 int bus_iommu_probe(struct bus_type *bus)
1740 {
1741 	struct iommu_group *group, *next;
1742 	LIST_HEAD(group_list);
1743 	int ret;
1744 
1745 	/*
1746 	 * This code-path does not allocate the default domain when
1747 	 * creating the iommu group, so do it after the groups are
1748 	 * created.
1749 	 */
1750 	ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group);
1751 	if (ret)
1752 		return ret;
1753 
1754 	list_for_each_entry_safe(group, next, &group_list, entry) {
1755 		/* Remove item from the list */
1756 		list_del_init(&group->entry);
1757 
1758 		mutex_lock(&group->mutex);
1759 
1760 		/* Try to allocate default domain */
1761 		probe_alloc_default_domain(bus, group);
1762 
1763 		if (!group->default_domain) {
1764 			mutex_unlock(&group->mutex);
1765 			continue;
1766 		}
1767 
1768 		iommu_group_create_direct_mappings(group);
1769 
1770 		ret = __iommu_group_dma_attach(group);
1771 
1772 		mutex_unlock(&group->mutex);
1773 
1774 		if (ret)
1775 			break;
1776 
1777 		__iommu_group_dma_finalize(group);
1778 	}
1779 
1780 	return ret;
1781 }
1782 
1783 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops)
1784 {
1785 	struct notifier_block *nb;
1786 	int err;
1787 
1788 	nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
1789 	if (!nb)
1790 		return -ENOMEM;
1791 
1792 	nb->notifier_call = iommu_bus_notifier;
1793 
1794 	err = bus_register_notifier(bus, nb);
1795 	if (err)
1796 		goto out_free;
1797 
1798 	err = bus_iommu_probe(bus);
1799 	if (err)
1800 		goto out_err;
1801 
1802 
1803 	return 0;
1804 
1805 out_err:
1806 	/* Clean up */
1807 	bus_for_each_dev(bus, NULL, NULL, remove_iommu_group);
1808 	bus_unregister_notifier(bus, nb);
1809 
1810 out_free:
1811 	kfree(nb);
1812 
1813 	return err;
1814 }
1815 
1816 /**
1817  * bus_set_iommu - set iommu-callbacks for the bus
1818  * @bus: bus.
1819  * @ops: the callbacks provided by the iommu-driver
1820  *
1821  * This function is called by an iommu driver to set the iommu methods
1822  * used for a particular bus. Drivers for devices on that bus can use
1823  * the iommu-api after these ops are registered.
1824  * This special function is needed because IOMMUs are usually devices on
1825  * the bus itself, so the iommu drivers are not initialized when the bus
1826  * is set up. With this function the iommu-driver can set the iommu-ops
1827  * afterwards.
1828  */
1829 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops)
1830 {
1831 	int err;
1832 
1833 	if (ops == NULL) {
1834 		bus->iommu_ops = NULL;
1835 		return 0;
1836 	}
1837 
1838 	if (bus->iommu_ops != NULL)
1839 		return -EBUSY;
1840 
1841 	bus->iommu_ops = ops;
1842 
1843 	/* Do IOMMU specific setup for this bus-type */
1844 	err = iommu_bus_init(bus, ops);
1845 	if (err)
1846 		bus->iommu_ops = NULL;
1847 
1848 	return err;
1849 }
1850 EXPORT_SYMBOL_GPL(bus_set_iommu);
1851 
1852 bool iommu_present(struct bus_type *bus)
1853 {
1854 	return bus->iommu_ops != NULL;
1855 }
1856 EXPORT_SYMBOL_GPL(iommu_present);
1857 
1858 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap)
1859 {
1860 	if (!bus->iommu_ops || !bus->iommu_ops->capable)
1861 		return false;
1862 
1863 	return bus->iommu_ops->capable(cap);
1864 }
1865 EXPORT_SYMBOL_GPL(iommu_capable);
1866 
1867 /**
1868  * iommu_set_fault_handler() - set a fault handler for an iommu domain
1869  * @domain: iommu domain
1870  * @handler: fault handler
1871  * @token: user data, will be passed back to the fault handler
1872  *
1873  * This function should be used by IOMMU users which want to be notified
1874  * whenever an IOMMU fault happens.
1875  *
1876  * The fault handler itself should return 0 on success, and an appropriate
1877  * error code otherwise.
1878  */
1879 void iommu_set_fault_handler(struct iommu_domain *domain,
1880 					iommu_fault_handler_t handler,
1881 					void *token)
1882 {
1883 	BUG_ON(!domain);
1884 
1885 	domain->handler = handler;
1886 	domain->handler_token = token;
1887 }
1888 EXPORT_SYMBOL_GPL(iommu_set_fault_handler);
1889 
1890 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
1891 						 unsigned type)
1892 {
1893 	struct iommu_domain *domain;
1894 
1895 	if (bus == NULL || bus->iommu_ops == NULL)
1896 		return NULL;
1897 
1898 	domain = bus->iommu_ops->domain_alloc(type);
1899 	if (!domain)
1900 		return NULL;
1901 
1902 	domain->ops  = bus->iommu_ops;
1903 	domain->type = type;
1904 	/* Assume all sizes by default; the driver may override this later */
1905 	domain->pgsize_bitmap  = bus->iommu_ops->pgsize_bitmap;
1906 
1907 	return domain;
1908 }
1909 
1910 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus)
1911 {
1912 	return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED);
1913 }
1914 EXPORT_SYMBOL_GPL(iommu_domain_alloc);
1915 
1916 void iommu_domain_free(struct iommu_domain *domain)
1917 {
1918 	domain->ops->domain_free(domain);
1919 }
1920 EXPORT_SYMBOL_GPL(iommu_domain_free);
1921 
1922 static int __iommu_attach_device(struct iommu_domain *domain,
1923 				 struct device *dev)
1924 {
1925 	int ret;
1926 
1927 	if (unlikely(domain->ops->attach_dev == NULL))
1928 		return -ENODEV;
1929 
1930 	ret = domain->ops->attach_dev(domain, dev);
1931 	if (!ret)
1932 		trace_attach_device_to_domain(dev);
1933 	return ret;
1934 }
1935 
1936 int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
1937 {
1938 	struct iommu_group *group;
1939 	int ret;
1940 
1941 	group = iommu_group_get(dev);
1942 	if (!group)
1943 		return -ENODEV;
1944 
1945 	/*
1946 	 * Lock the group to make sure the device-count doesn't
1947 	 * change while we are attaching
1948 	 */
1949 	mutex_lock(&group->mutex);
1950 	ret = -EINVAL;
1951 	if (iommu_group_device_count(group) != 1)
1952 		goto out_unlock;
1953 
1954 	ret = __iommu_attach_group(domain, group);
1955 
1956 out_unlock:
1957 	mutex_unlock(&group->mutex);
1958 	iommu_group_put(group);
1959 
1960 	return ret;
1961 }
1962 EXPORT_SYMBOL_GPL(iommu_attach_device);
1963 
1964 /*
1965  * Check flags and other user provided data for valid combinations. We also
1966  * make sure no reserved fields or unused flags are set. This is to ensure
1967  * not breaking userspace in the future when these fields or flags are used.
1968  */
1969 static int iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info)
1970 {
1971 	u32 mask;
1972 	int i;
1973 
1974 	if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1)
1975 		return -EINVAL;
1976 
1977 	mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1;
1978 	if (info->cache & ~mask)
1979 		return -EINVAL;
1980 
1981 	if (info->granularity >= IOMMU_INV_GRANU_NR)
1982 		return -EINVAL;
1983 
1984 	switch (info->granularity) {
1985 	case IOMMU_INV_GRANU_ADDR:
1986 		if (info->cache & IOMMU_CACHE_INV_TYPE_PASID)
1987 			return -EINVAL;
1988 
1989 		mask = IOMMU_INV_ADDR_FLAGS_PASID |
1990 			IOMMU_INV_ADDR_FLAGS_ARCHID |
1991 			IOMMU_INV_ADDR_FLAGS_LEAF;
1992 
1993 		if (info->granu.addr_info.flags & ~mask)
1994 			return -EINVAL;
1995 		break;
1996 	case IOMMU_INV_GRANU_PASID:
1997 		mask = IOMMU_INV_PASID_FLAGS_PASID |
1998 			IOMMU_INV_PASID_FLAGS_ARCHID;
1999 		if (info->granu.pasid_info.flags & ~mask)
2000 			return -EINVAL;
2001 
2002 		break;
2003 	case IOMMU_INV_GRANU_DOMAIN:
2004 		if (info->cache & IOMMU_CACHE_INV_TYPE_DEV_IOTLB)
2005 			return -EINVAL;
2006 		break;
2007 	default:
2008 		return -EINVAL;
2009 	}
2010 
2011 	/* Check reserved padding fields */
2012 	for (i = 0; i < sizeof(info->padding); i++) {
2013 		if (info->padding[i])
2014 			return -EINVAL;
2015 	}
2016 
2017 	return 0;
2018 }
2019 
2020 int iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev,
2021 				void __user *uinfo)
2022 {
2023 	struct iommu_cache_invalidate_info inv_info = { 0 };
2024 	u32 minsz;
2025 	int ret;
2026 
2027 	if (unlikely(!domain->ops->cache_invalidate))
2028 		return -ENODEV;
2029 
2030 	/*
2031 	 * No new spaces can be added before the variable sized union, the
2032 	 * minimum size is the offset to the union.
2033 	 */
2034 	minsz = offsetof(struct iommu_cache_invalidate_info, granu);
2035 
2036 	/* Copy minsz from user to get flags and argsz */
2037 	if (copy_from_user(&inv_info, uinfo, minsz))
2038 		return -EFAULT;
2039 
2040 	/* Fields before the variable size union are mandatory */
2041 	if (inv_info.argsz < minsz)
2042 		return -EINVAL;
2043 
2044 	/* PASID and address granu require additional info beyond minsz */
2045 	if (inv_info.granularity == IOMMU_INV_GRANU_PASID &&
2046 	    inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.pasid_info))
2047 		return -EINVAL;
2048 
2049 	if (inv_info.granularity == IOMMU_INV_GRANU_ADDR &&
2050 	    inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.addr_info))
2051 		return -EINVAL;
2052 
2053 	/*
2054 	 * User might be using a newer UAPI header which has a larger data
2055 	 * size, we shall support the existing flags within the current
2056 	 * size. Copy the remaining user data _after_ minsz but not more
2057 	 * than the current kernel supported size.
2058 	 */
2059 	if (copy_from_user((void *)&inv_info + minsz, uinfo + minsz,
2060 			   min_t(u32, inv_info.argsz, sizeof(inv_info)) - minsz))
2061 		return -EFAULT;
2062 
2063 	/* Now the argsz is validated, check the content */
2064 	ret = iommu_check_cache_invl_data(&inv_info);
2065 	if (ret)
2066 		return ret;
2067 
2068 	return domain->ops->cache_invalidate(domain, dev, &inv_info);
2069 }
2070 EXPORT_SYMBOL_GPL(iommu_uapi_cache_invalidate);
2071 
2072 static int iommu_check_bind_data(struct iommu_gpasid_bind_data *data)
2073 {
2074 	u32 mask;
2075 	int i;
2076 
2077 	if (data->version != IOMMU_GPASID_BIND_VERSION_1)
2078 		return -EINVAL;
2079 
2080 	/* Check the range of supported formats */
2081 	if (data->format >= IOMMU_PASID_FORMAT_LAST)
2082 		return -EINVAL;
2083 
2084 	/* Check all flags */
2085 	mask = IOMMU_SVA_GPASID_VAL;
2086 	if (data->flags & ~mask)
2087 		return -EINVAL;
2088 
2089 	/* Check reserved padding fields */
2090 	for (i = 0; i < sizeof(data->padding); i++) {
2091 		if (data->padding[i])
2092 			return -EINVAL;
2093 	}
2094 
2095 	return 0;
2096 }
2097 
2098 static int iommu_sva_prepare_bind_data(void __user *udata,
2099 				       struct iommu_gpasid_bind_data *data)
2100 {
2101 	u32 minsz;
2102 
2103 	/*
2104 	 * No new spaces can be added before the variable sized union, the
2105 	 * minimum size is the offset to the union.
2106 	 */
2107 	minsz = offsetof(struct iommu_gpasid_bind_data, vendor);
2108 
2109 	/* Copy minsz from user to get flags and argsz */
2110 	if (copy_from_user(data, udata, minsz))
2111 		return -EFAULT;
2112 
2113 	/* Fields before the variable size union are mandatory */
2114 	if (data->argsz < minsz)
2115 		return -EINVAL;
2116 	/*
2117 	 * User might be using a newer UAPI header, we shall let IOMMU vendor
2118 	 * driver decide on what size it needs. Since the guest PASID bind data
2119 	 * can be vendor specific, larger argsz could be the result of extension
2120 	 * for one vendor but it should not affect another vendor.
2121 	 * Copy the remaining user data _after_ minsz
2122 	 */
2123 	if (copy_from_user((void *)data + minsz, udata + minsz,
2124 			   min_t(u32, data->argsz, sizeof(*data)) - minsz))
2125 		return -EFAULT;
2126 
2127 	return iommu_check_bind_data(data);
2128 }
2129 
2130 int iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev,
2131 			       void __user *udata)
2132 {
2133 	struct iommu_gpasid_bind_data data = { 0 };
2134 	int ret;
2135 
2136 	if (unlikely(!domain->ops->sva_bind_gpasid))
2137 		return -ENODEV;
2138 
2139 	ret = iommu_sva_prepare_bind_data(udata, &data);
2140 	if (ret)
2141 		return ret;
2142 
2143 	return domain->ops->sva_bind_gpasid(domain, dev, &data);
2144 }
2145 EXPORT_SYMBOL_GPL(iommu_uapi_sva_bind_gpasid);
2146 
2147 int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev,
2148 			     ioasid_t pasid)
2149 {
2150 	if (unlikely(!domain->ops->sva_unbind_gpasid))
2151 		return -ENODEV;
2152 
2153 	return domain->ops->sva_unbind_gpasid(dev, pasid);
2154 }
2155 EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid);
2156 
2157 int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev,
2158 				 void __user *udata)
2159 {
2160 	struct iommu_gpasid_bind_data data = { 0 };
2161 	int ret;
2162 
2163 	if (unlikely(!domain->ops->sva_bind_gpasid))
2164 		return -ENODEV;
2165 
2166 	ret = iommu_sva_prepare_bind_data(udata, &data);
2167 	if (ret)
2168 		return ret;
2169 
2170 	return iommu_sva_unbind_gpasid(domain, dev, data.hpasid);
2171 }
2172 EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid);
2173 
2174 static void __iommu_detach_device(struct iommu_domain *domain,
2175 				  struct device *dev)
2176 {
2177 	if (iommu_is_attach_deferred(domain, dev))
2178 		return;
2179 
2180 	if (unlikely(domain->ops->detach_dev == NULL))
2181 		return;
2182 
2183 	domain->ops->detach_dev(domain, dev);
2184 	trace_detach_device_from_domain(dev);
2185 }
2186 
2187 void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
2188 {
2189 	struct iommu_group *group;
2190 
2191 	group = iommu_group_get(dev);
2192 	if (!group)
2193 		return;
2194 
2195 	mutex_lock(&group->mutex);
2196 	if (iommu_group_device_count(group) != 1) {
2197 		WARN_ON(1);
2198 		goto out_unlock;
2199 	}
2200 
2201 	__iommu_detach_group(domain, group);
2202 
2203 out_unlock:
2204 	mutex_unlock(&group->mutex);
2205 	iommu_group_put(group);
2206 }
2207 EXPORT_SYMBOL_GPL(iommu_detach_device);
2208 
2209 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
2210 {
2211 	struct iommu_domain *domain;
2212 	struct iommu_group *group;
2213 
2214 	group = iommu_group_get(dev);
2215 	if (!group)
2216 		return NULL;
2217 
2218 	domain = group->domain;
2219 
2220 	iommu_group_put(group);
2221 
2222 	return domain;
2223 }
2224 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev);
2225 
2226 /*
2227  * For IOMMU_DOMAIN_DMA implementations which already provide their own
2228  * guarantees that the group and its default domain are valid and correct.
2229  */
2230 struct iommu_domain *iommu_get_dma_domain(struct device *dev)
2231 {
2232 	return dev->iommu_group->default_domain;
2233 }
2234 
2235 /*
2236  * IOMMU groups are really the natural working unit of the IOMMU, but
2237  * the IOMMU API works on domains and devices.  Bridge that gap by
2238  * iterating over the devices in a group.  Ideally we'd have a single
2239  * device which represents the requestor ID of the group, but we also
2240  * allow IOMMU drivers to create policy defined minimum sets, where
2241  * the physical hardware may be able to distiguish members, but we
2242  * wish to group them at a higher level (ex. untrusted multi-function
2243  * PCI devices).  Thus we attach each device.
2244  */
2245 static int iommu_group_do_attach_device(struct device *dev, void *data)
2246 {
2247 	struct iommu_domain *domain = data;
2248 
2249 	return __iommu_attach_device(domain, dev);
2250 }
2251 
2252 static int __iommu_attach_group(struct iommu_domain *domain,
2253 				struct iommu_group *group)
2254 {
2255 	int ret;
2256 
2257 	if (group->default_domain && group->domain != group->default_domain)
2258 		return -EBUSY;
2259 
2260 	ret = __iommu_group_for_each_dev(group, domain,
2261 					 iommu_group_do_attach_device);
2262 	if (ret == 0)
2263 		group->domain = domain;
2264 
2265 	return ret;
2266 }
2267 
2268 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
2269 {
2270 	int ret;
2271 
2272 	mutex_lock(&group->mutex);
2273 	ret = __iommu_attach_group(domain, group);
2274 	mutex_unlock(&group->mutex);
2275 
2276 	return ret;
2277 }
2278 EXPORT_SYMBOL_GPL(iommu_attach_group);
2279 
2280 static int iommu_group_do_detach_device(struct device *dev, void *data)
2281 {
2282 	struct iommu_domain *domain = data;
2283 
2284 	__iommu_detach_device(domain, dev);
2285 
2286 	return 0;
2287 }
2288 
2289 static void __iommu_detach_group(struct iommu_domain *domain,
2290 				 struct iommu_group *group)
2291 {
2292 	int ret;
2293 
2294 	if (!group->default_domain) {
2295 		__iommu_group_for_each_dev(group, domain,
2296 					   iommu_group_do_detach_device);
2297 		group->domain = NULL;
2298 		return;
2299 	}
2300 
2301 	if (group->domain == group->default_domain)
2302 		return;
2303 
2304 	/* Detach by re-attaching to the default domain */
2305 	ret = __iommu_group_for_each_dev(group, group->default_domain,
2306 					 iommu_group_do_attach_device);
2307 	if (ret != 0)
2308 		WARN_ON(1);
2309 	else
2310 		group->domain = group->default_domain;
2311 }
2312 
2313 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group)
2314 {
2315 	mutex_lock(&group->mutex);
2316 	__iommu_detach_group(domain, group);
2317 	mutex_unlock(&group->mutex);
2318 }
2319 EXPORT_SYMBOL_GPL(iommu_detach_group);
2320 
2321 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2322 {
2323 	if (unlikely(domain->ops->iova_to_phys == NULL))
2324 		return 0;
2325 
2326 	return domain->ops->iova_to_phys(domain, iova);
2327 }
2328 EXPORT_SYMBOL_GPL(iommu_iova_to_phys);
2329 
2330 static size_t iommu_pgsize(struct iommu_domain *domain,
2331 			   unsigned long addr_merge, size_t size)
2332 {
2333 	unsigned int pgsize_idx;
2334 	size_t pgsize;
2335 
2336 	/* Max page size that still fits into 'size' */
2337 	pgsize_idx = __fls(size);
2338 
2339 	/* need to consider alignment requirements ? */
2340 	if (likely(addr_merge)) {
2341 		/* Max page size allowed by address */
2342 		unsigned int align_pgsize_idx = __ffs(addr_merge);
2343 		pgsize_idx = min(pgsize_idx, align_pgsize_idx);
2344 	}
2345 
2346 	/* build a mask of acceptable page sizes */
2347 	pgsize = (1UL << (pgsize_idx + 1)) - 1;
2348 
2349 	/* throw away page sizes not supported by the hardware */
2350 	pgsize &= domain->pgsize_bitmap;
2351 
2352 	/* make sure we're still sane */
2353 	BUG_ON(!pgsize);
2354 
2355 	/* pick the biggest page */
2356 	pgsize_idx = __fls(pgsize);
2357 	pgsize = 1UL << pgsize_idx;
2358 
2359 	return pgsize;
2360 }
2361 
2362 static int __iommu_map(struct iommu_domain *domain, unsigned long iova,
2363 		       phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2364 {
2365 	const struct iommu_ops *ops = domain->ops;
2366 	unsigned long orig_iova = iova;
2367 	unsigned int min_pagesz;
2368 	size_t orig_size = size;
2369 	phys_addr_t orig_paddr = paddr;
2370 	int ret = 0;
2371 
2372 	if (unlikely(ops->map == NULL ||
2373 		     domain->pgsize_bitmap == 0UL))
2374 		return -ENODEV;
2375 
2376 	if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2377 		return -EINVAL;
2378 
2379 	/* find out the minimum page size supported */
2380 	min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2381 
2382 	/*
2383 	 * both the virtual address and the physical one, as well as
2384 	 * the size of the mapping, must be aligned (at least) to the
2385 	 * size of the smallest page supported by the hardware
2386 	 */
2387 	if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) {
2388 		pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n",
2389 		       iova, &paddr, size, min_pagesz);
2390 		return -EINVAL;
2391 	}
2392 
2393 	pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size);
2394 
2395 	while (size) {
2396 		size_t pgsize = iommu_pgsize(domain, iova | paddr, size);
2397 
2398 		pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx\n",
2399 			 iova, &paddr, pgsize);
2400 		ret = ops->map(domain, iova, paddr, pgsize, prot, gfp);
2401 
2402 		if (ret)
2403 			break;
2404 
2405 		iova += pgsize;
2406 		paddr += pgsize;
2407 		size -= pgsize;
2408 	}
2409 
2410 	if (ops->iotlb_sync_map)
2411 		ops->iotlb_sync_map(domain);
2412 
2413 	/* unroll mapping in case something went wrong */
2414 	if (ret)
2415 		iommu_unmap(domain, orig_iova, orig_size - size);
2416 	else
2417 		trace_map(orig_iova, orig_paddr, orig_size);
2418 
2419 	return ret;
2420 }
2421 
2422 int iommu_map(struct iommu_domain *domain, unsigned long iova,
2423 	      phys_addr_t paddr, size_t size, int prot)
2424 {
2425 	might_sleep();
2426 	return __iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL);
2427 }
2428 EXPORT_SYMBOL_GPL(iommu_map);
2429 
2430 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova,
2431 	      phys_addr_t paddr, size_t size, int prot)
2432 {
2433 	return __iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC);
2434 }
2435 EXPORT_SYMBOL_GPL(iommu_map_atomic);
2436 
2437 static size_t __iommu_unmap(struct iommu_domain *domain,
2438 			    unsigned long iova, size_t size,
2439 			    struct iommu_iotlb_gather *iotlb_gather)
2440 {
2441 	const struct iommu_ops *ops = domain->ops;
2442 	size_t unmapped_page, unmapped = 0;
2443 	unsigned long orig_iova = iova;
2444 	unsigned int min_pagesz;
2445 
2446 	if (unlikely(ops->unmap == NULL ||
2447 		     domain->pgsize_bitmap == 0UL))
2448 		return 0;
2449 
2450 	if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2451 		return 0;
2452 
2453 	/* find out the minimum page size supported */
2454 	min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2455 
2456 	/*
2457 	 * The virtual address, as well as the size of the mapping, must be
2458 	 * aligned (at least) to the size of the smallest page supported
2459 	 * by the hardware
2460 	 */
2461 	if (!IS_ALIGNED(iova | size, min_pagesz)) {
2462 		pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n",
2463 		       iova, size, min_pagesz);
2464 		return 0;
2465 	}
2466 
2467 	pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size);
2468 
2469 	/*
2470 	 * Keep iterating until we either unmap 'size' bytes (or more)
2471 	 * or we hit an area that isn't mapped.
2472 	 */
2473 	while (unmapped < size) {
2474 		size_t pgsize = iommu_pgsize(domain, iova, size - unmapped);
2475 
2476 		unmapped_page = ops->unmap(domain, iova, pgsize, iotlb_gather);
2477 		if (!unmapped_page)
2478 			break;
2479 
2480 		pr_debug("unmapped: iova 0x%lx size 0x%zx\n",
2481 			 iova, unmapped_page);
2482 
2483 		iova += unmapped_page;
2484 		unmapped += unmapped_page;
2485 	}
2486 
2487 	trace_unmap(orig_iova, size, unmapped);
2488 	return unmapped;
2489 }
2490 
2491 size_t iommu_unmap(struct iommu_domain *domain,
2492 		   unsigned long iova, size_t size)
2493 {
2494 	struct iommu_iotlb_gather iotlb_gather;
2495 	size_t ret;
2496 
2497 	iommu_iotlb_gather_init(&iotlb_gather);
2498 	ret = __iommu_unmap(domain, iova, size, &iotlb_gather);
2499 	iommu_iotlb_sync(domain, &iotlb_gather);
2500 
2501 	return ret;
2502 }
2503 EXPORT_SYMBOL_GPL(iommu_unmap);
2504 
2505 size_t iommu_unmap_fast(struct iommu_domain *domain,
2506 			unsigned long iova, size_t size,
2507 			struct iommu_iotlb_gather *iotlb_gather)
2508 {
2509 	return __iommu_unmap(domain, iova, size, iotlb_gather);
2510 }
2511 EXPORT_SYMBOL_GPL(iommu_unmap_fast);
2512 
2513 static size_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2514 			     struct scatterlist *sg, unsigned int nents, int prot,
2515 			     gfp_t gfp)
2516 {
2517 	size_t len = 0, mapped = 0;
2518 	phys_addr_t start;
2519 	unsigned int i = 0;
2520 	int ret;
2521 
2522 	while (i <= nents) {
2523 		phys_addr_t s_phys = sg_phys(sg);
2524 
2525 		if (len && s_phys != start + len) {
2526 			ret = __iommu_map(domain, iova + mapped, start,
2527 					len, prot, gfp);
2528 
2529 			if (ret)
2530 				goto out_err;
2531 
2532 			mapped += len;
2533 			len = 0;
2534 		}
2535 
2536 		if (len) {
2537 			len += sg->length;
2538 		} else {
2539 			len = sg->length;
2540 			start = s_phys;
2541 		}
2542 
2543 		if (++i < nents)
2544 			sg = sg_next(sg);
2545 	}
2546 
2547 	return mapped;
2548 
2549 out_err:
2550 	/* undo mappings already done */
2551 	iommu_unmap(domain, iova, mapped);
2552 
2553 	return 0;
2554 
2555 }
2556 
2557 size_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2558 		    struct scatterlist *sg, unsigned int nents, int prot)
2559 {
2560 	might_sleep();
2561 	return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL);
2562 }
2563 EXPORT_SYMBOL_GPL(iommu_map_sg);
2564 
2565 size_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova,
2566 		    struct scatterlist *sg, unsigned int nents, int prot)
2567 {
2568 	return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC);
2569 }
2570 EXPORT_SYMBOL_GPL(iommu_map_sg_atomic);
2571 
2572 int iommu_domain_window_enable(struct iommu_domain *domain, u32 wnd_nr,
2573 			       phys_addr_t paddr, u64 size, int prot)
2574 {
2575 	if (unlikely(domain->ops->domain_window_enable == NULL))
2576 		return -ENODEV;
2577 
2578 	return domain->ops->domain_window_enable(domain, wnd_nr, paddr, size,
2579 						 prot);
2580 }
2581 EXPORT_SYMBOL_GPL(iommu_domain_window_enable);
2582 
2583 void iommu_domain_window_disable(struct iommu_domain *domain, u32 wnd_nr)
2584 {
2585 	if (unlikely(domain->ops->domain_window_disable == NULL))
2586 		return;
2587 
2588 	return domain->ops->domain_window_disable(domain, wnd_nr);
2589 }
2590 EXPORT_SYMBOL_GPL(iommu_domain_window_disable);
2591 
2592 /**
2593  * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework
2594  * @domain: the iommu domain where the fault has happened
2595  * @dev: the device where the fault has happened
2596  * @iova: the faulting address
2597  * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...)
2598  *
2599  * This function should be called by the low-level IOMMU implementations
2600  * whenever IOMMU faults happen, to allow high-level users, that are
2601  * interested in such events, to know about them.
2602  *
2603  * This event may be useful for several possible use cases:
2604  * - mere logging of the event
2605  * - dynamic TLB/PTE loading
2606  * - if restarting of the faulting device is required
2607  *
2608  * Returns 0 on success and an appropriate error code otherwise (if dynamic
2609  * PTE/TLB loading will one day be supported, implementations will be able
2610  * to tell whether it succeeded or not according to this return value).
2611  *
2612  * Specifically, -ENOSYS is returned if a fault handler isn't installed
2613  * (though fault handlers can also return -ENOSYS, in case they want to
2614  * elicit the default behavior of the IOMMU drivers).
2615  */
2616 int report_iommu_fault(struct iommu_domain *domain, struct device *dev,
2617 		       unsigned long iova, int flags)
2618 {
2619 	int ret = -ENOSYS;
2620 
2621 	/*
2622 	 * if upper layers showed interest and installed a fault handler,
2623 	 * invoke it.
2624 	 */
2625 	if (domain->handler)
2626 		ret = domain->handler(domain, dev, iova, flags,
2627 						domain->handler_token);
2628 
2629 	trace_io_page_fault(dev, iova, flags);
2630 	return ret;
2631 }
2632 EXPORT_SYMBOL_GPL(report_iommu_fault);
2633 
2634 static int __init iommu_init(void)
2635 {
2636 	iommu_group_kset = kset_create_and_add("iommu_groups",
2637 					       NULL, kernel_kobj);
2638 	BUG_ON(!iommu_group_kset);
2639 
2640 	iommu_debugfs_setup();
2641 
2642 	return 0;
2643 }
2644 core_initcall(iommu_init);
2645 
2646 int iommu_domain_get_attr(struct iommu_domain *domain,
2647 			  enum iommu_attr attr, void *data)
2648 {
2649 	struct iommu_domain_geometry *geometry;
2650 	bool *paging;
2651 	int ret = 0;
2652 
2653 	switch (attr) {
2654 	case DOMAIN_ATTR_GEOMETRY:
2655 		geometry  = data;
2656 		*geometry = domain->geometry;
2657 
2658 		break;
2659 	case DOMAIN_ATTR_PAGING:
2660 		paging  = data;
2661 		*paging = (domain->pgsize_bitmap != 0UL);
2662 		break;
2663 	default:
2664 		if (!domain->ops->domain_get_attr)
2665 			return -EINVAL;
2666 
2667 		ret = domain->ops->domain_get_attr(domain, attr, data);
2668 	}
2669 
2670 	return ret;
2671 }
2672 EXPORT_SYMBOL_GPL(iommu_domain_get_attr);
2673 
2674 int iommu_domain_set_attr(struct iommu_domain *domain,
2675 			  enum iommu_attr attr, void *data)
2676 {
2677 	int ret = 0;
2678 
2679 	switch (attr) {
2680 	default:
2681 		if (domain->ops->domain_set_attr == NULL)
2682 			return -EINVAL;
2683 
2684 		ret = domain->ops->domain_set_attr(domain, attr, data);
2685 	}
2686 
2687 	return ret;
2688 }
2689 EXPORT_SYMBOL_GPL(iommu_domain_set_attr);
2690 
2691 void iommu_get_resv_regions(struct device *dev, struct list_head *list)
2692 {
2693 	const struct iommu_ops *ops = dev->bus->iommu_ops;
2694 
2695 	if (ops && ops->get_resv_regions)
2696 		ops->get_resv_regions(dev, list);
2697 }
2698 
2699 void iommu_put_resv_regions(struct device *dev, struct list_head *list)
2700 {
2701 	const struct iommu_ops *ops = dev->bus->iommu_ops;
2702 
2703 	if (ops && ops->put_resv_regions)
2704 		ops->put_resv_regions(dev, list);
2705 }
2706 
2707 /**
2708  * generic_iommu_put_resv_regions - Reserved region driver helper
2709  * @dev: device for which to free reserved regions
2710  * @list: reserved region list for device
2711  *
2712  * IOMMU drivers can use this to implement their .put_resv_regions() callback
2713  * for simple reservations. Memory allocated for each reserved region will be
2714  * freed. If an IOMMU driver allocates additional resources per region, it is
2715  * going to have to implement a custom callback.
2716  */
2717 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list)
2718 {
2719 	struct iommu_resv_region *entry, *next;
2720 
2721 	list_for_each_entry_safe(entry, next, list, list)
2722 		kfree(entry);
2723 }
2724 EXPORT_SYMBOL(generic_iommu_put_resv_regions);
2725 
2726 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start,
2727 						  size_t length, int prot,
2728 						  enum iommu_resv_type type)
2729 {
2730 	struct iommu_resv_region *region;
2731 
2732 	region = kzalloc(sizeof(*region), GFP_KERNEL);
2733 	if (!region)
2734 		return NULL;
2735 
2736 	INIT_LIST_HEAD(&region->list);
2737 	region->start = start;
2738 	region->length = length;
2739 	region->prot = prot;
2740 	region->type = type;
2741 	return region;
2742 }
2743 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region);
2744 
2745 void iommu_set_default_passthrough(bool cmd_line)
2746 {
2747 	if (cmd_line)
2748 		iommu_set_cmd_line_dma_api();
2749 
2750 	iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY;
2751 }
2752 
2753 void iommu_set_default_translated(bool cmd_line)
2754 {
2755 	if (cmd_line)
2756 		iommu_set_cmd_line_dma_api();
2757 
2758 	iommu_def_domain_type = IOMMU_DOMAIN_DMA;
2759 }
2760 
2761 bool iommu_default_passthrough(void)
2762 {
2763 	return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY;
2764 }
2765 EXPORT_SYMBOL_GPL(iommu_default_passthrough);
2766 
2767 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode)
2768 {
2769 	const struct iommu_ops *ops = NULL;
2770 	struct iommu_device *iommu;
2771 
2772 	spin_lock(&iommu_device_lock);
2773 	list_for_each_entry(iommu, &iommu_device_list, list)
2774 		if (iommu->fwnode == fwnode) {
2775 			ops = iommu->ops;
2776 			break;
2777 		}
2778 	spin_unlock(&iommu_device_lock);
2779 	return ops;
2780 }
2781 
2782 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode,
2783 		      const struct iommu_ops *ops)
2784 {
2785 	struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2786 
2787 	if (fwspec)
2788 		return ops == fwspec->ops ? 0 : -EINVAL;
2789 
2790 	if (!dev_iommu_get(dev))
2791 		return -ENOMEM;
2792 
2793 	/* Preallocate for the overwhelmingly common case of 1 ID */
2794 	fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL);
2795 	if (!fwspec)
2796 		return -ENOMEM;
2797 
2798 	of_node_get(to_of_node(iommu_fwnode));
2799 	fwspec->iommu_fwnode = iommu_fwnode;
2800 	fwspec->ops = ops;
2801 	dev_iommu_fwspec_set(dev, fwspec);
2802 	return 0;
2803 }
2804 EXPORT_SYMBOL_GPL(iommu_fwspec_init);
2805 
2806 void iommu_fwspec_free(struct device *dev)
2807 {
2808 	struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2809 
2810 	if (fwspec) {
2811 		fwnode_handle_put(fwspec->iommu_fwnode);
2812 		kfree(fwspec);
2813 		dev_iommu_fwspec_set(dev, NULL);
2814 	}
2815 }
2816 EXPORT_SYMBOL_GPL(iommu_fwspec_free);
2817 
2818 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids)
2819 {
2820 	struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2821 	int i, new_num;
2822 
2823 	if (!fwspec)
2824 		return -EINVAL;
2825 
2826 	new_num = fwspec->num_ids + num_ids;
2827 	if (new_num > 1) {
2828 		fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num),
2829 				  GFP_KERNEL);
2830 		if (!fwspec)
2831 			return -ENOMEM;
2832 
2833 		dev_iommu_fwspec_set(dev, fwspec);
2834 	}
2835 
2836 	for (i = 0; i < num_ids; i++)
2837 		fwspec->ids[fwspec->num_ids + i] = ids[i];
2838 
2839 	fwspec->num_ids = new_num;
2840 	return 0;
2841 }
2842 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids);
2843 
2844 /*
2845  * Per device IOMMU features.
2846  */
2847 bool iommu_dev_has_feature(struct device *dev, enum iommu_dev_features feat)
2848 {
2849 	const struct iommu_ops *ops = dev->bus->iommu_ops;
2850 
2851 	if (ops && ops->dev_has_feat)
2852 		return ops->dev_has_feat(dev, feat);
2853 
2854 	return false;
2855 }
2856 EXPORT_SYMBOL_GPL(iommu_dev_has_feature);
2857 
2858 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat)
2859 {
2860 	const struct iommu_ops *ops = dev->bus->iommu_ops;
2861 
2862 	if (ops && ops->dev_enable_feat)
2863 		return ops->dev_enable_feat(dev, feat);
2864 
2865 	return -ENODEV;
2866 }
2867 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature);
2868 
2869 /*
2870  * The device drivers should do the necessary cleanups before calling this.
2871  * For example, before disabling the aux-domain feature, the device driver
2872  * should detach all aux-domains. Otherwise, this will return -EBUSY.
2873  */
2874 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat)
2875 {
2876 	const struct iommu_ops *ops = dev->bus->iommu_ops;
2877 
2878 	if (ops && ops->dev_disable_feat)
2879 		return ops->dev_disable_feat(dev, feat);
2880 
2881 	return -EBUSY;
2882 }
2883 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature);
2884 
2885 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat)
2886 {
2887 	const struct iommu_ops *ops = dev->bus->iommu_ops;
2888 
2889 	if (ops && ops->dev_feat_enabled)
2890 		return ops->dev_feat_enabled(dev, feat);
2891 
2892 	return false;
2893 }
2894 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled);
2895 
2896 /*
2897  * Aux-domain specific attach/detach.
2898  *
2899  * Only works if iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX) returns
2900  * true. Also, as long as domains are attached to a device through this
2901  * interface, any tries to call iommu_attach_device() should fail
2902  * (iommu_detach_device() can't fail, so we fail when trying to re-attach).
2903  * This should make us safe against a device being attached to a guest as a
2904  * whole while there are still pasid users on it (aux and sva).
2905  */
2906 int iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev)
2907 {
2908 	int ret = -ENODEV;
2909 
2910 	if (domain->ops->aux_attach_dev)
2911 		ret = domain->ops->aux_attach_dev(domain, dev);
2912 
2913 	if (!ret)
2914 		trace_attach_device_to_domain(dev);
2915 
2916 	return ret;
2917 }
2918 EXPORT_SYMBOL_GPL(iommu_aux_attach_device);
2919 
2920 void iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev)
2921 {
2922 	if (domain->ops->aux_detach_dev) {
2923 		domain->ops->aux_detach_dev(domain, dev);
2924 		trace_detach_device_from_domain(dev);
2925 	}
2926 }
2927 EXPORT_SYMBOL_GPL(iommu_aux_detach_device);
2928 
2929 int iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev)
2930 {
2931 	int ret = -ENODEV;
2932 
2933 	if (domain->ops->aux_get_pasid)
2934 		ret = domain->ops->aux_get_pasid(domain, dev);
2935 
2936 	return ret;
2937 }
2938 EXPORT_SYMBOL_GPL(iommu_aux_get_pasid);
2939 
2940 /**
2941  * iommu_sva_bind_device() - Bind a process address space to a device
2942  * @dev: the device
2943  * @mm: the mm to bind, caller must hold a reference to it
2944  *
2945  * Create a bond between device and address space, allowing the device to access
2946  * the mm using the returned PASID. If a bond already exists between @device and
2947  * @mm, it is returned and an additional reference is taken. Caller must call
2948  * iommu_sva_unbind_device() to release each reference.
2949  *
2950  * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to
2951  * initialize the required SVA features.
2952  *
2953  * On error, returns an ERR_PTR value.
2954  */
2955 struct iommu_sva *
2956 iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata)
2957 {
2958 	struct iommu_group *group;
2959 	struct iommu_sva *handle = ERR_PTR(-EINVAL);
2960 	const struct iommu_ops *ops = dev->bus->iommu_ops;
2961 
2962 	if (!ops || !ops->sva_bind)
2963 		return ERR_PTR(-ENODEV);
2964 
2965 	group = iommu_group_get(dev);
2966 	if (!group)
2967 		return ERR_PTR(-ENODEV);
2968 
2969 	/* Ensure device count and domain don't change while we're binding */
2970 	mutex_lock(&group->mutex);
2971 
2972 	/*
2973 	 * To keep things simple, SVA currently doesn't support IOMMU groups
2974 	 * with more than one device. Existing SVA-capable systems are not
2975 	 * affected by the problems that required IOMMU groups (lack of ACS
2976 	 * isolation, device ID aliasing and other hardware issues).
2977 	 */
2978 	if (iommu_group_device_count(group) != 1)
2979 		goto out_unlock;
2980 
2981 	handle = ops->sva_bind(dev, mm, drvdata);
2982 
2983 out_unlock:
2984 	mutex_unlock(&group->mutex);
2985 	iommu_group_put(group);
2986 
2987 	return handle;
2988 }
2989 EXPORT_SYMBOL_GPL(iommu_sva_bind_device);
2990 
2991 /**
2992  * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device
2993  * @handle: the handle returned by iommu_sva_bind_device()
2994  *
2995  * Put reference to a bond between device and address space. The device should
2996  * not be issuing any more transaction for this PASID. All outstanding page
2997  * requests for this PASID must have been flushed to the IOMMU.
2998  *
2999  * Returns 0 on success, or an error value
3000  */
3001 void iommu_sva_unbind_device(struct iommu_sva *handle)
3002 {
3003 	struct iommu_group *group;
3004 	struct device *dev = handle->dev;
3005 	const struct iommu_ops *ops = dev->bus->iommu_ops;
3006 
3007 	if (!ops || !ops->sva_unbind)
3008 		return;
3009 
3010 	group = iommu_group_get(dev);
3011 	if (!group)
3012 		return;
3013 
3014 	mutex_lock(&group->mutex);
3015 	ops->sva_unbind(handle);
3016 	mutex_unlock(&group->mutex);
3017 
3018 	iommu_group_put(group);
3019 }
3020 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device);
3021 
3022 u32 iommu_sva_get_pasid(struct iommu_sva *handle)
3023 {
3024 	const struct iommu_ops *ops = handle->dev->bus->iommu_ops;
3025 
3026 	if (!ops || !ops->sva_get_pasid)
3027 		return IOMMU_PASID_INVALID;
3028 
3029 	return ops->sva_get_pasid(handle);
3030 }
3031 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
3032