1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2007-2008 Advanced Micro Devices, Inc.
4 * Author: Joerg Roedel <jroedel@suse.de>
5 */
6
7 #define pr_fmt(fmt) "iommu: " fmt
8
9 #include <linux/device.h>
10 #include <linux/dma-iommu.h>
11 #include <linux/kernel.h>
12 #include <linux/bits.h>
13 #include <linux/bug.h>
14 #include <linux/types.h>
15 #include <linux/init.h>
16 #include <linux/export.h>
17 #include <linux/slab.h>
18 #include <linux/errno.h>
19 #include <linux/iommu.h>
20 #include <linux/idr.h>
21 #include <linux/notifier.h>
22 #include <linux/err.h>
23 #include <linux/pci.h>
24 #include <linux/bitops.h>
25 #include <linux/property.h>
26 #include <linux/fsl/mc.h>
27 #include <linux/module.h>
28 #include <trace/events/iommu.h>
29
30 static struct kset *iommu_group_kset;
31 static DEFINE_IDA(iommu_group_ida);
32
33 static unsigned int iommu_def_domain_type __read_mostly;
34 static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_STRICT);
35 static u32 iommu_cmd_line __read_mostly;
36
37 struct iommu_group {
38 struct kobject kobj;
39 struct kobject *devices_kobj;
40 struct list_head devices;
41 struct mutex mutex;
42 struct blocking_notifier_head notifier;
43 void *iommu_data;
44 void (*iommu_data_release)(void *iommu_data);
45 char *name;
46 int id;
47 struct iommu_domain *default_domain;
48 struct iommu_domain *domain;
49 struct list_head entry;
50 };
51
52 struct group_device {
53 struct list_head list;
54 struct device *dev;
55 char *name;
56 };
57
58 struct iommu_group_attribute {
59 struct attribute attr;
60 ssize_t (*show)(struct iommu_group *group, char *buf);
61 ssize_t (*store)(struct iommu_group *group,
62 const char *buf, size_t count);
63 };
64
65 static const char * const iommu_group_resv_type_string[] = {
66 [IOMMU_RESV_DIRECT] = "direct",
67 [IOMMU_RESV_DIRECT_RELAXABLE] = "direct-relaxable",
68 [IOMMU_RESV_RESERVED] = "reserved",
69 [IOMMU_RESV_MSI] = "msi",
70 [IOMMU_RESV_SW_MSI] = "msi",
71 };
72
73 #define IOMMU_CMD_LINE_DMA_API BIT(0)
74 #define IOMMU_CMD_LINE_STRICT BIT(1)
75
76 static int iommu_alloc_default_domain(struct iommu_group *group,
77 struct device *dev);
78 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
79 unsigned type);
80 static int __iommu_attach_device(struct iommu_domain *domain,
81 struct device *dev);
82 static int __iommu_attach_group(struct iommu_domain *domain,
83 struct iommu_group *group);
84 static void __iommu_detach_group(struct iommu_domain *domain,
85 struct iommu_group *group);
86 static int iommu_create_device_direct_mappings(struct iommu_group *group,
87 struct device *dev);
88 static struct iommu_group *iommu_group_get_for_dev(struct device *dev);
89 static ssize_t iommu_group_store_type(struct iommu_group *group,
90 const char *buf, size_t count);
91
92 #define IOMMU_GROUP_ATTR(_name, _mode, _show, _store) \
93 struct iommu_group_attribute iommu_group_attr_##_name = \
94 __ATTR(_name, _mode, _show, _store)
95
96 #define to_iommu_group_attr(_attr) \
97 container_of(_attr, struct iommu_group_attribute, attr)
98 #define to_iommu_group(_kobj) \
99 container_of(_kobj, struct iommu_group, kobj)
100
101 static LIST_HEAD(iommu_device_list);
102 static DEFINE_SPINLOCK(iommu_device_lock);
103
104 /*
105 * Use a function instead of an array here because the domain-type is a
106 * bit-field, so an array would waste memory.
107 */
iommu_domain_type_str(unsigned int t)108 static const char *iommu_domain_type_str(unsigned int t)
109 {
110 switch (t) {
111 case IOMMU_DOMAIN_BLOCKED:
112 return "Blocked";
113 case IOMMU_DOMAIN_IDENTITY:
114 return "Passthrough";
115 case IOMMU_DOMAIN_UNMANAGED:
116 return "Unmanaged";
117 case IOMMU_DOMAIN_DMA:
118 case IOMMU_DOMAIN_DMA_FQ:
119 return "Translated";
120 default:
121 return "Unknown";
122 }
123 }
124
iommu_subsys_init(void)125 static int __init iommu_subsys_init(void)
126 {
127 if (!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API)) {
128 if (IS_ENABLED(CONFIG_IOMMU_DEFAULT_PASSTHROUGH))
129 iommu_set_default_passthrough(false);
130 else
131 iommu_set_default_translated(false);
132
133 if (iommu_default_passthrough() && mem_encrypt_active()) {
134 pr_info("Memory encryption detected - Disabling default IOMMU Passthrough\n");
135 iommu_set_default_translated(false);
136 }
137 }
138
139 if (!iommu_default_passthrough() && !iommu_dma_strict)
140 iommu_def_domain_type = IOMMU_DOMAIN_DMA_FQ;
141
142 pr_info("Default domain type: %s %s\n",
143 iommu_domain_type_str(iommu_def_domain_type),
144 (iommu_cmd_line & IOMMU_CMD_LINE_DMA_API) ?
145 "(set via kernel command line)" : "");
146
147 if (!iommu_default_passthrough())
148 pr_info("DMA domain TLB invalidation policy: %s mode %s\n",
149 iommu_dma_strict ? "strict" : "lazy",
150 (iommu_cmd_line & IOMMU_CMD_LINE_STRICT) ?
151 "(set via kernel command line)" : "");
152
153 return 0;
154 }
155 subsys_initcall(iommu_subsys_init);
156
157 /**
158 * iommu_device_register() - Register an IOMMU hardware instance
159 * @iommu: IOMMU handle for the instance
160 * @ops: IOMMU ops to associate with the instance
161 * @hwdev: (optional) actual instance device, used for fwnode lookup
162 *
163 * Return: 0 on success, or an error.
164 */
iommu_device_register(struct iommu_device * iommu,const struct iommu_ops * ops,struct device * hwdev)165 int iommu_device_register(struct iommu_device *iommu,
166 const struct iommu_ops *ops, struct device *hwdev)
167 {
168 /* We need to be able to take module references appropriately */
169 if (WARN_ON(is_module_address((unsigned long)ops) && !ops->owner))
170 return -EINVAL;
171
172 iommu->ops = ops;
173 if (hwdev)
174 iommu->fwnode = hwdev->fwnode;
175
176 spin_lock(&iommu_device_lock);
177 list_add_tail(&iommu->list, &iommu_device_list);
178 spin_unlock(&iommu_device_lock);
179 return 0;
180 }
181 EXPORT_SYMBOL_GPL(iommu_device_register);
182
iommu_device_unregister(struct iommu_device * iommu)183 void iommu_device_unregister(struct iommu_device *iommu)
184 {
185 spin_lock(&iommu_device_lock);
186 list_del(&iommu->list);
187 spin_unlock(&iommu_device_lock);
188 }
189 EXPORT_SYMBOL_GPL(iommu_device_unregister);
190
dev_iommu_get(struct device * dev)191 static struct dev_iommu *dev_iommu_get(struct device *dev)
192 {
193 struct dev_iommu *param = dev->iommu;
194
195 if (param)
196 return param;
197
198 param = kzalloc(sizeof(*param), GFP_KERNEL);
199 if (!param)
200 return NULL;
201
202 mutex_init(¶m->lock);
203 dev->iommu = param;
204 return param;
205 }
206
dev_iommu_free(struct device * dev)207 static void dev_iommu_free(struct device *dev)
208 {
209 struct dev_iommu *param = dev->iommu;
210
211 dev->iommu = NULL;
212 if (param->fwspec) {
213 fwnode_handle_put(param->fwspec->iommu_fwnode);
214 kfree(param->fwspec);
215 }
216 kfree(param);
217 }
218
219 DEFINE_MUTEX(iommu_probe_device_lock);
220
__iommu_probe_device(struct device * dev,struct list_head * group_list)221 static int __iommu_probe_device(struct device *dev, struct list_head *group_list)
222 {
223 const struct iommu_ops *ops = dev->bus->iommu_ops;
224 struct iommu_device *iommu_dev;
225 struct iommu_group *group;
226 int ret;
227
228 if (!ops)
229 return -ENODEV;
230 /*
231 * Serialise to avoid races between IOMMU drivers registering in
232 * parallel and/or the "replay" calls from ACPI/OF code via client
233 * driver probe. Once the latter have been cleaned up we should
234 * probably be able to use device_lock() here to minimise the scope,
235 * but for now enforcing a simple global ordering is fine.
236 */
237 lockdep_assert_held(&iommu_probe_device_lock);
238 if (!dev_iommu_get(dev)) {
239 ret = -ENOMEM;
240 goto err_out;
241 }
242
243 if (!try_module_get(ops->owner)) {
244 ret = -EINVAL;
245 goto err_free;
246 }
247
248 iommu_dev = ops->probe_device(dev);
249 if (IS_ERR(iommu_dev)) {
250 ret = PTR_ERR(iommu_dev);
251 goto out_module_put;
252 }
253
254 dev->iommu->iommu_dev = iommu_dev;
255
256 group = iommu_group_get_for_dev(dev);
257 if (IS_ERR(group)) {
258 ret = PTR_ERR(group);
259 goto out_release;
260 }
261
262 mutex_lock(&group->mutex);
263 if (group_list && !group->default_domain && list_empty(&group->entry))
264 list_add_tail(&group->entry, group_list);
265 mutex_unlock(&group->mutex);
266 iommu_group_put(group);
267
268 iommu_device_link(iommu_dev, dev);
269
270 return 0;
271
272 out_release:
273 ops->release_device(dev);
274
275 out_module_put:
276 module_put(ops->owner);
277
278 err_free:
279 dev_iommu_free(dev);
280
281 err_out:
282 return ret;
283 }
284
iommu_probe_device(struct device * dev)285 int iommu_probe_device(struct device *dev)
286 {
287 const struct iommu_ops *ops = dev->bus->iommu_ops;
288 struct iommu_group *group;
289 int ret;
290
291 mutex_lock(&iommu_probe_device_lock);
292 ret = __iommu_probe_device(dev, NULL);
293 mutex_unlock(&iommu_probe_device_lock);
294 if (ret)
295 goto err_out;
296
297 group = iommu_group_get(dev);
298 if (!group) {
299 ret = -ENODEV;
300 goto err_release;
301 }
302
303 /*
304 * Try to allocate a default domain - needs support from the
305 * IOMMU driver. There are still some drivers which don't
306 * support default domains, so the return value is not yet
307 * checked.
308 */
309 mutex_lock(&group->mutex);
310 iommu_alloc_default_domain(group, dev);
311
312 if (group->default_domain) {
313 ret = __iommu_attach_device(group->default_domain, dev);
314 if (ret) {
315 mutex_unlock(&group->mutex);
316 iommu_group_put(group);
317 goto err_release;
318 }
319 }
320
321 iommu_create_device_direct_mappings(group, dev);
322
323 mutex_unlock(&group->mutex);
324 iommu_group_put(group);
325
326 if (ops->probe_finalize)
327 ops->probe_finalize(dev);
328
329 return 0;
330
331 err_release:
332 iommu_release_device(dev);
333
334 err_out:
335 return ret;
336
337 }
338
iommu_release_device(struct device * dev)339 void iommu_release_device(struct device *dev)
340 {
341 const struct iommu_ops *ops = dev->bus->iommu_ops;
342
343 if (!dev->iommu)
344 return;
345
346 iommu_device_unlink(dev->iommu->iommu_dev, dev);
347
348 ops->release_device(dev);
349
350 iommu_group_remove_device(dev);
351 module_put(ops->owner);
352 dev_iommu_free(dev);
353 }
354
iommu_set_def_domain_type(char * str)355 static int __init iommu_set_def_domain_type(char *str)
356 {
357 bool pt;
358 int ret;
359
360 ret = kstrtobool(str, &pt);
361 if (ret)
362 return ret;
363
364 if (pt)
365 iommu_set_default_passthrough(true);
366 else
367 iommu_set_default_translated(true);
368
369 return 0;
370 }
371 early_param("iommu.passthrough", iommu_set_def_domain_type);
372
iommu_dma_setup(char * str)373 static int __init iommu_dma_setup(char *str)
374 {
375 int ret = kstrtobool(str, &iommu_dma_strict);
376
377 if (!ret)
378 iommu_cmd_line |= IOMMU_CMD_LINE_STRICT;
379 return ret;
380 }
381 early_param("iommu.strict", iommu_dma_setup);
382
iommu_set_dma_strict(void)383 void iommu_set_dma_strict(void)
384 {
385 iommu_dma_strict = true;
386 if (iommu_def_domain_type == IOMMU_DOMAIN_DMA_FQ)
387 iommu_def_domain_type = IOMMU_DOMAIN_DMA;
388 }
389
iommu_group_attr_show(struct kobject * kobj,struct attribute * __attr,char * buf)390 static ssize_t iommu_group_attr_show(struct kobject *kobj,
391 struct attribute *__attr, char *buf)
392 {
393 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
394 struct iommu_group *group = to_iommu_group(kobj);
395 ssize_t ret = -EIO;
396
397 if (attr->show)
398 ret = attr->show(group, buf);
399 return ret;
400 }
401
iommu_group_attr_store(struct kobject * kobj,struct attribute * __attr,const char * buf,size_t count)402 static ssize_t iommu_group_attr_store(struct kobject *kobj,
403 struct attribute *__attr,
404 const char *buf, size_t count)
405 {
406 struct iommu_group_attribute *attr = to_iommu_group_attr(__attr);
407 struct iommu_group *group = to_iommu_group(kobj);
408 ssize_t ret = -EIO;
409
410 if (attr->store)
411 ret = attr->store(group, buf, count);
412 return ret;
413 }
414
415 static const struct sysfs_ops iommu_group_sysfs_ops = {
416 .show = iommu_group_attr_show,
417 .store = iommu_group_attr_store,
418 };
419
iommu_group_create_file(struct iommu_group * group,struct iommu_group_attribute * attr)420 static int iommu_group_create_file(struct iommu_group *group,
421 struct iommu_group_attribute *attr)
422 {
423 return sysfs_create_file(&group->kobj, &attr->attr);
424 }
425
iommu_group_remove_file(struct iommu_group * group,struct iommu_group_attribute * attr)426 static void iommu_group_remove_file(struct iommu_group *group,
427 struct iommu_group_attribute *attr)
428 {
429 sysfs_remove_file(&group->kobj, &attr->attr);
430 }
431
iommu_group_show_name(struct iommu_group * group,char * buf)432 static ssize_t iommu_group_show_name(struct iommu_group *group, char *buf)
433 {
434 return sprintf(buf, "%s\n", group->name);
435 }
436
437 /**
438 * iommu_insert_resv_region - Insert a new region in the
439 * list of reserved regions.
440 * @new: new region to insert
441 * @regions: list of regions
442 *
443 * Elements are sorted by start address and overlapping segments
444 * of the same type are merged.
445 */
iommu_insert_resv_region(struct iommu_resv_region * new,struct list_head * regions)446 static int iommu_insert_resv_region(struct iommu_resv_region *new,
447 struct list_head *regions)
448 {
449 struct iommu_resv_region *iter, *tmp, *nr, *top;
450 LIST_HEAD(stack);
451
452 nr = iommu_alloc_resv_region(new->start, new->length,
453 new->prot, new->type);
454 if (!nr)
455 return -ENOMEM;
456
457 /* First add the new element based on start address sorting */
458 list_for_each_entry(iter, regions, list) {
459 if (nr->start < iter->start ||
460 (nr->start == iter->start && nr->type <= iter->type))
461 break;
462 }
463 list_add_tail(&nr->list, &iter->list);
464
465 /* Merge overlapping segments of type nr->type in @regions, if any */
466 list_for_each_entry_safe(iter, tmp, regions, list) {
467 phys_addr_t top_end, iter_end = iter->start + iter->length - 1;
468
469 /* no merge needed on elements of different types than @new */
470 if (iter->type != new->type) {
471 list_move_tail(&iter->list, &stack);
472 continue;
473 }
474
475 /* look for the last stack element of same type as @iter */
476 list_for_each_entry_reverse(top, &stack, list)
477 if (top->type == iter->type)
478 goto check_overlap;
479
480 list_move_tail(&iter->list, &stack);
481 continue;
482
483 check_overlap:
484 top_end = top->start + top->length - 1;
485
486 if (iter->start > top_end + 1) {
487 list_move_tail(&iter->list, &stack);
488 } else {
489 top->length = max(top_end, iter_end) - top->start + 1;
490 list_del(&iter->list);
491 kfree(iter);
492 }
493 }
494 list_splice(&stack, regions);
495 return 0;
496 }
497
498 static int
iommu_insert_device_resv_regions(struct list_head * dev_resv_regions,struct list_head * group_resv_regions)499 iommu_insert_device_resv_regions(struct list_head *dev_resv_regions,
500 struct list_head *group_resv_regions)
501 {
502 struct iommu_resv_region *entry;
503 int ret = 0;
504
505 list_for_each_entry(entry, dev_resv_regions, list) {
506 ret = iommu_insert_resv_region(entry, group_resv_regions);
507 if (ret)
508 break;
509 }
510 return ret;
511 }
512
iommu_get_group_resv_regions(struct iommu_group * group,struct list_head * head)513 int iommu_get_group_resv_regions(struct iommu_group *group,
514 struct list_head *head)
515 {
516 struct group_device *device;
517 int ret = 0;
518
519 mutex_lock(&group->mutex);
520 list_for_each_entry(device, &group->devices, list) {
521 struct list_head dev_resv_regions;
522
523 INIT_LIST_HEAD(&dev_resv_regions);
524 iommu_get_resv_regions(device->dev, &dev_resv_regions);
525 ret = iommu_insert_device_resv_regions(&dev_resv_regions, head);
526 iommu_put_resv_regions(device->dev, &dev_resv_regions);
527 if (ret)
528 break;
529 }
530 mutex_unlock(&group->mutex);
531 return ret;
532 }
533 EXPORT_SYMBOL_GPL(iommu_get_group_resv_regions);
534
iommu_group_show_resv_regions(struct iommu_group * group,char * buf)535 static ssize_t iommu_group_show_resv_regions(struct iommu_group *group,
536 char *buf)
537 {
538 struct iommu_resv_region *region, *next;
539 struct list_head group_resv_regions;
540 char *str = buf;
541
542 INIT_LIST_HEAD(&group_resv_regions);
543 iommu_get_group_resv_regions(group, &group_resv_regions);
544
545 list_for_each_entry_safe(region, next, &group_resv_regions, list) {
546 str += sprintf(str, "0x%016llx 0x%016llx %s\n",
547 (long long int)region->start,
548 (long long int)(region->start +
549 region->length - 1),
550 iommu_group_resv_type_string[region->type]);
551 kfree(region);
552 }
553
554 return (str - buf);
555 }
556
iommu_group_show_type(struct iommu_group * group,char * buf)557 static ssize_t iommu_group_show_type(struct iommu_group *group,
558 char *buf)
559 {
560 char *type = "unknown\n";
561
562 mutex_lock(&group->mutex);
563 if (group->default_domain) {
564 switch (group->default_domain->type) {
565 case IOMMU_DOMAIN_BLOCKED:
566 type = "blocked\n";
567 break;
568 case IOMMU_DOMAIN_IDENTITY:
569 type = "identity\n";
570 break;
571 case IOMMU_DOMAIN_UNMANAGED:
572 type = "unmanaged\n";
573 break;
574 case IOMMU_DOMAIN_DMA:
575 type = "DMA\n";
576 break;
577 case IOMMU_DOMAIN_DMA_FQ:
578 type = "DMA-FQ\n";
579 break;
580 }
581 }
582 mutex_unlock(&group->mutex);
583 strcpy(buf, type);
584
585 return strlen(type);
586 }
587
588 static IOMMU_GROUP_ATTR(name, S_IRUGO, iommu_group_show_name, NULL);
589
590 static IOMMU_GROUP_ATTR(reserved_regions, 0444,
591 iommu_group_show_resv_regions, NULL);
592
593 static IOMMU_GROUP_ATTR(type, 0644, iommu_group_show_type,
594 iommu_group_store_type);
595
iommu_group_release(struct kobject * kobj)596 static void iommu_group_release(struct kobject *kobj)
597 {
598 struct iommu_group *group = to_iommu_group(kobj);
599
600 pr_debug("Releasing group %d\n", group->id);
601
602 if (group->iommu_data_release)
603 group->iommu_data_release(group->iommu_data);
604
605 ida_simple_remove(&iommu_group_ida, group->id);
606
607 if (group->default_domain)
608 iommu_domain_free(group->default_domain);
609
610 kfree(group->name);
611 kfree(group);
612 }
613
614 static struct kobj_type iommu_group_ktype = {
615 .sysfs_ops = &iommu_group_sysfs_ops,
616 .release = iommu_group_release,
617 };
618
619 /**
620 * iommu_group_alloc - Allocate a new group
621 *
622 * This function is called by an iommu driver to allocate a new iommu
623 * group. The iommu group represents the minimum granularity of the iommu.
624 * Upon successful return, the caller holds a reference to the supplied
625 * group in order to hold the group until devices are added. Use
626 * iommu_group_put() to release this extra reference count, allowing the
627 * group to be automatically reclaimed once it has no devices or external
628 * references.
629 */
iommu_group_alloc(void)630 struct iommu_group *iommu_group_alloc(void)
631 {
632 struct iommu_group *group;
633 int ret;
634
635 group = kzalloc(sizeof(*group), GFP_KERNEL);
636 if (!group)
637 return ERR_PTR(-ENOMEM);
638
639 group->kobj.kset = iommu_group_kset;
640 mutex_init(&group->mutex);
641 INIT_LIST_HEAD(&group->devices);
642 INIT_LIST_HEAD(&group->entry);
643 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
644
645 ret = ida_simple_get(&iommu_group_ida, 0, 0, GFP_KERNEL);
646 if (ret < 0) {
647 kfree(group);
648 return ERR_PTR(ret);
649 }
650 group->id = ret;
651
652 ret = kobject_init_and_add(&group->kobj, &iommu_group_ktype,
653 NULL, "%d", group->id);
654 if (ret) {
655 ida_simple_remove(&iommu_group_ida, group->id);
656 kobject_put(&group->kobj);
657 return ERR_PTR(ret);
658 }
659
660 group->devices_kobj = kobject_create_and_add("devices", &group->kobj);
661 if (!group->devices_kobj) {
662 kobject_put(&group->kobj); /* triggers .release & free */
663 return ERR_PTR(-ENOMEM);
664 }
665
666 /*
667 * The devices_kobj holds a reference on the group kobject, so
668 * as long as that exists so will the group. We can therefore
669 * use the devices_kobj for reference counting.
670 */
671 kobject_put(&group->kobj);
672
673 ret = iommu_group_create_file(group,
674 &iommu_group_attr_reserved_regions);
675 if (ret) {
676 kobject_put(group->devices_kobj);
677 return ERR_PTR(ret);
678 }
679
680 ret = iommu_group_create_file(group, &iommu_group_attr_type);
681 if (ret) {
682 kobject_put(group->devices_kobj);
683 return ERR_PTR(ret);
684 }
685
686 pr_debug("Allocated group %d\n", group->id);
687
688 return group;
689 }
690 EXPORT_SYMBOL_GPL(iommu_group_alloc);
691
iommu_group_get_by_id(int id)692 struct iommu_group *iommu_group_get_by_id(int id)
693 {
694 struct kobject *group_kobj;
695 struct iommu_group *group;
696 const char *name;
697
698 if (!iommu_group_kset)
699 return NULL;
700
701 name = kasprintf(GFP_KERNEL, "%d", id);
702 if (!name)
703 return NULL;
704
705 group_kobj = kset_find_obj(iommu_group_kset, name);
706 kfree(name);
707
708 if (!group_kobj)
709 return NULL;
710
711 group = container_of(group_kobj, struct iommu_group, kobj);
712 BUG_ON(group->id != id);
713
714 kobject_get(group->devices_kobj);
715 kobject_put(&group->kobj);
716
717 return group;
718 }
719 EXPORT_SYMBOL_GPL(iommu_group_get_by_id);
720
721 /**
722 * iommu_group_get_iommudata - retrieve iommu_data registered for a group
723 * @group: the group
724 *
725 * iommu drivers can store data in the group for use when doing iommu
726 * operations. This function provides a way to retrieve it. Caller
727 * should hold a group reference.
728 */
iommu_group_get_iommudata(struct iommu_group * group)729 void *iommu_group_get_iommudata(struct iommu_group *group)
730 {
731 return group->iommu_data;
732 }
733 EXPORT_SYMBOL_GPL(iommu_group_get_iommudata);
734
735 /**
736 * iommu_group_set_iommudata - set iommu_data for a group
737 * @group: the group
738 * @iommu_data: new data
739 * @release: release function for iommu_data
740 *
741 * iommu drivers can store data in the group for use when doing iommu
742 * operations. This function provides a way to set the data after
743 * the group has been allocated. Caller should hold a group reference.
744 */
iommu_group_set_iommudata(struct iommu_group * group,void * iommu_data,void (* release)(void * iommu_data))745 void iommu_group_set_iommudata(struct iommu_group *group, void *iommu_data,
746 void (*release)(void *iommu_data))
747 {
748 group->iommu_data = iommu_data;
749 group->iommu_data_release = release;
750 }
751 EXPORT_SYMBOL_GPL(iommu_group_set_iommudata);
752
753 /**
754 * iommu_group_set_name - set name for a group
755 * @group: the group
756 * @name: name
757 *
758 * Allow iommu driver to set a name for a group. When set it will
759 * appear in a name attribute file under the group in sysfs.
760 */
iommu_group_set_name(struct iommu_group * group,const char * name)761 int iommu_group_set_name(struct iommu_group *group, const char *name)
762 {
763 int ret;
764
765 if (group->name) {
766 iommu_group_remove_file(group, &iommu_group_attr_name);
767 kfree(group->name);
768 group->name = NULL;
769 if (!name)
770 return 0;
771 }
772
773 group->name = kstrdup(name, GFP_KERNEL);
774 if (!group->name)
775 return -ENOMEM;
776
777 ret = iommu_group_create_file(group, &iommu_group_attr_name);
778 if (ret) {
779 kfree(group->name);
780 group->name = NULL;
781 return ret;
782 }
783
784 return 0;
785 }
786 EXPORT_SYMBOL_GPL(iommu_group_set_name);
787
iommu_create_device_direct_mappings(struct iommu_group * group,struct device * dev)788 static int iommu_create_device_direct_mappings(struct iommu_group *group,
789 struct device *dev)
790 {
791 struct iommu_domain *domain = group->default_domain;
792 struct iommu_resv_region *entry;
793 struct list_head mappings;
794 unsigned long pg_size;
795 int ret = 0;
796
797 if (!domain || !iommu_is_dma_domain(domain))
798 return 0;
799
800 BUG_ON(!domain->pgsize_bitmap);
801
802 pg_size = 1UL << __ffs(domain->pgsize_bitmap);
803 INIT_LIST_HEAD(&mappings);
804
805 iommu_get_resv_regions(dev, &mappings);
806
807 /* We need to consider overlapping regions for different devices */
808 list_for_each_entry(entry, &mappings, list) {
809 dma_addr_t start, end, addr;
810 size_t map_size = 0;
811
812 if (domain->ops->apply_resv_region)
813 domain->ops->apply_resv_region(dev, domain, entry);
814
815 start = ALIGN(entry->start, pg_size);
816 end = ALIGN(entry->start + entry->length, pg_size);
817
818 if (entry->type != IOMMU_RESV_DIRECT &&
819 entry->type != IOMMU_RESV_DIRECT_RELAXABLE)
820 continue;
821
822 for (addr = start; addr <= end; addr += pg_size) {
823 phys_addr_t phys_addr;
824
825 if (addr == end)
826 goto map_end;
827
828 phys_addr = iommu_iova_to_phys(domain, addr);
829 if (!phys_addr) {
830 map_size += pg_size;
831 continue;
832 }
833
834 map_end:
835 if (map_size) {
836 ret = iommu_map(domain, addr - map_size,
837 addr - map_size, map_size,
838 entry->prot);
839 if (ret)
840 goto out;
841 map_size = 0;
842 }
843 }
844
845 }
846
847 iommu_flush_iotlb_all(domain);
848
849 out:
850 iommu_put_resv_regions(dev, &mappings);
851
852 return ret;
853 }
854
iommu_is_attach_deferred(struct iommu_domain * domain,struct device * dev)855 static bool iommu_is_attach_deferred(struct iommu_domain *domain,
856 struct device *dev)
857 {
858 if (domain->ops->is_attach_deferred)
859 return domain->ops->is_attach_deferred(domain, dev);
860
861 return false;
862 }
863
864 /**
865 * iommu_group_add_device - add a device to an iommu group
866 * @group: the group into which to add the device (reference should be held)
867 * @dev: the device
868 *
869 * This function is called by an iommu driver to add a device into a
870 * group. Adding a device increments the group reference count.
871 */
iommu_group_add_device(struct iommu_group * group,struct device * dev)872 int iommu_group_add_device(struct iommu_group *group, struct device *dev)
873 {
874 int ret, i = 0;
875 struct group_device *device;
876
877 device = kzalloc(sizeof(*device), GFP_KERNEL);
878 if (!device)
879 return -ENOMEM;
880
881 device->dev = dev;
882
883 ret = sysfs_create_link(&dev->kobj, &group->kobj, "iommu_group");
884 if (ret)
885 goto err_free_device;
886
887 device->name = kasprintf(GFP_KERNEL, "%s", kobject_name(&dev->kobj));
888 rename:
889 if (!device->name) {
890 ret = -ENOMEM;
891 goto err_remove_link;
892 }
893
894 ret = sysfs_create_link_nowarn(group->devices_kobj,
895 &dev->kobj, device->name);
896 if (ret) {
897 if (ret == -EEXIST && i >= 0) {
898 /*
899 * Account for the slim chance of collision
900 * and append an instance to the name.
901 */
902 kfree(device->name);
903 device->name = kasprintf(GFP_KERNEL, "%s.%d",
904 kobject_name(&dev->kobj), i++);
905 goto rename;
906 }
907 goto err_free_name;
908 }
909
910 kobject_get(group->devices_kobj);
911
912 dev->iommu_group = group;
913
914 mutex_lock(&group->mutex);
915 list_add_tail(&device->list, &group->devices);
916 if (group->domain && !iommu_is_attach_deferred(group->domain, dev))
917 ret = __iommu_attach_device(group->domain, dev);
918 mutex_unlock(&group->mutex);
919 if (ret)
920 goto err_put_group;
921
922 /* Notify any listeners about change to group. */
923 blocking_notifier_call_chain(&group->notifier,
924 IOMMU_GROUP_NOTIFY_ADD_DEVICE, dev);
925
926 trace_add_device_to_group(group->id, dev);
927
928 dev_info(dev, "Adding to iommu group %d\n", group->id);
929
930 return 0;
931
932 err_put_group:
933 mutex_lock(&group->mutex);
934 list_del(&device->list);
935 mutex_unlock(&group->mutex);
936 dev->iommu_group = NULL;
937 kobject_put(group->devices_kobj);
938 sysfs_remove_link(group->devices_kobj, device->name);
939 err_free_name:
940 kfree(device->name);
941 err_remove_link:
942 sysfs_remove_link(&dev->kobj, "iommu_group");
943 err_free_device:
944 kfree(device);
945 dev_err(dev, "Failed to add to iommu group %d: %d\n", group->id, ret);
946 return ret;
947 }
948 EXPORT_SYMBOL_GPL(iommu_group_add_device);
949
950 /**
951 * iommu_group_remove_device - remove a device from it's current group
952 * @dev: device to be removed
953 *
954 * This function is called by an iommu driver to remove the device from
955 * it's current group. This decrements the iommu group reference count.
956 */
iommu_group_remove_device(struct device * dev)957 void iommu_group_remove_device(struct device *dev)
958 {
959 struct iommu_group *group = dev->iommu_group;
960 struct group_device *tmp_device, *device = NULL;
961
962 if (!group)
963 return;
964
965 dev_info(dev, "Removing from iommu group %d\n", group->id);
966
967 /* Pre-notify listeners that a device is being removed. */
968 blocking_notifier_call_chain(&group->notifier,
969 IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);
970
971 mutex_lock(&group->mutex);
972 list_for_each_entry(tmp_device, &group->devices, list) {
973 if (tmp_device->dev == dev) {
974 device = tmp_device;
975 list_del(&device->list);
976 break;
977 }
978 }
979 mutex_unlock(&group->mutex);
980
981 if (!device)
982 return;
983
984 sysfs_remove_link(group->devices_kobj, device->name);
985 sysfs_remove_link(&dev->kobj, "iommu_group");
986
987 trace_remove_device_from_group(group->id, dev);
988
989 kfree(device->name);
990 kfree(device);
991 dev->iommu_group = NULL;
992 kobject_put(group->devices_kobj);
993 }
994 EXPORT_SYMBOL_GPL(iommu_group_remove_device);
995
iommu_group_device_count(struct iommu_group * group)996 static int iommu_group_device_count(struct iommu_group *group)
997 {
998 struct group_device *entry;
999 int ret = 0;
1000
1001 list_for_each_entry(entry, &group->devices, list)
1002 ret++;
1003
1004 return ret;
1005 }
1006
1007 /**
1008 * iommu_group_for_each_dev - iterate over each device in the group
1009 * @group: the group
1010 * @data: caller opaque data to be passed to callback function
1011 * @fn: caller supplied callback function
1012 *
1013 * This function is called by group users to iterate over group devices.
1014 * Callers should hold a reference count to the group during callback.
1015 * The group->mutex is held across callbacks, which will block calls to
1016 * iommu_group_add/remove_device.
1017 */
__iommu_group_for_each_dev(struct iommu_group * group,void * data,int (* fn)(struct device *,void *))1018 static int __iommu_group_for_each_dev(struct iommu_group *group, void *data,
1019 int (*fn)(struct device *, void *))
1020 {
1021 struct group_device *device;
1022 int ret = 0;
1023
1024 list_for_each_entry(device, &group->devices, list) {
1025 ret = fn(device->dev, data);
1026 if (ret)
1027 break;
1028 }
1029 return ret;
1030 }
1031
1032
iommu_group_for_each_dev(struct iommu_group * group,void * data,int (* fn)(struct device *,void *))1033 int iommu_group_for_each_dev(struct iommu_group *group, void *data,
1034 int (*fn)(struct device *, void *))
1035 {
1036 int ret;
1037
1038 mutex_lock(&group->mutex);
1039 ret = __iommu_group_for_each_dev(group, data, fn);
1040 mutex_unlock(&group->mutex);
1041
1042 return ret;
1043 }
1044 EXPORT_SYMBOL_GPL(iommu_group_for_each_dev);
1045
1046 /**
1047 * iommu_group_get - Return the group for a device and increment reference
1048 * @dev: get the group that this device belongs to
1049 *
1050 * This function is called by iommu drivers and users to get the group
1051 * for the specified device. If found, the group is returned and the group
1052 * reference in incremented, else NULL.
1053 */
iommu_group_get(struct device * dev)1054 struct iommu_group *iommu_group_get(struct device *dev)
1055 {
1056 struct iommu_group *group = dev->iommu_group;
1057
1058 if (group)
1059 kobject_get(group->devices_kobj);
1060
1061 return group;
1062 }
1063 EXPORT_SYMBOL_GPL(iommu_group_get);
1064
1065 /**
1066 * iommu_group_ref_get - Increment reference on a group
1067 * @group: the group to use, must not be NULL
1068 *
1069 * This function is called by iommu drivers to take additional references on an
1070 * existing group. Returns the given group for convenience.
1071 */
iommu_group_ref_get(struct iommu_group * group)1072 struct iommu_group *iommu_group_ref_get(struct iommu_group *group)
1073 {
1074 kobject_get(group->devices_kobj);
1075 return group;
1076 }
1077 EXPORT_SYMBOL_GPL(iommu_group_ref_get);
1078
1079 /**
1080 * iommu_group_put - Decrement group reference
1081 * @group: the group to use
1082 *
1083 * This function is called by iommu drivers and users to release the
1084 * iommu group. Once the reference count is zero, the group is released.
1085 */
iommu_group_put(struct iommu_group * group)1086 void iommu_group_put(struct iommu_group *group)
1087 {
1088 if (group)
1089 kobject_put(group->devices_kobj);
1090 }
1091 EXPORT_SYMBOL_GPL(iommu_group_put);
1092
1093 /**
1094 * iommu_group_register_notifier - Register a notifier for group changes
1095 * @group: the group to watch
1096 * @nb: notifier block to signal
1097 *
1098 * This function allows iommu group users to track changes in a group.
1099 * See include/linux/iommu.h for actions sent via this notifier. Caller
1100 * should hold a reference to the group throughout notifier registration.
1101 */
iommu_group_register_notifier(struct iommu_group * group,struct notifier_block * nb)1102 int iommu_group_register_notifier(struct iommu_group *group,
1103 struct notifier_block *nb)
1104 {
1105 return blocking_notifier_chain_register(&group->notifier, nb);
1106 }
1107 EXPORT_SYMBOL_GPL(iommu_group_register_notifier);
1108
1109 /**
1110 * iommu_group_unregister_notifier - Unregister a notifier
1111 * @group: the group to watch
1112 * @nb: notifier block to signal
1113 *
1114 * Unregister a previously registered group notifier block.
1115 */
iommu_group_unregister_notifier(struct iommu_group * group,struct notifier_block * nb)1116 int iommu_group_unregister_notifier(struct iommu_group *group,
1117 struct notifier_block *nb)
1118 {
1119 return blocking_notifier_chain_unregister(&group->notifier, nb);
1120 }
1121 EXPORT_SYMBOL_GPL(iommu_group_unregister_notifier);
1122
1123 /**
1124 * iommu_register_device_fault_handler() - Register a device fault handler
1125 * @dev: the device
1126 * @handler: the fault handler
1127 * @data: private data passed as argument to the handler
1128 *
1129 * When an IOMMU fault event is received, this handler gets called with the
1130 * fault event and data as argument. The handler should return 0 on success. If
1131 * the fault is recoverable (IOMMU_FAULT_PAGE_REQ), the consumer should also
1132 * complete the fault by calling iommu_page_response() with one of the following
1133 * response code:
1134 * - IOMMU_PAGE_RESP_SUCCESS: retry the translation
1135 * - IOMMU_PAGE_RESP_INVALID: terminate the fault
1136 * - IOMMU_PAGE_RESP_FAILURE: terminate the fault and stop reporting
1137 * page faults if possible.
1138 *
1139 * Return 0 if the fault handler was installed successfully, or an error.
1140 */
iommu_register_device_fault_handler(struct device * dev,iommu_dev_fault_handler_t handler,void * data)1141 int iommu_register_device_fault_handler(struct device *dev,
1142 iommu_dev_fault_handler_t handler,
1143 void *data)
1144 {
1145 struct dev_iommu *param = dev->iommu;
1146 int ret = 0;
1147
1148 if (!param)
1149 return -EINVAL;
1150
1151 mutex_lock(¶m->lock);
1152 /* Only allow one fault handler registered for each device */
1153 if (param->fault_param) {
1154 ret = -EBUSY;
1155 goto done_unlock;
1156 }
1157
1158 get_device(dev);
1159 param->fault_param = kzalloc(sizeof(*param->fault_param), GFP_KERNEL);
1160 if (!param->fault_param) {
1161 put_device(dev);
1162 ret = -ENOMEM;
1163 goto done_unlock;
1164 }
1165 param->fault_param->handler = handler;
1166 param->fault_param->data = data;
1167 mutex_init(¶m->fault_param->lock);
1168 INIT_LIST_HEAD(¶m->fault_param->faults);
1169
1170 done_unlock:
1171 mutex_unlock(¶m->lock);
1172
1173 return ret;
1174 }
1175 EXPORT_SYMBOL_GPL(iommu_register_device_fault_handler);
1176
1177 /**
1178 * iommu_unregister_device_fault_handler() - Unregister the device fault handler
1179 * @dev: the device
1180 *
1181 * Remove the device fault handler installed with
1182 * iommu_register_device_fault_handler().
1183 *
1184 * Return 0 on success, or an error.
1185 */
iommu_unregister_device_fault_handler(struct device * dev)1186 int iommu_unregister_device_fault_handler(struct device *dev)
1187 {
1188 struct dev_iommu *param = dev->iommu;
1189 int ret = 0;
1190
1191 if (!param)
1192 return -EINVAL;
1193
1194 mutex_lock(¶m->lock);
1195
1196 if (!param->fault_param)
1197 goto unlock;
1198
1199 /* we cannot unregister handler if there are pending faults */
1200 if (!list_empty(¶m->fault_param->faults)) {
1201 ret = -EBUSY;
1202 goto unlock;
1203 }
1204
1205 kfree(param->fault_param);
1206 param->fault_param = NULL;
1207 put_device(dev);
1208 unlock:
1209 mutex_unlock(¶m->lock);
1210
1211 return ret;
1212 }
1213 EXPORT_SYMBOL_GPL(iommu_unregister_device_fault_handler);
1214
1215 /**
1216 * iommu_report_device_fault() - Report fault event to device driver
1217 * @dev: the device
1218 * @evt: fault event data
1219 *
1220 * Called by IOMMU drivers when a fault is detected, typically in a threaded IRQ
1221 * handler. When this function fails and the fault is recoverable, it is the
1222 * caller's responsibility to complete the fault.
1223 *
1224 * Return 0 on success, or an error.
1225 */
iommu_report_device_fault(struct device * dev,struct iommu_fault_event * evt)1226 int iommu_report_device_fault(struct device *dev, struct iommu_fault_event *evt)
1227 {
1228 struct dev_iommu *param = dev->iommu;
1229 struct iommu_fault_event *evt_pending = NULL;
1230 struct iommu_fault_param *fparam;
1231 int ret = 0;
1232
1233 if (!param || !evt)
1234 return -EINVAL;
1235
1236 /* we only report device fault if there is a handler registered */
1237 mutex_lock(¶m->lock);
1238 fparam = param->fault_param;
1239 if (!fparam || !fparam->handler) {
1240 ret = -EINVAL;
1241 goto done_unlock;
1242 }
1243
1244 if (evt->fault.type == IOMMU_FAULT_PAGE_REQ &&
1245 (evt->fault.prm.flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE)) {
1246 evt_pending = kmemdup(evt, sizeof(struct iommu_fault_event),
1247 GFP_KERNEL);
1248 if (!evt_pending) {
1249 ret = -ENOMEM;
1250 goto done_unlock;
1251 }
1252 mutex_lock(&fparam->lock);
1253 list_add_tail(&evt_pending->list, &fparam->faults);
1254 mutex_unlock(&fparam->lock);
1255 }
1256
1257 ret = fparam->handler(&evt->fault, fparam->data);
1258 if (ret && evt_pending) {
1259 mutex_lock(&fparam->lock);
1260 list_del(&evt_pending->list);
1261 mutex_unlock(&fparam->lock);
1262 kfree(evt_pending);
1263 }
1264 done_unlock:
1265 mutex_unlock(¶m->lock);
1266 return ret;
1267 }
1268 EXPORT_SYMBOL_GPL(iommu_report_device_fault);
1269
iommu_page_response(struct device * dev,struct iommu_page_response * msg)1270 int iommu_page_response(struct device *dev,
1271 struct iommu_page_response *msg)
1272 {
1273 bool needs_pasid;
1274 int ret = -EINVAL;
1275 struct iommu_fault_event *evt;
1276 struct iommu_fault_page_request *prm;
1277 struct dev_iommu *param = dev->iommu;
1278 bool has_pasid = msg->flags & IOMMU_PAGE_RESP_PASID_VALID;
1279 struct iommu_domain *domain = iommu_get_domain_for_dev(dev);
1280
1281 if (!domain || !domain->ops->page_response)
1282 return -ENODEV;
1283
1284 if (!param || !param->fault_param)
1285 return -EINVAL;
1286
1287 if (msg->version != IOMMU_PAGE_RESP_VERSION_1 ||
1288 msg->flags & ~IOMMU_PAGE_RESP_PASID_VALID)
1289 return -EINVAL;
1290
1291 /* Only send response if there is a fault report pending */
1292 mutex_lock(¶m->fault_param->lock);
1293 if (list_empty(¶m->fault_param->faults)) {
1294 dev_warn_ratelimited(dev, "no pending PRQ, drop response\n");
1295 goto done_unlock;
1296 }
1297 /*
1298 * Check if we have a matching page request pending to respond,
1299 * otherwise return -EINVAL
1300 */
1301 list_for_each_entry(evt, ¶m->fault_param->faults, list) {
1302 prm = &evt->fault.prm;
1303 if (prm->grpid != msg->grpid)
1304 continue;
1305
1306 /*
1307 * If the PASID is required, the corresponding request is
1308 * matched using the group ID, the PASID valid bit and the PASID
1309 * value. Otherwise only the group ID matches request and
1310 * response.
1311 */
1312 needs_pasid = prm->flags & IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID;
1313 if (needs_pasid && (!has_pasid || msg->pasid != prm->pasid))
1314 continue;
1315
1316 if (!needs_pasid && has_pasid) {
1317 /* No big deal, just clear it. */
1318 msg->flags &= ~IOMMU_PAGE_RESP_PASID_VALID;
1319 msg->pasid = 0;
1320 }
1321
1322 ret = domain->ops->page_response(dev, evt, msg);
1323 list_del(&evt->list);
1324 kfree(evt);
1325 break;
1326 }
1327
1328 done_unlock:
1329 mutex_unlock(¶m->fault_param->lock);
1330 return ret;
1331 }
1332 EXPORT_SYMBOL_GPL(iommu_page_response);
1333
1334 /**
1335 * iommu_group_id - Return ID for a group
1336 * @group: the group to ID
1337 *
1338 * Return the unique ID for the group matching the sysfs group number.
1339 */
iommu_group_id(struct iommu_group * group)1340 int iommu_group_id(struct iommu_group *group)
1341 {
1342 return group->id;
1343 }
1344 EXPORT_SYMBOL_GPL(iommu_group_id);
1345
1346 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1347 unsigned long *devfns);
1348
1349 /*
1350 * To consider a PCI device isolated, we require ACS to support Source
1351 * Validation, Request Redirection, Completer Redirection, and Upstream
1352 * Forwarding. This effectively means that devices cannot spoof their
1353 * requester ID, requests and completions cannot be redirected, and all
1354 * transactions are forwarded upstream, even as it passes through a
1355 * bridge where the target device is downstream.
1356 */
1357 #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
1358
1359 /*
1360 * For multifunction devices which are not isolated from each other, find
1361 * all the other non-isolated functions and look for existing groups. For
1362 * each function, we also need to look for aliases to or from other devices
1363 * that may already have a group.
1364 */
get_pci_function_alias_group(struct pci_dev * pdev,unsigned long * devfns)1365 static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev,
1366 unsigned long *devfns)
1367 {
1368 struct pci_dev *tmp = NULL;
1369 struct iommu_group *group;
1370
1371 if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS))
1372 return NULL;
1373
1374 for_each_pci_dev(tmp) {
1375 if (tmp == pdev || tmp->bus != pdev->bus ||
1376 PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
1377 pci_acs_enabled(tmp, REQ_ACS_FLAGS))
1378 continue;
1379
1380 group = get_pci_alias_group(tmp, devfns);
1381 if (group) {
1382 pci_dev_put(tmp);
1383 return group;
1384 }
1385 }
1386
1387 return NULL;
1388 }
1389
1390 /*
1391 * Look for aliases to or from the given device for existing groups. DMA
1392 * aliases are only supported on the same bus, therefore the search
1393 * space is quite small (especially since we're really only looking at pcie
1394 * device, and therefore only expect multiple slots on the root complex or
1395 * downstream switch ports). It's conceivable though that a pair of
1396 * multifunction devices could have aliases between them that would cause a
1397 * loop. To prevent this, we use a bitmap to track where we've been.
1398 */
get_pci_alias_group(struct pci_dev * pdev,unsigned long * devfns)1399 static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
1400 unsigned long *devfns)
1401 {
1402 struct pci_dev *tmp = NULL;
1403 struct iommu_group *group;
1404
1405 if (test_and_set_bit(pdev->devfn & 0xff, devfns))
1406 return NULL;
1407
1408 group = iommu_group_get(&pdev->dev);
1409 if (group)
1410 return group;
1411
1412 for_each_pci_dev(tmp) {
1413 if (tmp == pdev || tmp->bus != pdev->bus)
1414 continue;
1415
1416 /* We alias them or they alias us */
1417 if (pci_devs_are_dma_aliases(pdev, tmp)) {
1418 group = get_pci_alias_group(tmp, devfns);
1419 if (group) {
1420 pci_dev_put(tmp);
1421 return group;
1422 }
1423
1424 group = get_pci_function_alias_group(tmp, devfns);
1425 if (group) {
1426 pci_dev_put(tmp);
1427 return group;
1428 }
1429 }
1430 }
1431
1432 return NULL;
1433 }
1434
1435 struct group_for_pci_data {
1436 struct pci_dev *pdev;
1437 struct iommu_group *group;
1438 };
1439
1440 /*
1441 * DMA alias iterator callback, return the last seen device. Stop and return
1442 * the IOMMU group if we find one along the way.
1443 */
get_pci_alias_or_group(struct pci_dev * pdev,u16 alias,void * opaque)1444 static int get_pci_alias_or_group(struct pci_dev *pdev, u16 alias, void *opaque)
1445 {
1446 struct group_for_pci_data *data = opaque;
1447
1448 data->pdev = pdev;
1449 data->group = iommu_group_get(&pdev->dev);
1450
1451 return data->group != NULL;
1452 }
1453
1454 /*
1455 * Generic device_group call-back function. It just allocates one
1456 * iommu-group per device.
1457 */
generic_device_group(struct device * dev)1458 struct iommu_group *generic_device_group(struct device *dev)
1459 {
1460 return iommu_group_alloc();
1461 }
1462 EXPORT_SYMBOL_GPL(generic_device_group);
1463
1464 /*
1465 * Use standard PCI bus topology, isolation features, and DMA alias quirks
1466 * to find or create an IOMMU group for a device.
1467 */
pci_device_group(struct device * dev)1468 struct iommu_group *pci_device_group(struct device *dev)
1469 {
1470 struct pci_dev *pdev = to_pci_dev(dev);
1471 struct group_for_pci_data data;
1472 struct pci_bus *bus;
1473 struct iommu_group *group = NULL;
1474 u64 devfns[4] = { 0 };
1475
1476 if (WARN_ON(!dev_is_pci(dev)))
1477 return ERR_PTR(-EINVAL);
1478
1479 /*
1480 * Find the upstream DMA alias for the device. A device must not
1481 * be aliased due to topology in order to have its own IOMMU group.
1482 * If we find an alias along the way that already belongs to a
1483 * group, use it.
1484 */
1485 if (pci_for_each_dma_alias(pdev, get_pci_alias_or_group, &data))
1486 return data.group;
1487
1488 pdev = data.pdev;
1489
1490 /*
1491 * Continue upstream from the point of minimum IOMMU granularity
1492 * due to aliases to the point where devices are protected from
1493 * peer-to-peer DMA by PCI ACS. Again, if we find an existing
1494 * group, use it.
1495 */
1496 for (bus = pdev->bus; !pci_is_root_bus(bus); bus = bus->parent) {
1497 if (!bus->self)
1498 continue;
1499
1500 if (pci_acs_path_enabled(bus->self, NULL, REQ_ACS_FLAGS))
1501 break;
1502
1503 pdev = bus->self;
1504
1505 group = iommu_group_get(&pdev->dev);
1506 if (group)
1507 return group;
1508 }
1509
1510 /*
1511 * Look for existing groups on device aliases. If we alias another
1512 * device or another device aliases us, use the same group.
1513 */
1514 group = get_pci_alias_group(pdev, (unsigned long *)devfns);
1515 if (group)
1516 return group;
1517
1518 /*
1519 * Look for existing groups on non-isolated functions on the same
1520 * slot and aliases of those funcions, if any. No need to clear
1521 * the search bitmap, the tested devfns are still valid.
1522 */
1523 group = get_pci_function_alias_group(pdev, (unsigned long *)devfns);
1524 if (group)
1525 return group;
1526
1527 /* No shared group found, allocate new */
1528 return iommu_group_alloc();
1529 }
1530 EXPORT_SYMBOL_GPL(pci_device_group);
1531
1532 /* Get the IOMMU group for device on fsl-mc bus */
fsl_mc_device_group(struct device * dev)1533 struct iommu_group *fsl_mc_device_group(struct device *dev)
1534 {
1535 struct device *cont_dev = fsl_mc_cont_dev(dev);
1536 struct iommu_group *group;
1537
1538 group = iommu_group_get(cont_dev);
1539 if (!group)
1540 group = iommu_group_alloc();
1541 return group;
1542 }
1543 EXPORT_SYMBOL_GPL(fsl_mc_device_group);
1544
iommu_get_def_domain_type(struct device * dev)1545 static int iommu_get_def_domain_type(struct device *dev)
1546 {
1547 const struct iommu_ops *ops = dev->bus->iommu_ops;
1548
1549 if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted)
1550 return IOMMU_DOMAIN_DMA;
1551
1552 if (ops->def_domain_type)
1553 return ops->def_domain_type(dev);
1554
1555 return 0;
1556 }
1557
iommu_group_alloc_default_domain(struct bus_type * bus,struct iommu_group * group,unsigned int type)1558 static int iommu_group_alloc_default_domain(struct bus_type *bus,
1559 struct iommu_group *group,
1560 unsigned int type)
1561 {
1562 struct iommu_domain *dom;
1563
1564 dom = __iommu_domain_alloc(bus, type);
1565 if (!dom && type != IOMMU_DOMAIN_DMA) {
1566 dom = __iommu_domain_alloc(bus, IOMMU_DOMAIN_DMA);
1567 if (dom)
1568 pr_warn("Failed to allocate default IOMMU domain of type %u for group %s - Falling back to IOMMU_DOMAIN_DMA",
1569 type, group->name);
1570 }
1571
1572 if (!dom)
1573 return -ENOMEM;
1574
1575 group->default_domain = dom;
1576 if (!group->domain)
1577 group->domain = dom;
1578 return 0;
1579 }
1580
iommu_alloc_default_domain(struct iommu_group * group,struct device * dev)1581 static int iommu_alloc_default_domain(struct iommu_group *group,
1582 struct device *dev)
1583 {
1584 unsigned int type;
1585
1586 if (group->default_domain)
1587 return 0;
1588
1589 type = iommu_get_def_domain_type(dev) ? : iommu_def_domain_type;
1590
1591 return iommu_group_alloc_default_domain(dev->bus, group, type);
1592 }
1593
1594 /**
1595 * iommu_group_get_for_dev - Find or create the IOMMU group for a device
1596 * @dev: target device
1597 *
1598 * This function is intended to be called by IOMMU drivers and extended to
1599 * support common, bus-defined algorithms when determining or creating the
1600 * IOMMU group for a device. On success, the caller will hold a reference
1601 * to the returned IOMMU group, which will already include the provided
1602 * device. The reference should be released with iommu_group_put().
1603 */
iommu_group_get_for_dev(struct device * dev)1604 static struct iommu_group *iommu_group_get_for_dev(struct device *dev)
1605 {
1606 const struct iommu_ops *ops = dev->bus->iommu_ops;
1607 struct iommu_group *group;
1608 int ret;
1609
1610 group = iommu_group_get(dev);
1611 if (group)
1612 return group;
1613
1614 if (!ops)
1615 return ERR_PTR(-EINVAL);
1616
1617 group = ops->device_group(dev);
1618 if (WARN_ON_ONCE(group == NULL))
1619 return ERR_PTR(-EINVAL);
1620
1621 if (IS_ERR(group))
1622 return group;
1623
1624 ret = iommu_group_add_device(group, dev);
1625 if (ret)
1626 goto out_put_group;
1627
1628 return group;
1629
1630 out_put_group:
1631 iommu_group_put(group);
1632
1633 return ERR_PTR(ret);
1634 }
1635
iommu_group_default_domain(struct iommu_group * group)1636 struct iommu_domain *iommu_group_default_domain(struct iommu_group *group)
1637 {
1638 return group->default_domain;
1639 }
1640
probe_iommu_group(struct device * dev,void * data)1641 static int probe_iommu_group(struct device *dev, void *data)
1642 {
1643 struct list_head *group_list = data;
1644 struct iommu_group *group;
1645 int ret;
1646
1647 /* Device is probed already if in a group */
1648 group = iommu_group_get(dev);
1649 if (group) {
1650 iommu_group_put(group);
1651 return 0;
1652 }
1653
1654 mutex_lock(&iommu_probe_device_lock);
1655 ret = __iommu_probe_device(dev, group_list);
1656 mutex_unlock(&iommu_probe_device_lock);
1657 if (ret == -ENODEV)
1658 ret = 0;
1659
1660 return ret;
1661 }
1662
remove_iommu_group(struct device * dev,void * data)1663 static int remove_iommu_group(struct device *dev, void *data)
1664 {
1665 iommu_release_device(dev);
1666
1667 return 0;
1668 }
1669
iommu_bus_notifier(struct notifier_block * nb,unsigned long action,void * data)1670 static int iommu_bus_notifier(struct notifier_block *nb,
1671 unsigned long action, void *data)
1672 {
1673 unsigned long group_action = 0;
1674 struct device *dev = data;
1675 struct iommu_group *group;
1676
1677 /*
1678 * ADD/DEL call into iommu driver ops if provided, which may
1679 * result in ADD/DEL notifiers to group->notifier
1680 */
1681 if (action == BUS_NOTIFY_ADD_DEVICE) {
1682 int ret;
1683
1684 ret = iommu_probe_device(dev);
1685 return (ret) ? NOTIFY_DONE : NOTIFY_OK;
1686 } else if (action == BUS_NOTIFY_REMOVED_DEVICE) {
1687 iommu_release_device(dev);
1688 return NOTIFY_OK;
1689 }
1690
1691 /*
1692 * Remaining BUS_NOTIFYs get filtered and republished to the
1693 * group, if anyone is listening
1694 */
1695 group = iommu_group_get(dev);
1696 if (!group)
1697 return 0;
1698
1699 switch (action) {
1700 case BUS_NOTIFY_BIND_DRIVER:
1701 group_action = IOMMU_GROUP_NOTIFY_BIND_DRIVER;
1702 break;
1703 case BUS_NOTIFY_BOUND_DRIVER:
1704 group_action = IOMMU_GROUP_NOTIFY_BOUND_DRIVER;
1705 break;
1706 case BUS_NOTIFY_UNBIND_DRIVER:
1707 group_action = IOMMU_GROUP_NOTIFY_UNBIND_DRIVER;
1708 break;
1709 case BUS_NOTIFY_UNBOUND_DRIVER:
1710 group_action = IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER;
1711 break;
1712 }
1713
1714 if (group_action)
1715 blocking_notifier_call_chain(&group->notifier,
1716 group_action, dev);
1717
1718 iommu_group_put(group);
1719 return 0;
1720 }
1721
1722 struct __group_domain_type {
1723 struct device *dev;
1724 unsigned int type;
1725 };
1726
probe_get_default_domain_type(struct device * dev,void * data)1727 static int probe_get_default_domain_type(struct device *dev, void *data)
1728 {
1729 struct __group_domain_type *gtype = data;
1730 unsigned int type = iommu_get_def_domain_type(dev);
1731
1732 if (type) {
1733 if (gtype->type && gtype->type != type) {
1734 dev_warn(dev, "Device needs domain type %s, but device %s in the same iommu group requires type %s - using default\n",
1735 iommu_domain_type_str(type),
1736 dev_name(gtype->dev),
1737 iommu_domain_type_str(gtype->type));
1738 gtype->type = 0;
1739 }
1740
1741 if (!gtype->dev) {
1742 gtype->dev = dev;
1743 gtype->type = type;
1744 }
1745 }
1746
1747 return 0;
1748 }
1749
probe_alloc_default_domain(struct bus_type * bus,struct iommu_group * group)1750 static void probe_alloc_default_domain(struct bus_type *bus,
1751 struct iommu_group *group)
1752 {
1753 struct __group_domain_type gtype;
1754
1755 memset(>ype, 0, sizeof(gtype));
1756
1757 /* Ask for default domain requirements of all devices in the group */
1758 __iommu_group_for_each_dev(group, >ype,
1759 probe_get_default_domain_type);
1760
1761 if (!gtype.type)
1762 gtype.type = iommu_def_domain_type;
1763
1764 iommu_group_alloc_default_domain(bus, group, gtype.type);
1765
1766 }
1767
iommu_group_do_dma_attach(struct device * dev,void * data)1768 static int iommu_group_do_dma_attach(struct device *dev, void *data)
1769 {
1770 struct iommu_domain *domain = data;
1771 int ret = 0;
1772
1773 if (!iommu_is_attach_deferred(domain, dev))
1774 ret = __iommu_attach_device(domain, dev);
1775
1776 return ret;
1777 }
1778
__iommu_group_dma_attach(struct iommu_group * group)1779 static int __iommu_group_dma_attach(struct iommu_group *group)
1780 {
1781 return __iommu_group_for_each_dev(group, group->default_domain,
1782 iommu_group_do_dma_attach);
1783 }
1784
iommu_group_do_probe_finalize(struct device * dev,void * data)1785 static int iommu_group_do_probe_finalize(struct device *dev, void *data)
1786 {
1787 struct iommu_domain *domain = data;
1788
1789 if (domain->ops->probe_finalize)
1790 domain->ops->probe_finalize(dev);
1791
1792 return 0;
1793 }
1794
__iommu_group_dma_finalize(struct iommu_group * group)1795 static void __iommu_group_dma_finalize(struct iommu_group *group)
1796 {
1797 __iommu_group_for_each_dev(group, group->default_domain,
1798 iommu_group_do_probe_finalize);
1799 }
1800
iommu_do_create_direct_mappings(struct device * dev,void * data)1801 static int iommu_do_create_direct_mappings(struct device *dev, void *data)
1802 {
1803 struct iommu_group *group = data;
1804
1805 iommu_create_device_direct_mappings(group, dev);
1806
1807 return 0;
1808 }
1809
iommu_group_create_direct_mappings(struct iommu_group * group)1810 static int iommu_group_create_direct_mappings(struct iommu_group *group)
1811 {
1812 return __iommu_group_for_each_dev(group, group,
1813 iommu_do_create_direct_mappings);
1814 }
1815
bus_iommu_probe(struct bus_type * bus)1816 int bus_iommu_probe(struct bus_type *bus)
1817 {
1818 struct iommu_group *group, *next;
1819 LIST_HEAD(group_list);
1820 int ret;
1821
1822 /*
1823 * This code-path does not allocate the default domain when
1824 * creating the iommu group, so do it after the groups are
1825 * created.
1826 */
1827 ret = bus_for_each_dev(bus, NULL, &group_list, probe_iommu_group);
1828 if (ret)
1829 return ret;
1830
1831 list_for_each_entry_safe(group, next, &group_list, entry) {
1832 mutex_lock(&group->mutex);
1833
1834 /* Remove item from the list */
1835 list_del_init(&group->entry);
1836
1837 /* Try to allocate default domain */
1838 probe_alloc_default_domain(bus, group);
1839
1840 if (!group->default_domain) {
1841 mutex_unlock(&group->mutex);
1842 continue;
1843 }
1844
1845 iommu_group_create_direct_mappings(group);
1846
1847 ret = __iommu_group_dma_attach(group);
1848
1849 mutex_unlock(&group->mutex);
1850
1851 if (ret)
1852 break;
1853
1854 __iommu_group_dma_finalize(group);
1855 }
1856
1857 return ret;
1858 }
1859
iommu_bus_init(struct bus_type * bus,const struct iommu_ops * ops)1860 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops)
1861 {
1862 struct notifier_block *nb;
1863 int err;
1864
1865 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
1866 if (!nb)
1867 return -ENOMEM;
1868
1869 nb->notifier_call = iommu_bus_notifier;
1870
1871 err = bus_register_notifier(bus, nb);
1872 if (err)
1873 goto out_free;
1874
1875 err = bus_iommu_probe(bus);
1876 if (err)
1877 goto out_err;
1878
1879
1880 return 0;
1881
1882 out_err:
1883 /* Clean up */
1884 bus_for_each_dev(bus, NULL, NULL, remove_iommu_group);
1885 bus_unregister_notifier(bus, nb);
1886
1887 out_free:
1888 kfree(nb);
1889
1890 return err;
1891 }
1892
1893 /**
1894 * bus_set_iommu - set iommu-callbacks for the bus
1895 * @bus: bus.
1896 * @ops: the callbacks provided by the iommu-driver
1897 *
1898 * This function is called by an iommu driver to set the iommu methods
1899 * used for a particular bus. Drivers for devices on that bus can use
1900 * the iommu-api after these ops are registered.
1901 * This special function is needed because IOMMUs are usually devices on
1902 * the bus itself, so the iommu drivers are not initialized when the bus
1903 * is set up. With this function the iommu-driver can set the iommu-ops
1904 * afterwards.
1905 */
bus_set_iommu(struct bus_type * bus,const struct iommu_ops * ops)1906 int bus_set_iommu(struct bus_type *bus, const struct iommu_ops *ops)
1907 {
1908 int err;
1909
1910 if (ops == NULL) {
1911 bus->iommu_ops = NULL;
1912 return 0;
1913 }
1914
1915 if (bus->iommu_ops != NULL)
1916 return -EBUSY;
1917
1918 bus->iommu_ops = ops;
1919
1920 /* Do IOMMU specific setup for this bus-type */
1921 err = iommu_bus_init(bus, ops);
1922 if (err)
1923 bus->iommu_ops = NULL;
1924
1925 return err;
1926 }
1927 EXPORT_SYMBOL_GPL(bus_set_iommu);
1928
iommu_present(struct bus_type * bus)1929 bool iommu_present(struct bus_type *bus)
1930 {
1931 return bus->iommu_ops != NULL;
1932 }
1933 EXPORT_SYMBOL_GPL(iommu_present);
1934
iommu_capable(struct bus_type * bus,enum iommu_cap cap)1935 bool iommu_capable(struct bus_type *bus, enum iommu_cap cap)
1936 {
1937 if (!bus->iommu_ops || !bus->iommu_ops->capable)
1938 return false;
1939
1940 return bus->iommu_ops->capable(cap);
1941 }
1942 EXPORT_SYMBOL_GPL(iommu_capable);
1943
1944 /**
1945 * iommu_set_fault_handler() - set a fault handler for an iommu domain
1946 * @domain: iommu domain
1947 * @handler: fault handler
1948 * @token: user data, will be passed back to the fault handler
1949 *
1950 * This function should be used by IOMMU users which want to be notified
1951 * whenever an IOMMU fault happens.
1952 *
1953 * The fault handler itself should return 0 on success, and an appropriate
1954 * error code otherwise.
1955 */
iommu_set_fault_handler(struct iommu_domain * domain,iommu_fault_handler_t handler,void * token)1956 void iommu_set_fault_handler(struct iommu_domain *domain,
1957 iommu_fault_handler_t handler,
1958 void *token)
1959 {
1960 BUG_ON(!domain);
1961
1962 domain->handler = handler;
1963 domain->handler_token = token;
1964 }
1965 EXPORT_SYMBOL_GPL(iommu_set_fault_handler);
1966
__iommu_domain_alloc(struct bus_type * bus,unsigned type)1967 static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus,
1968 unsigned type)
1969 {
1970 struct iommu_domain *domain;
1971
1972 if (bus == NULL || bus->iommu_ops == NULL)
1973 return NULL;
1974
1975 domain = bus->iommu_ops->domain_alloc(type);
1976 if (!domain)
1977 return NULL;
1978
1979 domain->ops = bus->iommu_ops;
1980 domain->type = type;
1981 /* Assume all sizes by default; the driver may override this later */
1982 domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap;
1983
1984 /* Temporarily avoid -EEXIST while drivers still get their own cookies */
1985 if (iommu_is_dma_domain(domain) && !domain->iova_cookie && iommu_get_dma_cookie(domain)) {
1986 iommu_domain_free(domain);
1987 domain = NULL;
1988 }
1989 return domain;
1990 }
1991
iommu_domain_alloc(struct bus_type * bus)1992 struct iommu_domain *iommu_domain_alloc(struct bus_type *bus)
1993 {
1994 return __iommu_domain_alloc(bus, IOMMU_DOMAIN_UNMANAGED);
1995 }
1996 EXPORT_SYMBOL_GPL(iommu_domain_alloc);
1997
iommu_domain_free(struct iommu_domain * domain)1998 void iommu_domain_free(struct iommu_domain *domain)
1999 {
2000 iommu_put_dma_cookie(domain);
2001 domain->ops->domain_free(domain);
2002 }
2003 EXPORT_SYMBOL_GPL(iommu_domain_free);
2004
__iommu_attach_device(struct iommu_domain * domain,struct device * dev)2005 static int __iommu_attach_device(struct iommu_domain *domain,
2006 struct device *dev)
2007 {
2008 int ret;
2009
2010 if (unlikely(domain->ops->attach_dev == NULL))
2011 return -ENODEV;
2012
2013 ret = domain->ops->attach_dev(domain, dev);
2014 if (!ret)
2015 trace_attach_device_to_domain(dev);
2016 return ret;
2017 }
2018
iommu_attach_device(struct iommu_domain * domain,struct device * dev)2019 int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
2020 {
2021 struct iommu_group *group;
2022 int ret;
2023
2024 group = iommu_group_get(dev);
2025 if (!group)
2026 return -ENODEV;
2027
2028 /*
2029 * Lock the group to make sure the device-count doesn't
2030 * change while we are attaching
2031 */
2032 mutex_lock(&group->mutex);
2033 ret = -EINVAL;
2034 if (iommu_group_device_count(group) != 1)
2035 goto out_unlock;
2036
2037 ret = __iommu_attach_group(domain, group);
2038
2039 out_unlock:
2040 mutex_unlock(&group->mutex);
2041 iommu_group_put(group);
2042
2043 return ret;
2044 }
2045 EXPORT_SYMBOL_GPL(iommu_attach_device);
2046
iommu_deferred_attach(struct device * dev,struct iommu_domain * domain)2047 int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain)
2048 {
2049 const struct iommu_ops *ops = domain->ops;
2050
2051 if (ops->is_attach_deferred && ops->is_attach_deferred(domain, dev))
2052 return __iommu_attach_device(domain, dev);
2053
2054 return 0;
2055 }
2056
2057 /*
2058 * Check flags and other user provided data for valid combinations. We also
2059 * make sure no reserved fields or unused flags are set. This is to ensure
2060 * not breaking userspace in the future when these fields or flags are used.
2061 */
iommu_check_cache_invl_data(struct iommu_cache_invalidate_info * info)2062 static int iommu_check_cache_invl_data(struct iommu_cache_invalidate_info *info)
2063 {
2064 u32 mask;
2065 int i;
2066
2067 if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1)
2068 return -EINVAL;
2069
2070 mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1;
2071 if (info->cache & ~mask)
2072 return -EINVAL;
2073
2074 if (info->granularity >= IOMMU_INV_GRANU_NR)
2075 return -EINVAL;
2076
2077 switch (info->granularity) {
2078 case IOMMU_INV_GRANU_ADDR:
2079 if (info->cache & IOMMU_CACHE_INV_TYPE_PASID)
2080 return -EINVAL;
2081
2082 mask = IOMMU_INV_ADDR_FLAGS_PASID |
2083 IOMMU_INV_ADDR_FLAGS_ARCHID |
2084 IOMMU_INV_ADDR_FLAGS_LEAF;
2085
2086 if (info->granu.addr_info.flags & ~mask)
2087 return -EINVAL;
2088 break;
2089 case IOMMU_INV_GRANU_PASID:
2090 mask = IOMMU_INV_PASID_FLAGS_PASID |
2091 IOMMU_INV_PASID_FLAGS_ARCHID;
2092 if (info->granu.pasid_info.flags & ~mask)
2093 return -EINVAL;
2094
2095 break;
2096 case IOMMU_INV_GRANU_DOMAIN:
2097 if (info->cache & IOMMU_CACHE_INV_TYPE_DEV_IOTLB)
2098 return -EINVAL;
2099 break;
2100 default:
2101 return -EINVAL;
2102 }
2103
2104 /* Check reserved padding fields */
2105 for (i = 0; i < sizeof(info->padding); i++) {
2106 if (info->padding[i])
2107 return -EINVAL;
2108 }
2109
2110 return 0;
2111 }
2112
iommu_uapi_cache_invalidate(struct iommu_domain * domain,struct device * dev,void __user * uinfo)2113 int iommu_uapi_cache_invalidate(struct iommu_domain *domain, struct device *dev,
2114 void __user *uinfo)
2115 {
2116 struct iommu_cache_invalidate_info inv_info = { 0 };
2117 u32 minsz;
2118 int ret;
2119
2120 if (unlikely(!domain->ops->cache_invalidate))
2121 return -ENODEV;
2122
2123 /*
2124 * No new spaces can be added before the variable sized union, the
2125 * minimum size is the offset to the union.
2126 */
2127 minsz = offsetof(struct iommu_cache_invalidate_info, granu);
2128
2129 /* Copy minsz from user to get flags and argsz */
2130 if (copy_from_user(&inv_info, uinfo, minsz))
2131 return -EFAULT;
2132
2133 /* Fields before the variable size union are mandatory */
2134 if (inv_info.argsz < minsz)
2135 return -EINVAL;
2136
2137 /* PASID and address granu require additional info beyond minsz */
2138 if (inv_info.granularity == IOMMU_INV_GRANU_PASID &&
2139 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.pasid_info))
2140 return -EINVAL;
2141
2142 if (inv_info.granularity == IOMMU_INV_GRANU_ADDR &&
2143 inv_info.argsz < offsetofend(struct iommu_cache_invalidate_info, granu.addr_info))
2144 return -EINVAL;
2145
2146 /*
2147 * User might be using a newer UAPI header which has a larger data
2148 * size, we shall support the existing flags within the current
2149 * size. Copy the remaining user data _after_ minsz but not more
2150 * than the current kernel supported size.
2151 */
2152 if (copy_from_user((void *)&inv_info + minsz, uinfo + minsz,
2153 min_t(u32, inv_info.argsz, sizeof(inv_info)) - minsz))
2154 return -EFAULT;
2155
2156 /* Now the argsz is validated, check the content */
2157 ret = iommu_check_cache_invl_data(&inv_info);
2158 if (ret)
2159 return ret;
2160
2161 return domain->ops->cache_invalidate(domain, dev, &inv_info);
2162 }
2163 EXPORT_SYMBOL_GPL(iommu_uapi_cache_invalidate);
2164
iommu_check_bind_data(struct iommu_gpasid_bind_data * data)2165 static int iommu_check_bind_data(struct iommu_gpasid_bind_data *data)
2166 {
2167 u64 mask;
2168 int i;
2169
2170 if (data->version != IOMMU_GPASID_BIND_VERSION_1)
2171 return -EINVAL;
2172
2173 /* Check the range of supported formats */
2174 if (data->format >= IOMMU_PASID_FORMAT_LAST)
2175 return -EINVAL;
2176
2177 /* Check all flags */
2178 mask = IOMMU_SVA_GPASID_VAL;
2179 if (data->flags & ~mask)
2180 return -EINVAL;
2181
2182 /* Check reserved padding fields */
2183 for (i = 0; i < sizeof(data->padding); i++) {
2184 if (data->padding[i])
2185 return -EINVAL;
2186 }
2187
2188 return 0;
2189 }
2190
iommu_sva_prepare_bind_data(void __user * udata,struct iommu_gpasid_bind_data * data)2191 static int iommu_sva_prepare_bind_data(void __user *udata,
2192 struct iommu_gpasid_bind_data *data)
2193 {
2194 u32 minsz;
2195
2196 /*
2197 * No new spaces can be added before the variable sized union, the
2198 * minimum size is the offset to the union.
2199 */
2200 minsz = offsetof(struct iommu_gpasid_bind_data, vendor);
2201
2202 /* Copy minsz from user to get flags and argsz */
2203 if (copy_from_user(data, udata, minsz))
2204 return -EFAULT;
2205
2206 /* Fields before the variable size union are mandatory */
2207 if (data->argsz < minsz)
2208 return -EINVAL;
2209 /*
2210 * User might be using a newer UAPI header, we shall let IOMMU vendor
2211 * driver decide on what size it needs. Since the guest PASID bind data
2212 * can be vendor specific, larger argsz could be the result of extension
2213 * for one vendor but it should not affect another vendor.
2214 * Copy the remaining user data _after_ minsz
2215 */
2216 if (copy_from_user((void *)data + minsz, udata + minsz,
2217 min_t(u32, data->argsz, sizeof(*data)) - minsz))
2218 return -EFAULT;
2219
2220 return iommu_check_bind_data(data);
2221 }
2222
iommu_uapi_sva_bind_gpasid(struct iommu_domain * domain,struct device * dev,void __user * udata)2223 int iommu_uapi_sva_bind_gpasid(struct iommu_domain *domain, struct device *dev,
2224 void __user *udata)
2225 {
2226 struct iommu_gpasid_bind_data data = { 0 };
2227 int ret;
2228
2229 if (unlikely(!domain->ops->sva_bind_gpasid))
2230 return -ENODEV;
2231
2232 ret = iommu_sva_prepare_bind_data(udata, &data);
2233 if (ret)
2234 return ret;
2235
2236 return domain->ops->sva_bind_gpasid(domain, dev, &data);
2237 }
2238 EXPORT_SYMBOL_GPL(iommu_uapi_sva_bind_gpasid);
2239
iommu_sva_unbind_gpasid(struct iommu_domain * domain,struct device * dev,ioasid_t pasid)2240 int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev,
2241 ioasid_t pasid)
2242 {
2243 if (unlikely(!domain->ops->sva_unbind_gpasid))
2244 return -ENODEV;
2245
2246 return domain->ops->sva_unbind_gpasid(dev, pasid);
2247 }
2248 EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid);
2249
iommu_uapi_sva_unbind_gpasid(struct iommu_domain * domain,struct device * dev,void __user * udata)2250 int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain, struct device *dev,
2251 void __user *udata)
2252 {
2253 struct iommu_gpasid_bind_data data = { 0 };
2254 int ret;
2255
2256 if (unlikely(!domain->ops->sva_bind_gpasid))
2257 return -ENODEV;
2258
2259 ret = iommu_sva_prepare_bind_data(udata, &data);
2260 if (ret)
2261 return ret;
2262
2263 return iommu_sva_unbind_gpasid(domain, dev, data.hpasid);
2264 }
2265 EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid);
2266
__iommu_detach_device(struct iommu_domain * domain,struct device * dev)2267 static void __iommu_detach_device(struct iommu_domain *domain,
2268 struct device *dev)
2269 {
2270 if (iommu_is_attach_deferred(domain, dev))
2271 return;
2272
2273 if (unlikely(domain->ops->detach_dev == NULL))
2274 return;
2275
2276 domain->ops->detach_dev(domain, dev);
2277 trace_detach_device_from_domain(dev);
2278 }
2279
iommu_detach_device(struct iommu_domain * domain,struct device * dev)2280 void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
2281 {
2282 struct iommu_group *group;
2283
2284 group = iommu_group_get(dev);
2285 if (!group)
2286 return;
2287
2288 mutex_lock(&group->mutex);
2289 if (iommu_group_device_count(group) != 1) {
2290 WARN_ON(1);
2291 goto out_unlock;
2292 }
2293
2294 __iommu_detach_group(domain, group);
2295
2296 out_unlock:
2297 mutex_unlock(&group->mutex);
2298 iommu_group_put(group);
2299 }
2300 EXPORT_SYMBOL_GPL(iommu_detach_device);
2301
iommu_get_domain_for_dev(struct device * dev)2302 struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
2303 {
2304 struct iommu_domain *domain;
2305 struct iommu_group *group;
2306
2307 group = iommu_group_get(dev);
2308 if (!group)
2309 return NULL;
2310
2311 domain = group->domain;
2312
2313 iommu_group_put(group);
2314
2315 return domain;
2316 }
2317 EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev);
2318
2319 /*
2320 * For IOMMU_DOMAIN_DMA implementations which already provide their own
2321 * guarantees that the group and its default domain are valid and correct.
2322 */
iommu_get_dma_domain(struct device * dev)2323 struct iommu_domain *iommu_get_dma_domain(struct device *dev)
2324 {
2325 return dev->iommu_group->default_domain;
2326 }
2327
2328 /*
2329 * IOMMU groups are really the natural working unit of the IOMMU, but
2330 * the IOMMU API works on domains and devices. Bridge that gap by
2331 * iterating over the devices in a group. Ideally we'd have a single
2332 * device which represents the requestor ID of the group, but we also
2333 * allow IOMMU drivers to create policy defined minimum sets, where
2334 * the physical hardware may be able to distiguish members, but we
2335 * wish to group them at a higher level (ex. untrusted multi-function
2336 * PCI devices). Thus we attach each device.
2337 */
iommu_group_do_attach_device(struct device * dev,void * data)2338 static int iommu_group_do_attach_device(struct device *dev, void *data)
2339 {
2340 struct iommu_domain *domain = data;
2341
2342 return __iommu_attach_device(domain, dev);
2343 }
2344
__iommu_attach_group(struct iommu_domain * domain,struct iommu_group * group)2345 static int __iommu_attach_group(struct iommu_domain *domain,
2346 struct iommu_group *group)
2347 {
2348 int ret;
2349
2350 if (group->default_domain && group->domain != group->default_domain)
2351 return -EBUSY;
2352
2353 ret = __iommu_group_for_each_dev(group, domain,
2354 iommu_group_do_attach_device);
2355 if (ret == 0)
2356 group->domain = domain;
2357
2358 return ret;
2359 }
2360
iommu_attach_group(struct iommu_domain * domain,struct iommu_group * group)2361 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
2362 {
2363 int ret;
2364
2365 mutex_lock(&group->mutex);
2366 ret = __iommu_attach_group(domain, group);
2367 mutex_unlock(&group->mutex);
2368
2369 return ret;
2370 }
2371 EXPORT_SYMBOL_GPL(iommu_attach_group);
2372
iommu_group_do_detach_device(struct device * dev,void * data)2373 static int iommu_group_do_detach_device(struct device *dev, void *data)
2374 {
2375 struct iommu_domain *domain = data;
2376
2377 __iommu_detach_device(domain, dev);
2378
2379 return 0;
2380 }
2381
__iommu_detach_group(struct iommu_domain * domain,struct iommu_group * group)2382 static void __iommu_detach_group(struct iommu_domain *domain,
2383 struct iommu_group *group)
2384 {
2385 int ret;
2386
2387 if (!group->default_domain) {
2388 __iommu_group_for_each_dev(group, domain,
2389 iommu_group_do_detach_device);
2390 group->domain = NULL;
2391 return;
2392 }
2393
2394 if (group->domain == group->default_domain)
2395 return;
2396
2397 /* Detach by re-attaching to the default domain */
2398 ret = __iommu_group_for_each_dev(group, group->default_domain,
2399 iommu_group_do_attach_device);
2400 if (ret != 0)
2401 WARN_ON(1);
2402 else
2403 group->domain = group->default_domain;
2404 }
2405
iommu_detach_group(struct iommu_domain * domain,struct iommu_group * group)2406 void iommu_detach_group(struct iommu_domain *domain, struct iommu_group *group)
2407 {
2408 mutex_lock(&group->mutex);
2409 __iommu_detach_group(domain, group);
2410 mutex_unlock(&group->mutex);
2411 }
2412 EXPORT_SYMBOL_GPL(iommu_detach_group);
2413
iommu_iova_to_phys(struct iommu_domain * domain,dma_addr_t iova)2414 phys_addr_t iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2415 {
2416 if (domain->type == IOMMU_DOMAIN_IDENTITY)
2417 return iova;
2418
2419 if (domain->type == IOMMU_DOMAIN_BLOCKED)
2420 return 0;
2421
2422 return domain->ops->iova_to_phys(domain, iova);
2423 }
2424 EXPORT_SYMBOL_GPL(iommu_iova_to_phys);
2425
iommu_pgsize(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,size_t * count)2426 static size_t iommu_pgsize(struct iommu_domain *domain, unsigned long iova,
2427 phys_addr_t paddr, size_t size, size_t *count)
2428 {
2429 unsigned int pgsize_idx, pgsize_idx_next;
2430 unsigned long pgsizes;
2431 size_t offset, pgsize, pgsize_next;
2432 unsigned long addr_merge = paddr | iova;
2433
2434 /* Page sizes supported by the hardware and small enough for @size */
2435 pgsizes = domain->pgsize_bitmap & GENMASK(__fls(size), 0);
2436
2437 /* Constrain the page sizes further based on the maximum alignment */
2438 if (likely(addr_merge))
2439 pgsizes &= GENMASK(__ffs(addr_merge), 0);
2440
2441 /* Make sure we have at least one suitable page size */
2442 BUG_ON(!pgsizes);
2443
2444 /* Pick the biggest page size remaining */
2445 pgsize_idx = __fls(pgsizes);
2446 pgsize = BIT(pgsize_idx);
2447 if (!count)
2448 return pgsize;
2449
2450 /* Find the next biggest support page size, if it exists */
2451 pgsizes = domain->pgsize_bitmap & ~GENMASK(pgsize_idx, 0);
2452 if (!pgsizes)
2453 goto out_set_count;
2454
2455 pgsize_idx_next = __ffs(pgsizes);
2456 pgsize_next = BIT(pgsize_idx_next);
2457
2458 /*
2459 * There's no point trying a bigger page size unless the virtual
2460 * and physical addresses are similarly offset within the larger page.
2461 */
2462 if ((iova ^ paddr) & (pgsize_next - 1))
2463 goto out_set_count;
2464
2465 /* Calculate the offset to the next page size alignment boundary */
2466 offset = pgsize_next - (addr_merge & (pgsize_next - 1));
2467
2468 /*
2469 * If size is big enough to accommodate the larger page, reduce
2470 * the number of smaller pages.
2471 */
2472 if (offset + pgsize_next <= size)
2473 size = offset;
2474
2475 out_set_count:
2476 *count = size >> pgsize_idx;
2477 return pgsize;
2478 }
2479
__iommu_map_pages(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,int prot,gfp_t gfp,size_t * mapped)2480 static int __iommu_map_pages(struct iommu_domain *domain, unsigned long iova,
2481 phys_addr_t paddr, size_t size, int prot,
2482 gfp_t gfp, size_t *mapped)
2483 {
2484 const struct iommu_ops *ops = domain->ops;
2485 size_t pgsize, count;
2486 int ret;
2487
2488 pgsize = iommu_pgsize(domain, iova, paddr, size, &count);
2489
2490 pr_debug("mapping: iova 0x%lx pa %pa pgsize 0x%zx count %zu\n",
2491 iova, &paddr, pgsize, count);
2492
2493 if (ops->map_pages) {
2494 ret = ops->map_pages(domain, iova, paddr, pgsize, count, prot,
2495 gfp, mapped);
2496 } else {
2497 ret = ops->map(domain, iova, paddr, pgsize, prot, gfp);
2498 *mapped = ret ? 0 : pgsize;
2499 }
2500
2501 return ret;
2502 }
2503
__iommu_map(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,int prot,gfp_t gfp)2504 static int __iommu_map(struct iommu_domain *domain, unsigned long iova,
2505 phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2506 {
2507 const struct iommu_ops *ops = domain->ops;
2508 unsigned long orig_iova = iova;
2509 unsigned int min_pagesz;
2510 size_t orig_size = size;
2511 phys_addr_t orig_paddr = paddr;
2512 int ret = 0;
2513
2514 if (unlikely(!(ops->map || ops->map_pages) ||
2515 domain->pgsize_bitmap == 0UL))
2516 return -ENODEV;
2517
2518 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2519 return -EINVAL;
2520
2521 /* find out the minimum page size supported */
2522 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2523
2524 /*
2525 * both the virtual address and the physical one, as well as
2526 * the size of the mapping, must be aligned (at least) to the
2527 * size of the smallest page supported by the hardware
2528 */
2529 if (!IS_ALIGNED(iova | paddr | size, min_pagesz)) {
2530 pr_err("unaligned: iova 0x%lx pa %pa size 0x%zx min_pagesz 0x%x\n",
2531 iova, &paddr, size, min_pagesz);
2532 return -EINVAL;
2533 }
2534
2535 pr_debug("map: iova 0x%lx pa %pa size 0x%zx\n", iova, &paddr, size);
2536
2537 while (size) {
2538 size_t mapped = 0;
2539
2540 ret = __iommu_map_pages(domain, iova, paddr, size, prot, gfp,
2541 &mapped);
2542 /*
2543 * Some pages may have been mapped, even if an error occurred,
2544 * so we should account for those so they can be unmapped.
2545 */
2546 size -= mapped;
2547
2548 if (ret)
2549 break;
2550
2551 iova += mapped;
2552 paddr += mapped;
2553 }
2554
2555 /* unroll mapping in case something went wrong */
2556 if (ret)
2557 iommu_unmap(domain, orig_iova, orig_size - size);
2558 else
2559 trace_map(orig_iova, orig_paddr, orig_size);
2560
2561 return ret;
2562 }
2563
_iommu_map(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,int prot,gfp_t gfp)2564 static int _iommu_map(struct iommu_domain *domain, unsigned long iova,
2565 phys_addr_t paddr, size_t size, int prot, gfp_t gfp)
2566 {
2567 const struct iommu_ops *ops = domain->ops;
2568 int ret;
2569
2570 ret = __iommu_map(domain, iova, paddr, size, prot, gfp);
2571 if (ret == 0 && ops->iotlb_sync_map)
2572 ops->iotlb_sync_map(domain, iova, size);
2573
2574 return ret;
2575 }
2576
iommu_map(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,int prot)2577 int iommu_map(struct iommu_domain *domain, unsigned long iova,
2578 phys_addr_t paddr, size_t size, int prot)
2579 {
2580 might_sleep();
2581 return _iommu_map(domain, iova, paddr, size, prot, GFP_KERNEL);
2582 }
2583 EXPORT_SYMBOL_GPL(iommu_map);
2584
iommu_map_atomic(struct iommu_domain * domain,unsigned long iova,phys_addr_t paddr,size_t size,int prot)2585 int iommu_map_atomic(struct iommu_domain *domain, unsigned long iova,
2586 phys_addr_t paddr, size_t size, int prot)
2587 {
2588 return _iommu_map(domain, iova, paddr, size, prot, GFP_ATOMIC);
2589 }
2590 EXPORT_SYMBOL_GPL(iommu_map_atomic);
2591
__iommu_unmap_pages(struct iommu_domain * domain,unsigned long iova,size_t size,struct iommu_iotlb_gather * iotlb_gather)2592 static size_t __iommu_unmap_pages(struct iommu_domain *domain,
2593 unsigned long iova, size_t size,
2594 struct iommu_iotlb_gather *iotlb_gather)
2595 {
2596 const struct iommu_ops *ops = domain->ops;
2597 size_t pgsize, count;
2598
2599 pgsize = iommu_pgsize(domain, iova, iova, size, &count);
2600 return ops->unmap_pages ?
2601 ops->unmap_pages(domain, iova, pgsize, count, iotlb_gather) :
2602 ops->unmap(domain, iova, pgsize, iotlb_gather);
2603 }
2604
__iommu_unmap(struct iommu_domain * domain,unsigned long iova,size_t size,struct iommu_iotlb_gather * iotlb_gather)2605 static size_t __iommu_unmap(struct iommu_domain *domain,
2606 unsigned long iova, size_t size,
2607 struct iommu_iotlb_gather *iotlb_gather)
2608 {
2609 const struct iommu_ops *ops = domain->ops;
2610 size_t unmapped_page, unmapped = 0;
2611 unsigned long orig_iova = iova;
2612 unsigned int min_pagesz;
2613
2614 if (unlikely(!(ops->unmap || ops->unmap_pages) ||
2615 domain->pgsize_bitmap == 0UL))
2616 return 0;
2617
2618 if (unlikely(!(domain->type & __IOMMU_DOMAIN_PAGING)))
2619 return 0;
2620
2621 /* find out the minimum page size supported */
2622 min_pagesz = 1 << __ffs(domain->pgsize_bitmap);
2623
2624 /*
2625 * The virtual address, as well as the size of the mapping, must be
2626 * aligned (at least) to the size of the smallest page supported
2627 * by the hardware
2628 */
2629 if (!IS_ALIGNED(iova | size, min_pagesz)) {
2630 pr_err("unaligned: iova 0x%lx size 0x%zx min_pagesz 0x%x\n",
2631 iova, size, min_pagesz);
2632 return 0;
2633 }
2634
2635 pr_debug("unmap this: iova 0x%lx size 0x%zx\n", iova, size);
2636
2637 /*
2638 * Keep iterating until we either unmap 'size' bytes (or more)
2639 * or we hit an area that isn't mapped.
2640 */
2641 while (unmapped < size) {
2642 unmapped_page = __iommu_unmap_pages(domain, iova,
2643 size - unmapped,
2644 iotlb_gather);
2645 if (!unmapped_page)
2646 break;
2647
2648 pr_debug("unmapped: iova 0x%lx size 0x%zx\n",
2649 iova, unmapped_page);
2650
2651 iova += unmapped_page;
2652 unmapped += unmapped_page;
2653 }
2654
2655 trace_unmap(orig_iova, size, unmapped);
2656 return unmapped;
2657 }
2658
iommu_unmap(struct iommu_domain * domain,unsigned long iova,size_t size)2659 size_t iommu_unmap(struct iommu_domain *domain,
2660 unsigned long iova, size_t size)
2661 {
2662 struct iommu_iotlb_gather iotlb_gather;
2663 size_t ret;
2664
2665 iommu_iotlb_gather_init(&iotlb_gather);
2666 ret = __iommu_unmap(domain, iova, size, &iotlb_gather);
2667 iommu_iotlb_sync(domain, &iotlb_gather);
2668
2669 return ret;
2670 }
2671 EXPORT_SYMBOL_GPL(iommu_unmap);
2672
iommu_unmap_fast(struct iommu_domain * domain,unsigned long iova,size_t size,struct iommu_iotlb_gather * iotlb_gather)2673 size_t iommu_unmap_fast(struct iommu_domain *domain,
2674 unsigned long iova, size_t size,
2675 struct iommu_iotlb_gather *iotlb_gather)
2676 {
2677 return __iommu_unmap(domain, iova, size, iotlb_gather);
2678 }
2679 EXPORT_SYMBOL_GPL(iommu_unmap_fast);
2680
__iommu_map_sg(struct iommu_domain * domain,unsigned long iova,struct scatterlist * sg,unsigned int nents,int prot,gfp_t gfp)2681 static ssize_t __iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2682 struct scatterlist *sg, unsigned int nents, int prot,
2683 gfp_t gfp)
2684 {
2685 const struct iommu_ops *ops = domain->ops;
2686 size_t len = 0, mapped = 0;
2687 phys_addr_t start;
2688 unsigned int i = 0;
2689 int ret;
2690
2691 if (ops->map_sg) {
2692 ret = ops->map_sg(domain, iova, sg, nents, prot, gfp, &mapped);
2693
2694 if (ops->iotlb_sync_map)
2695 ops->iotlb_sync_map(domain, iova, mapped);
2696
2697 if (ret)
2698 goto out_err;
2699
2700 return mapped;
2701 }
2702
2703 while (i <= nents) {
2704 phys_addr_t s_phys = sg_phys(sg);
2705
2706 if (len && s_phys != start + len) {
2707 ret = __iommu_map(domain, iova + mapped, start,
2708 len, prot, gfp);
2709
2710 if (ret)
2711 goto out_err;
2712
2713 mapped += len;
2714 len = 0;
2715 }
2716
2717 if (len) {
2718 len += sg->length;
2719 } else {
2720 len = sg->length;
2721 start = s_phys;
2722 }
2723
2724 if (++i < nents)
2725 sg = sg_next(sg);
2726 }
2727
2728 if (ops->iotlb_sync_map)
2729 ops->iotlb_sync_map(domain, iova, mapped);
2730 return mapped;
2731
2732 out_err:
2733 /* undo mappings already done */
2734 iommu_unmap(domain, iova, mapped);
2735
2736 return ret;
2737 }
2738
iommu_map_sg(struct iommu_domain * domain,unsigned long iova,struct scatterlist * sg,unsigned int nents,int prot)2739 ssize_t iommu_map_sg(struct iommu_domain *domain, unsigned long iova,
2740 struct scatterlist *sg, unsigned int nents, int prot)
2741 {
2742 might_sleep();
2743 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_KERNEL);
2744 }
2745 EXPORT_SYMBOL_GPL(iommu_map_sg);
2746
iommu_map_sg_atomic(struct iommu_domain * domain,unsigned long iova,struct scatterlist * sg,unsigned int nents,int prot)2747 ssize_t iommu_map_sg_atomic(struct iommu_domain *domain, unsigned long iova,
2748 struct scatterlist *sg, unsigned int nents, int prot)
2749 {
2750 return __iommu_map_sg(domain, iova, sg, nents, prot, GFP_ATOMIC);
2751 }
2752
2753 /**
2754 * report_iommu_fault() - report about an IOMMU fault to the IOMMU framework
2755 * @domain: the iommu domain where the fault has happened
2756 * @dev: the device where the fault has happened
2757 * @iova: the faulting address
2758 * @flags: mmu fault flags (e.g. IOMMU_FAULT_READ/IOMMU_FAULT_WRITE/...)
2759 *
2760 * This function should be called by the low-level IOMMU implementations
2761 * whenever IOMMU faults happen, to allow high-level users, that are
2762 * interested in such events, to know about them.
2763 *
2764 * This event may be useful for several possible use cases:
2765 * - mere logging of the event
2766 * - dynamic TLB/PTE loading
2767 * - if restarting of the faulting device is required
2768 *
2769 * Returns 0 on success and an appropriate error code otherwise (if dynamic
2770 * PTE/TLB loading will one day be supported, implementations will be able
2771 * to tell whether it succeeded or not according to this return value).
2772 *
2773 * Specifically, -ENOSYS is returned if a fault handler isn't installed
2774 * (though fault handlers can also return -ENOSYS, in case they want to
2775 * elicit the default behavior of the IOMMU drivers).
2776 */
report_iommu_fault(struct iommu_domain * domain,struct device * dev,unsigned long iova,int flags)2777 int report_iommu_fault(struct iommu_domain *domain, struct device *dev,
2778 unsigned long iova, int flags)
2779 {
2780 int ret = -ENOSYS;
2781
2782 /*
2783 * if upper layers showed interest and installed a fault handler,
2784 * invoke it.
2785 */
2786 if (domain->handler)
2787 ret = domain->handler(domain, dev, iova, flags,
2788 domain->handler_token);
2789
2790 trace_io_page_fault(dev, iova, flags);
2791 return ret;
2792 }
2793 EXPORT_SYMBOL_GPL(report_iommu_fault);
2794
iommu_init(void)2795 static int __init iommu_init(void)
2796 {
2797 iommu_group_kset = kset_create_and_add("iommu_groups",
2798 NULL, kernel_kobj);
2799 BUG_ON(!iommu_group_kset);
2800
2801 iommu_debugfs_setup();
2802
2803 return 0;
2804 }
2805 core_initcall(iommu_init);
2806
iommu_enable_nesting(struct iommu_domain * domain)2807 int iommu_enable_nesting(struct iommu_domain *domain)
2808 {
2809 if (domain->type != IOMMU_DOMAIN_UNMANAGED)
2810 return -EINVAL;
2811 if (!domain->ops->enable_nesting)
2812 return -EINVAL;
2813 return domain->ops->enable_nesting(domain);
2814 }
2815 EXPORT_SYMBOL_GPL(iommu_enable_nesting);
2816
iommu_set_pgtable_quirks(struct iommu_domain * domain,unsigned long quirk)2817 int iommu_set_pgtable_quirks(struct iommu_domain *domain,
2818 unsigned long quirk)
2819 {
2820 if (domain->type != IOMMU_DOMAIN_UNMANAGED)
2821 return -EINVAL;
2822 if (!domain->ops->set_pgtable_quirks)
2823 return -EINVAL;
2824 return domain->ops->set_pgtable_quirks(domain, quirk);
2825 }
2826 EXPORT_SYMBOL_GPL(iommu_set_pgtable_quirks);
2827
iommu_get_resv_regions(struct device * dev,struct list_head * list)2828 void iommu_get_resv_regions(struct device *dev, struct list_head *list)
2829 {
2830 const struct iommu_ops *ops = dev->bus->iommu_ops;
2831
2832 if (ops && ops->get_resv_regions)
2833 ops->get_resv_regions(dev, list);
2834 }
2835
iommu_put_resv_regions(struct device * dev,struct list_head * list)2836 void iommu_put_resv_regions(struct device *dev, struct list_head *list)
2837 {
2838 const struct iommu_ops *ops = dev->bus->iommu_ops;
2839
2840 if (ops && ops->put_resv_regions)
2841 ops->put_resv_regions(dev, list);
2842 }
2843
2844 /**
2845 * generic_iommu_put_resv_regions - Reserved region driver helper
2846 * @dev: device for which to free reserved regions
2847 * @list: reserved region list for device
2848 *
2849 * IOMMU drivers can use this to implement their .put_resv_regions() callback
2850 * for simple reservations. Memory allocated for each reserved region will be
2851 * freed. If an IOMMU driver allocates additional resources per region, it is
2852 * going to have to implement a custom callback.
2853 */
generic_iommu_put_resv_regions(struct device * dev,struct list_head * list)2854 void generic_iommu_put_resv_regions(struct device *dev, struct list_head *list)
2855 {
2856 struct iommu_resv_region *entry, *next;
2857
2858 list_for_each_entry_safe(entry, next, list, list)
2859 kfree(entry);
2860 }
2861 EXPORT_SYMBOL(generic_iommu_put_resv_regions);
2862
iommu_alloc_resv_region(phys_addr_t start,size_t length,int prot,enum iommu_resv_type type)2863 struct iommu_resv_region *iommu_alloc_resv_region(phys_addr_t start,
2864 size_t length, int prot,
2865 enum iommu_resv_type type)
2866 {
2867 struct iommu_resv_region *region;
2868
2869 region = kzalloc(sizeof(*region), GFP_KERNEL);
2870 if (!region)
2871 return NULL;
2872
2873 INIT_LIST_HEAD(®ion->list);
2874 region->start = start;
2875 region->length = length;
2876 region->prot = prot;
2877 region->type = type;
2878 return region;
2879 }
2880 EXPORT_SYMBOL_GPL(iommu_alloc_resv_region);
2881
iommu_set_default_passthrough(bool cmd_line)2882 void iommu_set_default_passthrough(bool cmd_line)
2883 {
2884 if (cmd_line)
2885 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
2886 iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY;
2887 }
2888
iommu_set_default_translated(bool cmd_line)2889 void iommu_set_default_translated(bool cmd_line)
2890 {
2891 if (cmd_line)
2892 iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API;
2893 iommu_def_domain_type = IOMMU_DOMAIN_DMA;
2894 }
2895
iommu_default_passthrough(void)2896 bool iommu_default_passthrough(void)
2897 {
2898 return iommu_def_domain_type == IOMMU_DOMAIN_IDENTITY;
2899 }
2900 EXPORT_SYMBOL_GPL(iommu_default_passthrough);
2901
iommu_ops_from_fwnode(struct fwnode_handle * fwnode)2902 const struct iommu_ops *iommu_ops_from_fwnode(struct fwnode_handle *fwnode)
2903 {
2904 const struct iommu_ops *ops = NULL;
2905 struct iommu_device *iommu;
2906
2907 spin_lock(&iommu_device_lock);
2908 list_for_each_entry(iommu, &iommu_device_list, list)
2909 if (iommu->fwnode == fwnode) {
2910 ops = iommu->ops;
2911 break;
2912 }
2913 spin_unlock(&iommu_device_lock);
2914 return ops;
2915 }
2916
iommu_fwspec_init(struct device * dev,struct fwnode_handle * iommu_fwnode,const struct iommu_ops * ops)2917 int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode,
2918 const struct iommu_ops *ops)
2919 {
2920 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2921
2922 if (fwspec)
2923 return ops == fwspec->ops ? 0 : -EINVAL;
2924
2925 if (!dev_iommu_get(dev))
2926 return -ENOMEM;
2927
2928 /* Preallocate for the overwhelmingly common case of 1 ID */
2929 fwspec = kzalloc(struct_size(fwspec, ids, 1), GFP_KERNEL);
2930 if (!fwspec)
2931 return -ENOMEM;
2932
2933 of_node_get(to_of_node(iommu_fwnode));
2934 fwspec->iommu_fwnode = iommu_fwnode;
2935 fwspec->ops = ops;
2936 dev_iommu_fwspec_set(dev, fwspec);
2937 return 0;
2938 }
2939 EXPORT_SYMBOL_GPL(iommu_fwspec_init);
2940
iommu_fwspec_free(struct device * dev)2941 void iommu_fwspec_free(struct device *dev)
2942 {
2943 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2944
2945 if (fwspec) {
2946 fwnode_handle_put(fwspec->iommu_fwnode);
2947 kfree(fwspec);
2948 dev_iommu_fwspec_set(dev, NULL);
2949 }
2950 }
2951 EXPORT_SYMBOL_GPL(iommu_fwspec_free);
2952
iommu_fwspec_add_ids(struct device * dev,u32 * ids,int num_ids)2953 int iommu_fwspec_add_ids(struct device *dev, u32 *ids, int num_ids)
2954 {
2955 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2956 int i, new_num;
2957
2958 if (!fwspec)
2959 return -EINVAL;
2960
2961 new_num = fwspec->num_ids + num_ids;
2962 if (new_num > 1) {
2963 fwspec = krealloc(fwspec, struct_size(fwspec, ids, new_num),
2964 GFP_KERNEL);
2965 if (!fwspec)
2966 return -ENOMEM;
2967
2968 dev_iommu_fwspec_set(dev, fwspec);
2969 }
2970
2971 for (i = 0; i < num_ids; i++)
2972 fwspec->ids[fwspec->num_ids + i] = ids[i];
2973
2974 fwspec->num_ids = new_num;
2975 return 0;
2976 }
2977 EXPORT_SYMBOL_GPL(iommu_fwspec_add_ids);
2978
2979 /*
2980 * Per device IOMMU features.
2981 */
iommu_dev_enable_feature(struct device * dev,enum iommu_dev_features feat)2982 int iommu_dev_enable_feature(struct device *dev, enum iommu_dev_features feat)
2983 {
2984 if (dev->iommu && dev->iommu->iommu_dev) {
2985 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
2986
2987 if (ops->dev_enable_feat)
2988 return ops->dev_enable_feat(dev, feat);
2989 }
2990
2991 return -ENODEV;
2992 }
2993 EXPORT_SYMBOL_GPL(iommu_dev_enable_feature);
2994
2995 /*
2996 * The device drivers should do the necessary cleanups before calling this.
2997 * For example, before disabling the aux-domain feature, the device driver
2998 * should detach all aux-domains. Otherwise, this will return -EBUSY.
2999 */
iommu_dev_disable_feature(struct device * dev,enum iommu_dev_features feat)3000 int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat)
3001 {
3002 if (dev->iommu && dev->iommu->iommu_dev) {
3003 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
3004
3005 if (ops->dev_disable_feat)
3006 return ops->dev_disable_feat(dev, feat);
3007 }
3008
3009 return -EBUSY;
3010 }
3011 EXPORT_SYMBOL_GPL(iommu_dev_disable_feature);
3012
iommu_dev_feature_enabled(struct device * dev,enum iommu_dev_features feat)3013 bool iommu_dev_feature_enabled(struct device *dev, enum iommu_dev_features feat)
3014 {
3015 if (dev->iommu && dev->iommu->iommu_dev) {
3016 const struct iommu_ops *ops = dev->iommu->iommu_dev->ops;
3017
3018 if (ops->dev_feat_enabled)
3019 return ops->dev_feat_enabled(dev, feat);
3020 }
3021
3022 return false;
3023 }
3024 EXPORT_SYMBOL_GPL(iommu_dev_feature_enabled);
3025
3026 /*
3027 * Aux-domain specific attach/detach.
3028 *
3029 * Only works if iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX) returns
3030 * true. Also, as long as domains are attached to a device through this
3031 * interface, any tries to call iommu_attach_device() should fail
3032 * (iommu_detach_device() can't fail, so we fail when trying to re-attach).
3033 * This should make us safe against a device being attached to a guest as a
3034 * whole while there are still pasid users on it (aux and sva).
3035 */
iommu_aux_attach_device(struct iommu_domain * domain,struct device * dev)3036 int iommu_aux_attach_device(struct iommu_domain *domain, struct device *dev)
3037 {
3038 int ret = -ENODEV;
3039
3040 if (domain->ops->aux_attach_dev)
3041 ret = domain->ops->aux_attach_dev(domain, dev);
3042
3043 if (!ret)
3044 trace_attach_device_to_domain(dev);
3045
3046 return ret;
3047 }
3048 EXPORT_SYMBOL_GPL(iommu_aux_attach_device);
3049
iommu_aux_detach_device(struct iommu_domain * domain,struct device * dev)3050 void iommu_aux_detach_device(struct iommu_domain *domain, struct device *dev)
3051 {
3052 if (domain->ops->aux_detach_dev) {
3053 domain->ops->aux_detach_dev(domain, dev);
3054 trace_detach_device_from_domain(dev);
3055 }
3056 }
3057 EXPORT_SYMBOL_GPL(iommu_aux_detach_device);
3058
iommu_aux_get_pasid(struct iommu_domain * domain,struct device * dev)3059 int iommu_aux_get_pasid(struct iommu_domain *domain, struct device *dev)
3060 {
3061 int ret = -ENODEV;
3062
3063 if (domain->ops->aux_get_pasid)
3064 ret = domain->ops->aux_get_pasid(domain, dev);
3065
3066 return ret;
3067 }
3068 EXPORT_SYMBOL_GPL(iommu_aux_get_pasid);
3069
3070 /**
3071 * iommu_sva_bind_device() - Bind a process address space to a device
3072 * @dev: the device
3073 * @mm: the mm to bind, caller must hold a reference to it
3074 *
3075 * Create a bond between device and address space, allowing the device to access
3076 * the mm using the returned PASID. If a bond already exists between @device and
3077 * @mm, it is returned and an additional reference is taken. Caller must call
3078 * iommu_sva_unbind_device() to release each reference.
3079 *
3080 * iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) must be called first, to
3081 * initialize the required SVA features.
3082 *
3083 * On error, returns an ERR_PTR value.
3084 */
3085 struct iommu_sva *
iommu_sva_bind_device(struct device * dev,struct mm_struct * mm,void * drvdata)3086 iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata)
3087 {
3088 struct iommu_group *group;
3089 struct iommu_sva *handle = ERR_PTR(-EINVAL);
3090 const struct iommu_ops *ops = dev->bus->iommu_ops;
3091
3092 if (!ops || !ops->sva_bind)
3093 return ERR_PTR(-ENODEV);
3094
3095 group = iommu_group_get(dev);
3096 if (!group)
3097 return ERR_PTR(-ENODEV);
3098
3099 /* Ensure device count and domain don't change while we're binding */
3100 mutex_lock(&group->mutex);
3101
3102 /*
3103 * To keep things simple, SVA currently doesn't support IOMMU groups
3104 * with more than one device. Existing SVA-capable systems are not
3105 * affected by the problems that required IOMMU groups (lack of ACS
3106 * isolation, device ID aliasing and other hardware issues).
3107 */
3108 if (iommu_group_device_count(group) != 1)
3109 goto out_unlock;
3110
3111 handle = ops->sva_bind(dev, mm, drvdata);
3112
3113 out_unlock:
3114 mutex_unlock(&group->mutex);
3115 iommu_group_put(group);
3116
3117 return handle;
3118 }
3119 EXPORT_SYMBOL_GPL(iommu_sva_bind_device);
3120
3121 /**
3122 * iommu_sva_unbind_device() - Remove a bond created with iommu_sva_bind_device
3123 * @handle: the handle returned by iommu_sva_bind_device()
3124 *
3125 * Put reference to a bond between device and address space. The device should
3126 * not be issuing any more transaction for this PASID. All outstanding page
3127 * requests for this PASID must have been flushed to the IOMMU.
3128 */
iommu_sva_unbind_device(struct iommu_sva * handle)3129 void iommu_sva_unbind_device(struct iommu_sva *handle)
3130 {
3131 struct iommu_group *group;
3132 struct device *dev = handle->dev;
3133 const struct iommu_ops *ops = dev->bus->iommu_ops;
3134
3135 if (!ops || !ops->sva_unbind)
3136 return;
3137
3138 group = iommu_group_get(dev);
3139 if (!group)
3140 return;
3141
3142 mutex_lock(&group->mutex);
3143 ops->sva_unbind(handle);
3144 mutex_unlock(&group->mutex);
3145
3146 iommu_group_put(group);
3147 }
3148 EXPORT_SYMBOL_GPL(iommu_sva_unbind_device);
3149
iommu_sva_get_pasid(struct iommu_sva * handle)3150 u32 iommu_sva_get_pasid(struct iommu_sva *handle)
3151 {
3152 const struct iommu_ops *ops = handle->dev->bus->iommu_ops;
3153
3154 if (!ops || !ops->sva_get_pasid)
3155 return IOMMU_PASID_INVALID;
3156
3157 return ops->sva_get_pasid(handle);
3158 }
3159 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
3160
3161 /*
3162 * Changes the default domain of an iommu group that has *only* one device
3163 *
3164 * @group: The group for which the default domain should be changed
3165 * @prev_dev: The device in the group (this is used to make sure that the device
3166 * hasn't changed after the caller has called this function)
3167 * @type: The type of the new default domain that gets associated with the group
3168 *
3169 * Returns 0 on success and error code on failure
3170 *
3171 * Note:
3172 * 1. Presently, this function is called only when user requests to change the
3173 * group's default domain type through /sys/kernel/iommu_groups/<grp_id>/type
3174 * Please take a closer look if intended to use for other purposes.
3175 */
iommu_change_dev_def_domain(struct iommu_group * group,struct device * prev_dev,int type)3176 static int iommu_change_dev_def_domain(struct iommu_group *group,
3177 struct device *prev_dev, int type)
3178 {
3179 struct iommu_domain *prev_dom;
3180 struct group_device *grp_dev;
3181 int ret, dev_def_dom;
3182 struct device *dev;
3183
3184 mutex_lock(&group->mutex);
3185
3186 if (group->default_domain != group->domain) {
3187 dev_err_ratelimited(prev_dev, "Group not assigned to default domain\n");
3188 ret = -EBUSY;
3189 goto out;
3190 }
3191
3192 /*
3193 * iommu group wasn't locked while acquiring device lock in
3194 * iommu_group_store_type(). So, make sure that the device count hasn't
3195 * changed while acquiring device lock.
3196 *
3197 * Changing default domain of an iommu group with two or more devices
3198 * isn't supported because there could be a potential deadlock. Consider
3199 * the following scenario. T1 is trying to acquire device locks of all
3200 * the devices in the group and before it could acquire all of them,
3201 * there could be another thread T2 (from different sub-system and use
3202 * case) that has already acquired some of the device locks and might be
3203 * waiting for T1 to release other device locks.
3204 */
3205 if (iommu_group_device_count(group) != 1) {
3206 dev_err_ratelimited(prev_dev, "Cannot change default domain: Group has more than one device\n");
3207 ret = -EINVAL;
3208 goto out;
3209 }
3210
3211 /* Since group has only one device */
3212 grp_dev = list_first_entry(&group->devices, struct group_device, list);
3213 dev = grp_dev->dev;
3214
3215 if (prev_dev != dev) {
3216 dev_err_ratelimited(prev_dev, "Cannot change default domain: Device has been changed\n");
3217 ret = -EBUSY;
3218 goto out;
3219 }
3220
3221 prev_dom = group->default_domain;
3222 if (!prev_dom) {
3223 ret = -EINVAL;
3224 goto out;
3225 }
3226
3227 dev_def_dom = iommu_get_def_domain_type(dev);
3228 if (!type) {
3229 /*
3230 * If the user hasn't requested any specific type of domain and
3231 * if the device supports both the domains, then default to the
3232 * domain the device was booted with
3233 */
3234 type = dev_def_dom ? : iommu_def_domain_type;
3235 } else if (dev_def_dom && type != dev_def_dom) {
3236 dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n",
3237 iommu_domain_type_str(type));
3238 ret = -EINVAL;
3239 goto out;
3240 }
3241
3242 /*
3243 * Switch to a new domain only if the requested domain type is different
3244 * from the existing default domain type
3245 */
3246 if (prev_dom->type == type) {
3247 ret = 0;
3248 goto out;
3249 }
3250
3251 /* We can bring up a flush queue without tearing down the domain */
3252 if (type == IOMMU_DOMAIN_DMA_FQ && prev_dom->type == IOMMU_DOMAIN_DMA) {
3253 ret = iommu_dma_init_fq(prev_dom);
3254 if (!ret)
3255 prev_dom->type = IOMMU_DOMAIN_DMA_FQ;
3256 goto out;
3257 }
3258
3259 /* Sets group->default_domain to the newly allocated domain */
3260 ret = iommu_group_alloc_default_domain(dev->bus, group, type);
3261 if (ret)
3262 goto out;
3263
3264 ret = iommu_create_device_direct_mappings(group, dev);
3265 if (ret)
3266 goto free_new_domain;
3267
3268 ret = __iommu_attach_device(group->default_domain, dev);
3269 if (ret)
3270 goto free_new_domain;
3271
3272 group->domain = group->default_domain;
3273
3274 /*
3275 * Release the mutex here because ops->probe_finalize() call-back of
3276 * some vendor IOMMU drivers calls arm_iommu_attach_device() which
3277 * in-turn might call back into IOMMU core code, where it tries to take
3278 * group->mutex, resulting in a deadlock.
3279 */
3280 mutex_unlock(&group->mutex);
3281
3282 /* Make sure dma_ops is appropriatley set */
3283 iommu_group_do_probe_finalize(dev, group->default_domain);
3284 iommu_domain_free(prev_dom);
3285 return 0;
3286
3287 free_new_domain:
3288 iommu_domain_free(group->default_domain);
3289 group->default_domain = prev_dom;
3290 group->domain = prev_dom;
3291
3292 out:
3293 mutex_unlock(&group->mutex);
3294
3295 return ret;
3296 }
3297
3298 /*
3299 * Changing the default domain through sysfs requires the users to unbind the
3300 * drivers from the devices in the iommu group, except for a DMA -> DMA-FQ
3301 * transition. Return failure if this isn't met.
3302 *
3303 * We need to consider the race between this and the device release path.
3304 * device_lock(dev) is used here to guarantee that the device release path
3305 * will not be entered at the same time.
3306 */
iommu_group_store_type(struct iommu_group * group,const char * buf,size_t count)3307 static ssize_t iommu_group_store_type(struct iommu_group *group,
3308 const char *buf, size_t count)
3309 {
3310 struct group_device *grp_dev;
3311 struct device *dev;
3312 int ret, req_type;
3313
3314 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
3315 return -EACCES;
3316
3317 if (WARN_ON(!group))
3318 return -EINVAL;
3319
3320 if (sysfs_streq(buf, "identity"))
3321 req_type = IOMMU_DOMAIN_IDENTITY;
3322 else if (sysfs_streq(buf, "DMA"))
3323 req_type = IOMMU_DOMAIN_DMA;
3324 else if (sysfs_streq(buf, "DMA-FQ"))
3325 req_type = IOMMU_DOMAIN_DMA_FQ;
3326 else if (sysfs_streq(buf, "auto"))
3327 req_type = 0;
3328 else
3329 return -EINVAL;
3330
3331 /*
3332 * Lock/Unlock the group mutex here before device lock to
3333 * 1. Make sure that the iommu group has only one device (this is a
3334 * prerequisite for step 2)
3335 * 2. Get struct *dev which is needed to lock device
3336 */
3337 mutex_lock(&group->mutex);
3338 if (iommu_group_device_count(group) != 1) {
3339 mutex_unlock(&group->mutex);
3340 pr_err_ratelimited("Cannot change default domain: Group has more than one device\n");
3341 return -EINVAL;
3342 }
3343
3344 /* Since group has only one device */
3345 grp_dev = list_first_entry(&group->devices, struct group_device, list);
3346 dev = grp_dev->dev;
3347 get_device(dev);
3348
3349 /*
3350 * Don't hold the group mutex because taking group mutex first and then
3351 * the device lock could potentially cause a deadlock as below. Assume
3352 * two threads T1 and T2. T1 is trying to change default domain of an
3353 * iommu group and T2 is trying to hot unplug a device or release [1] VF
3354 * of a PCIe device which is in the same iommu group. T1 takes group
3355 * mutex and before it could take device lock assume T2 has taken device
3356 * lock and is yet to take group mutex. Now, both the threads will be
3357 * waiting for the other thread to release lock. Below, lock order was
3358 * suggested.
3359 * device_lock(dev);
3360 * mutex_lock(&group->mutex);
3361 * iommu_change_dev_def_domain();
3362 * mutex_unlock(&group->mutex);
3363 * device_unlock(dev);
3364 *
3365 * [1] Typical device release path
3366 * device_lock() from device/driver core code
3367 * -> bus_notifier()
3368 * -> iommu_bus_notifier()
3369 * -> iommu_release_device()
3370 * -> ops->release_device() vendor driver calls back iommu core code
3371 * -> mutex_lock() from iommu core code
3372 */
3373 mutex_unlock(&group->mutex);
3374
3375 /* Check if the device in the group still has a driver bound to it */
3376 device_lock(dev);
3377 if (device_is_bound(dev) && !(req_type == IOMMU_DOMAIN_DMA_FQ &&
3378 group->default_domain->type == IOMMU_DOMAIN_DMA)) {
3379 pr_err_ratelimited("Device is still bound to driver\n");
3380 ret = -EBUSY;
3381 goto out;
3382 }
3383
3384 ret = iommu_change_dev_def_domain(group, dev, req_type);
3385 ret = ret ?: count;
3386
3387 out:
3388 device_unlock(dev);
3389 put_device(dev);
3390
3391 return ret;
3392 }
3393