2 * Copyright © 2006-2014 Intel Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * Authors: David Woodhouse <dwmw2@infradead.org>,
14 * Ashok Raj <ashok.raj@intel.com>,
15 * Shaohua Li <shaohua.li@intel.com>,
16 * Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
17 * Fenghua Yu <fenghua.yu@intel.com>
18 * Joerg Roedel <jroedel@suse.de>
21 #define pr_fmt(fmt) "DMAR: " fmt
23 #include <linux/init.h>
24 #include <linux/bitmap.h>
25 #include <linux/debugfs.h>
26 #include <linux/export.h>
27 #include <linux/slab.h>
28 #include <linux/irq.h>
29 #include <linux/interrupt.h>
30 #include <linux/spinlock.h>
31 #include <linux/pci.h>
32 #include <linux/dmar.h>
33 #include <linux/dma-mapping.h>
34 #include <linux/mempool.h>
35 #include <linux/memory.h>
36 #include <linux/timer.h>
37 #include <linux/iova.h>
38 #include <linux/iommu.h>
39 #include <linux/intel-iommu.h>
40 #include <linux/syscore_ops.h>
41 #include <linux/tboot.h>
42 #include <linux/dmi.h>
43 #include <linux/pci-ats.h>
44 #include <linux/memblock.h>
45 #include <linux/dma-contiguous.h>
46 #include <linux/crash_dump.h>
47 #include <asm/irq_remapping.h>
48 #include <asm/cacheflush.h>
49 #include <asm/iommu.h>
51 #include "irq_remapping.h"
53 #define ROOT_SIZE VTD_PAGE_SIZE
54 #define CONTEXT_SIZE VTD_PAGE_SIZE
56 #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY)
57 #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB)
58 #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA)
59 #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e)
61 #define IOAPIC_RANGE_START (0xfee00000)
62 #define IOAPIC_RANGE_END (0xfeefffff)
63 #define IOVA_START_ADDR (0x1000)
65 #define DEFAULT_DOMAIN_ADDRESS_WIDTH 48
67 #define MAX_AGAW_WIDTH 64
68 #define MAX_AGAW_PFN_WIDTH (MAX_AGAW_WIDTH - VTD_PAGE_SHIFT)
70 #define __DOMAIN_MAX_PFN(gaw) ((((uint64_t)1) << (gaw-VTD_PAGE_SHIFT)) - 1)
71 #define __DOMAIN_MAX_ADDR(gaw) ((((uint64_t)1) << gaw) - 1)
73 /* We limit DOMAIN_MAX_PFN to fit in an unsigned long, and DOMAIN_MAX_ADDR
74 to match. That way, we can use 'unsigned long' for PFNs with impunity. */
75 #define DOMAIN_MAX_PFN(gaw) ((unsigned long) min_t(uint64_t, \
76 __DOMAIN_MAX_PFN(gaw), (unsigned long)-1))
77 #define DOMAIN_MAX_ADDR(gaw) (((uint64_t)__DOMAIN_MAX_PFN(gaw)) << VTD_PAGE_SHIFT)
79 /* IO virtual address start page frame number */
80 #define IOVA_START_PFN (1)
82 #define IOVA_PFN(addr) ((addr) >> PAGE_SHIFT)
83 #define DMA_32BIT_PFN IOVA_PFN(DMA_BIT_MASK(32))
84 #define DMA_64BIT_PFN IOVA_PFN(DMA_BIT_MASK(64))
86 /* page table handling */
87 #define LEVEL_STRIDE (9)
88 #define LEVEL_MASK (((u64)1 << LEVEL_STRIDE) - 1)
91 * This bitmap is used to advertise the page sizes our hardware support
92 * to the IOMMU core, which will then use this information to split
93 * physically contiguous memory regions it is mapping into page sizes
96 * Traditionally the IOMMU core just handed us the mappings directly,
97 * after making sure the size is an order of a 4KiB page and that the
98 * mapping has natural alignment.
100 * To retain this behavior, we currently advertise that we support
101 * all page sizes that are an order of 4KiB.
103 * If at some point we'd like to utilize the IOMMU core's new behavior,
104 * we could change this to advertise the real page sizes we support.
106 #define INTEL_IOMMU_PGSIZES (~0xFFFUL)
108 static inline int agaw_to_level(int agaw)
113 static inline int agaw_to_width(int agaw)
115 return min_t(int, 30 + agaw * LEVEL_STRIDE, MAX_AGAW_WIDTH);
118 static inline int width_to_agaw(int width)
120 return DIV_ROUND_UP(width - 30, LEVEL_STRIDE);
123 static inline unsigned int level_to_offset_bits(int level)
125 return (level - 1) * LEVEL_STRIDE;
128 static inline int pfn_level_offset(unsigned long pfn, int level)
130 return (pfn >> level_to_offset_bits(level)) & LEVEL_MASK;
133 static inline unsigned long level_mask(int level)
135 return -1UL << level_to_offset_bits(level);
138 static inline unsigned long level_size(int level)
140 return 1UL << level_to_offset_bits(level);
143 static inline unsigned long align_to_level(unsigned long pfn, int level)
145 return (pfn + level_size(level) - 1) & level_mask(level);
148 static inline unsigned long lvl_to_nr_pages(unsigned int lvl)
150 return 1 << min_t(int, (lvl - 1) * LEVEL_STRIDE, MAX_AGAW_PFN_WIDTH);
153 /* VT-d pages must always be _smaller_ than MM pages. Otherwise things
154 are never going to work. */
155 static inline unsigned long dma_to_mm_pfn(unsigned long dma_pfn)
157 return dma_pfn >> (PAGE_SHIFT - VTD_PAGE_SHIFT);
160 static inline unsigned long mm_to_dma_pfn(unsigned long mm_pfn)
162 return mm_pfn << (PAGE_SHIFT - VTD_PAGE_SHIFT);
164 static inline unsigned long page_to_dma_pfn(struct page *pg)
166 return mm_to_dma_pfn(page_to_pfn(pg));
168 static inline unsigned long virt_to_dma_pfn(void *p)
170 return page_to_dma_pfn(virt_to_page(p));
173 /* global iommu list, set NULL for ignored DMAR units */
174 static struct intel_iommu **g_iommus;
176 static void __init check_tylersburg_isoch(void);
177 static int rwbf_quirk;
180 * set to 1 to panic kernel if can't successfully enable VT-d
181 * (used when kernel is launched w/ TXT)
183 static int force_on = 0;
188 * 12-63: Context Ptr (12 - (haw-1))
195 #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
198 * Take a root_entry and return the Lower Context Table Pointer (LCTP)
201 static phys_addr_t root_entry_lctp(struct root_entry *re)
206 return re->lo & VTD_PAGE_MASK;
210 * Take a root_entry and return the Upper Context Table Pointer (UCTP)
213 static phys_addr_t root_entry_uctp(struct root_entry *re)
218 return re->hi & VTD_PAGE_MASK;
223 * 1: fault processing disable
224 * 2-3: translation type
225 * 12-63: address space root
231 struct context_entry {
236 static inline void context_clear_pasid_enable(struct context_entry *context)
238 context->lo &= ~(1ULL << 11);
241 static inline bool context_pasid_enabled(struct context_entry *context)
243 return !!(context->lo & (1ULL << 11));
246 static inline void context_set_copied(struct context_entry *context)
248 context->hi |= (1ull << 3);
251 static inline bool context_copied(struct context_entry *context)
253 return !!(context->hi & (1ULL << 3));
256 static inline bool __context_present(struct context_entry *context)
258 return (context->lo & 1);
261 static inline bool context_present(struct context_entry *context)
263 return context_pasid_enabled(context) ?
264 __context_present(context) :
265 __context_present(context) && !context_copied(context);
268 static inline void context_set_present(struct context_entry *context)
273 static inline void context_set_fault_enable(struct context_entry *context)
275 context->lo &= (((u64)-1) << 2) | 1;
278 static inline void context_set_translation_type(struct context_entry *context,
281 context->lo &= (((u64)-1) << 4) | 3;
282 context->lo |= (value & 3) << 2;
285 static inline void context_set_address_root(struct context_entry *context,
288 context->lo &= ~VTD_PAGE_MASK;
289 context->lo |= value & VTD_PAGE_MASK;
292 static inline void context_set_address_width(struct context_entry *context,
295 context->hi |= value & 7;
298 static inline void context_set_domain_id(struct context_entry *context,
301 context->hi |= (value & ((1 << 16) - 1)) << 8;
304 static inline int context_domain_id(struct context_entry *c)
306 return((c->hi >> 8) & 0xffff);
309 static inline void context_clear_entry(struct context_entry *context)
322 * 12-63: Host physcial address
328 static inline void dma_clear_pte(struct dma_pte *pte)
333 static inline u64 dma_pte_addr(struct dma_pte *pte)
336 return pte->val & VTD_PAGE_MASK;
338 /* Must have a full atomic 64-bit read */
339 return __cmpxchg64(&pte->val, 0ULL, 0ULL) & VTD_PAGE_MASK;
343 static inline bool dma_pte_present(struct dma_pte *pte)
345 return (pte->val & 3) != 0;
348 static inline bool dma_pte_superpage(struct dma_pte *pte)
350 return (pte->val & DMA_PTE_LARGE_PAGE);
353 static inline int first_pte_in_page(struct dma_pte *pte)
355 return !((unsigned long)pte & ~VTD_PAGE_MASK);
359 * This domain is a statically identity mapping domain.
360 * 1. This domain creats a static 1:1 mapping to all usable memory.
361 * 2. It maps to each iommu if successful.
362 * 3. Each iommu mapps to this domain if successful.
364 static struct dmar_domain *si_domain;
365 static int hw_pass_through = 1;
368 * Domain represents a virtual machine, more than one devices
369 * across iommus may be owned in one domain, e.g. kvm guest.
371 #define DOMAIN_FLAG_VIRTUAL_MACHINE (1 << 0)
373 /* si_domain contains mulitple devices */
374 #define DOMAIN_FLAG_STATIC_IDENTITY (1 << 1)
376 #define for_each_domain_iommu(idx, domain) \
377 for (idx = 0; idx < g_num_of_iommus; idx++) \
378 if (domain->iommu_refcnt[idx])
381 int nid; /* node id */
383 unsigned iommu_refcnt[DMAR_UNITS_SUPPORTED];
384 /* Refcount of devices per iommu */
387 u16 iommu_did[DMAR_UNITS_SUPPORTED];
388 /* Domain ids per IOMMU. Use u16 since
389 * domain ids are 16 bit wide according
390 * to VT-d spec, section 9.3 */
392 struct list_head devices; /* all devices' list */
393 struct iova_domain iovad; /* iova's that belong to this domain */
395 struct dma_pte *pgd; /* virtual address */
396 int gaw; /* max guest address width */
398 /* adjusted guest address width, 0 is level 2 30-bit */
401 int flags; /* flags to find out type of domain */
403 int iommu_coherency;/* indicate coherency of iommu access */
404 int iommu_snooping; /* indicate snooping control feature*/
405 int iommu_count; /* reference count of iommu */
406 int iommu_superpage;/* Level of superpages supported:
407 0 == 4KiB (no superpages), 1 == 2MiB,
408 2 == 1GiB, 3 == 512GiB, 4 == 1TiB */
409 u64 max_addr; /* maximum mapped address */
411 struct iommu_domain domain; /* generic domain data structure for
415 /* PCI domain-device relationship */
416 struct device_domain_info {
417 struct list_head link; /* link to domain siblings */
418 struct list_head global; /* link to global list */
419 u8 bus; /* PCI bus number */
420 u8 devfn; /* PCI devfn number */
424 } ats; /* ATS state */
425 struct device *dev; /* it's NULL for PCIe-to-PCI bridge */
426 struct intel_iommu *iommu; /* IOMMU used by this device */
427 struct dmar_domain *domain; /* pointer to domain */
430 struct dmar_rmrr_unit {
431 struct list_head list; /* list of rmrr units */
432 struct acpi_dmar_header *hdr; /* ACPI header */
433 u64 base_address; /* reserved base address*/
434 u64 end_address; /* reserved end address */
435 struct dmar_dev_scope *devices; /* target devices */
436 int devices_cnt; /* target device count */
439 struct dmar_atsr_unit {
440 struct list_head list; /* list of ATSR units */
441 struct acpi_dmar_header *hdr; /* ACPI header */
442 struct dmar_dev_scope *devices; /* target devices */
443 int devices_cnt; /* target device count */
444 u8 include_all:1; /* include all ports */
447 static LIST_HEAD(dmar_atsr_units);
448 static LIST_HEAD(dmar_rmrr_units);
450 #define for_each_rmrr_units(rmrr) \
451 list_for_each_entry(rmrr, &dmar_rmrr_units, list)
453 static void flush_unmaps_timeout(unsigned long data);
455 static DEFINE_TIMER(unmap_timer, flush_unmaps_timeout, 0, 0);
457 #define HIGH_WATER_MARK 250
458 struct deferred_flush_tables {
460 struct iova *iova[HIGH_WATER_MARK];
461 struct dmar_domain *domain[HIGH_WATER_MARK];
462 struct page *freelist[HIGH_WATER_MARK];
465 static struct deferred_flush_tables *deferred_flush;
467 /* bitmap for indexing intel_iommus */
468 static int g_num_of_iommus;
470 static DEFINE_SPINLOCK(async_umap_flush_lock);
471 static LIST_HEAD(unmaps_to_do);
474 static long list_size;
476 static void domain_exit(struct dmar_domain *domain);
477 static void domain_remove_dev_info(struct dmar_domain *domain);
478 static void dmar_remove_one_dev_info(struct dmar_domain *domain,
480 static void __dmar_remove_one_dev_info(struct device_domain_info *info);
481 static void domain_context_clear(struct intel_iommu *iommu,
483 static int domain_detach_iommu(struct dmar_domain *domain,
484 struct intel_iommu *iommu);
486 #ifdef CONFIG_INTEL_IOMMU_DEFAULT_ON
487 int dmar_disabled = 0;
489 int dmar_disabled = 1;
490 #endif /*CONFIG_INTEL_IOMMU_DEFAULT_ON*/
492 int intel_iommu_enabled = 0;
493 EXPORT_SYMBOL_GPL(intel_iommu_enabled);
495 static int dmar_map_gfx = 1;
496 static int dmar_forcedac;
497 static int intel_iommu_strict;
498 static int intel_iommu_superpage = 1;
499 static int intel_iommu_ecs = 1;
501 /* We only actually use ECS when PASID support (on the new bit 40)
502 * is also advertised. Some early implementations — the ones with
503 * PASID support on bit 28 — have issues even when we *only* use
504 * extended root/context tables. */
505 #define ecs_enabled(iommu) (intel_iommu_ecs && ecap_ecs(iommu->ecap) && \
506 ecap_pasid(iommu->ecap))
508 int intel_iommu_gfx_mapped;
509 EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped);
511 #define DUMMY_DEVICE_DOMAIN_INFO ((struct device_domain_info *)(-1))
512 static DEFINE_SPINLOCK(device_domain_lock);
513 static LIST_HEAD(device_domain_list);
515 static const struct iommu_ops intel_iommu_ops;
517 static bool translation_pre_enabled(struct intel_iommu *iommu)
519 return (iommu->flags & VTD_FLAG_TRANS_PRE_ENABLED);
522 static void clear_translation_pre_enabled(struct intel_iommu *iommu)
524 iommu->flags &= ~VTD_FLAG_TRANS_PRE_ENABLED;
527 static void init_translation_status(struct intel_iommu *iommu)
531 gsts = readl(iommu->reg + DMAR_GSTS_REG);
532 if (gsts & DMA_GSTS_TES)
533 iommu->flags |= VTD_FLAG_TRANS_PRE_ENABLED;
536 /* Convert generic 'struct iommu_domain to private struct dmar_domain */
537 static struct dmar_domain *to_dmar_domain(struct iommu_domain *dom)
539 return container_of(dom, struct dmar_domain, domain);
542 static int __init intel_iommu_setup(char *str)
547 if (!strncmp(str, "on", 2)) {
549 pr_info("IOMMU enabled\n");
550 } else if (!strncmp(str, "off", 3)) {
552 pr_info("IOMMU disabled\n");
553 } else if (!strncmp(str, "igfx_off", 8)) {
555 pr_info("Disable GFX device mapping\n");
556 } else if (!strncmp(str, "forcedac", 8)) {
557 pr_info("Forcing DAC for PCI devices\n");
559 } else if (!strncmp(str, "strict", 6)) {
560 pr_info("Disable batched IOTLB flush\n");
561 intel_iommu_strict = 1;
562 } else if (!strncmp(str, "sp_off", 6)) {
563 pr_info("Disable supported super page\n");
564 intel_iommu_superpage = 0;
565 } else if (!strncmp(str, "ecs_off", 7)) {
567 "Intel-IOMMU: disable extended context table support\n");
571 str += strcspn(str, ",");
577 __setup("intel_iommu=", intel_iommu_setup);
579 static struct kmem_cache *iommu_domain_cache;
580 static struct kmem_cache *iommu_devinfo_cache;
582 static struct dmar_domain* get_iommu_domain(struct intel_iommu *iommu, u16 did)
584 struct dmar_domain **domains;
587 domains = iommu->domains[idx];
591 return domains[did & 0xff];
594 static void set_iommu_domain(struct intel_iommu *iommu, u16 did,
595 struct dmar_domain *domain)
597 struct dmar_domain **domains;
600 if (!iommu->domains[idx]) {
601 size_t size = 256 * sizeof(struct dmar_domain *);
602 iommu->domains[idx] = kzalloc(size, GFP_ATOMIC);
605 domains = iommu->domains[idx];
606 if (WARN_ON(!domains))
609 domains[did & 0xff] = domain;
612 static inline void *alloc_pgtable_page(int node)
617 page = alloc_pages_node(node, GFP_ATOMIC | __GFP_ZERO, 0);
619 vaddr = page_address(page);
623 static inline void free_pgtable_page(void *vaddr)
625 free_page((unsigned long)vaddr);
628 static inline void *alloc_domain_mem(void)
630 return kmem_cache_alloc(iommu_domain_cache, GFP_ATOMIC);
633 static void free_domain_mem(void *vaddr)
635 kmem_cache_free(iommu_domain_cache, vaddr);
638 static inline void * alloc_devinfo_mem(void)
640 return kmem_cache_alloc(iommu_devinfo_cache, GFP_ATOMIC);
643 static inline void free_devinfo_mem(void *vaddr)
645 kmem_cache_free(iommu_devinfo_cache, vaddr);
648 static inline int domain_type_is_vm(struct dmar_domain *domain)
650 return domain->flags & DOMAIN_FLAG_VIRTUAL_MACHINE;
653 static inline int domain_type_is_si(struct dmar_domain *domain)
655 return domain->flags & DOMAIN_FLAG_STATIC_IDENTITY;
658 static inline int domain_type_is_vm_or_si(struct dmar_domain *domain)
660 return domain->flags & (DOMAIN_FLAG_VIRTUAL_MACHINE |
661 DOMAIN_FLAG_STATIC_IDENTITY);
664 static inline int domain_pfn_supported(struct dmar_domain *domain,
667 int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
669 return !(addr_width < BITS_PER_LONG && pfn >> addr_width);
672 static int __iommu_calculate_agaw(struct intel_iommu *iommu, int max_gaw)
677 sagaw = cap_sagaw(iommu->cap);
678 for (agaw = width_to_agaw(max_gaw);
680 if (test_bit(agaw, &sagaw))
688 * Calculate max SAGAW for each iommu.
690 int iommu_calculate_max_sagaw(struct intel_iommu *iommu)
692 return __iommu_calculate_agaw(iommu, MAX_AGAW_WIDTH);
696 * calculate agaw for each iommu.
697 * "SAGAW" may be different across iommus, use a default agaw, and
698 * get a supported less agaw for iommus that don't support the default agaw.
700 int iommu_calculate_agaw(struct intel_iommu *iommu)
702 return __iommu_calculate_agaw(iommu, DEFAULT_DOMAIN_ADDRESS_WIDTH);
705 /* This functionin only returns single iommu in a domain */
706 static struct intel_iommu *domain_get_iommu(struct dmar_domain *domain)
710 /* si_domain and vm domain should not get here. */
711 BUG_ON(domain_type_is_vm_or_si(domain));
712 for_each_domain_iommu(iommu_id, domain)
715 if (iommu_id < 0 || iommu_id >= g_num_of_iommus)
718 return g_iommus[iommu_id];
721 static void domain_update_iommu_coherency(struct dmar_domain *domain)
723 struct dmar_drhd_unit *drhd;
724 struct intel_iommu *iommu;
728 domain->iommu_coherency = 1;
730 for_each_domain_iommu(i, domain) {
732 if (!ecap_coherent(g_iommus[i]->ecap)) {
733 domain->iommu_coherency = 0;
740 /* No hardware attached; use lowest common denominator */
742 for_each_active_iommu(iommu, drhd) {
743 if (!ecap_coherent(iommu->ecap)) {
744 domain->iommu_coherency = 0;
751 static int domain_update_iommu_snooping(struct intel_iommu *skip)
753 struct dmar_drhd_unit *drhd;
754 struct intel_iommu *iommu;
758 for_each_active_iommu(iommu, drhd) {
760 if (!ecap_sc_support(iommu->ecap)) {
771 static int domain_update_iommu_superpage(struct intel_iommu *skip)
773 struct dmar_drhd_unit *drhd;
774 struct intel_iommu *iommu;
777 if (!intel_iommu_superpage) {
781 /* set iommu_superpage to the smallest common denominator */
783 for_each_active_iommu(iommu, drhd) {
785 mask &= cap_super_page_val(iommu->cap);
795 /* Some capabilities may be different across iommus */
796 static void domain_update_iommu_cap(struct dmar_domain *domain)
798 domain_update_iommu_coherency(domain);
799 domain->iommu_snooping = domain_update_iommu_snooping(NULL);
800 domain->iommu_superpage = domain_update_iommu_superpage(NULL);
803 static inline struct context_entry *iommu_context_addr(struct intel_iommu *iommu,
804 u8 bus, u8 devfn, int alloc)
806 struct root_entry *root = &iommu->root_entry[bus];
807 struct context_entry *context;
811 if (ecs_enabled(iommu)) {
819 context = phys_to_virt(*entry & VTD_PAGE_MASK);
821 unsigned long phy_addr;
825 context = alloc_pgtable_page(iommu->node);
829 __iommu_flush_cache(iommu, (void *)context, CONTEXT_SIZE);
830 phy_addr = virt_to_phys((void *)context);
831 *entry = phy_addr | 1;
832 __iommu_flush_cache(iommu, entry, sizeof(*entry));
834 return &context[devfn];
837 static int iommu_dummy(struct device *dev)
839 return dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO;
842 static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devfn)
844 struct dmar_drhd_unit *drhd = NULL;
845 struct intel_iommu *iommu;
847 struct pci_dev *ptmp, *pdev = NULL;
851 if (iommu_dummy(dev))
854 if (dev_is_pci(dev)) {
855 pdev = to_pci_dev(dev);
856 segment = pci_domain_nr(pdev->bus);
857 } else if (has_acpi_companion(dev))
858 dev = &ACPI_COMPANION(dev)->dev;
861 for_each_active_iommu(iommu, drhd) {
862 if (pdev && segment != drhd->segment)
865 for_each_active_dev_scope(drhd->devices,
866 drhd->devices_cnt, i, tmp) {
868 *bus = drhd->devices[i].bus;
869 *devfn = drhd->devices[i].devfn;
873 if (!pdev || !dev_is_pci(tmp))
876 ptmp = to_pci_dev(tmp);
877 if (ptmp->subordinate &&
878 ptmp->subordinate->number <= pdev->bus->number &&
879 ptmp->subordinate->busn_res.end >= pdev->bus->number)
883 if (pdev && drhd->include_all) {
885 *bus = pdev->bus->number;
886 *devfn = pdev->devfn;
897 static void domain_flush_cache(struct dmar_domain *domain,
898 void *addr, int size)
900 if (!domain->iommu_coherency)
901 clflush_cache_range(addr, size);
904 static int device_context_mapped(struct intel_iommu *iommu, u8 bus, u8 devfn)
906 struct context_entry *context;
910 spin_lock_irqsave(&iommu->lock, flags);
911 context = iommu_context_addr(iommu, bus, devfn, 0);
913 ret = context_present(context);
914 spin_unlock_irqrestore(&iommu->lock, flags);
918 static void clear_context_table(struct intel_iommu *iommu, u8 bus, u8 devfn)
920 struct context_entry *context;
923 spin_lock_irqsave(&iommu->lock, flags);
924 context = iommu_context_addr(iommu, bus, devfn, 0);
926 context_clear_entry(context);
927 __iommu_flush_cache(iommu, context, sizeof(*context));
929 spin_unlock_irqrestore(&iommu->lock, flags);
932 static void free_context_table(struct intel_iommu *iommu)
936 struct context_entry *context;
938 spin_lock_irqsave(&iommu->lock, flags);
939 if (!iommu->root_entry) {
942 for (i = 0; i < ROOT_ENTRY_NR; i++) {
943 context = iommu_context_addr(iommu, i, 0, 0);
945 free_pgtable_page(context);
947 if (!ecs_enabled(iommu))
950 context = iommu_context_addr(iommu, i, 0x80, 0);
952 free_pgtable_page(context);
955 free_pgtable_page(iommu->root_entry);
956 iommu->root_entry = NULL;
958 spin_unlock_irqrestore(&iommu->lock, flags);
961 static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
962 unsigned long pfn, int *target_level)
964 struct dma_pte *parent, *pte = NULL;
965 int level = agaw_to_level(domain->agaw);
968 BUG_ON(!domain->pgd);
970 if (!domain_pfn_supported(domain, pfn))
971 /* Address beyond IOMMU's addressing capabilities. */
974 parent = domain->pgd;
979 offset = pfn_level_offset(pfn, level);
980 pte = &parent[offset];
981 if (!*target_level && (dma_pte_superpage(pte) || !dma_pte_present(pte)))
983 if (level == *target_level)
986 if (!dma_pte_present(pte)) {
989 tmp_page = alloc_pgtable_page(domain->nid);
994 domain_flush_cache(domain, tmp_page, VTD_PAGE_SIZE);
995 pteval = ((uint64_t)virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE;
996 if (cmpxchg64(&pte->val, 0ULL, pteval))
997 /* Someone else set it while we were thinking; use theirs. */
998 free_pgtable_page(tmp_page);
1000 domain_flush_cache(domain, pte, sizeof(*pte));
1005 parent = phys_to_virt(dma_pte_addr(pte));
1010 *target_level = level;
1016 /* return address's pte at specific level */
1017 static struct dma_pte *dma_pfn_level_pte(struct dmar_domain *domain,
1019 int level, int *large_page)
1021 struct dma_pte *parent, *pte = NULL;
1022 int total = agaw_to_level(domain->agaw);
1025 parent = domain->pgd;
1026 while (level <= total) {
1027 offset = pfn_level_offset(pfn, total);
1028 pte = &parent[offset];
1032 if (!dma_pte_present(pte)) {
1033 *large_page = total;
1037 if (dma_pte_superpage(pte)) {
1038 *large_page = total;
1042 parent = phys_to_virt(dma_pte_addr(pte));
1048 /* clear last level pte, a tlb flush should be followed */
1049 static void dma_pte_clear_range(struct dmar_domain *domain,
1050 unsigned long start_pfn,
1051 unsigned long last_pfn)
1053 unsigned int large_page = 1;
1054 struct dma_pte *first_pte, *pte;
1056 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1057 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1058 BUG_ON(start_pfn > last_pfn);
1060 /* we don't need lock here; nobody else touches the iova range */
1063 first_pte = pte = dma_pfn_level_pte(domain, start_pfn, 1, &large_page);
1065 start_pfn = align_to_level(start_pfn + 1, large_page + 1);
1070 start_pfn += lvl_to_nr_pages(large_page);
1072 } while (start_pfn <= last_pfn && !first_pte_in_page(pte));
1074 domain_flush_cache(domain, first_pte,
1075 (void *)pte - (void *)first_pte);
1077 } while (start_pfn && start_pfn <= last_pfn);
1080 static void dma_pte_free_level(struct dmar_domain *domain, int level,
1081 struct dma_pte *pte, unsigned long pfn,
1082 unsigned long start_pfn, unsigned long last_pfn)
1084 pfn = max(start_pfn, pfn);
1085 pte = &pte[pfn_level_offset(pfn, level)];
1088 unsigned long level_pfn;
1089 struct dma_pte *level_pte;
1091 if (!dma_pte_present(pte) || dma_pte_superpage(pte))
1094 level_pfn = pfn & level_mask(level - 1);
1095 level_pte = phys_to_virt(dma_pte_addr(pte));
1098 dma_pte_free_level(domain, level - 1, level_pte,
1099 level_pfn, start_pfn, last_pfn);
1101 /* If range covers entire pagetable, free it */
1102 if (!(start_pfn > level_pfn ||
1103 last_pfn < level_pfn + level_size(level) - 1)) {
1105 domain_flush_cache(domain, pte, sizeof(*pte));
1106 free_pgtable_page(level_pte);
1109 pfn += level_size(level);
1110 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
1113 /* free page table pages. last level pte should already be cleared */
1114 static void dma_pte_free_pagetable(struct dmar_domain *domain,
1115 unsigned long start_pfn,
1116 unsigned long last_pfn)
1118 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1119 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1120 BUG_ON(start_pfn > last_pfn);
1122 dma_pte_clear_range(domain, start_pfn, last_pfn);
1124 /* We don't need lock here; nobody else touches the iova range */
1125 dma_pte_free_level(domain, agaw_to_level(domain->agaw),
1126 domain->pgd, 0, start_pfn, last_pfn);
1129 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1130 free_pgtable_page(domain->pgd);
1135 /* When a page at a given level is being unlinked from its parent, we don't
1136 need to *modify* it at all. All we need to do is make a list of all the
1137 pages which can be freed just as soon as we've flushed the IOTLB and we
1138 know the hardware page-walk will no longer touch them.
1139 The 'pte' argument is the *parent* PTE, pointing to the page that is to
1141 static struct page *dma_pte_list_pagetables(struct dmar_domain *domain,
1142 int level, struct dma_pte *pte,
1143 struct page *freelist)
1147 pg = pfn_to_page(dma_pte_addr(pte) >> PAGE_SHIFT);
1148 pg->freelist = freelist;
1154 pte = page_address(pg);
1156 if (dma_pte_present(pte) && !dma_pte_superpage(pte))
1157 freelist = dma_pte_list_pagetables(domain, level - 1,
1160 } while (!first_pte_in_page(pte));
1165 static struct page *dma_pte_clear_level(struct dmar_domain *domain, int level,
1166 struct dma_pte *pte, unsigned long pfn,
1167 unsigned long start_pfn,
1168 unsigned long last_pfn,
1169 struct page *freelist)
1171 struct dma_pte *first_pte = NULL, *last_pte = NULL;
1173 pfn = max(start_pfn, pfn);
1174 pte = &pte[pfn_level_offset(pfn, level)];
1177 unsigned long level_pfn;
1179 if (!dma_pte_present(pte))
1182 level_pfn = pfn & level_mask(level);
1184 /* If range covers entire pagetable, free it */
1185 if (start_pfn <= level_pfn &&
1186 last_pfn >= level_pfn + level_size(level) - 1) {
1187 /* These suborbinate page tables are going away entirely. Don't
1188 bother to clear them; we're just going to *free* them. */
1189 if (level > 1 && !dma_pte_superpage(pte))
1190 freelist = dma_pte_list_pagetables(domain, level - 1, pte, freelist);
1196 } else if (level > 1) {
1197 /* Recurse down into a level that isn't *entirely* obsolete */
1198 freelist = dma_pte_clear_level(domain, level - 1,
1199 phys_to_virt(dma_pte_addr(pte)),
1200 level_pfn, start_pfn, last_pfn,
1204 pfn += level_size(level);
1205 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
1208 domain_flush_cache(domain, first_pte,
1209 (void *)++last_pte - (void *)first_pte);
1214 /* We can't just free the pages because the IOMMU may still be walking
1215 the page tables, and may have cached the intermediate levels. The
1216 pages can only be freed after the IOTLB flush has been done. */
1217 static struct page *domain_unmap(struct dmar_domain *domain,
1218 unsigned long start_pfn,
1219 unsigned long last_pfn)
1221 struct page *freelist = NULL;
1223 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1224 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1225 BUG_ON(start_pfn > last_pfn);
1227 /* we don't need lock here; nobody else touches the iova range */
1228 freelist = dma_pte_clear_level(domain, agaw_to_level(domain->agaw),
1229 domain->pgd, 0, start_pfn, last_pfn, NULL);
1232 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1233 struct page *pgd_page = virt_to_page(domain->pgd);
1234 pgd_page->freelist = freelist;
1235 freelist = pgd_page;
1243 static void dma_free_pagelist(struct page *freelist)
1247 while ((pg = freelist)) {
1248 freelist = pg->freelist;
1249 free_pgtable_page(page_address(pg));
1253 /* iommu handling */
1254 static int iommu_alloc_root_entry(struct intel_iommu *iommu)
1256 struct root_entry *root;
1257 unsigned long flags;
1259 root = (struct root_entry *)alloc_pgtable_page(iommu->node);
1261 pr_err("Allocating root entry for %s failed\n",
1266 __iommu_flush_cache(iommu, root, ROOT_SIZE);
1268 spin_lock_irqsave(&iommu->lock, flags);
1269 iommu->root_entry = root;
1270 spin_unlock_irqrestore(&iommu->lock, flags);
1275 static void iommu_set_root_entry(struct intel_iommu *iommu)
1281 addr = virt_to_phys(iommu->root_entry);
1282 if (ecs_enabled(iommu))
1283 addr |= DMA_RTADDR_RTT;
1285 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1286 dmar_writeq(iommu->reg + DMAR_RTADDR_REG, addr);
1288 writel(iommu->gcmd | DMA_GCMD_SRTP, iommu->reg + DMAR_GCMD_REG);
1290 /* Make sure hardware complete it */
1291 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1292 readl, (sts & DMA_GSTS_RTPS), sts);
1294 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1297 static void iommu_flush_write_buffer(struct intel_iommu *iommu)
1302 if (!rwbf_quirk && !cap_rwbf(iommu->cap))
1305 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1306 writel(iommu->gcmd | DMA_GCMD_WBF, iommu->reg + DMAR_GCMD_REG);
1308 /* Make sure hardware complete it */
1309 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1310 readl, (!(val & DMA_GSTS_WBFS)), val);
1312 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1315 /* return value determine if we need a write buffer flush */
1316 static void __iommu_flush_context(struct intel_iommu *iommu,
1317 u16 did, u16 source_id, u8 function_mask,
1324 case DMA_CCMD_GLOBAL_INVL:
1325 val = DMA_CCMD_GLOBAL_INVL;
1327 case DMA_CCMD_DOMAIN_INVL:
1328 val = DMA_CCMD_DOMAIN_INVL|DMA_CCMD_DID(did);
1330 case DMA_CCMD_DEVICE_INVL:
1331 val = DMA_CCMD_DEVICE_INVL|DMA_CCMD_DID(did)
1332 | DMA_CCMD_SID(source_id) | DMA_CCMD_FM(function_mask);
1337 val |= DMA_CCMD_ICC;
1339 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1340 dmar_writeq(iommu->reg + DMAR_CCMD_REG, val);
1342 /* Make sure hardware complete it */
1343 IOMMU_WAIT_OP(iommu, DMAR_CCMD_REG,
1344 dmar_readq, (!(val & DMA_CCMD_ICC)), val);
1346 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1349 /* return value determine if we need a write buffer flush */
1350 static void __iommu_flush_iotlb(struct intel_iommu *iommu, u16 did,
1351 u64 addr, unsigned int size_order, u64 type)
1353 int tlb_offset = ecap_iotlb_offset(iommu->ecap);
1354 u64 val = 0, val_iva = 0;
1358 case DMA_TLB_GLOBAL_FLUSH:
1359 /* global flush doesn't need set IVA_REG */
1360 val = DMA_TLB_GLOBAL_FLUSH|DMA_TLB_IVT;
1362 case DMA_TLB_DSI_FLUSH:
1363 val = DMA_TLB_DSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1365 case DMA_TLB_PSI_FLUSH:
1366 val = DMA_TLB_PSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1367 /* IH bit is passed in as part of address */
1368 val_iva = size_order | addr;
1373 /* Note: set drain read/write */
1376 * This is probably to be super secure.. Looks like we can
1377 * ignore it without any impact.
1379 if (cap_read_drain(iommu->cap))
1380 val |= DMA_TLB_READ_DRAIN;
1382 if (cap_write_drain(iommu->cap))
1383 val |= DMA_TLB_WRITE_DRAIN;
1385 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1386 /* Note: Only uses first TLB reg currently */
1388 dmar_writeq(iommu->reg + tlb_offset, val_iva);
1389 dmar_writeq(iommu->reg + tlb_offset + 8, val);
1391 /* Make sure hardware complete it */
1392 IOMMU_WAIT_OP(iommu, tlb_offset + 8,
1393 dmar_readq, (!(val & DMA_TLB_IVT)), val);
1395 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1397 /* check IOTLB invalidation granularity */
1398 if (DMA_TLB_IAIG(val) == 0)
1399 pr_err("Flush IOTLB failed\n");
1400 if (DMA_TLB_IAIG(val) != DMA_TLB_IIRG(type))
1401 pr_debug("TLB flush request %Lx, actual %Lx\n",
1402 (unsigned long long)DMA_TLB_IIRG(type),
1403 (unsigned long long)DMA_TLB_IAIG(val));
1406 static struct device_domain_info *
1407 iommu_support_dev_iotlb (struct dmar_domain *domain, struct intel_iommu *iommu,
1411 struct device_domain_info *info;
1412 struct pci_dev *pdev;
1414 assert_spin_locked(&device_domain_lock);
1416 if (!ecap_dev_iotlb_support(iommu->ecap))
1422 list_for_each_entry(info, &domain->devices, link)
1423 if (info->iommu == iommu && info->bus == bus &&
1424 info->devfn == devfn) {
1429 if (!found || !info->dev || !dev_is_pci(info->dev))
1432 pdev = to_pci_dev(info->dev);
1434 if (!pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS))
1437 if (!dmar_find_matched_atsr_unit(pdev))
1443 static void iommu_enable_dev_iotlb(struct device_domain_info *info)
1445 struct pci_dev *pdev;
1447 if (!info || !dev_is_pci(info->dev))
1450 pdev = to_pci_dev(info->dev);
1451 if (pci_enable_ats(pdev, VTD_PAGE_SHIFT))
1454 info->ats.enabled = 1;
1455 info->ats.qdep = pci_ats_queue_depth(pdev);
1458 static void iommu_disable_dev_iotlb(struct device_domain_info *info)
1460 if (!info->ats.enabled)
1463 pci_disable_ats(to_pci_dev(info->dev));
1464 info->ats.enabled = 0;
1467 static void iommu_flush_dev_iotlb(struct dmar_domain *domain,
1468 u64 addr, unsigned mask)
1471 unsigned long flags;
1472 struct device_domain_info *info;
1474 spin_lock_irqsave(&device_domain_lock, flags);
1475 list_for_each_entry(info, &domain->devices, link) {
1476 if (!info->ats.enabled)
1479 sid = info->bus << 8 | info->devfn;
1480 qdep = info->ats.qdep;
1481 qi_flush_dev_iotlb(info->iommu, sid, qdep, addr, mask);
1483 spin_unlock_irqrestore(&device_domain_lock, flags);
1486 static void iommu_flush_iotlb_psi(struct intel_iommu *iommu,
1487 struct dmar_domain *domain,
1488 unsigned long pfn, unsigned int pages,
1491 unsigned int mask = ilog2(__roundup_pow_of_two(pages));
1492 uint64_t addr = (uint64_t)pfn << VTD_PAGE_SHIFT;
1493 u16 did = domain->iommu_did[iommu->seq_id];
1500 * Fallback to domain selective flush if no PSI support or the size is
1502 * PSI requires page size to be 2 ^ x, and the base address is naturally
1503 * aligned to the size
1505 if (!cap_pgsel_inv(iommu->cap) || mask > cap_max_amask_val(iommu->cap))
1506 iommu->flush.flush_iotlb(iommu, did, 0, 0,
1509 iommu->flush.flush_iotlb(iommu, did, addr | ih, mask,
1513 * In caching mode, changes of pages from non-present to present require
1514 * flush. However, device IOTLB doesn't need to be flushed in this case.
1516 if (!cap_caching_mode(iommu->cap) || !map)
1517 iommu_flush_dev_iotlb(get_iommu_domain(iommu, did),
1521 static void iommu_disable_protect_mem_regions(struct intel_iommu *iommu)
1524 unsigned long flags;
1526 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1527 pmen = readl(iommu->reg + DMAR_PMEN_REG);
1528 pmen &= ~DMA_PMEN_EPM;
1529 writel(pmen, iommu->reg + DMAR_PMEN_REG);
1531 /* wait for the protected region status bit to clear */
1532 IOMMU_WAIT_OP(iommu, DMAR_PMEN_REG,
1533 readl, !(pmen & DMA_PMEN_PRS), pmen);
1535 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1538 static void iommu_enable_translation(struct intel_iommu *iommu)
1541 unsigned long flags;
1543 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1544 iommu->gcmd |= DMA_GCMD_TE;
1545 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1547 /* Make sure hardware complete it */
1548 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1549 readl, (sts & DMA_GSTS_TES), sts);
1551 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1554 static void iommu_disable_translation(struct intel_iommu *iommu)
1559 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1560 iommu->gcmd &= ~DMA_GCMD_TE;
1561 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1563 /* Make sure hardware complete it */
1564 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1565 readl, (!(sts & DMA_GSTS_TES)), sts);
1567 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1571 static int iommu_init_domains(struct intel_iommu *iommu)
1573 u32 ndomains, nlongs;
1576 ndomains = cap_ndoms(iommu->cap);
1577 pr_debug("%s: Number of Domains supported <%d>\n",
1578 iommu->name, ndomains);
1579 nlongs = BITS_TO_LONGS(ndomains);
1581 spin_lock_init(&iommu->lock);
1583 iommu->domain_ids = kcalloc(nlongs, sizeof(unsigned long), GFP_KERNEL);
1584 if (!iommu->domain_ids) {
1585 pr_err("%s: Allocating domain id array failed\n",
1590 size = ((ndomains >> 8) + 1) * sizeof(struct dmar_domain **);
1591 iommu->domains = kzalloc(size, GFP_KERNEL);
1593 if (iommu->domains) {
1594 size = 256 * sizeof(struct dmar_domain *);
1595 iommu->domains[0] = kzalloc(size, GFP_KERNEL);
1598 if (!iommu->domains || !iommu->domains[0]) {
1599 pr_err("%s: Allocating domain array failed\n",
1601 kfree(iommu->domain_ids);
1602 kfree(iommu->domains);
1603 iommu->domain_ids = NULL;
1604 iommu->domains = NULL;
1611 * If Caching mode is set, then invalid translations are tagged
1612 * with domain-id 0, hence we need to pre-allocate it. We also
1613 * use domain-id 0 as a marker for non-allocated domain-id, so
1614 * make sure it is not used for a real domain.
1616 set_bit(0, iommu->domain_ids);
1621 static void disable_dmar_iommu(struct intel_iommu *iommu)
1623 struct device_domain_info *info, *tmp;
1624 unsigned long flags;
1626 if (!iommu->domains || !iommu->domain_ids)
1629 spin_lock_irqsave(&device_domain_lock, flags);
1630 list_for_each_entry_safe(info, tmp, &device_domain_list, global) {
1631 struct dmar_domain *domain;
1633 if (info->iommu != iommu)
1636 if (!info->dev || !info->domain)
1639 domain = info->domain;
1641 dmar_remove_one_dev_info(domain, info->dev);
1643 if (!domain_type_is_vm_or_si(domain))
1644 domain_exit(domain);
1646 spin_unlock_irqrestore(&device_domain_lock, flags);
1648 if (iommu->gcmd & DMA_GCMD_TE)
1649 iommu_disable_translation(iommu);
1652 static void free_dmar_iommu(struct intel_iommu *iommu)
1654 if ((iommu->domains) && (iommu->domain_ids)) {
1655 int elems = (cap_ndoms(iommu->cap) >> 8) + 1;
1658 for (i = 0; i < elems; i++)
1659 kfree(iommu->domains[i]);
1660 kfree(iommu->domains);
1661 kfree(iommu->domain_ids);
1662 iommu->domains = NULL;
1663 iommu->domain_ids = NULL;
1666 g_iommus[iommu->seq_id] = NULL;
1668 /* free context mapping */
1669 free_context_table(iommu);
1672 static struct dmar_domain *alloc_domain(int flags)
1674 struct dmar_domain *domain;
1676 domain = alloc_domain_mem();
1680 memset(domain, 0, sizeof(*domain));
1682 domain->flags = flags;
1683 INIT_LIST_HEAD(&domain->devices);
1688 /* Must be called with iommu->lock */
1689 static int domain_attach_iommu(struct dmar_domain *domain,
1690 struct intel_iommu *iommu)
1692 unsigned long ndomains;
1695 assert_spin_locked(&device_domain_lock);
1696 assert_spin_locked(&iommu->lock);
1698 domain->iommu_refcnt[iommu->seq_id] += 1;
1699 domain->iommu_count += 1;
1700 if (domain->iommu_refcnt[iommu->seq_id] == 1) {
1701 ndomains = cap_ndoms(iommu->cap);
1702 num = find_first_zero_bit(iommu->domain_ids, ndomains);
1704 if (num >= ndomains) {
1705 pr_err("%s: No free domain ids\n", iommu->name);
1706 domain->iommu_refcnt[iommu->seq_id] -= 1;
1707 domain->iommu_count -= 1;
1711 set_bit(num, iommu->domain_ids);
1712 set_iommu_domain(iommu, num, domain);
1714 domain->iommu_did[iommu->seq_id] = num;
1715 domain->nid = iommu->node;
1717 domain_update_iommu_cap(domain);
1723 static int domain_detach_iommu(struct dmar_domain *domain,
1724 struct intel_iommu *iommu)
1726 int num, count = INT_MAX;
1728 assert_spin_locked(&device_domain_lock);
1729 assert_spin_locked(&iommu->lock);
1731 domain->iommu_refcnt[iommu->seq_id] -= 1;
1732 count = --domain->iommu_count;
1733 if (domain->iommu_refcnt[iommu->seq_id] == 0) {
1734 num = domain->iommu_did[iommu->seq_id];
1735 clear_bit(num, iommu->domain_ids);
1736 set_iommu_domain(iommu, num, NULL);
1738 domain_update_iommu_cap(domain);
1739 domain->iommu_did[iommu->seq_id] = 0;
1745 static struct iova_domain reserved_iova_list;
1746 static struct lock_class_key reserved_rbtree_key;
1748 static int dmar_init_reserved_ranges(void)
1750 struct pci_dev *pdev = NULL;
1754 init_iova_domain(&reserved_iova_list, VTD_PAGE_SIZE, IOVA_START_PFN,
1757 lockdep_set_class(&reserved_iova_list.iova_rbtree_lock,
1758 &reserved_rbtree_key);
1760 /* IOAPIC ranges shouldn't be accessed by DMA */
1761 iova = reserve_iova(&reserved_iova_list, IOVA_PFN(IOAPIC_RANGE_START),
1762 IOVA_PFN(IOAPIC_RANGE_END));
1764 pr_err("Reserve IOAPIC range failed\n");
1768 /* Reserve all PCI MMIO to avoid peer-to-peer access */
1769 for_each_pci_dev(pdev) {
1772 for (i = 0; i < PCI_NUM_RESOURCES; i++) {
1773 r = &pdev->resource[i];
1774 if (!r->flags || !(r->flags & IORESOURCE_MEM))
1776 iova = reserve_iova(&reserved_iova_list,
1780 pr_err("Reserve iova failed\n");
1788 static void domain_reserve_special_ranges(struct dmar_domain *domain)
1790 copy_reserved_iova(&reserved_iova_list, &domain->iovad);
1793 static inline int guestwidth_to_adjustwidth(int gaw)
1796 int r = (gaw - 12) % 9;
1807 static int domain_init(struct dmar_domain *domain, struct intel_iommu *iommu,
1810 int adjust_width, agaw;
1811 unsigned long sagaw;
1813 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
1815 domain_reserve_special_ranges(domain);
1817 /* calculate AGAW */
1818 if (guest_width > cap_mgaw(iommu->cap))
1819 guest_width = cap_mgaw(iommu->cap);
1820 domain->gaw = guest_width;
1821 adjust_width = guestwidth_to_adjustwidth(guest_width);
1822 agaw = width_to_agaw(adjust_width);
1823 sagaw = cap_sagaw(iommu->cap);
1824 if (!test_bit(agaw, &sagaw)) {
1825 /* hardware doesn't support it, choose a bigger one */
1826 pr_debug("Hardware doesn't support agaw %d\n", agaw);
1827 agaw = find_next_bit(&sagaw, 5, agaw);
1831 domain->agaw = agaw;
1833 if (ecap_coherent(iommu->ecap))
1834 domain->iommu_coherency = 1;
1836 domain->iommu_coherency = 0;
1838 if (ecap_sc_support(iommu->ecap))
1839 domain->iommu_snooping = 1;
1841 domain->iommu_snooping = 0;
1843 if (intel_iommu_superpage)
1844 domain->iommu_superpage = fls(cap_super_page_val(iommu->cap));
1846 domain->iommu_superpage = 0;
1848 domain->nid = iommu->node;
1850 /* always allocate the top pgd */
1851 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
1854 __iommu_flush_cache(iommu, domain->pgd, PAGE_SIZE);
1858 static void domain_exit(struct dmar_domain *domain)
1860 struct page *freelist = NULL;
1862 /* Domain 0 is reserved, so dont process it */
1866 /* Flush any lazy unmaps that may reference this domain */
1867 if (!intel_iommu_strict)
1868 flush_unmaps_timeout(0);
1870 /* Remove associated devices and clear attached or cached domains */
1872 domain_remove_dev_info(domain);
1876 put_iova_domain(&domain->iovad);
1878 freelist = domain_unmap(domain, 0, DOMAIN_MAX_PFN(domain->gaw));
1880 dma_free_pagelist(freelist);
1882 free_domain_mem(domain);
1885 static int domain_context_mapping_one(struct dmar_domain *domain,
1886 struct intel_iommu *iommu,
1889 u16 did = domain->iommu_did[iommu->seq_id];
1890 int translation = CONTEXT_TT_MULTI_LEVEL;
1891 struct device_domain_info *info = NULL;
1892 struct context_entry *context;
1893 unsigned long flags;
1894 struct dma_pte *pgd;
1899 if (hw_pass_through && domain_type_is_si(domain))
1900 translation = CONTEXT_TT_PASS_THROUGH;
1902 pr_debug("Set context mapping for %02x:%02x.%d\n",
1903 bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
1905 BUG_ON(!domain->pgd);
1907 spin_lock_irqsave(&device_domain_lock, flags);
1908 spin_lock(&iommu->lock);
1911 context = iommu_context_addr(iommu, bus, devfn, 1);
1916 if (context_present(context))
1921 context_clear_entry(context);
1922 context_set_domain_id(context, did);
1925 * Skip top levels of page tables for iommu which has less agaw
1926 * than default. Unnecessary for PT mode.
1928 if (translation != CONTEXT_TT_PASS_THROUGH) {
1929 for (agaw = domain->agaw; agaw != iommu->agaw; agaw--) {
1931 pgd = phys_to_virt(dma_pte_addr(pgd));
1932 if (!dma_pte_present(pgd))
1936 info = iommu_support_dev_iotlb(domain, iommu, bus, devfn);
1937 translation = info ? CONTEXT_TT_DEV_IOTLB :
1938 CONTEXT_TT_MULTI_LEVEL;
1940 context_set_address_root(context, virt_to_phys(pgd));
1941 context_set_address_width(context, iommu->agaw);
1944 * In pass through mode, AW must be programmed to
1945 * indicate the largest AGAW value supported by
1946 * hardware. And ASR is ignored by hardware.
1948 context_set_address_width(context, iommu->msagaw);
1951 context_set_translation_type(context, translation);
1952 context_set_fault_enable(context);
1953 context_set_present(context);
1954 domain_flush_cache(domain, context, sizeof(*context));
1957 * It's a non-present to present mapping. If hardware doesn't cache
1958 * non-present entry we only need to flush the write-buffer. If the
1959 * _does_ cache non-present entries, then it does so in the special
1960 * domain #0, which we have to flush:
1962 if (cap_caching_mode(iommu->cap)) {
1963 iommu->flush.flush_context(iommu, 0,
1964 (((u16)bus) << 8) | devfn,
1965 DMA_CCMD_MASK_NOBIT,
1966 DMA_CCMD_DEVICE_INVL);
1967 iommu->flush.flush_iotlb(iommu, did, 0, 0, DMA_TLB_DSI_FLUSH);
1969 iommu_flush_write_buffer(iommu);
1971 iommu_enable_dev_iotlb(info);
1976 spin_unlock(&iommu->lock);
1977 spin_unlock_irqrestore(&device_domain_lock, flags);
1982 struct domain_context_mapping_data {
1983 struct dmar_domain *domain;
1984 struct intel_iommu *iommu;
1987 static int domain_context_mapping_cb(struct pci_dev *pdev,
1988 u16 alias, void *opaque)
1990 struct domain_context_mapping_data *data = opaque;
1992 return domain_context_mapping_one(data->domain, data->iommu,
1993 PCI_BUS_NUM(alias), alias & 0xff);
1997 domain_context_mapping(struct dmar_domain *domain, struct device *dev)
1999 struct intel_iommu *iommu;
2001 struct domain_context_mapping_data data;
2003 iommu = device_to_iommu(dev, &bus, &devfn);
2007 if (!dev_is_pci(dev))
2008 return domain_context_mapping_one(domain, iommu, bus, devfn);
2010 data.domain = domain;
2013 return pci_for_each_dma_alias(to_pci_dev(dev),
2014 &domain_context_mapping_cb, &data);
2017 static int domain_context_mapped_cb(struct pci_dev *pdev,
2018 u16 alias, void *opaque)
2020 struct intel_iommu *iommu = opaque;
2022 return !device_context_mapped(iommu, PCI_BUS_NUM(alias), alias & 0xff);
2025 static int domain_context_mapped(struct device *dev)
2027 struct intel_iommu *iommu;
2030 iommu = device_to_iommu(dev, &bus, &devfn);
2034 if (!dev_is_pci(dev))
2035 return device_context_mapped(iommu, bus, devfn);
2037 return !pci_for_each_dma_alias(to_pci_dev(dev),
2038 domain_context_mapped_cb, iommu);
2041 /* Returns a number of VTD pages, but aligned to MM page size */
2042 static inline unsigned long aligned_nrpages(unsigned long host_addr,
2045 host_addr &= ~PAGE_MASK;
2046 return PAGE_ALIGN(host_addr + size) >> VTD_PAGE_SHIFT;
2049 /* Return largest possible superpage level for a given mapping */
2050 static inline int hardware_largepage_caps(struct dmar_domain *domain,
2051 unsigned long iov_pfn,
2052 unsigned long phy_pfn,
2053 unsigned long pages)
2055 int support, level = 1;
2056 unsigned long pfnmerge;
2058 support = domain->iommu_superpage;
2060 /* To use a large page, the virtual *and* physical addresses
2061 must be aligned to 2MiB/1GiB/etc. Lower bits set in either
2062 of them will mean we have to use smaller pages. So just
2063 merge them and check both at once. */
2064 pfnmerge = iov_pfn | phy_pfn;
2066 while (support && !(pfnmerge & ~VTD_STRIDE_MASK)) {
2067 pages >>= VTD_STRIDE_SHIFT;
2070 pfnmerge >>= VTD_STRIDE_SHIFT;
2077 static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2078 struct scatterlist *sg, unsigned long phys_pfn,
2079 unsigned long nr_pages, int prot)
2081 struct dma_pte *first_pte = NULL, *pte = NULL;
2082 phys_addr_t uninitialized_var(pteval);
2083 unsigned long sg_res = 0;
2084 unsigned int largepage_lvl = 0;
2085 unsigned long lvl_pages = 0;
2087 BUG_ON(!domain_pfn_supported(domain, iov_pfn + nr_pages - 1));
2089 if ((prot & (DMA_PTE_READ|DMA_PTE_WRITE)) == 0)
2092 prot &= DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP;
2096 pteval = ((phys_addr_t)phys_pfn << VTD_PAGE_SHIFT) | prot;
2099 while (nr_pages > 0) {
2103 sg_res = aligned_nrpages(sg->offset, sg->length);
2104 sg->dma_address = ((dma_addr_t)iov_pfn << VTD_PAGE_SHIFT) + sg->offset;
2105 sg->dma_length = sg->length;
2106 pteval = (sg_phys(sg) & PAGE_MASK) | prot;
2107 phys_pfn = pteval >> VTD_PAGE_SHIFT;
2111 largepage_lvl = hardware_largepage_caps(domain, iov_pfn, phys_pfn, sg_res);
2113 first_pte = pte = pfn_to_dma_pte(domain, iov_pfn, &largepage_lvl);
2116 /* It is large page*/
2117 if (largepage_lvl > 1) {
2118 unsigned long nr_superpages, end_pfn;
2120 pteval |= DMA_PTE_LARGE_PAGE;
2121 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2123 nr_superpages = sg_res / lvl_pages;
2124 end_pfn = iov_pfn + nr_superpages * lvl_pages - 1;
2127 * Ensure that old small page tables are
2128 * removed to make room for superpage(s).
2130 dma_pte_free_pagetable(domain, iov_pfn, end_pfn);
2132 pteval &= ~(uint64_t)DMA_PTE_LARGE_PAGE;
2136 /* We don't need lock here, nobody else
2137 * touches the iova range
2139 tmp = cmpxchg64_local(&pte->val, 0ULL, pteval);
2141 static int dumps = 5;
2142 pr_crit("ERROR: DMA PTE for vPFN 0x%lx already set (to %llx not %llx)\n",
2143 iov_pfn, tmp, (unsigned long long)pteval);
2146 debug_dma_dump_mappings(NULL);
2151 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2153 BUG_ON(nr_pages < lvl_pages);
2154 BUG_ON(sg_res < lvl_pages);
2156 nr_pages -= lvl_pages;
2157 iov_pfn += lvl_pages;
2158 phys_pfn += lvl_pages;
2159 pteval += lvl_pages * VTD_PAGE_SIZE;
2160 sg_res -= lvl_pages;
2162 /* If the next PTE would be the first in a new page, then we
2163 need to flush the cache on the entries we've just written.
2164 And then we'll need to recalculate 'pte', so clear it and
2165 let it get set again in the if (!pte) block above.
2167 If we're done (!nr_pages) we need to flush the cache too.
2169 Also if we've been setting superpages, we may need to
2170 recalculate 'pte' and switch back to smaller pages for the
2171 end of the mapping, if the trailing size is not enough to
2172 use another superpage (i.e. sg_res < lvl_pages). */
2174 if (!nr_pages || first_pte_in_page(pte) ||
2175 (largepage_lvl > 1 && sg_res < lvl_pages)) {
2176 domain_flush_cache(domain, first_pte,
2177 (void *)pte - (void *)first_pte);
2181 if (!sg_res && nr_pages)
2187 static inline int domain_sg_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2188 struct scatterlist *sg, unsigned long nr_pages,
2191 return __domain_mapping(domain, iov_pfn, sg, 0, nr_pages, prot);
2194 static inline int domain_pfn_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2195 unsigned long phys_pfn, unsigned long nr_pages,
2198 return __domain_mapping(domain, iov_pfn, NULL, phys_pfn, nr_pages, prot);
2201 static void domain_context_clear_one(struct intel_iommu *iommu, u8 bus, u8 devfn)
2206 clear_context_table(iommu, bus, devfn);
2207 iommu->flush.flush_context(iommu, 0, 0, 0,
2208 DMA_CCMD_GLOBAL_INVL);
2209 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
2212 static inline void unlink_domain_info(struct device_domain_info *info)
2214 assert_spin_locked(&device_domain_lock);
2215 list_del(&info->link);
2216 list_del(&info->global);
2218 info->dev->archdata.iommu = NULL;
2221 static void domain_remove_dev_info(struct dmar_domain *domain)
2223 struct device_domain_info *info, *tmp;
2224 unsigned long flags;
2226 spin_lock_irqsave(&device_domain_lock, flags);
2227 list_for_each_entry_safe(info, tmp, &domain->devices, link)
2228 __dmar_remove_one_dev_info(info);
2229 spin_unlock_irqrestore(&device_domain_lock, flags);
2234 * Note: we use struct device->archdata.iommu stores the info
2236 static struct dmar_domain *find_domain(struct device *dev)
2238 struct device_domain_info *info;
2240 /* No lock here, assumes no domain exit in normal case */
2241 info = dev->archdata.iommu;
2243 return info->domain;
2247 static inline struct device_domain_info *
2248 dmar_search_domain_by_dev_info(int segment, int bus, int devfn)
2250 struct device_domain_info *info;
2252 list_for_each_entry(info, &device_domain_list, global)
2253 if (info->iommu->segment == segment && info->bus == bus &&
2254 info->devfn == devfn)
2260 static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu,
2263 struct dmar_domain *domain)
2265 struct dmar_domain *found = NULL;
2266 struct device_domain_info *info;
2267 unsigned long flags;
2270 info = alloc_devinfo_mem();
2275 info->devfn = devfn;
2276 info->ats.enabled = 0;
2279 info->domain = domain;
2280 info->iommu = iommu;
2282 spin_lock_irqsave(&device_domain_lock, flags);
2284 found = find_domain(dev);
2287 struct device_domain_info *info2;
2288 info2 = dmar_search_domain_by_dev_info(iommu->segment, bus, devfn);
2290 found = info2->domain;
2296 spin_unlock_irqrestore(&device_domain_lock, flags);
2297 free_devinfo_mem(info);
2298 /* Caller must free the original domain */
2302 spin_lock(&iommu->lock);
2303 ret = domain_attach_iommu(domain, iommu);
2304 spin_unlock(&iommu->lock);
2307 spin_unlock_irqrestore(&device_domain_lock, flags);
2311 list_add(&info->link, &domain->devices);
2312 list_add(&info->global, &device_domain_list);
2314 dev->archdata.iommu = info;
2315 spin_unlock_irqrestore(&device_domain_lock, flags);
2317 if (dev && domain_context_mapping(domain, dev)) {
2318 pr_err("Domain context map for %s failed\n", dev_name(dev));
2319 dmar_remove_one_dev_info(domain, dev);
2326 static int get_last_alias(struct pci_dev *pdev, u16 alias, void *opaque)
2328 *(u16 *)opaque = alias;
2332 /* domain is initialized */
2333 static struct dmar_domain *get_domain_for_dev(struct device *dev, int gaw)
2335 struct device_domain_info *info = NULL;
2336 struct dmar_domain *domain, *tmp;
2337 struct intel_iommu *iommu;
2338 u16 req_id, dma_alias;
2339 unsigned long flags;
2342 domain = find_domain(dev);
2346 iommu = device_to_iommu(dev, &bus, &devfn);
2350 req_id = ((u16)bus << 8) | devfn;
2352 if (dev_is_pci(dev)) {
2353 struct pci_dev *pdev = to_pci_dev(dev);
2355 pci_for_each_dma_alias(pdev, get_last_alias, &dma_alias);
2357 spin_lock_irqsave(&device_domain_lock, flags);
2358 info = dmar_search_domain_by_dev_info(pci_domain_nr(pdev->bus),
2359 PCI_BUS_NUM(dma_alias),
2362 iommu = info->iommu;
2363 domain = info->domain;
2365 spin_unlock_irqrestore(&device_domain_lock, flags);
2367 /* DMA alias already has a domain, uses it */
2372 /* Allocate and initialize new domain for the device */
2373 domain = alloc_domain(0);
2376 if (domain_init(domain, iommu, gaw)) {
2377 domain_exit(domain);
2381 /* register PCI DMA alias device */
2382 if (req_id != dma_alias && dev_is_pci(dev)) {
2383 tmp = dmar_insert_one_dev_info(iommu, PCI_BUS_NUM(dma_alias),
2384 dma_alias & 0xff, NULL, domain);
2386 if (!tmp || tmp != domain) {
2387 domain_exit(domain);
2396 tmp = dmar_insert_one_dev_info(iommu, bus, devfn, dev, domain);
2398 if (!tmp || tmp != domain) {
2399 domain_exit(domain);
2406 static int iommu_identity_mapping;
2407 #define IDENTMAP_ALL 1
2408 #define IDENTMAP_GFX 2
2409 #define IDENTMAP_AZALIA 4
2411 static int iommu_domain_identity_map(struct dmar_domain *domain,
2412 unsigned long long start,
2413 unsigned long long end)
2415 unsigned long first_vpfn = start >> VTD_PAGE_SHIFT;
2416 unsigned long last_vpfn = end >> VTD_PAGE_SHIFT;
2418 if (!reserve_iova(&domain->iovad, dma_to_mm_pfn(first_vpfn),
2419 dma_to_mm_pfn(last_vpfn))) {
2420 pr_err("Reserving iova failed\n");
2424 pr_debug("Mapping reserved region %llx-%llx\n", start, end);
2426 * RMRR range might have overlap with physical memory range,
2429 dma_pte_clear_range(domain, first_vpfn, last_vpfn);
2431 return domain_pfn_mapping(domain, first_vpfn, first_vpfn,
2432 last_vpfn - first_vpfn + 1,
2433 DMA_PTE_READ|DMA_PTE_WRITE);
2436 static int iommu_prepare_identity_map(struct device *dev,
2437 unsigned long long start,
2438 unsigned long long end)
2440 struct dmar_domain *domain;
2443 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
2447 /* For _hardware_ passthrough, don't bother. But for software
2448 passthrough, we do it anyway -- it may indicate a memory
2449 range which is reserved in E820, so which didn't get set
2450 up to start with in si_domain */
2451 if (domain == si_domain && hw_pass_through) {
2452 pr_warn("Ignoring identity map for HW passthrough device %s [0x%Lx - 0x%Lx]\n",
2453 dev_name(dev), start, end);
2457 pr_info("Setting identity map for device %s [0x%Lx - 0x%Lx]\n",
2458 dev_name(dev), start, end);
2461 WARN(1, "Your BIOS is broken; RMRR ends before it starts!\n"
2462 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2463 dmi_get_system_info(DMI_BIOS_VENDOR),
2464 dmi_get_system_info(DMI_BIOS_VERSION),
2465 dmi_get_system_info(DMI_PRODUCT_VERSION));
2470 if (end >> agaw_to_width(domain->agaw)) {
2471 WARN(1, "Your BIOS is broken; RMRR exceeds permitted address width (%d bits)\n"
2472 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2473 agaw_to_width(domain->agaw),
2474 dmi_get_system_info(DMI_BIOS_VENDOR),
2475 dmi_get_system_info(DMI_BIOS_VERSION),
2476 dmi_get_system_info(DMI_PRODUCT_VERSION));
2481 ret = iommu_domain_identity_map(domain, start, end);
2488 domain_exit(domain);
2492 static inline int iommu_prepare_rmrr_dev(struct dmar_rmrr_unit *rmrr,
2495 if (dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO)
2497 return iommu_prepare_identity_map(dev, rmrr->base_address,
2501 #ifdef CONFIG_INTEL_IOMMU_FLOPPY_WA
2502 static inline void iommu_prepare_isa(void)
2504 struct pci_dev *pdev;
2507 pdev = pci_get_class(PCI_CLASS_BRIDGE_ISA << 8, NULL);
2511 pr_info("Prepare 0-16MiB unity mapping for LPC\n");
2512 ret = iommu_prepare_identity_map(&pdev->dev, 0, 16*1024*1024 - 1);
2515 pr_err("Failed to create 0-16MiB identity map - floppy might not work\n");
2520 static inline void iommu_prepare_isa(void)
2524 #endif /* !CONFIG_INTEL_IOMMU_FLPY_WA */
2526 static int md_domain_init(struct dmar_domain *domain, int guest_width);
2528 static int __init si_domain_init(int hw)
2532 si_domain = alloc_domain(DOMAIN_FLAG_STATIC_IDENTITY);
2536 if (md_domain_init(si_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
2537 domain_exit(si_domain);
2541 pr_debug("Identity mapping domain allocated\n");
2546 for_each_online_node(nid) {
2547 unsigned long start_pfn, end_pfn;
2550 for_each_mem_pfn_range(i, nid, &start_pfn, &end_pfn, NULL) {
2551 ret = iommu_domain_identity_map(si_domain,
2552 PFN_PHYS(start_pfn), PFN_PHYS(end_pfn));
2561 static int identity_mapping(struct device *dev)
2563 struct device_domain_info *info;
2565 if (likely(!iommu_identity_mapping))
2568 info = dev->archdata.iommu;
2569 if (info && info != DUMMY_DEVICE_DOMAIN_INFO)
2570 return (info->domain == si_domain);
2575 static int domain_add_dev_info(struct dmar_domain *domain, struct device *dev)
2577 struct dmar_domain *ndomain;
2578 struct intel_iommu *iommu;
2581 iommu = device_to_iommu(dev, &bus, &devfn);
2585 ndomain = dmar_insert_one_dev_info(iommu, bus, devfn, dev, domain);
2586 if (ndomain != domain)
2592 static bool device_has_rmrr(struct device *dev)
2594 struct dmar_rmrr_unit *rmrr;
2599 for_each_rmrr_units(rmrr) {
2601 * Return TRUE if this RMRR contains the device that
2604 for_each_active_dev_scope(rmrr->devices,
2605 rmrr->devices_cnt, i, tmp)
2616 * There are a couple cases where we need to restrict the functionality of
2617 * devices associated with RMRRs. The first is when evaluating a device for
2618 * identity mapping because problems exist when devices are moved in and out
2619 * of domains and their respective RMRR information is lost. This means that
2620 * a device with associated RMRRs will never be in a "passthrough" domain.
2621 * The second is use of the device through the IOMMU API. This interface
2622 * expects to have full control of the IOVA space for the device. We cannot
2623 * satisfy both the requirement that RMRR access is maintained and have an
2624 * unencumbered IOVA space. We also have no ability to quiesce the device's
2625 * use of the RMRR space or even inform the IOMMU API user of the restriction.
2626 * We therefore prevent devices associated with an RMRR from participating in
2627 * the IOMMU API, which eliminates them from device assignment.
2629 * In both cases we assume that PCI USB devices with RMRRs have them largely
2630 * for historical reasons and that the RMRR space is not actively used post
2631 * boot. This exclusion may change if vendors begin to abuse it.
2633 * The same exception is made for graphics devices, with the requirement that
2634 * any use of the RMRR regions will be torn down before assigning the device
2637 static bool device_is_rmrr_locked(struct device *dev)
2639 if (!device_has_rmrr(dev))
2642 if (dev_is_pci(dev)) {
2643 struct pci_dev *pdev = to_pci_dev(dev);
2645 if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
2652 static int iommu_should_identity_map(struct device *dev, int startup)
2655 if (dev_is_pci(dev)) {
2656 struct pci_dev *pdev = to_pci_dev(dev);
2658 if (device_is_rmrr_locked(dev))
2661 if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev))
2664 if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev))
2667 if (!(iommu_identity_mapping & IDENTMAP_ALL))
2671 * We want to start off with all devices in the 1:1 domain, and
2672 * take them out later if we find they can't access all of memory.
2674 * However, we can't do this for PCI devices behind bridges,
2675 * because all PCI devices behind the same bridge will end up
2676 * with the same source-id on their transactions.
2678 * Practically speaking, we can't change things around for these
2679 * devices at run-time, because we can't be sure there'll be no
2680 * DMA transactions in flight for any of their siblings.
2682 * So PCI devices (unless they're on the root bus) as well as
2683 * their parent PCI-PCI or PCIe-PCI bridges must be left _out_ of
2684 * the 1:1 domain, just in _case_ one of their siblings turns out
2685 * not to be able to map all of memory.
2687 if (!pci_is_pcie(pdev)) {
2688 if (!pci_is_root_bus(pdev->bus))
2690 if (pdev->class >> 8 == PCI_CLASS_BRIDGE_PCI)
2692 } else if (pci_pcie_type(pdev) == PCI_EXP_TYPE_PCI_BRIDGE)
2695 if (device_has_rmrr(dev))
2700 * At boot time, we don't yet know if devices will be 64-bit capable.
2701 * Assume that they will — if they turn out not to be, then we can
2702 * take them out of the 1:1 domain later.
2706 * If the device's dma_mask is less than the system's memory
2707 * size then this is not a candidate for identity mapping.
2709 u64 dma_mask = *dev->dma_mask;
2711 if (dev->coherent_dma_mask &&
2712 dev->coherent_dma_mask < dma_mask)
2713 dma_mask = dev->coherent_dma_mask;
2715 return dma_mask >= dma_get_required_mask(dev);
2721 static int __init dev_prepare_static_identity_mapping(struct device *dev, int hw)
2725 if (!iommu_should_identity_map(dev, 1))
2728 ret = domain_add_dev_info(si_domain, dev);
2730 pr_info("%s identity mapping for device %s\n",
2731 hw ? "Hardware" : "Software", dev_name(dev));
2732 else if (ret == -ENODEV)
2733 /* device not associated with an iommu */
2740 static int __init iommu_prepare_static_identity_mapping(int hw)
2742 struct pci_dev *pdev = NULL;
2743 struct dmar_drhd_unit *drhd;
2744 struct intel_iommu *iommu;
2749 for_each_pci_dev(pdev) {
2750 ret = dev_prepare_static_identity_mapping(&pdev->dev, hw);
2755 for_each_active_iommu(iommu, drhd)
2756 for_each_active_dev_scope(drhd->devices, drhd->devices_cnt, i, dev) {
2757 struct acpi_device_physical_node *pn;
2758 struct acpi_device *adev;
2760 if (dev->bus != &acpi_bus_type)
2763 adev= to_acpi_device(dev);
2764 mutex_lock(&adev->physical_node_lock);
2765 list_for_each_entry(pn, &adev->physical_node_list, node) {
2766 ret = dev_prepare_static_identity_mapping(pn->dev, hw);
2770 mutex_unlock(&adev->physical_node_lock);
2778 static void intel_iommu_init_qi(struct intel_iommu *iommu)
2781 * Start from the sane iommu hardware state.
2782 * If the queued invalidation is already initialized by us
2783 * (for example, while enabling interrupt-remapping) then
2784 * we got the things already rolling from a sane state.
2788 * Clear any previous faults.
2790 dmar_fault(-1, iommu);
2792 * Disable queued invalidation if supported and already enabled
2793 * before OS handover.
2795 dmar_disable_qi(iommu);
2798 if (dmar_enable_qi(iommu)) {
2800 * Queued Invalidate not enabled, use Register Based Invalidate
2802 iommu->flush.flush_context = __iommu_flush_context;
2803 iommu->flush.flush_iotlb = __iommu_flush_iotlb;
2804 pr_info("%s: Using Register based invalidation\n",
2807 iommu->flush.flush_context = qi_flush_context;
2808 iommu->flush.flush_iotlb = qi_flush_iotlb;
2809 pr_info("%s: Using Queued invalidation\n", iommu->name);
2813 static int copy_context_table(struct intel_iommu *iommu,
2814 struct root_entry __iomem *old_re,
2815 struct context_entry **tbl,
2818 int tbl_idx, pos = 0, idx, devfn, ret = 0, did;
2819 struct context_entry __iomem *old_ce = NULL;
2820 struct context_entry *new_ce = NULL, ce;
2821 struct root_entry re;
2822 phys_addr_t old_ce_phys;
2824 tbl_idx = ext ? bus * 2 : bus;
2825 memcpy_fromio(&re, old_re, sizeof(re));
2827 for (devfn = 0; devfn < 256; devfn++) {
2828 /* First calculate the correct index */
2829 idx = (ext ? devfn * 2 : devfn) % 256;
2832 /* First save what we may have and clean up */
2834 tbl[tbl_idx] = new_ce;
2835 __iommu_flush_cache(iommu, new_ce,
2845 old_ce_phys = root_entry_lctp(&re);
2847 old_ce_phys = root_entry_uctp(&re);
2850 if (ext && devfn == 0) {
2851 /* No LCTP, try UCTP */
2860 old_ce = ioremap_cache(old_ce_phys, PAGE_SIZE);
2864 new_ce = alloc_pgtable_page(iommu->node);
2871 /* Now copy the context entry */
2872 memcpy_fromio(&ce, old_ce + idx, sizeof(ce));
2874 if (!__context_present(&ce))
2877 did = context_domain_id(&ce);
2878 if (did >= 0 && did < cap_ndoms(iommu->cap))
2879 set_bit(did, iommu->domain_ids);
2882 * We need a marker for copied context entries. This
2883 * marker needs to work for the old format as well as
2884 * for extended context entries.
2886 * Bit 67 of the context entry is used. In the old
2887 * format this bit is available to software, in the
2888 * extended format it is the PGE bit, but PGE is ignored
2889 * by HW if PASIDs are disabled (and thus still
2892 * So disable PASIDs first and then mark the entry
2893 * copied. This means that we don't copy PASID
2894 * translations from the old kernel, but this is fine as
2895 * faults there are not fatal.
2897 context_clear_pasid_enable(&ce);
2898 context_set_copied(&ce);
2903 tbl[tbl_idx + pos] = new_ce;
2905 __iommu_flush_cache(iommu, new_ce, VTD_PAGE_SIZE);
2914 static int copy_translation_tables(struct intel_iommu *iommu)
2916 struct root_entry __iomem *old_rt;
2917 struct context_entry **ctxt_tbls;
2918 phys_addr_t old_rt_phys;
2919 int ctxt_table_entries;
2920 unsigned long flags;
2925 rtaddr_reg = dmar_readq(iommu->reg + DMAR_RTADDR_REG);
2926 ext = !!(rtaddr_reg & DMA_RTADDR_RTT);
2927 new_ext = !!ecap_ecs(iommu->ecap);
2930 * The RTT bit can only be changed when translation is disabled,
2931 * but disabling translation means to open a window for data
2932 * corruption. So bail out and don't copy anything if we would
2933 * have to change the bit.
2938 old_rt_phys = rtaddr_reg & VTD_PAGE_MASK;
2942 old_rt = ioremap_cache(old_rt_phys, PAGE_SIZE);
2946 /* This is too big for the stack - allocate it from slab */
2947 ctxt_table_entries = ext ? 512 : 256;
2949 ctxt_tbls = kzalloc(ctxt_table_entries * sizeof(void *), GFP_KERNEL);
2953 for (bus = 0; bus < 256; bus++) {
2954 ret = copy_context_table(iommu, &old_rt[bus],
2955 ctxt_tbls, bus, ext);
2957 pr_err("%s: Failed to copy context table for bus %d\n",
2963 spin_lock_irqsave(&iommu->lock, flags);
2965 /* Context tables are copied, now write them to the root_entry table */
2966 for (bus = 0; bus < 256; bus++) {
2967 int idx = ext ? bus * 2 : bus;
2970 if (ctxt_tbls[idx]) {
2971 val = virt_to_phys(ctxt_tbls[idx]) | 1;
2972 iommu->root_entry[bus].lo = val;
2975 if (!ext || !ctxt_tbls[idx + 1])
2978 val = virt_to_phys(ctxt_tbls[idx + 1]) | 1;
2979 iommu->root_entry[bus].hi = val;
2982 spin_unlock_irqrestore(&iommu->lock, flags);
2986 __iommu_flush_cache(iommu, iommu->root_entry, PAGE_SIZE);
2996 static int __init init_dmars(void)
2998 struct dmar_drhd_unit *drhd;
2999 struct dmar_rmrr_unit *rmrr;
3000 bool copied_tables = false;
3002 struct intel_iommu *iommu;
3008 * initialize and program root entry to not present
3011 for_each_drhd_unit(drhd) {
3013 * lock not needed as this is only incremented in the single
3014 * threaded kernel __init code path all other access are read
3017 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED) {
3021 pr_err_once("Exceeded %d IOMMUs\n", DMAR_UNITS_SUPPORTED);
3024 /* Preallocate enough resources for IOMMU hot-addition */
3025 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED)
3026 g_num_of_iommus = DMAR_UNITS_SUPPORTED;
3028 g_iommus = kcalloc(g_num_of_iommus, sizeof(struct intel_iommu *),
3031 pr_err("Allocating global iommu array failed\n");
3036 deferred_flush = kzalloc(g_num_of_iommus *
3037 sizeof(struct deferred_flush_tables), GFP_KERNEL);
3038 if (!deferred_flush) {
3043 for_each_active_iommu(iommu, drhd) {
3044 g_iommus[iommu->seq_id] = iommu;
3046 intel_iommu_init_qi(iommu);
3048 ret = iommu_init_domains(iommu);
3052 init_translation_status(iommu);
3054 if (translation_pre_enabled(iommu) && !is_kdump_kernel()) {
3055 iommu_disable_translation(iommu);
3056 clear_translation_pre_enabled(iommu);
3057 pr_warn("Translation was enabled for %s but we are not in kdump mode\n",
3063 * we could share the same root & context tables
3064 * among all IOMMU's. Need to Split it later.
3066 ret = iommu_alloc_root_entry(iommu);
3070 if (translation_pre_enabled(iommu)) {
3071 pr_info("Translation already enabled - trying to copy translation structures\n");
3073 ret = copy_translation_tables(iommu);
3076 * We found the IOMMU with translation
3077 * enabled - but failed to copy over the
3078 * old root-entry table. Try to proceed
3079 * by disabling translation now and
3080 * allocating a clean root-entry table.
3081 * This might cause DMAR faults, but
3082 * probably the dump will still succeed.
3084 pr_err("Failed to copy translation tables from previous kernel for %s\n",
3086 iommu_disable_translation(iommu);
3087 clear_translation_pre_enabled(iommu);
3089 pr_info("Copied translation tables from previous kernel for %s\n",
3091 copied_tables = true;
3095 iommu_flush_write_buffer(iommu);
3096 iommu_set_root_entry(iommu);
3097 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
3098 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3100 if (!ecap_pass_through(iommu->ecap))
3101 hw_pass_through = 0;
3104 if (iommu_pass_through)
3105 iommu_identity_mapping |= IDENTMAP_ALL;
3107 #ifdef CONFIG_INTEL_IOMMU_BROKEN_GFX_WA
3108 iommu_identity_mapping |= IDENTMAP_GFX;
3111 if (iommu_identity_mapping) {
3112 ret = si_domain_init(hw_pass_through);
3117 check_tylersburg_isoch();
3120 * If we copied translations from a previous kernel in the kdump
3121 * case, we can not assign the devices to domains now, as that
3122 * would eliminate the old mappings. So skip this part and defer
3123 * the assignment to device driver initialization time.
3129 * If pass through is not set or not enabled, setup context entries for
3130 * identity mappings for rmrr, gfx, and isa and may fall back to static
3131 * identity mapping if iommu_identity_mapping is set.
3133 if (iommu_identity_mapping) {
3134 ret = iommu_prepare_static_identity_mapping(hw_pass_through);
3136 pr_crit("Failed to setup IOMMU pass-through\n");
3142 * for each dev attached to rmrr
3144 * locate drhd for dev, alloc domain for dev
3145 * allocate free domain
3146 * allocate page table entries for rmrr
3147 * if context not allocated for bus
3148 * allocate and init context
3149 * set present in root table for this bus
3150 * init context with domain, translation etc
3154 pr_info("Setting RMRR:\n");
3155 for_each_rmrr_units(rmrr) {
3156 /* some BIOS lists non-exist devices in DMAR table. */
3157 for_each_active_dev_scope(rmrr->devices, rmrr->devices_cnt,
3159 ret = iommu_prepare_rmrr_dev(rmrr, dev);
3161 pr_err("Mapping reserved region failed\n");
3165 iommu_prepare_isa();
3172 * global invalidate context cache
3173 * global invalidate iotlb
3174 * enable translation
3176 for_each_iommu(iommu, drhd) {
3177 if (drhd->ignored) {
3179 * we always have to disable PMRs or DMA may fail on
3183 iommu_disable_protect_mem_regions(iommu);
3187 iommu_flush_write_buffer(iommu);
3189 ret = dmar_set_interrupt(iommu);
3193 if (!translation_pre_enabled(iommu))
3194 iommu_enable_translation(iommu);
3196 iommu_disable_protect_mem_regions(iommu);
3202 for_each_active_iommu(iommu, drhd) {
3203 disable_dmar_iommu(iommu);
3204 free_dmar_iommu(iommu);
3206 kfree(deferred_flush);
3213 /* This takes a number of _MM_ pages, not VTD pages */
3214 static struct iova *intel_alloc_iova(struct device *dev,
3215 struct dmar_domain *domain,
3216 unsigned long nrpages, uint64_t dma_mask)
3218 struct iova *iova = NULL;
3220 /* Restrict dma_mask to the width that the iommu can handle */
3221 dma_mask = min_t(uint64_t, DOMAIN_MAX_ADDR(domain->gaw), dma_mask);
3222 /* Ensure we reserve the whole size-aligned region */
3223 nrpages = __roundup_pow_of_two(nrpages);
3225 if (!dmar_forcedac && dma_mask > DMA_BIT_MASK(32)) {
3227 * First try to allocate an io virtual address in
3228 * DMA_BIT_MASK(32) and if that fails then try allocating
3231 iova = alloc_iova(&domain->iovad, nrpages,
3232 IOVA_PFN(DMA_BIT_MASK(32)), 1);
3236 iova = alloc_iova(&domain->iovad, nrpages, IOVA_PFN(dma_mask), 1);
3237 if (unlikely(!iova)) {
3238 pr_err("Allocating %ld-page iova for %s failed",
3239 nrpages, dev_name(dev));
3246 static struct dmar_domain *__get_valid_domain_for_dev(struct device *dev)
3248 struct dmar_domain *domain;
3250 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
3252 pr_err("Allocating domain for %s failed\n",
3260 static inline struct dmar_domain *get_valid_domain_for_dev(struct device *dev)
3262 struct device_domain_info *info;
3264 /* No lock here, assumes no domain exit in normal case */
3265 info = dev->archdata.iommu;
3267 return info->domain;
3269 return __get_valid_domain_for_dev(dev);
3272 /* Check if the dev needs to go through non-identity map and unmap process.*/
3273 static int iommu_no_mapping(struct device *dev)
3277 if (iommu_dummy(dev))
3280 if (!iommu_identity_mapping)
3283 found = identity_mapping(dev);
3285 if (iommu_should_identity_map(dev, 0))
3289 * 32 bit DMA is removed from si_domain and fall back
3290 * to non-identity mapping.
3292 dmar_remove_one_dev_info(si_domain, dev);
3293 pr_info("32bit %s uses non-identity mapping\n",
3299 * In case of a detached 64 bit DMA device from vm, the device
3300 * is put into si_domain for identity mapping.
3302 if (iommu_should_identity_map(dev, 0)) {
3304 ret = domain_add_dev_info(si_domain, dev);
3306 pr_info("64bit %s uses identity mapping\n",
3316 static dma_addr_t __intel_map_single(struct device *dev, phys_addr_t paddr,
3317 size_t size, int dir, u64 dma_mask)
3319 struct dmar_domain *domain;
3320 phys_addr_t start_paddr;
3324 struct intel_iommu *iommu;
3325 unsigned long paddr_pfn = paddr >> PAGE_SHIFT;
3327 BUG_ON(dir == DMA_NONE);
3329 if (iommu_no_mapping(dev))
3332 domain = get_valid_domain_for_dev(dev);
3336 iommu = domain_get_iommu(domain);
3337 size = aligned_nrpages(paddr, size);
3339 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size), dma_mask);
3344 * Check if DMAR supports zero-length reads on write only
3347 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3348 !cap_zlr(iommu->cap))
3349 prot |= DMA_PTE_READ;
3350 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3351 prot |= DMA_PTE_WRITE;
3353 * paddr - (paddr + size) might be partial page, we should map the whole
3354 * page. Note: if two part of one page are separately mapped, we
3355 * might have two guest_addr mapping to the same host paddr, but this
3356 * is not a big problem
3358 ret = domain_pfn_mapping(domain, mm_to_dma_pfn(iova->pfn_lo),
3359 mm_to_dma_pfn(paddr_pfn), size, prot);
3363 /* it's a non-present to present mapping. Only flush if caching mode */
3364 if (cap_caching_mode(iommu->cap))
3365 iommu_flush_iotlb_psi(iommu, domain,
3366 mm_to_dma_pfn(iova->pfn_lo),
3369 iommu_flush_write_buffer(iommu);
3371 start_paddr = (phys_addr_t)iova->pfn_lo << PAGE_SHIFT;
3372 start_paddr += paddr & ~PAGE_MASK;
3377 __free_iova(&domain->iovad, iova);
3378 pr_err("Device %s request: %zx@%llx dir %d --- failed\n",
3379 dev_name(dev), size, (unsigned long long)paddr, dir);
3383 static dma_addr_t intel_map_page(struct device *dev, struct page *page,
3384 unsigned long offset, size_t size,
3385 enum dma_data_direction dir,
3386 struct dma_attrs *attrs)
3388 return __intel_map_single(dev, page_to_phys(page) + offset, size,
3389 dir, *dev->dma_mask);
3392 static void flush_unmaps(void)
3398 /* just flush them all */
3399 for (i = 0; i < g_num_of_iommus; i++) {
3400 struct intel_iommu *iommu = g_iommus[i];
3404 if (!deferred_flush[i].next)
3407 /* In caching mode, global flushes turn emulation expensive */
3408 if (!cap_caching_mode(iommu->cap))
3409 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3410 DMA_TLB_GLOBAL_FLUSH);
3411 for (j = 0; j < deferred_flush[i].next; j++) {
3413 struct iova *iova = deferred_flush[i].iova[j];
3414 struct dmar_domain *domain = deferred_flush[i].domain[j];
3416 /* On real hardware multiple invalidations are expensive */
3417 if (cap_caching_mode(iommu->cap))
3418 iommu_flush_iotlb_psi(iommu, domain,
3419 iova->pfn_lo, iova_size(iova),
3420 !deferred_flush[i].freelist[j], 0);
3422 mask = ilog2(mm_to_dma_pfn(iova_size(iova)));
3423 iommu_flush_dev_iotlb(deferred_flush[i].domain[j],
3424 (uint64_t)iova->pfn_lo << PAGE_SHIFT, mask);
3426 __free_iova(&deferred_flush[i].domain[j]->iovad, iova);
3427 if (deferred_flush[i].freelist[j])
3428 dma_free_pagelist(deferred_flush[i].freelist[j]);
3430 deferred_flush[i].next = 0;
3436 static void flush_unmaps_timeout(unsigned long data)
3438 unsigned long flags;
3440 spin_lock_irqsave(&async_umap_flush_lock, flags);
3442 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3445 static void add_unmap(struct dmar_domain *dom, struct iova *iova, struct page *freelist)
3447 unsigned long flags;
3449 struct intel_iommu *iommu;
3451 spin_lock_irqsave(&async_umap_flush_lock, flags);
3452 if (list_size == HIGH_WATER_MARK)
3455 iommu = domain_get_iommu(dom);
3456 iommu_id = iommu->seq_id;
3458 next = deferred_flush[iommu_id].next;
3459 deferred_flush[iommu_id].domain[next] = dom;
3460 deferred_flush[iommu_id].iova[next] = iova;
3461 deferred_flush[iommu_id].freelist[next] = freelist;
3462 deferred_flush[iommu_id].next++;
3465 mod_timer(&unmap_timer, jiffies + msecs_to_jiffies(10));
3469 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3472 static void intel_unmap(struct device *dev, dma_addr_t dev_addr)
3474 struct dmar_domain *domain;
3475 unsigned long start_pfn, last_pfn;
3477 struct intel_iommu *iommu;
3478 struct page *freelist;
3480 if (iommu_no_mapping(dev))
3483 domain = find_domain(dev);
3486 iommu = domain_get_iommu(domain);
3488 iova = find_iova(&domain->iovad, IOVA_PFN(dev_addr));
3489 if (WARN_ONCE(!iova, "Driver unmaps unmatched page at PFN %llx\n",
3490 (unsigned long long)dev_addr))
3493 start_pfn = mm_to_dma_pfn(iova->pfn_lo);
3494 last_pfn = mm_to_dma_pfn(iova->pfn_hi + 1) - 1;
3496 pr_debug("Device %s unmapping: pfn %lx-%lx\n",
3497 dev_name(dev), start_pfn, last_pfn);
3499 freelist = domain_unmap(domain, start_pfn, last_pfn);
3501 if (intel_iommu_strict) {
3502 iommu_flush_iotlb_psi(iommu, domain, start_pfn,
3503 last_pfn - start_pfn + 1, !freelist, 0);
3505 __free_iova(&domain->iovad, iova);
3506 dma_free_pagelist(freelist);
3508 add_unmap(domain, iova, freelist);
3510 * queue up the release of the unmap to save the 1/6th of the
3511 * cpu used up by the iotlb flush operation...
3516 static void intel_unmap_page(struct device *dev, dma_addr_t dev_addr,
3517 size_t size, enum dma_data_direction dir,
3518 struct dma_attrs *attrs)
3520 intel_unmap(dev, dev_addr);
3523 static void *intel_alloc_coherent(struct device *dev, size_t size,
3524 dma_addr_t *dma_handle, gfp_t flags,
3525 struct dma_attrs *attrs)
3527 struct page *page = NULL;
3530 size = PAGE_ALIGN(size);
3531 order = get_order(size);
3533 if (!iommu_no_mapping(dev))
3534 flags &= ~(GFP_DMA | GFP_DMA32);
3535 else if (dev->coherent_dma_mask < dma_get_required_mask(dev)) {
3536 if (dev->coherent_dma_mask < DMA_BIT_MASK(32))
3542 if (flags & __GFP_WAIT) {
3543 unsigned int count = size >> PAGE_SHIFT;
3545 page = dma_alloc_from_contiguous(dev, count, order);
3546 if (page && iommu_no_mapping(dev) &&
3547 page_to_phys(page) + size > dev->coherent_dma_mask) {
3548 dma_release_from_contiguous(dev, page, count);
3554 page = alloc_pages(flags, order);
3557 memset(page_address(page), 0, size);
3559 *dma_handle = __intel_map_single(dev, page_to_phys(page), size,
3561 dev->coherent_dma_mask);
3563 return page_address(page);
3564 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3565 __free_pages(page, order);
3570 static void intel_free_coherent(struct device *dev, size_t size, void *vaddr,
3571 dma_addr_t dma_handle, struct dma_attrs *attrs)
3574 struct page *page = virt_to_page(vaddr);
3576 size = PAGE_ALIGN(size);
3577 order = get_order(size);
3579 intel_unmap(dev, dma_handle);
3580 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3581 __free_pages(page, order);
3584 static void intel_unmap_sg(struct device *dev, struct scatterlist *sglist,
3585 int nelems, enum dma_data_direction dir,
3586 struct dma_attrs *attrs)
3588 intel_unmap(dev, sglist[0].dma_address);
3591 static int intel_nontranslate_map_sg(struct device *hddev,
3592 struct scatterlist *sglist, int nelems, int dir)
3595 struct scatterlist *sg;
3597 for_each_sg(sglist, sg, nelems, i) {
3598 BUG_ON(!sg_page(sg));
3599 sg->dma_address = sg_phys(sg);
3600 sg->dma_length = sg->length;
3605 static int intel_map_sg(struct device *dev, struct scatterlist *sglist, int nelems,
3606 enum dma_data_direction dir, struct dma_attrs *attrs)
3609 struct dmar_domain *domain;
3612 struct iova *iova = NULL;
3614 struct scatterlist *sg;
3615 unsigned long start_vpfn;
3616 struct intel_iommu *iommu;
3618 BUG_ON(dir == DMA_NONE);
3619 if (iommu_no_mapping(dev))
3620 return intel_nontranslate_map_sg(dev, sglist, nelems, dir);
3622 domain = get_valid_domain_for_dev(dev);
3626 iommu = domain_get_iommu(domain);
3628 for_each_sg(sglist, sg, nelems, i)
3629 size += aligned_nrpages(sg->offset, sg->length);
3631 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size),
3634 sglist->dma_length = 0;
3639 * Check if DMAR supports zero-length reads on write only
3642 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3643 !cap_zlr(iommu->cap))
3644 prot |= DMA_PTE_READ;
3645 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3646 prot |= DMA_PTE_WRITE;
3648 start_vpfn = mm_to_dma_pfn(iova->pfn_lo);
3650 ret = domain_sg_mapping(domain, start_vpfn, sglist, size, prot);
3651 if (unlikely(ret)) {
3652 dma_pte_free_pagetable(domain, start_vpfn,
3653 start_vpfn + size - 1);
3654 __free_iova(&domain->iovad, iova);
3658 /* it's a non-present to present mapping. Only flush if caching mode */
3659 if (cap_caching_mode(iommu->cap))
3660 iommu_flush_iotlb_psi(iommu, domain, start_vpfn, size, 0, 1);
3662 iommu_flush_write_buffer(iommu);
3667 static int intel_mapping_error(struct device *dev, dma_addr_t dma_addr)
3672 struct dma_map_ops intel_dma_ops = {
3673 .alloc = intel_alloc_coherent,
3674 .free = intel_free_coherent,
3675 .map_sg = intel_map_sg,
3676 .unmap_sg = intel_unmap_sg,
3677 .map_page = intel_map_page,
3678 .unmap_page = intel_unmap_page,
3679 .mapping_error = intel_mapping_error,
3682 static inline int iommu_domain_cache_init(void)
3686 iommu_domain_cache = kmem_cache_create("iommu_domain",
3687 sizeof(struct dmar_domain),
3692 if (!iommu_domain_cache) {
3693 pr_err("Couldn't create iommu_domain cache\n");
3700 static inline int iommu_devinfo_cache_init(void)
3704 iommu_devinfo_cache = kmem_cache_create("iommu_devinfo",
3705 sizeof(struct device_domain_info),
3709 if (!iommu_devinfo_cache) {
3710 pr_err("Couldn't create devinfo cache\n");
3717 static int __init iommu_init_mempool(void)
3720 ret = iova_cache_get();
3724 ret = iommu_domain_cache_init();
3728 ret = iommu_devinfo_cache_init();
3732 kmem_cache_destroy(iommu_domain_cache);
3739 static void __init iommu_exit_mempool(void)
3741 kmem_cache_destroy(iommu_devinfo_cache);
3742 kmem_cache_destroy(iommu_domain_cache);
3746 static void quirk_ioat_snb_local_iommu(struct pci_dev *pdev)
3748 struct dmar_drhd_unit *drhd;
3752 /* We know that this device on this chipset has its own IOMMU.
3753 * If we find it under a different IOMMU, then the BIOS is lying
3754 * to us. Hope that the IOMMU for this device is actually
3755 * disabled, and it needs no translation...
3757 rc = pci_bus_read_config_dword(pdev->bus, PCI_DEVFN(0, 0), 0xb0, &vtbar);
3759 /* "can't" happen */
3760 dev_info(&pdev->dev, "failed to run vt-d quirk\n");
3763 vtbar &= 0xffff0000;
3765 /* we know that the this iommu should be at offset 0xa000 from vtbar */
3766 drhd = dmar_find_matched_drhd_unit(pdev);
3767 if (WARN_TAINT_ONCE(!drhd || drhd->reg_base_addr - vtbar != 0xa000,
3768 TAINT_FIRMWARE_WORKAROUND,
3769 "BIOS assigned incorrect VT-d unit for Intel(R) QuickData Technology device\n"))
3770 pdev->dev.archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3772 DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_IOAT_SNB, quirk_ioat_snb_local_iommu);
3774 static void __init init_no_remapping_devices(void)
3776 struct dmar_drhd_unit *drhd;
3780 for_each_drhd_unit(drhd) {
3781 if (!drhd->include_all) {
3782 for_each_active_dev_scope(drhd->devices,
3783 drhd->devices_cnt, i, dev)
3785 /* ignore DMAR unit if no devices exist */
3786 if (i == drhd->devices_cnt)
3791 for_each_active_drhd_unit(drhd) {
3792 if (drhd->include_all)
3795 for_each_active_dev_scope(drhd->devices,
3796 drhd->devices_cnt, i, dev)
3797 if (!dev_is_pci(dev) || !IS_GFX_DEVICE(to_pci_dev(dev)))
3799 if (i < drhd->devices_cnt)
3802 /* This IOMMU has *only* gfx devices. Either bypass it or
3803 set the gfx_mapped flag, as appropriate */
3805 intel_iommu_gfx_mapped = 1;
3808 for_each_active_dev_scope(drhd->devices,
3809 drhd->devices_cnt, i, dev)
3810 dev->archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3815 #ifdef CONFIG_SUSPEND
3816 static int init_iommu_hw(void)
3818 struct dmar_drhd_unit *drhd;
3819 struct intel_iommu *iommu = NULL;
3821 for_each_active_iommu(iommu, drhd)
3823 dmar_reenable_qi(iommu);
3825 for_each_iommu(iommu, drhd) {
3826 if (drhd->ignored) {
3828 * we always have to disable PMRs or DMA may fail on
3832 iommu_disable_protect_mem_regions(iommu);
3836 iommu_flush_write_buffer(iommu);
3838 iommu_set_root_entry(iommu);
3840 iommu->flush.flush_context(iommu, 0, 0, 0,
3841 DMA_CCMD_GLOBAL_INVL);
3842 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3843 iommu_enable_translation(iommu);
3844 iommu_disable_protect_mem_regions(iommu);
3850 static void iommu_flush_all(void)
3852 struct dmar_drhd_unit *drhd;
3853 struct intel_iommu *iommu;
3855 for_each_active_iommu(iommu, drhd) {
3856 iommu->flush.flush_context(iommu, 0, 0, 0,
3857 DMA_CCMD_GLOBAL_INVL);
3858 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3859 DMA_TLB_GLOBAL_FLUSH);
3863 static int iommu_suspend(void)
3865 struct dmar_drhd_unit *drhd;
3866 struct intel_iommu *iommu = NULL;
3869 for_each_active_iommu(iommu, drhd) {
3870 iommu->iommu_state = kzalloc(sizeof(u32) * MAX_SR_DMAR_REGS,
3872 if (!iommu->iommu_state)
3878 for_each_active_iommu(iommu, drhd) {
3879 iommu_disable_translation(iommu);
3881 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3883 iommu->iommu_state[SR_DMAR_FECTL_REG] =
3884 readl(iommu->reg + DMAR_FECTL_REG);
3885 iommu->iommu_state[SR_DMAR_FEDATA_REG] =
3886 readl(iommu->reg + DMAR_FEDATA_REG);
3887 iommu->iommu_state[SR_DMAR_FEADDR_REG] =
3888 readl(iommu->reg + DMAR_FEADDR_REG);
3889 iommu->iommu_state[SR_DMAR_FEUADDR_REG] =
3890 readl(iommu->reg + DMAR_FEUADDR_REG);
3892 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3897 for_each_active_iommu(iommu, drhd)
3898 kfree(iommu->iommu_state);
3903 static void iommu_resume(void)
3905 struct dmar_drhd_unit *drhd;
3906 struct intel_iommu *iommu = NULL;
3909 if (init_iommu_hw()) {
3911 panic("tboot: IOMMU setup failed, DMAR can not resume!\n");
3913 WARN(1, "IOMMU setup failed, DMAR can not resume!\n");
3917 for_each_active_iommu(iommu, drhd) {
3919 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3921 writel(iommu->iommu_state[SR_DMAR_FECTL_REG],
3922 iommu->reg + DMAR_FECTL_REG);
3923 writel(iommu->iommu_state[SR_DMAR_FEDATA_REG],
3924 iommu->reg + DMAR_FEDATA_REG);
3925 writel(iommu->iommu_state[SR_DMAR_FEADDR_REG],
3926 iommu->reg + DMAR_FEADDR_REG);
3927 writel(iommu->iommu_state[SR_DMAR_FEUADDR_REG],
3928 iommu->reg + DMAR_FEUADDR_REG);
3930 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3933 for_each_active_iommu(iommu, drhd)
3934 kfree(iommu->iommu_state);
3937 static struct syscore_ops iommu_syscore_ops = {
3938 .resume = iommu_resume,
3939 .suspend = iommu_suspend,
3942 static void __init init_iommu_pm_ops(void)
3944 register_syscore_ops(&iommu_syscore_ops);
3948 static inline void init_iommu_pm_ops(void) {}
3949 #endif /* CONFIG_PM */
3952 int __init dmar_parse_one_rmrr(struct acpi_dmar_header *header, void *arg)
3954 struct acpi_dmar_reserved_memory *rmrr;
3955 struct dmar_rmrr_unit *rmrru;
3957 rmrru = kzalloc(sizeof(*rmrru), GFP_KERNEL);
3961 rmrru->hdr = header;
3962 rmrr = (struct acpi_dmar_reserved_memory *)header;
3963 rmrru->base_address = rmrr->base_address;
3964 rmrru->end_address = rmrr->end_address;
3965 rmrru->devices = dmar_alloc_dev_scope((void *)(rmrr + 1),
3966 ((void *)rmrr) + rmrr->header.length,
3967 &rmrru->devices_cnt);
3968 if (rmrru->devices_cnt && rmrru->devices == NULL) {
3973 list_add(&rmrru->list, &dmar_rmrr_units);
3978 static struct dmar_atsr_unit *dmar_find_atsr(struct acpi_dmar_atsr *atsr)
3980 struct dmar_atsr_unit *atsru;
3981 struct acpi_dmar_atsr *tmp;
3983 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
3984 tmp = (struct acpi_dmar_atsr *)atsru->hdr;
3985 if (atsr->segment != tmp->segment)
3987 if (atsr->header.length != tmp->header.length)
3989 if (memcmp(atsr, tmp, atsr->header.length) == 0)
3996 int dmar_parse_one_atsr(struct acpi_dmar_header *hdr, void *arg)
3998 struct acpi_dmar_atsr *atsr;
3999 struct dmar_atsr_unit *atsru;
4001 if (system_state != SYSTEM_BOOTING && !intel_iommu_enabled)
4004 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4005 atsru = dmar_find_atsr(atsr);
4009 atsru = kzalloc(sizeof(*atsru) + hdr->length, GFP_KERNEL);
4014 * If memory is allocated from slab by ACPI _DSM method, we need to
4015 * copy the memory content because the memory buffer will be freed
4018 atsru->hdr = (void *)(atsru + 1);
4019 memcpy(atsru->hdr, hdr, hdr->length);
4020 atsru->include_all = atsr->flags & 0x1;
4021 if (!atsru->include_all) {
4022 atsru->devices = dmar_alloc_dev_scope((void *)(atsr + 1),
4023 (void *)atsr + atsr->header.length,
4024 &atsru->devices_cnt);
4025 if (atsru->devices_cnt && atsru->devices == NULL) {
4031 list_add_rcu(&atsru->list, &dmar_atsr_units);
4036 static void intel_iommu_free_atsr(struct dmar_atsr_unit *atsru)
4038 dmar_free_dev_scope(&atsru->devices, &atsru->devices_cnt);
4042 int dmar_release_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4044 struct acpi_dmar_atsr *atsr;
4045 struct dmar_atsr_unit *atsru;
4047 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4048 atsru = dmar_find_atsr(atsr);
4050 list_del_rcu(&atsru->list);
4052 intel_iommu_free_atsr(atsru);
4058 int dmar_check_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4062 struct acpi_dmar_atsr *atsr;
4063 struct dmar_atsr_unit *atsru;
4065 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4066 atsru = dmar_find_atsr(atsr);
4070 if (!atsru->include_all && atsru->devices && atsru->devices_cnt)
4071 for_each_active_dev_scope(atsru->devices, atsru->devices_cnt,
4078 static int intel_iommu_add(struct dmar_drhd_unit *dmaru)
4081 struct intel_iommu *iommu = dmaru->iommu;
4083 if (g_iommus[iommu->seq_id])
4086 if (hw_pass_through && !ecap_pass_through(iommu->ecap)) {
4087 pr_warn("%s: Doesn't support hardware pass through.\n",
4091 if (!ecap_sc_support(iommu->ecap) &&
4092 domain_update_iommu_snooping(iommu)) {
4093 pr_warn("%s: Doesn't support snooping.\n",
4097 sp = domain_update_iommu_superpage(iommu) - 1;
4098 if (sp >= 0 && !(cap_super_page_val(iommu->cap) & (1 << sp))) {
4099 pr_warn("%s: Doesn't support large page.\n",
4105 * Disable translation if already enabled prior to OS handover.
4107 if (iommu->gcmd & DMA_GCMD_TE)
4108 iommu_disable_translation(iommu);
4110 g_iommus[iommu->seq_id] = iommu;
4111 ret = iommu_init_domains(iommu);
4113 ret = iommu_alloc_root_entry(iommu);
4117 if (dmaru->ignored) {
4119 * we always have to disable PMRs or DMA may fail on this device
4122 iommu_disable_protect_mem_regions(iommu);
4126 intel_iommu_init_qi(iommu);
4127 iommu_flush_write_buffer(iommu);
4128 ret = dmar_set_interrupt(iommu);
4132 iommu_set_root_entry(iommu);
4133 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
4134 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
4135 iommu_enable_translation(iommu);
4137 iommu_disable_protect_mem_regions(iommu);
4141 disable_dmar_iommu(iommu);
4143 free_dmar_iommu(iommu);
4147 int dmar_iommu_hotplug(struct dmar_drhd_unit *dmaru, bool insert)
4150 struct intel_iommu *iommu = dmaru->iommu;
4152 if (!intel_iommu_enabled)
4158 ret = intel_iommu_add(dmaru);
4160 disable_dmar_iommu(iommu);
4161 free_dmar_iommu(iommu);
4167 static void intel_iommu_free_dmars(void)
4169 struct dmar_rmrr_unit *rmrru, *rmrr_n;
4170 struct dmar_atsr_unit *atsru, *atsr_n;
4172 list_for_each_entry_safe(rmrru, rmrr_n, &dmar_rmrr_units, list) {
4173 list_del(&rmrru->list);
4174 dmar_free_dev_scope(&rmrru->devices, &rmrru->devices_cnt);
4178 list_for_each_entry_safe(atsru, atsr_n, &dmar_atsr_units, list) {
4179 list_del(&atsru->list);
4180 intel_iommu_free_atsr(atsru);
4184 int dmar_find_matched_atsr_unit(struct pci_dev *dev)
4187 struct pci_bus *bus;
4188 struct pci_dev *bridge = NULL;
4190 struct acpi_dmar_atsr *atsr;
4191 struct dmar_atsr_unit *atsru;
4193 dev = pci_physfn(dev);
4194 for (bus = dev->bus; bus; bus = bus->parent) {
4196 if (!bridge || !pci_is_pcie(bridge) ||
4197 pci_pcie_type(bridge) == PCI_EXP_TYPE_PCI_BRIDGE)
4199 if (pci_pcie_type(bridge) == PCI_EXP_TYPE_ROOT_PORT)
4206 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
4207 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
4208 if (atsr->segment != pci_domain_nr(dev->bus))
4211 for_each_dev_scope(atsru->devices, atsru->devices_cnt, i, tmp)
4212 if (tmp == &bridge->dev)
4215 if (atsru->include_all)
4225 int dmar_iommu_notify_scope_dev(struct dmar_pci_notify_info *info)
4228 struct dmar_rmrr_unit *rmrru;
4229 struct dmar_atsr_unit *atsru;
4230 struct acpi_dmar_atsr *atsr;
4231 struct acpi_dmar_reserved_memory *rmrr;
4233 if (!intel_iommu_enabled && system_state != SYSTEM_BOOTING)
4236 list_for_each_entry(rmrru, &dmar_rmrr_units, list) {
4237 rmrr = container_of(rmrru->hdr,
4238 struct acpi_dmar_reserved_memory, header);
4239 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
4240 ret = dmar_insert_dev_scope(info, (void *)(rmrr + 1),
4241 ((void *)rmrr) + rmrr->header.length,
4242 rmrr->segment, rmrru->devices,
4243 rmrru->devices_cnt);
4246 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
4247 dmar_remove_dev_scope(info, rmrr->segment,
4248 rmrru->devices, rmrru->devices_cnt);
4252 list_for_each_entry(atsru, &dmar_atsr_units, list) {
4253 if (atsru->include_all)
4256 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
4257 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
4258 ret = dmar_insert_dev_scope(info, (void *)(atsr + 1),
4259 (void *)atsr + atsr->header.length,
4260 atsr->segment, atsru->devices,
4261 atsru->devices_cnt);
4266 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
4267 if (dmar_remove_dev_scope(info, atsr->segment,
4268 atsru->devices, atsru->devices_cnt))
4277 * Here we only respond to action of unbound device from driver.
4279 * Added device is not attached to its DMAR domain here yet. That will happen
4280 * when mapping the device to iova.
4282 static int device_notifier(struct notifier_block *nb,
4283 unsigned long action, void *data)
4285 struct device *dev = data;
4286 struct dmar_domain *domain;
4288 if (iommu_dummy(dev))
4291 if (action != BUS_NOTIFY_REMOVED_DEVICE)
4294 domain = find_domain(dev);
4298 dmar_remove_one_dev_info(domain, dev);
4299 if (!domain_type_is_vm_or_si(domain) && list_empty(&domain->devices))
4300 domain_exit(domain);
4305 static struct notifier_block device_nb = {
4306 .notifier_call = device_notifier,
4309 static int intel_iommu_memory_notifier(struct notifier_block *nb,
4310 unsigned long val, void *v)
4312 struct memory_notify *mhp = v;
4313 unsigned long long start, end;
4314 unsigned long start_vpfn, last_vpfn;
4317 case MEM_GOING_ONLINE:
4318 start = mhp->start_pfn << PAGE_SHIFT;
4319 end = ((mhp->start_pfn + mhp->nr_pages) << PAGE_SHIFT) - 1;
4320 if (iommu_domain_identity_map(si_domain, start, end)) {
4321 pr_warn("Failed to build identity map for [%llx-%llx]\n",
4328 case MEM_CANCEL_ONLINE:
4329 start_vpfn = mm_to_dma_pfn(mhp->start_pfn);
4330 last_vpfn = mm_to_dma_pfn(mhp->start_pfn + mhp->nr_pages - 1);
4331 while (start_vpfn <= last_vpfn) {
4333 struct dmar_drhd_unit *drhd;
4334 struct intel_iommu *iommu;
4335 struct page *freelist;
4337 iova = find_iova(&si_domain->iovad, start_vpfn);
4339 pr_debug("Failed get IOVA for PFN %lx\n",
4344 iova = split_and_remove_iova(&si_domain->iovad, iova,
4345 start_vpfn, last_vpfn);
4347 pr_warn("Failed to split IOVA PFN [%lx-%lx]\n",
4348 start_vpfn, last_vpfn);
4352 freelist = domain_unmap(si_domain, iova->pfn_lo,
4356 for_each_active_iommu(iommu, drhd)
4357 iommu_flush_iotlb_psi(iommu, si_domain,
4358 iova->pfn_lo, iova_size(iova),
4361 dma_free_pagelist(freelist);
4363 start_vpfn = iova->pfn_hi + 1;
4364 free_iova_mem(iova);
4372 static struct notifier_block intel_iommu_memory_nb = {
4373 .notifier_call = intel_iommu_memory_notifier,
4378 static ssize_t intel_iommu_show_version(struct device *dev,
4379 struct device_attribute *attr,
4382 struct intel_iommu *iommu = dev_get_drvdata(dev);
4383 u32 ver = readl(iommu->reg + DMAR_VER_REG);
4384 return sprintf(buf, "%d:%d\n",
4385 DMAR_VER_MAJOR(ver), DMAR_VER_MINOR(ver));
4387 static DEVICE_ATTR(version, S_IRUGO, intel_iommu_show_version, NULL);
4389 static ssize_t intel_iommu_show_address(struct device *dev,
4390 struct device_attribute *attr,
4393 struct intel_iommu *iommu = dev_get_drvdata(dev);
4394 return sprintf(buf, "%llx\n", iommu->reg_phys);
4396 static DEVICE_ATTR(address, S_IRUGO, intel_iommu_show_address, NULL);
4398 static ssize_t intel_iommu_show_cap(struct device *dev,
4399 struct device_attribute *attr,
4402 struct intel_iommu *iommu = dev_get_drvdata(dev);
4403 return sprintf(buf, "%llx\n", iommu->cap);
4405 static DEVICE_ATTR(cap, S_IRUGO, intel_iommu_show_cap, NULL);
4407 static ssize_t intel_iommu_show_ecap(struct device *dev,
4408 struct device_attribute *attr,
4411 struct intel_iommu *iommu = dev_get_drvdata(dev);
4412 return sprintf(buf, "%llx\n", iommu->ecap);
4414 static DEVICE_ATTR(ecap, S_IRUGO, intel_iommu_show_ecap, NULL);
4416 static ssize_t intel_iommu_show_ndoms(struct device *dev,
4417 struct device_attribute *attr,
4420 struct intel_iommu *iommu = dev_get_drvdata(dev);
4421 return sprintf(buf, "%ld\n", cap_ndoms(iommu->cap));
4423 static DEVICE_ATTR(domains_supported, S_IRUGO, intel_iommu_show_ndoms, NULL);
4425 static ssize_t intel_iommu_show_ndoms_used(struct device *dev,
4426 struct device_attribute *attr,
4429 struct intel_iommu *iommu = dev_get_drvdata(dev);
4430 return sprintf(buf, "%d\n", bitmap_weight(iommu->domain_ids,
4431 cap_ndoms(iommu->cap)));
4433 static DEVICE_ATTR(domains_used, S_IRUGO, intel_iommu_show_ndoms_used, NULL);
4435 static struct attribute *intel_iommu_attrs[] = {
4436 &dev_attr_version.attr,
4437 &dev_attr_address.attr,
4439 &dev_attr_ecap.attr,
4440 &dev_attr_domains_supported.attr,
4441 &dev_attr_domains_used.attr,
4445 static struct attribute_group intel_iommu_group = {
4446 .name = "intel-iommu",
4447 .attrs = intel_iommu_attrs,
4450 const struct attribute_group *intel_iommu_groups[] = {
4455 int __init intel_iommu_init(void)
4458 struct dmar_drhd_unit *drhd;
4459 struct intel_iommu *iommu;
4461 /* VT-d is required for a TXT/tboot launch, so enforce that */
4462 force_on = tboot_force_iommu();
4464 if (iommu_init_mempool()) {
4466 panic("tboot: Failed to initialize iommu memory\n");
4470 down_write(&dmar_global_lock);
4471 if (dmar_table_init()) {
4473 panic("tboot: Failed to initialize DMAR table\n");
4477 if (dmar_dev_scope_init() < 0) {
4479 panic("tboot: Failed to initialize DMAR device scope\n");
4483 if (no_iommu || dmar_disabled)
4486 if (list_empty(&dmar_rmrr_units))
4487 pr_info("No RMRR found\n");
4489 if (list_empty(&dmar_atsr_units))
4490 pr_info("No ATSR found\n");
4492 if (dmar_init_reserved_ranges()) {
4494 panic("tboot: Failed to reserve iommu ranges\n");
4495 goto out_free_reserved_range;
4498 init_no_remapping_devices();
4503 panic("tboot: Failed to initialize DMARs\n");
4504 pr_err("Initialization failed\n");
4505 goto out_free_reserved_range;
4507 up_write(&dmar_global_lock);
4508 pr_info("Intel(R) Virtualization Technology for Directed I/O\n");
4510 init_timer(&unmap_timer);
4511 #ifdef CONFIG_SWIOTLB
4514 dma_ops = &intel_dma_ops;
4516 init_iommu_pm_ops();
4518 for_each_active_iommu(iommu, drhd)
4519 iommu->iommu_dev = iommu_device_create(NULL, iommu,
4523 bus_set_iommu(&pci_bus_type, &intel_iommu_ops);
4524 bus_register_notifier(&pci_bus_type, &device_nb);
4525 if (si_domain && !hw_pass_through)
4526 register_memory_notifier(&intel_iommu_memory_nb);
4528 intel_iommu_enabled = 1;
4532 out_free_reserved_range:
4533 put_iova_domain(&reserved_iova_list);
4535 intel_iommu_free_dmars();
4536 up_write(&dmar_global_lock);
4537 iommu_exit_mempool();
4541 static int domain_context_clear_one_cb(struct pci_dev *pdev, u16 alias, void *opaque)
4543 struct intel_iommu *iommu = opaque;
4545 domain_context_clear_one(iommu, PCI_BUS_NUM(alias), alias & 0xff);
4550 * NB - intel-iommu lacks any sort of reference counting for the users of
4551 * dependent devices. If multiple endpoints have intersecting dependent
4552 * devices, unbinding the driver from any one of them will possibly leave
4553 * the others unable to operate.
4555 static void domain_context_clear(struct intel_iommu *iommu, struct device *dev)
4557 if (!iommu || !dev || !dev_is_pci(dev))
4560 pci_for_each_dma_alias(to_pci_dev(dev), &domain_context_clear_one_cb, iommu);
4563 static void __dmar_remove_one_dev_info(struct device_domain_info *info)
4565 struct intel_iommu *iommu;
4566 unsigned long flags;
4568 assert_spin_locked(&device_domain_lock);
4573 iommu = info->iommu;
4576 iommu_disable_dev_iotlb(info);
4577 domain_context_clear(iommu, info->dev);
4580 unlink_domain_info(info);
4582 spin_lock_irqsave(&iommu->lock, flags);
4583 domain_detach_iommu(info->domain, iommu);
4584 spin_unlock_irqrestore(&iommu->lock, flags);
4586 free_devinfo_mem(info);
4589 static void dmar_remove_one_dev_info(struct dmar_domain *domain,
4592 struct device_domain_info *info;
4593 unsigned long flags;
4595 spin_lock_irqsave(&device_domain_lock, flags);
4596 info = dev->archdata.iommu;
4597 __dmar_remove_one_dev_info(info);
4598 spin_unlock_irqrestore(&device_domain_lock, flags);
4601 static int md_domain_init(struct dmar_domain *domain, int guest_width)
4605 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
4607 domain_reserve_special_ranges(domain);
4609 /* calculate AGAW */
4610 domain->gaw = guest_width;
4611 adjust_width = guestwidth_to_adjustwidth(guest_width);
4612 domain->agaw = width_to_agaw(adjust_width);
4614 domain->iommu_coherency = 0;
4615 domain->iommu_snooping = 0;
4616 domain->iommu_superpage = 0;
4617 domain->max_addr = 0;
4619 /* always allocate the top pgd */
4620 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
4623 domain_flush_cache(domain, domain->pgd, PAGE_SIZE);
4627 static struct iommu_domain *intel_iommu_domain_alloc(unsigned type)
4629 struct dmar_domain *dmar_domain;
4630 struct iommu_domain *domain;
4632 if (type != IOMMU_DOMAIN_UNMANAGED)
4635 dmar_domain = alloc_domain(DOMAIN_FLAG_VIRTUAL_MACHINE);
4637 pr_err("Can't allocate dmar_domain\n");
4640 if (md_domain_init(dmar_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
4641 pr_err("Domain initialization failed\n");
4642 domain_exit(dmar_domain);
4645 domain_update_iommu_cap(dmar_domain);
4647 domain = &dmar_domain->domain;
4648 domain->geometry.aperture_start = 0;
4649 domain->geometry.aperture_end = __DOMAIN_MAX_ADDR(dmar_domain->gaw);
4650 domain->geometry.force_aperture = true;
4655 static void intel_iommu_domain_free(struct iommu_domain *domain)
4657 domain_exit(to_dmar_domain(domain));
4660 static int intel_iommu_attach_device(struct iommu_domain *domain,
4663 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4664 struct intel_iommu *iommu;
4668 if (device_is_rmrr_locked(dev)) {
4669 dev_warn(dev, "Device is ineligible for IOMMU domain attach due to platform RMRR requirement. Contact your platform vendor.\n");
4673 /* normally dev is not mapped */
4674 if (unlikely(domain_context_mapped(dev))) {
4675 struct dmar_domain *old_domain;
4677 old_domain = find_domain(dev);
4680 dmar_remove_one_dev_info(old_domain, dev);
4683 if (!domain_type_is_vm_or_si(old_domain) &&
4684 list_empty(&old_domain->devices))
4685 domain_exit(old_domain);
4689 iommu = device_to_iommu(dev, &bus, &devfn);
4693 /* check if this iommu agaw is sufficient for max mapped address */
4694 addr_width = agaw_to_width(iommu->agaw);
4695 if (addr_width > cap_mgaw(iommu->cap))
4696 addr_width = cap_mgaw(iommu->cap);
4698 if (dmar_domain->max_addr > (1LL << addr_width)) {
4699 pr_err("%s: iommu width (%d) is not "
4700 "sufficient for the mapped address (%llx)\n",
4701 __func__, addr_width, dmar_domain->max_addr);
4704 dmar_domain->gaw = addr_width;
4707 * Knock out extra levels of page tables if necessary
4709 while (iommu->agaw < dmar_domain->agaw) {
4710 struct dma_pte *pte;
4712 pte = dmar_domain->pgd;
4713 if (dma_pte_present(pte)) {
4714 dmar_domain->pgd = (struct dma_pte *)
4715 phys_to_virt(dma_pte_addr(pte));
4716 free_pgtable_page(pte);
4718 dmar_domain->agaw--;
4721 return domain_add_dev_info(dmar_domain, dev);
4724 static void intel_iommu_detach_device(struct iommu_domain *domain,
4727 dmar_remove_one_dev_info(to_dmar_domain(domain), dev);
4730 static int intel_iommu_map(struct iommu_domain *domain,
4731 unsigned long iova, phys_addr_t hpa,
4732 size_t size, int iommu_prot)
4734 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4739 if (iommu_prot & IOMMU_READ)
4740 prot |= DMA_PTE_READ;
4741 if (iommu_prot & IOMMU_WRITE)
4742 prot |= DMA_PTE_WRITE;
4743 if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
4744 prot |= DMA_PTE_SNP;
4746 max_addr = iova + size;
4747 if (dmar_domain->max_addr < max_addr) {
4750 /* check if minimum agaw is sufficient for mapped address */
4751 end = __DOMAIN_MAX_ADDR(dmar_domain->gaw) + 1;
4752 if (end < max_addr) {
4753 pr_err("%s: iommu width (%d) is not "
4754 "sufficient for the mapped address (%llx)\n",
4755 __func__, dmar_domain->gaw, max_addr);
4758 dmar_domain->max_addr = max_addr;
4760 /* Round up size to next multiple of PAGE_SIZE, if it and
4761 the low bits of hpa would take us onto the next page */
4762 size = aligned_nrpages(hpa, size);
4763 ret = domain_pfn_mapping(dmar_domain, iova >> VTD_PAGE_SHIFT,
4764 hpa >> VTD_PAGE_SHIFT, size, prot);
4768 static size_t intel_iommu_unmap(struct iommu_domain *domain,
4769 unsigned long iova, size_t size)
4771 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4772 struct page *freelist = NULL;
4773 struct intel_iommu *iommu;
4774 unsigned long start_pfn, last_pfn;
4775 unsigned int npages;
4776 int iommu_id, level = 0;
4778 /* Cope with horrid API which requires us to unmap more than the
4779 size argument if it happens to be a large-page mapping. */
4780 BUG_ON(!pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level));
4782 if (size < VTD_PAGE_SIZE << level_to_offset_bits(level))
4783 size = VTD_PAGE_SIZE << level_to_offset_bits(level);
4785 start_pfn = iova >> VTD_PAGE_SHIFT;
4786 last_pfn = (iova + size - 1) >> VTD_PAGE_SHIFT;
4788 freelist = domain_unmap(dmar_domain, start_pfn, last_pfn);
4790 npages = last_pfn - start_pfn + 1;
4792 for_each_domain_iommu(iommu_id, dmar_domain) {
4793 iommu = g_iommus[iommu_id];
4795 iommu_flush_iotlb_psi(g_iommus[iommu_id], dmar_domain,
4796 start_pfn, npages, !freelist, 0);
4799 dma_free_pagelist(freelist);
4801 if (dmar_domain->max_addr == iova + size)
4802 dmar_domain->max_addr = iova;
4807 static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
4810 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4811 struct dma_pte *pte;
4815 pte = pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level);
4817 phys = dma_pte_addr(pte);
4822 static bool intel_iommu_capable(enum iommu_cap cap)
4824 if (cap == IOMMU_CAP_CACHE_COHERENCY)
4825 return domain_update_iommu_snooping(NULL) == 1;
4826 if (cap == IOMMU_CAP_INTR_REMAP)
4827 return irq_remapping_enabled == 1;
4832 static int intel_iommu_add_device(struct device *dev)
4834 struct intel_iommu *iommu;
4835 struct iommu_group *group;
4838 iommu = device_to_iommu(dev, &bus, &devfn);
4842 iommu_device_link(iommu->iommu_dev, dev);
4844 group = iommu_group_get_for_dev(dev);
4847 return PTR_ERR(group);
4849 iommu_group_put(group);
4853 static void intel_iommu_remove_device(struct device *dev)
4855 struct intel_iommu *iommu;
4858 iommu = device_to_iommu(dev, &bus, &devfn);
4862 iommu_group_remove_device(dev);
4864 iommu_device_unlink(iommu->iommu_dev, dev);
4867 static const struct iommu_ops intel_iommu_ops = {
4868 .capable = intel_iommu_capable,
4869 .domain_alloc = intel_iommu_domain_alloc,
4870 .domain_free = intel_iommu_domain_free,
4871 .attach_dev = intel_iommu_attach_device,
4872 .detach_dev = intel_iommu_detach_device,
4873 .map = intel_iommu_map,
4874 .unmap = intel_iommu_unmap,
4875 .map_sg = default_iommu_map_sg,
4876 .iova_to_phys = intel_iommu_iova_to_phys,
4877 .add_device = intel_iommu_add_device,
4878 .remove_device = intel_iommu_remove_device,
4879 .pgsize_bitmap = INTEL_IOMMU_PGSIZES,
4882 static void quirk_iommu_g4x_gfx(struct pci_dev *dev)
4884 /* G4x/GM45 integrated gfx dmar support is totally busted. */
4885 pr_info("Disabling IOMMU for graphics on this chipset\n");
4889 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_g4x_gfx);
4890 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_g4x_gfx);
4891 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_g4x_gfx);
4892 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_g4x_gfx);
4893 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_g4x_gfx);
4894 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_g4x_gfx);
4895 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_g4x_gfx);
4897 static void quirk_iommu_rwbf(struct pci_dev *dev)
4900 * Mobile 4 Series Chipset neglects to set RWBF capability,
4901 * but needs it. Same seems to hold for the desktop versions.
4903 pr_info("Forcing write-buffer flush capability\n");
4907 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_rwbf);
4908 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_rwbf);
4909 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_rwbf);
4910 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_rwbf);
4911 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_rwbf);
4912 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_rwbf);
4913 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_rwbf);
4916 #define GGC_MEMORY_SIZE_MASK (0xf << 8)
4917 #define GGC_MEMORY_SIZE_NONE (0x0 << 8)
4918 #define GGC_MEMORY_SIZE_1M (0x1 << 8)
4919 #define GGC_MEMORY_SIZE_2M (0x3 << 8)
4920 #define GGC_MEMORY_VT_ENABLED (0x8 << 8)
4921 #define GGC_MEMORY_SIZE_2M_VT (0x9 << 8)
4922 #define GGC_MEMORY_SIZE_3M_VT (0xa << 8)
4923 #define GGC_MEMORY_SIZE_4M_VT (0xb << 8)
4925 static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev)
4929 if (pci_read_config_word(dev, GGC, &ggc))
4932 if (!(ggc & GGC_MEMORY_VT_ENABLED)) {
4933 pr_info("BIOS has allocated no shadow GTT; disabling IOMMU for graphics\n");
4935 } else if (dmar_map_gfx) {
4936 /* we have to ensure the gfx device is idle before we flush */
4937 pr_info("Disabling batched IOTLB flush on Ironlake\n");
4938 intel_iommu_strict = 1;
4941 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0040, quirk_calpella_no_shadow_gtt);
4942 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0044, quirk_calpella_no_shadow_gtt);
4943 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0062, quirk_calpella_no_shadow_gtt);
4944 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x006a, quirk_calpella_no_shadow_gtt);
4946 /* On Tylersburg chipsets, some BIOSes have been known to enable the
4947 ISOCH DMAR unit for the Azalia sound device, but not give it any
4948 TLB entries, which causes it to deadlock. Check for that. We do
4949 this in a function called from init_dmars(), instead of in a PCI
4950 quirk, because we don't want to print the obnoxious "BIOS broken"
4951 message if VT-d is actually disabled.
4953 static void __init check_tylersburg_isoch(void)
4955 struct pci_dev *pdev;
4956 uint32_t vtisochctrl;
4958 /* If there's no Azalia in the system anyway, forget it. */
4959 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL);
4964 /* System Management Registers. Might be hidden, in which case
4965 we can't do the sanity check. But that's OK, because the
4966 known-broken BIOSes _don't_ actually hide it, so far. */
4967 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x342e, NULL);
4971 if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) {
4978 /* If Azalia DMA is routed to the non-isoch DMAR unit, fine. */
4979 if (vtisochctrl & 1)
4982 /* Drop all bits other than the number of TLB entries */
4983 vtisochctrl &= 0x1c;
4985 /* If we have the recommended number of TLB entries (16), fine. */
4986 if (vtisochctrl == 0x10)
4989 /* Zero TLB entries? You get to ride the short bus to school. */
4991 WARN(1, "Your BIOS is broken; DMA routed to ISOCH DMAR unit but no TLB space.\n"
4992 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
4993 dmi_get_system_info(DMI_BIOS_VENDOR),
4994 dmi_get_system_info(DMI_BIOS_VERSION),
4995 dmi_get_system_info(DMI_PRODUCT_VERSION));
4996 iommu_identity_mapping |= IDENTMAP_AZALIA;
5000 pr_warn("Recommended TLB entries for ISOCH unit is 16; your BIOS set %d\n",
projects / linux-2.6-microblaze.git / blob