2 * IOMMU API for ARM architected SMMU implementations.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17 * Copyright (C) 2013 ARM Limited
19 * Author: Will Deacon <will.deacon@arm.com>
21 * This driver currently supports:
22 * - SMMUv1 and v2 implementations
23 * - Stream-matching and stream-indexing
24 * - v7/v8 long-descriptor format
25 * - Non-secure access to the SMMU
26 * - 4k and 64k pages, with contiguous pte hints.
27 * - Up to 42-bit addressing (dependent on VA_BITS)
28 * - Context fault reporting
31 #define pr_fmt(fmt) "arm-smmu: " fmt
33 #include <linux/delay.h>
34 #include <linux/dma-mapping.h>
35 #include <linux/err.h>
36 #include <linux/interrupt.h>
38 #include <linux/iommu.h>
40 #include <linux/module.h>
42 #include <linux/platform_device.h>
43 #include <linux/slab.h>
44 #include <linux/spinlock.h>
46 #include <linux/amba/bus.h>
48 #include <asm/pgalloc.h>
50 /* Maximum number of stream IDs assigned to a single device */
51 #define MAX_MASTER_STREAMIDS 8
53 /* Maximum number of context banks per SMMU */
54 #define ARM_SMMU_MAX_CBS 128
56 /* Maximum number of mapping groups per SMMU */
57 #define ARM_SMMU_MAX_SMRS 128
59 /* SMMU global address space */
60 #define ARM_SMMU_GR0(smmu) ((smmu)->base)
61 #define ARM_SMMU_GR1(smmu) ((smmu)->base + (smmu)->pagesize)
64 #define ARM_SMMU_PTE_XN (((pteval_t)3) << 53)
65 #define ARM_SMMU_PTE_CONT (((pteval_t)1) << 52)
66 #define ARM_SMMU_PTE_AF (((pteval_t)1) << 10)
67 #define ARM_SMMU_PTE_SH_NS (((pteval_t)0) << 8)
68 #define ARM_SMMU_PTE_SH_OS (((pteval_t)2) << 8)
69 #define ARM_SMMU_PTE_SH_IS (((pteval_t)3) << 8)
70 #define ARM_SMMU_PTE_PAGE (((pteval_t)3) << 0)
72 #if PAGE_SIZE == SZ_4K
73 #define ARM_SMMU_PTE_CONT_ENTRIES 16
74 #elif PAGE_SIZE == SZ_64K
75 #define ARM_SMMU_PTE_CONT_ENTRIES 32
77 #define ARM_SMMU_PTE_CONT_ENTRIES 1
80 #define ARM_SMMU_PTE_CONT_SIZE (PAGE_SIZE * ARM_SMMU_PTE_CONT_ENTRIES)
81 #define ARM_SMMU_PTE_CONT_MASK (~(ARM_SMMU_PTE_CONT_SIZE - 1))
82 #define ARM_SMMU_PTE_HWTABLE_SIZE (PTRS_PER_PTE * sizeof(pte_t))
85 #define ARM_SMMU_PTE_AP_UNPRIV (((pteval_t)1) << 6)
86 #define ARM_SMMU_PTE_AP_RDONLY (((pteval_t)2) << 6)
87 #define ARM_SMMU_PTE_ATTRINDX_SHIFT 2
88 #define ARM_SMMU_PTE_nG (((pteval_t)1) << 11)
91 #define ARM_SMMU_PTE_HAP_FAULT (((pteval_t)0) << 6)
92 #define ARM_SMMU_PTE_HAP_READ (((pteval_t)1) << 6)
93 #define ARM_SMMU_PTE_HAP_WRITE (((pteval_t)2) << 6)
94 #define ARM_SMMU_PTE_MEMATTR_OIWB (((pteval_t)0xf) << 2)
95 #define ARM_SMMU_PTE_MEMATTR_NC (((pteval_t)0x5) << 2)
96 #define ARM_SMMU_PTE_MEMATTR_DEV (((pteval_t)0x1) << 2)
98 /* Configuration registers */
99 #define ARM_SMMU_GR0_sCR0 0x0
100 #define sCR0_CLIENTPD (1 << 0)
101 #define sCR0_GFRE (1 << 1)
102 #define sCR0_GFIE (1 << 2)
103 #define sCR0_GCFGFRE (1 << 4)
104 #define sCR0_GCFGFIE (1 << 5)
105 #define sCR0_USFCFG (1 << 10)
106 #define sCR0_VMIDPNE (1 << 11)
107 #define sCR0_PTM (1 << 12)
108 #define sCR0_FB (1 << 13)
109 #define sCR0_BSU_SHIFT 14
110 #define sCR0_BSU_MASK 0x3
112 /* Identification registers */
113 #define ARM_SMMU_GR0_ID0 0x20
114 #define ARM_SMMU_GR0_ID1 0x24
115 #define ARM_SMMU_GR0_ID2 0x28
116 #define ARM_SMMU_GR0_ID3 0x2c
117 #define ARM_SMMU_GR0_ID4 0x30
118 #define ARM_SMMU_GR0_ID5 0x34
119 #define ARM_SMMU_GR0_ID6 0x38
120 #define ARM_SMMU_GR0_ID7 0x3c
121 #define ARM_SMMU_GR0_sGFSR 0x48
122 #define ARM_SMMU_GR0_sGFSYNR0 0x50
123 #define ARM_SMMU_GR0_sGFSYNR1 0x54
124 #define ARM_SMMU_GR0_sGFSYNR2 0x58
125 #define ARM_SMMU_GR0_PIDR0 0xfe0
126 #define ARM_SMMU_GR0_PIDR1 0xfe4
127 #define ARM_SMMU_GR0_PIDR2 0xfe8
129 #define ID0_S1TS (1 << 30)
130 #define ID0_S2TS (1 << 29)
131 #define ID0_NTS (1 << 28)
132 #define ID0_SMS (1 << 27)
133 #define ID0_PTFS_SHIFT 24
134 #define ID0_PTFS_MASK 0x2
135 #define ID0_PTFS_V8_ONLY 0x2
136 #define ID0_CTTW (1 << 14)
137 #define ID0_NUMIRPT_SHIFT 16
138 #define ID0_NUMIRPT_MASK 0xff
139 #define ID0_NUMSMRG_SHIFT 0
140 #define ID0_NUMSMRG_MASK 0xff
142 #define ID1_PAGESIZE (1 << 31)
143 #define ID1_NUMPAGENDXB_SHIFT 28
144 #define ID1_NUMPAGENDXB_MASK 7
145 #define ID1_NUMS2CB_SHIFT 16
146 #define ID1_NUMS2CB_MASK 0xff
147 #define ID1_NUMCB_SHIFT 0
148 #define ID1_NUMCB_MASK 0xff
150 #define ID2_OAS_SHIFT 4
151 #define ID2_OAS_MASK 0xf
152 #define ID2_IAS_SHIFT 0
153 #define ID2_IAS_MASK 0xf
154 #define ID2_UBS_SHIFT 8
155 #define ID2_UBS_MASK 0xf
156 #define ID2_PTFS_4K (1 << 12)
157 #define ID2_PTFS_16K (1 << 13)
158 #define ID2_PTFS_64K (1 << 14)
160 #define PIDR2_ARCH_SHIFT 4
161 #define PIDR2_ARCH_MASK 0xf
163 /* Global TLB invalidation */
164 #define ARM_SMMU_GR0_STLBIALL 0x60
165 #define ARM_SMMU_GR0_TLBIVMID 0x64
166 #define ARM_SMMU_GR0_TLBIALLNSNH 0x68
167 #define ARM_SMMU_GR0_TLBIALLH 0x6c
168 #define ARM_SMMU_GR0_sTLBGSYNC 0x70
169 #define ARM_SMMU_GR0_sTLBGSTATUS 0x74
170 #define sTLBGSTATUS_GSACTIVE (1 << 0)
171 #define TLB_LOOP_TIMEOUT 1000000 /* 1s! */
173 /* Stream mapping registers */
174 #define ARM_SMMU_GR0_SMR(n) (0x800 + ((n) << 2))
175 #define SMR_VALID (1 << 31)
176 #define SMR_MASK_SHIFT 16
177 #define SMR_MASK_MASK 0x7fff
178 #define SMR_ID_SHIFT 0
179 #define SMR_ID_MASK 0x7fff
181 #define ARM_SMMU_GR0_S2CR(n) (0xc00 + ((n) << 2))
182 #define S2CR_CBNDX_SHIFT 0
183 #define S2CR_CBNDX_MASK 0xff
184 #define S2CR_TYPE_SHIFT 16
185 #define S2CR_TYPE_MASK 0x3
186 #define S2CR_TYPE_TRANS (0 << S2CR_TYPE_SHIFT)
187 #define S2CR_TYPE_BYPASS (1 << S2CR_TYPE_SHIFT)
188 #define S2CR_TYPE_FAULT (2 << S2CR_TYPE_SHIFT)
190 /* Context bank attribute registers */
191 #define ARM_SMMU_GR1_CBAR(n) (0x0 + ((n) << 2))
192 #define CBAR_VMID_SHIFT 0
193 #define CBAR_VMID_MASK 0xff
194 #define CBAR_S1_MEMATTR_SHIFT 12
195 #define CBAR_S1_MEMATTR_MASK 0xf
196 #define CBAR_S1_MEMATTR_WB 0xf
197 #define CBAR_TYPE_SHIFT 16
198 #define CBAR_TYPE_MASK 0x3
199 #define CBAR_TYPE_S2_TRANS (0 << CBAR_TYPE_SHIFT)
200 #define CBAR_TYPE_S1_TRANS_S2_BYPASS (1 << CBAR_TYPE_SHIFT)
201 #define CBAR_TYPE_S1_TRANS_S2_FAULT (2 << CBAR_TYPE_SHIFT)
202 #define CBAR_TYPE_S1_TRANS_S2_TRANS (3 << CBAR_TYPE_SHIFT)
203 #define CBAR_IRPTNDX_SHIFT 24
204 #define CBAR_IRPTNDX_MASK 0xff
206 #define ARM_SMMU_GR1_CBA2R(n) (0x800 + ((n) << 2))
207 #define CBA2R_RW64_32BIT (0 << 0)
208 #define CBA2R_RW64_64BIT (1 << 0)
210 /* Translation context bank */
211 #define ARM_SMMU_CB_BASE(smmu) ((smmu)->base + ((smmu)->size >> 1))
212 #define ARM_SMMU_CB(smmu, n) ((n) * (smmu)->pagesize)
214 #define ARM_SMMU_CB_SCTLR 0x0
215 #define ARM_SMMU_CB_RESUME 0x8
216 #define ARM_SMMU_CB_TTBCR2 0x10
217 #define ARM_SMMU_CB_TTBR0_LO 0x20
218 #define ARM_SMMU_CB_TTBR0_HI 0x24
219 #define ARM_SMMU_CB_TTBCR 0x30
220 #define ARM_SMMU_CB_S1_MAIR0 0x38
221 #define ARM_SMMU_CB_FSR 0x58
222 #define ARM_SMMU_CB_FAR_LO 0x60
223 #define ARM_SMMU_CB_FAR_HI 0x64
224 #define ARM_SMMU_CB_FSYNR0 0x68
225 #define ARM_SMMU_CB_S1_TLBIASID 0x610
227 #define SCTLR_S1_ASIDPNE (1 << 12)
228 #define SCTLR_CFCFG (1 << 7)
229 #define SCTLR_CFIE (1 << 6)
230 #define SCTLR_CFRE (1 << 5)
231 #define SCTLR_E (1 << 4)
232 #define SCTLR_AFE (1 << 2)
233 #define SCTLR_TRE (1 << 1)
234 #define SCTLR_M (1 << 0)
235 #define SCTLR_EAE_SBOP (SCTLR_AFE | SCTLR_TRE)
237 #define RESUME_RETRY (0 << 0)
238 #define RESUME_TERMINATE (1 << 0)
240 #define TTBCR_EAE (1 << 31)
242 #define TTBCR_PASIZE_SHIFT 16
243 #define TTBCR_PASIZE_MASK 0x7
245 #define TTBCR_TG0_4K (0 << 14)
246 #define TTBCR_TG0_64K (1 << 14)
248 #define TTBCR_SH0_SHIFT 12
249 #define TTBCR_SH0_MASK 0x3
250 #define TTBCR_SH_NS 0
251 #define TTBCR_SH_OS 2
252 #define TTBCR_SH_IS 3
254 #define TTBCR_ORGN0_SHIFT 10
255 #define TTBCR_IRGN0_SHIFT 8
256 #define TTBCR_RGN_MASK 0x3
257 #define TTBCR_RGN_NC 0
258 #define TTBCR_RGN_WBWA 1
259 #define TTBCR_RGN_WT 2
260 #define TTBCR_RGN_WB 3
262 #define TTBCR_SL0_SHIFT 6
263 #define TTBCR_SL0_MASK 0x3
264 #define TTBCR_SL0_LVL_2 0
265 #define TTBCR_SL0_LVL_1 1
267 #define TTBCR_T1SZ_SHIFT 16
268 #define TTBCR_T0SZ_SHIFT 0
269 #define TTBCR_SZ_MASK 0xf
271 #define TTBCR2_SEP_SHIFT 15
272 #define TTBCR2_SEP_MASK 0x7
274 #define TTBCR2_PASIZE_SHIFT 0
275 #define TTBCR2_PASIZE_MASK 0x7
277 /* Common definitions for PASize and SEP fields */
278 #define TTBCR2_ADDR_32 0
279 #define TTBCR2_ADDR_36 1
280 #define TTBCR2_ADDR_40 2
281 #define TTBCR2_ADDR_42 3
282 #define TTBCR2_ADDR_44 4
283 #define TTBCR2_ADDR_48 5
285 #define TTBRn_HI_ASID_SHIFT 16
287 #define MAIR_ATTR_SHIFT(n) ((n) << 3)
288 #define MAIR_ATTR_MASK 0xff
289 #define MAIR_ATTR_DEVICE 0x04
290 #define MAIR_ATTR_NC 0x44
291 #define MAIR_ATTR_WBRWA 0xff
292 #define MAIR_ATTR_IDX_NC 0
293 #define MAIR_ATTR_IDX_CACHE 1
294 #define MAIR_ATTR_IDX_DEV 2
296 #define FSR_MULTI (1 << 31)
297 #define FSR_SS (1 << 30)
298 #define FSR_UUT (1 << 8)
299 #define FSR_ASF (1 << 7)
300 #define FSR_TLBLKF (1 << 6)
301 #define FSR_TLBMCF (1 << 5)
302 #define FSR_EF (1 << 4)
303 #define FSR_PF (1 << 3)
304 #define FSR_AFF (1 << 2)
305 #define FSR_TF (1 << 1)
307 #define FSR_IGN (FSR_AFF | FSR_ASF | FSR_TLBMCF | \
309 #define FSR_FAULT (FSR_MULTI | FSR_SS | FSR_UUT | \
310 FSR_EF | FSR_PF | FSR_TF | FSR_IGN)
312 #define FSYNR0_WNR (1 << 4)
314 struct arm_smmu_smr {
320 struct arm_smmu_master {
321 struct device_node *of_node;
324 * The following is specific to the master's position in the
329 u16 streamids[MAX_MASTER_STREAMIDS];
332 * We only need to allocate these on the root SMMU, as we
333 * configure unmatched streams to bypass translation.
335 struct arm_smmu_smr *smrs;
338 struct arm_smmu_device {
340 struct device_node *parent_of_node;
344 unsigned long pagesize;
346 #define ARM_SMMU_FEAT_COHERENT_WALK (1 << 0)
347 #define ARM_SMMU_FEAT_STREAM_MATCH (1 << 1)
348 #define ARM_SMMU_FEAT_TRANS_S1 (1 << 2)
349 #define ARM_SMMU_FEAT_TRANS_S2 (1 << 3)
350 #define ARM_SMMU_FEAT_TRANS_NESTED (1 << 4)
354 u32 num_context_banks;
355 u32 num_s2_context_banks;
356 DECLARE_BITMAP(context_map, ARM_SMMU_MAX_CBS);
359 u32 num_mapping_groups;
360 DECLARE_BITMAP(smr_map, ARM_SMMU_MAX_SMRS);
362 unsigned long input_size;
363 unsigned long s1_output_size;
364 unsigned long s2_output_size;
367 u32 num_context_irqs;
370 struct list_head list;
371 struct rb_root masters;
374 struct arm_smmu_cfg {
375 struct arm_smmu_device *smmu;
381 #define INVALID_IRPTNDX 0xff
383 #define ARM_SMMU_CB_ASID(cfg) ((cfg)->cbndx)
384 #define ARM_SMMU_CB_VMID(cfg) ((cfg)->cbndx + 1)
386 struct arm_smmu_domain {
388 * A domain can span across multiple, chained SMMUs and requires
389 * all devices within the domain to follow the same translation
392 struct arm_smmu_device *leaf_smmu;
393 struct arm_smmu_cfg root_cfg;
394 phys_addr_t output_mask;
399 static DEFINE_SPINLOCK(arm_smmu_devices_lock);
400 static LIST_HEAD(arm_smmu_devices);
402 static struct arm_smmu_master *find_smmu_master(struct arm_smmu_device *smmu,
403 struct device_node *dev_node)
405 struct rb_node *node = smmu->masters.rb_node;
408 struct arm_smmu_master *master;
409 master = container_of(node, struct arm_smmu_master, node);
411 if (dev_node < master->of_node)
412 node = node->rb_left;
413 else if (dev_node > master->of_node)
414 node = node->rb_right;
422 static int insert_smmu_master(struct arm_smmu_device *smmu,
423 struct arm_smmu_master *master)
425 struct rb_node **new, *parent;
427 new = &smmu->masters.rb_node;
430 struct arm_smmu_master *this;
431 this = container_of(*new, struct arm_smmu_master, node);
434 if (master->of_node < this->of_node)
435 new = &((*new)->rb_left);
436 else if (master->of_node > this->of_node)
437 new = &((*new)->rb_right);
442 rb_link_node(&master->node, parent, new);
443 rb_insert_color(&master->node, &smmu->masters);
447 static int register_smmu_master(struct arm_smmu_device *smmu,
449 struct of_phandle_args *masterspec)
452 struct arm_smmu_master *master;
454 master = find_smmu_master(smmu, masterspec->np);
457 "rejecting multiple registrations for master device %s\n",
458 masterspec->np->name);
462 if (masterspec->args_count > MAX_MASTER_STREAMIDS) {
464 "reached maximum number (%d) of stream IDs for master device %s\n",
465 MAX_MASTER_STREAMIDS, masterspec->np->name);
469 master = devm_kzalloc(dev, sizeof(*master), GFP_KERNEL);
473 master->of_node = masterspec->np;
474 master->num_streamids = masterspec->args_count;
476 for (i = 0; i < master->num_streamids; ++i)
477 master->streamids[i] = masterspec->args[i];
479 return insert_smmu_master(smmu, master);
482 static struct arm_smmu_device *find_parent_smmu(struct arm_smmu_device *smmu)
484 struct arm_smmu_device *parent;
486 if (!smmu->parent_of_node)
489 spin_lock(&arm_smmu_devices_lock);
490 list_for_each_entry(parent, &arm_smmu_devices, list)
491 if (parent->dev->of_node == smmu->parent_of_node)
496 "Failed to find SMMU parent despite parent in DT\n");
498 spin_unlock(&arm_smmu_devices_lock);
502 static int __arm_smmu_alloc_bitmap(unsigned long *map, int start, int end)
507 idx = find_next_zero_bit(map, end, start);
510 } while (test_and_set_bit(idx, map));
515 static void __arm_smmu_free_bitmap(unsigned long *map, int idx)
520 /* Wait for any pending TLB invalidations to complete */
521 static void arm_smmu_tlb_sync(struct arm_smmu_device *smmu)
524 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
526 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_sTLBGSYNC);
527 while (readl_relaxed(gr0_base + ARM_SMMU_GR0_sTLBGSTATUS)
528 & sTLBGSTATUS_GSACTIVE) {
530 if (++count == TLB_LOOP_TIMEOUT) {
531 dev_err_ratelimited(smmu->dev,
532 "TLB sync timed out -- SMMU may be deadlocked\n");
539 static void arm_smmu_tlb_inv_context(struct arm_smmu_cfg *cfg)
541 struct arm_smmu_device *smmu = cfg->smmu;
542 void __iomem *base = ARM_SMMU_GR0(smmu);
543 bool stage1 = cfg->cbar != CBAR_TYPE_S2_TRANS;
546 base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
547 writel_relaxed(ARM_SMMU_CB_ASID(cfg),
548 base + ARM_SMMU_CB_S1_TLBIASID);
550 base = ARM_SMMU_GR0(smmu);
551 writel_relaxed(ARM_SMMU_CB_VMID(cfg),
552 base + ARM_SMMU_GR0_TLBIVMID);
555 arm_smmu_tlb_sync(smmu);
558 static irqreturn_t arm_smmu_context_fault(int irq, void *dev)
561 u32 fsr, far, fsynr, resume;
563 struct iommu_domain *domain = dev;
564 struct arm_smmu_domain *smmu_domain = domain->priv;
565 struct arm_smmu_cfg *root_cfg = &smmu_domain->root_cfg;
566 struct arm_smmu_device *smmu = root_cfg->smmu;
567 void __iomem *cb_base;
569 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, root_cfg->cbndx);
570 fsr = readl_relaxed(cb_base + ARM_SMMU_CB_FSR);
572 if (!(fsr & FSR_FAULT))
576 dev_err_ratelimited(smmu->dev,
577 "Unexpected context fault (fsr 0x%u)\n",
580 fsynr = readl_relaxed(cb_base + ARM_SMMU_CB_FSYNR0);
581 flags = fsynr & FSYNR0_WNR ? IOMMU_FAULT_WRITE : IOMMU_FAULT_READ;
583 far = readl_relaxed(cb_base + ARM_SMMU_CB_FAR_LO);
586 far = readl_relaxed(cb_base + ARM_SMMU_CB_FAR_HI);
587 iova |= ((unsigned long)far << 32);
590 if (!report_iommu_fault(domain, smmu->dev, iova, flags)) {
592 resume = RESUME_RETRY;
594 dev_err_ratelimited(smmu->dev,
595 "Unhandled context fault: iova=0x%08lx, fsynr=0x%x, cb=%d\n",
596 iova, fsynr, root_cfg->cbndx);
598 resume = RESUME_TERMINATE;
601 /* Clear the faulting FSR */
602 writel(fsr, cb_base + ARM_SMMU_CB_FSR);
604 /* Retry or terminate any stalled transactions */
606 writel_relaxed(resume, cb_base + ARM_SMMU_CB_RESUME);
611 static irqreturn_t arm_smmu_global_fault(int irq, void *dev)
613 u32 gfsr, gfsynr0, gfsynr1, gfsynr2;
614 struct arm_smmu_device *smmu = dev;
615 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
617 gfsr = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSR);
621 gfsynr0 = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSYNR0);
622 gfsynr1 = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSYNR1);
623 gfsynr2 = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSYNR2);
625 dev_err_ratelimited(smmu->dev,
626 "Unexpected global fault, this could be serious\n");
627 dev_err_ratelimited(smmu->dev,
628 "\tGFSR 0x%08x, GFSYNR0 0x%08x, GFSYNR1 0x%08x, GFSYNR2 0x%08x\n",
629 gfsr, gfsynr0, gfsynr1, gfsynr2);
631 writel(gfsr, gr0_base + ARM_SMMU_GR0_sGFSR);
635 static void arm_smmu_init_context_bank(struct arm_smmu_domain *smmu_domain)
639 struct arm_smmu_cfg *root_cfg = &smmu_domain->root_cfg;
640 struct arm_smmu_device *smmu = root_cfg->smmu;
641 void __iomem *cb_base, *gr0_base, *gr1_base;
643 gr0_base = ARM_SMMU_GR0(smmu);
644 gr1_base = ARM_SMMU_GR1(smmu);
645 stage1 = root_cfg->cbar != CBAR_TYPE_S2_TRANS;
646 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, root_cfg->cbndx);
649 reg = root_cfg->cbar;
650 if (smmu->version == 1)
651 reg |= root_cfg->irptndx << CBAR_IRPTNDX_SHIFT;
653 /* Use the weakest memory type, so it is overridden by the pte */
655 reg |= (CBAR_S1_MEMATTR_WB << CBAR_S1_MEMATTR_SHIFT);
657 reg |= ARM_SMMU_CB_VMID(root_cfg) << CBAR_VMID_SHIFT;
658 writel_relaxed(reg, gr1_base + ARM_SMMU_GR1_CBAR(root_cfg->cbndx));
660 if (smmu->version > 1) {
663 reg = CBA2R_RW64_64BIT;
665 reg = CBA2R_RW64_32BIT;
668 gr1_base + ARM_SMMU_GR1_CBA2R(root_cfg->cbndx));
671 switch (smmu->input_size) {
673 reg = (TTBCR2_ADDR_32 << TTBCR2_SEP_SHIFT);
676 reg = (TTBCR2_ADDR_36 << TTBCR2_SEP_SHIFT);
679 reg = (TTBCR2_ADDR_40 << TTBCR2_SEP_SHIFT);
682 reg = (TTBCR2_ADDR_42 << TTBCR2_SEP_SHIFT);
685 reg = (TTBCR2_ADDR_44 << TTBCR2_SEP_SHIFT);
688 reg = (TTBCR2_ADDR_48 << TTBCR2_SEP_SHIFT);
692 switch (smmu->s1_output_size) {
694 reg |= (TTBCR2_ADDR_32 << TTBCR2_PASIZE_SHIFT);
697 reg |= (TTBCR2_ADDR_36 << TTBCR2_PASIZE_SHIFT);
700 reg |= (TTBCR2_ADDR_40 << TTBCR2_PASIZE_SHIFT);
703 reg |= (TTBCR2_ADDR_42 << TTBCR2_PASIZE_SHIFT);
706 reg |= (TTBCR2_ADDR_44 << TTBCR2_PASIZE_SHIFT);
709 reg |= (TTBCR2_ADDR_48 << TTBCR2_PASIZE_SHIFT);
714 writel_relaxed(reg, cb_base + ARM_SMMU_CB_TTBCR2);
718 reg = __pa(root_cfg->pgd);
719 writel_relaxed(reg, cb_base + ARM_SMMU_CB_TTBR0_LO);
720 reg = (phys_addr_t)__pa(root_cfg->pgd) >> 32;
722 reg |= ARM_SMMU_CB_ASID(root_cfg) << TTBRn_HI_ASID_SHIFT;
723 writel_relaxed(reg, cb_base + ARM_SMMU_CB_TTBR0_HI);
727 * We use long descriptor, with inner-shareable WBWA tables in TTBR0.
729 if (smmu->version > 1) {
730 if (PAGE_SIZE == SZ_4K)
736 switch (smmu->s2_output_size) {
738 reg |= (TTBCR2_ADDR_32 << TTBCR_PASIZE_SHIFT);
741 reg |= (TTBCR2_ADDR_36 << TTBCR_PASIZE_SHIFT);
744 reg |= (TTBCR2_ADDR_40 << TTBCR_PASIZE_SHIFT);
747 reg |= (TTBCR2_ADDR_42 << TTBCR_PASIZE_SHIFT);
750 reg |= (TTBCR2_ADDR_44 << TTBCR_PASIZE_SHIFT);
753 reg |= (TTBCR2_ADDR_48 << TTBCR_PASIZE_SHIFT);
757 reg |= (64 - smmu->s1_output_size) << TTBCR_T0SZ_SHIFT;
764 (TTBCR_SH_IS << TTBCR_SH0_SHIFT) |
765 (TTBCR_RGN_WBWA << TTBCR_ORGN0_SHIFT) |
766 (TTBCR_RGN_WBWA << TTBCR_IRGN0_SHIFT) |
767 (TTBCR_SL0_LVL_1 << TTBCR_SL0_SHIFT);
768 writel_relaxed(reg, cb_base + ARM_SMMU_CB_TTBCR);
770 /* MAIR0 (stage-1 only) */
772 reg = (MAIR_ATTR_NC << MAIR_ATTR_SHIFT(MAIR_ATTR_IDX_NC)) |
773 (MAIR_ATTR_WBRWA << MAIR_ATTR_SHIFT(MAIR_ATTR_IDX_CACHE)) |
774 (MAIR_ATTR_DEVICE << MAIR_ATTR_SHIFT(MAIR_ATTR_IDX_DEV));
775 writel_relaxed(reg, cb_base + ARM_SMMU_CB_S1_MAIR0);
779 reg = SCTLR_CFCFG | SCTLR_CFIE | SCTLR_CFRE | SCTLR_M | SCTLR_EAE_SBOP;
781 reg |= SCTLR_S1_ASIDPNE;
785 writel_relaxed(reg, cb_base + ARM_SMMU_CB_SCTLR);
788 static int arm_smmu_init_domain_context(struct iommu_domain *domain,
792 struct arm_smmu_domain *smmu_domain = domain->priv;
793 struct arm_smmu_cfg *root_cfg = &smmu_domain->root_cfg;
794 struct arm_smmu_device *smmu, *parent;
797 * Walk the SMMU chain to find the root device for this chain.
798 * We assume that no masters have translations which terminate
799 * early, and therefore check that the root SMMU does indeed have
800 * a StreamID for the master in question.
802 parent = dev->archdata.iommu;
803 smmu_domain->output_mask = -1;
806 smmu_domain->output_mask &= (1ULL << smmu->s2_output_size) - 1;
807 } while ((parent = find_parent_smmu(smmu)));
809 if (!find_smmu_master(smmu, dev->of_node)) {
810 dev_err(dev, "unable to find root SMMU for device\n");
814 if (smmu->features & ARM_SMMU_FEAT_TRANS_NESTED) {
816 * We will likely want to change this if/when KVM gets
819 root_cfg->cbar = CBAR_TYPE_S1_TRANS_S2_BYPASS;
820 start = smmu->num_s2_context_banks;
821 } else if (smmu->features & ARM_SMMU_FEAT_TRANS_S2) {
822 root_cfg->cbar = CBAR_TYPE_S2_TRANS;
825 root_cfg->cbar = CBAR_TYPE_S1_TRANS_S2_BYPASS;
826 start = smmu->num_s2_context_banks;
829 ret = __arm_smmu_alloc_bitmap(smmu->context_map, start,
830 smmu->num_context_banks);
831 if (IS_ERR_VALUE(ret))
834 root_cfg->cbndx = ret;
835 if (smmu->version == 1) {
836 root_cfg->irptndx = atomic_inc_return(&smmu->irptndx);
837 root_cfg->irptndx %= smmu->num_context_irqs;
839 root_cfg->irptndx = root_cfg->cbndx;
842 irq = smmu->irqs[smmu->num_global_irqs + root_cfg->irptndx];
843 ret = request_irq(irq, arm_smmu_context_fault, IRQF_SHARED,
844 "arm-smmu-context-fault", domain);
845 if (IS_ERR_VALUE(ret)) {
846 dev_err(smmu->dev, "failed to request context IRQ %d (%u)\n",
847 root_cfg->irptndx, irq);
848 root_cfg->irptndx = INVALID_IRPTNDX;
849 goto out_free_context;
852 root_cfg->smmu = smmu;
853 arm_smmu_init_context_bank(smmu_domain);
857 __arm_smmu_free_bitmap(smmu->context_map, root_cfg->cbndx);
861 static void arm_smmu_destroy_domain_context(struct iommu_domain *domain)
863 struct arm_smmu_domain *smmu_domain = domain->priv;
864 struct arm_smmu_cfg *root_cfg = &smmu_domain->root_cfg;
865 struct arm_smmu_device *smmu = root_cfg->smmu;
866 void __iomem *cb_base;
872 /* Disable the context bank and nuke the TLB before freeing it. */
873 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, root_cfg->cbndx);
874 writel_relaxed(0, cb_base + ARM_SMMU_CB_SCTLR);
875 arm_smmu_tlb_inv_context(root_cfg);
877 if (root_cfg->irptndx != INVALID_IRPTNDX) {
878 irq = smmu->irqs[smmu->num_global_irqs + root_cfg->irptndx];
879 free_irq(irq, domain);
882 __arm_smmu_free_bitmap(smmu->context_map, root_cfg->cbndx);
885 static int arm_smmu_domain_init(struct iommu_domain *domain)
887 struct arm_smmu_domain *smmu_domain;
891 * Allocate the domain and initialise some of its data structures.
892 * We can't really do anything meaningful until we've added a
895 smmu_domain = kzalloc(sizeof(*smmu_domain), GFP_KERNEL);
899 pgd = kzalloc(PTRS_PER_PGD * sizeof(pgd_t), GFP_KERNEL);
901 goto out_free_domain;
902 smmu_domain->root_cfg.pgd = pgd;
904 mutex_init(&smmu_domain->lock);
905 domain->priv = smmu_domain;
913 static void arm_smmu_free_ptes(pmd_t *pmd)
915 pgtable_t table = pmd_pgtable(*pmd);
916 pgtable_page_dtor(table);
920 static void arm_smmu_free_pmds(pud_t *pud)
923 pmd_t *pmd, *pmd_base = pmd_offset(pud, 0);
926 for (i = 0; i < PTRS_PER_PMD; ++i) {
930 arm_smmu_free_ptes(pmd);
934 pmd_free(NULL, pmd_base);
937 static void arm_smmu_free_puds(pgd_t *pgd)
940 pud_t *pud, *pud_base = pud_offset(pgd, 0);
943 for (i = 0; i < PTRS_PER_PUD; ++i) {
947 arm_smmu_free_pmds(pud);
951 pud_free(NULL, pud_base);
954 static void arm_smmu_free_pgtables(struct arm_smmu_domain *smmu_domain)
957 struct arm_smmu_cfg *root_cfg = &smmu_domain->root_cfg;
958 pgd_t *pgd, *pgd_base = root_cfg->pgd;
961 * Recursively free the page tables for this domain. We don't
962 * care about speculative TLB filling, because the TLB will be
963 * nuked next time this context bank is re-allocated and no devices
964 * currently map to these tables.
967 for (i = 0; i < PTRS_PER_PGD; ++i) {
970 arm_smmu_free_puds(pgd);
977 static void arm_smmu_domain_destroy(struct iommu_domain *domain)
979 struct arm_smmu_domain *smmu_domain = domain->priv;
982 * Free the domain resources. We assume that all devices have
983 * already been detached.
985 arm_smmu_destroy_domain_context(domain);
986 arm_smmu_free_pgtables(smmu_domain);
990 static int arm_smmu_master_configure_smrs(struct arm_smmu_device *smmu,
991 struct arm_smmu_master *master)
994 struct arm_smmu_smr *smrs;
995 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
997 if (!(smmu->features & ARM_SMMU_FEAT_STREAM_MATCH))
1003 smrs = kmalloc(sizeof(*smrs) * master->num_streamids, GFP_KERNEL);
1005 dev_err(smmu->dev, "failed to allocate %d SMRs for master %s\n",
1006 master->num_streamids, master->of_node->name);
1010 /* Allocate the SMRs on the root SMMU */
1011 for (i = 0; i < master->num_streamids; ++i) {
1012 int idx = __arm_smmu_alloc_bitmap(smmu->smr_map, 0,
1013 smmu->num_mapping_groups);
1014 if (IS_ERR_VALUE(idx)) {
1015 dev_err(smmu->dev, "failed to allocate free SMR\n");
1019 smrs[i] = (struct arm_smmu_smr) {
1021 .mask = 0, /* We don't currently share SMRs */
1022 .id = master->streamids[i],
1026 /* It worked! Now, poke the actual hardware */
1027 for (i = 0; i < master->num_streamids; ++i) {
1028 u32 reg = SMR_VALID | smrs[i].id << SMR_ID_SHIFT |
1029 smrs[i].mask << SMR_MASK_SHIFT;
1030 writel_relaxed(reg, gr0_base + ARM_SMMU_GR0_SMR(smrs[i].idx));
1033 master->smrs = smrs;
1038 __arm_smmu_free_bitmap(smmu->smr_map, smrs[i].idx);
1043 static void arm_smmu_master_free_smrs(struct arm_smmu_device *smmu,
1044 struct arm_smmu_master *master)
1047 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1048 struct arm_smmu_smr *smrs = master->smrs;
1050 /* Invalidate the SMRs before freeing back to the allocator */
1051 for (i = 0; i < master->num_streamids; ++i) {
1052 u8 idx = smrs[i].idx;
1053 writel_relaxed(~SMR_VALID, gr0_base + ARM_SMMU_GR0_SMR(idx));
1054 __arm_smmu_free_bitmap(smmu->smr_map, idx);
1057 master->smrs = NULL;
1061 static void arm_smmu_bypass_stream_mapping(struct arm_smmu_device *smmu,
1062 struct arm_smmu_master *master)
1065 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1067 for (i = 0; i < master->num_streamids; ++i) {
1068 u16 sid = master->streamids[i];
1069 writel_relaxed(S2CR_TYPE_BYPASS,
1070 gr0_base + ARM_SMMU_GR0_S2CR(sid));
1074 static int arm_smmu_domain_add_master(struct arm_smmu_domain *smmu_domain,
1075 struct arm_smmu_master *master)
1078 struct arm_smmu_device *parent, *smmu = smmu_domain->root_cfg.smmu;
1079 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1081 ret = arm_smmu_master_configure_smrs(smmu, master);
1085 /* Bypass the leaves */
1086 smmu = smmu_domain->leaf_smmu;
1087 while ((parent = find_parent_smmu(smmu))) {
1089 * We won't have a StreamID match for anything but the root
1090 * smmu, so we only need to worry about StreamID indexing,
1091 * where we must install bypass entries in the S2CRs.
1093 if (smmu->features & ARM_SMMU_FEAT_STREAM_MATCH)
1096 arm_smmu_bypass_stream_mapping(smmu, master);
1100 /* Now we're at the root, time to point at our context bank */
1101 for (i = 0; i < master->num_streamids; ++i) {
1103 idx = master->smrs ? master->smrs[i].idx : master->streamids[i];
1104 s2cr = (S2CR_TYPE_TRANS << S2CR_TYPE_SHIFT) |
1105 (smmu_domain->root_cfg.cbndx << S2CR_CBNDX_SHIFT);
1106 writel_relaxed(s2cr, gr0_base + ARM_SMMU_GR0_S2CR(idx));
1112 static void arm_smmu_domain_remove_master(struct arm_smmu_domain *smmu_domain,
1113 struct arm_smmu_master *master)
1115 struct arm_smmu_device *smmu = smmu_domain->root_cfg.smmu;
1118 * We *must* clear the S2CR first, because freeing the SMR means
1119 * that it can be re-allocated immediately.
1121 arm_smmu_bypass_stream_mapping(smmu, master);
1122 arm_smmu_master_free_smrs(smmu, master);
1125 static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
1128 struct arm_smmu_domain *smmu_domain = domain->priv;
1129 struct arm_smmu_device *device_smmu = dev->archdata.iommu;
1130 struct arm_smmu_master *master;
1133 dev_err(dev, "cannot attach to SMMU, is it on the same bus?\n");
1138 * Sanity check the domain. We don't currently support domains
1139 * that cross between different SMMU chains.
1141 mutex_lock(&smmu_domain->lock);
1142 if (!smmu_domain->leaf_smmu) {
1143 /* Now that we have a master, we can finalise the domain */
1144 ret = arm_smmu_init_domain_context(domain, dev);
1145 if (IS_ERR_VALUE(ret))
1148 smmu_domain->leaf_smmu = device_smmu;
1149 } else if (smmu_domain->leaf_smmu != device_smmu) {
1151 "cannot attach to SMMU %s whilst already attached to domain on SMMU %s\n",
1152 dev_name(smmu_domain->leaf_smmu->dev),
1153 dev_name(device_smmu->dev));
1156 mutex_unlock(&smmu_domain->lock);
1158 /* Looks ok, so add the device to the domain */
1159 master = find_smmu_master(smmu_domain->leaf_smmu, dev->of_node);
1163 return arm_smmu_domain_add_master(smmu_domain, master);
1166 mutex_unlock(&smmu_domain->lock);
1170 static void arm_smmu_detach_dev(struct iommu_domain *domain, struct device *dev)
1172 struct arm_smmu_domain *smmu_domain = domain->priv;
1173 struct arm_smmu_master *master;
1175 master = find_smmu_master(smmu_domain->leaf_smmu, dev->of_node);
1177 arm_smmu_domain_remove_master(smmu_domain, master);
1180 static void arm_smmu_flush_pgtable(struct arm_smmu_device *smmu, void *addr,
1183 unsigned long offset = (unsigned long)addr & ~PAGE_MASK;
1186 * If the SMMU can't walk tables in the CPU caches, treat them
1187 * like non-coherent DMA since we need to flush the new entries
1188 * all the way out to memory. There's no possibility of recursion
1189 * here as the SMMU table walker will not be wired through another
1192 if (!(smmu->features & ARM_SMMU_FEAT_COHERENT_WALK))
1193 dma_map_page(smmu->dev, virt_to_page(addr), offset, size,
1197 static bool arm_smmu_pte_is_contiguous_range(unsigned long addr,
1200 return !(addr & ~ARM_SMMU_PTE_CONT_MASK) &&
1201 (addr + ARM_SMMU_PTE_CONT_SIZE <= end);
1204 static int arm_smmu_alloc_init_pte(struct arm_smmu_device *smmu, pmd_t *pmd,
1205 unsigned long addr, unsigned long end,
1206 unsigned long pfn, int flags, int stage)
1209 pteval_t pteval = ARM_SMMU_PTE_PAGE | ARM_SMMU_PTE_AF | ARM_SMMU_PTE_XN;
1211 if (pmd_none(*pmd)) {
1212 /* Allocate a new set of tables */
1213 pgtable_t table = alloc_page(PGALLOC_GFP);
1217 arm_smmu_flush_pgtable(smmu, page_address(table),
1218 ARM_SMMU_PTE_HWTABLE_SIZE);
1219 if (!pgtable_page_ctor(table)) {
1223 pmd_populate(NULL, pmd, table);
1224 arm_smmu_flush_pgtable(smmu, pmd, sizeof(*pmd));
1228 pteval |= ARM_SMMU_PTE_AP_UNPRIV | ARM_SMMU_PTE_nG;
1229 if (!(flags & IOMMU_WRITE) && (flags & IOMMU_READ))
1230 pteval |= ARM_SMMU_PTE_AP_RDONLY;
1232 if (flags & IOMMU_CACHE)
1233 pteval |= (MAIR_ATTR_IDX_CACHE <<
1234 ARM_SMMU_PTE_ATTRINDX_SHIFT);
1236 pteval |= ARM_SMMU_PTE_HAP_FAULT;
1237 if (flags & IOMMU_READ)
1238 pteval |= ARM_SMMU_PTE_HAP_READ;
1239 if (flags & IOMMU_WRITE)
1240 pteval |= ARM_SMMU_PTE_HAP_WRITE;
1241 if (flags & IOMMU_CACHE)
1242 pteval |= ARM_SMMU_PTE_MEMATTR_OIWB;
1244 pteval |= ARM_SMMU_PTE_MEMATTR_NC;
1247 /* If no access, create a faulting entry to avoid TLB fills */
1248 if (flags & IOMMU_EXEC)
1249 pteval &= ~ARM_SMMU_PTE_XN;
1250 else if (!(flags & (IOMMU_READ | IOMMU_WRITE)))
1251 pteval &= ~ARM_SMMU_PTE_PAGE;
1253 pteval |= ARM_SMMU_PTE_SH_IS;
1254 start = pmd_page_vaddr(*pmd) + pte_index(addr);
1258 * Install the page table entries. This is fairly complicated
1259 * since we attempt to make use of the contiguous hint in the
1260 * ptes where possible. The contiguous hint indicates a series
1261 * of ARM_SMMU_PTE_CONT_ENTRIES ptes mapping a physically
1262 * contiguous region with the following constraints:
1264 * - The region start is aligned to ARM_SMMU_PTE_CONT_SIZE
1265 * - Each pte in the region has the contiguous hint bit set
1267 * This complicates unmapping (also handled by this code, when
1268 * neither IOMMU_READ or IOMMU_WRITE are set) because it is
1269 * possible, yet highly unlikely, that a client may unmap only
1270 * part of a contiguous range. This requires clearing of the
1271 * contiguous hint bits in the range before installing the new
1274 * Note that re-mapping an address range without first unmapping
1275 * it is not supported, so TLB invalidation is not required here
1276 * and is instead performed at unmap and domain-init time.
1280 pteval &= ~ARM_SMMU_PTE_CONT;
1282 if (arm_smmu_pte_is_contiguous_range(addr, end)) {
1283 i = ARM_SMMU_PTE_CONT_ENTRIES;
1284 pteval |= ARM_SMMU_PTE_CONT;
1285 } else if (pte_val(*pte) &
1286 (ARM_SMMU_PTE_CONT | ARM_SMMU_PTE_PAGE)) {
1289 unsigned long idx = pte_index(addr);
1291 idx &= ~(ARM_SMMU_PTE_CONT_ENTRIES - 1);
1292 cont_start = pmd_page_vaddr(*pmd) + idx;
1293 for (j = 0; j < ARM_SMMU_PTE_CONT_ENTRIES; ++j)
1294 pte_val(*(cont_start + j)) &= ~ARM_SMMU_PTE_CONT;
1296 arm_smmu_flush_pgtable(smmu, cont_start,
1298 ARM_SMMU_PTE_CONT_ENTRIES);
1302 *pte = pfn_pte(pfn, __pgprot(pteval));
1303 } while (pte++, pfn++, addr += PAGE_SIZE, --i);
1304 } while (addr != end);
1306 arm_smmu_flush_pgtable(smmu, start, sizeof(*pte) * (pte - start));
1310 static int arm_smmu_alloc_init_pmd(struct arm_smmu_device *smmu, pud_t *pud,
1311 unsigned long addr, unsigned long end,
1312 phys_addr_t phys, int flags, int stage)
1316 unsigned long next, pfn = __phys_to_pfn(phys);
1318 #ifndef __PAGETABLE_PMD_FOLDED
1319 if (pud_none(*pud)) {
1320 pmd = pmd_alloc_one(NULL, addr);
1325 pmd = pmd_offset(pud, addr);
1328 next = pmd_addr_end(addr, end);
1329 ret = arm_smmu_alloc_init_pte(smmu, pmd, addr, end, pfn,
1331 pud_populate(NULL, pud, pmd);
1332 arm_smmu_flush_pgtable(smmu, pud, sizeof(*pud));
1333 phys += next - addr;
1334 } while (pmd++, addr = next, addr < end);
1339 static int arm_smmu_alloc_init_pud(struct arm_smmu_device *smmu, pgd_t *pgd,
1340 unsigned long addr, unsigned long end,
1341 phys_addr_t phys, int flags, int stage)
1347 #ifndef __PAGETABLE_PUD_FOLDED
1348 if (pgd_none(*pgd)) {
1349 pud = pud_alloc_one(NULL, addr);
1354 pud = pud_offset(pgd, addr);
1357 next = pud_addr_end(addr, end);
1358 ret = arm_smmu_alloc_init_pmd(smmu, pud, addr, next, phys,
1360 pgd_populate(NULL, pud, pgd);
1361 arm_smmu_flush_pgtable(smmu, pgd, sizeof(*pgd));
1362 phys += next - addr;
1363 } while (pud++, addr = next, addr < end);
1368 static int arm_smmu_handle_mapping(struct arm_smmu_domain *smmu_domain,
1369 unsigned long iova, phys_addr_t paddr,
1370 size_t size, int flags)
1374 phys_addr_t input_mask, output_mask;
1375 struct arm_smmu_cfg *root_cfg = &smmu_domain->root_cfg;
1376 pgd_t *pgd = root_cfg->pgd;
1377 struct arm_smmu_device *smmu = root_cfg->smmu;
1379 if (root_cfg->cbar == CBAR_TYPE_S2_TRANS) {
1381 output_mask = (1ULL << smmu->s2_output_size) - 1;
1384 output_mask = (1ULL << smmu->s1_output_size) - 1;
1390 if (size & ~PAGE_MASK)
1393 input_mask = (1ULL << smmu->input_size) - 1;
1394 if ((phys_addr_t)iova & ~input_mask)
1397 if (paddr & ~output_mask)
1400 mutex_lock(&smmu_domain->lock);
1401 pgd += pgd_index(iova);
1404 unsigned long next = pgd_addr_end(iova, end);
1406 ret = arm_smmu_alloc_init_pud(smmu, pgd, iova, next, paddr,
1411 paddr += next - iova;
1413 } while (pgd++, iova != end);
1416 mutex_unlock(&smmu_domain->lock);
1418 /* Ensure new page tables are visible to the hardware walker */
1419 if (smmu->features & ARM_SMMU_FEAT_COHERENT_WALK)
1425 static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
1426 phys_addr_t paddr, size_t size, int flags)
1428 struct arm_smmu_domain *smmu_domain = domain->priv;
1433 /* Check for silent address truncation up the SMMU chain. */
1434 if ((phys_addr_t)iova & ~smmu_domain->output_mask)
1437 return arm_smmu_handle_mapping(smmu_domain, iova, paddr, size, flags);
1440 static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
1444 struct arm_smmu_domain *smmu_domain = domain->priv;
1446 ret = arm_smmu_handle_mapping(smmu_domain, iova, 0, size, 0);
1447 arm_smmu_tlb_inv_context(&smmu_domain->root_cfg);
1448 return ret ? ret : size;
1451 static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain,
1458 struct arm_smmu_domain *smmu_domain = domain->priv;
1459 struct arm_smmu_cfg *root_cfg = &smmu_domain->root_cfg;
1461 pgdp = root_cfg->pgd;
1465 pgd = *(pgdp + pgd_index(iova));
1469 pud = *pud_offset(&pgd, iova);
1473 pmd = *pmd_offset(&pud, iova);
1477 pte = *(pmd_page_vaddr(pmd) + pte_index(iova));
1481 return __pfn_to_phys(pte_pfn(pte)) | (iova & ~PAGE_MASK);
1484 static int arm_smmu_domain_has_cap(struct iommu_domain *domain,
1487 unsigned long caps = 0;
1488 struct arm_smmu_domain *smmu_domain = domain->priv;
1490 if (smmu_domain->root_cfg.smmu->features & ARM_SMMU_FEAT_COHERENT_WALK)
1491 caps |= IOMMU_CAP_CACHE_COHERENCY;
1493 return !!(cap & caps);
1496 static int arm_smmu_add_device(struct device *dev)
1498 struct arm_smmu_device *child, *parent, *smmu;
1499 struct arm_smmu_master *master = NULL;
1500 struct iommu_group *group;
1503 if (dev->archdata.iommu) {
1504 dev_warn(dev, "IOMMU driver already assigned to device\n");
1508 spin_lock(&arm_smmu_devices_lock);
1509 list_for_each_entry(parent, &arm_smmu_devices, list) {
1512 /* Try to find a child of the current SMMU. */
1513 list_for_each_entry(child, &arm_smmu_devices, list) {
1514 if (child->parent_of_node == parent->dev->of_node) {
1515 /* Does the child sit above our master? */
1516 master = find_smmu_master(child, dev->of_node);
1524 /* We found some children, so keep searching. */
1530 master = find_smmu_master(smmu, dev->of_node);
1534 spin_unlock(&arm_smmu_devices_lock);
1539 group = iommu_group_alloc();
1540 if (IS_ERR(group)) {
1541 dev_err(dev, "Failed to allocate IOMMU group\n");
1542 return PTR_ERR(group);
1545 ret = iommu_group_add_device(group, dev);
1546 iommu_group_put(group);
1547 dev->archdata.iommu = smmu;
1552 static void arm_smmu_remove_device(struct device *dev)
1554 dev->archdata.iommu = NULL;
1555 iommu_group_remove_device(dev);
1558 static struct iommu_ops arm_smmu_ops = {
1559 .domain_init = arm_smmu_domain_init,
1560 .domain_destroy = arm_smmu_domain_destroy,
1561 .attach_dev = arm_smmu_attach_dev,
1562 .detach_dev = arm_smmu_detach_dev,
1563 .map = arm_smmu_map,
1564 .unmap = arm_smmu_unmap,
1565 .iova_to_phys = arm_smmu_iova_to_phys,
1566 .domain_has_cap = arm_smmu_domain_has_cap,
1567 .add_device = arm_smmu_add_device,
1568 .remove_device = arm_smmu_remove_device,
1569 .pgsize_bitmap = (SECTION_SIZE |
1570 ARM_SMMU_PTE_CONT_SIZE |
1574 static void arm_smmu_device_reset(struct arm_smmu_device *smmu)
1576 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1577 void __iomem *cb_base;
1581 /* Clear Global FSR */
1582 reg = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSR);
1583 writel(reg, gr0_base + ARM_SMMU_GR0_sGFSR);
1585 /* Mark all SMRn as invalid and all S2CRn as bypass */
1586 for (i = 0; i < smmu->num_mapping_groups; ++i) {
1587 writel_relaxed(~SMR_VALID, gr0_base + ARM_SMMU_GR0_SMR(i));
1588 writel_relaxed(S2CR_TYPE_BYPASS, gr0_base + ARM_SMMU_GR0_S2CR(i));
1591 /* Make sure all context banks are disabled and clear CB_FSR */
1592 for (i = 0; i < smmu->num_context_banks; ++i) {
1593 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, i);
1594 writel_relaxed(0, cb_base + ARM_SMMU_CB_SCTLR);
1595 writel_relaxed(FSR_FAULT, cb_base + ARM_SMMU_CB_FSR);
1598 /* Invalidate the TLB, just in case */
1599 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_STLBIALL);
1600 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_TLBIALLH);
1601 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_TLBIALLNSNH);
1603 reg = readl_relaxed(gr0_base + ARM_SMMU_GR0_sCR0);
1605 /* Enable fault reporting */
1606 reg |= (sCR0_GFRE | sCR0_GFIE | sCR0_GCFGFRE | sCR0_GCFGFIE);
1608 /* Disable TLB broadcasting. */
1609 reg |= (sCR0_VMIDPNE | sCR0_PTM);
1611 /* Enable client access, but bypass when no mapping is found */
1612 reg &= ~(sCR0_CLIENTPD | sCR0_USFCFG);
1614 /* Disable forced broadcasting */
1617 /* Don't upgrade barriers */
1618 reg &= ~(sCR0_BSU_MASK << sCR0_BSU_SHIFT);
1620 /* Push the button */
1621 arm_smmu_tlb_sync(smmu);
1622 writel_relaxed(reg, gr0_base + ARM_SMMU_GR0_sCR0);
1625 static int arm_smmu_id_size_to_bits(int size)
1644 static int arm_smmu_device_cfg_probe(struct arm_smmu_device *smmu)
1647 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1650 dev_notice(smmu->dev, "probing hardware configuration...\n");
1653 id = readl_relaxed(gr0_base + ARM_SMMU_GR0_PIDR2);
1654 smmu->version = ((id >> PIDR2_ARCH_SHIFT) & PIDR2_ARCH_MASK) + 1;
1655 dev_notice(smmu->dev, "SMMUv%d with:\n", smmu->version);
1658 id = readl_relaxed(gr0_base + ARM_SMMU_GR0_ID0);
1659 #ifndef CONFIG_64BIT
1660 if (((id >> ID0_PTFS_SHIFT) & ID0_PTFS_MASK) == ID0_PTFS_V8_ONLY) {
1661 dev_err(smmu->dev, "\tno v7 descriptor support!\n");
1665 if (id & ID0_S1TS) {
1666 smmu->features |= ARM_SMMU_FEAT_TRANS_S1;
1667 dev_notice(smmu->dev, "\tstage 1 translation\n");
1670 if (id & ID0_S2TS) {
1671 smmu->features |= ARM_SMMU_FEAT_TRANS_S2;
1672 dev_notice(smmu->dev, "\tstage 2 translation\n");
1676 smmu->features |= ARM_SMMU_FEAT_TRANS_NESTED;
1677 dev_notice(smmu->dev, "\tnested translation\n");
1680 if (!(smmu->features &
1681 (ARM_SMMU_FEAT_TRANS_S1 | ARM_SMMU_FEAT_TRANS_S2 |
1682 ARM_SMMU_FEAT_TRANS_NESTED))) {
1683 dev_err(smmu->dev, "\tno translation support!\n");
1687 if (id & ID0_CTTW) {
1688 smmu->features |= ARM_SMMU_FEAT_COHERENT_WALK;
1689 dev_notice(smmu->dev, "\tcoherent table walk\n");
1695 smmu->features |= ARM_SMMU_FEAT_STREAM_MATCH;
1696 smmu->num_mapping_groups = (id >> ID0_NUMSMRG_SHIFT) &
1698 if (smmu->num_mapping_groups == 0) {
1700 "stream-matching supported, but no SMRs present!\n");
1704 smr = SMR_MASK_MASK << SMR_MASK_SHIFT;
1705 smr |= (SMR_ID_MASK << SMR_ID_SHIFT);
1706 writel_relaxed(smr, gr0_base + ARM_SMMU_GR0_SMR(0));
1707 smr = readl_relaxed(gr0_base + ARM_SMMU_GR0_SMR(0));
1709 mask = (smr >> SMR_MASK_SHIFT) & SMR_MASK_MASK;
1710 sid = (smr >> SMR_ID_SHIFT) & SMR_ID_MASK;
1711 if ((mask & sid) != sid) {
1713 "SMR mask bits (0x%x) insufficient for ID field (0x%x)\n",
1718 dev_notice(smmu->dev,
1719 "\tstream matching with %u register groups, mask 0x%x",
1720 smmu->num_mapping_groups, mask);
1724 id = readl_relaxed(gr0_base + ARM_SMMU_GR0_ID1);
1725 smmu->pagesize = (id & ID1_PAGESIZE) ? SZ_64K : SZ_4K;
1727 /* Check for size mismatch of SMMU address space from mapped region */
1728 size = 1 << (((id >> ID1_NUMPAGENDXB_SHIFT) & ID1_NUMPAGENDXB_MASK) + 1);
1729 size *= (smmu->pagesize << 1);
1730 if (smmu->size != size)
1731 dev_warn(smmu->dev, "SMMU address space size (0x%lx) differs "
1732 "from mapped region size (0x%lx)!\n", size, smmu->size);
1734 smmu->num_s2_context_banks = (id >> ID1_NUMS2CB_SHIFT) &
1736 smmu->num_context_banks = (id >> ID1_NUMCB_SHIFT) & ID1_NUMCB_MASK;
1737 if (smmu->num_s2_context_banks > smmu->num_context_banks) {
1738 dev_err(smmu->dev, "impossible number of S2 context banks!\n");
1741 dev_notice(smmu->dev, "\t%u context banks (%u stage-2 only)\n",
1742 smmu->num_context_banks, smmu->num_s2_context_banks);
1745 id = readl_relaxed(gr0_base + ARM_SMMU_GR0_ID2);
1746 size = arm_smmu_id_size_to_bits((id >> ID2_IAS_SHIFT) & ID2_IAS_MASK);
1749 * Stage-1 output limited by stage-2 input size due to pgd
1750 * allocation (PTRS_PER_PGD).
1753 smmu->s1_output_size = min(39UL, size);
1755 smmu->s1_output_size = min(32UL, size);
1758 /* The stage-2 output mask is also applied for bypass */
1759 size = arm_smmu_id_size_to_bits((id >> ID2_OAS_SHIFT) & ID2_OAS_MASK);
1760 smmu->s2_output_size = min((unsigned long)PHYS_MASK_SHIFT, size);
1762 if (smmu->version == 1) {
1763 smmu->input_size = 32;
1766 size = (id >> ID2_UBS_SHIFT) & ID2_UBS_MASK;
1767 size = min(VA_BITS, arm_smmu_id_size_to_bits(size));
1771 smmu->input_size = size;
1773 if ((PAGE_SIZE == SZ_4K && !(id & ID2_PTFS_4K)) ||
1774 (PAGE_SIZE == SZ_64K && !(id & ID2_PTFS_64K)) ||
1775 (PAGE_SIZE != SZ_4K && PAGE_SIZE != SZ_64K)) {
1776 dev_err(smmu->dev, "CPU page size 0x%lx unsupported\n",
1782 dev_notice(smmu->dev,
1783 "\t%lu-bit VA, %lu-bit IPA, %lu-bit PA\n",
1784 smmu->input_size, smmu->s1_output_size, smmu->s2_output_size);
1788 static int arm_smmu_device_dt_probe(struct platform_device *pdev)
1790 struct resource *res;
1791 struct arm_smmu_device *smmu;
1792 struct device_node *dev_node;
1793 struct device *dev = &pdev->dev;
1794 struct rb_node *node;
1795 struct of_phandle_args masterspec;
1796 int num_irqs, i, err;
1798 smmu = devm_kzalloc(dev, sizeof(*smmu), GFP_KERNEL);
1800 dev_err(dev, "failed to allocate arm_smmu_device\n");
1805 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
1806 smmu->base = devm_ioremap_resource(dev, res);
1807 if (IS_ERR(smmu->base))
1808 return PTR_ERR(smmu->base);
1809 smmu->size = resource_size(res);
1811 if (of_property_read_u32(dev->of_node, "#global-interrupts",
1812 &smmu->num_global_irqs)) {
1813 dev_err(dev, "missing #global-interrupts property\n");
1818 while ((res = platform_get_resource(pdev, IORESOURCE_IRQ, num_irqs))) {
1820 if (num_irqs > smmu->num_global_irqs)
1821 smmu->num_context_irqs++;
1824 if (!smmu->num_context_irqs) {
1825 dev_err(dev, "found %d interrupts but expected at least %d\n",
1826 num_irqs, smmu->num_global_irqs + 1);
1830 smmu->irqs = devm_kzalloc(dev, sizeof(*smmu->irqs) * num_irqs,
1833 dev_err(dev, "failed to allocate %d irqs\n", num_irqs);
1837 for (i = 0; i < num_irqs; ++i) {
1838 int irq = platform_get_irq(pdev, i);
1840 dev_err(dev, "failed to get irq index %d\n", i);
1843 smmu->irqs[i] = irq;
1847 smmu->masters = RB_ROOT;
1848 while (!of_parse_phandle_with_args(dev->of_node, "mmu-masters",
1849 "#stream-id-cells", i,
1851 err = register_smmu_master(smmu, dev, &masterspec);
1853 dev_err(dev, "failed to add master %s\n",
1854 masterspec.np->name);
1855 goto out_put_masters;
1860 dev_notice(dev, "registered %d master devices\n", i);
1862 if ((dev_node = of_parse_phandle(dev->of_node, "smmu-parent", 0)))
1863 smmu->parent_of_node = dev_node;
1865 err = arm_smmu_device_cfg_probe(smmu);
1867 goto out_put_parent;
1869 if (smmu->version > 1 &&
1870 smmu->num_context_banks != smmu->num_context_irqs) {
1872 "found only %d context interrupt(s) but %d required\n",
1873 smmu->num_context_irqs, smmu->num_context_banks);
1875 goto out_put_parent;
1878 for (i = 0; i < smmu->num_global_irqs; ++i) {
1879 err = request_irq(smmu->irqs[i],
1880 arm_smmu_global_fault,
1882 "arm-smmu global fault",
1885 dev_err(dev, "failed to request global IRQ %d (%u)\n",
1891 INIT_LIST_HEAD(&smmu->list);
1892 spin_lock(&arm_smmu_devices_lock);
1893 list_add(&smmu->list, &arm_smmu_devices);
1894 spin_unlock(&arm_smmu_devices_lock);
1896 arm_smmu_device_reset(smmu);
1901 free_irq(smmu->irqs[i], smmu);
1904 if (smmu->parent_of_node)
1905 of_node_put(smmu->parent_of_node);
1908 for (node = rb_first(&smmu->masters); node; node = rb_next(node)) {
1909 struct arm_smmu_master *master;
1910 master = container_of(node, struct arm_smmu_master, node);
1911 of_node_put(master->of_node);
1917 static int arm_smmu_device_remove(struct platform_device *pdev)
1920 struct device *dev = &pdev->dev;
1921 struct arm_smmu_device *curr, *smmu = NULL;
1922 struct rb_node *node;
1924 spin_lock(&arm_smmu_devices_lock);
1925 list_for_each_entry(curr, &arm_smmu_devices, list) {
1926 if (curr->dev == dev) {
1928 list_del(&smmu->list);
1932 spin_unlock(&arm_smmu_devices_lock);
1937 if (smmu->parent_of_node)
1938 of_node_put(smmu->parent_of_node);
1940 for (node = rb_first(&smmu->masters); node; node = rb_next(node)) {
1941 struct arm_smmu_master *master;
1942 master = container_of(node, struct arm_smmu_master, node);
1943 of_node_put(master->of_node);
1946 if (!bitmap_empty(smmu->context_map, ARM_SMMU_MAX_CBS))
1947 dev_err(dev, "removing device with active domains!\n");
1949 for (i = 0; i < smmu->num_global_irqs; ++i)
1950 free_irq(smmu->irqs[i], smmu);
1952 /* Turn the thing off */
1953 writel_relaxed(sCR0_CLIENTPD, ARM_SMMU_GR0(smmu) + ARM_SMMU_GR0_sCR0);
1958 static struct of_device_id arm_smmu_of_match[] = {
1959 { .compatible = "arm,smmu-v1", },
1960 { .compatible = "arm,smmu-v2", },
1961 { .compatible = "arm,mmu-400", },
1962 { .compatible = "arm,mmu-500", },
1965 MODULE_DEVICE_TABLE(of, arm_smmu_of_match);
1968 static struct platform_driver arm_smmu_driver = {
1970 .owner = THIS_MODULE,
1972 .of_match_table = of_match_ptr(arm_smmu_of_match),
1974 .probe = arm_smmu_device_dt_probe,
1975 .remove = arm_smmu_device_remove,
1978 static int __init arm_smmu_init(void)
1982 ret = platform_driver_register(&arm_smmu_driver);
1986 /* Oh, for a proper bus abstraction */
1987 if (!iommu_present(&platform_bus_type))
1988 bus_set_iommu(&platform_bus_type, &arm_smmu_ops);
1990 if (!iommu_present(&amba_bustype))
1991 bus_set_iommu(&amba_bustype, &arm_smmu_ops);
1996 static void __exit arm_smmu_exit(void)
1998 return platform_driver_unregister(&arm_smmu_driver);
2001 subsys_initcall(arm_smmu_init);
2002 module_exit(arm_smmu_exit);
2004 MODULE_DESCRIPTION("IOMMU API for ARM architected SMMU implementations");
2005 MODULE_AUTHOR("Will Deacon <will.deacon@arm.com>");
2006 MODULE_LICENSE("GPL v2");
projects / cascardo / linux.git / blob