1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc. 4 * Author: Joerg Roedel <jroedel@suse.de> 5 */ 6 7 #define pr_fmt(fmt) "iommu: " fmt 8 9 #include <linux/device.h> 10 #include <linux/dma-iommu.h> 11 #include <linux/kernel.h> 12 #include <linux/bits.h> 13 #include <linux/bug.h> 14 #include <linux/types.h> 15 #include <linux/init.h> 16 #include <linux/export.h> 17 #include <linux/slab.h> 18 #include <linux/errno.h> 19 #include <linux/iommu.h> 20 #include <linux/idr.h> 21 #include <linux/notifier.h> 22 #include <linux/err.h> 23 #include <linux/pci.h> 24 #include <linux/bitops.h> 25 #include <linux/property.h> 26 #include <linux/fsl/mc.h> 27 #include <linux/module.h> 28 #include <linux/cc_platform.h> 29 #include <trace/events/iommu.h> 30 31 static struct kset *iommu_group_kset; 32 static DEFINE_IDA(iommu_group_ida); 33 34 static unsigned int iommu_def_domain_type __read_mostly; 35 static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_STRICT); 36 static u32 iommu_cmd_line __read_mostly; 37 38 struct iommu_group { 39 struct kobject kobj; 40 struct kobject *devices_kobj; 41 struct list_head devices; 42 struct mutex mutex; 43 struct blocking_notifier_head notifier; 44 void *iommu_data; 45 void (*iommu_data_release)(void *iommu_data); 46 char *name; 47 int id; 48 struct iommu_domain *default_domain; 49 struct iommu_domain *domain; 50 struct list_head entry; 51 }; 52 53 struct group_device { 54 struct list_head list; 55 struct device *dev; 56 char *name; 57 }; 58 59 struct iommu_group_attribute { 60 struct attribute attr; 61 ssize_t (*show)(struct iommu_group *group, char *buf); 62 ssize_t (*store)(struct iommu_group *group, 63 const char *buf, size_t count); 64 }; 65 66 static const char * const iommu_group_resv_type_string[] = { 67 [IOMMU_RESV_DIRECT] = "direct", 68 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable", 69 [IOMMU_RESV_RESERVED] = "reserved", 70 [IOMMU_RESV_MSI] = "msi", 71 [IOMMU_RESV_SW_MSI] = "msi", 72 }; 73 74 #define IOMMU_CMD_LINE_DMA_API BIT(0) 75 #define IOMMU_CMD_LINE_STRICT BIT(1) 76 77 static int iommu_alloc_default_domain(struct iommu_group *group, 78 struct device *dev); 79 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 80 unsigned type); 81 static int __iommu_attach_device(struct iommu_domain *domain, 82 struct device *dev); 83 static int __iommu_attach_group(struct iommu_domain *domain, 84 struct iommu_group *group); 85 static void __iommu_detach_group(struct iommu_domain *domain, 86 struct iommu_group *group); 87 static int iommu_create_device_direct_mappings(struct iommu_group *group, 88 struct device *dev); 89 static struct iommu_group *iommu_group_get_for_dev(struct device *dev); 90 static ssize_t iommu_group_store_type(struct iommu_group *group, 91 const char *buf, size_t count); 92 93 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \ 94 struct iommu_group_attribute iommu_group_attr_##_name = \ 95 __ATTR(_name, _mode, _show, _store) 96 97 #define to_iommu_group_attr(_attr) \ 98 container_of(_attr, struct iommu_group_attribute, attr) 99 #define to_iommu_group(_kobj) \ 100 container_of(_kobj, struct iommu_group, kobj) 101 102 static LIST_HEAD(iommu_device_list); 103 static DEFINE_SPINLOCK(iommu_device_lock); 104 105 /* 106 * Use a function instead of an array here because the domain-type is a 107 * bit-field, so an array would waste memory. 108 */ 109 static const char *iommu_domain_type_str(unsigned int t) 110 { 111 switch (t) { 112 case IOMMU_DOMAIN_BLOCKED: 113 return "Blocked"; 114 case IOMMU_DOMAIN_IDENTITY: 115 return "Passthrough"; 116 case IOMMU_DOMAIN_UNMANAGED: 117 return "Unmanaged"; 118 case IOMMU_DOMAIN_DMA: 119 case IOMMU_DOMAIN_DMA_FQ: 120 return "Translated"; 121 default: 122 return "Unknown"; 123 } 124 } 125 126 static int __init iommu_subsys_init(void) 127 { 128 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) { 129 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH)) 130 iommu_set_default_passthrough(false); 131 else 132 iommu_set_default_translated(false); 133 134 if (iommu_default_passthrough() && cc_platform_has(CC_ATTR_MEM_ENCRYPT)) { 135 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n"); 136 iommu_set_default_translated(false); 137 } 138 } 139 140 if (!iommu_default_passthrough() && !iommu_dma_strict) 141 iommu_def_domain_type = IOMMU_DOMAIN_DMA_FQ; 142 143 pr_info("Default domain type: %s %s\n", 144 iommu_domain_type_str(iommu_def_domain_type), 145 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ? 146 "(set via kernel command line)" : ""); 147 148 if (!iommu_default_passthrough()) 149 pr_info("DMA domain TLB invalidation policy: %s mode %s\n", 150 iommu_dma_strict ? "strict" : "lazy", 151 (iommu_cmd_line & IOMMU_CMD_LINE_STRICT) ? 152 "(set via kernel command line)" : ""); 153 154 return 0; 155 } 156 subsys_initcall(iommu_subsys_init); 157 158 /** 159 * iommu_device_register() - Register an IOMMU hardware instance 160 * @iommu: IOMMU handle for the instance 161 * @ops: IOMMU ops to associate with the instance 162 * @hwdev: (optional) actual instance device, used for fwnode lookup 163 * 164 * Return: 0 on success, or an error. 165 */ 166 int iommu_device_register(struct iommu_device *iommu, 167 const struct iommu_ops *ops, struct device *hwdev) 168 { 169 /* We need to be able to take module references appropriately */ 170 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner)) 171 return -EINVAL; 172 173 iommu->ops = ops; 174 if (hwdev) 175 iommu->fwnode = hwdev->fwnode; 176 177 spin_lock(&iommu_device_lock); 178 list_add_tail(&iommu->list, &iommu_device_list); 179 spin_unlock(&iommu_device_lock); 180 return 0; 181 } 182 EXPORT_SYMBOL_GPL(iommu_device_register); 183 184 void iommu_device_unregister(struct iommu_device *iommu) 185 { 186 spin_lock(&iommu_device_lock); 187 list_del(&iommu->list); 188 spin_unlock(&iommu_device_lock); 189 } 190 EXPORT_SYMBOL_GPL(iommu_device_unregister); 191 192 static struct dev_iommu *dev_iommu_get(struct device *dev) 193 { 194 struct dev_iommu *param = dev->iommu; 195 196 if (param) 197 return param; 198 199 param = kzalloc(sizeof(*param), GFP_KERNEL); 200 if (!param) 201 return NULL; 202 203 mutex_init(¶m->lock); 204 dev->iommu = param; 205 return param; 206 } 207 208 static void dev_iommu_free(struct device *dev) 209 { 210 iommu_fwspec_free(dev); 211 kfree(dev->iommu); 212 dev->iommu = NULL; 213 } 214 215 static int __iommu_probe_device(struct device *dev, struct list_head *group_list) 216 { 217 const struct iommu_ops *ops = dev->bus->iommu_ops; 218 struct iommu_device *iommu_dev; 219 struct iommu_group *group; 220 int ret; 221 222 if (!ops) 223 return -ENODEV; 224 225 if (!dev_iommu_get(dev)) 226 return -ENOMEM; 227 228 if (!try_module_get(ops->owner)) { 229 ret = -EINVAL; 230 goto err_free; 231 } 232 233 iommu_dev = ops->probe_device(dev); 234 if (IS_ERR(iommu_dev)) { 235 ret = PTR_ERR(iommu_dev); 236 goto out_module_put; 237 } 238 239 dev->iommu->iommu_dev = iommu_dev; 240 241 group = iommu_group_get_for_dev(dev); 242 if (IS_ERR(group)) { 243 ret = PTR_ERR(group); 244 goto out_release; 245 } 246 iommu_group_put(group); 247 248 if (group_list && !group->default_domain && list_empty(&group->entry)) 249 list_add_tail(&group->entry, group_list); 250 251 iommu_device_link(iommu_dev, dev); 252 253 return 0; 254 255 out_release: 256 ops->release_device(dev); 257 258 out_module_put: 259 module_put(ops->owner); 260 261 err_free: 262 dev_iommu_free(dev); 263 264 return ret; 265 } 266 267 int iommu_probe_device(struct device *dev) 268 { 269 const struct iommu_ops *ops = dev->bus->iommu_ops; 270 struct iommu_group *group; 271 int ret; 272 273 ret = __iommu_probe_device(dev, NULL); 274 if (ret) 275 goto err_out; 276 277 group = iommu_group_get(dev); 278 if (!group) { 279 ret = -ENODEV; 280 goto err_release; 281 } 282 283 /* 284 * Try to allocate a default domain - needs support from the 285 * IOMMU driver. There are still some drivers which don't 286 * support default domains, so the return value is not yet 287 * checked. 288 */ 289 mutex_lock(&group->mutex); 290 iommu_alloc_default_domain(group, dev); 291 mutex_unlock(&group->mutex); 292 293 if (group->default_domain) { 294 ret = __iommu_attach_device(group->default_domain, dev); 295 if (ret) { 296 iommu_group_put(group); 297 goto err_release; 298 } 299 } 300 301 iommu_create_device_direct_mappings(group, dev); 302 303 iommu_group_put(group); 304 305 if (ops->probe_finalize) 306 ops->probe_finalize(dev); 307 308 return 0; 309 310 err_release: 311 iommu_release_device(dev); 312 313 err_out: 314 return ret; 315 316 } 317 318 void iommu_release_device(struct device *dev) 319 { 320 const struct iommu_ops *ops = dev->bus->iommu_ops; 321 322 if (!dev->iommu) 323 return; 324 325 iommu_device_unlink(dev->iommu->iommu_dev, dev); 326 327 ops->release_device(dev); 328 329 iommu_group_remove_device(dev); 330 module_put(ops->owner); 331 dev_iommu_free(dev); 332 } 333 334 static int __init iommu_set_def_domain_type(char *str) 335 { 336 bool pt; 337 int ret; 338 339 ret = kstrtobool(str, &pt); 340 if (ret) 341 return ret; 342 343 if (pt) 344 iommu_set_default_passthrough(true); 345 else 346 iommu_set_default_translated(true); 347 348 return 0; 349 } 350 early_param("iommu.passthrough", iommu_set_def_domain_type); 351 352 static int __init iommu_dma_setup(char *str) 353 { 354 int ret = kstrtobool(str, &iommu_dma_strict); 355 356 if (!ret) 357 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT; 358 return ret; 359 } 360 early_param("iommu.strict", iommu_dma_setup); 361 362 void iommu_set_dma_strict(void) 363 { 364 iommu_dma_strict = true; 365 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA_FQ) 366 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 367 } 368 369 static ssize_t iommu_group_attr_show(struct kobject *kobj, 370 struct attribute *__attr, char *buf) 371 { 372 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 373 struct iommu_group *group = to_iommu_group(kobj); 374 ssize_t ret = -EIO; 375 376 if (attr->show) 377 ret = attr->show(group, buf); 378 return ret; 379 } 380 381 static ssize_t iommu_group_attr_store(struct kobject *kobj, 382 struct attribute *__attr, 383 const char *buf, size_t count) 384 { 385 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 386 struct iommu_group *group = to_iommu_group(kobj); 387 ssize_t ret = -EIO; 388 389 if (attr->store) 390 ret = attr->store(group, buf, count); 391 return ret; 392 } 393 394 static const struct sysfs_ops iommu_group_sysfs_ops = { 395 .show = iommu_group_attr_show, 396 .store = iommu_group_attr_store, 397 }; 398 399 static int iommu_group_create_file(struct iommu_group *group, 400 struct iommu_group_attribute *attr) 401 { 402 return sysfs_create_file(&group->kobj, &attr->attr); 403 } 404 405 static void iommu_group_remove_file(struct iommu_group *group, 406 struct iommu_group_attribute *attr) 407 { 408 sysfs_remove_file(&group->kobj, &attr->attr); 409 } 410 411 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf) 412 { 413 return sprintf(buf, "%s\n", group->name); 414 } 415 416 /** 417 * iommu_insert_resv_region - Insert a new region in the 418 * list of reserved regions. 419 * @new: new region to insert 420 * @regions: list of regions 421 * 422 * Elements are sorted by start address and overlapping segments 423 * of the same type are merged. 424 */ 425 static int iommu_insert_resv_region(struct iommu_resv_region *new, 426 struct list_head *regions) 427 { 428 struct iommu_resv_region *iter, *tmp, *nr, *top; 429 LIST_HEAD(stack); 430 431 nr = iommu_alloc_resv_region(new->start, new->length, 432 new->prot, new->type); 433 if (!nr) 434 return -ENOMEM; 435 436 /* First add the new element based on start address sorting */ 437 list_for_each_entry(iter, regions, list) { 438 if (nr->start < iter->start || 439 (nr->start == iter->start && nr->type <= iter->type)) 440 break; 441 } 442 list_add_tail(&nr->list, &iter->list); 443 444 /* Merge overlapping segments of type nr->type in @regions, if any */ 445 list_for_each_entry_safe(iter, tmp, regions, list) { 446 phys_addr_t top_end, iter_end = iter->start + iter->length - 1; 447 448 /* no merge needed on elements of different types than @new */ 449 if (iter->type != new->type) { 450 list_move_tail(&iter->list, &stack); 451 continue; 452 } 453 454 /* look for the last stack element of same type as @iter */ 455 list_for_each_entry_reverse(top, &stack, list) 456 if (top->type == iter->type) 457 goto check_overlap; 458 459 list_move_tail(&iter->list, &stack); 460 continue; 461 462 check_overlap: 463 top_end = top->start + top->length - 1; 464 465 if (iter->start > top_end + 1) { 466 list_move_tail(&iter->list, &stack); 467 } else { 468 top->length = max(top_end, iter_end) - top->start + 1; 469 list_del(&iter->list); 470 kfree(iter); 471 } 472 } 473 list_splice(&stack, regions); 474 return 0; 475 } 476 477 static int 478 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions, 479 struct list_head *group_resv_regions) 480 { 481 struct iommu_resv_region *entry; 482 int ret = 0; 483 484 list_for_each_entry(entry, dev_resv_regions, list) { 485 ret = iommu_insert_resv_region(entry, group_resv_regions); 486 if (ret) 487 break; 488 } 489 return ret; 490 } 491 492 int iommu_get_group_resv_regions(struct iommu_group *group, 493 struct list_head *head) 494 { 495 struct group_device *device; 496 int ret = 0; 497 498 mutex_lock(&group->mutex); 499 list_for_each_entry(device, &group->devices, list) { 500 struct list_head dev_resv_regions; 501 502 INIT_LIST_HEAD(&dev_resv_regions); 503 iommu_get_resv_regions(device->dev, &dev_resv_regions); 504 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head); 505 iommu_put_resv_regions(device->dev, &dev_resv_regions); 506 if (ret) 507 break; 508 } 509 mutex_unlock(&group->mutex); 510 return ret; 511 } 512 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions); 513 514 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group, 515 char *buf) 516 { 517 struct iommu_resv_region *region, *next; 518 struct list_head group_resv_regions; 519 char *str = buf; 520 521 INIT_LIST_HEAD(&group_resv_regions); 522 iommu_get_group_resv_regions(group, &group_resv_regions); 523 524 list_for_each_entry_safe(region, next, &group_resv_regions, list) { 525 str += sprintf(str, "0x%016llx 0x%016llx %s\n", 526 (long long int)region->start, 527 (long long int)(region->start + 528 region->length - 1), 529 iommu_group_resv_type_string[region->type]); 530 kfree(region); 531 } 532 533 return (str - buf); 534 } 535 536 static ssize_t iommu_group_show_type(struct iommu_group *group, 537 char *buf) 538 { 539 char *type = "unknown\n"; 540 541 mutex_lock(&group->mutex); 542 if (group->default_domain) { 543 switch (group->default_domain->type) { 544 case IOMMU_DOMAIN_BLOCKED: 545 type = "blocked\n"; 546 break; 547 case IOMMU_DOMAIN_IDENTITY: 548 type = "identity\n"; 549 break; 550 case IOMMU_DOMAIN_UNMANAGED: 551 type = "unmanaged\n"; 552 break; 553 case IOMMU_DOMAIN_DMA: 554 type = "DMA\n"; 555 break; 556 case IOMMU_DOMAIN_DMA_FQ: 557 type = "DMA-FQ\n"; 558 break; 559 } 560 } 561 mutex_unlock(&group->mutex); 562 strcpy(buf, type); 563 564 return strlen(type); 565 } 566 567 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL); 568 569 static IOMMU_GROUP_ATTR(reserved_regions, 0444, 570 iommu_group_show_resv_regions, NULL); 571 572 static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type, 573 iommu_group_store_type); 574 575 static void iommu_group_release(struct kobject *kobj) 576 { 577 struct iommu_group *group = to_iommu_group(kobj); 578 579 pr_debug("Releasing group %d\n", group->id); 580 581 if (group->iommu_data_release) 582 group->iommu_data_release(group->iommu_data); 583 584 ida_simple_remove(&iommu_group_ida, group->id); 585 586 if (group->default_domain) 587 iommu_domain_free(group->default_domain); 588 589 kfree(group->name); 590 kfree(group); 591 } 592 593 static struct kobj_type iommu_group_ktype = { 594 .sysfs_ops = &iommu_group_sysfs_ops, 595 .release = iommu_group_release, 596 }; 597 598 /** 599 * iommu_group_alloc - Allocate a new group 600 * 601 * This function is called by an iommu driver to allocate a new iommu 602 * group. The iommu group represents the minimum granularity of the iommu. 603 * Upon successful return, the caller holds a reference to the supplied 604 * group in order to hold the group until devices are added. Use 605 * iommu_group_put() to release this extra reference count, allowing the 606 * group to be automatically reclaimed once it has no devices or external 607 * references. 608 */ 609 struct iommu_group *iommu_group_alloc(void) 610 { 611 struct iommu_group *group; 612 int ret; 613 614 group = kzalloc(sizeof(*group), GFP_KERNEL); 615 if (!group) 616 return ERR_PTR(-ENOMEM); 617 618 group->kobj.kset = iommu_group_kset; 619 mutex_init(&group->mutex); 620 INIT_LIST_HEAD(&group->devices); 621 INIT_LIST_HEAD(&group->entry); 622 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier); 623 624 ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL); 625 if (ret < 0) { 626 kfree(group); 627 return ERR_PTR(ret); 628 } 629 group->id = ret; 630 631 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype, 632 NULL, "%d", group->id); 633 if (ret) { 634 ida_simple_remove(&iommu_group_ida, group->id); 635 kobject_put(&group->kobj); 636 return ERR_PTR(ret); 637 } 638 639 group->devices_kobj = kobject_create_and_add("devices", &group->kobj); 640 if (!group->devices_kobj) { 641 kobject_put(&group->kobj); /* triggers .release & free */ 642 return ERR_PTR(-ENOMEM); 643 } 644 645 /* 646 * The devices_kobj holds a reference on the group kobject, so 647 * as long as that exists so will the group. We can therefore 648 * use the devices_kobj for reference counting. 649 */ 650 kobject_put(&group->kobj); 651 652 ret = iommu_group_create_file(group, 653 &iommu_group_attr_reserved_regions); 654 if (ret) 655 return ERR_PTR(ret); 656 657 ret = iommu_group_create_file(group, &iommu_group_attr_type); 658 if (ret) 659 return ERR_PTR(ret); 660 661 pr_debug("Allocated group %d\n", group->id); 662 663 return group; 664 } 665 EXPORT_SYMBOL_GPL(iommu_group_alloc); 666 667 struct iommu_group *iommu_group_get_by_id(int id) 668 { 669 struct kobject *group_kobj; 670 struct iommu_group *group; 671 const char *name; 672 673 if (!iommu_group_kset) 674 return NULL; 675 676 name = kasprintf(GFP_KERNEL, "%d", id); 677 if (!name) 678 return NULL; 679 680 group_kobj = kset_find_obj(iommu_group_kset, name); 681 kfree(name); 682 683 if (!group_kobj) 684 return NULL; 685 686 group = container_of(group_kobj, struct iommu_group, kobj); 687 BUG_ON(group->id != id); 688 689 kobject_get(group->devices_kobj); 690 kobject_put(&group->kobj); 691 692 return group; 693 } 694 EXPORT_SYMBOL_GPL(iommu_group_get_by_id); 695 696 /** 697 * iommu_group_get_iommudata - retrieve iommu_data registered for a group 698 * @group: the group 699 * 700 * iommu drivers can store data in the group for use when doing iommu 701 * operations. This function provides a way to retrieve it. Caller 702 * should hold a group reference. 703 */ 704 void *iommu_group_get_iommudata(struct iommu_group *group) 705 { 706 return group->iommu_data; 707 } 708 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata); 709 710 /** 711 * iommu_group_set_iommudata - set iommu_data for a group 712 * @group: the group 713 * @iommu_data: new data 714 * @release: release function for iommu_data 715 * 716 * iommu drivers can store data in the group for use when doing iommu 717 * operations. This function provides a way to set the data after 718 * the group has been allocated. Caller should hold a group reference. 719 */ 720 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data, 721 void (*release)(void *iommu_data)) 722 { 723 group->iommu_data = iommu_data; 724 group->iommu_data_release = release; 725 } 726 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata); 727 728 /** 729 * iommu_group_set_name - set name for a group 730 * @group: the group 731 * @name: name 732 * 733 * Allow iommu driver to set a name for a group. When set it will 734 * appear in a name attribute file under the group in sysfs. 735 */ 736 int iommu_group_set_name(struct iommu_group *group, const char *name) 737 { 738 int ret; 739 740 if (group->name) { 741 iommu_group_remove_file(group, &iommu_group_attr_name); 742 kfree(group->name); 743 group->name = NULL; 744 if (!name) 745 return 0; 746 } 747 748 group->name = kstrdup(name, GFP_KERNEL); 749 if (!group->name) 750 return -ENOMEM; 751 752 ret = iommu_group_create_file(group, &iommu_group_attr_name); 753 if (ret) { 754 kfree(group->name); 755 group->name = NULL; 756 return ret; 757 } 758 759 return 0; 760 } 761 EXPORT_SYMBOL_GPL(iommu_group_set_name); 762 763 static int iommu_create_device_direct_mappings(struct iommu_group *group, 764 struct device *dev) 765 { 766 struct iommu_domain *domain = group->default_domain; 767 struct iommu_resv_region *entry; 768 struct list_head mappings; 769 unsigned long pg_size; 770 int ret = 0; 771 772 if (!domain || !iommu_is_dma_domain(domain)) 773 return 0; 774 775 BUG_ON(!domain->pgsize_bitmap); 776 777 pg_size = 1UL << __ffs(domain->pgsize_bitmap); 778 INIT_LIST_HEAD(&mappings); 779 780 iommu_get_resv_regions(dev, &mappings); 781 782 /* We need to consider overlapping regions for different devices */ 783 list_for_each_entry(entry, &mappings, list) { 784 dma_addr_t start, end, addr; 785 size_t map_size = 0; 786 787 if (domain->ops->apply_resv_region) 788 domain->ops->apply_resv_region(dev, domain, entry); 789 790 start = ALIGN(entry->start, pg_size); 791 end = ALIGN(entry->start + entry->length, pg_size); 792 793 if (entry->type != IOMMU_RESV_DIRECT && 794 entry->type != IOMMU_RESV_DIRECT_RELAXABLE) 795 continue; 796 797 for (addr = start; addr <= end; addr += pg_size) { 798 phys_addr_t phys_addr; 799 800 if (addr == end) 801 goto map_end; 802 803 phys_addr = iommu_iova_to_phys(domain, addr); 804 if (!phys_addr) { 805 map_size += pg_size; 806 continue; 807 } 808 809 map_end: 810 if (map_size) { 811 ret = iommu_map(domain, addr - map_size, 812 addr - map_size, map_size, 813 entry->prot); 814 if (ret) 815 goto out; 816 map_size = 0; 817 } 818 } 819 820 } 821 822 iommu_flush_iotlb_all(domain); 823 824 out: 825 iommu_put_resv_regions(dev, &mappings); 826 827 return ret; 828 } 829 830 static bool iommu_is_attach_deferred(struct iommu_domain *domain, 831 struct device *dev) 832 { 833 if (domain->ops->is_attach_deferred) 834 return domain->ops->is_attach_deferred(domain, dev); 835 836 return false; 837 } 838 839 /** 840 * iommu_group_add_device - add a device to an iommu group 841 * @group: the group into which to add the device (reference should be held) 842 * @dev: the device 843 * 844 * This function is called by an iommu driver to add a device into a 845 * group. Adding a device increments the group reference count. 846 */ 847 int iommu_group_add_device(struct iommu_group *group, struct device *dev) 848 { 849 int ret, i = 0; 850 struct group_device *device; 851 852 device = kzalloc(sizeof(*device), GFP_KERNEL); 853 if (!device) 854 return -ENOMEM; 855 856 device->dev = dev; 857 858 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group"); 859 if (ret) 860 goto err_free_device; 861 862 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj)); 863 rename: 864 if (!device->name) { 865 ret = -ENOMEM; 866 goto err_remove_link; 867 } 868 869 ret = sysfs_create_link_nowarn(group->devices_kobj, 870 &dev->kobj, device->name); 871 if (ret) { 872 if (ret == -EEXIST && i >= 0) { 873 /* 874 * Account for the slim chance of collision 875 * and append an instance to the name. 876 */ 877 kfree(device->name); 878 device->name = kasprintf(GFP_KERNEL, "%s.%d", 879 kobject_name(&dev->kobj), i++); 880 goto rename; 881 } 882 goto err_free_name; 883 } 884 885 kobject_get(group->devices_kobj); 886 887 dev->iommu_group = group; 888 889 mutex_lock(&group->mutex); 890 list_add_tail(&device->list, &group->devices); 891 if (group->domain && !iommu_is_attach_deferred(group->domain, dev)) 892 ret = __iommu_attach_device(group->domain, dev); 893 mutex_unlock(&group->mutex); 894 if (ret) 895 goto err_put_group; 896 897 /* Notify any listeners about change to group. */ 898 blocking_notifier_call_chain(&group->notifier, 899 IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev); 900 901 trace_add_device_to_group(group->id, dev); 902 903 dev_info(dev, "Adding to iommu group %d\n", group->id); 904 905 return 0; 906 907 err_put_group: 908 mutex_lock(&group->mutex); 909 list_del(&device->list); 910 mutex_unlock(&group->mutex); 911 dev->iommu_group = NULL; 912 kobject_put(group->devices_kobj); 913 sysfs_remove_link(group->devices_kobj, device->name); 914 err_free_name: 915 kfree(device->name); 916 err_remove_link: 917 sysfs_remove_link(&dev->kobj, "iommu_group"); 918 err_free_device: 919 kfree(device); 920 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret); 921 return ret; 922 } 923 EXPORT_SYMBOL_GPL(iommu_group_add_device); 924 925 /** 926 * iommu_group_remove_device - remove a device from it's current group 927 * @dev: device to be removed 928 * 929 * This function is called by an iommu driver to remove the device from 930 * it's current group. This decrements the iommu group reference count. 931 */ 932 void iommu_group_remove_device(struct device *dev) 933 { 934 struct iommu_group *group = dev->iommu_group; 935 struct group_device *tmp_device, *device = NULL; 936 937 if (!group) 938 return; 939 940 dev_info(dev, "Removing from iommu group %d\n", group->id); 941 942 /* Pre-notify listeners that a device is being removed. */ 943 blocking_notifier_call_chain(&group->notifier, 944 IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev); 945 946 mutex_lock(&group->mutex); 947 list_for_each_entry(tmp_device, &group->devices, list) { 948 if (tmp_device->dev == dev) { 949 device = tmp_device; 950 list_del(&device->list); 951 break; 952 } 953 } 954 mutex_unlock(&group->mutex); 955 956 if (!device) 957 return; 958 959 sysfs_remove_link(group->devices_kobj, device->name); 960 sysfs_remove_link(&dev->kobj, "iommu_group"); 961 962 trace_remove_device_from_group(group->id, dev); 963 964 kfree(device->name); 965 kfree(device); 966 dev->iommu_group = NULL; 967 kobject_put(group->devices_kobj); 968 } 969 EXPORT_SYMBOL_GPL(iommu_group_remove_device); 970 971 static int iommu_group_device_count(struct iommu_group *group) 972 { 973 struct group_device *entry; 974 int ret = 0; 975 976 list_for_each_entry(entry, &group->devices, list) 977 ret++; 978 979 return ret; 980 } 981 982 /** 983 * iommu_group_for_each_dev - iterate over each device in the group 984 * @group: the group 985 * @data: caller opaque data to be passed to callback function 986 * @fn: caller supplied callback function 987 * 988 * This function is called by group users to iterate over group devices. 989 * Callers should hold a reference count to the group during callback. 990 * The group->mutex is held across callbacks, which will block calls to 991 * iommu_group_add/remove_device. 992 */ 993 static int __iommu_group_for_each_dev(struct iommu_group *group, void *data, 994 int (*fn)(struct device *, void *)) 995 { 996 struct group_device *device; 997 int ret = 0; 998 999 list_for_each_entry(device, &group->devices, list) { 1000 ret = fn(device->dev, data); 1001 if (ret) 1002 break; 1003 } 1004 return ret; 1005 } 1006 1007 1008 int iommu_group_for_each_dev(struct iommu_group *group, void *data, 1009 int (*fn)(struct device *, void *)) 1010 { 1011 int ret; 1012 1013 mutex_lock(&group->mutex); 1014 ret = __iommu_group_for_each_dev(group, data, fn); 1015 mutex_unlock(&group->mutex); 1016 1017 return ret; 1018 } 1019 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev); 1020 1021 /** 1022 * iommu_group_get - Return the group for a device and increment reference 1023 * @dev: get the group that this device belongs to 1024 * 1025 * This function is called by iommu drivers and users to get the group 1026 * for the specified device. If found, the group is returned and the group 1027 * reference in incremented, else NULL. 1028 */ 1029 struct iommu_group *iommu_group_get(struct device *dev) 1030 { 1031 struct iommu_group *group = dev->iommu_group; 1032 1033 if (group) 1034 kobject_get(group->devices_kobj); 1035 1036 return group; 1037 } 1038 EXPORT_SYMBOL_GPL(iommu_group_get); 1039 1040 /** 1041 * iommu_group_ref_get - Increment reference on a group 1042 * @group: the group to use, must not be NULL 1043 * 1044 * This function is called by iommu drivers to take additional references on an 1045 * existing group. Returns the given group for convenience. 1046 */ 1047 struct iommu_group *iommu_group_ref_get(struct iommu_group *group) 1048 { 1049 kobject_get(group->devices_kobj); 1050 return group; 1051 } 1052 EXPORT_SYMBOL_GPL(iommu_group_ref_get); 1053 1054 /** 1055 * iommu_group_put - Decrement group reference 1056 * @group: the group to use 1057 * 1058 * This function is called by iommu drivers and users to release the 1059 * iommu group. Once the reference count is zero, the group is released. 1060 */ 1061 void iommu_group_put(struct iommu_group *group) 1062 { 1063 if (group) 1064 kobject_put(group->devices_kobj); 1065 } 1066 EXPORT_SYMBOL_GPL(iommu_group_put); 1067 1068 /** 1069 * iommu_group_register_notifier - Register a notifier for group changes 1070 * @group: the group to watch 1071 * @nb: notifier block to signal 1072 * 1073 * This function allows iommu group users to track changes in a group. 1074 * See include/linux/iommu.h for actions sent via this notifier. Caller 1075 * should hold a reference to the group throughout notifier registration. 1076 */ 1077 int iommu_group_register_notifier(struct iommu_group *group, 1078 struct notifier_block *nb) 1079 { 1080 return blocking_notifier_chain_register(&group->notifier, nb); 1081 } 1082 EXPORT_SYMBOL_GPL(iommu_group_register_notifier); 1083 1084 /** 1085 * iommu_group_unregister_notifier - Unregister a notifier 1086 * @group: the group to watch 1087 * @nb: notifier block to signal 1088 * 1089 * Unregister a previously registered group notifier block. 1090 */ 1091 int iommu_group_unregister_notifier(struct iommu_group *group, 1092 struct notifier_block *nb) 1093 { 1094 return blocking_notifier_chain_unregister(&group->notifier, nb); 1095 } 1096 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier); 1097 1098 /** 1099 * iommu_register_device_fault_handler() - Register a device fault handler 1100 * @dev: the device 1101 * @handler: the fault handler 1102 * @data: private data passed as argument to the handler 1103 * 1104 * When an IOMMU fault event is received, this handler gets called with the 1105 * fault event and data as argument. The handler should return 0 on success. If 1106 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also 1107 * complete the fault by calling iommu_page_response() with one of the following 1108 * response code: 1109 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation 1110 * - IOMMU_PAGE_RESP_INVALID: terminate the fault 1111 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting 1112 * page faults if possible. 1113 * 1114 * Return 0 if the fault handler was installed successfully, or an error. 1115 */ 1116 int iommu_register_device_fault_handler(struct device *dev, 1117 iommu_dev_fault_handler_t handler, 1118 void *data) 1119 { 1120 struct dev_iommu *param = dev->iommu; 1121 int ret = 0; 1122 1123 if (!param) 1124 return -EINVAL; 1125 1126 mutex_lock(¶m->lock); 1127 /* Only allow one fault handler registered for each device */ 1128 if (param->fault_param) { 1129 ret = -EBUSY; 1130 goto done_unlock; 1131 } 1132 1133 get_device(dev); 1134 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL); 1135 if (!param->fault_param) { 1136 put_device(dev); 1137 ret = -ENOMEM; 1138 goto done_unlock; 1139 } 1140 param->fault_param->handler = handler; 1141 param->fault_param->data = data; 1142 mutex_init(¶m->fault_param->lock); 1143 INIT_LIST_HEAD(¶m->fault_param->faults); 1144 1145 done_unlock: 1146 mutex_unlock(¶m->lock); 1147 1148 return ret; 1149 } 1150 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler); 1151 1152 /** 1153 * iommu_unregister_device_fault_handler() - Unregister the device fault handler 1154 * @dev: the device 1155 * 1156 * Remove the device fault handler installed with 1157 * iommu_register_device_fault_handler(). 1158 * 1159 * Return 0 on success, or an error. 1160 */ 1161 int iommu_unregister_device_fault_handler(struct device *dev) 1162 { 1163 struct dev_iommu *param = dev->iommu; 1164 int ret = 0; 1165 1166 if (!param) 1167 return -EINVAL; 1168 1169 mutex_lock(¶m->lock); 1170 1171 if (!param->fault_param) 1172 goto unlock; 1173 1174 /* we cannot unregister handler if there are pending faults */ 1175 if (!list_empty(¶m->fault_param->faults)) { 1176 ret = -EBUSY; 1177 goto unlock; 1178 } 1179 1180 kfree(param->fault_param); 1181 param->fault_param = NULL; 1182 put_device(dev); 1183 unlock: 1184 mutex_unlock(¶m->lock); 1185 1186 return ret; 1187 } 1188 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler); 1189 1190 /** 1191 * iommu_report_device_fault() - Report fault event to device driver 1192 * @dev: the device 1193 * @evt: fault event data 1194 * 1195 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ 1196 * handler. When this function fails and the fault is recoverable, it is the 1197 * caller's responsibility to complete the fault. 1198 * 1199 * Return 0 on success, or an error. 1200 */ 1201 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt) 1202 { 1203 struct dev_iommu *param = dev->iommu; 1204 struct iommu_fault_event *evt_pending = NULL; 1205 struct iommu_fault_param *fparam; 1206 int ret = 0; 1207 1208 if (!param || !evt) 1209 return -EINVAL; 1210 1211 /* we only report device fault if there is a handler registered */ 1212 mutex_lock(¶m->lock); 1213 fparam = param->fault_param; 1214 if (!fparam || !fparam->handler) { 1215 ret = -EINVAL; 1216 goto done_unlock; 1217 } 1218 1219 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ && 1220 (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) { 1221 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event), 1222 GFP_KERNEL); 1223 if (!evt_pending) { 1224 ret = -ENOMEM; 1225 goto done_unlock; 1226 } 1227 mutex_lock(&fparam->lock); 1228 list_add_tail(&evt_pending->list, &fparam->faults); 1229 mutex_unlock(&fparam->lock); 1230 } 1231 1232 ret = fparam->handler(&evt->fault, fparam->data); 1233 if (ret && evt_pending) { 1234 mutex_lock(&fparam->lock); 1235 list_del(&evt_pending->list); 1236 mutex_unlock(&fparam->lock); 1237 kfree(evt_pending); 1238 } 1239 done_unlock: 1240 mutex_unlock(¶m->lock); 1241 return ret; 1242 } 1243 EXPORT_SYMBOL_GPL(iommu_report_device_fault); 1244 1245 int iommu_page_response(struct device *dev, 1246 struct iommu_page_response *msg) 1247 { 1248 bool needs_pasid; 1249 int ret = -EINVAL; 1250 struct iommu_fault_event *evt; 1251 struct iommu_fault_page_request *prm; 1252 struct dev_iommu *param = dev->iommu; 1253 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID; 1254 struct iommu_domain *domain = iommu_get_domain_for_dev(dev); 1255 1256 if (!domain || !domain->ops->page_response) 1257 return -ENODEV; 1258 1259 if (!param || !param->fault_param) 1260 return -EINVAL; 1261 1262 if (msg->version != IOMMU_PAGE_RESP_VERSION_1 || 1263 msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID) 1264 return -EINVAL; 1265 1266 /* Only send response if there is a fault report pending */ 1267 mutex_lock(¶m->fault_param->lock); 1268 if (list_empty(¶m->fault_param->faults)) { 1269 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n"); 1270 goto done_unlock; 1271 } 1272 /* 1273 * Check if we have a matching page request pending to respond, 1274 * otherwise return -EINVAL 1275 */ 1276 list_for_each_entry(evt, ¶m->fault_param->faults, list) { 1277 prm = &evt->fault.prm; 1278 if (prm->grpid != msg->grpid) 1279 continue; 1280 1281 /* 1282 * If the PASID is required, the corresponding request is 1283 * matched using the group ID, the PASID valid bit and the PASID 1284 * value. Otherwise only the group ID matches request and 1285 * response. 1286 */ 1287 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID; 1288 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid)) 1289 continue; 1290 1291 if (!needs_pasid && has_pasid) { 1292 /* No big deal, just clear it. */ 1293 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID; 1294 msg->pasid = 0; 1295 } 1296 1297 ret = domain->ops->page_response(dev, evt, msg); 1298 list_del(&evt->list); 1299 kfree(evt); 1300 break; 1301 } 1302 1303 done_unlock: 1304 mutex_unlock(¶m->fault_param->lock); 1305 return ret; 1306 } 1307 EXPORT_SYMBOL_GPL(iommu_page_response); 1308 1309 /** 1310 * iommu_group_id - Return ID for a group 1311 * @group: the group to ID 1312 * 1313 * Return the unique ID for the group matching the sysfs group number. 1314 */ 1315 int iommu_group_id(struct iommu_group *group) 1316 { 1317 return group->id; 1318 } 1319 EXPORT_SYMBOL_GPL(iommu_group_id); 1320 1321 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1322 unsigned long *devfns); 1323 1324 /* 1325 * To consider a PCI device isolated, we require ACS to support Source 1326 * Validation, Request Redirection, Completer Redirection, and Upstream 1327 * Forwarding. This effectively means that devices cannot spoof their 1328 * requester ID, requests and completions cannot be redirected, and all 1329 * transactions are forwarded upstream, even as it passes through a 1330 * bridge where the target device is downstream. 1331 */ 1332 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF) 1333 1334 /* 1335 * For multifunction devices which are not isolated from each other, find 1336 * all the other non-isolated functions and look for existing groups. For 1337 * each function, we also need to look for aliases to or from other devices 1338 * that may already have a group. 1339 */ 1340 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev, 1341 unsigned long *devfns) 1342 { 1343 struct pci_dev *tmp = NULL; 1344 struct iommu_group *group; 1345 1346 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS)) 1347 return NULL; 1348 1349 for_each_pci_dev(tmp) { 1350 if (tmp == pdev || tmp->bus != pdev->bus || 1351 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) || 1352 pci_acs_enabled(tmp, REQ_ACS_FLAGS)) 1353 continue; 1354 1355 group = get_pci_alias_group(tmp, devfns); 1356 if (group) { 1357 pci_dev_put(tmp); 1358 return group; 1359 } 1360 } 1361 1362 return NULL; 1363 } 1364 1365 /* 1366 * Look for aliases to or from the given device for existing groups. DMA 1367 * aliases are only supported on the same bus, therefore the search 1368 * space is quite small (especially since we're really only looking at pcie 1369 * device, and therefore only expect multiple slots on the root complex or 1370 * downstream switch ports). It's conceivable though that a pair of 1371 * multifunction devices could have aliases between them that would cause a 1372 * loop. To prevent this, we use a bitmap to track where we've been. 1373 */ 1374 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1375 unsigned long *devfns) 1376 { 1377 struct pci_dev *tmp = NULL; 1378 struct iommu_group *group; 1379 1380 if (test_and_set_bit(pdev->devfn & 0xff, devfns)) 1381 return NULL; 1382 1383 group = iommu_group_get(&pdev->dev); 1384 if (group) 1385 return group; 1386 1387 for_each_pci_dev(tmp) { 1388 if (tmp == pdev || tmp->bus != pdev->bus) 1389 continue; 1390 1391 /* We alias them or they alias us */ 1392 if (pci_devs_are_dma_aliases(pdev, tmp)) { 1393 group = get_pci_alias_group(tmp, devfns); 1394 if (group) { 1395 pci_dev_put(tmp); 1396 return group; 1397 } 1398 1399 group = get_pci_function_alias_group(tmp, devfns); 1400 if (group) { 1401 pci_dev_put(tmp); 1402 return group; 1403 } 1404 } 1405 } 1406 1407 return NULL; 1408 } 1409 1410 struct group_for_pci_data { 1411 struct pci_dev *pdev; 1412 struct iommu_group *group; 1413 }; 1414 1415 /* 1416 * DMA alias iterator callback, return the last seen device. Stop and return 1417 * the IOMMU group if we find one along the way. 1418 */ 1419 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque) 1420 { 1421 struct group_for_pci_data *data = opaque; 1422 1423 data->pdev = pdev; 1424 data->group = iommu_group_get(&pdev->dev); 1425 1426 return data->group != NULL; 1427 } 1428 1429 /* 1430 * Generic device_group call-back function. It just allocates one 1431 * iommu-group per device. 1432 */ 1433 struct iommu_group *generic_device_group(struct device *dev) 1434 { 1435 return iommu_group_alloc(); 1436 } 1437 EXPORT_SYMBOL_GPL(generic_device_group); 1438 1439 /* 1440 * Use standard PCI bus topology, isolation features, and DMA alias quirks 1441 * to find or create an IOMMU group for a device. 1442 */ 1443 struct iommu_group *pci_device_group(struct device *dev) 1444 { 1445 struct pci_dev *pdev = to_pci_dev(dev); 1446 struct group_for_pci_data data; 1447 struct pci_bus *bus; 1448 struct iommu_group *group = NULL; 1449 u64 devfns[4] = { 0 }; 1450 1451 if (WARN_ON(!dev_is_pci(dev))) 1452 return ERR_PTR(-EINVAL); 1453 1454 /* 1455 * Find the upstream DMA alias for the device. A device must not 1456 * be aliased due to topology in order to have its own IOMMU group. 1457 * If we find an alias along the way that already belongs to a 1458 * group, use it. 1459 */ 1460 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data)) 1461 return data.group; 1462 1463 pdev = data.pdev; 1464 1465 /* 1466 * Continue upstream from the point of minimum IOMMU granularity 1467 * due to aliases to the point where devices are protected from 1468 * peer-to-peer DMA by PCI ACS. Again, if we find an existing 1469 * group, use it. 1470 */ 1471 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) { 1472 if (!bus->self) 1473 continue; 1474 1475 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS)) 1476 break; 1477 1478 pdev = bus->self; 1479 1480 group = iommu_group_get(&pdev->dev); 1481 if (group) 1482 return group; 1483 } 1484 1485 /* 1486 * Look for existing groups on device aliases. If we alias another 1487 * device or another device aliases us, use the same group. 1488 */ 1489 group = get_pci_alias_group(pdev, (unsigned long *)devfns); 1490 if (group) 1491 return group; 1492 1493 /* 1494 * Look for existing groups on non-isolated functions on the same 1495 * slot and aliases of those funcions, if any. No need to clear 1496 * the search bitmap, the tested devfns are still valid. 1497 */ 1498 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns); 1499 if (group) 1500 return group; 1501 1502 /* No shared group found, allocate new */ 1503 return iommu_group_alloc(); 1504 } 1505 EXPORT_SYMBOL_GPL(pci_device_group); 1506 1507 /* Get the IOMMU group for device on fsl-mc bus */ 1508 struct iommu_group *fsl_mc_device_group(struct device *dev) 1509 { 1510 struct device *cont_dev = fsl_mc_cont_dev(dev); 1511 struct iommu_group *group; 1512 1513 group = iommu_group_get(cont_dev); 1514 if (!group) 1515 group = iommu_group_alloc(); 1516 return group; 1517 } 1518 EXPORT_SYMBOL_GPL(fsl_mc_device_group); 1519 1520 static int iommu_get_def_domain_type(struct device *dev) 1521 { 1522 const struct iommu_ops *ops = dev->bus->iommu_ops; 1523 1524 if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted) 1525 return IOMMU_DOMAIN_DMA; 1526 1527 if (ops->def_domain_type) 1528 return ops->def_domain_type(dev); 1529 1530 return 0; 1531 } 1532 1533 static int iommu_group_alloc_default_domain(struct bus_type *bus, 1534 struct iommu_group *group, 1535 unsigned int type) 1536 { 1537 struct iommu_domain *dom; 1538 1539 dom = __iommu_domain_alloc(bus, type); 1540 if (!dom && type != IOMMU_DOMAIN_DMA) { 1541 dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA); 1542 if (dom) 1543 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA", 1544 type, group->name); 1545 } 1546 1547 if (!dom) 1548 return -ENOMEM; 1549 1550 group->default_domain = dom; 1551 if (!group->domain) 1552 group->domain = dom; 1553 return 0; 1554 } 1555 1556 static int iommu_alloc_default_domain(struct iommu_group *group, 1557 struct device *dev) 1558 { 1559 unsigned int type; 1560 1561 if (group->default_domain) 1562 return 0; 1563 1564 type = iommu_get_def_domain_type(dev) ? : iommu_def_domain_type; 1565 1566 return iommu_group_alloc_default_domain(dev->bus, group, type); 1567 } 1568 1569 /** 1570 * iommu_group_get_for_dev - Find or create the IOMMU group for a device 1571 * @dev: target device 1572 * 1573 * This function is intended to be called by IOMMU drivers and extended to 1574 * support common, bus-defined algorithms when determining or creating the 1575 * IOMMU group for a device. On success, the caller will hold a reference 1576 * to the returned IOMMU group, which will already include the provided 1577 * device. The reference should be released with iommu_group_put(). 1578 */ 1579 static struct iommu_group *iommu_group_get_for_dev(struct device *dev) 1580 { 1581 const struct iommu_ops *ops = dev->bus->iommu_ops; 1582 struct iommu_group *group; 1583 int ret; 1584 1585 group = iommu_group_get(dev); 1586 if (group) 1587 return group; 1588 1589 if (!ops) 1590 return ERR_PTR(-EINVAL); 1591 1592 group = ops->device_group(dev); 1593 if (WARN_ON_ONCE(group == NULL)) 1594 return ERR_PTR(-EINVAL); 1595 1596 if (IS_ERR(group)) 1597 return group; 1598 1599 ret = iommu_group_add_device(group, dev); 1600 if (ret) 1601 goto out_put_group; 1602 1603 return group; 1604 1605 out_put_group: 1606 iommu_group_put(group); 1607 1608 return ERR_PTR(ret); 1609 } 1610 1611 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group) 1612 { 1613 return group->default_domain; 1614 } 1615 1616 static int probe_iommu_group(struct device *dev, void *data) 1617 { 1618 struct list_head *group_list = data; 1619 struct iommu_group *group; 1620 int ret; 1621 1622 /* Device is probed already if in a group */ 1623 group = iommu_group_get(dev); 1624 if (group) { 1625 iommu_group_put(group); 1626 return 0; 1627 } 1628 1629 ret = __iommu_probe_device(dev, group_list); 1630 if (ret == -ENODEV) 1631 ret = 0; 1632 1633 return ret; 1634 } 1635 1636 static int remove_iommu_group(struct device *dev, void *data) 1637 { 1638 iommu_release_device(dev); 1639 1640 return 0; 1641 } 1642 1643 static int iommu_bus_notifier(struct notifier_block *nb, 1644 unsigned long action, void *data) 1645 { 1646 unsigned long group_action = 0; 1647 struct device *dev = data; 1648 struct iommu_group *group; 1649 1650 /* 1651 * ADD/DEL call into iommu driver ops if provided, which may 1652 * result in ADD/DEL notifiers to group->notifier 1653 */ 1654 if (action == BUS_NOTIFY_ADD_DEVICE) { 1655 int ret; 1656 1657 ret = iommu_probe_device(dev); 1658 return (ret) ? NOTIFY_DONE : NOTIFY_OK; 1659 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) { 1660 iommu_release_device(dev); 1661 return NOTIFY_OK; 1662 } 1663 1664 /* 1665 * Remaining BUS_NOTIFYs get filtered and republished to the 1666 * group, if anyone is listening 1667 */ 1668 group = iommu_group_get(dev); 1669 if (!group) 1670 return 0; 1671 1672 switch (action) { 1673 case BUS_NOTIFY_BIND_DRIVER: 1674 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER; 1675 break; 1676 case BUS_NOTIFY_BOUND_DRIVER: 1677 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER; 1678 break; 1679 case BUS_NOTIFY_UNBIND_DRIVER: 1680 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER; 1681 break; 1682 case BUS_NOTIFY_UNBOUND_DRIVER: 1683 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER; 1684 break; 1685 } 1686 1687 if (group_action) 1688 blocking_notifier_call_chain(&group->notifier, 1689 group_action, dev); 1690 1691 iommu_group_put(group); 1692 return 0; 1693 } 1694 1695 struct __group_domain_type { 1696 struct device *dev; 1697 unsigned int type; 1698 }; 1699 1700 static int probe_get_default_domain_type(struct device *dev, void *data) 1701 { 1702 struct __group_domain_type *gtype = data; 1703 unsigned int type = iommu_get_def_domain_type(dev); 1704 1705 if (type) { 1706 if (gtype->type && gtype->type != type) { 1707 dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n", 1708 iommu_domain_type_str(type), 1709 dev_name(gtype->dev), 1710 iommu_domain_type_str(gtype->type)); 1711 gtype->type = 0; 1712 } 1713 1714 if (!gtype->dev) { 1715 gtype->dev = dev; 1716 gtype->type = type; 1717 } 1718 } 1719 1720 return 0; 1721 } 1722 1723 static void probe_alloc_default_domain(struct bus_type *bus, 1724 struct iommu_group *group) 1725 { 1726 struct __group_domain_type gtype; 1727 1728 memset(>ype, 0, sizeof(gtype)); 1729 1730 /* Ask for default domain requirements of all devices in the group */ 1731 __iommu_group_for_each_dev(group, >ype, 1732 probe_get_default_domain_type); 1733 1734 if (!gtype.type) 1735 gtype.type = iommu_def_domain_type; 1736 1737 iommu_group_alloc_default_domain(bus, group, gtype.type); 1738 1739 } 1740 1741 static int iommu_group_do_dma_attach(struct device *dev, void *data) 1742 { 1743 struct iommu_domain *domain = data; 1744 int ret = 0; 1745 1746 if (!iommu_is_attach_deferred(domain, dev)) 1747 ret = __iommu_attach_device(domain, dev); 1748 1749 return ret; 1750 } 1751 1752 static int __iommu_group_dma_attach(struct iommu_group *group) 1753 { 1754 return __iommu_group_for_each_dev(group, group->default_domain, 1755 iommu_group_do_dma_attach); 1756 } 1757 1758 static int iommu_group_do_probe_finalize(struct device *dev, void *data) 1759 { 1760 struct iommu_domain *domain = data; 1761 1762 if (domain->ops->probe_finalize) 1763 domain->ops->probe_finalize(dev); 1764 1765 return 0; 1766 } 1767 1768 static void __iommu_group_dma_finalize(struct iommu_group *group) 1769 { 1770 __iommu_group_for_each_dev(group, group->default_domain, 1771 iommu_group_do_probe_finalize); 1772 } 1773 1774 static int iommu_do_create_direct_mappings(struct device *dev, void *data) 1775 { 1776 struct iommu_group *group = data; 1777 1778 iommu_create_device_direct_mappings(group, dev); 1779 1780 return 0; 1781 } 1782 1783 static int iommu_group_create_direct_mappings(struct iommu_group *group) 1784 { 1785 return __iommu_group_for_each_dev(group, group, 1786 iommu_do_create_direct_mappings); 1787 } 1788 1789 int bus_iommu_probe(struct bus_type *bus) 1790 { 1791 struct iommu_group *group, *next; 1792 LIST_HEAD(group_list); 1793 int ret; 1794 1795 /* 1796 * This code-path does not allocate the default domain when 1797 * creating the iommu group, so do it after the groups are 1798 * created. 1799 */ 1800 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group); 1801 if (ret) 1802 return ret; 1803 1804 list_for_each_entry_safe(group, next, &group_list, entry) { 1805 /* Remove item from the list */ 1806 list_del_init(&group->entry); 1807 1808 mutex_lock(&group->mutex); 1809 1810 /* Try to allocate default domain */ 1811 probe_alloc_default_domain(bus, group); 1812 1813 if (!group->default_domain) { 1814 mutex_unlock(&group->mutex); 1815 continue; 1816 } 1817 1818 iommu_group_create_direct_mappings(group); 1819 1820 ret = __iommu_group_dma_attach(group); 1821 1822 mutex_unlock(&group->mutex); 1823 1824 if (ret) 1825 break; 1826 1827 __iommu_group_dma_finalize(group); 1828 } 1829 1830 return ret; 1831 } 1832 1833 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops) 1834 { 1835 struct notifier_block *nb; 1836 int err; 1837 1838 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL); 1839 if (!nb) 1840 return -ENOMEM; 1841 1842 nb->notifier_call = iommu_bus_notifier; 1843 1844 err = bus_register_notifier(bus, nb); 1845 if (err) 1846 goto out_free; 1847 1848 err = bus_iommu_probe(bus); 1849 if (err) 1850 goto out_err; 1851 1852 1853 return 0; 1854 1855 out_err: 1856 /* Clean up */ 1857 bus_for_each_dev(bus, NULL, NULL, remove_iommu_group); 1858 bus_unregister_notifier(bus, nb); 1859 1860 out_free: 1861 kfree(nb); 1862 1863 return err; 1864 } 1865 1866 /** 1867 * bus_set_iommu - set iommu-callbacks for the bus 1868 * @bus: bus. 1869 * @ops: the callbacks provided by the iommu-driver 1870 * 1871 * This function is called by an iommu driver to set the iommu methods 1872 * used for a particular bus. Drivers for devices on that bus can use 1873 * the iommu-api after these ops are registered. 1874 * This special function is needed because IOMMUs are usually devices on 1875 * the bus itself, so the iommu drivers are not initialized when the bus 1876 * is set up. With this function the iommu-driver can set the iommu-ops 1877 * afterwards. 1878 */ 1879 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops) 1880 { 1881 int err; 1882 1883 if (ops == NULL) { 1884 bus->iommu_ops = NULL; 1885 return 0; 1886 } 1887 1888 if (bus->iommu_ops != NULL) 1889 return -EBUSY; 1890 1891 bus->iommu_ops = ops; 1892 1893 /* Do IOMMU specific setup for this bus-type */ 1894 err = iommu_bus_init(bus, ops); 1895 if (err) 1896 bus->iommu_ops = NULL; 1897 1898 return err; 1899 } 1900 EXPORT_SYMBOL_GPL(bus_set_iommu); 1901 1902 bool iommu_present(struct bus_type *bus) 1903 { 1904 return bus->iommu_ops != NULL; 1905 } 1906 EXPORT_SYMBOL_GPL(iommu_present); 1907 1908 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap) 1909 { 1910 if (!bus->iommu_ops || !bus->iommu_ops->capable) 1911 return false; 1912 1913 return bus->iommu_ops->capable(cap); 1914 } 1915 EXPORT_SYMBOL_GPL(iommu_capable); 1916 1917 /** 1918 * iommu_set_fault_handler() - set a fault handler for an iommu domain 1919 * @domain: iommu domain 1920 * @handler: fault handler 1921 * @token: user data, will be passed back to the fault handler 1922 * 1923 * This function should be used by IOMMU users which want to be notified 1924 * whenever an IOMMU fault happens. 1925 * 1926 * The fault handler itself should return 0 on success, and an appropriate 1927 * error code otherwise. 1928 */ 1929 void iommu_set_fault_handler(struct iommu_domain *domain, 1930 iommu_fault_handler_t handler, 1931 void *token) 1932 { 1933 BUG_ON(!domain); 1934 1935 domain->handler = handler; 1936 domain->handler_token = token; 1937 } 1938 EXPORT_SYMBOL_GPL(iommu_set_fault_handler); 1939 1940 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 1941 unsigned type) 1942 { 1943 struct iommu_domain *domain; 1944 1945 if (bus == NULL || bus->iommu_ops == NULL) 1946 return NULL; 1947 1948 domain = bus->iommu_ops->domain_alloc(type); 1949 if (!domain) 1950 return NULL; 1951 1952 domain->ops = bus->iommu_ops; 1953 domain->type = type; 1954 /* Assume all sizes by default; the driver may override this later */ 1955 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap; 1956 1957 if (iommu_is_dma_domain(domain) && iommu_get_dma_cookie(domain)) { 1958 iommu_domain_free(domain); 1959 domain = NULL; 1960 } 1961 return domain; 1962 } 1963 1964 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus) 1965 { 1966 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED); 1967 } 1968 EXPORT_SYMBOL_GPL(iommu_domain_alloc); 1969 1970 void iommu_domain_free(struct iommu_domain *domain) 1971 { 1972 iommu_put_dma_cookie(domain); 1973 domain->ops->domain_free(domain); 1974 } 1975 EXPORT_SYMBOL_GPL(iommu_domain_free); 1976 1977 static int __iommu_attach_device(struct iommu_domain *domain, 1978 struct device *dev) 1979 { 1980 int ret; 1981 1982 if (unlikely(domain->ops->attach_dev == NULL)) 1983 return -ENODEV; 1984 1985 ret = domain->ops->attach_dev(domain, dev); 1986 if (!ret) 1987 trace_attach_device_to_domain(dev); 1988 return ret; 1989 } 1990 1991 int iommu_attach_device(struct iommu_domain *domain, struct device *dev) 1992 { 1993 struct iommu_group *group; 1994 int ret; 1995 1996 group = iommu_group_get(dev); 1997 if (!group) 1998 return -ENODEV; 1999 2000 /* 2001 * Lock the group to make sure the device-count doesn't 2002 * change while we are attaching 2003 */ 2004 mutex_lock(&group->mutex); 2005 ret = -EINVAL; 2006 if (iommu_group_device_count(group) != 1) 2007 goto out_unlock; 2008 2009 ret = __iommu_attach_group(domain, group); 2010 2011 out_unlock: 2012 mutex_unlock(&group->mutex); 2013 iommu_group_put(group); 2014 2015 return ret; 2016 } 2017 EXPORT_SYMBOL_GPL(iommu_attach_device); 2018 2019 int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain) 2020 { 2021 const struct iommu_ops *ops = domain->ops; 2022 2023 if (ops->is_attach_deferred && ops->is_attach_deferred(domain, dev)) 2024 return __iommu_attach_device(domain, dev); 2025 2026 return 0; 2027 } 2028 2029 /* 2030 * Check flags and other user provided data for valid combinations. We also 2031 * make sure no reserved fields or unused flags are set. This is to ensure 2032 * not breaking userspace in the future when these fields or flags are used. 2033 */ 2034 static int iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info) 2035 { 2036 u32 mask; 2037 int i; 2038 2039 if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1) 2040 return -EINVAL; 2041 2042 mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1; 2043 if (info->cache & ~mask) 2044 return -EINVAL; 2045 2046 if (info->granularity >= IOMMU_INV_GRANU_NR) 2047 return -EINVAL; 2048 2049 switch (info->granularity) { 2050 case IOMMU_INV_GRANU_ADDR: 2051 if (info->cache & IOMMU_CACHE_INV_TYPE_PASID) 2052 return -EINVAL; 2053 2054 mask = IOMMU_INV_ADDR_FLAGS_PASID | 2055 IOMMU_INV_ADDR_FLAGS_ARCHID | 2056 IOMMU_INV_ADDR_FLAGS_LEAF; 2057 2058 if (info->granu.addr_info.flags & ~mask) 2059 return -EINVAL; 2060 break; 2061 case IOMMU_INV_GRANU_PASID: 2062 mask = IOMMU_INV_PASID_FLAGS_PASID | 2063 IOMMU_INV_PASID_FLAGS_ARCHID; 2064 if (info->granu.pasid_info.flags & ~mask) 2065 return -EINVAL; 2066 2067 break; 2068 case IOMMU_INV_GRANU_DOMAIN: 2069 if (info->cache & IOMMU_CACHE_INV_TYPE_DEV_IOTLB) 2070 return -EINVAL; 2071 break; 2072 default: 2073 return -EINVAL; 2074 } 2075 2076 /* Check reserved padding fields */ 2077 for (i = 0; i < sizeof(info->padding); i++) { 2078 if (info->padding[i]) 2079 return -EINVAL; 2080 } 2081 2082 return 0; 2083 } 2084 2085 int iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev, 2086 void __user *uinfo) 2087 { 2088 struct iommu_cache_invalidate_info inv_info = { 0 }; 2089 u32 minsz; 2090 int ret; 2091 2092 if (unlikely(!domain->ops->cache_invalidate)) 2093 return -ENODEV; 2094 2095 /* 2096 * No new spaces can be added before the variable sized union, the 2097 * minimum size is the offset to the union. 2098 */ 2099 minsz = offsetof(struct iommu_cache_invalidate_info, granu); 2100 2101 /* Copy minsz from user to get flags and argsz */ 2102 if (copy_from_user(&inv_info, uinfo, minsz)) 2103 return -EFAULT; 2104 2105 /* Fields before the variable size union are mandatory */ 2106 if (inv_info.argsz < minsz) 2107 return -EINVAL; 2108 2109 /* PASID and address granu require additional info beyond minsz */ 2110 if (inv_info.granularity == IOMMU_INV_GRANU_PASID && 2111 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.pasid_info)) 2112 return -EINVAL; 2113 2114 if (inv_info.granularity == IOMMU_INV_GRANU_ADDR && 2115 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.addr_info)) 2116 return -EINVAL; 2117 2118 /* 2119 * User might be using a newer UAPI header which has a larger data 2120 * size, we shall support the existing flags within the current 2121 * size. Copy the remaining user data _after_ minsz but not more 2122 * than the current kernel supported size. 2123 */ 2124 if (copy_from_user((void *)&inv_info + minsz, uinfo + minsz, 2125 min_t(u32, inv_info.argsz, sizeof(inv_info)) - minsz)) 2126 return -EFAULT; 2127 2128 /* Now the argsz is validated, check the content */ 2129 ret = iommu_check_cache_invl_data(&inv_info); 2130 if (ret) 2131 return ret; 2132 2133 return domain->ops->cache_invalidate(domain, dev, &inv_info); 2134 } 2135 EXPORT_SYMBOL_GPL(iommu_uapi_cache_invalidate); 2136 2137 static int iommu_check_bind_data(struct iommu_gpasid_bind_data *data) 2138 { 2139 u64 mask; 2140 int i; 2141 2142 if (data->version != IOMMU_GPASID_BIND_VERSION_1) 2143 return -EINVAL; 2144 2145 /* Check the range of supported formats */ 2146 if (data->format >= IOMMU_PASID_FORMAT_LAST) 2147 return -EINVAL; 2148 2149 /* Check all flags */ 2150 mask = IOMMU_SVA_GPASID_VAL; 2151 if (data->flags & ~mask) 2152 return -EINVAL; 2153 2154 /* Check reserved padding fields */ 2155 for (i = 0; i < sizeof(data->padding); i++) { 2156 if (data->padding[i]) 2157 return -EINVAL; 2158 } 2159 2160 return 0; 2161 } 2162 2163 static int iommu_sva_prepare_bind_data(void __user *udata, 2164 struct iommu_gpasid_bind_data *data) 2165 { 2166 u32 minsz; 2167 2168 /* 2169 * No new spaces can be added before the variable sized union, the 2170 * minimum size is the offset to the union. 2171 */ 2172 minsz = offsetof(struct iommu_gpasid_bind_data, vendor); 2173 2174 /* Copy minsz from user to get flags and argsz */ 2175 if (copy_from_user(data, udata, minsz)) 2176 return -EFAULT; 2177 2178 /* Fields before the variable size union are mandatory */ 2179 if (data->argsz < minsz) 2180 return -EINVAL; 2181 /* 2182 * User might be using a newer UAPI header, we shall let IOMMU vendor 2183 * driver decide on what size it needs. Since the guest PASID bind data 2184 * can be vendor specific, larger argsz could be the result of extension 2185 * for one vendor but it should not affect another vendor. 2186 * Copy the remaining user data _after_ minsz 2187 */ 2188 if (copy_from_user((void *)data + minsz, udata + minsz, 2189 min_t(u32, data->argsz, sizeof(*data)) - minsz)) 2190 return -EFAULT; 2191 2192 return iommu_check_bind_data(data); 2193 } 2194 2195 int iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev, 2196 void __user *udata) 2197 { 2198 struct iommu_gpasid_bind_data data = { 0 }; 2199 int ret; 2200 2201 if (unlikely(!domain->ops->sva_bind_gpasid)) 2202 return -ENODEV; 2203 2204 ret = iommu_sva_prepare_bind_data(udata, &data); 2205 if (ret) 2206 return ret; 2207 2208 return domain->ops->sva_bind_gpasid(domain, dev, &data); 2209 } 2210 EXPORT_SYMBOL_GPL(iommu_uapi_sva_bind_gpasid); 2211 2212 int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, 2213 ioasid_t pasid) 2214 { 2215 if (unlikely(!domain->ops->sva_unbind_gpasid)) 2216 return -ENODEV; 2217 2218 return domain->ops->sva_unbind_gpasid(dev, pasid); 2219 } 2220 EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid); 2221 2222 int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev, 2223 void __user *udata) 2224 { 2225 struct iommu_gpasid_bind_data data = { 0 }; 2226 int ret; 2227 2228 if (unlikely(!domain->ops->sva_bind_gpasid)) 2229 return -ENODEV; 2230 2231 ret = iommu_sva_prepare_bind_data(udata, &data); 2232 if (ret) 2233 return ret; 2234 2235 return iommu_sva_unbind_gpasid(domain, dev, data.hpasid); 2236 } 2237 EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid); 2238 2239 static void __iommu_detach_device(struct iommu_domain *domain, 2240 struct device *dev) 2241 { 2242 if (iommu_is_attach_deferred(domain, dev)) 2243 return; 2244 2245 if (unlikely(domain->ops->detach_dev == NULL)) 2246 return; 2247 2248 domain->ops->detach_dev(domain, dev); 2249 trace_detach_device_from_domain(dev); 2250 } 2251 2252 void iommu_detach_device(struct iommu_domain *domain, struct device *dev) 2253 { 2254 struct iommu_group *group; 2255 2256 group = iommu_group_get(dev); 2257 if (!group) 2258 return; 2259 2260 mutex_lock(&group->mutex); 2261 if (iommu_group_device_count(group) != 1) { 2262 WARN_ON(1); 2263 goto out_unlock; 2264 } 2265 2266 __iommu_detach_group(domain, group); 2267 2268 out_unlock: 2269 mutex_unlock(&group->mutex); 2270 iommu_group_put(group); 2271 } 2272 EXPORT_SYMBOL_GPL(iommu_detach_device); 2273 2274 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev) 2275 { 2276 struct iommu_domain *domain; 2277 struct iommu_group *group; 2278 2279 group = iommu_group_get(dev); 2280 if (!group) 2281 return NULL; 2282 2283 domain = group->domain; 2284 2285 iommu_group_put(group); 2286 2287 return domain; 2288 } 2289 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev); 2290 2291 /* 2292 * For IOMMU_DOMAIN_DMA implementations which already provide their own 2293 * guarantees that the group and its default domain are valid and correct. 2294 */ 2295 struct iommu_domain *iommu_get_dma_domain(struct device *dev) 2296 { 2297 return dev->iommu_group->default_domain; 2298 } 2299 2300 /* 2301 * IOMMU groups are really the natural working unit of the IOMMU, but 2302 * the IOMMU API works on domains and devices. Bridge that gap by 2303 * iterating over the devices in a group. Ideally we'd have a single 2304 * device which represents the requestor ID of the group, but we also 2305 * allow IOMMU drivers to create policy defined minimum sets, where 2306 * the physical hardware may be able to distiguish members, but we 2307 * wish to group them at a higher level (ex. untrusted multi-function 2308 * PCI devices). Thus we attach each device. 2309 */ 2310 static int iommu_group_do_attach_device(struct device *dev, void *data) 2311 { 2312 struct iommu_domain *domain = data; 2313 2314 return __iommu_attach_device(domain, dev); 2315 } 2316 2317 static int __iommu_attach_group(struct iommu_domain *domain, 2318 struct iommu_group *group) 2319 { 2320 int ret; 2321 2322 if (group->default_domain && group->domain != group->default_domain) 2323 return -EBUSY; 2324 2325 ret = __iommu_group_for_each_dev(group, domain, 2326 iommu_group_do_attach_device); 2327 if (ret == 0) 2328 group->domain = domain; 2329 2330 return ret; 2331 } 2332 2333 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group) 2334 { 2335 int ret; 2336 2337 mutex_lock(&group->mutex); 2338 ret = __iommu_attach_group(domain, group); 2339 mutex_unlock(&group->mutex); 2340 2341 return ret; 2342 } 2343 EXPORT_SYMBOL_GPL(iommu_attach_group); 2344 2345 static int iommu_group_do_detach_device(struct device *dev, void *data) 2346 { 2347 struct iommu_domain *domain = data; 2348 2349 __iommu_detach_device(domain, dev); 2350 2351 return 0; 2352 } 2353 2354 static void __iommu_detach_group(struct iommu_domain *domain, 2355 struct iommu_group *group) 2356 { 2357 int ret; 2358 2359 if (!group->default_domain) { 2360 __iommu_group_for_each_dev(group, domain, 2361 iommu_group_do_detach_device); 2362 group->domain = NULL; 2363 return; 2364 } 2365 2366 if (group->domain == group->default_domain) 2367 return; 2368 2369 /* Detach by re-attaching to the default domain */ 2370 ret = __iommu_group_for_each_dev(group, group->default_domain, 2371 iommu_group_do_attach_device); 2372 if (ret != 0) 2373 WARN_ON(1); 2374 else 2375 group->domain = group->default_domain; 2376 } 2377 2378 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group) 2379 { 2380 mutex_lock(&group->mutex); 2381 __iommu_detach_group(domain, group); 2382 mutex_unlock(&group->mutex); 2383 } 2384 EXPORT_SYMBOL_GPL(iommu_detach_group); 2385 2386 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova) 2387 { 2388 if (domain->type == IOMMU_DOMAIN_IDENTITY) 2389 return iova; 2390 2391 if (domain->type == IOMMU_DOMAIN_BLOCKED) 2392 return 0; 2393 2394 return domain->ops->iova_to_phys(domain, iova); 2395 } 2396 EXPORT_SYMBOL_GPL(iommu_iova_to_phys); 2397 2398 static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova, 2399 phys_addr_t paddr, size_t size, size_t *count) 2400 { 2401 unsigned int pgsize_idx, pgsize_idx_next; 2402 unsigned long pgsizes; 2403 size_t offset, pgsize, pgsize_next; 2404 unsigned long addr_merge = paddr | iova; 2405 2406 /* Page sizes supported by the hardware and small enough for @size */ 2407 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0); 2408 2409 /* Constrain the page sizes further based on the maximum alignment */ 2410 if (likely(addr_merge)) 2411 pgsizes &= GENMASK(__ffs(addr_merge), 0); 2412 2413 /* Make sure we have at least one suitable page size */ 2414 BUG_ON(!pgsizes); 2415 2416 /* Pick the biggest page size remaining */ 2417 pgsize_idx = __fls(pgsizes); 2418 pgsize = BIT(pgsize_idx); 2419 if (!count) 2420 return pgsize; 2421 2422 /* Find the next biggest support page size, if it exists */ 2423 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0); 2424 if (!pgsizes) 2425 goto out_set_count; 2426 2427 pgsize_idx_next = __ffs(pgsizes); 2428 pgsize_next = BIT(pgsize_idx_next); 2429 2430 /* 2431 * There's no point trying a bigger page size unless the virtual 2432 * and physical addresses are similarly offset within the larger page. 2433 */ 2434 if ((iova ^ paddr) & (pgsize_next - 1)) 2435 goto out_set_count; 2436 2437 /* Calculate the offset to the next page size alignment boundary */ 2438 offset = pgsize_next - (addr_merge & (pgsize_next - 1)); 2439 2440 /* 2441 * If size is big enough to accommodate the larger page, reduce 2442 * the number of smaller pages. 2443 */ 2444 if (offset + pgsize_next <= size) 2445 size = offset; 2446 2447 out_set_count: 2448 *count = size >> pgsize_idx; 2449 return pgsize; 2450 } 2451 2452 static int __iommu_map_pages(struct iommu_domain *domain, unsigned long iova, 2453 phys_addr_t paddr, size_t size, int prot, 2454 gfp_t gfp, size_t *mapped) 2455 { 2456 const struct iommu_ops *ops = domain->ops; 2457 size_t pgsize, count; 2458 int ret; 2459 2460 pgsize = iommu_pgsize(domain, iova, paddr, size, &count); 2461 2462 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n", 2463 iova, &paddr, pgsize, count); 2464 2465 if (ops->map_pages) { 2466 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot, 2467 gfp, mapped); 2468 } else { 2469 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp); 2470 *mapped = ret ? 0 : pgsize; 2471 } 2472 2473 return ret; 2474 } 2475 2476 static int __iommu_map(struct iommu_domain *domain, unsigned long iova, 2477 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2478 { 2479 const struct iommu_ops *ops = domain->ops; 2480 unsigned long orig_iova = iova; 2481 unsigned int min_pagesz; 2482 size_t orig_size = size; 2483 phys_addr_t orig_paddr = paddr; 2484 int ret = 0; 2485 2486 if (unlikely(!(ops->map || ops->map_pages) || 2487 domain->pgsize_bitmap == 0UL)) 2488 return -ENODEV; 2489 2490 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2491 return -EINVAL; 2492 2493 /* find out the minimum page size supported */ 2494 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2495 2496 /* 2497 * both the virtual address and the physical one, as well as 2498 * the size of the mapping, must be aligned (at least) to the 2499 * size of the smallest page supported by the hardware 2500 */ 2501 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) { 2502 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n", 2503 iova, &paddr, size, min_pagesz); 2504 return -EINVAL; 2505 } 2506 2507 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size); 2508 2509 while (size) { 2510 size_t mapped = 0; 2511 2512 ret = __iommu_map_pages(domain, iova, paddr, size, prot, gfp, 2513 &mapped); 2514 /* 2515 * Some pages may have been mapped, even if an error occurred, 2516 * so we should account for those so they can be unmapped. 2517 */ 2518 size -= mapped; 2519 2520 if (ret) 2521 break; 2522 2523 iova += mapped; 2524 paddr += mapped; 2525 } 2526 2527 /* unroll mapping in case something went wrong */ 2528 if (ret) 2529 iommu_unmap(domain, orig_iova, orig_size - size); 2530 else 2531 trace_map(orig_iova, orig_paddr, orig_size); 2532 2533 return ret; 2534 } 2535 2536 static int _iommu_map(struct iommu_domain *domain, unsigned long iova, 2537 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2538 { 2539 const struct iommu_ops *ops = domain->ops; 2540 int ret; 2541 2542 ret = __iommu_map(domain, iova, paddr, size, prot, gfp); 2543 if (ret == 0 && ops->iotlb_sync_map) 2544 ops->iotlb_sync_map(domain, iova, size); 2545 2546 return ret; 2547 } 2548 2549 int iommu_map(struct iommu_domain *domain, unsigned long iova, 2550 phys_addr_t paddr, size_t size, int prot) 2551 { 2552 might_sleep(); 2553 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL); 2554 } 2555 EXPORT_SYMBOL_GPL(iommu_map); 2556 2557 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova, 2558 phys_addr_t paddr, size_t size, int prot) 2559 { 2560 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC); 2561 } 2562 EXPORT_SYMBOL_GPL(iommu_map_atomic); 2563 2564 static size_t __iommu_unmap_pages(struct iommu_domain *domain, 2565 unsigned long iova, size_t size, 2566 struct iommu_iotlb_gather *iotlb_gather) 2567 { 2568 const struct iommu_ops *ops = domain->ops; 2569 size_t pgsize, count; 2570 2571 pgsize = iommu_pgsize(domain, iova, iova, size, &count); 2572 return ops->unmap_pages ? 2573 ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather) : 2574 ops->unmap(domain, iova, pgsize, iotlb_gather); 2575 } 2576 2577 static size_t __iommu_unmap(struct iommu_domain *domain, 2578 unsigned long iova, size_t size, 2579 struct iommu_iotlb_gather *iotlb_gather) 2580 { 2581 const struct iommu_ops *ops = domain->ops; 2582 size_t unmapped_page, unmapped = 0; 2583 unsigned long orig_iova = iova; 2584 unsigned int min_pagesz; 2585 2586 if (unlikely(!(ops->unmap || ops->unmap_pages) || 2587 domain->pgsize_bitmap == 0UL)) 2588 return 0; 2589 2590 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2591 return 0; 2592 2593 /* find out the minimum page size supported */ 2594 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2595 2596 /* 2597 * The virtual address, as well as the size of the mapping, must be 2598 * aligned (at least) to the size of the smallest page supported 2599 * by the hardware 2600 */ 2601 if (!IS_ALIGNED(iova | size, min_pagesz)) { 2602 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n", 2603 iova, size, min_pagesz); 2604 return 0; 2605 } 2606 2607 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size); 2608 2609 /* 2610 * Keep iterating until we either unmap 'size' bytes (or more) 2611 * or we hit an area that isn't mapped. 2612 */ 2613 while (unmapped < size) { 2614 unmapped_page = __iommu_unmap_pages(domain, iova, 2615 size - unmapped, 2616 iotlb_gather); 2617 if (!unmapped_page) 2618 break; 2619 2620 pr_debug("unmapped: iova 0x%lx size 0x%zx\n", 2621 iova, unmapped_page); 2622 2623 iova += unmapped_page; 2624 unmapped += unmapped_page; 2625 } 2626 2627 trace_unmap(orig_iova, size, unmapped); 2628 return unmapped; 2629 } 2630 2631 size_t iommu_unmap(struct iommu_domain *domain, 2632 unsigned long iova, size_t size) 2633 { 2634 struct iommu_iotlb_gather iotlb_gather; 2635 size_t ret; 2636 2637 iommu_iotlb_gather_init(&iotlb_gather); 2638 ret = __iommu_unmap(domain, iova, size, &iotlb_gather); 2639 iommu_iotlb_sync(domain, &iotlb_gather); 2640 2641 return ret; 2642 } 2643 EXPORT_SYMBOL_GPL(iommu_unmap); 2644 2645 size_t iommu_unmap_fast(struct iommu_domain *domain, 2646 unsigned long iova, size_t size, 2647 struct iommu_iotlb_gather *iotlb_gather) 2648 { 2649 return __iommu_unmap(domain, iova, size, iotlb_gather); 2650 } 2651 EXPORT_SYMBOL_GPL(iommu_unmap_fast); 2652 2653 static ssize_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2654 struct scatterlist *sg, unsigned int nents, int prot, 2655 gfp_t gfp) 2656 { 2657 const struct iommu_ops *ops = domain->ops; 2658 size_t len = 0, mapped = 0; 2659 phys_addr_t start; 2660 unsigned int i = 0; 2661 int ret; 2662 2663 while (i <= nents) { 2664 phys_addr_t s_phys = sg_phys(sg); 2665 2666 if (len && s_phys != start + len) { 2667 ret = __iommu_map(domain, iova + mapped, start, 2668 len, prot, gfp); 2669 2670 if (ret) 2671 goto out_err; 2672 2673 mapped += len; 2674 len = 0; 2675 } 2676 2677 if (len) { 2678 len += sg->length; 2679 } else { 2680 len = sg->length; 2681 start = s_phys; 2682 } 2683 2684 if (++i < nents) 2685 sg = sg_next(sg); 2686 } 2687 2688 if (ops->iotlb_sync_map) 2689 ops->iotlb_sync_map(domain, iova, mapped); 2690 return mapped; 2691 2692 out_err: 2693 /* undo mappings already done */ 2694 iommu_unmap(domain, iova, mapped); 2695 2696 return ret; 2697 } 2698 2699 ssize_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2700 struct scatterlist *sg, unsigned int nents, int prot) 2701 { 2702 might_sleep(); 2703 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL); 2704 } 2705 EXPORT_SYMBOL_GPL(iommu_map_sg); 2706 2707 ssize_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova, 2708 struct scatterlist *sg, unsigned int nents, int prot) 2709 { 2710 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC); 2711 } 2712 2713 /** 2714 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework 2715 * @domain: the iommu domain where the fault has happened 2716 * @dev: the device where the fault has happened 2717 * @iova: the faulting address 2718 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...) 2719 * 2720 * This function should be called by the low-level IOMMU implementations 2721 * whenever IOMMU faults happen, to allow high-level users, that are 2722 * interested in such events, to know about them. 2723 * 2724 * This event may be useful for several possible use cases: 2725 * - mere logging of the event 2726 * - dynamic TLB/PTE loading 2727 * - if restarting of the faulting device is required 2728 * 2729 * Returns 0 on success and an appropriate error code otherwise (if dynamic 2730 * PTE/TLB loading will one day be supported, implementations will be able 2731 * to tell whether it succeeded or not according to this return value). 2732 * 2733 * Specifically, -ENOSYS is returned if a fault handler isn't installed 2734 * (though fault handlers can also return -ENOSYS, in case they want to 2735 * elicit the default behavior of the IOMMU drivers). 2736 */ 2737 int report_iommu_fault(struct iommu_domain *domain, struct device *dev, 2738 unsigned long iova, int flags) 2739 { 2740 int ret = -ENOSYS; 2741 2742 /* 2743 * if upper layers showed interest and installed a fault handler, 2744 * invoke it. 2745 */ 2746 if (domain->handler) 2747 ret = domain->handler(domain, dev, iova, flags, 2748 domain->handler_token); 2749 2750 trace_io_page_fault(dev, iova, flags); 2751 return ret; 2752 } 2753 EXPORT_SYMBOL_GPL(report_iommu_fault); 2754 2755 static int __init iommu_init(void) 2756 { 2757 iommu_group_kset = kset_create_and_add("iommu_groups", 2758 NULL, kernel_kobj); 2759 BUG_ON(!iommu_group_kset); 2760 2761 iommu_debugfs_setup(); 2762 2763 return 0; 2764 } 2765 core_initcall(iommu_init); 2766 2767 int iommu_enable_nesting(struct iommu_domain *domain) 2768 { 2769 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2770 return -EINVAL; 2771 if (!domain->ops->enable_nesting) 2772 return -EINVAL; 2773 return domain->ops->enable_nesting(domain); 2774 } 2775 EXPORT_SYMBOL_GPL(iommu_enable_nesting); 2776 2777 int iommu_set_pgtable_quirks(struct iommu_domain *domain, 2778 unsigned long quirk) 2779 { 2780 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2781 return -EINVAL; 2782 if (!domain->ops->set_pgtable_quirks) 2783 return -EINVAL; 2784 return domain->ops->set_pgtable_quirks(domain, quirk); 2785 } 2786 EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks); 2787 2788 void iommu_get_resv_regions(struct device *dev, struct list_head *list) 2789 { 2790 const struct iommu_ops *ops = dev->bus->iommu_ops; 2791 2792 if (ops && ops->get_resv_regions) 2793 ops->get_resv_regions(dev, list); 2794 } 2795 2796 void iommu_put_resv_regions(struct device *dev, struct list_head *list) 2797 { 2798 const struct iommu_ops *ops = dev->bus->iommu_ops; 2799 2800 if (ops && ops->put_resv_regions) 2801 ops->put_resv_regions(dev, list); 2802 } 2803 2804 /** 2805 * generic_iommu_put_resv_regions - Reserved region driver helper 2806 * @dev: device for which to free reserved regions 2807 * @list: reserved region list for device 2808 * 2809 * IOMMU drivers can use this to implement their .put_resv_regions() callback 2810 * for simple reservations. Memory allocated for each reserved region will be 2811 * freed. If an IOMMU driver allocates additional resources per region, it is 2812 * going to have to implement a custom callback. 2813 */ 2814 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list) 2815 { 2816 struct iommu_resv_region *entry, *next; 2817 2818 list_for_each_entry_safe(entry, next, list, list) 2819 kfree(entry); 2820 } 2821 EXPORT_SYMBOL(generic_iommu_put_resv_regions); 2822 2823 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start, 2824 size_t length, int prot, 2825 enum iommu_resv_type type) 2826 { 2827 struct iommu_resv_region *region; 2828 2829 region = kzalloc(sizeof(*region), GFP_KERNEL); 2830 if (!region) 2831 return NULL; 2832 2833 INIT_LIST_HEAD(®ion->list); 2834 region->start = start; 2835 region->length = length; 2836 region->prot = prot; 2837 region->type = type; 2838 return region; 2839 } 2840 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region); 2841 2842 void iommu_set_default_passthrough(bool cmd_line) 2843 { 2844 if (cmd_line) 2845 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2846 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; 2847 } 2848 2849 void iommu_set_default_translated(bool cmd_line) 2850 { 2851 if (cmd_line) 2852 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2853 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 2854 } 2855 2856 bool iommu_default_passthrough(void) 2857 { 2858 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY; 2859 } 2860 EXPORT_SYMBOL_GPL(iommu_default_passthrough); 2861 2862 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode) 2863 { 2864 const struct iommu_ops *ops = NULL; 2865 struct iommu_device *iommu; 2866 2867 spin_lock(&iommu_device_lock); 2868 list_for_each_entry(iommu, &iommu_device_list, list) 2869 if (iommu->fwnode == fwnode) { 2870 ops = iommu->ops; 2871 break; 2872 } 2873 spin_unlock(&iommu_device_lock); 2874 return ops; 2875 } 2876 2877 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode, 2878 const struct iommu_ops *ops) 2879 { 2880 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2881 2882 if (fwspec) 2883 return ops == fwspec->ops ? 0 : -EINVAL; 2884 2885 if (!dev_iommu_get(dev)) 2886 return -ENOMEM; 2887 2888 /* Preallocate for the overwhelmingly common case of 1 ID */ 2889 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL); 2890 if (!fwspec) 2891 return -ENOMEM; 2892 2893 of_node_get(to_of_node(iommu_fwnode)); 2894 fwspec->iommu_fwnode = iommu_fwnode; 2895 fwspec->ops = ops; 2896 dev_iommu_fwspec_set(dev, fwspec); 2897 return 0; 2898 } 2899 EXPORT_SYMBOL_GPL(iommu_fwspec_init); 2900 2901 void iommu_fwspec_free(struct device *dev) 2902 { 2903 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2904 2905 if (fwspec) { 2906 fwnode_handle_put(fwspec->iommu_fwnode); 2907 kfree(fwspec); 2908 dev_iommu_fwspec_set(dev, NULL); 2909 } 2910 } 2911 EXPORT_SYMBOL_GPL(iommu_fwspec_free); 2912 2913 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids) 2914 { 2915 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2916 int i, new_num; 2917 2918 if (!fwspec) 2919 return -EINVAL; 2920 2921 new_num = fwspec->num_ids + num_ids; 2922 if (new_num > 1) { 2923 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num), 2924 GFP_KERNEL); 2925 if (!fwspec) 2926 return -ENOMEM; 2927 2928 dev_iommu_fwspec_set(dev, fwspec); 2929 } 2930 2931 for (i = 0; i < num_ids; i++) 2932 fwspec->ids[fwspec->num_ids + i] = ids[i]; 2933 2934 fwspec->num_ids = new_num; 2935 return 0; 2936 } 2937 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids); 2938 2939 /* 2940 * Per device IOMMU features. 2941 */ 2942 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat) 2943 { 2944 if (dev->iommu && dev->iommu->iommu_dev) { 2945 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2946 2947 if (ops->dev_enable_feat) 2948 return ops->dev_enable_feat(dev, feat); 2949 } 2950 2951 return -ENODEV; 2952 } 2953 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature); 2954 2955 /* 2956 * The device drivers should do the necessary cleanups before calling this. 2957 * For example, before disabling the aux-domain feature, the device driver 2958 * should detach all aux-domains. Otherwise, this will return -EBUSY. 2959 */ 2960 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat) 2961 { 2962 if (dev->iommu && dev->iommu->iommu_dev) { 2963 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2964 2965 if (ops->dev_disable_feat) 2966 return ops->dev_disable_feat(dev, feat); 2967 } 2968 2969 return -EBUSY; 2970 } 2971 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature); 2972 2973 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat) 2974 { 2975 if (dev->iommu && dev->iommu->iommu_dev) { 2976 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2977 2978 if (ops->dev_feat_enabled) 2979 return ops->dev_feat_enabled(dev, feat); 2980 } 2981 2982 return false; 2983 } 2984 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled); 2985 2986 /* 2987 * Aux-domain specific attach/detach. 2988 * 2989 * Only works if iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX) returns 2990 * true. Also, as long as domains are attached to a device through this 2991 * interface, any tries to call iommu_attach_device() should fail 2992 * (iommu_detach_device() can't fail, so we fail when trying to re-attach). 2993 * This should make us safe against a device being attached to a guest as a 2994 * whole while there are still pasid users on it (aux and sva). 2995 */ 2996 int iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev) 2997 { 2998 int ret = -ENODEV; 2999 3000 if (domain->ops->aux_attach_dev) 3001 ret = domain->ops->aux_attach_dev(domain, dev); 3002 3003 if (!ret) 3004 trace_attach_device_to_domain(dev); 3005 3006 return ret; 3007 } 3008 EXPORT_SYMBOL_GPL(iommu_aux_attach_device); 3009 3010 void iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev) 3011 { 3012 if (domain->ops->aux_detach_dev) { 3013 domain->ops->aux_detach_dev(domain, dev); 3014 trace_detach_device_from_domain(dev); 3015 } 3016 } 3017 EXPORT_SYMBOL_GPL(iommu_aux_detach_device); 3018 3019 int iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev) 3020 { 3021 int ret = -ENODEV; 3022 3023 if (domain->ops->aux_get_pasid) 3024 ret = domain->ops->aux_get_pasid(domain, dev); 3025 3026 return ret; 3027 } 3028 EXPORT_SYMBOL_GPL(iommu_aux_get_pasid); 3029 3030 /** 3031 * iommu_sva_bind_device() - Bind a process address space to a device 3032 * @dev: the device 3033 * @mm: the mm to bind, caller must hold a reference to it 3034 * 3035 * Create a bond between device and address space, allowing the device to access 3036 * the mm using the returned PASID. If a bond already exists between @device and 3037 * @mm, it is returned and an additional reference is taken. Caller must call 3038 * iommu_sva_unbind_device() to release each reference. 3039 * 3040 * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to 3041 * initialize the required SVA features. 3042 * 3043 * On error, returns an ERR_PTR value. 3044 */ 3045 struct iommu_sva * 3046 iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata) 3047 { 3048 struct iommu_group *group; 3049 struct iommu_sva *handle = ERR_PTR(-EINVAL); 3050 const struct iommu_ops *ops = dev->bus->iommu_ops; 3051 3052 if (!ops || !ops->sva_bind) 3053 return ERR_PTR(-ENODEV); 3054 3055 group = iommu_group_get(dev); 3056 if (!group) 3057 return ERR_PTR(-ENODEV); 3058 3059 /* Ensure device count and domain don't change while we're binding */ 3060 mutex_lock(&group->mutex); 3061 3062 /* 3063 * To keep things simple, SVA currently doesn't support IOMMU groups 3064 * with more than one device. Existing SVA-capable systems are not 3065 * affected by the problems that required IOMMU groups (lack of ACS 3066 * isolation, device ID aliasing and other hardware issues). 3067 */ 3068 if (iommu_group_device_count(group) != 1) 3069 goto out_unlock; 3070 3071 handle = ops->sva_bind(dev, mm, drvdata); 3072 3073 out_unlock: 3074 mutex_unlock(&group->mutex); 3075 iommu_group_put(group); 3076 3077 return handle; 3078 } 3079 EXPORT_SYMBOL_GPL(iommu_sva_bind_device); 3080 3081 /** 3082 * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device 3083 * @handle: the handle returned by iommu_sva_bind_device() 3084 * 3085 * Put reference to a bond between device and address space. The device should 3086 * not be issuing any more transaction for this PASID. All outstanding page 3087 * requests for this PASID must have been flushed to the IOMMU. 3088 */ 3089 void iommu_sva_unbind_device(struct iommu_sva *handle) 3090 { 3091 struct iommu_group *group; 3092 struct device *dev = handle->dev; 3093 const struct iommu_ops *ops = dev->bus->iommu_ops; 3094 3095 if (!ops || !ops->sva_unbind) 3096 return; 3097 3098 group = iommu_group_get(dev); 3099 if (!group) 3100 return; 3101 3102 mutex_lock(&group->mutex); 3103 ops->sva_unbind(handle); 3104 mutex_unlock(&group->mutex); 3105 3106 iommu_group_put(group); 3107 } 3108 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device); 3109 3110 u32 iommu_sva_get_pasid(struct iommu_sva *handle) 3111 { 3112 const struct iommu_ops *ops = handle->dev->bus->iommu_ops; 3113 3114 if (!ops || !ops->sva_get_pasid) 3115 return IOMMU_PASID_INVALID; 3116 3117 return ops->sva_get_pasid(handle); 3118 } 3119 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid); 3120 3121 /* 3122 * Changes the default domain of an iommu group that has *only* one device 3123 * 3124 * @group: The group for which the default domain should be changed 3125 * @prev_dev: The device in the group (this is used to make sure that the device 3126 * hasn't changed after the caller has called this function) 3127 * @type: The type of the new default domain that gets associated with the group 3128 * 3129 * Returns 0 on success and error code on failure 3130 * 3131 * Note: 3132 * 1. Presently, this function is called only when user requests to change the 3133 * group's default domain type through /sys/kernel/iommu_groups/<grp_id>/type 3134 * Please take a closer look if intended to use for other purposes. 3135 */ 3136 static int iommu_change_dev_def_domain(struct iommu_group *group, 3137 struct device *prev_dev, int type) 3138 { 3139 struct iommu_domain *prev_dom; 3140 struct group_device *grp_dev; 3141 int ret, dev_def_dom; 3142 struct device *dev; 3143 3144 mutex_lock(&group->mutex); 3145 3146 if (group->default_domain != group->domain) { 3147 dev_err_ratelimited(prev_dev, "Group not assigned to default domain\n"); 3148 ret = -EBUSY; 3149 goto out; 3150 } 3151 3152 /* 3153 * iommu group wasn't locked while acquiring device lock in 3154 * iommu_group_store_type(). So, make sure that the device count hasn't 3155 * changed while acquiring device lock. 3156 * 3157 * Changing default domain of an iommu group with two or more devices 3158 * isn't supported because there could be a potential deadlock. Consider 3159 * the following scenario. T1 is trying to acquire device locks of all 3160 * the devices in the group and before it could acquire all of them, 3161 * there could be another thread T2 (from different sub-system and use 3162 * case) that has already acquired some of the device locks and might be 3163 * waiting for T1 to release other device locks. 3164 */ 3165 if (iommu_group_device_count(group) != 1) { 3166 dev_err_ratelimited(prev_dev, "Cannot change default domain: Group has more than one device\n"); 3167 ret = -EINVAL; 3168 goto out; 3169 } 3170 3171 /* Since group has only one device */ 3172 grp_dev = list_first_entry(&group->devices, struct group_device, list); 3173 dev = grp_dev->dev; 3174 3175 if (prev_dev != dev) { 3176 dev_err_ratelimited(prev_dev, "Cannot change default domain: Device has been changed\n"); 3177 ret = -EBUSY; 3178 goto out; 3179 } 3180 3181 prev_dom = group->default_domain; 3182 if (!prev_dom) { 3183 ret = -EINVAL; 3184 goto out; 3185 } 3186 3187 dev_def_dom = iommu_get_def_domain_type(dev); 3188 if (!type) { 3189 /* 3190 * If the user hasn't requested any specific type of domain and 3191 * if the device supports both the domains, then default to the 3192 * domain the device was booted with 3193 */ 3194 type = dev_def_dom ? : iommu_def_domain_type; 3195 } else if (dev_def_dom && type != dev_def_dom) { 3196 dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n", 3197 iommu_domain_type_str(type)); 3198 ret = -EINVAL; 3199 goto out; 3200 } 3201 3202 /* 3203 * Switch to a new domain only if the requested domain type is different 3204 * from the existing default domain type 3205 */ 3206 if (prev_dom->type == type) { 3207 ret = 0; 3208 goto out; 3209 } 3210 3211 /* We can bring up a flush queue without tearing down the domain */ 3212 if (type == IOMMU_DOMAIN_DMA_FQ && prev_dom->type == IOMMU_DOMAIN_DMA) { 3213 ret = iommu_dma_init_fq(prev_dom); 3214 if (!ret) 3215 prev_dom->type = IOMMU_DOMAIN_DMA_FQ; 3216 goto out; 3217 } 3218 3219 /* Sets group->default_domain to the newly allocated domain */ 3220 ret = iommu_group_alloc_default_domain(dev->bus, group, type); 3221 if (ret) 3222 goto out; 3223 3224 ret = iommu_create_device_direct_mappings(group, dev); 3225 if (ret) 3226 goto free_new_domain; 3227 3228 ret = __iommu_attach_device(group->default_domain, dev); 3229 if (ret) 3230 goto free_new_domain; 3231 3232 group->domain = group->default_domain; 3233 3234 /* 3235 * Release the mutex here because ops->probe_finalize() call-back of 3236 * some vendor IOMMU drivers calls arm_iommu_attach_device() which 3237 * in-turn might call back into IOMMU core code, where it tries to take 3238 * group->mutex, resulting in a deadlock. 3239 */ 3240 mutex_unlock(&group->mutex); 3241 3242 /* Make sure dma_ops is appropriatley set */ 3243 iommu_group_do_probe_finalize(dev, group->default_domain); 3244 iommu_domain_free(prev_dom); 3245 return 0; 3246 3247 free_new_domain: 3248 iommu_domain_free(group->default_domain); 3249 group->default_domain = prev_dom; 3250 group->domain = prev_dom; 3251 3252 out: 3253 mutex_unlock(&group->mutex); 3254 3255 return ret; 3256 } 3257 3258 /* 3259 * Changing the default domain through sysfs requires the users to unbind the 3260 * drivers from the devices in the iommu group, except for a DMA -> DMA-FQ 3261 * transition. Return failure if this isn't met. 3262 * 3263 * We need to consider the race between this and the device release path. 3264 * device_lock(dev) is used here to guarantee that the device release path 3265 * will not be entered at the same time. 3266 */ 3267 static ssize_t iommu_group_store_type(struct iommu_group *group, 3268 const char *buf, size_t count) 3269 { 3270 struct group_device *grp_dev; 3271 struct device *dev; 3272 int ret, req_type; 3273 3274 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) 3275 return -EACCES; 3276 3277 if (WARN_ON(!group)) 3278 return -EINVAL; 3279 3280 if (sysfs_streq(buf, "identity")) 3281 req_type = IOMMU_DOMAIN_IDENTITY; 3282 else if (sysfs_streq(buf, "DMA")) 3283 req_type = IOMMU_DOMAIN_DMA; 3284 else if (sysfs_streq(buf, "DMA-FQ")) 3285 req_type = IOMMU_DOMAIN_DMA_FQ; 3286 else if (sysfs_streq(buf, "auto")) 3287 req_type = 0; 3288 else 3289 return -EINVAL; 3290 3291 /* 3292 * Lock/Unlock the group mutex here before device lock to 3293 * 1. Make sure that the iommu group has only one device (this is a 3294 * prerequisite for step 2) 3295 * 2. Get struct *dev which is needed to lock device 3296 */ 3297 mutex_lock(&group->mutex); 3298 if (iommu_group_device_count(group) != 1) { 3299 mutex_unlock(&group->mutex); 3300 pr_err_ratelimited("Cannot change default domain: Group has more than one device\n"); 3301 return -EINVAL; 3302 } 3303 3304 /* Since group has only one device */ 3305 grp_dev = list_first_entry(&group->devices, struct group_device, list); 3306 dev = grp_dev->dev; 3307 get_device(dev); 3308 3309 /* 3310 * Don't hold the group mutex because taking group mutex first and then 3311 * the device lock could potentially cause a deadlock as below. Assume 3312 * two threads T1 and T2. T1 is trying to change default domain of an 3313 * iommu group and T2 is trying to hot unplug a device or release [1] VF 3314 * of a PCIe device which is in the same iommu group. T1 takes group 3315 * mutex and before it could take device lock assume T2 has taken device 3316 * lock and is yet to take group mutex. Now, both the threads will be 3317 * waiting for the other thread to release lock. Below, lock order was 3318 * suggested. 3319 * device_lock(dev); 3320 * mutex_lock(&group->mutex); 3321 * iommu_change_dev_def_domain(); 3322 * mutex_unlock(&group->mutex); 3323 * device_unlock(dev); 3324 * 3325 * [1] Typical device release path 3326 * device_lock() from device/driver core code 3327 * -> bus_notifier() 3328 * -> iommu_bus_notifier() 3329 * -> iommu_release_device() 3330 * -> ops->release_device() vendor driver calls back iommu core code 3331 * -> mutex_lock() from iommu core code 3332 */ 3333 mutex_unlock(&group->mutex); 3334 3335 /* Check if the device in the group still has a driver bound to it */ 3336 device_lock(dev); 3337 if (device_is_bound(dev) && !(req_type == IOMMU_DOMAIN_DMA_FQ && 3338 group->default_domain->type == IOMMU_DOMAIN_DMA)) { 3339 pr_err_ratelimited("Device is still bound to driver\n"); 3340 ret = -EBUSY; 3341 goto out; 3342 } 3343 3344 ret = iommu_change_dev_def_domain(group, dev, req_type); 3345 ret = ret ?: count; 3346 3347 out: 3348 device_unlock(dev); 3349 put_device(dev); 3350 3351 return ret; 3352 } 3353