1 // SPDX-License-Identifier: GPL-2.0
3 * IOMMU API for ARM architected SMMUv3 implementations.
5 * Copyright (C) 2015 ARM Limited
7 * Author: Will Deacon <will.deacon@arm.com>
9 * This driver is powered by bad coffee and bombay mix.
12 #include <linux/acpi.h>
13 #include <linux/acpi_iort.h>
14 #include <linux/bitfield.h>
15 #include <linux/bitops.h>
16 #include <linux/crash_dump.h>
17 #include <linux/delay.h>
18 #include <linux/dma-iommu.h>
19 #include <linux/err.h>
20 #include <linux/interrupt.h>
21 #include <linux/io-pgtable.h>
22 #include <linux/iommu.h>
23 #include <linux/iopoll.h>
24 #include <linux/init.h>
25 #include <linux/moduleparam.h>
26 #include <linux/msi.h>
28 #include <linux/of_address.h>
29 #include <linux/of_iommu.h>
30 #include <linux/of_platform.h>
31 #include <linux/pci.h>
32 #include <linux/pci-ats.h>
33 #include <linux/platform_device.h>
35 #include <linux/amba/bus.h>
38 #define ARM_SMMU_IDR0 0x0
39 #define IDR0_ST_LVL GENMASK(28, 27)
40 #define IDR0_ST_LVL_2LVL 1
41 #define IDR0_STALL_MODEL GENMASK(25, 24)
42 #define IDR0_STALL_MODEL_STALL 0
43 #define IDR0_STALL_MODEL_FORCE 2
44 #define IDR0_TTENDIAN GENMASK(22, 21)
45 #define IDR0_TTENDIAN_MIXED 0
46 #define IDR0_TTENDIAN_LE 2
47 #define IDR0_TTENDIAN_BE 3
48 #define IDR0_CD2L (1 << 19)
49 #define IDR0_VMID16 (1 << 18)
50 #define IDR0_PRI (1 << 16)
51 #define IDR0_SEV (1 << 14)
52 #define IDR0_MSI (1 << 13)
53 #define IDR0_ASID16 (1 << 12)
54 #define IDR0_ATS (1 << 10)
55 #define IDR0_HYP (1 << 9)
56 #define IDR0_COHACC (1 << 4)
57 #define IDR0_TTF GENMASK(3, 2)
58 #define IDR0_TTF_AARCH64 2
59 #define IDR0_TTF_AARCH32_64 3
60 #define IDR0_S1P (1 << 1)
61 #define IDR0_S2P (1 << 0)
63 #define ARM_SMMU_IDR1 0x4
64 #define IDR1_TABLES_PRESET (1 << 30)
65 #define IDR1_QUEUES_PRESET (1 << 29)
66 #define IDR1_REL (1 << 28)
67 #define IDR1_CMDQS GENMASK(25, 21)
68 #define IDR1_EVTQS GENMASK(20, 16)
69 #define IDR1_PRIQS GENMASK(15, 11)
70 #define IDR1_SSIDSIZE GENMASK(10, 6)
71 #define IDR1_SIDSIZE GENMASK(5, 0)
73 #define ARM_SMMU_IDR5 0x14
74 #define IDR5_STALL_MAX GENMASK(31, 16)
75 #define IDR5_GRAN64K (1 << 6)
76 #define IDR5_GRAN16K (1 << 5)
77 #define IDR5_GRAN4K (1 << 4)
78 #define IDR5_OAS GENMASK(2, 0)
79 #define IDR5_OAS_32_BIT 0
80 #define IDR5_OAS_36_BIT 1
81 #define IDR5_OAS_40_BIT 2
82 #define IDR5_OAS_42_BIT 3
83 #define IDR5_OAS_44_BIT 4
84 #define IDR5_OAS_48_BIT 5
85 #define IDR5_OAS_52_BIT 6
86 #define IDR5_VAX GENMASK(11, 10)
87 #define IDR5_VAX_52_BIT 1
89 #define ARM_SMMU_CR0 0x20
90 #define CR0_ATSCHK (1 << 4)
91 #define CR0_CMDQEN (1 << 3)
92 #define CR0_EVTQEN (1 << 2)
93 #define CR0_PRIQEN (1 << 1)
94 #define CR0_SMMUEN (1 << 0)
96 #define ARM_SMMU_CR0ACK 0x24
98 #define ARM_SMMU_CR1 0x28
99 #define CR1_TABLE_SH GENMASK(11, 10)
100 #define CR1_TABLE_OC GENMASK(9, 8)
101 #define CR1_TABLE_IC GENMASK(7, 6)
102 #define CR1_QUEUE_SH GENMASK(5, 4)
103 #define CR1_QUEUE_OC GENMASK(3, 2)
104 #define CR1_QUEUE_IC GENMASK(1, 0)
105 /* CR1 cacheability fields don't quite follow the usual TCR-style encoding */
106 #define CR1_CACHE_NC 0
107 #define CR1_CACHE_WB 1
108 #define CR1_CACHE_WT 2
110 #define ARM_SMMU_CR2 0x2c
111 #define CR2_PTM (1 << 2)
112 #define CR2_RECINVSID (1 << 1)
113 #define CR2_E2H (1 << 0)
115 #define ARM_SMMU_GBPA 0x44
116 #define GBPA_UPDATE (1 << 31)
117 #define GBPA_ABORT (1 << 20)
119 #define ARM_SMMU_IRQ_CTRL 0x50
120 #define IRQ_CTRL_EVTQ_IRQEN (1 << 2)
121 #define IRQ_CTRL_PRIQ_IRQEN (1 << 1)
122 #define IRQ_CTRL_GERROR_IRQEN (1 << 0)
124 #define ARM_SMMU_IRQ_CTRLACK 0x54
126 #define ARM_SMMU_GERROR 0x60
127 #define GERROR_SFM_ERR (1 << 8)
128 #define GERROR_MSI_GERROR_ABT_ERR (1 << 7)
129 #define GERROR_MSI_PRIQ_ABT_ERR (1 << 6)
130 #define GERROR_MSI_EVTQ_ABT_ERR (1 << 5)
131 #define GERROR_MSI_CMDQ_ABT_ERR (1 << 4)
132 #define GERROR_PRIQ_ABT_ERR (1 << 3)
133 #define GERROR_EVTQ_ABT_ERR (1 << 2)
134 #define GERROR_CMDQ_ERR (1 << 0)
135 #define GERROR_ERR_MASK 0xfd
137 #define ARM_SMMU_GERRORN 0x64
139 #define ARM_SMMU_GERROR_IRQ_CFG0 0x68
140 #define ARM_SMMU_GERROR_IRQ_CFG1 0x70
141 #define ARM_SMMU_GERROR_IRQ_CFG2 0x74
143 #define ARM_SMMU_STRTAB_BASE 0x80
144 #define STRTAB_BASE_RA (1UL << 62)
145 #define STRTAB_BASE_ADDR_MASK GENMASK_ULL(51, 6)
147 #define ARM_SMMU_STRTAB_BASE_CFG 0x88
148 #define STRTAB_BASE_CFG_FMT GENMASK(17, 16)
149 #define STRTAB_BASE_CFG_FMT_LINEAR 0
150 #define STRTAB_BASE_CFG_FMT_2LVL 1
151 #define STRTAB_BASE_CFG_SPLIT GENMASK(10, 6)
152 #define STRTAB_BASE_CFG_LOG2SIZE GENMASK(5, 0)
154 #define ARM_SMMU_CMDQ_BASE 0x90
155 #define ARM_SMMU_CMDQ_PROD 0x98
156 #define ARM_SMMU_CMDQ_CONS 0x9c
158 #define ARM_SMMU_EVTQ_BASE 0xa0
159 #define ARM_SMMU_EVTQ_PROD 0x100a8
160 #define ARM_SMMU_EVTQ_CONS 0x100ac
161 #define ARM_SMMU_EVTQ_IRQ_CFG0 0xb0
162 #define ARM_SMMU_EVTQ_IRQ_CFG1 0xb8
163 #define ARM_SMMU_EVTQ_IRQ_CFG2 0xbc
165 #define ARM_SMMU_PRIQ_BASE 0xc0
166 #define ARM_SMMU_PRIQ_PROD 0x100c8
167 #define ARM_SMMU_PRIQ_CONS 0x100cc
168 #define ARM_SMMU_PRIQ_IRQ_CFG0 0xd0
169 #define ARM_SMMU_PRIQ_IRQ_CFG1 0xd8
170 #define ARM_SMMU_PRIQ_IRQ_CFG2 0xdc
172 /* Common MSI config fields */
173 #define MSI_CFG0_ADDR_MASK GENMASK_ULL(51, 2)
174 #define MSI_CFG2_SH GENMASK(5, 4)
175 #define MSI_CFG2_MEMATTR GENMASK(3, 0)
177 /* Common memory attribute values */
178 #define ARM_SMMU_SH_NSH 0
179 #define ARM_SMMU_SH_OSH 2
180 #define ARM_SMMU_SH_ISH 3
181 #define ARM_SMMU_MEMATTR_DEVICE_nGnRE 0x1
182 #define ARM_SMMU_MEMATTR_OIWB 0xf
184 #define Q_IDX(llq, p) ((p) & ((1 << (llq)->max_n_shift) - 1))
185 #define Q_WRP(llq, p) ((p) & (1 << (llq)->max_n_shift))
186 #define Q_OVERFLOW_FLAG (1U << 31)
187 #define Q_OVF(p) ((p) & Q_OVERFLOW_FLAG)
188 #define Q_ENT(q, p) ((q)->base + \
189 Q_IDX(&((q)->llq), p) * \
192 #define Q_BASE_RWA (1UL << 62)
193 #define Q_BASE_ADDR_MASK GENMASK_ULL(51, 5)
194 #define Q_BASE_LOG2SIZE GENMASK(4, 0)
196 /* Ensure DMA allocations are naturally aligned */
197 #ifdef CONFIG_CMA_ALIGNMENT
198 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + CONFIG_CMA_ALIGNMENT)
200 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + MAX_ORDER - 1)
206 * Linear: Enough to cover 1 << IDR1.SIDSIZE entries
207 * 2lvl: 128k L1 entries,
208 * 256 lazy entries per table (each table covers a PCI bus)
210 #define STRTAB_L1_SZ_SHIFT 20
211 #define STRTAB_SPLIT 8
213 #define STRTAB_L1_DESC_DWORDS 1
214 #define STRTAB_L1_DESC_SPAN GENMASK_ULL(4, 0)
215 #define STRTAB_L1_DESC_L2PTR_MASK GENMASK_ULL(51, 6)
217 #define STRTAB_STE_DWORDS 8
218 #define STRTAB_STE_0_V (1UL << 0)
219 #define STRTAB_STE_0_CFG GENMASK_ULL(3, 1)
220 #define STRTAB_STE_0_CFG_ABORT 0
221 #define STRTAB_STE_0_CFG_BYPASS 4
222 #define STRTAB_STE_0_CFG_S1_TRANS 5
223 #define STRTAB_STE_0_CFG_S2_TRANS 6
225 #define STRTAB_STE_0_S1FMT GENMASK_ULL(5, 4)
226 #define STRTAB_STE_0_S1FMT_LINEAR 0
227 #define STRTAB_STE_0_S1CTXPTR_MASK GENMASK_ULL(51, 6)
228 #define STRTAB_STE_0_S1CDMAX GENMASK_ULL(63, 59)
230 #define STRTAB_STE_1_S1C_CACHE_NC 0UL
231 #define STRTAB_STE_1_S1C_CACHE_WBRA 1UL
232 #define STRTAB_STE_1_S1C_CACHE_WT 2UL
233 #define STRTAB_STE_1_S1C_CACHE_WB 3UL
234 #define STRTAB_STE_1_S1CIR GENMASK_ULL(3, 2)
235 #define STRTAB_STE_1_S1COR GENMASK_ULL(5, 4)
236 #define STRTAB_STE_1_S1CSH GENMASK_ULL(7, 6)
238 #define STRTAB_STE_1_S1STALLD (1UL << 27)
240 #define STRTAB_STE_1_EATS GENMASK_ULL(29, 28)
241 #define STRTAB_STE_1_EATS_ABT 0UL
242 #define STRTAB_STE_1_EATS_TRANS 1UL
243 #define STRTAB_STE_1_EATS_S1CHK 2UL
245 #define STRTAB_STE_1_STRW GENMASK_ULL(31, 30)
246 #define STRTAB_STE_1_STRW_NSEL1 0UL
247 #define STRTAB_STE_1_STRW_EL2 2UL
249 #define STRTAB_STE_1_SHCFG GENMASK_ULL(45, 44)
250 #define STRTAB_STE_1_SHCFG_INCOMING 1UL
252 #define STRTAB_STE_2_S2VMID GENMASK_ULL(15, 0)
253 #define STRTAB_STE_2_VTCR GENMASK_ULL(50, 32)
254 #define STRTAB_STE_2_S2AA64 (1UL << 51)
255 #define STRTAB_STE_2_S2ENDI (1UL << 52)
256 #define STRTAB_STE_2_S2PTW (1UL << 54)
257 #define STRTAB_STE_2_S2R (1UL << 58)
259 #define STRTAB_STE_3_S2TTB_MASK GENMASK_ULL(51, 4)
261 /* Context descriptor (stage-1 only) */
262 #define CTXDESC_CD_DWORDS 8
263 #define CTXDESC_CD_0_TCR_T0SZ GENMASK_ULL(5, 0)
264 #define ARM64_TCR_T0SZ GENMASK_ULL(5, 0)
265 #define CTXDESC_CD_0_TCR_TG0 GENMASK_ULL(7, 6)
266 #define ARM64_TCR_TG0 GENMASK_ULL(15, 14)
267 #define CTXDESC_CD_0_TCR_IRGN0 GENMASK_ULL(9, 8)
268 #define ARM64_TCR_IRGN0 GENMASK_ULL(9, 8)
269 #define CTXDESC_CD_0_TCR_ORGN0 GENMASK_ULL(11, 10)
270 #define ARM64_TCR_ORGN0 GENMASK_ULL(11, 10)
271 #define CTXDESC_CD_0_TCR_SH0 GENMASK_ULL(13, 12)
272 #define ARM64_TCR_SH0 GENMASK_ULL(13, 12)
273 #define CTXDESC_CD_0_TCR_EPD0 (1ULL << 14)
274 #define ARM64_TCR_EPD0 (1ULL << 7)
275 #define CTXDESC_CD_0_TCR_EPD1 (1ULL << 30)
276 #define ARM64_TCR_EPD1 (1ULL << 23)
278 #define CTXDESC_CD_0_ENDI (1UL << 15)
279 #define CTXDESC_CD_0_V (1UL << 31)
281 #define CTXDESC_CD_0_TCR_IPS GENMASK_ULL(34, 32)
282 #define ARM64_TCR_IPS GENMASK_ULL(34, 32)
283 #define CTXDESC_CD_0_TCR_TBI0 (1ULL << 38)
284 #define ARM64_TCR_TBI0 (1ULL << 37)
286 #define CTXDESC_CD_0_AA64 (1UL << 41)
287 #define CTXDESC_CD_0_S (1UL << 44)
288 #define CTXDESC_CD_0_R (1UL << 45)
289 #define CTXDESC_CD_0_A (1UL << 46)
290 #define CTXDESC_CD_0_ASET (1UL << 47)
291 #define CTXDESC_CD_0_ASID GENMASK_ULL(63, 48)
293 #define CTXDESC_CD_1_TTB0_MASK GENMASK_ULL(51, 4)
295 /* Convert between AArch64 (CPU) TCR format and SMMU CD format */
296 #define ARM_SMMU_TCR2CD(tcr, fld) FIELD_PREP(CTXDESC_CD_0_TCR_##fld, \
297 FIELD_GET(ARM64_TCR_##fld, tcr))
300 #define CMDQ_ENT_SZ_SHIFT 4
301 #define CMDQ_ENT_DWORDS ((1 << CMDQ_ENT_SZ_SHIFT) >> 3)
302 #define CMDQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - CMDQ_ENT_SZ_SHIFT)
304 #define CMDQ_CONS_ERR GENMASK(30, 24)
305 #define CMDQ_ERR_CERROR_NONE_IDX 0
306 #define CMDQ_ERR_CERROR_ILL_IDX 1
307 #define CMDQ_ERR_CERROR_ABT_IDX 2
308 #define CMDQ_ERR_CERROR_ATC_INV_IDX 3
310 #define CMDQ_PROD_OWNED_FLAG Q_OVERFLOW_FLAG
313 * This is used to size the command queue and therefore must be at least
314 * BITS_PER_LONG so that the valid_map works correctly (it relies on the
315 * total number of queue entries being a multiple of BITS_PER_LONG).
317 #define CMDQ_BATCH_ENTRIES BITS_PER_LONG
319 #define CMDQ_0_OP GENMASK_ULL(7, 0)
320 #define CMDQ_0_SSV (1UL << 11)
322 #define CMDQ_PREFETCH_0_SID GENMASK_ULL(63, 32)
323 #define CMDQ_PREFETCH_1_SIZE GENMASK_ULL(4, 0)
324 #define CMDQ_PREFETCH_1_ADDR_MASK GENMASK_ULL(63, 12)
326 #define CMDQ_CFGI_0_SID GENMASK_ULL(63, 32)
327 #define CMDQ_CFGI_1_LEAF (1UL << 0)
328 #define CMDQ_CFGI_1_RANGE GENMASK_ULL(4, 0)
330 #define CMDQ_TLBI_0_VMID GENMASK_ULL(47, 32)
331 #define CMDQ_TLBI_0_ASID GENMASK_ULL(63, 48)
332 #define CMDQ_TLBI_1_LEAF (1UL << 0)
333 #define CMDQ_TLBI_1_VA_MASK GENMASK_ULL(63, 12)
334 #define CMDQ_TLBI_1_IPA_MASK GENMASK_ULL(51, 12)
336 #define CMDQ_ATC_0_SSID GENMASK_ULL(31, 12)
337 #define CMDQ_ATC_0_SID GENMASK_ULL(63, 32)
338 #define CMDQ_ATC_0_GLOBAL (1UL << 9)
339 #define CMDQ_ATC_1_SIZE GENMASK_ULL(5, 0)
340 #define CMDQ_ATC_1_ADDR_MASK GENMASK_ULL(63, 12)
342 #define CMDQ_PRI_0_SSID GENMASK_ULL(31, 12)
343 #define CMDQ_PRI_0_SID GENMASK_ULL(63, 32)
344 #define CMDQ_PRI_1_GRPID GENMASK_ULL(8, 0)
345 #define CMDQ_PRI_1_RESP GENMASK_ULL(13, 12)
347 #define CMDQ_SYNC_0_CS GENMASK_ULL(13, 12)
348 #define CMDQ_SYNC_0_CS_NONE 0
349 #define CMDQ_SYNC_0_CS_IRQ 1
350 #define CMDQ_SYNC_0_CS_SEV 2
351 #define CMDQ_SYNC_0_MSH GENMASK_ULL(23, 22)
352 #define CMDQ_SYNC_0_MSIATTR GENMASK_ULL(27, 24)
353 #define CMDQ_SYNC_0_MSIDATA GENMASK_ULL(63, 32)
354 #define CMDQ_SYNC_1_MSIADDR_MASK GENMASK_ULL(51, 2)
357 #define EVTQ_ENT_SZ_SHIFT 5
358 #define EVTQ_ENT_DWORDS ((1 << EVTQ_ENT_SZ_SHIFT) >> 3)
359 #define EVTQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - EVTQ_ENT_SZ_SHIFT)
361 #define EVTQ_0_ID GENMASK_ULL(7, 0)
364 #define PRIQ_ENT_SZ_SHIFT 4
365 #define PRIQ_ENT_DWORDS ((1 << PRIQ_ENT_SZ_SHIFT) >> 3)
366 #define PRIQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - PRIQ_ENT_SZ_SHIFT)
368 #define PRIQ_0_SID GENMASK_ULL(31, 0)
369 #define PRIQ_0_SSID GENMASK_ULL(51, 32)
370 #define PRIQ_0_PERM_PRIV (1UL << 58)
371 #define PRIQ_0_PERM_EXEC (1UL << 59)
372 #define PRIQ_0_PERM_READ (1UL << 60)
373 #define PRIQ_0_PERM_WRITE (1UL << 61)
374 #define PRIQ_0_PRG_LAST (1UL << 62)
375 #define PRIQ_0_SSID_V (1UL << 63)
377 #define PRIQ_1_PRG_IDX GENMASK_ULL(8, 0)
378 #define PRIQ_1_ADDR_MASK GENMASK_ULL(63, 12)
380 /* High-level queue structures */
381 #define ARM_SMMU_POLL_TIMEOUT_US 1000000 /* 1s! */
382 #define ARM_SMMU_POLL_SPIN_COUNT 10
384 #define MSI_IOVA_BASE 0x8000000
385 #define MSI_IOVA_LENGTH 0x100000
388 * not really modular, but the easiest way to keep compat with existing
389 * bootargs behaviour is to continue using module_param_named here.
391 static bool disable_bypass = 1;
392 module_param_named(disable_bypass, disable_bypass, bool, S_IRUGO);
393 MODULE_PARM_DESC(disable_bypass,
394 "Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU.");
402 enum arm_smmu_msi_index {
409 static phys_addr_t arm_smmu_msi_cfg[ARM_SMMU_MAX_MSIS][3] = {
411 ARM_SMMU_EVTQ_IRQ_CFG0,
412 ARM_SMMU_EVTQ_IRQ_CFG1,
413 ARM_SMMU_EVTQ_IRQ_CFG2,
415 [GERROR_MSI_INDEX] = {
416 ARM_SMMU_GERROR_IRQ_CFG0,
417 ARM_SMMU_GERROR_IRQ_CFG1,
418 ARM_SMMU_GERROR_IRQ_CFG2,
421 ARM_SMMU_PRIQ_IRQ_CFG0,
422 ARM_SMMU_PRIQ_IRQ_CFG1,
423 ARM_SMMU_PRIQ_IRQ_CFG2,
427 struct arm_smmu_cmdq_ent {
430 bool substream_valid;
432 /* Command-specific fields */
434 #define CMDQ_OP_PREFETCH_CFG 0x1
441 #define CMDQ_OP_CFGI_STE 0x3
442 #define CMDQ_OP_CFGI_ALL 0x4
451 #define CMDQ_OP_TLBI_NH_ASID 0x11
452 #define CMDQ_OP_TLBI_NH_VA 0x12
453 #define CMDQ_OP_TLBI_EL2_ALL 0x20
454 #define CMDQ_OP_TLBI_S12_VMALL 0x28
455 #define CMDQ_OP_TLBI_S2_IPA 0x2a
456 #define CMDQ_OP_TLBI_NSNH_ALL 0x30
464 #define CMDQ_OP_ATC_INV 0x40
465 #define ATC_INV_SIZE_ALL 52
474 #define CMDQ_OP_PRI_RESP 0x41
482 #define CMDQ_OP_CMD_SYNC 0x46
489 struct arm_smmu_ll_queue {
500 u8 __pad[SMP_CACHE_BYTES];
501 } ____cacheline_aligned_in_smp;
505 struct arm_smmu_queue {
506 struct arm_smmu_ll_queue llq;
507 int irq; /* Wired interrupt */
515 u32 __iomem *prod_reg;
516 u32 __iomem *cons_reg;
519 struct arm_smmu_queue_poll {
522 unsigned int spin_cnt;
526 struct arm_smmu_cmdq {
527 struct arm_smmu_queue q;
528 atomic_long_t *valid_map;
533 struct arm_smmu_evtq {
534 struct arm_smmu_queue q;
538 struct arm_smmu_priq {
539 struct arm_smmu_queue q;
542 /* High-level stream table and context descriptor structures */
543 struct arm_smmu_strtab_l1_desc {
547 dma_addr_t l2ptr_dma;
550 struct arm_smmu_s1_cfg {
552 dma_addr_t cdptr_dma;
554 struct arm_smmu_ctx_desc {
562 struct arm_smmu_s2_cfg {
568 struct arm_smmu_strtab_cfg {
570 dma_addr_t strtab_dma;
571 struct arm_smmu_strtab_l1_desc *l1_desc;
572 unsigned int num_l1_ents;
578 /* An SMMUv3 instance */
579 struct arm_smmu_device {
583 #define ARM_SMMU_FEAT_2_LVL_STRTAB (1 << 0)
584 #define ARM_SMMU_FEAT_2_LVL_CDTAB (1 << 1)
585 #define ARM_SMMU_FEAT_TT_LE (1 << 2)
586 #define ARM_SMMU_FEAT_TT_BE (1 << 3)
587 #define ARM_SMMU_FEAT_PRI (1 << 4)
588 #define ARM_SMMU_FEAT_ATS (1 << 5)
589 #define ARM_SMMU_FEAT_SEV (1 << 6)
590 #define ARM_SMMU_FEAT_MSI (1 << 7)
591 #define ARM_SMMU_FEAT_COHERENCY (1 << 8)
592 #define ARM_SMMU_FEAT_TRANS_S1 (1 << 9)
593 #define ARM_SMMU_FEAT_TRANS_S2 (1 << 10)
594 #define ARM_SMMU_FEAT_STALLS (1 << 11)
595 #define ARM_SMMU_FEAT_HYP (1 << 12)
596 #define ARM_SMMU_FEAT_STALL_FORCE (1 << 13)
597 #define ARM_SMMU_FEAT_VAX (1 << 14)
600 #define ARM_SMMU_OPT_SKIP_PREFETCH (1 << 0)
601 #define ARM_SMMU_OPT_PAGE0_REGS_ONLY (1 << 1)
604 struct arm_smmu_cmdq cmdq;
605 struct arm_smmu_evtq evtq;
606 struct arm_smmu_priq priq;
611 unsigned long ias; /* IPA */
612 unsigned long oas; /* PA */
613 unsigned long pgsize_bitmap;
615 #define ARM_SMMU_MAX_ASIDS (1 << 16)
616 unsigned int asid_bits;
617 DECLARE_BITMAP(asid_map, ARM_SMMU_MAX_ASIDS);
619 #define ARM_SMMU_MAX_VMIDS (1 << 16)
620 unsigned int vmid_bits;
621 DECLARE_BITMAP(vmid_map, ARM_SMMU_MAX_VMIDS);
623 unsigned int ssid_bits;
624 unsigned int sid_bits;
626 struct arm_smmu_strtab_cfg strtab_cfg;
628 /* IOMMU core code handle */
629 struct iommu_device iommu;
632 /* SMMU private data for each master */
633 struct arm_smmu_master {
634 struct arm_smmu_device *smmu;
636 struct arm_smmu_domain *domain;
637 struct list_head domain_head;
639 unsigned int num_sids;
643 /* SMMU private data for an IOMMU domain */
644 enum arm_smmu_domain_stage {
645 ARM_SMMU_DOMAIN_S1 = 0,
647 ARM_SMMU_DOMAIN_NESTED,
648 ARM_SMMU_DOMAIN_BYPASS,
651 struct arm_smmu_domain {
652 struct arm_smmu_device *smmu;
653 struct mutex init_mutex; /* Protects smmu pointer */
655 struct io_pgtable_ops *pgtbl_ops;
657 atomic_t nr_ats_masters;
659 enum arm_smmu_domain_stage stage;
661 struct arm_smmu_s1_cfg s1_cfg;
662 struct arm_smmu_s2_cfg s2_cfg;
665 struct iommu_domain domain;
667 struct list_head devices;
668 spinlock_t devices_lock;
671 struct arm_smmu_option_prop {
676 static struct arm_smmu_option_prop arm_smmu_options[] = {
677 { ARM_SMMU_OPT_SKIP_PREFETCH, "hisilicon,broken-prefetch-cmd" },
678 { ARM_SMMU_OPT_PAGE0_REGS_ONLY, "cavium,cn9900-broken-page1-regspace"},
682 static inline void __iomem *arm_smmu_page1_fixup(unsigned long offset,
683 struct arm_smmu_device *smmu)
685 if ((offset > SZ_64K) &&
686 (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY))
689 return smmu->base + offset;
692 static struct arm_smmu_domain *to_smmu_domain(struct iommu_domain *dom)
694 return container_of(dom, struct arm_smmu_domain, domain);
697 static void parse_driver_options(struct arm_smmu_device *smmu)
702 if (of_property_read_bool(smmu->dev->of_node,
703 arm_smmu_options[i].prop)) {
704 smmu->options |= arm_smmu_options[i].opt;
705 dev_notice(smmu->dev, "option %s\n",
706 arm_smmu_options[i].prop);
708 } while (arm_smmu_options[++i].opt);
711 /* Low-level queue manipulation functions */
712 static bool queue_has_space(struct arm_smmu_ll_queue *q, u32 n)
714 u32 space, prod, cons;
716 prod = Q_IDX(q, q->prod);
717 cons = Q_IDX(q, q->cons);
719 if (Q_WRP(q, q->prod) == Q_WRP(q, q->cons))
720 space = (1 << q->max_n_shift) - (prod - cons);
727 static bool queue_full(struct arm_smmu_ll_queue *q)
729 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
730 Q_WRP(q, q->prod) != Q_WRP(q, q->cons);
733 static bool queue_empty(struct arm_smmu_ll_queue *q)
735 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
736 Q_WRP(q, q->prod) == Q_WRP(q, q->cons);
739 static bool queue_consumed(struct arm_smmu_ll_queue *q, u32 prod)
741 return ((Q_WRP(q, q->cons) == Q_WRP(q, prod)) &&
742 (Q_IDX(q, q->cons) > Q_IDX(q, prod))) ||
743 ((Q_WRP(q, q->cons) != Q_WRP(q, prod)) &&
744 (Q_IDX(q, q->cons) <= Q_IDX(q, prod)));
747 static void queue_sync_cons_out(struct arm_smmu_queue *q)
750 * Ensure that all CPU accesses (reads and writes) to the queue
751 * are complete before we update the cons pointer.
754 writel_relaxed(q->llq.cons, q->cons_reg);
757 static void queue_inc_cons(struct arm_smmu_ll_queue *q)
759 u32 cons = (Q_WRP(q, q->cons) | Q_IDX(q, q->cons)) + 1;
760 q->cons = Q_OVF(q->cons) | Q_WRP(q, cons) | Q_IDX(q, cons);
763 static int queue_sync_prod_in(struct arm_smmu_queue *q)
766 u32 prod = readl_relaxed(q->prod_reg);
768 if (Q_OVF(prod) != Q_OVF(q->llq.prod))
775 static u32 queue_inc_prod_n(struct arm_smmu_ll_queue *q, int n)
777 u32 prod = (Q_WRP(q, q->prod) | Q_IDX(q, q->prod)) + n;
778 return Q_OVF(q->prod) | Q_WRP(q, prod) | Q_IDX(q, prod);
781 static void queue_poll_init(struct arm_smmu_device *smmu,
782 struct arm_smmu_queue_poll *qp)
786 qp->wfe = !!(smmu->features & ARM_SMMU_FEAT_SEV);
787 qp->timeout = ktime_add_us(ktime_get(), ARM_SMMU_POLL_TIMEOUT_US);
790 static int queue_poll(struct arm_smmu_queue_poll *qp)
792 if (ktime_compare(ktime_get(), qp->timeout) > 0)
797 } else if (++qp->spin_cnt < ARM_SMMU_POLL_SPIN_COUNT) {
808 static void queue_write(__le64 *dst, u64 *src, size_t n_dwords)
812 for (i = 0; i < n_dwords; ++i)
813 *dst++ = cpu_to_le64(*src++);
816 static void queue_read(__le64 *dst, u64 *src, size_t n_dwords)
820 for (i = 0; i < n_dwords; ++i)
821 *dst++ = le64_to_cpu(*src++);
824 static int queue_remove_raw(struct arm_smmu_queue *q, u64 *ent)
826 if (queue_empty(&q->llq))
829 queue_read(ent, Q_ENT(q, q->llq.cons), q->ent_dwords);
830 queue_inc_cons(&q->llq);
831 queue_sync_cons_out(q);
835 /* High-level queue accessors */
836 static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
838 memset(cmd, 0, 1 << CMDQ_ENT_SZ_SHIFT);
839 cmd[0] |= FIELD_PREP(CMDQ_0_OP, ent->opcode);
841 switch (ent->opcode) {
842 case CMDQ_OP_TLBI_EL2_ALL:
843 case CMDQ_OP_TLBI_NSNH_ALL:
845 case CMDQ_OP_PREFETCH_CFG:
846 cmd[0] |= FIELD_PREP(CMDQ_PREFETCH_0_SID, ent->prefetch.sid);
847 cmd[1] |= FIELD_PREP(CMDQ_PREFETCH_1_SIZE, ent->prefetch.size);
848 cmd[1] |= ent->prefetch.addr & CMDQ_PREFETCH_1_ADDR_MASK;
850 case CMDQ_OP_CFGI_STE:
851 cmd[0] |= FIELD_PREP(CMDQ_CFGI_0_SID, ent->cfgi.sid);
852 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_LEAF, ent->cfgi.leaf);
854 case CMDQ_OP_CFGI_ALL:
855 /* Cover the entire SID range */
856 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_RANGE, 31);
858 case CMDQ_OP_TLBI_NH_VA:
859 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
860 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
861 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_VA_MASK;
863 case CMDQ_OP_TLBI_S2_IPA:
864 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
865 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
866 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_IPA_MASK;
868 case CMDQ_OP_TLBI_NH_ASID:
869 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
871 case CMDQ_OP_TLBI_S12_VMALL:
872 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
874 case CMDQ_OP_ATC_INV:
875 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
876 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_GLOBAL, ent->atc.global);
877 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SSID, ent->atc.ssid);
878 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SID, ent->atc.sid);
879 cmd[1] |= FIELD_PREP(CMDQ_ATC_1_SIZE, ent->atc.size);
880 cmd[1] |= ent->atc.addr & CMDQ_ATC_1_ADDR_MASK;
882 case CMDQ_OP_PRI_RESP:
883 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
884 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SSID, ent->pri.ssid);
885 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SID, ent->pri.sid);
886 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_GRPID, ent->pri.grpid);
887 switch (ent->pri.resp) {
895 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_RESP, ent->pri.resp);
897 case CMDQ_OP_CMD_SYNC:
898 if (ent->sync.msiaddr) {
899 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_IRQ);
900 cmd[1] |= ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
902 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_SEV);
904 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
905 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
914 static void arm_smmu_cmdq_build_sync_cmd(u64 *cmd, struct arm_smmu_device *smmu,
917 struct arm_smmu_queue *q = &smmu->cmdq.q;
918 struct arm_smmu_cmdq_ent ent = {
919 .opcode = CMDQ_OP_CMD_SYNC,
923 * Beware that Hi16xx adds an extra 32 bits of goodness to its MSI
924 * payload, so the write will zero the entire command on that platform.
926 if (smmu->features & ARM_SMMU_FEAT_MSI &&
927 smmu->features & ARM_SMMU_FEAT_COHERENCY) {
928 ent.sync.msiaddr = q->base_dma + Q_IDX(&q->llq, prod) *
932 arm_smmu_cmdq_build_cmd(cmd, &ent);
935 static void arm_smmu_cmdq_skip_err(struct arm_smmu_device *smmu)
937 static const char *cerror_str[] = {
938 [CMDQ_ERR_CERROR_NONE_IDX] = "No error",
939 [CMDQ_ERR_CERROR_ILL_IDX] = "Illegal command",
940 [CMDQ_ERR_CERROR_ABT_IDX] = "Abort on command fetch",
941 [CMDQ_ERR_CERROR_ATC_INV_IDX] = "ATC invalidate timeout",
945 u64 cmd[CMDQ_ENT_DWORDS];
946 struct arm_smmu_queue *q = &smmu->cmdq.q;
947 u32 cons = readl_relaxed(q->cons_reg);
948 u32 idx = FIELD_GET(CMDQ_CONS_ERR, cons);
949 struct arm_smmu_cmdq_ent cmd_sync = {
950 .opcode = CMDQ_OP_CMD_SYNC,
953 dev_err(smmu->dev, "CMDQ error (cons 0x%08x): %s\n", cons,
954 idx < ARRAY_SIZE(cerror_str) ? cerror_str[idx] : "Unknown");
957 case CMDQ_ERR_CERROR_ABT_IDX:
958 dev_err(smmu->dev, "retrying command fetch\n");
959 case CMDQ_ERR_CERROR_NONE_IDX:
961 case CMDQ_ERR_CERROR_ATC_INV_IDX:
963 * ATC Invalidation Completion timeout. CONS is still pointing
964 * at the CMD_SYNC. Attempt to complete other pending commands
965 * by repeating the CMD_SYNC, though we might well end up back
966 * here since the ATC invalidation may still be pending.
969 case CMDQ_ERR_CERROR_ILL_IDX:
976 * We may have concurrent producers, so we need to be careful
977 * not to touch any of the shadow cmdq state.
979 queue_read(cmd, Q_ENT(q, cons), q->ent_dwords);
980 dev_err(smmu->dev, "skipping command in error state:\n");
981 for (i = 0; i < ARRAY_SIZE(cmd); ++i)
982 dev_err(smmu->dev, "\t0x%016llx\n", (unsigned long long)cmd[i]);
984 /* Convert the erroneous command into a CMD_SYNC */
985 if (arm_smmu_cmdq_build_cmd(cmd, &cmd_sync)) {
986 dev_err(smmu->dev, "failed to convert to CMD_SYNC\n");
990 queue_write(Q_ENT(q, cons), cmd, q->ent_dwords);
994 * Command queue locking.
995 * This is a form of bastardised rwlock with the following major changes:
997 * - The only LOCK routines are exclusive_trylock() and shared_lock().
998 * Neither have barrier semantics, and instead provide only a control
1001 * - The UNLOCK routines are supplemented with shared_tryunlock(), which
1002 * fails if the caller appears to be the last lock holder (yes, this is
1003 * racy). All successful UNLOCK routines have RELEASE semantics.
1005 static void arm_smmu_cmdq_shared_lock(struct arm_smmu_cmdq *cmdq)
1010 * We can try to avoid the cmpxchg() loop by simply incrementing the
1011 * lock counter. When held in exclusive state, the lock counter is set
1012 * to INT_MIN so these increments won't hurt as the value will remain
1015 if (atomic_fetch_inc_relaxed(&cmdq->lock) >= 0)
1019 val = atomic_cond_read_relaxed(&cmdq->lock, VAL >= 0);
1020 } while (atomic_cmpxchg_relaxed(&cmdq->lock, val, val + 1) != val);
1023 static void arm_smmu_cmdq_shared_unlock(struct arm_smmu_cmdq *cmdq)
1025 (void)atomic_dec_return_release(&cmdq->lock);
1028 static bool arm_smmu_cmdq_shared_tryunlock(struct arm_smmu_cmdq *cmdq)
1030 if (atomic_read(&cmdq->lock) == 1)
1033 arm_smmu_cmdq_shared_unlock(cmdq);
1037 #define arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags) \
1040 local_irq_save(flags); \
1041 __ret = !atomic_cmpxchg_relaxed(&cmdq->lock, 0, INT_MIN); \
1043 local_irq_restore(flags); \
1047 #define arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags) \
1049 atomic_set_release(&cmdq->lock, 0); \
1050 local_irq_restore(flags); \
1055 * Command queue insertion.
1056 * This is made fiddly by our attempts to achieve some sort of scalability
1057 * since there is one queue shared amongst all of the CPUs in the system. If
1058 * you like mixed-size concurrency, dependency ordering and relaxed atomics,
1059 * then you'll *love* this monstrosity.
1061 * The basic idea is to split the queue up into ranges of commands that are
1062 * owned by a given CPU; the owner may not have written all of the commands
1063 * itself, but is responsible for advancing the hardware prod pointer when
1064 * the time comes. The algorithm is roughly:
1066 * 1. Allocate some space in the queue. At this point we also discover
1067 * whether the head of the queue is currently owned by another CPU,
1068 * or whether we are the owner.
1070 * 2. Write our commands into our allocated slots in the queue.
1072 * 3. Mark our slots as valid in arm_smmu_cmdq.valid_map.
1074 * 4. If we are an owner:
1075 * a. Wait for the previous owner to finish.
1076 * b. Mark the queue head as unowned, which tells us the range
1077 * that we are responsible for publishing.
1078 * c. Wait for all commands in our owned range to become valid.
1079 * d. Advance the hardware prod pointer.
1080 * e. Tell the next owner we've finished.
1082 * 5. If we are inserting a CMD_SYNC (we may or may not have been an
1083 * owner), then we need to stick around until it has completed:
1084 * a. If we have MSIs, the SMMU can write back into the CMD_SYNC
1085 * to clear the first 4 bytes.
1086 * b. Otherwise, we spin waiting for the hardware cons pointer to
1087 * advance past our command.
1089 * The devil is in the details, particularly the use of locking for handling
1090 * SYNC completion and freeing up space in the queue before we think that it is
1093 static void __arm_smmu_cmdq_poll_set_valid_map(struct arm_smmu_cmdq *cmdq,
1094 u32 sprod, u32 eprod, bool set)
1096 u32 swidx, sbidx, ewidx, ebidx;
1097 struct arm_smmu_ll_queue llq = {
1098 .max_n_shift = cmdq->q.llq.max_n_shift,
1102 ewidx = BIT_WORD(Q_IDX(&llq, eprod));
1103 ebidx = Q_IDX(&llq, eprod) % BITS_PER_LONG;
1105 while (llq.prod != eprod) {
1108 u32 limit = BITS_PER_LONG;
1110 swidx = BIT_WORD(Q_IDX(&llq, llq.prod));
1111 sbidx = Q_IDX(&llq, llq.prod) % BITS_PER_LONG;
1113 ptr = &cmdq->valid_map[swidx];
1115 if ((swidx == ewidx) && (sbidx < ebidx))
1118 mask = GENMASK(limit - 1, sbidx);
1121 * The valid bit is the inverse of the wrap bit. This means
1122 * that a zero-initialised queue is invalid and, after marking
1123 * all entries as valid, they become invalid again when we
1127 atomic_long_xor(mask, ptr);
1129 unsigned long valid;
1131 valid = (ULONG_MAX + !!Q_WRP(&llq, llq.prod)) & mask;
1132 atomic_long_cond_read_relaxed(ptr, (VAL & mask) == valid);
1135 llq.prod = queue_inc_prod_n(&llq, limit - sbidx);
1139 /* Mark all entries in the range [sprod, eprod) as valid */
1140 static void arm_smmu_cmdq_set_valid_map(struct arm_smmu_cmdq *cmdq,
1141 u32 sprod, u32 eprod)
1143 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, true);
1146 /* Wait for all entries in the range [sprod, eprod) to become valid */
1147 static void arm_smmu_cmdq_poll_valid_map(struct arm_smmu_cmdq *cmdq,
1148 u32 sprod, u32 eprod)
1150 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, false);
1153 /* Wait for the command queue to become non-full */
1154 static int arm_smmu_cmdq_poll_until_not_full(struct arm_smmu_device *smmu,
1155 struct arm_smmu_ll_queue *llq)
1157 unsigned long flags;
1158 struct arm_smmu_queue_poll qp;
1159 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1163 * Try to update our copy of cons by grabbing exclusive cmdq access. If
1164 * that fails, spin until somebody else updates it for us.
1166 if (arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags)) {
1167 WRITE_ONCE(cmdq->q.llq.cons, readl_relaxed(cmdq->q.cons_reg));
1168 arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags);
1169 llq->val = READ_ONCE(cmdq->q.llq.val);
1173 queue_poll_init(smmu, &qp);
1175 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1176 if (!queue_full(llq))
1179 ret = queue_poll(&qp);
1186 * Wait until the SMMU signals a CMD_SYNC completion MSI.
1187 * Must be called with the cmdq lock held in some capacity.
1189 static int __arm_smmu_cmdq_poll_until_msi(struct arm_smmu_device *smmu,
1190 struct arm_smmu_ll_queue *llq)
1193 struct arm_smmu_queue_poll qp;
1194 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1195 u32 *cmd = (u32 *)(Q_ENT(&cmdq->q, llq->prod));
1197 queue_poll_init(smmu, &qp);
1200 * The MSI won't generate an event, since it's being written back
1201 * into the command queue.
1204 smp_cond_load_relaxed(cmd, !VAL || (ret = queue_poll(&qp)));
1205 llq->cons = ret ? llq->prod : queue_inc_prod_n(llq, 1);
1210 * Wait until the SMMU cons index passes llq->prod.
1211 * Must be called with the cmdq lock held in some capacity.
1213 static int __arm_smmu_cmdq_poll_until_consumed(struct arm_smmu_device *smmu,
1214 struct arm_smmu_ll_queue *llq)
1216 struct arm_smmu_queue_poll qp;
1217 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1218 u32 prod = llq->prod;
1221 queue_poll_init(smmu, &qp);
1222 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1224 if (queue_consumed(llq, prod))
1227 ret = queue_poll(&qp);
1230 * This needs to be a readl() so that our subsequent call
1231 * to arm_smmu_cmdq_shared_tryunlock() can fail accurately.
1233 * Specifically, we need to ensure that we observe all
1234 * shared_lock()s by other CMD_SYNCs that share our owner,
1235 * so that a failing call to tryunlock() means that we're
1236 * the last one out and therefore we can safely advance
1237 * cmdq->q.llq.cons. Roughly speaking:
1239 * CPU 0 CPU1 CPU2 (us)
1249 * <control dependency>
1255 * Requires us to see CPU 0's shared_lock() acquisition.
1257 llq->cons = readl(cmdq->q.cons_reg);
1263 static int arm_smmu_cmdq_poll_until_sync(struct arm_smmu_device *smmu,
1264 struct arm_smmu_ll_queue *llq)
1266 if (smmu->features & ARM_SMMU_FEAT_MSI &&
1267 smmu->features & ARM_SMMU_FEAT_COHERENCY)
1268 return __arm_smmu_cmdq_poll_until_msi(smmu, llq);
1270 return __arm_smmu_cmdq_poll_until_consumed(smmu, llq);
1273 static void arm_smmu_cmdq_write_entries(struct arm_smmu_cmdq *cmdq, u64 *cmds,
1277 struct arm_smmu_ll_queue llq = {
1278 .max_n_shift = cmdq->q.llq.max_n_shift,
1282 for (i = 0; i < n; ++i) {
1283 u64 *cmd = &cmds[i * CMDQ_ENT_DWORDS];
1285 prod = queue_inc_prod_n(&llq, i);
1286 queue_write(Q_ENT(&cmdq->q, prod), cmd, CMDQ_ENT_DWORDS);
1291 * This is the actual insertion function, and provides the following
1292 * ordering guarantees to callers:
1294 * - There is a dma_wmb() before publishing any commands to the queue.
1295 * This can be relied upon to order prior writes to data structures
1296 * in memory (such as a CD or an STE) before the command.
1298 * - On completion of a CMD_SYNC, there is a control dependency.
1299 * This can be relied upon to order subsequent writes to memory (e.g.
1300 * freeing an IOVA) after completion of the CMD_SYNC.
1302 * - Command insertion is totally ordered, so if two CPUs each race to
1303 * insert their own list of commands then all of the commands from one
1304 * CPU will appear before any of the commands from the other CPU.
1306 static int arm_smmu_cmdq_issue_cmdlist(struct arm_smmu_device *smmu,
1307 u64 *cmds, int n, bool sync)
1309 u64 cmd_sync[CMDQ_ENT_DWORDS];
1311 unsigned long flags;
1313 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1314 struct arm_smmu_ll_queue llq = {
1315 .max_n_shift = cmdq->q.llq.max_n_shift,
1319 /* 1. Allocate some space in the queue */
1320 local_irq_save(flags);
1321 llq.val = READ_ONCE(cmdq->q.llq.val);
1325 while (!queue_has_space(&llq, n + sync)) {
1326 local_irq_restore(flags);
1327 if (arm_smmu_cmdq_poll_until_not_full(smmu, &llq))
1328 dev_err_ratelimited(smmu->dev, "CMDQ timeout\n");
1329 local_irq_save(flags);
1332 head.cons = llq.cons;
1333 head.prod = queue_inc_prod_n(&llq, n + sync) |
1334 CMDQ_PROD_OWNED_FLAG;
1336 old = cmpxchg_relaxed(&cmdq->q.llq.val, llq.val, head.val);
1342 owner = !(llq.prod & CMDQ_PROD_OWNED_FLAG);
1343 head.prod &= ~CMDQ_PROD_OWNED_FLAG;
1344 llq.prod &= ~CMDQ_PROD_OWNED_FLAG;
1347 * 2. Write our commands into the queue
1348 * Dependency ordering from the cmpxchg() loop above.
1350 arm_smmu_cmdq_write_entries(cmdq, cmds, llq.prod, n);
1352 prod = queue_inc_prod_n(&llq, n);
1353 arm_smmu_cmdq_build_sync_cmd(cmd_sync, smmu, prod);
1354 queue_write(Q_ENT(&cmdq->q, prod), cmd_sync, CMDQ_ENT_DWORDS);
1357 * In order to determine completion of our CMD_SYNC, we must
1358 * ensure that the queue can't wrap twice without us noticing.
1359 * We achieve that by taking the cmdq lock as shared before
1360 * marking our slot as valid.
1362 arm_smmu_cmdq_shared_lock(cmdq);
1365 /* 3. Mark our slots as valid, ensuring commands are visible first */
1367 arm_smmu_cmdq_set_valid_map(cmdq, llq.prod, head.prod);
1369 /* 4. If we are the owner, take control of the SMMU hardware */
1371 /* a. Wait for previous owner to finish */
1372 atomic_cond_read_relaxed(&cmdq->owner_prod, VAL == llq.prod);
1374 /* b. Stop gathering work by clearing the owned flag */
1375 prod = atomic_fetch_andnot_relaxed(CMDQ_PROD_OWNED_FLAG,
1376 &cmdq->q.llq.atomic.prod);
1377 prod &= ~CMDQ_PROD_OWNED_FLAG;
1380 * c. Wait for any gathered work to be written to the queue.
1381 * Note that we read our own entries so that we have the control
1382 * dependency required by (d).
1384 arm_smmu_cmdq_poll_valid_map(cmdq, llq.prod, prod);
1387 * d. Advance the hardware prod pointer
1388 * Control dependency ordering from the entries becoming valid.
1390 writel_relaxed(prod, cmdq->q.prod_reg);
1393 * e. Tell the next owner we're done
1394 * Make sure we've updated the hardware first, so that we don't
1395 * race to update prod and potentially move it backwards.
1397 atomic_set_release(&cmdq->owner_prod, prod);
1400 /* 5. If we are inserting a CMD_SYNC, we must wait for it to complete */
1402 llq.prod = queue_inc_prod_n(&llq, n);
1403 ret = arm_smmu_cmdq_poll_until_sync(smmu, &llq);
1405 dev_err_ratelimited(smmu->dev,
1406 "CMD_SYNC timeout at 0x%08x [hwprod 0x%08x, hwcons 0x%08x]\n",
1408 readl_relaxed(cmdq->q.prod_reg),
1409 readl_relaxed(cmdq->q.cons_reg));
1413 * Try to unlock the cmq lock. This will fail if we're the last
1414 * reader, in which case we can safely update cmdq->q.llq.cons
1416 if (!arm_smmu_cmdq_shared_tryunlock(cmdq)) {
1417 WRITE_ONCE(cmdq->q.llq.cons, llq.cons);
1418 arm_smmu_cmdq_shared_unlock(cmdq);
1422 local_irq_restore(flags);
1426 static int arm_smmu_cmdq_issue_cmd(struct arm_smmu_device *smmu,
1427 struct arm_smmu_cmdq_ent *ent)
1429 u64 cmd[CMDQ_ENT_DWORDS];
1431 if (arm_smmu_cmdq_build_cmd(cmd, ent)) {
1432 dev_warn(smmu->dev, "ignoring unknown CMDQ opcode 0x%x\n",
1437 return arm_smmu_cmdq_issue_cmdlist(smmu, cmd, 1, false);
1440 static int arm_smmu_cmdq_issue_sync(struct arm_smmu_device *smmu)
1442 return arm_smmu_cmdq_issue_cmdlist(smmu, NULL, 0, true);
1445 /* Context descriptor manipulation functions */
1446 static u64 arm_smmu_cpu_tcr_to_cd(u64 tcr)
1450 /* Repack the TCR. Just care about TTBR0 for now */
1451 val |= ARM_SMMU_TCR2CD(tcr, T0SZ);
1452 val |= ARM_SMMU_TCR2CD(tcr, TG0);
1453 val |= ARM_SMMU_TCR2CD(tcr, IRGN0);
1454 val |= ARM_SMMU_TCR2CD(tcr, ORGN0);
1455 val |= ARM_SMMU_TCR2CD(tcr, SH0);
1456 val |= ARM_SMMU_TCR2CD(tcr, EPD0);
1457 val |= ARM_SMMU_TCR2CD(tcr, EPD1);
1458 val |= ARM_SMMU_TCR2CD(tcr, IPS);
1463 static void arm_smmu_write_ctx_desc(struct arm_smmu_device *smmu,
1464 struct arm_smmu_s1_cfg *cfg)
1469 * We don't need to issue any invalidation here, as we'll invalidate
1470 * the STE when installing the new entry anyway.
1472 val = arm_smmu_cpu_tcr_to_cd(cfg->cd.tcr) |
1476 CTXDESC_CD_0_R | CTXDESC_CD_0_A | CTXDESC_CD_0_ASET |
1477 CTXDESC_CD_0_AA64 | FIELD_PREP(CTXDESC_CD_0_ASID, cfg->cd.asid) |
1480 /* STALL_MODEL==0b10 && CD.S==0 is ILLEGAL */
1481 if (smmu->features & ARM_SMMU_FEAT_STALL_FORCE)
1482 val |= CTXDESC_CD_0_S;
1484 cfg->cdptr[0] = cpu_to_le64(val);
1486 val = cfg->cd.ttbr & CTXDESC_CD_1_TTB0_MASK;
1487 cfg->cdptr[1] = cpu_to_le64(val);
1489 cfg->cdptr[3] = cpu_to_le64(cfg->cd.mair);
1492 /* Stream table manipulation functions */
1494 arm_smmu_write_strtab_l1_desc(__le64 *dst, struct arm_smmu_strtab_l1_desc *desc)
1498 val |= FIELD_PREP(STRTAB_L1_DESC_SPAN, desc->span);
1499 val |= desc->l2ptr_dma & STRTAB_L1_DESC_L2PTR_MASK;
1501 *dst = cpu_to_le64(val);
1504 static void arm_smmu_sync_ste_for_sid(struct arm_smmu_device *smmu, u32 sid)
1506 struct arm_smmu_cmdq_ent cmd = {
1507 .opcode = CMDQ_OP_CFGI_STE,
1514 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1515 arm_smmu_cmdq_issue_sync(smmu);
1518 static void arm_smmu_write_strtab_ent(struct arm_smmu_master *master, u32 sid,
1522 * This is hideously complicated, but we only really care about
1523 * three cases at the moment:
1525 * 1. Invalid (all zero) -> bypass/fault (init)
1526 * 2. Bypass/fault -> translation/bypass (attach)
1527 * 3. Translation/bypass -> bypass/fault (detach)
1529 * Given that we can't update the STE atomically and the SMMU
1530 * doesn't read the thing in a defined order, that leaves us
1531 * with the following maintenance requirements:
1533 * 1. Update Config, return (init time STEs aren't live)
1534 * 2. Write everything apart from dword 0, sync, write dword 0, sync
1535 * 3. Update Config, sync
1537 u64 val = le64_to_cpu(dst[0]);
1538 bool ste_live = false;
1539 struct arm_smmu_device *smmu = NULL;
1540 struct arm_smmu_s1_cfg *s1_cfg = NULL;
1541 struct arm_smmu_s2_cfg *s2_cfg = NULL;
1542 struct arm_smmu_domain *smmu_domain = NULL;
1543 struct arm_smmu_cmdq_ent prefetch_cmd = {
1544 .opcode = CMDQ_OP_PREFETCH_CFG,
1551 smmu_domain = master->domain;
1552 smmu = master->smmu;
1556 switch (smmu_domain->stage) {
1557 case ARM_SMMU_DOMAIN_S1:
1558 s1_cfg = &smmu_domain->s1_cfg;
1560 case ARM_SMMU_DOMAIN_S2:
1561 case ARM_SMMU_DOMAIN_NESTED:
1562 s2_cfg = &smmu_domain->s2_cfg;
1569 if (val & STRTAB_STE_0_V) {
1570 switch (FIELD_GET(STRTAB_STE_0_CFG, val)) {
1571 case STRTAB_STE_0_CFG_BYPASS:
1573 case STRTAB_STE_0_CFG_S1_TRANS:
1574 case STRTAB_STE_0_CFG_S2_TRANS:
1577 case STRTAB_STE_0_CFG_ABORT:
1578 BUG_ON(!disable_bypass);
1581 BUG(); /* STE corruption */
1585 /* Nuke the existing STE_0 value, as we're going to rewrite it */
1586 val = STRTAB_STE_0_V;
1589 if (!smmu_domain || !(s1_cfg || s2_cfg)) {
1590 if (!smmu_domain && disable_bypass)
1591 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_ABORT);
1593 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_BYPASS);
1595 dst[0] = cpu_to_le64(val);
1596 dst[1] = cpu_to_le64(FIELD_PREP(STRTAB_STE_1_SHCFG,
1597 STRTAB_STE_1_SHCFG_INCOMING));
1598 dst[2] = 0; /* Nuke the VMID */
1600 * The SMMU can perform negative caching, so we must sync
1601 * the STE regardless of whether the old value was live.
1604 arm_smmu_sync_ste_for_sid(smmu, sid);
1610 dst[1] = cpu_to_le64(
1611 FIELD_PREP(STRTAB_STE_1_S1CIR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1612 FIELD_PREP(STRTAB_STE_1_S1COR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1613 FIELD_PREP(STRTAB_STE_1_S1CSH, ARM_SMMU_SH_ISH) |
1614 FIELD_PREP(STRTAB_STE_1_STRW, STRTAB_STE_1_STRW_NSEL1));
1616 if (smmu->features & ARM_SMMU_FEAT_STALLS &&
1617 !(smmu->features & ARM_SMMU_FEAT_STALL_FORCE))
1618 dst[1] |= cpu_to_le64(STRTAB_STE_1_S1STALLD);
1620 val |= (s1_cfg->cdptr_dma & STRTAB_STE_0_S1CTXPTR_MASK) |
1621 FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S1_TRANS);
1626 dst[2] = cpu_to_le64(
1627 FIELD_PREP(STRTAB_STE_2_S2VMID, s2_cfg->vmid) |
1628 FIELD_PREP(STRTAB_STE_2_VTCR, s2_cfg->vtcr) |
1630 STRTAB_STE_2_S2ENDI |
1632 STRTAB_STE_2_S2PTW | STRTAB_STE_2_S2AA64 |
1635 dst[3] = cpu_to_le64(s2_cfg->vttbr & STRTAB_STE_3_S2TTB_MASK);
1637 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S2_TRANS);
1640 if (master->ats_enabled)
1641 dst[1] |= cpu_to_le64(FIELD_PREP(STRTAB_STE_1_EATS,
1642 STRTAB_STE_1_EATS_TRANS));
1644 arm_smmu_sync_ste_for_sid(smmu, sid);
1645 dst[0] = cpu_to_le64(val);
1646 arm_smmu_sync_ste_for_sid(smmu, sid);
1648 /* It's likely that we'll want to use the new STE soon */
1649 if (!(smmu->options & ARM_SMMU_OPT_SKIP_PREFETCH))
1650 arm_smmu_cmdq_issue_cmd(smmu, &prefetch_cmd);
1653 static void arm_smmu_init_bypass_stes(u64 *strtab, unsigned int nent)
1657 for (i = 0; i < nent; ++i) {
1658 arm_smmu_write_strtab_ent(NULL, -1, strtab);
1659 strtab += STRTAB_STE_DWORDS;
1663 static int arm_smmu_init_l2_strtab(struct arm_smmu_device *smmu, u32 sid)
1667 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
1668 struct arm_smmu_strtab_l1_desc *desc = &cfg->l1_desc[sid >> STRTAB_SPLIT];
1673 size = 1 << (STRTAB_SPLIT + ilog2(STRTAB_STE_DWORDS) + 3);
1674 strtab = &cfg->strtab[(sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS];
1676 desc->span = STRTAB_SPLIT + 1;
1677 desc->l2ptr = dmam_alloc_coherent(smmu->dev, size, &desc->l2ptr_dma,
1678 GFP_KERNEL | __GFP_ZERO);
1681 "failed to allocate l2 stream table for SID %u\n",
1686 arm_smmu_init_bypass_stes(desc->l2ptr, 1 << STRTAB_SPLIT);
1687 arm_smmu_write_strtab_l1_desc(strtab, desc);
1691 /* IRQ and event handlers */
1692 static irqreturn_t arm_smmu_evtq_thread(int irq, void *dev)
1695 struct arm_smmu_device *smmu = dev;
1696 struct arm_smmu_queue *q = &smmu->evtq.q;
1697 struct arm_smmu_ll_queue *llq = &q->llq;
1698 u64 evt[EVTQ_ENT_DWORDS];
1701 while (!queue_remove_raw(q, evt)) {
1702 u8 id = FIELD_GET(EVTQ_0_ID, evt[0]);
1704 dev_info(smmu->dev, "event 0x%02x received:\n", id);
1705 for (i = 0; i < ARRAY_SIZE(evt); ++i)
1706 dev_info(smmu->dev, "\t0x%016llx\n",
1707 (unsigned long long)evt[i]);
1712 * Not much we can do on overflow, so scream and pretend we're
1715 if (queue_sync_prod_in(q) == -EOVERFLOW)
1716 dev_err(smmu->dev, "EVTQ overflow detected -- events lost\n");
1717 } while (!queue_empty(llq));
1719 /* Sync our overflow flag, as we believe we're up to speed */
1720 llq->cons = Q_OVF(llq->prod) | Q_WRP(llq, llq->cons) |
1721 Q_IDX(llq, llq->cons);
1725 static void arm_smmu_handle_ppr(struct arm_smmu_device *smmu, u64 *evt)
1731 sid = FIELD_GET(PRIQ_0_SID, evt[0]);
1732 ssv = FIELD_GET(PRIQ_0_SSID_V, evt[0]);
1733 ssid = ssv ? FIELD_GET(PRIQ_0_SSID, evt[0]) : 0;
1734 last = FIELD_GET(PRIQ_0_PRG_LAST, evt[0]);
1735 grpid = FIELD_GET(PRIQ_1_PRG_IDX, evt[1]);
1737 dev_info(smmu->dev, "unexpected PRI request received:\n");
1739 "\tsid 0x%08x.0x%05x: [%u%s] %sprivileged %s%s%s access at iova 0x%016llx\n",
1740 sid, ssid, grpid, last ? "L" : "",
1741 evt[0] & PRIQ_0_PERM_PRIV ? "" : "un",
1742 evt[0] & PRIQ_0_PERM_READ ? "R" : "",
1743 evt[0] & PRIQ_0_PERM_WRITE ? "W" : "",
1744 evt[0] & PRIQ_0_PERM_EXEC ? "X" : "",
1745 evt[1] & PRIQ_1_ADDR_MASK);
1748 struct arm_smmu_cmdq_ent cmd = {
1749 .opcode = CMDQ_OP_PRI_RESP,
1750 .substream_valid = ssv,
1755 .resp = PRI_RESP_DENY,
1759 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1763 static irqreturn_t arm_smmu_priq_thread(int irq, void *dev)
1765 struct arm_smmu_device *smmu = dev;
1766 struct arm_smmu_queue *q = &smmu->priq.q;
1767 struct arm_smmu_ll_queue *llq = &q->llq;
1768 u64 evt[PRIQ_ENT_DWORDS];
1771 while (!queue_remove_raw(q, evt))
1772 arm_smmu_handle_ppr(smmu, evt);
1774 if (queue_sync_prod_in(q) == -EOVERFLOW)
1775 dev_err(smmu->dev, "PRIQ overflow detected -- requests lost\n");
1776 } while (!queue_empty(llq));
1778 /* Sync our overflow flag, as we believe we're up to speed */
1779 llq->cons = Q_OVF(llq->prod) | Q_WRP(llq, llq->cons) |
1780 Q_IDX(llq, llq->cons);
1781 queue_sync_cons_out(q);
1785 static int arm_smmu_device_disable(struct arm_smmu_device *smmu);
1787 static irqreturn_t arm_smmu_gerror_handler(int irq, void *dev)
1789 u32 gerror, gerrorn, active;
1790 struct arm_smmu_device *smmu = dev;
1792 gerror = readl_relaxed(smmu->base + ARM_SMMU_GERROR);
1793 gerrorn = readl_relaxed(smmu->base + ARM_SMMU_GERRORN);
1795 active = gerror ^ gerrorn;
1796 if (!(active & GERROR_ERR_MASK))
1797 return IRQ_NONE; /* No errors pending */
1800 "unexpected global error reported (0x%08x), this could be serious\n",
1803 if (active & GERROR_SFM_ERR) {
1804 dev_err(smmu->dev, "device has entered Service Failure Mode!\n");
1805 arm_smmu_device_disable(smmu);
1808 if (active & GERROR_MSI_GERROR_ABT_ERR)
1809 dev_warn(smmu->dev, "GERROR MSI write aborted\n");
1811 if (active & GERROR_MSI_PRIQ_ABT_ERR)
1812 dev_warn(smmu->dev, "PRIQ MSI write aborted\n");
1814 if (active & GERROR_MSI_EVTQ_ABT_ERR)
1815 dev_warn(smmu->dev, "EVTQ MSI write aborted\n");
1817 if (active & GERROR_MSI_CMDQ_ABT_ERR)
1818 dev_warn(smmu->dev, "CMDQ MSI write aborted\n");
1820 if (active & GERROR_PRIQ_ABT_ERR)
1821 dev_err(smmu->dev, "PRIQ write aborted -- events may have been lost\n");
1823 if (active & GERROR_EVTQ_ABT_ERR)
1824 dev_err(smmu->dev, "EVTQ write aborted -- events may have been lost\n");
1826 if (active & GERROR_CMDQ_ERR)
1827 arm_smmu_cmdq_skip_err(smmu);
1829 writel(gerror, smmu->base + ARM_SMMU_GERRORN);
1833 static irqreturn_t arm_smmu_combined_irq_thread(int irq, void *dev)
1835 struct arm_smmu_device *smmu = dev;
1837 arm_smmu_evtq_thread(irq, dev);
1838 if (smmu->features & ARM_SMMU_FEAT_PRI)
1839 arm_smmu_priq_thread(irq, dev);
1844 static irqreturn_t arm_smmu_combined_irq_handler(int irq, void *dev)
1846 arm_smmu_gerror_handler(irq, dev);
1847 return IRQ_WAKE_THREAD;
1851 arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
1852 struct arm_smmu_cmdq_ent *cmd)
1856 /* ATC invalidates are always on 4096-bytes pages */
1857 size_t inval_grain_shift = 12;
1858 unsigned long page_start, page_end;
1860 *cmd = (struct arm_smmu_cmdq_ent) {
1861 .opcode = CMDQ_OP_ATC_INV,
1862 .substream_valid = !!ssid,
1867 cmd->atc.size = ATC_INV_SIZE_ALL;
1871 page_start = iova >> inval_grain_shift;
1872 page_end = (iova + size - 1) >> inval_grain_shift;
1875 * In an ATS Invalidate Request, the address must be aligned on the
1876 * range size, which must be a power of two number of page sizes. We
1877 * thus have to choose between grossly over-invalidating the region, or
1878 * splitting the invalidation into multiple commands. For simplicity
1879 * we'll go with the first solution, but should refine it in the future
1880 * if multiple commands are shown to be more efficient.
1882 * Find the smallest power of two that covers the range. The most
1883 * significant differing bit between the start and end addresses,
1884 * fls(start ^ end), indicates the required span. For example:
1886 * We want to invalidate pages [8; 11]. This is already the ideal range:
1887 * x = 0b1000 ^ 0b1011 = 0b11
1888 * span = 1 << fls(x) = 4
1890 * To invalidate pages [7; 10], we need to invalidate [0; 15]:
1891 * x = 0b0111 ^ 0b1010 = 0b1101
1892 * span = 1 << fls(x) = 16
1894 log2_span = fls_long(page_start ^ page_end);
1895 span_mask = (1ULL << log2_span) - 1;
1897 page_start &= ~span_mask;
1899 cmd->atc.addr = page_start << inval_grain_shift;
1900 cmd->atc.size = log2_span;
1903 static int arm_smmu_atc_inv_master(struct arm_smmu_master *master,
1904 struct arm_smmu_cmdq_ent *cmd)
1908 if (!master->ats_enabled)
1911 for (i = 0; i < master->num_sids; i++) {
1912 cmd->atc.sid = master->sids[i];
1913 arm_smmu_cmdq_issue_cmd(master->smmu, cmd);
1916 return arm_smmu_cmdq_issue_sync(master->smmu);
1919 static int arm_smmu_atc_inv_domain(struct arm_smmu_domain *smmu_domain,
1920 int ssid, unsigned long iova, size_t size)
1923 unsigned long flags;
1924 struct arm_smmu_cmdq_ent cmd;
1925 struct arm_smmu_master *master;
1927 if (!(smmu_domain->smmu->features & ARM_SMMU_FEAT_ATS))
1931 * Ensure that we've completed prior invalidation of the main TLBs
1932 * before we read 'nr_ats_masters' in case of a concurrent call to
1933 * arm_smmu_enable_ats():
1935 * // unmap() // arm_smmu_enable_ats()
1936 * TLBI+SYNC atomic_inc(&nr_ats_masters);
1938 * atomic_read(&nr_ats_masters); pci_enable_ats() // writel()
1940 * Ensures that we always see the incremented 'nr_ats_masters' count if
1941 * ATS was enabled at the PCI device before completion of the TLBI.
1944 if (!atomic_read(&smmu_domain->nr_ats_masters))
1947 arm_smmu_atc_inv_to_cmd(ssid, iova, size, &cmd);
1949 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
1950 list_for_each_entry(master, &smmu_domain->devices, domain_head)
1951 ret |= arm_smmu_atc_inv_master(master, &cmd);
1952 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
1954 return ret ? -ETIMEDOUT : 0;
1957 /* IO_PGTABLE API */
1958 static void arm_smmu_tlb_inv_context(void *cookie)
1960 struct arm_smmu_domain *smmu_domain = cookie;
1961 struct arm_smmu_device *smmu = smmu_domain->smmu;
1962 struct arm_smmu_cmdq_ent cmd;
1964 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
1965 cmd.opcode = CMDQ_OP_TLBI_NH_ASID;
1966 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
1969 cmd.opcode = CMDQ_OP_TLBI_S12_VMALL;
1970 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
1974 * NOTE: when io-pgtable is in non-strict mode, we may get here with
1975 * PTEs previously cleared by unmaps on the current CPU not yet visible
1976 * to the SMMU. We are relying on the dma_wmb() implicit during cmd
1977 * insertion to guarantee those are observed before the TLBI. Do be
1980 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1981 arm_smmu_cmdq_issue_sync(smmu);
1982 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
1985 static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size,
1986 size_t granule, bool leaf,
1987 struct arm_smmu_domain *smmu_domain)
1989 u64 cmds[CMDQ_BATCH_ENTRIES * CMDQ_ENT_DWORDS];
1990 struct arm_smmu_device *smmu = smmu_domain->smmu;
1991 unsigned long start = iova, end = iova + size;
1993 struct arm_smmu_cmdq_ent cmd = {
2002 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
2003 cmd.opcode = CMDQ_OP_TLBI_NH_VA;
2004 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
2006 cmd.opcode = CMDQ_OP_TLBI_S2_IPA;
2007 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
2010 while (iova < end) {
2011 if (i == CMDQ_BATCH_ENTRIES) {
2012 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, false);
2016 cmd.tlbi.addr = iova;
2017 arm_smmu_cmdq_build_cmd(&cmds[i * CMDQ_ENT_DWORDS], &cmd);
2022 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, true);
2025 * Unfortunately, this can't be leaf-only since we may have
2026 * zapped an entire table.
2028 arm_smmu_atc_inv_domain(smmu_domain, 0, start, size);
2031 static void arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather *gather,
2032 unsigned long iova, size_t granule,
2035 struct arm_smmu_domain *smmu_domain = cookie;
2036 struct iommu_domain *domain = &smmu_domain->domain;
2038 iommu_iotlb_gather_add_page(domain, gather, iova, granule);
2041 static void arm_smmu_tlb_inv_walk(unsigned long iova, size_t size,
2042 size_t granule, void *cookie)
2044 arm_smmu_tlb_inv_range(iova, size, granule, false, cookie);
2047 static void arm_smmu_tlb_inv_leaf(unsigned long iova, size_t size,
2048 size_t granule, void *cookie)
2050 arm_smmu_tlb_inv_range(iova, size, granule, true, cookie);
2053 static const struct iommu_flush_ops arm_smmu_flush_ops = {
2054 .tlb_flush_all = arm_smmu_tlb_inv_context,
2055 .tlb_flush_walk = arm_smmu_tlb_inv_walk,
2056 .tlb_flush_leaf = arm_smmu_tlb_inv_leaf,
2057 .tlb_add_page = arm_smmu_tlb_inv_page_nosync,
2061 static bool arm_smmu_capable(enum iommu_cap cap)
2064 case IOMMU_CAP_CACHE_COHERENCY:
2066 case IOMMU_CAP_NOEXEC:
2073 static struct iommu_domain *arm_smmu_domain_alloc(unsigned type)
2075 struct arm_smmu_domain *smmu_domain;
2077 if (type != IOMMU_DOMAIN_UNMANAGED &&
2078 type != IOMMU_DOMAIN_DMA &&
2079 type != IOMMU_DOMAIN_IDENTITY)
2083 * Allocate the domain and initialise some of its data structures.
2084 * We can't really do anything meaningful until we've added a
2087 smmu_domain = kzalloc(sizeof(*smmu_domain), GFP_KERNEL);
2091 if (type == IOMMU_DOMAIN_DMA &&
2092 iommu_get_dma_cookie(&smmu_domain->domain)) {
2097 mutex_init(&smmu_domain->init_mutex);
2098 INIT_LIST_HEAD(&smmu_domain->devices);
2099 spin_lock_init(&smmu_domain->devices_lock);
2101 return &smmu_domain->domain;
2104 static int arm_smmu_bitmap_alloc(unsigned long *map, int span)
2106 int idx, size = 1 << span;
2109 idx = find_first_zero_bit(map, size);
2112 } while (test_and_set_bit(idx, map));
2117 static void arm_smmu_bitmap_free(unsigned long *map, int idx)
2119 clear_bit(idx, map);
2122 static void arm_smmu_domain_free(struct iommu_domain *domain)
2124 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2125 struct arm_smmu_device *smmu = smmu_domain->smmu;
2127 iommu_put_dma_cookie(domain);
2128 free_io_pgtable_ops(smmu_domain->pgtbl_ops);
2130 /* Free the CD and ASID, if we allocated them */
2131 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
2132 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2135 dmam_free_coherent(smmu_domain->smmu->dev,
2136 CTXDESC_CD_DWORDS << 3,
2140 arm_smmu_bitmap_free(smmu->asid_map, cfg->cd.asid);
2143 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2145 arm_smmu_bitmap_free(smmu->vmid_map, cfg->vmid);
2151 static int arm_smmu_domain_finalise_s1(struct arm_smmu_domain *smmu_domain,
2152 struct io_pgtable_cfg *pgtbl_cfg)
2156 struct arm_smmu_device *smmu = smmu_domain->smmu;
2157 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2159 asid = arm_smmu_bitmap_alloc(smmu->asid_map, smmu->asid_bits);
2163 cfg->cdptr = dmam_alloc_coherent(smmu->dev, CTXDESC_CD_DWORDS << 3,
2165 GFP_KERNEL | __GFP_ZERO);
2167 dev_warn(smmu->dev, "failed to allocate context descriptor\n");
2172 cfg->cd.asid = (u16)asid;
2173 cfg->cd.ttbr = pgtbl_cfg->arm_lpae_s1_cfg.ttbr[0];
2174 cfg->cd.tcr = pgtbl_cfg->arm_lpae_s1_cfg.tcr;
2175 cfg->cd.mair = pgtbl_cfg->arm_lpae_s1_cfg.mair;
2179 arm_smmu_bitmap_free(smmu->asid_map, asid);
2183 static int arm_smmu_domain_finalise_s2(struct arm_smmu_domain *smmu_domain,
2184 struct io_pgtable_cfg *pgtbl_cfg)
2187 struct arm_smmu_device *smmu = smmu_domain->smmu;
2188 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2190 vmid = arm_smmu_bitmap_alloc(smmu->vmid_map, smmu->vmid_bits);
2194 cfg->vmid = (u16)vmid;
2195 cfg->vttbr = pgtbl_cfg->arm_lpae_s2_cfg.vttbr;
2196 cfg->vtcr = pgtbl_cfg->arm_lpae_s2_cfg.vtcr;
2200 static int arm_smmu_domain_finalise(struct iommu_domain *domain)
2203 unsigned long ias, oas;
2204 enum io_pgtable_fmt fmt;
2205 struct io_pgtable_cfg pgtbl_cfg;
2206 struct io_pgtable_ops *pgtbl_ops;
2207 int (*finalise_stage_fn)(struct arm_smmu_domain *,
2208 struct io_pgtable_cfg *);
2209 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2210 struct arm_smmu_device *smmu = smmu_domain->smmu;
2212 if (domain->type == IOMMU_DOMAIN_IDENTITY) {
2213 smmu_domain->stage = ARM_SMMU_DOMAIN_BYPASS;
2217 /* Restrict the stage to what we can actually support */
2218 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S1))
2219 smmu_domain->stage = ARM_SMMU_DOMAIN_S2;
2220 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S2))
2221 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2223 switch (smmu_domain->stage) {
2224 case ARM_SMMU_DOMAIN_S1:
2225 ias = (smmu->features & ARM_SMMU_FEAT_VAX) ? 52 : 48;
2226 ias = min_t(unsigned long, ias, VA_BITS);
2228 fmt = ARM_64_LPAE_S1;
2229 finalise_stage_fn = arm_smmu_domain_finalise_s1;
2231 case ARM_SMMU_DOMAIN_NESTED:
2232 case ARM_SMMU_DOMAIN_S2:
2235 fmt = ARM_64_LPAE_S2;
2236 finalise_stage_fn = arm_smmu_domain_finalise_s2;
2242 pgtbl_cfg = (struct io_pgtable_cfg) {
2243 .pgsize_bitmap = smmu->pgsize_bitmap,
2246 .coherent_walk = smmu->features & ARM_SMMU_FEAT_COHERENCY,
2247 .tlb = &arm_smmu_flush_ops,
2248 .iommu_dev = smmu->dev,
2251 if (smmu_domain->non_strict)
2252 pgtbl_cfg.quirks |= IO_PGTABLE_QUIRK_NON_STRICT;
2254 pgtbl_ops = alloc_io_pgtable_ops(fmt, &pgtbl_cfg, smmu_domain);
2258 domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
2259 domain->geometry.aperture_end = (1UL << pgtbl_cfg.ias) - 1;
2260 domain->geometry.force_aperture = true;
2262 ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg);
2264 free_io_pgtable_ops(pgtbl_ops);
2268 smmu_domain->pgtbl_ops = pgtbl_ops;
2272 static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid)
2275 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2277 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2278 struct arm_smmu_strtab_l1_desc *l1_desc;
2281 /* Two-level walk */
2282 idx = (sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS;
2283 l1_desc = &cfg->l1_desc[idx];
2284 idx = (sid & ((1 << STRTAB_SPLIT) - 1)) * STRTAB_STE_DWORDS;
2285 step = &l1_desc->l2ptr[idx];
2287 /* Simple linear lookup */
2288 step = &cfg->strtab[sid * STRTAB_STE_DWORDS];
2294 static void arm_smmu_install_ste_for_dev(struct arm_smmu_master *master)
2297 struct arm_smmu_device *smmu = master->smmu;
2299 for (i = 0; i < master->num_sids; ++i) {
2300 u32 sid = master->sids[i];
2301 __le64 *step = arm_smmu_get_step_for_sid(smmu, sid);
2303 /* Bridged PCI devices may end up with duplicated IDs */
2304 for (j = 0; j < i; j++)
2305 if (master->sids[j] == sid)
2310 arm_smmu_write_strtab_ent(master, sid, step);
2314 #ifdef CONFIG_PCI_ATS
2315 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2317 struct pci_dev *pdev;
2318 struct arm_smmu_device *smmu = master->smmu;
2319 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(master->dev);
2321 if (!(smmu->features & ARM_SMMU_FEAT_ATS) || !dev_is_pci(master->dev) ||
2322 !(fwspec->flags & IOMMU_FWSPEC_PCI_RC_ATS) || pci_ats_disabled())
2325 pdev = to_pci_dev(master->dev);
2326 return !pdev->untrusted && pdev->ats_cap;
2329 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2335 static void arm_smmu_enable_ats(struct arm_smmu_master *master)
2338 struct pci_dev *pdev;
2339 struct arm_smmu_device *smmu = master->smmu;
2340 struct arm_smmu_domain *smmu_domain = master->domain;
2342 /* Don't enable ATS at the endpoint if it's not enabled in the STE */
2343 if (!master->ats_enabled)
2346 /* Smallest Translation Unit: log2 of the smallest supported granule */
2347 stu = __ffs(smmu->pgsize_bitmap);
2348 pdev = to_pci_dev(master->dev);
2350 atomic_inc(&smmu_domain->nr_ats_masters);
2351 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
2352 if (pci_enable_ats(pdev, stu))
2353 dev_err(master->dev, "Failed to enable ATS (STU %zu)\n", stu);
2356 static void arm_smmu_disable_ats(struct arm_smmu_master *master)
2358 struct arm_smmu_cmdq_ent cmd;
2359 struct arm_smmu_domain *smmu_domain = master->domain;
2361 if (!master->ats_enabled)
2364 pci_disable_ats(to_pci_dev(master->dev));
2366 * Ensure ATS is disabled at the endpoint before we issue the
2367 * ATC invalidation via the SMMU.
2370 arm_smmu_atc_inv_to_cmd(0, 0, 0, &cmd);
2371 arm_smmu_atc_inv_master(master, &cmd);
2372 atomic_dec(&smmu_domain->nr_ats_masters);
2375 static void arm_smmu_detach_dev(struct arm_smmu_master *master)
2377 unsigned long flags;
2378 struct arm_smmu_domain *smmu_domain = master->domain;
2383 arm_smmu_disable_ats(master);
2385 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2386 list_del(&master->domain_head);
2387 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2389 master->domain = NULL;
2390 master->ats_enabled = false;
2391 arm_smmu_install_ste_for_dev(master);
2394 static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
2397 unsigned long flags;
2398 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2399 struct arm_smmu_device *smmu;
2400 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2401 struct arm_smmu_master *master;
2406 master = fwspec->iommu_priv;
2407 smmu = master->smmu;
2409 arm_smmu_detach_dev(master);
2411 mutex_lock(&smmu_domain->init_mutex);
2413 if (!smmu_domain->smmu) {
2414 smmu_domain->smmu = smmu;
2415 ret = arm_smmu_domain_finalise(domain);
2417 smmu_domain->smmu = NULL;
2420 } else if (smmu_domain->smmu != smmu) {
2422 "cannot attach to SMMU %s (upstream of %s)\n",
2423 dev_name(smmu_domain->smmu->dev),
2424 dev_name(smmu->dev));
2429 master->domain = smmu_domain;
2431 if (smmu_domain->stage != ARM_SMMU_DOMAIN_BYPASS)
2432 master->ats_enabled = arm_smmu_ats_supported(master);
2434 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1)
2435 arm_smmu_write_ctx_desc(smmu, &smmu_domain->s1_cfg);
2437 arm_smmu_install_ste_for_dev(master);
2439 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2440 list_add(&master->domain_head, &smmu_domain->devices);
2441 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2443 arm_smmu_enable_ats(master);
2446 mutex_unlock(&smmu_domain->init_mutex);
2450 static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
2451 phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2453 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2458 return ops->map(ops, iova, paddr, size, prot);
2461 static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
2462 size_t size, struct iommu_iotlb_gather *gather)
2464 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2465 struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
2470 return ops->unmap(ops, iova, size, gather);
2473 static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain)
2475 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2477 if (smmu_domain->smmu)
2478 arm_smmu_tlb_inv_context(smmu_domain);
2481 static void arm_smmu_iotlb_sync(struct iommu_domain *domain,
2482 struct iommu_iotlb_gather *gather)
2484 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2486 arm_smmu_tlb_inv_range(gather->start, gather->end - gather->start,
2487 gather->pgsize, true, smmu_domain);
2491 arm_smmu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2493 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2495 if (domain->type == IOMMU_DOMAIN_IDENTITY)
2501 return ops->iova_to_phys(ops, iova);
2504 static struct platform_driver arm_smmu_driver;
2507 struct arm_smmu_device *arm_smmu_get_by_fwnode(struct fwnode_handle *fwnode)
2509 struct device *dev = driver_find_device_by_fwnode(&arm_smmu_driver.driver,
2512 return dev ? dev_get_drvdata(dev) : NULL;
2515 static bool arm_smmu_sid_in_range(struct arm_smmu_device *smmu, u32 sid)
2517 unsigned long limit = smmu->strtab_cfg.num_l1_ents;
2519 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2520 limit *= 1UL << STRTAB_SPLIT;
2525 static struct iommu_ops arm_smmu_ops;
2527 static int arm_smmu_add_device(struct device *dev)
2530 struct arm_smmu_device *smmu;
2531 struct arm_smmu_master *master;
2532 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2533 struct iommu_group *group;
2535 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2538 * We _can_ actually withstand dodgy bus code re-calling add_device()
2539 * without an intervening remove_device()/of_xlate() sequence, but
2540 * we're not going to do so quietly...
2542 if (WARN_ON_ONCE(fwspec->iommu_priv)) {
2543 master = fwspec->iommu_priv;
2544 smmu = master->smmu;
2546 smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode);
2549 master = kzalloc(sizeof(*master), GFP_KERNEL);
2554 master->smmu = smmu;
2555 master->sids = fwspec->ids;
2556 master->num_sids = fwspec->num_ids;
2557 fwspec->iommu_priv = master;
2560 /* Check the SIDs are in range of the SMMU and our stream table */
2561 for (i = 0; i < master->num_sids; i++) {
2562 u32 sid = master->sids[i];
2564 if (!arm_smmu_sid_in_range(smmu, sid))
2567 /* Ensure l2 strtab is initialised */
2568 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2569 ret = arm_smmu_init_l2_strtab(smmu, sid);
2575 group = iommu_group_get_for_dev(dev);
2576 if (!IS_ERR(group)) {
2577 iommu_group_put(group);
2578 iommu_device_link(&smmu->iommu, dev);
2581 return PTR_ERR_OR_ZERO(group);
2584 static void arm_smmu_remove_device(struct device *dev)
2586 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2587 struct arm_smmu_master *master;
2588 struct arm_smmu_device *smmu;
2590 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2593 master = fwspec->iommu_priv;
2594 smmu = master->smmu;
2595 arm_smmu_detach_dev(master);
2596 iommu_group_remove_device(dev);
2597 iommu_device_unlink(&smmu->iommu, dev);
2599 iommu_fwspec_free(dev);
2602 static struct iommu_group *arm_smmu_device_group(struct device *dev)
2604 struct iommu_group *group;
2607 * We don't support devices sharing stream IDs other than PCI RID
2608 * aliases, since the necessary ID-to-device lookup becomes rather
2609 * impractical given a potential sparse 32-bit stream ID space.
2611 if (dev_is_pci(dev))
2612 group = pci_device_group(dev);
2614 group = generic_device_group(dev);
2619 static int arm_smmu_domain_get_attr(struct iommu_domain *domain,
2620 enum iommu_attr attr, void *data)
2622 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2624 switch (domain->type) {
2625 case IOMMU_DOMAIN_UNMANAGED:
2627 case DOMAIN_ATTR_NESTING:
2628 *(int *)data = (smmu_domain->stage == ARM_SMMU_DOMAIN_NESTED);
2634 case IOMMU_DOMAIN_DMA:
2636 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2637 *(int *)data = smmu_domain->non_strict;
2648 static int arm_smmu_domain_set_attr(struct iommu_domain *domain,
2649 enum iommu_attr attr, void *data)
2652 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2654 mutex_lock(&smmu_domain->init_mutex);
2656 switch (domain->type) {
2657 case IOMMU_DOMAIN_UNMANAGED:
2659 case DOMAIN_ATTR_NESTING:
2660 if (smmu_domain->smmu) {
2666 smmu_domain->stage = ARM_SMMU_DOMAIN_NESTED;
2668 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2674 case IOMMU_DOMAIN_DMA:
2676 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2677 smmu_domain->non_strict = *(int *)data;
2688 mutex_unlock(&smmu_domain->init_mutex);
2692 static int arm_smmu_of_xlate(struct device *dev, struct of_phandle_args *args)
2694 return iommu_fwspec_add_ids(dev, args->args, 1);
2697 static void arm_smmu_get_resv_regions(struct device *dev,
2698 struct list_head *head)
2700 struct iommu_resv_region *region;
2701 int prot = IOMMU_WRITE | IOMMU_NOEXEC | IOMMU_MMIO;
2703 region = iommu_alloc_resv_region(MSI_IOVA_BASE, MSI_IOVA_LENGTH,
2704 prot, IOMMU_RESV_SW_MSI);
2708 list_add_tail(®ion->list, head);
2710 iommu_dma_get_resv_regions(dev, head);
2713 static void arm_smmu_put_resv_regions(struct device *dev,
2714 struct list_head *head)
2716 struct iommu_resv_region *entry, *next;
2718 list_for_each_entry_safe(entry, next, head, list)
2722 static struct iommu_ops arm_smmu_ops = {
2723 .capable = arm_smmu_capable,
2724 .domain_alloc = arm_smmu_domain_alloc,
2725 .domain_free = arm_smmu_domain_free,
2726 .attach_dev = arm_smmu_attach_dev,
2727 .map = arm_smmu_map,
2728 .unmap = arm_smmu_unmap,
2729 .flush_iotlb_all = arm_smmu_flush_iotlb_all,
2730 .iotlb_sync = arm_smmu_iotlb_sync,
2731 .iova_to_phys = arm_smmu_iova_to_phys,
2732 .add_device = arm_smmu_add_device,
2733 .remove_device = arm_smmu_remove_device,
2734 .device_group = arm_smmu_device_group,
2735 .domain_get_attr = arm_smmu_domain_get_attr,
2736 .domain_set_attr = arm_smmu_domain_set_attr,
2737 .of_xlate = arm_smmu_of_xlate,
2738 .get_resv_regions = arm_smmu_get_resv_regions,
2739 .put_resv_regions = arm_smmu_put_resv_regions,
2740 .pgsize_bitmap = -1UL, /* Restricted during device attach */
2743 /* Probing and initialisation functions */
2744 static int arm_smmu_init_one_queue(struct arm_smmu_device *smmu,
2745 struct arm_smmu_queue *q,
2746 unsigned long prod_off,
2747 unsigned long cons_off,
2748 size_t dwords, const char *name)
2753 qsz = ((1 << q->llq.max_n_shift) * dwords) << 3;
2754 q->base = dmam_alloc_coherent(smmu->dev, qsz, &q->base_dma,
2756 if (q->base || qsz < PAGE_SIZE)
2759 q->llq.max_n_shift--;
2764 "failed to allocate queue (0x%zx bytes) for %s\n",
2769 if (!WARN_ON(q->base_dma & (qsz - 1))) {
2770 dev_info(smmu->dev, "allocated %u entries for %s\n",
2771 1 << q->llq.max_n_shift, name);
2774 q->prod_reg = arm_smmu_page1_fixup(prod_off, smmu);
2775 q->cons_reg = arm_smmu_page1_fixup(cons_off, smmu);
2776 q->ent_dwords = dwords;
2778 q->q_base = Q_BASE_RWA;
2779 q->q_base |= q->base_dma & Q_BASE_ADDR_MASK;
2780 q->q_base |= FIELD_PREP(Q_BASE_LOG2SIZE, q->llq.max_n_shift);
2782 q->llq.prod = q->llq.cons = 0;
2786 static void arm_smmu_cmdq_free_bitmap(void *data)
2788 unsigned long *bitmap = data;
2789 bitmap_free(bitmap);
2792 static int arm_smmu_cmdq_init(struct arm_smmu_device *smmu)
2795 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
2796 unsigned int nents = 1 << cmdq->q.llq.max_n_shift;
2797 atomic_long_t *bitmap;
2799 atomic_set(&cmdq->owner_prod, 0);
2800 atomic_set(&cmdq->lock, 0);
2802 bitmap = (atomic_long_t *)bitmap_zalloc(nents, GFP_KERNEL);
2804 dev_err(smmu->dev, "failed to allocate cmdq bitmap\n");
2807 cmdq->valid_map = bitmap;
2808 devm_add_action(smmu->dev, arm_smmu_cmdq_free_bitmap, bitmap);
2814 static int arm_smmu_init_queues(struct arm_smmu_device *smmu)
2819 ret = arm_smmu_init_one_queue(smmu, &smmu->cmdq.q, ARM_SMMU_CMDQ_PROD,
2820 ARM_SMMU_CMDQ_CONS, CMDQ_ENT_DWORDS,
2825 ret = arm_smmu_cmdq_init(smmu);
2830 ret = arm_smmu_init_one_queue(smmu, &smmu->evtq.q, ARM_SMMU_EVTQ_PROD,
2831 ARM_SMMU_EVTQ_CONS, EVTQ_ENT_DWORDS,
2837 if (!(smmu->features & ARM_SMMU_FEAT_PRI))
2840 return arm_smmu_init_one_queue(smmu, &smmu->priq.q, ARM_SMMU_PRIQ_PROD,
2841 ARM_SMMU_PRIQ_CONS, PRIQ_ENT_DWORDS,
2845 static int arm_smmu_init_l1_strtab(struct arm_smmu_device *smmu)
2848 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2849 size_t size = sizeof(*cfg->l1_desc) * cfg->num_l1_ents;
2850 void *strtab = smmu->strtab_cfg.strtab;
2852 cfg->l1_desc = devm_kzalloc(smmu->dev, size, GFP_KERNEL);
2853 if (!cfg->l1_desc) {
2854 dev_err(smmu->dev, "failed to allocate l1 stream table desc\n");
2858 for (i = 0; i < cfg->num_l1_ents; ++i) {
2859 arm_smmu_write_strtab_l1_desc(strtab, &cfg->l1_desc[i]);
2860 strtab += STRTAB_L1_DESC_DWORDS << 3;
2866 static int arm_smmu_init_strtab_2lvl(struct arm_smmu_device *smmu)
2871 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2873 /* Calculate the L1 size, capped to the SIDSIZE. */
2874 size = STRTAB_L1_SZ_SHIFT - (ilog2(STRTAB_L1_DESC_DWORDS) + 3);
2875 size = min(size, smmu->sid_bits - STRTAB_SPLIT);
2876 cfg->num_l1_ents = 1 << size;
2878 size += STRTAB_SPLIT;
2879 if (size < smmu->sid_bits)
2881 "2-level strtab only covers %u/%u bits of SID\n",
2882 size, smmu->sid_bits);
2884 l1size = cfg->num_l1_ents * (STRTAB_L1_DESC_DWORDS << 3);
2885 strtab = dmam_alloc_coherent(smmu->dev, l1size, &cfg->strtab_dma,
2886 GFP_KERNEL | __GFP_ZERO);
2889 "failed to allocate l1 stream table (%u bytes)\n",
2893 cfg->strtab = strtab;
2895 /* Configure strtab_base_cfg for 2 levels */
2896 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_2LVL);
2897 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, size);
2898 reg |= FIELD_PREP(STRTAB_BASE_CFG_SPLIT, STRTAB_SPLIT);
2899 cfg->strtab_base_cfg = reg;
2901 return arm_smmu_init_l1_strtab(smmu);
2904 static int arm_smmu_init_strtab_linear(struct arm_smmu_device *smmu)
2909 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2911 size = (1 << smmu->sid_bits) * (STRTAB_STE_DWORDS << 3);
2912 strtab = dmam_alloc_coherent(smmu->dev, size, &cfg->strtab_dma,
2913 GFP_KERNEL | __GFP_ZERO);
2916 "failed to allocate linear stream table (%u bytes)\n",
2920 cfg->strtab = strtab;
2921 cfg->num_l1_ents = 1 << smmu->sid_bits;
2923 /* Configure strtab_base_cfg for a linear table covering all SIDs */
2924 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_LINEAR);
2925 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, smmu->sid_bits);
2926 cfg->strtab_base_cfg = reg;
2928 arm_smmu_init_bypass_stes(strtab, cfg->num_l1_ents);
2932 static int arm_smmu_init_strtab(struct arm_smmu_device *smmu)
2937 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2938 ret = arm_smmu_init_strtab_2lvl(smmu);
2940 ret = arm_smmu_init_strtab_linear(smmu);
2945 /* Set the strtab base address */
2946 reg = smmu->strtab_cfg.strtab_dma & STRTAB_BASE_ADDR_MASK;
2947 reg |= STRTAB_BASE_RA;
2948 smmu->strtab_cfg.strtab_base = reg;
2950 /* Allocate the first VMID for stage-2 bypass STEs */
2951 set_bit(0, smmu->vmid_map);
2955 static int arm_smmu_init_structures(struct arm_smmu_device *smmu)
2959 ret = arm_smmu_init_queues(smmu);
2963 return arm_smmu_init_strtab(smmu);
2966 static int arm_smmu_write_reg_sync(struct arm_smmu_device *smmu, u32 val,
2967 unsigned int reg_off, unsigned int ack_off)
2971 writel_relaxed(val, smmu->base + reg_off);
2972 return readl_relaxed_poll_timeout(smmu->base + ack_off, reg, reg == val,
2973 1, ARM_SMMU_POLL_TIMEOUT_US);
2976 /* GBPA is "special" */
2977 static int arm_smmu_update_gbpa(struct arm_smmu_device *smmu, u32 set, u32 clr)
2980 u32 reg, __iomem *gbpa = smmu->base + ARM_SMMU_GBPA;
2982 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2983 1, ARM_SMMU_POLL_TIMEOUT_US);
2989 writel_relaxed(reg | GBPA_UPDATE, gbpa);
2990 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2991 1, ARM_SMMU_POLL_TIMEOUT_US);
2994 dev_err(smmu->dev, "GBPA not responding to update\n");
2998 static void arm_smmu_free_msis(void *data)
3000 struct device *dev = data;
3001 platform_msi_domain_free_irqs(dev);
3004 static void arm_smmu_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg)
3006 phys_addr_t doorbell;
3007 struct device *dev = msi_desc_to_dev(desc);
3008 struct arm_smmu_device *smmu = dev_get_drvdata(dev);
3009 phys_addr_t *cfg = arm_smmu_msi_cfg[desc->platform.msi_index];
3011 doorbell = (((u64)msg->address_hi) << 32) | msg->address_lo;
3012 doorbell &= MSI_CFG0_ADDR_MASK;
3014 writeq_relaxed(doorbell, smmu->base + cfg[0]);
3015 writel_relaxed(msg->data, smmu->base + cfg[1]);
3016 writel_relaxed(ARM_SMMU_MEMATTR_DEVICE_nGnRE, smmu->base + cfg[2]);
3019 static void arm_smmu_setup_msis(struct arm_smmu_device *smmu)
3021 struct msi_desc *desc;
3022 int ret, nvec = ARM_SMMU_MAX_MSIS;
3023 struct device *dev = smmu->dev;
3025 /* Clear the MSI address regs */
3026 writeq_relaxed(0, smmu->base + ARM_SMMU_GERROR_IRQ_CFG0);
3027 writeq_relaxed(0, smmu->base + ARM_SMMU_EVTQ_IRQ_CFG0);
3029 if (smmu->features & ARM_SMMU_FEAT_PRI)
3030 writeq_relaxed(0, smmu->base + ARM_SMMU_PRIQ_IRQ_CFG0);
3034 if (!(smmu->features & ARM_SMMU_FEAT_MSI))
3037 if (!dev->msi_domain) {
3038 dev_info(smmu->dev, "msi_domain absent - falling back to wired irqs\n");
3042 /* Allocate MSIs for evtq, gerror and priq. Ignore cmdq */
3043 ret = platform_msi_domain_alloc_irqs(dev, nvec, arm_smmu_write_msi_msg);
3045 dev_warn(dev, "failed to allocate MSIs - falling back to wired irqs\n");
3049 for_each_msi_entry(desc, dev) {
3050 switch (desc->platform.msi_index) {
3051 case EVTQ_MSI_INDEX:
3052 smmu->evtq.q.irq = desc->irq;
3054 case GERROR_MSI_INDEX:
3055 smmu->gerr_irq = desc->irq;
3057 case PRIQ_MSI_INDEX:
3058 smmu->priq.q.irq = desc->irq;
3060 default: /* Unknown */
3065 /* Add callback to free MSIs on teardown */
3066 devm_add_action(dev, arm_smmu_free_msis, dev);
3069 static void arm_smmu_setup_unique_irqs(struct arm_smmu_device *smmu)
3073 arm_smmu_setup_msis(smmu);
3075 /* Request interrupt lines */
3076 irq = smmu->evtq.q.irq;
3078 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3079 arm_smmu_evtq_thread,
3081 "arm-smmu-v3-evtq", smmu);
3083 dev_warn(smmu->dev, "failed to enable evtq irq\n");
3085 dev_warn(smmu->dev, "no evtq irq - events will not be reported!\n");
3088 irq = smmu->gerr_irq;
3090 ret = devm_request_irq(smmu->dev, irq, arm_smmu_gerror_handler,
3091 0, "arm-smmu-v3-gerror", smmu);
3093 dev_warn(smmu->dev, "failed to enable gerror irq\n");
3095 dev_warn(smmu->dev, "no gerr irq - errors will not be reported!\n");
3098 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3099 irq = smmu->priq.q.irq;
3101 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3102 arm_smmu_priq_thread,
3108 "failed to enable priq irq\n");
3110 dev_warn(smmu->dev, "no priq irq - PRI will be broken\n");
3115 static int arm_smmu_setup_irqs(struct arm_smmu_device *smmu)
3118 u32 irqen_flags = IRQ_CTRL_EVTQ_IRQEN | IRQ_CTRL_GERROR_IRQEN;
3120 /* Disable IRQs first */
3121 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_IRQ_CTRL,
3122 ARM_SMMU_IRQ_CTRLACK);
3124 dev_err(smmu->dev, "failed to disable irqs\n");
3128 irq = smmu->combined_irq;
3131 * Cavium ThunderX2 implementation doesn't support unique irq
3132 * lines. Use a single irq line for all the SMMUv3 interrupts.
3134 ret = devm_request_threaded_irq(smmu->dev, irq,
3135 arm_smmu_combined_irq_handler,
3136 arm_smmu_combined_irq_thread,
3138 "arm-smmu-v3-combined-irq", smmu);
3140 dev_warn(smmu->dev, "failed to enable combined irq\n");
3142 arm_smmu_setup_unique_irqs(smmu);
3144 if (smmu->features & ARM_SMMU_FEAT_PRI)
3145 irqen_flags |= IRQ_CTRL_PRIQ_IRQEN;
3147 /* Enable interrupt generation on the SMMU */
3148 ret = arm_smmu_write_reg_sync(smmu, irqen_flags,
3149 ARM_SMMU_IRQ_CTRL, ARM_SMMU_IRQ_CTRLACK);
3151 dev_warn(smmu->dev, "failed to enable irqs\n");
3156 static int arm_smmu_device_disable(struct arm_smmu_device *smmu)
3160 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_CR0, ARM_SMMU_CR0ACK);
3162 dev_err(smmu->dev, "failed to clear cr0\n");
3167 static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
3171 struct arm_smmu_cmdq_ent cmd;
3173 /* Clear CR0 and sync (disables SMMU and queue processing) */
3174 reg = readl_relaxed(smmu->base + ARM_SMMU_CR0);
3175 if (reg & CR0_SMMUEN) {
3176 dev_warn(smmu->dev, "SMMU currently enabled! Resetting...\n");
3177 WARN_ON(is_kdump_kernel() && !disable_bypass);
3178 arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
3181 ret = arm_smmu_device_disable(smmu);
3185 /* CR1 (table and queue memory attributes) */
3186 reg = FIELD_PREP(CR1_TABLE_SH, ARM_SMMU_SH_ISH) |
3187 FIELD_PREP(CR1_TABLE_OC, CR1_CACHE_WB) |
3188 FIELD_PREP(CR1_TABLE_IC, CR1_CACHE_WB) |
3189 FIELD_PREP(CR1_QUEUE_SH, ARM_SMMU_SH_ISH) |
3190 FIELD_PREP(CR1_QUEUE_OC, CR1_CACHE_WB) |
3191 FIELD_PREP(CR1_QUEUE_IC, CR1_CACHE_WB);
3192 writel_relaxed(reg, smmu->base + ARM_SMMU_CR1);
3194 /* CR2 (random crap) */
3195 reg = CR2_PTM | CR2_RECINVSID | CR2_E2H;
3196 writel_relaxed(reg, smmu->base + ARM_SMMU_CR2);
3199 writeq_relaxed(smmu->strtab_cfg.strtab_base,
3200 smmu->base + ARM_SMMU_STRTAB_BASE);
3201 writel_relaxed(smmu->strtab_cfg.strtab_base_cfg,
3202 smmu->base + ARM_SMMU_STRTAB_BASE_CFG);
3205 writeq_relaxed(smmu->cmdq.q.q_base, smmu->base + ARM_SMMU_CMDQ_BASE);
3206 writel_relaxed(smmu->cmdq.q.llq.prod, smmu->base + ARM_SMMU_CMDQ_PROD);
3207 writel_relaxed(smmu->cmdq.q.llq.cons, smmu->base + ARM_SMMU_CMDQ_CONS);
3209 enables = CR0_CMDQEN;
3210 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3213 dev_err(smmu->dev, "failed to enable command queue\n");
3217 /* Invalidate any cached configuration */
3218 cmd.opcode = CMDQ_OP_CFGI_ALL;
3219 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3220 arm_smmu_cmdq_issue_sync(smmu);
3222 /* Invalidate any stale TLB entries */
3223 if (smmu->features & ARM_SMMU_FEAT_HYP) {
3224 cmd.opcode = CMDQ_OP_TLBI_EL2_ALL;
3225 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3228 cmd.opcode = CMDQ_OP_TLBI_NSNH_ALL;
3229 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3230 arm_smmu_cmdq_issue_sync(smmu);
3233 writeq_relaxed(smmu->evtq.q.q_base, smmu->base + ARM_SMMU_EVTQ_BASE);
3234 writel_relaxed(smmu->evtq.q.llq.prod,
3235 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_PROD, smmu));
3236 writel_relaxed(smmu->evtq.q.llq.cons,
3237 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_CONS, smmu));
3239 enables |= CR0_EVTQEN;
3240 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3243 dev_err(smmu->dev, "failed to enable event queue\n");
3248 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3249 writeq_relaxed(smmu->priq.q.q_base,
3250 smmu->base + ARM_SMMU_PRIQ_BASE);
3251 writel_relaxed(smmu->priq.q.llq.prod,
3252 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_PROD, smmu));
3253 writel_relaxed(smmu->priq.q.llq.cons,
3254 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_CONS, smmu));
3256 enables |= CR0_PRIQEN;
3257 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3260 dev_err(smmu->dev, "failed to enable PRI queue\n");
3265 if (smmu->features & ARM_SMMU_FEAT_ATS) {
3266 enables |= CR0_ATSCHK;
3267 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3270 dev_err(smmu->dev, "failed to enable ATS check\n");
3275 ret = arm_smmu_setup_irqs(smmu);
3277 dev_err(smmu->dev, "failed to setup irqs\n");
3281 if (is_kdump_kernel())
3282 enables &= ~(CR0_EVTQEN | CR0_PRIQEN);
3284 /* Enable the SMMU interface, or ensure bypass */
3285 if (!bypass || disable_bypass) {
3286 enables |= CR0_SMMUEN;
3288 ret = arm_smmu_update_gbpa(smmu, 0, GBPA_ABORT);
3292 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3295 dev_err(smmu->dev, "failed to enable SMMU interface\n");
3302 static int arm_smmu_device_hw_probe(struct arm_smmu_device *smmu)
3305 bool coherent = smmu->features & ARM_SMMU_FEAT_COHERENCY;
3308 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR0);
3310 /* 2-level structures */
3311 if (FIELD_GET(IDR0_ST_LVL, reg) == IDR0_ST_LVL_2LVL)
3312 smmu->features |= ARM_SMMU_FEAT_2_LVL_STRTAB;
3314 if (reg & IDR0_CD2L)
3315 smmu->features |= ARM_SMMU_FEAT_2_LVL_CDTAB;
3318 * Translation table endianness.
3319 * We currently require the same endianness as the CPU, but this
3320 * could be changed later by adding a new IO_PGTABLE_QUIRK.
3322 switch (FIELD_GET(IDR0_TTENDIAN, reg)) {
3323 case IDR0_TTENDIAN_MIXED:
3324 smmu->features |= ARM_SMMU_FEAT_TT_LE | ARM_SMMU_FEAT_TT_BE;
3327 case IDR0_TTENDIAN_BE:
3328 smmu->features |= ARM_SMMU_FEAT_TT_BE;
3331 case IDR0_TTENDIAN_LE:
3332 smmu->features |= ARM_SMMU_FEAT_TT_LE;
3336 dev_err(smmu->dev, "unknown/unsupported TT endianness!\n");
3340 /* Boolean feature flags */
3341 if (IS_ENABLED(CONFIG_PCI_PRI) && reg & IDR0_PRI)
3342 smmu->features |= ARM_SMMU_FEAT_PRI;
3344 if (IS_ENABLED(CONFIG_PCI_ATS) && reg & IDR0_ATS)
3345 smmu->features |= ARM_SMMU_FEAT_ATS;
3348 smmu->features |= ARM_SMMU_FEAT_SEV;
3351 smmu->features |= ARM_SMMU_FEAT_MSI;
3354 smmu->features |= ARM_SMMU_FEAT_HYP;
3357 * The coherency feature as set by FW is used in preference to the ID
3358 * register, but warn on mismatch.
3360 if (!!(reg & IDR0_COHACC) != coherent)
3361 dev_warn(smmu->dev, "IDR0.COHACC overridden by FW configuration (%s)\n",
3362 coherent ? "true" : "false");
3364 switch (FIELD_GET(IDR0_STALL_MODEL, reg)) {
3365 case IDR0_STALL_MODEL_FORCE:
3366 smmu->features |= ARM_SMMU_FEAT_STALL_FORCE;
3368 case IDR0_STALL_MODEL_STALL:
3369 smmu->features |= ARM_SMMU_FEAT_STALLS;
3373 smmu->features |= ARM_SMMU_FEAT_TRANS_S1;
3376 smmu->features |= ARM_SMMU_FEAT_TRANS_S2;
3378 if (!(reg & (IDR0_S1P | IDR0_S2P))) {
3379 dev_err(smmu->dev, "no translation support!\n");
3383 /* We only support the AArch64 table format at present */
3384 switch (FIELD_GET(IDR0_TTF, reg)) {
3385 case IDR0_TTF_AARCH32_64:
3388 case IDR0_TTF_AARCH64:
3391 dev_err(smmu->dev, "AArch64 table format not supported!\n");
3395 /* ASID/VMID sizes */
3396 smmu->asid_bits = reg & IDR0_ASID16 ? 16 : 8;
3397 smmu->vmid_bits = reg & IDR0_VMID16 ? 16 : 8;
3400 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR1);
3401 if (reg & (IDR1_TABLES_PRESET | IDR1_QUEUES_PRESET | IDR1_REL)) {
3402 dev_err(smmu->dev, "embedded implementation not supported\n");
3406 /* Queue sizes, capped to ensure natural alignment */
3407 smmu->cmdq.q.llq.max_n_shift = min_t(u32, CMDQ_MAX_SZ_SHIFT,
3408 FIELD_GET(IDR1_CMDQS, reg));
3409 if (smmu->cmdq.q.llq.max_n_shift <= ilog2(CMDQ_BATCH_ENTRIES)) {
3411 * We don't support splitting up batches, so one batch of
3412 * commands plus an extra sync needs to fit inside the command
3413 * queue. There's also no way we can handle the weird alignment
3414 * restrictions on the base pointer for a unit-length queue.
3416 dev_err(smmu->dev, "command queue size <= %d entries not supported\n",
3417 CMDQ_BATCH_ENTRIES);
3421 smmu->evtq.q.llq.max_n_shift = min_t(u32, EVTQ_MAX_SZ_SHIFT,
3422 FIELD_GET(IDR1_EVTQS, reg));
3423 smmu->priq.q.llq.max_n_shift = min_t(u32, PRIQ_MAX_SZ_SHIFT,
3424 FIELD_GET(IDR1_PRIQS, reg));
3426 /* SID/SSID sizes */
3427 smmu->ssid_bits = FIELD_GET(IDR1_SSIDSIZE, reg);
3428 smmu->sid_bits = FIELD_GET(IDR1_SIDSIZE, reg);
3431 * If the SMMU supports fewer bits than would fill a single L2 stream
3432 * table, use a linear table instead.
3434 if (smmu->sid_bits <= STRTAB_SPLIT)
3435 smmu->features &= ~ARM_SMMU_FEAT_2_LVL_STRTAB;
3438 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR5);
3440 /* Maximum number of outstanding stalls */
3441 smmu->evtq.max_stalls = FIELD_GET(IDR5_STALL_MAX, reg);
3444 if (reg & IDR5_GRAN64K)
3445 smmu->pgsize_bitmap |= SZ_64K | SZ_512M;
3446 if (reg & IDR5_GRAN16K)
3447 smmu->pgsize_bitmap |= SZ_16K | SZ_32M;
3448 if (reg & IDR5_GRAN4K)
3449 smmu->pgsize_bitmap |= SZ_4K | SZ_2M | SZ_1G;
3451 /* Input address size */
3452 if (FIELD_GET(IDR5_VAX, reg) == IDR5_VAX_52_BIT)
3453 smmu->features |= ARM_SMMU_FEAT_VAX;
3455 /* Output address size */
3456 switch (FIELD_GET(IDR5_OAS, reg)) {
3457 case IDR5_OAS_32_BIT:
3460 case IDR5_OAS_36_BIT:
3463 case IDR5_OAS_40_BIT:
3466 case IDR5_OAS_42_BIT:
3469 case IDR5_OAS_44_BIT:
3472 case IDR5_OAS_52_BIT:
3474 smmu->pgsize_bitmap |= 1ULL << 42; /* 4TB */
3478 "unknown output address size. Truncating to 48-bit\n");
3480 case IDR5_OAS_48_BIT:
3484 if (arm_smmu_ops.pgsize_bitmap == -1UL)
3485 arm_smmu_ops.pgsize_bitmap = smmu->pgsize_bitmap;
3487 arm_smmu_ops.pgsize_bitmap |= smmu->pgsize_bitmap;
3489 /* Set the DMA mask for our table walker */
3490 if (dma_set_mask_and_coherent(smmu->dev, DMA_BIT_MASK(smmu->oas)))
3492 "failed to set DMA mask for table walker\n");
3494 smmu->ias = max(smmu->ias, smmu->oas);
3496 dev_info(smmu->dev, "ias %lu-bit, oas %lu-bit (features 0x%08x)\n",
3497 smmu->ias, smmu->oas, smmu->features);
3502 static void acpi_smmu_get_options(u32 model, struct arm_smmu_device *smmu)
3505 case ACPI_IORT_SMMU_V3_CAVIUM_CN99XX:
3506 smmu->options |= ARM_SMMU_OPT_PAGE0_REGS_ONLY;
3508 case ACPI_IORT_SMMU_V3_HISILICON_HI161X:
3509 smmu->options |= ARM_SMMU_OPT_SKIP_PREFETCH;
3513 dev_notice(smmu->dev, "option mask 0x%x\n", smmu->options);
3516 static int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3517 struct arm_smmu_device *smmu)
3519 struct acpi_iort_smmu_v3 *iort_smmu;
3520 struct device *dev = smmu->dev;
3521 struct acpi_iort_node *node;
3523 node = *(struct acpi_iort_node **)dev_get_platdata(dev);
3525 /* Retrieve SMMUv3 specific data */
3526 iort_smmu = (struct acpi_iort_smmu_v3 *)node->node_data;
3528 acpi_smmu_get_options(iort_smmu->model, smmu);
3530 if (iort_smmu->flags & ACPI_IORT_SMMU_V3_COHACC_OVERRIDE)
3531 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3536 static inline int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3537 struct arm_smmu_device *smmu)
3543 static int arm_smmu_device_dt_probe(struct platform_device *pdev,
3544 struct arm_smmu_device *smmu)
3546 struct device *dev = &pdev->dev;
3550 if (of_property_read_u32(dev->of_node, "#iommu-cells", &cells))
3551 dev_err(dev, "missing #iommu-cells property\n");
3552 else if (cells != 1)
3553 dev_err(dev, "invalid #iommu-cells value (%d)\n", cells);
3557 parse_driver_options(smmu);
3559 if (of_dma_is_coherent(dev->of_node))
3560 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3565 static unsigned long arm_smmu_resource_size(struct arm_smmu_device *smmu)
3567 if (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY)
3573 static int arm_smmu_device_probe(struct platform_device *pdev)
3576 struct resource *res;
3577 resource_size_t ioaddr;
3578 struct arm_smmu_device *smmu;
3579 struct device *dev = &pdev->dev;
3582 smmu = devm_kzalloc(dev, sizeof(*smmu), GFP_KERNEL);
3584 dev_err(dev, "failed to allocate arm_smmu_device\n");
3590 ret = arm_smmu_device_dt_probe(pdev, smmu);
3592 ret = arm_smmu_device_acpi_probe(pdev, smmu);
3597 /* Set bypass mode according to firmware probing result */
3601 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
3602 if (resource_size(res) + 1 < arm_smmu_resource_size(smmu)) {
3603 dev_err(dev, "MMIO region too small (%pr)\n", res);
3606 ioaddr = res->start;
3608 smmu->base = devm_ioremap_resource(dev, res);
3609 if (IS_ERR(smmu->base))
3610 return PTR_ERR(smmu->base);
3612 /* Interrupt lines */
3614 irq = platform_get_irq_byname_optional(pdev, "combined");
3616 smmu->combined_irq = irq;
3618 irq = platform_get_irq_byname_optional(pdev, "eventq");
3620 smmu->evtq.q.irq = irq;
3622 irq = platform_get_irq_byname_optional(pdev, "priq");
3624 smmu->priq.q.irq = irq;
3626 irq = platform_get_irq_byname_optional(pdev, "gerror");
3628 smmu->gerr_irq = irq;
3631 ret = arm_smmu_device_hw_probe(smmu);
3635 /* Initialise in-memory data structures */
3636 ret = arm_smmu_init_structures(smmu);
3640 /* Record our private device structure */
3641 platform_set_drvdata(pdev, smmu);
3643 /* Reset the device */
3644 ret = arm_smmu_device_reset(smmu, bypass);
3648 /* And we're up. Go go go! */
3649 ret = iommu_device_sysfs_add(&smmu->iommu, dev, NULL,
3650 "smmu3.%pa", &ioaddr);
3654 iommu_device_set_ops(&smmu->iommu, &arm_smmu_ops);
3655 iommu_device_set_fwnode(&smmu->iommu, dev->fwnode);
3657 ret = iommu_device_register(&smmu->iommu);
3659 dev_err(dev, "Failed to register iommu\n");
3664 if (pci_bus_type.iommu_ops != &arm_smmu_ops) {
3666 ret = bus_set_iommu(&pci_bus_type, &arm_smmu_ops);
3671 #ifdef CONFIG_ARM_AMBA
3672 if (amba_bustype.iommu_ops != &arm_smmu_ops) {
3673 ret = bus_set_iommu(&amba_bustype, &arm_smmu_ops);
3678 if (platform_bus_type.iommu_ops != &arm_smmu_ops) {
3679 ret = bus_set_iommu(&platform_bus_type, &arm_smmu_ops);
3686 static void arm_smmu_device_shutdown(struct platform_device *pdev)
3688 struct arm_smmu_device *smmu = platform_get_drvdata(pdev);
3690 arm_smmu_device_disable(smmu);
3693 static const struct of_device_id arm_smmu_of_match[] = {
3694 { .compatible = "arm,smmu-v3", },
3698 static struct platform_driver arm_smmu_driver = {
3700 .name = "arm-smmu-v3",
3701 .of_match_table = of_match_ptr(arm_smmu_of_match),
3702 .suppress_bind_attrs = true,
3704 .probe = arm_smmu_device_probe,
3705 .shutdown = arm_smmu_device_shutdown,
3707 builtin_platform_driver(arm_smmu_driver);
projects / linux-2.6-microblaze.git / blob