2 * Copyright © 2006-2014 Intel Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * Authors: David Woodhouse <dwmw2@infradead.org>,
14 * Ashok Raj <ashok.raj@intel.com>,
15 * Shaohua Li <shaohua.li@intel.com>,
16 * Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
17 * Fenghua Yu <fenghua.yu@intel.com>
18 * Joerg Roedel <jroedel@suse.de>
21 #define pr_fmt(fmt) "DMAR: " fmt
23 #include <linux/init.h>
24 #include <linux/bitmap.h>
25 #include <linux/debugfs.h>
26 #include <linux/export.h>
27 #include <linux/slab.h>
28 #include <linux/irq.h>
29 #include <linux/interrupt.h>
30 #include <linux/spinlock.h>
31 #include <linux/pci.h>
32 #include <linux/dmar.h>
33 #include <linux/dma-mapping.h>
34 #include <linux/mempool.h>
35 #include <linux/memory.h>
36 #include <linux/timer.h>
37 #include <linux/iova.h>
38 #include <linux/iommu.h>
39 #include <linux/intel-iommu.h>
40 #include <linux/syscore_ops.h>
41 #include <linux/tboot.h>
42 #include <linux/dmi.h>
43 #include <linux/pci-ats.h>
44 #include <linux/memblock.h>
45 #include <linux/dma-contiguous.h>
46 #include <linux/crash_dump.h>
47 #include <asm/irq_remapping.h>
48 #include <asm/cacheflush.h>
49 #include <asm/iommu.h>
51 #include "irq_remapping.h"
53 #define ROOT_SIZE VTD_PAGE_SIZE
54 #define CONTEXT_SIZE VTD_PAGE_SIZE
56 #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY)
57 #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB)
58 #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA)
59 #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e)
61 #define IOAPIC_RANGE_START (0xfee00000)
62 #define IOAPIC_RANGE_END (0xfeefffff)
63 #define IOVA_START_ADDR (0x1000)
65 #define DEFAULT_DOMAIN_ADDRESS_WIDTH 48
67 #define MAX_AGAW_WIDTH 64
68 #define MAX_AGAW_PFN_WIDTH (MAX_AGAW_WIDTH - VTD_PAGE_SHIFT)
70 #define __DOMAIN_MAX_PFN(gaw) ((((uint64_t)1) << (gaw-VTD_PAGE_SHIFT)) - 1)
71 #define __DOMAIN_MAX_ADDR(gaw) ((((uint64_t)1) << gaw) - 1)
73 /* We limit DOMAIN_MAX_PFN to fit in an unsigned long, and DOMAIN_MAX_ADDR
74 to match. That way, we can use 'unsigned long' for PFNs with impunity. */
75 #define DOMAIN_MAX_PFN(gaw) ((unsigned long) min_t(uint64_t, \
76 __DOMAIN_MAX_PFN(gaw), (unsigned long)-1))
77 #define DOMAIN_MAX_ADDR(gaw) (((uint64_t)__DOMAIN_MAX_PFN(gaw)) << VTD_PAGE_SHIFT)
79 /* IO virtual address start page frame number */
80 #define IOVA_START_PFN (1)
82 #define IOVA_PFN(addr) ((addr) >> PAGE_SHIFT)
83 #define DMA_32BIT_PFN IOVA_PFN(DMA_BIT_MASK(32))
84 #define DMA_64BIT_PFN IOVA_PFN(DMA_BIT_MASK(64))
86 /* page table handling */
87 #define LEVEL_STRIDE (9)
88 #define LEVEL_MASK (((u64)1 << LEVEL_STRIDE) - 1)
91 * This bitmap is used to advertise the page sizes our hardware support
92 * to the IOMMU core, which will then use this information to split
93 * physically contiguous memory regions it is mapping into page sizes
96 * Traditionally the IOMMU core just handed us the mappings directly,
97 * after making sure the size is an order of a 4KiB page and that the
98 * mapping has natural alignment.
100 * To retain this behavior, we currently advertise that we support
101 * all page sizes that are an order of 4KiB.
103 * If at some point we'd like to utilize the IOMMU core's new behavior,
104 * we could change this to advertise the real page sizes we support.
106 #define INTEL_IOMMU_PGSIZES (~0xFFFUL)
108 static inline int agaw_to_level(int agaw)
113 static inline int agaw_to_width(int agaw)
115 return min_t(int, 30 + agaw * LEVEL_STRIDE, MAX_AGAW_WIDTH);
118 static inline int width_to_agaw(int width)
120 return DIV_ROUND_UP(width - 30, LEVEL_STRIDE);
123 static inline unsigned int level_to_offset_bits(int level)
125 return (level - 1) * LEVEL_STRIDE;
128 static inline int pfn_level_offset(unsigned long pfn, int level)
130 return (pfn >> level_to_offset_bits(level)) & LEVEL_MASK;
133 static inline unsigned long level_mask(int level)
135 return -1UL << level_to_offset_bits(level);
138 static inline unsigned long level_size(int level)
140 return 1UL << level_to_offset_bits(level);
143 static inline unsigned long align_to_level(unsigned long pfn, int level)
145 return (pfn + level_size(level) - 1) & level_mask(level);
148 static inline unsigned long lvl_to_nr_pages(unsigned int lvl)
150 return 1 << min_t(int, (lvl - 1) * LEVEL_STRIDE, MAX_AGAW_PFN_WIDTH);
153 /* VT-d pages must always be _smaller_ than MM pages. Otherwise things
154 are never going to work. */
155 static inline unsigned long dma_to_mm_pfn(unsigned long dma_pfn)
157 return dma_pfn >> (PAGE_SHIFT - VTD_PAGE_SHIFT);
160 static inline unsigned long mm_to_dma_pfn(unsigned long mm_pfn)
162 return mm_pfn << (PAGE_SHIFT - VTD_PAGE_SHIFT);
164 static inline unsigned long page_to_dma_pfn(struct page *pg)
166 return mm_to_dma_pfn(page_to_pfn(pg));
168 static inline unsigned long virt_to_dma_pfn(void *p)
170 return page_to_dma_pfn(virt_to_page(p));
173 /* global iommu list, set NULL for ignored DMAR units */
174 static struct intel_iommu **g_iommus;
176 static void __init check_tylersburg_isoch(void);
177 static int rwbf_quirk;
180 * set to 1 to panic kernel if can't successfully enable VT-d
181 * (used when kernel is launched w/ TXT)
183 static int force_on = 0;
188 * 12-63: Context Ptr (12 - (haw-1))
195 #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
198 * Take a root_entry and return the Lower Context Table Pointer (LCTP)
201 static phys_addr_t root_entry_lctp(struct root_entry *re)
206 return re->lo & VTD_PAGE_MASK;
210 * Take a root_entry and return the Upper Context Table Pointer (UCTP)
213 static phys_addr_t root_entry_uctp(struct root_entry *re)
218 return re->hi & VTD_PAGE_MASK;
223 * 1: fault processing disable
224 * 2-3: translation type
225 * 12-63: address space root
231 struct context_entry {
236 static inline void context_clear_pasid_enable(struct context_entry *context)
238 context->lo &= ~(1ULL << 11);
241 static inline bool context_pasid_enabled(struct context_entry *context)
243 return !!(context->lo & (1ULL << 11));
246 static inline void context_set_copied(struct context_entry *context)
248 context->hi |= (1ull << 3);
251 static inline bool context_copied(struct context_entry *context)
253 return !!(context->hi & (1ULL << 3));
256 static inline bool __context_present(struct context_entry *context)
258 return (context->lo & 1);
261 static inline bool context_present(struct context_entry *context)
263 return context_pasid_enabled(context) ?
264 __context_present(context) :
265 __context_present(context) && !context_copied(context);
268 static inline void context_set_present(struct context_entry *context)
273 static inline void context_set_fault_enable(struct context_entry *context)
275 context->lo &= (((u64)-1) << 2) | 1;
278 static inline void context_set_translation_type(struct context_entry *context,
281 context->lo &= (((u64)-1) << 4) | 3;
282 context->lo |= (value & 3) << 2;
285 static inline void context_set_address_root(struct context_entry *context,
288 context->lo &= ~VTD_PAGE_MASK;
289 context->lo |= value & VTD_PAGE_MASK;
292 static inline void context_set_address_width(struct context_entry *context,
295 context->hi |= value & 7;
298 static inline void context_set_domain_id(struct context_entry *context,
301 context->hi |= (value & ((1 << 16) - 1)) << 8;
304 static inline int context_domain_id(struct context_entry *c)
306 return((c->hi >> 8) & 0xffff);
309 static inline void context_clear_entry(struct context_entry *context)
322 * 12-63: Host physcial address
328 static inline void dma_clear_pte(struct dma_pte *pte)
333 static inline u64 dma_pte_addr(struct dma_pte *pte)
336 return pte->val & VTD_PAGE_MASK;
338 /* Must have a full atomic 64-bit read */
339 return __cmpxchg64(&pte->val, 0ULL, 0ULL) & VTD_PAGE_MASK;
343 static inline bool dma_pte_present(struct dma_pte *pte)
345 return (pte->val & 3) != 0;
348 static inline bool dma_pte_superpage(struct dma_pte *pte)
350 return (pte->val & DMA_PTE_LARGE_PAGE);
353 static inline int first_pte_in_page(struct dma_pte *pte)
355 return !((unsigned long)pte & ~VTD_PAGE_MASK);
359 * This domain is a statically identity mapping domain.
360 * 1. This domain creats a static 1:1 mapping to all usable memory.
361 * 2. It maps to each iommu if successful.
362 * 3. Each iommu mapps to this domain if successful.
364 static struct dmar_domain *si_domain;
365 static int hw_pass_through = 1;
367 /* domain represents a virtual machine, more than one devices
368 * across iommus may be owned in one domain, e.g. kvm guest.
370 #define DOMAIN_FLAG_VIRTUAL_MACHINE (1 << 0)
372 /* si_domain contains mulitple devices */
373 #define DOMAIN_FLAG_STATIC_IDENTITY (1 << 1)
376 int id; /* domain id */
377 int nid; /* node id */
378 DECLARE_BITMAP(iommu_bmp, DMAR_UNITS_SUPPORTED);
379 /* bitmap of iommus this domain uses*/
381 struct list_head devices; /* all devices' list */
382 struct iova_domain iovad; /* iova's that belong to this domain */
384 struct dma_pte *pgd; /* virtual address */
385 int gaw; /* max guest address width */
387 /* adjusted guest address width, 0 is level 2 30-bit */
390 int flags; /* flags to find out type of domain */
392 int iommu_coherency;/* indicate coherency of iommu access */
393 int iommu_snooping; /* indicate snooping control feature*/
394 int iommu_count; /* reference count of iommu */
395 int iommu_superpage;/* Level of superpages supported:
396 0 == 4KiB (no superpages), 1 == 2MiB,
397 2 == 1GiB, 3 == 512GiB, 4 == 1TiB */
398 spinlock_t iommu_lock; /* protect iommu set in domain */
399 u64 max_addr; /* maximum mapped address */
401 struct iommu_domain domain; /* generic domain data structure for
405 /* PCI domain-device relationship */
406 struct device_domain_info {
407 struct list_head link; /* link to domain siblings */
408 struct list_head global; /* link to global list */
409 u8 bus; /* PCI bus number */
410 u8 devfn; /* PCI devfn number */
411 struct device *dev; /* it's NULL for PCIe-to-PCI bridge */
412 struct intel_iommu *iommu; /* IOMMU used by this device */
413 struct dmar_domain *domain; /* pointer to domain */
416 struct dmar_rmrr_unit {
417 struct list_head list; /* list of rmrr units */
418 struct acpi_dmar_header *hdr; /* ACPI header */
419 u64 base_address; /* reserved base address*/
420 u64 end_address; /* reserved end address */
421 struct dmar_dev_scope *devices; /* target devices */
422 int devices_cnt; /* target device count */
425 struct dmar_atsr_unit {
426 struct list_head list; /* list of ATSR units */
427 struct acpi_dmar_header *hdr; /* ACPI header */
428 struct dmar_dev_scope *devices; /* target devices */
429 int devices_cnt; /* target device count */
430 u8 include_all:1; /* include all ports */
433 static LIST_HEAD(dmar_atsr_units);
434 static LIST_HEAD(dmar_rmrr_units);
436 #define for_each_rmrr_units(rmrr) \
437 list_for_each_entry(rmrr, &dmar_rmrr_units, list)
439 static void flush_unmaps_timeout(unsigned long data);
441 static DEFINE_TIMER(unmap_timer, flush_unmaps_timeout, 0, 0);
443 #define HIGH_WATER_MARK 250
444 struct deferred_flush_tables {
446 struct iova *iova[HIGH_WATER_MARK];
447 struct dmar_domain *domain[HIGH_WATER_MARK];
448 struct page *freelist[HIGH_WATER_MARK];
451 static struct deferred_flush_tables *deferred_flush;
453 /* bitmap for indexing intel_iommus */
454 static int g_num_of_iommus;
456 static DEFINE_SPINLOCK(async_umap_flush_lock);
457 static LIST_HEAD(unmaps_to_do);
460 static long list_size;
462 static void domain_exit(struct dmar_domain *domain);
463 static void domain_remove_dev_info(struct dmar_domain *domain);
464 static void domain_remove_one_dev_info(struct dmar_domain *domain,
466 static void iommu_detach_dependent_devices(struct intel_iommu *iommu,
468 static int domain_detach_iommu(struct dmar_domain *domain,
469 struct intel_iommu *iommu);
471 #ifdef CONFIG_INTEL_IOMMU_DEFAULT_ON
472 int dmar_disabled = 0;
474 int dmar_disabled = 1;
475 #endif /*CONFIG_INTEL_IOMMU_DEFAULT_ON*/
477 int intel_iommu_enabled = 0;
478 EXPORT_SYMBOL_GPL(intel_iommu_enabled);
480 static int dmar_map_gfx = 1;
481 static int dmar_forcedac;
482 static int intel_iommu_strict;
483 static int intel_iommu_superpage = 1;
484 static int intel_iommu_ecs = 1;
486 /* We only actually use ECS when PASID support (on the new bit 40)
487 * is also advertised. Some early implementations — the ones with
488 * PASID support on bit 28 — have issues even when we *only* use
489 * extended root/context tables. */
490 #define ecs_enabled(iommu) (intel_iommu_ecs && ecap_ecs(iommu->ecap) && \
491 ecap_pasid(iommu->ecap))
493 int intel_iommu_gfx_mapped;
494 EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped);
496 #define DUMMY_DEVICE_DOMAIN_INFO ((struct device_domain_info *)(-1))
497 static DEFINE_SPINLOCK(device_domain_lock);
498 static LIST_HEAD(device_domain_list);
500 static const struct iommu_ops intel_iommu_ops;
502 static bool translation_pre_enabled(struct intel_iommu *iommu)
504 return (iommu->flags & VTD_FLAG_TRANS_PRE_ENABLED);
507 static void clear_translation_pre_enabled(struct intel_iommu *iommu)
509 iommu->flags &= ~VTD_FLAG_TRANS_PRE_ENABLED;
512 static void init_translation_status(struct intel_iommu *iommu)
516 gsts = readl(iommu->reg + DMAR_GSTS_REG);
517 if (gsts & DMA_GSTS_TES)
518 iommu->flags |= VTD_FLAG_TRANS_PRE_ENABLED;
521 /* Convert generic 'struct iommu_domain to private struct dmar_domain */
522 static struct dmar_domain *to_dmar_domain(struct iommu_domain *dom)
524 return container_of(dom, struct dmar_domain, domain);
527 static int __init intel_iommu_setup(char *str)
532 if (!strncmp(str, "on", 2)) {
534 pr_info("IOMMU enabled\n");
535 } else if (!strncmp(str, "off", 3)) {
537 pr_info("IOMMU disabled\n");
538 } else if (!strncmp(str, "igfx_off", 8)) {
540 pr_info("Disable GFX device mapping\n");
541 } else if (!strncmp(str, "forcedac", 8)) {
542 pr_info("Forcing DAC for PCI devices\n");
544 } else if (!strncmp(str, "strict", 6)) {
545 pr_info("Disable batched IOTLB flush\n");
546 intel_iommu_strict = 1;
547 } else if (!strncmp(str, "sp_off", 6)) {
548 pr_info("Disable supported super page\n");
549 intel_iommu_superpage = 0;
550 } else if (!strncmp(str, "ecs_off", 7)) {
552 "Intel-IOMMU: disable extended context table support\n");
556 str += strcspn(str, ",");
562 __setup("intel_iommu=", intel_iommu_setup);
564 static struct kmem_cache *iommu_domain_cache;
565 static struct kmem_cache *iommu_devinfo_cache;
567 static inline void *alloc_pgtable_page(int node)
572 page = alloc_pages_node(node, GFP_ATOMIC | __GFP_ZERO, 0);
574 vaddr = page_address(page);
578 static inline void free_pgtable_page(void *vaddr)
580 free_page((unsigned long)vaddr);
583 static inline void *alloc_domain_mem(void)
585 return kmem_cache_alloc(iommu_domain_cache, GFP_ATOMIC);
588 static void free_domain_mem(void *vaddr)
590 kmem_cache_free(iommu_domain_cache, vaddr);
593 static inline void * alloc_devinfo_mem(void)
595 return kmem_cache_alloc(iommu_devinfo_cache, GFP_ATOMIC);
598 static inline void free_devinfo_mem(void *vaddr)
600 kmem_cache_free(iommu_devinfo_cache, vaddr);
603 static inline int domain_type_is_vm(struct dmar_domain *domain)
605 return domain->flags & DOMAIN_FLAG_VIRTUAL_MACHINE;
608 static inline int domain_type_is_vm_or_si(struct dmar_domain *domain)
610 return domain->flags & (DOMAIN_FLAG_VIRTUAL_MACHINE |
611 DOMAIN_FLAG_STATIC_IDENTITY);
614 static inline int domain_pfn_supported(struct dmar_domain *domain,
617 int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
619 return !(addr_width < BITS_PER_LONG && pfn >> addr_width);
622 static int __iommu_calculate_agaw(struct intel_iommu *iommu, int max_gaw)
627 sagaw = cap_sagaw(iommu->cap);
628 for (agaw = width_to_agaw(max_gaw);
630 if (test_bit(agaw, &sagaw))
638 * Calculate max SAGAW for each iommu.
640 int iommu_calculate_max_sagaw(struct intel_iommu *iommu)
642 return __iommu_calculate_agaw(iommu, MAX_AGAW_WIDTH);
646 * calculate agaw for each iommu.
647 * "SAGAW" may be different across iommus, use a default agaw, and
648 * get a supported less agaw for iommus that don't support the default agaw.
650 int iommu_calculate_agaw(struct intel_iommu *iommu)
652 return __iommu_calculate_agaw(iommu, DEFAULT_DOMAIN_ADDRESS_WIDTH);
655 /* This functionin only returns single iommu in a domain */
656 static struct intel_iommu *domain_get_iommu(struct dmar_domain *domain)
660 /* si_domain and vm domain should not get here. */
661 BUG_ON(domain_type_is_vm_or_si(domain));
662 iommu_id = find_first_bit(domain->iommu_bmp, g_num_of_iommus);
663 if (iommu_id < 0 || iommu_id >= g_num_of_iommus)
666 return g_iommus[iommu_id];
669 static void domain_update_iommu_coherency(struct dmar_domain *domain)
671 struct dmar_drhd_unit *drhd;
672 struct intel_iommu *iommu;
676 domain->iommu_coherency = 1;
678 for_each_set_bit(i, domain->iommu_bmp, g_num_of_iommus) {
680 if (!ecap_coherent(g_iommus[i]->ecap)) {
681 domain->iommu_coherency = 0;
688 /* No hardware attached; use lowest common denominator */
690 for_each_active_iommu(iommu, drhd) {
691 if (!ecap_coherent(iommu->ecap)) {
692 domain->iommu_coherency = 0;
699 static int domain_update_iommu_snooping(struct intel_iommu *skip)
701 struct dmar_drhd_unit *drhd;
702 struct intel_iommu *iommu;
706 for_each_active_iommu(iommu, drhd) {
708 if (!ecap_sc_support(iommu->ecap)) {
719 static int domain_update_iommu_superpage(struct intel_iommu *skip)
721 struct dmar_drhd_unit *drhd;
722 struct intel_iommu *iommu;
725 if (!intel_iommu_superpage) {
729 /* set iommu_superpage to the smallest common denominator */
731 for_each_active_iommu(iommu, drhd) {
733 mask &= cap_super_page_val(iommu->cap);
743 /* Some capabilities may be different across iommus */
744 static void domain_update_iommu_cap(struct dmar_domain *domain)
746 domain_update_iommu_coherency(domain);
747 domain->iommu_snooping = domain_update_iommu_snooping(NULL);
748 domain->iommu_superpage = domain_update_iommu_superpage(NULL);
751 static inline struct context_entry *iommu_context_addr(struct intel_iommu *iommu,
752 u8 bus, u8 devfn, int alloc)
754 struct root_entry *root = &iommu->root_entry[bus];
755 struct context_entry *context;
758 if (ecs_enabled(iommu)) {
767 context = phys_to_virt(*entry & VTD_PAGE_MASK);
769 unsigned long phy_addr;
773 context = alloc_pgtable_page(iommu->node);
777 __iommu_flush_cache(iommu, (void *)context, CONTEXT_SIZE);
778 phy_addr = virt_to_phys((void *)context);
779 *entry = phy_addr | 1;
780 __iommu_flush_cache(iommu, entry, sizeof(*entry));
782 return &context[devfn];
785 static int iommu_dummy(struct device *dev)
787 return dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO;
790 static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devfn)
792 struct dmar_drhd_unit *drhd = NULL;
793 struct intel_iommu *iommu;
795 struct pci_dev *ptmp, *pdev = NULL;
799 if (iommu_dummy(dev))
802 if (dev_is_pci(dev)) {
803 pdev = to_pci_dev(dev);
804 segment = pci_domain_nr(pdev->bus);
805 } else if (has_acpi_companion(dev))
806 dev = &ACPI_COMPANION(dev)->dev;
809 for_each_active_iommu(iommu, drhd) {
810 if (pdev && segment != drhd->segment)
813 for_each_active_dev_scope(drhd->devices,
814 drhd->devices_cnt, i, tmp) {
816 *bus = drhd->devices[i].bus;
817 *devfn = drhd->devices[i].devfn;
821 if (!pdev || !dev_is_pci(tmp))
824 ptmp = to_pci_dev(tmp);
825 if (ptmp->subordinate &&
826 ptmp->subordinate->number <= pdev->bus->number &&
827 ptmp->subordinate->busn_res.end >= pdev->bus->number)
831 if (pdev && drhd->include_all) {
833 *bus = pdev->bus->number;
834 *devfn = pdev->devfn;
845 static void domain_flush_cache(struct dmar_domain *domain,
846 void *addr, int size)
848 if (!domain->iommu_coherency)
849 clflush_cache_range(addr, size);
852 static int device_context_mapped(struct intel_iommu *iommu, u8 bus, u8 devfn)
854 struct context_entry *context;
858 spin_lock_irqsave(&iommu->lock, flags);
859 context = iommu_context_addr(iommu, bus, devfn, 0);
861 ret = context_present(context);
862 spin_unlock_irqrestore(&iommu->lock, flags);
866 static void clear_context_table(struct intel_iommu *iommu, u8 bus, u8 devfn)
868 struct context_entry *context;
871 spin_lock_irqsave(&iommu->lock, flags);
872 context = iommu_context_addr(iommu, bus, devfn, 0);
874 context_clear_entry(context);
875 __iommu_flush_cache(iommu, context, sizeof(*context));
877 spin_unlock_irqrestore(&iommu->lock, flags);
880 static void free_context_table(struct intel_iommu *iommu)
884 struct context_entry *context;
886 spin_lock_irqsave(&iommu->lock, flags);
887 if (!iommu->root_entry) {
890 for (i = 0; i < ROOT_ENTRY_NR; i++) {
891 context = iommu_context_addr(iommu, i, 0, 0);
893 free_pgtable_page(context);
895 if (!ecs_enabled(iommu))
898 context = iommu_context_addr(iommu, i, 0x80, 0);
900 free_pgtable_page(context);
903 free_pgtable_page(iommu->root_entry);
904 iommu->root_entry = NULL;
906 spin_unlock_irqrestore(&iommu->lock, flags);
909 static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
910 unsigned long pfn, int *target_level)
912 struct dma_pte *parent, *pte = NULL;
913 int level = agaw_to_level(domain->agaw);
916 BUG_ON(!domain->pgd);
918 if (!domain_pfn_supported(domain, pfn))
919 /* Address beyond IOMMU's addressing capabilities. */
922 parent = domain->pgd;
927 offset = pfn_level_offset(pfn, level);
928 pte = &parent[offset];
929 if (!*target_level && (dma_pte_superpage(pte) || !dma_pte_present(pte)))
931 if (level == *target_level)
934 if (!dma_pte_present(pte)) {
937 tmp_page = alloc_pgtable_page(domain->nid);
942 domain_flush_cache(domain, tmp_page, VTD_PAGE_SIZE);
943 pteval = ((uint64_t)virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE;
944 if (cmpxchg64(&pte->val, 0ULL, pteval))
945 /* Someone else set it while we were thinking; use theirs. */
946 free_pgtable_page(tmp_page);
948 domain_flush_cache(domain, pte, sizeof(*pte));
953 parent = phys_to_virt(dma_pte_addr(pte));
958 *target_level = level;
964 /* return address's pte at specific level */
965 static struct dma_pte *dma_pfn_level_pte(struct dmar_domain *domain,
967 int level, int *large_page)
969 struct dma_pte *parent, *pte = NULL;
970 int total = agaw_to_level(domain->agaw);
973 parent = domain->pgd;
974 while (level <= total) {
975 offset = pfn_level_offset(pfn, total);
976 pte = &parent[offset];
980 if (!dma_pte_present(pte)) {
985 if (dma_pte_superpage(pte)) {
990 parent = phys_to_virt(dma_pte_addr(pte));
996 /* clear last level pte, a tlb flush should be followed */
997 static void dma_pte_clear_range(struct dmar_domain *domain,
998 unsigned long start_pfn,
999 unsigned long last_pfn)
1001 unsigned int large_page = 1;
1002 struct dma_pte *first_pte, *pte;
1004 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1005 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1006 BUG_ON(start_pfn > last_pfn);
1008 /* we don't need lock here; nobody else touches the iova range */
1011 first_pte = pte = dma_pfn_level_pte(domain, start_pfn, 1, &large_page);
1013 start_pfn = align_to_level(start_pfn + 1, large_page + 1);
1018 start_pfn += lvl_to_nr_pages(large_page);
1020 } while (start_pfn <= last_pfn && !first_pte_in_page(pte));
1022 domain_flush_cache(domain, first_pte,
1023 (void *)pte - (void *)first_pte);
1025 } while (start_pfn && start_pfn <= last_pfn);
1028 static void dma_pte_free_level(struct dmar_domain *domain, int level,
1029 struct dma_pte *pte, unsigned long pfn,
1030 unsigned long start_pfn, unsigned long last_pfn)
1032 pfn = max(start_pfn, pfn);
1033 pte = &pte[pfn_level_offset(pfn, level)];
1036 unsigned long level_pfn;
1037 struct dma_pte *level_pte;
1039 if (!dma_pte_present(pte) || dma_pte_superpage(pte))
1042 level_pfn = pfn & level_mask(level - 1);
1043 level_pte = phys_to_virt(dma_pte_addr(pte));
1046 dma_pte_free_level(domain, level - 1, level_pte,
1047 level_pfn, start_pfn, last_pfn);
1049 /* If range covers entire pagetable, free it */
1050 if (!(start_pfn > level_pfn ||
1051 last_pfn < level_pfn + level_size(level) - 1)) {
1053 domain_flush_cache(domain, pte, sizeof(*pte));
1054 free_pgtable_page(level_pte);
1057 pfn += level_size(level);
1058 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
1061 /* free page table pages. last level pte should already be cleared */
1062 static void dma_pte_free_pagetable(struct dmar_domain *domain,
1063 unsigned long start_pfn,
1064 unsigned long last_pfn)
1066 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1067 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1068 BUG_ON(start_pfn > last_pfn);
1070 dma_pte_clear_range(domain, start_pfn, last_pfn);
1072 /* We don't need lock here; nobody else touches the iova range */
1073 dma_pte_free_level(domain, agaw_to_level(domain->agaw),
1074 domain->pgd, 0, start_pfn, last_pfn);
1077 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1078 free_pgtable_page(domain->pgd);
1083 /* When a page at a given level is being unlinked from its parent, we don't
1084 need to *modify* it at all. All we need to do is make a list of all the
1085 pages which can be freed just as soon as we've flushed the IOTLB and we
1086 know the hardware page-walk will no longer touch them.
1087 The 'pte' argument is the *parent* PTE, pointing to the page that is to
1089 static struct page *dma_pte_list_pagetables(struct dmar_domain *domain,
1090 int level, struct dma_pte *pte,
1091 struct page *freelist)
1095 pg = pfn_to_page(dma_pte_addr(pte) >> PAGE_SHIFT);
1096 pg->freelist = freelist;
1102 pte = page_address(pg);
1104 if (dma_pte_present(pte) && !dma_pte_superpage(pte))
1105 freelist = dma_pte_list_pagetables(domain, level - 1,
1108 } while (!first_pte_in_page(pte));
1113 static struct page *dma_pte_clear_level(struct dmar_domain *domain, int level,
1114 struct dma_pte *pte, unsigned long pfn,
1115 unsigned long start_pfn,
1116 unsigned long last_pfn,
1117 struct page *freelist)
1119 struct dma_pte *first_pte = NULL, *last_pte = NULL;
1121 pfn = max(start_pfn, pfn);
1122 pte = &pte[pfn_level_offset(pfn, level)];
1125 unsigned long level_pfn;
1127 if (!dma_pte_present(pte))
1130 level_pfn = pfn & level_mask(level);
1132 /* If range covers entire pagetable, free it */
1133 if (start_pfn <= level_pfn &&
1134 last_pfn >= level_pfn + level_size(level) - 1) {
1135 /* These suborbinate page tables are going away entirely. Don't
1136 bother to clear them; we're just going to *free* them. */
1137 if (level > 1 && !dma_pte_superpage(pte))
1138 freelist = dma_pte_list_pagetables(domain, level - 1, pte, freelist);
1144 } else if (level > 1) {
1145 /* Recurse down into a level that isn't *entirely* obsolete */
1146 freelist = dma_pte_clear_level(domain, level - 1,
1147 phys_to_virt(dma_pte_addr(pte)),
1148 level_pfn, start_pfn, last_pfn,
1152 pfn += level_size(level);
1153 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
1156 domain_flush_cache(domain, first_pte,
1157 (void *)++last_pte - (void *)first_pte);
1162 /* We can't just free the pages because the IOMMU may still be walking
1163 the page tables, and may have cached the intermediate levels. The
1164 pages can only be freed after the IOTLB flush has been done. */
1165 struct page *domain_unmap(struct dmar_domain *domain,
1166 unsigned long start_pfn,
1167 unsigned long last_pfn)
1169 struct page *freelist = NULL;
1171 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1172 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1173 BUG_ON(start_pfn > last_pfn);
1175 /* we don't need lock here; nobody else touches the iova range */
1176 freelist = dma_pte_clear_level(domain, agaw_to_level(domain->agaw),
1177 domain->pgd, 0, start_pfn, last_pfn, NULL);
1180 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1181 struct page *pgd_page = virt_to_page(domain->pgd);
1182 pgd_page->freelist = freelist;
1183 freelist = pgd_page;
1191 void dma_free_pagelist(struct page *freelist)
1195 while ((pg = freelist)) {
1196 freelist = pg->freelist;
1197 free_pgtable_page(page_address(pg));
1201 /* iommu handling */
1202 static int iommu_alloc_root_entry(struct intel_iommu *iommu)
1204 struct root_entry *root;
1205 unsigned long flags;
1207 root = (struct root_entry *)alloc_pgtable_page(iommu->node);
1209 pr_err("Allocating root entry for %s failed\n",
1214 __iommu_flush_cache(iommu, root, ROOT_SIZE);
1216 spin_lock_irqsave(&iommu->lock, flags);
1217 iommu->root_entry = root;
1218 spin_unlock_irqrestore(&iommu->lock, flags);
1223 static void iommu_set_root_entry(struct intel_iommu *iommu)
1229 addr = virt_to_phys(iommu->root_entry);
1230 if (ecs_enabled(iommu))
1231 addr |= DMA_RTADDR_RTT;
1233 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1234 dmar_writeq(iommu->reg + DMAR_RTADDR_REG, addr);
1236 writel(iommu->gcmd | DMA_GCMD_SRTP, iommu->reg + DMAR_GCMD_REG);
1238 /* Make sure hardware complete it */
1239 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1240 readl, (sts & DMA_GSTS_RTPS), sts);
1242 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1245 static void iommu_flush_write_buffer(struct intel_iommu *iommu)
1250 if (!rwbf_quirk && !cap_rwbf(iommu->cap))
1253 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1254 writel(iommu->gcmd | DMA_GCMD_WBF, iommu->reg + DMAR_GCMD_REG);
1256 /* Make sure hardware complete it */
1257 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1258 readl, (!(val & DMA_GSTS_WBFS)), val);
1260 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1263 /* return value determine if we need a write buffer flush */
1264 static void __iommu_flush_context(struct intel_iommu *iommu,
1265 u16 did, u16 source_id, u8 function_mask,
1272 case DMA_CCMD_GLOBAL_INVL:
1273 val = DMA_CCMD_GLOBAL_INVL;
1275 case DMA_CCMD_DOMAIN_INVL:
1276 val = DMA_CCMD_DOMAIN_INVL|DMA_CCMD_DID(did);
1278 case DMA_CCMD_DEVICE_INVL:
1279 val = DMA_CCMD_DEVICE_INVL|DMA_CCMD_DID(did)
1280 | DMA_CCMD_SID(source_id) | DMA_CCMD_FM(function_mask);
1285 val |= DMA_CCMD_ICC;
1287 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1288 dmar_writeq(iommu->reg + DMAR_CCMD_REG, val);
1290 /* Make sure hardware complete it */
1291 IOMMU_WAIT_OP(iommu, DMAR_CCMD_REG,
1292 dmar_readq, (!(val & DMA_CCMD_ICC)), val);
1294 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1297 /* return value determine if we need a write buffer flush */
1298 static void __iommu_flush_iotlb(struct intel_iommu *iommu, u16 did,
1299 u64 addr, unsigned int size_order, u64 type)
1301 int tlb_offset = ecap_iotlb_offset(iommu->ecap);
1302 u64 val = 0, val_iva = 0;
1306 case DMA_TLB_GLOBAL_FLUSH:
1307 /* global flush doesn't need set IVA_REG */
1308 val = DMA_TLB_GLOBAL_FLUSH|DMA_TLB_IVT;
1310 case DMA_TLB_DSI_FLUSH:
1311 val = DMA_TLB_DSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1313 case DMA_TLB_PSI_FLUSH:
1314 val = DMA_TLB_PSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1315 /* IH bit is passed in as part of address */
1316 val_iva = size_order | addr;
1321 /* Note: set drain read/write */
1324 * This is probably to be super secure.. Looks like we can
1325 * ignore it without any impact.
1327 if (cap_read_drain(iommu->cap))
1328 val |= DMA_TLB_READ_DRAIN;
1330 if (cap_write_drain(iommu->cap))
1331 val |= DMA_TLB_WRITE_DRAIN;
1333 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1334 /* Note: Only uses first TLB reg currently */
1336 dmar_writeq(iommu->reg + tlb_offset, val_iva);
1337 dmar_writeq(iommu->reg + tlb_offset + 8, val);
1339 /* Make sure hardware complete it */
1340 IOMMU_WAIT_OP(iommu, tlb_offset + 8,
1341 dmar_readq, (!(val & DMA_TLB_IVT)), val);
1343 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1345 /* check IOTLB invalidation granularity */
1346 if (DMA_TLB_IAIG(val) == 0)
1347 pr_err("Flush IOTLB failed\n");
1348 if (DMA_TLB_IAIG(val) != DMA_TLB_IIRG(type))
1349 pr_debug("TLB flush request %Lx, actual %Lx\n",
1350 (unsigned long long)DMA_TLB_IIRG(type),
1351 (unsigned long long)DMA_TLB_IAIG(val));
1354 static struct device_domain_info *
1355 iommu_support_dev_iotlb (struct dmar_domain *domain, struct intel_iommu *iommu,
1359 unsigned long flags;
1360 struct device_domain_info *info;
1361 struct pci_dev *pdev;
1363 if (!ecap_dev_iotlb_support(iommu->ecap))
1369 spin_lock_irqsave(&device_domain_lock, flags);
1370 list_for_each_entry(info, &domain->devices, link)
1371 if (info->iommu == iommu && info->bus == bus &&
1372 info->devfn == devfn) {
1376 spin_unlock_irqrestore(&device_domain_lock, flags);
1378 if (!found || !info->dev || !dev_is_pci(info->dev))
1381 pdev = to_pci_dev(info->dev);
1383 if (!pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS))
1386 if (!dmar_find_matched_atsr_unit(pdev))
1392 static void iommu_enable_dev_iotlb(struct device_domain_info *info)
1394 if (!info || !dev_is_pci(info->dev))
1397 pci_enable_ats(to_pci_dev(info->dev), VTD_PAGE_SHIFT);
1400 static void iommu_disable_dev_iotlb(struct device_domain_info *info)
1402 if (!info->dev || !dev_is_pci(info->dev) ||
1403 !pci_ats_enabled(to_pci_dev(info->dev)))
1406 pci_disable_ats(to_pci_dev(info->dev));
1409 static void iommu_flush_dev_iotlb(struct dmar_domain *domain,
1410 u64 addr, unsigned mask)
1413 unsigned long flags;
1414 struct device_domain_info *info;
1416 spin_lock_irqsave(&device_domain_lock, flags);
1417 list_for_each_entry(info, &domain->devices, link) {
1418 struct pci_dev *pdev;
1419 if (!info->dev || !dev_is_pci(info->dev))
1422 pdev = to_pci_dev(info->dev);
1423 if (!pci_ats_enabled(pdev))
1426 sid = info->bus << 8 | info->devfn;
1427 qdep = pci_ats_queue_depth(pdev);
1428 qi_flush_dev_iotlb(info->iommu, sid, qdep, addr, mask);
1430 spin_unlock_irqrestore(&device_domain_lock, flags);
1433 static void iommu_flush_iotlb_psi(struct intel_iommu *iommu, u16 did,
1434 unsigned long pfn, unsigned int pages, int ih, int map)
1436 unsigned int mask = ilog2(__roundup_pow_of_two(pages));
1437 uint64_t addr = (uint64_t)pfn << VTD_PAGE_SHIFT;
1444 * Fallback to domain selective flush if no PSI support or the size is
1446 * PSI requires page size to be 2 ^ x, and the base address is naturally
1447 * aligned to the size
1449 if (!cap_pgsel_inv(iommu->cap) || mask > cap_max_amask_val(iommu->cap))
1450 iommu->flush.flush_iotlb(iommu, did, 0, 0,
1453 iommu->flush.flush_iotlb(iommu, did, addr | ih, mask,
1457 * In caching mode, changes of pages from non-present to present require
1458 * flush. However, device IOTLB doesn't need to be flushed in this case.
1460 if (!cap_caching_mode(iommu->cap) || !map)
1461 iommu_flush_dev_iotlb(iommu->domains[did], addr, mask);
1464 static void iommu_disable_protect_mem_regions(struct intel_iommu *iommu)
1467 unsigned long flags;
1469 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1470 pmen = readl(iommu->reg + DMAR_PMEN_REG);
1471 pmen &= ~DMA_PMEN_EPM;
1472 writel(pmen, iommu->reg + DMAR_PMEN_REG);
1474 /* wait for the protected region status bit to clear */
1475 IOMMU_WAIT_OP(iommu, DMAR_PMEN_REG,
1476 readl, !(pmen & DMA_PMEN_PRS), pmen);
1478 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1481 static void iommu_enable_translation(struct intel_iommu *iommu)
1484 unsigned long flags;
1486 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1487 iommu->gcmd |= DMA_GCMD_TE;
1488 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1490 /* Make sure hardware complete it */
1491 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1492 readl, (sts & DMA_GSTS_TES), sts);
1494 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1497 static void iommu_disable_translation(struct intel_iommu *iommu)
1502 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1503 iommu->gcmd &= ~DMA_GCMD_TE;
1504 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1506 /* Make sure hardware complete it */
1507 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1508 readl, (!(sts & DMA_GSTS_TES)), sts);
1510 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1514 static int iommu_init_domains(struct intel_iommu *iommu)
1516 unsigned long ndomains;
1517 unsigned long nlongs;
1519 ndomains = cap_ndoms(iommu->cap);
1520 pr_debug("%s: Number of Domains supported <%ld>\n",
1521 iommu->name, ndomains);
1522 nlongs = BITS_TO_LONGS(ndomains);
1524 spin_lock_init(&iommu->lock);
1526 /* TBD: there might be 64K domains,
1527 * consider other allocation for future chip
1529 iommu->domain_ids = kcalloc(nlongs, sizeof(unsigned long), GFP_KERNEL);
1530 if (!iommu->domain_ids) {
1531 pr_err("%s: Allocating domain id array failed\n",
1535 iommu->domains = kcalloc(ndomains, sizeof(struct dmar_domain *),
1537 if (!iommu->domains) {
1538 pr_err("%s: Allocating domain array failed\n",
1540 kfree(iommu->domain_ids);
1541 iommu->domain_ids = NULL;
1546 * if Caching mode is set, then invalid translations are tagged
1547 * with domainid 0. Hence we need to pre-allocate it.
1549 if (cap_caching_mode(iommu->cap))
1550 set_bit(0, iommu->domain_ids);
1554 static void disable_dmar_iommu(struct intel_iommu *iommu)
1556 struct dmar_domain *domain;
1559 if ((iommu->domains) && (iommu->domain_ids)) {
1560 for_each_set_bit(i, iommu->domain_ids, cap_ndoms(iommu->cap)) {
1562 * Domain id 0 is reserved for invalid translation
1563 * if hardware supports caching mode.
1565 if (cap_caching_mode(iommu->cap) && i == 0)
1568 domain = iommu->domains[i];
1569 clear_bit(i, iommu->domain_ids);
1570 if (domain_detach_iommu(domain, iommu) == 0 &&
1571 !domain_type_is_vm(domain))
1572 domain_exit(domain);
1576 if (iommu->gcmd & DMA_GCMD_TE)
1577 iommu_disable_translation(iommu);
1580 static void free_dmar_iommu(struct intel_iommu *iommu)
1582 if ((iommu->domains) && (iommu->domain_ids)) {
1583 kfree(iommu->domains);
1584 kfree(iommu->domain_ids);
1585 iommu->domains = NULL;
1586 iommu->domain_ids = NULL;
1589 g_iommus[iommu->seq_id] = NULL;
1591 /* free context mapping */
1592 free_context_table(iommu);
1595 static struct dmar_domain *alloc_domain(int flags)
1597 /* domain id for virtual machine, it won't be set in context */
1598 static atomic_t vm_domid = ATOMIC_INIT(0);
1599 struct dmar_domain *domain;
1601 domain = alloc_domain_mem();
1605 memset(domain, 0, sizeof(*domain));
1607 domain->flags = flags;
1608 spin_lock_init(&domain->iommu_lock);
1609 INIT_LIST_HEAD(&domain->devices);
1610 if (flags & DOMAIN_FLAG_VIRTUAL_MACHINE)
1611 domain->id = atomic_inc_return(&vm_domid);
1616 static int __iommu_attach_domain(struct dmar_domain *domain,
1617 struct intel_iommu *iommu)
1620 unsigned long ndomains;
1622 ndomains = cap_ndoms(iommu->cap);
1623 num = find_first_zero_bit(iommu->domain_ids, ndomains);
1624 if (num < ndomains) {
1625 set_bit(num, iommu->domain_ids);
1626 iommu->domains[num] = domain;
1634 static int iommu_attach_domain(struct dmar_domain *domain,
1635 struct intel_iommu *iommu)
1638 unsigned long flags;
1640 spin_lock_irqsave(&iommu->lock, flags);
1641 num = __iommu_attach_domain(domain, iommu);
1642 spin_unlock_irqrestore(&iommu->lock, flags);
1644 pr_err("%s: No free domain ids\n", iommu->name);
1649 static int iommu_attach_vm_domain(struct dmar_domain *domain,
1650 struct intel_iommu *iommu)
1653 unsigned long ndomains;
1655 ndomains = cap_ndoms(iommu->cap);
1656 for_each_set_bit(num, iommu->domain_ids, ndomains)
1657 if (iommu->domains[num] == domain)
1660 return __iommu_attach_domain(domain, iommu);
1663 static void iommu_detach_domain(struct dmar_domain *domain,
1664 struct intel_iommu *iommu)
1666 unsigned long flags;
1669 spin_lock_irqsave(&iommu->lock, flags);
1670 if (domain_type_is_vm_or_si(domain)) {
1671 ndomains = cap_ndoms(iommu->cap);
1672 for_each_set_bit(num, iommu->domain_ids, ndomains) {
1673 if (iommu->domains[num] == domain) {
1674 clear_bit(num, iommu->domain_ids);
1675 iommu->domains[num] = NULL;
1680 clear_bit(domain->id, iommu->domain_ids);
1681 iommu->domains[domain->id] = NULL;
1683 spin_unlock_irqrestore(&iommu->lock, flags);
1686 static void domain_attach_iommu(struct dmar_domain *domain,
1687 struct intel_iommu *iommu)
1689 unsigned long flags;
1691 spin_lock_irqsave(&domain->iommu_lock, flags);
1692 if (!test_and_set_bit(iommu->seq_id, domain->iommu_bmp)) {
1693 domain->iommu_count++;
1694 if (domain->iommu_count == 1)
1695 domain->nid = iommu->node;
1696 domain_update_iommu_cap(domain);
1698 spin_unlock_irqrestore(&domain->iommu_lock, flags);
1701 static int domain_detach_iommu(struct dmar_domain *domain,
1702 struct intel_iommu *iommu)
1704 unsigned long flags;
1705 int count = INT_MAX;
1707 spin_lock_irqsave(&domain->iommu_lock, flags);
1708 if (test_and_clear_bit(iommu->seq_id, domain->iommu_bmp)) {
1709 count = --domain->iommu_count;
1710 domain_update_iommu_cap(domain);
1712 spin_unlock_irqrestore(&domain->iommu_lock, flags);
1717 static struct iova_domain reserved_iova_list;
1718 static struct lock_class_key reserved_rbtree_key;
1720 static int dmar_init_reserved_ranges(void)
1722 struct pci_dev *pdev = NULL;
1726 init_iova_domain(&reserved_iova_list, VTD_PAGE_SIZE, IOVA_START_PFN,
1729 lockdep_set_class(&reserved_iova_list.iova_rbtree_lock,
1730 &reserved_rbtree_key);
1732 /* IOAPIC ranges shouldn't be accessed by DMA */
1733 iova = reserve_iova(&reserved_iova_list, IOVA_PFN(IOAPIC_RANGE_START),
1734 IOVA_PFN(IOAPIC_RANGE_END));
1736 pr_err("Reserve IOAPIC range failed\n");
1740 /* Reserve all PCI MMIO to avoid peer-to-peer access */
1741 for_each_pci_dev(pdev) {
1744 for (i = 0; i < PCI_NUM_RESOURCES; i++) {
1745 r = &pdev->resource[i];
1746 if (!r->flags || !(r->flags & IORESOURCE_MEM))
1748 iova = reserve_iova(&reserved_iova_list,
1752 pr_err("Reserve iova failed\n");
1760 static void domain_reserve_special_ranges(struct dmar_domain *domain)
1762 copy_reserved_iova(&reserved_iova_list, &domain->iovad);
1765 static inline int guestwidth_to_adjustwidth(int gaw)
1768 int r = (gaw - 12) % 9;
1779 static int domain_init(struct dmar_domain *domain, int guest_width)
1781 struct intel_iommu *iommu;
1782 int adjust_width, agaw;
1783 unsigned long sagaw;
1785 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
1787 domain_reserve_special_ranges(domain);
1789 /* calculate AGAW */
1790 iommu = domain_get_iommu(domain);
1791 if (guest_width > cap_mgaw(iommu->cap))
1792 guest_width = cap_mgaw(iommu->cap);
1793 domain->gaw = guest_width;
1794 adjust_width = guestwidth_to_adjustwidth(guest_width);
1795 agaw = width_to_agaw(adjust_width);
1796 sagaw = cap_sagaw(iommu->cap);
1797 if (!test_bit(agaw, &sagaw)) {
1798 /* hardware doesn't support it, choose a bigger one */
1799 pr_debug("Hardware doesn't support agaw %d\n", agaw);
1800 agaw = find_next_bit(&sagaw, 5, agaw);
1804 domain->agaw = agaw;
1806 if (ecap_coherent(iommu->ecap))
1807 domain->iommu_coherency = 1;
1809 domain->iommu_coherency = 0;
1811 if (ecap_sc_support(iommu->ecap))
1812 domain->iommu_snooping = 1;
1814 domain->iommu_snooping = 0;
1816 if (intel_iommu_superpage)
1817 domain->iommu_superpage = fls(cap_super_page_val(iommu->cap));
1819 domain->iommu_superpage = 0;
1821 domain->nid = iommu->node;
1823 /* always allocate the top pgd */
1824 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
1827 __iommu_flush_cache(iommu, domain->pgd, PAGE_SIZE);
1831 static void domain_exit(struct dmar_domain *domain)
1833 struct page *freelist = NULL;
1836 /* Domain 0 is reserved, so dont process it */
1840 /* Flush any lazy unmaps that may reference this domain */
1841 if (!intel_iommu_strict)
1842 flush_unmaps_timeout(0);
1844 /* remove associated devices */
1845 domain_remove_dev_info(domain);
1848 put_iova_domain(&domain->iovad);
1850 freelist = domain_unmap(domain, 0, DOMAIN_MAX_PFN(domain->gaw));
1852 /* clear attached or cached domains */
1854 for_each_set_bit(i, domain->iommu_bmp, g_num_of_iommus)
1855 iommu_detach_domain(domain, g_iommus[i]);
1858 dma_free_pagelist(freelist);
1860 free_domain_mem(domain);
1863 static int domain_context_mapping_one(struct dmar_domain *domain,
1864 struct intel_iommu *iommu,
1865 u8 bus, u8 devfn, int translation)
1867 struct context_entry *context;
1868 unsigned long flags;
1869 struct dma_pte *pgd;
1872 struct device_domain_info *info = NULL;
1874 pr_debug("Set context mapping for %02x:%02x.%d\n",
1875 bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
1877 BUG_ON(!domain->pgd);
1878 BUG_ON(translation != CONTEXT_TT_PASS_THROUGH &&
1879 translation != CONTEXT_TT_MULTI_LEVEL);
1881 spin_lock_irqsave(&iommu->lock, flags);
1882 context = iommu_context_addr(iommu, bus, devfn, 1);
1883 spin_unlock_irqrestore(&iommu->lock, flags);
1886 spin_lock_irqsave(&iommu->lock, flags);
1887 if (context_present(context)) {
1888 spin_unlock_irqrestore(&iommu->lock, flags);
1892 context_clear_entry(context);
1897 if (domain_type_is_vm_or_si(domain)) {
1898 if (domain_type_is_vm(domain)) {
1899 id = iommu_attach_vm_domain(domain, iommu);
1901 spin_unlock_irqrestore(&iommu->lock, flags);
1902 pr_err("%s: No free domain ids\n", iommu->name);
1907 /* Skip top levels of page tables for
1908 * iommu which has less agaw than default.
1909 * Unnecessary for PT mode.
1911 if (translation != CONTEXT_TT_PASS_THROUGH) {
1912 for (agaw = domain->agaw; agaw != iommu->agaw; agaw--) {
1913 pgd = phys_to_virt(dma_pte_addr(pgd));
1914 if (!dma_pte_present(pgd)) {
1915 spin_unlock_irqrestore(&iommu->lock, flags);
1922 context_set_domain_id(context, id);
1924 if (translation != CONTEXT_TT_PASS_THROUGH) {
1925 info = iommu_support_dev_iotlb(domain, iommu, bus, devfn);
1926 translation = info ? CONTEXT_TT_DEV_IOTLB :
1927 CONTEXT_TT_MULTI_LEVEL;
1930 * In pass through mode, AW must be programmed to indicate the largest
1931 * AGAW value supported by hardware. And ASR is ignored by hardware.
1933 if (unlikely(translation == CONTEXT_TT_PASS_THROUGH))
1934 context_set_address_width(context, iommu->msagaw);
1936 context_set_address_root(context, virt_to_phys(pgd));
1937 context_set_address_width(context, iommu->agaw);
1940 context_set_translation_type(context, translation);
1941 context_set_fault_enable(context);
1942 context_set_present(context);
1943 domain_flush_cache(domain, context, sizeof(*context));
1946 * It's a non-present to present mapping. If hardware doesn't cache
1947 * non-present entry we only need to flush the write-buffer. If the
1948 * _does_ cache non-present entries, then it does so in the special
1949 * domain #0, which we have to flush:
1951 if (cap_caching_mode(iommu->cap)) {
1952 iommu->flush.flush_context(iommu, 0,
1953 (((u16)bus) << 8) | devfn,
1954 DMA_CCMD_MASK_NOBIT,
1955 DMA_CCMD_DEVICE_INVL);
1956 iommu->flush.flush_iotlb(iommu, id, 0, 0, DMA_TLB_DSI_FLUSH);
1958 iommu_flush_write_buffer(iommu);
1960 iommu_enable_dev_iotlb(info);
1961 spin_unlock_irqrestore(&iommu->lock, flags);
1963 domain_attach_iommu(domain, iommu);
1968 struct domain_context_mapping_data {
1969 struct dmar_domain *domain;
1970 struct intel_iommu *iommu;
1974 static int domain_context_mapping_cb(struct pci_dev *pdev,
1975 u16 alias, void *opaque)
1977 struct domain_context_mapping_data *data = opaque;
1979 return domain_context_mapping_one(data->domain, data->iommu,
1980 PCI_BUS_NUM(alias), alias & 0xff,
1985 domain_context_mapping(struct dmar_domain *domain, struct device *dev,
1988 struct intel_iommu *iommu;
1990 struct domain_context_mapping_data data;
1992 iommu = device_to_iommu(dev, &bus, &devfn);
1996 if (!dev_is_pci(dev))
1997 return domain_context_mapping_one(domain, iommu, bus, devfn,
2000 data.domain = domain;
2002 data.translation = translation;
2004 return pci_for_each_dma_alias(to_pci_dev(dev),
2005 &domain_context_mapping_cb, &data);
2008 static int domain_context_mapped_cb(struct pci_dev *pdev,
2009 u16 alias, void *opaque)
2011 struct intel_iommu *iommu = opaque;
2013 return !device_context_mapped(iommu, PCI_BUS_NUM(alias), alias & 0xff);
2016 static int domain_context_mapped(struct device *dev)
2018 struct intel_iommu *iommu;
2021 iommu = device_to_iommu(dev, &bus, &devfn);
2025 if (!dev_is_pci(dev))
2026 return device_context_mapped(iommu, bus, devfn);
2028 return !pci_for_each_dma_alias(to_pci_dev(dev),
2029 domain_context_mapped_cb, iommu);
2032 /* Returns a number of VTD pages, but aligned to MM page size */
2033 static inline unsigned long aligned_nrpages(unsigned long host_addr,
2036 host_addr &= ~PAGE_MASK;
2037 return PAGE_ALIGN(host_addr + size) >> VTD_PAGE_SHIFT;
2040 /* Return largest possible superpage level for a given mapping */
2041 static inline int hardware_largepage_caps(struct dmar_domain *domain,
2042 unsigned long iov_pfn,
2043 unsigned long phy_pfn,
2044 unsigned long pages)
2046 int support, level = 1;
2047 unsigned long pfnmerge;
2049 support = domain->iommu_superpage;
2051 /* To use a large page, the virtual *and* physical addresses
2052 must be aligned to 2MiB/1GiB/etc. Lower bits set in either
2053 of them will mean we have to use smaller pages. So just
2054 merge them and check both at once. */
2055 pfnmerge = iov_pfn | phy_pfn;
2057 while (support && !(pfnmerge & ~VTD_STRIDE_MASK)) {
2058 pages >>= VTD_STRIDE_SHIFT;
2061 pfnmerge >>= VTD_STRIDE_SHIFT;
2068 static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2069 struct scatterlist *sg, unsigned long phys_pfn,
2070 unsigned long nr_pages, int prot)
2072 struct dma_pte *first_pte = NULL, *pte = NULL;
2073 phys_addr_t uninitialized_var(pteval);
2074 unsigned long sg_res = 0;
2075 unsigned int largepage_lvl = 0;
2076 unsigned long lvl_pages = 0;
2078 BUG_ON(!domain_pfn_supported(domain, iov_pfn + nr_pages - 1));
2080 if ((prot & (DMA_PTE_READ|DMA_PTE_WRITE)) == 0)
2083 prot &= DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP;
2087 pteval = ((phys_addr_t)phys_pfn << VTD_PAGE_SHIFT) | prot;
2090 while (nr_pages > 0) {
2094 sg_res = aligned_nrpages(sg->offset, sg->length);
2095 sg->dma_address = ((dma_addr_t)iov_pfn << VTD_PAGE_SHIFT) + sg->offset;
2096 sg->dma_length = sg->length;
2097 pteval = page_to_phys(sg_page(sg)) | prot;
2098 phys_pfn = pteval >> VTD_PAGE_SHIFT;
2102 largepage_lvl = hardware_largepage_caps(domain, iov_pfn, phys_pfn, sg_res);
2104 first_pte = pte = pfn_to_dma_pte(domain, iov_pfn, &largepage_lvl);
2107 /* It is large page*/
2108 if (largepage_lvl > 1) {
2109 pteval |= DMA_PTE_LARGE_PAGE;
2110 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2112 * Ensure that old small page tables are
2113 * removed to make room for superpage,
2116 dma_pte_free_pagetable(domain, iov_pfn,
2117 iov_pfn + lvl_pages - 1);
2119 pteval &= ~(uint64_t)DMA_PTE_LARGE_PAGE;
2123 /* We don't need lock here, nobody else
2124 * touches the iova range
2126 tmp = cmpxchg64_local(&pte->val, 0ULL, pteval);
2128 static int dumps = 5;
2129 pr_crit("ERROR: DMA PTE for vPFN 0x%lx already set (to %llx not %llx)\n",
2130 iov_pfn, tmp, (unsigned long long)pteval);
2133 debug_dma_dump_mappings(NULL);
2138 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2140 BUG_ON(nr_pages < lvl_pages);
2141 BUG_ON(sg_res < lvl_pages);
2143 nr_pages -= lvl_pages;
2144 iov_pfn += lvl_pages;
2145 phys_pfn += lvl_pages;
2146 pteval += lvl_pages * VTD_PAGE_SIZE;
2147 sg_res -= lvl_pages;
2149 /* If the next PTE would be the first in a new page, then we
2150 need to flush the cache on the entries we've just written.
2151 And then we'll need to recalculate 'pte', so clear it and
2152 let it get set again in the if (!pte) block above.
2154 If we're done (!nr_pages) we need to flush the cache too.
2156 Also if we've been setting superpages, we may need to
2157 recalculate 'pte' and switch back to smaller pages for the
2158 end of the mapping, if the trailing size is not enough to
2159 use another superpage (i.e. sg_res < lvl_pages). */
2161 if (!nr_pages || first_pte_in_page(pte) ||
2162 (largepage_lvl > 1 && sg_res < lvl_pages)) {
2163 domain_flush_cache(domain, first_pte,
2164 (void *)pte - (void *)first_pte);
2168 if (!sg_res && nr_pages)
2174 static inline int domain_sg_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2175 struct scatterlist *sg, unsigned long nr_pages,
2178 return __domain_mapping(domain, iov_pfn, sg, 0, nr_pages, prot);
2181 static inline int domain_pfn_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2182 unsigned long phys_pfn, unsigned long nr_pages,
2185 return __domain_mapping(domain, iov_pfn, NULL, phys_pfn, nr_pages, prot);
2188 static void iommu_detach_dev(struct intel_iommu *iommu, u8 bus, u8 devfn)
2193 clear_context_table(iommu, bus, devfn);
2194 iommu->flush.flush_context(iommu, 0, 0, 0,
2195 DMA_CCMD_GLOBAL_INVL);
2196 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
2199 static inline void unlink_domain_info(struct device_domain_info *info)
2201 assert_spin_locked(&device_domain_lock);
2202 list_del(&info->link);
2203 list_del(&info->global);
2205 info->dev->archdata.iommu = NULL;
2208 static void domain_remove_dev_info(struct dmar_domain *domain)
2210 struct device_domain_info *info, *tmp;
2211 unsigned long flags;
2213 spin_lock_irqsave(&device_domain_lock, flags);
2214 list_for_each_entry_safe(info, tmp, &domain->devices, link) {
2215 unlink_domain_info(info);
2216 spin_unlock_irqrestore(&device_domain_lock, flags);
2218 iommu_disable_dev_iotlb(info);
2219 iommu_detach_dev(info->iommu, info->bus, info->devfn);
2221 if (domain_type_is_vm(domain)) {
2222 iommu_detach_dependent_devices(info->iommu, info->dev);
2223 domain_detach_iommu(domain, info->iommu);
2226 free_devinfo_mem(info);
2227 spin_lock_irqsave(&device_domain_lock, flags);
2229 spin_unlock_irqrestore(&device_domain_lock, flags);
2234 * Note: we use struct device->archdata.iommu stores the info
2236 static struct dmar_domain *find_domain(struct device *dev)
2238 struct device_domain_info *info;
2240 /* No lock here, assumes no domain exit in normal case */
2241 info = dev->archdata.iommu;
2243 return info->domain;
2247 static inline struct device_domain_info *
2248 dmar_search_domain_by_dev_info(int segment, int bus, int devfn)
2250 struct device_domain_info *info;
2252 list_for_each_entry(info, &device_domain_list, global)
2253 if (info->iommu->segment == segment && info->bus == bus &&
2254 info->devfn == devfn)
2260 static struct dmar_domain *dmar_insert_dev_info(struct intel_iommu *iommu,
2263 struct dmar_domain *domain)
2265 struct dmar_domain *found = NULL;
2266 struct device_domain_info *info;
2267 unsigned long flags;
2269 info = alloc_devinfo_mem();
2274 info->devfn = devfn;
2276 info->domain = domain;
2277 info->iommu = iommu;
2279 spin_lock_irqsave(&device_domain_lock, flags);
2281 found = find_domain(dev);
2283 struct device_domain_info *info2;
2284 info2 = dmar_search_domain_by_dev_info(iommu->segment, bus, devfn);
2286 found = info2->domain;
2289 spin_unlock_irqrestore(&device_domain_lock, flags);
2290 free_devinfo_mem(info);
2291 /* Caller must free the original domain */
2295 list_add(&info->link, &domain->devices);
2296 list_add(&info->global, &device_domain_list);
2298 dev->archdata.iommu = info;
2299 spin_unlock_irqrestore(&device_domain_lock, flags);
2304 static int get_last_alias(struct pci_dev *pdev, u16 alias, void *opaque)
2306 *(u16 *)opaque = alias;
2310 /* domain is initialized */
2311 static struct dmar_domain *get_domain_for_dev(struct device *dev, int gaw)
2313 struct dmar_domain *domain, *tmp;
2314 struct intel_iommu *iommu;
2315 struct device_domain_info *info;
2317 unsigned long flags;
2320 domain = find_domain(dev);
2324 iommu = device_to_iommu(dev, &bus, &devfn);
2328 if (dev_is_pci(dev)) {
2329 struct pci_dev *pdev = to_pci_dev(dev);
2331 pci_for_each_dma_alias(pdev, get_last_alias, &dma_alias);
2333 spin_lock_irqsave(&device_domain_lock, flags);
2334 info = dmar_search_domain_by_dev_info(pci_domain_nr(pdev->bus),
2335 PCI_BUS_NUM(dma_alias),
2338 iommu = info->iommu;
2339 domain = info->domain;
2341 spin_unlock_irqrestore(&device_domain_lock, flags);
2343 /* DMA alias already has a domain, uses it */
2348 /* Allocate and initialize new domain for the device */
2349 domain = alloc_domain(0);
2352 domain->id = iommu_attach_domain(domain, iommu);
2353 if (domain->id < 0) {
2354 free_domain_mem(domain);
2357 domain_attach_iommu(domain, iommu);
2358 if (domain_init(domain, gaw)) {
2359 domain_exit(domain);
2363 /* register PCI DMA alias device */
2364 if (dev_is_pci(dev)) {
2365 tmp = dmar_insert_dev_info(iommu, PCI_BUS_NUM(dma_alias),
2366 dma_alias & 0xff, NULL, domain);
2368 if (!tmp || tmp != domain) {
2369 domain_exit(domain);
2378 tmp = dmar_insert_dev_info(iommu, bus, devfn, dev, domain);
2380 if (!tmp || tmp != domain) {
2381 domain_exit(domain);
2388 static int iommu_identity_mapping;
2389 #define IDENTMAP_ALL 1
2390 #define IDENTMAP_GFX 2
2391 #define IDENTMAP_AZALIA 4
2393 static int iommu_domain_identity_map(struct dmar_domain *domain,
2394 unsigned long long start,
2395 unsigned long long end)
2397 unsigned long first_vpfn = start >> VTD_PAGE_SHIFT;
2398 unsigned long last_vpfn = end >> VTD_PAGE_SHIFT;
2400 if (!reserve_iova(&domain->iovad, dma_to_mm_pfn(first_vpfn),
2401 dma_to_mm_pfn(last_vpfn))) {
2402 pr_err("Reserving iova failed\n");
2406 pr_debug("Mapping reserved region %llx-%llx for domain %d\n",
2407 start, end, domain->id);
2409 * RMRR range might have overlap with physical memory range,
2412 dma_pte_clear_range(domain, first_vpfn, last_vpfn);
2414 return domain_pfn_mapping(domain, first_vpfn, first_vpfn,
2415 last_vpfn - first_vpfn + 1,
2416 DMA_PTE_READ|DMA_PTE_WRITE);
2419 static int iommu_prepare_identity_map(struct device *dev,
2420 unsigned long long start,
2421 unsigned long long end)
2423 struct dmar_domain *domain;
2426 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
2430 /* For _hardware_ passthrough, don't bother. But for software
2431 passthrough, we do it anyway -- it may indicate a memory
2432 range which is reserved in E820, so which didn't get set
2433 up to start with in si_domain */
2434 if (domain == si_domain && hw_pass_through) {
2435 pr_warn("Ignoring identity map for HW passthrough device %s [0x%Lx - 0x%Lx]\n",
2436 dev_name(dev), start, end);
2440 pr_info("Setting identity map for device %s [0x%Lx - 0x%Lx]\n",
2441 dev_name(dev), start, end);
2444 WARN(1, "Your BIOS is broken; RMRR ends before it starts!\n"
2445 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2446 dmi_get_system_info(DMI_BIOS_VENDOR),
2447 dmi_get_system_info(DMI_BIOS_VERSION),
2448 dmi_get_system_info(DMI_PRODUCT_VERSION));
2453 if (end >> agaw_to_width(domain->agaw)) {
2454 WARN(1, "Your BIOS is broken; RMRR exceeds permitted address width (%d bits)\n"
2455 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2456 agaw_to_width(domain->agaw),
2457 dmi_get_system_info(DMI_BIOS_VENDOR),
2458 dmi_get_system_info(DMI_BIOS_VERSION),
2459 dmi_get_system_info(DMI_PRODUCT_VERSION));
2464 ret = iommu_domain_identity_map(domain, start, end);
2468 /* context entry init */
2469 ret = domain_context_mapping(domain, dev, CONTEXT_TT_MULTI_LEVEL);
2476 domain_exit(domain);
2480 static inline int iommu_prepare_rmrr_dev(struct dmar_rmrr_unit *rmrr,
2483 if (dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO)
2485 return iommu_prepare_identity_map(dev, rmrr->base_address,
2489 #ifdef CONFIG_INTEL_IOMMU_FLOPPY_WA
2490 static inline void iommu_prepare_isa(void)
2492 struct pci_dev *pdev;
2495 pdev = pci_get_class(PCI_CLASS_BRIDGE_ISA << 8, NULL);
2499 pr_info("Prepare 0-16MiB unity mapping for LPC\n");
2500 ret = iommu_prepare_identity_map(&pdev->dev, 0, 16*1024*1024 - 1);
2503 pr_err("Failed to create 0-16MiB identity map - floppy might not work\n");
2508 static inline void iommu_prepare_isa(void)
2512 #endif /* !CONFIG_INTEL_IOMMU_FLPY_WA */
2514 static int md_domain_init(struct dmar_domain *domain, int guest_width);
2516 static int __init si_domain_init(int hw)
2518 struct dmar_drhd_unit *drhd;
2519 struct intel_iommu *iommu;
2523 si_domain = alloc_domain(DOMAIN_FLAG_STATIC_IDENTITY);
2527 for_each_active_iommu(iommu, drhd) {
2528 ret = iommu_attach_domain(si_domain, iommu);
2530 domain_exit(si_domain);
2533 si_domain->id = ret;
2535 } else if (si_domain->id != ret) {
2536 domain_exit(si_domain);
2539 domain_attach_iommu(si_domain, iommu);
2542 if (md_domain_init(si_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
2543 domain_exit(si_domain);
2547 pr_debug("Identity mapping domain is domain %d\n",
2553 for_each_online_node(nid) {
2554 unsigned long start_pfn, end_pfn;
2557 for_each_mem_pfn_range(i, nid, &start_pfn, &end_pfn, NULL) {
2558 ret = iommu_domain_identity_map(si_domain,
2559 PFN_PHYS(start_pfn), PFN_PHYS(end_pfn));
2568 static int identity_mapping(struct device *dev)
2570 struct device_domain_info *info;
2572 if (likely(!iommu_identity_mapping))
2575 info = dev->archdata.iommu;
2576 if (info && info != DUMMY_DEVICE_DOMAIN_INFO)
2577 return (info->domain == si_domain);
2582 static int domain_add_dev_info(struct dmar_domain *domain,
2583 struct device *dev, int translation)
2585 struct dmar_domain *ndomain;
2586 struct intel_iommu *iommu;
2590 iommu = device_to_iommu(dev, &bus, &devfn);
2594 ndomain = dmar_insert_dev_info(iommu, bus, devfn, dev, domain);
2595 if (ndomain != domain)
2598 ret = domain_context_mapping(domain, dev, translation);
2600 domain_remove_one_dev_info(domain, dev);
2607 static bool device_has_rmrr(struct device *dev)
2609 struct dmar_rmrr_unit *rmrr;
2614 for_each_rmrr_units(rmrr) {
2616 * Return TRUE if this RMRR contains the device that
2619 for_each_active_dev_scope(rmrr->devices,
2620 rmrr->devices_cnt, i, tmp)
2631 * There are a couple cases where we need to restrict the functionality of
2632 * devices associated with RMRRs. The first is when evaluating a device for
2633 * identity mapping because problems exist when devices are moved in and out
2634 * of domains and their respective RMRR information is lost. This means that
2635 * a device with associated RMRRs will never be in a "passthrough" domain.
2636 * The second is use of the device through the IOMMU API. This interface
2637 * expects to have full control of the IOVA space for the device. We cannot
2638 * satisfy both the requirement that RMRR access is maintained and have an
2639 * unencumbered IOVA space. We also have no ability to quiesce the device's
2640 * use of the RMRR space or even inform the IOMMU API user of the restriction.
2641 * We therefore prevent devices associated with an RMRR from participating in
2642 * the IOMMU API, which eliminates them from device assignment.
2644 * In both cases we assume that PCI USB devices with RMRRs have them largely
2645 * for historical reasons and that the RMRR space is not actively used post
2646 * boot. This exclusion may change if vendors begin to abuse it.
2648 * The same exception is made for graphics devices, with the requirement that
2649 * any use of the RMRR regions will be torn down before assigning the device
2652 static bool device_is_rmrr_locked(struct device *dev)
2654 if (!device_has_rmrr(dev))
2657 if (dev_is_pci(dev)) {
2658 struct pci_dev *pdev = to_pci_dev(dev);
2660 if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
2667 static int iommu_should_identity_map(struct device *dev, int startup)
2670 if (dev_is_pci(dev)) {
2671 struct pci_dev *pdev = to_pci_dev(dev);
2673 if (device_is_rmrr_locked(dev))
2676 if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev))
2679 if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev))
2682 if (!(iommu_identity_mapping & IDENTMAP_ALL))
2686 * We want to start off with all devices in the 1:1 domain, and
2687 * take them out later if we find they can't access all of memory.
2689 * However, we can't do this for PCI devices behind bridges,
2690 * because all PCI devices behind the same bridge will end up
2691 * with the same source-id on their transactions.
2693 * Practically speaking, we can't change things around for these
2694 * devices at run-time, because we can't be sure there'll be no
2695 * DMA transactions in flight for any of their siblings.
2697 * So PCI devices (unless they're on the root bus) as well as
2698 * their parent PCI-PCI or PCIe-PCI bridges must be left _out_ of
2699 * the 1:1 domain, just in _case_ one of their siblings turns out
2700 * not to be able to map all of memory.
2702 if (!pci_is_pcie(pdev)) {
2703 if (!pci_is_root_bus(pdev->bus))
2705 if (pdev->class >> 8 == PCI_CLASS_BRIDGE_PCI)
2707 } else if (pci_pcie_type(pdev) == PCI_EXP_TYPE_PCI_BRIDGE)
2710 if (device_has_rmrr(dev))
2715 * At boot time, we don't yet know if devices will be 64-bit capable.
2716 * Assume that they will — if they turn out not to be, then we can
2717 * take them out of the 1:1 domain later.
2721 * If the device's dma_mask is less than the system's memory
2722 * size then this is not a candidate for identity mapping.
2724 u64 dma_mask = *dev->dma_mask;
2726 if (dev->coherent_dma_mask &&
2727 dev->coherent_dma_mask < dma_mask)
2728 dma_mask = dev->coherent_dma_mask;
2730 return dma_mask >= dma_get_required_mask(dev);
2736 static int __init dev_prepare_static_identity_mapping(struct device *dev, int hw)
2740 if (!iommu_should_identity_map(dev, 1))
2743 ret = domain_add_dev_info(si_domain, dev,
2744 hw ? CONTEXT_TT_PASS_THROUGH :
2745 CONTEXT_TT_MULTI_LEVEL);
2747 pr_info("%s identity mapping for device %s\n",
2748 hw ? "Hardware" : "Software", dev_name(dev));
2749 else if (ret == -ENODEV)
2750 /* device not associated with an iommu */
2757 static int __init iommu_prepare_static_identity_mapping(int hw)
2759 struct pci_dev *pdev = NULL;
2760 struct dmar_drhd_unit *drhd;
2761 struct intel_iommu *iommu;
2766 for_each_pci_dev(pdev) {
2767 ret = dev_prepare_static_identity_mapping(&pdev->dev, hw);
2772 for_each_active_iommu(iommu, drhd)
2773 for_each_active_dev_scope(drhd->devices, drhd->devices_cnt, i, dev) {
2774 struct acpi_device_physical_node *pn;
2775 struct acpi_device *adev;
2777 if (dev->bus != &acpi_bus_type)
2780 adev= to_acpi_device(dev);
2781 mutex_lock(&adev->physical_node_lock);
2782 list_for_each_entry(pn, &adev->physical_node_list, node) {
2783 ret = dev_prepare_static_identity_mapping(pn->dev, hw);
2787 mutex_unlock(&adev->physical_node_lock);
2795 static void intel_iommu_init_qi(struct intel_iommu *iommu)
2798 * Start from the sane iommu hardware state.
2799 * If the queued invalidation is already initialized by us
2800 * (for example, while enabling interrupt-remapping) then
2801 * we got the things already rolling from a sane state.
2805 * Clear any previous faults.
2807 dmar_fault(-1, iommu);
2809 * Disable queued invalidation if supported and already enabled
2810 * before OS handover.
2812 dmar_disable_qi(iommu);
2815 if (dmar_enable_qi(iommu)) {
2817 * Queued Invalidate not enabled, use Register Based Invalidate
2819 iommu->flush.flush_context = __iommu_flush_context;
2820 iommu->flush.flush_iotlb = __iommu_flush_iotlb;
2821 pr_info("%s: Using Register based invalidation\n",
2824 iommu->flush.flush_context = qi_flush_context;
2825 iommu->flush.flush_iotlb = qi_flush_iotlb;
2826 pr_info("%s: Using Queued invalidation\n", iommu->name);
2830 static int copy_context_table(struct intel_iommu *iommu,
2831 struct root_entry *old_re,
2832 struct context_entry **tbl,
2835 struct context_entry *old_ce = NULL, *new_ce = NULL, ce;
2836 int tbl_idx, pos = 0, idx, devfn, ret = 0, did;
2837 phys_addr_t old_ce_phys;
2839 tbl_idx = ext ? bus * 2 : bus;
2841 for (devfn = 0; devfn < 256; devfn++) {
2842 /* First calculate the correct index */
2843 idx = (ext ? devfn * 2 : devfn) % 256;
2846 /* First save what we may have and clean up */
2848 tbl[tbl_idx] = new_ce;
2849 __iommu_flush_cache(iommu, new_ce,
2859 old_ce_phys = root_entry_lctp(old_re);
2861 old_ce_phys = root_entry_uctp(old_re);
2864 if (ext && devfn == 0) {
2865 /* No LCTP, try UCTP */
2874 old_ce = ioremap_cache(old_ce_phys, PAGE_SIZE);
2878 new_ce = alloc_pgtable_page(iommu->node);
2885 /* Now copy the context entry */
2888 if (!__context_present(&ce))
2891 did = context_domain_id(&ce);
2892 if (did >= 0 && did < cap_ndoms(iommu->cap))
2893 set_bit(did, iommu->domain_ids);
2896 * We need a marker for copied context entries. This
2897 * marker needs to work for the old format as well as
2898 * for extended context entries.
2900 * Bit 67 of the context entry is used. In the old
2901 * format this bit is available to software, in the
2902 * extended format it is the PGE bit, but PGE is ignored
2903 * by HW if PASIDs are disabled (and thus still
2906 * So disable PASIDs first and then mark the entry
2907 * copied. This means that we don't copy PASID
2908 * translations from the old kernel, but this is fine as
2909 * faults there are not fatal.
2911 context_clear_pasid_enable(&ce);
2912 context_set_copied(&ce);
2917 tbl[tbl_idx + pos] = new_ce;
2919 __iommu_flush_cache(iommu, new_ce, VTD_PAGE_SIZE);
2928 static int copy_translation_tables(struct intel_iommu *iommu)
2930 struct context_entry **ctxt_tbls;
2931 struct root_entry *old_rt;
2932 phys_addr_t old_rt_phys;
2933 int ctxt_table_entries;
2934 unsigned long flags;
2939 rtaddr_reg = dmar_readq(iommu->reg + DMAR_RTADDR_REG);
2940 ext = !!(rtaddr_reg & DMA_RTADDR_RTT);
2941 new_ext = !!ecap_ecs(iommu->ecap);
2944 * The RTT bit can only be changed when translation is disabled,
2945 * but disabling translation means to open a window for data
2946 * corruption. So bail out and don't copy anything if we would
2947 * have to change the bit.
2952 old_rt_phys = rtaddr_reg & VTD_PAGE_MASK;
2956 old_rt = ioremap_cache(old_rt_phys, PAGE_SIZE);
2960 /* This is too big for the stack - allocate it from slab */
2961 ctxt_table_entries = ext ? 512 : 256;
2963 ctxt_tbls = kzalloc(ctxt_table_entries * sizeof(void *), GFP_KERNEL);
2967 for (bus = 0; bus < 256; bus++) {
2968 ret = copy_context_table(iommu, &old_rt[bus],
2969 ctxt_tbls, bus, ext);
2971 pr_err("%s: Failed to copy context table for bus %d\n",
2977 spin_lock_irqsave(&iommu->lock, flags);
2979 /* Context tables are copied, now write them to the root_entry table */
2980 for (bus = 0; bus < 256; bus++) {
2981 int idx = ext ? bus * 2 : bus;
2984 if (ctxt_tbls[idx]) {
2985 val = virt_to_phys(ctxt_tbls[idx]) | 1;
2986 iommu->root_entry[bus].lo = val;
2989 if (!ext || !ctxt_tbls[idx + 1])
2992 val = virt_to_phys(ctxt_tbls[idx + 1]) | 1;
2993 iommu->root_entry[bus].hi = val;
2996 spin_unlock_irqrestore(&iommu->lock, flags);
3000 __iommu_flush_cache(iommu, iommu->root_entry, PAGE_SIZE);
3010 static int __init init_dmars(void)
3012 struct dmar_drhd_unit *drhd;
3013 struct dmar_rmrr_unit *rmrr;
3014 bool copied_tables = false;
3016 struct intel_iommu *iommu;
3022 * initialize and program root entry to not present
3025 for_each_drhd_unit(drhd) {
3027 * lock not needed as this is only incremented in the single
3028 * threaded kernel __init code path all other access are read
3031 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED) {
3035 pr_err_once("Exceeded %d IOMMUs\n", DMAR_UNITS_SUPPORTED);
3038 /* Preallocate enough resources for IOMMU hot-addition */
3039 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED)
3040 g_num_of_iommus = DMAR_UNITS_SUPPORTED;
3042 g_iommus = kcalloc(g_num_of_iommus, sizeof(struct intel_iommu *),
3045 pr_err("Allocating global iommu array failed\n");
3050 deferred_flush = kzalloc(g_num_of_iommus *
3051 sizeof(struct deferred_flush_tables), GFP_KERNEL);
3052 if (!deferred_flush) {
3057 for_each_active_iommu(iommu, drhd) {
3058 g_iommus[iommu->seq_id] = iommu;
3060 intel_iommu_init_qi(iommu);
3062 ret = iommu_init_domains(iommu);
3066 init_translation_status(iommu);
3068 if (translation_pre_enabled(iommu) && !is_kdump_kernel()) {
3069 iommu_disable_translation(iommu);
3070 clear_translation_pre_enabled(iommu);
3071 pr_warn("Translation was enabled for %s but we are not in kdump mode\n",
3077 * we could share the same root & context tables
3078 * among all IOMMU's. Need to Split it later.
3080 ret = iommu_alloc_root_entry(iommu);
3084 if (translation_pre_enabled(iommu)) {
3085 pr_info("Translation already enabled - trying to copy translation structures\n");
3087 ret = copy_translation_tables(iommu);
3090 * We found the IOMMU with translation
3091 * enabled - but failed to copy over the
3092 * old root-entry table. Try to proceed
3093 * by disabling translation now and
3094 * allocating a clean root-entry table.
3095 * This might cause DMAR faults, but
3096 * probably the dump will still succeed.
3098 pr_err("Failed to copy translation tables from previous kernel for %s\n",
3100 iommu_disable_translation(iommu);
3101 clear_translation_pre_enabled(iommu);
3103 pr_info("Copied translation tables from previous kernel for %s\n",
3105 copied_tables = true;
3109 iommu_flush_write_buffer(iommu);
3110 iommu_set_root_entry(iommu);
3111 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
3112 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3114 if (!ecap_pass_through(iommu->ecap))
3115 hw_pass_through = 0;
3118 if (iommu_pass_through)
3119 iommu_identity_mapping |= IDENTMAP_ALL;
3121 #ifdef CONFIG_INTEL_IOMMU_BROKEN_GFX_WA
3122 iommu_identity_mapping |= IDENTMAP_GFX;
3125 if (iommu_identity_mapping) {
3126 ret = si_domain_init(hw_pass_through);
3131 check_tylersburg_isoch();
3134 * If we copied translations from a previous kernel in the kdump
3135 * case, we can not assign the devices to domains now, as that
3136 * would eliminate the old mappings. So skip this part and defer
3137 * the assignment to device driver initialization time.
3143 * If pass through is not set or not enabled, setup context entries for
3144 * identity mappings for rmrr, gfx, and isa and may fall back to static
3145 * identity mapping if iommu_identity_mapping is set.
3147 if (iommu_identity_mapping) {
3148 ret = iommu_prepare_static_identity_mapping(hw_pass_through);
3150 pr_crit("Failed to setup IOMMU pass-through\n");
3156 * for each dev attached to rmrr
3158 * locate drhd for dev, alloc domain for dev
3159 * allocate free domain
3160 * allocate page table entries for rmrr
3161 * if context not allocated for bus
3162 * allocate and init context
3163 * set present in root table for this bus
3164 * init context with domain, translation etc
3168 pr_info("Setting RMRR:\n");
3169 for_each_rmrr_units(rmrr) {
3170 /* some BIOS lists non-exist devices in DMAR table. */
3171 for_each_active_dev_scope(rmrr->devices, rmrr->devices_cnt,
3173 ret = iommu_prepare_rmrr_dev(rmrr, dev);
3175 pr_err("Mapping reserved region failed\n");
3179 iommu_prepare_isa();
3186 * global invalidate context cache
3187 * global invalidate iotlb
3188 * enable translation
3190 for_each_iommu(iommu, drhd) {
3191 if (drhd->ignored) {
3193 * we always have to disable PMRs or DMA may fail on
3197 iommu_disable_protect_mem_regions(iommu);
3201 iommu_flush_write_buffer(iommu);
3203 ret = dmar_set_interrupt(iommu);
3207 if (!translation_pre_enabled(iommu))
3208 iommu_enable_translation(iommu);
3210 iommu_disable_protect_mem_regions(iommu);
3216 for_each_active_iommu(iommu, drhd) {
3217 disable_dmar_iommu(iommu);
3218 free_dmar_iommu(iommu);
3220 kfree(deferred_flush);
3227 /* This takes a number of _MM_ pages, not VTD pages */
3228 static struct iova *intel_alloc_iova(struct device *dev,
3229 struct dmar_domain *domain,
3230 unsigned long nrpages, uint64_t dma_mask)
3232 struct iova *iova = NULL;
3234 /* Restrict dma_mask to the width that the iommu can handle */
3235 dma_mask = min_t(uint64_t, DOMAIN_MAX_ADDR(domain->gaw), dma_mask);
3237 if (!dmar_forcedac && dma_mask > DMA_BIT_MASK(32)) {
3239 * First try to allocate an io virtual address in
3240 * DMA_BIT_MASK(32) and if that fails then try allocating
3243 iova = alloc_iova(&domain->iovad, nrpages,
3244 IOVA_PFN(DMA_BIT_MASK(32)), 1);
3248 iova = alloc_iova(&domain->iovad, nrpages, IOVA_PFN(dma_mask), 1);
3249 if (unlikely(!iova)) {
3250 pr_err("Allocating %ld-page iova for %s failed",
3251 nrpages, dev_name(dev));
3258 static struct dmar_domain *__get_valid_domain_for_dev(struct device *dev)
3260 struct dmar_domain *domain;
3263 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
3265 pr_err("Allocating domain for %s failed\n",
3270 /* make sure context mapping is ok */
3271 if (unlikely(!domain_context_mapped(dev))) {
3272 ret = domain_context_mapping(domain, dev, CONTEXT_TT_MULTI_LEVEL);
3274 pr_err("Domain context map for %s failed\n",
3283 static inline struct dmar_domain *get_valid_domain_for_dev(struct device *dev)
3285 struct device_domain_info *info;
3287 /* No lock here, assumes no domain exit in normal case */
3288 info = dev->archdata.iommu;
3290 return info->domain;
3292 return __get_valid_domain_for_dev(dev);
3295 /* Check if the dev needs to go through non-identity map and unmap process.*/
3296 static int iommu_no_mapping(struct device *dev)
3300 if (iommu_dummy(dev))
3303 if (!iommu_identity_mapping)
3306 found = identity_mapping(dev);
3308 if (iommu_should_identity_map(dev, 0))
3312 * 32 bit DMA is removed from si_domain and fall back
3313 * to non-identity mapping.
3315 domain_remove_one_dev_info(si_domain, dev);
3316 pr_info("32bit %s uses non-identity mapping\n",
3322 * In case of a detached 64 bit DMA device from vm, the device
3323 * is put into si_domain for identity mapping.
3325 if (iommu_should_identity_map(dev, 0)) {
3327 ret = domain_add_dev_info(si_domain, dev,
3329 CONTEXT_TT_PASS_THROUGH :
3330 CONTEXT_TT_MULTI_LEVEL);
3332 pr_info("64bit %s uses identity mapping\n",
3342 static dma_addr_t __intel_map_single(struct device *dev, phys_addr_t paddr,
3343 size_t size, int dir, u64 dma_mask)
3345 struct dmar_domain *domain;
3346 phys_addr_t start_paddr;
3350 struct intel_iommu *iommu;
3351 unsigned long paddr_pfn = paddr >> PAGE_SHIFT;
3353 BUG_ON(dir == DMA_NONE);
3355 if (iommu_no_mapping(dev))
3358 domain = get_valid_domain_for_dev(dev);
3362 iommu = domain_get_iommu(domain);
3363 size = aligned_nrpages(paddr, size);
3365 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size), dma_mask);
3370 * Check if DMAR supports zero-length reads on write only
3373 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3374 !cap_zlr(iommu->cap))
3375 prot |= DMA_PTE_READ;
3376 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3377 prot |= DMA_PTE_WRITE;
3379 * paddr - (paddr + size) might be partial page, we should map the whole
3380 * page. Note: if two part of one page are separately mapped, we
3381 * might have two guest_addr mapping to the same host paddr, but this
3382 * is not a big problem
3384 ret = domain_pfn_mapping(domain, mm_to_dma_pfn(iova->pfn_lo),
3385 mm_to_dma_pfn(paddr_pfn), size, prot);
3389 /* it's a non-present to present mapping. Only flush if caching mode */
3390 if (cap_caching_mode(iommu->cap))
3391 iommu_flush_iotlb_psi(iommu, domain->id, mm_to_dma_pfn(iova->pfn_lo), size, 0, 1);
3393 iommu_flush_write_buffer(iommu);
3395 start_paddr = (phys_addr_t)iova->pfn_lo << PAGE_SHIFT;
3396 start_paddr += paddr & ~PAGE_MASK;
3401 __free_iova(&domain->iovad, iova);
3402 pr_err("Device %s request: %zx@%llx dir %d --- failed\n",
3403 dev_name(dev), size, (unsigned long long)paddr, dir);
3407 static dma_addr_t intel_map_page(struct device *dev, struct page *page,
3408 unsigned long offset, size_t size,
3409 enum dma_data_direction dir,
3410 struct dma_attrs *attrs)
3412 return __intel_map_single(dev, page_to_phys(page) + offset, size,
3413 dir, *dev->dma_mask);
3416 static void flush_unmaps(void)
3422 /* just flush them all */
3423 for (i = 0; i < g_num_of_iommus; i++) {
3424 struct intel_iommu *iommu = g_iommus[i];
3428 if (!deferred_flush[i].next)
3431 /* In caching mode, global flushes turn emulation expensive */
3432 if (!cap_caching_mode(iommu->cap))
3433 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3434 DMA_TLB_GLOBAL_FLUSH);
3435 for (j = 0; j < deferred_flush[i].next; j++) {
3437 struct iova *iova = deferred_flush[i].iova[j];
3438 struct dmar_domain *domain = deferred_flush[i].domain[j];
3440 /* On real hardware multiple invalidations are expensive */
3441 if (cap_caching_mode(iommu->cap))
3442 iommu_flush_iotlb_psi(iommu, domain->id,
3443 iova->pfn_lo, iova_size(iova),
3444 !deferred_flush[i].freelist[j], 0);
3446 mask = ilog2(mm_to_dma_pfn(iova_size(iova)));
3447 iommu_flush_dev_iotlb(deferred_flush[i].domain[j],
3448 (uint64_t)iova->pfn_lo << PAGE_SHIFT, mask);
3450 __free_iova(&deferred_flush[i].domain[j]->iovad, iova);
3451 if (deferred_flush[i].freelist[j])
3452 dma_free_pagelist(deferred_flush[i].freelist[j]);
3454 deferred_flush[i].next = 0;
3460 static void flush_unmaps_timeout(unsigned long data)
3462 unsigned long flags;
3464 spin_lock_irqsave(&async_umap_flush_lock, flags);
3466 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3469 static void add_unmap(struct dmar_domain *dom, struct iova *iova, struct page *freelist)
3471 unsigned long flags;
3473 struct intel_iommu *iommu;
3475 spin_lock_irqsave(&async_umap_flush_lock, flags);
3476 if (list_size == HIGH_WATER_MARK)
3479 iommu = domain_get_iommu(dom);
3480 iommu_id = iommu->seq_id;
3482 next = deferred_flush[iommu_id].next;
3483 deferred_flush[iommu_id].domain[next] = dom;
3484 deferred_flush[iommu_id].iova[next] = iova;
3485 deferred_flush[iommu_id].freelist[next] = freelist;
3486 deferred_flush[iommu_id].next++;
3489 mod_timer(&unmap_timer, jiffies + msecs_to_jiffies(10));
3493 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3496 static void intel_unmap(struct device *dev, dma_addr_t dev_addr)
3498 struct dmar_domain *domain;
3499 unsigned long start_pfn, last_pfn;
3501 struct intel_iommu *iommu;
3502 struct page *freelist;
3504 if (iommu_no_mapping(dev))
3507 domain = find_domain(dev);
3510 iommu = domain_get_iommu(domain);
3512 iova = find_iova(&domain->iovad, IOVA_PFN(dev_addr));
3513 if (WARN_ONCE(!iova, "Driver unmaps unmatched page at PFN %llx\n",
3514 (unsigned long long)dev_addr))
3517 start_pfn = mm_to_dma_pfn(iova->pfn_lo);
3518 last_pfn = mm_to_dma_pfn(iova->pfn_hi + 1) - 1;
3520 pr_debug("Device %s unmapping: pfn %lx-%lx\n",
3521 dev_name(dev), start_pfn, last_pfn);
3523 freelist = domain_unmap(domain, start_pfn, last_pfn);
3525 if (intel_iommu_strict) {
3526 iommu_flush_iotlb_psi(iommu, domain->id, start_pfn,
3527 last_pfn - start_pfn + 1, !freelist, 0);
3529 __free_iova(&domain->iovad, iova);
3530 dma_free_pagelist(freelist);
3532 add_unmap(domain, iova, freelist);
3534 * queue up the release of the unmap to save the 1/6th of the
3535 * cpu used up by the iotlb flush operation...
3540 static void intel_unmap_page(struct device *dev, dma_addr_t dev_addr,
3541 size_t size, enum dma_data_direction dir,
3542 struct dma_attrs *attrs)
3544 intel_unmap(dev, dev_addr);
3547 static void *intel_alloc_coherent(struct device *dev, size_t size,
3548 dma_addr_t *dma_handle, gfp_t flags,
3549 struct dma_attrs *attrs)
3551 struct page *page = NULL;
3554 size = PAGE_ALIGN(size);
3555 order = get_order(size);
3557 if (!iommu_no_mapping(dev))
3558 flags &= ~(GFP_DMA | GFP_DMA32);
3559 else if (dev->coherent_dma_mask < dma_get_required_mask(dev)) {
3560 if (dev->coherent_dma_mask < DMA_BIT_MASK(32))
3566 if (flags & __GFP_WAIT) {
3567 unsigned int count = size >> PAGE_SHIFT;
3569 page = dma_alloc_from_contiguous(dev, count, order);
3570 if (page && iommu_no_mapping(dev) &&
3571 page_to_phys(page) + size > dev->coherent_dma_mask) {
3572 dma_release_from_contiguous(dev, page, count);
3578 page = alloc_pages(flags, order);
3581 memset(page_address(page), 0, size);
3583 *dma_handle = __intel_map_single(dev, page_to_phys(page), size,
3585 dev->coherent_dma_mask);
3587 return page_address(page);
3588 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3589 __free_pages(page, order);
3594 static void intel_free_coherent(struct device *dev, size_t size, void *vaddr,
3595 dma_addr_t dma_handle, struct dma_attrs *attrs)
3598 struct page *page = virt_to_page(vaddr);
3600 size = PAGE_ALIGN(size);
3601 order = get_order(size);
3603 intel_unmap(dev, dma_handle);
3604 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3605 __free_pages(page, order);
3608 static void intel_unmap_sg(struct device *dev, struct scatterlist *sglist,
3609 int nelems, enum dma_data_direction dir,
3610 struct dma_attrs *attrs)
3612 intel_unmap(dev, sglist[0].dma_address);
3615 static int intel_nontranslate_map_sg(struct device *hddev,
3616 struct scatterlist *sglist, int nelems, int dir)
3619 struct scatterlist *sg;
3621 for_each_sg(sglist, sg, nelems, i) {
3622 BUG_ON(!sg_page(sg));
3623 sg->dma_address = page_to_phys(sg_page(sg)) + sg->offset;
3624 sg->dma_length = sg->length;
3629 static int intel_map_sg(struct device *dev, struct scatterlist *sglist, int nelems,
3630 enum dma_data_direction dir, struct dma_attrs *attrs)
3633 struct dmar_domain *domain;
3636 struct iova *iova = NULL;
3638 struct scatterlist *sg;
3639 unsigned long start_vpfn;
3640 struct intel_iommu *iommu;
3642 BUG_ON(dir == DMA_NONE);
3643 if (iommu_no_mapping(dev))
3644 return intel_nontranslate_map_sg(dev, sglist, nelems, dir);
3646 domain = get_valid_domain_for_dev(dev);
3650 iommu = domain_get_iommu(domain);
3652 for_each_sg(sglist, sg, nelems, i)
3653 size += aligned_nrpages(sg->offset, sg->length);
3655 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size),
3658 sglist->dma_length = 0;
3663 * Check if DMAR supports zero-length reads on write only
3666 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3667 !cap_zlr(iommu->cap))
3668 prot |= DMA_PTE_READ;
3669 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3670 prot |= DMA_PTE_WRITE;
3672 start_vpfn = mm_to_dma_pfn(iova->pfn_lo);
3674 ret = domain_sg_mapping(domain, start_vpfn, sglist, size, prot);
3675 if (unlikely(ret)) {
3676 dma_pte_free_pagetable(domain, start_vpfn,
3677 start_vpfn + size - 1);
3678 __free_iova(&domain->iovad, iova);
3682 /* it's a non-present to present mapping. Only flush if caching mode */
3683 if (cap_caching_mode(iommu->cap))
3684 iommu_flush_iotlb_psi(iommu, domain->id, start_vpfn, size, 0, 1);
3686 iommu_flush_write_buffer(iommu);
3691 static int intel_mapping_error(struct device *dev, dma_addr_t dma_addr)
3696 struct dma_map_ops intel_dma_ops = {
3697 .alloc = intel_alloc_coherent,
3698 .free = intel_free_coherent,
3699 .map_sg = intel_map_sg,
3700 .unmap_sg = intel_unmap_sg,
3701 .map_page = intel_map_page,
3702 .unmap_page = intel_unmap_page,
3703 .mapping_error = intel_mapping_error,
3706 static inline int iommu_domain_cache_init(void)
3710 iommu_domain_cache = kmem_cache_create("iommu_domain",
3711 sizeof(struct dmar_domain),
3716 if (!iommu_domain_cache) {
3717 pr_err("Couldn't create iommu_domain cache\n");
3724 static inline int iommu_devinfo_cache_init(void)
3728 iommu_devinfo_cache = kmem_cache_create("iommu_devinfo",
3729 sizeof(struct device_domain_info),
3733 if (!iommu_devinfo_cache) {
3734 pr_err("Couldn't create devinfo cache\n");
3741 static int __init iommu_init_mempool(void)
3744 ret = iommu_iova_cache_init();
3748 ret = iommu_domain_cache_init();
3752 ret = iommu_devinfo_cache_init();
3756 kmem_cache_destroy(iommu_domain_cache);
3758 iommu_iova_cache_destroy();
3763 static void __init iommu_exit_mempool(void)
3765 kmem_cache_destroy(iommu_devinfo_cache);
3766 kmem_cache_destroy(iommu_domain_cache);
3767 iommu_iova_cache_destroy();
3770 static void quirk_ioat_snb_local_iommu(struct pci_dev *pdev)
3772 struct dmar_drhd_unit *drhd;
3776 /* We know that this device on this chipset has its own IOMMU.
3777 * If we find it under a different IOMMU, then the BIOS is lying
3778 * to us. Hope that the IOMMU for this device is actually
3779 * disabled, and it needs no translation...
3781 rc = pci_bus_read_config_dword(pdev->bus, PCI_DEVFN(0, 0), 0xb0, &vtbar);
3783 /* "can't" happen */
3784 dev_info(&pdev->dev, "failed to run vt-d quirk\n");
3787 vtbar &= 0xffff0000;
3789 /* we know that the this iommu should be at offset 0xa000 from vtbar */
3790 drhd = dmar_find_matched_drhd_unit(pdev);
3791 if (WARN_TAINT_ONCE(!drhd || drhd->reg_base_addr - vtbar != 0xa000,
3792 TAINT_FIRMWARE_WORKAROUND,
3793 "BIOS assigned incorrect VT-d unit for Intel(R) QuickData Technology device\n"))
3794 pdev->dev.archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3796 DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_IOAT_SNB, quirk_ioat_snb_local_iommu);
3798 static void __init init_no_remapping_devices(void)
3800 struct dmar_drhd_unit *drhd;
3804 for_each_drhd_unit(drhd) {
3805 if (!drhd->include_all) {
3806 for_each_active_dev_scope(drhd->devices,
3807 drhd->devices_cnt, i, dev)
3809 /* ignore DMAR unit if no devices exist */
3810 if (i == drhd->devices_cnt)
3815 for_each_active_drhd_unit(drhd) {
3816 if (drhd->include_all)
3819 for_each_active_dev_scope(drhd->devices,
3820 drhd->devices_cnt, i, dev)
3821 if (!dev_is_pci(dev) || !IS_GFX_DEVICE(to_pci_dev(dev)))
3823 if (i < drhd->devices_cnt)
3826 /* This IOMMU has *only* gfx devices. Either bypass it or
3827 set the gfx_mapped flag, as appropriate */
3829 intel_iommu_gfx_mapped = 1;
3832 for_each_active_dev_scope(drhd->devices,
3833 drhd->devices_cnt, i, dev)
3834 dev->archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3839 #ifdef CONFIG_SUSPEND
3840 static int init_iommu_hw(void)
3842 struct dmar_drhd_unit *drhd;
3843 struct intel_iommu *iommu = NULL;
3845 for_each_active_iommu(iommu, drhd)
3847 dmar_reenable_qi(iommu);
3849 for_each_iommu(iommu, drhd) {
3850 if (drhd->ignored) {
3852 * we always have to disable PMRs or DMA may fail on
3856 iommu_disable_protect_mem_regions(iommu);
3860 iommu_flush_write_buffer(iommu);
3862 iommu_set_root_entry(iommu);
3864 iommu->flush.flush_context(iommu, 0, 0, 0,
3865 DMA_CCMD_GLOBAL_INVL);
3866 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3867 iommu_enable_translation(iommu);
3868 iommu_disable_protect_mem_regions(iommu);
3874 static void iommu_flush_all(void)
3876 struct dmar_drhd_unit *drhd;
3877 struct intel_iommu *iommu;
3879 for_each_active_iommu(iommu, drhd) {
3880 iommu->flush.flush_context(iommu, 0, 0, 0,
3881 DMA_CCMD_GLOBAL_INVL);
3882 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3883 DMA_TLB_GLOBAL_FLUSH);
3887 static int iommu_suspend(void)
3889 struct dmar_drhd_unit *drhd;
3890 struct intel_iommu *iommu = NULL;
3893 for_each_active_iommu(iommu, drhd) {
3894 iommu->iommu_state = kzalloc(sizeof(u32) * MAX_SR_DMAR_REGS,
3896 if (!iommu->iommu_state)
3902 for_each_active_iommu(iommu, drhd) {
3903 iommu_disable_translation(iommu);
3905 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3907 iommu->iommu_state[SR_DMAR_FECTL_REG] =
3908 readl(iommu->reg + DMAR_FECTL_REG);
3909 iommu->iommu_state[SR_DMAR_FEDATA_REG] =
3910 readl(iommu->reg + DMAR_FEDATA_REG);
3911 iommu->iommu_state[SR_DMAR_FEADDR_REG] =
3912 readl(iommu->reg + DMAR_FEADDR_REG);
3913 iommu->iommu_state[SR_DMAR_FEUADDR_REG] =
3914 readl(iommu->reg + DMAR_FEUADDR_REG);
3916 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3921 for_each_active_iommu(iommu, drhd)
3922 kfree(iommu->iommu_state);
3927 static void iommu_resume(void)
3929 struct dmar_drhd_unit *drhd;
3930 struct intel_iommu *iommu = NULL;
3933 if (init_iommu_hw()) {
3935 panic("tboot: IOMMU setup failed, DMAR can not resume!\n");
3937 WARN(1, "IOMMU setup failed, DMAR can not resume!\n");
3941 for_each_active_iommu(iommu, drhd) {
3943 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3945 writel(iommu->iommu_state[SR_DMAR_FECTL_REG],
3946 iommu->reg + DMAR_FECTL_REG);
3947 writel(iommu->iommu_state[SR_DMAR_FEDATA_REG],
3948 iommu->reg + DMAR_FEDATA_REG);
3949 writel(iommu->iommu_state[SR_DMAR_FEADDR_REG],
3950 iommu->reg + DMAR_FEADDR_REG);
3951 writel(iommu->iommu_state[SR_DMAR_FEUADDR_REG],
3952 iommu->reg + DMAR_FEUADDR_REG);
3954 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3957 for_each_active_iommu(iommu, drhd)
3958 kfree(iommu->iommu_state);
3961 static struct syscore_ops iommu_syscore_ops = {
3962 .resume = iommu_resume,
3963 .suspend = iommu_suspend,
3966 static void __init init_iommu_pm_ops(void)
3968 register_syscore_ops(&iommu_syscore_ops);
3972 static inline void init_iommu_pm_ops(void) {}
3973 #endif /* CONFIG_PM */
3976 int __init dmar_parse_one_rmrr(struct acpi_dmar_header *header, void *arg)
3978 struct acpi_dmar_reserved_memory *rmrr;
3979 struct dmar_rmrr_unit *rmrru;
3981 rmrru = kzalloc(sizeof(*rmrru), GFP_KERNEL);
3985 rmrru->hdr = header;
3986 rmrr = (struct acpi_dmar_reserved_memory *)header;
3987 rmrru->base_address = rmrr->base_address;
3988 rmrru->end_address = rmrr->end_address;
3989 rmrru->devices = dmar_alloc_dev_scope((void *)(rmrr + 1),
3990 ((void *)rmrr) + rmrr->header.length,
3991 &rmrru->devices_cnt);
3992 if (rmrru->devices_cnt && rmrru->devices == NULL) {
3997 list_add(&rmrru->list, &dmar_rmrr_units);
4002 static struct dmar_atsr_unit *dmar_find_atsr(struct acpi_dmar_atsr *atsr)
4004 struct dmar_atsr_unit *atsru;
4005 struct acpi_dmar_atsr *tmp;
4007 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
4008 tmp = (struct acpi_dmar_atsr *)atsru->hdr;
4009 if (atsr->segment != tmp->segment)
4011 if (atsr->header.length != tmp->header.length)
4013 if (memcmp(atsr, tmp, atsr->header.length) == 0)
4020 int dmar_parse_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4022 struct acpi_dmar_atsr *atsr;
4023 struct dmar_atsr_unit *atsru;
4025 if (system_state != SYSTEM_BOOTING && !intel_iommu_enabled)
4028 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4029 atsru = dmar_find_atsr(atsr);
4033 atsru = kzalloc(sizeof(*atsru) + hdr->length, GFP_KERNEL);
4038 * If memory is allocated from slab by ACPI _DSM method, we need to
4039 * copy the memory content because the memory buffer will be freed
4042 atsru->hdr = (void *)(atsru + 1);
4043 memcpy(atsru->hdr, hdr, hdr->length);
4044 atsru->include_all = atsr->flags & 0x1;
4045 if (!atsru->include_all) {
4046 atsru->devices = dmar_alloc_dev_scope((void *)(atsr + 1),
4047 (void *)atsr + atsr->header.length,
4048 &atsru->devices_cnt);
4049 if (atsru->devices_cnt && atsru->devices == NULL) {
4055 list_add_rcu(&atsru->list, &dmar_atsr_units);
4060 static void intel_iommu_free_atsr(struct dmar_atsr_unit *atsru)
4062 dmar_free_dev_scope(&atsru->devices, &atsru->devices_cnt);
4066 int dmar_release_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4068 struct acpi_dmar_atsr *atsr;
4069 struct dmar_atsr_unit *atsru;
4071 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4072 atsru = dmar_find_atsr(atsr);
4074 list_del_rcu(&atsru->list);
4076 intel_iommu_free_atsr(atsru);
4082 int dmar_check_one_atsr(struct acpi_dmar_header *hdr, void *arg)
4086 struct acpi_dmar_atsr *atsr;
4087 struct dmar_atsr_unit *atsru;
4089 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
4090 atsru = dmar_find_atsr(atsr);
4094 if (!atsru->include_all && atsru->devices && atsru->devices_cnt)
4095 for_each_active_dev_scope(atsru->devices, atsru->devices_cnt,
4102 static int intel_iommu_add(struct dmar_drhd_unit *dmaru)
4105 struct intel_iommu *iommu = dmaru->iommu;
4107 if (g_iommus[iommu->seq_id])
4110 if (hw_pass_through && !ecap_pass_through(iommu->ecap)) {
4111 pr_warn("%s: Doesn't support hardware pass through.\n",
4115 if (!ecap_sc_support(iommu->ecap) &&
4116 domain_update_iommu_snooping(iommu)) {
4117 pr_warn("%s: Doesn't support snooping.\n",
4121 sp = domain_update_iommu_superpage(iommu) - 1;
4122 if (sp >= 0 && !(cap_super_page_val(iommu->cap) & (1 << sp))) {
4123 pr_warn("%s: Doesn't support large page.\n",
4129 * Disable translation if already enabled prior to OS handover.
4131 if (iommu->gcmd & DMA_GCMD_TE)
4132 iommu_disable_translation(iommu);
4134 g_iommus[iommu->seq_id] = iommu;
4135 ret = iommu_init_domains(iommu);
4137 ret = iommu_alloc_root_entry(iommu);
4141 if (dmaru->ignored) {
4143 * we always have to disable PMRs or DMA may fail on this device
4146 iommu_disable_protect_mem_regions(iommu);
4150 intel_iommu_init_qi(iommu);
4151 iommu_flush_write_buffer(iommu);
4152 ret = dmar_set_interrupt(iommu);
4156 iommu_set_root_entry(iommu);
4157 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
4158 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
4159 iommu_enable_translation(iommu);
4162 ret = iommu_attach_domain(si_domain, iommu);
4163 if (ret < 0 || si_domain->id != ret)
4165 domain_attach_iommu(si_domain, iommu);
4168 iommu_disable_protect_mem_regions(iommu);
4172 disable_dmar_iommu(iommu);
4174 free_dmar_iommu(iommu);
4178 int dmar_iommu_hotplug(struct dmar_drhd_unit *dmaru, bool insert)
4181 struct intel_iommu *iommu = dmaru->iommu;
4183 if (!intel_iommu_enabled)
4189 ret = intel_iommu_add(dmaru);
4191 disable_dmar_iommu(iommu);
4192 free_dmar_iommu(iommu);
4198 static void intel_iommu_free_dmars(void)
4200 struct dmar_rmrr_unit *rmrru, *rmrr_n;
4201 struct dmar_atsr_unit *atsru, *atsr_n;
4203 list_for_each_entry_safe(rmrru, rmrr_n, &dmar_rmrr_units, list) {
4204 list_del(&rmrru->list);
4205 dmar_free_dev_scope(&rmrru->devices, &rmrru->devices_cnt);
4209 list_for_each_entry_safe(atsru, atsr_n, &dmar_atsr_units, list) {
4210 list_del(&atsru->list);
4211 intel_iommu_free_atsr(atsru);
4215 int dmar_find_matched_atsr_unit(struct pci_dev *dev)
4218 struct pci_bus *bus;
4219 struct pci_dev *bridge = NULL;
4221 struct acpi_dmar_atsr *atsr;
4222 struct dmar_atsr_unit *atsru;
4224 dev = pci_physfn(dev);
4225 for (bus = dev->bus; bus; bus = bus->parent) {
4227 if (!bridge || !pci_is_pcie(bridge) ||
4228 pci_pcie_type(bridge) == PCI_EXP_TYPE_PCI_BRIDGE)
4230 if (pci_pcie_type(bridge) == PCI_EXP_TYPE_ROOT_PORT)
4237 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
4238 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
4239 if (atsr->segment != pci_domain_nr(dev->bus))
4242 for_each_dev_scope(atsru->devices, atsru->devices_cnt, i, tmp)
4243 if (tmp == &bridge->dev)
4246 if (atsru->include_all)
4256 int dmar_iommu_notify_scope_dev(struct dmar_pci_notify_info *info)
4259 struct dmar_rmrr_unit *rmrru;
4260 struct dmar_atsr_unit *atsru;
4261 struct acpi_dmar_atsr *atsr;
4262 struct acpi_dmar_reserved_memory *rmrr;
4264 if (!intel_iommu_enabled && system_state != SYSTEM_BOOTING)
4267 list_for_each_entry(rmrru, &dmar_rmrr_units, list) {
4268 rmrr = container_of(rmrru->hdr,
4269 struct acpi_dmar_reserved_memory, header);
4270 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
4271 ret = dmar_insert_dev_scope(info, (void *)(rmrr + 1),
4272 ((void *)rmrr) + rmrr->header.length,
4273 rmrr->segment, rmrru->devices,
4274 rmrru->devices_cnt);
4277 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
4278 dmar_remove_dev_scope(info, rmrr->segment,
4279 rmrru->devices, rmrru->devices_cnt);
4283 list_for_each_entry(atsru, &dmar_atsr_units, list) {
4284 if (atsru->include_all)
4287 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
4288 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
4289 ret = dmar_insert_dev_scope(info, (void *)(atsr + 1),
4290 (void *)atsr + atsr->header.length,
4291 atsr->segment, atsru->devices,
4292 atsru->devices_cnt);
4297 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
4298 if (dmar_remove_dev_scope(info, atsr->segment,
4299 atsru->devices, atsru->devices_cnt))
4308 * Here we only respond to action of unbound device from driver.
4310 * Added device is not attached to its DMAR domain here yet. That will happen
4311 * when mapping the device to iova.
4313 static int device_notifier(struct notifier_block *nb,
4314 unsigned long action, void *data)
4316 struct device *dev = data;
4317 struct dmar_domain *domain;
4319 if (iommu_dummy(dev))
4322 if (action != BUS_NOTIFY_REMOVED_DEVICE)
4325 domain = find_domain(dev);
4329 down_read(&dmar_global_lock);
4330 domain_remove_one_dev_info(domain, dev);
4331 if (!domain_type_is_vm_or_si(domain) && list_empty(&domain->devices))
4332 domain_exit(domain);
4333 up_read(&dmar_global_lock);
4338 static struct notifier_block device_nb = {
4339 .notifier_call = device_notifier,
4342 static int intel_iommu_memory_notifier(struct notifier_block *nb,
4343 unsigned long val, void *v)
4345 struct memory_notify *mhp = v;
4346 unsigned long long start, end;
4347 unsigned long start_vpfn, last_vpfn;
4350 case MEM_GOING_ONLINE:
4351 start = mhp->start_pfn << PAGE_SHIFT;
4352 end = ((mhp->start_pfn + mhp->nr_pages) << PAGE_SHIFT) - 1;
4353 if (iommu_domain_identity_map(si_domain, start, end)) {
4354 pr_warn("Failed to build identity map for [%llx-%llx]\n",
4361 case MEM_CANCEL_ONLINE:
4362 start_vpfn = mm_to_dma_pfn(mhp->start_pfn);
4363 last_vpfn = mm_to_dma_pfn(mhp->start_pfn + mhp->nr_pages - 1);
4364 while (start_vpfn <= last_vpfn) {
4366 struct dmar_drhd_unit *drhd;
4367 struct intel_iommu *iommu;
4368 struct page *freelist;
4370 iova = find_iova(&si_domain->iovad, start_vpfn);
4372 pr_debug("Failed get IOVA for PFN %lx\n",
4377 iova = split_and_remove_iova(&si_domain->iovad, iova,
4378 start_vpfn, last_vpfn);
4380 pr_warn("Failed to split IOVA PFN [%lx-%lx]\n",
4381 start_vpfn, last_vpfn);
4385 freelist = domain_unmap(si_domain, iova->pfn_lo,
4389 for_each_active_iommu(iommu, drhd)
4390 iommu_flush_iotlb_psi(iommu, si_domain->id,
4391 iova->pfn_lo, iova_size(iova),
4394 dma_free_pagelist(freelist);
4396 start_vpfn = iova->pfn_hi + 1;
4397 free_iova_mem(iova);
4405 static struct notifier_block intel_iommu_memory_nb = {
4406 .notifier_call = intel_iommu_memory_notifier,
4411 static ssize_t intel_iommu_show_version(struct device *dev,
4412 struct device_attribute *attr,
4415 struct intel_iommu *iommu = dev_get_drvdata(dev);
4416 u32 ver = readl(iommu->reg + DMAR_VER_REG);
4417 return sprintf(buf, "%d:%d\n",
4418 DMAR_VER_MAJOR(ver), DMAR_VER_MINOR(ver));
4420 static DEVICE_ATTR(version, S_IRUGO, intel_iommu_show_version, NULL);
4422 static ssize_t intel_iommu_show_address(struct device *dev,
4423 struct device_attribute *attr,
4426 struct intel_iommu *iommu = dev_get_drvdata(dev);
4427 return sprintf(buf, "%llx\n", iommu->reg_phys);
4429 static DEVICE_ATTR(address, S_IRUGO, intel_iommu_show_address, NULL);
4431 static ssize_t intel_iommu_show_cap(struct device *dev,
4432 struct device_attribute *attr,
4435 struct intel_iommu *iommu = dev_get_drvdata(dev);
4436 return sprintf(buf, "%llx\n", iommu->cap);
4438 static DEVICE_ATTR(cap, S_IRUGO, intel_iommu_show_cap, NULL);
4440 static ssize_t intel_iommu_show_ecap(struct device *dev,
4441 struct device_attribute *attr,
4444 struct intel_iommu *iommu = dev_get_drvdata(dev);
4445 return sprintf(buf, "%llx\n", iommu->ecap);
4447 static DEVICE_ATTR(ecap, S_IRUGO, intel_iommu_show_ecap, NULL);
4449 static struct attribute *intel_iommu_attrs[] = {
4450 &dev_attr_version.attr,
4451 &dev_attr_address.attr,
4453 &dev_attr_ecap.attr,
4457 static struct attribute_group intel_iommu_group = {
4458 .name = "intel-iommu",
4459 .attrs = intel_iommu_attrs,
4462 const struct attribute_group *intel_iommu_groups[] = {
4467 int __init intel_iommu_init(void)
4470 struct dmar_drhd_unit *drhd;
4471 struct intel_iommu *iommu;
4473 /* VT-d is required for a TXT/tboot launch, so enforce that */
4474 force_on = tboot_force_iommu();
4476 if (iommu_init_mempool()) {
4478 panic("tboot: Failed to initialize iommu memory\n");
4482 down_write(&dmar_global_lock);
4483 if (dmar_table_init()) {
4485 panic("tboot: Failed to initialize DMAR table\n");
4489 if (dmar_dev_scope_init() < 0) {
4491 panic("tboot: Failed to initialize DMAR device scope\n");
4495 if (no_iommu || dmar_disabled)
4498 if (list_empty(&dmar_rmrr_units))
4499 pr_info("No RMRR found\n");
4501 if (list_empty(&dmar_atsr_units))
4502 pr_info("No ATSR found\n");
4504 if (dmar_init_reserved_ranges()) {
4506 panic("tboot: Failed to reserve iommu ranges\n");
4507 goto out_free_reserved_range;
4510 init_no_remapping_devices();
4515 panic("tboot: Failed to initialize DMARs\n");
4516 pr_err("Initialization failed\n");
4517 goto out_free_reserved_range;
4519 up_write(&dmar_global_lock);
4520 pr_info("Intel(R) Virtualization Technology for Directed I/O\n");
4522 init_timer(&unmap_timer);
4523 #ifdef CONFIG_SWIOTLB
4526 dma_ops = &intel_dma_ops;
4528 init_iommu_pm_ops();
4530 for_each_active_iommu(iommu, drhd)
4531 iommu->iommu_dev = iommu_device_create(NULL, iommu,
4535 bus_set_iommu(&pci_bus_type, &intel_iommu_ops);
4536 bus_register_notifier(&pci_bus_type, &device_nb);
4537 if (si_domain && !hw_pass_through)
4538 register_memory_notifier(&intel_iommu_memory_nb);
4540 intel_iommu_enabled = 1;
4544 out_free_reserved_range:
4545 put_iova_domain(&reserved_iova_list);
4547 intel_iommu_free_dmars();
4548 up_write(&dmar_global_lock);
4549 iommu_exit_mempool();
4553 static int iommu_detach_dev_cb(struct pci_dev *pdev, u16 alias, void *opaque)
4555 struct intel_iommu *iommu = opaque;
4557 iommu_detach_dev(iommu, PCI_BUS_NUM(alias), alias & 0xff);
4562 * NB - intel-iommu lacks any sort of reference counting for the users of
4563 * dependent devices. If multiple endpoints have intersecting dependent
4564 * devices, unbinding the driver from any one of them will possibly leave
4565 * the others unable to operate.
4567 static void iommu_detach_dependent_devices(struct intel_iommu *iommu,
4570 if (!iommu || !dev || !dev_is_pci(dev))
4573 pci_for_each_dma_alias(to_pci_dev(dev), &iommu_detach_dev_cb, iommu);
4576 static void domain_remove_one_dev_info(struct dmar_domain *domain,
4579 struct device_domain_info *info, *tmp;
4580 struct intel_iommu *iommu;
4581 unsigned long flags;
4585 iommu = device_to_iommu(dev, &bus, &devfn);
4589 spin_lock_irqsave(&device_domain_lock, flags);
4590 list_for_each_entry_safe(info, tmp, &domain->devices, link) {
4591 if (info->iommu == iommu && info->bus == bus &&
4592 info->devfn == devfn) {
4593 unlink_domain_info(info);
4594 spin_unlock_irqrestore(&device_domain_lock, flags);
4596 iommu_disable_dev_iotlb(info);
4597 iommu_detach_dev(iommu, info->bus, info->devfn);
4598 iommu_detach_dependent_devices(iommu, dev);
4599 free_devinfo_mem(info);
4601 spin_lock_irqsave(&device_domain_lock, flags);
4609 /* if there is no other devices under the same iommu
4610 * owned by this domain, clear this iommu in iommu_bmp
4611 * update iommu count and coherency
4613 if (info->iommu == iommu)
4617 spin_unlock_irqrestore(&device_domain_lock, flags);
4620 domain_detach_iommu(domain, iommu);
4621 if (!domain_type_is_vm_or_si(domain))
4622 iommu_detach_domain(domain, iommu);
4626 static int md_domain_init(struct dmar_domain *domain, int guest_width)
4630 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
4632 domain_reserve_special_ranges(domain);
4634 /* calculate AGAW */
4635 domain->gaw = guest_width;
4636 adjust_width = guestwidth_to_adjustwidth(guest_width);
4637 domain->agaw = width_to_agaw(adjust_width);
4639 domain->iommu_coherency = 0;
4640 domain->iommu_snooping = 0;
4641 domain->iommu_superpage = 0;
4642 domain->max_addr = 0;
4644 /* always allocate the top pgd */
4645 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
4648 domain_flush_cache(domain, domain->pgd, PAGE_SIZE);
4652 static struct iommu_domain *intel_iommu_domain_alloc(unsigned type)
4654 struct dmar_domain *dmar_domain;
4655 struct iommu_domain *domain;
4657 if (type != IOMMU_DOMAIN_UNMANAGED)
4660 dmar_domain = alloc_domain(DOMAIN_FLAG_VIRTUAL_MACHINE);
4662 pr_err("Can't allocate dmar_domain\n");
4665 if (md_domain_init(dmar_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
4666 pr_err("Domain initialization failed\n");
4667 domain_exit(dmar_domain);
4670 domain_update_iommu_cap(dmar_domain);
4672 domain = &dmar_domain->domain;
4673 domain->geometry.aperture_start = 0;
4674 domain->geometry.aperture_end = __DOMAIN_MAX_ADDR(dmar_domain->gaw);
4675 domain->geometry.force_aperture = true;
4680 static void intel_iommu_domain_free(struct iommu_domain *domain)
4682 domain_exit(to_dmar_domain(domain));
4685 static int intel_iommu_attach_device(struct iommu_domain *domain,
4688 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4689 struct intel_iommu *iommu;
4693 if (device_is_rmrr_locked(dev)) {
4694 dev_warn(dev, "Device is ineligible for IOMMU domain attach due to platform RMRR requirement. Contact your platform vendor.\n");
4698 /* normally dev is not mapped */
4699 if (unlikely(domain_context_mapped(dev))) {
4700 struct dmar_domain *old_domain;
4702 old_domain = find_domain(dev);
4704 if (domain_type_is_vm_or_si(dmar_domain))
4705 domain_remove_one_dev_info(old_domain, dev);
4707 domain_remove_dev_info(old_domain);
4709 if (!domain_type_is_vm_or_si(old_domain) &&
4710 list_empty(&old_domain->devices))
4711 domain_exit(old_domain);
4715 iommu = device_to_iommu(dev, &bus, &devfn);
4719 /* check if this iommu agaw is sufficient for max mapped address */
4720 addr_width = agaw_to_width(iommu->agaw);
4721 if (addr_width > cap_mgaw(iommu->cap))
4722 addr_width = cap_mgaw(iommu->cap);
4724 if (dmar_domain->max_addr > (1LL << addr_width)) {
4725 pr_err("%s: iommu width (%d) is not "
4726 "sufficient for the mapped address (%llx)\n",
4727 __func__, addr_width, dmar_domain->max_addr);
4730 dmar_domain->gaw = addr_width;
4733 * Knock out extra levels of page tables if necessary
4735 while (iommu->agaw < dmar_domain->agaw) {
4736 struct dma_pte *pte;
4738 pte = dmar_domain->pgd;
4739 if (dma_pte_present(pte)) {
4740 dmar_domain->pgd = (struct dma_pte *)
4741 phys_to_virt(dma_pte_addr(pte));
4742 free_pgtable_page(pte);
4744 dmar_domain->agaw--;
4747 return domain_add_dev_info(dmar_domain, dev, CONTEXT_TT_MULTI_LEVEL);
4750 static void intel_iommu_detach_device(struct iommu_domain *domain,
4753 domain_remove_one_dev_info(to_dmar_domain(domain), dev);
4756 static int intel_iommu_map(struct iommu_domain *domain,
4757 unsigned long iova, phys_addr_t hpa,
4758 size_t size, int iommu_prot)
4760 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4765 if (iommu_prot & IOMMU_READ)
4766 prot |= DMA_PTE_READ;
4767 if (iommu_prot & IOMMU_WRITE)
4768 prot |= DMA_PTE_WRITE;
4769 if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
4770 prot |= DMA_PTE_SNP;
4772 max_addr = iova + size;
4773 if (dmar_domain->max_addr < max_addr) {
4776 /* check if minimum agaw is sufficient for mapped address */
4777 end = __DOMAIN_MAX_ADDR(dmar_domain->gaw) + 1;
4778 if (end < max_addr) {
4779 pr_err("%s: iommu width (%d) is not "
4780 "sufficient for the mapped address (%llx)\n",
4781 __func__, dmar_domain->gaw, max_addr);
4784 dmar_domain->max_addr = max_addr;
4786 /* Round up size to next multiple of PAGE_SIZE, if it and
4787 the low bits of hpa would take us onto the next page */
4788 size = aligned_nrpages(hpa, size);
4789 ret = domain_pfn_mapping(dmar_domain, iova >> VTD_PAGE_SHIFT,
4790 hpa >> VTD_PAGE_SHIFT, size, prot);
4794 static size_t intel_iommu_unmap(struct iommu_domain *domain,
4795 unsigned long iova, size_t size)
4797 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4798 struct page *freelist = NULL;
4799 struct intel_iommu *iommu;
4800 unsigned long start_pfn, last_pfn;
4801 unsigned int npages;
4802 int iommu_id, num, ndomains, level = 0;
4804 /* Cope with horrid API which requires us to unmap more than the
4805 size argument if it happens to be a large-page mapping. */
4806 if (!pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level))
4809 if (size < VTD_PAGE_SIZE << level_to_offset_bits(level))
4810 size = VTD_PAGE_SIZE << level_to_offset_bits(level);
4812 start_pfn = iova >> VTD_PAGE_SHIFT;
4813 last_pfn = (iova + size - 1) >> VTD_PAGE_SHIFT;
4815 freelist = domain_unmap(dmar_domain, start_pfn, last_pfn);
4817 npages = last_pfn - start_pfn + 1;
4819 for_each_set_bit(iommu_id, dmar_domain->iommu_bmp, g_num_of_iommus) {
4820 iommu = g_iommus[iommu_id];
4823 * find bit position of dmar_domain
4825 ndomains = cap_ndoms(iommu->cap);
4826 for_each_set_bit(num, iommu->domain_ids, ndomains) {
4827 if (iommu->domains[num] == dmar_domain)
4828 iommu_flush_iotlb_psi(iommu, num, start_pfn,
4829 npages, !freelist, 0);
4834 dma_free_pagelist(freelist);
4836 if (dmar_domain->max_addr == iova + size)
4837 dmar_domain->max_addr = iova;
4842 static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
4845 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4846 struct dma_pte *pte;
4850 pte = pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level);
4852 phys = dma_pte_addr(pte);
4857 static bool intel_iommu_capable(enum iommu_cap cap)
4859 if (cap == IOMMU_CAP_CACHE_COHERENCY)
4860 return domain_update_iommu_snooping(NULL) == 1;
4861 if (cap == IOMMU_CAP_INTR_REMAP)
4862 return irq_remapping_enabled == 1;
4867 static int intel_iommu_add_device(struct device *dev)
4869 struct intel_iommu *iommu;
4870 struct iommu_group *group;
4873 iommu = device_to_iommu(dev, &bus, &devfn);
4877 iommu_device_link(iommu->iommu_dev, dev);
4879 group = iommu_group_get_for_dev(dev);
4882 return PTR_ERR(group);
4884 iommu_group_put(group);
4888 static void intel_iommu_remove_device(struct device *dev)
4890 struct intel_iommu *iommu;
4893 iommu = device_to_iommu(dev, &bus, &devfn);
4897 iommu_group_remove_device(dev);
4899 iommu_device_unlink(iommu->iommu_dev, dev);
4902 static const struct iommu_ops intel_iommu_ops = {
4903 .capable = intel_iommu_capable,
4904 .domain_alloc = intel_iommu_domain_alloc,
4905 .domain_free = intel_iommu_domain_free,
4906 .attach_dev = intel_iommu_attach_device,
4907 .detach_dev = intel_iommu_detach_device,
4908 .map = intel_iommu_map,
4909 .unmap = intel_iommu_unmap,
4910 .map_sg = default_iommu_map_sg,
4911 .iova_to_phys = intel_iommu_iova_to_phys,
4912 .add_device = intel_iommu_add_device,
4913 .remove_device = intel_iommu_remove_device,
4914 .pgsize_bitmap = INTEL_IOMMU_PGSIZES,
4917 static void quirk_iommu_g4x_gfx(struct pci_dev *dev)
4919 /* G4x/GM45 integrated gfx dmar support is totally busted. */
4920 pr_info("Disabling IOMMU for graphics on this chipset\n");
4924 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_g4x_gfx);
4925 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_g4x_gfx);
4926 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_g4x_gfx);
4927 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_g4x_gfx);
4928 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_g4x_gfx);
4929 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_g4x_gfx);
4930 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_g4x_gfx);
4932 static void quirk_iommu_rwbf(struct pci_dev *dev)
4935 * Mobile 4 Series Chipset neglects to set RWBF capability,
4936 * but needs it. Same seems to hold for the desktop versions.
4938 pr_info("Forcing write-buffer flush capability\n");
4942 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_rwbf);
4943 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_rwbf);
4944 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_rwbf);
4945 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_rwbf);
4946 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_rwbf);
4947 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_rwbf);
4948 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_rwbf);
4951 #define GGC_MEMORY_SIZE_MASK (0xf << 8)
4952 #define GGC_MEMORY_SIZE_NONE (0x0 << 8)
4953 #define GGC_MEMORY_SIZE_1M (0x1 << 8)
4954 #define GGC_MEMORY_SIZE_2M (0x3 << 8)
4955 #define GGC_MEMORY_VT_ENABLED (0x8 << 8)
4956 #define GGC_MEMORY_SIZE_2M_VT (0x9 << 8)
4957 #define GGC_MEMORY_SIZE_3M_VT (0xa << 8)
4958 #define GGC_MEMORY_SIZE_4M_VT (0xb << 8)
4960 static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev)
4964 if (pci_read_config_word(dev, GGC, &ggc))
4967 if (!(ggc & GGC_MEMORY_VT_ENABLED)) {
4968 pr_info("BIOS has allocated no shadow GTT; disabling IOMMU for graphics\n");
4970 } else if (dmar_map_gfx) {
4971 /* we have to ensure the gfx device is idle before we flush */
4972 pr_info("Disabling batched IOTLB flush on Ironlake\n");
4973 intel_iommu_strict = 1;
4976 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0040, quirk_calpella_no_shadow_gtt);
4977 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0044, quirk_calpella_no_shadow_gtt);
4978 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0062, quirk_calpella_no_shadow_gtt);
4979 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x006a, quirk_calpella_no_shadow_gtt);
4981 /* On Tylersburg chipsets, some BIOSes have been known to enable the
4982 ISOCH DMAR unit for the Azalia sound device, but not give it any
4983 TLB entries, which causes it to deadlock. Check for that. We do
4984 this in a function called from init_dmars(), instead of in a PCI
4985 quirk, because we don't want to print the obnoxious "BIOS broken"
4986 message if VT-d is actually disabled.
4988 static void __init check_tylersburg_isoch(void)
4990 struct pci_dev *pdev;
4991 uint32_t vtisochctrl;
4993 /* If there's no Azalia in the system anyway, forget it. */
4994 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL);
4999 /* System Management Registers. Might be hidden, in which case
5000 we can't do the sanity check. But that's OK, because the
5001 known-broken BIOSes _don't_ actually hide it, so far. */
5002 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x342e, NULL);
5006 if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) {
5013 /* If Azalia DMA is routed to the non-isoch DMAR unit, fine. */
5014 if (vtisochctrl & 1)
5017 /* Drop all bits other than the number of TLB entries */
5018 vtisochctrl &= 0x1c;
5020 /* If we have the recommended number of TLB entries (16), fine. */
5021 if (vtisochctrl == 0x10)
5024 /* Zero TLB entries? You get to ride the short bus to school. */
5026 WARN(1, "Your BIOS is broken; DMA routed to ISOCH DMAR unit but no TLB space.\n"
5027 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
5028 dmi_get_system_info(DMI_BIOS_VENDOR),
5029 dmi_get_system_info(DMI_BIOS_VERSION),
5030 dmi_get_system_info(DMI_PRODUCT_VERSION));
5031 iommu_identity_mapping |= IDENTMAP_AZALIA;
5035 pr_warn("Recommended TLB entries for ISOCH unit is 16; your BIOS set %d\n",
projects / cascardo / linux.git / blob