2 * Copyright (C) 2007-2010 Advanced Micro Devices, Inc.
3 * Author: Joerg Roedel <joerg.roedel@amd.com>
4 * Leo Duran <leo.duran@amd.com>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 #include <linux/pci.h>
21 #include <linux/pci-ats.h>
22 #include <linux/bitmap.h>
23 #include <linux/slab.h>
24 #include <linux/debugfs.h>
25 #include <linux/scatterlist.h>
26 #include <linux/dma-mapping.h>
27 #include <linux/iommu-helper.h>
28 #include <linux/iommu.h>
29 #include <linux/delay.h>
30 #include <asm/proto.h>
31 #include <asm/iommu.h>
34 #include <asm/amd_iommu_proto.h>
35 #include <asm/amd_iommu_types.h>
36 #include <asm/amd_iommu.h>
38 #define CMD_SET_TYPE(cmd, t) ((cmd)->data[1] |= ((t) << 28))
40 #define LOOP_TIMEOUT 100000
42 static DEFINE_RWLOCK(amd_iommu_devtable_lock);
44 /* A list of preallocated protection domains */
45 static LIST_HEAD(iommu_pd_list);
46 static DEFINE_SPINLOCK(iommu_pd_list_lock);
49 * Domain for untranslated devices - only allocated
50 * if iommu=pt passed on kernel cmd line.
52 static struct protection_domain *pt_domain;
54 static struct iommu_ops amd_iommu_ops;
57 * general struct to manage commands send to an IOMMU
63 static void update_domain(struct protection_domain *domain);
65 /****************************************************************************
69 ****************************************************************************/
71 static inline u16 get_device_id(struct device *dev)
73 struct pci_dev *pdev = to_pci_dev(dev);
75 return calc_devid(pdev->bus->number, pdev->devfn);
78 static struct iommu_dev_data *get_dev_data(struct device *dev)
80 return dev->archdata.iommu;
84 * In this function the list of preallocated protection domains is traversed to
85 * find the domain for a specific device
87 static struct dma_ops_domain *find_protection_domain(u16 devid)
89 struct dma_ops_domain *entry, *ret = NULL;
91 u16 alias = amd_iommu_alias_table[devid];
93 if (list_empty(&iommu_pd_list))
96 spin_lock_irqsave(&iommu_pd_list_lock, flags);
98 list_for_each_entry(entry, &iommu_pd_list, list) {
99 if (entry->target_dev == devid ||
100 entry->target_dev == alias) {
106 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
112 * This function checks if the driver got a valid device from the caller to
113 * avoid dereferencing invalid pointers.
115 static bool check_device(struct device *dev)
119 if (!dev || !dev->dma_mask)
122 /* No device or no PCI device */
123 if (dev->bus != &pci_bus_type)
126 devid = get_device_id(dev);
128 /* Out of our scope? */
129 if (devid > amd_iommu_last_bdf)
132 if (amd_iommu_rlookup_table[devid] == NULL)
138 static int iommu_init_device(struct device *dev)
140 struct iommu_dev_data *dev_data;
141 struct pci_dev *pdev;
144 if (dev->archdata.iommu)
147 dev_data = kzalloc(sizeof(*dev_data), GFP_KERNEL);
153 devid = get_device_id(dev);
154 alias = amd_iommu_alias_table[devid];
155 pdev = pci_get_bus_and_slot(PCI_BUS(alias), alias & 0xff);
157 dev_data->alias = &pdev->dev;
163 atomic_set(&dev_data->bind, 0);
165 dev->archdata.iommu = dev_data;
171 static void iommu_ignore_device(struct device *dev)
175 devid = get_device_id(dev);
176 alias = amd_iommu_alias_table[devid];
178 memset(&amd_iommu_dev_table[devid], 0, sizeof(struct dev_table_entry));
179 memset(&amd_iommu_dev_table[alias], 0, sizeof(struct dev_table_entry));
181 amd_iommu_rlookup_table[devid] = NULL;
182 amd_iommu_rlookup_table[alias] = NULL;
185 static void iommu_uninit_device(struct device *dev)
187 kfree(dev->archdata.iommu);
190 void __init amd_iommu_uninit_devices(void)
192 struct pci_dev *pdev = NULL;
194 for_each_pci_dev(pdev) {
196 if (!check_device(&pdev->dev))
199 iommu_uninit_device(&pdev->dev);
203 int __init amd_iommu_init_devices(void)
205 struct pci_dev *pdev = NULL;
208 for_each_pci_dev(pdev) {
210 if (!check_device(&pdev->dev))
213 ret = iommu_init_device(&pdev->dev);
214 if (ret == -ENOTSUPP)
215 iommu_ignore_device(&pdev->dev);
224 amd_iommu_uninit_devices();
228 #ifdef CONFIG_AMD_IOMMU_STATS
231 * Initialization code for statistics collection
234 DECLARE_STATS_COUNTER(compl_wait);
235 DECLARE_STATS_COUNTER(cnt_map_single);
236 DECLARE_STATS_COUNTER(cnt_unmap_single);
237 DECLARE_STATS_COUNTER(cnt_map_sg);
238 DECLARE_STATS_COUNTER(cnt_unmap_sg);
239 DECLARE_STATS_COUNTER(cnt_alloc_coherent);
240 DECLARE_STATS_COUNTER(cnt_free_coherent);
241 DECLARE_STATS_COUNTER(cross_page);
242 DECLARE_STATS_COUNTER(domain_flush_single);
243 DECLARE_STATS_COUNTER(domain_flush_all);
244 DECLARE_STATS_COUNTER(alloced_io_mem);
245 DECLARE_STATS_COUNTER(total_map_requests);
247 static struct dentry *stats_dir;
248 static struct dentry *de_fflush;
250 static void amd_iommu_stats_add(struct __iommu_counter *cnt)
252 if (stats_dir == NULL)
255 cnt->dent = debugfs_create_u64(cnt->name, 0444, stats_dir,
259 static void amd_iommu_stats_init(void)
261 stats_dir = debugfs_create_dir("amd-iommu", NULL);
262 if (stats_dir == NULL)
265 de_fflush = debugfs_create_bool("fullflush", 0444, stats_dir,
266 (u32 *)&amd_iommu_unmap_flush);
268 amd_iommu_stats_add(&compl_wait);
269 amd_iommu_stats_add(&cnt_map_single);
270 amd_iommu_stats_add(&cnt_unmap_single);
271 amd_iommu_stats_add(&cnt_map_sg);
272 amd_iommu_stats_add(&cnt_unmap_sg);
273 amd_iommu_stats_add(&cnt_alloc_coherent);
274 amd_iommu_stats_add(&cnt_free_coherent);
275 amd_iommu_stats_add(&cross_page);
276 amd_iommu_stats_add(&domain_flush_single);
277 amd_iommu_stats_add(&domain_flush_all);
278 amd_iommu_stats_add(&alloced_io_mem);
279 amd_iommu_stats_add(&total_map_requests);
284 /****************************************************************************
286 * Interrupt handling functions
288 ****************************************************************************/
290 static void dump_dte_entry(u16 devid)
294 for (i = 0; i < 8; ++i)
295 pr_err("AMD-Vi: DTE[%d]: %08x\n", i,
296 amd_iommu_dev_table[devid].data[i]);
299 static void dump_command(unsigned long phys_addr)
301 struct iommu_cmd *cmd = phys_to_virt(phys_addr);
304 for (i = 0; i < 4; ++i)
305 pr_err("AMD-Vi: CMD[%d]: %08x\n", i, cmd->data[i]);
308 static void iommu_print_event(struct amd_iommu *iommu, void *__evt)
311 int type = (event[1] >> EVENT_TYPE_SHIFT) & EVENT_TYPE_MASK;
312 int devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK;
313 int domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK;
314 int flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK;
315 u64 address = (u64)(((u64)event[3]) << 32) | event[2];
317 printk(KERN_ERR "AMD-Vi: Event logged [");
320 case EVENT_TYPE_ILL_DEV:
321 printk("ILLEGAL_DEV_TABLE_ENTRY device=%02x:%02x.%x "
322 "address=0x%016llx flags=0x%04x]\n",
323 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
325 dump_dte_entry(devid);
327 case EVENT_TYPE_IO_FAULT:
328 printk("IO_PAGE_FAULT device=%02x:%02x.%x "
329 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
330 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
331 domid, address, flags);
333 case EVENT_TYPE_DEV_TAB_ERR:
334 printk("DEV_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
335 "address=0x%016llx flags=0x%04x]\n",
336 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
339 case EVENT_TYPE_PAGE_TAB_ERR:
340 printk("PAGE_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
341 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
342 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
343 domid, address, flags);
345 case EVENT_TYPE_ILL_CMD:
346 printk("ILLEGAL_COMMAND_ERROR address=0x%016llx]\n", address);
347 dump_command(address);
349 case EVENT_TYPE_CMD_HARD_ERR:
350 printk("COMMAND_HARDWARE_ERROR address=0x%016llx "
351 "flags=0x%04x]\n", address, flags);
353 case EVENT_TYPE_IOTLB_INV_TO:
354 printk("IOTLB_INV_TIMEOUT device=%02x:%02x.%x "
355 "address=0x%016llx]\n",
356 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
359 case EVENT_TYPE_INV_DEV_REQ:
360 printk("INVALID_DEVICE_REQUEST device=%02x:%02x.%x "
361 "address=0x%016llx flags=0x%04x]\n",
362 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
366 printk(KERN_ERR "UNKNOWN type=0x%02x]\n", type);
370 static void iommu_poll_events(struct amd_iommu *iommu)
375 spin_lock_irqsave(&iommu->lock, flags);
377 head = readl(iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
378 tail = readl(iommu->mmio_base + MMIO_EVT_TAIL_OFFSET);
380 while (head != tail) {
381 iommu_print_event(iommu, iommu->evt_buf + head);
382 head = (head + EVENT_ENTRY_SIZE) % iommu->evt_buf_size;
385 writel(head, iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
387 spin_unlock_irqrestore(&iommu->lock, flags);
390 irqreturn_t amd_iommu_int_thread(int irq, void *data)
392 struct amd_iommu *iommu;
394 for_each_iommu(iommu)
395 iommu_poll_events(iommu);
400 irqreturn_t amd_iommu_int_handler(int irq, void *data)
402 return IRQ_WAKE_THREAD;
405 /****************************************************************************
407 * IOMMU command queuing functions
409 ****************************************************************************/
411 static int wait_on_sem(volatile u64 *sem)
415 while (*sem == 0 && i < LOOP_TIMEOUT) {
420 if (i == LOOP_TIMEOUT) {
421 pr_alert("AMD-Vi: Completion-Wait loop timed out\n");
428 static void copy_cmd_to_buffer(struct amd_iommu *iommu,
429 struct iommu_cmd *cmd,
434 target = iommu->cmd_buf + tail;
435 tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
437 /* Copy command to buffer */
438 memcpy(target, cmd, sizeof(*cmd));
440 /* Tell the IOMMU about it */
441 writel(tail, iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
444 static void build_completion_wait(struct iommu_cmd *cmd, u64 address)
446 WARN_ON(address & 0x7ULL);
448 memset(cmd, 0, sizeof(*cmd));
449 cmd->data[0] = lower_32_bits(__pa(address)) | CMD_COMPL_WAIT_STORE_MASK;
450 cmd->data[1] = upper_32_bits(__pa(address));
452 CMD_SET_TYPE(cmd, CMD_COMPL_WAIT);
455 static void build_inv_dte(struct iommu_cmd *cmd, u16 devid)
457 memset(cmd, 0, sizeof(*cmd));
458 cmd->data[0] = devid;
459 CMD_SET_TYPE(cmd, CMD_INV_DEV_ENTRY);
462 static void build_inv_iommu_pages(struct iommu_cmd *cmd, u64 address,
463 size_t size, u16 domid, int pde)
468 pages = iommu_num_pages(address, size, PAGE_SIZE);
473 * If we have to flush more than one page, flush all
474 * TLB entries for this domain
476 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
480 address &= PAGE_MASK;
482 memset(cmd, 0, sizeof(*cmd));
483 cmd->data[1] |= domid;
484 cmd->data[2] = lower_32_bits(address);
485 cmd->data[3] = upper_32_bits(address);
486 CMD_SET_TYPE(cmd, CMD_INV_IOMMU_PAGES);
487 if (s) /* size bit - we flush more than one 4kb page */
488 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
489 if (pde) /* PDE bit - we wan't flush everything not only the PTEs */
490 cmd->data[2] |= CMD_INV_IOMMU_PAGES_PDE_MASK;
493 static void build_inv_iotlb_pages(struct iommu_cmd *cmd, u16 devid, int qdep,
494 u64 address, size_t size)
499 pages = iommu_num_pages(address, size, PAGE_SIZE);
504 * If we have to flush more than one page, flush all
505 * TLB entries for this domain
507 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
511 address &= PAGE_MASK;
513 memset(cmd, 0, sizeof(*cmd));
514 cmd->data[0] = devid;
515 cmd->data[0] |= (qdep & 0xff) << 24;
516 cmd->data[1] = devid;
517 cmd->data[2] = lower_32_bits(address);
518 cmd->data[3] = upper_32_bits(address);
519 CMD_SET_TYPE(cmd, CMD_INV_IOTLB_PAGES);
521 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
524 static void build_inv_all(struct iommu_cmd *cmd)
526 memset(cmd, 0, sizeof(*cmd));
527 CMD_SET_TYPE(cmd, CMD_INV_ALL);
531 * Writes the command to the IOMMUs command buffer and informs the
532 * hardware about the new command.
534 static int iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
536 u32 left, tail, head, next_tail;
539 WARN_ON(iommu->cmd_buf_size & CMD_BUFFER_UNINITIALIZED);
542 spin_lock_irqsave(&iommu->lock, flags);
544 head = readl(iommu->mmio_base + MMIO_CMD_HEAD_OFFSET);
545 tail = readl(iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
546 next_tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
547 left = (head - next_tail) % iommu->cmd_buf_size;
550 struct iommu_cmd sync_cmd;
551 volatile u64 sem = 0;
554 build_completion_wait(&sync_cmd, (u64)&sem);
555 copy_cmd_to_buffer(iommu, &sync_cmd, tail);
557 spin_unlock_irqrestore(&iommu->lock, flags);
559 if ((ret = wait_on_sem(&sem)) != 0)
565 copy_cmd_to_buffer(iommu, cmd, tail);
567 /* We need to sync now to make sure all commands are processed */
568 iommu->need_sync = true;
570 spin_unlock_irqrestore(&iommu->lock, flags);
576 * This function queues a completion wait command into the command
579 static int iommu_completion_wait(struct amd_iommu *iommu)
581 struct iommu_cmd cmd;
582 volatile u64 sem = 0;
585 if (!iommu->need_sync)
588 build_completion_wait(&cmd, (u64)&sem);
590 ret = iommu_queue_command(iommu, &cmd);
594 return wait_on_sem(&sem);
597 static int iommu_flush_dte(struct amd_iommu *iommu, u16 devid)
599 struct iommu_cmd cmd;
601 build_inv_dte(&cmd, devid);
603 return iommu_queue_command(iommu, &cmd);
606 static void iommu_flush_dte_all(struct amd_iommu *iommu)
610 for (devid = 0; devid <= 0xffff; ++devid)
611 iommu_flush_dte(iommu, devid);
613 iommu_completion_wait(iommu);
617 * This function uses heavy locking and may disable irqs for some time. But
618 * this is no issue because it is only called during resume.
620 static void iommu_flush_tlb_all(struct amd_iommu *iommu)
624 for (dom_id = 0; dom_id <= 0xffff; ++dom_id) {
625 struct iommu_cmd cmd;
626 build_inv_iommu_pages(&cmd, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS,
628 iommu_queue_command(iommu, &cmd);
631 iommu_completion_wait(iommu);
634 static void iommu_flush_all(struct amd_iommu *iommu)
636 struct iommu_cmd cmd;
640 iommu_queue_command(iommu, &cmd);
641 iommu_completion_wait(iommu);
644 void iommu_flush_all_caches(struct amd_iommu *iommu)
646 if (iommu_feature(iommu, FEATURE_IA)) {
647 iommu_flush_all(iommu);
649 iommu_flush_dte_all(iommu);
650 iommu_flush_tlb_all(iommu);
655 * Command send function for flushing on-device TLB
657 static int device_flush_iotlb(struct device *dev, u64 address, size_t size)
659 struct pci_dev *pdev = to_pci_dev(dev);
660 struct amd_iommu *iommu;
661 struct iommu_cmd cmd;
665 qdep = pci_ats_queue_depth(pdev);
666 devid = get_device_id(dev);
667 iommu = amd_iommu_rlookup_table[devid];
669 build_inv_iotlb_pages(&cmd, devid, qdep, address, size);
671 return iommu_queue_command(iommu, &cmd);
675 * Command send function for invalidating a device table entry
677 static int device_flush_dte(struct device *dev)
679 struct amd_iommu *iommu;
680 struct pci_dev *pdev;
684 pdev = to_pci_dev(dev);
685 devid = get_device_id(dev);
686 iommu = amd_iommu_rlookup_table[devid];
688 ret = iommu_flush_dte(iommu, devid);
692 if (pci_ats_enabled(pdev))
693 ret = device_flush_iotlb(dev, 0, ~0UL);
699 * TLB invalidation function which is called from the mapping functions.
700 * It invalidates a single PTE if the range to flush is within a single
701 * page. Otherwise it flushes the whole TLB of the IOMMU.
703 static void __domain_flush_pages(struct protection_domain *domain,
704 u64 address, size_t size, int pde)
706 struct iommu_dev_data *dev_data;
707 struct iommu_cmd cmd;
710 build_inv_iommu_pages(&cmd, address, size, domain->id, pde);
712 for (i = 0; i < amd_iommus_present; ++i) {
713 if (!domain->dev_iommu[i])
717 * Devices of this domain are behind this IOMMU
718 * We need a TLB flush
720 ret |= iommu_queue_command(amd_iommus[i], &cmd);
723 list_for_each_entry(dev_data, &domain->dev_list, list) {
724 struct pci_dev *pdev = to_pci_dev(dev_data->dev);
726 if (!pci_ats_enabled(pdev))
729 ret |= device_flush_iotlb(dev_data->dev, address, size);
735 static void domain_flush_pages(struct protection_domain *domain,
736 u64 address, size_t size)
738 __domain_flush_pages(domain, address, size, 0);
741 /* Flush the whole IO/TLB for a given protection domain */
742 static void domain_flush_tlb(struct protection_domain *domain)
744 __domain_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 0);
747 /* Flush the whole IO/TLB for a given protection domain - including PDE */
748 static void domain_flush_tlb_pde(struct protection_domain *domain)
750 __domain_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 1);
753 static void domain_flush_complete(struct protection_domain *domain)
757 for (i = 0; i < amd_iommus_present; ++i) {
758 if (!domain->dev_iommu[i])
762 * Devices of this domain are behind this IOMMU
763 * We need to wait for completion of all commands.
765 iommu_completion_wait(amd_iommus[i]);
771 * This function flushes the DTEs for all devices in domain
773 static void domain_flush_devices(struct protection_domain *domain)
775 struct iommu_dev_data *dev_data;
778 spin_lock_irqsave(&domain->lock, flags);
780 list_for_each_entry(dev_data, &domain->dev_list, list)
781 device_flush_dte(dev_data->dev);
783 spin_unlock_irqrestore(&domain->lock, flags);
786 /****************************************************************************
788 * The functions below are used the create the page table mappings for
789 * unity mapped regions.
791 ****************************************************************************/
794 * This function is used to add another level to an IO page table. Adding
795 * another level increases the size of the address space by 9 bits to a size up
798 static bool increase_address_space(struct protection_domain *domain,
803 if (domain->mode == PAGE_MODE_6_LEVEL)
804 /* address space already 64 bit large */
807 pte = (void *)get_zeroed_page(gfp);
811 *pte = PM_LEVEL_PDE(domain->mode,
812 virt_to_phys(domain->pt_root));
813 domain->pt_root = pte;
815 domain->updated = true;
820 static u64 *alloc_pte(struct protection_domain *domain,
821 unsigned long address,
822 unsigned long page_size,
829 BUG_ON(!is_power_of_2(page_size));
831 while (address > PM_LEVEL_SIZE(domain->mode))
832 increase_address_space(domain, gfp);
834 level = domain->mode - 1;
835 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
836 address = PAGE_SIZE_ALIGN(address, page_size);
837 end_lvl = PAGE_SIZE_LEVEL(page_size);
839 while (level > end_lvl) {
840 if (!IOMMU_PTE_PRESENT(*pte)) {
841 page = (u64 *)get_zeroed_page(gfp);
844 *pte = PM_LEVEL_PDE(level, virt_to_phys(page));
847 /* No level skipping support yet */
848 if (PM_PTE_LEVEL(*pte) != level)
853 pte = IOMMU_PTE_PAGE(*pte);
855 if (pte_page && level == end_lvl)
858 pte = &pte[PM_LEVEL_INDEX(level, address)];
865 * This function checks if there is a PTE for a given dma address. If
866 * there is one, it returns the pointer to it.
868 static u64 *fetch_pte(struct protection_domain *domain, unsigned long address)
873 if (address > PM_LEVEL_SIZE(domain->mode))
876 level = domain->mode - 1;
877 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
882 if (!IOMMU_PTE_PRESENT(*pte))
886 if (PM_PTE_LEVEL(*pte) == 0x07) {
887 unsigned long pte_mask, __pte;
890 * If we have a series of large PTEs, make
891 * sure to return a pointer to the first one.
893 pte_mask = PTE_PAGE_SIZE(*pte);
894 pte_mask = ~((PAGE_SIZE_PTE_COUNT(pte_mask) << 3) - 1);
895 __pte = ((unsigned long)pte) & pte_mask;
900 /* No level skipping support yet */
901 if (PM_PTE_LEVEL(*pte) != level)
906 /* Walk to the next level */
907 pte = IOMMU_PTE_PAGE(*pte);
908 pte = &pte[PM_LEVEL_INDEX(level, address)];
915 * Generic mapping functions. It maps a physical address into a DMA
916 * address space. It allocates the page table pages if necessary.
917 * In the future it can be extended to a generic mapping function
918 * supporting all features of AMD IOMMU page tables like level skipping
919 * and full 64 bit address spaces.
921 static int iommu_map_page(struct protection_domain *dom,
922 unsigned long bus_addr,
923 unsigned long phys_addr,
925 unsigned long page_size)
930 if (!(prot & IOMMU_PROT_MASK))
933 bus_addr = PAGE_ALIGN(bus_addr);
934 phys_addr = PAGE_ALIGN(phys_addr);
935 count = PAGE_SIZE_PTE_COUNT(page_size);
936 pte = alloc_pte(dom, bus_addr, page_size, NULL, GFP_KERNEL);
938 for (i = 0; i < count; ++i)
939 if (IOMMU_PTE_PRESENT(pte[i]))
942 if (page_size > PAGE_SIZE) {
943 __pte = PAGE_SIZE_PTE(phys_addr, page_size);
944 __pte |= PM_LEVEL_ENC(7) | IOMMU_PTE_P | IOMMU_PTE_FC;
946 __pte = phys_addr | IOMMU_PTE_P | IOMMU_PTE_FC;
948 if (prot & IOMMU_PROT_IR)
949 __pte |= IOMMU_PTE_IR;
950 if (prot & IOMMU_PROT_IW)
951 __pte |= IOMMU_PTE_IW;
953 for (i = 0; i < count; ++i)
961 static unsigned long iommu_unmap_page(struct protection_domain *dom,
962 unsigned long bus_addr,
963 unsigned long page_size)
965 unsigned long long unmap_size, unmapped;
968 BUG_ON(!is_power_of_2(page_size));
972 while (unmapped < page_size) {
974 pte = fetch_pte(dom, bus_addr);
978 * No PTE for this address
979 * move forward in 4kb steps
981 unmap_size = PAGE_SIZE;
982 } else if (PM_PTE_LEVEL(*pte) == 0) {
983 /* 4kb PTE found for this address */
984 unmap_size = PAGE_SIZE;
989 /* Large PTE found which maps this address */
990 unmap_size = PTE_PAGE_SIZE(*pte);
991 count = PAGE_SIZE_PTE_COUNT(unmap_size);
992 for (i = 0; i < count; i++)
996 bus_addr = (bus_addr & ~(unmap_size - 1)) + unmap_size;
997 unmapped += unmap_size;
1000 BUG_ON(!is_power_of_2(unmapped));
1006 * This function checks if a specific unity mapping entry is needed for
1007 * this specific IOMMU.
1009 static int iommu_for_unity_map(struct amd_iommu *iommu,
1010 struct unity_map_entry *entry)
1014 for (i = entry->devid_start; i <= entry->devid_end; ++i) {
1015 bdf = amd_iommu_alias_table[i];
1016 if (amd_iommu_rlookup_table[bdf] == iommu)
1024 * This function actually applies the mapping to the page table of the
1027 static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
1028 struct unity_map_entry *e)
1033 for (addr = e->address_start; addr < e->address_end;
1034 addr += PAGE_SIZE) {
1035 ret = iommu_map_page(&dma_dom->domain, addr, addr, e->prot,
1040 * if unity mapping is in aperture range mark the page
1041 * as allocated in the aperture
1043 if (addr < dma_dom->aperture_size)
1044 __set_bit(addr >> PAGE_SHIFT,
1045 dma_dom->aperture[0]->bitmap);
1052 * Init the unity mappings for a specific IOMMU in the system
1054 * Basically iterates over all unity mapping entries and applies them to
1055 * the default domain DMA of that IOMMU if necessary.
1057 static int iommu_init_unity_mappings(struct amd_iommu *iommu)
1059 struct unity_map_entry *entry;
1062 list_for_each_entry(entry, &amd_iommu_unity_map, list) {
1063 if (!iommu_for_unity_map(iommu, entry))
1065 ret = dma_ops_unity_map(iommu->default_dom, entry);
1074 * Inits the unity mappings required for a specific device
1076 static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
1079 struct unity_map_entry *e;
1082 list_for_each_entry(e, &amd_iommu_unity_map, list) {
1083 if (!(devid >= e->devid_start && devid <= e->devid_end))
1085 ret = dma_ops_unity_map(dma_dom, e);
1093 /****************************************************************************
1095 * The next functions belong to the address allocator for the dma_ops
1096 * interface functions. They work like the allocators in the other IOMMU
1097 * drivers. Its basically a bitmap which marks the allocated pages in
1098 * the aperture. Maybe it could be enhanced in the future to a more
1099 * efficient allocator.
1101 ****************************************************************************/
1104 * The address allocator core functions.
1106 * called with domain->lock held
1110 * Used to reserve address ranges in the aperture (e.g. for exclusion
1113 static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
1114 unsigned long start_page,
1117 unsigned int i, last_page = dom->aperture_size >> PAGE_SHIFT;
1119 if (start_page + pages > last_page)
1120 pages = last_page - start_page;
1122 for (i = start_page; i < start_page + pages; ++i) {
1123 int index = i / APERTURE_RANGE_PAGES;
1124 int page = i % APERTURE_RANGE_PAGES;
1125 __set_bit(page, dom->aperture[index]->bitmap);
1130 * This function is used to add a new aperture range to an existing
1131 * aperture in case of dma_ops domain allocation or address allocation
1134 static int alloc_new_range(struct dma_ops_domain *dma_dom,
1135 bool populate, gfp_t gfp)
1137 int index = dma_dom->aperture_size >> APERTURE_RANGE_SHIFT;
1138 struct amd_iommu *iommu;
1141 #ifdef CONFIG_IOMMU_STRESS
1145 if (index >= APERTURE_MAX_RANGES)
1148 dma_dom->aperture[index] = kzalloc(sizeof(struct aperture_range), gfp);
1149 if (!dma_dom->aperture[index])
1152 dma_dom->aperture[index]->bitmap = (void *)get_zeroed_page(gfp);
1153 if (!dma_dom->aperture[index]->bitmap)
1156 dma_dom->aperture[index]->offset = dma_dom->aperture_size;
1159 unsigned long address = dma_dom->aperture_size;
1160 int i, num_ptes = APERTURE_RANGE_PAGES / 512;
1161 u64 *pte, *pte_page;
1163 for (i = 0; i < num_ptes; ++i) {
1164 pte = alloc_pte(&dma_dom->domain, address, PAGE_SIZE,
1169 dma_dom->aperture[index]->pte_pages[i] = pte_page;
1171 address += APERTURE_RANGE_SIZE / 64;
1175 dma_dom->aperture_size += APERTURE_RANGE_SIZE;
1177 /* Initialize the exclusion range if necessary */
1178 for_each_iommu(iommu) {
1179 if (iommu->exclusion_start &&
1180 iommu->exclusion_start >= dma_dom->aperture[index]->offset
1181 && iommu->exclusion_start < dma_dom->aperture_size) {
1182 unsigned long startpage;
1183 int pages = iommu_num_pages(iommu->exclusion_start,
1184 iommu->exclusion_length,
1186 startpage = iommu->exclusion_start >> PAGE_SHIFT;
1187 dma_ops_reserve_addresses(dma_dom, startpage, pages);
1192 * Check for areas already mapped as present in the new aperture
1193 * range and mark those pages as reserved in the allocator. Such
1194 * mappings may already exist as a result of requested unity
1195 * mappings for devices.
1197 for (i = dma_dom->aperture[index]->offset;
1198 i < dma_dom->aperture_size;
1200 u64 *pte = fetch_pte(&dma_dom->domain, i);
1201 if (!pte || !IOMMU_PTE_PRESENT(*pte))
1204 dma_ops_reserve_addresses(dma_dom, i << PAGE_SHIFT, 1);
1207 update_domain(&dma_dom->domain);
1212 update_domain(&dma_dom->domain);
1214 free_page((unsigned long)dma_dom->aperture[index]->bitmap);
1216 kfree(dma_dom->aperture[index]);
1217 dma_dom->aperture[index] = NULL;
1222 static unsigned long dma_ops_area_alloc(struct device *dev,
1223 struct dma_ops_domain *dom,
1225 unsigned long align_mask,
1227 unsigned long start)
1229 unsigned long next_bit = dom->next_address % APERTURE_RANGE_SIZE;
1230 int max_index = dom->aperture_size >> APERTURE_RANGE_SHIFT;
1231 int i = start >> APERTURE_RANGE_SHIFT;
1232 unsigned long boundary_size;
1233 unsigned long address = -1;
1234 unsigned long limit;
1236 next_bit >>= PAGE_SHIFT;
1238 boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
1239 PAGE_SIZE) >> PAGE_SHIFT;
1241 for (;i < max_index; ++i) {
1242 unsigned long offset = dom->aperture[i]->offset >> PAGE_SHIFT;
1244 if (dom->aperture[i]->offset >= dma_mask)
1247 limit = iommu_device_max_index(APERTURE_RANGE_PAGES, offset,
1248 dma_mask >> PAGE_SHIFT);
1250 address = iommu_area_alloc(dom->aperture[i]->bitmap,
1251 limit, next_bit, pages, 0,
1252 boundary_size, align_mask);
1253 if (address != -1) {
1254 address = dom->aperture[i]->offset +
1255 (address << PAGE_SHIFT);
1256 dom->next_address = address + (pages << PAGE_SHIFT);
1266 static unsigned long dma_ops_alloc_addresses(struct device *dev,
1267 struct dma_ops_domain *dom,
1269 unsigned long align_mask,
1272 unsigned long address;
1274 #ifdef CONFIG_IOMMU_STRESS
1275 dom->next_address = 0;
1276 dom->need_flush = true;
1279 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1280 dma_mask, dom->next_address);
1282 if (address == -1) {
1283 dom->next_address = 0;
1284 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
1286 dom->need_flush = true;
1289 if (unlikely(address == -1))
1290 address = DMA_ERROR_CODE;
1292 WARN_ON((address + (PAGE_SIZE*pages)) > dom->aperture_size);
1298 * The address free function.
1300 * called with domain->lock held
1302 static void dma_ops_free_addresses(struct dma_ops_domain *dom,
1303 unsigned long address,
1306 unsigned i = address >> APERTURE_RANGE_SHIFT;
1307 struct aperture_range *range = dom->aperture[i];
1309 BUG_ON(i >= APERTURE_MAX_RANGES || range == NULL);
1311 #ifdef CONFIG_IOMMU_STRESS
1316 if (address >= dom->next_address)
1317 dom->need_flush = true;
1319 address = (address % APERTURE_RANGE_SIZE) >> PAGE_SHIFT;
1321 bitmap_clear(range->bitmap, address, pages);
1325 /****************************************************************************
1327 * The next functions belong to the domain allocation. A domain is
1328 * allocated for every IOMMU as the default domain. If device isolation
1329 * is enabled, every device get its own domain. The most important thing
1330 * about domains is the page table mapping the DMA address space they
1333 ****************************************************************************/
1336 * This function adds a protection domain to the global protection domain list
1338 static void add_domain_to_list(struct protection_domain *domain)
1340 unsigned long flags;
1342 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1343 list_add(&domain->list, &amd_iommu_pd_list);
1344 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1348 * This function removes a protection domain to the global
1349 * protection domain list
1351 static void del_domain_from_list(struct protection_domain *domain)
1353 unsigned long flags;
1355 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1356 list_del(&domain->list);
1357 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1360 static u16 domain_id_alloc(void)
1362 unsigned long flags;
1365 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1366 id = find_first_zero_bit(amd_iommu_pd_alloc_bitmap, MAX_DOMAIN_ID);
1368 if (id > 0 && id < MAX_DOMAIN_ID)
1369 __set_bit(id, amd_iommu_pd_alloc_bitmap);
1372 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1377 static void domain_id_free(int id)
1379 unsigned long flags;
1381 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1382 if (id > 0 && id < MAX_DOMAIN_ID)
1383 __clear_bit(id, amd_iommu_pd_alloc_bitmap);
1384 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1387 static void free_pagetable(struct protection_domain *domain)
1392 p1 = domain->pt_root;
1397 for (i = 0; i < 512; ++i) {
1398 if (!IOMMU_PTE_PRESENT(p1[i]))
1401 p2 = IOMMU_PTE_PAGE(p1[i]);
1402 for (j = 0; j < 512; ++j) {
1403 if (!IOMMU_PTE_PRESENT(p2[j]))
1405 p3 = IOMMU_PTE_PAGE(p2[j]);
1406 free_page((unsigned long)p3);
1409 free_page((unsigned long)p2);
1412 free_page((unsigned long)p1);
1414 domain->pt_root = NULL;
1418 * Free a domain, only used if something went wrong in the
1419 * allocation path and we need to free an already allocated page table
1421 static void dma_ops_domain_free(struct dma_ops_domain *dom)
1428 del_domain_from_list(&dom->domain);
1430 free_pagetable(&dom->domain);
1432 for (i = 0; i < APERTURE_MAX_RANGES; ++i) {
1433 if (!dom->aperture[i])
1435 free_page((unsigned long)dom->aperture[i]->bitmap);
1436 kfree(dom->aperture[i]);
1443 * Allocates a new protection domain usable for the dma_ops functions.
1444 * It also initializes the page table and the address allocator data
1445 * structures required for the dma_ops interface
1447 static struct dma_ops_domain *dma_ops_domain_alloc(void)
1449 struct dma_ops_domain *dma_dom;
1451 dma_dom = kzalloc(sizeof(struct dma_ops_domain), GFP_KERNEL);
1455 spin_lock_init(&dma_dom->domain.lock);
1457 dma_dom->domain.id = domain_id_alloc();
1458 if (dma_dom->domain.id == 0)
1460 INIT_LIST_HEAD(&dma_dom->domain.dev_list);
1461 dma_dom->domain.mode = PAGE_MODE_2_LEVEL;
1462 dma_dom->domain.pt_root = (void *)get_zeroed_page(GFP_KERNEL);
1463 dma_dom->domain.flags = PD_DMA_OPS_MASK;
1464 dma_dom->domain.priv = dma_dom;
1465 if (!dma_dom->domain.pt_root)
1468 dma_dom->need_flush = false;
1469 dma_dom->target_dev = 0xffff;
1471 add_domain_to_list(&dma_dom->domain);
1473 if (alloc_new_range(dma_dom, true, GFP_KERNEL))
1477 * mark the first page as allocated so we never return 0 as
1478 * a valid dma-address. So we can use 0 as error value
1480 dma_dom->aperture[0]->bitmap[0] = 1;
1481 dma_dom->next_address = 0;
1487 dma_ops_domain_free(dma_dom);
1493 * little helper function to check whether a given protection domain is a
1496 static bool dma_ops_domain(struct protection_domain *domain)
1498 return domain->flags & PD_DMA_OPS_MASK;
1501 static void set_dte_entry(u16 devid, struct protection_domain *domain, bool ats)
1503 u64 pte_root = virt_to_phys(domain->pt_root);
1506 pte_root |= (domain->mode & DEV_ENTRY_MODE_MASK)
1507 << DEV_ENTRY_MODE_SHIFT;
1508 pte_root |= IOMMU_PTE_IR | IOMMU_PTE_IW | IOMMU_PTE_P | IOMMU_PTE_TV;
1511 flags |= DTE_FLAG_IOTLB;
1513 amd_iommu_dev_table[devid].data[3] |= flags;
1514 amd_iommu_dev_table[devid].data[2] = domain->id;
1515 amd_iommu_dev_table[devid].data[1] = upper_32_bits(pte_root);
1516 amd_iommu_dev_table[devid].data[0] = lower_32_bits(pte_root);
1519 static void clear_dte_entry(u16 devid)
1521 /* remove entry from the device table seen by the hardware */
1522 amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
1523 amd_iommu_dev_table[devid].data[1] = 0;
1524 amd_iommu_dev_table[devid].data[2] = 0;
1526 amd_iommu_apply_erratum_63(devid);
1529 static void do_attach(struct device *dev, struct protection_domain *domain)
1531 struct iommu_dev_data *dev_data;
1532 struct amd_iommu *iommu;
1533 struct pci_dev *pdev;
1537 devid = get_device_id(dev);
1538 iommu = amd_iommu_rlookup_table[devid];
1539 dev_data = get_dev_data(dev);
1540 pdev = to_pci_dev(dev);
1542 if (amd_iommu_iotlb_sup)
1543 ats = pci_ats_enabled(pdev);
1545 /* Update data structures */
1546 dev_data->domain = domain;
1547 list_add(&dev_data->list, &domain->dev_list);
1548 set_dte_entry(devid, domain, ats);
1550 /* Do reference counting */
1551 domain->dev_iommu[iommu->index] += 1;
1552 domain->dev_cnt += 1;
1554 /* Flush the DTE entry */
1555 device_flush_dte(dev);
1558 static void do_detach(struct device *dev)
1560 struct iommu_dev_data *dev_data;
1561 struct amd_iommu *iommu;
1564 devid = get_device_id(dev);
1565 iommu = amd_iommu_rlookup_table[devid];
1566 dev_data = get_dev_data(dev);
1568 /* decrease reference counters */
1569 dev_data->domain->dev_iommu[iommu->index] -= 1;
1570 dev_data->domain->dev_cnt -= 1;
1572 /* Update data structures */
1573 dev_data->domain = NULL;
1574 list_del(&dev_data->list);
1575 clear_dte_entry(devid);
1577 /* Flush the DTE entry */
1578 device_flush_dte(dev);
1582 * If a device is not yet associated with a domain, this function does
1583 * assigns it visible for the hardware
1585 static int __attach_device(struct device *dev,
1586 struct protection_domain *domain)
1588 struct iommu_dev_data *dev_data, *alias_data;
1591 dev_data = get_dev_data(dev);
1592 alias_data = get_dev_data(dev_data->alias);
1598 spin_lock(&domain->lock);
1600 /* Some sanity checks */
1602 if (alias_data->domain != NULL &&
1603 alias_data->domain != domain)
1606 if (dev_data->domain != NULL &&
1607 dev_data->domain != domain)
1610 /* Do real assignment */
1611 if (dev_data->alias != dev) {
1612 alias_data = get_dev_data(dev_data->alias);
1613 if (alias_data->domain == NULL)
1614 do_attach(dev_data->alias, domain);
1616 atomic_inc(&alias_data->bind);
1619 if (dev_data->domain == NULL)
1620 do_attach(dev, domain);
1622 atomic_inc(&dev_data->bind);
1629 spin_unlock(&domain->lock);
1635 * If a device is not yet associated with a domain, this function does
1636 * assigns it visible for the hardware
1638 static int attach_device(struct device *dev,
1639 struct protection_domain *domain)
1641 struct pci_dev *pdev = to_pci_dev(dev);
1642 unsigned long flags;
1645 if (amd_iommu_iotlb_sup)
1646 pci_enable_ats(pdev, PAGE_SHIFT);
1648 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1649 ret = __attach_device(dev, domain);
1650 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1653 * We might boot into a crash-kernel here. The crashed kernel
1654 * left the caches in the IOMMU dirty. So we have to flush
1655 * here to evict all dirty stuff.
1657 domain_flush_tlb_pde(domain);
1663 * Removes a device from a protection domain (unlocked)
1665 static void __detach_device(struct device *dev)
1667 struct iommu_dev_data *dev_data = get_dev_data(dev);
1668 struct iommu_dev_data *alias_data;
1669 struct protection_domain *domain;
1670 unsigned long flags;
1672 BUG_ON(!dev_data->domain);
1674 domain = dev_data->domain;
1676 spin_lock_irqsave(&domain->lock, flags);
1678 if (dev_data->alias != dev) {
1679 alias_data = get_dev_data(dev_data->alias);
1680 if (atomic_dec_and_test(&alias_data->bind))
1681 do_detach(dev_data->alias);
1684 if (atomic_dec_and_test(&dev_data->bind))
1687 spin_unlock_irqrestore(&domain->lock, flags);
1690 * If we run in passthrough mode the device must be assigned to the
1691 * passthrough domain if it is detached from any other domain.
1692 * Make sure we can deassign from the pt_domain itself.
1694 if (iommu_pass_through &&
1695 (dev_data->domain == NULL && domain != pt_domain))
1696 __attach_device(dev, pt_domain);
1700 * Removes a device from a protection domain (with devtable_lock held)
1702 static void detach_device(struct device *dev)
1704 struct pci_dev *pdev = to_pci_dev(dev);
1705 unsigned long flags;
1707 /* lock device table */
1708 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1709 __detach_device(dev);
1710 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1712 if (amd_iommu_iotlb_sup && pci_ats_enabled(pdev))
1713 pci_disable_ats(pdev);
1717 * Find out the protection domain structure for a given PCI device. This
1718 * will give us the pointer to the page table root for example.
1720 static struct protection_domain *domain_for_device(struct device *dev)
1722 struct protection_domain *dom;
1723 struct iommu_dev_data *dev_data, *alias_data;
1724 unsigned long flags;
1727 devid = get_device_id(dev);
1728 dev_data = get_dev_data(dev);
1729 alias_data = get_dev_data(dev_data->alias);
1733 read_lock_irqsave(&amd_iommu_devtable_lock, flags);
1734 dom = dev_data->domain;
1736 alias_data->domain != NULL) {
1737 __attach_device(dev, alias_data->domain);
1738 dom = alias_data->domain;
1741 read_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1746 static int device_change_notifier(struct notifier_block *nb,
1747 unsigned long action, void *data)
1749 struct device *dev = data;
1751 struct protection_domain *domain;
1752 struct dma_ops_domain *dma_domain;
1753 struct amd_iommu *iommu;
1754 unsigned long flags;
1756 if (!check_device(dev))
1759 devid = get_device_id(dev);
1760 iommu = amd_iommu_rlookup_table[devid];
1763 case BUS_NOTIFY_UNBOUND_DRIVER:
1765 domain = domain_for_device(dev);
1769 if (iommu_pass_through)
1773 case BUS_NOTIFY_ADD_DEVICE:
1775 iommu_init_device(dev);
1777 domain = domain_for_device(dev);
1779 /* allocate a protection domain if a device is added */
1780 dma_domain = find_protection_domain(devid);
1783 dma_domain = dma_ops_domain_alloc();
1786 dma_domain->target_dev = devid;
1788 spin_lock_irqsave(&iommu_pd_list_lock, flags);
1789 list_add_tail(&dma_domain->list, &iommu_pd_list);
1790 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
1793 case BUS_NOTIFY_DEL_DEVICE:
1795 iommu_uninit_device(dev);
1801 device_flush_dte(dev);
1802 iommu_completion_wait(iommu);
1808 static struct notifier_block device_nb = {
1809 .notifier_call = device_change_notifier,
1812 void amd_iommu_init_notifier(void)
1814 bus_register_notifier(&pci_bus_type, &device_nb);
1817 /*****************************************************************************
1819 * The next functions belong to the dma_ops mapping/unmapping code.
1821 *****************************************************************************/
1824 * In the dma_ops path we only have the struct device. This function
1825 * finds the corresponding IOMMU, the protection domain and the
1826 * requestor id for a given device.
1827 * If the device is not yet associated with a domain this is also done
1830 static struct protection_domain *get_domain(struct device *dev)
1832 struct protection_domain *domain;
1833 struct dma_ops_domain *dma_dom;
1834 u16 devid = get_device_id(dev);
1836 if (!check_device(dev))
1837 return ERR_PTR(-EINVAL);
1839 domain = domain_for_device(dev);
1840 if (domain != NULL && !dma_ops_domain(domain))
1841 return ERR_PTR(-EBUSY);
1846 /* Device not bount yet - bind it */
1847 dma_dom = find_protection_domain(devid);
1849 dma_dom = amd_iommu_rlookup_table[devid]->default_dom;
1850 attach_device(dev, &dma_dom->domain);
1851 DUMP_printk("Using protection domain %d for device %s\n",
1852 dma_dom->domain.id, dev_name(dev));
1854 return &dma_dom->domain;
1857 static void update_device_table(struct protection_domain *domain)
1859 struct iommu_dev_data *dev_data;
1861 list_for_each_entry(dev_data, &domain->dev_list, list) {
1862 struct pci_dev *pdev = to_pci_dev(dev_data->dev);
1863 u16 devid = get_device_id(dev_data->dev);
1864 set_dte_entry(devid, domain, pci_ats_enabled(pdev));
1868 static void update_domain(struct protection_domain *domain)
1870 if (!domain->updated)
1873 update_device_table(domain);
1875 domain_flush_devices(domain);
1876 domain_flush_tlb_pde(domain);
1878 domain->updated = false;
1882 * This function fetches the PTE for a given address in the aperture
1884 static u64* dma_ops_get_pte(struct dma_ops_domain *dom,
1885 unsigned long address)
1887 struct aperture_range *aperture;
1888 u64 *pte, *pte_page;
1890 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
1894 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
1896 pte = alloc_pte(&dom->domain, address, PAGE_SIZE, &pte_page,
1898 aperture->pte_pages[APERTURE_PAGE_INDEX(address)] = pte_page;
1900 pte += PM_LEVEL_INDEX(0, address);
1902 update_domain(&dom->domain);
1908 * This is the generic map function. It maps one 4kb page at paddr to
1909 * the given address in the DMA address space for the domain.
1911 static dma_addr_t dma_ops_domain_map(struct dma_ops_domain *dom,
1912 unsigned long address,
1918 WARN_ON(address > dom->aperture_size);
1922 pte = dma_ops_get_pte(dom, address);
1924 return DMA_ERROR_CODE;
1926 __pte = paddr | IOMMU_PTE_P | IOMMU_PTE_FC;
1928 if (direction == DMA_TO_DEVICE)
1929 __pte |= IOMMU_PTE_IR;
1930 else if (direction == DMA_FROM_DEVICE)
1931 __pte |= IOMMU_PTE_IW;
1932 else if (direction == DMA_BIDIRECTIONAL)
1933 __pte |= IOMMU_PTE_IR | IOMMU_PTE_IW;
1939 return (dma_addr_t)address;
1943 * The generic unmapping function for on page in the DMA address space.
1945 static void dma_ops_domain_unmap(struct dma_ops_domain *dom,
1946 unsigned long address)
1948 struct aperture_range *aperture;
1951 if (address >= dom->aperture_size)
1954 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
1958 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
1962 pte += PM_LEVEL_INDEX(0, address);
1970 * This function contains common code for mapping of a physically
1971 * contiguous memory region into DMA address space. It is used by all
1972 * mapping functions provided with this IOMMU driver.
1973 * Must be called with the domain lock held.
1975 static dma_addr_t __map_single(struct device *dev,
1976 struct dma_ops_domain *dma_dom,
1983 dma_addr_t offset = paddr & ~PAGE_MASK;
1984 dma_addr_t address, start, ret;
1986 unsigned long align_mask = 0;
1989 pages = iommu_num_pages(paddr, size, PAGE_SIZE);
1992 INC_STATS_COUNTER(total_map_requests);
1995 INC_STATS_COUNTER(cross_page);
1998 align_mask = (1UL << get_order(size)) - 1;
2001 address = dma_ops_alloc_addresses(dev, dma_dom, pages, align_mask,
2003 if (unlikely(address == DMA_ERROR_CODE)) {
2005 * setting next_address here will let the address
2006 * allocator only scan the new allocated range in the
2007 * first run. This is a small optimization.
2009 dma_dom->next_address = dma_dom->aperture_size;
2011 if (alloc_new_range(dma_dom, false, GFP_ATOMIC))
2015 * aperture was successfully enlarged by 128 MB, try
2022 for (i = 0; i < pages; ++i) {
2023 ret = dma_ops_domain_map(dma_dom, start, paddr, dir);
2024 if (ret == DMA_ERROR_CODE)
2032 ADD_STATS_COUNTER(alloced_io_mem, size);
2034 if (unlikely(dma_dom->need_flush && !amd_iommu_unmap_flush)) {
2035 domain_flush_tlb(&dma_dom->domain);
2036 dma_dom->need_flush = false;
2037 } else if (unlikely(amd_iommu_np_cache))
2038 domain_flush_pages(&dma_dom->domain, address, size);
2045 for (--i; i >= 0; --i) {
2047 dma_ops_domain_unmap(dma_dom, start);
2050 dma_ops_free_addresses(dma_dom, address, pages);
2052 return DMA_ERROR_CODE;
2056 * Does the reverse of the __map_single function. Must be called with
2057 * the domain lock held too
2059 static void __unmap_single(struct dma_ops_domain *dma_dom,
2060 dma_addr_t dma_addr,
2064 dma_addr_t flush_addr;
2065 dma_addr_t i, start;
2068 if ((dma_addr == DMA_ERROR_CODE) ||
2069 (dma_addr + size > dma_dom->aperture_size))
2072 flush_addr = dma_addr;
2073 pages = iommu_num_pages(dma_addr, size, PAGE_SIZE);
2074 dma_addr &= PAGE_MASK;
2077 for (i = 0; i < pages; ++i) {
2078 dma_ops_domain_unmap(dma_dom, start);
2082 SUB_STATS_COUNTER(alloced_io_mem, size);
2084 dma_ops_free_addresses(dma_dom, dma_addr, pages);
2086 if (amd_iommu_unmap_flush || dma_dom->need_flush) {
2087 domain_flush_pages(&dma_dom->domain, flush_addr, size);
2088 dma_dom->need_flush = false;
2093 * The exported map_single function for dma_ops.
2095 static dma_addr_t map_page(struct device *dev, struct page *page,
2096 unsigned long offset, size_t size,
2097 enum dma_data_direction dir,
2098 struct dma_attrs *attrs)
2100 unsigned long flags;
2101 struct protection_domain *domain;
2104 phys_addr_t paddr = page_to_phys(page) + offset;
2106 INC_STATS_COUNTER(cnt_map_single);
2108 domain = get_domain(dev);
2109 if (PTR_ERR(domain) == -EINVAL)
2110 return (dma_addr_t)paddr;
2111 else if (IS_ERR(domain))
2112 return DMA_ERROR_CODE;
2114 dma_mask = *dev->dma_mask;
2116 spin_lock_irqsave(&domain->lock, flags);
2118 addr = __map_single(dev, domain->priv, paddr, size, dir, false,
2120 if (addr == DMA_ERROR_CODE)
2123 domain_flush_complete(domain);
2126 spin_unlock_irqrestore(&domain->lock, flags);
2132 * The exported unmap_single function for dma_ops.
2134 static void unmap_page(struct device *dev, dma_addr_t dma_addr, size_t size,
2135 enum dma_data_direction dir, struct dma_attrs *attrs)
2137 unsigned long flags;
2138 struct protection_domain *domain;
2140 INC_STATS_COUNTER(cnt_unmap_single);
2142 domain = get_domain(dev);
2146 spin_lock_irqsave(&domain->lock, flags);
2148 __unmap_single(domain->priv, dma_addr, size, dir);
2150 domain_flush_complete(domain);
2152 spin_unlock_irqrestore(&domain->lock, flags);
2156 * This is a special map_sg function which is used if we should map a
2157 * device which is not handled by an AMD IOMMU in the system.
2159 static int map_sg_no_iommu(struct device *dev, struct scatterlist *sglist,
2160 int nelems, int dir)
2162 struct scatterlist *s;
2165 for_each_sg(sglist, s, nelems, i) {
2166 s->dma_address = (dma_addr_t)sg_phys(s);
2167 s->dma_length = s->length;
2174 * The exported map_sg function for dma_ops (handles scatter-gather
2177 static int map_sg(struct device *dev, struct scatterlist *sglist,
2178 int nelems, enum dma_data_direction dir,
2179 struct dma_attrs *attrs)
2181 unsigned long flags;
2182 struct protection_domain *domain;
2184 struct scatterlist *s;
2186 int mapped_elems = 0;
2189 INC_STATS_COUNTER(cnt_map_sg);
2191 domain = get_domain(dev);
2192 if (PTR_ERR(domain) == -EINVAL)
2193 return map_sg_no_iommu(dev, sglist, nelems, dir);
2194 else if (IS_ERR(domain))
2197 dma_mask = *dev->dma_mask;
2199 spin_lock_irqsave(&domain->lock, flags);
2201 for_each_sg(sglist, s, nelems, i) {
2204 s->dma_address = __map_single(dev, domain->priv,
2205 paddr, s->length, dir, false,
2208 if (s->dma_address) {
2209 s->dma_length = s->length;
2215 domain_flush_complete(domain);
2218 spin_unlock_irqrestore(&domain->lock, flags);
2220 return mapped_elems;
2222 for_each_sg(sglist, s, mapped_elems, i) {
2224 __unmap_single(domain->priv, s->dma_address,
2225 s->dma_length, dir);
2226 s->dma_address = s->dma_length = 0;
2235 * The exported map_sg function for dma_ops (handles scatter-gather
2238 static void unmap_sg(struct device *dev, struct scatterlist *sglist,
2239 int nelems, enum dma_data_direction dir,
2240 struct dma_attrs *attrs)
2242 unsigned long flags;
2243 struct protection_domain *domain;
2244 struct scatterlist *s;
2247 INC_STATS_COUNTER(cnt_unmap_sg);
2249 domain = get_domain(dev);
2253 spin_lock_irqsave(&domain->lock, flags);
2255 for_each_sg(sglist, s, nelems, i) {
2256 __unmap_single(domain->priv, s->dma_address,
2257 s->dma_length, dir);
2258 s->dma_address = s->dma_length = 0;
2261 domain_flush_complete(domain);
2263 spin_unlock_irqrestore(&domain->lock, flags);
2267 * The exported alloc_coherent function for dma_ops.
2269 static void *alloc_coherent(struct device *dev, size_t size,
2270 dma_addr_t *dma_addr, gfp_t flag)
2272 unsigned long flags;
2274 struct protection_domain *domain;
2276 u64 dma_mask = dev->coherent_dma_mask;
2278 INC_STATS_COUNTER(cnt_alloc_coherent);
2280 domain = get_domain(dev);
2281 if (PTR_ERR(domain) == -EINVAL) {
2282 virt_addr = (void *)__get_free_pages(flag, get_order(size));
2283 *dma_addr = __pa(virt_addr);
2285 } else if (IS_ERR(domain))
2288 dma_mask = dev->coherent_dma_mask;
2289 flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
2292 virt_addr = (void *)__get_free_pages(flag, get_order(size));
2296 paddr = virt_to_phys(virt_addr);
2299 dma_mask = *dev->dma_mask;
2301 spin_lock_irqsave(&domain->lock, flags);
2303 *dma_addr = __map_single(dev, domain->priv, paddr,
2304 size, DMA_BIDIRECTIONAL, true, dma_mask);
2306 if (*dma_addr == DMA_ERROR_CODE) {
2307 spin_unlock_irqrestore(&domain->lock, flags);
2311 domain_flush_complete(domain);
2313 spin_unlock_irqrestore(&domain->lock, flags);
2319 free_pages((unsigned long)virt_addr, get_order(size));
2325 * The exported free_coherent function for dma_ops.
2327 static void free_coherent(struct device *dev, size_t size,
2328 void *virt_addr, dma_addr_t dma_addr)
2330 unsigned long flags;
2331 struct protection_domain *domain;
2333 INC_STATS_COUNTER(cnt_free_coherent);
2335 domain = get_domain(dev);
2339 spin_lock_irqsave(&domain->lock, flags);
2341 __unmap_single(domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
2343 domain_flush_complete(domain);
2345 spin_unlock_irqrestore(&domain->lock, flags);
2348 free_pages((unsigned long)virt_addr, get_order(size));
2352 * This function is called by the DMA layer to find out if we can handle a
2353 * particular device. It is part of the dma_ops.
2355 static int amd_iommu_dma_supported(struct device *dev, u64 mask)
2357 return check_device(dev);
2361 * The function for pre-allocating protection domains.
2363 * If the driver core informs the DMA layer if a driver grabs a device
2364 * we don't need to preallocate the protection domains anymore.
2365 * For now we have to.
2367 static void prealloc_protection_domains(void)
2369 struct pci_dev *dev = NULL;
2370 struct dma_ops_domain *dma_dom;
2373 for_each_pci_dev(dev) {
2375 /* Do we handle this device? */
2376 if (!check_device(&dev->dev))
2379 /* Is there already any domain for it? */
2380 if (domain_for_device(&dev->dev))
2383 devid = get_device_id(&dev->dev);
2385 dma_dom = dma_ops_domain_alloc();
2388 init_unity_mappings_for_device(dma_dom, devid);
2389 dma_dom->target_dev = devid;
2391 attach_device(&dev->dev, &dma_dom->domain);
2393 list_add_tail(&dma_dom->list, &iommu_pd_list);
2397 static struct dma_map_ops amd_iommu_dma_ops = {
2398 .alloc_coherent = alloc_coherent,
2399 .free_coherent = free_coherent,
2400 .map_page = map_page,
2401 .unmap_page = unmap_page,
2403 .unmap_sg = unmap_sg,
2404 .dma_supported = amd_iommu_dma_supported,
2407 static unsigned device_dma_ops_init(void)
2409 struct pci_dev *pdev = NULL;
2410 unsigned unhandled = 0;
2412 for_each_pci_dev(pdev) {
2413 if (!check_device(&pdev->dev)) {
2418 pdev->dev.archdata.dma_ops = &amd_iommu_dma_ops;
2425 * The function which clues the AMD IOMMU driver into dma_ops.
2428 void __init amd_iommu_init_api(void)
2430 register_iommu(&amd_iommu_ops);
2433 int __init amd_iommu_init_dma_ops(void)
2435 struct amd_iommu *iommu;
2439 * first allocate a default protection domain for every IOMMU we
2440 * found in the system. Devices not assigned to any other
2441 * protection domain will be assigned to the default one.
2443 for_each_iommu(iommu) {
2444 iommu->default_dom = dma_ops_domain_alloc();
2445 if (iommu->default_dom == NULL)
2447 iommu->default_dom->domain.flags |= PD_DEFAULT_MASK;
2448 ret = iommu_init_unity_mappings(iommu);
2454 * Pre-allocate the protection domains for each device.
2456 prealloc_protection_domains();
2461 /* Make the driver finally visible to the drivers */
2462 unhandled = device_dma_ops_init();
2463 if (unhandled && max_pfn > MAX_DMA32_PFN) {
2464 /* There are unhandled devices - initialize swiotlb for them */
2468 amd_iommu_stats_init();
2474 for_each_iommu(iommu) {
2475 if (iommu->default_dom)
2476 dma_ops_domain_free(iommu->default_dom);
2482 /*****************************************************************************
2484 * The following functions belong to the exported interface of AMD IOMMU
2486 * This interface allows access to lower level functions of the IOMMU
2487 * like protection domain handling and assignement of devices to domains
2488 * which is not possible with the dma_ops interface.
2490 *****************************************************************************/
2492 static void cleanup_domain(struct protection_domain *domain)
2494 struct iommu_dev_data *dev_data, *next;
2495 unsigned long flags;
2497 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
2499 list_for_each_entry_safe(dev_data, next, &domain->dev_list, list) {
2500 struct device *dev = dev_data->dev;
2502 __detach_device(dev);
2503 atomic_set(&dev_data->bind, 0);
2506 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
2509 static void protection_domain_free(struct protection_domain *domain)
2514 del_domain_from_list(domain);
2517 domain_id_free(domain->id);
2522 static struct protection_domain *protection_domain_alloc(void)
2524 struct protection_domain *domain;
2526 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
2530 spin_lock_init(&domain->lock);
2531 mutex_init(&domain->api_lock);
2532 domain->id = domain_id_alloc();
2535 INIT_LIST_HEAD(&domain->dev_list);
2537 add_domain_to_list(domain);
2547 static int amd_iommu_domain_init(struct iommu_domain *dom)
2549 struct protection_domain *domain;
2551 domain = protection_domain_alloc();
2555 domain->mode = PAGE_MODE_3_LEVEL;
2556 domain->pt_root = (void *)get_zeroed_page(GFP_KERNEL);
2557 if (!domain->pt_root)
2565 protection_domain_free(domain);
2570 static void amd_iommu_domain_destroy(struct iommu_domain *dom)
2572 struct protection_domain *domain = dom->priv;
2577 if (domain->dev_cnt > 0)
2578 cleanup_domain(domain);
2580 BUG_ON(domain->dev_cnt != 0);
2582 free_pagetable(domain);
2584 protection_domain_free(domain);
2589 static void amd_iommu_detach_device(struct iommu_domain *dom,
2592 struct iommu_dev_data *dev_data = dev->archdata.iommu;
2593 struct amd_iommu *iommu;
2596 if (!check_device(dev))
2599 devid = get_device_id(dev);
2601 if (dev_data->domain != NULL)
2604 iommu = amd_iommu_rlookup_table[devid];
2608 device_flush_dte(dev);
2609 iommu_completion_wait(iommu);
2612 static int amd_iommu_attach_device(struct iommu_domain *dom,
2615 struct protection_domain *domain = dom->priv;
2616 struct iommu_dev_data *dev_data;
2617 struct amd_iommu *iommu;
2621 if (!check_device(dev))
2624 dev_data = dev->archdata.iommu;
2626 devid = get_device_id(dev);
2628 iommu = amd_iommu_rlookup_table[devid];
2632 if (dev_data->domain)
2635 ret = attach_device(dev, domain);
2637 iommu_completion_wait(iommu);
2642 static int amd_iommu_map(struct iommu_domain *dom, unsigned long iova,
2643 phys_addr_t paddr, int gfp_order, int iommu_prot)
2645 unsigned long page_size = 0x1000UL << gfp_order;
2646 struct protection_domain *domain = dom->priv;
2650 if (iommu_prot & IOMMU_READ)
2651 prot |= IOMMU_PROT_IR;
2652 if (iommu_prot & IOMMU_WRITE)
2653 prot |= IOMMU_PROT_IW;
2655 mutex_lock(&domain->api_lock);
2656 ret = iommu_map_page(domain, iova, paddr, prot, page_size);
2657 mutex_unlock(&domain->api_lock);
2662 static int amd_iommu_unmap(struct iommu_domain *dom, unsigned long iova,
2665 struct protection_domain *domain = dom->priv;
2666 unsigned long page_size, unmap_size;
2668 page_size = 0x1000UL << gfp_order;
2670 mutex_lock(&domain->api_lock);
2671 unmap_size = iommu_unmap_page(domain, iova, page_size);
2672 mutex_unlock(&domain->api_lock);
2674 domain_flush_tlb_pde(domain);
2676 return get_order(unmap_size);
2679 static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom,
2682 struct protection_domain *domain = dom->priv;
2683 unsigned long offset_mask;
2687 pte = fetch_pte(domain, iova);
2689 if (!pte || !IOMMU_PTE_PRESENT(*pte))
2692 if (PM_PTE_LEVEL(*pte) == 0)
2693 offset_mask = PAGE_SIZE - 1;
2695 offset_mask = PTE_PAGE_SIZE(*pte) - 1;
2697 __pte = *pte & PM_ADDR_MASK;
2698 paddr = (__pte & ~offset_mask) | (iova & offset_mask);
2703 static int amd_iommu_domain_has_cap(struct iommu_domain *domain,
2707 case IOMMU_CAP_CACHE_COHERENCY:
2714 static struct iommu_ops amd_iommu_ops = {
2715 .domain_init = amd_iommu_domain_init,
2716 .domain_destroy = amd_iommu_domain_destroy,
2717 .attach_dev = amd_iommu_attach_device,
2718 .detach_dev = amd_iommu_detach_device,
2719 .map = amd_iommu_map,
2720 .unmap = amd_iommu_unmap,
2721 .iova_to_phys = amd_iommu_iova_to_phys,
2722 .domain_has_cap = amd_iommu_domain_has_cap,
2725 /*****************************************************************************
2727 * The next functions do a basic initialization of IOMMU for pass through
2730 * In passthrough mode the IOMMU is initialized and enabled but not used for
2731 * DMA-API translation.
2733 *****************************************************************************/
2735 int __init amd_iommu_init_passthrough(void)
2737 struct amd_iommu *iommu;
2738 struct pci_dev *dev = NULL;
2741 /* allocate passthrough domain */
2742 pt_domain = protection_domain_alloc();
2746 pt_domain->mode |= PAGE_MODE_NONE;
2748 for_each_pci_dev(dev) {
2749 if (!check_device(&dev->dev))
2752 devid = get_device_id(&dev->dev);
2754 iommu = amd_iommu_rlookup_table[devid];
2758 attach_device(&dev->dev, pt_domain);
2761 pr_info("AMD-Vi: Initialized for Passthrough Mode\n");
git.openpandora.org / pandora-kernel.git / blob