1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc. 4 * Author: Joerg Roedel <jroedel@suse.de> 5 */ 6 7 #define pr_fmt(fmt) "iommu: " fmt 8 9 #include <linux/device.h> 10 #include <linux/dma-iommu.h> 11 #include <linux/kernel.h> 12 #include <linux/bits.h> 13 #include <linux/bug.h> 14 #include <linux/types.h> 15 #include <linux/init.h> 16 #include <linux/export.h> 17 #include <linux/slab.h> 18 #include <linux/errno.h> 19 #include <linux/iommu.h> 20 #include <linux/idr.h> 21 #include <linux/notifier.h> 22 #include <linux/err.h> 23 #include <linux/pci.h> 24 #include <linux/bitops.h> 25 #include <linux/property.h> 26 #include <linux/fsl/mc.h> 27 #include <linux/module.h> 28 #include <linux/cc_platform.h> 29 #include <trace/events/iommu.h> 30 31 static struct kset *iommu_group_kset; 32 static DEFINE_IDA(iommu_group_ida); 33 34 static unsigned int iommu_def_domain_type __read_mostly; 35 static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_STRICT); 36 static u32 iommu_cmd_line __read_mostly; 37 38 struct iommu_group { 39 struct kobject kobj; 40 struct kobject *devices_kobj; 41 struct list_head devices; 42 struct mutex mutex; 43 struct blocking_notifier_head notifier; 44 void *iommu_data; 45 void (*iommu_data_release)(void *iommu_data); 46 char *name; 47 int id; 48 struct iommu_domain *default_domain; 49 struct iommu_domain *domain; 50 struct list_head entry; 51 }; 52 53 struct group_device { 54 struct list_head list; 55 struct device *dev; 56 char *name; 57 }; 58 59 struct iommu_group_attribute { 60 struct attribute attr; 61 ssize_t (*show)(struct iommu_group *group, char *buf); 62 ssize_t (*store)(struct iommu_group *group, 63 const char *buf, size_t count); 64 }; 65 66 static const char * const iommu_group_resv_type_string[] = { 67 [IOMMU_RESV_DIRECT] = "direct", 68 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable", 69 [IOMMU_RESV_RESERVED] = "reserved", 70 [IOMMU_RESV_MSI] = "msi", 71 [IOMMU_RESV_SW_MSI] = "msi", 72 }; 73 74 #define IOMMU_CMD_LINE_DMA_API BIT(0) 75 #define IOMMU_CMD_LINE_STRICT BIT(1) 76 77 static int iommu_alloc_default_domain(struct iommu_group *group, 78 struct device *dev); 79 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 80 unsigned type); 81 static int __iommu_attach_device(struct iommu_domain *domain, 82 struct device *dev); 83 static int __iommu_attach_group(struct iommu_domain *domain, 84 struct iommu_group *group); 85 static void __iommu_detach_group(struct iommu_domain *domain, 86 struct iommu_group *group); 87 static int iommu_create_device_direct_mappings(struct iommu_group *group, 88 struct device *dev); 89 static struct iommu_group *iommu_group_get_for_dev(struct device *dev); 90 static ssize_t iommu_group_store_type(struct iommu_group *group, 91 const char *buf, size_t count); 92 93 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \ 94 struct iommu_group_attribute iommu_group_attr_##_name = \ 95 __ATTR(_name, _mode, _show, _store) 96 97 #define to_iommu_group_attr(_attr) \ 98 container_of(_attr, struct iommu_group_attribute, attr) 99 #define to_iommu_group(_kobj) \ 100 container_of(_kobj, struct iommu_group, kobj) 101 102 static LIST_HEAD(iommu_device_list); 103 static DEFINE_SPINLOCK(iommu_device_lock); 104 105 /* 106 * Use a function instead of an array here because the domain-type is a 107 * bit-field, so an array would waste memory. 108 */ 109 static const char *iommu_domain_type_str(unsigned int t) 110 { 111 switch (t) { 112 case IOMMU_DOMAIN_BLOCKED: 113 return "Blocked"; 114 case IOMMU_DOMAIN_IDENTITY: 115 return "Passthrough"; 116 case IOMMU_DOMAIN_UNMANAGED: 117 return "Unmanaged"; 118 case IOMMU_DOMAIN_DMA: 119 case IOMMU_DOMAIN_DMA_FQ: 120 return "Translated"; 121 default: 122 return "Unknown"; 123 } 124 } 125 126 static int __init iommu_subsys_init(void) 127 { 128 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) { 129 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH)) 130 iommu_set_default_passthrough(false); 131 else 132 iommu_set_default_translated(false); 133 134 if (iommu_default_passthrough() && cc_platform_has(CC_ATTR_MEM_ENCRYPT)) { 135 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n"); 136 iommu_set_default_translated(false); 137 } 138 } 139 140 if (!iommu_default_passthrough() && !iommu_dma_strict) 141 iommu_def_domain_type = IOMMU_DOMAIN_DMA_FQ; 142 143 pr_info("Default domain type: %s %s\n", 144 iommu_domain_type_str(iommu_def_domain_type), 145 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ? 146 "(set via kernel command line)" : ""); 147 148 if (!iommu_default_passthrough()) 149 pr_info("DMA domain TLB invalidation policy: %s mode %s\n", 150 iommu_dma_strict ? "strict" : "lazy", 151 (iommu_cmd_line & IOMMU_CMD_LINE_STRICT) ? 152 "(set via kernel command line)" : ""); 153 154 return 0; 155 } 156 subsys_initcall(iommu_subsys_init); 157 158 /** 159 * iommu_device_register() - Register an IOMMU hardware instance 160 * @iommu: IOMMU handle for the instance 161 * @ops: IOMMU ops to associate with the instance 162 * @hwdev: (optional) actual instance device, used for fwnode lookup 163 * 164 * Return: 0 on success, or an error. 165 */ 166 int iommu_device_register(struct iommu_device *iommu, 167 const struct iommu_ops *ops, struct device *hwdev) 168 { 169 /* We need to be able to take module references appropriately */ 170 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner)) 171 return -EINVAL; 172 173 iommu->ops = ops; 174 if (hwdev) 175 iommu->fwnode = hwdev->fwnode; 176 177 spin_lock(&iommu_device_lock); 178 list_add_tail(&iommu->list, &iommu_device_list); 179 spin_unlock(&iommu_device_lock); 180 return 0; 181 } 182 EXPORT_SYMBOL_GPL(iommu_device_register); 183 184 void iommu_device_unregister(struct iommu_device *iommu) 185 { 186 spin_lock(&iommu_device_lock); 187 list_del(&iommu->list); 188 spin_unlock(&iommu_device_lock); 189 } 190 EXPORT_SYMBOL_GPL(iommu_device_unregister); 191 192 static struct dev_iommu *dev_iommu_get(struct device *dev) 193 { 194 struct dev_iommu *param = dev->iommu; 195 196 if (param) 197 return param; 198 199 param = kzalloc(sizeof(*param), GFP_KERNEL); 200 if (!param) 201 return NULL; 202 203 mutex_init(¶m->lock); 204 dev->iommu = param; 205 return param; 206 } 207 208 static void dev_iommu_free(struct device *dev) 209 { 210 struct dev_iommu *param = dev->iommu; 211 212 dev->iommu = NULL; 213 if (param->fwspec) { 214 fwnode_handle_put(param->fwspec->iommu_fwnode); 215 kfree(param->fwspec); 216 } 217 kfree(param); 218 } 219 220 static int __iommu_probe_device(struct device *dev, struct list_head *group_list) 221 { 222 const struct iommu_ops *ops = dev->bus->iommu_ops; 223 struct iommu_device *iommu_dev; 224 struct iommu_group *group; 225 int ret; 226 227 if (!ops) 228 return -ENODEV; 229 230 if (!dev_iommu_get(dev)) 231 return -ENOMEM; 232 233 if (!try_module_get(ops->owner)) { 234 ret = -EINVAL; 235 goto err_free; 236 } 237 238 iommu_dev = ops->probe_device(dev); 239 if (IS_ERR(iommu_dev)) { 240 ret = PTR_ERR(iommu_dev); 241 goto out_module_put; 242 } 243 244 dev->iommu->iommu_dev = iommu_dev; 245 246 group = iommu_group_get_for_dev(dev); 247 if (IS_ERR(group)) { 248 ret = PTR_ERR(group); 249 goto out_release; 250 } 251 iommu_group_put(group); 252 253 if (group_list && !group->default_domain && list_empty(&group->entry)) 254 list_add_tail(&group->entry, group_list); 255 256 iommu_device_link(iommu_dev, dev); 257 258 return 0; 259 260 out_release: 261 ops->release_device(dev); 262 263 out_module_put: 264 module_put(ops->owner); 265 266 err_free: 267 dev_iommu_free(dev); 268 269 return ret; 270 } 271 272 int iommu_probe_device(struct device *dev) 273 { 274 const struct iommu_ops *ops = dev->bus->iommu_ops; 275 struct iommu_group *group; 276 int ret; 277 278 ret = __iommu_probe_device(dev, NULL); 279 if (ret) 280 goto err_out; 281 282 group = iommu_group_get(dev); 283 if (!group) { 284 ret = -ENODEV; 285 goto err_release; 286 } 287 288 /* 289 * Try to allocate a default domain - needs support from the 290 * IOMMU driver. There are still some drivers which don't 291 * support default domains, so the return value is not yet 292 * checked. 293 */ 294 mutex_lock(&group->mutex); 295 iommu_alloc_default_domain(group, dev); 296 297 if (group->default_domain) { 298 ret = __iommu_attach_device(group->default_domain, dev); 299 if (ret) { 300 mutex_unlock(&group->mutex); 301 iommu_group_put(group); 302 goto err_release; 303 } 304 } 305 306 iommu_create_device_direct_mappings(group, dev); 307 308 mutex_unlock(&group->mutex); 309 iommu_group_put(group); 310 311 if (ops->probe_finalize) 312 ops->probe_finalize(dev); 313 314 return 0; 315 316 err_release: 317 iommu_release_device(dev); 318 319 err_out: 320 return ret; 321 322 } 323 324 void iommu_release_device(struct device *dev) 325 { 326 const struct iommu_ops *ops; 327 328 if (!dev->iommu) 329 return; 330 331 iommu_device_unlink(dev->iommu->iommu_dev, dev); 332 333 ops = dev_iommu_ops(dev); 334 ops->release_device(dev); 335 336 iommu_group_remove_device(dev); 337 module_put(ops->owner); 338 dev_iommu_free(dev); 339 } 340 341 static int __init iommu_set_def_domain_type(char *str) 342 { 343 bool pt; 344 int ret; 345 346 ret = kstrtobool(str, &pt); 347 if (ret) 348 return ret; 349 350 if (pt) 351 iommu_set_default_passthrough(true); 352 else 353 iommu_set_default_translated(true); 354 355 return 0; 356 } 357 early_param("iommu.passthrough", iommu_set_def_domain_type); 358 359 static int __init iommu_dma_setup(char *str) 360 { 361 int ret = kstrtobool(str, &iommu_dma_strict); 362 363 if (!ret) 364 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT; 365 return ret; 366 } 367 early_param("iommu.strict", iommu_dma_setup); 368 369 void iommu_set_dma_strict(void) 370 { 371 iommu_dma_strict = true; 372 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA_FQ) 373 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 374 } 375 376 static ssize_t iommu_group_attr_show(struct kobject *kobj, 377 struct attribute *__attr, char *buf) 378 { 379 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 380 struct iommu_group *group = to_iommu_group(kobj); 381 ssize_t ret = -EIO; 382 383 if (attr->show) 384 ret = attr->show(group, buf); 385 return ret; 386 } 387 388 static ssize_t iommu_group_attr_store(struct kobject *kobj, 389 struct attribute *__attr, 390 const char *buf, size_t count) 391 { 392 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr); 393 struct iommu_group *group = to_iommu_group(kobj); 394 ssize_t ret = -EIO; 395 396 if (attr->store) 397 ret = attr->store(group, buf, count); 398 return ret; 399 } 400 401 static const struct sysfs_ops iommu_group_sysfs_ops = { 402 .show = iommu_group_attr_show, 403 .store = iommu_group_attr_store, 404 }; 405 406 static int iommu_group_create_file(struct iommu_group *group, 407 struct iommu_group_attribute *attr) 408 { 409 return sysfs_create_file(&group->kobj, &attr->attr); 410 } 411 412 static void iommu_group_remove_file(struct iommu_group *group, 413 struct iommu_group_attribute *attr) 414 { 415 sysfs_remove_file(&group->kobj, &attr->attr); 416 } 417 418 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf) 419 { 420 return sprintf(buf, "%s\n", group->name); 421 } 422 423 /** 424 * iommu_insert_resv_region - Insert a new region in the 425 * list of reserved regions. 426 * @new: new region to insert 427 * @regions: list of regions 428 * 429 * Elements are sorted by start address and overlapping segments 430 * of the same type are merged. 431 */ 432 static int iommu_insert_resv_region(struct iommu_resv_region *new, 433 struct list_head *regions) 434 { 435 struct iommu_resv_region *iter, *tmp, *nr, *top; 436 LIST_HEAD(stack); 437 438 nr = iommu_alloc_resv_region(new->start, new->length, 439 new->prot, new->type); 440 if (!nr) 441 return -ENOMEM; 442 443 /* First add the new element based on start address sorting */ 444 list_for_each_entry(iter, regions, list) { 445 if (nr->start < iter->start || 446 (nr->start == iter->start && nr->type <= iter->type)) 447 break; 448 } 449 list_add_tail(&nr->list, &iter->list); 450 451 /* Merge overlapping segments of type nr->type in @regions, if any */ 452 list_for_each_entry_safe(iter, tmp, regions, list) { 453 phys_addr_t top_end, iter_end = iter->start + iter->length - 1; 454 455 /* no merge needed on elements of different types than @new */ 456 if (iter->type != new->type) { 457 list_move_tail(&iter->list, &stack); 458 continue; 459 } 460 461 /* look for the last stack element of same type as @iter */ 462 list_for_each_entry_reverse(top, &stack, list) 463 if (top->type == iter->type) 464 goto check_overlap; 465 466 list_move_tail(&iter->list, &stack); 467 continue; 468 469 check_overlap: 470 top_end = top->start + top->length - 1; 471 472 if (iter->start > top_end + 1) { 473 list_move_tail(&iter->list, &stack); 474 } else { 475 top->length = max(top_end, iter_end) - top->start + 1; 476 list_del(&iter->list); 477 kfree(iter); 478 } 479 } 480 list_splice(&stack, regions); 481 return 0; 482 } 483 484 static int 485 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions, 486 struct list_head *group_resv_regions) 487 { 488 struct iommu_resv_region *entry; 489 int ret = 0; 490 491 list_for_each_entry(entry, dev_resv_regions, list) { 492 ret = iommu_insert_resv_region(entry, group_resv_regions); 493 if (ret) 494 break; 495 } 496 return ret; 497 } 498 499 int iommu_get_group_resv_regions(struct iommu_group *group, 500 struct list_head *head) 501 { 502 struct group_device *device; 503 int ret = 0; 504 505 mutex_lock(&group->mutex); 506 list_for_each_entry(device, &group->devices, list) { 507 struct list_head dev_resv_regions; 508 509 INIT_LIST_HEAD(&dev_resv_regions); 510 iommu_get_resv_regions(device->dev, &dev_resv_regions); 511 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head); 512 iommu_put_resv_regions(device->dev, &dev_resv_regions); 513 if (ret) 514 break; 515 } 516 mutex_unlock(&group->mutex); 517 return ret; 518 } 519 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions); 520 521 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group, 522 char *buf) 523 { 524 struct iommu_resv_region *region, *next; 525 struct list_head group_resv_regions; 526 char *str = buf; 527 528 INIT_LIST_HEAD(&group_resv_regions); 529 iommu_get_group_resv_regions(group, &group_resv_regions); 530 531 list_for_each_entry_safe(region, next, &group_resv_regions, list) { 532 str += sprintf(str, "0x%016llx 0x%016llx %s\n", 533 (long long int)region->start, 534 (long long int)(region->start + 535 region->length - 1), 536 iommu_group_resv_type_string[region->type]); 537 kfree(region); 538 } 539 540 return (str - buf); 541 } 542 543 static ssize_t iommu_group_show_type(struct iommu_group *group, 544 char *buf) 545 { 546 char *type = "unknown\n"; 547 548 mutex_lock(&group->mutex); 549 if (group->default_domain) { 550 switch (group->default_domain->type) { 551 case IOMMU_DOMAIN_BLOCKED: 552 type = "blocked\n"; 553 break; 554 case IOMMU_DOMAIN_IDENTITY: 555 type = "identity\n"; 556 break; 557 case IOMMU_DOMAIN_UNMANAGED: 558 type = "unmanaged\n"; 559 break; 560 case IOMMU_DOMAIN_DMA: 561 type = "DMA\n"; 562 break; 563 case IOMMU_DOMAIN_DMA_FQ: 564 type = "DMA-FQ\n"; 565 break; 566 } 567 } 568 mutex_unlock(&group->mutex); 569 strcpy(buf, type); 570 571 return strlen(type); 572 } 573 574 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL); 575 576 static IOMMU_GROUP_ATTR(reserved_regions, 0444, 577 iommu_group_show_resv_regions, NULL); 578 579 static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type, 580 iommu_group_store_type); 581 582 static void iommu_group_release(struct kobject *kobj) 583 { 584 struct iommu_group *group = to_iommu_group(kobj); 585 586 pr_debug("Releasing group %d\n", group->id); 587 588 if (group->iommu_data_release) 589 group->iommu_data_release(group->iommu_data); 590 591 ida_simple_remove(&iommu_group_ida, group->id); 592 593 if (group->default_domain) 594 iommu_domain_free(group->default_domain); 595 596 kfree(group->name); 597 kfree(group); 598 } 599 600 static struct kobj_type iommu_group_ktype = { 601 .sysfs_ops = &iommu_group_sysfs_ops, 602 .release = iommu_group_release, 603 }; 604 605 /** 606 * iommu_group_alloc - Allocate a new group 607 * 608 * This function is called by an iommu driver to allocate a new iommu 609 * group. The iommu group represents the minimum granularity of the iommu. 610 * Upon successful return, the caller holds a reference to the supplied 611 * group in order to hold the group until devices are added. Use 612 * iommu_group_put() to release this extra reference count, allowing the 613 * group to be automatically reclaimed once it has no devices or external 614 * references. 615 */ 616 struct iommu_group *iommu_group_alloc(void) 617 { 618 struct iommu_group *group; 619 int ret; 620 621 group = kzalloc(sizeof(*group), GFP_KERNEL); 622 if (!group) 623 return ERR_PTR(-ENOMEM); 624 625 group->kobj.kset = iommu_group_kset; 626 mutex_init(&group->mutex); 627 INIT_LIST_HEAD(&group->devices); 628 INIT_LIST_HEAD(&group->entry); 629 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier); 630 631 ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL); 632 if (ret < 0) { 633 kfree(group); 634 return ERR_PTR(ret); 635 } 636 group->id = ret; 637 638 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype, 639 NULL, "%d", group->id); 640 if (ret) { 641 ida_simple_remove(&iommu_group_ida, group->id); 642 kobject_put(&group->kobj); 643 return ERR_PTR(ret); 644 } 645 646 group->devices_kobj = kobject_create_and_add("devices", &group->kobj); 647 if (!group->devices_kobj) { 648 kobject_put(&group->kobj); /* triggers .release & free */ 649 return ERR_PTR(-ENOMEM); 650 } 651 652 /* 653 * The devices_kobj holds a reference on the group kobject, so 654 * as long as that exists so will the group. We can therefore 655 * use the devices_kobj for reference counting. 656 */ 657 kobject_put(&group->kobj); 658 659 ret = iommu_group_create_file(group, 660 &iommu_group_attr_reserved_regions); 661 if (ret) 662 return ERR_PTR(ret); 663 664 ret = iommu_group_create_file(group, &iommu_group_attr_type); 665 if (ret) 666 return ERR_PTR(ret); 667 668 pr_debug("Allocated group %d\n", group->id); 669 670 return group; 671 } 672 EXPORT_SYMBOL_GPL(iommu_group_alloc); 673 674 struct iommu_group *iommu_group_get_by_id(int id) 675 { 676 struct kobject *group_kobj; 677 struct iommu_group *group; 678 const char *name; 679 680 if (!iommu_group_kset) 681 return NULL; 682 683 name = kasprintf(GFP_KERNEL, "%d", id); 684 if (!name) 685 return NULL; 686 687 group_kobj = kset_find_obj(iommu_group_kset, name); 688 kfree(name); 689 690 if (!group_kobj) 691 return NULL; 692 693 group = container_of(group_kobj, struct iommu_group, kobj); 694 BUG_ON(group->id != id); 695 696 kobject_get(group->devices_kobj); 697 kobject_put(&group->kobj); 698 699 return group; 700 } 701 EXPORT_SYMBOL_GPL(iommu_group_get_by_id); 702 703 /** 704 * iommu_group_get_iommudata - retrieve iommu_data registered for a group 705 * @group: the group 706 * 707 * iommu drivers can store data in the group for use when doing iommu 708 * operations. This function provides a way to retrieve it. Caller 709 * should hold a group reference. 710 */ 711 void *iommu_group_get_iommudata(struct iommu_group *group) 712 { 713 return group->iommu_data; 714 } 715 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata); 716 717 /** 718 * iommu_group_set_iommudata - set iommu_data for a group 719 * @group: the group 720 * @iommu_data: new data 721 * @release: release function for iommu_data 722 * 723 * iommu drivers can store data in the group for use when doing iommu 724 * operations. This function provides a way to set the data after 725 * the group has been allocated. Caller should hold a group reference. 726 */ 727 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data, 728 void (*release)(void *iommu_data)) 729 { 730 group->iommu_data = iommu_data; 731 group->iommu_data_release = release; 732 } 733 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata); 734 735 /** 736 * iommu_group_set_name - set name for a group 737 * @group: the group 738 * @name: name 739 * 740 * Allow iommu driver to set a name for a group. When set it will 741 * appear in a name attribute file under the group in sysfs. 742 */ 743 int iommu_group_set_name(struct iommu_group *group, const char *name) 744 { 745 int ret; 746 747 if (group->name) { 748 iommu_group_remove_file(group, &iommu_group_attr_name); 749 kfree(group->name); 750 group->name = NULL; 751 if (!name) 752 return 0; 753 } 754 755 group->name = kstrdup(name, GFP_KERNEL); 756 if (!group->name) 757 return -ENOMEM; 758 759 ret = iommu_group_create_file(group, &iommu_group_attr_name); 760 if (ret) { 761 kfree(group->name); 762 group->name = NULL; 763 return ret; 764 } 765 766 return 0; 767 } 768 EXPORT_SYMBOL_GPL(iommu_group_set_name); 769 770 static int iommu_create_device_direct_mappings(struct iommu_group *group, 771 struct device *dev) 772 { 773 struct iommu_domain *domain = group->default_domain; 774 struct iommu_resv_region *entry; 775 struct list_head mappings; 776 unsigned long pg_size; 777 int ret = 0; 778 779 if (!domain || !iommu_is_dma_domain(domain)) 780 return 0; 781 782 BUG_ON(!domain->pgsize_bitmap); 783 784 pg_size = 1UL << __ffs(domain->pgsize_bitmap); 785 INIT_LIST_HEAD(&mappings); 786 787 iommu_get_resv_regions(dev, &mappings); 788 789 /* We need to consider overlapping regions for different devices */ 790 list_for_each_entry(entry, &mappings, list) { 791 dma_addr_t start, end, addr; 792 size_t map_size = 0; 793 794 start = ALIGN(entry->start, pg_size); 795 end = ALIGN(entry->start + entry->length, pg_size); 796 797 if (entry->type != IOMMU_RESV_DIRECT && 798 entry->type != IOMMU_RESV_DIRECT_RELAXABLE) 799 continue; 800 801 for (addr = start; addr <= end; addr += pg_size) { 802 phys_addr_t phys_addr; 803 804 if (addr == end) 805 goto map_end; 806 807 phys_addr = iommu_iova_to_phys(domain, addr); 808 if (!phys_addr) { 809 map_size += pg_size; 810 continue; 811 } 812 813 map_end: 814 if (map_size) { 815 ret = iommu_map(domain, addr - map_size, 816 addr - map_size, map_size, 817 entry->prot); 818 if (ret) 819 goto out; 820 map_size = 0; 821 } 822 } 823 824 } 825 826 iommu_flush_iotlb_all(domain); 827 828 out: 829 iommu_put_resv_regions(dev, &mappings); 830 831 return ret; 832 } 833 834 static bool iommu_is_attach_deferred(struct device *dev) 835 { 836 const struct iommu_ops *ops = dev_iommu_ops(dev); 837 838 if (ops->is_attach_deferred) 839 return ops->is_attach_deferred(dev); 840 841 return false; 842 } 843 844 /** 845 * iommu_group_add_device - add a device to an iommu group 846 * @group: the group into which to add the device (reference should be held) 847 * @dev: the device 848 * 849 * This function is called by an iommu driver to add a device into a 850 * group. Adding a device increments the group reference count. 851 */ 852 int iommu_group_add_device(struct iommu_group *group, struct device *dev) 853 { 854 int ret, i = 0; 855 struct group_device *device; 856 857 device = kzalloc(sizeof(*device), GFP_KERNEL); 858 if (!device) 859 return -ENOMEM; 860 861 device->dev = dev; 862 863 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group"); 864 if (ret) 865 goto err_free_device; 866 867 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj)); 868 rename: 869 if (!device->name) { 870 ret = -ENOMEM; 871 goto err_remove_link; 872 } 873 874 ret = sysfs_create_link_nowarn(group->devices_kobj, 875 &dev->kobj, device->name); 876 if (ret) { 877 if (ret == -EEXIST && i >= 0) { 878 /* 879 * Account for the slim chance of collision 880 * and append an instance to the name. 881 */ 882 kfree(device->name); 883 device->name = kasprintf(GFP_KERNEL, "%s.%d", 884 kobject_name(&dev->kobj), i++); 885 goto rename; 886 } 887 goto err_free_name; 888 } 889 890 kobject_get(group->devices_kobj); 891 892 dev->iommu_group = group; 893 894 mutex_lock(&group->mutex); 895 list_add_tail(&device->list, &group->devices); 896 if (group->domain && !iommu_is_attach_deferred(dev)) 897 ret = __iommu_attach_device(group->domain, dev); 898 mutex_unlock(&group->mutex); 899 if (ret) 900 goto err_put_group; 901 902 /* Notify any listeners about change to group. */ 903 blocking_notifier_call_chain(&group->notifier, 904 IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev); 905 906 trace_add_device_to_group(group->id, dev); 907 908 dev_info(dev, "Adding to iommu group %d\n", group->id); 909 910 return 0; 911 912 err_put_group: 913 mutex_lock(&group->mutex); 914 list_del(&device->list); 915 mutex_unlock(&group->mutex); 916 dev->iommu_group = NULL; 917 kobject_put(group->devices_kobj); 918 sysfs_remove_link(group->devices_kobj, device->name); 919 err_free_name: 920 kfree(device->name); 921 err_remove_link: 922 sysfs_remove_link(&dev->kobj, "iommu_group"); 923 err_free_device: 924 kfree(device); 925 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret); 926 return ret; 927 } 928 EXPORT_SYMBOL_GPL(iommu_group_add_device); 929 930 /** 931 * iommu_group_remove_device - remove a device from it's current group 932 * @dev: device to be removed 933 * 934 * This function is called by an iommu driver to remove the device from 935 * it's current group. This decrements the iommu group reference count. 936 */ 937 void iommu_group_remove_device(struct device *dev) 938 { 939 struct iommu_group *group = dev->iommu_group; 940 struct group_device *tmp_device, *device = NULL; 941 942 if (!group) 943 return; 944 945 dev_info(dev, "Removing from iommu group %d\n", group->id); 946 947 /* Pre-notify listeners that a device is being removed. */ 948 blocking_notifier_call_chain(&group->notifier, 949 IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev); 950 951 mutex_lock(&group->mutex); 952 list_for_each_entry(tmp_device, &group->devices, list) { 953 if (tmp_device->dev == dev) { 954 device = tmp_device; 955 list_del(&device->list); 956 break; 957 } 958 } 959 mutex_unlock(&group->mutex); 960 961 if (!device) 962 return; 963 964 sysfs_remove_link(group->devices_kobj, device->name); 965 sysfs_remove_link(&dev->kobj, "iommu_group"); 966 967 trace_remove_device_from_group(group->id, dev); 968 969 kfree(device->name); 970 kfree(device); 971 dev->iommu_group = NULL; 972 kobject_put(group->devices_kobj); 973 } 974 EXPORT_SYMBOL_GPL(iommu_group_remove_device); 975 976 static int iommu_group_device_count(struct iommu_group *group) 977 { 978 struct group_device *entry; 979 int ret = 0; 980 981 list_for_each_entry(entry, &group->devices, list) 982 ret++; 983 984 return ret; 985 } 986 987 static int __iommu_group_for_each_dev(struct iommu_group *group, void *data, 988 int (*fn)(struct device *, void *)) 989 { 990 struct group_device *device; 991 int ret = 0; 992 993 list_for_each_entry(device, &group->devices, list) { 994 ret = fn(device->dev, data); 995 if (ret) 996 break; 997 } 998 return ret; 999 } 1000 1001 /** 1002 * iommu_group_for_each_dev - iterate over each device in the group 1003 * @group: the group 1004 * @data: caller opaque data to be passed to callback function 1005 * @fn: caller supplied callback function 1006 * 1007 * This function is called by group users to iterate over group devices. 1008 * Callers should hold a reference count to the group during callback. 1009 * The group->mutex is held across callbacks, which will block calls to 1010 * iommu_group_add/remove_device. 1011 */ 1012 int iommu_group_for_each_dev(struct iommu_group *group, void *data, 1013 int (*fn)(struct device *, void *)) 1014 { 1015 int ret; 1016 1017 mutex_lock(&group->mutex); 1018 ret = __iommu_group_for_each_dev(group, data, fn); 1019 mutex_unlock(&group->mutex); 1020 1021 return ret; 1022 } 1023 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev); 1024 1025 /** 1026 * iommu_group_get - Return the group for a device and increment reference 1027 * @dev: get the group that this device belongs to 1028 * 1029 * This function is called by iommu drivers and users to get the group 1030 * for the specified device. If found, the group is returned and the group 1031 * reference in incremented, else NULL. 1032 */ 1033 struct iommu_group *iommu_group_get(struct device *dev) 1034 { 1035 struct iommu_group *group = dev->iommu_group; 1036 1037 if (group) 1038 kobject_get(group->devices_kobj); 1039 1040 return group; 1041 } 1042 EXPORT_SYMBOL_GPL(iommu_group_get); 1043 1044 /** 1045 * iommu_group_ref_get - Increment reference on a group 1046 * @group: the group to use, must not be NULL 1047 * 1048 * This function is called by iommu drivers to take additional references on an 1049 * existing group. Returns the given group for convenience. 1050 */ 1051 struct iommu_group *iommu_group_ref_get(struct iommu_group *group) 1052 { 1053 kobject_get(group->devices_kobj); 1054 return group; 1055 } 1056 EXPORT_SYMBOL_GPL(iommu_group_ref_get); 1057 1058 /** 1059 * iommu_group_put - Decrement group reference 1060 * @group: the group to use 1061 * 1062 * This function is called by iommu drivers and users to release the 1063 * iommu group. Once the reference count is zero, the group is released. 1064 */ 1065 void iommu_group_put(struct iommu_group *group) 1066 { 1067 if (group) 1068 kobject_put(group->devices_kobj); 1069 } 1070 EXPORT_SYMBOL_GPL(iommu_group_put); 1071 1072 /** 1073 * iommu_group_register_notifier - Register a notifier for group changes 1074 * @group: the group to watch 1075 * @nb: notifier block to signal 1076 * 1077 * This function allows iommu group users to track changes in a group. 1078 * See include/linux/iommu.h for actions sent via this notifier. Caller 1079 * should hold a reference to the group throughout notifier registration. 1080 */ 1081 int iommu_group_register_notifier(struct iommu_group *group, 1082 struct notifier_block *nb) 1083 { 1084 return blocking_notifier_chain_register(&group->notifier, nb); 1085 } 1086 EXPORT_SYMBOL_GPL(iommu_group_register_notifier); 1087 1088 /** 1089 * iommu_group_unregister_notifier - Unregister a notifier 1090 * @group: the group to watch 1091 * @nb: notifier block to signal 1092 * 1093 * Unregister a previously registered group notifier block. 1094 */ 1095 int iommu_group_unregister_notifier(struct iommu_group *group, 1096 struct notifier_block *nb) 1097 { 1098 return blocking_notifier_chain_unregister(&group->notifier, nb); 1099 } 1100 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier); 1101 1102 /** 1103 * iommu_register_device_fault_handler() - Register a device fault handler 1104 * @dev: the device 1105 * @handler: the fault handler 1106 * @data: private data passed as argument to the handler 1107 * 1108 * When an IOMMU fault event is received, this handler gets called with the 1109 * fault event and data as argument. The handler should return 0 on success. If 1110 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also 1111 * complete the fault by calling iommu_page_response() with one of the following 1112 * response code: 1113 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation 1114 * - IOMMU_PAGE_RESP_INVALID: terminate the fault 1115 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting 1116 * page faults if possible. 1117 * 1118 * Return 0 if the fault handler was installed successfully, or an error. 1119 */ 1120 int iommu_register_device_fault_handler(struct device *dev, 1121 iommu_dev_fault_handler_t handler, 1122 void *data) 1123 { 1124 struct dev_iommu *param = dev->iommu; 1125 int ret = 0; 1126 1127 if (!param) 1128 return -EINVAL; 1129 1130 mutex_lock(¶m->lock); 1131 /* Only allow one fault handler registered for each device */ 1132 if (param->fault_param) { 1133 ret = -EBUSY; 1134 goto done_unlock; 1135 } 1136 1137 get_device(dev); 1138 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL); 1139 if (!param->fault_param) { 1140 put_device(dev); 1141 ret = -ENOMEM; 1142 goto done_unlock; 1143 } 1144 param->fault_param->handler = handler; 1145 param->fault_param->data = data; 1146 mutex_init(¶m->fault_param->lock); 1147 INIT_LIST_HEAD(¶m->fault_param->faults); 1148 1149 done_unlock: 1150 mutex_unlock(¶m->lock); 1151 1152 return ret; 1153 } 1154 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler); 1155 1156 /** 1157 * iommu_unregister_device_fault_handler() - Unregister the device fault handler 1158 * @dev: the device 1159 * 1160 * Remove the device fault handler installed with 1161 * iommu_register_device_fault_handler(). 1162 * 1163 * Return 0 on success, or an error. 1164 */ 1165 int iommu_unregister_device_fault_handler(struct device *dev) 1166 { 1167 struct dev_iommu *param = dev->iommu; 1168 int ret = 0; 1169 1170 if (!param) 1171 return -EINVAL; 1172 1173 mutex_lock(¶m->lock); 1174 1175 if (!param->fault_param) 1176 goto unlock; 1177 1178 /* we cannot unregister handler if there are pending faults */ 1179 if (!list_empty(¶m->fault_param->faults)) { 1180 ret = -EBUSY; 1181 goto unlock; 1182 } 1183 1184 kfree(param->fault_param); 1185 param->fault_param = NULL; 1186 put_device(dev); 1187 unlock: 1188 mutex_unlock(¶m->lock); 1189 1190 return ret; 1191 } 1192 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler); 1193 1194 /** 1195 * iommu_report_device_fault() - Report fault event to device driver 1196 * @dev: the device 1197 * @evt: fault event data 1198 * 1199 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ 1200 * handler. When this function fails and the fault is recoverable, it is the 1201 * caller's responsibility to complete the fault. 1202 * 1203 * Return 0 on success, or an error. 1204 */ 1205 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt) 1206 { 1207 struct dev_iommu *param = dev->iommu; 1208 struct iommu_fault_event *evt_pending = NULL; 1209 struct iommu_fault_param *fparam; 1210 int ret = 0; 1211 1212 if (!param || !evt) 1213 return -EINVAL; 1214 1215 /* we only report device fault if there is a handler registered */ 1216 mutex_lock(¶m->lock); 1217 fparam = param->fault_param; 1218 if (!fparam || !fparam->handler) { 1219 ret = -EINVAL; 1220 goto done_unlock; 1221 } 1222 1223 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ && 1224 (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) { 1225 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event), 1226 GFP_KERNEL); 1227 if (!evt_pending) { 1228 ret = -ENOMEM; 1229 goto done_unlock; 1230 } 1231 mutex_lock(&fparam->lock); 1232 list_add_tail(&evt_pending->list, &fparam->faults); 1233 mutex_unlock(&fparam->lock); 1234 } 1235 1236 ret = fparam->handler(&evt->fault, fparam->data); 1237 if (ret && evt_pending) { 1238 mutex_lock(&fparam->lock); 1239 list_del(&evt_pending->list); 1240 mutex_unlock(&fparam->lock); 1241 kfree(evt_pending); 1242 } 1243 done_unlock: 1244 mutex_unlock(¶m->lock); 1245 return ret; 1246 } 1247 EXPORT_SYMBOL_GPL(iommu_report_device_fault); 1248 1249 int iommu_page_response(struct device *dev, 1250 struct iommu_page_response *msg) 1251 { 1252 bool needs_pasid; 1253 int ret = -EINVAL; 1254 struct iommu_fault_event *evt; 1255 struct iommu_fault_page_request *prm; 1256 struct dev_iommu *param = dev->iommu; 1257 const struct iommu_ops *ops = dev_iommu_ops(dev); 1258 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID; 1259 1260 if (!ops->page_response) 1261 return -ENODEV; 1262 1263 if (!param || !param->fault_param) 1264 return -EINVAL; 1265 1266 if (msg->version != IOMMU_PAGE_RESP_VERSION_1 || 1267 msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID) 1268 return -EINVAL; 1269 1270 /* Only send response if there is a fault report pending */ 1271 mutex_lock(¶m->fault_param->lock); 1272 if (list_empty(¶m->fault_param->faults)) { 1273 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n"); 1274 goto done_unlock; 1275 } 1276 /* 1277 * Check if we have a matching page request pending to respond, 1278 * otherwise return -EINVAL 1279 */ 1280 list_for_each_entry(evt, ¶m->fault_param->faults, list) { 1281 prm = &evt->fault.prm; 1282 if (prm->grpid != msg->grpid) 1283 continue; 1284 1285 /* 1286 * If the PASID is required, the corresponding request is 1287 * matched using the group ID, the PASID valid bit and the PASID 1288 * value. Otherwise only the group ID matches request and 1289 * response. 1290 */ 1291 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID; 1292 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid)) 1293 continue; 1294 1295 if (!needs_pasid && has_pasid) { 1296 /* No big deal, just clear it. */ 1297 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID; 1298 msg->pasid = 0; 1299 } 1300 1301 ret = ops->page_response(dev, evt, msg); 1302 list_del(&evt->list); 1303 kfree(evt); 1304 break; 1305 } 1306 1307 done_unlock: 1308 mutex_unlock(¶m->fault_param->lock); 1309 return ret; 1310 } 1311 EXPORT_SYMBOL_GPL(iommu_page_response); 1312 1313 /** 1314 * iommu_group_id - Return ID for a group 1315 * @group: the group to ID 1316 * 1317 * Return the unique ID for the group matching the sysfs group number. 1318 */ 1319 int iommu_group_id(struct iommu_group *group) 1320 { 1321 return group->id; 1322 } 1323 EXPORT_SYMBOL_GPL(iommu_group_id); 1324 1325 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1326 unsigned long *devfns); 1327 1328 /* 1329 * To consider a PCI device isolated, we require ACS to support Source 1330 * Validation, Request Redirection, Completer Redirection, and Upstream 1331 * Forwarding. This effectively means that devices cannot spoof their 1332 * requester ID, requests and completions cannot be redirected, and all 1333 * transactions are forwarded upstream, even as it passes through a 1334 * bridge where the target device is downstream. 1335 */ 1336 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF) 1337 1338 /* 1339 * For multifunction devices which are not isolated from each other, find 1340 * all the other non-isolated functions and look for existing groups. For 1341 * each function, we also need to look for aliases to or from other devices 1342 * that may already have a group. 1343 */ 1344 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev, 1345 unsigned long *devfns) 1346 { 1347 struct pci_dev *tmp = NULL; 1348 struct iommu_group *group; 1349 1350 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS)) 1351 return NULL; 1352 1353 for_each_pci_dev(tmp) { 1354 if (tmp == pdev || tmp->bus != pdev->bus || 1355 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) || 1356 pci_acs_enabled(tmp, REQ_ACS_FLAGS)) 1357 continue; 1358 1359 group = get_pci_alias_group(tmp, devfns); 1360 if (group) { 1361 pci_dev_put(tmp); 1362 return group; 1363 } 1364 } 1365 1366 return NULL; 1367 } 1368 1369 /* 1370 * Look for aliases to or from the given device for existing groups. DMA 1371 * aliases are only supported on the same bus, therefore the search 1372 * space is quite small (especially since we're really only looking at pcie 1373 * device, and therefore only expect multiple slots on the root complex or 1374 * downstream switch ports). It's conceivable though that a pair of 1375 * multifunction devices could have aliases between them that would cause a 1376 * loop. To prevent this, we use a bitmap to track where we've been. 1377 */ 1378 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev, 1379 unsigned long *devfns) 1380 { 1381 struct pci_dev *tmp = NULL; 1382 struct iommu_group *group; 1383 1384 if (test_and_set_bit(pdev->devfn & 0xff, devfns)) 1385 return NULL; 1386 1387 group = iommu_group_get(&pdev->dev); 1388 if (group) 1389 return group; 1390 1391 for_each_pci_dev(tmp) { 1392 if (tmp == pdev || tmp->bus != pdev->bus) 1393 continue; 1394 1395 /* We alias them or they alias us */ 1396 if (pci_devs_are_dma_aliases(pdev, tmp)) { 1397 group = get_pci_alias_group(tmp, devfns); 1398 if (group) { 1399 pci_dev_put(tmp); 1400 return group; 1401 } 1402 1403 group = get_pci_function_alias_group(tmp, devfns); 1404 if (group) { 1405 pci_dev_put(tmp); 1406 return group; 1407 } 1408 } 1409 } 1410 1411 return NULL; 1412 } 1413 1414 struct group_for_pci_data { 1415 struct pci_dev *pdev; 1416 struct iommu_group *group; 1417 }; 1418 1419 /* 1420 * DMA alias iterator callback, return the last seen device. Stop and return 1421 * the IOMMU group if we find one along the way. 1422 */ 1423 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque) 1424 { 1425 struct group_for_pci_data *data = opaque; 1426 1427 data->pdev = pdev; 1428 data->group = iommu_group_get(&pdev->dev); 1429 1430 return data->group != NULL; 1431 } 1432 1433 /* 1434 * Generic device_group call-back function. It just allocates one 1435 * iommu-group per device. 1436 */ 1437 struct iommu_group *generic_device_group(struct device *dev) 1438 { 1439 return iommu_group_alloc(); 1440 } 1441 EXPORT_SYMBOL_GPL(generic_device_group); 1442 1443 /* 1444 * Use standard PCI bus topology, isolation features, and DMA alias quirks 1445 * to find or create an IOMMU group for a device. 1446 */ 1447 struct iommu_group *pci_device_group(struct device *dev) 1448 { 1449 struct pci_dev *pdev = to_pci_dev(dev); 1450 struct group_for_pci_data data; 1451 struct pci_bus *bus; 1452 struct iommu_group *group = NULL; 1453 u64 devfns[4] = { 0 }; 1454 1455 if (WARN_ON(!dev_is_pci(dev))) 1456 return ERR_PTR(-EINVAL); 1457 1458 /* 1459 * Find the upstream DMA alias for the device. A device must not 1460 * be aliased due to topology in order to have its own IOMMU group. 1461 * If we find an alias along the way that already belongs to a 1462 * group, use it. 1463 */ 1464 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data)) 1465 return data.group; 1466 1467 pdev = data.pdev; 1468 1469 /* 1470 * Continue upstream from the point of minimum IOMMU granularity 1471 * due to aliases to the point where devices are protected from 1472 * peer-to-peer DMA by PCI ACS. Again, if we find an existing 1473 * group, use it. 1474 */ 1475 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) { 1476 if (!bus->self) 1477 continue; 1478 1479 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS)) 1480 break; 1481 1482 pdev = bus->self; 1483 1484 group = iommu_group_get(&pdev->dev); 1485 if (group) 1486 return group; 1487 } 1488 1489 /* 1490 * Look for existing groups on device aliases. If we alias another 1491 * device or another device aliases us, use the same group. 1492 */ 1493 group = get_pci_alias_group(pdev, (unsigned long *)devfns); 1494 if (group) 1495 return group; 1496 1497 /* 1498 * Look for existing groups on non-isolated functions on the same 1499 * slot and aliases of those funcions, if any. No need to clear 1500 * the search bitmap, the tested devfns are still valid. 1501 */ 1502 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns); 1503 if (group) 1504 return group; 1505 1506 /* No shared group found, allocate new */ 1507 return iommu_group_alloc(); 1508 } 1509 EXPORT_SYMBOL_GPL(pci_device_group); 1510 1511 /* Get the IOMMU group for device on fsl-mc bus */ 1512 struct iommu_group *fsl_mc_device_group(struct device *dev) 1513 { 1514 struct device *cont_dev = fsl_mc_cont_dev(dev); 1515 struct iommu_group *group; 1516 1517 group = iommu_group_get(cont_dev); 1518 if (!group) 1519 group = iommu_group_alloc(); 1520 return group; 1521 } 1522 EXPORT_SYMBOL_GPL(fsl_mc_device_group); 1523 1524 static int iommu_get_def_domain_type(struct device *dev) 1525 { 1526 const struct iommu_ops *ops = dev_iommu_ops(dev); 1527 1528 if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted) 1529 return IOMMU_DOMAIN_DMA; 1530 1531 if (ops->def_domain_type) 1532 return ops->def_domain_type(dev); 1533 1534 return 0; 1535 } 1536 1537 static int iommu_group_alloc_default_domain(struct bus_type *bus, 1538 struct iommu_group *group, 1539 unsigned int type) 1540 { 1541 struct iommu_domain *dom; 1542 1543 dom = __iommu_domain_alloc(bus, type); 1544 if (!dom && type != IOMMU_DOMAIN_DMA) { 1545 dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA); 1546 if (dom) 1547 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA", 1548 type, group->name); 1549 } 1550 1551 if (!dom) 1552 return -ENOMEM; 1553 1554 group->default_domain = dom; 1555 if (!group->domain) 1556 group->domain = dom; 1557 return 0; 1558 } 1559 1560 static int iommu_alloc_default_domain(struct iommu_group *group, 1561 struct device *dev) 1562 { 1563 unsigned int type; 1564 1565 if (group->default_domain) 1566 return 0; 1567 1568 type = iommu_get_def_domain_type(dev) ? : iommu_def_domain_type; 1569 1570 return iommu_group_alloc_default_domain(dev->bus, group, type); 1571 } 1572 1573 /** 1574 * iommu_group_get_for_dev - Find or create the IOMMU group for a device 1575 * @dev: target device 1576 * 1577 * This function is intended to be called by IOMMU drivers and extended to 1578 * support common, bus-defined algorithms when determining or creating the 1579 * IOMMU group for a device. On success, the caller will hold a reference 1580 * to the returned IOMMU group, which will already include the provided 1581 * device. The reference should be released with iommu_group_put(). 1582 */ 1583 static struct iommu_group *iommu_group_get_for_dev(struct device *dev) 1584 { 1585 const struct iommu_ops *ops = dev_iommu_ops(dev); 1586 struct iommu_group *group; 1587 int ret; 1588 1589 group = iommu_group_get(dev); 1590 if (group) 1591 return group; 1592 1593 group = ops->device_group(dev); 1594 if (WARN_ON_ONCE(group == NULL)) 1595 return ERR_PTR(-EINVAL); 1596 1597 if (IS_ERR(group)) 1598 return group; 1599 1600 ret = iommu_group_add_device(group, dev); 1601 if (ret) 1602 goto out_put_group; 1603 1604 return group; 1605 1606 out_put_group: 1607 iommu_group_put(group); 1608 1609 return ERR_PTR(ret); 1610 } 1611 1612 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group) 1613 { 1614 return group->default_domain; 1615 } 1616 1617 static int probe_iommu_group(struct device *dev, void *data) 1618 { 1619 struct list_head *group_list = data; 1620 struct iommu_group *group; 1621 int ret; 1622 1623 /* Device is probed already if in a group */ 1624 group = iommu_group_get(dev); 1625 if (group) { 1626 iommu_group_put(group); 1627 return 0; 1628 } 1629 1630 ret = __iommu_probe_device(dev, group_list); 1631 if (ret == -ENODEV) 1632 ret = 0; 1633 1634 return ret; 1635 } 1636 1637 static int remove_iommu_group(struct device *dev, void *data) 1638 { 1639 iommu_release_device(dev); 1640 1641 return 0; 1642 } 1643 1644 static int iommu_bus_notifier(struct notifier_block *nb, 1645 unsigned long action, void *data) 1646 { 1647 unsigned long group_action = 0; 1648 struct device *dev = data; 1649 struct iommu_group *group; 1650 1651 /* 1652 * ADD/DEL call into iommu driver ops if provided, which may 1653 * result in ADD/DEL notifiers to group->notifier 1654 */ 1655 if (action == BUS_NOTIFY_ADD_DEVICE) { 1656 int ret; 1657 1658 ret = iommu_probe_device(dev); 1659 return (ret) ? NOTIFY_DONE : NOTIFY_OK; 1660 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) { 1661 iommu_release_device(dev); 1662 return NOTIFY_OK; 1663 } 1664 1665 /* 1666 * Remaining BUS_NOTIFYs get filtered and republished to the 1667 * group, if anyone is listening 1668 */ 1669 group = iommu_group_get(dev); 1670 if (!group) 1671 return 0; 1672 1673 switch (action) { 1674 case BUS_NOTIFY_BIND_DRIVER: 1675 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER; 1676 break; 1677 case BUS_NOTIFY_BOUND_DRIVER: 1678 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER; 1679 break; 1680 case BUS_NOTIFY_UNBIND_DRIVER: 1681 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER; 1682 break; 1683 case BUS_NOTIFY_UNBOUND_DRIVER: 1684 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER; 1685 break; 1686 } 1687 1688 if (group_action) 1689 blocking_notifier_call_chain(&group->notifier, 1690 group_action, dev); 1691 1692 iommu_group_put(group); 1693 return 0; 1694 } 1695 1696 struct __group_domain_type { 1697 struct device *dev; 1698 unsigned int type; 1699 }; 1700 1701 static int probe_get_default_domain_type(struct device *dev, void *data) 1702 { 1703 struct __group_domain_type *gtype = data; 1704 unsigned int type = iommu_get_def_domain_type(dev); 1705 1706 if (type) { 1707 if (gtype->type && gtype->type != type) { 1708 dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n", 1709 iommu_domain_type_str(type), 1710 dev_name(gtype->dev), 1711 iommu_domain_type_str(gtype->type)); 1712 gtype->type = 0; 1713 } 1714 1715 if (!gtype->dev) { 1716 gtype->dev = dev; 1717 gtype->type = type; 1718 } 1719 } 1720 1721 return 0; 1722 } 1723 1724 static void probe_alloc_default_domain(struct bus_type *bus, 1725 struct iommu_group *group) 1726 { 1727 struct __group_domain_type gtype; 1728 1729 memset(>ype, 0, sizeof(gtype)); 1730 1731 /* Ask for default domain requirements of all devices in the group */ 1732 __iommu_group_for_each_dev(group, >ype, 1733 probe_get_default_domain_type); 1734 1735 if (!gtype.type) 1736 gtype.type = iommu_def_domain_type; 1737 1738 iommu_group_alloc_default_domain(bus, group, gtype.type); 1739 1740 } 1741 1742 static int iommu_group_do_dma_attach(struct device *dev, void *data) 1743 { 1744 struct iommu_domain *domain = data; 1745 int ret = 0; 1746 1747 if (!iommu_is_attach_deferred(dev)) 1748 ret = __iommu_attach_device(domain, dev); 1749 1750 return ret; 1751 } 1752 1753 static int __iommu_group_dma_attach(struct iommu_group *group) 1754 { 1755 return __iommu_group_for_each_dev(group, group->default_domain, 1756 iommu_group_do_dma_attach); 1757 } 1758 1759 static int iommu_group_do_probe_finalize(struct device *dev, void *data) 1760 { 1761 const struct iommu_ops *ops = dev_iommu_ops(dev); 1762 1763 if (ops->probe_finalize) 1764 ops->probe_finalize(dev); 1765 1766 return 0; 1767 } 1768 1769 static void __iommu_group_dma_finalize(struct iommu_group *group) 1770 { 1771 __iommu_group_for_each_dev(group, group->default_domain, 1772 iommu_group_do_probe_finalize); 1773 } 1774 1775 static int iommu_do_create_direct_mappings(struct device *dev, void *data) 1776 { 1777 struct iommu_group *group = data; 1778 1779 iommu_create_device_direct_mappings(group, dev); 1780 1781 return 0; 1782 } 1783 1784 static int iommu_group_create_direct_mappings(struct iommu_group *group) 1785 { 1786 return __iommu_group_for_each_dev(group, group, 1787 iommu_do_create_direct_mappings); 1788 } 1789 1790 int bus_iommu_probe(struct bus_type *bus) 1791 { 1792 struct iommu_group *group, *next; 1793 LIST_HEAD(group_list); 1794 int ret; 1795 1796 /* 1797 * This code-path does not allocate the default domain when 1798 * creating the iommu group, so do it after the groups are 1799 * created. 1800 */ 1801 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group); 1802 if (ret) 1803 return ret; 1804 1805 list_for_each_entry_safe(group, next, &group_list, entry) { 1806 /* Remove item from the list */ 1807 list_del_init(&group->entry); 1808 1809 mutex_lock(&group->mutex); 1810 1811 /* Try to allocate default domain */ 1812 probe_alloc_default_domain(bus, group); 1813 1814 if (!group->default_domain) { 1815 mutex_unlock(&group->mutex); 1816 continue; 1817 } 1818 1819 iommu_group_create_direct_mappings(group); 1820 1821 ret = __iommu_group_dma_attach(group); 1822 1823 mutex_unlock(&group->mutex); 1824 1825 if (ret) 1826 break; 1827 1828 __iommu_group_dma_finalize(group); 1829 } 1830 1831 return ret; 1832 } 1833 1834 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops) 1835 { 1836 struct notifier_block *nb; 1837 int err; 1838 1839 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL); 1840 if (!nb) 1841 return -ENOMEM; 1842 1843 nb->notifier_call = iommu_bus_notifier; 1844 1845 err = bus_register_notifier(bus, nb); 1846 if (err) 1847 goto out_free; 1848 1849 err = bus_iommu_probe(bus); 1850 if (err) 1851 goto out_err; 1852 1853 1854 return 0; 1855 1856 out_err: 1857 /* Clean up */ 1858 bus_for_each_dev(bus, NULL, NULL, remove_iommu_group); 1859 bus_unregister_notifier(bus, nb); 1860 1861 out_free: 1862 kfree(nb); 1863 1864 return err; 1865 } 1866 1867 /** 1868 * bus_set_iommu - set iommu-callbacks for the bus 1869 * @bus: bus. 1870 * @ops: the callbacks provided by the iommu-driver 1871 * 1872 * This function is called by an iommu driver to set the iommu methods 1873 * used for a particular bus. Drivers for devices on that bus can use 1874 * the iommu-api after these ops are registered. 1875 * This special function is needed because IOMMUs are usually devices on 1876 * the bus itself, so the iommu drivers are not initialized when the bus 1877 * is set up. With this function the iommu-driver can set the iommu-ops 1878 * afterwards. 1879 */ 1880 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops) 1881 { 1882 int err; 1883 1884 if (ops == NULL) { 1885 bus->iommu_ops = NULL; 1886 return 0; 1887 } 1888 1889 if (bus->iommu_ops != NULL) 1890 return -EBUSY; 1891 1892 bus->iommu_ops = ops; 1893 1894 /* Do IOMMU specific setup for this bus-type */ 1895 err = iommu_bus_init(bus, ops); 1896 if (err) 1897 bus->iommu_ops = NULL; 1898 1899 return err; 1900 } 1901 EXPORT_SYMBOL_GPL(bus_set_iommu); 1902 1903 bool iommu_present(struct bus_type *bus) 1904 { 1905 return bus->iommu_ops != NULL; 1906 } 1907 EXPORT_SYMBOL_GPL(iommu_present); 1908 1909 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap) 1910 { 1911 if (!bus->iommu_ops || !bus->iommu_ops->capable) 1912 return false; 1913 1914 return bus->iommu_ops->capable(cap); 1915 } 1916 EXPORT_SYMBOL_GPL(iommu_capable); 1917 1918 /** 1919 * iommu_set_fault_handler() - set a fault handler for an iommu domain 1920 * @domain: iommu domain 1921 * @handler: fault handler 1922 * @token: user data, will be passed back to the fault handler 1923 * 1924 * This function should be used by IOMMU users which want to be notified 1925 * whenever an IOMMU fault happens. 1926 * 1927 * The fault handler itself should return 0 on success, and an appropriate 1928 * error code otherwise. 1929 */ 1930 void iommu_set_fault_handler(struct iommu_domain *domain, 1931 iommu_fault_handler_t handler, 1932 void *token) 1933 { 1934 BUG_ON(!domain); 1935 1936 domain->handler = handler; 1937 domain->handler_token = token; 1938 } 1939 EXPORT_SYMBOL_GPL(iommu_set_fault_handler); 1940 1941 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, 1942 unsigned type) 1943 { 1944 struct iommu_domain *domain; 1945 1946 if (bus == NULL || bus->iommu_ops == NULL) 1947 return NULL; 1948 1949 domain = bus->iommu_ops->domain_alloc(type); 1950 if (!domain) 1951 return NULL; 1952 1953 domain->type = type; 1954 /* Assume all sizes by default; the driver may override this later */ 1955 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap; 1956 if (!domain->ops) 1957 domain->ops = bus->iommu_ops->default_domain_ops; 1958 1959 if (iommu_is_dma_domain(domain) && iommu_get_dma_cookie(domain)) { 1960 iommu_domain_free(domain); 1961 domain = NULL; 1962 } 1963 return domain; 1964 } 1965 1966 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus) 1967 { 1968 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED); 1969 } 1970 EXPORT_SYMBOL_GPL(iommu_domain_alloc); 1971 1972 void iommu_domain_free(struct iommu_domain *domain) 1973 { 1974 iommu_put_dma_cookie(domain); 1975 domain->ops->free(domain); 1976 } 1977 EXPORT_SYMBOL_GPL(iommu_domain_free); 1978 1979 static int __iommu_attach_device(struct iommu_domain *domain, 1980 struct device *dev) 1981 { 1982 int ret; 1983 1984 if (unlikely(domain->ops->attach_dev == NULL)) 1985 return -ENODEV; 1986 1987 ret = domain->ops->attach_dev(domain, dev); 1988 if (!ret) 1989 trace_attach_device_to_domain(dev); 1990 return ret; 1991 } 1992 1993 int iommu_attach_device(struct iommu_domain *domain, struct device *dev) 1994 { 1995 struct iommu_group *group; 1996 int ret; 1997 1998 group = iommu_group_get(dev); 1999 if (!group) 2000 return -ENODEV; 2001 2002 /* 2003 * Lock the group to make sure the device-count doesn't 2004 * change while we are attaching 2005 */ 2006 mutex_lock(&group->mutex); 2007 ret = -EINVAL; 2008 if (iommu_group_device_count(group) != 1) 2009 goto out_unlock; 2010 2011 ret = __iommu_attach_group(domain, group); 2012 2013 out_unlock: 2014 mutex_unlock(&group->mutex); 2015 iommu_group_put(group); 2016 2017 return ret; 2018 } 2019 EXPORT_SYMBOL_GPL(iommu_attach_device); 2020 2021 int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain) 2022 { 2023 if (iommu_is_attach_deferred(dev)) 2024 return __iommu_attach_device(domain, dev); 2025 2026 return 0; 2027 } 2028 2029 static void __iommu_detach_device(struct iommu_domain *domain, 2030 struct device *dev) 2031 { 2032 if (iommu_is_attach_deferred(dev)) 2033 return; 2034 2035 if (unlikely(domain->ops->detach_dev == NULL)) 2036 return; 2037 2038 domain->ops->detach_dev(domain, dev); 2039 trace_detach_device_from_domain(dev); 2040 } 2041 2042 void iommu_detach_device(struct iommu_domain *domain, struct device *dev) 2043 { 2044 struct iommu_group *group; 2045 2046 group = iommu_group_get(dev); 2047 if (!group) 2048 return; 2049 2050 mutex_lock(&group->mutex); 2051 if (iommu_group_device_count(group) != 1) { 2052 WARN_ON(1); 2053 goto out_unlock; 2054 } 2055 2056 __iommu_detach_group(domain, group); 2057 2058 out_unlock: 2059 mutex_unlock(&group->mutex); 2060 iommu_group_put(group); 2061 } 2062 EXPORT_SYMBOL_GPL(iommu_detach_device); 2063 2064 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev) 2065 { 2066 struct iommu_domain *domain; 2067 struct iommu_group *group; 2068 2069 group = iommu_group_get(dev); 2070 if (!group) 2071 return NULL; 2072 2073 domain = group->domain; 2074 2075 iommu_group_put(group); 2076 2077 return domain; 2078 } 2079 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev); 2080 2081 /* 2082 * For IOMMU_DOMAIN_DMA implementations which already provide their own 2083 * guarantees that the group and its default domain are valid and correct. 2084 */ 2085 struct iommu_domain *iommu_get_dma_domain(struct device *dev) 2086 { 2087 return dev->iommu_group->default_domain; 2088 } 2089 2090 /* 2091 * IOMMU groups are really the natural working unit of the IOMMU, but 2092 * the IOMMU API works on domains and devices. Bridge that gap by 2093 * iterating over the devices in a group. Ideally we'd have a single 2094 * device which represents the requestor ID of the group, but we also 2095 * allow IOMMU drivers to create policy defined minimum sets, where 2096 * the physical hardware may be able to distiguish members, but we 2097 * wish to group them at a higher level (ex. untrusted multi-function 2098 * PCI devices). Thus we attach each device. 2099 */ 2100 static int iommu_group_do_attach_device(struct device *dev, void *data) 2101 { 2102 struct iommu_domain *domain = data; 2103 2104 return __iommu_attach_device(domain, dev); 2105 } 2106 2107 static int __iommu_attach_group(struct iommu_domain *domain, 2108 struct iommu_group *group) 2109 { 2110 int ret; 2111 2112 if (group->default_domain && group->domain != group->default_domain) 2113 return -EBUSY; 2114 2115 ret = __iommu_group_for_each_dev(group, domain, 2116 iommu_group_do_attach_device); 2117 if (ret == 0) 2118 group->domain = domain; 2119 2120 return ret; 2121 } 2122 2123 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group) 2124 { 2125 int ret; 2126 2127 mutex_lock(&group->mutex); 2128 ret = __iommu_attach_group(domain, group); 2129 mutex_unlock(&group->mutex); 2130 2131 return ret; 2132 } 2133 EXPORT_SYMBOL_GPL(iommu_attach_group); 2134 2135 static int iommu_group_do_detach_device(struct device *dev, void *data) 2136 { 2137 struct iommu_domain *domain = data; 2138 2139 __iommu_detach_device(domain, dev); 2140 2141 return 0; 2142 } 2143 2144 static void __iommu_detach_group(struct iommu_domain *domain, 2145 struct iommu_group *group) 2146 { 2147 int ret; 2148 2149 if (!group->default_domain) { 2150 __iommu_group_for_each_dev(group, domain, 2151 iommu_group_do_detach_device); 2152 group->domain = NULL; 2153 return; 2154 } 2155 2156 if (group->domain == group->default_domain) 2157 return; 2158 2159 /* Detach by re-attaching to the default domain */ 2160 ret = __iommu_group_for_each_dev(group, group->default_domain, 2161 iommu_group_do_attach_device); 2162 if (ret != 0) 2163 WARN_ON(1); 2164 else 2165 group->domain = group->default_domain; 2166 } 2167 2168 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group) 2169 { 2170 mutex_lock(&group->mutex); 2171 __iommu_detach_group(domain, group); 2172 mutex_unlock(&group->mutex); 2173 } 2174 EXPORT_SYMBOL_GPL(iommu_detach_group); 2175 2176 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova) 2177 { 2178 if (domain->type == IOMMU_DOMAIN_IDENTITY) 2179 return iova; 2180 2181 if (domain->type == IOMMU_DOMAIN_BLOCKED) 2182 return 0; 2183 2184 return domain->ops->iova_to_phys(domain, iova); 2185 } 2186 EXPORT_SYMBOL_GPL(iommu_iova_to_phys); 2187 2188 static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova, 2189 phys_addr_t paddr, size_t size, size_t *count) 2190 { 2191 unsigned int pgsize_idx, pgsize_idx_next; 2192 unsigned long pgsizes; 2193 size_t offset, pgsize, pgsize_next; 2194 unsigned long addr_merge = paddr | iova; 2195 2196 /* Page sizes supported by the hardware and small enough for @size */ 2197 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0); 2198 2199 /* Constrain the page sizes further based on the maximum alignment */ 2200 if (likely(addr_merge)) 2201 pgsizes &= GENMASK(__ffs(addr_merge), 0); 2202 2203 /* Make sure we have at least one suitable page size */ 2204 BUG_ON(!pgsizes); 2205 2206 /* Pick the biggest page size remaining */ 2207 pgsize_idx = __fls(pgsizes); 2208 pgsize = BIT(pgsize_idx); 2209 if (!count) 2210 return pgsize; 2211 2212 /* Find the next biggest support page size, if it exists */ 2213 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0); 2214 if (!pgsizes) 2215 goto out_set_count; 2216 2217 pgsize_idx_next = __ffs(pgsizes); 2218 pgsize_next = BIT(pgsize_idx_next); 2219 2220 /* 2221 * There's no point trying a bigger page size unless the virtual 2222 * and physical addresses are similarly offset within the larger page. 2223 */ 2224 if ((iova ^ paddr) & (pgsize_next - 1)) 2225 goto out_set_count; 2226 2227 /* Calculate the offset to the next page size alignment boundary */ 2228 offset = pgsize_next - (addr_merge & (pgsize_next - 1)); 2229 2230 /* 2231 * If size is big enough to accommodate the larger page, reduce 2232 * the number of smaller pages. 2233 */ 2234 if (offset + pgsize_next <= size) 2235 size = offset; 2236 2237 out_set_count: 2238 *count = size >> pgsize_idx; 2239 return pgsize; 2240 } 2241 2242 static int __iommu_map_pages(struct iommu_domain *domain, unsigned long iova, 2243 phys_addr_t paddr, size_t size, int prot, 2244 gfp_t gfp, size_t *mapped) 2245 { 2246 const struct iommu_domain_ops *ops = domain->ops; 2247 size_t pgsize, count; 2248 int ret; 2249 2250 pgsize = iommu_pgsize(domain, iova, paddr, size, &count); 2251 2252 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n", 2253 iova, &paddr, pgsize, count); 2254 2255 if (ops->map_pages) { 2256 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot, 2257 gfp, mapped); 2258 } else { 2259 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp); 2260 *mapped = ret ? 0 : pgsize; 2261 } 2262 2263 return ret; 2264 } 2265 2266 static int __iommu_map(struct iommu_domain *domain, unsigned long iova, 2267 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2268 { 2269 const struct iommu_domain_ops *ops = domain->ops; 2270 unsigned long orig_iova = iova; 2271 unsigned int min_pagesz; 2272 size_t orig_size = size; 2273 phys_addr_t orig_paddr = paddr; 2274 int ret = 0; 2275 2276 if (unlikely(!(ops->map || ops->map_pages) || 2277 domain->pgsize_bitmap == 0UL)) 2278 return -ENODEV; 2279 2280 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2281 return -EINVAL; 2282 2283 /* find out the minimum page size supported */ 2284 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2285 2286 /* 2287 * both the virtual address and the physical one, as well as 2288 * the size of the mapping, must be aligned (at least) to the 2289 * size of the smallest page supported by the hardware 2290 */ 2291 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) { 2292 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n", 2293 iova, &paddr, size, min_pagesz); 2294 return -EINVAL; 2295 } 2296 2297 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size); 2298 2299 while (size) { 2300 size_t mapped = 0; 2301 2302 ret = __iommu_map_pages(domain, iova, paddr, size, prot, gfp, 2303 &mapped); 2304 /* 2305 * Some pages may have been mapped, even if an error occurred, 2306 * so we should account for those so they can be unmapped. 2307 */ 2308 size -= mapped; 2309 2310 if (ret) 2311 break; 2312 2313 iova += mapped; 2314 paddr += mapped; 2315 } 2316 2317 /* unroll mapping in case something went wrong */ 2318 if (ret) 2319 iommu_unmap(domain, orig_iova, orig_size - size); 2320 else 2321 trace_map(orig_iova, orig_paddr, orig_size); 2322 2323 return ret; 2324 } 2325 2326 static int _iommu_map(struct iommu_domain *domain, unsigned long iova, 2327 phys_addr_t paddr, size_t size, int prot, gfp_t gfp) 2328 { 2329 const struct iommu_domain_ops *ops = domain->ops; 2330 int ret; 2331 2332 ret = __iommu_map(domain, iova, paddr, size, prot, gfp); 2333 if (ret == 0 && ops->iotlb_sync_map) 2334 ops->iotlb_sync_map(domain, iova, size); 2335 2336 return ret; 2337 } 2338 2339 int iommu_map(struct iommu_domain *domain, unsigned long iova, 2340 phys_addr_t paddr, size_t size, int prot) 2341 { 2342 might_sleep(); 2343 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL); 2344 } 2345 EXPORT_SYMBOL_GPL(iommu_map); 2346 2347 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova, 2348 phys_addr_t paddr, size_t size, int prot) 2349 { 2350 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC); 2351 } 2352 EXPORT_SYMBOL_GPL(iommu_map_atomic); 2353 2354 static size_t __iommu_unmap_pages(struct iommu_domain *domain, 2355 unsigned long iova, size_t size, 2356 struct iommu_iotlb_gather *iotlb_gather) 2357 { 2358 const struct iommu_domain_ops *ops = domain->ops; 2359 size_t pgsize, count; 2360 2361 pgsize = iommu_pgsize(domain, iova, iova, size, &count); 2362 return ops->unmap_pages ? 2363 ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather) : 2364 ops->unmap(domain, iova, pgsize, iotlb_gather); 2365 } 2366 2367 static size_t __iommu_unmap(struct iommu_domain *domain, 2368 unsigned long iova, size_t size, 2369 struct iommu_iotlb_gather *iotlb_gather) 2370 { 2371 const struct iommu_domain_ops *ops = domain->ops; 2372 size_t unmapped_page, unmapped = 0; 2373 unsigned long orig_iova = iova; 2374 unsigned int min_pagesz; 2375 2376 if (unlikely(!(ops->unmap || ops->unmap_pages) || 2377 domain->pgsize_bitmap == 0UL)) 2378 return 0; 2379 2380 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING))) 2381 return 0; 2382 2383 /* find out the minimum page size supported */ 2384 min_pagesz = 1 << __ffs(domain->pgsize_bitmap); 2385 2386 /* 2387 * The virtual address, as well as the size of the mapping, must be 2388 * aligned (at least) to the size of the smallest page supported 2389 * by the hardware 2390 */ 2391 if (!IS_ALIGNED(iova | size, min_pagesz)) { 2392 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n", 2393 iova, size, min_pagesz); 2394 return 0; 2395 } 2396 2397 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size); 2398 2399 /* 2400 * Keep iterating until we either unmap 'size' bytes (or more) 2401 * or we hit an area that isn't mapped. 2402 */ 2403 while (unmapped < size) { 2404 unmapped_page = __iommu_unmap_pages(domain, iova, 2405 size - unmapped, 2406 iotlb_gather); 2407 if (!unmapped_page) 2408 break; 2409 2410 pr_debug("unmapped: iova 0x%lx size 0x%zx\n", 2411 iova, unmapped_page); 2412 2413 iova += unmapped_page; 2414 unmapped += unmapped_page; 2415 } 2416 2417 trace_unmap(orig_iova, size, unmapped); 2418 return unmapped; 2419 } 2420 2421 size_t iommu_unmap(struct iommu_domain *domain, 2422 unsigned long iova, size_t size) 2423 { 2424 struct iommu_iotlb_gather iotlb_gather; 2425 size_t ret; 2426 2427 iommu_iotlb_gather_init(&iotlb_gather); 2428 ret = __iommu_unmap(domain, iova, size, &iotlb_gather); 2429 iommu_iotlb_sync(domain, &iotlb_gather); 2430 2431 return ret; 2432 } 2433 EXPORT_SYMBOL_GPL(iommu_unmap); 2434 2435 size_t iommu_unmap_fast(struct iommu_domain *domain, 2436 unsigned long iova, size_t size, 2437 struct iommu_iotlb_gather *iotlb_gather) 2438 { 2439 return __iommu_unmap(domain, iova, size, iotlb_gather); 2440 } 2441 EXPORT_SYMBOL_GPL(iommu_unmap_fast); 2442 2443 static ssize_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2444 struct scatterlist *sg, unsigned int nents, int prot, 2445 gfp_t gfp) 2446 { 2447 const struct iommu_domain_ops *ops = domain->ops; 2448 size_t len = 0, mapped = 0; 2449 phys_addr_t start; 2450 unsigned int i = 0; 2451 int ret; 2452 2453 while (i <= nents) { 2454 phys_addr_t s_phys = sg_phys(sg); 2455 2456 if (len && s_phys != start + len) { 2457 ret = __iommu_map(domain, iova + mapped, start, 2458 len, prot, gfp); 2459 2460 if (ret) 2461 goto out_err; 2462 2463 mapped += len; 2464 len = 0; 2465 } 2466 2467 if (len) { 2468 len += sg->length; 2469 } else { 2470 len = sg->length; 2471 start = s_phys; 2472 } 2473 2474 if (++i < nents) 2475 sg = sg_next(sg); 2476 } 2477 2478 if (ops->iotlb_sync_map) 2479 ops->iotlb_sync_map(domain, iova, mapped); 2480 return mapped; 2481 2482 out_err: 2483 /* undo mappings already done */ 2484 iommu_unmap(domain, iova, mapped); 2485 2486 return ret; 2487 } 2488 2489 ssize_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova, 2490 struct scatterlist *sg, unsigned int nents, int prot) 2491 { 2492 might_sleep(); 2493 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL); 2494 } 2495 EXPORT_SYMBOL_GPL(iommu_map_sg); 2496 2497 ssize_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova, 2498 struct scatterlist *sg, unsigned int nents, int prot) 2499 { 2500 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC); 2501 } 2502 2503 /** 2504 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework 2505 * @domain: the iommu domain where the fault has happened 2506 * @dev: the device where the fault has happened 2507 * @iova: the faulting address 2508 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...) 2509 * 2510 * This function should be called by the low-level IOMMU implementations 2511 * whenever IOMMU faults happen, to allow high-level users, that are 2512 * interested in such events, to know about them. 2513 * 2514 * This event may be useful for several possible use cases: 2515 * - mere logging of the event 2516 * - dynamic TLB/PTE loading 2517 * - if restarting of the faulting device is required 2518 * 2519 * Returns 0 on success and an appropriate error code otherwise (if dynamic 2520 * PTE/TLB loading will one day be supported, implementations will be able 2521 * to tell whether it succeeded or not according to this return value). 2522 * 2523 * Specifically, -ENOSYS is returned if a fault handler isn't installed 2524 * (though fault handlers can also return -ENOSYS, in case they want to 2525 * elicit the default behavior of the IOMMU drivers). 2526 */ 2527 int report_iommu_fault(struct iommu_domain *domain, struct device *dev, 2528 unsigned long iova, int flags) 2529 { 2530 int ret = -ENOSYS; 2531 2532 /* 2533 * if upper layers showed interest and installed a fault handler, 2534 * invoke it. 2535 */ 2536 if (domain->handler) 2537 ret = domain->handler(domain, dev, iova, flags, 2538 domain->handler_token); 2539 2540 trace_io_page_fault(dev, iova, flags); 2541 return ret; 2542 } 2543 EXPORT_SYMBOL_GPL(report_iommu_fault); 2544 2545 static int __init iommu_init(void) 2546 { 2547 iommu_group_kset = kset_create_and_add("iommu_groups", 2548 NULL, kernel_kobj); 2549 BUG_ON(!iommu_group_kset); 2550 2551 iommu_debugfs_setup(); 2552 2553 return 0; 2554 } 2555 core_initcall(iommu_init); 2556 2557 int iommu_enable_nesting(struct iommu_domain *domain) 2558 { 2559 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2560 return -EINVAL; 2561 if (!domain->ops->enable_nesting) 2562 return -EINVAL; 2563 return domain->ops->enable_nesting(domain); 2564 } 2565 EXPORT_SYMBOL_GPL(iommu_enable_nesting); 2566 2567 int iommu_set_pgtable_quirks(struct iommu_domain *domain, 2568 unsigned long quirk) 2569 { 2570 if (domain->type != IOMMU_DOMAIN_UNMANAGED) 2571 return -EINVAL; 2572 if (!domain->ops->set_pgtable_quirks) 2573 return -EINVAL; 2574 return domain->ops->set_pgtable_quirks(domain, quirk); 2575 } 2576 EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks); 2577 2578 void iommu_get_resv_regions(struct device *dev, struct list_head *list) 2579 { 2580 const struct iommu_ops *ops = dev_iommu_ops(dev); 2581 2582 if (ops->get_resv_regions) 2583 ops->get_resv_regions(dev, list); 2584 } 2585 2586 void iommu_put_resv_regions(struct device *dev, struct list_head *list) 2587 { 2588 const struct iommu_ops *ops = dev_iommu_ops(dev); 2589 2590 if (ops->put_resv_regions) 2591 ops->put_resv_regions(dev, list); 2592 } 2593 2594 /** 2595 * generic_iommu_put_resv_regions - Reserved region driver helper 2596 * @dev: device for which to free reserved regions 2597 * @list: reserved region list for device 2598 * 2599 * IOMMU drivers can use this to implement their .put_resv_regions() callback 2600 * for simple reservations. Memory allocated for each reserved region will be 2601 * freed. If an IOMMU driver allocates additional resources per region, it is 2602 * going to have to implement a custom callback. 2603 */ 2604 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list) 2605 { 2606 struct iommu_resv_region *entry, *next; 2607 2608 list_for_each_entry_safe(entry, next, list, list) 2609 kfree(entry); 2610 } 2611 EXPORT_SYMBOL(generic_iommu_put_resv_regions); 2612 2613 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start, 2614 size_t length, int prot, 2615 enum iommu_resv_type type) 2616 { 2617 struct iommu_resv_region *region; 2618 2619 region = kzalloc(sizeof(*region), GFP_KERNEL); 2620 if (!region) 2621 return NULL; 2622 2623 INIT_LIST_HEAD(®ion->list); 2624 region->start = start; 2625 region->length = length; 2626 region->prot = prot; 2627 region->type = type; 2628 return region; 2629 } 2630 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region); 2631 2632 void iommu_set_default_passthrough(bool cmd_line) 2633 { 2634 if (cmd_line) 2635 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2636 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; 2637 } 2638 2639 void iommu_set_default_translated(bool cmd_line) 2640 { 2641 if (cmd_line) 2642 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; 2643 iommu_def_domain_type = IOMMU_DOMAIN_DMA; 2644 } 2645 2646 bool iommu_default_passthrough(void) 2647 { 2648 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY; 2649 } 2650 EXPORT_SYMBOL_GPL(iommu_default_passthrough); 2651 2652 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode) 2653 { 2654 const struct iommu_ops *ops = NULL; 2655 struct iommu_device *iommu; 2656 2657 spin_lock(&iommu_device_lock); 2658 list_for_each_entry(iommu, &iommu_device_list, list) 2659 if (iommu->fwnode == fwnode) { 2660 ops = iommu->ops; 2661 break; 2662 } 2663 spin_unlock(&iommu_device_lock); 2664 return ops; 2665 } 2666 2667 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode, 2668 const struct iommu_ops *ops) 2669 { 2670 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2671 2672 if (fwspec) 2673 return ops == fwspec->ops ? 0 : -EINVAL; 2674 2675 if (!dev_iommu_get(dev)) 2676 return -ENOMEM; 2677 2678 /* Preallocate for the overwhelmingly common case of 1 ID */ 2679 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL); 2680 if (!fwspec) 2681 return -ENOMEM; 2682 2683 of_node_get(to_of_node(iommu_fwnode)); 2684 fwspec->iommu_fwnode = iommu_fwnode; 2685 fwspec->ops = ops; 2686 dev_iommu_fwspec_set(dev, fwspec); 2687 return 0; 2688 } 2689 EXPORT_SYMBOL_GPL(iommu_fwspec_init); 2690 2691 void iommu_fwspec_free(struct device *dev) 2692 { 2693 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2694 2695 if (fwspec) { 2696 fwnode_handle_put(fwspec->iommu_fwnode); 2697 kfree(fwspec); 2698 dev_iommu_fwspec_set(dev, NULL); 2699 } 2700 } 2701 EXPORT_SYMBOL_GPL(iommu_fwspec_free); 2702 2703 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids) 2704 { 2705 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); 2706 int i, new_num; 2707 2708 if (!fwspec) 2709 return -EINVAL; 2710 2711 new_num = fwspec->num_ids + num_ids; 2712 if (new_num > 1) { 2713 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num), 2714 GFP_KERNEL); 2715 if (!fwspec) 2716 return -ENOMEM; 2717 2718 dev_iommu_fwspec_set(dev, fwspec); 2719 } 2720 2721 for (i = 0; i < num_ids; i++) 2722 fwspec->ids[fwspec->num_ids + i] = ids[i]; 2723 2724 fwspec->num_ids = new_num; 2725 return 0; 2726 } 2727 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids); 2728 2729 /* 2730 * Per device IOMMU features. 2731 */ 2732 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat) 2733 { 2734 if (dev->iommu && dev->iommu->iommu_dev) { 2735 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2736 2737 if (ops->dev_enable_feat) 2738 return ops->dev_enable_feat(dev, feat); 2739 } 2740 2741 return -ENODEV; 2742 } 2743 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature); 2744 2745 /* 2746 * The device drivers should do the necessary cleanups before calling this. 2747 */ 2748 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat) 2749 { 2750 if (dev->iommu && dev->iommu->iommu_dev) { 2751 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2752 2753 if (ops->dev_disable_feat) 2754 return ops->dev_disable_feat(dev, feat); 2755 } 2756 2757 return -EBUSY; 2758 } 2759 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature); 2760 2761 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat) 2762 { 2763 if (dev->iommu && dev->iommu->iommu_dev) { 2764 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops; 2765 2766 if (ops->dev_feat_enabled) 2767 return ops->dev_feat_enabled(dev, feat); 2768 } 2769 2770 return false; 2771 } 2772 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled); 2773 2774 /** 2775 * iommu_sva_bind_device() - Bind a process address space to a device 2776 * @dev: the device 2777 * @mm: the mm to bind, caller must hold a reference to it 2778 * @drvdata: opaque data pointer to pass to bind callback 2779 * 2780 * Create a bond between device and address space, allowing the device to access 2781 * the mm using the returned PASID. If a bond already exists between @device and 2782 * @mm, it is returned and an additional reference is taken. Caller must call 2783 * iommu_sva_unbind_device() to release each reference. 2784 * 2785 * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to 2786 * initialize the required SVA features. 2787 * 2788 * On error, returns an ERR_PTR value. 2789 */ 2790 struct iommu_sva * 2791 iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata) 2792 { 2793 struct iommu_group *group; 2794 struct iommu_sva *handle = ERR_PTR(-EINVAL); 2795 const struct iommu_ops *ops = dev_iommu_ops(dev); 2796 2797 if (!ops->sva_bind) 2798 return ERR_PTR(-ENODEV); 2799 2800 group = iommu_group_get(dev); 2801 if (!group) 2802 return ERR_PTR(-ENODEV); 2803 2804 /* Ensure device count and domain don't change while we're binding */ 2805 mutex_lock(&group->mutex); 2806 2807 /* 2808 * To keep things simple, SVA currently doesn't support IOMMU groups 2809 * with more than one device. Existing SVA-capable systems are not 2810 * affected by the problems that required IOMMU groups (lack of ACS 2811 * isolation, device ID aliasing and other hardware issues). 2812 */ 2813 if (iommu_group_device_count(group) != 1) 2814 goto out_unlock; 2815 2816 handle = ops->sva_bind(dev, mm, drvdata); 2817 2818 out_unlock: 2819 mutex_unlock(&group->mutex); 2820 iommu_group_put(group); 2821 2822 return handle; 2823 } 2824 EXPORT_SYMBOL_GPL(iommu_sva_bind_device); 2825 2826 /** 2827 * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device 2828 * @handle: the handle returned by iommu_sva_bind_device() 2829 * 2830 * Put reference to a bond between device and address space. The device should 2831 * not be issuing any more transaction for this PASID. All outstanding page 2832 * requests for this PASID must have been flushed to the IOMMU. 2833 */ 2834 void iommu_sva_unbind_device(struct iommu_sva *handle) 2835 { 2836 struct iommu_group *group; 2837 struct device *dev = handle->dev; 2838 const struct iommu_ops *ops = dev_iommu_ops(dev); 2839 2840 if (!ops->sva_unbind) 2841 return; 2842 2843 group = iommu_group_get(dev); 2844 if (!group) 2845 return; 2846 2847 mutex_lock(&group->mutex); 2848 ops->sva_unbind(handle); 2849 mutex_unlock(&group->mutex); 2850 2851 iommu_group_put(group); 2852 } 2853 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device); 2854 2855 u32 iommu_sva_get_pasid(struct iommu_sva *handle) 2856 { 2857 const struct iommu_ops *ops = dev_iommu_ops(handle->dev); 2858 2859 if (!ops->sva_get_pasid) 2860 return IOMMU_PASID_INVALID; 2861 2862 return ops->sva_get_pasid(handle); 2863 } 2864 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid); 2865 2866 /* 2867 * Changes the default domain of an iommu group that has *only* one device 2868 * 2869 * @group: The group for which the default domain should be changed 2870 * @prev_dev: The device in the group (this is used to make sure that the device 2871 * hasn't changed after the caller has called this function) 2872 * @type: The type of the new default domain that gets associated with the group 2873 * 2874 * Returns 0 on success and error code on failure 2875 * 2876 * Note: 2877 * 1. Presently, this function is called only when user requests to change the 2878 * group's default domain type through /sys/kernel/iommu_groups/<grp_id>/type 2879 * Please take a closer look if intended to use for other purposes. 2880 */ 2881 static int iommu_change_dev_def_domain(struct iommu_group *group, 2882 struct device *prev_dev, int type) 2883 { 2884 struct iommu_domain *prev_dom; 2885 struct group_device *grp_dev; 2886 int ret, dev_def_dom; 2887 struct device *dev; 2888 2889 mutex_lock(&group->mutex); 2890 2891 if (group->default_domain != group->domain) { 2892 dev_err_ratelimited(prev_dev, "Group not assigned to default domain\n"); 2893 ret = -EBUSY; 2894 goto out; 2895 } 2896 2897 /* 2898 * iommu group wasn't locked while acquiring device lock in 2899 * iommu_group_store_type(). So, make sure that the device count hasn't 2900 * changed while acquiring device lock. 2901 * 2902 * Changing default domain of an iommu group with two or more devices 2903 * isn't supported because there could be a potential deadlock. Consider 2904 * the following scenario. T1 is trying to acquire device locks of all 2905 * the devices in the group and before it could acquire all of them, 2906 * there could be another thread T2 (from different sub-system and use 2907 * case) that has already acquired some of the device locks and might be 2908 * waiting for T1 to release other device locks. 2909 */ 2910 if (iommu_group_device_count(group) != 1) { 2911 dev_err_ratelimited(prev_dev, "Cannot change default domain: Group has more than one device\n"); 2912 ret = -EINVAL; 2913 goto out; 2914 } 2915 2916 /* Since group has only one device */ 2917 grp_dev = list_first_entry(&group->devices, struct group_device, list); 2918 dev = grp_dev->dev; 2919 2920 if (prev_dev != dev) { 2921 dev_err_ratelimited(prev_dev, "Cannot change default domain: Device has been changed\n"); 2922 ret = -EBUSY; 2923 goto out; 2924 } 2925 2926 prev_dom = group->default_domain; 2927 if (!prev_dom) { 2928 ret = -EINVAL; 2929 goto out; 2930 } 2931 2932 dev_def_dom = iommu_get_def_domain_type(dev); 2933 if (!type) { 2934 /* 2935 * If the user hasn't requested any specific type of domain and 2936 * if the device supports both the domains, then default to the 2937 * domain the device was booted with 2938 */ 2939 type = dev_def_dom ? : iommu_def_domain_type; 2940 } else if (dev_def_dom && type != dev_def_dom) { 2941 dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n", 2942 iommu_domain_type_str(type)); 2943 ret = -EINVAL; 2944 goto out; 2945 } 2946 2947 /* 2948 * Switch to a new domain only if the requested domain type is different 2949 * from the existing default domain type 2950 */ 2951 if (prev_dom->type == type) { 2952 ret = 0; 2953 goto out; 2954 } 2955 2956 /* We can bring up a flush queue without tearing down the domain */ 2957 if (type == IOMMU_DOMAIN_DMA_FQ && prev_dom->type == IOMMU_DOMAIN_DMA) { 2958 ret = iommu_dma_init_fq(prev_dom); 2959 if (!ret) 2960 prev_dom->type = IOMMU_DOMAIN_DMA_FQ; 2961 goto out; 2962 } 2963 2964 /* Sets group->default_domain to the newly allocated domain */ 2965 ret = iommu_group_alloc_default_domain(dev->bus, group, type); 2966 if (ret) 2967 goto out; 2968 2969 ret = iommu_create_device_direct_mappings(group, dev); 2970 if (ret) 2971 goto free_new_domain; 2972 2973 ret = __iommu_attach_device(group->default_domain, dev); 2974 if (ret) 2975 goto free_new_domain; 2976 2977 group->domain = group->default_domain; 2978 2979 /* 2980 * Release the mutex here because ops->probe_finalize() call-back of 2981 * some vendor IOMMU drivers calls arm_iommu_attach_device() which 2982 * in-turn might call back into IOMMU core code, where it tries to take 2983 * group->mutex, resulting in a deadlock. 2984 */ 2985 mutex_unlock(&group->mutex); 2986 2987 /* Make sure dma_ops is appropriatley set */ 2988 iommu_group_do_probe_finalize(dev, group->default_domain); 2989 iommu_domain_free(prev_dom); 2990 return 0; 2991 2992 free_new_domain: 2993 iommu_domain_free(group->default_domain); 2994 group->default_domain = prev_dom; 2995 group->domain = prev_dom; 2996 2997 out: 2998 mutex_unlock(&group->mutex); 2999 3000 return ret; 3001 } 3002 3003 /* 3004 * Changing the default domain through sysfs requires the users to unbind the 3005 * drivers from the devices in the iommu group, except for a DMA -> DMA-FQ 3006 * transition. Return failure if this isn't met. 3007 * 3008 * We need to consider the race between this and the device release path. 3009 * device_lock(dev) is used here to guarantee that the device release path 3010 * will not be entered at the same time. 3011 */ 3012 static ssize_t iommu_group_store_type(struct iommu_group *group, 3013 const char *buf, size_t count) 3014 { 3015 struct group_device *grp_dev; 3016 struct device *dev; 3017 int ret, req_type; 3018 3019 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) 3020 return -EACCES; 3021 3022 if (WARN_ON(!group)) 3023 return -EINVAL; 3024 3025 if (sysfs_streq(buf, "identity")) 3026 req_type = IOMMU_DOMAIN_IDENTITY; 3027 else if (sysfs_streq(buf, "DMA")) 3028 req_type = IOMMU_DOMAIN_DMA; 3029 else if (sysfs_streq(buf, "DMA-FQ")) 3030 req_type = IOMMU_DOMAIN_DMA_FQ; 3031 else if (sysfs_streq(buf, "auto")) 3032 req_type = 0; 3033 else 3034 return -EINVAL; 3035 3036 /* 3037 * Lock/Unlock the group mutex here before device lock to 3038 * 1. Make sure that the iommu group has only one device (this is a 3039 * prerequisite for step 2) 3040 * 2. Get struct *dev which is needed to lock device 3041 */ 3042 mutex_lock(&group->mutex); 3043 if (iommu_group_device_count(group) != 1) { 3044 mutex_unlock(&group->mutex); 3045 pr_err_ratelimited("Cannot change default domain: Group has more than one device\n"); 3046 return -EINVAL; 3047 } 3048 3049 /* Since group has only one device */ 3050 grp_dev = list_first_entry(&group->devices, struct group_device, list); 3051 dev = grp_dev->dev; 3052 get_device(dev); 3053 3054 /* 3055 * Don't hold the group mutex because taking group mutex first and then 3056 * the device lock could potentially cause a deadlock as below. Assume 3057 * two threads T1 and T2. T1 is trying to change default domain of an 3058 * iommu group and T2 is trying to hot unplug a device or release [1] VF 3059 * of a PCIe device which is in the same iommu group. T1 takes group 3060 * mutex and before it could take device lock assume T2 has taken device 3061 * lock and is yet to take group mutex. Now, both the threads will be 3062 * waiting for the other thread to release lock. Below, lock order was 3063 * suggested. 3064 * device_lock(dev); 3065 * mutex_lock(&group->mutex); 3066 * iommu_change_dev_def_domain(); 3067 * mutex_unlock(&group->mutex); 3068 * device_unlock(dev); 3069 * 3070 * [1] Typical device release path 3071 * device_lock() from device/driver core code 3072 * -> bus_notifier() 3073 * -> iommu_bus_notifier() 3074 * -> iommu_release_device() 3075 * -> ops->release_device() vendor driver calls back iommu core code 3076 * -> mutex_lock() from iommu core code 3077 */ 3078 mutex_unlock(&group->mutex); 3079 3080 /* Check if the device in the group still has a driver bound to it */ 3081 device_lock(dev); 3082 if (device_is_bound(dev) && !(req_type == IOMMU_DOMAIN_DMA_FQ && 3083 group->default_domain->type == IOMMU_DOMAIN_DMA)) { 3084 pr_err_ratelimited("Device is still bound to driver\n"); 3085 ret = -EBUSY; 3086 goto out; 3087 } 3088 3089 ret = iommu_change_dev_def_domain(group, dev, req_type); 3090 ret = ret ?: count; 3091 3092 out: 3093 device_unlock(dev); 3094 put_device(dev); 3095 3096 return ret; 3097 } 3098