1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
4 * Author: Joerg Roedel <jroedel@suse.de>
7 #define pr_fmt(fmt) "iommu: " fmt
9 #include <linux/device.h>
10 #include <linux/kernel.h>
11 #include <linux/bug.h>
12 #include <linux/types.h>
13 #include <linux/init.h>
14 #include <linux/export.h>
15 #include <linux/slab.h>
16 #include <linux/errno.h>
17 #include <linux/iommu.h>
18 #include <linux/idr.h>
19 #include <linux/notifier.h>
20 #include <linux/err.h>
21 #include <linux/pci.h>
22 #include <linux/bitops.h>
23 #include <linux/property.h>
24 #include <linux/fsl/mc.h>
25 #include <linux/module.h>
26 #include <trace/events/iommu.h>
28 static struct kset *iommu_group_kset;
29 static DEFINE_IDA(iommu_group_ida);
31 static unsigned int iommu_def_domain_type __read_mostly;
32 static bool iommu_dma_strict __read_mostly = true;
33 static u32 iommu_cmd_line __read_mostly;
37 struct kobject *devices_kobj;
38 struct list_head devices;
40 struct blocking_notifier_head notifier;
42 void (*iommu_data_release)(void *iommu_data);
45 struct iommu_domain *default_domain;
46 struct iommu_domain *domain;
47 struct list_head entry;
51 struct list_head list;
56 struct iommu_group_attribute {
57 struct attribute attr;
58 ssize_t (*show)(struct iommu_group *group, char *buf);
59 ssize_t (*store)(struct iommu_group *group,
60 const char *buf, size_t count);
63 static const char * const iommu_group_resv_type_string[] = {
64 [IOMMU_RESV_DIRECT] = "direct",
65 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable",
66 [IOMMU_RESV_RESERVED] = "reserved",
67 [IOMMU_RESV_MSI] = "msi",
68 [IOMMU_RESV_SW_MSI] = "msi",
71 #define IOMMU_CMD_LINE_DMA_API BIT(0)
72 #define IOMMU_CMD_LINE_STRICT BIT(1)
74 static int iommu_alloc_default_domain(struct iommu_group *group,
76 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
78 static int __iommu_attach_device(struct iommu_domain *domain,
80 static int __iommu_attach_group(struct iommu_domain *domain,
81 struct iommu_group *group);
82 static void __iommu_detach_group(struct iommu_domain *domain,
83 struct iommu_group *group);
84 static int iommu_create_device_direct_mappings(struct iommu_group *group,
86 static struct iommu_group *iommu_group_get_for_dev(struct device *dev);
87 static ssize_t iommu_group_store_type(struct iommu_group *group,
88 const char *buf, size_t count);
90 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \
91 struct iommu_group_attribute iommu_group_attr_##_name = \
92 __ATTR(_name, _mode, _show, _store)
94 #define to_iommu_group_attr(_attr) \
95 container_of(_attr, struct iommu_group_attribute, attr)
96 #define to_iommu_group(_kobj) \
97 container_of(_kobj, struct iommu_group, kobj)
99 static LIST_HEAD(iommu_device_list);
100 static DEFINE_SPINLOCK(iommu_device_lock);
103 * Use a function instead of an array here because the domain-type is a
104 * bit-field, so an array would waste memory.
106 static const char *iommu_domain_type_str(unsigned int t)
109 case IOMMU_DOMAIN_BLOCKED:
111 case IOMMU_DOMAIN_IDENTITY:
112 return "Passthrough";
113 case IOMMU_DOMAIN_UNMANAGED:
115 case IOMMU_DOMAIN_DMA:
122 static int __init iommu_subsys_init(void)
124 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) {
125 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH))
126 iommu_set_default_passthrough(false);
128 iommu_set_default_translated(false);
130 if (iommu_default_passthrough() && mem_encrypt_active()) {
131 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n");
132 iommu_set_default_translated(false);
136 pr_info("Default domain type: %s %s\n",
137 iommu_domain_type_str(iommu_def_domain_type),
138 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ?
139 "(set via kernel command line)" : "");
143 subsys_initcall(iommu_subsys_init);
146 * iommu_device_register() - Register an IOMMU hardware instance
147 * @iommu: IOMMU handle for the instance
148 * @ops: IOMMU ops to associate with the instance
149 * @hwdev: (optional) actual instance device, used for fwnode lookup
151 * Return: 0 on success, or an error.
153 int iommu_device_register(struct iommu_device *iommu,
154 const struct iommu_ops *ops, struct device *hwdev)
156 /* We need to be able to take module references appropriately */
157 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner))
162 iommu->fwnode = hwdev->fwnode;
164 spin_lock(&iommu_device_lock);
165 list_add_tail(&iommu->list, &iommu_device_list);
166 spin_unlock(&iommu_device_lock);
169 EXPORT_SYMBOL_GPL(iommu_device_register);
171 void iommu_device_unregister(struct iommu_device *iommu)
173 spin_lock(&iommu_device_lock);
174 list_del(&iommu->list);
175 spin_unlock(&iommu_device_lock);
177 EXPORT_SYMBOL_GPL(iommu_device_unregister);
179 static struct dev_iommu *dev_iommu_get(struct device *dev)
181 struct dev_iommu *param = dev->iommu;
186 param = kzalloc(sizeof(*param), GFP_KERNEL);
190 mutex_init(¶m->lock);
195 static void dev_iommu_free(struct device *dev)
197 iommu_fwspec_free(dev);
202 static int __iommu_probe_device(struct device *dev, struct list_head *group_list)
204 const struct iommu_ops *ops = dev->bus->iommu_ops;
205 struct iommu_device *iommu_dev;
206 struct iommu_group *group;
212 if (!dev_iommu_get(dev))
215 if (!try_module_get(ops->owner)) {
220 iommu_dev = ops->probe_device(dev);
221 if (IS_ERR(iommu_dev)) {
222 ret = PTR_ERR(iommu_dev);
226 dev->iommu->iommu_dev = iommu_dev;
228 group = iommu_group_get_for_dev(dev);
230 ret = PTR_ERR(group);
233 iommu_group_put(group);
235 if (group_list && !group->default_domain && list_empty(&group->entry))
236 list_add_tail(&group->entry, group_list);
238 iommu_device_link(iommu_dev, dev);
243 ops->release_device(dev);
246 module_put(ops->owner);
254 int iommu_probe_device(struct device *dev)
256 const struct iommu_ops *ops = dev->bus->iommu_ops;
257 struct iommu_group *group;
260 ret = __iommu_probe_device(dev, NULL);
264 group = iommu_group_get(dev);
271 * Try to allocate a default domain - needs support from the
272 * IOMMU driver. There are still some drivers which don't
273 * support default domains, so the return value is not yet
276 iommu_alloc_default_domain(group, dev);
278 if (group->default_domain) {
279 ret = __iommu_attach_device(group->default_domain, dev);
281 iommu_group_put(group);
286 iommu_create_device_direct_mappings(group, dev);
288 iommu_group_put(group);
290 if (ops->probe_finalize)
291 ops->probe_finalize(dev);
296 iommu_release_device(dev);
303 void iommu_release_device(struct device *dev)
305 const struct iommu_ops *ops = dev->bus->iommu_ops;
310 iommu_device_unlink(dev->iommu->iommu_dev, dev);
312 ops->release_device(dev);
314 iommu_group_remove_device(dev);
315 module_put(ops->owner);
319 static int __init iommu_set_def_domain_type(char *str)
324 ret = kstrtobool(str, &pt);
329 iommu_set_default_passthrough(true);
331 iommu_set_default_translated(true);
335 early_param("iommu.passthrough", iommu_set_def_domain_type);
337 static int __init iommu_dma_setup(char *str)
339 int ret = kstrtobool(str, &iommu_dma_strict);
342 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT;
345 early_param("iommu.strict", iommu_dma_setup);
347 void iommu_set_dma_strict(bool strict)
349 if (strict || !(iommu_cmd_line & IOMMU_CMD_LINE_STRICT))
350 iommu_dma_strict = strict;
353 bool iommu_get_dma_strict(struct iommu_domain *domain)
355 /* only allow lazy flushing for DMA domains */
356 if (domain->type == IOMMU_DOMAIN_DMA)
357 return iommu_dma_strict;
360 EXPORT_SYMBOL_GPL(iommu_get_dma_strict);
362 static ssize_t iommu_group_attr_show(struct kobject *kobj,
363 struct attribute *__attr, char *buf)
365 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
366 struct iommu_group *group = to_iommu_group(kobj);
370 ret = attr->show(group, buf);
374 static ssize_t iommu_group_attr_store(struct kobject *kobj,
375 struct attribute *__attr,
376 const char *buf, size_t count)
378 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
379 struct iommu_group *group = to_iommu_group(kobj);
383 ret = attr->store(group, buf, count);
387 static const struct sysfs_ops iommu_group_sysfs_ops = {
388 .show = iommu_group_attr_show,
389 .store = iommu_group_attr_store,
392 static int iommu_group_create_file(struct iommu_group *group,
393 struct iommu_group_attribute *attr)
395 return sysfs_create_file(&group->kobj, &attr->attr);
398 static void iommu_group_remove_file(struct iommu_group *group,
399 struct iommu_group_attribute *attr)
401 sysfs_remove_file(&group->kobj, &attr->attr);
404 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf)
406 return sprintf(buf, "%s\n", group->name);
410 * iommu_insert_resv_region - Insert a new region in the
411 * list of reserved regions.
412 * @new: new region to insert
413 * @regions: list of regions
415 * Elements are sorted by start address and overlapping segments
416 * of the same type are merged.
418 static int iommu_insert_resv_region(struct iommu_resv_region *new,
419 struct list_head *regions)
421 struct iommu_resv_region *iter, *tmp, *nr, *top;
424 nr = iommu_alloc_resv_region(new->start, new->length,
425 new->prot, new->type);
429 /* First add the new element based on start address sorting */
430 list_for_each_entry(iter, regions, list) {
431 if (nr->start < iter->start ||
432 (nr->start == iter->start && nr->type <= iter->type))
435 list_add_tail(&nr->list, &iter->list);
437 /* Merge overlapping segments of type nr->type in @regions, if any */
438 list_for_each_entry_safe(iter, tmp, regions, list) {
439 phys_addr_t top_end, iter_end = iter->start + iter->length - 1;
441 /* no merge needed on elements of different types than @new */
442 if (iter->type != new->type) {
443 list_move_tail(&iter->list, &stack);
447 /* look for the last stack element of same type as @iter */
448 list_for_each_entry_reverse(top, &stack, list)
449 if (top->type == iter->type)
452 list_move_tail(&iter->list, &stack);
456 top_end = top->start + top->length - 1;
458 if (iter->start > top_end + 1) {
459 list_move_tail(&iter->list, &stack);
461 top->length = max(top_end, iter_end) - top->start + 1;
462 list_del(&iter->list);
466 list_splice(&stack, regions);
471 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions,
472 struct list_head *group_resv_regions)
474 struct iommu_resv_region *entry;
477 list_for_each_entry(entry, dev_resv_regions, list) {
478 ret = iommu_insert_resv_region(entry, group_resv_regions);
485 int iommu_get_group_resv_regions(struct iommu_group *group,
486 struct list_head *head)
488 struct group_device *device;
491 mutex_lock(&group->mutex);
492 list_for_each_entry(device, &group->devices, list) {
493 struct list_head dev_resv_regions;
495 INIT_LIST_HEAD(&dev_resv_regions);
496 iommu_get_resv_regions(device->dev, &dev_resv_regions);
497 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head);
498 iommu_put_resv_regions(device->dev, &dev_resv_regions);
502 mutex_unlock(&group->mutex);
505 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions);
507 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group,
510 struct iommu_resv_region *region, *next;
511 struct list_head group_resv_regions;
514 INIT_LIST_HEAD(&group_resv_regions);
515 iommu_get_group_resv_regions(group, &group_resv_regions);
517 list_for_each_entry_safe(region, next, &group_resv_regions, list) {
518 str += sprintf(str, "0x%016llx 0x%016llx %s\n",
519 (long long int)region->start,
520 (long long int)(region->start +
522 iommu_group_resv_type_string[region->type]);
529 static ssize_t iommu_group_show_type(struct iommu_group *group,
532 char *type = "unknown\n";
534 mutex_lock(&group->mutex);
535 if (group->default_domain) {
536 switch (group->default_domain->type) {
537 case IOMMU_DOMAIN_BLOCKED:
540 case IOMMU_DOMAIN_IDENTITY:
543 case IOMMU_DOMAIN_UNMANAGED:
544 type = "unmanaged\n";
546 case IOMMU_DOMAIN_DMA:
551 mutex_unlock(&group->mutex);
557 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL);
559 static IOMMU_GROUP_ATTR(reserved_regions, 0444,
560 iommu_group_show_resv_regions, NULL);
562 static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type,
563 iommu_group_store_type);
565 static void iommu_group_release(struct kobject *kobj)
567 struct iommu_group *group = to_iommu_group(kobj);
569 pr_debug("Releasing group %d\n", group->id);
571 if (group->iommu_data_release)
572 group->iommu_data_release(group->iommu_data);
574 ida_simple_remove(&iommu_group_ida, group->id);
576 if (group->default_domain)
577 iommu_domain_free(group->default_domain);
583 static struct kobj_type iommu_group_ktype = {
584 .sysfs_ops = &iommu_group_sysfs_ops,
585 .release = iommu_group_release,
589 * iommu_group_alloc - Allocate a new group
591 * This function is called by an iommu driver to allocate a new iommu
592 * group. The iommu group represents the minimum granularity of the iommu.
593 * Upon successful return, the caller holds a reference to the supplied
594 * group in order to hold the group until devices are added. Use
595 * iommu_group_put() to release this extra reference count, allowing the
596 * group to be automatically reclaimed once it has no devices or external
599 struct iommu_group *iommu_group_alloc(void)
601 struct iommu_group *group;
604 group = kzalloc(sizeof(*group), GFP_KERNEL);
606 return ERR_PTR(-ENOMEM);
608 group->kobj.kset = iommu_group_kset;
609 mutex_init(&group->mutex);
610 INIT_LIST_HEAD(&group->devices);
611 INIT_LIST_HEAD(&group->entry);
612 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
614 ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL);
621 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype,
622 NULL, "%d", group->id);
624 ida_simple_remove(&iommu_group_ida, group->id);
625 kobject_put(&group->kobj);
629 group->devices_kobj = kobject_create_and_add("devices", &group->kobj);
630 if (!group->devices_kobj) {
631 kobject_put(&group->kobj); /* triggers .release & free */
632 return ERR_PTR(-ENOMEM);
636 * The devices_kobj holds a reference on the group kobject, so
637 * as long as that exists so will the group. We can therefore
638 * use the devices_kobj for reference counting.
640 kobject_put(&group->kobj);
642 ret = iommu_group_create_file(group,
643 &iommu_group_attr_reserved_regions);
647 ret = iommu_group_create_file(group, &iommu_group_attr_type);
651 pr_debug("Allocated group %d\n", group->id);
655 EXPORT_SYMBOL_GPL(iommu_group_alloc);
657 struct iommu_group *iommu_group_get_by_id(int id)
659 struct kobject *group_kobj;
660 struct iommu_group *group;
663 if (!iommu_group_kset)
666 name = kasprintf(GFP_KERNEL, "%d", id);
670 group_kobj = kset_find_obj(iommu_group_kset, name);
676 group = container_of(group_kobj, struct iommu_group, kobj);
677 BUG_ON(group->id != id);
679 kobject_get(group->devices_kobj);
680 kobject_put(&group->kobj);
684 EXPORT_SYMBOL_GPL(iommu_group_get_by_id);
687 * iommu_group_get_iommudata - retrieve iommu_data registered for a group
690 * iommu drivers can store data in the group for use when doing iommu
691 * operations. This function provides a way to retrieve it. Caller
692 * should hold a group reference.
694 void *iommu_group_get_iommudata(struct iommu_group *group)
696 return group->iommu_data;
698 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata);
701 * iommu_group_set_iommudata - set iommu_data for a group
703 * @iommu_data: new data
704 * @release: release function for iommu_data
706 * iommu drivers can store data in the group for use when doing iommu
707 * operations. This function provides a way to set the data after
708 * the group has been allocated. Caller should hold a group reference.
710 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data,
711 void (*release)(void *iommu_data))
713 group->iommu_data = iommu_data;
714 group->iommu_data_release = release;
716 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata);
719 * iommu_group_set_name - set name for a group
723 * Allow iommu driver to set a name for a group. When set it will
724 * appear in a name attribute file under the group in sysfs.
726 int iommu_group_set_name(struct iommu_group *group, const char *name)
731 iommu_group_remove_file(group, &iommu_group_attr_name);
738 group->name = kstrdup(name, GFP_KERNEL);
742 ret = iommu_group_create_file(group, &iommu_group_attr_name);
751 EXPORT_SYMBOL_GPL(iommu_group_set_name);
753 static int iommu_create_device_direct_mappings(struct iommu_group *group,
756 struct iommu_domain *domain = group->default_domain;
757 struct iommu_resv_region *entry;
758 struct list_head mappings;
759 unsigned long pg_size;
762 if (!domain || domain->type != IOMMU_DOMAIN_DMA)
765 BUG_ON(!domain->pgsize_bitmap);
767 pg_size = 1UL << __ffs(domain->pgsize_bitmap);
768 INIT_LIST_HEAD(&mappings);
770 iommu_get_resv_regions(dev, &mappings);
772 /* We need to consider overlapping regions for different devices */
773 list_for_each_entry(entry, &mappings, list) {
774 dma_addr_t start, end, addr;
777 if (domain->ops->apply_resv_region)
778 domain->ops->apply_resv_region(dev, domain, entry);
780 start = ALIGN(entry->start, pg_size);
781 end = ALIGN(entry->start + entry->length, pg_size);
783 if (entry->type != IOMMU_RESV_DIRECT &&
784 entry->type != IOMMU_RESV_DIRECT_RELAXABLE)
787 for (addr = start; addr <= end; addr += pg_size) {
788 phys_addr_t phys_addr;
793 phys_addr = iommu_iova_to_phys(domain, addr);
801 ret = iommu_map(domain, addr - map_size,
802 addr - map_size, map_size,
812 iommu_flush_iotlb_all(domain);
815 iommu_put_resv_regions(dev, &mappings);
820 static bool iommu_is_attach_deferred(struct iommu_domain *domain,
823 if (domain->ops->is_attach_deferred)
824 return domain->ops->is_attach_deferred(domain, dev);
830 * iommu_group_add_device - add a device to an iommu group
831 * @group: the group into which to add the device (reference should be held)
834 * This function is called by an iommu driver to add a device into a
835 * group. Adding a device increments the group reference count.
837 int iommu_group_add_device(struct iommu_group *group, struct device *dev)
840 struct group_device *device;
842 device = kzalloc(sizeof(*device), GFP_KERNEL);
848 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group");
850 goto err_free_device;
852 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj));
856 goto err_remove_link;
859 ret = sysfs_create_link_nowarn(group->devices_kobj,
860 &dev->kobj, device->name);
862 if (ret == -EEXIST && i >= 0) {
864 * Account for the slim chance of collision
865 * and append an instance to the name.
868 device->name = kasprintf(GFP_KERNEL, "%s.%d",
869 kobject_name(&dev->kobj), i++);
875 kobject_get(group->devices_kobj);
877 dev->iommu_group = group;
879 mutex_lock(&group->mutex);
880 list_add_tail(&device->list, &group->devices);
881 if (group->domain && !iommu_is_attach_deferred(group->domain, dev))
882 ret = __iommu_attach_device(group->domain, dev);
883 mutex_unlock(&group->mutex);
887 /* Notify any listeners about change to group. */
888 blocking_notifier_call_chain(&group->notifier,
889 IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev);
891 trace_add_device_to_group(group->id, dev);
893 dev_info(dev, "Adding to iommu group %d\n", group->id);
898 mutex_lock(&group->mutex);
899 list_del(&device->list);
900 mutex_unlock(&group->mutex);
901 dev->iommu_group = NULL;
902 kobject_put(group->devices_kobj);
903 sysfs_remove_link(group->devices_kobj, device->name);
907 sysfs_remove_link(&dev->kobj, "iommu_group");
910 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret);
913 EXPORT_SYMBOL_GPL(iommu_group_add_device);
916 * iommu_group_remove_device - remove a device from it's current group
917 * @dev: device to be removed
919 * This function is called by an iommu driver to remove the device from
920 * it's current group. This decrements the iommu group reference count.
922 void iommu_group_remove_device(struct device *dev)
924 struct iommu_group *group = dev->iommu_group;
925 struct group_device *tmp_device, *device = NULL;
927 dev_info(dev, "Removing from iommu group %d\n", group->id);
929 /* Pre-notify listeners that a device is being removed. */
930 blocking_notifier_call_chain(&group->notifier,
931 IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);
933 mutex_lock(&group->mutex);
934 list_for_each_entry(tmp_device, &group->devices, list) {
935 if (tmp_device->dev == dev) {
937 list_del(&device->list);
941 mutex_unlock(&group->mutex);
946 sysfs_remove_link(group->devices_kobj, device->name);
947 sysfs_remove_link(&dev->kobj, "iommu_group");
949 trace_remove_device_from_group(group->id, dev);
953 dev->iommu_group = NULL;
954 kobject_put(group->devices_kobj);
956 EXPORT_SYMBOL_GPL(iommu_group_remove_device);
958 static int iommu_group_device_count(struct iommu_group *group)
960 struct group_device *entry;
963 list_for_each_entry(entry, &group->devices, list)
970 * iommu_group_for_each_dev - iterate over each device in the group
972 * @data: caller opaque data to be passed to callback function
973 * @fn: caller supplied callback function
975 * This function is called by group users to iterate over group devices.
976 * Callers should hold a reference count to the group during callback.
977 * The group->mutex is held across callbacks, which will block calls to
978 * iommu_group_add/remove_device.
980 static int __iommu_group_for_each_dev(struct iommu_group *group, void *data,
981 int (*fn)(struct device *, void *))
983 struct group_device *device;
986 list_for_each_entry(device, &group->devices, list) {
987 ret = fn(device->dev, data);
995 int iommu_group_for_each_dev(struct iommu_group *group, void *data,
996 int (*fn)(struct device *, void *))
1000 mutex_lock(&group->mutex);
1001 ret = __iommu_group_for_each_dev(group, data, fn);
1002 mutex_unlock(&group->mutex);
1006 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev);
1009 * iommu_group_get - Return the group for a device and increment reference
1010 * @dev: get the group that this device belongs to
1012 * This function is called by iommu drivers and users to get the group
1013 * for the specified device. If found, the group is returned and the group
1014 * reference in incremented, else NULL.
1016 struct iommu_group *iommu_group_get(struct device *dev)
1018 struct iommu_group *group = dev->iommu_group;
1021 kobject_get(group->devices_kobj);
1025 EXPORT_SYMBOL_GPL(iommu_group_get);
1028 * iommu_group_ref_get - Increment reference on a group
1029 * @group: the group to use, must not be NULL
1031 * This function is called by iommu drivers to take additional references on an
1032 * existing group. Returns the given group for convenience.
1034 struct iommu_group *iommu_group_ref_get(struct iommu_group *group)
1036 kobject_get(group->devices_kobj);
1039 EXPORT_SYMBOL_GPL(iommu_group_ref_get);
1042 * iommu_group_put - Decrement group reference
1043 * @group: the group to use
1045 * This function is called by iommu drivers and users to release the
1046 * iommu group. Once the reference count is zero, the group is released.
1048 void iommu_group_put(struct iommu_group *group)
1051 kobject_put(group->devices_kobj);
1053 EXPORT_SYMBOL_GPL(iommu_group_put);
1056 * iommu_group_register_notifier - Register a notifier for group changes
1057 * @group: the group to watch
1058 * @nb: notifier block to signal
1060 * This function allows iommu group users to track changes in a group.
1061 * See include/linux/iommu.h for actions sent via this notifier. Caller
1062 * should hold a reference to the group throughout notifier registration.
1064 int iommu_group_register_notifier(struct iommu_group *group,
1065 struct notifier_block *nb)
1067 return blocking_notifier_chain_register(&group->notifier, nb);
1069 EXPORT_SYMBOL_GPL(iommu_group_register_notifier);
1072 * iommu_group_unregister_notifier - Unregister a notifier
1073 * @group: the group to watch
1074 * @nb: notifier block to signal
1076 * Unregister a previously registered group notifier block.
1078 int iommu_group_unregister_notifier(struct iommu_group *group,
1079 struct notifier_block *nb)
1081 return blocking_notifier_chain_unregister(&group->notifier, nb);
1083 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier);
1086 * iommu_register_device_fault_handler() - Register a device fault handler
1088 * @handler: the fault handler
1089 * @data: private data passed as argument to the handler
1091 * When an IOMMU fault event is received, this handler gets called with the
1092 * fault event and data as argument. The handler should return 0 on success. If
1093 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also
1094 * complete the fault by calling iommu_page_response() with one of the following
1096 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation
1097 * - IOMMU_PAGE_RESP_INVALID: terminate the fault
1098 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting
1099 * page faults if possible.
1101 * Return 0 if the fault handler was installed successfully, or an error.
1103 int iommu_register_device_fault_handler(struct device *dev,
1104 iommu_dev_fault_handler_t handler,
1107 struct dev_iommu *param = dev->iommu;
1113 mutex_lock(¶m->lock);
1114 /* Only allow one fault handler registered for each device */
1115 if (param->fault_param) {
1121 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL);
1122 if (!param->fault_param) {
1127 param->fault_param->handler = handler;
1128 param->fault_param->data = data;
1129 mutex_init(¶m->fault_param->lock);
1130 INIT_LIST_HEAD(¶m->fault_param->faults);
1133 mutex_unlock(¶m->lock);
1137 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler);
1140 * iommu_unregister_device_fault_handler() - Unregister the device fault handler
1143 * Remove the device fault handler installed with
1144 * iommu_register_device_fault_handler().
1146 * Return 0 on success, or an error.
1148 int iommu_unregister_device_fault_handler(struct device *dev)
1150 struct dev_iommu *param = dev->iommu;
1156 mutex_lock(¶m->lock);
1158 if (!param->fault_param)
1161 /* we cannot unregister handler if there are pending faults */
1162 if (!list_empty(¶m->fault_param->faults)) {
1167 kfree(param->fault_param);
1168 param->fault_param = NULL;
1171 mutex_unlock(¶m->lock);
1175 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler);
1178 * iommu_report_device_fault() - Report fault event to device driver
1180 * @evt: fault event data
1182 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ
1183 * handler. When this function fails and the fault is recoverable, it is the
1184 * caller's responsibility to complete the fault.
1186 * Return 0 on success, or an error.
1188 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt)
1190 struct dev_iommu *param = dev->iommu;
1191 struct iommu_fault_event *evt_pending = NULL;
1192 struct iommu_fault_param *fparam;
1198 /* we only report device fault if there is a handler registered */
1199 mutex_lock(¶m->lock);
1200 fparam = param->fault_param;
1201 if (!fparam || !fparam->handler) {
1206 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ &&
1207 (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) {
1208 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event),
1214 mutex_lock(&fparam->lock);
1215 list_add_tail(&evt_pending->list, &fparam->faults);
1216 mutex_unlock(&fparam->lock);
1219 ret = fparam->handler(&evt->fault, fparam->data);
1220 if (ret && evt_pending) {
1221 mutex_lock(&fparam->lock);
1222 list_del(&evt_pending->list);
1223 mutex_unlock(&fparam->lock);
1227 mutex_unlock(¶m->lock);
1230 EXPORT_SYMBOL_GPL(iommu_report_device_fault);
1232 int iommu_page_response(struct device *dev,
1233 struct iommu_page_response *msg)
1237 struct iommu_fault_event *evt;
1238 struct iommu_fault_page_request *prm;
1239 struct dev_iommu *param = dev->iommu;
1240 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID;
1241 struct iommu_domain *domain = iommu_get_domain_for_dev(dev);
1243 if (!domain || !domain->ops->page_response)
1246 if (!param || !param->fault_param)
1249 if (msg->version != IOMMU_PAGE_RESP_VERSION_1 ||
1250 msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID)
1253 /* Only send response if there is a fault report pending */
1254 mutex_lock(¶m->fault_param->lock);
1255 if (list_empty(¶m->fault_param->faults)) {
1256 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n");
1260 * Check if we have a matching page request pending to respond,
1261 * otherwise return -EINVAL
1263 list_for_each_entry(evt, ¶m->fault_param->faults, list) {
1264 prm = &evt->fault.prm;
1265 if (prm->grpid != msg->grpid)
1269 * If the PASID is required, the corresponding request is
1270 * matched using the group ID, the PASID valid bit and the PASID
1271 * value. Otherwise only the group ID matches request and
1274 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID;
1275 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid))
1278 if (!needs_pasid && has_pasid) {
1279 /* No big deal, just clear it. */
1280 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID;
1284 ret = domain->ops->page_response(dev, evt, msg);
1285 list_del(&evt->list);
1291 mutex_unlock(¶m->fault_param->lock);
1294 EXPORT_SYMBOL_GPL(iommu_page_response);
1297 * iommu_group_id - Return ID for a group
1298 * @group: the group to ID
1300 * Return the unique ID for the group matching the sysfs group number.
1302 int iommu_group_id(struct iommu_group *group)
1306 EXPORT_SYMBOL_GPL(iommu_group_id);
1308 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1309 unsigned long *devfns);
1312 * To consider a PCI device isolated, we require ACS to support Source
1313 * Validation, Request Redirection, Completer Redirection, and Upstream
1314 * Forwarding. This effectively means that devices cannot spoof their
1315 * requester ID, requests and completions cannot be redirected, and all
1316 * transactions are forwarded upstream, even as it passes through a
1317 * bridge where the target device is downstream.
1319 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
1322 * For multifunction devices which are not isolated from each other, find
1323 * all the other non-isolated functions and look for existing groups. For
1324 * each function, we also need to look for aliases to or from other devices
1325 * that may already have a group.
1327 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev,
1328 unsigned long *devfns)
1330 struct pci_dev *tmp = NULL;
1331 struct iommu_group *group;
1333 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS))
1336 for_each_pci_dev(tmp) {
1337 if (tmp == pdev || tmp->bus != pdev->bus ||
1338 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
1339 pci_acs_enabled(tmp, REQ_ACS_FLAGS))
1342 group = get_pci_alias_group(tmp, devfns);
1353 * Look for aliases to or from the given device for existing groups. DMA
1354 * aliases are only supported on the same bus, therefore the search
1355 * space is quite small (especially since we're really only looking at pcie
1356 * device, and therefore only expect multiple slots on the root complex or
1357 * downstream switch ports). It's conceivable though that a pair of
1358 * multifunction devices could have aliases between them that would cause a
1359 * loop. To prevent this, we use a bitmap to track where we've been.
1361 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1362 unsigned long *devfns)
1364 struct pci_dev *tmp = NULL;
1365 struct iommu_group *group;
1367 if (test_and_set_bit(pdev->devfn & 0xff, devfns))
1370 group = iommu_group_get(&pdev->dev);
1374 for_each_pci_dev(tmp) {
1375 if (tmp == pdev || tmp->bus != pdev->bus)
1378 /* We alias them or they alias us */
1379 if (pci_devs_are_dma_aliases(pdev, tmp)) {
1380 group = get_pci_alias_group(tmp, devfns);
1386 group = get_pci_function_alias_group(tmp, devfns);
1397 struct group_for_pci_data {
1398 struct pci_dev *pdev;
1399 struct iommu_group *group;
1403 * DMA alias iterator callback, return the last seen device. Stop and return
1404 * the IOMMU group if we find one along the way.
1406 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque)
1408 struct group_for_pci_data *data = opaque;
1411 data->group = iommu_group_get(&pdev->dev);
1413 return data->group != NULL;
1417 * Generic device_group call-back function. It just allocates one
1418 * iommu-group per device.
1420 struct iommu_group *generic_device_group(struct device *dev)
1422 return iommu_group_alloc();
1424 EXPORT_SYMBOL_GPL(generic_device_group);
1427 * Use standard PCI bus topology, isolation features, and DMA alias quirks
1428 * to find or create an IOMMU group for a device.
1430 struct iommu_group *pci_device_group(struct device *dev)
1432 struct pci_dev *pdev = to_pci_dev(dev);
1433 struct group_for_pci_data data;
1434 struct pci_bus *bus;
1435 struct iommu_group *group = NULL;
1436 u64 devfns[4] = { 0 };
1438 if (WARN_ON(!dev_is_pci(dev)))
1439 return ERR_PTR(-EINVAL);
1442 * Find the upstream DMA alias for the device. A device must not
1443 * be aliased due to topology in order to have its own IOMMU group.
1444 * If we find an alias along the way that already belongs to a
1447 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data))
1453 * Continue upstream from the point of minimum IOMMU granularity
1454 * due to aliases to the point where devices are protected from
1455 * peer-to-peer DMA by PCI ACS. Again, if we find an existing
1458 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) {
1462 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS))
1467 group = iommu_group_get(&pdev->dev);
1473 * Look for existing groups on device aliases. If we alias another
1474 * device or another device aliases us, use the same group.
1476 group = get_pci_alias_group(pdev, (unsigned long *)devfns);
1481 * Look for existing groups on non-isolated functions on the same
1482 * slot and aliases of those funcions, if any. No need to clear
1483 * the search bitmap, the tested devfns are still valid.
1485 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns);
1489 /* No shared group found, allocate new */
1490 return iommu_group_alloc();
1492 EXPORT_SYMBOL_GPL(pci_device_group);
1494 /* Get the IOMMU group for device on fsl-mc bus */
1495 struct iommu_group *fsl_mc_device_group(struct device *dev)
1497 struct device *cont_dev = fsl_mc_cont_dev(dev);
1498 struct iommu_group *group;
1500 group = iommu_group_get(cont_dev);
1502 group = iommu_group_alloc();
1505 EXPORT_SYMBOL_GPL(fsl_mc_device_group);
1507 static int iommu_get_def_domain_type(struct device *dev)
1509 const struct iommu_ops *ops = dev->bus->iommu_ops;
1511 if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted)
1512 return IOMMU_DOMAIN_DMA;
1514 if (ops->def_domain_type)
1515 return ops->def_domain_type(dev);
1520 static int iommu_group_alloc_default_domain(struct bus_type *bus,
1521 struct iommu_group *group,
1524 struct iommu_domain *dom;
1526 dom = __iommu_domain_alloc(bus, type);
1527 if (!dom && type != IOMMU_DOMAIN_DMA) {
1528 dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA);
1530 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA",
1537 group->default_domain = dom;
1539 group->domain = dom;
1543 static int iommu_alloc_default_domain(struct iommu_group *group,
1548 if (group->default_domain)
1551 type = iommu_get_def_domain_type(dev) ? : iommu_def_domain_type;
1553 return iommu_group_alloc_default_domain(dev->bus, group, type);
1557 * iommu_group_get_for_dev - Find or create the IOMMU group for a device
1558 * @dev: target device
1560 * This function is intended to be called by IOMMU drivers and extended to
1561 * support common, bus-defined algorithms when determining or creating the
1562 * IOMMU group for a device. On success, the caller will hold a reference
1563 * to the returned IOMMU group, which will already include the provided
1564 * device. The reference should be released with iommu_group_put().
1566 static struct iommu_group *iommu_group_get_for_dev(struct device *dev)
1568 const struct iommu_ops *ops = dev->bus->iommu_ops;
1569 struct iommu_group *group;
1572 group = iommu_group_get(dev);
1577 return ERR_PTR(-EINVAL);
1579 group = ops->device_group(dev);
1580 if (WARN_ON_ONCE(group == NULL))
1581 return ERR_PTR(-EINVAL);
1586 ret = iommu_group_add_device(group, dev);
1593 iommu_group_put(group);
1595 return ERR_PTR(ret);
1598 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group)
1600 return group->default_domain;
1603 static int probe_iommu_group(struct device *dev, void *data)
1605 struct list_head *group_list = data;
1606 struct iommu_group *group;
1609 /* Device is probed already if in a group */
1610 group = iommu_group_get(dev);
1612 iommu_group_put(group);
1616 ret = __iommu_probe_device(dev, group_list);
1623 static int remove_iommu_group(struct device *dev, void *data)
1625 iommu_release_device(dev);
1630 static int iommu_bus_notifier(struct notifier_block *nb,
1631 unsigned long action, void *data)
1633 unsigned long group_action = 0;
1634 struct device *dev = data;
1635 struct iommu_group *group;
1638 * ADD/DEL call into iommu driver ops if provided, which may
1639 * result in ADD/DEL notifiers to group->notifier
1641 if (action == BUS_NOTIFY_ADD_DEVICE) {
1644 ret = iommu_probe_device(dev);
1645 return (ret) ? NOTIFY_DONE : NOTIFY_OK;
1646 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) {
1647 iommu_release_device(dev);
1652 * Remaining BUS_NOTIFYs get filtered and republished to the
1653 * group, if anyone is listening
1655 group = iommu_group_get(dev);
1660 case BUS_NOTIFY_BIND_DRIVER:
1661 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER;
1663 case BUS_NOTIFY_BOUND_DRIVER:
1664 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER;
1666 case BUS_NOTIFY_UNBIND_DRIVER:
1667 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER;
1669 case BUS_NOTIFY_UNBOUND_DRIVER:
1670 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER;
1675 blocking_notifier_call_chain(&group->notifier,
1678 iommu_group_put(group);
1682 struct __group_domain_type {
1687 static int probe_get_default_domain_type(struct device *dev, void *data)
1689 struct __group_domain_type *gtype = data;
1690 unsigned int type = iommu_get_def_domain_type(dev);
1693 if (gtype->type && gtype->type != type) {
1694 dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n",
1695 iommu_domain_type_str(type),
1696 dev_name(gtype->dev),
1697 iommu_domain_type_str(gtype->type));
1710 static void probe_alloc_default_domain(struct bus_type *bus,
1711 struct iommu_group *group)
1713 struct __group_domain_type gtype;
1715 memset(>ype, 0, sizeof(gtype));
1717 /* Ask for default domain requirements of all devices in the group */
1718 __iommu_group_for_each_dev(group, >ype,
1719 probe_get_default_domain_type);
1722 gtype.type = iommu_def_domain_type;
1724 iommu_group_alloc_default_domain(bus, group, gtype.type);
1728 static int iommu_group_do_dma_attach(struct device *dev, void *data)
1730 struct iommu_domain *domain = data;
1733 if (!iommu_is_attach_deferred(domain, dev))
1734 ret = __iommu_attach_device(domain, dev);
1739 static int __iommu_group_dma_attach(struct iommu_group *group)
1741 return __iommu_group_for_each_dev(group, group->default_domain,
1742 iommu_group_do_dma_attach);
1745 static int iommu_group_do_probe_finalize(struct device *dev, void *data)
1747 struct iommu_domain *domain = data;
1749 if (domain->ops->probe_finalize)
1750 domain->ops->probe_finalize(dev);
1755 static void __iommu_group_dma_finalize(struct iommu_group *group)
1757 __iommu_group_for_each_dev(group, group->default_domain,
1758 iommu_group_do_probe_finalize);
1761 static int iommu_do_create_direct_mappings(struct device *dev, void *data)
1763 struct iommu_group *group = data;
1765 iommu_create_device_direct_mappings(group, dev);
1770 static int iommu_group_create_direct_mappings(struct iommu_group *group)
1772 return __iommu_group_for_each_dev(group, group,
1773 iommu_do_create_direct_mappings);
1776 int bus_iommu_probe(struct bus_type *bus)
1778 struct iommu_group *group, *next;
1779 LIST_HEAD(group_list);
1783 * This code-path does not allocate the default domain when
1784 * creating the iommu group, so do it after the groups are
1787 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group);
1791 list_for_each_entry_safe(group, next, &group_list, entry) {
1792 /* Remove item from the list */
1793 list_del_init(&group->entry);
1795 mutex_lock(&group->mutex);
1797 /* Try to allocate default domain */
1798 probe_alloc_default_domain(bus, group);
1800 if (!group->default_domain) {
1801 mutex_unlock(&group->mutex);
1805 iommu_group_create_direct_mappings(group);
1807 ret = __iommu_group_dma_attach(group);
1809 mutex_unlock(&group->mutex);
1814 __iommu_group_dma_finalize(group);
1820 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops)
1822 struct notifier_block *nb;
1825 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
1829 nb->notifier_call = iommu_bus_notifier;
1831 err = bus_register_notifier(bus, nb);
1835 err = bus_iommu_probe(bus);
1844 bus_for_each_dev(bus, NULL, NULL, remove_iommu_group);
1845 bus_unregister_notifier(bus, nb);
1854 * bus_set_iommu - set iommu-callbacks for the bus
1856 * @ops: the callbacks provided by the iommu-driver
1858 * This function is called by an iommu driver to set the iommu methods
1859 * used for a particular bus. Drivers for devices on that bus can use
1860 * the iommu-api after these ops are registered.
1861 * This special function is needed because IOMMUs are usually devices on
1862 * the bus itself, so the iommu drivers are not initialized when the bus
1863 * is set up. With this function the iommu-driver can set the iommu-ops
1866 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops)
1871 bus->iommu_ops = NULL;
1875 if (bus->iommu_ops != NULL)
1878 bus->iommu_ops = ops;
1880 /* Do IOMMU specific setup for this bus-type */
1881 err = iommu_bus_init(bus, ops);
1883 bus->iommu_ops = NULL;
1887 EXPORT_SYMBOL_GPL(bus_set_iommu);
1889 bool iommu_present(struct bus_type *bus)
1891 return bus->iommu_ops != NULL;
1893 EXPORT_SYMBOL_GPL(iommu_present);
1895 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap)
1897 if (!bus->iommu_ops || !bus->iommu_ops->capable)
1900 return bus->iommu_ops->capable(cap);
1902 EXPORT_SYMBOL_GPL(iommu_capable);
1905 * iommu_set_fault_handler() - set a fault handler for an iommu domain
1906 * @domain: iommu domain
1907 * @handler: fault handler
1908 * @token: user data, will be passed back to the fault handler
1910 * This function should be used by IOMMU users which want to be notified
1911 * whenever an IOMMU fault happens.
1913 * The fault handler itself should return 0 on success, and an appropriate
1914 * error code otherwise.
1916 void iommu_set_fault_handler(struct iommu_domain *domain,
1917 iommu_fault_handler_t handler,
1922 domain->handler = handler;
1923 domain->handler_token = token;
1925 EXPORT_SYMBOL_GPL(iommu_set_fault_handler);
1927 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
1930 struct iommu_domain *domain;
1932 if (bus == NULL || bus->iommu_ops == NULL)
1935 domain = bus->iommu_ops->domain_alloc(type);
1939 domain->ops = bus->iommu_ops;
1940 domain->type = type;
1941 /* Assume all sizes by default; the driver may override this later */
1942 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap;
1947 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus)
1949 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED);
1951 EXPORT_SYMBOL_GPL(iommu_domain_alloc);
1953 void iommu_domain_free(struct iommu_domain *domain)
1955 domain->ops->domain_free(domain);
1957 EXPORT_SYMBOL_GPL(iommu_domain_free);
1959 static int __iommu_attach_device(struct iommu_domain *domain,
1964 if (unlikely(domain->ops->attach_dev == NULL))
1967 ret = domain->ops->attach_dev(domain, dev);
1969 trace_attach_device_to_domain(dev);
1973 int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
1975 struct iommu_group *group;
1978 group = iommu_group_get(dev);
1983 * Lock the group to make sure the device-count doesn't
1984 * change while we are attaching
1986 mutex_lock(&group->mutex);
1988 if (iommu_group_device_count(group) != 1)
1991 ret = __iommu_attach_group(domain, group);
1994 mutex_unlock(&group->mutex);
1995 iommu_group_put(group);
1999 EXPORT_SYMBOL_GPL(iommu_attach_device);
2001 int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain)
2003 const struct iommu_ops *ops = domain->ops;
2005 if (ops->is_attach_deferred && ops->is_attach_deferred(domain, dev))
2006 return __iommu_attach_device(domain, dev);
2012 * Check flags and other user provided data for valid combinations. We also
2013 * make sure no reserved fields or unused flags are set. This is to ensure
2014 * not breaking userspace in the future when these fields or flags are used.
2016 static int iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info)
2021 if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1)
2024 mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1;
2025 if (info->cache & ~mask)
2028 if (info->granularity >= IOMMU_INV_GRANU_NR)
2031 switch (info->granularity) {
2032 case IOMMU_INV_GRANU_ADDR:
2033 if (info->cache & IOMMU_CACHE_INV_TYPE_PASID)
2036 mask = IOMMU_INV_ADDR_FLAGS_PASID |
2037 IOMMU_INV_ADDR_FLAGS_ARCHID |
2038 IOMMU_INV_ADDR_FLAGS_LEAF;
2040 if (info->granu.addr_info.flags & ~mask)
2043 case IOMMU_INV_GRANU_PASID:
2044 mask = IOMMU_INV_PASID_FLAGS_PASID |
2045 IOMMU_INV_PASID_FLAGS_ARCHID;
2046 if (info->granu.pasid_info.flags & ~mask)
2050 case IOMMU_INV_GRANU_DOMAIN:
2051 if (info->cache & IOMMU_CACHE_INV_TYPE_DEV_IOTLB)
2058 /* Check reserved padding fields */
2059 for (i = 0; i < sizeof(info->padding); i++) {
2060 if (info->padding[i])
2067 int iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev,
2070 struct iommu_cache_invalidate_info inv_info = { 0 };
2074 if (unlikely(!domain->ops->cache_invalidate))
2078 * No new spaces can be added before the variable sized union, the
2079 * minimum size is the offset to the union.
2081 minsz = offsetof(struct iommu_cache_invalidate_info, granu);
2083 /* Copy minsz from user to get flags and argsz */
2084 if (copy_from_user(&inv_info, uinfo, minsz))
2087 /* Fields before the variable size union are mandatory */
2088 if (inv_info.argsz < minsz)
2091 /* PASID and address granu require additional info beyond minsz */
2092 if (inv_info.granularity == IOMMU_INV_GRANU_PASID &&
2093 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.pasid_info))
2096 if (inv_info.granularity == IOMMU_INV_GRANU_ADDR &&
2097 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.addr_info))
2101 * User might be using a newer UAPI header which has a larger data
2102 * size, we shall support the existing flags within the current
2103 * size. Copy the remaining user data _after_ minsz but not more
2104 * than the current kernel supported size.
2106 if (copy_from_user((void *)&inv_info + minsz, uinfo + minsz,
2107 min_t(u32, inv_info.argsz, sizeof(inv_info)) - minsz))
2110 /* Now the argsz is validated, check the content */
2111 ret = iommu_check_cache_invl_data(&inv_info);
2115 return domain->ops->cache_invalidate(domain, dev, &inv_info);
2117 EXPORT_SYMBOL_GPL(iommu_uapi_cache_invalidate);
2119 static int iommu_check_bind_data(struct iommu_gpasid_bind_data *data)
2124 if (data->version != IOMMU_GPASID_BIND_VERSION_1)
2127 /* Check the range of supported formats */
2128 if (data->format >= IOMMU_PASID_FORMAT_LAST)
2131 /* Check all flags */
2132 mask = IOMMU_SVA_GPASID_VAL;
2133 if (data->flags & ~mask)
2136 /* Check reserved padding fields */
2137 for (i = 0; i < sizeof(data->padding); i++) {
2138 if (data->padding[i])
2145 static int iommu_sva_prepare_bind_data(void __user *udata,
2146 struct iommu_gpasid_bind_data *data)
2151 * No new spaces can be added before the variable sized union, the
2152 * minimum size is the offset to the union.
2154 minsz = offsetof(struct iommu_gpasid_bind_data, vendor);
2156 /* Copy minsz from user to get flags and argsz */
2157 if (copy_from_user(data, udata, minsz))
2160 /* Fields before the variable size union are mandatory */
2161 if (data->argsz < minsz)
2164 * User might be using a newer UAPI header, we shall let IOMMU vendor
2165 * driver decide on what size it needs. Since the guest PASID bind data
2166 * can be vendor specific, larger argsz could be the result of extension
2167 * for one vendor but it should not affect another vendor.
2168 * Copy the remaining user data _after_ minsz
2170 if (copy_from_user((void *)data + minsz, udata + minsz,
2171 min_t(u32, data->argsz, sizeof(*data)) - minsz))
2174 return iommu_check_bind_data(data);
2177 int iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev,
2180 struct iommu_gpasid_bind_data data = { 0 };
2183 if (unlikely(!domain->ops->sva_bind_gpasid))
2186 ret = iommu_sva_prepare_bind_data(udata, &data);
2190 return domain->ops->sva_bind_gpasid(domain, dev, &data);
2192 EXPORT_SYMBOL_GPL(iommu_uapi_sva_bind_gpasid);
2194 int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev,
2197 if (unlikely(!domain->ops->sva_unbind_gpasid))
2200 return domain->ops->sva_unbind_gpasid(dev, pasid);
2202 EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid);
2204 int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev,
2207 struct iommu_gpasid_bind_data data = { 0 };
2210 if (unlikely(!domain->ops->sva_bind_gpasid))
2213 ret = iommu_sva_prepare_bind_data(udata, &data);
2217 return iommu_sva_unbind_gpasid(domain, dev, data.hpasid);
2219 EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid);
2221 static void __iommu_detach_device(struct iommu_domain *domain,
2224 if (iommu_is_attach_deferred(domain, dev))
2227 if (unlikely(domain->ops->detach_dev == NULL))
2230 domain->ops->detach_dev(domain, dev);
2231 trace_detach_device_from_domain(dev);
2234 void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
2236 struct iommu_group *group;
2238 group = iommu_group_get(dev);
2242 mutex_lock(&group->mutex);
2243 if (iommu_group_device_count(group) != 1) {
2248 __iommu_detach_group(domain, group);
2251 mutex_unlock(&group->mutex);
2252 iommu_group_put(group);
2254 EXPORT_SYMBOL_GPL(iommu_detach_device);
2256 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
2258 struct iommu_domain *domain;
2259 struct iommu_group *group;
2261 group = iommu_group_get(dev);
2265 domain = group->domain;
2267 iommu_group_put(group);
2271 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev);
2274 * For IOMMU_DOMAIN_DMA implementations which already provide their own
2275 * guarantees that the group and its default domain are valid and correct.
2277 struct iommu_domain *iommu_get_dma_domain(struct device *dev)
2279 return dev->iommu_group->default_domain;
2283 * IOMMU groups are really the natural working unit of the IOMMU, but
2284 * the IOMMU API works on domains and devices. Bridge that gap by
2285 * iterating over the devices in a group. Ideally we'd have a single
2286 * device which represents the requestor ID of the group, but we also
2287 * allow IOMMU drivers to create policy defined minimum sets, where
2288 * the physical hardware may be able to distiguish members, but we
2289 * wish to group them at a higher level (ex. untrusted multi-function
2290 * PCI devices). Thus we attach each device.
2292 static int iommu_group_do_attach_device(struct device *dev, void *data)
2294 struct iommu_domain *domain = data;
2296 return __iommu_attach_device(domain, dev);
2299 static int __iommu_attach_group(struct iommu_domain *domain,
2300 struct iommu_group *group)
2304 if (group->default_domain && group->domain != group->default_domain)
2307 ret = __iommu_group_for_each_dev(group, domain,
2308 iommu_group_do_attach_device);
2310 group->domain = domain;
2315 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
2319 mutex_lock(&group->mutex);
2320 ret = __iommu_attach_group(domain, group);
2321 mutex_unlock(&group->mutex);
2325 EXPORT_SYMBOL_GPL(iommu_attach_group);
2327 static int iommu_group_do_detach_device(struct device *dev, void *data)
2329 struct iommu_domain *domain = data;
2331 __iommu_detach_device(domain, dev);
2336 static void __iommu_detach_group(struct iommu_domain *domain,
2337 struct iommu_group *group)
2341 if (!group->default_domain) {
2342 __iommu_group_for_each_dev(group, domain,
2343 iommu_group_do_detach_device);
2344 group->domain = NULL;
2348 if (group->domain == group->default_domain)
2351 /* Detach by re-attaching to the default domain */
2352 ret = __iommu_group_for_each_dev(group, group->default_domain,
2353 iommu_group_do_attach_device);
2357 group->domain = group->default_domain;
2360 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group)
2362 mutex_lock(&group->mutex);
2363 __iommu_detach_group(domain, group);
2364 mutex_unlock(&group->mutex);
2366 EXPORT_SYMBOL_GPL(iommu_detach_group);
2368 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2370 if (unlikely(domain->ops->iova_to_phys == NULL))
2373 return domain->ops->iova_to_phys(domain, iova);
2375 EXPORT_SYMBOL_GPL(iommu_iova_to_phys);
2377 static size_t iommu_pgsize(struct iommu_domain *domain,
2378 unsigned long addr_merge, size_t size)
2380 unsigned int pgsize_idx;
2383 /* Max page size that still fits into 'size' */
2384 pgsize_idx = __fls(size);
2386 /* need to consider alignment requirements ? */
2387 if (likely(addr_merge)) {
2388 /* Max page size allowed by address */
2389 unsigned int align_pgsize_idx = __ffs(addr_merge);
2390 pgsize_idx = min(pgsize_idx, align_pgsize_idx);
2393 /* build a mask of acceptable page sizes */
2394 pgsize = (1UL << (pgsize_idx + 1)) - 1;
2396 /* throw away page sizes not supported by the hardware */
2397 pgsize &= domain->pgsize_bitmap;
2399 /* make sure we're still sane */
2402 /* pick the biggest page */
2403 pgsize_idx = __fls(pgsize);
2404 pgsize = 1UL << pgsize_idx;
2409 static int __iommu_map(struct iommu_domain *domain, unsigned long iova,
2410 phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2412 const struct iommu_ops *ops = domain->ops;
2413 unsigned long orig_iova = iova;
2414 unsigned int min_pagesz;
2415 size_t orig_size = size;
2416 phys_addr_t orig_paddr = paddr;
2419 if (unlikely(ops->map == NULL ||
2420 domain->pgsize_bitmap == 0UL))
2423 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2426 /* find out the minimum page size supported */
2427 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2430 * both the virtual address and the physical one, as well as
2431 * the size of the mapping, must be aligned (at least) to the
2432 * size of the smallest page supported by the hardware
2434 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) {
2435 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n",
2436 iova, &paddr, size, min_pagesz);
2440 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size);
2443 size_t pgsize = iommu_pgsize(domain, iova | paddr, size);
2445 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx\n",
2446 iova, &paddr, pgsize);
2447 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp);
2457 /* unroll mapping in case something went wrong */
2459 iommu_unmap(domain, orig_iova, orig_size - size);
2461 trace_map(orig_iova, orig_paddr, orig_size);
2466 static int _iommu_map(struct iommu_domain *domain, unsigned long iova,
2467 phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2469 const struct iommu_ops *ops = domain->ops;
2472 ret = __iommu_map(domain, iova, paddr, size, prot, gfp);
2473 if (ret == 0 && ops->iotlb_sync_map)
2474 ops->iotlb_sync_map(domain, iova, size);
2479 int iommu_map(struct iommu_domain *domain, unsigned long iova,
2480 phys_addr_t paddr, size_t size, int prot)
2483 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL);
2485 EXPORT_SYMBOL_GPL(iommu_map);
2487 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova,
2488 phys_addr_t paddr, size_t size, int prot)
2490 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC);
2492 EXPORT_SYMBOL_GPL(iommu_map_atomic);
2494 static size_t __iommu_unmap(struct iommu_domain *domain,
2495 unsigned long iova, size_t size,
2496 struct iommu_iotlb_gather *iotlb_gather)
2498 const struct iommu_ops *ops = domain->ops;
2499 size_t unmapped_page, unmapped = 0;
2500 unsigned long orig_iova = iova;
2501 unsigned int min_pagesz;
2503 if (unlikely(ops->unmap == NULL ||
2504 domain->pgsize_bitmap == 0UL))
2507 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2510 /* find out the minimum page size supported */
2511 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2514 * The virtual address, as well as the size of the mapping, must be
2515 * aligned (at least) to the size of the smallest page supported
2518 if (!IS_ALIGNED(iova | size, min_pagesz)) {
2519 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n",
2520 iova, size, min_pagesz);
2524 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size);
2527 * Keep iterating until we either unmap 'size' bytes (or more)
2528 * or we hit an area that isn't mapped.
2530 while (unmapped < size) {
2531 size_t pgsize = iommu_pgsize(domain, iova, size - unmapped);
2533 unmapped_page = ops->unmap(domain, iova, pgsize, iotlb_gather);
2537 pr_debug("unmapped: iova 0x%lx size 0x%zx\n",
2538 iova, unmapped_page);
2540 iova += unmapped_page;
2541 unmapped += unmapped_page;
2544 trace_unmap(orig_iova, size, unmapped);
2548 size_t iommu_unmap(struct iommu_domain *domain,
2549 unsigned long iova, size_t size)
2551 struct iommu_iotlb_gather iotlb_gather;
2554 iommu_iotlb_gather_init(&iotlb_gather);
2555 ret = __iommu_unmap(domain, iova, size, &iotlb_gather);
2556 iommu_iotlb_sync(domain, &iotlb_gather);
2560 EXPORT_SYMBOL_GPL(iommu_unmap);
2562 size_t iommu_unmap_fast(struct iommu_domain *domain,
2563 unsigned long iova, size_t size,
2564 struct iommu_iotlb_gather *iotlb_gather)
2566 return __iommu_unmap(domain, iova, size, iotlb_gather);
2568 EXPORT_SYMBOL_GPL(iommu_unmap_fast);
2570 static size_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2571 struct scatterlist *sg, unsigned int nents, int prot,
2574 const struct iommu_ops *ops = domain->ops;
2575 size_t len = 0, mapped = 0;
2580 while (i <= nents) {
2581 phys_addr_t s_phys = sg_phys(sg);
2583 if (len && s_phys != start + len) {
2584 ret = __iommu_map(domain, iova + mapped, start,
2605 if (ops->iotlb_sync_map)
2606 ops->iotlb_sync_map(domain, iova, mapped);
2610 /* undo mappings already done */
2611 iommu_unmap(domain, iova, mapped);
2617 size_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2618 struct scatterlist *sg, unsigned int nents, int prot)
2621 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL);
2623 EXPORT_SYMBOL_GPL(iommu_map_sg);
2625 size_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova,
2626 struct scatterlist *sg, unsigned int nents, int prot)
2628 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC);
2632 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework
2633 * @domain: the iommu domain where the fault has happened
2634 * @dev: the device where the fault has happened
2635 * @iova: the faulting address
2636 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...)
2638 * This function should be called by the low-level IOMMU implementations
2639 * whenever IOMMU faults happen, to allow high-level users, that are
2640 * interested in such events, to know about them.
2642 * This event may be useful for several possible use cases:
2643 * - mere logging of the event
2644 * - dynamic TLB/PTE loading
2645 * - if restarting of the faulting device is required
2647 * Returns 0 on success and an appropriate error code otherwise (if dynamic
2648 * PTE/TLB loading will one day be supported, implementations will be able
2649 * to tell whether it succeeded or not according to this return value).
2651 * Specifically, -ENOSYS is returned if a fault handler isn't installed
2652 * (though fault handlers can also return -ENOSYS, in case they want to
2653 * elicit the default behavior of the IOMMU drivers).
2655 int report_iommu_fault(struct iommu_domain *domain, struct device *dev,
2656 unsigned long iova, int flags)
2661 * if upper layers showed interest and installed a fault handler,
2664 if (domain->handler)
2665 ret = domain->handler(domain, dev, iova, flags,
2666 domain->handler_token);
2668 trace_io_page_fault(dev, iova, flags);
2671 EXPORT_SYMBOL_GPL(report_iommu_fault);
2673 static int __init iommu_init(void)
2675 iommu_group_kset = kset_create_and_add("iommu_groups",
2677 BUG_ON(!iommu_group_kset);
2679 iommu_debugfs_setup();
2683 core_initcall(iommu_init);
2685 int iommu_enable_nesting(struct iommu_domain *domain)
2687 if (domain->type != IOMMU_DOMAIN_UNMANAGED)
2689 if (!domain->ops->enable_nesting)
2691 return domain->ops->enable_nesting(domain);
2693 EXPORT_SYMBOL_GPL(iommu_enable_nesting);
2695 int iommu_set_pgtable_quirks(struct iommu_domain *domain,
2696 unsigned long quirk)
2698 if (domain->type != IOMMU_DOMAIN_UNMANAGED)
2700 if (!domain->ops->set_pgtable_quirks)
2702 return domain->ops->set_pgtable_quirks(domain, quirk);
2704 EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks);
2706 void iommu_get_resv_regions(struct device *dev, struct list_head *list)
2708 const struct iommu_ops *ops = dev->bus->iommu_ops;
2710 if (ops && ops->get_resv_regions)
2711 ops->get_resv_regions(dev, list);
2714 void iommu_put_resv_regions(struct device *dev, struct list_head *list)
2716 const struct iommu_ops *ops = dev->bus->iommu_ops;
2718 if (ops && ops->put_resv_regions)
2719 ops->put_resv_regions(dev, list);
2723 * generic_iommu_put_resv_regions - Reserved region driver helper
2724 * @dev: device for which to free reserved regions
2725 * @list: reserved region list for device
2727 * IOMMU drivers can use this to implement their .put_resv_regions() callback
2728 * for simple reservations. Memory allocated for each reserved region will be
2729 * freed. If an IOMMU driver allocates additional resources per region, it is
2730 * going to have to implement a custom callback.
2732 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list)
2734 struct iommu_resv_region *entry, *next;
2736 list_for_each_entry_safe(entry, next, list, list)
2739 EXPORT_SYMBOL(generic_iommu_put_resv_regions);
2741 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start,
2742 size_t length, int prot,
2743 enum iommu_resv_type type)
2745 struct iommu_resv_region *region;
2747 region = kzalloc(sizeof(*region), GFP_KERNEL);
2751 INIT_LIST_HEAD(®ion->list);
2752 region->start = start;
2753 region->length = length;
2754 region->prot = prot;
2755 region->type = type;
2758 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region);
2760 void iommu_set_default_passthrough(bool cmd_line)
2763 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
2764 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY;
2767 void iommu_set_default_translated(bool cmd_line)
2770 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
2771 iommu_def_domain_type = IOMMU_DOMAIN_DMA;
2774 bool iommu_default_passthrough(void)
2776 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY;
2778 EXPORT_SYMBOL_GPL(iommu_default_passthrough);
2780 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode)
2782 const struct iommu_ops *ops = NULL;
2783 struct iommu_device *iommu;
2785 spin_lock(&iommu_device_lock);
2786 list_for_each_entry(iommu, &iommu_device_list, list)
2787 if (iommu->fwnode == fwnode) {
2791 spin_unlock(&iommu_device_lock);
2795 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode,
2796 const struct iommu_ops *ops)
2798 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2801 return ops == fwspec->ops ? 0 : -EINVAL;
2803 if (!dev_iommu_get(dev))
2806 /* Preallocate for the overwhelmingly common case of 1 ID */
2807 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL);
2811 of_node_get(to_of_node(iommu_fwnode));
2812 fwspec->iommu_fwnode = iommu_fwnode;
2814 dev_iommu_fwspec_set(dev, fwspec);
2817 EXPORT_SYMBOL_GPL(iommu_fwspec_init);
2819 void iommu_fwspec_free(struct device *dev)
2821 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2824 fwnode_handle_put(fwspec->iommu_fwnode);
2826 dev_iommu_fwspec_set(dev, NULL);
2829 EXPORT_SYMBOL_GPL(iommu_fwspec_free);
2831 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids)
2833 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2839 new_num = fwspec->num_ids + num_ids;
2841 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num),
2846 dev_iommu_fwspec_set(dev, fwspec);
2849 for (i = 0; i < num_ids; i++)
2850 fwspec->ids[fwspec->num_ids + i] = ids[i];
2852 fwspec->num_ids = new_num;
2855 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids);
2858 * Per device IOMMU features.
2860 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat)
2862 if (dev->iommu && dev->iommu->iommu_dev) {
2863 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
2865 if (ops->dev_enable_feat)
2866 return ops->dev_enable_feat(dev, feat);
2871 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature);
2874 * The device drivers should do the necessary cleanups before calling this.
2875 * For example, before disabling the aux-domain feature, the device driver
2876 * should detach all aux-domains. Otherwise, this will return -EBUSY.
2878 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat)
2880 if (dev->iommu && dev->iommu->iommu_dev) {
2881 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
2883 if (ops->dev_disable_feat)
2884 return ops->dev_disable_feat(dev, feat);
2889 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature);
2891 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat)
2893 if (dev->iommu && dev->iommu->iommu_dev) {
2894 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
2896 if (ops->dev_feat_enabled)
2897 return ops->dev_feat_enabled(dev, feat);
2902 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled);
2905 * Aux-domain specific attach/detach.
2907 * Only works if iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX) returns
2908 * true. Also, as long as domains are attached to a device through this
2909 * interface, any tries to call iommu_attach_device() should fail
2910 * (iommu_detach_device() can't fail, so we fail when trying to re-attach).
2911 * This should make us safe against a device being attached to a guest as a
2912 * whole while there are still pasid users on it (aux and sva).
2914 int iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev)
2918 if (domain->ops->aux_attach_dev)
2919 ret = domain->ops->aux_attach_dev(domain, dev);
2922 trace_attach_device_to_domain(dev);
2926 EXPORT_SYMBOL_GPL(iommu_aux_attach_device);
2928 void iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev)
2930 if (domain->ops->aux_detach_dev) {
2931 domain->ops->aux_detach_dev(domain, dev);
2932 trace_detach_device_from_domain(dev);
2935 EXPORT_SYMBOL_GPL(iommu_aux_detach_device);
2937 int iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev)
2941 if (domain->ops->aux_get_pasid)
2942 ret = domain->ops->aux_get_pasid(domain, dev);
2946 EXPORT_SYMBOL_GPL(iommu_aux_get_pasid);
2949 * iommu_sva_bind_device() - Bind a process address space to a device
2951 * @mm: the mm to bind, caller must hold a reference to it
2953 * Create a bond between device and address space, allowing the device to access
2954 * the mm using the returned PASID. If a bond already exists between @device and
2955 * @mm, it is returned and an additional reference is taken. Caller must call
2956 * iommu_sva_unbind_device() to release each reference.
2958 * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to
2959 * initialize the required SVA features.
2961 * On error, returns an ERR_PTR value.
2964 iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata)
2966 struct iommu_group *group;
2967 struct iommu_sva *handle = ERR_PTR(-EINVAL);
2968 const struct iommu_ops *ops = dev->bus->iommu_ops;
2970 if (!ops || !ops->sva_bind)
2971 return ERR_PTR(-ENODEV);
2973 group = iommu_group_get(dev);
2975 return ERR_PTR(-ENODEV);
2977 /* Ensure device count and domain don't change while we're binding */
2978 mutex_lock(&group->mutex);
2981 * To keep things simple, SVA currently doesn't support IOMMU groups
2982 * with more than one device. Existing SVA-capable systems are not
2983 * affected by the problems that required IOMMU groups (lack of ACS
2984 * isolation, device ID aliasing and other hardware issues).
2986 if (iommu_group_device_count(group) != 1)
2989 handle = ops->sva_bind(dev, mm, drvdata);
2992 mutex_unlock(&group->mutex);
2993 iommu_group_put(group);
2997 EXPORT_SYMBOL_GPL(iommu_sva_bind_device);
3000 * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device
3001 * @handle: the handle returned by iommu_sva_bind_device()
3003 * Put reference to a bond between device and address space. The device should
3004 * not be issuing any more transaction for this PASID. All outstanding page
3005 * requests for this PASID must have been flushed to the IOMMU.
3007 void iommu_sva_unbind_device(struct iommu_sva *handle)
3009 struct iommu_group *group;
3010 struct device *dev = handle->dev;
3011 const struct iommu_ops *ops = dev->bus->iommu_ops;
3013 if (!ops || !ops->sva_unbind)
3016 group = iommu_group_get(dev);
3020 mutex_lock(&group->mutex);
3021 ops->sva_unbind(handle);
3022 mutex_unlock(&group->mutex);
3024 iommu_group_put(group);
3026 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device);
3028 u32 iommu_sva_get_pasid(struct iommu_sva *handle)
3030 const struct iommu_ops *ops = handle->dev->bus->iommu_ops;
3032 if (!ops || !ops->sva_get_pasid)
3033 return IOMMU_PASID_INVALID;
3035 return ops->sva_get_pasid(handle);
3037 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
3040 * Changes the default domain of an iommu group that has *only* one device
3042 * @group: The group for which the default domain should be changed
3043 * @prev_dev: The device in the group (this is used to make sure that the device
3044 * hasn't changed after the caller has called this function)
3045 * @type: The type of the new default domain that gets associated with the group
3047 * Returns 0 on success and error code on failure
3050 * 1. Presently, this function is called only when user requests to change the
3051 * group's default domain type through /sys/kernel/iommu_groups/<grp_id>/type
3052 * Please take a closer look if intended to use for other purposes.
3054 static int iommu_change_dev_def_domain(struct iommu_group *group,
3055 struct device *prev_dev, int type)
3057 struct iommu_domain *prev_dom;
3058 struct group_device *grp_dev;
3059 int ret, dev_def_dom;
3065 mutex_lock(&group->mutex);
3067 if (group->default_domain != group->domain) {
3068 dev_err_ratelimited(prev_dev, "Group not assigned to default domain\n");
3074 * iommu group wasn't locked while acquiring device lock in
3075 * iommu_group_store_type(). So, make sure that the device count hasn't
3076 * changed while acquiring device lock.
3078 * Changing default domain of an iommu group with two or more devices
3079 * isn't supported because there could be a potential deadlock. Consider
3080 * the following scenario. T1 is trying to acquire device locks of all
3081 * the devices in the group and before it could acquire all of them,
3082 * there could be another thread T2 (from different sub-system and use
3083 * case) that has already acquired some of the device locks and might be
3084 * waiting for T1 to release other device locks.
3086 if (iommu_group_device_count(group) != 1) {
3087 dev_err_ratelimited(prev_dev, "Cannot change default domain: Group has more than one device\n");
3092 /* Since group has only one device */
3093 grp_dev = list_first_entry(&group->devices, struct group_device, list);
3096 if (prev_dev != dev) {
3097 dev_err_ratelimited(prev_dev, "Cannot change default domain: Device has been changed\n");
3102 prev_dom = group->default_domain;
3108 dev_def_dom = iommu_get_def_domain_type(dev);
3111 * If the user hasn't requested any specific type of domain and
3112 * if the device supports both the domains, then default to the
3113 * domain the device was booted with
3115 type = dev_def_dom ? : iommu_def_domain_type;
3116 } else if (dev_def_dom && type != dev_def_dom) {
3117 dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n",
3118 iommu_domain_type_str(type));
3124 * Switch to a new domain only if the requested domain type is different
3125 * from the existing default domain type
3127 if (prev_dom->type == type) {
3132 /* Sets group->default_domain to the newly allocated domain */
3133 ret = iommu_group_alloc_default_domain(dev->bus, group, type);
3137 ret = iommu_create_device_direct_mappings(group, dev);
3139 goto free_new_domain;
3141 ret = __iommu_attach_device(group->default_domain, dev);
3143 goto free_new_domain;
3145 group->domain = group->default_domain;
3148 * Release the mutex here because ops->probe_finalize() call-back of
3149 * some vendor IOMMU drivers calls arm_iommu_attach_device() which
3150 * in-turn might call back into IOMMU core code, where it tries to take
3151 * group->mutex, resulting in a deadlock.
3153 mutex_unlock(&group->mutex);
3155 /* Make sure dma_ops is appropriatley set */
3156 iommu_group_do_probe_finalize(dev, group->default_domain);
3157 iommu_domain_free(prev_dom);
3161 iommu_domain_free(group->default_domain);
3162 group->default_domain = prev_dom;
3163 group->domain = prev_dom;
3166 mutex_unlock(&group->mutex);
3172 * Changing the default domain through sysfs requires the users to ubind the
3173 * drivers from the devices in the iommu group. Return failure if this doesn't
3176 * We need to consider the race between this and the device release path.
3177 * device_lock(dev) is used here to guarantee that the device release path
3178 * will not be entered at the same time.
3180 static ssize_t iommu_group_store_type(struct iommu_group *group,
3181 const char *buf, size_t count)
3183 struct group_device *grp_dev;
3187 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
3190 if (WARN_ON(!group))
3193 if (sysfs_streq(buf, "identity"))
3194 req_type = IOMMU_DOMAIN_IDENTITY;
3195 else if (sysfs_streq(buf, "DMA"))
3196 req_type = IOMMU_DOMAIN_DMA;
3197 else if (sysfs_streq(buf, "auto"))
3203 * Lock/Unlock the group mutex here before device lock to
3204 * 1. Make sure that the iommu group has only one device (this is a
3205 * prerequisite for step 2)
3206 * 2. Get struct *dev which is needed to lock device
3208 mutex_lock(&group->mutex);
3209 if (iommu_group_device_count(group) != 1) {
3210 mutex_unlock(&group->mutex);
3211 pr_err_ratelimited("Cannot change default domain: Group has more than one device\n");
3215 /* Since group has only one device */
3216 grp_dev = list_first_entry(&group->devices, struct group_device, list);
3221 * Don't hold the group mutex because taking group mutex first and then
3222 * the device lock could potentially cause a deadlock as below. Assume
3223 * two threads T1 and T2. T1 is trying to change default domain of an
3224 * iommu group and T2 is trying to hot unplug a device or release [1] VF
3225 * of a PCIe device which is in the same iommu group. T1 takes group
3226 * mutex and before it could take device lock assume T2 has taken device
3227 * lock and is yet to take group mutex. Now, both the threads will be
3228 * waiting for the other thread to release lock. Below, lock order was
3231 * mutex_lock(&group->mutex);
3232 * iommu_change_dev_def_domain();
3233 * mutex_unlock(&group->mutex);
3234 * device_unlock(dev);
3236 * [1] Typical device release path
3237 * device_lock() from device/driver core code
3239 * -> iommu_bus_notifier()
3240 * -> iommu_release_device()
3241 * -> ops->release_device() vendor driver calls back iommu core code
3242 * -> mutex_lock() from iommu core code
3244 mutex_unlock(&group->mutex);
3246 /* Check if the device in the group still has a driver bound to it */
3248 if (device_is_bound(dev)) {
3249 pr_err_ratelimited("Device is still bound to driver\n");
3254 ret = iommu_change_dev_def_domain(group, dev, req_type);
projects / linux-2.6-microblaze.git / blob