1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * IOMMU API for ARM architected SMMUv3 implementations.
4 *
5 * Copyright (C) 2015 ARM Limited
6 *
7 * Author: Will Deacon <will.deacon@arm.com>
8 *
9 * This driver is powered by bad coffee and bombay mix.
10 */
11
12 #include <linux/acpi.h>
13 #include <linux/acpi_iort.h>
14 #include <linux/bitfield.h>
15 #include <linux/bitops.h>
16 #include <linux/crash_dump.h>
17 #include <linux/delay.h>
18 #include <linux/dma-iommu.h>
19 #include <linux/err.h>
20 #include <linux/interrupt.h>
21 #include <linux/io-pgtable.h>
22 #include <linux/iommu.h>
23 #include <linux/iopoll.h>
24 #include <linux/module.h>
25 #include <linux/msi.h>
26 #include <linux/of.h>
27 #include <linux/of_address.h>
28 #include <linux/of_iommu.h>
29 #include <linux/of_platform.h>
30 #include <linux/pci.h>
31 #include <linux/pci-ats.h>
32 #include <linux/platform_device.h>
33
34 #include <linux/amba/bus.h>
35
36 /* MMIO registers */
37 #define ARM_SMMU_IDR0 0x0
38 #define IDR0_ST_LVL GENMASK(28, 27)
39 #define IDR0_ST_LVL_2LVL 1
40 #define IDR0_STALL_MODEL GENMASK(25, 24)
41 #define IDR0_STALL_MODEL_STALL 0
42 #define IDR0_STALL_MODEL_FORCE 2
43 #define IDR0_TTENDIAN GENMASK(22, 21)
44 #define IDR0_TTENDIAN_MIXED 0
45 #define IDR0_TTENDIAN_LE 2
46 #define IDR0_TTENDIAN_BE 3
47 #define IDR0_CD2L (1 << 19)
48 #define IDR0_VMID16 (1 << 18)
49 #define IDR0_PRI (1 << 16)
50 #define IDR0_SEV (1 << 14)
51 #define IDR0_MSI (1 << 13)
52 #define IDR0_ASID16 (1 << 12)
53 #define IDR0_ATS (1 << 10)
54 #define IDR0_HYP (1 << 9)
55 #define IDR0_COHACC (1 << 4)
56 #define IDR0_TTF GENMASK(3, 2)
57 #define IDR0_TTF_AARCH64 2
58 #define IDR0_TTF_AARCH32_64 3
59 #define IDR0_S1P (1 << 1)
60 #define IDR0_S2P (1 << 0)
61
62 #define ARM_SMMU_IDR1 0x4
63 #define IDR1_TABLES_PRESET (1 << 30)
64 #define IDR1_QUEUES_PRESET (1 << 29)
65 #define IDR1_REL (1 << 28)
66 #define IDR1_CMDQS GENMASK(25, 21)
67 #define IDR1_EVTQS GENMASK(20, 16)
68 #define IDR1_PRIQS GENMASK(15, 11)
69 #define IDR1_SSIDSIZE GENMASK(10, 6)
70 #define IDR1_SIDSIZE GENMASK(5, 0)
71
72 #define ARM_SMMU_IDR5 0x14
73 #define IDR5_STALL_MAX GENMASK(31, 16)
74 #define IDR5_GRAN64K (1 << 6)
75 #define IDR5_GRAN16K (1 << 5)
76 #define IDR5_GRAN4K (1 << 4)
77 #define IDR5_OAS GENMASK(2, 0)
78 #define IDR5_OAS_32_BIT 0
79 #define IDR5_OAS_36_BIT 1
80 #define IDR5_OAS_40_BIT 2
81 #define IDR5_OAS_42_BIT 3
82 #define IDR5_OAS_44_BIT 4
83 #define IDR5_OAS_48_BIT 5
84 #define IDR5_OAS_52_BIT 6
85 #define IDR5_VAX GENMASK(11, 10)
86 #define IDR5_VAX_52_BIT 1
87
88 #define ARM_SMMU_CR0 0x20
89 #define CR0_ATSCHK (1 << 4)
90 #define CR0_CMDQEN (1 << 3)
91 #define CR0_EVTQEN (1 << 2)
92 #define CR0_PRIQEN (1 << 1)
93 #define CR0_SMMUEN (1 << 0)
94
95 #define ARM_SMMU_CR0ACK 0x24
96
97 #define ARM_SMMU_CR1 0x28
98 #define CR1_TABLE_SH GENMASK(11, 10)
99 #define CR1_TABLE_OC GENMASK(9, 8)
100 #define CR1_TABLE_IC GENMASK(7, 6)
101 #define CR1_QUEUE_SH GENMASK(5, 4)
102 #define CR1_QUEUE_OC GENMASK(3, 2)
103 #define CR1_QUEUE_IC GENMASK(1, 0)
104 /* CR1 cacheability fields don't quite follow the usual TCR-style encoding */
105 #define CR1_CACHE_NC 0
106 #define CR1_CACHE_WB 1
107 #define CR1_CACHE_WT 2
108
109 #define ARM_SMMU_CR2 0x2c
110 #define CR2_PTM (1 << 2)
111 #define CR2_RECINVSID (1 << 1)
112 #define CR2_E2H (1 << 0)
113
114 #define ARM_SMMU_GBPA 0x44
115 #define GBPA_UPDATE (1 << 31)
116 #define GBPA_ABORT (1 << 20)
117
118 #define ARM_SMMU_IRQ_CTRL 0x50
119 #define IRQ_CTRL_EVTQ_IRQEN (1 << 2)
120 #define IRQ_CTRL_PRIQ_IRQEN (1 << 1)
121 #define IRQ_CTRL_GERROR_IRQEN (1 << 0)
122
123 #define ARM_SMMU_IRQ_CTRLACK 0x54
124
125 #define ARM_SMMU_GERROR 0x60
126 #define GERROR_SFM_ERR (1 << 8)
127 #define GERROR_MSI_GERROR_ABT_ERR (1 << 7)
128 #define GERROR_MSI_PRIQ_ABT_ERR (1 << 6)
129 #define GERROR_MSI_EVTQ_ABT_ERR (1 << 5)
130 #define GERROR_MSI_CMDQ_ABT_ERR (1 << 4)
131 #define GERROR_PRIQ_ABT_ERR (1 << 3)
132 #define GERROR_EVTQ_ABT_ERR (1 << 2)
133 #define GERROR_CMDQ_ERR (1 << 0)
134 #define GERROR_ERR_MASK 0xfd
135
136 #define ARM_SMMU_GERRORN 0x64
137
138 #define ARM_SMMU_GERROR_IRQ_CFG0 0x68
139 #define ARM_SMMU_GERROR_IRQ_CFG1 0x70
140 #define ARM_SMMU_GERROR_IRQ_CFG2 0x74
141
142 #define ARM_SMMU_STRTAB_BASE 0x80
143 #define STRTAB_BASE_RA (1UL << 62)
144 #define STRTAB_BASE_ADDR_MASK GENMASK_ULL(51, 6)
145
146 #define ARM_SMMU_STRTAB_BASE_CFG 0x88
147 #define STRTAB_BASE_CFG_FMT GENMASK(17, 16)
148 #define STRTAB_BASE_CFG_FMT_LINEAR 0
149 #define STRTAB_BASE_CFG_FMT_2LVL 1
150 #define STRTAB_BASE_CFG_SPLIT GENMASK(10, 6)
151 #define STRTAB_BASE_CFG_LOG2SIZE GENMASK(5, 0)
152
153 #define ARM_SMMU_CMDQ_BASE 0x90
154 #define ARM_SMMU_CMDQ_PROD 0x98
155 #define ARM_SMMU_CMDQ_CONS 0x9c
156
157 #define ARM_SMMU_EVTQ_BASE 0xa0
158 #define ARM_SMMU_EVTQ_PROD 0x100a8
159 #define ARM_SMMU_EVTQ_CONS 0x100ac
160 #define ARM_SMMU_EVTQ_IRQ_CFG0 0xb0
161 #define ARM_SMMU_EVTQ_IRQ_CFG1 0xb8
162 #define ARM_SMMU_EVTQ_IRQ_CFG2 0xbc
163
164 #define ARM_SMMU_PRIQ_BASE 0xc0
165 #define ARM_SMMU_PRIQ_PROD 0x100c8
166 #define ARM_SMMU_PRIQ_CONS 0x100cc
167 #define ARM_SMMU_PRIQ_IRQ_CFG0 0xd0
168 #define ARM_SMMU_PRIQ_IRQ_CFG1 0xd8
169 #define ARM_SMMU_PRIQ_IRQ_CFG2 0xdc
170
171 /* Common MSI config fields */
172 #define MSI_CFG0_ADDR_MASK GENMASK_ULL(51, 2)
173 #define MSI_CFG2_SH GENMASK(5, 4)
174 #define MSI_CFG2_MEMATTR GENMASK(3, 0)
175
176 /* Common memory attribute values */
177 #define ARM_SMMU_SH_NSH 0
178 #define ARM_SMMU_SH_OSH 2
179 #define ARM_SMMU_SH_ISH 3
180 #define ARM_SMMU_MEMATTR_DEVICE_nGnRE 0x1
181 #define ARM_SMMU_MEMATTR_OIWB 0xf
182
183 #define Q_IDX(llq, p) ((p) & ((1 << (llq)->max_n_shift) - 1))
184 #define Q_WRP(llq, p) ((p) & (1 << (llq)->max_n_shift))
185 #define Q_OVERFLOW_FLAG (1U << 31)
186 #define Q_OVF(p) ((p) & Q_OVERFLOW_FLAG)
187 #define Q_ENT(q, p) ((q)->base + \
188 Q_IDX(&((q)->llq), p) * \
189 (q)->ent_dwords)
190
191 #define Q_BASE_RWA (1UL << 62)
192 #define Q_BASE_ADDR_MASK GENMASK_ULL(51, 5)
193 #define Q_BASE_LOG2SIZE GENMASK(4, 0)
194
195 /* Ensure DMA allocations are naturally aligned */
196 #ifdef CONFIG_CMA_ALIGNMENT
197 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + CONFIG_CMA_ALIGNMENT)
198 #else
199 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + MAX_ORDER - 1)
200 #endif
201
202 /*
203 * Stream table.
204 *
205 * Linear: Enough to cover 1 << IDR1.SIDSIZE entries
206 * 2lvl: 128k L1 entries,
207 * 256 lazy entries per table (each table covers a PCI bus)
208 */
209 #define STRTAB_L1_SZ_SHIFT 20
210 #define STRTAB_SPLIT 8
211
212 #define STRTAB_L1_DESC_DWORDS 1
213 #define STRTAB_L1_DESC_SPAN GENMASK_ULL(4, 0)
214 #define STRTAB_L1_DESC_L2PTR_MASK GENMASK_ULL(51, 6)
215
216 #define STRTAB_STE_DWORDS 8
217 #define STRTAB_STE_0_V (1UL << 0)
218 #define STRTAB_STE_0_CFG GENMASK_ULL(3, 1)
219 #define STRTAB_STE_0_CFG_ABORT 0
220 #define STRTAB_STE_0_CFG_BYPASS 4
221 #define STRTAB_STE_0_CFG_S1_TRANS 5
222 #define STRTAB_STE_0_CFG_S2_TRANS 6
223
224 #define STRTAB_STE_0_S1FMT GENMASK_ULL(5, 4)
225 #define STRTAB_STE_0_S1FMT_LINEAR 0
226 #define STRTAB_STE_0_S1CTXPTR_MASK GENMASK_ULL(51, 6)
227 #define STRTAB_STE_0_S1CDMAX GENMASK_ULL(63, 59)
228
229 #define STRTAB_STE_1_S1C_CACHE_NC 0UL
230 #define STRTAB_STE_1_S1C_CACHE_WBRA 1UL
231 #define STRTAB_STE_1_S1C_CACHE_WT 2UL
232 #define STRTAB_STE_1_S1C_CACHE_WB 3UL
233 #define STRTAB_STE_1_S1CIR GENMASK_ULL(3, 2)
234 #define STRTAB_STE_1_S1COR GENMASK_ULL(5, 4)
235 #define STRTAB_STE_1_S1CSH GENMASK_ULL(7, 6)
236
237 #define STRTAB_STE_1_S1STALLD (1UL << 27)
238
239 #define STRTAB_STE_1_EATS GENMASK_ULL(29, 28)
240 #define STRTAB_STE_1_EATS_ABT 0UL
241 #define STRTAB_STE_1_EATS_TRANS 1UL
242 #define STRTAB_STE_1_EATS_S1CHK 2UL
243
244 #define STRTAB_STE_1_STRW GENMASK_ULL(31, 30)
245 #define STRTAB_STE_1_STRW_NSEL1 0UL
246 #define STRTAB_STE_1_STRW_EL2 2UL
247
248 #define STRTAB_STE_1_SHCFG GENMASK_ULL(45, 44)
249 #define STRTAB_STE_1_SHCFG_INCOMING 1UL
250
251 #define STRTAB_STE_2_S2VMID GENMASK_ULL(15, 0)
252 #define STRTAB_STE_2_VTCR GENMASK_ULL(50, 32)
253 #define STRTAB_STE_2_S2AA64 (1UL << 51)
254 #define STRTAB_STE_2_S2ENDI (1UL << 52)
255 #define STRTAB_STE_2_S2PTW (1UL << 54)
256 #define STRTAB_STE_2_S2R (1UL << 58)
257
258 #define STRTAB_STE_3_S2TTB_MASK GENMASK_ULL(51, 4)
259
260 /* Context descriptor (stage-1 only) */
261 #define CTXDESC_CD_DWORDS 8
262 #define CTXDESC_CD_0_TCR_T0SZ GENMASK_ULL(5, 0)
263 #define ARM64_TCR_T0SZ GENMASK_ULL(5, 0)
264 #define CTXDESC_CD_0_TCR_TG0 GENMASK_ULL(7, 6)
265 #define ARM64_TCR_TG0 GENMASK_ULL(15, 14)
266 #define CTXDESC_CD_0_TCR_IRGN0 GENMASK_ULL(9, 8)
267 #define ARM64_TCR_IRGN0 GENMASK_ULL(9, 8)
268 #define CTXDESC_CD_0_TCR_ORGN0 GENMASK_ULL(11, 10)
269 #define ARM64_TCR_ORGN0 GENMASK_ULL(11, 10)
270 #define CTXDESC_CD_0_TCR_SH0 GENMASK_ULL(13, 12)
271 #define ARM64_TCR_SH0 GENMASK_ULL(13, 12)
272 #define CTXDESC_CD_0_TCR_EPD0 (1ULL << 14)
273 #define ARM64_TCR_EPD0 (1ULL << 7)
274 #define CTXDESC_CD_0_TCR_EPD1 (1ULL << 30)
275 #define ARM64_TCR_EPD1 (1ULL << 23)
276
277 #define CTXDESC_CD_0_ENDI (1UL << 15)
278 #define CTXDESC_CD_0_V (1UL << 31)
279
280 #define CTXDESC_CD_0_TCR_IPS GENMASK_ULL(34, 32)
281 #define ARM64_TCR_IPS GENMASK_ULL(34, 32)
282 #define CTXDESC_CD_0_TCR_TBI0 (1ULL << 38)
283 #define ARM64_TCR_TBI0 (1ULL << 37)
284
285 #define CTXDESC_CD_0_AA64 (1UL << 41)
286 #define CTXDESC_CD_0_S (1UL << 44)
287 #define CTXDESC_CD_0_R (1UL << 45)
288 #define CTXDESC_CD_0_A (1UL << 46)
289 #define CTXDESC_CD_0_ASET (1UL << 47)
290 #define CTXDESC_CD_0_ASID GENMASK_ULL(63, 48)
291
292 #define CTXDESC_CD_1_TTB0_MASK GENMASK_ULL(51, 4)
293
294 /* Convert between AArch64 (CPU) TCR format and SMMU CD format */
295 #define ARM_SMMU_TCR2CD(tcr, fld) FIELD_PREP(CTXDESC_CD_0_TCR_##fld, \
296 FIELD_GET(ARM64_TCR_##fld, tcr))
297
298 /* Command queue */
299 #define CMDQ_ENT_SZ_SHIFT 4
300 #define CMDQ_ENT_DWORDS ((1 << CMDQ_ENT_SZ_SHIFT) >> 3)
301 #define CMDQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - CMDQ_ENT_SZ_SHIFT)
302
303 #define CMDQ_CONS_ERR GENMASK(30, 24)
304 #define CMDQ_ERR_CERROR_NONE_IDX 0
305 #define CMDQ_ERR_CERROR_ILL_IDX 1
306 #define CMDQ_ERR_CERROR_ABT_IDX 2
307 #define CMDQ_ERR_CERROR_ATC_INV_IDX 3
308
309 #define CMDQ_PROD_OWNED_FLAG Q_OVERFLOW_FLAG
310
311 /*
312 * This is used to size the command queue and therefore must be at least
313 * BITS_PER_LONG so that the valid_map works correctly (it relies on the
314 * total number of queue entries being a multiple of BITS_PER_LONG).
315 */
316 #define CMDQ_BATCH_ENTRIES BITS_PER_LONG
317
318 #define CMDQ_0_OP GENMASK_ULL(7, 0)
319 #define CMDQ_0_SSV (1UL << 11)
320
321 #define CMDQ_PREFETCH_0_SID GENMASK_ULL(63, 32)
322 #define CMDQ_PREFETCH_1_SIZE GENMASK_ULL(4, 0)
323 #define CMDQ_PREFETCH_1_ADDR_MASK GENMASK_ULL(63, 12)
324
325 #define CMDQ_CFGI_0_SID GENMASK_ULL(63, 32)
326 #define CMDQ_CFGI_1_LEAF (1UL << 0)
327 #define CMDQ_CFGI_1_RANGE GENMASK_ULL(4, 0)
328
329 #define CMDQ_TLBI_0_VMID GENMASK_ULL(47, 32)
330 #define CMDQ_TLBI_0_ASID GENMASK_ULL(63, 48)
331 #define CMDQ_TLBI_1_LEAF (1UL << 0)
332 #define CMDQ_TLBI_1_VA_MASK GENMASK_ULL(63, 12)
333 #define CMDQ_TLBI_1_IPA_MASK GENMASK_ULL(51, 12)
334
335 #define CMDQ_ATC_0_SSID GENMASK_ULL(31, 12)
336 #define CMDQ_ATC_0_SID GENMASK_ULL(63, 32)
337 #define CMDQ_ATC_0_GLOBAL (1UL << 9)
338 #define CMDQ_ATC_1_SIZE GENMASK_ULL(5, 0)
339 #define CMDQ_ATC_1_ADDR_MASK GENMASK_ULL(63, 12)
340
341 #define CMDQ_PRI_0_SSID GENMASK_ULL(31, 12)
342 #define CMDQ_PRI_0_SID GENMASK_ULL(63, 32)
343 #define CMDQ_PRI_1_GRPID GENMASK_ULL(8, 0)
344 #define CMDQ_PRI_1_RESP GENMASK_ULL(13, 12)
345
346 #define CMDQ_SYNC_0_CS GENMASK_ULL(13, 12)
347 #define CMDQ_SYNC_0_CS_NONE 0
348 #define CMDQ_SYNC_0_CS_IRQ 1
349 #define CMDQ_SYNC_0_CS_SEV 2
350 #define CMDQ_SYNC_0_MSH GENMASK_ULL(23, 22)
351 #define CMDQ_SYNC_0_MSIATTR GENMASK_ULL(27, 24)
352 #define CMDQ_SYNC_0_MSIDATA GENMASK_ULL(63, 32)
353 #define CMDQ_SYNC_1_MSIADDR_MASK GENMASK_ULL(51, 2)
354
355 /* Event queue */
356 #define EVTQ_ENT_SZ_SHIFT 5
357 #define EVTQ_ENT_DWORDS ((1 << EVTQ_ENT_SZ_SHIFT) >> 3)
358 #define EVTQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - EVTQ_ENT_SZ_SHIFT)
359
360 #define EVTQ_0_ID GENMASK_ULL(7, 0)
361
362 /* PRI queue */
363 #define PRIQ_ENT_SZ_SHIFT 4
364 #define PRIQ_ENT_DWORDS ((1 << PRIQ_ENT_SZ_SHIFT) >> 3)
365 #define PRIQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - PRIQ_ENT_SZ_SHIFT)
366
367 #define PRIQ_0_SID GENMASK_ULL(31, 0)
368 #define PRIQ_0_SSID GENMASK_ULL(51, 32)
369 #define PRIQ_0_PERM_PRIV (1UL << 58)
370 #define PRIQ_0_PERM_EXEC (1UL << 59)
371 #define PRIQ_0_PERM_READ (1UL << 60)
372 #define PRIQ_0_PERM_WRITE (1UL << 61)
373 #define PRIQ_0_PRG_LAST (1UL << 62)
374 #define PRIQ_0_SSID_V (1UL << 63)
375
376 #define PRIQ_1_PRG_IDX GENMASK_ULL(8, 0)
377 #define PRIQ_1_ADDR_MASK GENMASK_ULL(63, 12)
378
379 /* High-level queue structures */
380 #define ARM_SMMU_POLL_TIMEOUT_US 1000000 /* 1s! */
381 #define ARM_SMMU_POLL_SPIN_COUNT 10
382
383 #define MSI_IOVA_BASE 0x8000000
384 #define MSI_IOVA_LENGTH 0x100000
385
386 static bool disable_bypass = 1;
387 module_param_named(disable_bypass, disable_bypass, bool, S_IRUGO);
388 MODULE_PARM_DESC(disable_bypass,
389 "Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU.");
390
391 enum pri_resp {
392 PRI_RESP_DENY = 0,
393 PRI_RESP_FAIL = 1,
394 PRI_RESP_SUCC = 2,
395 };
396
397 enum arm_smmu_msi_index {
398 EVTQ_MSI_INDEX,
399 GERROR_MSI_INDEX,
400 PRIQ_MSI_INDEX,
401 ARM_SMMU_MAX_MSIS,
402 };
403
404 static phys_addr_t arm_smmu_msi_cfg[ARM_SMMU_MAX_MSIS][3] = {
405 [EVTQ_MSI_INDEX] = {
406 ARM_SMMU_EVTQ_IRQ_CFG0,
407 ARM_SMMU_EVTQ_IRQ_CFG1,
408 ARM_SMMU_EVTQ_IRQ_CFG2,
409 },
410 [GERROR_MSI_INDEX] = {
411 ARM_SMMU_GERROR_IRQ_CFG0,
412 ARM_SMMU_GERROR_IRQ_CFG1,
413 ARM_SMMU_GERROR_IRQ_CFG2,
414 },
415 [PRIQ_MSI_INDEX] = {
416 ARM_SMMU_PRIQ_IRQ_CFG0,
417 ARM_SMMU_PRIQ_IRQ_CFG1,
418 ARM_SMMU_PRIQ_IRQ_CFG2,
419 },
420 };
421
422 struct arm_smmu_cmdq_ent {
423 /* Common fields */
424 u8 opcode;
425 bool substream_valid;
426
427 /* Command-specific fields */
428 union {
429 #define CMDQ_OP_PREFETCH_CFG 0x1
430 struct {
431 u32 sid;
432 u8 size;
433 u64 addr;
434 } prefetch;
435
436 #define CMDQ_OP_CFGI_STE 0x3
437 #define CMDQ_OP_CFGI_ALL 0x4
438 struct {
439 u32 sid;
440 union {
441 bool leaf;
442 u8 span;
443 };
444 } cfgi;
445
446 #define CMDQ_OP_TLBI_NH_ASID 0x11
447 #define CMDQ_OP_TLBI_NH_VA 0x12
448 #define CMDQ_OP_TLBI_EL2_ALL 0x20
449 #define CMDQ_OP_TLBI_S12_VMALL 0x28
450 #define CMDQ_OP_TLBI_S2_IPA 0x2a
451 #define CMDQ_OP_TLBI_NSNH_ALL 0x30
452 struct {
453 u16 asid;
454 u16 vmid;
455 bool leaf;
456 u64 addr;
457 } tlbi;
458
459 #define CMDQ_OP_ATC_INV 0x40
460 #define ATC_INV_SIZE_ALL 52
461 struct {
462 u32 sid;
463 u32 ssid;
464 u64 addr;
465 u8 size;
466 bool global;
467 } atc;
468
469 #define CMDQ_OP_PRI_RESP 0x41
470 struct {
471 u32 sid;
472 u32 ssid;
473 u16 grpid;
474 enum pri_resp resp;
475 } pri;
476
477 #define CMDQ_OP_CMD_SYNC 0x46
478 struct {
479 u64 msiaddr;
480 } sync;
481 };
482 };
483
484 struct arm_smmu_ll_queue {
485 union {
486 u64 val;
487 struct {
488 u32 prod;
489 u32 cons;
490 };
491 struct {
492 atomic_t prod;
493 atomic_t cons;
494 } atomic;
495 u8 __pad[SMP_CACHE_BYTES];
496 } ____cacheline_aligned_in_smp;
497 u32 max_n_shift;
498 };
499
500 struct arm_smmu_queue {
501 struct arm_smmu_ll_queue llq;
502 int irq; /* Wired interrupt */
503
504 __le64 *base;
505 dma_addr_t base_dma;
506 u64 q_base;
507
508 size_t ent_dwords;
509
510 u32 __iomem *prod_reg;
511 u32 __iomem *cons_reg;
512 };
513
514 struct arm_smmu_queue_poll {
515 ktime_t timeout;
516 unsigned int delay;
517 unsigned int spin_cnt;
518 bool wfe;
519 };
520
521 struct arm_smmu_cmdq {
522 struct arm_smmu_queue q;
523 atomic_long_t *valid_map;
524 atomic_t owner_prod;
525 atomic_t lock;
526 };
527
528 struct arm_smmu_evtq {
529 struct arm_smmu_queue q;
530 u32 max_stalls;
531 };
532
533 struct arm_smmu_priq {
534 struct arm_smmu_queue q;
535 };
536
537 /* High-level stream table and context descriptor structures */
538 struct arm_smmu_strtab_l1_desc {
539 u8 span;
540
541 __le64 *l2ptr;
542 dma_addr_t l2ptr_dma;
543 };
544
545 struct arm_smmu_s1_cfg {
546 __le64 *cdptr;
547 dma_addr_t cdptr_dma;
548
549 struct arm_smmu_ctx_desc {
550 u16 asid;
551 u64 ttbr;
552 u64 tcr;
553 u64 mair;
554 } cd;
555 };
556
557 struct arm_smmu_s2_cfg {
558 u16 vmid;
559 u64 vttbr;
560 u64 vtcr;
561 };
562
563 struct arm_smmu_strtab_cfg {
564 __le64 *strtab;
565 dma_addr_t strtab_dma;
566 struct arm_smmu_strtab_l1_desc *l1_desc;
567 unsigned int num_l1_ents;
568
569 u64 strtab_base;
570 u32 strtab_base_cfg;
571 };
572
573 /* An SMMUv3 instance */
574 struct arm_smmu_device {
575 struct device *dev;
576 void __iomem *base;
577
578 #define ARM_SMMU_FEAT_2_LVL_STRTAB (1 << 0)
579 #define ARM_SMMU_FEAT_2_LVL_CDTAB (1 << 1)
580 #define ARM_SMMU_FEAT_TT_LE (1 << 2)
581 #define ARM_SMMU_FEAT_TT_BE (1 << 3)
582 #define ARM_SMMU_FEAT_PRI (1 << 4)
583 #define ARM_SMMU_FEAT_ATS (1 << 5)
584 #define ARM_SMMU_FEAT_SEV (1 << 6)
585 #define ARM_SMMU_FEAT_MSI (1 << 7)
586 #define ARM_SMMU_FEAT_COHERENCY (1 << 8)
587 #define ARM_SMMU_FEAT_TRANS_S1 (1 << 9)
588 #define ARM_SMMU_FEAT_TRANS_S2 (1 << 10)
589 #define ARM_SMMU_FEAT_STALLS (1 << 11)
590 #define ARM_SMMU_FEAT_HYP (1 << 12)
591 #define ARM_SMMU_FEAT_STALL_FORCE (1 << 13)
592 #define ARM_SMMU_FEAT_VAX (1 << 14)
593 u32 features;
594
595 #define ARM_SMMU_OPT_SKIP_PREFETCH (1 << 0)
596 #define ARM_SMMU_OPT_PAGE0_REGS_ONLY (1 << 1)
597 u32 options;
598
599 struct arm_smmu_cmdq cmdq;
600 struct arm_smmu_evtq evtq;
601 struct arm_smmu_priq priq;
602
603 int gerr_irq;
604 int combined_irq;
605
606 unsigned long ias; /* IPA */
607 unsigned long oas; /* PA */
608 unsigned long pgsize_bitmap;
609
610 #define ARM_SMMU_MAX_ASIDS (1 << 16)
611 unsigned int asid_bits;
612 DECLARE_BITMAP(asid_map, ARM_SMMU_MAX_ASIDS);
613
614 #define ARM_SMMU_MAX_VMIDS (1 << 16)
615 unsigned int vmid_bits;
616 DECLARE_BITMAP(vmid_map, ARM_SMMU_MAX_VMIDS);
617
618 unsigned int ssid_bits;
619 unsigned int sid_bits;
620
621 struct arm_smmu_strtab_cfg strtab_cfg;
622
623 /* IOMMU core code handle */
624 struct iommu_device iommu;
625 };
626
627 /* SMMU private data for each master */
628 struct arm_smmu_master {
629 struct arm_smmu_device *smmu;
630 struct device *dev;
631 struct arm_smmu_domain *domain;
632 struct list_head domain_head;
633 u32 *sids;
634 unsigned int num_sids;
635 bool ats_enabled;
636 };
637
638 /* SMMU private data for an IOMMU domain */
639 enum arm_smmu_domain_stage {
640 ARM_SMMU_DOMAIN_S1 = 0,
641 ARM_SMMU_DOMAIN_S2,
642 ARM_SMMU_DOMAIN_NESTED,
643 ARM_SMMU_DOMAIN_BYPASS,
644 };
645
646 struct arm_smmu_domain {
647 struct arm_smmu_device *smmu;
648 struct mutex init_mutex; /* Protects smmu pointer */
649
650 struct io_pgtable_ops *pgtbl_ops;
651 bool non_strict;
652 atomic_t nr_ats_masters;
653
654 enum arm_smmu_domain_stage stage;
655 union {
656 struct arm_smmu_s1_cfg s1_cfg;
657 struct arm_smmu_s2_cfg s2_cfg;
658 };
659
660 struct iommu_domain domain;
661
662 struct list_head devices;
663 spinlock_t devices_lock;
664 };
665
666 struct arm_smmu_option_prop {
667 u32 opt;
668 const char *prop;
669 };
670
671 static struct arm_smmu_option_prop arm_smmu_options[] = {
672 { ARM_SMMU_OPT_SKIP_PREFETCH, "hisilicon,broken-prefetch-cmd" },
673 { ARM_SMMU_OPT_PAGE0_REGS_ONLY, "cavium,cn9900-broken-page1-regspace"},
674 { 0, NULL},
675 };
676
arm_smmu_page1_fixup(unsigned long offset,struct arm_smmu_device * smmu)677 static inline void __iomem *arm_smmu_page1_fixup(unsigned long offset,
678 struct arm_smmu_device *smmu)
679 {
680 if ((offset > SZ_64K) &&
681 (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY))
682 offset -= SZ_64K;
683
684 return smmu->base + offset;
685 }
686
to_smmu_domain(struct iommu_domain * dom)687 static struct arm_smmu_domain *to_smmu_domain(struct iommu_domain *dom)
688 {
689 return container_of(dom, struct arm_smmu_domain, domain);
690 }
691
parse_driver_options(struct arm_smmu_device * smmu)692 static void parse_driver_options(struct arm_smmu_device *smmu)
693 {
694 int i = 0;
695
696 do {
697 if (of_property_read_bool(smmu->dev->of_node,
698 arm_smmu_options[i].prop)) {
699 smmu->options |= arm_smmu_options[i].opt;
700 dev_notice(smmu->dev, "option %s\n",
701 arm_smmu_options[i].prop);
702 }
703 } while (arm_smmu_options[++i].opt);
704 }
705
706 /* Low-level queue manipulation functions */
queue_has_space(struct arm_smmu_ll_queue * q,u32 n)707 static bool queue_has_space(struct arm_smmu_ll_queue *q, u32 n)
708 {
709 u32 space, prod, cons;
710
711 prod = Q_IDX(q, q->prod);
712 cons = Q_IDX(q, q->cons);
713
714 if (Q_WRP(q, q->prod) == Q_WRP(q, q->cons))
715 space = (1 << q->max_n_shift) - (prod - cons);
716 else
717 space = cons - prod;
718
719 return space >= n;
720 }
721
queue_full(struct arm_smmu_ll_queue * q)722 static bool queue_full(struct arm_smmu_ll_queue *q)
723 {
724 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
725 Q_WRP(q, q->prod) != Q_WRP(q, q->cons);
726 }
727
queue_empty(struct arm_smmu_ll_queue * q)728 static bool queue_empty(struct arm_smmu_ll_queue *q)
729 {
730 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
731 Q_WRP(q, q->prod) == Q_WRP(q, q->cons);
732 }
733
queue_consumed(struct arm_smmu_ll_queue * q,u32 prod)734 static bool queue_consumed(struct arm_smmu_ll_queue *q, u32 prod)
735 {
736 return ((Q_WRP(q, q->cons) == Q_WRP(q, prod)) &&
737 (Q_IDX(q, q->cons) > Q_IDX(q, prod))) ||
738 ((Q_WRP(q, q->cons) != Q_WRP(q, prod)) &&
739 (Q_IDX(q, q->cons) <= Q_IDX(q, prod)));
740 }
741
queue_sync_cons_out(struct arm_smmu_queue * q)742 static void queue_sync_cons_out(struct arm_smmu_queue *q)
743 {
744 /*
745 * Ensure that all CPU accesses (reads and writes) to the queue
746 * are complete before we update the cons pointer.
747 */
748 mb();
749 writel_relaxed(q->llq.cons, q->cons_reg);
750 }
751
queue_inc_cons(struct arm_smmu_ll_queue * q)752 static void queue_inc_cons(struct arm_smmu_ll_queue *q)
753 {
754 u32 cons = (Q_WRP(q, q->cons) | Q_IDX(q, q->cons)) + 1;
755 q->cons = Q_OVF(q->cons) | Q_WRP(q, cons) | Q_IDX(q, cons);
756 }
757
queue_sync_cons_ovf(struct arm_smmu_queue * q)758 static void queue_sync_cons_ovf(struct arm_smmu_queue *q)
759 {
760 struct arm_smmu_ll_queue *llq = &q->llq;
761
762 if (likely(Q_OVF(llq->prod) == Q_OVF(llq->cons)))
763 return;
764
765 llq->cons = Q_OVF(llq->prod) | Q_WRP(llq, llq->cons) |
766 Q_IDX(llq, llq->cons);
767 queue_sync_cons_out(q);
768 }
769
queue_sync_prod_in(struct arm_smmu_queue * q)770 static int queue_sync_prod_in(struct arm_smmu_queue *q)
771 {
772 int ret = 0;
773 u32 prod = readl_relaxed(q->prod_reg);
774
775 if (Q_OVF(prod) != Q_OVF(q->llq.prod))
776 ret = -EOVERFLOW;
777
778 q->llq.prod = prod;
779 return ret;
780 }
781
queue_inc_prod_n(struct arm_smmu_ll_queue * q,int n)782 static u32 queue_inc_prod_n(struct arm_smmu_ll_queue *q, int n)
783 {
784 u32 prod = (Q_WRP(q, q->prod) | Q_IDX(q, q->prod)) + n;
785 return Q_OVF(q->prod) | Q_WRP(q, prod) | Q_IDX(q, prod);
786 }
787
queue_poll_init(struct arm_smmu_device * smmu,struct arm_smmu_queue_poll * qp)788 static void queue_poll_init(struct arm_smmu_device *smmu,
789 struct arm_smmu_queue_poll *qp)
790 {
791 qp->delay = 1;
792 qp->spin_cnt = 0;
793 qp->wfe = !!(smmu->features & ARM_SMMU_FEAT_SEV);
794 qp->timeout = ktime_add_us(ktime_get(), ARM_SMMU_POLL_TIMEOUT_US);
795 }
796
queue_poll(struct arm_smmu_queue_poll * qp)797 static int queue_poll(struct arm_smmu_queue_poll *qp)
798 {
799 if (ktime_compare(ktime_get(), qp->timeout) > 0)
800 return -ETIMEDOUT;
801
802 if (qp->wfe) {
803 wfe();
804 } else if (++qp->spin_cnt < ARM_SMMU_POLL_SPIN_COUNT) {
805 cpu_relax();
806 } else {
807 udelay(qp->delay);
808 qp->delay *= 2;
809 qp->spin_cnt = 0;
810 }
811
812 return 0;
813 }
814
queue_write(__le64 * dst,u64 * src,size_t n_dwords)815 static void queue_write(__le64 *dst, u64 *src, size_t n_dwords)
816 {
817 int i;
818
819 for (i = 0; i < n_dwords; ++i)
820 *dst++ = cpu_to_le64(*src++);
821 }
822
queue_read(__le64 * dst,u64 * src,size_t n_dwords)823 static void queue_read(__le64 *dst, u64 *src, size_t n_dwords)
824 {
825 int i;
826
827 for (i = 0; i < n_dwords; ++i)
828 *dst++ = le64_to_cpu(*src++);
829 }
830
queue_remove_raw(struct arm_smmu_queue * q,u64 * ent)831 static int queue_remove_raw(struct arm_smmu_queue *q, u64 *ent)
832 {
833 if (queue_empty(&q->llq))
834 return -EAGAIN;
835
836 queue_read(ent, Q_ENT(q, q->llq.cons), q->ent_dwords);
837 queue_inc_cons(&q->llq);
838 queue_sync_cons_out(q);
839 return 0;
840 }
841
842 /* High-level queue accessors */
arm_smmu_cmdq_build_cmd(u64 * cmd,struct arm_smmu_cmdq_ent * ent)843 static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
844 {
845 memset(cmd, 0, 1 << CMDQ_ENT_SZ_SHIFT);
846 cmd[0] |= FIELD_PREP(CMDQ_0_OP, ent->opcode);
847
848 switch (ent->opcode) {
849 case CMDQ_OP_TLBI_EL2_ALL:
850 case CMDQ_OP_TLBI_NSNH_ALL:
851 break;
852 case CMDQ_OP_PREFETCH_CFG:
853 cmd[0] |= FIELD_PREP(CMDQ_PREFETCH_0_SID, ent->prefetch.sid);
854 cmd[1] |= FIELD_PREP(CMDQ_PREFETCH_1_SIZE, ent->prefetch.size);
855 cmd[1] |= ent->prefetch.addr & CMDQ_PREFETCH_1_ADDR_MASK;
856 break;
857 case CMDQ_OP_CFGI_STE:
858 cmd[0] |= FIELD_PREP(CMDQ_CFGI_0_SID, ent->cfgi.sid);
859 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_LEAF, ent->cfgi.leaf);
860 break;
861 case CMDQ_OP_CFGI_ALL:
862 /* Cover the entire SID range */
863 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_RANGE, 31);
864 break;
865 case CMDQ_OP_TLBI_NH_VA:
866 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
867 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
868 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
869 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_VA_MASK;
870 break;
871 case CMDQ_OP_TLBI_S2_IPA:
872 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
873 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
874 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_IPA_MASK;
875 break;
876 case CMDQ_OP_TLBI_NH_ASID:
877 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
878 /* Fallthrough */
879 case CMDQ_OP_TLBI_S12_VMALL:
880 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
881 break;
882 case CMDQ_OP_ATC_INV:
883 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
884 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_GLOBAL, ent->atc.global);
885 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SSID, ent->atc.ssid);
886 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SID, ent->atc.sid);
887 cmd[1] |= FIELD_PREP(CMDQ_ATC_1_SIZE, ent->atc.size);
888 cmd[1] |= ent->atc.addr & CMDQ_ATC_1_ADDR_MASK;
889 break;
890 case CMDQ_OP_PRI_RESP:
891 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
892 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SSID, ent->pri.ssid);
893 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SID, ent->pri.sid);
894 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_GRPID, ent->pri.grpid);
895 switch (ent->pri.resp) {
896 case PRI_RESP_DENY:
897 case PRI_RESP_FAIL:
898 case PRI_RESP_SUCC:
899 break;
900 default:
901 return -EINVAL;
902 }
903 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_RESP, ent->pri.resp);
904 break;
905 case CMDQ_OP_CMD_SYNC:
906 if (ent->sync.msiaddr) {
907 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_IRQ);
908 cmd[1] |= ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
909 } else {
910 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_SEV);
911 }
912 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
913 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
914 break;
915 default:
916 return -ENOENT;
917 }
918
919 return 0;
920 }
921
arm_smmu_cmdq_build_sync_cmd(u64 * cmd,struct arm_smmu_device * smmu,u32 prod)922 static void arm_smmu_cmdq_build_sync_cmd(u64 *cmd, struct arm_smmu_device *smmu,
923 u32 prod)
924 {
925 struct arm_smmu_queue *q = &smmu->cmdq.q;
926 struct arm_smmu_cmdq_ent ent = {
927 .opcode = CMDQ_OP_CMD_SYNC,
928 };
929
930 /*
931 * Beware that Hi16xx adds an extra 32 bits of goodness to its MSI
932 * payload, so the write will zero the entire command on that platform.
933 */
934 if (smmu->features & ARM_SMMU_FEAT_MSI &&
935 smmu->features & ARM_SMMU_FEAT_COHERENCY) {
936 ent.sync.msiaddr = q->base_dma + Q_IDX(&q->llq, prod) *
937 q->ent_dwords * 8;
938 }
939
940 arm_smmu_cmdq_build_cmd(cmd, &ent);
941 }
942
arm_smmu_cmdq_skip_err(struct arm_smmu_device * smmu)943 static void arm_smmu_cmdq_skip_err(struct arm_smmu_device *smmu)
944 {
945 static const char *cerror_str[] = {
946 [CMDQ_ERR_CERROR_NONE_IDX] = "No error",
947 [CMDQ_ERR_CERROR_ILL_IDX] = "Illegal command",
948 [CMDQ_ERR_CERROR_ABT_IDX] = "Abort on command fetch",
949 [CMDQ_ERR_CERROR_ATC_INV_IDX] = "ATC invalidate timeout",
950 };
951
952 int i;
953 u64 cmd[CMDQ_ENT_DWORDS];
954 struct arm_smmu_queue *q = &smmu->cmdq.q;
955 u32 cons = readl_relaxed(q->cons_reg);
956 u32 idx = FIELD_GET(CMDQ_CONS_ERR, cons);
957 struct arm_smmu_cmdq_ent cmd_sync = {
958 .opcode = CMDQ_OP_CMD_SYNC,
959 };
960
961 dev_err(smmu->dev, "CMDQ error (cons 0x%08x): %s\n", cons,
962 idx < ARRAY_SIZE(cerror_str) ? cerror_str[idx] : "Unknown");
963
964 switch (idx) {
965 case CMDQ_ERR_CERROR_ABT_IDX:
966 dev_err(smmu->dev, "retrying command fetch\n");
967 case CMDQ_ERR_CERROR_NONE_IDX:
968 return;
969 case CMDQ_ERR_CERROR_ATC_INV_IDX:
970 /*
971 * ATC Invalidation Completion timeout. CONS is still pointing
972 * at the CMD_SYNC. Attempt to complete other pending commands
973 * by repeating the CMD_SYNC, though we might well end up back
974 * here since the ATC invalidation may still be pending.
975 */
976 return;
977 case CMDQ_ERR_CERROR_ILL_IDX:
978 /* Fallthrough */
979 default:
980 break;
981 }
982
983 /*
984 * We may have concurrent producers, so we need to be careful
985 * not to touch any of the shadow cmdq state.
986 */
987 queue_read(cmd, Q_ENT(q, cons), q->ent_dwords);
988 dev_err(smmu->dev, "skipping command in error state:\n");
989 for (i = 0; i < ARRAY_SIZE(cmd); ++i)
990 dev_err(smmu->dev, "\t0x%016llx\n", (unsigned long long)cmd[i]);
991
992 /* Convert the erroneous command into a CMD_SYNC */
993 if (arm_smmu_cmdq_build_cmd(cmd, &cmd_sync)) {
994 dev_err(smmu->dev, "failed to convert to CMD_SYNC\n");
995 return;
996 }
997
998 queue_write(Q_ENT(q, cons), cmd, q->ent_dwords);
999 }
1000
1001 /*
1002 * Command queue locking.
1003 * This is a form of bastardised rwlock with the following major changes:
1004 *
1005 * - The only LOCK routines are exclusive_trylock() and shared_lock().
1006 * Neither have barrier semantics, and instead provide only a control
1007 * dependency.
1008 *
1009 * - The UNLOCK routines are supplemented with shared_tryunlock(), which
1010 * fails if the caller appears to be the last lock holder (yes, this is
1011 * racy). All successful UNLOCK routines have RELEASE semantics.
1012 */
arm_smmu_cmdq_shared_lock(struct arm_smmu_cmdq * cmdq)1013 static void arm_smmu_cmdq_shared_lock(struct arm_smmu_cmdq *cmdq)
1014 {
1015 int val;
1016
1017 /*
1018 * We can try to avoid the cmpxchg() loop by simply incrementing the
1019 * lock counter. When held in exclusive state, the lock counter is set
1020 * to INT_MIN so these increments won't hurt as the value will remain
1021 * negative.
1022 */
1023 if (atomic_fetch_inc_relaxed(&cmdq->lock) >= 0)
1024 return;
1025
1026 do {
1027 val = atomic_cond_read_relaxed(&cmdq->lock, VAL >= 0);
1028 } while (atomic_cmpxchg_relaxed(&cmdq->lock, val, val + 1) != val);
1029 }
1030
arm_smmu_cmdq_shared_unlock(struct arm_smmu_cmdq * cmdq)1031 static void arm_smmu_cmdq_shared_unlock(struct arm_smmu_cmdq *cmdq)
1032 {
1033 (void)atomic_dec_return_release(&cmdq->lock);
1034 }
1035
arm_smmu_cmdq_shared_tryunlock(struct arm_smmu_cmdq * cmdq)1036 static bool arm_smmu_cmdq_shared_tryunlock(struct arm_smmu_cmdq *cmdq)
1037 {
1038 if (atomic_read(&cmdq->lock) == 1)
1039 return false;
1040
1041 arm_smmu_cmdq_shared_unlock(cmdq);
1042 return true;
1043 }
1044
1045 #define arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags) \
1046 ({ \
1047 bool __ret; \
1048 local_irq_save(flags); \
1049 __ret = !atomic_cmpxchg_relaxed(&cmdq->lock, 0, INT_MIN); \
1050 if (!__ret) \
1051 local_irq_restore(flags); \
1052 __ret; \
1053 })
1054
1055 #define arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags) \
1056 ({ \
1057 atomic_set_release(&cmdq->lock, 0); \
1058 local_irq_restore(flags); \
1059 })
1060
1061
1062 /*
1063 * Command queue insertion.
1064 * This is made fiddly by our attempts to achieve some sort of scalability
1065 * since there is one queue shared amongst all of the CPUs in the system. If
1066 * you like mixed-size concurrency, dependency ordering and relaxed atomics,
1067 * then you'll *love* this monstrosity.
1068 *
1069 * The basic idea is to split the queue up into ranges of commands that are
1070 * owned by a given CPU; the owner may not have written all of the commands
1071 * itself, but is responsible for advancing the hardware prod pointer when
1072 * the time comes. The algorithm is roughly:
1073 *
1074 * 1. Allocate some space in the queue. At this point we also discover
1075 * whether the head of the queue is currently owned by another CPU,
1076 * or whether we are the owner.
1077 *
1078 * 2. Write our commands into our allocated slots in the queue.
1079 *
1080 * 3. Mark our slots as valid in arm_smmu_cmdq.valid_map.
1081 *
1082 * 4. If we are an owner:
1083 * a. Wait for the previous owner to finish.
1084 * b. Mark the queue head as unowned, which tells us the range
1085 * that we are responsible for publishing.
1086 * c. Wait for all commands in our owned range to become valid.
1087 * d. Advance the hardware prod pointer.
1088 * e. Tell the next owner we've finished.
1089 *
1090 * 5. If we are inserting a CMD_SYNC (we may or may not have been an
1091 * owner), then we need to stick around until it has completed:
1092 * a. If we have MSIs, the SMMU can write back into the CMD_SYNC
1093 * to clear the first 4 bytes.
1094 * b. Otherwise, we spin waiting for the hardware cons pointer to
1095 * advance past our command.
1096 *
1097 * The devil is in the details, particularly the use of locking for handling
1098 * SYNC completion and freeing up space in the queue before we think that it is
1099 * full.
1100 */
__arm_smmu_cmdq_poll_set_valid_map(struct arm_smmu_cmdq * cmdq,u32 sprod,u32 eprod,bool set)1101 static void __arm_smmu_cmdq_poll_set_valid_map(struct arm_smmu_cmdq *cmdq,
1102 u32 sprod, u32 eprod, bool set)
1103 {
1104 u32 swidx, sbidx, ewidx, ebidx;
1105 struct arm_smmu_ll_queue llq = {
1106 .max_n_shift = cmdq->q.llq.max_n_shift,
1107 .prod = sprod,
1108 };
1109
1110 ewidx = BIT_WORD(Q_IDX(&llq, eprod));
1111 ebidx = Q_IDX(&llq, eprod) % BITS_PER_LONG;
1112
1113 while (llq.prod != eprod) {
1114 unsigned long mask;
1115 atomic_long_t *ptr;
1116 u32 limit = BITS_PER_LONG;
1117
1118 swidx = BIT_WORD(Q_IDX(&llq, llq.prod));
1119 sbidx = Q_IDX(&llq, llq.prod) % BITS_PER_LONG;
1120
1121 ptr = &cmdq->valid_map[swidx];
1122
1123 if ((swidx == ewidx) && (sbidx < ebidx))
1124 limit = ebidx;
1125
1126 mask = GENMASK(limit - 1, sbidx);
1127
1128 /*
1129 * The valid bit is the inverse of the wrap bit. This means
1130 * that a zero-initialised queue is invalid and, after marking
1131 * all entries as valid, they become invalid again when we
1132 * wrap.
1133 */
1134 if (set) {
1135 atomic_long_xor(mask, ptr);
1136 } else { /* Poll */
1137 unsigned long valid;
1138
1139 valid = (ULONG_MAX + !!Q_WRP(&llq, llq.prod)) & mask;
1140 atomic_long_cond_read_relaxed(ptr, (VAL & mask) == valid);
1141 }
1142
1143 llq.prod = queue_inc_prod_n(&llq, limit - sbidx);
1144 }
1145 }
1146
1147 /* Mark all entries in the range [sprod, eprod) as valid */
arm_smmu_cmdq_set_valid_map(struct arm_smmu_cmdq * cmdq,u32 sprod,u32 eprod)1148 static void arm_smmu_cmdq_set_valid_map(struct arm_smmu_cmdq *cmdq,
1149 u32 sprod, u32 eprod)
1150 {
1151 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, true);
1152 }
1153
1154 /* Wait for all entries in the range [sprod, eprod) to become valid */
arm_smmu_cmdq_poll_valid_map(struct arm_smmu_cmdq * cmdq,u32 sprod,u32 eprod)1155 static void arm_smmu_cmdq_poll_valid_map(struct arm_smmu_cmdq *cmdq,
1156 u32 sprod, u32 eprod)
1157 {
1158 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, false);
1159 }
1160
1161 /* Wait for the command queue to become non-full */
arm_smmu_cmdq_poll_until_not_full(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1162 static int arm_smmu_cmdq_poll_until_not_full(struct arm_smmu_device *smmu,
1163 struct arm_smmu_ll_queue *llq)
1164 {
1165 unsigned long flags;
1166 struct arm_smmu_queue_poll qp;
1167 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1168 int ret = 0;
1169
1170 /*
1171 * Try to update our copy of cons by grabbing exclusive cmdq access. If
1172 * that fails, spin until somebody else updates it for us.
1173 */
1174 if (arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags)) {
1175 WRITE_ONCE(cmdq->q.llq.cons, readl_relaxed(cmdq->q.cons_reg));
1176 arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags);
1177 llq->val = READ_ONCE(cmdq->q.llq.val);
1178 return 0;
1179 }
1180
1181 queue_poll_init(smmu, &qp);
1182 do {
1183 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1184 if (!queue_full(llq))
1185 break;
1186
1187 ret = queue_poll(&qp);
1188 } while (!ret);
1189
1190 return ret;
1191 }
1192
1193 /*
1194 * Wait until the SMMU signals a CMD_SYNC completion MSI.
1195 * Must be called with the cmdq lock held in some capacity.
1196 */
__arm_smmu_cmdq_poll_until_msi(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1197 static int __arm_smmu_cmdq_poll_until_msi(struct arm_smmu_device *smmu,
1198 struct arm_smmu_ll_queue *llq)
1199 {
1200 int ret = 0;
1201 struct arm_smmu_queue_poll qp;
1202 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1203 u32 *cmd = (u32 *)(Q_ENT(&cmdq->q, llq->prod));
1204
1205 queue_poll_init(smmu, &qp);
1206
1207 /*
1208 * The MSI won't generate an event, since it's being written back
1209 * into the command queue.
1210 */
1211 qp.wfe = false;
1212 smp_cond_load_relaxed(cmd, !VAL || (ret = queue_poll(&qp)));
1213 llq->cons = ret ? llq->prod : queue_inc_prod_n(llq, 1);
1214 return ret;
1215 }
1216
1217 /*
1218 * Wait until the SMMU cons index passes llq->prod.
1219 * Must be called with the cmdq lock held in some capacity.
1220 */
__arm_smmu_cmdq_poll_until_consumed(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1221 static int __arm_smmu_cmdq_poll_until_consumed(struct arm_smmu_device *smmu,
1222 struct arm_smmu_ll_queue *llq)
1223 {
1224 struct arm_smmu_queue_poll qp;
1225 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1226 u32 prod = llq->prod;
1227 int ret = 0;
1228
1229 queue_poll_init(smmu, &qp);
1230 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1231 do {
1232 if (queue_consumed(llq, prod))
1233 break;
1234
1235 ret = queue_poll(&qp);
1236
1237 /*
1238 * This needs to be a readl() so that our subsequent call
1239 * to arm_smmu_cmdq_shared_tryunlock() can fail accurately.
1240 *
1241 * Specifically, we need to ensure that we observe all
1242 * shared_lock()s by other CMD_SYNCs that share our owner,
1243 * so that a failing call to tryunlock() means that we're
1244 * the last one out and therefore we can safely advance
1245 * cmdq->q.llq.cons. Roughly speaking:
1246 *
1247 * CPU 0 CPU1 CPU2 (us)
1248 *
1249 * if (sync)
1250 * shared_lock();
1251 *
1252 * dma_wmb();
1253 * set_valid_map();
1254 *
1255 * if (owner) {
1256 * poll_valid_map();
1257 * <control dependency>
1258 * writel(prod_reg);
1259 *
1260 * readl(cons_reg);
1261 * tryunlock();
1262 *
1263 * Requires us to see CPU 0's shared_lock() acquisition.
1264 */
1265 llq->cons = readl(cmdq->q.cons_reg);
1266 } while (!ret);
1267
1268 return ret;
1269 }
1270
arm_smmu_cmdq_poll_until_sync(struct arm_smmu_device * smmu,struct arm_smmu_ll_queue * llq)1271 static int arm_smmu_cmdq_poll_until_sync(struct arm_smmu_device *smmu,
1272 struct arm_smmu_ll_queue *llq)
1273 {
1274 if (smmu->features & ARM_SMMU_FEAT_MSI &&
1275 smmu->features & ARM_SMMU_FEAT_COHERENCY)
1276 return __arm_smmu_cmdq_poll_until_msi(smmu, llq);
1277
1278 return __arm_smmu_cmdq_poll_until_consumed(smmu, llq);
1279 }
1280
arm_smmu_cmdq_write_entries(struct arm_smmu_cmdq * cmdq,u64 * cmds,u32 prod,int n)1281 static void arm_smmu_cmdq_write_entries(struct arm_smmu_cmdq *cmdq, u64 *cmds,
1282 u32 prod, int n)
1283 {
1284 int i;
1285 struct arm_smmu_ll_queue llq = {
1286 .max_n_shift = cmdq->q.llq.max_n_shift,
1287 .prod = prod,
1288 };
1289
1290 for (i = 0; i < n; ++i) {
1291 u64 *cmd = &cmds[i * CMDQ_ENT_DWORDS];
1292
1293 prod = queue_inc_prod_n(&llq, i);
1294 queue_write(Q_ENT(&cmdq->q, prod), cmd, CMDQ_ENT_DWORDS);
1295 }
1296 }
1297
1298 /*
1299 * This is the actual insertion function, and provides the following
1300 * ordering guarantees to callers:
1301 *
1302 * - There is a dma_wmb() before publishing any commands to the queue.
1303 * This can be relied upon to order prior writes to data structures
1304 * in memory (such as a CD or an STE) before the command.
1305 *
1306 * - On completion of a CMD_SYNC, there is a control dependency.
1307 * This can be relied upon to order subsequent writes to memory (e.g.
1308 * freeing an IOVA) after completion of the CMD_SYNC.
1309 *
1310 * - Command insertion is totally ordered, so if two CPUs each race to
1311 * insert their own list of commands then all of the commands from one
1312 * CPU will appear before any of the commands from the other CPU.
1313 */
arm_smmu_cmdq_issue_cmdlist(struct arm_smmu_device * smmu,u64 * cmds,int n,bool sync)1314 static int arm_smmu_cmdq_issue_cmdlist(struct arm_smmu_device *smmu,
1315 u64 *cmds, int n, bool sync)
1316 {
1317 u64 cmd_sync[CMDQ_ENT_DWORDS];
1318 u32 prod;
1319 unsigned long flags;
1320 bool owner;
1321 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1322 struct arm_smmu_ll_queue llq = {
1323 .max_n_shift = cmdq->q.llq.max_n_shift,
1324 }, head = llq;
1325 int ret = 0;
1326
1327 /* 1. Allocate some space in the queue */
1328 local_irq_save(flags);
1329 llq.val = READ_ONCE(cmdq->q.llq.val);
1330 do {
1331 u64 old;
1332
1333 while (!queue_has_space(&llq, n + sync)) {
1334 local_irq_restore(flags);
1335 if (arm_smmu_cmdq_poll_until_not_full(smmu, &llq))
1336 dev_err_ratelimited(smmu->dev, "CMDQ timeout\n");
1337 local_irq_save(flags);
1338 }
1339
1340 head.cons = llq.cons;
1341 head.prod = queue_inc_prod_n(&llq, n + sync) |
1342 CMDQ_PROD_OWNED_FLAG;
1343
1344 old = cmpxchg_relaxed(&cmdq->q.llq.val, llq.val, head.val);
1345 if (old == llq.val)
1346 break;
1347
1348 llq.val = old;
1349 } while (1);
1350 owner = !(llq.prod & CMDQ_PROD_OWNED_FLAG);
1351 head.prod &= ~CMDQ_PROD_OWNED_FLAG;
1352 llq.prod &= ~CMDQ_PROD_OWNED_FLAG;
1353
1354 /*
1355 * 2. Write our commands into the queue
1356 * Dependency ordering from the cmpxchg() loop above.
1357 */
1358 arm_smmu_cmdq_write_entries(cmdq, cmds, llq.prod, n);
1359 if (sync) {
1360 prod = queue_inc_prod_n(&llq, n);
1361 arm_smmu_cmdq_build_sync_cmd(cmd_sync, smmu, prod);
1362 queue_write(Q_ENT(&cmdq->q, prod), cmd_sync, CMDQ_ENT_DWORDS);
1363
1364 /*
1365 * In order to determine completion of our CMD_SYNC, we must
1366 * ensure that the queue can't wrap twice without us noticing.
1367 * We achieve that by taking the cmdq lock as shared before
1368 * marking our slot as valid.
1369 */
1370 arm_smmu_cmdq_shared_lock(cmdq);
1371 }
1372
1373 /* 3. Mark our slots as valid, ensuring commands are visible first */
1374 dma_wmb();
1375 arm_smmu_cmdq_set_valid_map(cmdq, llq.prod, head.prod);
1376
1377 /* 4. If we are the owner, take control of the SMMU hardware */
1378 if (owner) {
1379 /* a. Wait for previous owner to finish */
1380 atomic_cond_read_relaxed(&cmdq->owner_prod, VAL == llq.prod);
1381
1382 /* b. Stop gathering work by clearing the owned flag */
1383 prod = atomic_fetch_andnot_relaxed(CMDQ_PROD_OWNED_FLAG,
1384 &cmdq->q.llq.atomic.prod);
1385 prod &= ~CMDQ_PROD_OWNED_FLAG;
1386
1387 /*
1388 * c. Wait for any gathered work to be written to the queue.
1389 * Note that we read our own entries so that we have the control
1390 * dependency required by (d).
1391 */
1392 arm_smmu_cmdq_poll_valid_map(cmdq, llq.prod, prod);
1393
1394 /*
1395 * d. Advance the hardware prod pointer
1396 * Control dependency ordering from the entries becoming valid.
1397 */
1398 writel_relaxed(prod, cmdq->q.prod_reg);
1399
1400 /*
1401 * e. Tell the next owner we're done
1402 * Make sure we've updated the hardware first, so that we don't
1403 * race to update prod and potentially move it backwards.
1404 */
1405 atomic_set_release(&cmdq->owner_prod, prod);
1406 }
1407
1408 /* 5. If we are inserting a CMD_SYNC, we must wait for it to complete */
1409 if (sync) {
1410 llq.prod = queue_inc_prod_n(&llq, n);
1411 ret = arm_smmu_cmdq_poll_until_sync(smmu, &llq);
1412 if (ret) {
1413 dev_err_ratelimited(smmu->dev,
1414 "CMD_SYNC timeout at 0x%08x [hwprod 0x%08x, hwcons 0x%08x]\n",
1415 llq.prod,
1416 readl_relaxed(cmdq->q.prod_reg),
1417 readl_relaxed(cmdq->q.cons_reg));
1418 }
1419
1420 /*
1421 * Try to unlock the cmq lock. This will fail if we're the last
1422 * reader, in which case we can safely update cmdq->q.llq.cons
1423 */
1424 if (!arm_smmu_cmdq_shared_tryunlock(cmdq)) {
1425 WRITE_ONCE(cmdq->q.llq.cons, llq.cons);
1426 arm_smmu_cmdq_shared_unlock(cmdq);
1427 }
1428 }
1429
1430 local_irq_restore(flags);
1431 return ret;
1432 }
1433
arm_smmu_cmdq_issue_cmd(struct arm_smmu_device * smmu,struct arm_smmu_cmdq_ent * ent)1434 static int arm_smmu_cmdq_issue_cmd(struct arm_smmu_device *smmu,
1435 struct arm_smmu_cmdq_ent *ent)
1436 {
1437 u64 cmd[CMDQ_ENT_DWORDS];
1438
1439 if (arm_smmu_cmdq_build_cmd(cmd, ent)) {
1440 dev_warn(smmu->dev, "ignoring unknown CMDQ opcode 0x%x\n",
1441 ent->opcode);
1442 return -EINVAL;
1443 }
1444
1445 return arm_smmu_cmdq_issue_cmdlist(smmu, cmd, 1, false);
1446 }
1447
arm_smmu_cmdq_issue_sync(struct arm_smmu_device * smmu)1448 static int arm_smmu_cmdq_issue_sync(struct arm_smmu_device *smmu)
1449 {
1450 return arm_smmu_cmdq_issue_cmdlist(smmu, NULL, 0, true);
1451 }
1452
1453 /* Context descriptor manipulation functions */
arm_smmu_cpu_tcr_to_cd(u64 tcr)1454 static u64 arm_smmu_cpu_tcr_to_cd(u64 tcr)
1455 {
1456 u64 val = 0;
1457
1458 /* Repack the TCR. Just care about TTBR0 for now */
1459 val |= ARM_SMMU_TCR2CD(tcr, T0SZ);
1460 val |= ARM_SMMU_TCR2CD(tcr, TG0);
1461 val |= ARM_SMMU_TCR2CD(tcr, IRGN0);
1462 val |= ARM_SMMU_TCR2CD(tcr, ORGN0);
1463 val |= ARM_SMMU_TCR2CD(tcr, SH0);
1464 val |= ARM_SMMU_TCR2CD(tcr, EPD0);
1465 val |= ARM_SMMU_TCR2CD(tcr, EPD1);
1466 val |= ARM_SMMU_TCR2CD(tcr, IPS);
1467
1468 return val;
1469 }
1470
arm_smmu_write_ctx_desc(struct arm_smmu_device * smmu,struct arm_smmu_s1_cfg * cfg)1471 static void arm_smmu_write_ctx_desc(struct arm_smmu_device *smmu,
1472 struct arm_smmu_s1_cfg *cfg)
1473 {
1474 u64 val;
1475
1476 /*
1477 * We don't need to issue any invalidation here, as we'll invalidate
1478 * the STE when installing the new entry anyway.
1479 */
1480 val = arm_smmu_cpu_tcr_to_cd(cfg->cd.tcr) |
1481 #ifdef __BIG_ENDIAN
1482 CTXDESC_CD_0_ENDI |
1483 #endif
1484 CTXDESC_CD_0_R | CTXDESC_CD_0_A | CTXDESC_CD_0_ASET |
1485 CTXDESC_CD_0_AA64 | FIELD_PREP(CTXDESC_CD_0_ASID, cfg->cd.asid) |
1486 CTXDESC_CD_0_V;
1487
1488 /* STALL_MODEL==0b10 && CD.S==0 is ILLEGAL */
1489 if (smmu->features & ARM_SMMU_FEAT_STALL_FORCE)
1490 val |= CTXDESC_CD_0_S;
1491
1492 cfg->cdptr[0] = cpu_to_le64(val);
1493
1494 val = cfg->cd.ttbr & CTXDESC_CD_1_TTB0_MASK;
1495 cfg->cdptr[1] = cpu_to_le64(val);
1496
1497 cfg->cdptr[3] = cpu_to_le64(cfg->cd.mair);
1498 }
1499
1500 /* Stream table manipulation functions */
1501 static void
arm_smmu_write_strtab_l1_desc(__le64 * dst,struct arm_smmu_strtab_l1_desc * desc)1502 arm_smmu_write_strtab_l1_desc(__le64 *dst, struct arm_smmu_strtab_l1_desc *desc)
1503 {
1504 u64 val = 0;
1505
1506 val |= FIELD_PREP(STRTAB_L1_DESC_SPAN, desc->span);
1507 val |= desc->l2ptr_dma & STRTAB_L1_DESC_L2PTR_MASK;
1508
1509 *dst = cpu_to_le64(val);
1510 }
1511
arm_smmu_sync_ste_for_sid(struct arm_smmu_device * smmu,u32 sid)1512 static void arm_smmu_sync_ste_for_sid(struct arm_smmu_device *smmu, u32 sid)
1513 {
1514 struct arm_smmu_cmdq_ent cmd = {
1515 .opcode = CMDQ_OP_CFGI_STE,
1516 .cfgi = {
1517 .sid = sid,
1518 .leaf = true,
1519 },
1520 };
1521
1522 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1523 arm_smmu_cmdq_issue_sync(smmu);
1524 }
1525
arm_smmu_write_strtab_ent(struct arm_smmu_master * master,u32 sid,__le64 * dst)1526 static void arm_smmu_write_strtab_ent(struct arm_smmu_master *master, u32 sid,
1527 __le64 *dst)
1528 {
1529 /*
1530 * This is hideously complicated, but we only really care about
1531 * three cases at the moment:
1532 *
1533 * 1. Invalid (all zero) -> bypass/fault (init)
1534 * 2. Bypass/fault -> translation/bypass (attach)
1535 * 3. Translation/bypass -> bypass/fault (detach)
1536 *
1537 * Given that we can't update the STE atomically and the SMMU
1538 * doesn't read the thing in a defined order, that leaves us
1539 * with the following maintenance requirements:
1540 *
1541 * 1. Update Config, return (init time STEs aren't live)
1542 * 2. Write everything apart from dword 0, sync, write dword 0, sync
1543 * 3. Update Config, sync
1544 */
1545 u64 val = le64_to_cpu(dst[0]);
1546 bool ste_live = false;
1547 struct arm_smmu_device *smmu = NULL;
1548 struct arm_smmu_s1_cfg *s1_cfg = NULL;
1549 struct arm_smmu_s2_cfg *s2_cfg = NULL;
1550 struct arm_smmu_domain *smmu_domain = NULL;
1551 struct arm_smmu_cmdq_ent prefetch_cmd = {
1552 .opcode = CMDQ_OP_PREFETCH_CFG,
1553 .prefetch = {
1554 .sid = sid,
1555 },
1556 };
1557
1558 if (master) {
1559 smmu_domain = master->domain;
1560 smmu = master->smmu;
1561 }
1562
1563 if (smmu_domain) {
1564 switch (smmu_domain->stage) {
1565 case ARM_SMMU_DOMAIN_S1:
1566 s1_cfg = &smmu_domain->s1_cfg;
1567 break;
1568 case ARM_SMMU_DOMAIN_S2:
1569 case ARM_SMMU_DOMAIN_NESTED:
1570 s2_cfg = &smmu_domain->s2_cfg;
1571 break;
1572 default:
1573 break;
1574 }
1575 }
1576
1577 if (val & STRTAB_STE_0_V) {
1578 switch (FIELD_GET(STRTAB_STE_0_CFG, val)) {
1579 case STRTAB_STE_0_CFG_BYPASS:
1580 break;
1581 case STRTAB_STE_0_CFG_S1_TRANS:
1582 case STRTAB_STE_0_CFG_S2_TRANS:
1583 ste_live = true;
1584 break;
1585 case STRTAB_STE_0_CFG_ABORT:
1586 BUG_ON(!disable_bypass);
1587 break;
1588 default:
1589 BUG(); /* STE corruption */
1590 }
1591 }
1592
1593 /* Nuke the existing STE_0 value, as we're going to rewrite it */
1594 val = STRTAB_STE_0_V;
1595
1596 /* Bypass/fault */
1597 if (!smmu_domain || !(s1_cfg || s2_cfg)) {
1598 if (!smmu_domain && disable_bypass)
1599 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_ABORT);
1600 else
1601 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_BYPASS);
1602
1603 dst[0] = cpu_to_le64(val);
1604 dst[1] = cpu_to_le64(FIELD_PREP(STRTAB_STE_1_SHCFG,
1605 STRTAB_STE_1_SHCFG_INCOMING));
1606 dst[2] = 0; /* Nuke the VMID */
1607 /*
1608 * The SMMU can perform negative caching, so we must sync
1609 * the STE regardless of whether the old value was live.
1610 */
1611 if (smmu)
1612 arm_smmu_sync_ste_for_sid(smmu, sid);
1613 return;
1614 }
1615
1616 if (s1_cfg) {
1617 BUG_ON(ste_live);
1618 dst[1] = cpu_to_le64(
1619 FIELD_PREP(STRTAB_STE_1_S1CIR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1620 FIELD_PREP(STRTAB_STE_1_S1COR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1621 FIELD_PREP(STRTAB_STE_1_S1CSH, ARM_SMMU_SH_ISH) |
1622 FIELD_PREP(STRTAB_STE_1_STRW, STRTAB_STE_1_STRW_NSEL1));
1623
1624 if (smmu->features & ARM_SMMU_FEAT_STALLS &&
1625 !(smmu->features & ARM_SMMU_FEAT_STALL_FORCE))
1626 dst[1] |= cpu_to_le64(STRTAB_STE_1_S1STALLD);
1627
1628 val |= (s1_cfg->cdptr_dma & STRTAB_STE_0_S1CTXPTR_MASK) |
1629 FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S1_TRANS);
1630 }
1631
1632 if (s2_cfg) {
1633 BUG_ON(ste_live);
1634 dst[2] = cpu_to_le64(
1635 FIELD_PREP(STRTAB_STE_2_S2VMID, s2_cfg->vmid) |
1636 FIELD_PREP(STRTAB_STE_2_VTCR, s2_cfg->vtcr) |
1637 #ifdef __BIG_ENDIAN
1638 STRTAB_STE_2_S2ENDI |
1639 #endif
1640 STRTAB_STE_2_S2PTW | STRTAB_STE_2_S2AA64 |
1641 STRTAB_STE_2_S2R);
1642
1643 dst[3] = cpu_to_le64(s2_cfg->vttbr & STRTAB_STE_3_S2TTB_MASK);
1644
1645 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S2_TRANS);
1646 }
1647
1648 if (master->ats_enabled)
1649 dst[1] |= cpu_to_le64(FIELD_PREP(STRTAB_STE_1_EATS,
1650 STRTAB_STE_1_EATS_TRANS));
1651
1652 arm_smmu_sync_ste_for_sid(smmu, sid);
1653 /* See comment in arm_smmu_write_ctx_desc() */
1654 WRITE_ONCE(dst[0], cpu_to_le64(val));
1655 arm_smmu_sync_ste_for_sid(smmu, sid);
1656
1657 /* It's likely that we'll want to use the new STE soon */
1658 if (!(smmu->options & ARM_SMMU_OPT_SKIP_PREFETCH))
1659 arm_smmu_cmdq_issue_cmd(smmu, &prefetch_cmd);
1660 }
1661
arm_smmu_init_bypass_stes(u64 * strtab,unsigned int nent)1662 static void arm_smmu_init_bypass_stes(u64 *strtab, unsigned int nent)
1663 {
1664 unsigned int i;
1665
1666 for (i = 0; i < nent; ++i) {
1667 arm_smmu_write_strtab_ent(NULL, -1, strtab);
1668 strtab += STRTAB_STE_DWORDS;
1669 }
1670 }
1671
arm_smmu_init_l2_strtab(struct arm_smmu_device * smmu,u32 sid)1672 static int arm_smmu_init_l2_strtab(struct arm_smmu_device *smmu, u32 sid)
1673 {
1674 size_t size;
1675 void *strtab;
1676 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
1677 struct arm_smmu_strtab_l1_desc *desc = &cfg->l1_desc[sid >> STRTAB_SPLIT];
1678
1679 if (desc->l2ptr)
1680 return 0;
1681
1682 size = 1 << (STRTAB_SPLIT + ilog2(STRTAB_STE_DWORDS) + 3);
1683 strtab = &cfg->strtab[(sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS];
1684
1685 desc->span = STRTAB_SPLIT + 1;
1686 desc->l2ptr = dmam_alloc_coherent(smmu->dev, size, &desc->l2ptr_dma,
1687 GFP_KERNEL | __GFP_ZERO);
1688 if (!desc->l2ptr) {
1689 dev_err(smmu->dev,
1690 "failed to allocate l2 stream table for SID %u\n",
1691 sid);
1692 return -ENOMEM;
1693 }
1694
1695 arm_smmu_init_bypass_stes(desc->l2ptr, 1 << STRTAB_SPLIT);
1696 arm_smmu_write_strtab_l1_desc(strtab, desc);
1697 return 0;
1698 }
1699
1700 /* IRQ and event handlers */
arm_smmu_evtq_thread(int irq,void * dev)1701 static irqreturn_t arm_smmu_evtq_thread(int irq, void *dev)
1702 {
1703 int i;
1704 struct arm_smmu_device *smmu = dev;
1705 struct arm_smmu_queue *q = &smmu->evtq.q;
1706 struct arm_smmu_ll_queue *llq = &q->llq;
1707 u64 evt[EVTQ_ENT_DWORDS];
1708
1709 do {
1710 while (!queue_remove_raw(q, evt)) {
1711 u8 id = FIELD_GET(EVTQ_0_ID, evt[0]);
1712
1713 dev_info(smmu->dev, "event 0x%02x received:\n", id);
1714 for (i = 0; i < ARRAY_SIZE(evt); ++i)
1715 dev_info(smmu->dev, "\t0x%016llx\n",
1716 (unsigned long long)evt[i]);
1717
1718 cond_resched();
1719 }
1720
1721 /*
1722 * Not much we can do on overflow, so scream and pretend we're
1723 * trying harder.
1724 */
1725 if (queue_sync_prod_in(q) == -EOVERFLOW)
1726 dev_err(smmu->dev, "EVTQ overflow detected -- events lost\n");
1727 } while (!queue_empty(llq));
1728
1729 /* Sync our overflow flag, as we believe we're up to speed */
1730 queue_sync_cons_ovf(q);
1731 return IRQ_HANDLED;
1732 }
1733
arm_smmu_handle_ppr(struct arm_smmu_device * smmu,u64 * evt)1734 static void arm_smmu_handle_ppr(struct arm_smmu_device *smmu, u64 *evt)
1735 {
1736 u32 sid, ssid;
1737 u16 grpid;
1738 bool ssv, last;
1739
1740 sid = FIELD_GET(PRIQ_0_SID, evt[0]);
1741 ssv = FIELD_GET(PRIQ_0_SSID_V, evt[0]);
1742 ssid = ssv ? FIELD_GET(PRIQ_0_SSID, evt[0]) : 0;
1743 last = FIELD_GET(PRIQ_0_PRG_LAST, evt[0]);
1744 grpid = FIELD_GET(PRIQ_1_PRG_IDX, evt[1]);
1745
1746 dev_info(smmu->dev, "unexpected PRI request received:\n");
1747 dev_info(smmu->dev,
1748 "\tsid 0x%08x.0x%05x: [%u%s] %sprivileged %s%s%s access at iova 0x%016llx\n",
1749 sid, ssid, grpid, last ? "L" : "",
1750 evt[0] & PRIQ_0_PERM_PRIV ? "" : "un",
1751 evt[0] & PRIQ_0_PERM_READ ? "R" : "",
1752 evt[0] & PRIQ_0_PERM_WRITE ? "W" : "",
1753 evt[0] & PRIQ_0_PERM_EXEC ? "X" : "",
1754 evt[1] & PRIQ_1_ADDR_MASK);
1755
1756 if (last) {
1757 struct arm_smmu_cmdq_ent cmd = {
1758 .opcode = CMDQ_OP_PRI_RESP,
1759 .substream_valid = ssv,
1760 .pri = {
1761 .sid = sid,
1762 .ssid = ssid,
1763 .grpid = grpid,
1764 .resp = PRI_RESP_DENY,
1765 },
1766 };
1767
1768 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1769 }
1770 }
1771
arm_smmu_priq_thread(int irq,void * dev)1772 static irqreturn_t arm_smmu_priq_thread(int irq, void *dev)
1773 {
1774 struct arm_smmu_device *smmu = dev;
1775 struct arm_smmu_queue *q = &smmu->priq.q;
1776 struct arm_smmu_ll_queue *llq = &q->llq;
1777 u64 evt[PRIQ_ENT_DWORDS];
1778
1779 do {
1780 while (!queue_remove_raw(q, evt))
1781 arm_smmu_handle_ppr(smmu, evt);
1782
1783 if (queue_sync_prod_in(q) == -EOVERFLOW)
1784 dev_err(smmu->dev, "PRIQ overflow detected -- requests lost\n");
1785 } while (!queue_empty(llq));
1786
1787 /* Sync our overflow flag, as we believe we're up to speed */
1788 queue_sync_cons_ovf(q);
1789 return IRQ_HANDLED;
1790 }
1791
1792 static int arm_smmu_device_disable(struct arm_smmu_device *smmu);
1793
arm_smmu_gerror_handler(int irq,void * dev)1794 static irqreturn_t arm_smmu_gerror_handler(int irq, void *dev)
1795 {
1796 u32 gerror, gerrorn, active;
1797 struct arm_smmu_device *smmu = dev;
1798
1799 gerror = readl_relaxed(smmu->base + ARM_SMMU_GERROR);
1800 gerrorn = readl_relaxed(smmu->base + ARM_SMMU_GERRORN);
1801
1802 active = gerror ^ gerrorn;
1803 if (!(active & GERROR_ERR_MASK))
1804 return IRQ_NONE; /* No errors pending */
1805
1806 dev_warn(smmu->dev,
1807 "unexpected global error reported (0x%08x), this could be serious\n",
1808 active);
1809
1810 if (active & GERROR_SFM_ERR) {
1811 dev_err(smmu->dev, "device has entered Service Failure Mode!\n");
1812 arm_smmu_device_disable(smmu);
1813 }
1814
1815 if (active & GERROR_MSI_GERROR_ABT_ERR)
1816 dev_warn(smmu->dev, "GERROR MSI write aborted\n");
1817
1818 if (active & GERROR_MSI_PRIQ_ABT_ERR)
1819 dev_warn(smmu->dev, "PRIQ MSI write aborted\n");
1820
1821 if (active & GERROR_MSI_EVTQ_ABT_ERR)
1822 dev_warn(smmu->dev, "EVTQ MSI write aborted\n");
1823
1824 if (active & GERROR_MSI_CMDQ_ABT_ERR)
1825 dev_warn(smmu->dev, "CMDQ MSI write aborted\n");
1826
1827 if (active & GERROR_PRIQ_ABT_ERR)
1828 dev_err(smmu->dev, "PRIQ write aborted -- events may have been lost\n");
1829
1830 if (active & GERROR_EVTQ_ABT_ERR)
1831 dev_err(smmu->dev, "EVTQ write aborted -- events may have been lost\n");
1832
1833 if (active & GERROR_CMDQ_ERR)
1834 arm_smmu_cmdq_skip_err(smmu);
1835
1836 writel(gerror, smmu->base + ARM_SMMU_GERRORN);
1837 return IRQ_HANDLED;
1838 }
1839
arm_smmu_combined_irq_thread(int irq,void * dev)1840 static irqreturn_t arm_smmu_combined_irq_thread(int irq, void *dev)
1841 {
1842 struct arm_smmu_device *smmu = dev;
1843
1844 arm_smmu_evtq_thread(irq, dev);
1845 if (smmu->features & ARM_SMMU_FEAT_PRI)
1846 arm_smmu_priq_thread(irq, dev);
1847
1848 return IRQ_HANDLED;
1849 }
1850
arm_smmu_combined_irq_handler(int irq,void * dev)1851 static irqreturn_t arm_smmu_combined_irq_handler(int irq, void *dev)
1852 {
1853 arm_smmu_gerror_handler(irq, dev);
1854 return IRQ_WAKE_THREAD;
1855 }
1856
1857 static void
arm_smmu_atc_inv_to_cmd(int ssid,unsigned long iova,size_t size,struct arm_smmu_cmdq_ent * cmd)1858 arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
1859 struct arm_smmu_cmdq_ent *cmd)
1860 {
1861 size_t log2_span;
1862 size_t span_mask;
1863 /* ATC invalidates are always on 4096-bytes pages */
1864 size_t inval_grain_shift = 12;
1865 unsigned long page_start, page_end;
1866
1867 *cmd = (struct arm_smmu_cmdq_ent) {
1868 .opcode = CMDQ_OP_ATC_INV,
1869 .substream_valid = !!ssid,
1870 .atc.ssid = ssid,
1871 };
1872
1873 if (!size) {
1874 cmd->atc.size = ATC_INV_SIZE_ALL;
1875 return;
1876 }
1877
1878 page_start = iova >> inval_grain_shift;
1879 page_end = (iova + size - 1) >> inval_grain_shift;
1880
1881 /*
1882 * In an ATS Invalidate Request, the address must be aligned on the
1883 * range size, which must be a power of two number of page sizes. We
1884 * thus have to choose between grossly over-invalidating the region, or
1885 * splitting the invalidation into multiple commands. For simplicity
1886 * we'll go with the first solution, but should refine it in the future
1887 * if multiple commands are shown to be more efficient.
1888 *
1889 * Find the smallest power of two that covers the range. The most
1890 * significant differing bit between the start and end addresses,
1891 * fls(start ^ end), indicates the required span. For example:
1892 *
1893 * We want to invalidate pages [8; 11]. This is already the ideal range:
1894 * x = 0b1000 ^ 0b1011 = 0b11
1895 * span = 1 << fls(x) = 4
1896 *
1897 * To invalidate pages [7; 10], we need to invalidate [0; 15]:
1898 * x = 0b0111 ^ 0b1010 = 0b1101
1899 * span = 1 << fls(x) = 16
1900 */
1901 log2_span = fls_long(page_start ^ page_end);
1902 span_mask = (1ULL << log2_span) - 1;
1903
1904 page_start &= ~span_mask;
1905
1906 cmd->atc.addr = page_start << inval_grain_shift;
1907 cmd->atc.size = log2_span;
1908 }
1909
arm_smmu_atc_inv_master(struct arm_smmu_master * master,struct arm_smmu_cmdq_ent * cmd)1910 static int arm_smmu_atc_inv_master(struct arm_smmu_master *master,
1911 struct arm_smmu_cmdq_ent *cmd)
1912 {
1913 int i;
1914
1915 if (!master->ats_enabled)
1916 return 0;
1917
1918 for (i = 0; i < master->num_sids; i++) {
1919 cmd->atc.sid = master->sids[i];
1920 arm_smmu_cmdq_issue_cmd(master->smmu, cmd);
1921 }
1922
1923 return arm_smmu_cmdq_issue_sync(master->smmu);
1924 }
1925
arm_smmu_atc_inv_domain(struct arm_smmu_domain * smmu_domain,int ssid,unsigned long iova,size_t size)1926 static int arm_smmu_atc_inv_domain(struct arm_smmu_domain *smmu_domain,
1927 int ssid, unsigned long iova, size_t size)
1928 {
1929 int ret = 0;
1930 unsigned long flags;
1931 struct arm_smmu_cmdq_ent cmd;
1932 struct arm_smmu_master *master;
1933
1934 if (!(smmu_domain->smmu->features & ARM_SMMU_FEAT_ATS))
1935 return 0;
1936
1937 /*
1938 * Ensure that we've completed prior invalidation of the main TLBs
1939 * before we read 'nr_ats_masters' in case of a concurrent call to
1940 * arm_smmu_enable_ats():
1941 *
1942 * // unmap() // arm_smmu_enable_ats()
1943 * TLBI+SYNC atomic_inc(&nr_ats_masters);
1944 * smp_mb(); [...]
1945 * atomic_read(&nr_ats_masters); pci_enable_ats() // writel()
1946 *
1947 * Ensures that we always see the incremented 'nr_ats_masters' count if
1948 * ATS was enabled at the PCI device before completion of the TLBI.
1949 */
1950 smp_mb();
1951 if (!atomic_read(&smmu_domain->nr_ats_masters))
1952 return 0;
1953
1954 arm_smmu_atc_inv_to_cmd(ssid, iova, size, &cmd);
1955
1956 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
1957 list_for_each_entry(master, &smmu_domain->devices, domain_head)
1958 ret |= arm_smmu_atc_inv_master(master, &cmd);
1959 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
1960
1961 return ret ? -ETIMEDOUT : 0;
1962 }
1963
1964 /* IO_PGTABLE API */
arm_smmu_tlb_inv_context(void * cookie)1965 static void arm_smmu_tlb_inv_context(void *cookie)
1966 {
1967 struct arm_smmu_domain *smmu_domain = cookie;
1968 struct arm_smmu_device *smmu = smmu_domain->smmu;
1969 struct arm_smmu_cmdq_ent cmd;
1970
1971 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
1972 cmd.opcode = CMDQ_OP_TLBI_NH_ASID;
1973 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
1974 cmd.tlbi.vmid = 0;
1975 } else {
1976 cmd.opcode = CMDQ_OP_TLBI_S12_VMALL;
1977 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
1978 }
1979
1980 /*
1981 * NOTE: when io-pgtable is in non-strict mode, we may get here with
1982 * PTEs previously cleared by unmaps on the current CPU not yet visible
1983 * to the SMMU. We are relying on the dma_wmb() implicit during cmd
1984 * insertion to guarantee those are observed before the TLBI. Do be
1985 * careful, 007.
1986 */
1987 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1988 arm_smmu_cmdq_issue_sync(smmu);
1989 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
1990 }
1991
arm_smmu_tlb_inv_range(unsigned long iova,size_t size,size_t granule,bool leaf,struct arm_smmu_domain * smmu_domain)1992 static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size,
1993 size_t granule, bool leaf,
1994 struct arm_smmu_domain *smmu_domain)
1995 {
1996 u64 cmds[CMDQ_BATCH_ENTRIES * CMDQ_ENT_DWORDS];
1997 struct arm_smmu_device *smmu = smmu_domain->smmu;
1998 unsigned long start = iova, end = iova + size;
1999 int i = 0;
2000 struct arm_smmu_cmdq_ent cmd = {
2001 .tlbi = {
2002 .leaf = leaf,
2003 },
2004 };
2005
2006 if (!size)
2007 return;
2008
2009 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
2010 cmd.opcode = CMDQ_OP_TLBI_NH_VA;
2011 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
2012 } else {
2013 cmd.opcode = CMDQ_OP_TLBI_S2_IPA;
2014 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
2015 }
2016
2017 while (iova < end) {
2018 if (i == CMDQ_BATCH_ENTRIES) {
2019 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, false);
2020 i = 0;
2021 }
2022
2023 cmd.tlbi.addr = iova;
2024 arm_smmu_cmdq_build_cmd(&cmds[i * CMDQ_ENT_DWORDS], &cmd);
2025 iova += granule;
2026 i++;
2027 }
2028
2029 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, true);
2030
2031 /*
2032 * Unfortunately, this can't be leaf-only since we may have
2033 * zapped an entire table.
2034 */
2035 arm_smmu_atc_inv_domain(smmu_domain, 0, start, size);
2036 }
2037
arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather * gather,unsigned long iova,size_t granule,void * cookie)2038 static void arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather *gather,
2039 unsigned long iova, size_t granule,
2040 void *cookie)
2041 {
2042 struct arm_smmu_domain *smmu_domain = cookie;
2043 struct iommu_domain *domain = &smmu_domain->domain;
2044
2045 iommu_iotlb_gather_add_page(domain, gather, iova, granule);
2046 }
2047
arm_smmu_tlb_inv_walk(unsigned long iova,size_t size,size_t granule,void * cookie)2048 static void arm_smmu_tlb_inv_walk(unsigned long iova, size_t size,
2049 size_t granule, void *cookie)
2050 {
2051 arm_smmu_tlb_inv_range(iova, size, granule, false, cookie);
2052 }
2053
arm_smmu_tlb_inv_leaf(unsigned long iova,size_t size,size_t granule,void * cookie)2054 static void arm_smmu_tlb_inv_leaf(unsigned long iova, size_t size,
2055 size_t granule, void *cookie)
2056 {
2057 arm_smmu_tlb_inv_range(iova, size, granule, true, cookie);
2058 }
2059
2060 static const struct iommu_flush_ops arm_smmu_flush_ops = {
2061 .tlb_flush_all = arm_smmu_tlb_inv_context,
2062 .tlb_flush_walk = arm_smmu_tlb_inv_walk,
2063 .tlb_flush_leaf = arm_smmu_tlb_inv_leaf,
2064 .tlb_add_page = arm_smmu_tlb_inv_page_nosync,
2065 };
2066
2067 /* IOMMU API */
arm_smmu_capable(enum iommu_cap cap)2068 static bool arm_smmu_capable(enum iommu_cap cap)
2069 {
2070 switch (cap) {
2071 case IOMMU_CAP_CACHE_COHERENCY:
2072 return true;
2073 case IOMMU_CAP_NOEXEC:
2074 return true;
2075 default:
2076 return false;
2077 }
2078 }
2079
arm_smmu_domain_alloc(unsigned type)2080 static struct iommu_domain *arm_smmu_domain_alloc(unsigned type)
2081 {
2082 struct arm_smmu_domain *smmu_domain;
2083
2084 if (type != IOMMU_DOMAIN_UNMANAGED &&
2085 type != IOMMU_DOMAIN_DMA &&
2086 type != IOMMU_DOMAIN_IDENTITY)
2087 return NULL;
2088
2089 /*
2090 * Allocate the domain and initialise some of its data structures.
2091 * We can't really do anything meaningful until we've added a
2092 * master.
2093 */
2094 smmu_domain = kzalloc(sizeof(*smmu_domain), GFP_KERNEL);
2095 if (!smmu_domain)
2096 return NULL;
2097
2098 if (type == IOMMU_DOMAIN_DMA &&
2099 iommu_get_dma_cookie(&smmu_domain->domain)) {
2100 kfree(smmu_domain);
2101 return NULL;
2102 }
2103
2104 mutex_init(&smmu_domain->init_mutex);
2105 INIT_LIST_HEAD(&smmu_domain->devices);
2106 spin_lock_init(&smmu_domain->devices_lock);
2107
2108 return &smmu_domain->domain;
2109 }
2110
arm_smmu_bitmap_alloc(unsigned long * map,int span)2111 static int arm_smmu_bitmap_alloc(unsigned long *map, int span)
2112 {
2113 int idx, size = 1 << span;
2114
2115 do {
2116 idx = find_first_zero_bit(map, size);
2117 if (idx == size)
2118 return -ENOSPC;
2119 } while (test_and_set_bit(idx, map));
2120
2121 return idx;
2122 }
2123
arm_smmu_bitmap_free(unsigned long * map,int idx)2124 static void arm_smmu_bitmap_free(unsigned long *map, int idx)
2125 {
2126 clear_bit(idx, map);
2127 }
2128
arm_smmu_domain_free(struct iommu_domain * domain)2129 static void arm_smmu_domain_free(struct iommu_domain *domain)
2130 {
2131 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2132 struct arm_smmu_device *smmu = smmu_domain->smmu;
2133
2134 iommu_put_dma_cookie(domain);
2135 free_io_pgtable_ops(smmu_domain->pgtbl_ops);
2136
2137 /* Free the CD and ASID, if we allocated them */
2138 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
2139 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2140
2141 if (cfg->cdptr) {
2142 dmam_free_coherent(smmu_domain->smmu->dev,
2143 CTXDESC_CD_DWORDS << 3,
2144 cfg->cdptr,
2145 cfg->cdptr_dma);
2146
2147 arm_smmu_bitmap_free(smmu->asid_map, cfg->cd.asid);
2148 }
2149 } else {
2150 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2151 if (cfg->vmid)
2152 arm_smmu_bitmap_free(smmu->vmid_map, cfg->vmid);
2153 }
2154
2155 kfree(smmu_domain);
2156 }
2157
arm_smmu_domain_finalise_s1(struct arm_smmu_domain * smmu_domain,struct io_pgtable_cfg * pgtbl_cfg)2158 static int arm_smmu_domain_finalise_s1(struct arm_smmu_domain *smmu_domain,
2159 struct io_pgtable_cfg *pgtbl_cfg)
2160 {
2161 int ret;
2162 int asid;
2163 struct arm_smmu_device *smmu = smmu_domain->smmu;
2164 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2165
2166 asid = arm_smmu_bitmap_alloc(smmu->asid_map, smmu->asid_bits);
2167 if (asid < 0)
2168 return asid;
2169
2170 cfg->cdptr = dmam_alloc_coherent(smmu->dev, CTXDESC_CD_DWORDS << 3,
2171 &cfg->cdptr_dma,
2172 GFP_KERNEL | __GFP_ZERO);
2173 if (!cfg->cdptr) {
2174 dev_warn(smmu->dev, "failed to allocate context descriptor\n");
2175 ret = -ENOMEM;
2176 goto out_free_asid;
2177 }
2178
2179 cfg->cd.asid = (u16)asid;
2180 cfg->cd.ttbr = pgtbl_cfg->arm_lpae_s1_cfg.ttbr[0];
2181 cfg->cd.tcr = pgtbl_cfg->arm_lpae_s1_cfg.tcr;
2182 cfg->cd.mair = pgtbl_cfg->arm_lpae_s1_cfg.mair[0];
2183 return 0;
2184
2185 out_free_asid:
2186 arm_smmu_bitmap_free(smmu->asid_map, asid);
2187 return ret;
2188 }
2189
arm_smmu_domain_finalise_s2(struct arm_smmu_domain * smmu_domain,struct io_pgtable_cfg * pgtbl_cfg)2190 static int arm_smmu_domain_finalise_s2(struct arm_smmu_domain *smmu_domain,
2191 struct io_pgtable_cfg *pgtbl_cfg)
2192 {
2193 int vmid;
2194 struct arm_smmu_device *smmu = smmu_domain->smmu;
2195 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2196
2197 vmid = arm_smmu_bitmap_alloc(smmu->vmid_map, smmu->vmid_bits);
2198 if (vmid < 0)
2199 return vmid;
2200
2201 cfg->vmid = (u16)vmid;
2202 cfg->vttbr = pgtbl_cfg->arm_lpae_s2_cfg.vttbr;
2203 cfg->vtcr = pgtbl_cfg->arm_lpae_s2_cfg.vtcr;
2204 return 0;
2205 }
2206
arm_smmu_domain_finalise(struct iommu_domain * domain)2207 static int arm_smmu_domain_finalise(struct iommu_domain *domain)
2208 {
2209 int ret;
2210 unsigned long ias, oas;
2211 enum io_pgtable_fmt fmt;
2212 struct io_pgtable_cfg pgtbl_cfg;
2213 struct io_pgtable_ops *pgtbl_ops;
2214 int (*finalise_stage_fn)(struct arm_smmu_domain *,
2215 struct io_pgtable_cfg *);
2216 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2217 struct arm_smmu_device *smmu = smmu_domain->smmu;
2218
2219 if (domain->type == IOMMU_DOMAIN_IDENTITY) {
2220 smmu_domain->stage = ARM_SMMU_DOMAIN_BYPASS;
2221 return 0;
2222 }
2223
2224 /* Restrict the stage to what we can actually support */
2225 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S1))
2226 smmu_domain->stage = ARM_SMMU_DOMAIN_S2;
2227 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S2))
2228 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2229
2230 switch (smmu_domain->stage) {
2231 case ARM_SMMU_DOMAIN_S1:
2232 ias = (smmu->features & ARM_SMMU_FEAT_VAX) ? 52 : 48;
2233 ias = min_t(unsigned long, ias, VA_BITS);
2234 oas = smmu->ias;
2235 fmt = ARM_64_LPAE_S1;
2236 finalise_stage_fn = arm_smmu_domain_finalise_s1;
2237 break;
2238 case ARM_SMMU_DOMAIN_NESTED:
2239 case ARM_SMMU_DOMAIN_S2:
2240 ias = smmu->ias;
2241 oas = smmu->oas;
2242 fmt = ARM_64_LPAE_S2;
2243 finalise_stage_fn = arm_smmu_domain_finalise_s2;
2244 break;
2245 default:
2246 return -EINVAL;
2247 }
2248
2249 pgtbl_cfg = (struct io_pgtable_cfg) {
2250 .pgsize_bitmap = smmu->pgsize_bitmap,
2251 .ias = ias,
2252 .oas = oas,
2253 .coherent_walk = smmu->features & ARM_SMMU_FEAT_COHERENCY,
2254 .tlb = &arm_smmu_flush_ops,
2255 .iommu_dev = smmu->dev,
2256 };
2257
2258 if (smmu_domain->non_strict)
2259 pgtbl_cfg.quirks |= IO_PGTABLE_QUIRK_NON_STRICT;
2260
2261 pgtbl_ops = alloc_io_pgtable_ops(fmt, &pgtbl_cfg, smmu_domain);
2262 if (!pgtbl_ops)
2263 return -ENOMEM;
2264
2265 domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
2266 domain->geometry.aperture_end = (1UL << pgtbl_cfg.ias) - 1;
2267 domain->geometry.force_aperture = true;
2268
2269 ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg);
2270 if (ret < 0) {
2271 free_io_pgtable_ops(pgtbl_ops);
2272 return ret;
2273 }
2274
2275 smmu_domain->pgtbl_ops = pgtbl_ops;
2276 return 0;
2277 }
2278
arm_smmu_get_step_for_sid(struct arm_smmu_device * smmu,u32 sid)2279 static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid)
2280 {
2281 __le64 *step;
2282 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2283
2284 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2285 struct arm_smmu_strtab_l1_desc *l1_desc;
2286 int idx;
2287
2288 /* Two-level walk */
2289 idx = (sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS;
2290 l1_desc = &cfg->l1_desc[idx];
2291 idx = (sid & ((1 << STRTAB_SPLIT) - 1)) * STRTAB_STE_DWORDS;
2292 step = &l1_desc->l2ptr[idx];
2293 } else {
2294 /* Simple linear lookup */
2295 step = &cfg->strtab[sid * STRTAB_STE_DWORDS];
2296 }
2297
2298 return step;
2299 }
2300
arm_smmu_install_ste_for_dev(struct arm_smmu_master * master)2301 static void arm_smmu_install_ste_for_dev(struct arm_smmu_master *master)
2302 {
2303 int i, j;
2304 struct arm_smmu_device *smmu = master->smmu;
2305
2306 for (i = 0; i < master->num_sids; ++i) {
2307 u32 sid = master->sids[i];
2308 __le64 *step = arm_smmu_get_step_for_sid(smmu, sid);
2309
2310 /* Bridged PCI devices may end up with duplicated IDs */
2311 for (j = 0; j < i; j++)
2312 if (master->sids[j] == sid)
2313 break;
2314 if (j < i)
2315 continue;
2316
2317 arm_smmu_write_strtab_ent(master, sid, step);
2318 }
2319 }
2320
2321 #ifdef CONFIG_PCI_ATS
arm_smmu_ats_supported(struct arm_smmu_master * master)2322 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2323 {
2324 struct pci_dev *pdev;
2325 struct arm_smmu_device *smmu = master->smmu;
2326 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(master->dev);
2327
2328 if (!(smmu->features & ARM_SMMU_FEAT_ATS) || !dev_is_pci(master->dev) ||
2329 !(fwspec->flags & IOMMU_FWSPEC_PCI_RC_ATS) || pci_ats_disabled())
2330 return false;
2331
2332 pdev = to_pci_dev(master->dev);
2333 return !pdev->untrusted && pdev->ats_cap;
2334 }
2335 #else
arm_smmu_ats_supported(struct arm_smmu_master * master)2336 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2337 {
2338 return false;
2339 }
2340 #endif
2341
arm_smmu_enable_ats(struct arm_smmu_master * master)2342 static void arm_smmu_enable_ats(struct arm_smmu_master *master)
2343 {
2344 size_t stu;
2345 struct pci_dev *pdev;
2346 struct arm_smmu_device *smmu = master->smmu;
2347 struct arm_smmu_domain *smmu_domain = master->domain;
2348
2349 /* Don't enable ATS at the endpoint if it's not enabled in the STE */
2350 if (!master->ats_enabled)
2351 return;
2352
2353 /* Smallest Translation Unit: log2 of the smallest supported granule */
2354 stu = __ffs(smmu->pgsize_bitmap);
2355 pdev = to_pci_dev(master->dev);
2356
2357 atomic_inc(&smmu_domain->nr_ats_masters);
2358 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
2359 if (pci_enable_ats(pdev, stu))
2360 dev_err(master->dev, "Failed to enable ATS (STU %zu)\n", stu);
2361 }
2362
arm_smmu_disable_ats(struct arm_smmu_master * master)2363 static void arm_smmu_disable_ats(struct arm_smmu_master *master)
2364 {
2365 struct arm_smmu_cmdq_ent cmd;
2366 struct arm_smmu_domain *smmu_domain = master->domain;
2367
2368 if (!master->ats_enabled)
2369 return;
2370
2371 pci_disable_ats(to_pci_dev(master->dev));
2372 /*
2373 * Ensure ATS is disabled at the endpoint before we issue the
2374 * ATC invalidation via the SMMU.
2375 */
2376 wmb();
2377 arm_smmu_atc_inv_to_cmd(0, 0, 0, &cmd);
2378 arm_smmu_atc_inv_master(master, &cmd);
2379 atomic_dec(&smmu_domain->nr_ats_masters);
2380 }
2381
arm_smmu_detach_dev(struct arm_smmu_master * master)2382 static void arm_smmu_detach_dev(struct arm_smmu_master *master)
2383 {
2384 unsigned long flags;
2385 struct arm_smmu_domain *smmu_domain = master->domain;
2386
2387 if (!smmu_domain)
2388 return;
2389
2390 arm_smmu_disable_ats(master);
2391
2392 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2393 list_del(&master->domain_head);
2394 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2395
2396 master->domain = NULL;
2397 master->ats_enabled = false;
2398 arm_smmu_install_ste_for_dev(master);
2399 }
2400
arm_smmu_attach_dev(struct iommu_domain * domain,struct device * dev)2401 static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
2402 {
2403 int ret = 0;
2404 unsigned long flags;
2405 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2406 struct arm_smmu_device *smmu;
2407 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2408 struct arm_smmu_master *master;
2409
2410 if (!fwspec)
2411 return -ENOENT;
2412
2413 master = fwspec->iommu_priv;
2414 smmu = master->smmu;
2415
2416 arm_smmu_detach_dev(master);
2417
2418 mutex_lock(&smmu_domain->init_mutex);
2419
2420 if (!smmu_domain->smmu) {
2421 smmu_domain->smmu = smmu;
2422 ret = arm_smmu_domain_finalise(domain);
2423 if (ret) {
2424 smmu_domain->smmu = NULL;
2425 goto out_unlock;
2426 }
2427 } else if (smmu_domain->smmu != smmu) {
2428 dev_err(dev,
2429 "cannot attach to SMMU %s (upstream of %s)\n",
2430 dev_name(smmu_domain->smmu->dev),
2431 dev_name(smmu->dev));
2432 ret = -ENXIO;
2433 goto out_unlock;
2434 }
2435
2436 master->domain = smmu_domain;
2437
2438 if (smmu_domain->stage != ARM_SMMU_DOMAIN_BYPASS)
2439 master->ats_enabled = arm_smmu_ats_supported(master);
2440
2441 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1)
2442 arm_smmu_write_ctx_desc(smmu, &smmu_domain->s1_cfg);
2443
2444 arm_smmu_install_ste_for_dev(master);
2445
2446 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2447 list_add(&master->domain_head, &smmu_domain->devices);
2448 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2449
2450 arm_smmu_enable_ats(master);
2451
2452 out_unlock:
2453 mutex_unlock(&smmu_domain->init_mutex);
2454 return ret;
2455 }
2456
arm_smmu_map(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,int prot)2457 static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
2458 phys_addr_t paddr, size_t size, int prot)
2459 {
2460 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2461
2462 if (!ops)
2463 return -ENODEV;
2464
2465 return ops->map(ops, iova, paddr, size, prot);
2466 }
2467
arm_smmu_unmap(struct iommu_domain * domain,unsigned long iova,size_t size,struct iommu_iotlb_gather * gather)2468 static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
2469 size_t size, struct iommu_iotlb_gather *gather)
2470 {
2471 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2472 struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
2473
2474 if (!ops)
2475 return 0;
2476
2477 return ops->unmap(ops, iova, size, gather);
2478 }
2479
arm_smmu_flush_iotlb_all(struct iommu_domain * domain)2480 static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain)
2481 {
2482 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2483
2484 if (smmu_domain->smmu)
2485 arm_smmu_tlb_inv_context(smmu_domain);
2486 }
2487
arm_smmu_iotlb_sync(struct iommu_domain * domain,struct iommu_iotlb_gather * gather)2488 static void arm_smmu_iotlb_sync(struct iommu_domain *domain,
2489 struct iommu_iotlb_gather *gather)
2490 {
2491 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2492
2493 arm_smmu_tlb_inv_range(gather->start, gather->end - gather->start,
2494 gather->pgsize, true, smmu_domain);
2495 }
2496
2497 static phys_addr_t
arm_smmu_iova_to_phys(struct iommu_domain * domain,dma_addr_t iova)2498 arm_smmu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2499 {
2500 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2501
2502 if (domain->type == IOMMU_DOMAIN_IDENTITY)
2503 return iova;
2504
2505 if (!ops)
2506 return 0;
2507
2508 return ops->iova_to_phys(ops, iova);
2509 }
2510
2511 static struct platform_driver arm_smmu_driver;
2512
2513 static
arm_smmu_get_by_fwnode(struct fwnode_handle * fwnode)2514 struct arm_smmu_device *arm_smmu_get_by_fwnode(struct fwnode_handle *fwnode)
2515 {
2516 struct device *dev = driver_find_device_by_fwnode(&arm_smmu_driver.driver,
2517 fwnode);
2518 put_device(dev);
2519 return dev ? dev_get_drvdata(dev) : NULL;
2520 }
2521
arm_smmu_sid_in_range(struct arm_smmu_device * smmu,u32 sid)2522 static bool arm_smmu_sid_in_range(struct arm_smmu_device *smmu, u32 sid)
2523 {
2524 unsigned long limit = smmu->strtab_cfg.num_l1_ents;
2525
2526 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2527 limit *= 1UL << STRTAB_SPLIT;
2528
2529 return sid < limit;
2530 }
2531
2532 static struct iommu_ops arm_smmu_ops;
2533
arm_smmu_add_device(struct device * dev)2534 static int arm_smmu_add_device(struct device *dev)
2535 {
2536 int i, ret;
2537 struct arm_smmu_device *smmu;
2538 struct arm_smmu_master *master;
2539 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2540 struct iommu_group *group;
2541
2542 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2543 return -ENODEV;
2544 /*
2545 * We _can_ actually withstand dodgy bus code re-calling add_device()
2546 * without an intervening remove_device()/of_xlate() sequence, but
2547 * we're not going to do so quietly...
2548 */
2549 if (WARN_ON_ONCE(fwspec->iommu_priv)) {
2550 master = fwspec->iommu_priv;
2551 smmu = master->smmu;
2552 } else {
2553 smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode);
2554 if (!smmu)
2555 return -ENODEV;
2556 master = kzalloc(sizeof(*master), GFP_KERNEL);
2557 if (!master)
2558 return -ENOMEM;
2559
2560 master->dev = dev;
2561 master->smmu = smmu;
2562 master->sids = fwspec->ids;
2563 master->num_sids = fwspec->num_ids;
2564 fwspec->iommu_priv = master;
2565 }
2566
2567 /* Check the SIDs are in range of the SMMU and our stream table */
2568 for (i = 0; i < master->num_sids; i++) {
2569 u32 sid = master->sids[i];
2570
2571 if (!arm_smmu_sid_in_range(smmu, sid))
2572 return -ERANGE;
2573
2574 /* Ensure l2 strtab is initialised */
2575 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2576 ret = arm_smmu_init_l2_strtab(smmu, sid);
2577 if (ret)
2578 return ret;
2579 }
2580 }
2581
2582 group = iommu_group_get_for_dev(dev);
2583 if (!IS_ERR(group)) {
2584 iommu_group_put(group);
2585 iommu_device_link(&smmu->iommu, dev);
2586 }
2587
2588 return PTR_ERR_OR_ZERO(group);
2589 }
2590
arm_smmu_remove_device(struct device * dev)2591 static void arm_smmu_remove_device(struct device *dev)
2592 {
2593 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2594 struct arm_smmu_master *master;
2595 struct arm_smmu_device *smmu;
2596
2597 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2598 return;
2599
2600 master = fwspec->iommu_priv;
2601 smmu = master->smmu;
2602 arm_smmu_detach_dev(master);
2603 iommu_group_remove_device(dev);
2604 iommu_device_unlink(&smmu->iommu, dev);
2605 kfree(master);
2606 iommu_fwspec_free(dev);
2607 }
2608
arm_smmu_device_group(struct device * dev)2609 static struct iommu_group *arm_smmu_device_group(struct device *dev)
2610 {
2611 struct iommu_group *group;
2612
2613 /*
2614 * We don't support devices sharing stream IDs other than PCI RID
2615 * aliases, since the necessary ID-to-device lookup becomes rather
2616 * impractical given a potential sparse 32-bit stream ID space.
2617 */
2618 if (dev_is_pci(dev))
2619 group = pci_device_group(dev);
2620 else
2621 group = generic_device_group(dev);
2622
2623 return group;
2624 }
2625
arm_smmu_domain_get_attr(struct iommu_domain * domain,enum iommu_attr attr,void * data)2626 static int arm_smmu_domain_get_attr(struct iommu_domain *domain,
2627 enum iommu_attr attr, void *data)
2628 {
2629 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2630
2631 switch (domain->type) {
2632 case IOMMU_DOMAIN_UNMANAGED:
2633 switch (attr) {
2634 case DOMAIN_ATTR_NESTING:
2635 *(int *)data = (smmu_domain->stage == ARM_SMMU_DOMAIN_NESTED);
2636 return 0;
2637 default:
2638 return -ENODEV;
2639 }
2640 break;
2641 case IOMMU_DOMAIN_DMA:
2642 switch (attr) {
2643 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2644 *(int *)data = smmu_domain->non_strict;
2645 return 0;
2646 default:
2647 return -ENODEV;
2648 }
2649 break;
2650 default:
2651 return -EINVAL;
2652 }
2653 }
2654
arm_smmu_domain_set_attr(struct iommu_domain * domain,enum iommu_attr attr,void * data)2655 static int arm_smmu_domain_set_attr(struct iommu_domain *domain,
2656 enum iommu_attr attr, void *data)
2657 {
2658 int ret = 0;
2659 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2660
2661 mutex_lock(&smmu_domain->init_mutex);
2662
2663 switch (domain->type) {
2664 case IOMMU_DOMAIN_UNMANAGED:
2665 switch (attr) {
2666 case DOMAIN_ATTR_NESTING:
2667 if (smmu_domain->smmu) {
2668 ret = -EPERM;
2669 goto out_unlock;
2670 }
2671
2672 if (*(int *)data)
2673 smmu_domain->stage = ARM_SMMU_DOMAIN_NESTED;
2674 else
2675 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2676 break;
2677 default:
2678 ret = -ENODEV;
2679 }
2680 break;
2681 case IOMMU_DOMAIN_DMA:
2682 switch(attr) {
2683 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2684 smmu_domain->non_strict = *(int *)data;
2685 break;
2686 default:
2687 ret = -ENODEV;
2688 }
2689 break;
2690 default:
2691 ret = -EINVAL;
2692 }
2693
2694 out_unlock:
2695 mutex_unlock(&smmu_domain->init_mutex);
2696 return ret;
2697 }
2698
arm_smmu_of_xlate(struct device * dev,struct of_phandle_args * args)2699 static int arm_smmu_of_xlate(struct device *dev, struct of_phandle_args *args)
2700 {
2701 return iommu_fwspec_add_ids(dev, args->args, 1);
2702 }
2703
arm_smmu_get_resv_regions(struct device * dev,struct list_head * head)2704 static void arm_smmu_get_resv_regions(struct device *dev,
2705 struct list_head *head)
2706 {
2707 struct iommu_resv_region *region;
2708 int prot = IOMMU_WRITE | IOMMU_NOEXEC | IOMMU_MMIO;
2709
2710 region = iommu_alloc_resv_region(MSI_IOVA_BASE, MSI_IOVA_LENGTH,
2711 prot, IOMMU_RESV_SW_MSI);
2712 if (!region)
2713 return;
2714
2715 list_add_tail(®ion->list, head);
2716
2717 iommu_dma_get_resv_regions(dev, head);
2718 }
2719
arm_smmu_put_resv_regions(struct device * dev,struct list_head * head)2720 static void arm_smmu_put_resv_regions(struct device *dev,
2721 struct list_head *head)
2722 {
2723 struct iommu_resv_region *entry, *next;
2724
2725 list_for_each_entry_safe(entry, next, head, list)
2726 kfree(entry);
2727 }
2728
2729 static struct iommu_ops arm_smmu_ops = {
2730 .capable = arm_smmu_capable,
2731 .domain_alloc = arm_smmu_domain_alloc,
2732 .domain_free = arm_smmu_domain_free,
2733 .attach_dev = arm_smmu_attach_dev,
2734 .map = arm_smmu_map,
2735 .unmap = arm_smmu_unmap,
2736 .flush_iotlb_all = arm_smmu_flush_iotlb_all,
2737 .iotlb_sync = arm_smmu_iotlb_sync,
2738 .iova_to_phys = arm_smmu_iova_to_phys,
2739 .add_device = arm_smmu_add_device,
2740 .remove_device = arm_smmu_remove_device,
2741 .device_group = arm_smmu_device_group,
2742 .domain_get_attr = arm_smmu_domain_get_attr,
2743 .domain_set_attr = arm_smmu_domain_set_attr,
2744 .of_xlate = arm_smmu_of_xlate,
2745 .get_resv_regions = arm_smmu_get_resv_regions,
2746 .put_resv_regions = arm_smmu_put_resv_regions,
2747 .pgsize_bitmap = -1UL, /* Restricted during device attach */
2748 };
2749
2750 /* Probing and initialisation functions */
arm_smmu_init_one_queue(struct arm_smmu_device * smmu,struct arm_smmu_queue * q,unsigned long prod_off,unsigned long cons_off,size_t dwords,const char * name)2751 static int arm_smmu_init_one_queue(struct arm_smmu_device *smmu,
2752 struct arm_smmu_queue *q,
2753 unsigned long prod_off,
2754 unsigned long cons_off,
2755 size_t dwords, const char *name)
2756 {
2757 size_t qsz;
2758
2759 do {
2760 qsz = ((1 << q->llq.max_n_shift) * dwords) << 3;
2761 q->base = dmam_alloc_coherent(smmu->dev, qsz, &q->base_dma,
2762 GFP_KERNEL);
2763 if (q->base || qsz < PAGE_SIZE)
2764 break;
2765
2766 q->llq.max_n_shift--;
2767 } while (1);
2768
2769 if (!q->base) {
2770 dev_err(smmu->dev,
2771 "failed to allocate queue (0x%zx bytes) for %s\n",
2772 qsz, name);
2773 return -ENOMEM;
2774 }
2775
2776 if (!WARN_ON(q->base_dma & (qsz - 1))) {
2777 dev_info(smmu->dev, "allocated %u entries for %s\n",
2778 1 << q->llq.max_n_shift, name);
2779 }
2780
2781 q->prod_reg = arm_smmu_page1_fixup(prod_off, smmu);
2782 q->cons_reg = arm_smmu_page1_fixup(cons_off, smmu);
2783 q->ent_dwords = dwords;
2784
2785 q->q_base = Q_BASE_RWA;
2786 q->q_base |= q->base_dma & Q_BASE_ADDR_MASK;
2787 q->q_base |= FIELD_PREP(Q_BASE_LOG2SIZE, q->llq.max_n_shift);
2788
2789 q->llq.prod = q->llq.cons = 0;
2790 return 0;
2791 }
2792
arm_smmu_cmdq_free_bitmap(void * data)2793 static void arm_smmu_cmdq_free_bitmap(void *data)
2794 {
2795 unsigned long *bitmap = data;
2796 bitmap_free(bitmap);
2797 }
2798
arm_smmu_cmdq_init(struct arm_smmu_device * smmu)2799 static int arm_smmu_cmdq_init(struct arm_smmu_device *smmu)
2800 {
2801 int ret = 0;
2802 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
2803 unsigned int nents = 1 << cmdq->q.llq.max_n_shift;
2804 atomic_long_t *bitmap;
2805
2806 atomic_set(&cmdq->owner_prod, 0);
2807 atomic_set(&cmdq->lock, 0);
2808
2809 bitmap = (atomic_long_t *)bitmap_zalloc(nents, GFP_KERNEL);
2810 if (!bitmap) {
2811 dev_err(smmu->dev, "failed to allocate cmdq bitmap\n");
2812 ret = -ENOMEM;
2813 } else {
2814 cmdq->valid_map = bitmap;
2815 devm_add_action(smmu->dev, arm_smmu_cmdq_free_bitmap, bitmap);
2816 }
2817
2818 return ret;
2819 }
2820
arm_smmu_init_queues(struct arm_smmu_device * smmu)2821 static int arm_smmu_init_queues(struct arm_smmu_device *smmu)
2822 {
2823 int ret;
2824
2825 /* cmdq */
2826 ret = arm_smmu_init_one_queue(smmu, &smmu->cmdq.q, ARM_SMMU_CMDQ_PROD,
2827 ARM_SMMU_CMDQ_CONS, CMDQ_ENT_DWORDS,
2828 "cmdq");
2829 if (ret)
2830 return ret;
2831
2832 ret = arm_smmu_cmdq_init(smmu);
2833 if (ret)
2834 return ret;
2835
2836 /* evtq */
2837 ret = arm_smmu_init_one_queue(smmu, &smmu->evtq.q, ARM_SMMU_EVTQ_PROD,
2838 ARM_SMMU_EVTQ_CONS, EVTQ_ENT_DWORDS,
2839 "evtq");
2840 if (ret)
2841 return ret;
2842
2843 /* priq */
2844 if (!(smmu->features & ARM_SMMU_FEAT_PRI))
2845 return 0;
2846
2847 return arm_smmu_init_one_queue(smmu, &smmu->priq.q, ARM_SMMU_PRIQ_PROD,
2848 ARM_SMMU_PRIQ_CONS, PRIQ_ENT_DWORDS,
2849 "priq");
2850 }
2851
arm_smmu_init_l1_strtab(struct arm_smmu_device * smmu)2852 static int arm_smmu_init_l1_strtab(struct arm_smmu_device *smmu)
2853 {
2854 unsigned int i;
2855 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2856 size_t size = sizeof(*cfg->l1_desc) * cfg->num_l1_ents;
2857 void *strtab = smmu->strtab_cfg.strtab;
2858
2859 cfg->l1_desc = devm_kzalloc(smmu->dev, size, GFP_KERNEL);
2860 if (!cfg->l1_desc) {
2861 dev_err(smmu->dev, "failed to allocate l1 stream table desc\n");
2862 return -ENOMEM;
2863 }
2864
2865 for (i = 0; i < cfg->num_l1_ents; ++i) {
2866 arm_smmu_write_strtab_l1_desc(strtab, &cfg->l1_desc[i]);
2867 strtab += STRTAB_L1_DESC_DWORDS << 3;
2868 }
2869
2870 return 0;
2871 }
2872
arm_smmu_init_strtab_2lvl(struct arm_smmu_device * smmu)2873 static int arm_smmu_init_strtab_2lvl(struct arm_smmu_device *smmu)
2874 {
2875 void *strtab;
2876 u64 reg;
2877 u32 size, l1size;
2878 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2879
2880 /* Calculate the L1 size, capped to the SIDSIZE. */
2881 size = STRTAB_L1_SZ_SHIFT - (ilog2(STRTAB_L1_DESC_DWORDS) + 3);
2882 size = min(size, smmu->sid_bits - STRTAB_SPLIT);
2883 cfg->num_l1_ents = 1 << size;
2884
2885 size += STRTAB_SPLIT;
2886 if (size < smmu->sid_bits)
2887 dev_warn(smmu->dev,
2888 "2-level strtab only covers %u/%u bits of SID\n",
2889 size, smmu->sid_bits);
2890
2891 l1size = cfg->num_l1_ents * (STRTAB_L1_DESC_DWORDS << 3);
2892 strtab = dmam_alloc_coherent(smmu->dev, l1size, &cfg->strtab_dma,
2893 GFP_KERNEL | __GFP_ZERO);
2894 if (!strtab) {
2895 dev_err(smmu->dev,
2896 "failed to allocate l1 stream table (%u bytes)\n",
2897 size);
2898 return -ENOMEM;
2899 }
2900 cfg->strtab = strtab;
2901
2902 /* Configure strtab_base_cfg for 2 levels */
2903 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_2LVL);
2904 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, size);
2905 reg |= FIELD_PREP(STRTAB_BASE_CFG_SPLIT, STRTAB_SPLIT);
2906 cfg->strtab_base_cfg = reg;
2907
2908 return arm_smmu_init_l1_strtab(smmu);
2909 }
2910
arm_smmu_init_strtab_linear(struct arm_smmu_device * smmu)2911 static int arm_smmu_init_strtab_linear(struct arm_smmu_device *smmu)
2912 {
2913 void *strtab;
2914 u64 reg;
2915 u32 size;
2916 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2917
2918 size = (1 << smmu->sid_bits) * (STRTAB_STE_DWORDS << 3);
2919 strtab = dmam_alloc_coherent(smmu->dev, size, &cfg->strtab_dma,
2920 GFP_KERNEL | __GFP_ZERO);
2921 if (!strtab) {
2922 dev_err(smmu->dev,
2923 "failed to allocate linear stream table (%u bytes)\n",
2924 size);
2925 return -ENOMEM;
2926 }
2927 cfg->strtab = strtab;
2928 cfg->num_l1_ents = 1 << smmu->sid_bits;
2929
2930 /* Configure strtab_base_cfg for a linear table covering all SIDs */
2931 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_LINEAR);
2932 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, smmu->sid_bits);
2933 cfg->strtab_base_cfg = reg;
2934
2935 arm_smmu_init_bypass_stes(strtab, cfg->num_l1_ents);
2936 return 0;
2937 }
2938
arm_smmu_init_strtab(struct arm_smmu_device * smmu)2939 static int arm_smmu_init_strtab(struct arm_smmu_device *smmu)
2940 {
2941 u64 reg;
2942 int ret;
2943
2944 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2945 ret = arm_smmu_init_strtab_2lvl(smmu);
2946 else
2947 ret = arm_smmu_init_strtab_linear(smmu);
2948
2949 if (ret)
2950 return ret;
2951
2952 /* Set the strtab base address */
2953 reg = smmu->strtab_cfg.strtab_dma & STRTAB_BASE_ADDR_MASK;
2954 reg |= STRTAB_BASE_RA;
2955 smmu->strtab_cfg.strtab_base = reg;
2956
2957 /* Allocate the first VMID for stage-2 bypass STEs */
2958 set_bit(0, smmu->vmid_map);
2959 return 0;
2960 }
2961
arm_smmu_init_structures(struct arm_smmu_device * smmu)2962 static int arm_smmu_init_structures(struct arm_smmu_device *smmu)
2963 {
2964 int ret;
2965
2966 ret = arm_smmu_init_queues(smmu);
2967 if (ret)
2968 return ret;
2969
2970 return arm_smmu_init_strtab(smmu);
2971 }
2972
arm_smmu_write_reg_sync(struct arm_smmu_device * smmu,u32 val,unsigned int reg_off,unsigned int ack_off)2973 static int arm_smmu_write_reg_sync(struct arm_smmu_device *smmu, u32 val,
2974 unsigned int reg_off, unsigned int ack_off)
2975 {
2976 u32 reg;
2977
2978 writel_relaxed(val, smmu->base + reg_off);
2979 return readl_relaxed_poll_timeout(smmu->base + ack_off, reg, reg == val,
2980 1, ARM_SMMU_POLL_TIMEOUT_US);
2981 }
2982
2983 /* GBPA is "special" */
arm_smmu_update_gbpa(struct arm_smmu_device * smmu,u32 set,u32 clr)2984 static int arm_smmu_update_gbpa(struct arm_smmu_device *smmu, u32 set, u32 clr)
2985 {
2986 int ret;
2987 u32 reg, __iomem *gbpa = smmu->base + ARM_SMMU_GBPA;
2988
2989 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2990 1, ARM_SMMU_POLL_TIMEOUT_US);
2991 if (ret)
2992 return ret;
2993
2994 reg &= ~clr;
2995 reg |= set;
2996 writel_relaxed(reg | GBPA_UPDATE, gbpa);
2997 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2998 1, ARM_SMMU_POLL_TIMEOUT_US);
2999
3000 if (ret)
3001 dev_err(smmu->dev, "GBPA not responding to update\n");
3002 return ret;
3003 }
3004
arm_smmu_free_msis(void * data)3005 static void arm_smmu_free_msis(void *data)
3006 {
3007 struct device *dev = data;
3008 platform_msi_domain_free_irqs(dev);
3009 }
3010
arm_smmu_write_msi_msg(struct msi_desc * desc,struct msi_msg * msg)3011 static void arm_smmu_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg)
3012 {
3013 phys_addr_t doorbell;
3014 struct device *dev = msi_desc_to_dev(desc);
3015 struct arm_smmu_device *smmu = dev_get_drvdata(dev);
3016 phys_addr_t *cfg = arm_smmu_msi_cfg[desc->platform.msi_index];
3017
3018 doorbell = (((u64)msg->address_hi) << 32) | msg->address_lo;
3019 doorbell &= MSI_CFG0_ADDR_MASK;
3020
3021 writeq_relaxed(doorbell, smmu->base + cfg[0]);
3022 writel_relaxed(msg->data, smmu->base + cfg[1]);
3023 writel_relaxed(ARM_SMMU_MEMATTR_DEVICE_nGnRE, smmu->base + cfg[2]);
3024 }
3025
arm_smmu_setup_msis(struct arm_smmu_device * smmu)3026 static void arm_smmu_setup_msis(struct arm_smmu_device *smmu)
3027 {
3028 struct msi_desc *desc;
3029 int ret, nvec = ARM_SMMU_MAX_MSIS;
3030 struct device *dev = smmu->dev;
3031
3032 /* Clear the MSI address regs */
3033 writeq_relaxed(0, smmu->base + ARM_SMMU_GERROR_IRQ_CFG0);
3034 writeq_relaxed(0, smmu->base + ARM_SMMU_EVTQ_IRQ_CFG0);
3035
3036 if (smmu->features & ARM_SMMU_FEAT_PRI)
3037 writeq_relaxed(0, smmu->base + ARM_SMMU_PRIQ_IRQ_CFG0);
3038 else
3039 nvec--;
3040
3041 if (!(smmu->features & ARM_SMMU_FEAT_MSI))
3042 return;
3043
3044 if (!dev->msi_domain) {
3045 dev_info(smmu->dev, "msi_domain absent - falling back to wired irqs\n");
3046 return;
3047 }
3048
3049 /* Allocate MSIs for evtq, gerror and priq. Ignore cmdq */
3050 ret = platform_msi_domain_alloc_irqs(dev, nvec, arm_smmu_write_msi_msg);
3051 if (ret) {
3052 dev_warn(dev, "failed to allocate MSIs - falling back to wired irqs\n");
3053 return;
3054 }
3055
3056 for_each_msi_entry(desc, dev) {
3057 switch (desc->platform.msi_index) {
3058 case EVTQ_MSI_INDEX:
3059 smmu->evtq.q.irq = desc->irq;
3060 break;
3061 case GERROR_MSI_INDEX:
3062 smmu->gerr_irq = desc->irq;
3063 break;
3064 case PRIQ_MSI_INDEX:
3065 smmu->priq.q.irq = desc->irq;
3066 break;
3067 default: /* Unknown */
3068 continue;
3069 }
3070 }
3071
3072 /* Add callback to free MSIs on teardown */
3073 devm_add_action(dev, arm_smmu_free_msis, dev);
3074 }
3075
arm_smmu_setup_unique_irqs(struct arm_smmu_device * smmu)3076 static void arm_smmu_setup_unique_irqs(struct arm_smmu_device *smmu)
3077 {
3078 int irq, ret;
3079
3080 arm_smmu_setup_msis(smmu);
3081
3082 /* Request interrupt lines */
3083 irq = smmu->evtq.q.irq;
3084 if (irq) {
3085 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3086 arm_smmu_evtq_thread,
3087 IRQF_ONESHOT,
3088 "arm-smmu-v3-evtq", smmu);
3089 if (ret < 0)
3090 dev_warn(smmu->dev, "failed to enable evtq irq\n");
3091 } else {
3092 dev_warn(smmu->dev, "no evtq irq - events will not be reported!\n");
3093 }
3094
3095 irq = smmu->gerr_irq;
3096 if (irq) {
3097 ret = devm_request_irq(smmu->dev, irq, arm_smmu_gerror_handler,
3098 0, "arm-smmu-v3-gerror", smmu);
3099 if (ret < 0)
3100 dev_warn(smmu->dev, "failed to enable gerror irq\n");
3101 } else {
3102 dev_warn(smmu->dev, "no gerr irq - errors will not be reported!\n");
3103 }
3104
3105 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3106 irq = smmu->priq.q.irq;
3107 if (irq) {
3108 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3109 arm_smmu_priq_thread,
3110 IRQF_ONESHOT,
3111 "arm-smmu-v3-priq",
3112 smmu);
3113 if (ret < 0)
3114 dev_warn(smmu->dev,
3115 "failed to enable priq irq\n");
3116 } else {
3117 dev_warn(smmu->dev, "no priq irq - PRI will be broken\n");
3118 }
3119 }
3120 }
3121
arm_smmu_setup_irqs(struct arm_smmu_device * smmu)3122 static int arm_smmu_setup_irqs(struct arm_smmu_device *smmu)
3123 {
3124 int ret, irq;
3125 u32 irqen_flags = IRQ_CTRL_EVTQ_IRQEN | IRQ_CTRL_GERROR_IRQEN;
3126
3127 /* Disable IRQs first */
3128 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_IRQ_CTRL,
3129 ARM_SMMU_IRQ_CTRLACK);
3130 if (ret) {
3131 dev_err(smmu->dev, "failed to disable irqs\n");
3132 return ret;
3133 }
3134
3135 irq = smmu->combined_irq;
3136 if (irq) {
3137 /*
3138 * Cavium ThunderX2 implementation doesn't support unique irq
3139 * lines. Use a single irq line for all the SMMUv3 interrupts.
3140 */
3141 ret = devm_request_threaded_irq(smmu->dev, irq,
3142 arm_smmu_combined_irq_handler,
3143 arm_smmu_combined_irq_thread,
3144 IRQF_ONESHOT,
3145 "arm-smmu-v3-combined-irq", smmu);
3146 if (ret < 0)
3147 dev_warn(smmu->dev, "failed to enable combined irq\n");
3148 } else
3149 arm_smmu_setup_unique_irqs(smmu);
3150
3151 if (smmu->features & ARM_SMMU_FEAT_PRI)
3152 irqen_flags |= IRQ_CTRL_PRIQ_IRQEN;
3153
3154 /* Enable interrupt generation on the SMMU */
3155 ret = arm_smmu_write_reg_sync(smmu, irqen_flags,
3156 ARM_SMMU_IRQ_CTRL, ARM_SMMU_IRQ_CTRLACK);
3157 if (ret)
3158 dev_warn(smmu->dev, "failed to enable irqs\n");
3159
3160 return 0;
3161 }
3162
arm_smmu_device_disable(struct arm_smmu_device * smmu)3163 static int arm_smmu_device_disable(struct arm_smmu_device *smmu)
3164 {
3165 int ret;
3166
3167 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_CR0, ARM_SMMU_CR0ACK);
3168 if (ret)
3169 dev_err(smmu->dev, "failed to clear cr0\n");
3170
3171 return ret;
3172 }
3173
arm_smmu_device_reset(struct arm_smmu_device * smmu,bool bypass)3174 static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
3175 {
3176 int ret;
3177 u32 reg, enables;
3178 struct arm_smmu_cmdq_ent cmd;
3179
3180 /* Clear CR0 and sync (disables SMMU and queue processing) */
3181 reg = readl_relaxed(smmu->base + ARM_SMMU_CR0);
3182 if (reg & CR0_SMMUEN) {
3183 dev_warn(smmu->dev, "SMMU currently enabled! Resetting...\n");
3184 WARN_ON(is_kdump_kernel() && !disable_bypass);
3185 arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
3186 }
3187
3188 ret = arm_smmu_device_disable(smmu);
3189 if (ret)
3190 return ret;
3191
3192 /* CR1 (table and queue memory attributes) */
3193 reg = FIELD_PREP(CR1_TABLE_SH, ARM_SMMU_SH_ISH) |
3194 FIELD_PREP(CR1_TABLE_OC, CR1_CACHE_WB) |
3195 FIELD_PREP(CR1_TABLE_IC, CR1_CACHE_WB) |
3196 FIELD_PREP(CR1_QUEUE_SH, ARM_SMMU_SH_ISH) |
3197 FIELD_PREP(CR1_QUEUE_OC, CR1_CACHE_WB) |
3198 FIELD_PREP(CR1_QUEUE_IC, CR1_CACHE_WB);
3199 writel_relaxed(reg, smmu->base + ARM_SMMU_CR1);
3200
3201 /* CR2 (random crap) */
3202 reg = CR2_PTM | CR2_RECINVSID | CR2_E2H;
3203 writel_relaxed(reg, smmu->base + ARM_SMMU_CR2);
3204
3205 /* Stream table */
3206 writeq_relaxed(smmu->strtab_cfg.strtab_base,
3207 smmu->base + ARM_SMMU_STRTAB_BASE);
3208 writel_relaxed(smmu->strtab_cfg.strtab_base_cfg,
3209 smmu->base + ARM_SMMU_STRTAB_BASE_CFG);
3210
3211 /* Command queue */
3212 writeq_relaxed(smmu->cmdq.q.q_base, smmu->base + ARM_SMMU_CMDQ_BASE);
3213 writel_relaxed(smmu->cmdq.q.llq.prod, smmu->base + ARM_SMMU_CMDQ_PROD);
3214 writel_relaxed(smmu->cmdq.q.llq.cons, smmu->base + ARM_SMMU_CMDQ_CONS);
3215
3216 enables = CR0_CMDQEN;
3217 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3218 ARM_SMMU_CR0ACK);
3219 if (ret) {
3220 dev_err(smmu->dev, "failed to enable command queue\n");
3221 return ret;
3222 }
3223
3224 /* Invalidate any cached configuration */
3225 cmd.opcode = CMDQ_OP_CFGI_ALL;
3226 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3227 arm_smmu_cmdq_issue_sync(smmu);
3228
3229 /* Invalidate any stale TLB entries */
3230 if (smmu->features & ARM_SMMU_FEAT_HYP) {
3231 cmd.opcode = CMDQ_OP_TLBI_EL2_ALL;
3232 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3233 }
3234
3235 cmd.opcode = CMDQ_OP_TLBI_NSNH_ALL;
3236 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3237 arm_smmu_cmdq_issue_sync(smmu);
3238
3239 /* Event queue */
3240 writeq_relaxed(smmu->evtq.q.q_base, smmu->base + ARM_SMMU_EVTQ_BASE);
3241 writel_relaxed(smmu->evtq.q.llq.prod,
3242 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_PROD, smmu));
3243 writel_relaxed(smmu->evtq.q.llq.cons,
3244 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_CONS, smmu));
3245
3246 enables |= CR0_EVTQEN;
3247 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3248 ARM_SMMU_CR0ACK);
3249 if (ret) {
3250 dev_err(smmu->dev, "failed to enable event queue\n");
3251 return ret;
3252 }
3253
3254 /* PRI queue */
3255 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3256 writeq_relaxed(smmu->priq.q.q_base,
3257 smmu->base + ARM_SMMU_PRIQ_BASE);
3258 writel_relaxed(smmu->priq.q.llq.prod,
3259 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_PROD, smmu));
3260 writel_relaxed(smmu->priq.q.llq.cons,
3261 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_CONS, smmu));
3262
3263 enables |= CR0_PRIQEN;
3264 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3265 ARM_SMMU_CR0ACK);
3266 if (ret) {
3267 dev_err(smmu->dev, "failed to enable PRI queue\n");
3268 return ret;
3269 }
3270 }
3271
3272 if (smmu->features & ARM_SMMU_FEAT_ATS) {
3273 enables |= CR0_ATSCHK;
3274 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3275 ARM_SMMU_CR0ACK);
3276 if (ret) {
3277 dev_err(smmu->dev, "failed to enable ATS check\n");
3278 return ret;
3279 }
3280 }
3281
3282 ret = arm_smmu_setup_irqs(smmu);
3283 if (ret) {
3284 dev_err(smmu->dev, "failed to setup irqs\n");
3285 return ret;
3286 }
3287
3288 if (is_kdump_kernel())
3289 enables &= ~(CR0_EVTQEN | CR0_PRIQEN);
3290
3291 /* Enable the SMMU interface, or ensure bypass */
3292 if (!bypass || disable_bypass) {
3293 enables |= CR0_SMMUEN;
3294 } else {
3295 ret = arm_smmu_update_gbpa(smmu, 0, GBPA_ABORT);
3296 if (ret)
3297 return ret;
3298 }
3299 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3300 ARM_SMMU_CR0ACK);
3301 if (ret) {
3302 dev_err(smmu->dev, "failed to enable SMMU interface\n");
3303 return ret;
3304 }
3305
3306 return 0;
3307 }
3308
arm_smmu_device_hw_probe(struct arm_smmu_device * smmu)3309 static int arm_smmu_device_hw_probe(struct arm_smmu_device *smmu)
3310 {
3311 u32 reg;
3312 bool coherent = smmu->features & ARM_SMMU_FEAT_COHERENCY;
3313
3314 /* IDR0 */
3315 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR0);
3316
3317 /* 2-level structures */
3318 if (FIELD_GET(IDR0_ST_LVL, reg) == IDR0_ST_LVL_2LVL)
3319 smmu->features |= ARM_SMMU_FEAT_2_LVL_STRTAB;
3320
3321 if (reg & IDR0_CD2L)
3322 smmu->features |= ARM_SMMU_FEAT_2_LVL_CDTAB;
3323
3324 /*
3325 * Translation table endianness.
3326 * We currently require the same endianness as the CPU, but this
3327 * could be changed later by adding a new IO_PGTABLE_QUIRK.
3328 */
3329 switch (FIELD_GET(IDR0_TTENDIAN, reg)) {
3330 case IDR0_TTENDIAN_MIXED:
3331 smmu->features |= ARM_SMMU_FEAT_TT_LE | ARM_SMMU_FEAT_TT_BE;
3332 break;
3333 #ifdef __BIG_ENDIAN
3334 case IDR0_TTENDIAN_BE:
3335 smmu->features |= ARM_SMMU_FEAT_TT_BE;
3336 break;
3337 #else
3338 case IDR0_TTENDIAN_LE:
3339 smmu->features |= ARM_SMMU_FEAT_TT_LE;
3340 break;
3341 #endif
3342 default:
3343 dev_err(smmu->dev, "unknown/unsupported TT endianness!\n");
3344 return -ENXIO;
3345 }
3346
3347 /* Boolean feature flags */
3348 if (IS_ENABLED(CONFIG_PCI_PRI) && reg & IDR0_PRI)
3349 smmu->features |= ARM_SMMU_FEAT_PRI;
3350
3351 if (IS_ENABLED(CONFIG_PCI_ATS) && reg & IDR0_ATS)
3352 smmu->features |= ARM_SMMU_FEAT_ATS;
3353
3354 if (reg & IDR0_SEV)
3355 smmu->features |= ARM_SMMU_FEAT_SEV;
3356
3357 if (reg & IDR0_MSI)
3358 smmu->features |= ARM_SMMU_FEAT_MSI;
3359
3360 if (reg & IDR0_HYP)
3361 smmu->features |= ARM_SMMU_FEAT_HYP;
3362
3363 /*
3364 * The coherency feature as set by FW is used in preference to the ID
3365 * register, but warn on mismatch.
3366 */
3367 if (!!(reg & IDR0_COHACC) != coherent)
3368 dev_warn(smmu->dev, "IDR0.COHACC overridden by FW configuration (%s)\n",
3369 coherent ? "true" : "false");
3370
3371 switch (FIELD_GET(IDR0_STALL_MODEL, reg)) {
3372 case IDR0_STALL_MODEL_FORCE:
3373 smmu->features |= ARM_SMMU_FEAT_STALL_FORCE;
3374 /* Fallthrough */
3375 case IDR0_STALL_MODEL_STALL:
3376 smmu->features |= ARM_SMMU_FEAT_STALLS;
3377 }
3378
3379 if (reg & IDR0_S1P)
3380 smmu->features |= ARM_SMMU_FEAT_TRANS_S1;
3381
3382 if (reg & IDR0_S2P)
3383 smmu->features |= ARM_SMMU_FEAT_TRANS_S2;
3384
3385 if (!(reg & (IDR0_S1P | IDR0_S2P))) {
3386 dev_err(smmu->dev, "no translation support!\n");
3387 return -ENXIO;
3388 }
3389
3390 /* We only support the AArch64 table format at present */
3391 switch (FIELD_GET(IDR0_TTF, reg)) {
3392 case IDR0_TTF_AARCH32_64:
3393 smmu->ias = 40;
3394 /* Fallthrough */
3395 case IDR0_TTF_AARCH64:
3396 break;
3397 default:
3398 dev_err(smmu->dev, "AArch64 table format not supported!\n");
3399 return -ENXIO;
3400 }
3401
3402 /* ASID/VMID sizes */
3403 smmu->asid_bits = reg & IDR0_ASID16 ? 16 : 8;
3404 smmu->vmid_bits = reg & IDR0_VMID16 ? 16 : 8;
3405
3406 /* IDR1 */
3407 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR1);
3408 if (reg & (IDR1_TABLES_PRESET | IDR1_QUEUES_PRESET | IDR1_REL)) {
3409 dev_err(smmu->dev, "embedded implementation not supported\n");
3410 return -ENXIO;
3411 }
3412
3413 /* Queue sizes, capped to ensure natural alignment */
3414 smmu->cmdq.q.llq.max_n_shift = min_t(u32, CMDQ_MAX_SZ_SHIFT,
3415 FIELD_GET(IDR1_CMDQS, reg));
3416 if (smmu->cmdq.q.llq.max_n_shift <= ilog2(CMDQ_BATCH_ENTRIES)) {
3417 /*
3418 * We don't support splitting up batches, so one batch of
3419 * commands plus an extra sync needs to fit inside the command
3420 * queue. There's also no way we can handle the weird alignment
3421 * restrictions on the base pointer for a unit-length queue.
3422 */
3423 dev_err(smmu->dev, "command queue size <= %d entries not supported\n",
3424 CMDQ_BATCH_ENTRIES);
3425 return -ENXIO;
3426 }
3427
3428 smmu->evtq.q.llq.max_n_shift = min_t(u32, EVTQ_MAX_SZ_SHIFT,
3429 FIELD_GET(IDR1_EVTQS, reg));
3430 smmu->priq.q.llq.max_n_shift = min_t(u32, PRIQ_MAX_SZ_SHIFT,
3431 FIELD_GET(IDR1_PRIQS, reg));
3432
3433 /* SID/SSID sizes */
3434 smmu->ssid_bits = FIELD_GET(IDR1_SSIDSIZE, reg);
3435 smmu->sid_bits = FIELD_GET(IDR1_SIDSIZE, reg);
3436
3437 /*
3438 * If the SMMU supports fewer bits than would fill a single L2 stream
3439 * table, use a linear table instead.
3440 */
3441 if (smmu->sid_bits <= STRTAB_SPLIT)
3442 smmu->features &= ~ARM_SMMU_FEAT_2_LVL_STRTAB;
3443
3444 /* IDR5 */
3445 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR5);
3446
3447 /* Maximum number of outstanding stalls */
3448 smmu->evtq.max_stalls = FIELD_GET(IDR5_STALL_MAX, reg);
3449
3450 /* Page sizes */
3451 if (reg & IDR5_GRAN64K)
3452 smmu->pgsize_bitmap |= SZ_64K | SZ_512M;
3453 if (reg & IDR5_GRAN16K)
3454 smmu->pgsize_bitmap |= SZ_16K | SZ_32M;
3455 if (reg & IDR5_GRAN4K)
3456 smmu->pgsize_bitmap |= SZ_4K | SZ_2M | SZ_1G;
3457
3458 /* Input address size */
3459 if (FIELD_GET(IDR5_VAX, reg) == IDR5_VAX_52_BIT)
3460 smmu->features |= ARM_SMMU_FEAT_VAX;
3461
3462 /* Output address size */
3463 switch (FIELD_GET(IDR5_OAS, reg)) {
3464 case IDR5_OAS_32_BIT:
3465 smmu->oas = 32;
3466 break;
3467 case IDR5_OAS_36_BIT:
3468 smmu->oas = 36;
3469 break;
3470 case IDR5_OAS_40_BIT:
3471 smmu->oas = 40;
3472 break;
3473 case IDR5_OAS_42_BIT:
3474 smmu->oas = 42;
3475 break;
3476 case IDR5_OAS_44_BIT:
3477 smmu->oas = 44;
3478 break;
3479 case IDR5_OAS_52_BIT:
3480 smmu->oas = 52;
3481 smmu->pgsize_bitmap |= 1ULL << 42; /* 4TB */
3482 break;
3483 default:
3484 dev_info(smmu->dev,
3485 "unknown output address size. Truncating to 48-bit\n");
3486 /* Fallthrough */
3487 case IDR5_OAS_48_BIT:
3488 smmu->oas = 48;
3489 }
3490
3491 if (arm_smmu_ops.pgsize_bitmap == -1UL)
3492 arm_smmu_ops.pgsize_bitmap = smmu->pgsize_bitmap;
3493 else
3494 arm_smmu_ops.pgsize_bitmap |= smmu->pgsize_bitmap;
3495
3496 /* Set the DMA mask for our table walker */
3497 if (dma_set_mask_and_coherent(smmu->dev, DMA_BIT_MASK(smmu->oas)))
3498 dev_warn(smmu->dev,
3499 "failed to set DMA mask for table walker\n");
3500
3501 smmu->ias = max(smmu->ias, smmu->oas);
3502
3503 dev_info(smmu->dev, "ias %lu-bit, oas %lu-bit (features 0x%08x)\n",
3504 smmu->ias, smmu->oas, smmu->features);
3505 return 0;
3506 }
3507
3508 #ifdef CONFIG_ACPI
acpi_smmu_get_options(u32 model,struct arm_smmu_device * smmu)3509 static void acpi_smmu_get_options(u32 model, struct arm_smmu_device *smmu)
3510 {
3511 switch (model) {
3512 case ACPI_IORT_SMMU_V3_CAVIUM_CN99XX:
3513 smmu->options |= ARM_SMMU_OPT_PAGE0_REGS_ONLY;
3514 break;
3515 case ACPI_IORT_SMMU_V3_HISILICON_HI161X:
3516 smmu->options |= ARM_SMMU_OPT_SKIP_PREFETCH;
3517 break;
3518 }
3519
3520 dev_notice(smmu->dev, "option mask 0x%x\n", smmu->options);
3521 }
3522
arm_smmu_device_acpi_probe(struct platform_device * pdev,struct arm_smmu_device * smmu)3523 static int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3524 struct arm_smmu_device *smmu)
3525 {
3526 struct acpi_iort_smmu_v3 *iort_smmu;
3527 struct device *dev = smmu->dev;
3528 struct acpi_iort_node *node;
3529
3530 node = *(struct acpi_iort_node **)dev_get_platdata(dev);
3531
3532 /* Retrieve SMMUv3 specific data */
3533 iort_smmu = (struct acpi_iort_smmu_v3 *)node->node_data;
3534
3535 acpi_smmu_get_options(iort_smmu->model, smmu);
3536
3537 if (iort_smmu->flags & ACPI_IORT_SMMU_V3_COHACC_OVERRIDE)
3538 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3539
3540 return 0;
3541 }
3542 #else
arm_smmu_device_acpi_probe(struct platform_device * pdev,struct arm_smmu_device * smmu)3543 static inline int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3544 struct arm_smmu_device *smmu)
3545 {
3546 return -ENODEV;
3547 }
3548 #endif
3549
arm_smmu_device_dt_probe(struct platform_device * pdev,struct arm_smmu_device * smmu)3550 static int arm_smmu_device_dt_probe(struct platform_device *pdev,
3551 struct arm_smmu_device *smmu)
3552 {
3553 struct device *dev = &pdev->dev;
3554 u32 cells;
3555 int ret = -EINVAL;
3556
3557 if (of_property_read_u32(dev->of_node, "#iommu-cells", &cells))
3558 dev_err(dev, "missing #iommu-cells property\n");
3559 else if (cells != 1)
3560 dev_err(dev, "invalid #iommu-cells value (%d)\n", cells);
3561 else
3562 ret = 0;
3563
3564 parse_driver_options(smmu);
3565
3566 if (of_dma_is_coherent(dev->of_node))
3567 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3568
3569 return ret;
3570 }
3571
arm_smmu_resource_size(struct arm_smmu_device * smmu)3572 static unsigned long arm_smmu_resource_size(struct arm_smmu_device *smmu)
3573 {
3574 if (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY)
3575 return SZ_64K;
3576 else
3577 return SZ_128K;
3578 }
3579
arm_smmu_set_bus_ops(struct iommu_ops * ops)3580 static int arm_smmu_set_bus_ops(struct iommu_ops *ops)
3581 {
3582 int err;
3583
3584 #ifdef CONFIG_PCI
3585 if (pci_bus_type.iommu_ops != ops) {
3586 err = bus_set_iommu(&pci_bus_type, ops);
3587 if (err)
3588 return err;
3589 }
3590 #endif
3591 #ifdef CONFIG_ARM_AMBA
3592 if (amba_bustype.iommu_ops != ops) {
3593 err = bus_set_iommu(&amba_bustype, ops);
3594 if (err)
3595 goto err_reset_pci_ops;
3596 }
3597 #endif
3598 if (platform_bus_type.iommu_ops != ops) {
3599 err = bus_set_iommu(&platform_bus_type, ops);
3600 if (err)
3601 goto err_reset_amba_ops;
3602 }
3603
3604 return 0;
3605
3606 err_reset_amba_ops:
3607 #ifdef CONFIG_ARM_AMBA
3608 bus_set_iommu(&amba_bustype, NULL);
3609 #endif
3610 err_reset_pci_ops: __maybe_unused;
3611 #ifdef CONFIG_PCI
3612 bus_set_iommu(&pci_bus_type, NULL);
3613 #endif
3614 return err;
3615 }
3616
arm_smmu_device_probe(struct platform_device * pdev)3617 static int arm_smmu_device_probe(struct platform_device *pdev)
3618 {
3619 int irq, ret;
3620 struct resource *res;
3621 resource_size_t ioaddr;
3622 struct arm_smmu_device *smmu;
3623 struct device *dev = &pdev->dev;
3624 bool bypass;
3625
3626 smmu = devm_kzalloc(dev, sizeof(*smmu), GFP_KERNEL);
3627 if (!smmu) {
3628 dev_err(dev, "failed to allocate arm_smmu_device\n");
3629 return -ENOMEM;
3630 }
3631 smmu->dev = dev;
3632
3633 if (dev->of_node) {
3634 ret = arm_smmu_device_dt_probe(pdev, smmu);
3635 } else {
3636 ret = arm_smmu_device_acpi_probe(pdev, smmu);
3637 if (ret == -ENODEV)
3638 return ret;
3639 }
3640
3641 /* Set bypass mode according to firmware probing result */
3642 bypass = !!ret;
3643
3644 /* Base address */
3645 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
3646 if (resource_size(res) + 1 < arm_smmu_resource_size(smmu)) {
3647 dev_err(dev, "MMIO region too small (%pr)\n", res);
3648 return -EINVAL;
3649 }
3650 ioaddr = res->start;
3651
3652 smmu->base = devm_ioremap_resource(dev, res);
3653 if (IS_ERR(smmu->base))
3654 return PTR_ERR(smmu->base);
3655
3656 /* Interrupt lines */
3657
3658 irq = platform_get_irq_byname_optional(pdev, "combined");
3659 if (irq > 0)
3660 smmu->combined_irq = irq;
3661 else {
3662 irq = platform_get_irq_byname_optional(pdev, "eventq");
3663 if (irq > 0)
3664 smmu->evtq.q.irq = irq;
3665
3666 irq = platform_get_irq_byname_optional(pdev, "priq");
3667 if (irq > 0)
3668 smmu->priq.q.irq = irq;
3669
3670 irq = platform_get_irq_byname_optional(pdev, "gerror");
3671 if (irq > 0)
3672 smmu->gerr_irq = irq;
3673 }
3674 /* Probe the h/w */
3675 ret = arm_smmu_device_hw_probe(smmu);
3676 if (ret)
3677 return ret;
3678
3679 /* Initialise in-memory data structures */
3680 ret = arm_smmu_init_structures(smmu);
3681 if (ret)
3682 return ret;
3683
3684 /* Record our private device structure */
3685 platform_set_drvdata(pdev, smmu);
3686
3687 /* Reset the device */
3688 ret = arm_smmu_device_reset(smmu, bypass);
3689 if (ret)
3690 return ret;
3691
3692 /* And we're up. Go go go! */
3693 ret = iommu_device_sysfs_add(&smmu->iommu, dev, NULL,
3694 "smmu3.%pa", &ioaddr);
3695 if (ret)
3696 return ret;
3697
3698 iommu_device_set_ops(&smmu->iommu, &arm_smmu_ops);
3699 iommu_device_set_fwnode(&smmu->iommu, dev->fwnode);
3700
3701 ret = iommu_device_register(&smmu->iommu);
3702 if (ret) {
3703 dev_err(dev, "Failed to register iommu\n");
3704 return ret;
3705 }
3706
3707 return arm_smmu_set_bus_ops(&arm_smmu_ops);
3708 }
3709
arm_smmu_device_remove(struct platform_device * pdev)3710 static int arm_smmu_device_remove(struct platform_device *pdev)
3711 {
3712 struct arm_smmu_device *smmu = platform_get_drvdata(pdev);
3713
3714 arm_smmu_set_bus_ops(NULL);
3715 iommu_device_unregister(&smmu->iommu);
3716 iommu_device_sysfs_remove(&smmu->iommu);
3717 arm_smmu_device_disable(smmu);
3718
3719 return 0;
3720 }
3721
arm_smmu_device_shutdown(struct platform_device * pdev)3722 static void arm_smmu_device_shutdown(struct platform_device *pdev)
3723 {
3724 arm_smmu_device_remove(pdev);
3725 }
3726
3727 static const struct of_device_id arm_smmu_of_match[] = {
3728 { .compatible = "arm,smmu-v3", },
3729 { },
3730 };
3731 MODULE_DEVICE_TABLE(of, arm_smmu_of_match);
3732
3733 static struct platform_driver arm_smmu_driver = {
3734 .driver = {
3735 .name = "arm-smmu-v3",
3736 .of_match_table = of_match_ptr(arm_smmu_of_match),
3737 .suppress_bind_attrs = true,
3738 },
3739 .probe = arm_smmu_device_probe,
3740 .remove = arm_smmu_device_remove,
3741 .shutdown = arm_smmu_device_shutdown,
3742 };
3743 module_platform_driver(arm_smmu_driver);
3744
3745 MODULE_DESCRIPTION("IOMMU API for ARM architected SMMUv3 implementations");
3746 MODULE_AUTHOR("Will Deacon <will@kernel.org>");
3747 MODULE_LICENSE("GPL v2");
3748