1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * IOMMU API for ARM architected SMMUv3 implementations.
4 *
5 * Copyright (C) 2015 ARM Limited
6 *
7 * Author: Will Deacon <will.deacon@arm.com>
8 *
9 * This driver is powered by bad coffee and bombay mix.
10 */
11
12 #include <linux/acpi.h>
13 #include <linux/acpi_iort.h>
14 #include <linux/bitfield.h>
15 #include <linux/bitops.h>
16 #include <linux/crash_dump.h>
17 #include <linux/delay.h>
18 #include <linux/dma-iommu.h>
19 #include <linux/err.h>
20 #include <linux/interrupt.h>
21 #include <linux/io-pgtable.h>
22 #include <linux/iommu.h>
23 #include <linux/iopoll.h>
24 #include <linux/module.h>
25 #include <linux/msi.h>
26 #include <linux/of.h>
27 #include <linux/of_address.h>
28 #include <linux/of_iommu.h>
29 #include <linux/of_platform.h>
30 #include <linux/pci.h>
31 #include <linux/pci-ats.h>
32 #include <linux/platform_device.h>
33
34 #include <linux/amba/bus.h>
35
36 /* MMIO registers */
37 #define ARM_SMMU_IDR0 0x0
38 #define IDR0_ST_LVL GENMASK(28, 27)
39 #define IDR0_ST_LVL_2LVL 1
40 #define IDR0_STALL_MODEL GENMASK(25, 24)
41 #define IDR0_STALL_MODEL_STALL 0
42 #define IDR0_STALL_MODEL_FORCE 2
43 #define IDR0_TTENDIAN GENMASK(22, 21)
44 #define IDR0_TTENDIAN_MIXED 0
45 #define IDR0_TTENDIAN_LE 2
46 #define IDR0_TTENDIAN_BE 3
47 #define IDR0_CD2L (1 << 19)
48 #define IDR0_VMID16 (1 << 18)
49 #define IDR0_PRI (1 << 16)
50 #define IDR0_SEV (1 << 14)
51 #define IDR0_MSI (1 << 13)
52 #define IDR0_ASID16 (1 << 12)
53 #define IDR0_ATS (1 << 10)
54 #define IDR0_HYP (1 << 9)
55 #define IDR0_COHACC (1 << 4)
56 #define IDR0_TTF GENMASK(3, 2)
57 #define IDR0_TTF_AARCH64 2
58 #define IDR0_TTF_AARCH32_64 3
59 #define IDR0_S1P (1 << 1)
60 #define IDR0_S2P (1 << 0)
61
62 #define ARM_SMMU_IDR1 0x4
63 #define IDR1_TABLES_PRESET (1 << 30)
64 #define IDR1_QUEUES_PRESET (1 << 29)
65 #define IDR1_REL (1 << 28)
66 #define IDR1_CMDQS GENMASK(25, 21)
67 #define IDR1_EVTQS GENMASK(20, 16)
68 #define IDR1_PRIQS GENMASK(15, 11)
69 #define IDR1_SSIDSIZE GENMASK(10, 6)
70 #define IDR1_SIDSIZE GENMASK(5, 0)
71
72 #define ARM_SMMU_IDR5 0x14
73 #define IDR5_STALL_MAX GENMASK(31, 16)
74 #define IDR5_GRAN64K (1 << 6)
75 #define IDR5_GRAN16K (1 << 5)
76 #define IDR5_GRAN4K (1 << 4)
77 #define IDR5_OAS GENMASK(2, 0)
78 #define IDR5_OAS_32_BIT 0
79 #define IDR5_OAS_36_BIT 1
80 #define IDR5_OAS_40_BIT 2
81 #define IDR5_OAS_42_BIT 3
82 #define IDR5_OAS_44_BIT 4
83 #define IDR5_OAS_48_BIT 5
84 #define IDR5_OAS_52_BIT 6
85 #define IDR5_VAX GENMASK(11, 10)
86 #define IDR5_VAX_52_BIT 1
87
88 #define ARM_SMMU_CR0 0x20
89 #define CR0_ATSCHK (1 << 4)
90 #define CR0_CMDQEN (1 << 3)
91 #define CR0_EVTQEN (1 << 2)
92 #define CR0_PRIQEN (1 << 1)
93 #define CR0_SMMUEN (1 << 0)
94
95 #define ARM_SMMU_CR0ACK 0x24
96
97 #define ARM_SMMU_CR1 0x28
98 #define CR1_TABLE_SH GENMASK(11, 10)
99 #define CR1_TABLE_OC GENMASK(9, 8)
100 #define CR1_TABLE_IC GENMASK(7, 6)
101 #define CR1_QUEUE_SH GENMASK(5, 4)
102 #define CR1_QUEUE_OC GENMASK(3, 2)
103 #define CR1_QUEUE_IC GENMASK(1, 0)
104 /* CR1 cacheability fields don't quite follow the usual TCR-style encoding */
105 #define CR1_CACHE_NC 0
106 #define CR1_CACHE_WB 1
107 #define CR1_CACHE_WT 2
108
109 #define ARM_SMMU_CR2 0x2c
110 #define CR2_PTM (1 << 2)
111 #define CR2_RECINVSID (1 << 1)
112 #define CR2_E2H (1 << 0)
113
114 #define ARM_SMMU_GBPA 0x44
115 #define GBPA_UPDATE (1 << 31)
116 #define GBPA_ABORT (1 << 20)
117
118 #define ARM_SMMU_IRQ_CTRL 0x50
119 #define IRQ_CTRL_EVTQ_IRQEN (1 << 2)
120 #define IRQ_CTRL_PRIQ_IRQEN (1 << 1)
121 #define IRQ_CTRL_GERROR_IRQEN (1 << 0)
122
123 #define ARM_SMMU_IRQ_CTRLACK 0x54
124
125 #define ARM_SMMU_GERROR 0x60
126 #define GERROR_SFM_ERR (1 << 8)
127 #define GERROR_MSI_GERROR_ABT_ERR (1 << 7)
128 #define GERROR_MSI_PRIQ_ABT_ERR (1 << 6)
129 #define GERROR_MSI_EVTQ_ABT_ERR (1 << 5)
130 #define GERROR_MSI_CMDQ_ABT_ERR (1 << 4)
131 #define GERROR_PRIQ_ABT_ERR (1 << 3)
132 #define GERROR_EVTQ_ABT_ERR (1 << 2)
133 #define GERROR_CMDQ_ERR (1 << 0)
134 #define GERROR_ERR_MASK 0xfd
135
136 #define ARM_SMMU_GERRORN 0x64
137
138 #define ARM_SMMU_GERROR_IRQ_CFG0 0x68
139 #define ARM_SMMU_GERROR_IRQ_CFG1 0x70
140 #define ARM_SMMU_GERROR_IRQ_CFG2 0x74
141
142 #define ARM_SMMU_STRTAB_BASE 0x80
143 #define STRTAB_BASE_RA (1UL << 62)
144 #define STRTAB_BASE_ADDR_MASK GENMASK_ULL(51, 6)
145
146 #define ARM_SMMU_STRTAB_BASE_CFG 0x88
147 #define STRTAB_BASE_CFG_FMT GENMASK(17, 16)
148 #define STRTAB_BASE_CFG_FMT_LINEAR 0
149 #define STRTAB_BASE_CFG_FMT_2LVL 1
150 #define STRTAB_BASE_CFG_SPLIT GENMASK(10, 6)
151 #define STRTAB_BASE_CFG_LOG2SIZE GENMASK(5, 0)
152
153 #define ARM_SMMU_CMDQ_BASE 0x90
154 #define ARM_SMMU_CMDQ_PROD 0x98
155 #define ARM_SMMU_CMDQ_CONS 0x9c
156
157 #define ARM_SMMU_EVTQ_BASE 0xa0
158 #define ARM_SMMU_EVTQ_PROD 0x100a8
159 #define ARM_SMMU_EVTQ_CONS 0x100ac
160 #define ARM_SMMU_EVTQ_IRQ_CFG0 0xb0
161 #define ARM_SMMU_EVTQ_IRQ_CFG1 0xb8
162 #define ARM_SMMU_EVTQ_IRQ_CFG2 0xbc
163
164 #define ARM_SMMU_PRIQ_BASE 0xc0
165 #define ARM_SMMU_PRIQ_PROD 0x100c8
166 #define ARM_SMMU_PRIQ_CONS 0x100cc
167 #define ARM_SMMU_PRIQ_IRQ_CFG0 0xd0
168 #define ARM_SMMU_PRIQ_IRQ_CFG1 0xd8
169 #define ARM_SMMU_PRIQ_IRQ_CFG2 0xdc
170
171 /* Common MSI config fields */
172 #define MSI_CFG0_ADDR_MASK GENMASK_ULL(51, 2)
173 #define MSI_CFG2_SH GENMASK(5, 4)
174 #define MSI_CFG2_MEMATTR GENMASK(3, 0)
175
176 /* Common memory attribute values */
177 #define ARM_SMMU_SH_NSH 0
178 #define ARM_SMMU_SH_OSH 2
179 #define ARM_SMMU_SH_ISH 3
180 #define ARM_SMMU_MEMATTR_DEVICE_nGnRE 0x1
181 #define ARM_SMMU_MEMATTR_OIWB 0xf
182
183 #define Q_IDX(llq, p) ((p) & ((1 << (llq)->max_n_shift) - 1))
184 #define Q_WRP(llq, p) ((p) & (1 << (llq)->max_n_shift))
185 #define Q_OVERFLOW_FLAG (1U << 31)
186 #define Q_OVF(p) ((p) & Q_OVERFLOW_FLAG)
187 #define Q_ENT(q, p) ((q)->base + \
188 Q_IDX(&((q)->llq), p) * \
189 (q)->ent_dwords)
190
191 #define Q_BASE_RWA (1UL << 62)
192 #define Q_BASE_ADDR_MASK GENMASK_ULL(51, 5)
193 #define Q_BASE_LOG2SIZE GENMASK(4, 0)
194
195 /* Ensure DMA allocations are naturally aligned */
196 #ifdef CONFIG_CMA_ALIGNMENT
197 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + CONFIG_CMA_ALIGNMENT)
198 #else
199 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + MAX_ORDER - 1)
200 #endif
201
202 /*
203 * Stream table.
204 *
205 * Linear: Enough to cover 1 << IDR1.SIDSIZE entries
206 * 2lvl: 128k L1 entries,
207 * 256 lazy entries per table (each table covers a PCI bus)
208 */
209 #define STRTAB_L1_SZ_SHIFT 20
210 #define STRTAB_SPLIT 8
211
212 #define STRTAB_L1_DESC_DWORDS 1
213 #define STRTAB_L1_DESC_SPAN GENMASK_ULL(4, 0)
214 #define STRTAB_L1_DESC_L2PTR_MASK GENMASK_ULL(51, 6)
215
216 #define STRTAB_STE_DWORDS 8
217 #define STRTAB_STE_0_V (1UL << 0)
218 #define STRTAB_STE_0_CFG GENMASK_ULL(3, 1)
219 #define STRTAB_STE_0_CFG_ABORT 0
220 #define STRTAB_STE_0_CFG_BYPASS 4
221 #define STRTAB_STE_0_CFG_S1_TRANS 5
222 #define STRTAB_STE_0_CFG_S2_TRANS 6
223
224 #define STRTAB_STE_0_S1FMT GENMASK_ULL(5, 4)
225 #define STRTAB_STE_0_S1FMT_LINEAR 0
226 #define STRTAB_STE_0_S1CTXPTR_MASK GENMASK_ULL(51, 6)
227 #define STRTAB_STE_0_S1CDMAX GENMASK_ULL(63, 59)
228
229 #define STRTAB_STE_1_S1C_CACHE_NC 0UL
230 #define STRTAB_STE_1_S1C_CACHE_WBRA 1UL
231 #define STRTAB_STE_1_S1C_CACHE_WT 2UL
232 #define STRTAB_STE_1_S1C_CACHE_WB 3UL
233 #define STRTAB_STE_1_S1CIR GENMASK_ULL(3, 2)
234 #define STRTAB_STE_1_S1COR GENMASK_ULL(5, 4)
235 #define STRTAB_STE_1_S1CSH GENMASK_ULL(7, 6)
236
237 #define STRTAB_STE_1_S1STALLD (1UL << 27)
238
239 #define STRTAB_STE_1_EATS GENMASK_ULL(29, 28)
240 #define STRTAB_STE_1_EATS_ABT 0UL
241 #define STRTAB_STE_1_EATS_TRANS 1UL
242 #define STRTAB_STE_1_EATS_S1CHK 2UL
243
244 #define STRTAB_STE_1_STRW GENMASK_ULL(31, 30)
245 #define STRTAB_STE_1_STRW_NSEL1 0UL
246 #define STRTAB_STE_1_STRW_EL2 2UL
247
248 #define STRTAB_STE_1_SHCFG GENMASK_ULL(45, 44)
249 #define STRTAB_STE_1_SHCFG_INCOMING 1UL
250
251 #define STRTAB_STE_2_S2VMID GENMASK_ULL(15, 0)
252 #define STRTAB_STE_2_VTCR GENMASK_ULL(50, 32)
253 #define STRTAB_STE_2_S2AA64 (1UL << 51)
254 #define STRTAB_STE_2_S2ENDI (1UL << 52)
255 #define STRTAB_STE_2_S2PTW (1UL << 54)
256 #define STRTAB_STE_2_S2R (1UL << 58)
257
258 #define STRTAB_STE_3_S2TTB_MASK GENMASK_ULL(51, 4)
259
260 /* Context descriptor (stage-1 only) */
261 #define CTXDESC_CD_DWORDS 8
262 #define CTXDESC_CD_0_TCR_T0SZ GENMASK_ULL(5, 0)
263 #define ARM64_TCR_T0SZ GENMASK_ULL(5, 0)
264 #define CTXDESC_CD_0_TCR_TG0 GENMASK_ULL(7, 6)
265 #define ARM64_TCR_TG0 GENMASK_ULL(15, 14)
266 #define CTXDESC_CD_0_TCR_IRGN0 GENMASK_ULL(9, 8)
267 #define ARM64_TCR_IRGN0 GENMASK_ULL(9, 8)
268 #define CTXDESC_CD_0_TCR_ORGN0 GENMASK_ULL(11, 10)
269 #define ARM64_TCR_ORGN0 GENMASK_ULL(11, 10)
270 #define CTXDESC_CD_0_TCR_SH0 GENMASK_ULL(13, 12)
271 #define ARM64_TCR_SH0 GENMASK_ULL(13, 12)
272 #define CTXDESC_CD_0_TCR_EPD0 (1ULL << 14)
273 #define ARM64_TCR_EPD0 (1ULL << 7)
274 #define CTXDESC_CD_0_TCR_EPD1 (1ULL << 30)
275 #define ARM64_TCR_EPD1 (1ULL << 23)
276
277 #define CTXDESC_CD_0_ENDI (1UL << 15)
278 #define CTXDESC_CD_0_V (1UL << 31)
279
280 #define CTXDESC_CD_0_TCR_IPS GENMASK_ULL(34, 32)
281 #define ARM64_TCR_IPS GENMASK_ULL(34, 32)
282 #define CTXDESC_CD_0_TCR_TBI0 (1ULL << 38)
283 #define ARM64_TCR_TBI0 (1ULL << 37)
284
285 #define CTXDESC_CD_0_AA64 (1UL << 41)
286 #define CTXDESC_CD_0_S (1UL << 44)
287 #define CTXDESC_CD_0_R (1UL << 45)
288 #define CTXDESC_CD_0_A (1UL << 46)
289 #define CTXDESC_CD_0_ASET (1UL << 47)
290 #define CTXDESC_CD_0_ASID GENMASK_ULL(63, 48)
291
292 #define CTXDESC_CD_1_TTB0_MASK GENMASK_ULL(51, 4)
293
294 /* Convert between AArch64 (CPU) TCR format and SMMU CD format */
295 #define ARM_SMMU_TCR2CD(tcr, fld) FIELD_PREP(CTXDESC_CD_0_TCR_##fld, \
296 FIELD_GET(ARM64_TCR_##fld, tcr))
297
298 /* Command queue */
299 #define CMDQ_ENT_SZ_SHIFT 4
300 #define CMDQ_ENT_DWORDS ((1 << CMDQ_ENT_SZ_SHIFT) >> 3)
301 #define CMDQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - CMDQ_ENT_SZ_SHIFT)
302
303 #define CMDQ_CONS_ERR GENMASK(30, 24)
304 #define CMDQ_ERR_CERROR_NONE_IDX 0
305 #define CMDQ_ERR_CERROR_ILL_IDX 1
306 #define CMDQ_ERR_CERROR_ABT_IDX 2
307 #define CMDQ_ERR_CERROR_ATC_INV_IDX 3
308
309 #define CMDQ_PROD_OWNED_FLAG Q_OVERFLOW_FLAG
310
311 /*
312 * This is used to size the command queue and therefore must be at least
313 * BITS_PER_LONG so that the valid_map works correctly (it relies on the
314 * total number of queue entries being a multiple of BITS_PER_LONG).
315 */
316 #define CMDQ_BATCH_ENTRIES BITS_PER_LONG
317
318 #define CMDQ_0_OP GENMASK_ULL(7, 0)
319 #define CMDQ_0_SSV (1UL << 11)
320
321 #define CMDQ_PREFETCH_0_SID GENMASK_ULL(63, 32)
322 #define CMDQ_PREFETCH_1_SIZE GENMASK_ULL(4, 0)
323 #define CMDQ_PREFETCH_1_ADDR_MASK GENMASK_ULL(63, 12)
324
325 #define CMDQ_CFGI_0_SID GENMASK_ULL(63, 32)
326 #define CMDQ_CFGI_1_LEAF (1UL << 0)
327 #define CMDQ_CFGI_1_RANGE GENMASK_ULL(4, 0)
328
329 #define CMDQ_TLBI_0_VMID GENMASK_ULL(47, 32)
330 #define CMDQ_TLBI_0_ASID GENMASK_ULL(63, 48)
331 #define CMDQ_TLBI_1_LEAF (1UL << 0)
332 #define CMDQ_TLBI_1_VA_MASK GENMASK_ULL(63, 12)
333 #define CMDQ_TLBI_1_IPA_MASK GENMASK_ULL(51, 12)
334
335 #define CMDQ_ATC_0_SSID GENMASK_ULL(31, 12)
336 #define CMDQ_ATC_0_SID GENMASK_ULL(63, 32)
337 #define CMDQ_ATC_0_GLOBAL (1UL << 9)
338 #define CMDQ_ATC_1_SIZE GENMASK_ULL(5, 0)
339 #define CMDQ_ATC_1_ADDR_MASK GENMASK_ULL(63, 12)
340
341 #define CMDQ_PRI_0_SSID GENMASK_ULL(31, 12)
342 #define CMDQ_PRI_0_SID GENMASK_ULL(63, 32)
343 #define CMDQ_PRI_1_GRPID GENMASK_ULL(8, 0)
344 #define CMDQ_PRI_1_RESP GENMASK_ULL(13, 12)
345
346 #define CMDQ_SYNC_0_CS GENMASK_ULL(13, 12)
347 #define CMDQ_SYNC_0_CS_NONE 0
348 #define CMDQ_SYNC_0_CS_IRQ 1
349 #define CMDQ_SYNC_0_CS_SEV 2
350 #define CMDQ_SYNC_0_MSH GENMASK_ULL(23, 22)
351 #define CMDQ_SYNC_0_MSIATTR GENMASK_ULL(27, 24)
352 #define CMDQ_SYNC_0_MSIDATA GENMASK_ULL(63, 32)
353 #define CMDQ_SYNC_1_MSIADDR_MASK GENMASK_ULL(51, 2)
354
355 /* Event queue */
356 #define EVTQ_ENT_SZ_SHIFT 5
357 #define EVTQ_ENT_DWORDS ((1 << EVTQ_ENT_SZ_SHIFT) >> 3)
358 #define EVTQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - EVTQ_ENT_SZ_SHIFT)
359
360 #define EVTQ_0_ID GENMASK_ULL(7, 0)
361
362 /* PRI queue */
363 #define PRIQ_ENT_SZ_SHIFT 4
364 #define PRIQ_ENT_DWORDS ((1 << PRIQ_ENT_SZ_SHIFT) >> 3)
365 #define PRIQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - PRIQ_ENT_SZ_SHIFT)
366
367 #define PRIQ_0_SID GENMASK_ULL(31, 0)
368 #define PRIQ_0_SSID GENMASK_ULL(51, 32)
369 #define PRIQ_0_PERM_PRIV (1UL << 58)
370 #define PRIQ_0_PERM_EXEC (1UL << 59)
371 #define PRIQ_0_PERM_READ (1UL << 60)
372 #define PRIQ_0_PERM_WRITE (1UL << 61)
373 #define PRIQ_0_PRG_LAST (1UL << 62)
374 #define PRIQ_0_SSID_V (1UL << 63)
375
376 #define PRIQ_1_PRG_IDX GENMASK_ULL(8, 0)
377 #define PRIQ_1_ADDR_MASK GENMASK_ULL(63, 12)
378
379 /* High-level queue structures */
380 #define ARM_SMMU_POLL_TIMEOUT_US 1000000 /* 1s! */
381 #define ARM_SMMU_POLL_SPIN_COUNT 10
382
383 #define MSI_IOVA_BASE 0x8000000
384 #define MSI_IOVA_LENGTH 0x100000
385
386 static bool disable_bypass = 1;
387 module_param_named(disable_bypass, disable_bypass, bool, S_IRUGO);
388 MODULE_PARM_DESC(disable_bypass,
389 "Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU.");
390
391 enum pri_resp {
392 PRI_RESP_DENY = 0,
393 PRI_RESP_FAIL = 1,
394 PRI_RESP_SUCC = 2,
395 };
396
397 enum arm_smmu_msi_index {
398 EVTQ_MSI_INDEX,
399 GERROR_MSI_INDEX,
400 PRIQ_MSI_INDEX,
401 ARM_SMMU_MAX_MSIS,
402 };
403
404 static phys_addr_t arm_smmu_msi_cfg[ARM_SMMU_MAX_MSIS][3] = {
405 [EVTQ_MSI_INDEX] = {
406 ARM_SMMU_EVTQ_IRQ_CFG0,
407 ARM_SMMU_EVTQ_IRQ_CFG1,
408 ARM_SMMU_EVTQ_IRQ_CFG2,
409 },
410 [GERROR_MSI_INDEX] = {
411 ARM_SMMU_GERROR_IRQ_CFG0,
412 ARM_SMMU_GERROR_IRQ_CFG1,
413 ARM_SMMU_GERROR_IRQ_CFG2,
414 },
415 [PRIQ_MSI_INDEX] = {
416 ARM_SMMU_PRIQ_IRQ_CFG0,
417 ARM_SMMU_PRIQ_IRQ_CFG1,
418 ARM_SMMU_PRIQ_IRQ_CFG2,
419 },
420 };
421
422 struct arm_smmu_cmdq_ent {
423 /* Common fields */
424 u8 opcode;
425 bool substream_valid;
426
427 /* Command-specific fields */
428 union {
429 #define CMDQ_OP_PREFETCH_CFG 0x1
430 struct {
431 u32 sid;
432 u8 size;
433 u64 addr;
434 } prefetch;
435
436 #define CMDQ_OP_CFGI_STE 0x3
437 #define CMDQ_OP_CFGI_ALL 0x4
438 struct {
439 u32 sid;
440 union {
441 bool leaf;
442 u8 span;
443 };
444 } cfgi;
445
446 #define CMDQ_OP_TLBI_NH_ASID 0x11
447 #define CMDQ_OP_TLBI_NH_VA 0x12
448 #define CMDQ_OP_TLBI_EL2_ALL 0x20
449 #define CMDQ_OP_TLBI_S12_VMALL 0x28
450 #define CMDQ_OP_TLBI_S2_IPA 0x2a
451 #define CMDQ_OP_TLBI_NSNH_ALL 0x30
452 struct {
453 u16 asid;
454 u16 vmid;
455 bool leaf;
456 u64 addr;
457 } tlbi;
458
459 #define CMDQ_OP_ATC_INV 0x40
460 #define ATC_INV_SIZE_ALL 52
461 struct {
462 u32 sid;
463 u32 ssid;
464 u64 addr;
465 u8 size;
466 bool global;
467 } atc;
468
469 #define CMDQ_OP_PRI_RESP 0x41
470 struct {
471 u32 sid;
472 u32 ssid;
473 u16 grpid;
474 enum pri_resp resp;
475 } pri;
476
477 #define CMDQ_OP_CMD_SYNC 0x46
478 struct {
479 u64 msiaddr;
480 } sync;
481 };
482 };
483
484 struct arm_smmu_ll_queue {
485 union {
486 u64 val;
487 struct {
488 u32 prod;
489 u32 cons;
490 };
491 struct {
492 atomic_t prod;
493 atomic_t cons;
494 } atomic;
495 u8 __pad[SMP_CACHE_BYTES];
496 } ____cacheline_aligned_in_smp;
497 u32 max_n_shift;
498 };
499
500 struct arm_smmu_queue {
501 struct arm_smmu_ll_queue llq;
502 int irq; /* Wired interrupt */
503
504 __le64 *base;
505 dma_addr_t base_dma;
506 u64 q_base;
507
508 size_t ent_dwords;
509
510 u32 __iomem *prod_reg;
511 u32 __iomem *cons_reg;
512 };
513
514 struct arm_smmu_queue_poll {
515 ktime_t timeout;
516 unsigned int delay;
517 unsigned int spin_cnt;
518 bool wfe;
519 };
520
521 struct arm_smmu_cmdq {
522 struct arm_smmu_queue q;
523 atomic_long_t *valid_map;
524 atomic_t owner_prod;
525 atomic_t lock;
526 };
527
528 struct arm_smmu_evtq {
529 struct arm_smmu_queue q;
530 u32 max_stalls;
531 };
532
533 struct arm_smmu_priq {
534 struct arm_smmu_queue q;
535 };
536
537 /* High-level stream table and context descriptor structures */
538 struct arm_smmu_strtab_l1_desc {
539 u8 span;
540
541 __le64 *l2ptr;
542 dma_addr_t l2ptr_dma;
543 };
544
545 struct arm_smmu_s1_cfg {
546 __le64 *cdptr;
547 dma_addr_t cdptr_dma;
548
549 struct arm_smmu_ctx_desc {
550 u16 asid;
551 u64 ttbr;
552 u64 tcr;
553 u64 mair;
554 } cd;
555 };
556
557 struct arm_smmu_s2_cfg {
558 u16 vmid;
559 u64 vttbr;
560 u64 vtcr;
561 };
562
563 struct arm_smmu_strtab_cfg {
564 __le64 *strtab;
565 dma_addr_t strtab_dma;
566 struct arm_smmu_strtab_l1_desc *l1_desc;
567 unsigned int num_l1_ents;
568
569 u64 strtab_base;
570 u32 strtab_base_cfg;
571 };
572
573 /* An SMMUv3 instance */
574 struct arm_smmu_device {
575 struct device *dev;
576 void __iomem *base;
577
578 #define ARM_SMMU_FEAT_2_LVL_STRTAB (1 << 0)
579 #define ARM_SMMU_FEAT_2_LVL_CDTAB (1 << 1)
580 #define ARM_SMMU_FEAT_TT_LE (1 << 2)
581 #define ARM_SMMU_FEAT_TT_BE (1 << 3)
582 #define ARM_SMMU_FEAT_PRI (1 << 4)
583 #define ARM_SMMU_FEAT_ATS (1 << 5)
584 #define ARM_SMMU_FEAT_SEV (1 << 6)
585 #define ARM_SMMU_FEAT_MSI (1 << 7)
586 #define ARM_SMMU_FEAT_COHERENCY (1 << 8)
587 #define ARM_SMMU_FEAT_TRANS_S1 (1 << 9)
588 #define ARM_SMMU_FEAT_TRANS_S2 (1 << 10)
589 #define ARM_SMMU_FEAT_STALLS (1 << 11)
590 #define ARM_SMMU_FEAT_HYP (1 << 12)
591 #define ARM_SMMU_FEAT_STALL_FORCE (1 << 13)
592 #define ARM_SMMU_FEAT_VAX (1 << 14)
593 u32 features;
594
595 #define ARM_SMMU_OPT_SKIP_PREFETCH (1 << 0)
596 #define ARM_SMMU_OPT_PAGE0_REGS_ONLY (1 << 1)
597 u32 options;
598
599 struct arm_smmu_cmdq cmdq;
600 struct arm_smmu_evtq evtq;
601 struct arm_smmu_priq priq;
602
603 int gerr_irq;
604 int combined_irq;
605
606 unsigned long ias; /* IPA */
607 unsigned long oas; /* PA */
608 unsigned long pgsize_bitmap;
609
610 #define ARM_SMMU_MAX_ASIDS (1 << 16)
611 unsigned int asid_bits;
612 DECLARE_BITMAP(asid_map, ARM_SMMU_MAX_ASIDS);
613
614 #define ARM_SMMU_MAX_VMIDS (1 << 16)
615 unsigned int vmid_bits;
616 DECLARE_BITMAP(vmid_map, ARM_SMMU_MAX_VMIDS);
617
618 unsigned int ssid_bits;
619 unsigned int sid_bits;
620
621 struct arm_smmu_strtab_cfg strtab_cfg;
622
623 /* IOMMU core code handle */
624 struct iommu_device iommu;
625 };
626
627 /* SMMU private data for each master */
628 struct arm_smmu_master {
629 struct arm_smmu_device *smmu;
630 struct device *dev;
631 struct arm_smmu_domain *domain;
632 struct list_head domain_head;
633 u32 *sids;
634 unsigned int num_sids;
635 bool ats_enabled;
636 };
637
638 /* SMMU private data for an IOMMU domain */
639 enum arm_smmu_domain_stage {
640 ARM_SMMU_DOMAIN_S1 = 0,
641 ARM_SMMU_DOMAIN_S2,
642 ARM_SMMU_DOMAIN_NESTED,
643 ARM_SMMU_DOMAIN_BYPASS,
644 };
645
646 struct arm_smmu_domain {
647 struct arm_smmu_device *smmu;
648 struct mutex init_mutex; /* Protects smmu pointer */
649
650 struct io_pgtable_ops *pgtbl_ops;
651 bool non_strict;
652 atomic_t nr_ats_masters;
653
654 enum arm_smmu_domain_stage stage;
655 union {
656 struct arm_smmu_s1_cfg s1_cfg;
657 struct arm_smmu_s2_cfg s2_cfg;
658 };
659
660 struct iommu_domain domain;
661
662 struct list_head devices;
663 spinlock_t devices_lock;
664 };
665
666 struct arm_smmu_option_prop {
667 u32 opt;
668 const char *prop;
669 };
670
671 static struct arm_smmu_option_prop arm_smmu_options[] = {
672 { ARM_SMMU_OPT_SKIP_PREFETCH, "hisilicon,broken-prefetch-cmd" },
673 { ARM_SMMU_OPT_PAGE0_REGS_ONLY, "cavium,cn9900-broken-page1-regspace"},
674 { 0, NULL},
675 };
676
arm_smmu_page1_fixup(unsigned long offset,struct arm_smmu_device * smmu)677 static inline void __iomem *arm_smmu_page1_fixup(unsigned long offset,
678 struct arm_smmu_device *smmu)
679 {
680 if ((offset > SZ_64K) &&
681 (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY))
682 offset -= SZ_64K;
683
684 return smmu->base + offset;
685 }
686
to_smmu_domain(struct iommu_domain * dom)687 static struct arm_smmu_domain *to_smmu_domain(struct iommu_domain *dom)
688 {
689 return container_of(dom, struct arm_smmu_domain, domain);
690 }
691
parse_driver_options(struct arm_smmu_device * smmu)692 static void parse_driver_options(struct arm_smmu_device *smmu)
693 {
694 int i = 0;
695
696 do {
697 if (of_property_read_bool(smmu->dev->of_node,
698 arm_smmu_options[i].prop)) {
699 smmu->options |= arm_smmu_options[i].opt;
700 dev_notice(smmu->dev, "option %s\n",
701 arm_smmu_options[i].prop);
702 }
703 } while (arm_smmu_options[++i].opt);
704 }
705
706 /* Low-level queue manipulation functions */
queue_has_space(struct arm_smmu_ll_queue * q,u32 n)707 static bool queue_has_space(struct arm_smmu_ll_queue *q, u32 n)
708 {
709 u32 space, prod, cons;
710
711 prod = Q_IDX(q, q->prod);
712 cons = Q_IDX(q, q->cons);
713
714 if (Q_WRP(q, q->prod) == Q_WRP(q, q->cons))
715 space = (1 << q->max_n_shift) - (prod - cons);
716 else
717 space = cons - prod;
718
719 return space >= n;
720 }
721
queue_full(struct arm_smmu_ll_queue * q)722 static bool queue_full(struct arm_smmu_ll_queue *q)
723 {
724 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
725 Q_WRP(q, q->prod) != Q_WRP(q, q->cons);
726 }
727
queue_empty(struct arm_smmu_ll_queue * q)728 static bool queue_empty(struct arm_smmu_ll_queue *q)
729 {
730 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
731 Q_WRP(q, q->prod) == Q_WRP(q, q->cons);
732 }
733
queue_consumed(struct arm_smmu_ll_queue * q,u32 prod)734 static bool queue_consumed(struct arm_smmu_ll_queue *q, u32 prod)
735 {
736 return ((Q_WRP(q, q->cons) == Q_WRP(q, prod)) &&
737 (Q_IDX(q, q->cons) > Q_IDX(q, prod))) ||
738 ((Q_WRP(q, q->cons) != Q_WRP(q, prod)) &&
739 (Q_IDX(q, q->cons) <= Q_IDX(q, prod)));
740 }
741
queue_sync_cons_out(struct arm_smmu_queue * q)742 static void queue_sync_cons_out(struct arm_smmu_queue *q)
743 {
744 /*
745 * Ensure that all CPU accesses (reads and writes) to the queue
746 * are complete before we update the cons pointer.
747 */
748 mb();
749 writel_relaxed(q->llq.cons, q->cons_reg);
750 }
751
queue_inc_cons(struct arm_smmu_ll_queue * q)752 static void queue_inc_cons(struct arm_smmu_ll_queue *q)
753 {
754 u32 cons = (Q_WRP(q, q->cons) | Q_IDX(q, q->cons)) + 1;
755 q->cons = Q_OVF(q->cons) | Q_WRP(q, cons) | Q_IDX(q, cons);
756 }
757
queue_sync_prod_in(struct arm_smmu_queue * q)758 static int queue_sync_prod_in(struct arm_smmu_queue *q)
759 {
760 int ret = 0;
761 u32 prod = readl_relaxed(q->prod_reg);
762
763 if (Q_OVF(prod) != Q_OVF(q->llq.prod))
764 ret = -EOVERFLOW;
765
766 q->llq.prod = prod;
767 return ret;
768 }
769
queue_inc_prod_n(struct arm_smmu_ll_queue * q,int n)770 static u32 queue_inc_prod_n(struct arm_smmu_ll_queue *q, int n)
771 {
772 u32 prod = (Q_WRP(q, q->prod) | Q_IDX(q, q->prod)) + n;
773 return Q_OVF(q->prod) | Q_WRP(q, prod) | Q_IDX(q, prod);
774 }
775
queue_poll_init(struct arm_smmu_device * smmu,struct arm_smmu_queue_poll * qp)776 static void queue_poll_init(struct arm_smmu_device *smmu,
777 struct arm_smmu_queue_poll *qp)
778 {
779 qp->delay = 1;
780 qp->spin_cnt = 0;
781 qp->wfe = !!(smmu->features & ARM_SMMU_FEAT_SEV);
782 qp->timeout = ktime_add_us(ktime_get(), ARM_SMMU_POLL_TIMEOUT_US);
783 }
784
queue_poll(struct arm_smmu_queue_poll * qp)785 static int queue_poll(struct arm_smmu_queue_poll *qp)
786 {
787 if (ktime_compare(ktime_get(), qp->timeout) > 0)
788 return -ETIMEDOUT;
789
790 if (qp->wfe) {
791 wfe();
792 } else if (++qp->spin_cnt < ARM_SMMU_POLL_SPIN_COUNT) {
793 cpu_relax();
794 } else {
795 udelay(qp->delay);
796 qp->delay *= 2;
797 qp->spin_cnt = 0;
798 }
799
800 return 0;
801 }
802
queue_write(__le64 * dst,u64 * src,size_t n_dwords)803 static void queue_write(__le64 *dst, u64 *src, size_t n_dwords)
804 {
805 int i;
806
807 for (i = 0; i < n_dwords; ++i)
808 *dst++ = cpu_to_le64(*src++);
809 }
810
queue_read(__le64 * dst,u64 * src,size_t n_dwords)811 static void queue_read(__le64 *dst, u64 *src, size_t n_dwords)
812 {
813 int i;
814
815 for (i = 0; i < n_dwords; ++i)
816 *dst++ = le64_to_cpu(*src++);
817 }
818
queue_remove_raw(struct arm_smmu_queue * q,u64 * ent)819 static int queue_remove_raw(struct arm_smmu_queue *q, u64 *ent)
820 {
821 if (queue_empty(&q->llq))
822 return -EAGAIN;
823
824 queue_read(ent, Q_ENT(q, q->llq.cons), q->ent_dwords);
825 queue_inc_cons(&q->llq);
826 queue_sync_cons_out(q);
827 return 0;
828 }
829
830 /* High-level queue accessors */
arm_smmu_cmdq_build_cmd(u64 * cmd,struct arm_smmu_cmdq_ent * ent)831 static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
832 {
833 memset(cmd, 0, 1 << CMDQ_ENT_SZ_SHIFT);
834 cmd[0] |= FIELD_PREP(CMDQ_0_OP, ent->opcode);
835
836 switch (ent->opcode) {
837 case CMDQ_OP_TLBI_EL2_ALL:
838 case CMDQ_OP_TLBI_NSNH_ALL:
839 break;
840 case CMDQ_OP_PREFETCH_CFG:
841 cmd[0] |= FIELD_PREP(CMDQ_PREFETCH_0_SID, ent->prefetch.sid);
842 cmd[1] |= FIELD_PREP(CMDQ_PREFETCH_1_SIZE, ent->prefetch.size);
843 cmd[1] |= ent->prefetch.addr & CMDQ_PREFETCH_1_ADDR_MASK;
844 break;
845 case CMDQ_OP_CFGI_STE:
846 cmd[0] |= FIELD_PREP(CMDQ_CFGI_0_SID, ent->cfgi.sid);
847 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_LEAF, ent->cfgi.leaf);
848 break;
849 case CMDQ_OP_CFGI_ALL:
850 /* Cover the entire SID range */
851 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_RANGE, 31);
852 break;
853 case CMDQ_OP_TLBI_NH_VA:
854 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
855 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
856 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_VA_MASK;
857 break;
858 case CMDQ_OP_TLBI_S2_IPA:
859 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
860 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
861 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_IPA_MASK;
862 break;
863 case CMDQ_OP_TLBI_NH_ASID:
864 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
865 /* Fallthrough */
866 case CMDQ_OP_TLBI_S12_VMALL:
867 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
868 break;
869 case CMDQ_OP_ATC_INV:
870 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
871 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_GLOBAL, ent->atc.global);
872 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SSID, ent->atc.ssid);
873 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SID, ent->atc.sid);
874 cmd[1] |= FIELD_PREP(CMDQ_ATC_1_SIZE, ent->atc.size);
875 cmd[1] |= ent->atc.addr & CMDQ_ATC_1_ADDR_MASK;
876 break;
877 case CMDQ_OP_PRI_RESP:
878 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
879 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SSID, ent->pri.ssid);
880 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SID, ent->pri.sid);
881 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_GRPID, ent->pri.grpid);
882 switch (ent->pri.resp) {
883 case PRI_RESP_DENY:
884 case PRI_RESP_FAIL:
885 case PRI_RESP_SUCC:
886 break;
887 default:
888 return -EINVAL;
889 }
890 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_RESP, ent->pri.resp);
891 break;
892 case CMDQ_OP_CMD_SYNC:
893 if (ent->sync.msiaddr) {
894 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_IRQ);
895 cmd[1] |= ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
896 } else {
897 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_SEV);
898 }
899 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
900 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
901 break;
902 default:
903 return -ENOENT;
904 }
905
906 return 0;
907 }
908
arm_smmu_cmdq_build_sync_cmd(u64 * cmd,struct arm_smmu_device * smmu,u32 prod)909 static void arm_smmu_cmdq_build_sync_cmd(u64 *cmd, struct arm_smmu_device *smmu,
910 u32 prod)
911 {
912 struct arm_smmu_queue *q = &smmu->cmdq.q;
913 struct arm_smmu_cmdq_ent ent = {
914 .opcode = CMDQ_OP_CMD_SYNC,
915 };
916
917 /*
918 * Beware that Hi16xx adds an extra 32 bits of goodness to its MSI
919 * payload, so the write will zero the entire command on that platform.
920 */
921 if (smmu->features & ARM_SMMU_FEAT_MSI &&
922 smmu->features & ARM_SMMU_FEAT_COHERENCY) {
923 ent.sync.msiaddr = q->base_dma + Q_IDX(&q->llq, prod) *
924 q->ent_dwords * 8;
925 }
926
927 arm_smmu_cmdq_build_cmd(cmd, &ent);
928 }
929
arm_smmu_cmdq_skip_err(struct arm_smmu_device * smmu)930 static void arm_smmu_cmdq_skip_err(struct arm_smmu_device *smmu)
931 {
932 static const char *cerror_str[] = {
933 [CMDQ_ERR_CERROR_NONE_IDX] = "No error",
934 [CMDQ_ERR_CERROR_ILL_IDX] = "Illegal command",
935 [CMDQ_ERR_CERROR_ABT_IDX] = "Abort on command fetch",
936 [CMDQ_ERR_CERROR_ATC_INV_IDX] = "ATC invalidate timeout",
937 };
938
939 int i;
940 u64 cmd[CMDQ_ENT_DWORDS];
941 struct arm_smmu_queue *q = &smmu->cmdq.q;
942 u32 cons = readl_relaxed(q->cons_reg);
943 u32 idx = FIELD_GET(CMDQ_CONS_ERR, cons);
944 struct arm_smmu_cmdq_ent cmd_sync = {
945 .opcode = CMDQ_OP_CMD_SYNC,
946 };
947
948 dev_err(smmu->dev, "CMDQ error (cons 0x%08x): %s\n", cons,
949 idx < ARRAY_SIZE(cerror_str) ? cerror_str[idx] : "Unknown");
950
951 switch (idx) {
952 case CMDQ_ERR_CERROR_ABT_IDX:
953 dev_err(smmu->dev, "retrying command fetch\n");
954 case CMDQ_ERR_CERROR_NONE_IDX:
955 return;
956 case CMDQ_ERR_CERROR_ATC_INV_IDX:
957 /*
958 * ATC Invalidation Completion timeout. CONS is still pointing
959 * at the CMD_SYNC. Attempt to complete other pending commands
960 * by repeating the CMD_SYNC, though we might well end up back
961 * here since the ATC invalidation may still be pending.
962 */
963 return;
964 case CMDQ_ERR_CERROR_ILL_IDX:
965 /* Fallthrough */
966 default:
967 break;
968 }
969
970 /*
971 * We may have concurrent producers, so we need to be careful
972 * not to touch any of the shadow cmdq state.
973 */
974 queue_read(cmd, Q_ENT(q, cons), q->ent_dwords);
975 dev_err(smmu->dev, "skipping command in error state:\n");
976 for (i = 0; i < ARRAY_SIZE(cmd); ++i)
977 dev_err(smmu->dev, "\t0x%016llx\n", (unsigned long long)cmd[i]);
978
979 /* Convert the erroneous command into a CMD_SYNC */
980 if (arm_smmu_cmdq_build_cmd(cmd, &cmd_sync)) {
981 dev_err(smmu->dev, "failed to convert to CMD_SYNC\n");
982 return;
983 }
984
985 queue_write(Q_ENT(q, cons), cmd, q->ent_dwords);
986 }
987
988 /*
989 * Command queue locking.
990 * This is a form of bastardised rwlock with the following major changes:
991 *
992 * - The only LOCK routines are exclusive_trylock() and shared_lock().
993 * Neither have barrier semantics, and instead provide only a control
994 * dependency.
995 *
996 * - The UNLOCK routines are supplemented with shared_tryunlock(), which
997 * fails if the caller appears to be the last lock holder (yes, this is
998 * racy). All successful UNLOCK routines have RELEASE semantics.
999 */
arm_smmu_cmdq_shared_lock(struct arm_smmu_cmdq * cmdq)1000 static void arm_smmu_cmdq_shared_lock(struct arm_smmu_cmdq *cmdq)
1001 {
1002 int val;
1003
1004 /*
1005 * We can try to avoid the cmpxchg() loop by simply incrementing the
1006 * lock counter. When held in exclusive state, the lock counter is set
1007 * to INT_MIN so these increments won't hurt as the value will remain
1008 * negative.
1009 */
1010 if (atomic_fetch_inc_relaxed(&cmdq->lock) >= 0)
1011 return;
1012
1013 do {
1014 val = atomic_cond_read_relaxed(&cmdq->lock, VAL >= 0);
1015 } while (atomic_cmpxchg_relaxed(&cmdq->lock, val, val + 1) != val);
1016 }
1017
arm_smmu_cmdq_shared_unlock(struct arm_smmu_cmdq * cmdq)1018 static void arm_smmu_cmdq_shared_unlock(struct arm_smmu_cmdq *cmdq)
1019 {
1020 (void)atomic_dec_return_release(&cmdq->lock);
1021 }
1022
arm_smmu_cmdq_shared_tryunlock(struct arm_smmu_cmdq * cmdq)1023 static bool arm_smmu_cmdq_shared_tryunlock(struct arm_smmu_cmdq *cmdq)
1024 {
1025 if (atomic_read(&cmdq->lock) == 1)
1026 return false;
1027
1028 arm_smmu_cmdq_shared_unlock(cmdq);
1029 return true;
1030 }
1031
1032 #define arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags) \
1033 ({ \
1034 bool __ret; \
1035 local_irq_save(flags); \
1036 __ret = !atomic_cmpxchg_relaxed(&cmdq->lock, 0, INT_MIN); \
1037 if (!__ret) \
1038 local_irq_restore(flags); \
1039 __ret; \
1040 })
1041
1042 #define arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags) \
1043 ({ \
1044 atomic_set_release(&cmdq->lock, 0); \
1045 local_irq_restore(flags); \
1046 })
1047
1048
1049 /*
1050 * Command queue insertion.
1051 * This is made fiddly by our attempts to achieve some sort of scalability
1052 * since there is one queue shared amongst all of the CPUs in the system. If
1053 * you like mixed-size concurrency, dependency ordering and relaxed atomics,
1054 * then you'll *love* this monstrosity.
1055 *
1056 * The basic idea is to split the queue up into ranges of commands that are
1057 * owned by a given CPU; the owner may not have written all of the commands
1058 * itself, but is responsible for advancing the hardware prod pointer when
1059 * the time comes. The algorithm is roughly:
1060 *
1061 * 1. Allocate some space in the queue. At this point we also discover
1062 * whether the head of the queue is currently owned by another CPU,
1063 * or whether we are the owner.
1064 *
1065 * 2. Write our commands into our allocated slots in the queue.
1066 *
1067 * 3. Mark our slots as valid in arm_smmu_cmdq.valid_map.
1068 *
1069 * 4. If we are an owner:
1070 * a. Wait for the previous owner to finish.
1071 * b. Mark the queue head as unowned, which tells us the range
1072 * that we are responsible for publishing.
1073 * c. Wait for all commands in our owned range to become valid.
1074 * d. Advance the hardware prod pointer.
1075 * e. Tell the next owner we've finished.
1076 *
1077 * 5. If we are inserting a CMD_SYNC (we may or may not have been an
1078 * owner), then we need to stick around until it has completed:
1079 * a. If we have MSIs, the SMMU can write back into the CMD_SYNC
1080 * to clear the first 4 bytes.
1081 * b. Otherwise, we spin waiting for the hardware cons pointer to
1082 * advance past our command.
1083 *
1084 * The devil is in the details, particularly the use of locking for handling
1085 * SYNC completion and freeing up space in the queue before we think that it is
1086 * full.
1087 */
__arm_smmu_cmdq_poll_set_valid_map(struct arm_smmu_cmdq * cmdq,u32 sprod,u32 eprod,bool set)1088 static void __arm_smmu_cmdq_poll_set_valid_map(struct arm_smmu_cmdq *cmdq,
1089 u32 sprod, u32 eprod, bool set)
1090 {
1091 u32 swidx, sbidx, ewidx, ebidx;
1092 struct arm_smmu_ll_queue llq = {
1093 .max_n_shift = cmdq->q.llq.max_n_shift,
1094 .prod = sprod,
1095 };
1096
1097 ewidx = BIT_WORD(Q_IDX(&llq, eprod));
1098 ebidx = Q_IDX(&llq, eprod) % BITS_PER_LONG;
1099
1100 while (llq.prod != eprod) {
1101 unsigned long mask;
1102 atomic_long_t *ptr;
1103 u32 limit = BITS_PER_LONG;
1104
1105 swidx = BIT_WORD(Q_IDX(&llq, llq.prod));
1106 sbidx = Q_IDX(&llq, llq.prod) % BITS_PER_LONG;
1107
1108 ptr = &cmdq->valid_map[swidx];
1109
1110 if ((swidx == ewidx) && (sbidx < ebidx))
1111 limit = ebidx;
1112
1113 mask = GENMASK(limit - 1, sbidx);
1114
1115 /*
1116 * The valid bit is the inverse of the wrap bit. This means
1117 * that a zero-initialised queue is invalid and, after marking
1118 * all entries as valid, they become invalid again when we
1119 * wrap.
1120 */
1121 if (set) {
1122 atomic_long_xor(mask, ptr);
1123 } else { /* Poll */
1124 unsigned long valid;
1125
1126 valid = (ULONG_MAX + !!Q_WRP(&llq, llq.prod)) & mask;
1127 atomic_long_cond_read_relaxed(ptr, (VAL & mask) == valid);
1128 }
1129
1130 llq.prod = queue_inc_prod_n(&llq, limit - sbidx);
1131 }
1132 }
1133
1134 /* Mark all entries in the range [sprod, eprod) as valid */
arm_smmu_cmdq_set_valid_map(struct arm_smmu_cmdq * cmdq,u32 sprod,u32 eprod)1135 static void arm_smmu_cmdq_set_valid_map(struct arm_smmu_cmdq *cmdq,
1136 u32 sprod, u32 eprod)
1137 {
1138 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, true);
1139 }
1140
1141 /* Wait for all entries in the range [sprod, eprod) to become valid */
arm_smmu_cmdq_poll_valid_map(struct arm_smmu_cmdq * cmdq,u32 sprod,u32 eprod)1142 static void arm_smmu_cmdq_poll_valid_map(struct arm_smmu_cmdq *cmdq,
1143 u32 sprod, u32 eprod)
1144 {
1145 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, false);
1146 }
1147
1148 /* Wait for the command queue to become non-full */
arm_smmu_cmdq_poll_until_not_full(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1149 static int arm_smmu_cmdq_poll_until_not_full(struct arm_smmu_device *smmu,
1150 struct arm_smmu_ll_queue *llq)
1151 {
1152 unsigned long flags;
1153 struct arm_smmu_queue_poll qp;
1154 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1155 int ret = 0;
1156
1157 /*
1158 * Try to update our copy of cons by grabbing exclusive cmdq access. If
1159 * that fails, spin until somebody else updates it for us.
1160 */
1161 if (arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags)) {
1162 WRITE_ONCE(cmdq->q.llq.cons, readl_relaxed(cmdq->q.cons_reg));
1163 arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags);
1164 llq->val = READ_ONCE(cmdq->q.llq.val);
1165 return 0;
1166 }
1167
1168 queue_poll_init(smmu, &qp);
1169 do {
1170 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1171 if (!queue_full(llq))
1172 break;
1173
1174 ret = queue_poll(&qp);
1175 } while (!ret);
1176
1177 return ret;
1178 }
1179
1180 /*
1181 * Wait until the SMMU signals a CMD_SYNC completion MSI.
1182 * Must be called with the cmdq lock held in some capacity.
1183 */
__arm_smmu_cmdq_poll_until_msi(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1184 static int __arm_smmu_cmdq_poll_until_msi(struct arm_smmu_device *smmu,
1185 struct arm_smmu_ll_queue *llq)
1186 {
1187 int ret = 0;
1188 struct arm_smmu_queue_poll qp;
1189 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1190 u32 *cmd = (u32 *)(Q_ENT(&cmdq->q, llq->prod));
1191
1192 queue_poll_init(smmu, &qp);
1193
1194 /*
1195 * The MSI won't generate an event, since it's being written back
1196 * into the command queue.
1197 */
1198 qp.wfe = false;
1199 smp_cond_load_relaxed(cmd, !VAL || (ret = queue_poll(&qp)));
1200 llq->cons = ret ? llq->prod : queue_inc_prod_n(llq, 1);
1201 return ret;
1202 }
1203
1204 /*
1205 * Wait until the SMMU cons index passes llq->prod.
1206 * Must be called with the cmdq lock held in some capacity.
1207 */
__arm_smmu_cmdq_poll_until_consumed(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1208 static int __arm_smmu_cmdq_poll_until_consumed(struct arm_smmu_device *smmu,
1209 struct arm_smmu_ll_queue *llq)
1210 {
1211 struct arm_smmu_queue_poll qp;
1212 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1213 u32 prod = llq->prod;
1214 int ret = 0;
1215
1216 queue_poll_init(smmu, &qp);
1217 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1218 do {
1219 if (queue_consumed(llq, prod))
1220 break;
1221
1222 ret = queue_poll(&qp);
1223
1224 /*
1225 * This needs to be a readl() so that our subsequent call
1226 * to arm_smmu_cmdq_shared_tryunlock() can fail accurately.
1227 *
1228 * Specifically, we need to ensure that we observe all
1229 * shared_lock()s by other CMD_SYNCs that share our owner,
1230 * so that a failing call to tryunlock() means that we're
1231 * the last one out and therefore we can safely advance
1232 * cmdq->q.llq.cons. Roughly speaking:
1233 *
1234 * CPU 0 CPU1 CPU2 (us)
1235 *
1236 * if (sync)
1237 * shared_lock();
1238 *
1239 * dma_wmb();
1240 * set_valid_map();
1241 *
1242 * if (owner) {
1243 * poll_valid_map();
1244 * <control dependency>
1245 * writel(prod_reg);
1246 *
1247 * readl(cons_reg);
1248 * tryunlock();
1249 *
1250 * Requires us to see CPU 0's shared_lock() acquisition.
1251 */
1252 llq->cons = readl(cmdq->q.cons_reg);
1253 } while (!ret);
1254
1255 return ret;
1256 }
1257
arm_smmu_cmdq_poll_until_sync(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1258 static int arm_smmu_cmdq_poll_until_sync(struct arm_smmu_device *smmu,
1259 struct arm_smmu_ll_queue *llq)
1260 {
1261 if (smmu->features & ARM_SMMU_FEAT_MSI &&
1262 smmu->features & ARM_SMMU_FEAT_COHERENCY)
1263 return __arm_smmu_cmdq_poll_until_msi(smmu, llq);
1264
1265 return __arm_smmu_cmdq_poll_until_consumed(smmu, llq);
1266 }
1267
arm_smmu_cmdq_write_entries(struct arm_smmu_cmdq * cmdq,u64 * cmds,u32 prod,int n)1268 static void arm_smmu_cmdq_write_entries(struct arm_smmu_cmdq *cmdq, u64 *cmds,
1269 u32 prod, int n)
1270 {
1271 int i;
1272 struct arm_smmu_ll_queue llq = {
1273 .max_n_shift = cmdq->q.llq.max_n_shift,
1274 .prod = prod,
1275 };
1276
1277 for (i = 0; i < n; ++i) {
1278 u64 *cmd = &cmds[i * CMDQ_ENT_DWORDS];
1279
1280 prod = queue_inc_prod_n(&llq, i);
1281 queue_write(Q_ENT(&cmdq->q, prod), cmd, CMDQ_ENT_DWORDS);
1282 }
1283 }
1284
1285 /*
1286 * This is the actual insertion function, and provides the following
1287 * ordering guarantees to callers:
1288 *
1289 * - There is a dma_wmb() before publishing any commands to the queue.
1290 * This can be relied upon to order prior writes to data structures
1291 * in memory (such as a CD or an STE) before the command.
1292 *
1293 * - On completion of a CMD_SYNC, there is a control dependency.
1294 * This can be relied upon to order subsequent writes to memory (e.g.
1295 * freeing an IOVA) after completion of the CMD_SYNC.
1296 *
1297 * - Command insertion is totally ordered, so if two CPUs each race to
1298 * insert their own list of commands then all of the commands from one
1299 * CPU will appear before any of the commands from the other CPU.
1300 */
arm_smmu_cmdq_issue_cmdlist(struct arm_smmu_device * smmu,u64 * cmds,int n,bool sync)1301 static int arm_smmu_cmdq_issue_cmdlist(struct arm_smmu_device *smmu,
1302 u64 *cmds, int n, bool sync)
1303 {
1304 u64 cmd_sync[CMDQ_ENT_DWORDS];
1305 u32 prod;
1306 unsigned long flags;
1307 bool owner;
1308 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1309 struct arm_smmu_ll_queue llq = {
1310 .max_n_shift = cmdq->q.llq.max_n_shift,
1311 }, head = llq;
1312 int ret = 0;
1313
1314 /* 1. Allocate some space in the queue */
1315 local_irq_save(flags);
1316 llq.val = READ_ONCE(cmdq->q.llq.val);
1317 do {
1318 u64 old;
1319
1320 while (!queue_has_space(&llq, n + sync)) {
1321 local_irq_restore(flags);
1322 if (arm_smmu_cmdq_poll_until_not_full(smmu, &llq))
1323 dev_err_ratelimited(smmu->dev, "CMDQ timeout\n");
1324 local_irq_save(flags);
1325 }
1326
1327 head.cons = llq.cons;
1328 head.prod = queue_inc_prod_n(&llq, n + sync) |
1329 CMDQ_PROD_OWNED_FLAG;
1330
1331 old = cmpxchg_relaxed(&cmdq->q.llq.val, llq.val, head.val);
1332 if (old == llq.val)
1333 break;
1334
1335 llq.val = old;
1336 } while (1);
1337 owner = !(llq.prod & CMDQ_PROD_OWNED_FLAG);
1338 head.prod &= ~CMDQ_PROD_OWNED_FLAG;
1339 llq.prod &= ~CMDQ_PROD_OWNED_FLAG;
1340
1341 /*
1342 * 2. Write our commands into the queue
1343 * Dependency ordering from the cmpxchg() loop above.
1344 */
1345 arm_smmu_cmdq_write_entries(cmdq, cmds, llq.prod, n);
1346 if (sync) {
1347 prod = queue_inc_prod_n(&llq, n);
1348 arm_smmu_cmdq_build_sync_cmd(cmd_sync, smmu, prod);
1349 queue_write(Q_ENT(&cmdq->q, prod), cmd_sync, CMDQ_ENT_DWORDS);
1350
1351 /*
1352 * In order to determine completion of our CMD_SYNC, we must
1353 * ensure that the queue can't wrap twice without us noticing.
1354 * We achieve that by taking the cmdq lock as shared before
1355 * marking our slot as valid.
1356 */
1357 arm_smmu_cmdq_shared_lock(cmdq);
1358 }
1359
1360 /* 3. Mark our slots as valid, ensuring commands are visible first */
1361 dma_wmb();
1362 arm_smmu_cmdq_set_valid_map(cmdq, llq.prod, head.prod);
1363
1364 /* 4. If we are the owner, take control of the SMMU hardware */
1365 if (owner) {
1366 /* a. Wait for previous owner to finish */
1367 atomic_cond_read_relaxed(&cmdq->owner_prod, VAL == llq.prod);
1368
1369 /* b. Stop gathering work by clearing the owned flag */
1370 prod = atomic_fetch_andnot_relaxed(CMDQ_PROD_OWNED_FLAG,
1371 &cmdq->q.llq.atomic.prod);
1372 prod &= ~CMDQ_PROD_OWNED_FLAG;
1373
1374 /*
1375 * c. Wait for any gathered work to be written to the queue.
1376 * Note that we read our own entries so that we have the control
1377 * dependency required by (d).
1378 */
1379 arm_smmu_cmdq_poll_valid_map(cmdq, llq.prod, prod);
1380
1381 /*
1382 * d. Advance the hardware prod pointer
1383 * Control dependency ordering from the entries becoming valid.
1384 */
1385 writel_relaxed(prod, cmdq->q.prod_reg);
1386
1387 /*
1388 * e. Tell the next owner we're done
1389 * Make sure we've updated the hardware first, so that we don't
1390 * race to update prod and potentially move it backwards.
1391 */
1392 atomic_set_release(&cmdq->owner_prod, prod);
1393 }
1394
1395 /* 5. If we are inserting a CMD_SYNC, we must wait for it to complete */
1396 if (sync) {
1397 llq.prod = queue_inc_prod_n(&llq, n);
1398 ret = arm_smmu_cmdq_poll_until_sync(smmu, &llq);
1399 if (ret) {
1400 dev_err_ratelimited(smmu->dev,
1401 "CMD_SYNC timeout at 0x%08x [hwprod 0x%08x, hwcons 0x%08x]\n",
1402 llq.prod,
1403 readl_relaxed(cmdq->q.prod_reg),
1404 readl_relaxed(cmdq->q.cons_reg));
1405 }
1406
1407 /*
1408 * Try to unlock the cmq lock. This will fail if we're the last
1409 * reader, in which case we can safely update cmdq->q.llq.cons
1410 */
1411 if (!arm_smmu_cmdq_shared_tryunlock(cmdq)) {
1412 WRITE_ONCE(cmdq->q.llq.cons, llq.cons);
1413 arm_smmu_cmdq_shared_unlock(cmdq);
1414 }
1415 }
1416
1417 local_irq_restore(flags);
1418 return ret;
1419 }
1420
arm_smmu_cmdq_issue_cmd(struct arm_smmu_device * smmu,struct arm_smmu_cmdq_ent * ent)1421 static int arm_smmu_cmdq_issue_cmd(struct arm_smmu_device *smmu,
1422 struct arm_smmu_cmdq_ent *ent)
1423 {
1424 u64 cmd[CMDQ_ENT_DWORDS];
1425
1426 if (arm_smmu_cmdq_build_cmd(cmd, ent)) {
1427 dev_warn(smmu->dev, "ignoring unknown CMDQ opcode 0x%x\n",
1428 ent->opcode);
1429 return -EINVAL;
1430 }
1431
1432 return arm_smmu_cmdq_issue_cmdlist(smmu, cmd, 1, false);
1433 }
1434
arm_smmu_cmdq_issue_sync(struct arm_smmu_device * smmu)1435 static int arm_smmu_cmdq_issue_sync(struct arm_smmu_device *smmu)
1436 {
1437 return arm_smmu_cmdq_issue_cmdlist(smmu, NULL, 0, true);
1438 }
1439
1440 /* Context descriptor manipulation functions */
arm_smmu_cpu_tcr_to_cd(u64 tcr)1441 static u64 arm_smmu_cpu_tcr_to_cd(u64 tcr)
1442 {
1443 u64 val = 0;
1444
1445 /* Repack the TCR. Just care about TTBR0 for now */
1446 val |= ARM_SMMU_TCR2CD(tcr, T0SZ);
1447 val |= ARM_SMMU_TCR2CD(tcr, TG0);
1448 val |= ARM_SMMU_TCR2CD(tcr, IRGN0);
1449 val |= ARM_SMMU_TCR2CD(tcr, ORGN0);
1450 val |= ARM_SMMU_TCR2CD(tcr, SH0);
1451 val |= ARM_SMMU_TCR2CD(tcr, EPD0);
1452 val |= ARM_SMMU_TCR2CD(tcr, EPD1);
1453 val |= ARM_SMMU_TCR2CD(tcr, IPS);
1454
1455 return val;
1456 }
1457
arm_smmu_write_ctx_desc(struct arm_smmu_device * smmu,struct arm_smmu_s1_cfg * cfg)1458 static void arm_smmu_write_ctx_desc(struct arm_smmu_device *smmu,
1459 struct arm_smmu_s1_cfg *cfg)
1460 {
1461 u64 val;
1462
1463 /*
1464 * We don't need to issue any invalidation here, as we'll invalidate
1465 * the STE when installing the new entry anyway.
1466 */
1467 val = arm_smmu_cpu_tcr_to_cd(cfg->cd.tcr) |
1468 #ifdef __BIG_ENDIAN
1469 CTXDESC_CD_0_ENDI |
1470 #endif
1471 CTXDESC_CD_0_R | CTXDESC_CD_0_A | CTXDESC_CD_0_ASET |
1472 CTXDESC_CD_0_AA64 | FIELD_PREP(CTXDESC_CD_0_ASID, cfg->cd.asid) |
1473 CTXDESC_CD_0_V;
1474
1475 /* STALL_MODEL==0b10 && CD.S==0 is ILLEGAL */
1476 if (smmu->features & ARM_SMMU_FEAT_STALL_FORCE)
1477 val |= CTXDESC_CD_0_S;
1478
1479 cfg->cdptr[0] = cpu_to_le64(val);
1480
1481 val = cfg->cd.ttbr & CTXDESC_CD_1_TTB0_MASK;
1482 cfg->cdptr[1] = cpu_to_le64(val);
1483
1484 cfg->cdptr[3] = cpu_to_le64(cfg->cd.mair);
1485 }
1486
1487 /* Stream table manipulation functions */
1488 static void
arm_smmu_write_strtab_l1_desc(__le64 * dst,struct arm_smmu_strtab_l1_desc * desc)1489 arm_smmu_write_strtab_l1_desc(__le64 *dst, struct arm_smmu_strtab_l1_desc *desc)
1490 {
1491 u64 val = 0;
1492
1493 val |= FIELD_PREP(STRTAB_L1_DESC_SPAN, desc->span);
1494 val |= desc->l2ptr_dma & STRTAB_L1_DESC_L2PTR_MASK;
1495
1496 *dst = cpu_to_le64(val);
1497 }
1498
arm_smmu_sync_ste_for_sid(struct arm_smmu_device * smmu,u32 sid)1499 static void arm_smmu_sync_ste_for_sid(struct arm_smmu_device *smmu, u32 sid)
1500 {
1501 struct arm_smmu_cmdq_ent cmd = {
1502 .opcode = CMDQ_OP_CFGI_STE,
1503 .cfgi = {
1504 .sid = sid,
1505 .leaf = true,
1506 },
1507 };
1508
1509 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1510 arm_smmu_cmdq_issue_sync(smmu);
1511 }
1512
arm_smmu_write_strtab_ent(struct arm_smmu_master * master,u32 sid,__le64 * dst)1513 static void arm_smmu_write_strtab_ent(struct arm_smmu_master *master, u32 sid,
1514 __le64 *dst)
1515 {
1516 /*
1517 * This is hideously complicated, but we only really care about
1518 * three cases at the moment:
1519 *
1520 * 1. Invalid (all zero) -> bypass/fault (init)
1521 * 2. Bypass/fault -> translation/bypass (attach)
1522 * 3. Translation/bypass -> bypass/fault (detach)
1523 *
1524 * Given that we can't update the STE atomically and the SMMU
1525 * doesn't read the thing in a defined order, that leaves us
1526 * with the following maintenance requirements:
1527 *
1528 * 1. Update Config, return (init time STEs aren't live)
1529 * 2. Write everything apart from dword 0, sync, write dword 0, sync
1530 * 3. Update Config, sync
1531 */
1532 u64 val = le64_to_cpu(dst[0]);
1533 bool ste_live = false;
1534 struct arm_smmu_device *smmu = NULL;
1535 struct arm_smmu_s1_cfg *s1_cfg = NULL;
1536 struct arm_smmu_s2_cfg *s2_cfg = NULL;
1537 struct arm_smmu_domain *smmu_domain = NULL;
1538 struct arm_smmu_cmdq_ent prefetch_cmd = {
1539 .opcode = CMDQ_OP_PREFETCH_CFG,
1540 .prefetch = {
1541 .sid = sid,
1542 },
1543 };
1544
1545 if (master) {
1546 smmu_domain = master->domain;
1547 smmu = master->smmu;
1548 }
1549
1550 if (smmu_domain) {
1551 switch (smmu_domain->stage) {
1552 case ARM_SMMU_DOMAIN_S1:
1553 s1_cfg = &smmu_domain->s1_cfg;
1554 break;
1555 case ARM_SMMU_DOMAIN_S2:
1556 case ARM_SMMU_DOMAIN_NESTED:
1557 s2_cfg = &smmu_domain->s2_cfg;
1558 break;
1559 default:
1560 break;
1561 }
1562 }
1563
1564 if (val & STRTAB_STE_0_V) {
1565 switch (FIELD_GET(STRTAB_STE_0_CFG, val)) {
1566 case STRTAB_STE_0_CFG_BYPASS:
1567 break;
1568 case STRTAB_STE_0_CFG_S1_TRANS:
1569 case STRTAB_STE_0_CFG_S2_TRANS:
1570 ste_live = true;
1571 break;
1572 case STRTAB_STE_0_CFG_ABORT:
1573 BUG_ON(!disable_bypass);
1574 break;
1575 default:
1576 BUG(); /* STE corruption */
1577 }
1578 }
1579
1580 /* Nuke the existing STE_0 value, as we're going to rewrite it */
1581 val = STRTAB_STE_0_V;
1582
1583 /* Bypass/fault */
1584 if (!smmu_domain || !(s1_cfg || s2_cfg)) {
1585 if (!smmu_domain && disable_bypass)
1586 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_ABORT);
1587 else
1588 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_BYPASS);
1589
1590 dst[0] = cpu_to_le64(val);
1591 dst[1] = cpu_to_le64(FIELD_PREP(STRTAB_STE_1_SHCFG,
1592 STRTAB_STE_1_SHCFG_INCOMING));
1593 dst[2] = 0; /* Nuke the VMID */
1594 /*
1595 * The SMMU can perform negative caching, so we must sync
1596 * the STE regardless of whether the old value was live.
1597 */
1598 if (smmu)
1599 arm_smmu_sync_ste_for_sid(smmu, sid);
1600 return;
1601 }
1602
1603 if (s1_cfg) {
1604 BUG_ON(ste_live);
1605 dst[1] = cpu_to_le64(
1606 FIELD_PREP(STRTAB_STE_1_S1CIR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1607 FIELD_PREP(STRTAB_STE_1_S1COR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1608 FIELD_PREP(STRTAB_STE_1_S1CSH, ARM_SMMU_SH_ISH) |
1609 FIELD_PREP(STRTAB_STE_1_STRW, STRTAB_STE_1_STRW_NSEL1));
1610
1611 if (smmu->features & ARM_SMMU_FEAT_STALLS &&
1612 !(smmu->features & ARM_SMMU_FEAT_STALL_FORCE))
1613 dst[1] |= cpu_to_le64(STRTAB_STE_1_S1STALLD);
1614
1615 val |= (s1_cfg->cdptr_dma & STRTAB_STE_0_S1CTXPTR_MASK) |
1616 FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S1_TRANS);
1617 }
1618
1619 if (s2_cfg) {
1620 BUG_ON(ste_live);
1621 dst[2] = cpu_to_le64(
1622 FIELD_PREP(STRTAB_STE_2_S2VMID, s2_cfg->vmid) |
1623 FIELD_PREP(STRTAB_STE_2_VTCR, s2_cfg->vtcr) |
1624 #ifdef __BIG_ENDIAN
1625 STRTAB_STE_2_S2ENDI |
1626 #endif
1627 STRTAB_STE_2_S2PTW | STRTAB_STE_2_S2AA64 |
1628 STRTAB_STE_2_S2R);
1629
1630 dst[3] = cpu_to_le64(s2_cfg->vttbr & STRTAB_STE_3_S2TTB_MASK);
1631
1632 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S2_TRANS);
1633 }
1634
1635 if (master->ats_enabled)
1636 dst[1] |= cpu_to_le64(FIELD_PREP(STRTAB_STE_1_EATS,
1637 STRTAB_STE_1_EATS_TRANS));
1638
1639 arm_smmu_sync_ste_for_sid(smmu, sid);
1640 dst[0] = cpu_to_le64(val);
1641 arm_smmu_sync_ste_for_sid(smmu, sid);
1642
1643 /* It's likely that we'll want to use the new STE soon */
1644 if (!(smmu->options & ARM_SMMU_OPT_SKIP_PREFETCH))
1645 arm_smmu_cmdq_issue_cmd(smmu, &prefetch_cmd);
1646 }
1647
arm_smmu_init_bypass_stes(u64 * strtab,unsigned int nent)1648 static void arm_smmu_init_bypass_stes(u64 *strtab, unsigned int nent)
1649 {
1650 unsigned int i;
1651
1652 for (i = 0; i < nent; ++i) {
1653 arm_smmu_write_strtab_ent(NULL, -1, strtab);
1654 strtab += STRTAB_STE_DWORDS;
1655 }
1656 }
1657
arm_smmu_init_l2_strtab(struct arm_smmu_device * smmu,u32 sid)1658 static int arm_smmu_init_l2_strtab(struct arm_smmu_device *smmu, u32 sid)
1659 {
1660 size_t size;
1661 void *strtab;
1662 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
1663 struct arm_smmu_strtab_l1_desc *desc = &cfg->l1_desc[sid >> STRTAB_SPLIT];
1664
1665 if (desc->l2ptr)
1666 return 0;
1667
1668 size = 1 << (STRTAB_SPLIT + ilog2(STRTAB_STE_DWORDS) + 3);
1669 strtab = &cfg->strtab[(sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS];
1670
1671 desc->span = STRTAB_SPLIT + 1;
1672 desc->l2ptr = dmam_alloc_coherent(smmu->dev, size, &desc->l2ptr_dma,
1673 GFP_KERNEL | __GFP_ZERO);
1674 if (!desc->l2ptr) {
1675 dev_err(smmu->dev,
1676 "failed to allocate l2 stream table for SID %u\n",
1677 sid);
1678 return -ENOMEM;
1679 }
1680
1681 arm_smmu_init_bypass_stes(desc->l2ptr, 1 << STRTAB_SPLIT);
1682 arm_smmu_write_strtab_l1_desc(strtab, desc);
1683 return 0;
1684 }
1685
1686 /* IRQ and event handlers */
arm_smmu_evtq_thread(int irq,void * dev)1687 static irqreturn_t arm_smmu_evtq_thread(int irq, void *dev)
1688 {
1689 int i;
1690 struct arm_smmu_device *smmu = dev;
1691 struct arm_smmu_queue *q = &smmu->evtq.q;
1692 struct arm_smmu_ll_queue *llq = &q->llq;
1693 u64 evt[EVTQ_ENT_DWORDS];
1694
1695 do {
1696 while (!queue_remove_raw(q, evt)) {
1697 u8 id = FIELD_GET(EVTQ_0_ID, evt[0]);
1698
1699 dev_info(smmu->dev, "event 0x%02x received:\n", id);
1700 for (i = 0; i < ARRAY_SIZE(evt); ++i)
1701 dev_info(smmu->dev, "\t0x%016llx\n",
1702 (unsigned long long)evt[i]);
1703
1704 }
1705
1706 /*
1707 * Not much we can do on overflow, so scream and pretend we're
1708 * trying harder.
1709 */
1710 if (queue_sync_prod_in(q) == -EOVERFLOW)
1711 dev_err(smmu->dev, "EVTQ overflow detected -- events lost\n");
1712 } while (!queue_empty(llq));
1713
1714 /* Sync our overflow flag, as we believe we're up to speed */
1715 llq->cons = Q_OVF(llq->prod) | Q_WRP(llq, llq->cons) |
1716 Q_IDX(llq, llq->cons);
1717 return IRQ_HANDLED;
1718 }
1719
arm_smmu_handle_ppr(struct arm_smmu_device * smmu,u64 * evt)1720 static void arm_smmu_handle_ppr(struct arm_smmu_device *smmu, u64 *evt)
1721 {
1722 u32 sid, ssid;
1723 u16 grpid;
1724 bool ssv, last;
1725
1726 sid = FIELD_GET(PRIQ_0_SID, evt[0]);
1727 ssv = FIELD_GET(PRIQ_0_SSID_V, evt[0]);
1728 ssid = ssv ? FIELD_GET(PRIQ_0_SSID, evt[0]) : 0;
1729 last = FIELD_GET(PRIQ_0_PRG_LAST, evt[0]);
1730 grpid = FIELD_GET(PRIQ_1_PRG_IDX, evt[1]);
1731
1732 dev_info(smmu->dev, "unexpected PRI request received:\n");
1733 dev_info(smmu->dev,
1734 "\tsid 0x%08x.0x%05x: [%u%s] %sprivileged %s%s%s access at iova 0x%016llx\n",
1735 sid, ssid, grpid, last ? "L" : "",
1736 evt[0] & PRIQ_0_PERM_PRIV ? "" : "un",
1737 evt[0] & PRIQ_0_PERM_READ ? "R" : "",
1738 evt[0] & PRIQ_0_PERM_WRITE ? "W" : "",
1739 evt[0] & PRIQ_0_PERM_EXEC ? "X" : "",
1740 evt[1] & PRIQ_1_ADDR_MASK);
1741
1742 if (last) {
1743 struct arm_smmu_cmdq_ent cmd = {
1744 .opcode = CMDQ_OP_PRI_RESP,
1745 .substream_valid = ssv,
1746 .pri = {
1747 .sid = sid,
1748 .ssid = ssid,
1749 .grpid = grpid,
1750 .resp = PRI_RESP_DENY,
1751 },
1752 };
1753
1754 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1755 }
1756 }
1757
arm_smmu_priq_thread(int irq,void * dev)1758 static irqreturn_t arm_smmu_priq_thread(int irq, void *dev)
1759 {
1760 struct arm_smmu_device *smmu = dev;
1761 struct arm_smmu_queue *q = &smmu->priq.q;
1762 struct arm_smmu_ll_queue *llq = &q->llq;
1763 u64 evt[PRIQ_ENT_DWORDS];
1764
1765 do {
1766 while (!queue_remove_raw(q, evt))
1767 arm_smmu_handle_ppr(smmu, evt);
1768
1769 if (queue_sync_prod_in(q) == -EOVERFLOW)
1770 dev_err(smmu->dev, "PRIQ overflow detected -- requests lost\n");
1771 } while (!queue_empty(llq));
1772
1773 /* Sync our overflow flag, as we believe we're up to speed */
1774 llq->cons = Q_OVF(llq->prod) | Q_WRP(llq, llq->cons) |
1775 Q_IDX(llq, llq->cons);
1776 queue_sync_cons_out(q);
1777 return IRQ_HANDLED;
1778 }
1779
1780 static int arm_smmu_device_disable(struct arm_smmu_device *smmu);
1781
arm_smmu_gerror_handler(int irq,void * dev)1782 static irqreturn_t arm_smmu_gerror_handler(int irq, void *dev)
1783 {
1784 u32 gerror, gerrorn, active;
1785 struct arm_smmu_device *smmu = dev;
1786
1787 gerror = readl_relaxed(smmu->base + ARM_SMMU_GERROR);
1788 gerrorn = readl_relaxed(smmu->base + ARM_SMMU_GERRORN);
1789
1790 active = gerror ^ gerrorn;
1791 if (!(active & GERROR_ERR_MASK))
1792 return IRQ_NONE; /* No errors pending */
1793
1794 dev_warn(smmu->dev,
1795 "unexpected global error reported (0x%08x), this could be serious\n",
1796 active);
1797
1798 if (active & GERROR_SFM_ERR) {
1799 dev_err(smmu->dev, "device has entered Service Failure Mode!\n");
1800 arm_smmu_device_disable(smmu);
1801 }
1802
1803 if (active & GERROR_MSI_GERROR_ABT_ERR)
1804 dev_warn(smmu->dev, "GERROR MSI write aborted\n");
1805
1806 if (active & GERROR_MSI_PRIQ_ABT_ERR)
1807 dev_warn(smmu->dev, "PRIQ MSI write aborted\n");
1808
1809 if (active & GERROR_MSI_EVTQ_ABT_ERR)
1810 dev_warn(smmu->dev, "EVTQ MSI write aborted\n");
1811
1812 if (active & GERROR_MSI_CMDQ_ABT_ERR)
1813 dev_warn(smmu->dev, "CMDQ MSI write aborted\n");
1814
1815 if (active & GERROR_PRIQ_ABT_ERR)
1816 dev_err(smmu->dev, "PRIQ write aborted -- events may have been lost\n");
1817
1818 if (active & GERROR_EVTQ_ABT_ERR)
1819 dev_err(smmu->dev, "EVTQ write aborted -- events may have been lost\n");
1820
1821 if (active & GERROR_CMDQ_ERR)
1822 arm_smmu_cmdq_skip_err(smmu);
1823
1824 writel(gerror, smmu->base + ARM_SMMU_GERRORN);
1825 return IRQ_HANDLED;
1826 }
1827
arm_smmu_combined_irq_thread(int irq,void * dev)1828 static irqreturn_t arm_smmu_combined_irq_thread(int irq, void *dev)
1829 {
1830 struct arm_smmu_device *smmu = dev;
1831
1832 arm_smmu_evtq_thread(irq, dev);
1833 if (smmu->features & ARM_SMMU_FEAT_PRI)
1834 arm_smmu_priq_thread(irq, dev);
1835
1836 return IRQ_HANDLED;
1837 }
1838
arm_smmu_combined_irq_handler(int irq,void * dev)1839 static irqreturn_t arm_smmu_combined_irq_handler(int irq, void *dev)
1840 {
1841 arm_smmu_gerror_handler(irq, dev);
1842 return IRQ_WAKE_THREAD;
1843 }
1844
1845 static void
arm_smmu_atc_inv_to_cmd(int ssid,unsigned long iova,size_t size,struct arm_smmu_cmdq_ent * cmd)1846 arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
1847 struct arm_smmu_cmdq_ent *cmd)
1848 {
1849 size_t log2_span;
1850 size_t span_mask;
1851 /* ATC invalidates are always on 4096-bytes pages */
1852 size_t inval_grain_shift = 12;
1853 unsigned long page_start, page_end;
1854
1855 *cmd = (struct arm_smmu_cmdq_ent) {
1856 .opcode = CMDQ_OP_ATC_INV,
1857 .substream_valid = !!ssid,
1858 .atc.ssid = ssid,
1859 };
1860
1861 if (!size) {
1862 cmd->atc.size = ATC_INV_SIZE_ALL;
1863 return;
1864 }
1865
1866 page_start = iova >> inval_grain_shift;
1867 page_end = (iova + size - 1) >> inval_grain_shift;
1868
1869 /*
1870 * In an ATS Invalidate Request, the address must be aligned on the
1871 * range size, which must be a power of two number of page sizes. We
1872 * thus have to choose between grossly over-invalidating the region, or
1873 * splitting the invalidation into multiple commands. For simplicity
1874 * we'll go with the first solution, but should refine it in the future
1875 * if multiple commands are shown to be more efficient.
1876 *
1877 * Find the smallest power of two that covers the range. The most
1878 * significant differing bit between the start and end addresses,
1879 * fls(start ^ end), indicates the required span. For example:
1880 *
1881 * We want to invalidate pages [8; 11]. This is already the ideal range:
1882 * x = 0b1000 ^ 0b1011 = 0b11
1883 * span = 1 << fls(x) = 4
1884 *
1885 * To invalidate pages [7; 10], we need to invalidate [0; 15]:
1886 * x = 0b0111 ^ 0b1010 = 0b1101
1887 * span = 1 << fls(x) = 16
1888 */
1889 log2_span = fls_long(page_start ^ page_end);
1890 span_mask = (1ULL << log2_span) - 1;
1891
1892 page_start &= ~span_mask;
1893
1894 cmd->atc.addr = page_start << inval_grain_shift;
1895 cmd->atc.size = log2_span;
1896 }
1897
arm_smmu_atc_inv_master(struct arm_smmu_master * master,struct arm_smmu_cmdq_ent * cmd)1898 static int arm_smmu_atc_inv_master(struct arm_smmu_master *master,
1899 struct arm_smmu_cmdq_ent *cmd)
1900 {
1901 int i;
1902
1903 if (!master->ats_enabled)
1904 return 0;
1905
1906 for (i = 0; i < master->num_sids; i++) {
1907 cmd->atc.sid = master->sids[i];
1908 arm_smmu_cmdq_issue_cmd(master->smmu, cmd);
1909 }
1910
1911 return arm_smmu_cmdq_issue_sync(master->smmu);
1912 }
1913
arm_smmu_atc_inv_domain(struct arm_smmu_domain * smmu_domain,int ssid,unsigned long iova,size_t size)1914 static int arm_smmu_atc_inv_domain(struct arm_smmu_domain *smmu_domain,
1915 int ssid, unsigned long iova, size_t size)
1916 {
1917 int ret = 0;
1918 unsigned long flags;
1919 struct arm_smmu_cmdq_ent cmd;
1920 struct arm_smmu_master *master;
1921
1922 if (!(smmu_domain->smmu->features & ARM_SMMU_FEAT_ATS))
1923 return 0;
1924
1925 /*
1926 * Ensure that we've completed prior invalidation of the main TLBs
1927 * before we read 'nr_ats_masters' in case of a concurrent call to
1928 * arm_smmu_enable_ats():
1929 *
1930 * // unmap() // arm_smmu_enable_ats()
1931 * TLBI+SYNC atomic_inc(&nr_ats_masters);
1932 * smp_mb(); [...]
1933 * atomic_read(&nr_ats_masters); pci_enable_ats() // writel()
1934 *
1935 * Ensures that we always see the incremented 'nr_ats_masters' count if
1936 * ATS was enabled at the PCI device before completion of the TLBI.
1937 */
1938 smp_mb();
1939 if (!atomic_read(&smmu_domain->nr_ats_masters))
1940 return 0;
1941
1942 arm_smmu_atc_inv_to_cmd(ssid, iova, size, &cmd);
1943
1944 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
1945 list_for_each_entry(master, &smmu_domain->devices, domain_head)
1946 ret |= arm_smmu_atc_inv_master(master, &cmd);
1947 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
1948
1949 return ret ? -ETIMEDOUT : 0;
1950 }
1951
1952 /* IO_PGTABLE API */
arm_smmu_tlb_inv_context(void * cookie)1953 static void arm_smmu_tlb_inv_context(void *cookie)
1954 {
1955 struct arm_smmu_domain *smmu_domain = cookie;
1956 struct arm_smmu_device *smmu = smmu_domain->smmu;
1957 struct arm_smmu_cmdq_ent cmd;
1958
1959 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
1960 cmd.opcode = CMDQ_OP_TLBI_NH_ASID;
1961 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
1962 cmd.tlbi.vmid = 0;
1963 } else {
1964 cmd.opcode = CMDQ_OP_TLBI_S12_VMALL;
1965 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
1966 }
1967
1968 /*
1969 * NOTE: when io-pgtable is in non-strict mode, we may get here with
1970 * PTEs previously cleared by unmaps on the current CPU not yet visible
1971 * to the SMMU. We are relying on the dma_wmb() implicit during cmd
1972 * insertion to guarantee those are observed before the TLBI. Do be
1973 * careful, 007.
1974 */
1975 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1976 arm_smmu_cmdq_issue_sync(smmu);
1977 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
1978 }
1979
arm_smmu_tlb_inv_range(unsigned long iova,size_t size,size_t granule,bool leaf,struct arm_smmu_domain * smmu_domain)1980 static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size,
1981 size_t granule, bool leaf,
1982 struct arm_smmu_domain *smmu_domain)
1983 {
1984 u64 cmds[CMDQ_BATCH_ENTRIES * CMDQ_ENT_DWORDS];
1985 struct arm_smmu_device *smmu = smmu_domain->smmu;
1986 unsigned long start = iova, end = iova + size;
1987 int i = 0;
1988 struct arm_smmu_cmdq_ent cmd = {
1989 .tlbi = {
1990 .leaf = leaf,
1991 },
1992 };
1993
1994 if (!size)
1995 return;
1996
1997 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
1998 cmd.opcode = CMDQ_OP_TLBI_NH_VA;
1999 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
2000 } else {
2001 cmd.opcode = CMDQ_OP_TLBI_S2_IPA;
2002 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
2003 }
2004
2005 while (iova < end) {
2006 if (i == CMDQ_BATCH_ENTRIES) {
2007 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, false);
2008 i = 0;
2009 }
2010
2011 cmd.tlbi.addr = iova;
2012 arm_smmu_cmdq_build_cmd(&cmds[i * CMDQ_ENT_DWORDS], &cmd);
2013 iova += granule;
2014 i++;
2015 }
2016
2017 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, true);
2018
2019 /*
2020 * Unfortunately, this can't be leaf-only since we may have
2021 * zapped an entire table.
2022 */
2023 arm_smmu_atc_inv_domain(smmu_domain, 0, start, size);
2024 }
2025
arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather * gather,unsigned long iova,size_t granule,void * cookie)2026 static void arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather *gather,
2027 unsigned long iova, size_t granule,
2028 void *cookie)
2029 {
2030 struct arm_smmu_domain *smmu_domain = cookie;
2031 struct iommu_domain *domain = &smmu_domain->domain;
2032
2033 iommu_iotlb_gather_add_page(domain, gather, iova, granule);
2034 }
2035
arm_smmu_tlb_inv_walk(unsigned long iova,size_t size,size_t granule,void * cookie)2036 static void arm_smmu_tlb_inv_walk(unsigned long iova, size_t size,
2037 size_t granule, void *cookie)
2038 {
2039 arm_smmu_tlb_inv_range(iova, size, granule, false, cookie);
2040 }
2041
arm_smmu_tlb_inv_leaf(unsigned long iova,size_t size,size_t granule,void * cookie)2042 static void arm_smmu_tlb_inv_leaf(unsigned long iova, size_t size,
2043 size_t granule, void *cookie)
2044 {
2045 arm_smmu_tlb_inv_range(iova, size, granule, true, cookie);
2046 }
2047
2048 static const struct iommu_flush_ops arm_smmu_flush_ops = {
2049 .tlb_flush_all = arm_smmu_tlb_inv_context,
2050 .tlb_flush_walk = arm_smmu_tlb_inv_walk,
2051 .tlb_flush_leaf = arm_smmu_tlb_inv_leaf,
2052 .tlb_add_page = arm_smmu_tlb_inv_page_nosync,
2053 };
2054
2055 /* IOMMU API */
arm_smmu_capable(enum iommu_cap cap)2056 static bool arm_smmu_capable(enum iommu_cap cap)
2057 {
2058 switch (cap) {
2059 case IOMMU_CAP_CACHE_COHERENCY:
2060 return true;
2061 case IOMMU_CAP_NOEXEC:
2062 return true;
2063 default:
2064 return false;
2065 }
2066 }
2067
arm_smmu_domain_alloc(unsigned type)2068 static struct iommu_domain *arm_smmu_domain_alloc(unsigned type)
2069 {
2070 struct arm_smmu_domain *smmu_domain;
2071
2072 if (type != IOMMU_DOMAIN_UNMANAGED &&
2073 type != IOMMU_DOMAIN_DMA &&
2074 type != IOMMU_DOMAIN_IDENTITY)
2075 return NULL;
2076
2077 /*
2078 * Allocate the domain and initialise some of its data structures.
2079 * We can't really do anything meaningful until we've added a
2080 * master.
2081 */
2082 smmu_domain = kzalloc(sizeof(*smmu_domain), GFP_KERNEL);
2083 if (!smmu_domain)
2084 return NULL;
2085
2086 if (type == IOMMU_DOMAIN_DMA &&
2087 iommu_get_dma_cookie(&smmu_domain->domain)) {
2088 kfree(smmu_domain);
2089 return NULL;
2090 }
2091
2092 mutex_init(&smmu_domain->init_mutex);
2093 INIT_LIST_HEAD(&smmu_domain->devices);
2094 spin_lock_init(&smmu_domain->devices_lock);
2095
2096 return &smmu_domain->domain;
2097 }
2098
arm_smmu_bitmap_alloc(unsigned long * map,int span)2099 static int arm_smmu_bitmap_alloc(unsigned long *map, int span)
2100 {
2101 int idx, size = 1 << span;
2102
2103 do {
2104 idx = find_first_zero_bit(map, size);
2105 if (idx == size)
2106 return -ENOSPC;
2107 } while (test_and_set_bit(idx, map));
2108
2109 return idx;
2110 }
2111
arm_smmu_bitmap_free(unsigned long * map,int idx)2112 static void arm_smmu_bitmap_free(unsigned long *map, int idx)
2113 {
2114 clear_bit(idx, map);
2115 }
2116
arm_smmu_domain_free(struct iommu_domain * domain)2117 static void arm_smmu_domain_free(struct iommu_domain *domain)
2118 {
2119 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2120 struct arm_smmu_device *smmu = smmu_domain->smmu;
2121
2122 iommu_put_dma_cookie(domain);
2123 free_io_pgtable_ops(smmu_domain->pgtbl_ops);
2124
2125 /* Free the CD and ASID, if we allocated them */
2126 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
2127 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2128
2129 if (cfg->cdptr) {
2130 dmam_free_coherent(smmu_domain->smmu->dev,
2131 CTXDESC_CD_DWORDS << 3,
2132 cfg->cdptr,
2133 cfg->cdptr_dma);
2134
2135 arm_smmu_bitmap_free(smmu->asid_map, cfg->cd.asid);
2136 }
2137 } else {
2138 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2139 if (cfg->vmid)
2140 arm_smmu_bitmap_free(smmu->vmid_map, cfg->vmid);
2141 }
2142
2143 kfree(smmu_domain);
2144 }
2145
arm_smmu_domain_finalise_s1(struct arm_smmu_domain * smmu_domain,struct io_pgtable_cfg * pgtbl_cfg)2146 static int arm_smmu_domain_finalise_s1(struct arm_smmu_domain *smmu_domain,
2147 struct io_pgtable_cfg *pgtbl_cfg)
2148 {
2149 int ret;
2150 int asid;
2151 struct arm_smmu_device *smmu = smmu_domain->smmu;
2152 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2153
2154 asid = arm_smmu_bitmap_alloc(smmu->asid_map, smmu->asid_bits);
2155 if (asid < 0)
2156 return asid;
2157
2158 cfg->cdptr = dmam_alloc_coherent(smmu->dev, CTXDESC_CD_DWORDS << 3,
2159 &cfg->cdptr_dma,
2160 GFP_KERNEL | __GFP_ZERO);
2161 if (!cfg->cdptr) {
2162 dev_warn(smmu->dev, "failed to allocate context descriptor\n");
2163 ret = -ENOMEM;
2164 goto out_free_asid;
2165 }
2166
2167 cfg->cd.asid = (u16)asid;
2168 cfg->cd.ttbr = pgtbl_cfg->arm_lpae_s1_cfg.ttbr[0];
2169 cfg->cd.tcr = pgtbl_cfg->arm_lpae_s1_cfg.tcr;
2170 cfg->cd.mair = pgtbl_cfg->arm_lpae_s1_cfg.mair[0];
2171 return 0;
2172
2173 out_free_asid:
2174 arm_smmu_bitmap_free(smmu->asid_map, asid);
2175 return ret;
2176 }
2177
arm_smmu_domain_finalise_s2(struct arm_smmu_domain * smmu_domain,struct io_pgtable_cfg * pgtbl_cfg)2178 static int arm_smmu_domain_finalise_s2(struct arm_smmu_domain *smmu_domain,
2179 struct io_pgtable_cfg *pgtbl_cfg)
2180 {
2181 int vmid;
2182 struct arm_smmu_device *smmu = smmu_domain->smmu;
2183 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2184
2185 vmid = arm_smmu_bitmap_alloc(smmu->vmid_map, smmu->vmid_bits);
2186 if (vmid < 0)
2187 return vmid;
2188
2189 cfg->vmid = (u16)vmid;
2190 cfg->vttbr = pgtbl_cfg->arm_lpae_s2_cfg.vttbr;
2191 cfg->vtcr = pgtbl_cfg->arm_lpae_s2_cfg.vtcr;
2192 return 0;
2193 }
2194
arm_smmu_domain_finalise(struct iommu_domain * domain)2195 static int arm_smmu_domain_finalise(struct iommu_domain *domain)
2196 {
2197 int ret;
2198 unsigned long ias, oas;
2199 enum io_pgtable_fmt fmt;
2200 struct io_pgtable_cfg pgtbl_cfg;
2201 struct io_pgtable_ops *pgtbl_ops;
2202 int (*finalise_stage_fn)(struct arm_smmu_domain *,
2203 struct io_pgtable_cfg *);
2204 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2205 struct arm_smmu_device *smmu = smmu_domain->smmu;
2206
2207 if (domain->type == IOMMU_DOMAIN_IDENTITY) {
2208 smmu_domain->stage = ARM_SMMU_DOMAIN_BYPASS;
2209 return 0;
2210 }
2211
2212 /* Restrict the stage to what we can actually support */
2213 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S1))
2214 smmu_domain->stage = ARM_SMMU_DOMAIN_S2;
2215 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S2))
2216 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2217
2218 switch (smmu_domain->stage) {
2219 case ARM_SMMU_DOMAIN_S1:
2220 ias = (smmu->features & ARM_SMMU_FEAT_VAX) ? 52 : 48;
2221 ias = min_t(unsigned long, ias, VA_BITS);
2222 oas = smmu->ias;
2223 fmt = ARM_64_LPAE_S1;
2224 finalise_stage_fn = arm_smmu_domain_finalise_s1;
2225 break;
2226 case ARM_SMMU_DOMAIN_NESTED:
2227 case ARM_SMMU_DOMAIN_S2:
2228 ias = smmu->ias;
2229 oas = smmu->oas;
2230 fmt = ARM_64_LPAE_S2;
2231 finalise_stage_fn = arm_smmu_domain_finalise_s2;
2232 break;
2233 default:
2234 return -EINVAL;
2235 }
2236
2237 pgtbl_cfg = (struct io_pgtable_cfg) {
2238 .pgsize_bitmap = smmu->pgsize_bitmap,
2239 .ias = ias,
2240 .oas = oas,
2241 .coherent_walk = smmu->features & ARM_SMMU_FEAT_COHERENCY,
2242 .tlb = &arm_smmu_flush_ops,
2243 .iommu_dev = smmu->dev,
2244 };
2245
2246 if (smmu_domain->non_strict)
2247 pgtbl_cfg.quirks |= IO_PGTABLE_QUIRK_NON_STRICT;
2248
2249 pgtbl_ops = alloc_io_pgtable_ops(fmt, &pgtbl_cfg, smmu_domain);
2250 if (!pgtbl_ops)
2251 return -ENOMEM;
2252
2253 domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
2254 domain->geometry.aperture_end = (1UL << pgtbl_cfg.ias) - 1;
2255 domain->geometry.force_aperture = true;
2256
2257 ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg);
2258 if (ret < 0) {
2259 free_io_pgtable_ops(pgtbl_ops);
2260 return ret;
2261 }
2262
2263 smmu_domain->pgtbl_ops = pgtbl_ops;
2264 return 0;
2265 }
2266
arm_smmu_get_step_for_sid(struct arm_smmu_device * smmu,u32 sid)2267 static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid)
2268 {
2269 __le64 *step;
2270 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2271
2272 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2273 struct arm_smmu_strtab_l1_desc *l1_desc;
2274 int idx;
2275
2276 /* Two-level walk */
2277 idx = (sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS;
2278 l1_desc = &cfg->l1_desc[idx];
2279 idx = (sid & ((1 << STRTAB_SPLIT) - 1)) * STRTAB_STE_DWORDS;
2280 step = &l1_desc->l2ptr[idx];
2281 } else {
2282 /* Simple linear lookup */
2283 step = &cfg->strtab[sid * STRTAB_STE_DWORDS];
2284 }
2285
2286 return step;
2287 }
2288
arm_smmu_install_ste_for_dev(struct arm_smmu_master * master)2289 static void arm_smmu_install_ste_for_dev(struct arm_smmu_master *master)
2290 {
2291 int i, j;
2292 struct arm_smmu_device *smmu = master->smmu;
2293
2294 for (i = 0; i < master->num_sids; ++i) {
2295 u32 sid = master->sids[i];
2296 __le64 *step = arm_smmu_get_step_for_sid(smmu, sid);
2297
2298 /* Bridged PCI devices may end up with duplicated IDs */
2299 for (j = 0; j < i; j++)
2300 if (master->sids[j] == sid)
2301 break;
2302 if (j < i)
2303 continue;
2304
2305 arm_smmu_write_strtab_ent(master, sid, step);
2306 }
2307 }
2308
2309 #ifdef CONFIG_PCI_ATS
arm_smmu_ats_supported(struct arm_smmu_master * master)2310 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2311 {
2312 struct pci_dev *pdev;
2313 struct arm_smmu_device *smmu = master->smmu;
2314 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(master->dev);
2315
2316 if (!(smmu->features & ARM_SMMU_FEAT_ATS) || !dev_is_pci(master->dev) ||
2317 !(fwspec->flags & IOMMU_FWSPEC_PCI_RC_ATS) || pci_ats_disabled())
2318 return false;
2319
2320 pdev = to_pci_dev(master->dev);
2321 return !pdev->untrusted && pdev->ats_cap;
2322 }
2323 #else
arm_smmu_ats_supported(struct arm_smmu_master * master)2324 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2325 {
2326 return false;
2327 }
2328 #endif
2329
arm_smmu_enable_ats(struct arm_smmu_master * master)2330 static void arm_smmu_enable_ats(struct arm_smmu_master *master)
2331 {
2332 size_t stu;
2333 struct pci_dev *pdev;
2334 struct arm_smmu_device *smmu = master->smmu;
2335 struct arm_smmu_domain *smmu_domain = master->domain;
2336
2337 /* Don't enable ATS at the endpoint if it's not enabled in the STE */
2338 if (!master->ats_enabled)
2339 return;
2340
2341 /* Smallest Translation Unit: log2 of the smallest supported granule */
2342 stu = __ffs(smmu->pgsize_bitmap);
2343 pdev = to_pci_dev(master->dev);
2344
2345 atomic_inc(&smmu_domain->nr_ats_masters);
2346 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
2347 if (pci_enable_ats(pdev, stu))
2348 dev_err(master->dev, "Failed to enable ATS (STU %zu)\n", stu);
2349 }
2350
arm_smmu_disable_ats(struct arm_smmu_master * master)2351 static void arm_smmu_disable_ats(struct arm_smmu_master *master)
2352 {
2353 struct arm_smmu_cmdq_ent cmd;
2354 struct arm_smmu_domain *smmu_domain = master->domain;
2355
2356 if (!master->ats_enabled)
2357 return;
2358
2359 pci_disable_ats(to_pci_dev(master->dev));
2360 /*
2361 * Ensure ATS is disabled at the endpoint before we issue the
2362 * ATC invalidation via the SMMU.
2363 */
2364 wmb();
2365 arm_smmu_atc_inv_to_cmd(0, 0, 0, &cmd);
2366 arm_smmu_atc_inv_master(master, &cmd);
2367 atomic_dec(&smmu_domain->nr_ats_masters);
2368 }
2369
arm_smmu_detach_dev(struct arm_smmu_master * master)2370 static void arm_smmu_detach_dev(struct arm_smmu_master *master)
2371 {
2372 unsigned long flags;
2373 struct arm_smmu_domain *smmu_domain = master->domain;
2374
2375 if (!smmu_domain)
2376 return;
2377
2378 arm_smmu_disable_ats(master);
2379
2380 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2381 list_del(&master->domain_head);
2382 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2383
2384 master->domain = NULL;
2385 master->ats_enabled = false;
2386 arm_smmu_install_ste_for_dev(master);
2387 }
2388
arm_smmu_attach_dev(struct iommu_domain * domain,struct device * dev)2389 static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
2390 {
2391 int ret = 0;
2392 unsigned long flags;
2393 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2394 struct arm_smmu_device *smmu;
2395 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2396 struct arm_smmu_master *master;
2397
2398 if (!fwspec)
2399 return -ENOENT;
2400
2401 master = fwspec->iommu_priv;
2402 smmu = master->smmu;
2403
2404 arm_smmu_detach_dev(master);
2405
2406 mutex_lock(&smmu_domain->init_mutex);
2407
2408 if (!smmu_domain->smmu) {
2409 smmu_domain->smmu = smmu;
2410 ret = arm_smmu_domain_finalise(domain);
2411 if (ret) {
2412 smmu_domain->smmu = NULL;
2413 goto out_unlock;
2414 }
2415 } else if (smmu_domain->smmu != smmu) {
2416 dev_err(dev,
2417 "cannot attach to SMMU %s (upstream of %s)\n",
2418 dev_name(smmu_domain->smmu->dev),
2419 dev_name(smmu->dev));
2420 ret = -ENXIO;
2421 goto out_unlock;
2422 }
2423
2424 master->domain = smmu_domain;
2425
2426 if (smmu_domain->stage != ARM_SMMU_DOMAIN_BYPASS)
2427 master->ats_enabled = arm_smmu_ats_supported(master);
2428
2429 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1)
2430 arm_smmu_write_ctx_desc(smmu, &smmu_domain->s1_cfg);
2431
2432 arm_smmu_install_ste_for_dev(master);
2433
2434 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2435 list_add(&master->domain_head, &smmu_domain->devices);
2436 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2437
2438 arm_smmu_enable_ats(master);
2439
2440 out_unlock:
2441 mutex_unlock(&smmu_domain->init_mutex);
2442 return ret;
2443 }
2444
arm_smmu_map(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,int prot)2445 static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
2446 phys_addr_t paddr, size_t size, int prot)
2447 {
2448 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2449
2450 if (!ops)
2451 return -ENODEV;
2452
2453 return ops->map(ops, iova, paddr, size, prot);
2454 }
2455
arm_smmu_unmap(struct iommu_domain * domain,unsigned long iova,size_t size,struct iommu_iotlb_gather * gather)2456 static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
2457 size_t size, struct iommu_iotlb_gather *gather)
2458 {
2459 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2460 struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
2461
2462 if (!ops)
2463 return 0;
2464
2465 return ops->unmap(ops, iova, size, gather);
2466 }
2467
arm_smmu_flush_iotlb_all(struct iommu_domain * domain)2468 static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain)
2469 {
2470 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2471
2472 if (smmu_domain->smmu)
2473 arm_smmu_tlb_inv_context(smmu_domain);
2474 }
2475
arm_smmu_iotlb_sync(struct iommu_domain * domain,struct iommu_iotlb_gather * gather)2476 static void arm_smmu_iotlb_sync(struct iommu_domain *domain,
2477 struct iommu_iotlb_gather *gather)
2478 {
2479 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2480
2481 arm_smmu_tlb_inv_range(gather->start, gather->end - gather->start,
2482 gather->pgsize, true, smmu_domain);
2483 }
2484
2485 static phys_addr_t
arm_smmu_iova_to_phys(struct iommu_domain * domain,dma_addr_t iova)2486 arm_smmu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2487 {
2488 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2489
2490 if (domain->type == IOMMU_DOMAIN_IDENTITY)
2491 return iova;
2492
2493 if (!ops)
2494 return 0;
2495
2496 return ops->iova_to_phys(ops, iova);
2497 }
2498
2499 static struct platform_driver arm_smmu_driver;
2500
2501 static
arm_smmu_get_by_fwnode(struct fwnode_handle * fwnode)2502 struct arm_smmu_device *arm_smmu_get_by_fwnode(struct fwnode_handle *fwnode)
2503 {
2504 struct device *dev = driver_find_device_by_fwnode(&arm_smmu_driver.driver,
2505 fwnode);
2506 put_device(dev);
2507 return dev ? dev_get_drvdata(dev) : NULL;
2508 }
2509
arm_smmu_sid_in_range(struct arm_smmu_device * smmu,u32 sid)2510 static bool arm_smmu_sid_in_range(struct arm_smmu_device *smmu, u32 sid)
2511 {
2512 unsigned long limit = smmu->strtab_cfg.num_l1_ents;
2513
2514 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2515 limit *= 1UL << STRTAB_SPLIT;
2516
2517 return sid < limit;
2518 }
2519
2520 static struct iommu_ops arm_smmu_ops;
2521
arm_smmu_add_device(struct device * dev)2522 static int arm_smmu_add_device(struct device *dev)
2523 {
2524 int i, ret;
2525 struct arm_smmu_device *smmu;
2526 struct arm_smmu_master *master;
2527 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2528 struct iommu_group *group;
2529
2530 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2531 return -ENODEV;
2532 /*
2533 * We _can_ actually withstand dodgy bus code re-calling add_device()
2534 * without an intervening remove_device()/of_xlate() sequence, but
2535 * we're not going to do so quietly...
2536 */
2537 if (WARN_ON_ONCE(fwspec->iommu_priv)) {
2538 master = fwspec->iommu_priv;
2539 smmu = master->smmu;
2540 } else {
2541 smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode);
2542 if (!smmu)
2543 return -ENODEV;
2544 master = kzalloc(sizeof(*master), GFP_KERNEL);
2545 if (!master)
2546 return -ENOMEM;
2547
2548 master->dev = dev;
2549 master->smmu = smmu;
2550 master->sids = fwspec->ids;
2551 master->num_sids = fwspec->num_ids;
2552 fwspec->iommu_priv = master;
2553 }
2554
2555 /* Check the SIDs are in range of the SMMU and our stream table */
2556 for (i = 0; i < master->num_sids; i++) {
2557 u32 sid = master->sids[i];
2558
2559 if (!arm_smmu_sid_in_range(smmu, sid))
2560 return -ERANGE;
2561
2562 /* Ensure l2 strtab is initialised */
2563 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2564 ret = arm_smmu_init_l2_strtab(smmu, sid);
2565 if (ret)
2566 return ret;
2567 }
2568 }
2569
2570 group = iommu_group_get_for_dev(dev);
2571 if (!IS_ERR(group)) {
2572 iommu_group_put(group);
2573 iommu_device_link(&smmu->iommu, dev);
2574 }
2575
2576 return PTR_ERR_OR_ZERO(group);
2577 }
2578
arm_smmu_remove_device(struct device * dev)2579 static void arm_smmu_remove_device(struct device *dev)
2580 {
2581 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2582 struct arm_smmu_master *master;
2583 struct arm_smmu_device *smmu;
2584
2585 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2586 return;
2587
2588 master = fwspec->iommu_priv;
2589 smmu = master->smmu;
2590 arm_smmu_detach_dev(master);
2591 iommu_group_remove_device(dev);
2592 iommu_device_unlink(&smmu->iommu, dev);
2593 kfree(master);
2594 iommu_fwspec_free(dev);
2595 }
2596
arm_smmu_device_group(struct device * dev)2597 static struct iommu_group *arm_smmu_device_group(struct device *dev)
2598 {
2599 struct iommu_group *group;
2600
2601 /*
2602 * We don't support devices sharing stream IDs other than PCI RID
2603 * aliases, since the necessary ID-to-device lookup becomes rather
2604 * impractical given a potential sparse 32-bit stream ID space.
2605 */
2606 if (dev_is_pci(dev))
2607 group = pci_device_group(dev);
2608 else
2609 group = generic_device_group(dev);
2610
2611 return group;
2612 }
2613
arm_smmu_domain_get_attr(struct iommu_domain * domain,enum iommu_attr attr,void * data)2614 static int arm_smmu_domain_get_attr(struct iommu_domain *domain,
2615 enum iommu_attr attr, void *data)
2616 {
2617 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2618
2619 switch (domain->type) {
2620 case IOMMU_DOMAIN_UNMANAGED:
2621 switch (attr) {
2622 case DOMAIN_ATTR_NESTING:
2623 *(int *)data = (smmu_domain->stage == ARM_SMMU_DOMAIN_NESTED);
2624 return 0;
2625 default:
2626 return -ENODEV;
2627 }
2628 break;
2629 case IOMMU_DOMAIN_DMA:
2630 switch (attr) {
2631 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2632 *(int *)data = smmu_domain->non_strict;
2633 return 0;
2634 default:
2635 return -ENODEV;
2636 }
2637 break;
2638 default:
2639 return -EINVAL;
2640 }
2641 }
2642
arm_smmu_domain_set_attr(struct iommu_domain * domain,enum iommu_attr attr,void * data)2643 static int arm_smmu_domain_set_attr(struct iommu_domain *domain,
2644 enum iommu_attr attr, void *data)
2645 {
2646 int ret = 0;
2647 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2648
2649 mutex_lock(&smmu_domain->init_mutex);
2650
2651 switch (domain->type) {
2652 case IOMMU_DOMAIN_UNMANAGED:
2653 switch (attr) {
2654 case DOMAIN_ATTR_NESTING:
2655 if (smmu_domain->smmu) {
2656 ret = -EPERM;
2657 goto out_unlock;
2658 }
2659
2660 if (*(int *)data)
2661 smmu_domain->stage = ARM_SMMU_DOMAIN_NESTED;
2662 else
2663 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2664 break;
2665 default:
2666 ret = -ENODEV;
2667 }
2668 break;
2669 case IOMMU_DOMAIN_DMA:
2670 switch(attr) {
2671 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2672 smmu_domain->non_strict = *(int *)data;
2673 break;
2674 default:
2675 ret = -ENODEV;
2676 }
2677 break;
2678 default:
2679 ret = -EINVAL;
2680 }
2681
2682 out_unlock:
2683 mutex_unlock(&smmu_domain->init_mutex);
2684 return ret;
2685 }
2686
arm_smmu_of_xlate(struct device * dev,struct of_phandle_args * args)2687 static int arm_smmu_of_xlate(struct device *dev, struct of_phandle_args *args)
2688 {
2689 return iommu_fwspec_add_ids(dev, args->args, 1);
2690 }
2691
arm_smmu_get_resv_regions(struct device * dev,struct list_head * head)2692 static void arm_smmu_get_resv_regions(struct device *dev,
2693 struct list_head *head)
2694 {
2695 struct iommu_resv_region *region;
2696 int prot = IOMMU_WRITE | IOMMU_NOEXEC | IOMMU_MMIO;
2697
2698 region = iommu_alloc_resv_region(MSI_IOVA_BASE, MSI_IOVA_LENGTH,
2699 prot, IOMMU_RESV_SW_MSI);
2700 if (!region)
2701 return;
2702
2703 list_add_tail(®ion->list, head);
2704
2705 iommu_dma_get_resv_regions(dev, head);
2706 }
2707
arm_smmu_put_resv_regions(struct device * dev,struct list_head * head)2708 static void arm_smmu_put_resv_regions(struct device *dev,
2709 struct list_head *head)
2710 {
2711 struct iommu_resv_region *entry, *next;
2712
2713 list_for_each_entry_safe(entry, next, head, list)
2714 kfree(entry);
2715 }
2716
2717 static struct iommu_ops arm_smmu_ops = {
2718 .capable = arm_smmu_capable,
2719 .domain_alloc = arm_smmu_domain_alloc,
2720 .domain_free = arm_smmu_domain_free,
2721 .attach_dev = arm_smmu_attach_dev,
2722 .map = arm_smmu_map,
2723 .unmap = arm_smmu_unmap,
2724 .flush_iotlb_all = arm_smmu_flush_iotlb_all,
2725 .iotlb_sync = arm_smmu_iotlb_sync,
2726 .iova_to_phys = arm_smmu_iova_to_phys,
2727 .add_device = arm_smmu_add_device,
2728 .remove_device = arm_smmu_remove_device,
2729 .device_group = arm_smmu_device_group,
2730 .domain_get_attr = arm_smmu_domain_get_attr,
2731 .domain_set_attr = arm_smmu_domain_set_attr,
2732 .of_xlate = arm_smmu_of_xlate,
2733 .get_resv_regions = arm_smmu_get_resv_regions,
2734 .put_resv_regions = arm_smmu_put_resv_regions,
2735 .pgsize_bitmap = -1UL, /* Restricted during device attach */
2736 };
2737
2738 /* Probing and initialisation functions */
arm_smmu_init_one_queue(struct arm_smmu_device * smmu,struct arm_smmu_queue * q,unsigned long prod_off,unsigned long cons_off,size_t dwords,const char * name)2739 static int arm_smmu_init_one_queue(struct arm_smmu_device *smmu,
2740 struct arm_smmu_queue *q,
2741 unsigned long prod_off,
2742 unsigned long cons_off,
2743 size_t dwords, const char *name)
2744 {
2745 size_t qsz;
2746
2747 do {
2748 qsz = ((1 << q->llq.max_n_shift) * dwords) << 3;
2749 q->base = dmam_alloc_coherent(smmu->dev, qsz, &q->base_dma,
2750 GFP_KERNEL);
2751 if (q->base || qsz < PAGE_SIZE)
2752 break;
2753
2754 q->llq.max_n_shift--;
2755 } while (1);
2756
2757 if (!q->base) {
2758 dev_err(smmu->dev,
2759 "failed to allocate queue (0x%zx bytes) for %s\n",
2760 qsz, name);
2761 return -ENOMEM;
2762 }
2763
2764 if (!WARN_ON(q->base_dma & (qsz - 1))) {
2765 dev_info(smmu->dev, "allocated %u entries for %s\n",
2766 1 << q->llq.max_n_shift, name);
2767 }
2768
2769 q->prod_reg = arm_smmu_page1_fixup(prod_off, smmu);
2770 q->cons_reg = arm_smmu_page1_fixup(cons_off, smmu);
2771 q->ent_dwords = dwords;
2772
2773 q->q_base = Q_BASE_RWA;
2774 q->q_base |= q->base_dma & Q_BASE_ADDR_MASK;
2775 q->q_base |= FIELD_PREP(Q_BASE_LOG2SIZE, q->llq.max_n_shift);
2776
2777 q->llq.prod = q->llq.cons = 0;
2778 return 0;
2779 }
2780
arm_smmu_cmdq_free_bitmap(void * data)2781 static void arm_smmu_cmdq_free_bitmap(void *data)
2782 {
2783 unsigned long *bitmap = data;
2784 bitmap_free(bitmap);
2785 }
2786
arm_smmu_cmdq_init(struct arm_smmu_device * smmu)2787 static int arm_smmu_cmdq_init(struct arm_smmu_device *smmu)
2788 {
2789 int ret = 0;
2790 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
2791 unsigned int nents = 1 << cmdq->q.llq.max_n_shift;
2792 atomic_long_t *bitmap;
2793
2794 atomic_set(&cmdq->owner_prod, 0);
2795 atomic_set(&cmdq->lock, 0);
2796
2797 bitmap = (atomic_long_t *)bitmap_zalloc(nents, GFP_KERNEL);
2798 if (!bitmap) {
2799 dev_err(smmu->dev, "failed to allocate cmdq bitmap\n");
2800 ret = -ENOMEM;
2801 } else {
2802 cmdq->valid_map = bitmap;
2803 devm_add_action(smmu->dev, arm_smmu_cmdq_free_bitmap, bitmap);
2804 }
2805
2806 return ret;
2807 }
2808
arm_smmu_init_queues(struct arm_smmu_device * smmu)2809 static int arm_smmu_init_queues(struct arm_smmu_device *smmu)
2810 {
2811 int ret;
2812
2813 /* cmdq */
2814 ret = arm_smmu_init_one_queue(smmu, &smmu->cmdq.q, ARM_SMMU_CMDQ_PROD,
2815 ARM_SMMU_CMDQ_CONS, CMDQ_ENT_DWORDS,
2816 "cmdq");
2817 if (ret)
2818 return ret;
2819
2820 ret = arm_smmu_cmdq_init(smmu);
2821 if (ret)
2822 return ret;
2823
2824 /* evtq */
2825 ret = arm_smmu_init_one_queue(smmu, &smmu->evtq.q, ARM_SMMU_EVTQ_PROD,
2826 ARM_SMMU_EVTQ_CONS, EVTQ_ENT_DWORDS,
2827 "evtq");
2828 if (ret)
2829 return ret;
2830
2831 /* priq */
2832 if (!(smmu->features & ARM_SMMU_FEAT_PRI))
2833 return 0;
2834
2835 return arm_smmu_init_one_queue(smmu, &smmu->priq.q, ARM_SMMU_PRIQ_PROD,
2836 ARM_SMMU_PRIQ_CONS, PRIQ_ENT_DWORDS,
2837 "priq");
2838 }
2839
arm_smmu_init_l1_strtab(struct arm_smmu_device * smmu)2840 static int arm_smmu_init_l1_strtab(struct arm_smmu_device *smmu)
2841 {
2842 unsigned int i;
2843 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2844 size_t size = sizeof(*cfg->l1_desc) * cfg->num_l1_ents;
2845 void *strtab = smmu->strtab_cfg.strtab;
2846
2847 cfg->l1_desc = devm_kzalloc(smmu->dev, size, GFP_KERNEL);
2848 if (!cfg->l1_desc) {
2849 dev_err(smmu->dev, "failed to allocate l1 stream table desc\n");
2850 return -ENOMEM;
2851 }
2852
2853 for (i = 0; i < cfg->num_l1_ents; ++i) {
2854 arm_smmu_write_strtab_l1_desc(strtab, &cfg->l1_desc[i]);
2855 strtab += STRTAB_L1_DESC_DWORDS << 3;
2856 }
2857
2858 return 0;
2859 }
2860
arm_smmu_init_strtab_2lvl(struct arm_smmu_device * smmu)2861 static int arm_smmu_init_strtab_2lvl(struct arm_smmu_device *smmu)
2862 {
2863 void *strtab;
2864 u64 reg;
2865 u32 size, l1size;
2866 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2867
2868 /* Calculate the L1 size, capped to the SIDSIZE. */
2869 size = STRTAB_L1_SZ_SHIFT - (ilog2(STRTAB_L1_DESC_DWORDS) + 3);
2870 size = min(size, smmu->sid_bits - STRTAB_SPLIT);
2871 cfg->num_l1_ents = 1 << size;
2872
2873 size += STRTAB_SPLIT;
2874 if (size < smmu->sid_bits)
2875 dev_warn(smmu->dev,
2876 "2-level strtab only covers %u/%u bits of SID\n",
2877 size, smmu->sid_bits);
2878
2879 l1size = cfg->num_l1_ents * (STRTAB_L1_DESC_DWORDS << 3);
2880 strtab = dmam_alloc_coherent(smmu->dev, l1size, &cfg->strtab_dma,
2881 GFP_KERNEL | __GFP_ZERO);
2882 if (!strtab) {
2883 dev_err(smmu->dev,
2884 "failed to allocate l1 stream table (%u bytes)\n",
2885 size);
2886 return -ENOMEM;
2887 }
2888 cfg->strtab = strtab;
2889
2890 /* Configure strtab_base_cfg for 2 levels */
2891 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_2LVL);
2892 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, size);
2893 reg |= FIELD_PREP(STRTAB_BASE_CFG_SPLIT, STRTAB_SPLIT);
2894 cfg->strtab_base_cfg = reg;
2895
2896 return arm_smmu_init_l1_strtab(smmu);
2897 }
2898
arm_smmu_init_strtab_linear(struct arm_smmu_device * smmu)2899 static int arm_smmu_init_strtab_linear(struct arm_smmu_device *smmu)
2900 {
2901 void *strtab;
2902 u64 reg;
2903 u32 size;
2904 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2905
2906 size = (1 << smmu->sid_bits) * (STRTAB_STE_DWORDS << 3);
2907 strtab = dmam_alloc_coherent(smmu->dev, size, &cfg->strtab_dma,
2908 GFP_KERNEL | __GFP_ZERO);
2909 if (!strtab) {
2910 dev_err(smmu->dev,
2911 "failed to allocate linear stream table (%u bytes)\n",
2912 size);
2913 return -ENOMEM;
2914 }
2915 cfg->strtab = strtab;
2916 cfg->num_l1_ents = 1 << smmu->sid_bits;
2917
2918 /* Configure strtab_base_cfg for a linear table covering all SIDs */
2919 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_LINEAR);
2920 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, smmu->sid_bits);
2921 cfg->strtab_base_cfg = reg;
2922
2923 arm_smmu_init_bypass_stes(strtab, cfg->num_l1_ents);
2924 return 0;
2925 }
2926
arm_smmu_init_strtab(struct arm_smmu_device * smmu)2927 static int arm_smmu_init_strtab(struct arm_smmu_device *smmu)
2928 {
2929 u64 reg;
2930 int ret;
2931
2932 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2933 ret = arm_smmu_init_strtab_2lvl(smmu);
2934 else
2935 ret = arm_smmu_init_strtab_linear(smmu);
2936
2937 if (ret)
2938 return ret;
2939
2940 /* Set the strtab base address */
2941 reg = smmu->strtab_cfg.strtab_dma & STRTAB_BASE_ADDR_MASK;
2942 reg |= STRTAB_BASE_RA;
2943 smmu->strtab_cfg.strtab_base = reg;
2944
2945 /* Allocate the first VMID for stage-2 bypass STEs */
2946 set_bit(0, smmu->vmid_map);
2947 return 0;
2948 }
2949
arm_smmu_init_structures(struct arm_smmu_device * smmu)2950 static int arm_smmu_init_structures(struct arm_smmu_device *smmu)
2951 {
2952 int ret;
2953
2954 ret = arm_smmu_init_queues(smmu);
2955 if (ret)
2956 return ret;
2957
2958 return arm_smmu_init_strtab(smmu);
2959 }
2960
arm_smmu_write_reg_sync(struct arm_smmu_device * smmu,u32 val,unsigned int reg_off,unsigned int ack_off)2961 static int arm_smmu_write_reg_sync(struct arm_smmu_device *smmu, u32 val,
2962 unsigned int reg_off, unsigned int ack_off)
2963 {
2964 u32 reg;
2965
2966 writel_relaxed(val, smmu->base + reg_off);
2967 return readl_relaxed_poll_timeout(smmu->base + ack_off, reg, reg == val,
2968 1, ARM_SMMU_POLL_TIMEOUT_US);
2969 }
2970
2971 /* GBPA is "special" */
arm_smmu_update_gbpa(struct arm_smmu_device * smmu,u32 set,u32 clr)2972 static int arm_smmu_update_gbpa(struct arm_smmu_device *smmu, u32 set, u32 clr)
2973 {
2974 int ret;
2975 u32 reg, __iomem *gbpa = smmu->base + ARM_SMMU_GBPA;
2976
2977 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2978 1, ARM_SMMU_POLL_TIMEOUT_US);
2979 if (ret)
2980 return ret;
2981
2982 reg &= ~clr;
2983 reg |= set;
2984 writel_relaxed(reg | GBPA_UPDATE, gbpa);
2985 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2986 1, ARM_SMMU_POLL_TIMEOUT_US);
2987
2988 if (ret)
2989 dev_err(smmu->dev, "GBPA not responding to update\n");
2990 return ret;
2991 }
2992
arm_smmu_free_msis(void * data)2993 static void arm_smmu_free_msis(void *data)
2994 {
2995 struct device *dev = data;
2996 platform_msi_domain_free_irqs(dev);
2997 }
2998
arm_smmu_write_msi_msg(struct msi_desc * desc,struct msi_msg * msg)2999 static void arm_smmu_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg)
3000 {
3001 phys_addr_t doorbell;
3002 struct device *dev = msi_desc_to_dev(desc);
3003 struct arm_smmu_device *smmu = dev_get_drvdata(dev);
3004 phys_addr_t *cfg = arm_smmu_msi_cfg[desc->platform.msi_index];
3005
3006 doorbell = (((u64)msg->address_hi) << 32) | msg->address_lo;
3007 doorbell &= MSI_CFG0_ADDR_MASK;
3008
3009 writeq_relaxed(doorbell, smmu->base + cfg[0]);
3010 writel_relaxed(msg->data, smmu->base + cfg[1]);
3011 writel_relaxed(ARM_SMMU_MEMATTR_DEVICE_nGnRE, smmu->base + cfg[2]);
3012 }
3013
arm_smmu_setup_msis(struct arm_smmu_device * smmu)3014 static void arm_smmu_setup_msis(struct arm_smmu_device *smmu)
3015 {
3016 struct msi_desc *desc;
3017 int ret, nvec = ARM_SMMU_MAX_MSIS;
3018 struct device *dev = smmu->dev;
3019
3020 /* Clear the MSI address regs */
3021 writeq_relaxed(0, smmu->base + ARM_SMMU_GERROR_IRQ_CFG0);
3022 writeq_relaxed(0, smmu->base + ARM_SMMU_EVTQ_IRQ_CFG0);
3023
3024 if (smmu->features & ARM_SMMU_FEAT_PRI)
3025 writeq_relaxed(0, smmu->base + ARM_SMMU_PRIQ_IRQ_CFG0);
3026 else
3027 nvec--;
3028
3029 if (!(smmu->features & ARM_SMMU_FEAT_MSI))
3030 return;
3031
3032 if (!dev->msi_domain) {
3033 dev_info(smmu->dev, "msi_domain absent - falling back to wired irqs\n");
3034 return;
3035 }
3036
3037 /* Allocate MSIs for evtq, gerror and priq. Ignore cmdq */
3038 ret = platform_msi_domain_alloc_irqs(dev, nvec, arm_smmu_write_msi_msg);
3039 if (ret) {
3040 dev_warn(dev, "failed to allocate MSIs - falling back to wired irqs\n");
3041 return;
3042 }
3043
3044 for_each_msi_entry(desc, dev) {
3045 switch (desc->platform.msi_index) {
3046 case EVTQ_MSI_INDEX:
3047 smmu->evtq.q.irq = desc->irq;
3048 break;
3049 case GERROR_MSI_INDEX:
3050 smmu->gerr_irq = desc->irq;
3051 break;
3052 case PRIQ_MSI_INDEX:
3053 smmu->priq.q.irq = desc->irq;
3054 break;
3055 default: /* Unknown */
3056 continue;
3057 }
3058 }
3059
3060 /* Add callback to free MSIs on teardown */
3061 devm_add_action(dev, arm_smmu_free_msis, dev);
3062 }
3063
arm_smmu_setup_unique_irqs(struct arm_smmu_device * smmu)3064 static void arm_smmu_setup_unique_irqs(struct arm_smmu_device *smmu)
3065 {
3066 int irq, ret;
3067
3068 arm_smmu_setup_msis(smmu);
3069
3070 /* Request interrupt lines */
3071 irq = smmu->evtq.q.irq;
3072 if (irq) {
3073 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3074 arm_smmu_evtq_thread,
3075 IRQF_ONESHOT,
3076 "arm-smmu-v3-evtq", smmu);
3077 if (ret < 0)
3078 dev_warn(smmu->dev, "failed to enable evtq irq\n");
3079 } else {
3080 dev_warn(smmu->dev, "no evtq irq - events will not be reported!\n");
3081 }
3082
3083 irq = smmu->gerr_irq;
3084 if (irq) {
3085 ret = devm_request_irq(smmu->dev, irq, arm_smmu_gerror_handler,
3086 0, "arm-smmu-v3-gerror", smmu);
3087 if (ret < 0)
3088 dev_warn(smmu->dev, "failed to enable gerror irq\n");
3089 } else {
3090 dev_warn(smmu->dev, "no gerr irq - errors will not be reported!\n");
3091 }
3092
3093 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3094 irq = smmu->priq.q.irq;
3095 if (irq) {
3096 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3097 arm_smmu_priq_thread,
3098 IRQF_ONESHOT,
3099 "arm-smmu-v3-priq",
3100 smmu);
3101 if (ret < 0)
3102 dev_warn(smmu->dev,
3103 "failed to enable priq irq\n");
3104 } else {
3105 dev_warn(smmu->dev, "no priq irq - PRI will be broken\n");
3106 }
3107 }
3108 }
3109
arm_smmu_setup_irqs(struct arm_smmu_device * smmu)3110 static int arm_smmu_setup_irqs(struct arm_smmu_device *smmu)
3111 {
3112 int ret, irq;
3113 u32 irqen_flags = IRQ_CTRL_EVTQ_IRQEN | IRQ_CTRL_GERROR_IRQEN;
3114
3115 /* Disable IRQs first */
3116 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_IRQ_CTRL,
3117 ARM_SMMU_IRQ_CTRLACK);
3118 if (ret) {
3119 dev_err(smmu->dev, "failed to disable irqs\n");
3120 return ret;
3121 }
3122
3123 irq = smmu->combined_irq;
3124 if (irq) {
3125 /*
3126 * Cavium ThunderX2 implementation doesn't support unique irq
3127 * lines. Use a single irq line for all the SMMUv3 interrupts.
3128 */
3129 ret = devm_request_threaded_irq(smmu->dev, irq,
3130 arm_smmu_combined_irq_handler,
3131 arm_smmu_combined_irq_thread,
3132 IRQF_ONESHOT,
3133 "arm-smmu-v3-combined-irq", smmu);
3134 if (ret < 0)
3135 dev_warn(smmu->dev, "failed to enable combined irq\n");
3136 } else
3137 arm_smmu_setup_unique_irqs(smmu);
3138
3139 if (smmu->features & ARM_SMMU_FEAT_PRI)
3140 irqen_flags |= IRQ_CTRL_PRIQ_IRQEN;
3141
3142 /* Enable interrupt generation on the SMMU */
3143 ret = arm_smmu_write_reg_sync(smmu, irqen_flags,
3144 ARM_SMMU_IRQ_CTRL, ARM_SMMU_IRQ_CTRLACK);
3145 if (ret)
3146 dev_warn(smmu->dev, "failed to enable irqs\n");
3147
3148 return 0;
3149 }
3150
arm_smmu_device_disable(struct arm_smmu_device * smmu)3151 static int arm_smmu_device_disable(struct arm_smmu_device *smmu)
3152 {
3153 int ret;
3154
3155 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_CR0, ARM_SMMU_CR0ACK);
3156 if (ret)
3157 dev_err(smmu->dev, "failed to clear cr0\n");
3158
3159 return ret;
3160 }
3161
arm_smmu_device_reset(struct arm_smmu_device * smmu,bool bypass)3162 static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
3163 {
3164 int ret;
3165 u32 reg, enables;
3166 struct arm_smmu_cmdq_ent cmd;
3167
3168 /* Clear CR0 and sync (disables SMMU and queue processing) */
3169 reg = readl_relaxed(smmu->base + ARM_SMMU_CR0);
3170 if (reg & CR0_SMMUEN) {
3171 dev_warn(smmu->dev, "SMMU currently enabled! Resetting...\n");
3172 WARN_ON(is_kdump_kernel() && !disable_bypass);
3173 arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
3174 }
3175
3176 ret = arm_smmu_device_disable(smmu);
3177 if (ret)
3178 return ret;
3179
3180 /* CR1 (table and queue memory attributes) */
3181 reg = FIELD_PREP(CR1_TABLE_SH, ARM_SMMU_SH_ISH) |
3182 FIELD_PREP(CR1_TABLE_OC, CR1_CACHE_WB) |
3183 FIELD_PREP(CR1_TABLE_IC, CR1_CACHE_WB) |
3184 FIELD_PREP(CR1_QUEUE_SH, ARM_SMMU_SH_ISH) |
3185 FIELD_PREP(CR1_QUEUE_OC, CR1_CACHE_WB) |
3186 FIELD_PREP(CR1_QUEUE_IC, CR1_CACHE_WB);
3187 writel_relaxed(reg, smmu->base + ARM_SMMU_CR1);
3188
3189 /* CR2 (random crap) */
3190 reg = CR2_PTM | CR2_RECINVSID | CR2_E2H;
3191 writel_relaxed(reg, smmu->base + ARM_SMMU_CR2);
3192
3193 /* Stream table */
3194 writeq_relaxed(smmu->strtab_cfg.strtab_base,
3195 smmu->base + ARM_SMMU_STRTAB_BASE);
3196 writel_relaxed(smmu->strtab_cfg.strtab_base_cfg,
3197 smmu->base + ARM_SMMU_STRTAB_BASE_CFG);
3198
3199 /* Command queue */
3200 writeq_relaxed(smmu->cmdq.q.q_base, smmu->base + ARM_SMMU_CMDQ_BASE);
3201 writel_relaxed(smmu->cmdq.q.llq.prod, smmu->base + ARM_SMMU_CMDQ_PROD);
3202 writel_relaxed(smmu->cmdq.q.llq.cons, smmu->base + ARM_SMMU_CMDQ_CONS);
3203
3204 enables = CR0_CMDQEN;
3205 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3206 ARM_SMMU_CR0ACK);
3207 if (ret) {
3208 dev_err(smmu->dev, "failed to enable command queue\n");
3209 return ret;
3210 }
3211
3212 /* Invalidate any cached configuration */
3213 cmd.opcode = CMDQ_OP_CFGI_ALL;
3214 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3215 arm_smmu_cmdq_issue_sync(smmu);
3216
3217 /* Invalidate any stale TLB entries */
3218 if (smmu->features & ARM_SMMU_FEAT_HYP) {
3219 cmd.opcode = CMDQ_OP_TLBI_EL2_ALL;
3220 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3221 }
3222
3223 cmd.opcode = CMDQ_OP_TLBI_NSNH_ALL;
3224 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3225 arm_smmu_cmdq_issue_sync(smmu);
3226
3227 /* Event queue */
3228 writeq_relaxed(smmu->evtq.q.q_base, smmu->base + ARM_SMMU_EVTQ_BASE);
3229 writel_relaxed(smmu->evtq.q.llq.prod,
3230 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_PROD, smmu));
3231 writel_relaxed(smmu->evtq.q.llq.cons,
3232 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_CONS, smmu));
3233
3234 enables |= CR0_EVTQEN;
3235 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3236 ARM_SMMU_CR0ACK);
3237 if (ret) {
3238 dev_err(smmu->dev, "failed to enable event queue\n");
3239 return ret;
3240 }
3241
3242 /* PRI queue */
3243 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3244 writeq_relaxed(smmu->priq.q.q_base,
3245 smmu->base + ARM_SMMU_PRIQ_BASE);
3246 writel_relaxed(smmu->priq.q.llq.prod,
3247 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_PROD, smmu));
3248 writel_relaxed(smmu->priq.q.llq.cons,
3249 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_CONS, smmu));
3250
3251 enables |= CR0_PRIQEN;
3252 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3253 ARM_SMMU_CR0ACK);
3254 if (ret) {
3255 dev_err(smmu->dev, "failed to enable PRI queue\n");
3256 return ret;
3257 }
3258 }
3259
3260 if (smmu->features & ARM_SMMU_FEAT_ATS) {
3261 enables |= CR0_ATSCHK;
3262 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3263 ARM_SMMU_CR0ACK);
3264 if (ret) {
3265 dev_err(smmu->dev, "failed to enable ATS check\n");
3266 return ret;
3267 }
3268 }
3269
3270 ret = arm_smmu_setup_irqs(smmu);
3271 if (ret) {
3272 dev_err(smmu->dev, "failed to setup irqs\n");
3273 return ret;
3274 }
3275
3276 if (is_kdump_kernel())
3277 enables &= ~(CR0_EVTQEN | CR0_PRIQEN);
3278
3279 /* Enable the SMMU interface, or ensure bypass */
3280 if (!bypass || disable_bypass) {
3281 enables |= CR0_SMMUEN;
3282 } else {
3283 ret = arm_smmu_update_gbpa(smmu, 0, GBPA_ABORT);
3284 if (ret)
3285 return ret;
3286 }
3287 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3288 ARM_SMMU_CR0ACK);
3289 if (ret) {
3290 dev_err(smmu->dev, "failed to enable SMMU interface\n");
3291 return ret;
3292 }
3293
3294 return 0;
3295 }
3296
arm_smmu_device_hw_probe(struct arm_smmu_device * smmu)3297 static int arm_smmu_device_hw_probe(struct arm_smmu_device *smmu)
3298 {
3299 u32 reg;
3300 bool coherent = smmu->features & ARM_SMMU_FEAT_COHERENCY;
3301
3302 /* IDR0 */
3303 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR0);
3304
3305 /* 2-level structures */
3306 if (FIELD_GET(IDR0_ST_LVL, reg) == IDR0_ST_LVL_2LVL)
3307 smmu->features |= ARM_SMMU_FEAT_2_LVL_STRTAB;
3308
3309 if (reg & IDR0_CD2L)
3310 smmu->features |= ARM_SMMU_FEAT_2_LVL_CDTAB;
3311
3312 /*
3313 * Translation table endianness.
3314 * We currently require the same endianness as the CPU, but this
3315 * could be changed later by adding a new IO_PGTABLE_QUIRK.
3316 */
3317 switch (FIELD_GET(IDR0_TTENDIAN, reg)) {
3318 case IDR0_TTENDIAN_MIXED:
3319 smmu->features |= ARM_SMMU_FEAT_TT_LE | ARM_SMMU_FEAT_TT_BE;
3320 break;
3321 #ifdef __BIG_ENDIAN
3322 case IDR0_TTENDIAN_BE:
3323 smmu->features |= ARM_SMMU_FEAT_TT_BE;
3324 break;
3325 #else
3326 case IDR0_TTENDIAN_LE:
3327 smmu->features |= ARM_SMMU_FEAT_TT_LE;
3328 break;
3329 #endif
3330 default:
3331 dev_err(smmu->dev, "unknown/unsupported TT endianness!\n");
3332 return -ENXIO;
3333 }
3334
3335 /* Boolean feature flags */
3336 if (IS_ENABLED(CONFIG_PCI_PRI) && reg & IDR0_PRI)
3337 smmu->features |= ARM_SMMU_FEAT_PRI;
3338
3339 if (IS_ENABLED(CONFIG_PCI_ATS) && reg & IDR0_ATS)
3340 smmu->features |= ARM_SMMU_FEAT_ATS;
3341
3342 if (reg & IDR0_SEV)
3343 smmu->features |= ARM_SMMU_FEAT_SEV;
3344
3345 if (reg & IDR0_MSI)
3346 smmu->features |= ARM_SMMU_FEAT_MSI;
3347
3348 if (reg & IDR0_HYP)
3349 smmu->features |= ARM_SMMU_FEAT_HYP;
3350
3351 /*
3352 * The coherency feature as set by FW is used in preference to the ID
3353 * register, but warn on mismatch.
3354 */
3355 if (!!(reg & IDR0_COHACC) != coherent)
3356 dev_warn(smmu->dev, "IDR0.COHACC overridden by FW configuration (%s)\n",
3357 coherent ? "true" : "false");
3358
3359 switch (FIELD_GET(IDR0_STALL_MODEL, reg)) {
3360 case IDR0_STALL_MODEL_FORCE:
3361 smmu->features |= ARM_SMMU_FEAT_STALL_FORCE;
3362 /* Fallthrough */
3363 case IDR0_STALL_MODEL_STALL:
3364 smmu->features |= ARM_SMMU_FEAT_STALLS;
3365 }
3366
3367 if (reg & IDR0_S1P)
3368 smmu->features |= ARM_SMMU_FEAT_TRANS_S1;
3369
3370 if (reg & IDR0_S2P)
3371 smmu->features |= ARM_SMMU_FEAT_TRANS_S2;
3372
3373 if (!(reg & (IDR0_S1P | IDR0_S2P))) {
3374 dev_err(smmu->dev, "no translation support!\n");
3375 return -ENXIO;
3376 }
3377
3378 /* We only support the AArch64 table format at present */
3379 switch (FIELD_GET(IDR0_TTF, reg)) {
3380 case IDR0_TTF_AARCH32_64:
3381 smmu->ias = 40;
3382 /* Fallthrough */
3383 case IDR0_TTF_AARCH64:
3384 break;
3385 default:
3386 dev_err(smmu->dev, "AArch64 table format not supported!\n");
3387 return -ENXIO;
3388 }
3389
3390 /* ASID/VMID sizes */
3391 smmu->asid_bits = reg & IDR0_ASID16 ? 16 : 8;
3392 smmu->vmid_bits = reg & IDR0_VMID16 ? 16 : 8;
3393
3394 /* IDR1 */
3395 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR1);
3396 if (reg & (IDR1_TABLES_PRESET | IDR1_QUEUES_PRESET | IDR1_REL)) {
3397 dev_err(smmu->dev, "embedded implementation not supported\n");
3398 return -ENXIO;
3399 }
3400
3401 /* Queue sizes, capped to ensure natural alignment */
3402 smmu->cmdq.q.llq.max_n_shift = min_t(u32, CMDQ_MAX_SZ_SHIFT,
3403 FIELD_GET(IDR1_CMDQS, reg));
3404 if (smmu->cmdq.q.llq.max_n_shift <= ilog2(CMDQ_BATCH_ENTRIES)) {
3405 /*
3406 * We don't support splitting up batches, so one batch of
3407 * commands plus an extra sync needs to fit inside the command
3408 * queue. There's also no way we can handle the weird alignment
3409 * restrictions on the base pointer for a unit-length queue.
3410 */
3411 dev_err(smmu->dev, "command queue size <= %d entries not supported\n",
3412 CMDQ_BATCH_ENTRIES);
3413 return -ENXIO;
3414 }
3415
3416 smmu->evtq.q.llq.max_n_shift = min_t(u32, EVTQ_MAX_SZ_SHIFT,
3417 FIELD_GET(IDR1_EVTQS, reg));
3418 smmu->priq.q.llq.max_n_shift = min_t(u32, PRIQ_MAX_SZ_SHIFT,
3419 FIELD_GET(IDR1_PRIQS, reg));
3420
3421 /* SID/SSID sizes */
3422 smmu->ssid_bits = FIELD_GET(IDR1_SSIDSIZE, reg);
3423 smmu->sid_bits = FIELD_GET(IDR1_SIDSIZE, reg);
3424
3425 /*
3426 * If the SMMU supports fewer bits than would fill a single L2 stream
3427 * table, use a linear table instead.
3428 */
3429 if (smmu->sid_bits <= STRTAB_SPLIT)
3430 smmu->features &= ~ARM_SMMU_FEAT_2_LVL_STRTAB;
3431
3432 /* IDR5 */
3433 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR5);
3434
3435 /* Maximum number of outstanding stalls */
3436 smmu->evtq.max_stalls = FIELD_GET(IDR5_STALL_MAX, reg);
3437
3438 /* Page sizes */
3439 if (reg & IDR5_GRAN64K)
3440 smmu->pgsize_bitmap |= SZ_64K | SZ_512M;
3441 if (reg & IDR5_GRAN16K)
3442 smmu->pgsize_bitmap |= SZ_16K | SZ_32M;
3443 if (reg & IDR5_GRAN4K)
3444 smmu->pgsize_bitmap |= SZ_4K | SZ_2M | SZ_1G;
3445
3446 /* Input address size */
3447 if (FIELD_GET(IDR5_VAX, reg) == IDR5_VAX_52_BIT)
3448 smmu->features |= ARM_SMMU_FEAT_VAX;
3449
3450 /* Output address size */
3451 switch (FIELD_GET(IDR5_OAS, reg)) {
3452 case IDR5_OAS_32_BIT:
3453 smmu->oas = 32;
3454 break;
3455 case IDR5_OAS_36_BIT:
3456 smmu->oas = 36;
3457 break;
3458 case IDR5_OAS_40_BIT:
3459 smmu->oas = 40;
3460 break;
3461 case IDR5_OAS_42_BIT:
3462 smmu->oas = 42;
3463 break;
3464 case IDR5_OAS_44_BIT:
3465 smmu->oas = 44;
3466 break;
3467 case IDR5_OAS_52_BIT:
3468 smmu->oas = 52;
3469 smmu->pgsize_bitmap |= 1ULL << 42; /* 4TB */
3470 break;
3471 default:
3472 dev_info(smmu->dev,
3473 "unknown output address size. Truncating to 48-bit\n");
3474 /* Fallthrough */
3475 case IDR5_OAS_48_BIT:
3476 smmu->oas = 48;
3477 }
3478
3479 if (arm_smmu_ops.pgsize_bitmap == -1UL)
3480 arm_smmu_ops.pgsize_bitmap = smmu->pgsize_bitmap;
3481 else
3482 arm_smmu_ops.pgsize_bitmap |= smmu->pgsize_bitmap;
3483
3484 /* Set the DMA mask for our table walker */
3485 if (dma_set_mask_and_coherent(smmu->dev, DMA_BIT_MASK(smmu->oas)))
3486 dev_warn(smmu->dev,
3487 "failed to set DMA mask for table walker\n");
3488
3489 smmu->ias = max(smmu->ias, smmu->oas);
3490
3491 dev_info(smmu->dev, "ias %lu-bit, oas %lu-bit (features 0x%08x)\n",
3492 smmu->ias, smmu->oas, smmu->features);
3493 return 0;
3494 }
3495
3496 #ifdef CONFIG_ACPI
acpi_smmu_get_options(u32 model,struct arm_smmu_device * smmu)3497 static void acpi_smmu_get_options(u32 model, struct arm_smmu_device *smmu)
3498 {
3499 switch (model) {
3500 case ACPI_IORT_SMMU_V3_CAVIUM_CN99XX:
3501 smmu->options |= ARM_SMMU_OPT_PAGE0_REGS_ONLY;
3502 break;
3503 case ACPI_IORT_SMMU_V3_HISILICON_HI161X:
3504 smmu->options |= ARM_SMMU_OPT_SKIP_PREFETCH;
3505 break;
3506 }
3507
3508 dev_notice(smmu->dev, "option mask 0x%x\n", smmu->options);
3509 }
3510
arm_smmu_device_acpi_probe(struct platform_device * pdev,struct arm_smmu_device * smmu)3511 static int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3512 struct arm_smmu_device *smmu)
3513 {
3514 struct acpi_iort_smmu_v3 *iort_smmu;
3515 struct device *dev = smmu->dev;
3516 struct acpi_iort_node *node;
3517
3518 node = *(struct acpi_iort_node **)dev_get_platdata(dev);
3519
3520 /* Retrieve SMMUv3 specific data */
3521 iort_smmu = (struct acpi_iort_smmu_v3 *)node->node_data;
3522
3523 acpi_smmu_get_options(iort_smmu->model, smmu);
3524
3525 if (iort_smmu->flags & ACPI_IORT_SMMU_V3_COHACC_OVERRIDE)
3526 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3527
3528 return 0;
3529 }
3530 #else
arm_smmu_device_acpi_probe(struct platform_device * pdev,struct arm_smmu_device * smmu)3531 static inline int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3532 struct arm_smmu_device *smmu)
3533 {
3534 return -ENODEV;
3535 }
3536 #endif
3537
arm_smmu_device_dt_probe(struct platform_device * pdev,struct arm_smmu_device * smmu)3538 static int arm_smmu_device_dt_probe(struct platform_device *pdev,
3539 struct arm_smmu_device *smmu)
3540 {
3541 struct device *dev = &pdev->dev;
3542 u32 cells;
3543 int ret = -EINVAL;
3544
3545 if (of_property_read_u32(dev->of_node, "#iommu-cells", &cells))
3546 dev_err(dev, "missing #iommu-cells property\n");
3547 else if (cells != 1)
3548 dev_err(dev, "invalid #iommu-cells value (%d)\n", cells);
3549 else
3550 ret = 0;
3551
3552 parse_driver_options(smmu);
3553
3554 if (of_dma_is_coherent(dev->of_node))
3555 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3556
3557 return ret;
3558 }
3559
arm_smmu_resource_size(struct arm_smmu_device * smmu)3560 static unsigned long arm_smmu_resource_size(struct arm_smmu_device *smmu)
3561 {
3562 if (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY)
3563 return SZ_64K;
3564 else
3565 return SZ_128K;
3566 }
3567
arm_smmu_set_bus_ops(struct iommu_ops * ops)3568 static int arm_smmu_set_bus_ops(struct iommu_ops *ops)
3569 {
3570 int err;
3571
3572 #ifdef CONFIG_PCI
3573 if (pci_bus_type.iommu_ops != ops) {
3574 err = bus_set_iommu(&pci_bus_type, ops);
3575 if (err)
3576 return err;
3577 }
3578 #endif
3579 #ifdef CONFIG_ARM_AMBA
3580 if (amba_bustype.iommu_ops != ops) {
3581 err = bus_set_iommu(&amba_bustype, ops);
3582 if (err)
3583 goto err_reset_pci_ops;
3584 }
3585 #endif
3586 if (platform_bus_type.iommu_ops != ops) {
3587 err = bus_set_iommu(&platform_bus_type, ops);
3588 if (err)
3589 goto err_reset_amba_ops;
3590 }
3591
3592 return 0;
3593
3594 err_reset_amba_ops:
3595 #ifdef CONFIG_ARM_AMBA
3596 bus_set_iommu(&amba_bustype, NULL);
3597 #endif
3598 err_reset_pci_ops: __maybe_unused;
3599 #ifdef CONFIG_PCI
3600 bus_set_iommu(&pci_bus_type, NULL);
3601 #endif
3602 return err;
3603 }
3604
arm_smmu_device_probe(struct platform_device * pdev)3605 static int arm_smmu_device_probe(struct platform_device *pdev)
3606 {
3607 int irq, ret;
3608 struct resource *res;
3609 resource_size_t ioaddr;
3610 struct arm_smmu_device *smmu;
3611 struct device *dev = &pdev->dev;
3612 bool bypass;
3613
3614 smmu = devm_kzalloc(dev, sizeof(*smmu), GFP_KERNEL);
3615 if (!smmu) {
3616 dev_err(dev, "failed to allocate arm_smmu_device\n");
3617 return -ENOMEM;
3618 }
3619 smmu->dev = dev;
3620
3621 if (dev->of_node) {
3622 ret = arm_smmu_device_dt_probe(pdev, smmu);
3623 } else {
3624 ret = arm_smmu_device_acpi_probe(pdev, smmu);
3625 if (ret == -ENODEV)
3626 return ret;
3627 }
3628
3629 /* Set bypass mode according to firmware probing result */
3630 bypass = !!ret;
3631
3632 /* Base address */
3633 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
3634 if (resource_size(res) + 1 < arm_smmu_resource_size(smmu)) {
3635 dev_err(dev, "MMIO region too small (%pr)\n", res);
3636 return -EINVAL;
3637 }
3638 ioaddr = res->start;
3639
3640 smmu->base = devm_ioremap_resource(dev, res);
3641 if (IS_ERR(smmu->base))
3642 return PTR_ERR(smmu->base);
3643
3644 /* Interrupt lines */
3645
3646 irq = platform_get_irq_byname_optional(pdev, "combined");
3647 if (irq > 0)
3648 smmu->combined_irq = irq;
3649 else {
3650 irq = platform_get_irq_byname_optional(pdev, "eventq");
3651 if (irq > 0)
3652 smmu->evtq.q.irq = irq;
3653
3654 irq = platform_get_irq_byname_optional(pdev, "priq");
3655 if (irq > 0)
3656 smmu->priq.q.irq = irq;
3657
3658 irq = platform_get_irq_byname_optional(pdev, "gerror");
3659 if (irq > 0)
3660 smmu->gerr_irq = irq;
3661 }
3662 /* Probe the h/w */
3663 ret = arm_smmu_device_hw_probe(smmu);
3664 if (ret)
3665 return ret;
3666
3667 /* Initialise in-memory data structures */
3668 ret = arm_smmu_init_structures(smmu);
3669 if (ret)
3670 return ret;
3671
3672 /* Record our private device structure */
3673 platform_set_drvdata(pdev, smmu);
3674
3675 /* Reset the device */
3676 ret = arm_smmu_device_reset(smmu, bypass);
3677 if (ret)
3678 return ret;
3679
3680 /* And we're up. Go go go! */
3681 ret = iommu_device_sysfs_add(&smmu->iommu, dev, NULL,
3682 "smmu3.%pa", &ioaddr);
3683 if (ret)
3684 return ret;
3685
3686 iommu_device_set_ops(&smmu->iommu, &arm_smmu_ops);
3687 iommu_device_set_fwnode(&smmu->iommu, dev->fwnode);
3688
3689 ret = iommu_device_register(&smmu->iommu);
3690 if (ret) {
3691 dev_err(dev, "Failed to register iommu\n");
3692 return ret;
3693 }
3694
3695 return arm_smmu_set_bus_ops(&arm_smmu_ops);
3696 }
3697
arm_smmu_device_remove(struct platform_device * pdev)3698 static int arm_smmu_device_remove(struct platform_device *pdev)
3699 {
3700 struct arm_smmu_device *smmu = platform_get_drvdata(pdev);
3701
3702 arm_smmu_set_bus_ops(NULL);
3703 iommu_device_unregister(&smmu->iommu);
3704 iommu_device_sysfs_remove(&smmu->iommu);
3705 arm_smmu_device_disable(smmu);
3706
3707 return 0;
3708 }
3709
arm_smmu_device_shutdown(struct platform_device * pdev)3710 static void arm_smmu_device_shutdown(struct platform_device *pdev)
3711 {
3712 arm_smmu_device_remove(pdev);
3713 }
3714
3715 static const struct of_device_id arm_smmu_of_match[] = {
3716 { .compatible = "arm,smmu-v3", },
3717 { },
3718 };
3719 MODULE_DEVICE_TABLE(of, arm_smmu_of_match);
3720
3721 static struct platform_driver arm_smmu_driver = {
3722 .driver = {
3723 .name = "arm-smmu-v3",
3724 .of_match_table = of_match_ptr(arm_smmu_of_match),
3725 .suppress_bind_attrs = true,
3726 },
3727 .probe = arm_smmu_device_probe,
3728 .remove = arm_smmu_device_remove,
3729 .shutdown = arm_smmu_device_shutdown,
3730 };
3731 module_platform_driver(arm_smmu_driver);
3732
3733 MODULE_DESCRIPTION("IOMMU API for ARM architected SMMUv3 implementations");
3734 MODULE_AUTHOR("Will Deacon <will@kernel.org>");
3735 MODULE_LICENSE("GPL v2");
3736