2 * Copyright (C) 2007-2010 Advanced Micro Devices, Inc.
3 * Author: Joerg Roedel <joerg.roedel@amd.com>
4 * Leo Duran <leo.duran@amd.com>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 #include <linux/pci.h>
21 #include <linux/pci-ats.h>
22 #include <linux/bitmap.h>
23 #include <linux/slab.h>
24 #include <linux/debugfs.h>
25 #include <linux/scatterlist.h>
26 #include <linux/dma-mapping.h>
27 #include <linux/iommu-helper.h>
28 #include <linux/iommu.h>
29 #include <linux/delay.h>
30 #include <linux/amd-iommu.h>
31 #include <asm/msidef.h>
32 #include <asm/proto.h>
33 #include <asm/iommu.h>
37 #include "amd_iommu_proto.h"
38 #include "amd_iommu_types.h"
40 #define CMD_SET_TYPE(cmd, t) ((cmd)->data[1] |= ((t) << 28))
42 #define LOOP_TIMEOUT 100000
44 static DEFINE_RWLOCK(amd_iommu_devtable_lock);
46 /* A list of preallocated protection domains */
47 static LIST_HEAD(iommu_pd_list);
48 static DEFINE_SPINLOCK(iommu_pd_list_lock);
50 /* List of all available dev_data structures */
51 static LIST_HEAD(dev_data_list);
52 static DEFINE_SPINLOCK(dev_data_list_lock);
55 * Domain for untranslated devices - only allocated
56 * if iommu=pt passed on kernel cmd line.
58 static struct protection_domain *pt_domain;
60 static struct iommu_ops amd_iommu_ops;
63 * general struct to manage commands send to an IOMMU
69 static void update_domain(struct protection_domain *domain);
71 /****************************************************************************
75 ****************************************************************************/
77 static struct iommu_dev_data *alloc_dev_data(u16 devid)
79 struct iommu_dev_data *dev_data;
82 dev_data = kzalloc(sizeof(*dev_data), GFP_KERNEL);
86 dev_data->devid = devid;
87 atomic_set(&dev_data->bind, 0);
89 spin_lock_irqsave(&dev_data_list_lock, flags);
90 list_add_tail(&dev_data->dev_data_list, &dev_data_list);
91 spin_unlock_irqrestore(&dev_data_list_lock, flags);
96 static void free_dev_data(struct iommu_dev_data *dev_data)
100 spin_lock_irqsave(&dev_data_list_lock, flags);
101 list_del(&dev_data->dev_data_list);
102 spin_unlock_irqrestore(&dev_data_list_lock, flags);
107 static struct iommu_dev_data *search_dev_data(u16 devid)
109 struct iommu_dev_data *dev_data;
112 spin_lock_irqsave(&dev_data_list_lock, flags);
113 list_for_each_entry(dev_data, &dev_data_list, dev_data_list) {
114 if (dev_data->devid == devid)
121 spin_unlock_irqrestore(&dev_data_list_lock, flags);
126 static struct iommu_dev_data *find_dev_data(u16 devid)
128 struct iommu_dev_data *dev_data;
130 dev_data = search_dev_data(devid);
132 if (dev_data == NULL)
133 dev_data = alloc_dev_data(devid);
138 static inline u16 get_device_id(struct device *dev)
140 struct pci_dev *pdev = to_pci_dev(dev);
142 return calc_devid(pdev->bus->number, pdev->devfn);
145 static struct iommu_dev_data *get_dev_data(struct device *dev)
147 return dev->archdata.iommu;
151 * In this function the list of preallocated protection domains is traversed to
152 * find the domain for a specific device
154 static struct dma_ops_domain *find_protection_domain(u16 devid)
156 struct dma_ops_domain *entry, *ret = NULL;
158 u16 alias = amd_iommu_alias_table[devid];
160 if (list_empty(&iommu_pd_list))
163 spin_lock_irqsave(&iommu_pd_list_lock, flags);
165 list_for_each_entry(entry, &iommu_pd_list, list) {
166 if (entry->target_dev == devid ||
167 entry->target_dev == alias) {
173 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
179 * This function checks if the driver got a valid device from the caller to
180 * avoid dereferencing invalid pointers.
182 static bool check_device(struct device *dev)
186 if (!dev || !dev->dma_mask)
189 /* No device or no PCI device */
190 if (dev->bus != &pci_bus_type)
193 devid = get_device_id(dev);
195 /* Out of our scope? */
196 if (devid > amd_iommu_last_bdf)
199 if (amd_iommu_rlookup_table[devid] == NULL)
205 static int iommu_init_device(struct device *dev)
207 struct iommu_dev_data *dev_data;
210 if (dev->archdata.iommu)
213 dev_data = find_dev_data(get_device_id(dev));
217 alias = amd_iommu_alias_table[dev_data->devid];
218 if (alias != dev_data->devid) {
219 struct iommu_dev_data *alias_data;
221 alias_data = find_dev_data(alias);
222 if (alias_data == NULL) {
223 pr_err("AMD-Vi: Warning: Unhandled device %s\n",
225 free_dev_data(dev_data);
228 dev_data->alias_data = alias_data;
231 dev->archdata.iommu = dev_data;
236 static void iommu_ignore_device(struct device *dev)
240 devid = get_device_id(dev);
241 alias = amd_iommu_alias_table[devid];
243 memset(&amd_iommu_dev_table[devid], 0, sizeof(struct dev_table_entry));
244 memset(&amd_iommu_dev_table[alias], 0, sizeof(struct dev_table_entry));
246 amd_iommu_rlookup_table[devid] = NULL;
247 amd_iommu_rlookup_table[alias] = NULL;
250 static void iommu_uninit_device(struct device *dev)
253 * Nothing to do here - we keep dev_data around for unplugged devices
254 * and reuse it when the device is re-plugged - not doing so would
255 * introduce a ton of races.
259 void __init amd_iommu_uninit_devices(void)
261 struct iommu_dev_data *dev_data, *n;
262 struct pci_dev *pdev = NULL;
264 for_each_pci_dev(pdev) {
266 if (!check_device(&pdev->dev))
269 iommu_uninit_device(&pdev->dev);
272 /* Free all of our dev_data structures */
273 list_for_each_entry_safe(dev_data, n, &dev_data_list, dev_data_list)
274 free_dev_data(dev_data);
277 int __init amd_iommu_init_devices(void)
279 struct pci_dev *pdev = NULL;
282 for_each_pci_dev(pdev) {
284 if (!check_device(&pdev->dev))
287 ret = iommu_init_device(&pdev->dev);
288 if (ret == -ENOTSUPP)
289 iommu_ignore_device(&pdev->dev);
298 amd_iommu_uninit_devices();
302 #ifdef CONFIG_AMD_IOMMU_STATS
305 * Initialization code for statistics collection
308 DECLARE_STATS_COUNTER(compl_wait);
309 DECLARE_STATS_COUNTER(cnt_map_single);
310 DECLARE_STATS_COUNTER(cnt_unmap_single);
311 DECLARE_STATS_COUNTER(cnt_map_sg);
312 DECLARE_STATS_COUNTER(cnt_unmap_sg);
313 DECLARE_STATS_COUNTER(cnt_alloc_coherent);
314 DECLARE_STATS_COUNTER(cnt_free_coherent);
315 DECLARE_STATS_COUNTER(cross_page);
316 DECLARE_STATS_COUNTER(domain_flush_single);
317 DECLARE_STATS_COUNTER(domain_flush_all);
318 DECLARE_STATS_COUNTER(alloced_io_mem);
319 DECLARE_STATS_COUNTER(total_map_requests);
321 static struct dentry *stats_dir;
322 static struct dentry *de_fflush;
324 static void amd_iommu_stats_add(struct __iommu_counter *cnt)
326 if (stats_dir == NULL)
329 cnt->dent = debugfs_create_u64(cnt->name, 0444, stats_dir,
333 static void amd_iommu_stats_init(void)
335 stats_dir = debugfs_create_dir("amd-iommu", NULL);
336 if (stats_dir == NULL)
339 de_fflush = debugfs_create_bool("fullflush", 0444, stats_dir,
340 (u32 *)&amd_iommu_unmap_flush);
342 amd_iommu_stats_add(&compl_wait);
343 amd_iommu_stats_add(&cnt_map_single);
344 amd_iommu_stats_add(&cnt_unmap_single);
345 amd_iommu_stats_add(&cnt_map_sg);
346 amd_iommu_stats_add(&cnt_unmap_sg);
347 amd_iommu_stats_add(&cnt_alloc_coherent);
348 amd_iommu_stats_add(&cnt_free_coherent);
349 amd_iommu_stats_add(&cross_page);
350 amd_iommu_stats_add(&domain_flush_single);
351 amd_iommu_stats_add(&domain_flush_all);
352 amd_iommu_stats_add(&alloced_io_mem);
353 amd_iommu_stats_add(&total_map_requests);
358 /****************************************************************************
360 * Interrupt handling functions
362 ****************************************************************************/
364 static void dump_dte_entry(u16 devid)
368 for (i = 0; i < 8; ++i)
369 pr_err("AMD-Vi: DTE[%d]: %08x\n", i,
370 amd_iommu_dev_table[devid].data[i]);
373 static void dump_command(unsigned long phys_addr)
375 struct iommu_cmd *cmd = phys_to_virt(phys_addr);
378 for (i = 0; i < 4; ++i)
379 pr_err("AMD-Vi: CMD[%d]: %08x\n", i, cmd->data[i]);
382 static void iommu_print_event(struct amd_iommu *iommu, void *__evt)
385 int type = (event[1] >> EVENT_TYPE_SHIFT) & EVENT_TYPE_MASK;
386 int devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK;
387 int domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK;
388 int flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK;
389 u64 address = (u64)(((u64)event[3]) << 32) | event[2];
391 printk(KERN_ERR "AMD-Vi: Event logged [");
394 case EVENT_TYPE_ILL_DEV:
395 printk("ILLEGAL_DEV_TABLE_ENTRY device=%02x:%02x.%x "
396 "address=0x%016llx flags=0x%04x]\n",
397 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
399 dump_dte_entry(devid);
401 case EVENT_TYPE_IO_FAULT:
402 printk("IO_PAGE_FAULT device=%02x:%02x.%x "
403 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
404 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
405 domid, address, flags);
407 case EVENT_TYPE_DEV_TAB_ERR:
408 printk("DEV_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
409 "address=0x%016llx flags=0x%04x]\n",
410 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
413 case EVENT_TYPE_PAGE_TAB_ERR:
414 printk("PAGE_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
415 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
416 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
417 domid, address, flags);
419 case EVENT_TYPE_ILL_CMD:
420 printk("ILLEGAL_COMMAND_ERROR address=0x%016llx]\n", address);
421 dump_command(address);
423 case EVENT_TYPE_CMD_HARD_ERR:
424 printk("COMMAND_HARDWARE_ERROR address=0x%016llx "
425 "flags=0x%04x]\n", address, flags);
427 case EVENT_TYPE_IOTLB_INV_TO:
428 printk("IOTLB_INV_TIMEOUT device=%02x:%02x.%x "
429 "address=0x%016llx]\n",
430 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
433 case EVENT_TYPE_INV_DEV_REQ:
434 printk("INVALID_DEVICE_REQUEST device=%02x:%02x.%x "
435 "address=0x%016llx flags=0x%04x]\n",
436 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
440 printk(KERN_ERR "UNKNOWN type=0x%02x]\n", type);
444 static void iommu_poll_events(struct amd_iommu *iommu)
449 spin_lock_irqsave(&iommu->lock, flags);
451 head = readl(iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
452 tail = readl(iommu->mmio_base + MMIO_EVT_TAIL_OFFSET);
454 while (head != tail) {
455 iommu_print_event(iommu, iommu->evt_buf + head);
456 head = (head + EVENT_ENTRY_SIZE) % iommu->evt_buf_size;
459 writel(head, iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
461 spin_unlock_irqrestore(&iommu->lock, flags);
464 irqreturn_t amd_iommu_int_thread(int irq, void *data)
466 struct amd_iommu *iommu;
468 for_each_iommu(iommu)
469 iommu_poll_events(iommu);
474 irqreturn_t amd_iommu_int_handler(int irq, void *data)
476 return IRQ_WAKE_THREAD;
479 /****************************************************************************
481 * IOMMU command queuing functions
483 ****************************************************************************/
485 static int wait_on_sem(volatile u64 *sem)
489 while (*sem == 0 && i < LOOP_TIMEOUT) {
494 if (i == LOOP_TIMEOUT) {
495 pr_alert("AMD-Vi: Completion-Wait loop timed out\n");
502 static void copy_cmd_to_buffer(struct amd_iommu *iommu,
503 struct iommu_cmd *cmd,
508 target = iommu->cmd_buf + tail;
509 tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
511 /* Copy command to buffer */
512 memcpy(target, cmd, sizeof(*cmd));
514 /* Tell the IOMMU about it */
515 writel(tail, iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
518 static void build_completion_wait(struct iommu_cmd *cmd, u64 address)
520 WARN_ON(address & 0x7ULL);
522 memset(cmd, 0, sizeof(*cmd));
523 cmd->data[0] = lower_32_bits(__pa(address)) | CMD_COMPL_WAIT_STORE_MASK;
524 cmd->data[1] = upper_32_bits(__pa(address));
526 CMD_SET_TYPE(cmd, CMD_COMPL_WAIT);
529 static void build_inv_dte(struct iommu_cmd *cmd, u16 devid)
531 memset(cmd, 0, sizeof(*cmd));
532 cmd->data[0] = devid;
533 CMD_SET_TYPE(cmd, CMD_INV_DEV_ENTRY);
536 static void build_inv_iommu_pages(struct iommu_cmd *cmd, u64 address,
537 size_t size, u16 domid, int pde)
542 pages = iommu_num_pages(address, size, PAGE_SIZE);
547 * If we have to flush more than one page, flush all
548 * TLB entries for this domain
550 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
554 address &= PAGE_MASK;
556 memset(cmd, 0, sizeof(*cmd));
557 cmd->data[1] |= domid;
558 cmd->data[2] = lower_32_bits(address);
559 cmd->data[3] = upper_32_bits(address);
560 CMD_SET_TYPE(cmd, CMD_INV_IOMMU_PAGES);
561 if (s) /* size bit - we flush more than one 4kb page */
562 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
563 if (pde) /* PDE bit - we wan't flush everything not only the PTEs */
564 cmd->data[2] |= CMD_INV_IOMMU_PAGES_PDE_MASK;
567 static void build_inv_iotlb_pages(struct iommu_cmd *cmd, u16 devid, int qdep,
568 u64 address, size_t size)
573 pages = iommu_num_pages(address, size, PAGE_SIZE);
578 * If we have to flush more than one page, flush all
579 * TLB entries for this domain
581 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
585 address &= PAGE_MASK;
587 memset(cmd, 0, sizeof(*cmd));
588 cmd->data[0] = devid;
589 cmd->data[0] |= (qdep & 0xff) << 24;
590 cmd->data[1] = devid;
591 cmd->data[2] = lower_32_bits(address);
592 cmd->data[3] = upper_32_bits(address);
593 CMD_SET_TYPE(cmd, CMD_INV_IOTLB_PAGES);
595 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
598 static void build_inv_all(struct iommu_cmd *cmd)
600 memset(cmd, 0, sizeof(*cmd));
601 CMD_SET_TYPE(cmd, CMD_INV_ALL);
605 * Writes the command to the IOMMUs command buffer and informs the
606 * hardware about the new command.
608 static int iommu_queue_command_sync(struct amd_iommu *iommu,
609 struct iommu_cmd *cmd,
612 u32 left, tail, head, next_tail;
615 WARN_ON(iommu->cmd_buf_size & CMD_BUFFER_UNINITIALIZED);
618 spin_lock_irqsave(&iommu->lock, flags);
620 head = readl(iommu->mmio_base + MMIO_CMD_HEAD_OFFSET);
621 tail = readl(iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
622 next_tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
623 left = (head - next_tail) % iommu->cmd_buf_size;
626 struct iommu_cmd sync_cmd;
627 volatile u64 sem = 0;
630 build_completion_wait(&sync_cmd, (u64)&sem);
631 copy_cmd_to_buffer(iommu, &sync_cmd, tail);
633 spin_unlock_irqrestore(&iommu->lock, flags);
635 if ((ret = wait_on_sem(&sem)) != 0)
641 copy_cmd_to_buffer(iommu, cmd, tail);
643 /* We need to sync now to make sure all commands are processed */
644 iommu->need_sync = sync;
646 spin_unlock_irqrestore(&iommu->lock, flags);
651 static int iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
653 return iommu_queue_command_sync(iommu, cmd, true);
657 * This function queues a completion wait command into the command
660 static int iommu_completion_wait(struct amd_iommu *iommu)
662 struct iommu_cmd cmd;
663 volatile u64 sem = 0;
666 if (!iommu->need_sync)
669 build_completion_wait(&cmd, (u64)&sem);
671 ret = iommu_queue_command_sync(iommu, &cmd, false);
675 return wait_on_sem(&sem);
678 static int iommu_flush_dte(struct amd_iommu *iommu, u16 devid)
680 struct iommu_cmd cmd;
682 build_inv_dte(&cmd, devid);
684 return iommu_queue_command(iommu, &cmd);
687 static void iommu_flush_dte_all(struct amd_iommu *iommu)
691 for (devid = 0; devid <= 0xffff; ++devid)
692 iommu_flush_dte(iommu, devid);
694 iommu_completion_wait(iommu);
698 * This function uses heavy locking and may disable irqs for some time. But
699 * this is no issue because it is only called during resume.
701 static void iommu_flush_tlb_all(struct amd_iommu *iommu)
705 for (dom_id = 0; dom_id <= 0xffff; ++dom_id) {
706 struct iommu_cmd cmd;
707 build_inv_iommu_pages(&cmd, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS,
709 iommu_queue_command(iommu, &cmd);
712 iommu_completion_wait(iommu);
715 static void iommu_flush_all(struct amd_iommu *iommu)
717 struct iommu_cmd cmd;
721 iommu_queue_command(iommu, &cmd);
722 iommu_completion_wait(iommu);
725 void iommu_flush_all_caches(struct amd_iommu *iommu)
727 if (iommu_feature(iommu, FEATURE_IA)) {
728 iommu_flush_all(iommu);
730 iommu_flush_dte_all(iommu);
731 iommu_flush_tlb_all(iommu);
736 * Command send function for flushing on-device TLB
738 static int device_flush_iotlb(struct iommu_dev_data *dev_data,
739 u64 address, size_t size)
741 struct amd_iommu *iommu;
742 struct iommu_cmd cmd;
745 qdep = dev_data->ats.qdep;
746 iommu = amd_iommu_rlookup_table[dev_data->devid];
748 build_inv_iotlb_pages(&cmd, dev_data->devid, qdep, address, size);
750 return iommu_queue_command(iommu, &cmd);
754 * Command send function for invalidating a device table entry
756 static int device_flush_dte(struct iommu_dev_data *dev_data)
758 struct amd_iommu *iommu;
761 iommu = amd_iommu_rlookup_table[dev_data->devid];
763 ret = iommu_flush_dte(iommu, dev_data->devid);
767 if (dev_data->ats.enabled)
768 ret = device_flush_iotlb(dev_data, 0, ~0UL);
774 * TLB invalidation function which is called from the mapping functions.
775 * It invalidates a single PTE if the range to flush is within a single
776 * page. Otherwise it flushes the whole TLB of the IOMMU.
778 static void __domain_flush_pages(struct protection_domain *domain,
779 u64 address, size_t size, int pde)
781 struct iommu_dev_data *dev_data;
782 struct iommu_cmd cmd;
785 build_inv_iommu_pages(&cmd, address, size, domain->id, pde);
787 for (i = 0; i < amd_iommus_present; ++i) {
788 if (!domain->dev_iommu[i])
792 * Devices of this domain are behind this IOMMU
793 * We need a TLB flush
795 ret |= iommu_queue_command(amd_iommus[i], &cmd);
798 list_for_each_entry(dev_data, &domain->dev_list, list) {
800 if (!dev_data->ats.enabled)
803 ret |= device_flush_iotlb(dev_data, address, size);
809 static void domain_flush_pages(struct protection_domain *domain,
810 u64 address, size_t size)
812 __domain_flush_pages(domain, address, size, 0);
815 /* Flush the whole IO/TLB for a given protection domain */
816 static void domain_flush_tlb(struct protection_domain *domain)
818 __domain_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 0);
821 /* Flush the whole IO/TLB for a given protection domain - including PDE */
822 static void domain_flush_tlb_pde(struct protection_domain *domain)
824 __domain_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 1);
827 static void domain_flush_complete(struct protection_domain *domain)
831 for (i = 0; i < amd_iommus_present; ++i) {
832 if (!domain->dev_iommu[i])
836 * Devices of this domain are behind this IOMMU
837 * We need to wait for completion of all commands.
839 iommu_completion_wait(amd_iommus[i]);
845 * This function flushes the DTEs for all devices in domain
847 static void domain_flush_devices(struct protection_domain *domain)
849 struct iommu_dev_data *dev_data;
852 spin_lock_irqsave(&domain->lock, flags);
854 list_for_each_entry(dev_data, &domain->dev_list, list)
855 device_flush_dte(dev_data);
857 spin_unlock_irqrestore(&domain->lock, flags);
860 /****************************************************************************
862 * The functions below are used the create the page table mappings for
863 * unity mapped regions.
865 ****************************************************************************/
868 * This function is used to add another level to an IO page table. Adding
869 * another level increases the size of the address space by 9 bits to a size up
872 static bool increase_address_space(struct protection_domain *domain,
877 if (domain->mode == PAGE_MODE_6_LEVEL)
878 /* address space already 64 bit large */
881 pte = (void *)get_zeroed_page(gfp);
885 *pte = PM_LEVEL_PDE(domain->mode,
886 virt_to_phys(domain->pt_root));
887 domain->pt_root = pte;
889 domain->updated = true;
894 static u64 *alloc_pte(struct protection_domain *domain,
895 unsigned long address,
896 unsigned long page_size,
903 BUG_ON(!is_power_of_2(page_size));
905 while (address > PM_LEVEL_SIZE(domain->mode))
906 increase_address_space(domain, gfp);
908 level = domain->mode - 1;
909 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
910 address = PAGE_SIZE_ALIGN(address, page_size);
911 end_lvl = PAGE_SIZE_LEVEL(page_size);
913 while (level > end_lvl) {
914 if (!IOMMU_PTE_PRESENT(*pte)) {
915 page = (u64 *)get_zeroed_page(gfp);
918 *pte = PM_LEVEL_PDE(level, virt_to_phys(page));
921 /* No level skipping support yet */
922 if (PM_PTE_LEVEL(*pte) != level)
927 pte = IOMMU_PTE_PAGE(*pte);
929 if (pte_page && level == end_lvl)
932 pte = &pte[PM_LEVEL_INDEX(level, address)];
939 * This function checks if there is a PTE for a given dma address. If
940 * there is one, it returns the pointer to it.
942 static u64 *fetch_pte(struct protection_domain *domain, unsigned long address)
947 if (address > PM_LEVEL_SIZE(domain->mode))
950 level = domain->mode - 1;
951 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
956 if (!IOMMU_PTE_PRESENT(*pte))
960 if (PM_PTE_LEVEL(*pte) == 0x07) {
961 unsigned long pte_mask, __pte;
964 * If we have a series of large PTEs, make
965 * sure to return a pointer to the first one.
967 pte_mask = PTE_PAGE_SIZE(*pte);
968 pte_mask = ~((PAGE_SIZE_PTE_COUNT(pte_mask) << 3) - 1);
969 __pte = ((unsigned long)pte) & pte_mask;
974 /* No level skipping support yet */
975 if (PM_PTE_LEVEL(*pte) != level)
980 /* Walk to the next level */
981 pte = IOMMU_PTE_PAGE(*pte);
982 pte = &pte[PM_LEVEL_INDEX(level, address)];
989 * Generic mapping functions. It maps a physical address into a DMA
990 * address space. It allocates the page table pages if necessary.
991 * In the future it can be extended to a generic mapping function
992 * supporting all features of AMD IOMMU page tables like level skipping
993 * and full 64 bit address spaces.
995 static int iommu_map_page(struct protection_domain *dom,
996 unsigned long bus_addr,
997 unsigned long phys_addr,
999 unsigned long page_size)
1004 if (!(prot & IOMMU_PROT_MASK))
1007 bus_addr = PAGE_ALIGN(bus_addr);
1008 phys_addr = PAGE_ALIGN(phys_addr);
1009 count = PAGE_SIZE_PTE_COUNT(page_size);
1010 pte = alloc_pte(dom, bus_addr, page_size, NULL, GFP_KERNEL);
1012 for (i = 0; i < count; ++i)
1013 if (IOMMU_PTE_PRESENT(pte[i]))
1016 if (page_size > PAGE_SIZE) {
1017 __pte = PAGE_SIZE_PTE(phys_addr, page_size);
1018 __pte |= PM_LEVEL_ENC(7) | IOMMU_PTE_P | IOMMU_PTE_FC;
1020 __pte = phys_addr | IOMMU_PTE_P | IOMMU_PTE_FC;
1022 if (prot & IOMMU_PROT_IR)
1023 __pte |= IOMMU_PTE_IR;
1024 if (prot & IOMMU_PROT_IW)
1025 __pte |= IOMMU_PTE_IW;
1027 for (i = 0; i < count; ++i)
1035 static unsigned long iommu_unmap_page(struct protection_domain *dom,
1036 unsigned long bus_addr,
1037 unsigned long page_size)
1039 unsigned long long unmap_size, unmapped;
1042 BUG_ON(!is_power_of_2(page_size));
1046 while (unmapped < page_size) {
1048 pte = fetch_pte(dom, bus_addr);
1052 * No PTE for this address
1053 * move forward in 4kb steps
1055 unmap_size = PAGE_SIZE;
1056 } else if (PM_PTE_LEVEL(*pte) == 0) {
1057 /* 4kb PTE found for this address */
1058 unmap_size = PAGE_SIZE;
1063 /* Large PTE found which maps this address */
1064 unmap_size = PTE_PAGE_SIZE(*pte);
1065 count = PAGE_SIZE_PTE_COUNT(unmap_size);
1066 for (i = 0; i < count; i++)
1070 bus_addr = (bus_addr & ~(unmap_size - 1)) + unmap_size;
1071 unmapped += unmap_size;
1074 BUG_ON(!is_power_of_2(unmapped));
1080 * This function checks if a specific unity mapping entry is needed for
1081 * this specific IOMMU.
1083 static int iommu_for_unity_map(struct amd_iommu *iommu,
1084 struct unity_map_entry *entry)
1088 for (i = entry->devid_start; i <= entry->devid_end; ++i) {
1089 bdf = amd_iommu_alias_table[i];
1090 if (amd_iommu_rlookup_table[bdf] == iommu)
1098 * This function actually applies the mapping to the page table of the
1101 static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
1102 struct unity_map_entry *e)
1107 for (addr = e->address_start; addr < e->address_end;
1108 addr += PAGE_SIZE) {
1109 ret = iommu_map_page(&dma_dom->domain, addr, addr, e->prot,
1114 * if unity mapping is in aperture range mark the page
1115 * as allocated in the aperture
1117 if (addr < dma_dom->aperture_size)
1118 __set_bit(addr >> PAGE_SHIFT,
1119 dma_dom->aperture[0]->bitmap);
1126 * Init the unity mappings for a specific IOMMU in the system
1128 * Basically iterates over all unity mapping entries and applies them to
1129 * the default domain DMA of that IOMMU if necessary.
1131 static int iommu_init_unity_mappings(struct amd_iommu *iommu)
1133 struct unity_map_entry *entry;
1136 list_for_each_entry(entry, &amd_iommu_unity_map, list) {
1137 if (!iommu_for_unity_map(iommu, entry))
1139 ret = dma_ops_unity_map(iommu->default_dom, entry);
1148 * Inits the unity mappings required for a specific device
1150 static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
1153 struct unity_map_entry *e;
1156 list_for_each_entry(e, &amd_iommu_unity_map, list) {
1157 if (!(devid >= e->devid_start && devid <= e->devid_end))
1159 ret = dma_ops_unity_map(dma_dom, e);
1167 /****************************************************************************
1169 * The next functions belong to the address allocator for the dma_ops
1170 * interface functions. They work like the allocators in the other IOMMU
1171 * drivers. Its basically a bitmap which marks the allocated pages in
1172 * the aperture. Maybe it could be enhanced in the future to a more
1173 * efficient allocator.
1175 ****************************************************************************/
1178 * The address allocator core functions.
1180 * called with domain->lock held
1184 * Used to reserve address ranges in the aperture (e.g. for exclusion
1187 static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
1188 unsigned long start_page,
1191 unsigned int i, last_page = dom->aperture_size >> PAGE_SHIFT;
1193 if (start_page + pages > last_page)
1194 pages = last_page - start_page;
1196 for (i = start_page; i < start_page + pages; ++i) {
1197 int index = i / APERTURE_RANGE_PAGES;
1198 int page = i % APERTURE_RANGE_PAGES;
1199 __set_bit(page, dom->aperture[index]->bitmap);
1204 * This function is used to add a new aperture range to an existing
1205 * aperture in case of dma_ops domain allocation or address allocation
1208 static int alloc_new_range(struct dma_ops_domain *dma_dom,
1209 bool populate, gfp_t gfp)
1211 int index = dma_dom->aperture_size >> APERTURE_RANGE_SHIFT;
1212 struct amd_iommu *iommu;
1213 unsigned long i, old_size;
1215 #ifdef CONFIG_IOMMU_STRESS
1219 if (index >= APERTURE_MAX_RANGES)
1222 dma_dom->aperture[index] = kzalloc(sizeof(struct aperture_range), gfp);
1223 if (!dma_dom->aperture[index])
1226 dma_dom->aperture[index]->bitmap = (void *)get_zeroed_page(gfp);
1227 if (!dma_dom->aperture[index]->bitmap)
1230 dma_dom->aperture[index]->offset = dma_dom->aperture_size;
1233 unsigned long address = dma_dom->aperture_size;
1234 int i, num_ptes = APERTURE_RANGE_PAGES / 512;
1235 u64 *pte, *pte_page;
1237 for (i = 0; i < num_ptes; ++i) {
1238 pte = alloc_pte(&dma_dom->domain, address, PAGE_SIZE,
1243 dma_dom->aperture[index]->pte_pages[i] = pte_page;
1245 address += APERTURE_RANGE_SIZE / 64;
1249 old_size = dma_dom->aperture_size;
1250 dma_dom->aperture_size += APERTURE_RANGE_SIZE;
1252 /* Reserve address range used for MSI messages */
1253 if (old_size < MSI_ADDR_BASE_LO &&
1254 dma_dom->aperture_size > MSI_ADDR_BASE_LO) {
1255 unsigned long spage;
1258 pages = iommu_num_pages(MSI_ADDR_BASE_LO, 0x10000, PAGE_SIZE);
1259 spage = MSI_ADDR_BASE_LO >> PAGE_SHIFT;
1261 dma_ops_reserve_addresses(dma_dom, spage, pages);
1264 /* Initialize the exclusion range if necessary */
1265 for_each_iommu(iommu) {
1266 if (iommu->exclusion_start &&
1267 iommu->exclusion_start >= dma_dom->aperture[index]->offset
1268 && iommu->exclusion_start < dma_dom->aperture_size) {
1269 unsigned long startpage;
1270 int pages = iommu_num_pages(iommu->exclusion_start,
1271 iommu->exclusion_length,
1273 startpage = iommu->exclusion_start >> PAGE_SHIFT;
1274 dma_ops_reserve_addresses(dma_dom, startpage, pages);
1279 * Check for areas already mapped as present in the new aperture
1280 * range and mark those pages as reserved in the allocator. Such
1281 * mappings may already exist as a result of requested unity
1282 * mappings for devices.
1284 for (i = dma_dom->aperture[index]->offset;
1285 i < dma_dom->aperture_size;
1287 u64 *pte = fetch_pte(&dma_dom->domain, i);
1288 if (!pte || !IOMMU_PTE_PRESENT(*pte))
1291 dma_ops_reserve_addresses(dma_dom, i << PAGE_SHIFT, 1);
1294 update_domain(&dma_dom->domain);
1299 update_domain(&dma_dom->domain);
1301 free_page((unsigned long)dma_dom->aperture[index]->bitmap);
1303 kfree(dma_dom->aperture[index]);
1304 dma_dom->aperture[index] = NULL;
1309 static unsigned long dma_ops_area_alloc(struct device *dev,
1310 struct dma_ops_domain *dom,
1312 unsigned long align_mask,
1314 unsigned long start)
1316 unsigned long next_bit = dom->next_address % APERTURE_RANGE_SIZE;
1317 int max_index = dom->aperture_size >> APERTURE_RANGE_SHIFT;
1318 int i = start >> APERTURE_RANGE_SHIFT;
1319 unsigned long boundary_size;
1320 unsigned long address = -1;
1321 unsigned long limit;
1323 next_bit >>= PAGE_SHIFT;
1325 boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
1326 PAGE_SIZE) >> PAGE_SHIFT;
1328 for (;i < max_index; ++i) {
1329 unsigned long offset = dom->aperture[i]->offset >> PAGE_SHIFT;
1331 if (dom->aperture[i]->offset >= dma_mask)
1334 limit = iommu_device_max_index(APERTURE_RANGE_PAGES, offset,
1335 dma_mask >> PAGE_SHIFT);
1337 address = iommu_area_alloc(dom->aperture[i]->bitmap,
1338 limit, next_bit, pages, 0,
1339 boundary_size, align_mask);
1340 if (address != -1) {
1341 address = dom->aperture[i]->offset +
1342 (address << PAGE_SHIFT);
1343 dom->next_address = address + (pages << PAGE_SHIFT);
1353 static unsigned long dma_ops_alloc_addresses(struct device *dev,
1354 struct dma_ops_domain *dom,
1356 unsigned long align_mask,
1359 unsigned long address;
1361 #ifdef CONFIG_IOMMU_STRESS
1362 dom->next_address = 0;
1363 dom->need_flush = true;
1366 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1367 dma_mask, dom->next_address);
1369 if (address == -1) {
1370 dom->next_address = 0;
1371 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1373 dom->need_flush = true;
1376 if (unlikely(address == -1))
1377 address = DMA_ERROR_CODE;
1379 WARN_ON((address + (PAGE_SIZE*pages)) > dom->aperture_size);
1385 * The address free function.
1387 * called with domain->lock held
1389 static void dma_ops_free_addresses(struct dma_ops_domain *dom,
1390 unsigned long address,
1393 unsigned i = address >> APERTURE_RANGE_SHIFT;
1394 struct aperture_range *range = dom->aperture[i];
1396 BUG_ON(i >= APERTURE_MAX_RANGES || range == NULL);
1398 #ifdef CONFIG_IOMMU_STRESS
1403 if (address >= dom->next_address)
1404 dom->need_flush = true;
1406 address = (address % APERTURE_RANGE_SIZE) >> PAGE_SHIFT;
1408 bitmap_clear(range->bitmap, address, pages);
1412 /****************************************************************************
1414 * The next functions belong to the domain allocation. A domain is
1415 * allocated for every IOMMU as the default domain. If device isolation
1416 * is enabled, every device get its own domain. The most important thing
1417 * about domains is the page table mapping the DMA address space they
1420 ****************************************************************************/
1423 * This function adds a protection domain to the global protection domain list
1425 static void add_domain_to_list(struct protection_domain *domain)
1427 unsigned long flags;
1429 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1430 list_add(&domain->list, &amd_iommu_pd_list);
1431 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1435 * This function removes a protection domain to the global
1436 * protection domain list
1438 static void del_domain_from_list(struct protection_domain *domain)
1440 unsigned long flags;
1442 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1443 list_del(&domain->list);
1444 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1447 static u16 domain_id_alloc(void)
1449 unsigned long flags;
1452 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1453 id = find_first_zero_bit(amd_iommu_pd_alloc_bitmap, MAX_DOMAIN_ID);
1455 if (id > 0 && id < MAX_DOMAIN_ID)
1456 __set_bit(id, amd_iommu_pd_alloc_bitmap);
1459 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1464 static void domain_id_free(int id)
1466 unsigned long flags;
1468 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1469 if (id > 0 && id < MAX_DOMAIN_ID)
1470 __clear_bit(id, amd_iommu_pd_alloc_bitmap);
1471 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1474 static void free_pagetable(struct protection_domain *domain)
1479 p1 = domain->pt_root;
1484 for (i = 0; i < 512; ++i) {
1485 if (!IOMMU_PTE_PRESENT(p1[i]))
1488 p2 = IOMMU_PTE_PAGE(p1[i]);
1489 for (j = 0; j < 512; ++j) {
1490 if (!IOMMU_PTE_PRESENT(p2[j]))
1492 p3 = IOMMU_PTE_PAGE(p2[j]);
1493 free_page((unsigned long)p3);
1496 free_page((unsigned long)p2);
1499 free_page((unsigned long)p1);
1501 domain->pt_root = NULL;
1505 * Free a domain, only used if something went wrong in the
1506 * allocation path and we need to free an already allocated page table
1508 static void dma_ops_domain_free(struct dma_ops_domain *dom)
1515 del_domain_from_list(&dom->domain);
1517 free_pagetable(&dom->domain);
1519 for (i = 0; i < APERTURE_MAX_RANGES; ++i) {
1520 if (!dom->aperture[i])
1522 free_page((unsigned long)dom->aperture[i]->bitmap);
1523 kfree(dom->aperture[i]);
1530 * Allocates a new protection domain usable for the dma_ops functions.
1531 * It also initializes the page table and the address allocator data
1532 * structures required for the dma_ops interface
1534 static struct dma_ops_domain *dma_ops_domain_alloc(void)
1536 struct dma_ops_domain *dma_dom;
1538 dma_dom = kzalloc(sizeof(struct dma_ops_domain), GFP_KERNEL);
1542 spin_lock_init(&dma_dom->domain.lock);
1544 dma_dom->domain.id = domain_id_alloc();
1545 if (dma_dom->domain.id == 0)
1547 INIT_LIST_HEAD(&dma_dom->domain.dev_list);
1548 dma_dom->domain.mode = PAGE_MODE_2_LEVEL;
1549 dma_dom->domain.pt_root = (void *)get_zeroed_page(GFP_KERNEL);
1550 dma_dom->domain.flags = PD_DMA_OPS_MASK;
1551 dma_dom->domain.priv = dma_dom;
1552 if (!dma_dom->domain.pt_root)
1555 dma_dom->need_flush = false;
1556 dma_dom->target_dev = 0xffff;
1558 add_domain_to_list(&dma_dom->domain);
1560 if (alloc_new_range(dma_dom, true, GFP_KERNEL))
1564 * mark the first page as allocated so we never return 0 as
1565 * a valid dma-address. So we can use 0 as error value
1567 dma_dom->aperture[0]->bitmap[0] = 1;
1568 dma_dom->next_address = 0;
1574 dma_ops_domain_free(dma_dom);
1580 * little helper function to check whether a given protection domain is a
1583 static bool dma_ops_domain(struct protection_domain *domain)
1585 return domain->flags & PD_DMA_OPS_MASK;
1588 static void set_dte_entry(u16 devid, struct protection_domain *domain, bool ats)
1590 u64 pte_root = virt_to_phys(domain->pt_root);
1593 pte_root |= (domain->mode & DEV_ENTRY_MODE_MASK)
1594 << DEV_ENTRY_MODE_SHIFT;
1595 pte_root |= IOMMU_PTE_IR | IOMMU_PTE_IW | IOMMU_PTE_P | IOMMU_PTE_TV;
1598 flags |= DTE_FLAG_IOTLB;
1600 amd_iommu_dev_table[devid].data[3] |= flags;
1601 amd_iommu_dev_table[devid].data[2] = domain->id;
1602 amd_iommu_dev_table[devid].data[1] = upper_32_bits(pte_root);
1603 amd_iommu_dev_table[devid].data[0] = lower_32_bits(pte_root);
1606 static void clear_dte_entry(u16 devid)
1608 /* remove entry from the device table seen by the hardware */
1609 amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
1610 amd_iommu_dev_table[devid].data[1] = 0;
1611 amd_iommu_dev_table[devid].data[2] = 0;
1613 amd_iommu_apply_erratum_63(devid);
1616 static void do_attach(struct iommu_dev_data *dev_data,
1617 struct protection_domain *domain)
1619 struct amd_iommu *iommu;
1622 iommu = amd_iommu_rlookup_table[dev_data->devid];
1623 ats = dev_data->ats.enabled;
1625 /* Update data structures */
1626 dev_data->domain = domain;
1627 list_add(&dev_data->list, &domain->dev_list);
1628 set_dte_entry(dev_data->devid, domain, ats);
1630 /* Do reference counting */
1631 domain->dev_iommu[iommu->index] += 1;
1632 domain->dev_cnt += 1;
1634 /* Flush the DTE entry */
1635 device_flush_dte(dev_data);
1638 static void do_detach(struct iommu_dev_data *dev_data)
1640 struct amd_iommu *iommu;
1642 iommu = amd_iommu_rlookup_table[dev_data->devid];
1644 /* decrease reference counters */
1645 dev_data->domain->dev_iommu[iommu->index] -= 1;
1646 dev_data->domain->dev_cnt -= 1;
1648 /* Update data structures */
1649 dev_data->domain = NULL;
1650 list_del(&dev_data->list);
1651 clear_dte_entry(dev_data->devid);
1653 /* Flush the DTE entry */
1654 device_flush_dte(dev_data);
1658 * If a device is not yet associated with a domain, this function does
1659 * assigns it visible for the hardware
1661 static int __attach_device(struct iommu_dev_data *dev_data,
1662 struct protection_domain *domain)
1667 spin_lock(&domain->lock);
1669 if (dev_data->alias_data != NULL) {
1670 struct iommu_dev_data *alias_data = dev_data->alias_data;
1672 /* Some sanity checks */
1674 if (alias_data->domain != NULL &&
1675 alias_data->domain != domain)
1678 if (dev_data->domain != NULL &&
1679 dev_data->domain != domain)
1682 /* Do real assignment */
1683 if (alias_data->domain == NULL)
1684 do_attach(alias_data, domain);
1686 atomic_inc(&alias_data->bind);
1689 if (dev_data->domain == NULL)
1690 do_attach(dev_data, domain);
1692 atomic_inc(&dev_data->bind);
1699 spin_unlock(&domain->lock);
1705 * If a device is not yet associated with a domain, this function does
1706 * assigns it visible for the hardware
1708 static int attach_device(struct device *dev,
1709 struct protection_domain *domain)
1711 struct pci_dev *pdev = to_pci_dev(dev);
1712 struct iommu_dev_data *dev_data;
1713 unsigned long flags;
1716 dev_data = get_dev_data(dev);
1718 if (amd_iommu_iotlb_sup && pci_enable_ats(pdev, PAGE_SHIFT) == 0) {
1719 dev_data->ats.enabled = true;
1720 dev_data->ats.qdep = pci_ats_queue_depth(pdev);
1723 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1724 ret = __attach_device(dev_data, domain);
1725 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1728 * We might boot into a crash-kernel here. The crashed kernel
1729 * left the caches in the IOMMU dirty. So we have to flush
1730 * here to evict all dirty stuff.
1732 domain_flush_tlb_pde(domain);
1738 * Removes a device from a protection domain (unlocked)
1740 static void __detach_device(struct iommu_dev_data *dev_data)
1742 struct protection_domain *domain;
1743 unsigned long flags;
1745 BUG_ON(!dev_data->domain);
1747 domain = dev_data->domain;
1749 spin_lock_irqsave(&domain->lock, flags);
1751 if (dev_data->alias_data != NULL) {
1752 struct iommu_dev_data *alias_data = dev_data->alias_data;
1754 if (atomic_dec_and_test(&alias_data->bind))
1755 do_detach(alias_data);
1758 if (atomic_dec_and_test(&dev_data->bind))
1759 do_detach(dev_data);
1761 spin_unlock_irqrestore(&domain->lock, flags);
1764 * If we run in passthrough mode the device must be assigned to the
1765 * passthrough domain if it is detached from any other domain.
1766 * Make sure we can deassign from the pt_domain itself.
1768 if (iommu_pass_through &&
1769 (dev_data->domain == NULL && domain != pt_domain))
1770 __attach_device(dev_data, pt_domain);
1774 * Removes a device from a protection domain (with devtable_lock held)
1776 static void detach_device(struct device *dev)
1778 struct iommu_dev_data *dev_data;
1779 unsigned long flags;
1781 dev_data = get_dev_data(dev);
1783 /* lock device table */
1784 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1785 __detach_device(dev_data);
1786 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1788 if (dev_data->ats.enabled) {
1789 pci_disable_ats(to_pci_dev(dev));
1790 dev_data->ats.enabled = false;
1795 * Find out the protection domain structure for a given PCI device. This
1796 * will give us the pointer to the page table root for example.
1798 static struct protection_domain *domain_for_device(struct device *dev)
1800 struct iommu_dev_data *dev_data;
1801 struct protection_domain *dom = NULL;
1802 unsigned long flags;
1804 dev_data = get_dev_data(dev);
1806 if (dev_data->domain)
1807 return dev_data->domain;
1809 if (dev_data->alias_data != NULL) {
1810 struct iommu_dev_data *alias_data = dev_data->alias_data;
1812 read_lock_irqsave(&amd_iommu_devtable_lock, flags);
1813 if (alias_data->domain != NULL) {
1814 __attach_device(dev_data, alias_data->domain);
1815 dom = alias_data->domain;
1817 read_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1823 static int device_change_notifier(struct notifier_block *nb,
1824 unsigned long action, void *data)
1826 struct device *dev = data;
1828 struct protection_domain *domain;
1829 struct dma_ops_domain *dma_domain;
1830 struct amd_iommu *iommu;
1831 unsigned long flags;
1833 if (!check_device(dev))
1836 devid = get_device_id(dev);
1837 iommu = amd_iommu_rlookup_table[devid];
1840 case BUS_NOTIFY_UNBOUND_DRIVER:
1842 domain = domain_for_device(dev);
1846 if (iommu_pass_through)
1850 case BUS_NOTIFY_ADD_DEVICE:
1852 iommu_init_device(dev);
1854 domain = domain_for_device(dev);
1856 /* allocate a protection domain if a device is added */
1857 dma_domain = find_protection_domain(devid);
1860 dma_domain = dma_ops_domain_alloc();
1863 dma_domain->target_dev = devid;
1865 spin_lock_irqsave(&iommu_pd_list_lock, flags);
1866 list_add_tail(&dma_domain->list, &iommu_pd_list);
1867 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
1870 case BUS_NOTIFY_DEL_DEVICE:
1872 iommu_uninit_device(dev);
1878 iommu_completion_wait(iommu);
1884 static struct notifier_block device_nb = {
1885 .notifier_call = device_change_notifier,
1888 void amd_iommu_init_notifier(void)
1890 bus_register_notifier(&pci_bus_type, &device_nb);
1893 /*****************************************************************************
1895 * The next functions belong to the dma_ops mapping/unmapping code.
1897 *****************************************************************************/
1900 * In the dma_ops path we only have the struct device. This function
1901 * finds the corresponding IOMMU, the protection domain and the
1902 * requestor id for a given device.
1903 * If the device is not yet associated with a domain this is also done
1906 static struct protection_domain *get_domain(struct device *dev)
1908 struct protection_domain *domain;
1909 struct dma_ops_domain *dma_dom;
1910 u16 devid = get_device_id(dev);
1912 if (!check_device(dev))
1913 return ERR_PTR(-EINVAL);
1915 domain = domain_for_device(dev);
1916 if (domain != NULL && !dma_ops_domain(domain))
1917 return ERR_PTR(-EBUSY);
1922 /* Device not bount yet - bind it */
1923 dma_dom = find_protection_domain(devid);
1925 dma_dom = amd_iommu_rlookup_table[devid]->default_dom;
1926 attach_device(dev, &dma_dom->domain);
1927 DUMP_printk("Using protection domain %d for device %s\n",
1928 dma_dom->domain.id, dev_name(dev));
1930 return &dma_dom->domain;
1933 static void update_device_table(struct protection_domain *domain)
1935 struct iommu_dev_data *dev_data;
1937 list_for_each_entry(dev_data, &domain->dev_list, list)
1938 set_dte_entry(dev_data->devid, domain, dev_data->ats.enabled);
1941 static void update_domain(struct protection_domain *domain)
1943 if (!domain->updated)
1946 update_device_table(domain);
1948 domain_flush_devices(domain);
1949 domain_flush_tlb_pde(domain);
1951 domain->updated = false;
1955 * This function fetches the PTE for a given address in the aperture
1957 static u64* dma_ops_get_pte(struct dma_ops_domain *dom,
1958 unsigned long address)
1960 struct aperture_range *aperture;
1961 u64 *pte, *pte_page;
1963 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
1967 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
1969 pte = alloc_pte(&dom->domain, address, PAGE_SIZE, &pte_page,
1971 aperture->pte_pages[APERTURE_PAGE_INDEX(address)] = pte_page;
1973 pte += PM_LEVEL_INDEX(0, address);
1975 update_domain(&dom->domain);
1981 * This is the generic map function. It maps one 4kb page at paddr to
1982 * the given address in the DMA address space for the domain.
1984 static dma_addr_t dma_ops_domain_map(struct dma_ops_domain *dom,
1985 unsigned long address,
1991 WARN_ON(address > dom->aperture_size);
1995 pte = dma_ops_get_pte(dom, address);
1997 return DMA_ERROR_CODE;
1999 __pte = paddr | IOMMU_PTE_P | IOMMU_PTE_FC;
2001 if (direction == DMA_TO_DEVICE)
2002 __pte |= IOMMU_PTE_IR;
2003 else if (direction == DMA_FROM_DEVICE)
2004 __pte |= IOMMU_PTE_IW;
2005 else if (direction == DMA_BIDIRECTIONAL)
2006 __pte |= IOMMU_PTE_IR | IOMMU_PTE_IW;
2012 return (dma_addr_t)address;
2016 * The generic unmapping function for on page in the DMA address space.
2018 static void dma_ops_domain_unmap(struct dma_ops_domain *dom,
2019 unsigned long address)
2021 struct aperture_range *aperture;
2024 if (address >= dom->aperture_size)
2027 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
2031 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
2035 pte += PM_LEVEL_INDEX(0, address);
2043 * This function contains common code for mapping of a physically
2044 * contiguous memory region into DMA address space. It is used by all
2045 * mapping functions provided with this IOMMU driver.
2046 * Must be called with the domain lock held.
2048 static dma_addr_t __map_single(struct device *dev,
2049 struct dma_ops_domain *dma_dom,
2056 dma_addr_t offset = paddr & ~PAGE_MASK;
2057 dma_addr_t address, start, ret;
2059 unsigned long align_mask = 0;
2062 pages = iommu_num_pages(paddr, size, PAGE_SIZE);
2065 INC_STATS_COUNTER(total_map_requests);
2068 INC_STATS_COUNTER(cross_page);
2071 align_mask = (1UL << get_order(size)) - 1;
2074 address = dma_ops_alloc_addresses(dev, dma_dom, pages, align_mask,
2076 if (unlikely(address == DMA_ERROR_CODE)) {
2078 * setting next_address here will let the address
2079 * allocator only scan the new allocated range in the
2080 * first run. This is a small optimization.
2082 dma_dom->next_address = dma_dom->aperture_size;
2084 if (alloc_new_range(dma_dom, false, GFP_ATOMIC))
2088 * aperture was successfully enlarged by 128 MB, try
2095 for (i = 0; i < pages; ++i) {
2096 ret = dma_ops_domain_map(dma_dom, start, paddr, dir);
2097 if (ret == DMA_ERROR_CODE)
2105 ADD_STATS_COUNTER(alloced_io_mem, size);
2107 if (unlikely(dma_dom->need_flush && !amd_iommu_unmap_flush)) {
2108 domain_flush_tlb(&dma_dom->domain);
2109 dma_dom->need_flush = false;
2110 } else if (unlikely(amd_iommu_np_cache))
2111 domain_flush_pages(&dma_dom->domain, address, size);
2118 for (--i; i >= 0; --i) {
2120 dma_ops_domain_unmap(dma_dom, start);
2123 dma_ops_free_addresses(dma_dom, address, pages);
2125 return DMA_ERROR_CODE;
2129 * Does the reverse of the __map_single function. Must be called with
2130 * the domain lock held too
2132 static void __unmap_single(struct dma_ops_domain *dma_dom,
2133 dma_addr_t dma_addr,
2137 dma_addr_t flush_addr;
2138 dma_addr_t i, start;
2141 if ((dma_addr == DMA_ERROR_CODE) ||
2142 (dma_addr + size > dma_dom->aperture_size))
2145 flush_addr = dma_addr;
2146 pages = iommu_num_pages(dma_addr, size, PAGE_SIZE);
2147 dma_addr &= PAGE_MASK;
2150 for (i = 0; i < pages; ++i) {
2151 dma_ops_domain_unmap(dma_dom, start);
2155 SUB_STATS_COUNTER(alloced_io_mem, size);
2157 dma_ops_free_addresses(dma_dom, dma_addr, pages);
2159 if (amd_iommu_unmap_flush || dma_dom->need_flush) {
2160 domain_flush_pages(&dma_dom->domain, flush_addr, size);
2161 dma_dom->need_flush = false;
2166 * The exported map_single function for dma_ops.
2168 static dma_addr_t map_page(struct device *dev, struct page *page,
2169 unsigned long offset, size_t size,
2170 enum dma_data_direction dir,
2171 struct dma_attrs *attrs)
2173 unsigned long flags;
2174 struct protection_domain *domain;
2177 phys_addr_t paddr = page_to_phys(page) + offset;
2179 INC_STATS_COUNTER(cnt_map_single);
2181 domain = get_domain(dev);
2182 if (PTR_ERR(domain) == -EINVAL)
2183 return (dma_addr_t)paddr;
2184 else if (IS_ERR(domain))
2185 return DMA_ERROR_CODE;
2187 dma_mask = *dev->dma_mask;
2189 spin_lock_irqsave(&domain->lock, flags);
2191 addr = __map_single(dev, domain->priv, paddr, size, dir, false,
2193 if (addr == DMA_ERROR_CODE)
2196 domain_flush_complete(domain);
2199 spin_unlock_irqrestore(&domain->lock, flags);
2205 * The exported unmap_single function for dma_ops.
2207 static void unmap_page(struct device *dev, dma_addr_t dma_addr, size_t size,
2208 enum dma_data_direction dir, struct dma_attrs *attrs)
2210 unsigned long flags;
2211 struct protection_domain *domain;
2213 INC_STATS_COUNTER(cnt_unmap_single);
2215 domain = get_domain(dev);
2219 spin_lock_irqsave(&domain->lock, flags);
2221 __unmap_single(domain->priv, dma_addr, size, dir);
2223 domain_flush_complete(domain);
2225 spin_unlock_irqrestore(&domain->lock, flags);
2229 * This is a special map_sg function which is used if we should map a
2230 * device which is not handled by an AMD IOMMU in the system.
2232 static int map_sg_no_iommu(struct device *dev, struct scatterlist *sglist,
2233 int nelems, int dir)
2235 struct scatterlist *s;
2238 for_each_sg(sglist, s, nelems, i) {
2239 s->dma_address = (dma_addr_t)sg_phys(s);
2240 s->dma_length = s->length;
2247 * The exported map_sg function for dma_ops (handles scatter-gather
2250 static int map_sg(struct device *dev, struct scatterlist *sglist,
2251 int nelems, enum dma_data_direction dir,
2252 struct dma_attrs *attrs)
2254 unsigned long flags;
2255 struct protection_domain *domain;
2257 struct scatterlist *s;
2259 int mapped_elems = 0;
2262 INC_STATS_COUNTER(cnt_map_sg);
2264 domain = get_domain(dev);
2265 if (PTR_ERR(domain) == -EINVAL)
2266 return map_sg_no_iommu(dev, sglist, nelems, dir);
2267 else if (IS_ERR(domain))
2270 dma_mask = *dev->dma_mask;
2272 spin_lock_irqsave(&domain->lock, flags);
2274 for_each_sg(sglist, s, nelems, i) {
2277 s->dma_address = __map_single(dev, domain->priv,
2278 paddr, s->length, dir, false,
2281 if (s->dma_address) {
2282 s->dma_length = s->length;
2288 domain_flush_complete(domain);
2291 spin_unlock_irqrestore(&domain->lock, flags);
2293 return mapped_elems;
2295 for_each_sg(sglist, s, mapped_elems, i) {
2297 __unmap_single(domain->priv, s->dma_address,
2298 s->dma_length, dir);
2299 s->dma_address = s->dma_length = 0;
2308 * The exported map_sg function for dma_ops (handles scatter-gather
2311 static void unmap_sg(struct device *dev, struct scatterlist *sglist,
2312 int nelems, enum dma_data_direction dir,
2313 struct dma_attrs *attrs)
2315 unsigned long flags;
2316 struct protection_domain *domain;
2317 struct scatterlist *s;
2320 INC_STATS_COUNTER(cnt_unmap_sg);
2322 domain = get_domain(dev);
2326 spin_lock_irqsave(&domain->lock, flags);
2328 for_each_sg(sglist, s, nelems, i) {
2329 __unmap_single(domain->priv, s->dma_address,
2330 s->dma_length, dir);
2331 s->dma_address = s->dma_length = 0;
2334 domain_flush_complete(domain);
2336 spin_unlock_irqrestore(&domain->lock, flags);
2340 * The exported alloc_coherent function for dma_ops.
2342 static void *alloc_coherent(struct device *dev, size_t size,
2343 dma_addr_t *dma_addr, gfp_t flag)
2345 unsigned long flags;
2347 struct protection_domain *domain;
2349 u64 dma_mask = dev->coherent_dma_mask;
2351 INC_STATS_COUNTER(cnt_alloc_coherent);
2353 domain = get_domain(dev);
2354 if (PTR_ERR(domain) == -EINVAL) {
2355 virt_addr = (void *)__get_free_pages(flag, get_order(size));
2356 *dma_addr = __pa(virt_addr);
2358 } else if (IS_ERR(domain))
2361 dma_mask = dev->coherent_dma_mask;
2362 flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
2365 virt_addr = (void *)__get_free_pages(flag, get_order(size));
2369 paddr = virt_to_phys(virt_addr);
2372 dma_mask = *dev->dma_mask;
2374 spin_lock_irqsave(&domain->lock, flags);
2376 *dma_addr = __map_single(dev, domain->priv, paddr,
2377 size, DMA_BIDIRECTIONAL, true, dma_mask);
2379 if (*dma_addr == DMA_ERROR_CODE) {
2380 spin_unlock_irqrestore(&domain->lock, flags);
2384 domain_flush_complete(domain);
2386 spin_unlock_irqrestore(&domain->lock, flags);
2392 free_pages((unsigned long)virt_addr, get_order(size));
2398 * The exported free_coherent function for dma_ops.
2400 static void free_coherent(struct device *dev, size_t size,
2401 void *virt_addr, dma_addr_t dma_addr)
2403 unsigned long flags;
2404 struct protection_domain *domain;
2406 INC_STATS_COUNTER(cnt_free_coherent);
2408 domain = get_domain(dev);
2412 spin_lock_irqsave(&domain->lock, flags);
2414 __unmap_single(domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
2416 domain_flush_complete(domain);
2418 spin_unlock_irqrestore(&domain->lock, flags);
2421 free_pages((unsigned long)virt_addr, get_order(size));
2425 * This function is called by the DMA layer to find out if we can handle a
2426 * particular device. It is part of the dma_ops.
2428 static int amd_iommu_dma_supported(struct device *dev, u64 mask)
2430 return check_device(dev);
2434 * The function for pre-allocating protection domains.
2436 * If the driver core informs the DMA layer if a driver grabs a device
2437 * we don't need to preallocate the protection domains anymore.
2438 * For now we have to.
2440 static void prealloc_protection_domains(void)
2442 struct pci_dev *dev = NULL;
2443 struct dma_ops_domain *dma_dom;
2446 for_each_pci_dev(dev) {
2448 /* Do we handle this device? */
2449 if (!check_device(&dev->dev))
2452 /* Is there already any domain for it? */
2453 if (domain_for_device(&dev->dev))
2456 devid = get_device_id(&dev->dev);
2458 dma_dom = dma_ops_domain_alloc();
2461 init_unity_mappings_for_device(dma_dom, devid);
2462 dma_dom->target_dev = devid;
2464 attach_device(&dev->dev, &dma_dom->domain);
2466 list_add_tail(&dma_dom->list, &iommu_pd_list);
2470 static struct dma_map_ops amd_iommu_dma_ops = {
2471 .alloc_coherent = alloc_coherent,
2472 .free_coherent = free_coherent,
2473 .map_page = map_page,
2474 .unmap_page = unmap_page,
2476 .unmap_sg = unmap_sg,
2477 .dma_supported = amd_iommu_dma_supported,
2480 static unsigned device_dma_ops_init(void)
2482 struct pci_dev *pdev = NULL;
2483 unsigned unhandled = 0;
2485 for_each_pci_dev(pdev) {
2486 if (!check_device(&pdev->dev)) {
2491 pdev->dev.archdata.dma_ops = &amd_iommu_dma_ops;
2498 * The function which clues the AMD IOMMU driver into dma_ops.
2501 void __init amd_iommu_init_api(void)
2503 register_iommu(&amd_iommu_ops);
2506 int __init amd_iommu_init_dma_ops(void)
2508 struct amd_iommu *iommu;
2512 * first allocate a default protection domain for every IOMMU we
2513 * found in the system. Devices not assigned to any other
2514 * protection domain will be assigned to the default one.
2516 for_each_iommu(iommu) {
2517 iommu->default_dom = dma_ops_domain_alloc();
2518 if (iommu->default_dom == NULL)
2520 iommu->default_dom->domain.flags |= PD_DEFAULT_MASK;
2521 ret = iommu_init_unity_mappings(iommu);
2527 * Pre-allocate the protection domains for each device.
2529 prealloc_protection_domains();
2534 /* Make the driver finally visible to the drivers */
2535 unhandled = device_dma_ops_init();
2536 if (unhandled && max_pfn > MAX_DMA32_PFN) {
2537 /* There are unhandled devices - initialize swiotlb for them */
2541 amd_iommu_stats_init();
2547 for_each_iommu(iommu) {
2548 if (iommu->default_dom)
2549 dma_ops_domain_free(iommu->default_dom);
2555 /*****************************************************************************
2557 * The following functions belong to the exported interface of AMD IOMMU
2559 * This interface allows access to lower level functions of the IOMMU
2560 * like protection domain handling and assignement of devices to domains
2561 * which is not possible with the dma_ops interface.
2563 *****************************************************************************/
2565 static void cleanup_domain(struct protection_domain *domain)
2567 struct iommu_dev_data *dev_data, *next;
2568 unsigned long flags;
2570 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
2572 list_for_each_entry_safe(dev_data, next, &domain->dev_list, list) {
2573 __detach_device(dev_data);
2574 atomic_set(&dev_data->bind, 0);
2577 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
2580 static void protection_domain_free(struct protection_domain *domain)
2585 del_domain_from_list(domain);
2588 domain_id_free(domain->id);
2593 static struct protection_domain *protection_domain_alloc(void)
2595 struct protection_domain *domain;
2597 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
2601 spin_lock_init(&domain->lock);
2602 mutex_init(&domain->api_lock);
2603 domain->id = domain_id_alloc();
2606 INIT_LIST_HEAD(&domain->dev_list);
2608 add_domain_to_list(domain);
2618 static int amd_iommu_domain_init(struct iommu_domain *dom)
2620 struct protection_domain *domain;
2622 domain = protection_domain_alloc();
2626 domain->mode = PAGE_MODE_3_LEVEL;
2627 domain->pt_root = (void *)get_zeroed_page(GFP_KERNEL);
2628 if (!domain->pt_root)
2636 protection_domain_free(domain);
2641 static void amd_iommu_domain_destroy(struct iommu_domain *dom)
2643 struct protection_domain *domain = dom->priv;
2648 if (domain->dev_cnt > 0)
2649 cleanup_domain(domain);
2651 BUG_ON(domain->dev_cnt != 0);
2653 free_pagetable(domain);
2655 protection_domain_free(domain);
2660 static void amd_iommu_detach_device(struct iommu_domain *dom,
2663 struct iommu_dev_data *dev_data = dev->archdata.iommu;
2664 struct amd_iommu *iommu;
2667 if (!check_device(dev))
2670 devid = get_device_id(dev);
2672 if (dev_data->domain != NULL)
2675 iommu = amd_iommu_rlookup_table[devid];
2679 iommu_completion_wait(iommu);
2682 static int amd_iommu_attach_device(struct iommu_domain *dom,
2685 struct protection_domain *domain = dom->priv;
2686 struct iommu_dev_data *dev_data;
2687 struct amd_iommu *iommu;
2690 if (!check_device(dev))
2693 dev_data = dev->archdata.iommu;
2695 iommu = amd_iommu_rlookup_table[dev_data->devid];
2699 if (dev_data->domain)
2702 ret = attach_device(dev, domain);
2704 iommu_completion_wait(iommu);
2709 static int amd_iommu_map(struct iommu_domain *dom, unsigned long iova,
2710 phys_addr_t paddr, int gfp_order, int iommu_prot)
2712 unsigned long page_size = 0x1000UL << gfp_order;
2713 struct protection_domain *domain = dom->priv;
2717 if (iommu_prot & IOMMU_READ)
2718 prot |= IOMMU_PROT_IR;
2719 if (iommu_prot & IOMMU_WRITE)
2720 prot |= IOMMU_PROT_IW;
2722 mutex_lock(&domain->api_lock);
2723 ret = iommu_map_page(domain, iova, paddr, prot, page_size);
2724 mutex_unlock(&domain->api_lock);
2729 static int amd_iommu_unmap(struct iommu_domain *dom, unsigned long iova,
2732 struct protection_domain *domain = dom->priv;
2733 unsigned long page_size, unmap_size;
2735 page_size = 0x1000UL << gfp_order;
2737 mutex_lock(&domain->api_lock);
2738 unmap_size = iommu_unmap_page(domain, iova, page_size);
2739 mutex_unlock(&domain->api_lock);
2741 domain_flush_tlb_pde(domain);
2743 return get_order(unmap_size);
2746 static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom,
2749 struct protection_domain *domain = dom->priv;
2750 unsigned long offset_mask;
2754 pte = fetch_pte(domain, iova);
2756 if (!pte || !IOMMU_PTE_PRESENT(*pte))
2759 if (PM_PTE_LEVEL(*pte) == 0)
2760 offset_mask = PAGE_SIZE - 1;
2762 offset_mask = PTE_PAGE_SIZE(*pte) - 1;
2764 __pte = *pte & PM_ADDR_MASK;
2765 paddr = (__pte & ~offset_mask) | (iova & offset_mask);
2770 static int amd_iommu_domain_has_cap(struct iommu_domain *domain,
2774 case IOMMU_CAP_CACHE_COHERENCY:
2781 static struct iommu_ops amd_iommu_ops = {
2782 .domain_init = amd_iommu_domain_init,
2783 .domain_destroy = amd_iommu_domain_destroy,
2784 .attach_dev = amd_iommu_attach_device,
2785 .detach_dev = amd_iommu_detach_device,
2786 .map = amd_iommu_map,
2787 .unmap = amd_iommu_unmap,
2788 .iova_to_phys = amd_iommu_iova_to_phys,
2789 .domain_has_cap = amd_iommu_domain_has_cap,
2792 /*****************************************************************************
2794 * The next functions do a basic initialization of IOMMU for pass through
2797 * In passthrough mode the IOMMU is initialized and enabled but not used for
2798 * DMA-API translation.
2800 *****************************************************************************/
2802 int __init amd_iommu_init_passthrough(void)
2804 struct amd_iommu *iommu;
2805 struct pci_dev *dev = NULL;
2808 /* allocate passthrough domain */
2809 pt_domain = protection_domain_alloc();
2813 pt_domain->mode |= PAGE_MODE_NONE;
2815 for_each_pci_dev(dev) {
2816 if (!check_device(&dev->dev))
2819 devid = get_device_id(&dev->dev);
2821 iommu = amd_iommu_rlookup_table[devid];
2825 attach_device(&dev->dev, pt_domain);
2828 pr_info("AMD-Vi: Initialized for Passthrough Mode\n");
git.openpandora.org / pandora-kernel.git / blob