2 * Copyright © 2006-2014 Intel Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * Authors: David Woodhouse <dwmw2@infradead.org>,
14 * Ashok Raj <ashok.raj@intel.com>,
15 * Shaohua Li <shaohua.li@intel.com>,
16 * Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
17 * Fenghua Yu <fenghua.yu@intel.com>
18 * Joerg Roedel <jroedel@suse.de>
21 #define pr_fmt(fmt) "DMAR: " fmt
23 #include <linux/init.h>
24 #include <linux/bitmap.h>
25 #include <linux/debugfs.h>
26 #include <linux/export.h>
27 #include <linux/slab.h>
28 #include <linux/irq.h>
29 #include <linux/interrupt.h>
30 #include <linux/spinlock.h>
31 #include <linux/pci.h>
32 #include <linux/dmar.h>
33 #include <linux/dma-mapping.h>
34 #include <linux/mempool.h>
35 #include <linux/memory.h>
36 #include <linux/timer.h>
37 #include <linux/iova.h>
38 #include <linux/iommu.h>
39 #include <linux/intel-iommu.h>
40 #include <linux/syscore_ops.h>
41 #include <linux/tboot.h>
42 #include <linux/dmi.h>
43 #include <linux/pci-ats.h>
44 #include <linux/memblock.h>
45 #include <linux/dma-contiguous.h>
46 #include <linux/crash_dump.h>
47 #include <asm/irq_remapping.h>
48 #include <asm/cacheflush.h>
49 #include <asm/iommu.h>
51 #include "irq_remapping.h"
53 #define ROOT_SIZE VTD_PAGE_SIZE
54 #define CONTEXT_SIZE VTD_PAGE_SIZE
56 #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY)
57 #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB)
58 #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA)
59 #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e)
61 #define IOAPIC_RANGE_START (0xfee00000)
62 #define IOAPIC_RANGE_END (0xfeefffff)
63 #define IOVA_START_ADDR (0x1000)
65 #define DEFAULT_DOMAIN_ADDRESS_WIDTH 48
67 #define MAX_AGAW_WIDTH 64
68 #define MAX_AGAW_PFN_WIDTH (MAX_AGAW_WIDTH - VTD_PAGE_SHIFT)
70 #define __DOMAIN_MAX_PFN(gaw) ((((uint64_t)1) << (gaw-VTD_PAGE_SHIFT)) - 1)
71 #define __DOMAIN_MAX_ADDR(gaw) ((((uint64_t)1) << gaw) - 1)
73 /* We limit DOMAIN_MAX_PFN to fit in an unsigned long, and DOMAIN_MAX_ADDR
74 to match. That way, we can use 'unsigned long' for PFNs with impunity. */
75 #define DOMAIN_MAX_PFN(gaw) ((unsigned long) min_t(uint64_t, \
76 __DOMAIN_MAX_PFN(gaw), (unsigned long)-1))
77 #define DOMAIN_MAX_ADDR(gaw) (((uint64_t)__DOMAIN_MAX_PFN(gaw)) << VTD_PAGE_SHIFT)
79 /* IO virtual address start page frame number */
80 #define IOVA_START_PFN (1)
82 #define IOVA_PFN(addr) ((addr) >> PAGE_SHIFT)
83 #define DMA_32BIT_PFN IOVA_PFN(DMA_BIT_MASK(32))
84 #define DMA_64BIT_PFN IOVA_PFN(DMA_BIT_MASK(64))
86 /* page table handling */
87 #define LEVEL_STRIDE (9)
88 #define LEVEL_MASK (((u64)1 << LEVEL_STRIDE) - 1)
91 * This bitmap is used to advertise the page sizes our hardware support
92 * to the IOMMU core, which will then use this information to split
93 * physically contiguous memory regions it is mapping into page sizes
96 * Traditionally the IOMMU core just handed us the mappings directly,
97 * after making sure the size is an order of a 4KiB page and that the
98 * mapping has natural alignment.
100 * To retain this behavior, we currently advertise that we support
101 * all page sizes that are an order of 4KiB.
103 * If at some point we'd like to utilize the IOMMU core's new behavior,
104 * we could change this to advertise the real page sizes we support.
106 #define INTEL_IOMMU_PGSIZES (~0xFFFUL)
108 static inline int agaw_to_level(int agaw)
113 static inline int agaw_to_width(int agaw)
115 return min_t(int, 30 + agaw * LEVEL_STRIDE, MAX_AGAW_WIDTH);
118 static inline int width_to_agaw(int width)
120 return DIV_ROUND_UP(width - 30, LEVEL_STRIDE);
123 static inline unsigned int level_to_offset_bits(int level)
125 return (level - 1) * LEVEL_STRIDE;
128 static inline int pfn_level_offset(unsigned long pfn, int level)
130 return (pfn >> level_to_offset_bits(level)) & LEVEL_MASK;
133 static inline unsigned long level_mask(int level)
135 return -1UL << level_to_offset_bits(level);
138 static inline unsigned long level_size(int level)
140 return 1UL << level_to_offset_bits(level);
143 static inline unsigned long align_to_level(unsigned long pfn, int level)
145 return (pfn + level_size(level) - 1) & level_mask(level);
148 static inline unsigned long lvl_to_nr_pages(unsigned int lvl)
150 return 1 << min_t(int, (lvl - 1) * LEVEL_STRIDE, MAX_AGAW_PFN_WIDTH);
153 /* VT-d pages must always be _smaller_ than MM pages. Otherwise things
154 are never going to work. */
155 static inline unsigned long dma_to_mm_pfn(unsigned long dma_pfn)
157 return dma_pfn >> (PAGE_SHIFT - VTD_PAGE_SHIFT);
160 static inline unsigned long mm_to_dma_pfn(unsigned long mm_pfn)
162 return mm_pfn << (PAGE_SHIFT - VTD_PAGE_SHIFT);
164 static inline unsigned long page_to_dma_pfn(struct page *pg)
166 return mm_to_dma_pfn(page_to_pfn(pg));
168 static inline unsigned long virt_to_dma_pfn(void *p)
170 return page_to_dma_pfn(virt_to_page(p));
173 /* global iommu list, set NULL for ignored DMAR units */
174 static struct intel_iommu **g_iommus;
176 static void __init check_tylersburg_isoch(void);
177 static int rwbf_quirk;
180 * set to 1 to panic kernel if can't successfully enable VT-d
181 * (used when kernel is launched w/ TXT)
183 static int force_on = 0;
188 * 12-63: Context Ptr (12 - (haw-1))
195 #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
198 * Take a root_entry and return the Lower Context Table Pointer (LCTP)
201 static phys_addr_t root_entry_lctp(struct root_entry *re)
206 return re->lo & VTD_PAGE_MASK;
210 * Take a root_entry and return the Upper Context Table Pointer (UCTP)
213 static phys_addr_t root_entry_uctp(struct root_entry *re)
218 return re->hi & VTD_PAGE_MASK;
223 * 1: fault processing disable
224 * 2-3: translation type
225 * 12-63: address space root
231 struct context_entry {
236 static inline void context_clear_pasid_enable(struct context_entry *context)
238 context->lo &= ~(1ULL << 11);
241 static inline bool context_pasid_enabled(struct context_entry *context)
243 return !!(context->lo & (1ULL << 11));
246 static inline void context_set_copied(struct context_entry *context)
248 context->hi |= (1ull << 3);
251 static inline bool context_copied(struct context_entry *context)
253 return !!(context->hi & (1ULL << 3));
256 static inline bool __context_present(struct context_entry *context)
258 return (context->lo & 1);
261 static inline bool context_present(struct context_entry *context)
263 return context_pasid_enabled(context) ?
264 __context_present(context) :
265 __context_present(context) && !context_copied(context);
268 static inline void context_set_present(struct context_entry *context)
273 static inline void context_set_fault_enable(struct context_entry *context)
275 context->lo &= (((u64)-1) << 2) | 1;
278 static inline void context_set_translation_type(struct context_entry *context,
281 context->lo &= (((u64)-1) << 4) | 3;
282 context->lo |= (value & 3) << 2;
285 static inline void context_set_address_root(struct context_entry *context,
288 context->lo &= ~VTD_PAGE_MASK;
289 context->lo |= value & VTD_PAGE_MASK;
292 static inline void context_set_address_width(struct context_entry *context,
295 context->hi |= value & 7;
298 static inline void context_set_domain_id(struct context_entry *context,
301 context->hi |= (value & ((1 << 16) - 1)) << 8;
304 static inline int context_domain_id(struct context_entry *c)
306 return((c->hi >> 8) & 0xffff);
309 static inline void context_clear_entry(struct context_entry *context)
322 * 12-63: Host physcial address
328 static inline void dma_clear_pte(struct dma_pte *pte)
333 static inline u64 dma_pte_addr(struct dma_pte *pte)
336 return pte->val & VTD_PAGE_MASK;
338 /* Must have a full atomic 64-bit read */
339 return __cmpxchg64(&pte->val, 0ULL, 0ULL) & VTD_PAGE_MASK;
343 static inline bool dma_pte_present(struct dma_pte *pte)
345 return (pte->val & 3) != 0;
348 static inline bool dma_pte_superpage(struct dma_pte *pte)
350 return (pte->val & DMA_PTE_LARGE_PAGE);
353 static inline int first_pte_in_page(struct dma_pte *pte)
355 return !((unsigned long)pte & ~VTD_PAGE_MASK);
359 * This domain is a statically identity mapping domain.
360 * 1. This domain creats a static 1:1 mapping to all usable memory.
361 * 2. It maps to each iommu if successful.
362 * 3. Each iommu mapps to this domain if successful.
364 static struct dmar_domain *si_domain;
365 static int hw_pass_through = 1;
367 /* domain represents a virtual machine, more than one devices
368 * across iommus may be owned in one domain, e.g. kvm guest.
370 #define DOMAIN_FLAG_VIRTUAL_MACHINE (1 << 0)
372 /* si_domain contains mulitple devices */
373 #define DOMAIN_FLAG_STATIC_IDENTITY (1 << 1)
376 int id; /* domain id */
377 int nid; /* node id */
378 DECLARE_BITMAP(iommu_bmp, DMAR_UNITS_SUPPORTED);
379 /* bitmap of iommus this domain uses*/
381 struct list_head devices; /* all devices' list */
382 struct iova_domain iovad; /* iova's that belong to this domain */
384 struct dma_pte *pgd; /* virtual address */
385 int gaw; /* max guest address width */
387 /* adjusted guest address width, 0 is level 2 30-bit */
390 int flags; /* flags to find out type of domain */
392 int iommu_coherency;/* indicate coherency of iommu access */
393 int iommu_snooping; /* indicate snooping control feature*/
394 int iommu_count; /* reference count of iommu */
395 int iommu_superpage;/* Level of superpages supported:
396 0 == 4KiB (no superpages), 1 == 2MiB,
397 2 == 1GiB, 3 == 512GiB, 4 == 1TiB */
398 spinlock_t iommu_lock; /* protect iommu set in domain */
399 u64 max_addr; /* maximum mapped address */
401 struct iommu_domain domain; /* generic domain data structure for
405 /* PCI domain-device relationship */
406 struct device_domain_info {
407 struct list_head link; /* link to domain siblings */
408 struct list_head global; /* link to global list */
409 u8 bus; /* PCI bus number */
410 u8 devfn; /* PCI devfn number */
414 } ats; /* ATS state */
415 struct device *dev; /* it's NULL for PCIe-to-PCI bridge */
416 struct intel_iommu *iommu; /* IOMMU used by this device */
417 struct dmar_domain *domain; /* pointer to domain */
420 struct dmar_rmrr_unit {
421 struct list_head list; /* list of rmrr units */
422 struct acpi_dmar_header *hdr; /* ACPI header */
423 u64 base_address; /* reserved base address*/
424 u64 end_address; /* reserved end address */
425 struct dmar_dev_scope *devices; /* target devices */
426 int devices_cnt; /* target device count */
429 struct dmar_atsr_unit {
430 struct list_head list; /* list of ATSR units */
431 struct acpi_dmar_header *hdr; /* ACPI header */
432 struct dmar_dev_scope *devices; /* target devices */
433 int devices_cnt; /* target device count */
434 u8 include_all:1; /* include all ports */
437 static LIST_HEAD(dmar_atsr_units);
438 static LIST_HEAD(dmar_rmrr_units);
440 #define for_each_rmrr_units(rmrr) \
441 list_for_each_entry(rmrr, &dmar_rmrr_units, list)
443 static void flush_unmaps_timeout(unsigned long data);
445 static DEFINE_TIMER(unmap_timer, flush_unmaps_timeout, 0, 0);
447 #define HIGH_WATER_MARK 250
448 struct deferred_flush_tables {
450 struct iova *iova[HIGH_WATER_MARK];
451 struct dmar_domain *domain[HIGH_WATER_MARK];
452 struct page *freelist[HIGH_WATER_MARK];
455 static struct deferred_flush_tables *deferred_flush;
457 /* bitmap for indexing intel_iommus */
458 static int g_num_of_iommus;
460 static DEFINE_SPINLOCK(async_umap_flush_lock);
461 static LIST_HEAD(unmaps_to_do);
464 static long list_size;
466 static void domain_exit(struct dmar_domain *domain);
467 static void domain_remove_dev_info(struct dmar_domain *domain);
468 static void domain_remove_one_dev_info(struct dmar_domain *domain,
470 static void iommu_detach_dependent_devices(struct intel_iommu *iommu,
472 static int domain_detach_iommu(struct dmar_domain *domain,
473 struct intel_iommu *iommu);
475 #ifdef CONFIG_INTEL_IOMMU_DEFAULT_ON
476 int dmar_disabled = 0;
478 int dmar_disabled = 1;
479 #endif /*CONFIG_INTEL_IOMMU_DEFAULT_ON*/
481 int intel_iommu_enabled = 0;
482 EXPORT_SYMBOL_GPL(intel_iommu_enabled);
484 static int dmar_map_gfx = 1;
485 static int dmar_forcedac;
486 static int intel_iommu_strict;
487 static int intel_iommu_superpage = 1;
488 static int intel_iommu_ecs = 1;
490 /* We only actually use ECS when PASID support (on the new bit 40)
491 * is also advertised. Some early implementations — the ones with
492 * PASID support on bit 28 — have issues even when we *only* use
493 * extended root/context tables. */
494 #define ecs_enabled(iommu) (intel_iommu_ecs && ecap_ecs(iommu->ecap) && \
495 ecap_pasid(iommu->ecap))
497 int intel_iommu_gfx_mapped;
498 EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped);
500 #define DUMMY_DEVICE_DOMAIN_INFO ((struct device_domain_info *)(-1))
501 static DEFINE_SPINLOCK(device_domain_lock);
502 static LIST_HEAD(device_domain_list);
504 static const struct iommu_ops intel_iommu_ops;
506 static bool translation_pre_enabled(struct intel_iommu *iommu)
508 return (iommu->flags & VTD_FLAG_TRANS_PRE_ENABLED);
511 static void clear_translation_pre_enabled(struct intel_iommu *iommu)
513 iommu->flags &= ~VTD_FLAG_TRANS_PRE_ENABLED;
516 static void init_translation_status(struct intel_iommu *iommu)
520 gsts = readl(iommu->reg + DMAR_GSTS_REG);
521 if (gsts & DMA_GSTS_TES)
522 iommu->flags |= VTD_FLAG_TRANS_PRE_ENABLED;
525 /* Convert generic 'struct iommu_domain to private struct dmar_domain */
526 static struct dmar_domain *to_dmar_domain(struct iommu_domain *dom)
528 return container_of(dom, struct dmar_domain, domain);
531 static int __init intel_iommu_setup(char *str)
536 if (!strncmp(str, "on", 2)) {
538 pr_info("IOMMU enabled\n");
539 } else if (!strncmp(str, "off", 3)) {
541 pr_info("IOMMU disabled\n");
542 } else if (!strncmp(str, "igfx_off", 8)) {
544 pr_info("Disable GFX device mapping\n");
545 } else if (!strncmp(str, "forcedac", 8)) {
546 pr_info("Forcing DAC for PCI devices\n");
548 } else if (!strncmp(str, "strict", 6)) {
549 pr_info("Disable batched IOTLB flush\n");
550 intel_iommu_strict = 1;
551 } else if (!strncmp(str, "sp_off", 6)) {
552 pr_info("Disable supported super page\n");
553 intel_iommu_superpage = 0;
554 } else if (!strncmp(str, "ecs_off", 7)) {
556 "Intel-IOMMU: disable extended context table support\n");
560 str += strcspn(str, ",");
566 __setup("intel_iommu=", intel_iommu_setup);
568 static struct kmem_cache *iommu_domain_cache;
569 static struct kmem_cache *iommu_devinfo_cache;
571 static inline void *alloc_pgtable_page(int node)
576 page = alloc_pages_node(node, GFP_ATOMIC | __GFP_ZERO, 0);
578 vaddr = page_address(page);
582 static inline void free_pgtable_page(void *vaddr)
584 free_page((unsigned long)vaddr);
587 static inline void *alloc_domain_mem(void)
589 return kmem_cache_alloc(iommu_domain_cache, GFP_ATOMIC);
592 static void free_domain_mem(void *vaddr)
594 kmem_cache_free(iommu_domain_cache, vaddr);
597 static inline void * alloc_devinfo_mem(void)
599 return kmem_cache_alloc(iommu_devinfo_cache, GFP_ATOMIC);
602 static inline void free_devinfo_mem(void *vaddr)
604 kmem_cache_free(iommu_devinfo_cache, vaddr);
607 static inline int domain_type_is_vm(struct dmar_domain *domain)
609 return domain->flags & DOMAIN_FLAG_VIRTUAL_MACHINE;
612 static inline int domain_type_is_vm_or_si(struct dmar_domain *domain)
614 return domain->flags & (DOMAIN_FLAG_VIRTUAL_MACHINE |
615 DOMAIN_FLAG_STATIC_IDENTITY);
618 static inline int domain_pfn_supported(struct dmar_domain *domain,
621 int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
623 return !(addr_width < BITS_PER_LONG && pfn >> addr_width);
626 static int __iommu_calculate_agaw(struct intel_iommu *iommu, int max_gaw)
631 sagaw = cap_sagaw(iommu->cap);
632 for (agaw = width_to_agaw(max_gaw);
634 if (test_bit(agaw, &sagaw))
642 * Calculate max SAGAW for each iommu.
644 int iommu_calculate_max_sagaw(struct intel_iommu *iommu)
646 return __iommu_calculate_agaw(iommu, MAX_AGAW_WIDTH);
650 * calculate agaw for each iommu.
651 * "SAGAW" may be different across iommus, use a default agaw, and
652 * get a supported less agaw for iommus that don't support the default agaw.
654 int iommu_calculate_agaw(struct intel_iommu *iommu)
656 return __iommu_calculate_agaw(iommu, DEFAULT_DOMAIN_ADDRESS_WIDTH);
659 /* This functionin only returns single iommu in a domain */
660 static struct intel_iommu *domain_get_iommu(struct dmar_domain *domain)
664 /* si_domain and vm domain should not get here. */
665 BUG_ON(domain_type_is_vm_or_si(domain));
666 iommu_id = find_first_bit(domain->iommu_bmp, g_num_of_iommus);
667 if (iommu_id < 0 || iommu_id >= g_num_of_iommus)
670 return g_iommus[iommu_id];
673 static void domain_update_iommu_coherency(struct dmar_domain *domain)
675 struct dmar_drhd_unit *drhd;
676 struct intel_iommu *iommu;
680 domain->iommu_coherency = 1;
682 for_each_set_bit(i, domain->iommu_bmp, g_num_of_iommus) {
684 if (!ecap_coherent(g_iommus[i]->ecap)) {
685 domain->iommu_coherency = 0;
692 /* No hardware attached; use lowest common denominator */
694 for_each_active_iommu(iommu, drhd) {
695 if (!ecap_coherent(iommu->ecap)) {
696 domain->iommu_coherency = 0;
703 static int domain_update_iommu_snooping(struct intel_iommu *skip)
705 struct dmar_drhd_unit *drhd;
706 struct intel_iommu *iommu;
710 for_each_active_iommu(iommu, drhd) {
712 if (!ecap_sc_support(iommu->ecap)) {
723 static int domain_update_iommu_superpage(struct intel_iommu *skip)
725 struct dmar_drhd_unit *drhd;
726 struct intel_iommu *iommu;
729 if (!intel_iommu_superpage) {
733 /* set iommu_superpage to the smallest common denominator */
735 for_each_active_iommu(iommu, drhd) {
737 mask &= cap_super_page_val(iommu->cap);
747 /* Some capabilities may be different across iommus */
748 static void domain_update_iommu_cap(struct dmar_domain *domain)
750 domain_update_iommu_coherency(domain);
751 domain->iommu_snooping = domain_update_iommu_snooping(NULL);
752 domain->iommu_superpage = domain_update_iommu_superpage(NULL);
755 static inline struct context_entry *iommu_context_addr(struct intel_iommu *iommu,
756 u8 bus, u8 devfn, int alloc)
758 struct root_entry *root = &iommu->root_entry[bus];
759 struct context_entry *context;
762 if (ecs_enabled(iommu)) {
771 context = phys_to_virt(*entry & VTD_PAGE_MASK);
773 unsigned long phy_addr;
777 context = alloc_pgtable_page(iommu->node);
781 __iommu_flush_cache(iommu, (void *)context, CONTEXT_SIZE);
782 phy_addr = virt_to_phys((void *)context);
783 *entry = phy_addr | 1;
784 __iommu_flush_cache(iommu, entry, sizeof(*entry));
786 return &context[devfn];
789 static int iommu_dummy(struct device *dev)
791 return dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO;
794 static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devfn)
796 struct dmar_drhd_unit *drhd = NULL;
797 struct intel_iommu *iommu;
799 struct pci_dev *ptmp, *pdev = NULL;
803 if (iommu_dummy(dev))
806 if (dev_is_pci(dev)) {
807 pdev = to_pci_dev(dev);
808 segment = pci_domain_nr(pdev->bus);
809 } else if (has_acpi_companion(dev))
810 dev = &ACPI_COMPANION(dev)->dev;
813 for_each_active_iommu(iommu, drhd) {
814 if (pdev && segment != drhd->segment)
817 for_each_active_dev_scope(drhd->devices,
818 drhd->devices_cnt, i, tmp) {
820 *bus = drhd->devices[i].bus;
821 *devfn = drhd->devices[i].devfn;
825 if (!pdev || !dev_is_pci(tmp))
828 ptmp = to_pci_dev(tmp);
829 if (ptmp->subordinate &&
830 ptmp->subordinate->number <= pdev->bus->number &&
831 ptmp->subordinate->busn_res.end >= pdev->bus->number)
835 if (pdev && drhd->include_all) {
837 *bus = pdev->bus->number;
838 *devfn = pdev->devfn;
849 static void domain_flush_cache(struct dmar_domain *domain,
850 void *addr, int size)
852 if (!domain->iommu_coherency)
853 clflush_cache_range(addr, size);
856 static int device_context_mapped(struct intel_iommu *iommu, u8 bus, u8 devfn)
858 struct context_entry *context;
862 spin_lock_irqsave(&iommu->lock, flags);
863 context = iommu_context_addr(iommu, bus, devfn, 0);
865 ret = context_present(context);
866 spin_unlock_irqrestore(&iommu->lock, flags);
870 static void clear_context_table(struct intel_iommu *iommu, u8 bus, u8 devfn)
872 struct context_entry *context;
875 spin_lock_irqsave(&iommu->lock, flags);
876 context = iommu_context_addr(iommu, bus, devfn, 0);
878 context_clear_entry(context);
879 __iommu_flush_cache(iommu, context, sizeof(*context));
881 spin_unlock_irqrestore(&iommu->lock, flags);
884 static void free_context_table(struct intel_iommu *iommu)
888 struct context_entry *context;
890 spin_lock_irqsave(&iommu->lock, flags);
891 if (!iommu->root_entry) {
894 for (i = 0; i < ROOT_ENTRY_NR; i++) {
895 context = iommu_context_addr(iommu, i, 0, 0);
897 free_pgtable_page(context);
899 if (!ecs_enabled(iommu))
902 context = iommu_context_addr(iommu, i, 0x80, 0);
904 free_pgtable_page(context);
907 free_pgtable_page(iommu->root_entry);
908 iommu->root_entry = NULL;
910 spin_unlock_irqrestore(&iommu->lock, flags);
913 static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
914 unsigned long pfn, int *target_level)
916 struct dma_pte *parent, *pte = NULL;
917 int level = agaw_to_level(domain->agaw);
920 BUG_ON(!domain->pgd);
922 if (!domain_pfn_supported(domain, pfn))
923 /* Address beyond IOMMU's addressing capabilities. */
926 parent = domain->pgd;
931 offset = pfn_level_offset(pfn, level);
932 pte = &parent[offset];
933 if (!*target_level && (dma_pte_superpage(pte) || !dma_pte_present(pte)))
935 if (level == *target_level)
938 if (!dma_pte_present(pte)) {
941 tmp_page = alloc_pgtable_page(domain->nid);
946 domain_flush_cache(domain, tmp_page, VTD_PAGE_SIZE);
947 pteval = ((uint64_t)virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE;
948 if (cmpxchg64(&pte->val, 0ULL, pteval))
949 /* Someone else set it while we were thinking; use theirs. */
950 free_pgtable_page(tmp_page);
952 domain_flush_cache(domain, pte, sizeof(*pte));
957 parent = phys_to_virt(dma_pte_addr(pte));
962 *target_level = level;
968 /* return address's pte at specific level */
969 static struct dma_pte *dma_pfn_level_pte(struct dmar_domain *domain,
971 int level, int *large_page)
973 struct dma_pte *parent, *pte = NULL;
974 int total = agaw_to_level(domain->agaw);
977 parent = domain->pgd;
978 while (level <= total) {
979 offset = pfn_level_offset(pfn, total);
980 pte = &parent[offset];
984 if (!dma_pte_present(pte)) {
989 if (dma_pte_superpage(pte)) {
994 parent = phys_to_virt(dma_pte_addr(pte));
1000 /* clear last level pte, a tlb flush should be followed */
1001 static void dma_pte_clear_range(struct dmar_domain *domain,
1002 unsigned long start_pfn,
1003 unsigned long last_pfn)
1005 unsigned int large_page = 1;
1006 struct dma_pte *first_pte, *pte;
1008 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1009 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1010 BUG_ON(start_pfn > last_pfn);
1012 /* we don't need lock here; nobody else touches the iova range */
1015 first_pte = pte = dma_pfn_level_pte(domain, start_pfn, 1, &large_page);
1017 start_pfn = align_to_level(start_pfn + 1, large_page + 1);
1022 start_pfn += lvl_to_nr_pages(large_page);
1024 } while (start_pfn <= last_pfn && !first_pte_in_page(pte));
1026 domain_flush_cache(domain, first_pte,
1027 (void *)pte - (void *)first_pte);
1029 } while (start_pfn && start_pfn <= last_pfn);
1032 static void dma_pte_free_level(struct dmar_domain *domain, int level,
1033 struct dma_pte *pte, unsigned long pfn,
1034 unsigned long start_pfn, unsigned long last_pfn)
1036 pfn = max(start_pfn, pfn);
1037 pte = &pte[pfn_level_offset(pfn, level)];
1040 unsigned long level_pfn;
1041 struct dma_pte *level_pte;
1043 if (!dma_pte_present(pte) || dma_pte_superpage(pte))
1046 level_pfn = pfn & level_mask(level - 1);
1047 level_pte = phys_to_virt(dma_pte_addr(pte));
1050 dma_pte_free_level(domain, level - 1, level_pte,
1051 level_pfn, start_pfn, last_pfn);
1053 /* If range covers entire pagetable, free it */
1054 if (!(start_pfn > level_pfn ||
1055 last_pfn < level_pfn + level_size(level) - 1)) {
1057 domain_flush_cache(domain, pte, sizeof(*pte));
1058 free_pgtable_page(level_pte);
1061 pfn += level_size(level);
1062 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
1065 /* free page table pages. last level pte should already be cleared */
1066 static void dma_pte_free_pagetable(struct dmar_domain *domain,
1067 unsigned long start_pfn,
1068 unsigned long last_pfn)
1070 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1071 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1072 BUG_ON(start_pfn > last_pfn);
1074 dma_pte_clear_range(domain, start_pfn, last_pfn);
1076 /* We don't need lock here; nobody else touches the iova range */
1077 dma_pte_free_level(domain, agaw_to_level(domain->agaw),
1078 domain->pgd, 0, start_pfn, last_pfn);
1081 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1082 free_pgtable_page(domain->pgd);
1087 /* When a page at a given level is being unlinked from its parent, we don't
1088 need to *modify* it at all. All we need to do is make a list of all the
1089 pages which can be freed just as soon as we've flushed the IOTLB and we
1090 know the hardware page-walk will no longer touch them.
1091 The 'pte' argument is the *parent* PTE, pointing to the page that is to
1093 static struct page *dma_pte_list_pagetables(struct dmar_domain *domain,
1094 int level, struct dma_pte *pte,
1095 struct page *freelist)
1099 pg = pfn_to_page(dma_pte_addr(pte) >> PAGE_SHIFT);
1100 pg->freelist = freelist;
1106 pte = page_address(pg);
1108 if (dma_pte_present(pte) && !dma_pte_superpage(pte))
1109 freelist = dma_pte_list_pagetables(domain, level - 1,
1112 } while (!first_pte_in_page(pte));
1117 static struct page *dma_pte_clear_level(struct dmar_domain *domain, int level,
1118 struct dma_pte *pte, unsigned long pfn,
1119 unsigned long start_pfn,
1120 unsigned long last_pfn,
1121 struct page *freelist)
1123 struct dma_pte *first_pte = NULL, *last_pte = NULL;
1125 pfn = max(start_pfn, pfn);
1126 pte = &pte[pfn_level_offset(pfn, level)];
1129 unsigned long level_pfn;
1131 if (!dma_pte_present(pte))
1134 level_pfn = pfn & level_mask(level);
1136 /* If range covers entire pagetable, free it */
1137 if (start_pfn <= level_pfn &&
1138 last_pfn >= level_pfn + level_size(level) - 1) {
1139 /* These suborbinate page tables are going away entirely. Don't
1140 bother to clear them; we're just going to *free* them. */
1141 if (level > 1 && !dma_pte_superpage(pte))
1142 freelist = dma_pte_list_pagetables(domain, level - 1, pte, freelist);
1148 } else if (level > 1) {
1149 /* Recurse down into a level that isn't *entirely* obsolete */
1150 freelist = dma_pte_clear_level(domain, level - 1,
1151 phys_to_virt(dma_pte_addr(pte)),
1152 level_pfn, start_pfn, last_pfn,
1156 pfn += level_size(level);
1157 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
1160 domain_flush_cache(domain, first_pte,
1161 (void *)++last_pte - (void *)first_pte);
1166 /* We can't just free the pages because the IOMMU may still be walking
1167 the page tables, and may have cached the intermediate levels. The
1168 pages can only be freed after the IOTLB flush has been done. */
1169 struct page *domain_unmap(struct dmar_domain *domain,
1170 unsigned long start_pfn,
1171 unsigned long last_pfn)
1173 struct page *freelist = NULL;
1175 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1176 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1177 BUG_ON(start_pfn > last_pfn);
1179 /* we don't need lock here; nobody else touches the iova range */
1180 freelist = dma_pte_clear_level(domain, agaw_to_level(domain->agaw),
1181 domain->pgd, 0, start_pfn, last_pfn, NULL);
1184 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1185 struct page *pgd_page = virt_to_page(domain->pgd);
1186 pgd_page->freelist = freelist;
1187 freelist = pgd_page;
1195 void dma_free_pagelist(struct page *freelist)
1199 while ((pg = freelist)) {
1200 freelist = pg->freelist;
1201 free_pgtable_page(page_address(pg));
1205 /* iommu handling */
1206 static int iommu_alloc_root_entry(struct intel_iommu *iommu)
1208 struct root_entry *root;
1209 unsigned long flags;
1211 root = (struct root_entry *)alloc_pgtable_page(iommu->node);
1213 pr_err("Allocating root entry for %s failed\n",
1218 __iommu_flush_cache(iommu, root, ROOT_SIZE);
1220 spin_lock_irqsave(&iommu->lock, flags);
1221 iommu->root_entry = root;
1222 spin_unlock_irqrestore(&iommu->lock, flags);
1227 static void iommu_set_root_entry(struct intel_iommu *iommu)
1233 addr = virt_to_phys(iommu->root_entry);
1234 if (ecs_enabled(iommu))
1235 addr |= DMA_RTADDR_RTT;
1237 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1238 dmar_writeq(iommu->reg + DMAR_RTADDR_REG, addr);
1240 writel(iommu->gcmd | DMA_GCMD_SRTP, iommu->reg + DMAR_GCMD_REG);
1242 /* Make sure hardware complete it */
1243 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1244 readl, (sts & DMA_GSTS_RTPS), sts);
1246 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1249 static void iommu_flush_write_buffer(struct intel_iommu *iommu)
1254 if (!rwbf_quirk && !cap_rwbf(iommu->cap))
1257 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1258 writel(iommu->gcmd | DMA_GCMD_WBF, iommu->reg + DMAR_GCMD_REG);
1260 /* Make sure hardware complete it */
1261 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1262 readl, (!(val & DMA_GSTS_WBFS)), val);
1264 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1267 /* return value determine if we need a write buffer flush */
1268 static void __iommu_flush_context(struct intel_iommu *iommu,
1269 u16 did, u16 source_id, u8 function_mask,
1276 case DMA_CCMD_GLOBAL_INVL:
1277 val = DMA_CCMD_GLOBAL_INVL;
1279 case DMA_CCMD_DOMAIN_INVL:
1280 val = DMA_CCMD_DOMAIN_INVL|DMA_CCMD_DID(did);
1282 case DMA_CCMD_DEVICE_INVL:
1283 val = DMA_CCMD_DEVICE_INVL|DMA_CCMD_DID(did)
1284 | DMA_CCMD_SID(source_id) | DMA_CCMD_FM(function_mask);
1289 val |= DMA_CCMD_ICC;
1291 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1292 dmar_writeq(iommu->reg + DMAR_CCMD_REG, val);
1294 /* Make sure hardware complete it */
1295 IOMMU_WAIT_OP(iommu, DMAR_CCMD_REG,
1296 dmar_readq, (!(val & DMA_CCMD_ICC)), val);
1298 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1301 /* return value determine if we need a write buffer flush */
1302 static void __iommu_flush_iotlb(struct intel_iommu *iommu, u16 did,
1303 u64 addr, unsigned int size_order, u64 type)
1305 int tlb_offset = ecap_iotlb_offset(iommu->ecap);
1306 u64 val = 0, val_iva = 0;
1310 case DMA_TLB_GLOBAL_FLUSH:
1311 /* global flush doesn't need set IVA_REG */
1312 val = DMA_TLB_GLOBAL_FLUSH|DMA_TLB_IVT;
1314 case DMA_TLB_DSI_FLUSH:
1315 val = DMA_TLB_DSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1317 case DMA_TLB_PSI_FLUSH:
1318 val = DMA_TLB_PSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1319 /* IH bit is passed in as part of address */
1320 val_iva = size_order | addr;
1325 /* Note: set drain read/write */
1328 * This is probably to be super secure.. Looks like we can
1329 * ignore it without any impact.
1331 if (cap_read_drain(iommu->cap))
1332 val |= DMA_TLB_READ_DRAIN;
1334 if (cap_write_drain(iommu->cap))
1335 val |= DMA_TLB_WRITE_DRAIN;
1337 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1338 /* Note: Only uses first TLB reg currently */
1340 dmar_writeq(iommu->reg + tlb_offset, val_iva);
1341 dmar_writeq(iommu->reg + tlb_offset + 8, val);
1343 /* Make sure hardware complete it */
1344 IOMMU_WAIT_OP(iommu, tlb_offset + 8,
1345 dmar_readq, (!(val & DMA_TLB_IVT)), val);
1347 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1349 /* check IOTLB invalidation granularity */
1350 if (DMA_TLB_IAIG(val) == 0)
1351 pr_err("Flush IOTLB failed\n");
1352 if (DMA_TLB_IAIG(val) != DMA_TLB_IIRG(type))
1353 pr_debug("TLB flush request %Lx, actual %Lx\n",
1354 (unsigned long long)DMA_TLB_IIRG(type),
1355 (unsigned long long)DMA_TLB_IAIG(val));
1358 static struct device_domain_info *
1359 iommu_support_dev_iotlb (struct dmar_domain *domain, struct intel_iommu *iommu,
1363 unsigned long flags;
1364 struct device_domain_info *info;
1365 struct pci_dev *pdev;
1367 if (!ecap_dev_iotlb_support(iommu->ecap))
1373 spin_lock_irqsave(&device_domain_lock, flags);
1374 list_for_each_entry(info, &domain->devices, link)
1375 if (info->iommu == iommu && info->bus == bus &&
1376 info->devfn == devfn) {
1380 spin_unlock_irqrestore(&device_domain_lock, flags);
1382 if (!found || !info->dev || !dev_is_pci(info->dev))
1385 pdev = to_pci_dev(info->dev);
1387 if (!pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS))
1390 if (!dmar_find_matched_atsr_unit(pdev))
1396 static void iommu_enable_dev_iotlb(struct device_domain_info *info)
1398 struct pci_dev *pdev;
1400 if (!info || !dev_is_pci(info->dev))
1403 pdev = to_pci_dev(info->dev);
1404 if (pci_enable_ats(pdev, VTD_PAGE_SHIFT))
1407 info->ats.enabled = 1;
1408 info->ats.qdep = pci_ats_queue_depth(pdev);
1411 static void iommu_disable_dev_iotlb(struct device_domain_info *info)
1413 if (!info->ats.enabled)
1416 pci_disable_ats(to_pci_dev(info->dev));
1417 info->ats.enabled = 0;
1420 static void iommu_flush_dev_iotlb(struct dmar_domain *domain,
1421 u64 addr, unsigned mask)
1424 unsigned long flags;
1425 struct device_domain_info *info;
1427 spin_lock_irqsave(&device_domain_lock, flags);
1428 list_for_each_entry(info, &domain->devices, link) {
1429 if (!info->ats.enabled)
1432 sid = info->bus << 8 | info->devfn;
1433 qdep = info->ats.qdep;
1434 qi_flush_dev_iotlb(info->iommu, sid, qdep, addr, mask);
1436 spin_unlock_irqrestore(&device_domain_lock, flags);
1439 static void iommu_flush_iotlb_psi(struct intel_iommu *iommu, u16 did,
1440 unsigned long pfn, unsigned int pages, int ih, int map)
1442 unsigned int mask = ilog2(__roundup_pow_of_two(pages));
1443 uint64_t addr = (uint64_t)pfn << VTD_PAGE_SHIFT;
1450 * Fallback to domain selective flush if no PSI support or the size is
1452 * PSI requires page size to be 2 ^ x, and the base address is naturally
1453 * aligned to the size
1455 if (!cap_pgsel_inv(iommu->cap) || mask > cap_max_amask_val(iommu->cap))
1456 iommu->flush.flush_iotlb(iommu, did, 0, 0,
1459 iommu->flush.flush_iotlb(iommu, did, addr | ih, mask,
1463 * In caching mode, changes of pages from non-present to present require
1464 * flush. However, device IOTLB doesn't need to be flushed in this case.
1466 if (!cap_caching_mode(iommu->cap) || !map)
1467 iommu_flush_dev_iotlb(iommu->domains[did], addr, mask);
1470 static void iommu_disable_protect_mem_regions(struct intel_iommu *iommu)
1473 unsigned long flags;
1475 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1476 pmen = readl(iommu->reg + DMAR_PMEN_REG);
1477 pmen &= ~DMA_PMEN_EPM;
1478 writel(pmen, iommu->reg + DMAR_PMEN_REG);
1480 /* wait for the protected region status bit to clear */
1481 IOMMU_WAIT_OP(iommu, DMAR_PMEN_REG,
1482 readl, !(pmen & DMA_PMEN_PRS), pmen);
1484 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1487 static void iommu_enable_translation(struct intel_iommu *iommu)
1490 unsigned long flags;
1492 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1493 iommu->gcmd |= DMA_GCMD_TE;
1494 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1496 /* Make sure hardware complete it */
1497 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1498 readl, (sts & DMA_GSTS_TES), sts);
1500 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1503 static void iommu_disable_translation(struct intel_iommu *iommu)
1508 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1509 iommu->gcmd &= ~DMA_GCMD_TE;
1510 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1512 /* Make sure hardware complete it */
1513 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1514 readl, (!(sts & DMA_GSTS_TES)), sts);
1516 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1520 static int iommu_init_domains(struct intel_iommu *iommu)
1522 unsigned long ndomains;
1523 unsigned long nlongs;
1525 ndomains = cap_ndoms(iommu->cap);
1526 pr_debug("%s: Number of Domains supported <%ld>\n",
1527 iommu->name, ndomains);
1528 nlongs = BITS_TO_LONGS(ndomains);
1530 spin_lock_init(&iommu->lock);
1532 /* TBD: there might be 64K domains,
1533 * consider other allocation for future chip
1535 iommu->domain_ids = kcalloc(nlongs, sizeof(unsigned long), GFP_KERNEL);
1536 if (!iommu->domain_ids) {
1537 pr_err("%s: Allocating domain id array failed\n",
1541 iommu->domains = kcalloc(ndomains, sizeof(struct dmar_domain *),
1543 if (!iommu->domains) {
1544 pr_err("%s: Allocating domain array failed\n",
1546 kfree(iommu->domain_ids);
1547 iommu->domain_ids = NULL;
1552 * if Caching mode is set, then invalid translations are tagged
1553 * with domainid 0. Hence we need to pre-allocate it.
1555 if (cap_caching_mode(iommu->cap))
1556 set_bit(0, iommu->domain_ids);
1560 static void disable_dmar_iommu(struct intel_iommu *iommu)
1562 struct dmar_domain *domain;
1565 if ((iommu->domains) && (iommu->domain_ids)) {
1566 for_each_set_bit(i, iommu->domain_ids, cap_ndoms(iommu->cap)) {
1568 * Domain id 0 is reserved for invalid translation
1569 * if hardware supports caching mode.
1571 if (cap_caching_mode(iommu->cap) && i == 0)
1574 domain = iommu->domains[i];
1575 clear_bit(i, iommu->domain_ids);
1576 if (domain_detach_iommu(domain, iommu) == 0 &&
1577 !domain_type_is_vm(domain))
1578 domain_exit(domain);
1582 if (iommu->gcmd & DMA_GCMD_TE)
1583 iommu_disable_translation(iommu);
1586 static void free_dmar_iommu(struct intel_iommu *iommu)
1588 if ((iommu->domains) && (iommu->domain_ids)) {
1589 kfree(iommu->domains);
1590 kfree(iommu->domain_ids);
1591 iommu->domains = NULL;
1592 iommu->domain_ids = NULL;
1595 g_iommus[iommu->seq_id] = NULL;
1597 /* free context mapping */
1598 free_context_table(iommu);
1601 static struct dmar_domain *alloc_domain(int flags)
1603 /* domain id for virtual machine, it won't be set in context */
1604 static atomic_t vm_domid = ATOMIC_INIT(0);
1605 struct dmar_domain *domain;
1607 domain = alloc_domain_mem();
1611 memset(domain, 0, sizeof(*domain));
1613 domain->flags = flags;
1614 spin_lock_init(&domain->iommu_lock);
1615 INIT_LIST_HEAD(&domain->devices);
1616 if (flags & DOMAIN_FLAG_VIRTUAL_MACHINE)
1617 domain->id = atomic_inc_return(&vm_domid);
1622 static int __iommu_attach_domain(struct dmar_domain *domain,
1623 struct intel_iommu *iommu)
1626 unsigned long ndomains;
1628 ndomains = cap_ndoms(iommu->cap);
1629 num = find_first_zero_bit(iommu->domain_ids, ndomains);
1630 if (num < ndomains) {
1631 set_bit(num, iommu->domain_ids);
1632 iommu->domains[num] = domain;
1640 static int iommu_attach_domain(struct dmar_domain *domain,
1641 struct intel_iommu *iommu)
1644 unsigned long flags;
1646 spin_lock_irqsave(&iommu->lock, flags);
1647 num = __iommu_attach_domain(domain, iommu);
1648 spin_unlock_irqrestore(&iommu->lock, flags);
1650 pr_err("%s: No free domain ids\n", iommu->name);
1655 static int iommu_attach_vm_domain(struct dmar_domain *domain,
1656 struct intel_iommu *iommu)
1659 unsigned long ndomains;
1661 ndomains = cap_ndoms(iommu->cap);
1662 for_each_set_bit(num, iommu->domain_ids, ndomains)
1663 if (iommu->domains[num] == domain)
1666 return __iommu_attach_domain(domain, iommu);
1669 static void iommu_detach_domain(struct dmar_domain *domain,
1670 struct intel_iommu *iommu)
1672 unsigned long flags;
1675 spin_lock_irqsave(&iommu->lock, flags);
1676 if (domain_type_is_vm_or_si(domain)) {
1677 ndomains = cap_ndoms(iommu->cap);
1678 for_each_set_bit(num, iommu->domain_ids, ndomains) {
1679 if (iommu->domains[num] == domain) {
1680 clear_bit(num, iommu->domain_ids);
1681 iommu->domains[num] = NULL;
1686 clear_bit(domain->id, iommu->domain_ids);
1687 iommu->domains[domain->id] = NULL;
1689 spin_unlock_irqrestore(&iommu->lock, flags);
1692 static void domain_attach_iommu(struct dmar_domain *domain,
1693 struct intel_iommu *iommu)
1695 unsigned long flags;
1697 spin_lock_irqsave(&domain->iommu_lock, flags);
1698 if (!test_and_set_bit(iommu->seq_id, domain->iommu_bmp)) {
1699 domain->iommu_count++;
1700 if (domain->iommu_count == 1)
1701 domain->nid = iommu->node;
1702 domain_update_iommu_cap(domain);
1704 spin_unlock_irqrestore(&domain->iommu_lock, flags);
1707 static int domain_detach_iommu(struct dmar_domain *domain,
1708 struct intel_iommu *iommu)
1710 unsigned long flags;
1711 int count = INT_MAX;
1713 spin_lock_irqsave(&domain->iommu_lock, flags);
1714 if (test_and_clear_bit(iommu->seq_id, domain->iommu_bmp)) {
1715 count = --domain->iommu_count;
1716 domain_update_iommu_cap(domain);
1718 spin_unlock_irqrestore(&domain->iommu_lock, flags);
1723 static struct iova_domain reserved_iova_list;
1724 static struct lock_class_key reserved_rbtree_key;
1726 static int dmar_init_reserved_ranges(void)
1728 struct pci_dev *pdev = NULL;
1732 init_iova_domain(&reserved_iova_list, VTD_PAGE_SIZE, IOVA_START_PFN,
1735 lockdep_set_class(&reserved_iova_list.iova_rbtree_lock,
1736 &reserved_rbtree_key);
1738 /* IOAPIC ranges shouldn't be accessed by DMA */
1739 iova = reserve_iova(&reserved_iova_list, IOVA_PFN(IOAPIC_RANGE_START),
1740 IOVA_PFN(IOAPIC_RANGE_END));
1742 pr_err("Reserve IOAPIC range failed\n");
1746 /* Reserve all PCI MMIO to avoid peer-to-peer access */
1747 for_each_pci_dev(pdev) {
1750 for (i = 0; i < PCI_NUM_RESOURCES; i++) {
1751 r = &pdev->resource[i];
1752 if (!r->flags || !(r->flags & IORESOURCE_MEM))
1754 iova = reserve_iova(&reserved_iova_list,
1758 pr_err("Reserve iova failed\n");
1766 static void domain_reserve_special_ranges(struct dmar_domain *domain)
1768 copy_reserved_iova(&reserved_iova_list, &domain->iovad);
1771 static inline int guestwidth_to_adjustwidth(int gaw)
1774 int r = (gaw - 12) % 9;
1785 static int domain_init(struct dmar_domain *domain, int guest_width)
1787 struct intel_iommu *iommu;
1788 int adjust_width, agaw;
1789 unsigned long sagaw;
1791 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
1793 domain_reserve_special_ranges(domain);
1795 /* calculate AGAW */
1796 iommu = domain_get_iommu(domain);
1797 if (guest_width > cap_mgaw(iommu->cap))
1798 guest_width = cap_mgaw(iommu->cap);
1799 domain->gaw = guest_width;
1800 adjust_width = guestwidth_to_adjustwidth(guest_width);
1801 agaw = width_to_agaw(adjust_width);
1802 sagaw = cap_sagaw(iommu->cap);
1803 if (!test_bit(agaw, &sagaw)) {
1804 /* hardware doesn't support it, choose a bigger one */
1805 pr_debug("Hardware doesn't support agaw %d\n", agaw);
1806 agaw = find_next_bit(&sagaw, 5, agaw);
1810 domain->agaw = agaw;
1812 if (ecap_coherent(iommu->ecap))
1813 domain->iommu_coherency = 1;
1815 domain->iommu_coherency = 0;
1817 if (ecap_sc_support(iommu->ecap))
1818 domain->iommu_snooping = 1;
1820 domain->iommu_snooping = 0;
1822 if (intel_iommu_superpage)
1823 domain->iommu_superpage = fls(cap_super_page_val(iommu->cap));
1825 domain->iommu_superpage = 0;
1827 domain->nid = iommu->node;
1829 /* always allocate the top pgd */
1830 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
1833 __iommu_flush_cache(iommu, domain->pgd, PAGE_SIZE);
1837 static void domain_exit(struct dmar_domain *domain)
1839 struct dmar_drhd_unit *drhd;
1840 struct intel_iommu *iommu;
1841 struct page *freelist = NULL;
1843 /* Domain 0 is reserved, so dont process it */
1847 /* Flush any lazy unmaps that may reference this domain */
1848 if (!intel_iommu_strict)
1849 flush_unmaps_timeout(0);
1851 /* remove associated devices */
1852 domain_remove_dev_info(domain);
1855 put_iova_domain(&domain->iovad);
1857 freelist = domain_unmap(domain, 0, DOMAIN_MAX_PFN(domain->gaw));
1859 /* clear attached or cached domains */
1861 for_each_active_iommu(iommu, drhd)
1862 if (domain_type_is_vm(domain) ||
1863 test_bit(iommu->seq_id, domain->iommu_bmp))
1864 iommu_detach_domain(domain, iommu);
1867 dma_free_pagelist(freelist);
1869 free_domain_mem(domain);
1872 static int domain_context_mapping_one(struct dmar_domain *domain,
1873 struct intel_iommu *iommu,
1874 u8 bus, u8 devfn, int translation)
1876 struct context_entry *context;
1877 unsigned long flags;
1878 struct dma_pte *pgd;
1881 struct device_domain_info *info = NULL;
1883 pr_debug("Set context mapping for %02x:%02x.%d\n",
1884 bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
1886 BUG_ON(!domain->pgd);
1887 BUG_ON(translation != CONTEXT_TT_PASS_THROUGH &&
1888 translation != CONTEXT_TT_MULTI_LEVEL);
1890 spin_lock_irqsave(&iommu->lock, flags);
1891 context = iommu_context_addr(iommu, bus, devfn, 1);
1892 spin_unlock_irqrestore(&iommu->lock, flags);
1895 spin_lock_irqsave(&iommu->lock, flags);
1896 if (context_present(context)) {
1897 spin_unlock_irqrestore(&iommu->lock, flags);
1901 context_clear_entry(context);
1906 if (domain_type_is_vm_or_si(domain)) {
1907 if (domain_type_is_vm(domain)) {
1908 id = iommu_attach_vm_domain(domain, iommu);
1910 spin_unlock_irqrestore(&iommu->lock, flags);
1911 pr_err("%s: No free domain ids\n", iommu->name);
1916 /* Skip top levels of page tables for
1917 * iommu which has less agaw than default.
1918 * Unnecessary for PT mode.
1920 if (translation != CONTEXT_TT_PASS_THROUGH) {
1921 for (agaw = domain->agaw; agaw != iommu->agaw; agaw--) {
1922 pgd = phys_to_virt(dma_pte_addr(pgd));
1923 if (!dma_pte_present(pgd)) {
1924 spin_unlock_irqrestore(&iommu->lock, flags);
1931 context_set_domain_id(context, id);
1933 if (translation != CONTEXT_TT_PASS_THROUGH) {
1934 info = iommu_support_dev_iotlb(domain, iommu, bus, devfn);
1935 translation = info ? CONTEXT_TT_DEV_IOTLB :
1936 CONTEXT_TT_MULTI_LEVEL;
1939 * In pass through mode, AW must be programmed to indicate the largest
1940 * AGAW value supported by hardware. And ASR is ignored by hardware.
1942 if (unlikely(translation == CONTEXT_TT_PASS_THROUGH))
1943 context_set_address_width(context, iommu->msagaw);
1945 context_set_address_root(context, virt_to_phys(pgd));
1946 context_set_address_width(context, iommu->agaw);
1949 context_set_translation_type(context, translation);
1950 context_set_fault_enable(context);
1951 context_set_present(context);
1952 domain_flush_cache(domain, context, sizeof(*context));
1955 * It's a non-present to present mapping. If hardware doesn't cache
1956 * non-present entry we only need to flush the write-buffer. If the
1957 * _does_ cache non-present entries, then it does so in the special
1958 * domain #0, which we have to flush:
1960 if (cap_caching_mode(iommu->cap)) {
1961 iommu->flush.flush_context(iommu, 0,
1962 (((u16)bus) << 8) | devfn,
1963 DMA_CCMD_MASK_NOBIT,
1964 DMA_CCMD_DEVICE_INVL);
1965 iommu->flush.flush_iotlb(iommu, id, 0, 0, DMA_TLB_DSI_FLUSH);
1967 iommu_flush_write_buffer(iommu);
1969 iommu_enable_dev_iotlb(info);
1970 spin_unlock_irqrestore(&iommu->lock, flags);
1972 domain_attach_iommu(domain, iommu);
1977 struct domain_context_mapping_data {
1978 struct dmar_domain *domain;
1979 struct intel_iommu *iommu;
1983 static int domain_context_mapping_cb(struct pci_dev *pdev,
1984 u16 alias, void *opaque)
1986 struct domain_context_mapping_data *data = opaque;
1988 return domain_context_mapping_one(data->domain, data->iommu,
1989 PCI_BUS_NUM(alias), alias & 0xff,
1994 domain_context_mapping(struct dmar_domain *domain, struct device *dev,
1997 struct intel_iommu *iommu;
1999 struct domain_context_mapping_data data;
2001 iommu = device_to_iommu(dev, &bus, &devfn);
2005 if (!dev_is_pci(dev))
2006 return domain_context_mapping_one(domain, iommu, bus, devfn,
2009 data.domain = domain;
2011 data.translation = translation;
2013 return pci_for_each_dma_alias(to_pci_dev(dev),
2014 &domain_context_mapping_cb, &data);
2017 static int domain_context_mapped_cb(struct pci_dev *pdev,
2018 u16 alias, void *opaque)
2020 struct intel_iommu *iommu = opaque;
2022 return !device_context_mapped(iommu, PCI_BUS_NUM(alias), alias & 0xff);
2025 static int domain_context_mapped(struct device *dev)
2027 struct intel_iommu *iommu;
2030 iommu = device_to_iommu(dev, &bus, &devfn);
2034 if (!dev_is_pci(dev))
2035 return device_context_mapped(iommu, bus, devfn);
2037 return !pci_for_each_dma_alias(to_pci_dev(dev),
2038 domain_context_mapped_cb, iommu);
2041 /* Returns a number of VTD pages, but aligned to MM page size */
2042 static inline unsigned long aligned_nrpages(unsigned long host_addr,
2045 host_addr &= ~PAGE_MASK;
2046 return PAGE_ALIGN(host_addr + size) >> VTD_PAGE_SHIFT;
2049 /* Return largest possible superpage level for a given mapping */
2050 static inline int hardware_largepage_caps(struct dmar_domain *domain,
2051 unsigned long iov_pfn,
2052 unsigned long phy_pfn,
2053 unsigned long pages)
2055 int support, level = 1;
2056 unsigned long pfnmerge;
2058 support = domain->iommu_superpage;
2060 /* To use a large page, the virtual *and* physical addresses
2061 must be aligned to 2MiB/1GiB/etc. Lower bits set in either
2062 of them will mean we have to use smaller pages. So just
2063 merge them and check both at once. */
2064 pfnmerge = iov_pfn | phy_pfn;
2066 while (support && !(pfnmerge & ~VTD_STRIDE_MASK)) {
2067 pages >>= VTD_STRIDE_SHIFT;
2070 pfnmerge >>= VTD_STRIDE_SHIFT;
2077 static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2078 struct scatterlist *sg, unsigned long phys_pfn,
2079 unsigned long nr_pages, int prot)
2081 struct dma_pte *first_pte = NULL, *pte = NULL;
2082 phys_addr_t uninitialized_var(pteval);
2083 unsigned long sg_res = 0;
2084 unsigned int largepage_lvl = 0;
2085 unsigned long lvl_pages = 0;
2087 BUG_ON(!domain_pfn_supported(domain, iov_pfn + nr_pages - 1));
2089 if ((prot & (DMA_PTE_READ|DMA_PTE_WRITE)) == 0)
2092 prot &= DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP;
2096 pteval = ((phys_addr_t)phys_pfn << VTD_PAGE_SHIFT) | prot;
2099 while (nr_pages > 0) {
2103 sg_res = aligned_nrpages(sg->offset, sg->length);
2104 sg->dma_address = ((dma_addr_t)iov_pfn << VTD_PAGE_SHIFT) + sg->offset;
2105 sg->dma_length = sg->length;
2106 pteval = page_to_phys(sg_page(sg)) | prot;
2107 phys_pfn = pteval >> VTD_PAGE_SHIFT;
2111 largepage_lvl = hardware_largepage_caps(domain, iov_pfn, phys_pfn, sg_res);
2113 first_pte = pte = pfn_to_dma_pte(domain, iov_pfn, &largepage_lvl);
2116 /* It is large page*/
2117 if (largepage_lvl > 1) {
2118 pteval |= DMA_PTE_LARGE_PAGE;
2119 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2121 * Ensure that old small page tables are
2122 * removed to make room for superpage,
2125 dma_pte_free_pagetable(domain, iov_pfn,
2126 iov_pfn + lvl_pages - 1);
2128 pteval &= ~(uint64_t)DMA_PTE_LARGE_PAGE;
2132 /* We don't need lock here, nobody else
2133 * touches the iova range
2135 tmp = cmpxchg64_local(&pte->val, 0ULL, pteval);
2137 static int dumps = 5;
2138 pr_crit("ERROR: DMA PTE for vPFN 0x%lx already set (to %llx not %llx)\n",
2139 iov_pfn, tmp, (unsigned long long)pteval);
2142 debug_dma_dump_mappings(NULL);
2147 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2149 BUG_ON(nr_pages < lvl_pages);
2150 BUG_ON(sg_res < lvl_pages);
2152 nr_pages -= lvl_pages;
2153 iov_pfn += lvl_pages;
2154 phys_pfn += lvl_pages;
2155 pteval += lvl_pages * VTD_PAGE_SIZE;
2156 sg_res -= lvl_pages;
2158 /* If the next PTE would be the first in a new page, then we
2159 need to flush the cache on the entries we've just written.
2160 And then we'll need to recalculate 'pte', so clear it and
2161 let it get set again in the if (!pte) block above.
2163 If we're done (!nr_pages) we need to flush the cache too.
2165 Also if we've been setting superpages, we may need to
2166 recalculate 'pte' and switch back to smaller pages for the
2167 end of the mapping, if the trailing size is not enough to
2168 use another superpage (i.e. sg_res < lvl_pages). */
2170 if (!nr_pages || first_pte_in_page(pte) ||
2171 (largepage_lvl > 1 && sg_res < lvl_pages)) {
2172 domain_flush_cache(domain, first_pte,
2173 (void *)pte - (void *)first_pte);
2177 if (!sg_res && nr_pages)
2183 static inline int domain_sg_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2184 struct scatterlist *sg, unsigned long nr_pages,
2187 return __domain_mapping(domain, iov_pfn, sg, 0, nr_pages, prot);
2190 static inline int domain_pfn_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2191 unsigned long phys_pfn, unsigned long nr_pages,
2194 return __domain_mapping(domain, iov_pfn, NULL, phys_pfn, nr_pages, prot);
2197 static void iommu_detach_dev(struct intel_iommu *iommu, u8 bus, u8 devfn)
2202 clear_context_table(iommu, bus, devfn);
2203 iommu->flush.flush_context(iommu, 0, 0, 0,
2204 DMA_CCMD_GLOBAL_INVL);
2205 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
2208 static inline void unlink_domain_info(struct device_domain_info *info)
2210 assert_spin_locked(&device_domain_lock);
2211 list_del(&info->link);
2212 list_del(&info->global);
2214 info->dev->archdata.iommu = NULL;
2217 static void domain_remove_dev_info(struct dmar_domain *domain)
2219 struct device_domain_info *info, *tmp;
2220 unsigned long flags;
2222 spin_lock_irqsave(&device_domain_lock, flags);
2223 list_for_each_entry_safe(info, tmp, &domain->devices, link) {
2224 unlink_domain_info(info);
2225 spin_unlock_irqrestore(&device_domain_lock, flags);
2227 iommu_disable_dev_iotlb(info);
2228 iommu_detach_dev(info->iommu, info->bus, info->devfn);
2230 if (domain_type_is_vm(domain)) {
2231 iommu_detach_dependent_devices(info->iommu, info->dev);
2232 domain_detach_iommu(domain, info->iommu);
2235 free_devinfo_mem(info);
2236 spin_lock_irqsave(&device_domain_lock, flags);
2238 spin_unlock_irqrestore(&device_domain_lock, flags);
2243 * Note: we use struct device->archdata.iommu stores the info
2245 static struct dmar_domain *find_domain(struct device *dev)
2247 struct device_domain_info *info;
2249 /* No lock here, assumes no domain exit in normal case */
2250 info = dev->archdata.iommu;
2252 return info->domain;
2256 static inline struct device_domain_info *
2257 dmar_search_domain_by_dev_info(int segment, int bus, int devfn)
2259 struct device_domain_info *info;
2261 list_for_each_entry(info, &device_domain_list, global)
2262 if (info->iommu->segment == segment && info->bus == bus &&
2263 info->devfn == devfn)
2269 static struct dmar_domain *dmar_insert_dev_info(struct intel_iommu *iommu,
2272 struct dmar_domain *domain)
2274 struct dmar_domain *found = NULL;
2275 struct device_domain_info *info;
2276 unsigned long flags;
2278 info = alloc_devinfo_mem();
2283 info->devfn = devfn;
2284 info->ats.enabled = 0;
2287 info->domain = domain;
2288 info->iommu = iommu;
2290 spin_lock_irqsave(&device_domain_lock, flags);
2292 found = find_domain(dev);
2294 struct device_domain_info *info2;
2295 info2 = dmar_search_domain_by_dev_info(iommu->segment, bus, devfn);
2297 found = info2->domain;
2300 spin_unlock_irqrestore(&device_domain_lock, flags);
2301 free_devinfo_mem(info);
2302 /* Caller must free the original domain */
2306 list_add(&info->link, &domain->devices);
2307 list_add(&info->global, &device_domain_list);
2309 dev->archdata.iommu = info;
2310 spin_unlock_irqrestore(&device_domain_lock, flags);
2315 static int get_last_alias(struct pci_dev *pdev, u16 alias, void *opaque)
2317 *(u16 *)opaque = alias;
2321 /* domain is initialized */
2322 static struct dmar_domain *get_domain_for_dev(struct device *dev, int gaw)
2324 struct dmar_domain *domain, *tmp;
2325 struct intel_iommu *iommu;
2326 struct device_domain_info *info;
2328 unsigned long flags;
2331 domain = find_domain(dev);
2335 iommu = device_to_iommu(dev, &bus, &devfn);
2339 if (dev_is_pci(dev)) {
2340 struct pci_dev *pdev = to_pci_dev(dev);
2342 pci_for_each_dma_alias(pdev, get_last_alias, &dma_alias);
2344 spin_lock_irqsave(&device_domain_lock, flags);
2345 info = dmar_search_domain_by_dev_info(pci_domain_nr(pdev->bus),
2346 PCI_BUS_NUM(dma_alias),
2349 iommu = info->iommu;
2350 domain = info->domain;
2352 spin_unlock_irqrestore(&device_domain_lock, flags);
2354 /* DMA alias already has a domain, uses it */
2359 /* Allocate and initialize new domain for the device */
2360 domain = alloc_domain(0);
2363 domain->id = iommu_attach_domain(domain, iommu);
2364 if (domain->id < 0) {
2365 free_domain_mem(domain);
2368 domain_attach_iommu(domain, iommu);
2369 if (domain_init(domain, gaw)) {
2370 domain_exit(domain);
2374 /* register PCI DMA alias device */
2375 if (dev_is_pci(dev)) {
2376 tmp = dmar_insert_dev_info(iommu, PCI_BUS_NUM(dma_alias),
2377 dma_alias & 0xff, NULL, domain);
2379 if (!tmp || tmp != domain) {
2380 domain_exit(domain);
2389 tmp = dmar_insert_dev_info(iommu, bus, devfn, dev, domain);
2391 if (!tmp || tmp != domain) {
2392 domain_exit(domain);
2399 static int iommu_identity_mapping;
2400 #define IDENTMAP_ALL 1
2401 #define IDENTMAP_GFX 2
2402 #define IDENTMAP_AZALIA 4
2404 static int iommu_domain_identity_map(struct dmar_domain *domain,
2405 unsigned long long start,
2406 unsigned long long end)
2408 unsigned long first_vpfn = start >> VTD_PAGE_SHIFT;
2409 unsigned long last_vpfn = end >> VTD_PAGE_SHIFT;
2411 if (!reserve_iova(&domain->iovad, dma_to_mm_pfn(first_vpfn),
2412 dma_to_mm_pfn(last_vpfn))) {
2413 pr_err("Reserving iova failed\n");
2417 pr_debug("Mapping reserved region %llx-%llx for domain %d\n",
2418 start, end, domain->id);
2420 * RMRR range might have overlap with physical memory range,
2423 dma_pte_clear_range(domain, first_vpfn, last_vpfn);
2425 return domain_pfn_mapping(domain, first_vpfn, first_vpfn,
2426 last_vpfn - first_vpfn + 1,
2427 DMA_PTE_READ|DMA_PTE_WRITE);
2430 static int iommu_prepare_identity_map(struct device *dev,
2431 unsigned long long start,
2432 unsigned long long end)
2434 struct dmar_domain *domain;
2437 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
2441 /* For _hardware_ passthrough, don't bother. But for software
2442 passthrough, we do it anyway -- it may indicate a memory
2443 range which is reserved in E820, so which didn't get set
2444 up to start with in si_domain */
2445 if (domain == si_domain && hw_pass_through) {
2446 pr_warn("Ignoring identity map for HW passthrough device %s [0x%Lx - 0x%Lx]\n",
2447 dev_name(dev), start, end);
2451 pr_info("Setting identity map for device %s [0x%Lx - 0x%Lx]\n",
2452 dev_name(dev), start, end);
2455 WARN(1, "Your BIOS is broken; RMRR ends before it starts!\n"
2456 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2457 dmi_get_system_info(DMI_BIOS_VENDOR),
2458 dmi_get_system_info(DMI_BIOS_VERSION),
2459 dmi_get_system_info(DMI_PRODUCT_VERSION));
2464 if (end >> agaw_to_width(domain->agaw)) {
2465 WARN(1, "Your BIOS is broken; RMRR exceeds permitted address width (%d bits)\n"
2466 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2467 agaw_to_width(domain->agaw),
2468 dmi_get_system_info(DMI_BIOS_VENDOR),
2469 dmi_get_system_info(DMI_BIOS_VERSION),
2470 dmi_get_system_info(DMI_PRODUCT_VERSION));
2475 ret = iommu_domain_identity_map(domain, start, end);
2479 /* context entry init */
2480 ret = domain_context_mapping(domain, dev, CONTEXT_TT_MULTI_LEVEL);
2487 domain_exit(domain);
2491 static inline int iommu_prepare_rmrr_dev(struct dmar_rmrr_unit *rmrr,
2494 if (dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO)
2496 return iommu_prepare_identity_map(dev, rmrr->base_address,
2500 #ifdef CONFIG_INTEL_IOMMU_FLOPPY_WA
2501 static inline void iommu_prepare_isa(void)
2503 struct pci_dev *pdev;
2506 pdev = pci_get_class(PCI_CLASS_BRIDGE_ISA << 8, NULL);
2510 pr_info("Prepare 0-16MiB unity mapping for LPC\n");
2511 ret = iommu_prepare_identity_map(&pdev->dev, 0, 16*1024*1024 - 1);
2514 pr_err("Failed to create 0-16MiB identity map - floppy might not work\n");
2519 static inline void iommu_prepare_isa(void)
2523 #endif /* !CONFIG_INTEL_IOMMU_FLPY_WA */
2525 static int md_domain_init(struct dmar_domain *domain, int guest_width);
2527 static int __init si_domain_init(int hw)
2529 struct dmar_drhd_unit *drhd;
2530 struct intel_iommu *iommu;
2534 si_domain = alloc_domain(DOMAIN_FLAG_STATIC_IDENTITY);
2538 for_each_active_iommu(iommu, drhd) {
2539 ret = iommu_attach_domain(si_domain, iommu);
2541 domain_exit(si_domain);
2544 si_domain->id = ret;
2546 } else if (si_domain->id != ret) {
2547 domain_exit(si_domain);
2550 domain_attach_iommu(si_domain, iommu);
2553 if (md_domain_init(si_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
2554 domain_exit(si_domain);
2558 pr_debug("Identity mapping domain is domain %d\n",
2564 for_each_online_node(nid) {
2565 unsigned long start_pfn, end_pfn;
2568 for_each_mem_pfn_range(i, nid, &start_pfn, &end_pfn, NULL) {
2569 ret = iommu_domain_identity_map(si_domain,
2570 PFN_PHYS(start_pfn), PFN_PHYS(end_pfn));
2579 static int identity_mapping(struct device *dev)
2581 struct device_domain_info *info;
2583 if (likely(!iommu_identity_mapping))
2586 info = dev->archdata.iommu;
2587 if (info && info != DUMMY_DEVICE_DOMAIN_INFO)
2588 return (info->domain == si_domain);
2593 static int domain_add_dev_info(struct dmar_domain *domain,
2594 struct device *dev, int translation)
2596 struct dmar_domain *ndomain;
2597 struct intel_iommu *iommu;
2601 iommu = device_to_iommu(dev, &bus, &devfn);
2605 ndomain = dmar_insert_dev_info(iommu, bus, devfn, dev, domain);
2606 if (ndomain != domain)
2609 ret = domain_context_mapping(domain, dev, translation);
2611 domain_remove_one_dev_info(domain, dev);
2618 static bool device_has_rmrr(struct device *dev)
2620 struct dmar_rmrr_unit *rmrr;
2625 for_each_rmrr_units(rmrr) {
2627 * Return TRUE if this RMRR contains the device that
2630 for_each_active_dev_scope(rmrr->devices,
2631 rmrr->devices_cnt, i, tmp)
2642 * There are a couple cases where we need to restrict the functionality of
2643 * devices associated with RMRRs. The first is when evaluating a device for
2644 * identity mapping because problems exist when devices are moved in and out
2645 * of domains and their respective RMRR information is lost. This means that
2646 * a device with associated RMRRs will never be in a "passthrough" domain.
2647 * The second is use of the device through the IOMMU API. This interface
2648 * expects to have full control of the IOVA space for the device. We cannot
2649 * satisfy both the requirement that RMRR access is maintained and have an
2650 * unencumbered IOVA space. We also have no ability to quiesce the device's
2651 * use of the RMRR space or even inform the IOMMU API user of the restriction.
2652 * We therefore prevent devices associated with an RMRR from participating in
2653 * the IOMMU API, which eliminates them from device assignment.
2655 * In both cases we assume that PCI USB devices with RMRRs have them largely
2656 * for historical reasons and that the RMRR space is not actively used post
2657 * boot. This exclusion may change if vendors begin to abuse it.
2659 * The same exception is made for graphics devices, with the requirement that
2660 * any use of the RMRR regions will be torn down before assigning the device
2663 static bool device_is_rmrr_locked(struct device *dev)
2665 if (!device_has_rmrr(dev))
2668 if (dev_is_pci(dev)) {
2669 struct pci_dev *pdev = to_pci_dev(dev);
2671 if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
2678 static int iommu_should_identity_map(struct device *dev, int startup)
2681 if (dev_is_pci(dev)) {
2682 struct pci_dev *pdev = to_pci_dev(dev);
2684 if (device_is_rmrr_locked(dev))
2687 if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev))
2690 if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev))
2693 if (!(iommu_identity_mapping & IDENTMAP_ALL))
2697 * We want to start off with all devices in the 1:1 domain, and
2698 * take them out later if we find they can't access all of memory.
2700 * However, we can't do this for PCI devices behind bridges,
2701 * because all PCI devices behind the same bridge will end up
2702 * with the same source-id on their transactions.
2704 * Practically speaking, we can't change things around for these
2705 * devices at run-time, because we can't be sure there'll be no
2706 * DMA transactions in flight for any of their siblings.
2708 * So PCI devices (unless they're on the root bus) as well as
2709 * their parent PCI-PCI or PCIe-PCI bridges must be left _out_ of
2710 * the 1:1 domain, just in _case_ one of their siblings turns out
2711 * not to be able to map all of memory.
2713 if (!pci_is_pcie(pdev)) {
2714 if (!pci_is_root_bus(pdev->bus))
2716 if (pdev->class >> 8 == PCI_CLASS_BRIDGE_PCI)
2718 } else if (pci_pcie_type(pdev) == PCI_EXP_TYPE_PCI_BRIDGE)
2721 if (device_has_rmrr(dev))
2726 * At boot time, we don't yet know if devices will be 64-bit capable.
2727 * Assume that they will — if they turn out not to be, then we can
2728 * take them out of the 1:1 domain later.
2732 * If the device's dma_mask is less than the system's memory
2733 * size then this is not a candidate for identity mapping.
2735 u64 dma_mask = *dev->dma_mask;
2737 if (dev->coherent_dma_mask &&
2738 dev->coherent_dma_mask < dma_mask)
2739 dma_mask = dev->coherent_dma_mask;
2741 return dma_mask >= dma_get_required_mask(dev);
2747 static int __init dev_prepare_static_identity_mapping(struct device *dev, int hw)
2751 if (!iommu_should_identity_map(dev, 1))
2754 ret = domain_add_dev_info(si_domain, dev,
2755 hw ? CONTEXT_TT_PASS_THROUGH :
2756 CONTEXT_TT_MULTI_LEVEL);
2758 pr_info("%s identity mapping for device %s\n",
2759 hw ? "Hardware" : "Software", dev_name(dev));
2760 else if (ret == -ENODEV)
2761 /* device not associated with an iommu */
2768 static int __init iommu_prepare_static_identity_mapping(int hw)
2770 struct pci_dev *pdev = NULL;
2771 struct dmar_drhd_unit *drhd;
2772 struct intel_iommu *iommu;
2777 for_each_pci_dev(pdev) {
2778 ret = dev_prepare_static_identity_mapping(&pdev->dev, hw);
2783 for_each_active_iommu(iommu, drhd)
2784 for_each_active_dev_scope(drhd->devices, drhd->devices_cnt, i, dev) {
2785 struct acpi_device_physical_node *pn;
2786 struct acpi_device *adev;
2788 if (dev->bus != &acpi_bus_type)
2791 adev= to_acpi_device(dev);
2792 mutex_lock(&adev->physical_node_lock);
2793 list_for_each_entry(pn, &adev->physical_node_list, node) {
2794 ret = dev_prepare_static_identity_mapping(pn->dev, hw);
2798 mutex_unlock(&adev->physical_node_lock);
2806 static void intel_iommu_init_qi(struct intel_iommu *iommu)
2809 * Start from the sane iommu hardware state.
2810 * If the queued invalidation is already initialized by us
2811 * (for example, while enabling interrupt-remapping) then
2812 * we got the things already rolling from a sane state.
2816 * Clear any previous faults.
2818 dmar_fault(-1, iommu);
2820 * Disable queued invalidation if supported and already enabled
2821 * before OS handover.
2823 dmar_disable_qi(iommu);
2826 if (dmar_enable_qi(iommu)) {
2828 * Queued Invalidate not enabled, use Register Based Invalidate
2830 iommu->flush.flush_context = __iommu_flush_context;
2831 iommu->flush.flush_iotlb = __iommu_flush_iotlb;
2832 pr_info("%s: Using Register based invalidation\n",
2835 iommu->flush.flush_context = qi_flush_context;
2836 iommu->flush.flush_iotlb = qi_flush_iotlb;
2837 pr_info("%s: Using Queued invalidation\n", iommu->name);
2841 static int copy_context_table(struct intel_iommu *iommu,
2842 struct root_entry *old_re,
2843 struct context_entry **tbl,
2846 struct context_entry *old_ce = NULL, *new_ce = NULL, ce;
2847 int tbl_idx, pos = 0, idx, devfn, ret = 0, did;
2848 phys_addr_t old_ce_phys;
2850 tbl_idx = ext ? bus * 2 : bus;
2852 for (devfn = 0; devfn < 256; devfn++) {
2853 /* First calculate the correct index */
2854 idx = (ext ? devfn * 2 : devfn) % 256;
2857 /* First save what we may have and clean up */
2859 tbl[tbl_idx] = new_ce;
2860 __iommu_flush_cache(iommu, new_ce,
2870 old_ce_phys = root_entry_lctp(old_re);
2872 old_ce_phys = root_entry_uctp(old_re);
2875 if (ext && devfn == 0) {
2876 /* No LCTP, try UCTP */
2885 old_ce = ioremap_cache(old_ce_phys, PAGE_SIZE);
2889 new_ce = alloc_pgtable_page(iommu->node);
2896 /* Now copy the context entry */
2899 if (!__context_present(&ce))
2902 did = context_domain_id(&ce);
2903 if (did >= 0 && did < cap_ndoms(iommu->cap))
2904 set_bit(did, iommu->domain_ids);
2907 * We need a marker for copied context entries. This
2908 * marker needs to work for the old format as well as
2909 * for extended context entries.
2911 * Bit 67 of the context entry is used. In the old
2912 * format this bit is available to software, in the
2913 * extended format it is the PGE bit, but PGE is ignored
2914 * by HW if PASIDs are disabled (and thus still
2917 * So disable PASIDs first and then mark the entry
2918 * copied. This means that we don't copy PASID
2919 * translations from the old kernel, but this is fine as
2920 * faults there are not fatal.
2922 context_clear_pasid_enable(&ce);
2923 context_set_copied(&ce);
2928 tbl[tbl_idx + pos] = new_ce;
2930 __iommu_flush_cache(iommu, new_ce, VTD_PAGE_SIZE);
2939 static int copy_translation_tables(struct intel_iommu *iommu)
2941 struct context_entry **ctxt_tbls;
2942 struct root_entry *old_rt;
2943 phys_addr_t old_rt_phys;
2944 int ctxt_table_entries;
2945 unsigned long flags;
2950 rtaddr_reg = dmar_readq(iommu->reg + DMAR_RTADDR_REG);
2951 ext = !!(rtaddr_reg & DMA_RTADDR_RTT);
2952 new_ext = !!ecap_ecs(iommu->ecap);
2955 * The RTT bit can only be changed when translation is disabled,
2956 * but disabling translation means to open a window for data
2957 * corruption. So bail out and don't copy anything if we would
2958 * have to change the bit.
2963 old_rt_phys = rtaddr_reg & VTD_PAGE_MASK;
2967 old_rt = ioremap_cache(old_rt_phys, PAGE_SIZE);
2971 /* This is too big for the stack - allocate it from slab */
2972 ctxt_table_entries = ext ? 512 : 256;
2974 ctxt_tbls = kzalloc(ctxt_table_entries * sizeof(void *), GFP_KERNEL);
2978 for (bus = 0; bus < 256; bus++) {
2979 ret = copy_context_table(iommu, &old_rt[bus],
2980 ctxt_tbls, bus, ext);
2982 pr_err("%s: Failed to copy context table for bus %d\n",
2988 spin_lock_irqsave(&iommu->lock, flags);
2990 /* Context tables are copied, now write them to the root_entry table */
2991 for (bus = 0; bus < 256; bus++) {
2992 int idx = ext ? bus * 2 : bus;
2995 if (ctxt_tbls[idx]) {
2996 val = virt_to_phys(ctxt_tbls[idx]) | 1;
2997 iommu->root_entry[bus].lo = val;
3000 if (!ext || !ctxt_tbls[idx + 1])
3003 val = virt_to_phys(ctxt_tbls[idx + 1]) | 1;
3004 iommu->root_entry[bus].hi = val;
3007 spin_unlock_irqrestore(&iommu->lock, flags);
3011 __iommu_flush_cache(iommu, iommu->root_entry, PAGE_SIZE);
3021 static int __init init_dmars(void)
3023 struct dmar_drhd_unit *drhd;
3024 struct dmar_rmrr_unit *rmrr;
3025 bool copied_tables = false;
3027 struct intel_iommu *iommu;
3033 * initialize and program root entry to not present
3036 for_each_drhd_unit(drhd) {
3038 * lock not needed as this is only incremented in the single
3039 * threaded kernel __init code path all other access are read
3042 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED) {
3046 pr_err_once("Exceeded %d IOMMUs\n", DMAR_UNITS_SUPPORTED);
3049 /* Preallocate enough resources for IOMMU hot-addition */
3050 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED)
3051 g_num_of_iommus = DMAR_UNITS_SUPPORTED;
3053 g_iommus = kcalloc(g_num_of_iommus, sizeof(struct intel_iommu *),
3056 pr_err("Allocating global iommu array failed\n");
3061 deferred_flush = kzalloc(g_num_of_iommus *
3062 sizeof(struct deferred_flush_tables), GFP_KERNEL);
3063 if (!deferred_flush) {
3068 for_each_active_iommu(iommu, drhd) {
3069 g_iommus[iommu->seq_id] = iommu;
3071 intel_iommu_init_qi(iommu);
3073 ret = iommu_init_domains(iommu);
3077 init_translation_status(iommu);
3079 if (translation_pre_enabled(iommu) && !is_kdump_kernel()) {
3080 iommu_disable_translation(iommu);
3081 clear_translation_pre_enabled(iommu);
3082 pr_warn("Translation was enabled for %s but we are not in kdump mode\n",
3088 * we could share the same root & context tables
3089 * among all IOMMU's. Need to Split it later.
3091 ret = iommu_alloc_root_entry(iommu);
3095 if (translation_pre_enabled(iommu)) {
3096 pr_info("Translation already enabled - trying to copy translation structures\n");
3098 ret = copy_translation_tables(iommu);
3101 * We found the IOMMU with translation
3102 * enabled - but failed to copy over the
3103 * old root-entry table. Try to proceed
3104 * by disabling translation now and
3105 * allocating a clean root-entry table.
3106 * This might cause DMAR faults, but
3107 * probably the dump will still succeed.
3109 pr_err("Failed to copy translation tables from previous kernel for %s\n",
3111 iommu_disable_translation(iommu);
3112 clear_translation_pre_enabled(iommu);
3114 pr_info("Copied translation tables from previous kernel for %s\n",
3116 copied_tables = true;
3120 iommu_flush_write_buffer(iommu);
3121 iommu_set_root_entry(iommu);
3122 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
3123 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3125 if (!ecap_pass_through(iommu->ecap))
3126 hw_pass_through = 0;
3129 if (iommu_pass_through)
3130 iommu_identity_mapping |= IDENTMAP_ALL;
3132 #ifdef CONFIG_INTEL_IOMMU_BROKEN_GFX_WA
3133 iommu_identity_mapping |= IDENTMAP_GFX;
3136 if (iommu_identity_mapping) {
3137 ret = si_domain_init(hw_pass_through);
3142 check_tylersburg_isoch();
3145 * If we copied translations from a previous kernel in the kdump
3146 * case, we can not assign the devices to domains now, as that
3147 * would eliminate the old mappings. So skip this part and defer
3148 * the assignment to device driver initialization time.
3154 * If pass through is not set or not enabled, setup context entries for
3155 * identity mappings for rmrr, gfx, and isa and may fall back to static
3156 * identity mapping if iommu_identity_mapping is set.
3158 if (iommu_identity_mapping) {
3159 ret = iommu_prepare_static_identity_mapping(hw_pass_through);
3161 pr_crit("Failed to setup IOMMU pass-through\n");
3167 * for each dev attached to rmrr
3169 * locate drhd for dev, alloc domain for dev
3170 * allocate free domain
3171 * allocate page table entries for rmrr
3172 * if context not allocated for bus
3173 * allocate and init context
3174 * set present in root table for this bus
3175 * init context with domain, translation etc
3179 pr_info("Setting RMRR:\n");
3180 for_each_rmrr_units(rmrr) {
3181 /* some BIOS lists non-exist devices in DMAR table. */
3182 for_each_active_dev_scope(rmrr->devices, rmrr->devices_cnt,
3184 ret = iommu_prepare_rmrr_dev(rmrr, dev);
3186 pr_err("Mapping reserved region failed\n");
3190 iommu_prepare_isa();
3197 * global invalidate context cache
3198 * global invalidate iotlb
3199 * enable translation
3201 for_each_iommu(iommu, drhd) {
3202 if (drhd->ignored) {
3204 * we always have to disable PMRs or DMA may fail on
3208 iommu_disable_protect_mem_regions(iommu);
3212 iommu_flush_write_buffer(iommu);
3214 ret = dmar_set_interrupt(iommu);
3218 if (!translation_pre_enabled(iommu))
3219 iommu_enable_translation(iommu);
3221 iommu_disable_protect_mem_regions(iommu);
3227 for_each_active_iommu(iommu, drhd) {
3228 disable_dmar_iommu(iommu);
3229 free_dmar_iommu(iommu);
3231 kfree(deferred_flush);
3238 /* This takes a number of _MM_ pages, not VTD pages */
3239 static struct iova *intel_alloc_iova(struct device *dev,
3240 struct dmar_domain *domain,
3241 unsigned long nrpages, uint64_t dma_mask)
3243 struct iova *iova = NULL;
3245 /* Restrict dma_mask to the width that the iommu can handle */
3246 dma_mask = min_t(uint64_t, DOMAIN_MAX_ADDR(domain->gaw), dma_mask);
3248 if (!dmar_forcedac && dma_mask > DMA_BIT_MASK(32)) {
3250 * First try to allocate an io virtual address in
3251 * DMA_BIT_MASK(32) and if that fails then try allocating
3254 iova = alloc_iova(&domain->iovad, nrpages,
3255 IOVA_PFN(DMA_BIT_MASK(32)), 1);
3259 iova = alloc_iova(&domain->iovad, nrpages, IOVA_PFN(dma_mask), 1);
3260 if (unlikely(!iova)) {
3261 pr_err("Allocating %ld-page iova for %s failed",
3262 nrpages, dev_name(dev));
3269 static struct dmar_domain *__get_valid_domain_for_dev(struct device *dev)
3271 struct dmar_domain *domain;
3274 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
3276 pr_err("Allocating domain for %s failed\n",
3281 /* make sure context mapping is ok */
3282 if (unlikely(!domain_context_mapped(dev))) {
3283 ret = domain_context_mapping(domain, dev, CONTEXT_TT_MULTI_LEVEL);
3285 pr_err("Domain context map for %s failed\n",
3294 static inline struct dmar_domain *get_valid_domain_for_dev(struct device *dev)
3296 struct device_domain_info *info;
3298 /* No lock here, assumes no domain exit in normal case */
3299 info = dev->archdata.iommu;
3301 return info->domain;
3303 return __get_valid_domain_for_dev(dev);
3306 /* Check if the dev needs to go through non-identity map and unmap process.*/
3307 static int iommu_no_mapping(struct device *dev)
3311 if (iommu_dummy(dev))
3314 if (!iommu_identity_mapping)
3317 found = identity_mapping(dev);
3319 if (iommu_should_identity_map(dev, 0))
3323 * 32 bit DMA is removed from si_domain and fall back
3324 * to non-identity mapping.
3326 domain_remove_one_dev_info(si_domain, dev);
3327 pr_info("32bit %s uses non-identity mapping\n",
3333 * In case of a detached 64 bit DMA device from vm, the device
3334 * is put into si_domain for identity mapping.
3336 if (iommu_should_identity_map(dev, 0)) {
3338 ret = domain_add_dev_info(si_domain, dev,
3340 CONTEXT_TT_PASS_THROUGH :
3341 CONTEXT_TT_MULTI_LEVEL);
3343 pr_info("64bit %s uses identity mapping\n",
3353 static dma_addr_t __intel_map_single(struct device *dev, phys_addr_t paddr,
3354 size_t size, int dir, u64 dma_mask)
3356 struct dmar_domain *domain;
3357 phys_addr_t start_paddr;
3361 struct intel_iommu *iommu;
3362 unsigned long paddr_pfn = paddr >> PAGE_SHIFT;
3364 BUG_ON(dir == DMA_NONE);
3366 if (iommu_no_mapping(dev))
3369 domain = get_valid_domain_for_dev(dev);
3373 iommu = domain_get_iommu(domain);
3374 size = aligned_nrpages(paddr, size);
3376 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size), dma_mask);
3381 * Check if DMAR supports zero-length reads on write only
3384 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3385 !cap_zlr(iommu->cap))
3386 prot |= DMA_PTE_READ;
3387 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3388 prot |= DMA_PTE_WRITE;
3390 * paddr - (paddr + size) might be partial page, we should map the whole
3391 * page. Note: if two part of one page are separately mapped, we
3392 * might have two guest_addr mapping to the same host paddr, but this
3393 * is not a big problem
3395 ret = domain_pfn_mapping(domain, mm_to_dma_pfn(iova->pfn_lo),
3396 mm_to_dma_pfn(paddr_pfn), size, prot);
3400 /* it's a non-present to present mapping. Only flush if caching mode */
3401 if (cap_caching_mode(iommu->cap))
3402 iommu_flush_iotlb_psi(iommu, domain->id, mm_to_dma_pfn(iova->pfn_lo), size, 0, 1);
3404 iommu_flush_write_buffer(iommu);
3406 start_paddr = (phys_addr_t)iova->pfn_lo << PAGE_SHIFT;
3407 start_paddr += paddr & ~PAGE_MASK;
3412 __free_iova(&domain->iovad, iova);
3413 pr_err("Device %s request: %zx@%llx dir %d --- failed\n",
3414 dev_name(dev), size, (unsigned long long)paddr, dir);
3418 static dma_addr_t intel_map_page(struct device *dev, struct page *page,
3419 unsigned long offset, size_t size,
3420 enum dma_data_direction dir,
3421 struct dma_attrs *attrs)
3423 return __intel_map_single(dev, page_to_phys(page) + offset, size,
3424 dir, *dev->dma_mask);
3427 static void flush_unmaps(void)
3433 /* just flush them all */
3434 for (i = 0; i < g_num_of_iommus; i++) {
3435 struct intel_iommu *iommu = g_iommus[i];
3439 if (!deferred_flush[i].next)
3442 /* In caching mode, global flushes turn emulation expensive */
3443 if (!cap_caching_mode(iommu->cap))
3444 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3445 DMA_TLB_GLOBAL_FLUSH);
3446 for (j = 0; j < deferred_flush[i].next; j++) {
3448 struct iova *iova = deferred_flush[i].iova[j];
3449 struct dmar_domain *domain = deferred_flush[i].domain[j];
3451 /* On real hardware multiple invalidations are expensive */
3452 if (cap_caching_mode(iommu->cap))
3453 iommu_flush_iotlb_psi(iommu, domain->id,
3454 iova->pfn_lo, iova_size(iova),
3455 !deferred_flush[i].freelist[j], 0);
3457 mask = ilog2(mm_to_dma_pfn(iova_size(iova)));
3458 iommu_flush_dev_iotlb(deferred_flush[i].domain[j],
3459 (uint64_t)iova->pfn_lo << PAGE_SHIFT, mask);
3461 __free_iova(&deferred_flush[i].domain[j]->iovad, iova);
3462 if (deferred_flush[i].freelist[j])
3463 dma_free_pagelist(deferred_flush[i].freelist[j]);
3465 deferred_flush[i].next = 0;
3471 static void flush_unmaps_timeout(unsigned long data)
3473 unsigned long flags;
3475 spin_lock_irqsave(&async_umap_flush_lock, flags);
3477 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3480 static void add_unmap(struct dmar_domain *dom, struct iova *iova, struct page *freelist)
3482 unsigned long flags;
3484 struct intel_iommu *iommu;
3486 spin_lock_irqsave(&async_umap_flush_lock, flags);
3487 if (list_size == HIGH_WATER_MARK)
3490 iommu = domain_get_iommu(dom);
3491 iommu_id = iommu->seq_id;
3493 next = deferred_flush[iommu_id].next;
3494 deferred_flush[iommu_id].domain[next] = dom;
3495 deferred_flush[iommu_id].iova[next] = iova;
3496 deferred_flush[iommu_id].freelist[next] = freelist;
3497 deferred_flush[iommu_id].next++;
3500 mod_timer(&unmap_timer, jiffies + msecs_to_jiffies(10));
3504 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3507 static void intel_unmap(struct device *dev, dma_addr_t dev_addr)
3509 struct dmar_domain *domain;
3510 unsigned long start_pfn, last_pfn;
3512 struct intel_iommu *iommu;
3513 struct page *freelist;
3515 if (iommu_no_mapping(dev))
3518 domain = find_domain(dev);
3521 iommu = domain_get_iommu(domain);
3523 iova = find_iova(&domain->iovad, IOVA_PFN(dev_addr));
3524 if (WARN_ONCE(!iova, "Driver unmaps unmatched page at PFN %llx\n",
3525 (unsigned long long)dev_addr))
3528 start_pfn = mm_to_dma_pfn(iova->pfn_lo);
3529 last_pfn = mm_to_dma_pfn(iova->pfn_hi + 1) - 1;
3531 pr_debug("Device %s unmapping: pfn %lx-%lx\n",
3532 dev_name(dev), start_pfn, last_pfn);
3534 freelist = domain_unmap(domain, start_pfn, last_pfn);
3536 if (intel_iommu_strict) {
3537 iommu_flush_iotlb_psi(iommu, domain->id, start_pfn,
3538 last_pfn - start_pfn + 1, !freelist, 0);
3540 __free_iova(&domain->iovad, iova);
3541 dma_free_pagelist(freelist);
3543 add_unmap(domain, iova, freelist);
3545 * queue up the release of the unmap to save the 1/6th of the
3546 * cpu used up by the iotlb flush operation...
3551 static void intel_unmap_page(struct device *dev, dma_addr_t dev_addr,
3552 size_t size, enum dma_data_direction dir,
3553 struct dma_attrs *attrs)
3555 intel_unmap(dev, dev_addr);
3558 static void *intel_alloc_coherent(struct device *dev, size_t size,
3559 dma_addr_t *dma_handle, gfp_t flags,
3560 struct dma_attrs *attrs)
3562 struct page *page = NULL;
3565 size = PAGE_ALIGN(size);
3566 order = get_order(size);
3568 if (!iommu_no_mapping(dev))
3569 flags &= ~(GFP_DMA | GFP_DMA32);
3570 else if (dev->coherent_dma_mask < dma_get_required_mask(dev)) {
3571 if (dev->coherent_dma_mask < DMA_BIT_MASK(32))
3577 if (flags & __GFP_WAIT) {
3578 unsigned int count = size >> PAGE_SHIFT;
3580 page = dma_alloc_from_contiguous(dev, count, order);
3581 if (page && iommu_no_mapping(dev) &&
3582 page_to_phys(page) + size > dev->coherent_dma_mask) {
3583 dma_release_from_contiguous(dev, page, count);
3589 page = alloc_pages(flags, order);
3592 memset(page_address(page), 0, size);
3594 *dma_handle = __intel_map_single(dev, page_to_phys(page), size,
3596 dev->coherent_dma_mask);
3598 return page_address(page);
3599 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3600 __free_pages(page, order);
3605 static void intel_free_coherent(struct device *dev, size_t size, void *vaddr,
3606 dma_addr_t dma_handle, struct dma_attrs *attrs)
3609 struct page *page = virt_to_page(vaddr);
3611 size = PAGE_ALIGN(size);
3612 order = get_order(size);
3614 intel_unmap(dev, dma_handle);
3615 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3616 __free_pages(page, order);
3619 static void intel_unmap_sg(struct device *dev, struct scatterlist *sglist,
3620 int nelems, enum dma_data_direction dir,
3621 struct dma_attrs *attrs)
3623 intel_unmap(dev, sglist[0].dma_address);
3626 static int intel_nontranslate_map_sg(struct device *hddev,
3627 struct scatterlist *sglist, int nelems, int dir)
3630 struct scatterlist *sg;
3632 for_each_sg(sglist, sg, nelems, i) {
3633 BUG_ON(!sg_page(sg));
3634 sg->dma_address = page_to_phys(sg_page(sg)) + sg->offset;
3635 sg->dma_length = sg->length;
3640 static int intel_map_sg(struct device *dev, struct scatterlist *sglist, int nelems,
3641 enum dma_data_direction dir, struct dma_attrs *attrs)
3644 struct dmar_domain *domain;
3647 struct iova *iova = NULL;
3649 struct scatterlist *sg;
3650 unsigned long start_vpfn;
3651 struct intel_iommu *iommu;
3653 BUG_ON(dir == DMA_NONE);
3654 if (iommu_no_mapping(dev))
3655 return intel_nontranslate_map_sg(dev, sglist, nelems, dir);
3657 domain = get_valid_domain_for_dev(dev);
3661 iommu = domain_get_iommu(domain);
3663 for_each_sg(sglist, sg, nelems, i)
3664 size += aligned_nrpages(sg->offset, sg->length);
3666 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size),
3669 sglist->dma_length = 0;
3674 * Check if DMAR supports zero-length reads on write only
3677 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3678 !cap_zlr(iommu->cap))
3679 prot |= DMA_PTE_READ;
3680 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3681 prot |= DMA_PTE_WRITE;
3683 start_vpfn = mm_to_dma_pfn(iova->pfn_lo);
3685 ret = domain_sg_mapping(domain, start_vpfn, sglist, size, prot);
3686 if (unlikely(ret)) {
3687 dma_pte_free_pagetable(domain, start_vpfn,
3688 start_vpfn + size - 1);
3689 __free_iova(&domain->iovad, iova);
3693 /* it's a non-present to present mapping. Only flush if caching mode */
3694 if (cap_caching_mode(iommu->cap))
3695 iommu_flush_iotlb_psi(iommu, domain->id, start_vpfn, size, 0, 1);
3697 iommu_flush_write_buffer(iommu);
3702 static int intel_mapping_error(struct device *dev, dma_addr_t dma_addr)
3707 struct dma_map_ops intel_dma_ops = {
3708 .alloc = intel_alloc_coherent,
3709 .free = intel_free_coherent,
3710 .map_sg = intel_map_sg,
3711 .unmap_sg = intel_unmap_sg,
3712 .map_page = intel_map_page,
3713 .unmap_page = intel_unmap_page,
3714 .mapping_error = intel_mapping_error,
3717 static inline int iommu_domain_cache_init(void)
3721 iommu_domain_cache = kmem_cache_create("iommu_domain",
3722 sizeof(struct dmar_domain),
3727 if (!iommu_domain_cache) {
3728 pr_err("Couldn't create iommu_domain cache\n");
3735 static inline int iommu_devinfo_cache_init(void)
3739 iommu_devinfo_cache = kmem_cache_create("iommu_devinfo",
3740 sizeof(struct device_domain_info),
3744 if (!iommu_devinfo_cache) {
3745 pr_err("Couldn't create devinfo cache\n");
3752 static int __init iommu_init_mempool(void)
3755 ret = iommu_iova_cache_init();
3759 ret = iommu_domain_cache_init();
3763 ret = iommu_devinfo_cache_init();
3767 kmem_cache_destroy(iommu_domain_cache);
3769 iommu_iova_cache_destroy();
3774 static void __init iommu_exit_mempool(void)
3776 kmem_cache_destroy(iommu_devinfo_cache);
3777 kmem_cache_destroy(iommu_domain_cache);
3778 iommu_iova_cache_destroy();
3781 static void quirk_ioat_snb_local_iommu(struct pci_dev *pdev)
3783 struct dmar_drhd_unit *drhd;
3787 /* We know that this device on this chipset has its own IOMMU.
3788 * If we find it under a different IOMMU, then the BIOS is lying
3789 * to us. Hope that the IOMMU for this device is actually
3790 * disabled, and it needs no translation...
3792 rc = pci_bus_read_config_dword(pdev->bus, PCI_DEVFN(0, 0), 0xb0, &vtbar);
3794 /* "can't" happen */
3795 dev_info(&pdev->dev, "failed to run vt-d quirk\n");
3798 vtbar &= 0xffff0000;
3800 /* we know that the this iommu should be at offset 0xa000 from vtbar */
3801 drhd = dmar_find_matched_drhd_unit(pdev);
3802 if (WARN_TAINT_ONCE(!drhd || drhd->reg_base_addr - vtbar != 0xa000,
3803 TAINT_FIRMWARE_WORKAROUND,
3804 "BIOS assigned incorrect VT-d unit for Intel(R) QuickData Technology device\n"))
3805 pdev->dev.archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3807 DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_IOAT_SNB, quirk_ioat_snb_local_iommu);
3809 static void __init init_no_remapping_devices(void)
3811 struct dmar_drhd_unit *drhd;
3815 for_each_drhd_unit(drhd) {
3816 if (!drhd->include_all) {
3817 for_each_active_dev_scope(drhd->devices,
3818 drhd->devices_cnt, i, dev)
3820 /* ignore DMAR unit if no devices exist */
3821 if (i == drhd->devices_cnt)
3826 for_each_active_drhd_unit(drhd) {
3827 if (drhd->include_all)
3830 for_each_active_dev_scope(drhd->devices,
3831 drhd->devices_cnt, i, dev)
3832 if (!dev_is_pci(dev) || !IS_GFX_DEVICE(to_pci_dev(dev)))
3834 if (i < drhd->devices_cnt)
3837 /* This IOMMU has *only* gfx devices. Either bypass it or
3838 set the gfx_mapped flag, as appropriate */
3840 intel_iommu_gfx_mapped = 1;
3843 for_each_active_dev_scope(drhd->devices,
3844 drhd->devices_cnt, i, dev)
3845 dev->archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3850 #ifdef CONFIG_SUSPEND
3851 static int init_iommu_hw(void)
3853 struct dmar_drhd_unit *drhd;
3854 struct intel_iommu *iommu = NULL;
3856 for_each_active_iommu(iommu, drhd)
3858 dmar_reenable_qi(iommu);
3860 for_each_iommu(iommu, drhd) {
3861 if (drhd->ignored) {
3863 * we always have to disable PMRs or DMA may fail on
3867 iommu_disable_protect_mem_regions(iommu);
3871 iommu_flush_write_buffer(iommu);
3873 iommu_set_root_entry(iommu);
3875 iommu->flush.flush_context(iommu, 0, 0, 0,
3876 DMA_CCMD_GLOBAL_INVL);
3877 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3878 iommu_enable_translation(iommu);
3879 iommu_disable_protect_mem_regions(iommu);
3885 static void iommu_flush_all(void)
3887 struct dmar_drhd_unit *drhd;
3888 struct intel_iommu *iommu;
3890 for_each_active_iommu(iommu, drhd) {
3891 iommu->flush.flush_context(iommu, 0, 0, 0,
3892 DMA_CCMD_GLOBAL_INVL);
3893 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3894 DMA_TLB_GLOBAL_FLUSH);
3898 static int iommu_suspend(void)
3900 struct dmar_drhd_unit *drhd;
3901 struct intel_iommu *iommu = NULL;
3904 for_each_active_iommu(iommu, drhd) {
3905 iommu->iommu_state = kzalloc(sizeof(u32) * MAX_SR_DMAR_REGS,
3907 if (!iommu->iommu_state)
3913 for_each_active_iommu(iommu, drhd) {
3914 iommu_disable_translation(iommu);
3916 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3918 iommu->iommu_state[SR_DMAR_FECTL_REG] =
3919 readl(iommu->reg + DMAR_FECTL_REG);
3920 iommu->iommu_state[SR_DMAR_FEDATA_REG] =
3921 readl(iommu->reg + DMAR_FEDATA_REG);
3922 iommu->iommu_state[SR_DMAR_FEADDR_REG] =
3923 readl(iommu->reg + DMAR_FEADDR_REG);
3924 iommu->iommu_state[SR_DMAR_FEUADDR_REG] =
3925 readl(iommu->reg + DMAR_FEUADDR_REG);
3927 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3932 for_each_active_iommu(iommu, drhd)
3933 kfree(iommu->iommu_state);
3938 static void iommu_resume(void)
3940 struct dmar_drhd_unit *drhd;
3941 struct intel_iommu *iommu = NULL;
3944 if (init_iommu_hw()) {
3946 panic("tboot: IOMMU setup failed, DMAR can not resume!\n");
3948 WARN(1, "IOMMU setup failed, DMAR can not resume!\n");
3952 for_each_active_iommu(iommu, drhd) {
3954 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3956 writel(iommu->iommu_state[SR_DMAR_FECTL_REG],
3957 iommu->reg + DMAR_FECTL_REG);
3958 writel(iommu->iommu_state[SR_DMAR_FEDATA_REG],
3959 iommu->reg + DMAR_FEDATA_REG);
3960 writel(iommu->iommu_state[SR_DMAR_FEADDR_REG],
3961 iommu->reg + DMAR_FEADDR_REG);
3962 writel(iommu->iommu_state[SR_DMAR_FEUADDR_REG],
3963 iommu->reg + DMAR_FEUADDR_REG);
3965 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3968 for_each_active_iommu(iommu, drhd)
3969 kfree(iommu->iommu_state);
3972 static struct syscore_ops iommu_syscore_ops = {
3973 .resume = iommu_resume,
3974 .suspend = iommu_suspend,
3977 static void __init init_iommu_pm_ops(void)
3979 register_syscore_ops(&iommu_syscore_ops);
3983 static inline void init_iommu_pm_ops(void) {}
3984 #endif /* CONFIG_PM */
3987 int __init dmar_parse_one_rmrr(struct acpi_dmar_header *header, void *arg)
3989 struct acpi_dmar_reserved_memory *rmrr;
3990 struct dmar_rmrr_unit *rmrru;
3992 rmrru = kzalloc(sizeof(*rmrru), GFP_KERNEL);
3996 rmrru->hdr = header;
3997 rmrr = (struct acpi_dmar_reserved_memory *)header;
3998 rmrru->base_address = rmrr->base_address;
3999 rmrru->end_address = rmrr->end_address;
4000 rmrru->devices = dmar_alloc_dev_scope((void *)(rmrr + 1),
4001 ((void *)rmrr) + rmrr->header.length,
4002 &rmrru->devices_cnt);
4003 if (rmrru->devices_cnt && rmrru->devices == NULL) {
4008 list_add(&rmrru->list, &dmar_rmrr_units);
4013 static struct dmar_atsr_unit *dmar_find_atsr(struct acpi_dmar_atsr *atsr)
4015 struct dmar_atsr_unit *atsru;
4016 struct acpi_dmar_atsr *tmp;
4018 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
4019 tmp = (struct acpi_dmar_atsr *)atsru->hdr;
4020 if (atsr->segment != tmp->segment)
4022 if (atsr->header.length != tmp->header.length)
4024 if (memcmp(atsr, tmp, atsr->header.length) == 0)
4031 int dmar_parse_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4033 struct acpi_dmar_atsr *atsr;
4034 struct dmar_atsr_unit *atsru;
4036 if (system_state != SYSTEM_BOOTING && !intel_iommu_enabled)
4039 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4040 atsru = dmar_find_atsr(atsr);
4044 atsru = kzalloc(sizeof(*atsru) + hdr->length, GFP_KERNEL);
4049 * If memory is allocated from slab by ACPI _DSM method, we need to
4050 * copy the memory content because the memory buffer will be freed
4053 atsru->hdr = (void *)(atsru + 1);
4054 memcpy(atsru->hdr, hdr, hdr->length);
4055 atsru->include_all = atsr->flags & 0x1;
4056 if (!atsru->include_all) {
4057 atsru->devices = dmar_alloc_dev_scope((void *)(atsr + 1),
4058 (void *)atsr + atsr->header.length,
4059 &atsru->devices_cnt);
4060 if (atsru->devices_cnt && atsru->devices == NULL) {
4066 list_add_rcu(&atsru->list, &dmar_atsr_units);
4071 static void intel_iommu_free_atsr(struct dmar_atsr_unit *atsru)
4073 dmar_free_dev_scope(&atsru->devices, &atsru->devices_cnt);
4077 int dmar_release_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4079 struct acpi_dmar_atsr *atsr;
4080 struct dmar_atsr_unit *atsru;
4082 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4083 atsru = dmar_find_atsr(atsr);
4085 list_del_rcu(&atsru->list);
4087 intel_iommu_free_atsr(atsru);
4093 int dmar_check_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4097 struct acpi_dmar_atsr *atsr;
4098 struct dmar_atsr_unit *atsru;
4100 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4101 atsru = dmar_find_atsr(atsr);
4105 if (!atsru->include_all && atsru->devices && atsru->devices_cnt)
4106 for_each_active_dev_scope(atsru->devices, atsru->devices_cnt,
4113 static int intel_iommu_add(struct dmar_drhd_unit *dmaru)
4116 struct intel_iommu *iommu = dmaru->iommu;
4118 if (g_iommus[iommu->seq_id])
4121 if (hw_pass_through && !ecap_pass_through(iommu->ecap)) {
4122 pr_warn("%s: Doesn't support hardware pass through.\n",
4126 if (!ecap_sc_support(iommu->ecap) &&
4127 domain_update_iommu_snooping(iommu)) {
4128 pr_warn("%s: Doesn't support snooping.\n",
4132 sp = domain_update_iommu_superpage(iommu) - 1;
4133 if (sp >= 0 && !(cap_super_page_val(iommu->cap) & (1 << sp))) {
4134 pr_warn("%s: Doesn't support large page.\n",
4140 * Disable translation if already enabled prior to OS handover.
4142 if (iommu->gcmd & DMA_GCMD_TE)
4143 iommu_disable_translation(iommu);
4145 g_iommus[iommu->seq_id] = iommu;
4146 ret = iommu_init_domains(iommu);
4148 ret = iommu_alloc_root_entry(iommu);
4152 if (dmaru->ignored) {
4154 * we always have to disable PMRs or DMA may fail on this device
4157 iommu_disable_protect_mem_regions(iommu);
4161 intel_iommu_init_qi(iommu);
4162 iommu_flush_write_buffer(iommu);
4163 ret = dmar_set_interrupt(iommu);
4167 iommu_set_root_entry(iommu);
4168 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
4169 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
4170 iommu_enable_translation(iommu);
4173 ret = iommu_attach_domain(si_domain, iommu);
4174 if (ret < 0 || si_domain->id != ret)
4176 domain_attach_iommu(si_domain, iommu);
4179 iommu_disable_protect_mem_regions(iommu);
4183 disable_dmar_iommu(iommu);
4185 free_dmar_iommu(iommu);
4189 int dmar_iommu_hotplug(struct dmar_drhd_unit *dmaru, bool insert)
4192 struct intel_iommu *iommu = dmaru->iommu;
4194 if (!intel_iommu_enabled)
4200 ret = intel_iommu_add(dmaru);
4202 disable_dmar_iommu(iommu);
4203 free_dmar_iommu(iommu);
4209 static void intel_iommu_free_dmars(void)
4211 struct dmar_rmrr_unit *rmrru, *rmrr_n;
4212 struct dmar_atsr_unit *atsru, *atsr_n;
4214 list_for_each_entry_safe(rmrru, rmrr_n, &dmar_rmrr_units, list) {
4215 list_del(&rmrru->list);
4216 dmar_free_dev_scope(&rmrru->devices, &rmrru->devices_cnt);
4220 list_for_each_entry_safe(atsru, atsr_n, &dmar_atsr_units, list) {
4221 list_del(&atsru->list);
4222 intel_iommu_free_atsr(atsru);
4226 int dmar_find_matched_atsr_unit(struct pci_dev *dev)
4229 struct pci_bus *bus;
4230 struct pci_dev *bridge = NULL;
4232 struct acpi_dmar_atsr *atsr;
4233 struct dmar_atsr_unit *atsru;
4235 dev = pci_physfn(dev);
4236 for (bus = dev->bus; bus; bus = bus->parent) {
4238 if (!bridge || !pci_is_pcie(bridge) ||
4239 pci_pcie_type(bridge) == PCI_EXP_TYPE_PCI_BRIDGE)
4241 if (pci_pcie_type(bridge) == PCI_EXP_TYPE_ROOT_PORT)
4248 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
4249 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
4250 if (atsr->segment != pci_domain_nr(dev->bus))
4253 for_each_dev_scope(atsru->devices, atsru->devices_cnt, i, tmp)
4254 if (tmp == &bridge->dev)
4257 if (atsru->include_all)
4267 int dmar_iommu_notify_scope_dev(struct dmar_pci_notify_info *info)
4270 struct dmar_rmrr_unit *rmrru;
4271 struct dmar_atsr_unit *atsru;
4272 struct acpi_dmar_atsr *atsr;
4273 struct acpi_dmar_reserved_memory *rmrr;
4275 if (!intel_iommu_enabled && system_state != SYSTEM_BOOTING)
4278 list_for_each_entry(rmrru, &dmar_rmrr_units, list) {
4279 rmrr = container_of(rmrru->hdr,
4280 struct acpi_dmar_reserved_memory, header);
4281 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
4282 ret = dmar_insert_dev_scope(info, (void *)(rmrr + 1),
4283 ((void *)rmrr) + rmrr->header.length,
4284 rmrr->segment, rmrru->devices,
4285 rmrru->devices_cnt);
4288 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
4289 dmar_remove_dev_scope(info, rmrr->segment,
4290 rmrru->devices, rmrru->devices_cnt);
4294 list_for_each_entry(atsru, &dmar_atsr_units, list) {
4295 if (atsru->include_all)
4298 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
4299 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
4300 ret = dmar_insert_dev_scope(info, (void *)(atsr + 1),
4301 (void *)atsr + atsr->header.length,
4302 atsr->segment, atsru->devices,
4303 atsru->devices_cnt);
4308 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
4309 if (dmar_remove_dev_scope(info, atsr->segment,
4310 atsru->devices, atsru->devices_cnt))
4319 * Here we only respond to action of unbound device from driver.
4321 * Added device is not attached to its DMAR domain here yet. That will happen
4322 * when mapping the device to iova.
4324 static int device_notifier(struct notifier_block *nb,
4325 unsigned long action, void *data)
4327 struct device *dev = data;
4328 struct dmar_domain *domain;
4330 if (iommu_dummy(dev))
4333 if (action != BUS_NOTIFY_REMOVED_DEVICE)
4336 domain = find_domain(dev);
4340 down_read(&dmar_global_lock);
4341 domain_remove_one_dev_info(domain, dev);
4342 if (!domain_type_is_vm_or_si(domain) && list_empty(&domain->devices))
4343 domain_exit(domain);
4344 up_read(&dmar_global_lock);
4349 static struct notifier_block device_nb = {
4350 .notifier_call = device_notifier,
4353 static int intel_iommu_memory_notifier(struct notifier_block *nb,
4354 unsigned long val, void *v)
4356 struct memory_notify *mhp = v;
4357 unsigned long long start, end;
4358 unsigned long start_vpfn, last_vpfn;
4361 case MEM_GOING_ONLINE:
4362 start = mhp->start_pfn << PAGE_SHIFT;
4363 end = ((mhp->start_pfn + mhp->nr_pages) << PAGE_SHIFT) - 1;
4364 if (iommu_domain_identity_map(si_domain, start, end)) {
4365 pr_warn("Failed to build identity map for [%llx-%llx]\n",
4372 case MEM_CANCEL_ONLINE:
4373 start_vpfn = mm_to_dma_pfn(mhp->start_pfn);
4374 last_vpfn = mm_to_dma_pfn(mhp->start_pfn + mhp->nr_pages - 1);
4375 while (start_vpfn <= last_vpfn) {
4377 struct dmar_drhd_unit *drhd;
4378 struct intel_iommu *iommu;
4379 struct page *freelist;
4381 iova = find_iova(&si_domain->iovad, start_vpfn);
4383 pr_debug("Failed get IOVA for PFN %lx\n",
4388 iova = split_and_remove_iova(&si_domain->iovad, iova,
4389 start_vpfn, last_vpfn);
4391 pr_warn("Failed to split IOVA PFN [%lx-%lx]\n",
4392 start_vpfn, last_vpfn);
4396 freelist = domain_unmap(si_domain, iova->pfn_lo,
4400 for_each_active_iommu(iommu, drhd)
4401 iommu_flush_iotlb_psi(iommu, si_domain->id,
4402 iova->pfn_lo, iova_size(iova),
4405 dma_free_pagelist(freelist);
4407 start_vpfn = iova->pfn_hi + 1;
4408 free_iova_mem(iova);
4416 static struct notifier_block intel_iommu_memory_nb = {
4417 .notifier_call = intel_iommu_memory_notifier,
4422 static ssize_t intel_iommu_show_version(struct device *dev,
4423 struct device_attribute *attr,
4426 struct intel_iommu *iommu = dev_get_drvdata(dev);
4427 u32 ver = readl(iommu->reg + DMAR_VER_REG);
4428 return sprintf(buf, "%d:%d\n",
4429 DMAR_VER_MAJOR(ver), DMAR_VER_MINOR(ver));
4431 static DEVICE_ATTR(version, S_IRUGO, intel_iommu_show_version, NULL);
4433 static ssize_t intel_iommu_show_address(struct device *dev,
4434 struct device_attribute *attr,
4437 struct intel_iommu *iommu = dev_get_drvdata(dev);
4438 return sprintf(buf, "%llx\n", iommu->reg_phys);
4440 static DEVICE_ATTR(address, S_IRUGO, intel_iommu_show_address, NULL);
4442 static ssize_t intel_iommu_show_cap(struct device *dev,
4443 struct device_attribute *attr,
4446 struct intel_iommu *iommu = dev_get_drvdata(dev);
4447 return sprintf(buf, "%llx\n", iommu->cap);
4449 static DEVICE_ATTR(cap, S_IRUGO, intel_iommu_show_cap, NULL);
4451 static ssize_t intel_iommu_show_ecap(struct device *dev,
4452 struct device_attribute *attr,
4455 struct intel_iommu *iommu = dev_get_drvdata(dev);
4456 return sprintf(buf, "%llx\n", iommu->ecap);
4458 static DEVICE_ATTR(ecap, S_IRUGO, intel_iommu_show_ecap, NULL);
4460 static struct attribute *intel_iommu_attrs[] = {
4461 &dev_attr_version.attr,
4462 &dev_attr_address.attr,
4464 &dev_attr_ecap.attr,
4468 static struct attribute_group intel_iommu_group = {
4469 .name = "intel-iommu",
4470 .attrs = intel_iommu_attrs,
4473 const struct attribute_group *intel_iommu_groups[] = {
4478 int __init intel_iommu_init(void)
4481 struct dmar_drhd_unit *drhd;
4482 struct intel_iommu *iommu;
4484 /* VT-d is required for a TXT/tboot launch, so enforce that */
4485 force_on = tboot_force_iommu();
4487 if (iommu_init_mempool()) {
4489 panic("tboot: Failed to initialize iommu memory\n");
4493 down_write(&dmar_global_lock);
4494 if (dmar_table_init()) {
4496 panic("tboot: Failed to initialize DMAR table\n");
4500 if (dmar_dev_scope_init() < 0) {
4502 panic("tboot: Failed to initialize DMAR device scope\n");
4506 if (no_iommu || dmar_disabled)
4509 if (list_empty(&dmar_rmrr_units))
4510 pr_info("No RMRR found\n");
4512 if (list_empty(&dmar_atsr_units))
4513 pr_info("No ATSR found\n");
4515 if (dmar_init_reserved_ranges()) {
4517 panic("tboot: Failed to reserve iommu ranges\n");
4518 goto out_free_reserved_range;
4521 init_no_remapping_devices();
4526 panic("tboot: Failed to initialize DMARs\n");
4527 pr_err("Initialization failed\n");
4528 goto out_free_reserved_range;
4530 up_write(&dmar_global_lock);
4531 pr_info("Intel(R) Virtualization Technology for Directed I/O\n");
4533 init_timer(&unmap_timer);
4534 #ifdef CONFIG_SWIOTLB
4537 dma_ops = &intel_dma_ops;
4539 init_iommu_pm_ops();
4541 for_each_active_iommu(iommu, drhd)
4542 iommu->iommu_dev = iommu_device_create(NULL, iommu,
4546 bus_set_iommu(&pci_bus_type, &intel_iommu_ops);
4547 bus_register_notifier(&pci_bus_type, &device_nb);
4548 if (si_domain && !hw_pass_through)
4549 register_memory_notifier(&intel_iommu_memory_nb);
4551 intel_iommu_enabled = 1;
4555 out_free_reserved_range:
4556 put_iova_domain(&reserved_iova_list);
4558 intel_iommu_free_dmars();
4559 up_write(&dmar_global_lock);
4560 iommu_exit_mempool();
4564 static int iommu_detach_dev_cb(struct pci_dev *pdev, u16 alias, void *opaque)
4566 struct intel_iommu *iommu = opaque;
4568 iommu_detach_dev(iommu, PCI_BUS_NUM(alias), alias & 0xff);
4573 * NB - intel-iommu lacks any sort of reference counting for the users of
4574 * dependent devices. If multiple endpoints have intersecting dependent
4575 * devices, unbinding the driver from any one of them will possibly leave
4576 * the others unable to operate.
4578 static void iommu_detach_dependent_devices(struct intel_iommu *iommu,
4581 if (!iommu || !dev || !dev_is_pci(dev))
4584 pci_for_each_dma_alias(to_pci_dev(dev), &iommu_detach_dev_cb, iommu);
4587 static void domain_remove_one_dev_info(struct dmar_domain *domain,
4590 struct device_domain_info *info, *tmp;
4591 struct intel_iommu *iommu;
4592 unsigned long flags;
4596 iommu = device_to_iommu(dev, &bus, &devfn);
4600 spin_lock_irqsave(&device_domain_lock, flags);
4601 list_for_each_entry_safe(info, tmp, &domain->devices, link) {
4602 if (info->iommu == iommu && info->bus == bus &&
4603 info->devfn == devfn) {
4604 unlink_domain_info(info);
4605 spin_unlock_irqrestore(&device_domain_lock, flags);
4607 iommu_disable_dev_iotlb(info);
4608 iommu_detach_dev(iommu, info->bus, info->devfn);
4609 iommu_detach_dependent_devices(iommu, dev);
4610 free_devinfo_mem(info);
4612 spin_lock_irqsave(&device_domain_lock, flags);
4620 /* if there is no other devices under the same iommu
4621 * owned by this domain, clear this iommu in iommu_bmp
4622 * update iommu count and coherency
4624 if (info->iommu == iommu)
4628 spin_unlock_irqrestore(&device_domain_lock, flags);
4631 domain_detach_iommu(domain, iommu);
4632 if (!domain_type_is_vm_or_si(domain))
4633 iommu_detach_domain(domain, iommu);
4637 static int md_domain_init(struct dmar_domain *domain, int guest_width)
4641 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
4643 domain_reserve_special_ranges(domain);
4645 /* calculate AGAW */
4646 domain->gaw = guest_width;
4647 adjust_width = guestwidth_to_adjustwidth(guest_width);
4648 domain->agaw = width_to_agaw(adjust_width);
4650 domain->iommu_coherency = 0;
4651 domain->iommu_snooping = 0;
4652 domain->iommu_superpage = 0;
4653 domain->max_addr = 0;
4655 /* always allocate the top pgd */
4656 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
4659 domain_flush_cache(domain, domain->pgd, PAGE_SIZE);
4663 static struct iommu_domain *intel_iommu_domain_alloc(unsigned type)
4665 struct dmar_domain *dmar_domain;
4666 struct iommu_domain *domain;
4668 if (type != IOMMU_DOMAIN_UNMANAGED)
4671 dmar_domain = alloc_domain(DOMAIN_FLAG_VIRTUAL_MACHINE);
4673 pr_err("Can't allocate dmar_domain\n");
4676 if (md_domain_init(dmar_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
4677 pr_err("Domain initialization failed\n");
4678 domain_exit(dmar_domain);
4681 domain_update_iommu_cap(dmar_domain);
4683 domain = &dmar_domain->domain;
4684 domain->geometry.aperture_start = 0;
4685 domain->geometry.aperture_end = __DOMAIN_MAX_ADDR(dmar_domain->gaw);
4686 domain->geometry.force_aperture = true;
4691 static void intel_iommu_domain_free(struct iommu_domain *domain)
4693 domain_exit(to_dmar_domain(domain));
4696 static int intel_iommu_attach_device(struct iommu_domain *domain,
4699 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4700 struct intel_iommu *iommu;
4704 if (device_is_rmrr_locked(dev)) {
4705 dev_warn(dev, "Device is ineligible for IOMMU domain attach due to platform RMRR requirement. Contact your platform vendor.\n");
4709 /* normally dev is not mapped */
4710 if (unlikely(domain_context_mapped(dev))) {
4711 struct dmar_domain *old_domain;
4713 old_domain = find_domain(dev);
4715 if (domain_type_is_vm_or_si(dmar_domain))
4716 domain_remove_one_dev_info(old_domain, dev);
4718 domain_remove_dev_info(old_domain);
4720 if (!domain_type_is_vm_or_si(old_domain) &&
4721 list_empty(&old_domain->devices))
4722 domain_exit(old_domain);
4726 iommu = device_to_iommu(dev, &bus, &devfn);
4730 /* check if this iommu agaw is sufficient for max mapped address */
4731 addr_width = agaw_to_width(iommu->agaw);
4732 if (addr_width > cap_mgaw(iommu->cap))
4733 addr_width = cap_mgaw(iommu->cap);
4735 if (dmar_domain->max_addr > (1LL << addr_width)) {
4736 pr_err("%s: iommu width (%d) is not "
4737 "sufficient for the mapped address (%llx)\n",
4738 __func__, addr_width, dmar_domain->max_addr);
4741 dmar_domain->gaw = addr_width;
4744 * Knock out extra levels of page tables if necessary
4746 while (iommu->agaw < dmar_domain->agaw) {
4747 struct dma_pte *pte;
4749 pte = dmar_domain->pgd;
4750 if (dma_pte_present(pte)) {
4751 dmar_domain->pgd = (struct dma_pte *)
4752 phys_to_virt(dma_pte_addr(pte));
4753 free_pgtable_page(pte);
4755 dmar_domain->agaw--;
4758 return domain_add_dev_info(dmar_domain, dev, CONTEXT_TT_MULTI_LEVEL);
4761 static void intel_iommu_detach_device(struct iommu_domain *domain,
4764 domain_remove_one_dev_info(to_dmar_domain(domain), dev);
4767 static int intel_iommu_map(struct iommu_domain *domain,
4768 unsigned long iova, phys_addr_t hpa,
4769 size_t size, int iommu_prot)
4771 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4776 if (iommu_prot & IOMMU_READ)
4777 prot |= DMA_PTE_READ;
4778 if (iommu_prot & IOMMU_WRITE)
4779 prot |= DMA_PTE_WRITE;
4780 if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
4781 prot |= DMA_PTE_SNP;
4783 max_addr = iova + size;
4784 if (dmar_domain->max_addr < max_addr) {
4787 /* check if minimum agaw is sufficient for mapped address */
4788 end = __DOMAIN_MAX_ADDR(dmar_domain->gaw) + 1;
4789 if (end < max_addr) {
4790 pr_err("%s: iommu width (%d) is not "
4791 "sufficient for the mapped address (%llx)\n",
4792 __func__, dmar_domain->gaw, max_addr);
4795 dmar_domain->max_addr = max_addr;
4797 /* Round up size to next multiple of PAGE_SIZE, if it and
4798 the low bits of hpa would take us onto the next page */
4799 size = aligned_nrpages(hpa, size);
4800 ret = domain_pfn_mapping(dmar_domain, iova >> VTD_PAGE_SHIFT,
4801 hpa >> VTD_PAGE_SHIFT, size, prot);
4805 static size_t intel_iommu_unmap(struct iommu_domain *domain,
4806 unsigned long iova, size_t size)
4808 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4809 struct page *freelist = NULL;
4810 struct intel_iommu *iommu;
4811 unsigned long start_pfn, last_pfn;
4812 unsigned int npages;
4813 int iommu_id, num, ndomains, level = 0;
4815 /* Cope with horrid API which requires us to unmap more than the
4816 size argument if it happens to be a large-page mapping. */
4817 if (!pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level))
4820 if (size < VTD_PAGE_SIZE << level_to_offset_bits(level))
4821 size = VTD_PAGE_SIZE << level_to_offset_bits(level);
4823 start_pfn = iova >> VTD_PAGE_SHIFT;
4824 last_pfn = (iova + size - 1) >> VTD_PAGE_SHIFT;
4826 freelist = domain_unmap(dmar_domain, start_pfn, last_pfn);
4828 npages = last_pfn - start_pfn + 1;
4830 for_each_set_bit(iommu_id, dmar_domain->iommu_bmp, g_num_of_iommus) {
4831 iommu = g_iommus[iommu_id];
4834 * find bit position of dmar_domain
4836 ndomains = cap_ndoms(iommu->cap);
4837 for_each_set_bit(num, iommu->domain_ids, ndomains) {
4838 if (iommu->domains[num] == dmar_domain)
4839 iommu_flush_iotlb_psi(iommu, num, start_pfn,
4840 npages, !freelist, 0);
4845 dma_free_pagelist(freelist);
4847 if (dmar_domain->max_addr == iova + size)
4848 dmar_domain->max_addr = iova;
4853 static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
4856 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4857 struct dma_pte *pte;
4861 pte = pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level);
4863 phys = dma_pte_addr(pte);
4868 static bool intel_iommu_capable(enum iommu_cap cap)
4870 if (cap == IOMMU_CAP_CACHE_COHERENCY)
4871 return domain_update_iommu_snooping(NULL) == 1;
4872 if (cap == IOMMU_CAP_INTR_REMAP)
4873 return irq_remapping_enabled == 1;
4878 static int intel_iommu_add_device(struct device *dev)
4880 struct intel_iommu *iommu;
4881 struct iommu_group *group;
4884 iommu = device_to_iommu(dev, &bus, &devfn);
4888 iommu_device_link(iommu->iommu_dev, dev);
4890 group = iommu_group_get_for_dev(dev);
4893 return PTR_ERR(group);
4895 iommu_group_put(group);
4899 static void intel_iommu_remove_device(struct device *dev)
4901 struct intel_iommu *iommu;
4904 iommu = device_to_iommu(dev, &bus, &devfn);
4908 iommu_group_remove_device(dev);
4910 iommu_device_unlink(iommu->iommu_dev, dev);
4913 static const struct iommu_ops intel_iommu_ops = {
4914 .capable = intel_iommu_capable,
4915 .domain_alloc = intel_iommu_domain_alloc,
4916 .domain_free = intel_iommu_domain_free,
4917 .attach_dev = intel_iommu_attach_device,
4918 .detach_dev = intel_iommu_detach_device,
4919 .map = intel_iommu_map,
4920 .unmap = intel_iommu_unmap,
4921 .map_sg = default_iommu_map_sg,
4922 .iova_to_phys = intel_iommu_iova_to_phys,
4923 .add_device = intel_iommu_add_device,
4924 .remove_device = intel_iommu_remove_device,
4925 .pgsize_bitmap = INTEL_IOMMU_PGSIZES,
4928 static void quirk_iommu_g4x_gfx(struct pci_dev *dev)
4930 /* G4x/GM45 integrated gfx dmar support is totally busted. */
4931 pr_info("Disabling IOMMU for graphics on this chipset\n");
4935 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_g4x_gfx);
4936 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_g4x_gfx);
4937 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_g4x_gfx);
4938 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_g4x_gfx);
4939 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_g4x_gfx);
4940 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_g4x_gfx);
4941 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_g4x_gfx);
4943 static void quirk_iommu_rwbf(struct pci_dev *dev)
4946 * Mobile 4 Series Chipset neglects to set RWBF capability,
4947 * but needs it. Same seems to hold for the desktop versions.
4949 pr_info("Forcing write-buffer flush capability\n");
4953 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_rwbf);
4954 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_rwbf);
4955 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_rwbf);
4956 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_rwbf);
4957 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_rwbf);
4958 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_rwbf);
4959 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_rwbf);
4962 #define GGC_MEMORY_SIZE_MASK (0xf << 8)
4963 #define GGC_MEMORY_SIZE_NONE (0x0 << 8)
4964 #define GGC_MEMORY_SIZE_1M (0x1 << 8)
4965 #define GGC_MEMORY_SIZE_2M (0x3 << 8)
4966 #define GGC_MEMORY_VT_ENABLED (0x8 << 8)
4967 #define GGC_MEMORY_SIZE_2M_VT (0x9 << 8)
4968 #define GGC_MEMORY_SIZE_3M_VT (0xa << 8)
4969 #define GGC_MEMORY_SIZE_4M_VT (0xb << 8)
4971 static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev)
4975 if (pci_read_config_word(dev, GGC, &ggc))
4978 if (!(ggc & GGC_MEMORY_VT_ENABLED)) {
4979 pr_info("BIOS has allocated no shadow GTT; disabling IOMMU for graphics\n");
4981 } else if (dmar_map_gfx) {
4982 /* we have to ensure the gfx device is idle before we flush */
4983 pr_info("Disabling batched IOTLB flush on Ironlake\n");
4984 intel_iommu_strict = 1;
4987 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0040, quirk_calpella_no_shadow_gtt);
4988 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0044, quirk_calpella_no_shadow_gtt);
4989 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0062, quirk_calpella_no_shadow_gtt);
4990 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x006a, quirk_calpella_no_shadow_gtt);
4992 /* On Tylersburg chipsets, some BIOSes have been known to enable the
4993 ISOCH DMAR unit for the Azalia sound device, but not give it any
4994 TLB entries, which causes it to deadlock. Check for that. We do
4995 this in a function called from init_dmars(), instead of in a PCI
4996 quirk, because we don't want to print the obnoxious "BIOS broken"
4997 message if VT-d is actually disabled.
4999 static void __init check_tylersburg_isoch(void)
5001 struct pci_dev *pdev;
5002 uint32_t vtisochctrl;
5004 /* If there's no Azalia in the system anyway, forget it. */
5005 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL);
5010 /* System Management Registers. Might be hidden, in which case
5011 we can't do the sanity check. But that's OK, because the
5012 known-broken BIOSes _don't_ actually hide it, so far. */
5013 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x342e, NULL);
5017 if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) {
5024 /* If Azalia DMA is routed to the non-isoch DMAR unit, fine. */
5025 if (vtisochctrl & 1)
5028 /* Drop all bits other than the number of TLB entries */
5029 vtisochctrl &= 0x1c;
5031 /* If we have the recommended number of TLB entries (16), fine. */
5032 if (vtisochctrl == 0x10)
5035 /* Zero TLB entries? You get to ride the short bus to school. */
5037 WARN(1, "Your BIOS is broken; DMA routed to ISOCH DMAR unit but no TLB space.\n"
5038 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
5039 dmi_get_system_info(DMI_BIOS_VENDOR),
5040 dmi_get_system_info(DMI_BIOS_VERSION),
5041 dmi_get_system_info(DMI_PRODUCT_VERSION));
5042 iommu_identity_mapping |= IDENTMAP_AZALIA;
5046 pr_warn("Recommended TLB entries for ISOCH unit is 16; your BIOS set %d\n",
projects / firefly-linux-kernel-4.4.55.git / blob