2 * Copyright © 2006-2014 Intel Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * Authors: David Woodhouse <dwmw2@infradead.org>,
14 * Ashok Raj <ashok.raj@intel.com>,
15 * Shaohua Li <shaohua.li@intel.com>,
16 * Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
17 * Fenghua Yu <fenghua.yu@intel.com>
20 #include <linux/init.h>
21 #include <linux/bitmap.h>
22 #include <linux/debugfs.h>
23 #include <linux/export.h>
24 #include <linux/slab.h>
25 #include <linux/irq.h>
26 #include <linux/interrupt.h>
27 #include <linux/spinlock.h>
28 #include <linux/pci.h>
29 #include <linux/dmar.h>
30 #include <linux/dma-mapping.h>
31 #include <linux/mempool.h>
32 #include <linux/memory.h>
33 #include <linux/timer.h>
34 #include <linux/iova.h>
35 #include <linux/iommu.h>
36 #include <linux/intel-iommu.h>
37 #include <linux/syscore_ops.h>
38 #include <linux/tboot.h>
39 #include <linux/dmi.h>
40 #include <linux/pci-ats.h>
41 #include <linux/memblock.h>
42 #include <linux/dma-contiguous.h>
43 #include <asm/irq_remapping.h>
44 #include <asm/cacheflush.h>
45 #include <asm/iommu.h>
47 #include "irq_remapping.h"
49 #define ROOT_SIZE VTD_PAGE_SIZE
50 #define CONTEXT_SIZE VTD_PAGE_SIZE
52 #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY)
53 #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB)
54 #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA)
55 #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e)
57 #define IOAPIC_RANGE_START (0xfee00000)
58 #define IOAPIC_RANGE_END (0xfeefffff)
59 #define IOVA_START_ADDR (0x1000)
61 #define DEFAULT_DOMAIN_ADDRESS_WIDTH 48
63 #define MAX_AGAW_WIDTH 64
64 #define MAX_AGAW_PFN_WIDTH (MAX_AGAW_WIDTH - VTD_PAGE_SHIFT)
66 #define __DOMAIN_MAX_PFN(gaw) ((((uint64_t)1) << (gaw-VTD_PAGE_SHIFT)) - 1)
67 #define __DOMAIN_MAX_ADDR(gaw) ((((uint64_t)1) << gaw) - 1)
69 /* We limit DOMAIN_MAX_PFN to fit in an unsigned long, and DOMAIN_MAX_ADDR
70 to match. That way, we can use 'unsigned long' for PFNs with impunity. */
71 #define DOMAIN_MAX_PFN(gaw) ((unsigned long) min_t(uint64_t, \
72 __DOMAIN_MAX_PFN(gaw), (unsigned long)-1))
73 #define DOMAIN_MAX_ADDR(gaw) (((uint64_t)__DOMAIN_MAX_PFN(gaw)) << VTD_PAGE_SHIFT)
75 /* IO virtual address start page frame number */
76 #define IOVA_START_PFN (1)
78 #define IOVA_PFN(addr) ((addr) >> PAGE_SHIFT)
79 #define DMA_32BIT_PFN IOVA_PFN(DMA_BIT_MASK(32))
80 #define DMA_64BIT_PFN IOVA_PFN(DMA_BIT_MASK(64))
82 /* page table handling */
83 #define LEVEL_STRIDE (9)
84 #define LEVEL_MASK (((u64)1 << LEVEL_STRIDE) - 1)
87 * This bitmap is used to advertise the page sizes our hardware support
88 * to the IOMMU core, which will then use this information to split
89 * physically contiguous memory regions it is mapping into page sizes
92 * Traditionally the IOMMU core just handed us the mappings directly,
93 * after making sure the size is an order of a 4KiB page and that the
94 * mapping has natural alignment.
96 * To retain this behavior, we currently advertise that we support
97 * all page sizes that are an order of 4KiB.
99 * If at some point we'd like to utilize the IOMMU core's new behavior,
100 * we could change this to advertise the real page sizes we support.
102 #define INTEL_IOMMU_PGSIZES (~0xFFFUL)
104 static inline int agaw_to_level(int agaw)
109 static inline int agaw_to_width(int agaw)
111 return min_t(int, 30 + agaw * LEVEL_STRIDE, MAX_AGAW_WIDTH);
114 static inline int width_to_agaw(int width)
116 return DIV_ROUND_UP(width - 30, LEVEL_STRIDE);
119 static inline unsigned int level_to_offset_bits(int level)
121 return (level - 1) * LEVEL_STRIDE;
124 static inline int pfn_level_offset(unsigned long pfn, int level)
126 return (pfn >> level_to_offset_bits(level)) & LEVEL_MASK;
129 static inline unsigned long level_mask(int level)
131 return -1UL << level_to_offset_bits(level);
134 static inline unsigned long level_size(int level)
136 return 1UL << level_to_offset_bits(level);
139 static inline unsigned long align_to_level(unsigned long pfn, int level)
141 return (pfn + level_size(level) - 1) & level_mask(level);
144 static inline unsigned long lvl_to_nr_pages(unsigned int lvl)
146 return 1 << min_t(int, (lvl - 1) * LEVEL_STRIDE, MAX_AGAW_PFN_WIDTH);
149 /* VT-d pages must always be _smaller_ than MM pages. Otherwise things
150 are never going to work. */
151 static inline unsigned long dma_to_mm_pfn(unsigned long dma_pfn)
153 return dma_pfn >> (PAGE_SHIFT - VTD_PAGE_SHIFT);
156 static inline unsigned long mm_to_dma_pfn(unsigned long mm_pfn)
158 return mm_pfn << (PAGE_SHIFT - VTD_PAGE_SHIFT);
160 static inline unsigned long page_to_dma_pfn(struct page *pg)
162 return mm_to_dma_pfn(page_to_pfn(pg));
164 static inline unsigned long virt_to_dma_pfn(void *p)
166 return page_to_dma_pfn(virt_to_page(p));
169 /* global iommu list, set NULL for ignored DMAR units */
170 static struct intel_iommu **g_iommus;
172 static void __init check_tylersburg_isoch(void);
173 static int rwbf_quirk;
176 * set to 1 to panic kernel if can't successfully enable VT-d
177 * (used when kernel is launched w/ TXT)
179 static int force_on = 0;
184 * 12-63: Context Ptr (12 - (haw-1))
191 #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
197 * 1: fault processing disable
198 * 2-3: translation type
199 * 12-63: address space root
205 struct context_entry {
210 static inline bool context_present(struct context_entry *context)
212 return (context->lo & 1);
214 static inline void context_set_present(struct context_entry *context)
219 static inline void context_set_fault_enable(struct context_entry *context)
221 context->lo &= (((u64)-1) << 2) | 1;
224 static inline void context_set_translation_type(struct context_entry *context,
227 context->lo &= (((u64)-1) << 4) | 3;
228 context->lo |= (value & 3) << 2;
231 static inline void context_set_address_root(struct context_entry *context,
234 context->lo &= ~VTD_PAGE_MASK;
235 context->lo |= value & VTD_PAGE_MASK;
238 static inline void context_set_address_width(struct context_entry *context,
241 context->hi |= value & 7;
244 static inline void context_set_domain_id(struct context_entry *context,
247 context->hi |= (value & ((1 << 16) - 1)) << 8;
250 static inline void context_clear_entry(struct context_entry *context)
263 * 12-63: Host physcial address
269 static inline void dma_clear_pte(struct dma_pte *pte)
274 static inline u64 dma_pte_addr(struct dma_pte *pte)
277 return pte->val & VTD_PAGE_MASK;
279 /* Must have a full atomic 64-bit read */
280 return __cmpxchg64(&pte->val, 0ULL, 0ULL) & VTD_PAGE_MASK;
284 static inline bool dma_pte_present(struct dma_pte *pte)
286 return (pte->val & 3) != 0;
289 static inline bool dma_pte_superpage(struct dma_pte *pte)
291 return (pte->val & DMA_PTE_LARGE_PAGE);
294 static inline int first_pte_in_page(struct dma_pte *pte)
296 return !((unsigned long)pte & ~VTD_PAGE_MASK);
300 * This domain is a statically identity mapping domain.
301 * 1. This domain creats a static 1:1 mapping to all usable memory.
302 * 2. It maps to each iommu if successful.
303 * 3. Each iommu mapps to this domain if successful.
305 static struct dmar_domain *si_domain;
306 static int hw_pass_through = 1;
308 /* domain represents a virtual machine, more than one devices
309 * across iommus may be owned in one domain, e.g. kvm guest.
311 #define DOMAIN_FLAG_VIRTUAL_MACHINE (1 << 0)
313 /* si_domain contains mulitple devices */
314 #define DOMAIN_FLAG_STATIC_IDENTITY (1 << 1)
317 int id; /* domain id */
318 int nid; /* node id */
319 DECLARE_BITMAP(iommu_bmp, DMAR_UNITS_SUPPORTED);
320 /* bitmap of iommus this domain uses*/
322 struct list_head devices; /* all devices' list */
323 struct iova_domain iovad; /* iova's that belong to this domain */
325 struct dma_pte *pgd; /* virtual address */
326 int gaw; /* max guest address width */
328 /* adjusted guest address width, 0 is level 2 30-bit */
331 int flags; /* flags to find out type of domain */
333 int iommu_coherency;/* indicate coherency of iommu access */
334 int iommu_snooping; /* indicate snooping control feature*/
335 int iommu_count; /* reference count of iommu */
336 int iommu_superpage;/* Level of superpages supported:
337 0 == 4KiB (no superpages), 1 == 2MiB,
338 2 == 1GiB, 3 == 512GiB, 4 == 1TiB */
339 spinlock_t iommu_lock; /* protect iommu set in domain */
340 u64 max_addr; /* maximum mapped address */
342 struct iommu_domain domain; /* generic domain data structure for
346 /* PCI domain-device relationship */
347 struct device_domain_info {
348 struct list_head link; /* link to domain siblings */
349 struct list_head global; /* link to global list */
350 u8 bus; /* PCI bus number */
351 u8 devfn; /* PCI devfn number */
352 struct device *dev; /* it's NULL for PCIe-to-PCI bridge */
353 struct intel_iommu *iommu; /* IOMMU used by this device */
354 struct dmar_domain *domain; /* pointer to domain */
357 struct dmar_rmrr_unit {
358 struct list_head list; /* list of rmrr units */
359 struct acpi_dmar_header *hdr; /* ACPI header */
360 u64 base_address; /* reserved base address*/
361 u64 end_address; /* reserved end address */
362 struct dmar_dev_scope *devices; /* target devices */
363 int devices_cnt; /* target device count */
366 struct dmar_atsr_unit {
367 struct list_head list; /* list of ATSR units */
368 struct acpi_dmar_header *hdr; /* ACPI header */
369 struct dmar_dev_scope *devices; /* target devices */
370 int devices_cnt; /* target device count */
371 u8 include_all:1; /* include all ports */
374 static LIST_HEAD(dmar_atsr_units);
375 static LIST_HEAD(dmar_rmrr_units);
377 #define for_each_rmrr_units(rmrr) \
378 list_for_each_entry(rmrr, &dmar_rmrr_units, list)
380 static void flush_unmaps_timeout(unsigned long data);
382 static DEFINE_TIMER(unmap_timer, flush_unmaps_timeout, 0, 0);
384 #define HIGH_WATER_MARK 250
385 struct deferred_flush_tables {
387 struct iova *iova[HIGH_WATER_MARK];
388 struct dmar_domain *domain[HIGH_WATER_MARK];
389 struct page *freelist[HIGH_WATER_MARK];
392 static struct deferred_flush_tables *deferred_flush;
394 /* bitmap for indexing intel_iommus */
395 static int g_num_of_iommus;
397 static DEFINE_SPINLOCK(async_umap_flush_lock);
398 static LIST_HEAD(unmaps_to_do);
401 static long list_size;
403 static void domain_exit(struct dmar_domain *domain);
404 static void domain_remove_dev_info(struct dmar_domain *domain);
405 static void domain_remove_one_dev_info(struct dmar_domain *domain,
407 static void iommu_detach_dependent_devices(struct intel_iommu *iommu,
409 static int domain_detach_iommu(struct dmar_domain *domain,
410 struct intel_iommu *iommu);
412 #ifdef CONFIG_INTEL_IOMMU_DEFAULT_ON
413 int dmar_disabled = 0;
415 int dmar_disabled = 1;
416 #endif /*CONFIG_INTEL_IOMMU_DEFAULT_ON*/
418 int intel_iommu_enabled = 0;
419 EXPORT_SYMBOL_GPL(intel_iommu_enabled);
421 static int dmar_map_gfx = 1;
422 static int dmar_forcedac;
423 static int intel_iommu_strict;
424 static int intel_iommu_superpage = 1;
425 static int intel_iommu_ecs = 1;
427 /* We only actually use ECS when PASID support (on the new bit 40)
428 * is also advertised. Some early implementations — the ones with
429 * PASID support on bit 28 — have issues even when we *only* use
430 * extended root/context tables. */
431 #define ecs_enabled(iommu) (intel_iommu_ecs && ecap_ecs(iommu->ecap) && \
432 ecap_pasid(iommu->ecap))
434 int intel_iommu_gfx_mapped;
435 EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped);
437 #define DUMMY_DEVICE_DOMAIN_INFO ((struct device_domain_info *)(-1))
438 static DEFINE_SPINLOCK(device_domain_lock);
439 static LIST_HEAD(device_domain_list);
441 static const struct iommu_ops intel_iommu_ops;
443 /* Convert generic 'struct iommu_domain to private struct dmar_domain */
444 static struct dmar_domain *to_dmar_domain(struct iommu_domain *dom)
446 return container_of(dom, struct dmar_domain, domain);
449 static int __init intel_iommu_setup(char *str)
454 if (!strncmp(str, "on", 2)) {
456 printk(KERN_INFO "Intel-IOMMU: enabled\n");
457 } else if (!strncmp(str, "off", 3)) {
459 printk(KERN_INFO "Intel-IOMMU: disabled\n");
460 } else if (!strncmp(str, "igfx_off", 8)) {
463 "Intel-IOMMU: disable GFX device mapping\n");
464 } else if (!strncmp(str, "forcedac", 8)) {
466 "Intel-IOMMU: Forcing DAC for PCI devices\n");
468 } else if (!strncmp(str, "strict", 6)) {
470 "Intel-IOMMU: disable batched IOTLB flush\n");
471 intel_iommu_strict = 1;
472 } else if (!strncmp(str, "sp_off", 6)) {
474 "Intel-IOMMU: disable supported super page\n");
475 intel_iommu_superpage = 0;
476 } else if (!strncmp(str, "ecs_off", 7)) {
478 "Intel-IOMMU: disable extended context table support\n");
482 str += strcspn(str, ",");
488 __setup("intel_iommu=", intel_iommu_setup);
490 static struct kmem_cache *iommu_domain_cache;
491 static struct kmem_cache *iommu_devinfo_cache;
493 static inline void *alloc_pgtable_page(int node)
498 page = alloc_pages_node(node, GFP_ATOMIC | __GFP_ZERO, 0);
500 vaddr = page_address(page);
504 static inline void free_pgtable_page(void *vaddr)
506 free_page((unsigned long)vaddr);
509 static inline void *alloc_domain_mem(void)
511 return kmem_cache_alloc(iommu_domain_cache, GFP_ATOMIC);
514 static void free_domain_mem(void *vaddr)
516 kmem_cache_free(iommu_domain_cache, vaddr);
519 static inline void * alloc_devinfo_mem(void)
521 return kmem_cache_alloc(iommu_devinfo_cache, GFP_ATOMIC);
524 static inline void free_devinfo_mem(void *vaddr)
526 kmem_cache_free(iommu_devinfo_cache, vaddr);
529 static inline int domain_type_is_vm(struct dmar_domain *domain)
531 return domain->flags & DOMAIN_FLAG_VIRTUAL_MACHINE;
534 static inline int domain_type_is_vm_or_si(struct dmar_domain *domain)
536 return domain->flags & (DOMAIN_FLAG_VIRTUAL_MACHINE |
537 DOMAIN_FLAG_STATIC_IDENTITY);
540 static inline int domain_pfn_supported(struct dmar_domain *domain,
543 int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
545 return !(addr_width < BITS_PER_LONG && pfn >> addr_width);
548 static int __iommu_calculate_agaw(struct intel_iommu *iommu, int max_gaw)
553 sagaw = cap_sagaw(iommu->cap);
554 for (agaw = width_to_agaw(max_gaw);
556 if (test_bit(agaw, &sagaw))
564 * Calculate max SAGAW for each iommu.
566 int iommu_calculate_max_sagaw(struct intel_iommu *iommu)
568 return __iommu_calculate_agaw(iommu, MAX_AGAW_WIDTH);
572 * calculate agaw for each iommu.
573 * "SAGAW" may be different across iommus, use a default agaw, and
574 * get a supported less agaw for iommus that don't support the default agaw.
576 int iommu_calculate_agaw(struct intel_iommu *iommu)
578 return __iommu_calculate_agaw(iommu, DEFAULT_DOMAIN_ADDRESS_WIDTH);
581 /* This functionin only returns single iommu in a domain */
582 static struct intel_iommu *domain_get_iommu(struct dmar_domain *domain)
586 /* si_domain and vm domain should not get here. */
587 BUG_ON(domain_type_is_vm_or_si(domain));
588 iommu_id = find_first_bit(domain->iommu_bmp, g_num_of_iommus);
589 if (iommu_id < 0 || iommu_id >= g_num_of_iommus)
592 return g_iommus[iommu_id];
595 static void domain_update_iommu_coherency(struct dmar_domain *domain)
597 struct dmar_drhd_unit *drhd;
598 struct intel_iommu *iommu;
602 domain->iommu_coherency = 1;
604 for_each_set_bit(i, domain->iommu_bmp, g_num_of_iommus) {
606 if (!ecap_coherent(g_iommus[i]->ecap)) {
607 domain->iommu_coherency = 0;
614 /* No hardware attached; use lowest common denominator */
616 for_each_active_iommu(iommu, drhd) {
617 if (!ecap_coherent(iommu->ecap)) {
618 domain->iommu_coherency = 0;
625 static int domain_update_iommu_snooping(struct intel_iommu *skip)
627 struct dmar_drhd_unit *drhd;
628 struct intel_iommu *iommu;
632 for_each_active_iommu(iommu, drhd) {
634 if (!ecap_sc_support(iommu->ecap)) {
645 static int domain_update_iommu_superpage(struct intel_iommu *skip)
647 struct dmar_drhd_unit *drhd;
648 struct intel_iommu *iommu;
651 if (!intel_iommu_superpage) {
655 /* set iommu_superpage to the smallest common denominator */
657 for_each_active_iommu(iommu, drhd) {
659 mask &= cap_super_page_val(iommu->cap);
669 /* Some capabilities may be different across iommus */
670 static void domain_update_iommu_cap(struct dmar_domain *domain)
672 domain_update_iommu_coherency(domain);
673 domain->iommu_snooping = domain_update_iommu_snooping(NULL);
674 domain->iommu_superpage = domain_update_iommu_superpage(NULL);
677 static inline struct context_entry *iommu_context_addr(struct intel_iommu *iommu,
678 u8 bus, u8 devfn, int alloc)
680 struct root_entry *root = &iommu->root_entry[bus];
681 struct context_entry *context;
684 if (ecs_enabled(iommu)) {
693 context = phys_to_virt(*entry & VTD_PAGE_MASK);
695 unsigned long phy_addr;
699 context = alloc_pgtable_page(iommu->node);
703 __iommu_flush_cache(iommu, (void *)context, CONTEXT_SIZE);
704 phy_addr = virt_to_phys((void *)context);
705 *entry = phy_addr | 1;
706 __iommu_flush_cache(iommu, entry, sizeof(*entry));
708 return &context[devfn];
711 static int iommu_dummy(struct device *dev)
713 return dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO;
716 static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devfn)
718 struct dmar_drhd_unit *drhd = NULL;
719 struct intel_iommu *iommu;
721 struct pci_dev *ptmp, *pdev = NULL;
725 if (iommu_dummy(dev))
728 if (dev_is_pci(dev)) {
729 pdev = to_pci_dev(dev);
730 segment = pci_domain_nr(pdev->bus);
731 } else if (has_acpi_companion(dev))
732 dev = &ACPI_COMPANION(dev)->dev;
735 for_each_active_iommu(iommu, drhd) {
736 if (pdev && segment != drhd->segment)
739 for_each_active_dev_scope(drhd->devices,
740 drhd->devices_cnt, i, tmp) {
742 *bus = drhd->devices[i].bus;
743 *devfn = drhd->devices[i].devfn;
747 if (!pdev || !dev_is_pci(tmp))
750 ptmp = to_pci_dev(tmp);
751 if (ptmp->subordinate &&
752 ptmp->subordinate->number <= pdev->bus->number &&
753 ptmp->subordinate->busn_res.end >= pdev->bus->number)
757 if (pdev && drhd->include_all) {
759 *bus = pdev->bus->number;
760 *devfn = pdev->devfn;
771 static void domain_flush_cache(struct dmar_domain *domain,
772 void *addr, int size)
774 if (!domain->iommu_coherency)
775 clflush_cache_range(addr, size);
778 static int device_context_mapped(struct intel_iommu *iommu, u8 bus, u8 devfn)
780 struct context_entry *context;
784 spin_lock_irqsave(&iommu->lock, flags);
785 context = iommu_context_addr(iommu, bus, devfn, 0);
787 ret = context_present(context);
788 spin_unlock_irqrestore(&iommu->lock, flags);
792 static void clear_context_table(struct intel_iommu *iommu, u8 bus, u8 devfn)
794 struct context_entry *context;
797 spin_lock_irqsave(&iommu->lock, flags);
798 context = iommu_context_addr(iommu, bus, devfn, 0);
800 context_clear_entry(context);
801 __iommu_flush_cache(iommu, context, sizeof(*context));
803 spin_unlock_irqrestore(&iommu->lock, flags);
806 static void free_context_table(struct intel_iommu *iommu)
810 struct context_entry *context;
812 spin_lock_irqsave(&iommu->lock, flags);
813 if (!iommu->root_entry) {
816 for (i = 0; i < ROOT_ENTRY_NR; i++) {
817 context = iommu_context_addr(iommu, i, 0, 0);
819 free_pgtable_page(context);
821 if (!ecs_enabled(iommu))
824 context = iommu_context_addr(iommu, i, 0x80, 0);
826 free_pgtable_page(context);
829 free_pgtable_page(iommu->root_entry);
830 iommu->root_entry = NULL;
832 spin_unlock_irqrestore(&iommu->lock, flags);
835 static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
836 unsigned long pfn, int *target_level)
838 struct dma_pte *parent, *pte = NULL;
839 int level = agaw_to_level(domain->agaw);
842 BUG_ON(!domain->pgd);
844 if (!domain_pfn_supported(domain, pfn))
845 /* Address beyond IOMMU's addressing capabilities. */
848 parent = domain->pgd;
853 offset = pfn_level_offset(pfn, level);
854 pte = &parent[offset];
855 if (!*target_level && (dma_pte_superpage(pte) || !dma_pte_present(pte)))
857 if (level == *target_level)
860 if (!dma_pte_present(pte)) {
863 tmp_page = alloc_pgtable_page(domain->nid);
868 domain_flush_cache(domain, tmp_page, VTD_PAGE_SIZE);
869 pteval = ((uint64_t)virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE;
870 if (cmpxchg64(&pte->val, 0ULL, pteval))
871 /* Someone else set it while we were thinking; use theirs. */
872 free_pgtable_page(tmp_page);
874 domain_flush_cache(domain, pte, sizeof(*pte));
879 parent = phys_to_virt(dma_pte_addr(pte));
884 *target_level = level;
890 /* return address's pte at specific level */
891 static struct dma_pte *dma_pfn_level_pte(struct dmar_domain *domain,
893 int level, int *large_page)
895 struct dma_pte *parent, *pte = NULL;
896 int total = agaw_to_level(domain->agaw);
899 parent = domain->pgd;
900 while (level <= total) {
901 offset = pfn_level_offset(pfn, total);
902 pte = &parent[offset];
906 if (!dma_pte_present(pte)) {
911 if (dma_pte_superpage(pte)) {
916 parent = phys_to_virt(dma_pte_addr(pte));
922 /* clear last level pte, a tlb flush should be followed */
923 static void dma_pte_clear_range(struct dmar_domain *domain,
924 unsigned long start_pfn,
925 unsigned long last_pfn)
927 unsigned int large_page = 1;
928 struct dma_pte *first_pte, *pte;
930 BUG_ON(!domain_pfn_supported(domain, start_pfn));
931 BUG_ON(!domain_pfn_supported(domain, last_pfn));
932 BUG_ON(start_pfn > last_pfn);
934 /* we don't need lock here; nobody else touches the iova range */
937 first_pte = pte = dma_pfn_level_pte(domain, start_pfn, 1, &large_page);
939 start_pfn = align_to_level(start_pfn + 1, large_page + 1);
944 start_pfn += lvl_to_nr_pages(large_page);
946 } while (start_pfn <= last_pfn && !first_pte_in_page(pte));
948 domain_flush_cache(domain, first_pte,
949 (void *)pte - (void *)first_pte);
951 } while (start_pfn && start_pfn <= last_pfn);
954 static void dma_pte_free_level(struct dmar_domain *domain, int level,
955 struct dma_pte *pte, unsigned long pfn,
956 unsigned long start_pfn, unsigned long last_pfn)
958 pfn = max(start_pfn, pfn);
959 pte = &pte[pfn_level_offset(pfn, level)];
962 unsigned long level_pfn;
963 struct dma_pte *level_pte;
965 if (!dma_pte_present(pte) || dma_pte_superpage(pte))
968 level_pfn = pfn & level_mask(level - 1);
969 level_pte = phys_to_virt(dma_pte_addr(pte));
972 dma_pte_free_level(domain, level - 1, level_pte,
973 level_pfn, start_pfn, last_pfn);
975 /* If range covers entire pagetable, free it */
976 if (!(start_pfn > level_pfn ||
977 last_pfn < level_pfn + level_size(level) - 1)) {
979 domain_flush_cache(domain, pte, sizeof(*pte));
980 free_pgtable_page(level_pte);
983 pfn += level_size(level);
984 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
987 /* free page table pages. last level pte should already be cleared */
988 static void dma_pte_free_pagetable(struct dmar_domain *domain,
989 unsigned long start_pfn,
990 unsigned long last_pfn)
992 BUG_ON(!domain_pfn_supported(domain, start_pfn));
993 BUG_ON(!domain_pfn_supported(domain, last_pfn));
994 BUG_ON(start_pfn > last_pfn);
996 dma_pte_clear_range(domain, start_pfn, last_pfn);
998 /* We don't need lock here; nobody else touches the iova range */
999 dma_pte_free_level(domain, agaw_to_level(domain->agaw),
1000 domain->pgd, 0, start_pfn, last_pfn);
1003 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1004 free_pgtable_page(domain->pgd);
1009 /* When a page at a given level is being unlinked from its parent, we don't
1010 need to *modify* it at all. All we need to do is make a list of all the
1011 pages which can be freed just as soon as we've flushed the IOTLB and we
1012 know the hardware page-walk will no longer touch them.
1013 The 'pte' argument is the *parent* PTE, pointing to the page that is to
1015 static struct page *dma_pte_list_pagetables(struct dmar_domain *domain,
1016 int level, struct dma_pte *pte,
1017 struct page *freelist)
1021 pg = pfn_to_page(dma_pte_addr(pte) >> PAGE_SHIFT);
1022 pg->freelist = freelist;
1028 pte = page_address(pg);
1030 if (dma_pte_present(pte) && !dma_pte_superpage(pte))
1031 freelist = dma_pte_list_pagetables(domain, level - 1,
1034 } while (!first_pte_in_page(pte));
1039 static struct page *dma_pte_clear_level(struct dmar_domain *domain, int level,
1040 struct dma_pte *pte, unsigned long pfn,
1041 unsigned long start_pfn,
1042 unsigned long last_pfn,
1043 struct page *freelist)
1045 struct dma_pte *first_pte = NULL, *last_pte = NULL;
1047 pfn = max(start_pfn, pfn);
1048 pte = &pte[pfn_level_offset(pfn, level)];
1051 unsigned long level_pfn;
1053 if (!dma_pte_present(pte))
1056 level_pfn = pfn & level_mask(level);
1058 /* If range covers entire pagetable, free it */
1059 if (start_pfn <= level_pfn &&
1060 last_pfn >= level_pfn + level_size(level) - 1) {
1061 /* These suborbinate page tables are going away entirely. Don't
1062 bother to clear them; we're just going to *free* them. */
1063 if (level > 1 && !dma_pte_superpage(pte))
1064 freelist = dma_pte_list_pagetables(domain, level - 1, pte, freelist);
1070 } else if (level > 1) {
1071 /* Recurse down into a level that isn't *entirely* obsolete */
1072 freelist = dma_pte_clear_level(domain, level - 1,
1073 phys_to_virt(dma_pte_addr(pte)),
1074 level_pfn, start_pfn, last_pfn,
1078 pfn += level_size(level);
1079 } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
1082 domain_flush_cache(domain, first_pte,
1083 (void *)++last_pte - (void *)first_pte);
1088 /* We can't just free the pages because the IOMMU may still be walking
1089 the page tables, and may have cached the intermediate levels. The
1090 pages can only be freed after the IOTLB flush has been done. */
1091 struct page *domain_unmap(struct dmar_domain *domain,
1092 unsigned long start_pfn,
1093 unsigned long last_pfn)
1095 struct page *freelist = NULL;
1097 BUG_ON(!domain_pfn_supported(domain, start_pfn));
1098 BUG_ON(!domain_pfn_supported(domain, last_pfn));
1099 BUG_ON(start_pfn > last_pfn);
1101 /* we don't need lock here; nobody else touches the iova range */
1102 freelist = dma_pte_clear_level(domain, agaw_to_level(domain->agaw),
1103 domain->pgd, 0, start_pfn, last_pfn, NULL);
1106 if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
1107 struct page *pgd_page = virt_to_page(domain->pgd);
1108 pgd_page->freelist = freelist;
1109 freelist = pgd_page;
1117 void dma_free_pagelist(struct page *freelist)
1121 while ((pg = freelist)) {
1122 freelist = pg->freelist;
1123 free_pgtable_page(page_address(pg));
1127 /* iommu handling */
1128 static int iommu_alloc_root_entry(struct intel_iommu *iommu)
1130 struct root_entry *root;
1131 unsigned long flags;
1133 root = (struct root_entry *)alloc_pgtable_page(iommu->node);
1135 pr_err("IOMMU: allocating root entry for %s failed\n",
1140 __iommu_flush_cache(iommu, root, ROOT_SIZE);
1142 spin_lock_irqsave(&iommu->lock, flags);
1143 iommu->root_entry = root;
1144 spin_unlock_irqrestore(&iommu->lock, flags);
1149 static void iommu_set_root_entry(struct intel_iommu *iommu)
1155 addr = virt_to_phys(iommu->root_entry);
1156 if (ecs_enabled(iommu))
1157 addr |= DMA_RTADDR_RTT;
1159 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1160 dmar_writeq(iommu->reg + DMAR_RTADDR_REG, addr);
1162 writel(iommu->gcmd | DMA_GCMD_SRTP, iommu->reg + DMAR_GCMD_REG);
1164 /* Make sure hardware complete it */
1165 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1166 readl, (sts & DMA_GSTS_RTPS), sts);
1168 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1171 static void iommu_flush_write_buffer(struct intel_iommu *iommu)
1176 if (!rwbf_quirk && !cap_rwbf(iommu->cap))
1179 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1180 writel(iommu->gcmd | DMA_GCMD_WBF, iommu->reg + DMAR_GCMD_REG);
1182 /* Make sure hardware complete it */
1183 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1184 readl, (!(val & DMA_GSTS_WBFS)), val);
1186 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1189 /* return value determine if we need a write buffer flush */
1190 static void __iommu_flush_context(struct intel_iommu *iommu,
1191 u16 did, u16 source_id, u8 function_mask,
1198 case DMA_CCMD_GLOBAL_INVL:
1199 val = DMA_CCMD_GLOBAL_INVL;
1201 case DMA_CCMD_DOMAIN_INVL:
1202 val = DMA_CCMD_DOMAIN_INVL|DMA_CCMD_DID(did);
1204 case DMA_CCMD_DEVICE_INVL:
1205 val = DMA_CCMD_DEVICE_INVL|DMA_CCMD_DID(did)
1206 | DMA_CCMD_SID(source_id) | DMA_CCMD_FM(function_mask);
1211 val |= DMA_CCMD_ICC;
1213 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1214 dmar_writeq(iommu->reg + DMAR_CCMD_REG, val);
1216 /* Make sure hardware complete it */
1217 IOMMU_WAIT_OP(iommu, DMAR_CCMD_REG,
1218 dmar_readq, (!(val & DMA_CCMD_ICC)), val);
1220 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1223 /* return value determine if we need a write buffer flush */
1224 static void __iommu_flush_iotlb(struct intel_iommu *iommu, u16 did,
1225 u64 addr, unsigned int size_order, u64 type)
1227 int tlb_offset = ecap_iotlb_offset(iommu->ecap);
1228 u64 val = 0, val_iva = 0;
1232 case DMA_TLB_GLOBAL_FLUSH:
1233 /* global flush doesn't need set IVA_REG */
1234 val = DMA_TLB_GLOBAL_FLUSH|DMA_TLB_IVT;
1236 case DMA_TLB_DSI_FLUSH:
1237 val = DMA_TLB_DSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1239 case DMA_TLB_PSI_FLUSH:
1240 val = DMA_TLB_PSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
1241 /* IH bit is passed in as part of address */
1242 val_iva = size_order | addr;
1247 /* Note: set drain read/write */
1250 * This is probably to be super secure.. Looks like we can
1251 * ignore it without any impact.
1253 if (cap_read_drain(iommu->cap))
1254 val |= DMA_TLB_READ_DRAIN;
1256 if (cap_write_drain(iommu->cap))
1257 val |= DMA_TLB_WRITE_DRAIN;
1259 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1260 /* Note: Only uses first TLB reg currently */
1262 dmar_writeq(iommu->reg + tlb_offset, val_iva);
1263 dmar_writeq(iommu->reg + tlb_offset + 8, val);
1265 /* Make sure hardware complete it */
1266 IOMMU_WAIT_OP(iommu, tlb_offset + 8,
1267 dmar_readq, (!(val & DMA_TLB_IVT)), val);
1269 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1271 /* check IOTLB invalidation granularity */
1272 if (DMA_TLB_IAIG(val) == 0)
1273 printk(KERN_ERR"IOMMU: flush IOTLB failed\n");
1274 if (DMA_TLB_IAIG(val) != DMA_TLB_IIRG(type))
1275 pr_debug("IOMMU: tlb flush request %Lx, actual %Lx\n",
1276 (unsigned long long)DMA_TLB_IIRG(type),
1277 (unsigned long long)DMA_TLB_IAIG(val));
1280 static struct device_domain_info *
1281 iommu_support_dev_iotlb (struct dmar_domain *domain, struct intel_iommu *iommu,
1285 unsigned long flags;
1286 struct device_domain_info *info;
1287 struct pci_dev *pdev;
1289 if (!ecap_dev_iotlb_support(iommu->ecap))
1295 spin_lock_irqsave(&device_domain_lock, flags);
1296 list_for_each_entry(info, &domain->devices, link)
1297 if (info->iommu == iommu && info->bus == bus &&
1298 info->devfn == devfn) {
1302 spin_unlock_irqrestore(&device_domain_lock, flags);
1304 if (!found || !info->dev || !dev_is_pci(info->dev))
1307 pdev = to_pci_dev(info->dev);
1309 if (!pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS))
1312 if (!dmar_find_matched_atsr_unit(pdev))
1318 static void iommu_enable_dev_iotlb(struct device_domain_info *info)
1320 if (!info || !dev_is_pci(info->dev))
1323 pci_enable_ats(to_pci_dev(info->dev), VTD_PAGE_SHIFT);
1326 static void iommu_disable_dev_iotlb(struct device_domain_info *info)
1328 if (!info->dev || !dev_is_pci(info->dev) ||
1329 !pci_ats_enabled(to_pci_dev(info->dev)))
1332 pci_disable_ats(to_pci_dev(info->dev));
1335 static void iommu_flush_dev_iotlb(struct dmar_domain *domain,
1336 u64 addr, unsigned mask)
1339 unsigned long flags;
1340 struct device_domain_info *info;
1342 spin_lock_irqsave(&device_domain_lock, flags);
1343 list_for_each_entry(info, &domain->devices, link) {
1344 struct pci_dev *pdev;
1345 if (!info->dev || !dev_is_pci(info->dev))
1348 pdev = to_pci_dev(info->dev);
1349 if (!pci_ats_enabled(pdev))
1352 sid = info->bus << 8 | info->devfn;
1353 qdep = pci_ats_queue_depth(pdev);
1354 qi_flush_dev_iotlb(info->iommu, sid, qdep, addr, mask);
1356 spin_unlock_irqrestore(&device_domain_lock, flags);
1359 static void iommu_flush_iotlb_psi(struct intel_iommu *iommu, u16 did,
1360 unsigned long pfn, unsigned int pages, int ih, int map)
1362 unsigned int mask = ilog2(__roundup_pow_of_two(pages));
1363 uint64_t addr = (uint64_t)pfn << VTD_PAGE_SHIFT;
1370 * Fallback to domain selective flush if no PSI support or the size is
1372 * PSI requires page size to be 2 ^ x, and the base address is naturally
1373 * aligned to the size
1375 if (!cap_pgsel_inv(iommu->cap) || mask > cap_max_amask_val(iommu->cap))
1376 iommu->flush.flush_iotlb(iommu, did, 0, 0,
1379 iommu->flush.flush_iotlb(iommu, did, addr | ih, mask,
1383 * In caching mode, changes of pages from non-present to present require
1384 * flush. However, device IOTLB doesn't need to be flushed in this case.
1386 if (!cap_caching_mode(iommu->cap) || !map)
1387 iommu_flush_dev_iotlb(iommu->domains[did], addr, mask);
1390 static void iommu_disable_protect_mem_regions(struct intel_iommu *iommu)
1393 unsigned long flags;
1395 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1396 pmen = readl(iommu->reg + DMAR_PMEN_REG);
1397 pmen &= ~DMA_PMEN_EPM;
1398 writel(pmen, iommu->reg + DMAR_PMEN_REG);
1400 /* wait for the protected region status bit to clear */
1401 IOMMU_WAIT_OP(iommu, DMAR_PMEN_REG,
1402 readl, !(pmen & DMA_PMEN_PRS), pmen);
1404 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1407 static void iommu_enable_translation(struct intel_iommu *iommu)
1410 unsigned long flags;
1412 raw_spin_lock_irqsave(&iommu->register_lock, flags);
1413 iommu->gcmd |= DMA_GCMD_TE;
1414 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1416 /* Make sure hardware complete it */
1417 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1418 readl, (sts & DMA_GSTS_TES), sts);
1420 raw_spin_unlock_irqrestore(&iommu->register_lock, flags);
1423 static void iommu_disable_translation(struct intel_iommu *iommu)
1428 raw_spin_lock_irqsave(&iommu->register_lock, flag);
1429 iommu->gcmd &= ~DMA_GCMD_TE;
1430 writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG);
1432 /* Make sure hardware complete it */
1433 IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG,
1434 readl, (!(sts & DMA_GSTS_TES)), sts);
1436 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
1440 static int iommu_init_domains(struct intel_iommu *iommu)
1442 unsigned long ndomains;
1443 unsigned long nlongs;
1445 ndomains = cap_ndoms(iommu->cap);
1446 pr_debug("IOMMU%d: Number of Domains supported <%ld>\n",
1447 iommu->seq_id, ndomains);
1448 nlongs = BITS_TO_LONGS(ndomains);
1450 spin_lock_init(&iommu->lock);
1452 /* TBD: there might be 64K domains,
1453 * consider other allocation for future chip
1455 iommu->domain_ids = kcalloc(nlongs, sizeof(unsigned long), GFP_KERNEL);
1456 if (!iommu->domain_ids) {
1457 pr_err("IOMMU%d: allocating domain id array failed\n",
1461 iommu->domains = kcalloc(ndomains, sizeof(struct dmar_domain *),
1463 if (!iommu->domains) {
1464 pr_err("IOMMU%d: allocating domain array failed\n",
1466 kfree(iommu->domain_ids);
1467 iommu->domain_ids = NULL;
1472 * if Caching mode is set, then invalid translations are tagged
1473 * with domainid 0. Hence we need to pre-allocate it.
1475 if (cap_caching_mode(iommu->cap))
1476 set_bit(0, iommu->domain_ids);
1480 static void disable_dmar_iommu(struct intel_iommu *iommu)
1482 struct dmar_domain *domain;
1485 if ((iommu->domains) && (iommu->domain_ids)) {
1486 for_each_set_bit(i, iommu->domain_ids, cap_ndoms(iommu->cap)) {
1488 * Domain id 0 is reserved for invalid translation
1489 * if hardware supports caching mode.
1491 if (cap_caching_mode(iommu->cap) && i == 0)
1494 domain = iommu->domains[i];
1495 clear_bit(i, iommu->domain_ids);
1496 if (domain_detach_iommu(domain, iommu) == 0 &&
1497 !domain_type_is_vm(domain))
1498 domain_exit(domain);
1502 if (iommu->gcmd & DMA_GCMD_TE)
1503 iommu_disable_translation(iommu);
1506 static void free_dmar_iommu(struct intel_iommu *iommu)
1508 if ((iommu->domains) && (iommu->domain_ids)) {
1509 kfree(iommu->domains);
1510 kfree(iommu->domain_ids);
1511 iommu->domains = NULL;
1512 iommu->domain_ids = NULL;
1515 g_iommus[iommu->seq_id] = NULL;
1517 /* free context mapping */
1518 free_context_table(iommu);
1521 static struct dmar_domain *alloc_domain(int flags)
1523 /* domain id for virtual machine, it won't be set in context */
1524 static atomic_t vm_domid = ATOMIC_INIT(0);
1525 struct dmar_domain *domain;
1527 domain = alloc_domain_mem();
1531 memset(domain, 0, sizeof(*domain));
1533 domain->flags = flags;
1534 spin_lock_init(&domain->iommu_lock);
1535 INIT_LIST_HEAD(&domain->devices);
1536 if (flags & DOMAIN_FLAG_VIRTUAL_MACHINE)
1537 domain->id = atomic_inc_return(&vm_domid);
1542 static int __iommu_attach_domain(struct dmar_domain *domain,
1543 struct intel_iommu *iommu)
1546 unsigned long ndomains;
1548 ndomains = cap_ndoms(iommu->cap);
1549 num = find_first_zero_bit(iommu->domain_ids, ndomains);
1550 if (num < ndomains) {
1551 set_bit(num, iommu->domain_ids);
1552 iommu->domains[num] = domain;
1560 static int iommu_attach_domain(struct dmar_domain *domain,
1561 struct intel_iommu *iommu)
1564 unsigned long flags;
1566 spin_lock_irqsave(&iommu->lock, flags);
1567 num = __iommu_attach_domain(domain, iommu);
1568 spin_unlock_irqrestore(&iommu->lock, flags);
1570 pr_err("IOMMU: no free domain ids\n");
1575 static int iommu_attach_vm_domain(struct dmar_domain *domain,
1576 struct intel_iommu *iommu)
1579 unsigned long ndomains;
1581 ndomains = cap_ndoms(iommu->cap);
1582 for_each_set_bit(num, iommu->domain_ids, ndomains)
1583 if (iommu->domains[num] == domain)
1586 return __iommu_attach_domain(domain, iommu);
1589 static void iommu_detach_domain(struct dmar_domain *domain,
1590 struct intel_iommu *iommu)
1592 unsigned long flags;
1595 spin_lock_irqsave(&iommu->lock, flags);
1596 if (domain_type_is_vm_or_si(domain)) {
1597 ndomains = cap_ndoms(iommu->cap);
1598 for_each_set_bit(num, iommu->domain_ids, ndomains) {
1599 if (iommu->domains[num] == domain) {
1600 clear_bit(num, iommu->domain_ids);
1601 iommu->domains[num] = NULL;
1606 clear_bit(domain->id, iommu->domain_ids);
1607 iommu->domains[domain->id] = NULL;
1609 spin_unlock_irqrestore(&iommu->lock, flags);
1612 static void domain_attach_iommu(struct dmar_domain *domain,
1613 struct intel_iommu *iommu)
1615 unsigned long flags;
1617 spin_lock_irqsave(&domain->iommu_lock, flags);
1618 if (!test_and_set_bit(iommu->seq_id, domain->iommu_bmp)) {
1619 domain->iommu_count++;
1620 if (domain->iommu_count == 1)
1621 domain->nid = iommu->node;
1622 domain_update_iommu_cap(domain);
1624 spin_unlock_irqrestore(&domain->iommu_lock, flags);
1627 static int domain_detach_iommu(struct dmar_domain *domain,
1628 struct intel_iommu *iommu)
1630 unsigned long flags;
1631 int count = INT_MAX;
1633 spin_lock_irqsave(&domain->iommu_lock, flags);
1634 if (test_and_clear_bit(iommu->seq_id, domain->iommu_bmp)) {
1635 count = --domain->iommu_count;
1636 domain_update_iommu_cap(domain);
1638 spin_unlock_irqrestore(&domain->iommu_lock, flags);
1643 static struct iova_domain reserved_iova_list;
1644 static struct lock_class_key reserved_rbtree_key;
1646 static int dmar_init_reserved_ranges(void)
1648 struct pci_dev *pdev = NULL;
1652 init_iova_domain(&reserved_iova_list, VTD_PAGE_SIZE, IOVA_START_PFN,
1655 lockdep_set_class(&reserved_iova_list.iova_rbtree_lock,
1656 &reserved_rbtree_key);
1658 /* IOAPIC ranges shouldn't be accessed by DMA */
1659 iova = reserve_iova(&reserved_iova_list, IOVA_PFN(IOAPIC_RANGE_START),
1660 IOVA_PFN(IOAPIC_RANGE_END));
1662 printk(KERN_ERR "Reserve IOAPIC range failed\n");
1666 /* Reserve all PCI MMIO to avoid peer-to-peer access */
1667 for_each_pci_dev(pdev) {
1670 for (i = 0; i < PCI_NUM_RESOURCES; i++) {
1671 r = &pdev->resource[i];
1672 if (!r->flags || !(r->flags & IORESOURCE_MEM))
1674 iova = reserve_iova(&reserved_iova_list,
1678 printk(KERN_ERR "Reserve iova failed\n");
1686 static void domain_reserve_special_ranges(struct dmar_domain *domain)
1688 copy_reserved_iova(&reserved_iova_list, &domain->iovad);
1691 static inline int guestwidth_to_adjustwidth(int gaw)
1694 int r = (gaw - 12) % 9;
1705 static int domain_init(struct dmar_domain *domain, int guest_width)
1707 struct intel_iommu *iommu;
1708 int adjust_width, agaw;
1709 unsigned long sagaw;
1711 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
1713 domain_reserve_special_ranges(domain);
1715 /* calculate AGAW */
1716 iommu = domain_get_iommu(domain);
1717 if (guest_width > cap_mgaw(iommu->cap))
1718 guest_width = cap_mgaw(iommu->cap);
1719 domain->gaw = guest_width;
1720 adjust_width = guestwidth_to_adjustwidth(guest_width);
1721 agaw = width_to_agaw(adjust_width);
1722 sagaw = cap_sagaw(iommu->cap);
1723 if (!test_bit(agaw, &sagaw)) {
1724 /* hardware doesn't support it, choose a bigger one */
1725 pr_debug("IOMMU: hardware doesn't support agaw %d\n", agaw);
1726 agaw = find_next_bit(&sagaw, 5, agaw);
1730 domain->agaw = agaw;
1732 if (ecap_coherent(iommu->ecap))
1733 domain->iommu_coherency = 1;
1735 domain->iommu_coherency = 0;
1737 if (ecap_sc_support(iommu->ecap))
1738 domain->iommu_snooping = 1;
1740 domain->iommu_snooping = 0;
1742 if (intel_iommu_superpage)
1743 domain->iommu_superpage = fls(cap_super_page_val(iommu->cap));
1745 domain->iommu_superpage = 0;
1747 domain->nid = iommu->node;
1749 /* always allocate the top pgd */
1750 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
1753 __iommu_flush_cache(iommu, domain->pgd, PAGE_SIZE);
1757 static void domain_exit(struct dmar_domain *domain)
1759 struct page *freelist = NULL;
1762 /* Domain 0 is reserved, so dont process it */
1766 /* Flush any lazy unmaps that may reference this domain */
1767 if (!intel_iommu_strict)
1768 flush_unmaps_timeout(0);
1770 /* remove associated devices */
1771 domain_remove_dev_info(domain);
1774 put_iova_domain(&domain->iovad);
1776 freelist = domain_unmap(domain, 0, DOMAIN_MAX_PFN(domain->gaw));
1778 /* clear attached or cached domains */
1780 for_each_set_bit(i, domain->iommu_bmp, g_num_of_iommus)
1781 iommu_detach_domain(domain, g_iommus[i]);
1784 dma_free_pagelist(freelist);
1786 free_domain_mem(domain);
1789 static int domain_context_mapping_one(struct dmar_domain *domain,
1790 struct intel_iommu *iommu,
1791 u8 bus, u8 devfn, int translation)
1793 struct context_entry *context;
1794 unsigned long flags;
1795 struct dma_pte *pgd;
1798 struct device_domain_info *info = NULL;
1800 pr_debug("Set context mapping for %02x:%02x.%d\n",
1801 bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
1803 BUG_ON(!domain->pgd);
1804 BUG_ON(translation != CONTEXT_TT_PASS_THROUGH &&
1805 translation != CONTEXT_TT_MULTI_LEVEL);
1807 spin_lock_irqsave(&iommu->lock, flags);
1808 context = iommu_context_addr(iommu, bus, devfn, 1);
1809 spin_unlock_irqrestore(&iommu->lock, flags);
1812 spin_lock_irqsave(&iommu->lock, flags);
1813 if (context_present(context)) {
1814 spin_unlock_irqrestore(&iommu->lock, flags);
1821 if (domain_type_is_vm_or_si(domain)) {
1822 if (domain_type_is_vm(domain)) {
1823 id = iommu_attach_vm_domain(domain, iommu);
1825 spin_unlock_irqrestore(&iommu->lock, flags);
1826 pr_err("IOMMU: no free domain ids\n");
1831 /* Skip top levels of page tables for
1832 * iommu which has less agaw than default.
1833 * Unnecessary for PT mode.
1835 if (translation != CONTEXT_TT_PASS_THROUGH) {
1836 for (agaw = domain->agaw; agaw != iommu->agaw; agaw--) {
1837 pgd = phys_to_virt(dma_pte_addr(pgd));
1838 if (!dma_pte_present(pgd)) {
1839 spin_unlock_irqrestore(&iommu->lock, flags);
1846 context_set_domain_id(context, id);
1848 if (translation != CONTEXT_TT_PASS_THROUGH) {
1849 info = iommu_support_dev_iotlb(domain, iommu, bus, devfn);
1850 translation = info ? CONTEXT_TT_DEV_IOTLB :
1851 CONTEXT_TT_MULTI_LEVEL;
1854 * In pass through mode, AW must be programmed to indicate the largest
1855 * AGAW value supported by hardware. And ASR is ignored by hardware.
1857 if (unlikely(translation == CONTEXT_TT_PASS_THROUGH))
1858 context_set_address_width(context, iommu->msagaw);
1860 context_set_address_root(context, virt_to_phys(pgd));
1861 context_set_address_width(context, iommu->agaw);
1864 context_set_translation_type(context, translation);
1865 context_set_fault_enable(context);
1866 context_set_present(context);
1867 domain_flush_cache(domain, context, sizeof(*context));
1870 * It's a non-present to present mapping. If hardware doesn't cache
1871 * non-present entry we only need to flush the write-buffer. If the
1872 * _does_ cache non-present entries, then it does so in the special
1873 * domain #0, which we have to flush:
1875 if (cap_caching_mode(iommu->cap)) {
1876 iommu->flush.flush_context(iommu, 0,
1877 (((u16)bus) << 8) | devfn,
1878 DMA_CCMD_MASK_NOBIT,
1879 DMA_CCMD_DEVICE_INVL);
1880 iommu->flush.flush_iotlb(iommu, id, 0, 0, DMA_TLB_DSI_FLUSH);
1882 iommu_flush_write_buffer(iommu);
1884 iommu_enable_dev_iotlb(info);
1885 spin_unlock_irqrestore(&iommu->lock, flags);
1887 domain_attach_iommu(domain, iommu);
1892 struct domain_context_mapping_data {
1893 struct dmar_domain *domain;
1894 struct intel_iommu *iommu;
1898 static int domain_context_mapping_cb(struct pci_dev *pdev,
1899 u16 alias, void *opaque)
1901 struct domain_context_mapping_data *data = opaque;
1903 return domain_context_mapping_one(data->domain, data->iommu,
1904 PCI_BUS_NUM(alias), alias & 0xff,
1909 domain_context_mapping(struct dmar_domain *domain, struct device *dev,
1912 struct intel_iommu *iommu;
1914 struct domain_context_mapping_data data;
1916 iommu = device_to_iommu(dev, &bus, &devfn);
1920 if (!dev_is_pci(dev))
1921 return domain_context_mapping_one(domain, iommu, bus, devfn,
1924 data.domain = domain;
1926 data.translation = translation;
1928 return pci_for_each_dma_alias(to_pci_dev(dev),
1929 &domain_context_mapping_cb, &data);
1932 static int domain_context_mapped_cb(struct pci_dev *pdev,
1933 u16 alias, void *opaque)
1935 struct intel_iommu *iommu = opaque;
1937 return !device_context_mapped(iommu, PCI_BUS_NUM(alias), alias & 0xff);
1940 static int domain_context_mapped(struct device *dev)
1942 struct intel_iommu *iommu;
1945 iommu = device_to_iommu(dev, &bus, &devfn);
1949 if (!dev_is_pci(dev))
1950 return device_context_mapped(iommu, bus, devfn);
1952 return !pci_for_each_dma_alias(to_pci_dev(dev),
1953 domain_context_mapped_cb, iommu);
1956 /* Returns a number of VTD pages, but aligned to MM page size */
1957 static inline unsigned long aligned_nrpages(unsigned long host_addr,
1960 host_addr &= ~PAGE_MASK;
1961 return PAGE_ALIGN(host_addr + size) >> VTD_PAGE_SHIFT;
1964 /* Return largest possible superpage level for a given mapping */
1965 static inline int hardware_largepage_caps(struct dmar_domain *domain,
1966 unsigned long iov_pfn,
1967 unsigned long phy_pfn,
1968 unsigned long pages)
1970 int support, level = 1;
1971 unsigned long pfnmerge;
1973 support = domain->iommu_superpage;
1975 /* To use a large page, the virtual *and* physical addresses
1976 must be aligned to 2MiB/1GiB/etc. Lower bits set in either
1977 of them will mean we have to use smaller pages. So just
1978 merge them and check both at once. */
1979 pfnmerge = iov_pfn | phy_pfn;
1981 while (support && !(pfnmerge & ~VTD_STRIDE_MASK)) {
1982 pages >>= VTD_STRIDE_SHIFT;
1985 pfnmerge >>= VTD_STRIDE_SHIFT;
1992 static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
1993 struct scatterlist *sg, unsigned long phys_pfn,
1994 unsigned long nr_pages, int prot)
1996 struct dma_pte *first_pte = NULL, *pte = NULL;
1997 phys_addr_t uninitialized_var(pteval);
1998 unsigned long sg_res = 0;
1999 unsigned int largepage_lvl = 0;
2000 unsigned long lvl_pages = 0;
2002 BUG_ON(!domain_pfn_supported(domain, iov_pfn + nr_pages - 1));
2004 if ((prot & (DMA_PTE_READ|DMA_PTE_WRITE)) == 0)
2007 prot &= DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP;
2011 pteval = ((phys_addr_t)phys_pfn << VTD_PAGE_SHIFT) | prot;
2014 while (nr_pages > 0) {
2018 sg_res = aligned_nrpages(sg->offset, sg->length);
2019 sg->dma_address = ((dma_addr_t)iov_pfn << VTD_PAGE_SHIFT) + sg->offset;
2020 sg->dma_length = sg->length;
2021 pteval = page_to_phys(sg_page(sg)) | prot;
2022 phys_pfn = pteval >> VTD_PAGE_SHIFT;
2026 largepage_lvl = hardware_largepage_caps(domain, iov_pfn, phys_pfn, sg_res);
2028 first_pte = pte = pfn_to_dma_pte(domain, iov_pfn, &largepage_lvl);
2031 /* It is large page*/
2032 if (largepage_lvl > 1) {
2033 pteval |= DMA_PTE_LARGE_PAGE;
2034 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2036 * Ensure that old small page tables are
2037 * removed to make room for superpage,
2040 dma_pte_free_pagetable(domain, iov_pfn,
2041 iov_pfn + lvl_pages - 1);
2043 pteval &= ~(uint64_t)DMA_PTE_LARGE_PAGE;
2047 /* We don't need lock here, nobody else
2048 * touches the iova range
2050 tmp = cmpxchg64_local(&pte->val, 0ULL, pteval);
2052 static int dumps = 5;
2053 printk(KERN_CRIT "ERROR: DMA PTE for vPFN 0x%lx already set (to %llx not %llx)\n",
2054 iov_pfn, tmp, (unsigned long long)pteval);
2057 debug_dma_dump_mappings(NULL);
2062 lvl_pages = lvl_to_nr_pages(largepage_lvl);
2064 BUG_ON(nr_pages < lvl_pages);
2065 BUG_ON(sg_res < lvl_pages);
2067 nr_pages -= lvl_pages;
2068 iov_pfn += lvl_pages;
2069 phys_pfn += lvl_pages;
2070 pteval += lvl_pages * VTD_PAGE_SIZE;
2071 sg_res -= lvl_pages;
2073 /* If the next PTE would be the first in a new page, then we
2074 need to flush the cache on the entries we've just written.
2075 And then we'll need to recalculate 'pte', so clear it and
2076 let it get set again in the if (!pte) block above.
2078 If we're done (!nr_pages) we need to flush the cache too.
2080 Also if we've been setting superpages, we may need to
2081 recalculate 'pte' and switch back to smaller pages for the
2082 end of the mapping, if the trailing size is not enough to
2083 use another superpage (i.e. sg_res < lvl_pages). */
2085 if (!nr_pages || first_pte_in_page(pte) ||
2086 (largepage_lvl > 1 && sg_res < lvl_pages)) {
2087 domain_flush_cache(domain, first_pte,
2088 (void *)pte - (void *)first_pte);
2092 if (!sg_res && nr_pages)
2098 static inline int domain_sg_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2099 struct scatterlist *sg, unsigned long nr_pages,
2102 return __domain_mapping(domain, iov_pfn, sg, 0, nr_pages, prot);
2105 static inline int domain_pfn_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
2106 unsigned long phys_pfn, unsigned long nr_pages,
2109 return __domain_mapping(domain, iov_pfn, NULL, phys_pfn, nr_pages, prot);
2112 static void iommu_detach_dev(struct intel_iommu *iommu, u8 bus, u8 devfn)
2117 clear_context_table(iommu, bus, devfn);
2118 iommu->flush.flush_context(iommu, 0, 0, 0,
2119 DMA_CCMD_GLOBAL_INVL);
2120 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
2123 static inline void unlink_domain_info(struct device_domain_info *info)
2125 assert_spin_locked(&device_domain_lock);
2126 list_del(&info->link);
2127 list_del(&info->global);
2129 info->dev->archdata.iommu = NULL;
2132 static void domain_remove_dev_info(struct dmar_domain *domain)
2134 struct device_domain_info *info, *tmp;
2135 unsigned long flags;
2137 spin_lock_irqsave(&device_domain_lock, flags);
2138 list_for_each_entry_safe(info, tmp, &domain->devices, link) {
2139 unlink_domain_info(info);
2140 spin_unlock_irqrestore(&device_domain_lock, flags);
2142 iommu_disable_dev_iotlb(info);
2143 iommu_detach_dev(info->iommu, info->bus, info->devfn);
2145 if (domain_type_is_vm(domain)) {
2146 iommu_detach_dependent_devices(info->iommu, info->dev);
2147 domain_detach_iommu(domain, info->iommu);
2150 free_devinfo_mem(info);
2151 spin_lock_irqsave(&device_domain_lock, flags);
2153 spin_unlock_irqrestore(&device_domain_lock, flags);
2158 * Note: we use struct device->archdata.iommu stores the info
2160 static struct dmar_domain *find_domain(struct device *dev)
2162 struct device_domain_info *info;
2164 /* No lock here, assumes no domain exit in normal case */
2165 info = dev->archdata.iommu;
2167 return info->domain;
2171 static inline struct device_domain_info *
2172 dmar_search_domain_by_dev_info(int segment, int bus, int devfn)
2174 struct device_domain_info *info;
2176 list_for_each_entry(info, &device_domain_list, global)
2177 if (info->iommu->segment == segment && info->bus == bus &&
2178 info->devfn == devfn)
2184 static struct dmar_domain *dmar_insert_dev_info(struct intel_iommu *iommu,
2187 struct dmar_domain *domain)
2189 struct dmar_domain *found = NULL;
2190 struct device_domain_info *info;
2191 unsigned long flags;
2193 info = alloc_devinfo_mem();
2198 info->devfn = devfn;
2200 info->domain = domain;
2201 info->iommu = iommu;
2203 spin_lock_irqsave(&device_domain_lock, flags);
2205 found = find_domain(dev);
2207 struct device_domain_info *info2;
2208 info2 = dmar_search_domain_by_dev_info(iommu->segment, bus, devfn);
2210 found = info2->domain;
2213 spin_unlock_irqrestore(&device_domain_lock, flags);
2214 free_devinfo_mem(info);
2215 /* Caller must free the original domain */
2219 list_add(&info->link, &domain->devices);
2220 list_add(&info->global, &device_domain_list);
2222 dev->archdata.iommu = info;
2223 spin_unlock_irqrestore(&device_domain_lock, flags);
2228 static int get_last_alias(struct pci_dev *pdev, u16 alias, void *opaque)
2230 *(u16 *)opaque = alias;
2234 /* domain is initialized */
2235 static struct dmar_domain *get_domain_for_dev(struct device *dev, int gaw)
2237 struct dmar_domain *domain, *tmp;
2238 struct intel_iommu *iommu;
2239 struct device_domain_info *info;
2241 unsigned long flags;
2244 domain = find_domain(dev);
2248 iommu = device_to_iommu(dev, &bus, &devfn);
2252 if (dev_is_pci(dev)) {
2253 struct pci_dev *pdev = to_pci_dev(dev);
2255 pci_for_each_dma_alias(pdev, get_last_alias, &dma_alias);
2257 spin_lock_irqsave(&device_domain_lock, flags);
2258 info = dmar_search_domain_by_dev_info(pci_domain_nr(pdev->bus),
2259 PCI_BUS_NUM(dma_alias),
2262 iommu = info->iommu;
2263 domain = info->domain;
2265 spin_unlock_irqrestore(&device_domain_lock, flags);
2267 /* DMA alias already has a domain, uses it */
2272 /* Allocate and initialize new domain for the device */
2273 domain = alloc_domain(0);
2276 domain->id = iommu_attach_domain(domain, iommu);
2277 if (domain->id < 0) {
2278 free_domain_mem(domain);
2281 domain_attach_iommu(domain, iommu);
2282 if (domain_init(domain, gaw)) {
2283 domain_exit(domain);
2287 /* register PCI DMA alias device */
2288 if (dev_is_pci(dev)) {
2289 tmp = dmar_insert_dev_info(iommu, PCI_BUS_NUM(dma_alias),
2290 dma_alias & 0xff, NULL, domain);
2292 if (!tmp || tmp != domain) {
2293 domain_exit(domain);
2302 tmp = dmar_insert_dev_info(iommu, bus, devfn, dev, domain);
2304 if (!tmp || tmp != domain) {
2305 domain_exit(domain);
2312 static int iommu_identity_mapping;
2313 #define IDENTMAP_ALL 1
2314 #define IDENTMAP_GFX 2
2315 #define IDENTMAP_AZALIA 4
2317 static int iommu_domain_identity_map(struct dmar_domain *domain,
2318 unsigned long long start,
2319 unsigned long long end)
2321 unsigned long first_vpfn = start >> VTD_PAGE_SHIFT;
2322 unsigned long last_vpfn = end >> VTD_PAGE_SHIFT;
2324 if (!reserve_iova(&domain->iovad, dma_to_mm_pfn(first_vpfn),
2325 dma_to_mm_pfn(last_vpfn))) {
2326 printk(KERN_ERR "IOMMU: reserve iova failed\n");
2330 pr_debug("Mapping reserved region %llx-%llx for domain %d\n",
2331 start, end, domain->id);
2333 * RMRR range might have overlap with physical memory range,
2336 dma_pte_clear_range(domain, first_vpfn, last_vpfn);
2338 return domain_pfn_mapping(domain, first_vpfn, first_vpfn,
2339 last_vpfn - first_vpfn + 1,
2340 DMA_PTE_READ|DMA_PTE_WRITE);
2343 static int iommu_prepare_identity_map(struct device *dev,
2344 unsigned long long start,
2345 unsigned long long end)
2347 struct dmar_domain *domain;
2350 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
2354 /* For _hardware_ passthrough, don't bother. But for software
2355 passthrough, we do it anyway -- it may indicate a memory
2356 range which is reserved in E820, so which didn't get set
2357 up to start with in si_domain */
2358 if (domain == si_domain && hw_pass_through) {
2359 printk("Ignoring identity map for HW passthrough device %s [0x%Lx - 0x%Lx]\n",
2360 dev_name(dev), start, end);
2365 "IOMMU: Setting identity map for device %s [0x%Lx - 0x%Lx]\n",
2366 dev_name(dev), start, end);
2369 WARN(1, "Your BIOS is broken; RMRR ends before it starts!\n"
2370 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2371 dmi_get_system_info(DMI_BIOS_VENDOR),
2372 dmi_get_system_info(DMI_BIOS_VERSION),
2373 dmi_get_system_info(DMI_PRODUCT_VERSION));
2378 if (end >> agaw_to_width(domain->agaw)) {
2379 WARN(1, "Your BIOS is broken; RMRR exceeds permitted address width (%d bits)\n"
2380 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
2381 agaw_to_width(domain->agaw),
2382 dmi_get_system_info(DMI_BIOS_VENDOR),
2383 dmi_get_system_info(DMI_BIOS_VERSION),
2384 dmi_get_system_info(DMI_PRODUCT_VERSION));
2389 ret = iommu_domain_identity_map(domain, start, end);
2393 /* context entry init */
2394 ret = domain_context_mapping(domain, dev, CONTEXT_TT_MULTI_LEVEL);
2401 domain_exit(domain);
2405 static inline int iommu_prepare_rmrr_dev(struct dmar_rmrr_unit *rmrr,
2408 if (dev->archdata.iommu == DUMMY_DEVICE_DOMAIN_INFO)
2410 return iommu_prepare_identity_map(dev, rmrr->base_address,
2414 #ifdef CONFIG_INTEL_IOMMU_FLOPPY_WA
2415 static inline void iommu_prepare_isa(void)
2417 struct pci_dev *pdev;
2420 pdev = pci_get_class(PCI_CLASS_BRIDGE_ISA << 8, NULL);
2424 printk(KERN_INFO "IOMMU: Prepare 0-16MiB unity mapping for LPC\n");
2425 ret = iommu_prepare_identity_map(&pdev->dev, 0, 16*1024*1024 - 1);
2428 printk(KERN_ERR "IOMMU: Failed to create 0-16MiB identity map; "
2429 "floppy might not work\n");
2434 static inline void iommu_prepare_isa(void)
2438 #endif /* !CONFIG_INTEL_IOMMU_FLPY_WA */
2440 static int md_domain_init(struct dmar_domain *domain, int guest_width);
2442 static int __init si_domain_init(int hw)
2444 struct dmar_drhd_unit *drhd;
2445 struct intel_iommu *iommu;
2449 si_domain = alloc_domain(DOMAIN_FLAG_STATIC_IDENTITY);
2453 for_each_active_iommu(iommu, drhd) {
2454 ret = iommu_attach_domain(si_domain, iommu);
2456 domain_exit(si_domain);
2459 si_domain->id = ret;
2461 } else if (si_domain->id != ret) {
2462 domain_exit(si_domain);
2465 domain_attach_iommu(si_domain, iommu);
2468 if (md_domain_init(si_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
2469 domain_exit(si_domain);
2473 pr_debug("IOMMU: identity mapping domain is domain %d\n",
2479 for_each_online_node(nid) {
2480 unsigned long start_pfn, end_pfn;
2483 for_each_mem_pfn_range(i, nid, &start_pfn, &end_pfn, NULL) {
2484 ret = iommu_domain_identity_map(si_domain,
2485 PFN_PHYS(start_pfn), PFN_PHYS(end_pfn));
2494 static int identity_mapping(struct device *dev)
2496 struct device_domain_info *info;
2498 if (likely(!iommu_identity_mapping))
2501 info = dev->archdata.iommu;
2502 if (info && info != DUMMY_DEVICE_DOMAIN_INFO)
2503 return (info->domain == si_domain);
2508 static int domain_add_dev_info(struct dmar_domain *domain,
2509 struct device *dev, int translation)
2511 struct dmar_domain *ndomain;
2512 struct intel_iommu *iommu;
2516 iommu = device_to_iommu(dev, &bus, &devfn);
2520 ndomain = dmar_insert_dev_info(iommu, bus, devfn, dev, domain);
2521 if (ndomain != domain)
2524 ret = domain_context_mapping(domain, dev, translation);
2526 domain_remove_one_dev_info(domain, dev);
2533 static bool device_has_rmrr(struct device *dev)
2535 struct dmar_rmrr_unit *rmrr;
2540 for_each_rmrr_units(rmrr) {
2542 * Return TRUE if this RMRR contains the device that
2545 for_each_active_dev_scope(rmrr->devices,
2546 rmrr->devices_cnt, i, tmp)
2557 * There are a couple cases where we need to restrict the functionality of
2558 * devices associated with RMRRs. The first is when evaluating a device for
2559 * identity mapping because problems exist when devices are moved in and out
2560 * of domains and their respective RMRR information is lost. This means that
2561 * a device with associated RMRRs will never be in a "passthrough" domain.
2562 * The second is use of the device through the IOMMU API. This interface
2563 * expects to have full control of the IOVA space for the device. We cannot
2564 * satisfy both the requirement that RMRR access is maintained and have an
2565 * unencumbered IOVA space. We also have no ability to quiesce the device's
2566 * use of the RMRR space or even inform the IOMMU API user of the restriction.
2567 * We therefore prevent devices associated with an RMRR from participating in
2568 * the IOMMU API, which eliminates them from device assignment.
2570 * In both cases we assume that PCI USB devices with RMRRs have them largely
2571 * for historical reasons and that the RMRR space is not actively used post
2572 * boot. This exclusion may change if vendors begin to abuse it.
2574 * The same exception is made for graphics devices, with the requirement that
2575 * any use of the RMRR regions will be torn down before assigning the device
2578 static bool device_is_rmrr_locked(struct device *dev)
2580 if (!device_has_rmrr(dev))
2583 if (dev_is_pci(dev)) {
2584 struct pci_dev *pdev = to_pci_dev(dev);
2586 if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
2593 static int iommu_should_identity_map(struct device *dev, int startup)
2596 if (dev_is_pci(dev)) {
2597 struct pci_dev *pdev = to_pci_dev(dev);
2599 if (device_is_rmrr_locked(dev))
2602 if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev))
2605 if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev))
2608 if (!(iommu_identity_mapping & IDENTMAP_ALL))
2612 * We want to start off with all devices in the 1:1 domain, and
2613 * take them out later if we find they can't access all of memory.
2615 * However, we can't do this for PCI devices behind bridges,
2616 * because all PCI devices behind the same bridge will end up
2617 * with the same source-id on their transactions.
2619 * Practically speaking, we can't change things around for these
2620 * devices at run-time, because we can't be sure there'll be no
2621 * DMA transactions in flight for any of their siblings.
2623 * So PCI devices (unless they're on the root bus) as well as
2624 * their parent PCI-PCI or PCIe-PCI bridges must be left _out_ of
2625 * the 1:1 domain, just in _case_ one of their siblings turns out
2626 * not to be able to map all of memory.
2628 if (!pci_is_pcie(pdev)) {
2629 if (!pci_is_root_bus(pdev->bus))
2631 if (pdev->class >> 8 == PCI_CLASS_BRIDGE_PCI)
2633 } else if (pci_pcie_type(pdev) == PCI_EXP_TYPE_PCI_BRIDGE)
2636 if (device_has_rmrr(dev))
2641 * At boot time, we don't yet know if devices will be 64-bit capable.
2642 * Assume that they will — if they turn out not to be, then we can
2643 * take them out of the 1:1 domain later.
2647 * If the device's dma_mask is less than the system's memory
2648 * size then this is not a candidate for identity mapping.
2650 u64 dma_mask = *dev->dma_mask;
2652 if (dev->coherent_dma_mask &&
2653 dev->coherent_dma_mask < dma_mask)
2654 dma_mask = dev->coherent_dma_mask;
2656 return dma_mask >= dma_get_required_mask(dev);
2662 static int __init dev_prepare_static_identity_mapping(struct device *dev, int hw)
2666 if (!iommu_should_identity_map(dev, 1))
2669 ret = domain_add_dev_info(si_domain, dev,
2670 hw ? CONTEXT_TT_PASS_THROUGH :
2671 CONTEXT_TT_MULTI_LEVEL);
2673 pr_info("IOMMU: %s identity mapping for device %s\n",
2674 hw ? "hardware" : "software", dev_name(dev));
2675 else if (ret == -ENODEV)
2676 /* device not associated with an iommu */
2683 static int __init iommu_prepare_static_identity_mapping(int hw)
2685 struct pci_dev *pdev = NULL;
2686 struct dmar_drhd_unit *drhd;
2687 struct intel_iommu *iommu;
2692 ret = si_domain_init(hw);
2696 for_each_pci_dev(pdev) {
2697 ret = dev_prepare_static_identity_mapping(&pdev->dev, hw);
2702 for_each_active_iommu(iommu, drhd)
2703 for_each_active_dev_scope(drhd->devices, drhd->devices_cnt, i, dev) {
2704 struct acpi_device_physical_node *pn;
2705 struct acpi_device *adev;
2707 if (dev->bus != &acpi_bus_type)
2710 adev= to_acpi_device(dev);
2711 mutex_lock(&adev->physical_node_lock);
2712 list_for_each_entry(pn, &adev->physical_node_list, node) {
2713 ret = dev_prepare_static_identity_mapping(pn->dev, hw);
2717 mutex_unlock(&adev->physical_node_lock);
2725 static void intel_iommu_init_qi(struct intel_iommu *iommu)
2728 * Start from the sane iommu hardware state.
2729 * If the queued invalidation is already initialized by us
2730 * (for example, while enabling interrupt-remapping) then
2731 * we got the things already rolling from a sane state.
2735 * Clear any previous faults.
2737 dmar_fault(-1, iommu);
2739 * Disable queued invalidation if supported and already enabled
2740 * before OS handover.
2742 dmar_disable_qi(iommu);
2745 if (dmar_enable_qi(iommu)) {
2747 * Queued Invalidate not enabled, use Register Based Invalidate
2749 iommu->flush.flush_context = __iommu_flush_context;
2750 iommu->flush.flush_iotlb = __iommu_flush_iotlb;
2751 pr_info("IOMMU: %s using Register based invalidation\n",
2754 iommu->flush.flush_context = qi_flush_context;
2755 iommu->flush.flush_iotlb = qi_flush_iotlb;
2756 pr_info("IOMMU: %s using Queued invalidation\n", iommu->name);
2760 static int __init init_dmars(void)
2762 struct dmar_drhd_unit *drhd;
2763 struct dmar_rmrr_unit *rmrr;
2765 struct intel_iommu *iommu;
2771 * initialize and program root entry to not present
2774 for_each_drhd_unit(drhd) {
2776 * lock not needed as this is only incremented in the single
2777 * threaded kernel __init code path all other access are read
2780 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED) {
2784 printk_once(KERN_ERR "intel-iommu: exceeded %d IOMMUs\n",
2785 DMAR_UNITS_SUPPORTED);
2788 /* Preallocate enough resources for IOMMU hot-addition */
2789 if (g_num_of_iommus < DMAR_UNITS_SUPPORTED)
2790 g_num_of_iommus = DMAR_UNITS_SUPPORTED;
2792 g_iommus = kcalloc(g_num_of_iommus, sizeof(struct intel_iommu *),
2795 printk(KERN_ERR "Allocating global iommu array failed\n");
2800 deferred_flush = kzalloc(g_num_of_iommus *
2801 sizeof(struct deferred_flush_tables), GFP_KERNEL);
2802 if (!deferred_flush) {
2807 for_each_active_iommu(iommu, drhd) {
2808 g_iommus[iommu->seq_id] = iommu;
2810 ret = iommu_init_domains(iommu);
2816 * we could share the same root & context tables
2817 * among all IOMMU's. Need to Split it later.
2819 ret = iommu_alloc_root_entry(iommu);
2822 if (!ecap_pass_through(iommu->ecap))
2823 hw_pass_through = 0;
2826 for_each_active_iommu(iommu, drhd)
2827 intel_iommu_init_qi(iommu);
2829 if (iommu_pass_through)
2830 iommu_identity_mapping |= IDENTMAP_ALL;
2832 #ifdef CONFIG_INTEL_IOMMU_BROKEN_GFX_WA
2833 iommu_identity_mapping |= IDENTMAP_GFX;
2836 check_tylersburg_isoch();
2839 * If pass through is not set or not enabled, setup context entries for
2840 * identity mappings for rmrr, gfx, and isa and may fall back to static
2841 * identity mapping if iommu_identity_mapping is set.
2843 if (iommu_identity_mapping) {
2844 ret = iommu_prepare_static_identity_mapping(hw_pass_through);
2846 printk(KERN_CRIT "Failed to setup IOMMU pass-through\n");
2852 * for each dev attached to rmrr
2854 * locate drhd for dev, alloc domain for dev
2855 * allocate free domain
2856 * allocate page table entries for rmrr
2857 * if context not allocated for bus
2858 * allocate and init context
2859 * set present in root table for this bus
2860 * init context with domain, translation etc
2864 printk(KERN_INFO "IOMMU: Setting RMRR:\n");
2865 for_each_rmrr_units(rmrr) {
2866 /* some BIOS lists non-exist devices in DMAR table. */
2867 for_each_active_dev_scope(rmrr->devices, rmrr->devices_cnt,
2869 ret = iommu_prepare_rmrr_dev(rmrr, dev);
2872 "IOMMU: mapping reserved region failed\n");
2876 iommu_prepare_isa();
2881 * global invalidate context cache
2882 * global invalidate iotlb
2883 * enable translation
2885 for_each_iommu(iommu, drhd) {
2886 if (drhd->ignored) {
2888 * we always have to disable PMRs or DMA may fail on
2892 iommu_disable_protect_mem_regions(iommu);
2896 iommu_flush_write_buffer(iommu);
2898 ret = dmar_set_interrupt(iommu);
2902 iommu_set_root_entry(iommu);
2904 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
2905 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
2906 iommu_enable_translation(iommu);
2907 iommu_disable_protect_mem_regions(iommu);
2913 for_each_active_iommu(iommu, drhd) {
2914 disable_dmar_iommu(iommu);
2915 free_dmar_iommu(iommu);
2917 kfree(deferred_flush);
2924 /* This takes a number of _MM_ pages, not VTD pages */
2925 static struct iova *intel_alloc_iova(struct device *dev,
2926 struct dmar_domain *domain,
2927 unsigned long nrpages, uint64_t dma_mask)
2929 struct iova *iova = NULL;
2931 /* Restrict dma_mask to the width that the iommu can handle */
2932 dma_mask = min_t(uint64_t, DOMAIN_MAX_ADDR(domain->gaw), dma_mask);
2934 if (!dmar_forcedac && dma_mask > DMA_BIT_MASK(32)) {
2936 * First try to allocate an io virtual address in
2937 * DMA_BIT_MASK(32) and if that fails then try allocating
2940 iova = alloc_iova(&domain->iovad, nrpages,
2941 IOVA_PFN(DMA_BIT_MASK(32)), 1);
2945 iova = alloc_iova(&domain->iovad, nrpages, IOVA_PFN(dma_mask), 1);
2946 if (unlikely(!iova)) {
2947 printk(KERN_ERR "Allocating %ld-page iova for %s failed",
2948 nrpages, dev_name(dev));
2955 static struct dmar_domain *__get_valid_domain_for_dev(struct device *dev)
2957 struct dmar_domain *domain;
2960 domain = get_domain_for_dev(dev, DEFAULT_DOMAIN_ADDRESS_WIDTH);
2962 printk(KERN_ERR "Allocating domain for %s failed",
2967 /* make sure context mapping is ok */
2968 if (unlikely(!domain_context_mapped(dev))) {
2969 ret = domain_context_mapping(domain, dev, CONTEXT_TT_MULTI_LEVEL);
2971 printk(KERN_ERR "Domain context map for %s failed",
2980 static inline struct dmar_domain *get_valid_domain_for_dev(struct device *dev)
2982 struct device_domain_info *info;
2984 /* No lock here, assumes no domain exit in normal case */
2985 info = dev->archdata.iommu;
2987 return info->domain;
2989 return __get_valid_domain_for_dev(dev);
2992 /* Check if the dev needs to go through non-identity map and unmap process.*/
2993 static int iommu_no_mapping(struct device *dev)
2997 if (iommu_dummy(dev))
3000 if (!iommu_identity_mapping)
3003 found = identity_mapping(dev);
3005 if (iommu_should_identity_map(dev, 0))
3009 * 32 bit DMA is removed from si_domain and fall back
3010 * to non-identity mapping.
3012 domain_remove_one_dev_info(si_domain, dev);
3013 printk(KERN_INFO "32bit %s uses non-identity mapping\n",
3019 * In case of a detached 64 bit DMA device from vm, the device
3020 * is put into si_domain for identity mapping.
3022 if (iommu_should_identity_map(dev, 0)) {
3024 ret = domain_add_dev_info(si_domain, dev,
3026 CONTEXT_TT_PASS_THROUGH :
3027 CONTEXT_TT_MULTI_LEVEL);
3029 printk(KERN_INFO "64bit %s uses identity mapping\n",
3039 static dma_addr_t __intel_map_single(struct device *dev, phys_addr_t paddr,
3040 size_t size, int dir, u64 dma_mask)
3042 struct dmar_domain *domain;
3043 phys_addr_t start_paddr;
3047 struct intel_iommu *iommu;
3048 unsigned long paddr_pfn = paddr >> PAGE_SHIFT;
3050 BUG_ON(dir == DMA_NONE);
3052 if (iommu_no_mapping(dev))
3055 domain = get_valid_domain_for_dev(dev);
3059 iommu = domain_get_iommu(domain);
3060 size = aligned_nrpages(paddr, size);
3062 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size), dma_mask);
3067 * Check if DMAR supports zero-length reads on write only
3070 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3071 !cap_zlr(iommu->cap))
3072 prot |= DMA_PTE_READ;
3073 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3074 prot |= DMA_PTE_WRITE;
3076 * paddr - (paddr + size) might be partial page, we should map the whole
3077 * page. Note: if two part of one page are separately mapped, we
3078 * might have two guest_addr mapping to the same host paddr, but this
3079 * is not a big problem
3081 ret = domain_pfn_mapping(domain, mm_to_dma_pfn(iova->pfn_lo),
3082 mm_to_dma_pfn(paddr_pfn), size, prot);
3086 /* it's a non-present to present mapping. Only flush if caching mode */
3087 if (cap_caching_mode(iommu->cap))
3088 iommu_flush_iotlb_psi(iommu, domain->id, mm_to_dma_pfn(iova->pfn_lo), size, 0, 1);
3090 iommu_flush_write_buffer(iommu);
3092 start_paddr = (phys_addr_t)iova->pfn_lo << PAGE_SHIFT;
3093 start_paddr += paddr & ~PAGE_MASK;
3098 __free_iova(&domain->iovad, iova);
3099 printk(KERN_ERR"Device %s request: %zx@%llx dir %d --- failed\n",
3100 dev_name(dev), size, (unsigned long long)paddr, dir);
3104 static dma_addr_t intel_map_page(struct device *dev, struct page *page,
3105 unsigned long offset, size_t size,
3106 enum dma_data_direction dir,
3107 struct dma_attrs *attrs)
3109 return __intel_map_single(dev, page_to_phys(page) + offset, size,
3110 dir, *dev->dma_mask);
3113 static void flush_unmaps(void)
3119 /* just flush them all */
3120 for (i = 0; i < g_num_of_iommus; i++) {
3121 struct intel_iommu *iommu = g_iommus[i];
3125 if (!deferred_flush[i].next)
3128 /* In caching mode, global flushes turn emulation expensive */
3129 if (!cap_caching_mode(iommu->cap))
3130 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3131 DMA_TLB_GLOBAL_FLUSH);
3132 for (j = 0; j < deferred_flush[i].next; j++) {
3134 struct iova *iova = deferred_flush[i].iova[j];
3135 struct dmar_domain *domain = deferred_flush[i].domain[j];
3137 /* On real hardware multiple invalidations are expensive */
3138 if (cap_caching_mode(iommu->cap))
3139 iommu_flush_iotlb_psi(iommu, domain->id,
3140 iova->pfn_lo, iova_size(iova),
3141 !deferred_flush[i].freelist[j], 0);
3143 mask = ilog2(mm_to_dma_pfn(iova_size(iova)));
3144 iommu_flush_dev_iotlb(deferred_flush[i].domain[j],
3145 (uint64_t)iova->pfn_lo << PAGE_SHIFT, mask);
3147 __free_iova(&deferred_flush[i].domain[j]->iovad, iova);
3148 if (deferred_flush[i].freelist[j])
3149 dma_free_pagelist(deferred_flush[i].freelist[j]);
3151 deferred_flush[i].next = 0;
3157 static void flush_unmaps_timeout(unsigned long data)
3159 unsigned long flags;
3161 spin_lock_irqsave(&async_umap_flush_lock, flags);
3163 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3166 static void add_unmap(struct dmar_domain *dom, struct iova *iova, struct page *freelist)
3168 unsigned long flags;
3170 struct intel_iommu *iommu;
3172 spin_lock_irqsave(&async_umap_flush_lock, flags);
3173 if (list_size == HIGH_WATER_MARK)
3176 iommu = domain_get_iommu(dom);
3177 iommu_id = iommu->seq_id;
3179 next = deferred_flush[iommu_id].next;
3180 deferred_flush[iommu_id].domain[next] = dom;
3181 deferred_flush[iommu_id].iova[next] = iova;
3182 deferred_flush[iommu_id].freelist[next] = freelist;
3183 deferred_flush[iommu_id].next++;
3186 mod_timer(&unmap_timer, jiffies + msecs_to_jiffies(10));
3190 spin_unlock_irqrestore(&async_umap_flush_lock, flags);
3193 static void intel_unmap(struct device *dev, dma_addr_t dev_addr)
3195 struct dmar_domain *domain;
3196 unsigned long start_pfn, last_pfn;
3198 struct intel_iommu *iommu;
3199 struct page *freelist;
3201 if (iommu_no_mapping(dev))
3204 domain = find_domain(dev);
3207 iommu = domain_get_iommu(domain);
3209 iova = find_iova(&domain->iovad, IOVA_PFN(dev_addr));
3210 if (WARN_ONCE(!iova, "Driver unmaps unmatched page at PFN %llx\n",
3211 (unsigned long long)dev_addr))
3214 start_pfn = mm_to_dma_pfn(iova->pfn_lo);
3215 last_pfn = mm_to_dma_pfn(iova->pfn_hi + 1) - 1;
3217 pr_debug("Device %s unmapping: pfn %lx-%lx\n",
3218 dev_name(dev), start_pfn, last_pfn);
3220 freelist = domain_unmap(domain, start_pfn, last_pfn);
3222 if (intel_iommu_strict) {
3223 iommu_flush_iotlb_psi(iommu, domain->id, start_pfn,
3224 last_pfn - start_pfn + 1, !freelist, 0);
3226 __free_iova(&domain->iovad, iova);
3227 dma_free_pagelist(freelist);
3229 add_unmap(domain, iova, freelist);
3231 * queue up the release of the unmap to save the 1/6th of the
3232 * cpu used up by the iotlb flush operation...
3237 static void intel_unmap_page(struct device *dev, dma_addr_t dev_addr,
3238 size_t size, enum dma_data_direction dir,
3239 struct dma_attrs *attrs)
3241 intel_unmap(dev, dev_addr);
3244 static void *intel_alloc_coherent(struct device *dev, size_t size,
3245 dma_addr_t *dma_handle, gfp_t flags,
3246 struct dma_attrs *attrs)
3248 struct page *page = NULL;
3251 size = PAGE_ALIGN(size);
3252 order = get_order(size);
3254 if (!iommu_no_mapping(dev))
3255 flags &= ~(GFP_DMA | GFP_DMA32);
3256 else if (dev->coherent_dma_mask < dma_get_required_mask(dev)) {
3257 if (dev->coherent_dma_mask < DMA_BIT_MASK(32))
3263 if (flags & __GFP_WAIT) {
3264 unsigned int count = size >> PAGE_SHIFT;
3266 page = dma_alloc_from_contiguous(dev, count, order);
3267 if (page && iommu_no_mapping(dev) &&
3268 page_to_phys(page) + size > dev->coherent_dma_mask) {
3269 dma_release_from_contiguous(dev, page, count);
3275 page = alloc_pages(flags, order);
3278 memset(page_address(page), 0, size);
3280 *dma_handle = __intel_map_single(dev, page_to_phys(page), size,
3282 dev->coherent_dma_mask);
3284 return page_address(page);
3285 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3286 __free_pages(page, order);
3291 static void intel_free_coherent(struct device *dev, size_t size, void *vaddr,
3292 dma_addr_t dma_handle, struct dma_attrs *attrs)
3295 struct page *page = virt_to_page(vaddr);
3297 size = PAGE_ALIGN(size);
3298 order = get_order(size);
3300 intel_unmap(dev, dma_handle);
3301 if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT))
3302 __free_pages(page, order);
3305 static void intel_unmap_sg(struct device *dev, struct scatterlist *sglist,
3306 int nelems, enum dma_data_direction dir,
3307 struct dma_attrs *attrs)
3309 intel_unmap(dev, sglist[0].dma_address);
3312 static int intel_nontranslate_map_sg(struct device *hddev,
3313 struct scatterlist *sglist, int nelems, int dir)
3316 struct scatterlist *sg;
3318 for_each_sg(sglist, sg, nelems, i) {
3319 BUG_ON(!sg_page(sg));
3320 sg->dma_address = page_to_phys(sg_page(sg)) + sg->offset;
3321 sg->dma_length = sg->length;
3326 static int intel_map_sg(struct device *dev, struct scatterlist *sglist, int nelems,
3327 enum dma_data_direction dir, struct dma_attrs *attrs)
3330 struct dmar_domain *domain;
3333 struct iova *iova = NULL;
3335 struct scatterlist *sg;
3336 unsigned long start_vpfn;
3337 struct intel_iommu *iommu;
3339 BUG_ON(dir == DMA_NONE);
3340 if (iommu_no_mapping(dev))
3341 return intel_nontranslate_map_sg(dev, sglist, nelems, dir);
3343 domain = get_valid_domain_for_dev(dev);
3347 iommu = domain_get_iommu(domain);
3349 for_each_sg(sglist, sg, nelems, i)
3350 size += aligned_nrpages(sg->offset, sg->length);
3352 iova = intel_alloc_iova(dev, domain, dma_to_mm_pfn(size),
3355 sglist->dma_length = 0;
3360 * Check if DMAR supports zero-length reads on write only
3363 if (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL || \
3364 !cap_zlr(iommu->cap))
3365 prot |= DMA_PTE_READ;
3366 if (dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)
3367 prot |= DMA_PTE_WRITE;
3369 start_vpfn = mm_to_dma_pfn(iova->pfn_lo);
3371 ret = domain_sg_mapping(domain, start_vpfn, sglist, size, prot);
3372 if (unlikely(ret)) {
3373 dma_pte_free_pagetable(domain, start_vpfn,
3374 start_vpfn + size - 1);
3375 __free_iova(&domain->iovad, iova);
3379 /* it's a non-present to present mapping. Only flush if caching mode */
3380 if (cap_caching_mode(iommu->cap))
3381 iommu_flush_iotlb_psi(iommu, domain->id, start_vpfn, size, 0, 1);
3383 iommu_flush_write_buffer(iommu);
3388 static int intel_mapping_error(struct device *dev, dma_addr_t dma_addr)
3393 struct dma_map_ops intel_dma_ops = {
3394 .alloc = intel_alloc_coherent,
3395 .free = intel_free_coherent,
3396 .map_sg = intel_map_sg,
3397 .unmap_sg = intel_unmap_sg,
3398 .map_page = intel_map_page,
3399 .unmap_page = intel_unmap_page,
3400 .mapping_error = intel_mapping_error,
3403 static inline int iommu_domain_cache_init(void)
3407 iommu_domain_cache = kmem_cache_create("iommu_domain",
3408 sizeof(struct dmar_domain),
3413 if (!iommu_domain_cache) {
3414 printk(KERN_ERR "Couldn't create iommu_domain cache\n");
3421 static inline int iommu_devinfo_cache_init(void)
3425 iommu_devinfo_cache = kmem_cache_create("iommu_devinfo",
3426 sizeof(struct device_domain_info),
3430 if (!iommu_devinfo_cache) {
3431 printk(KERN_ERR "Couldn't create devinfo cache\n");
3438 static int __init iommu_init_mempool(void)
3441 ret = iommu_iova_cache_init();
3445 ret = iommu_domain_cache_init();
3449 ret = iommu_devinfo_cache_init();
3453 kmem_cache_destroy(iommu_domain_cache);
3455 iommu_iova_cache_destroy();
3460 static void __init iommu_exit_mempool(void)
3462 kmem_cache_destroy(iommu_devinfo_cache);
3463 kmem_cache_destroy(iommu_domain_cache);
3464 iommu_iova_cache_destroy();
3467 static void quirk_ioat_snb_local_iommu(struct pci_dev *pdev)
3469 struct dmar_drhd_unit *drhd;
3473 /* We know that this device on this chipset has its own IOMMU.
3474 * If we find it under a different IOMMU, then the BIOS is lying
3475 * to us. Hope that the IOMMU for this device is actually
3476 * disabled, and it needs no translation...
3478 rc = pci_bus_read_config_dword(pdev->bus, PCI_DEVFN(0, 0), 0xb0, &vtbar);
3480 /* "can't" happen */
3481 dev_info(&pdev->dev, "failed to run vt-d quirk\n");
3484 vtbar &= 0xffff0000;
3486 /* we know that the this iommu should be at offset 0xa000 from vtbar */
3487 drhd = dmar_find_matched_drhd_unit(pdev);
3488 if (WARN_TAINT_ONCE(!drhd || drhd->reg_base_addr - vtbar != 0xa000,
3489 TAINT_FIRMWARE_WORKAROUND,
3490 "BIOS assigned incorrect VT-d unit for Intel(R) QuickData Technology device\n"))
3491 pdev->dev.archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3493 DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_IOAT_SNB, quirk_ioat_snb_local_iommu);
3495 static void __init init_no_remapping_devices(void)
3497 struct dmar_drhd_unit *drhd;
3501 for_each_drhd_unit(drhd) {
3502 if (!drhd->include_all) {
3503 for_each_active_dev_scope(drhd->devices,
3504 drhd->devices_cnt, i, dev)
3506 /* ignore DMAR unit if no devices exist */
3507 if (i == drhd->devices_cnt)
3512 for_each_active_drhd_unit(drhd) {
3513 if (drhd->include_all)
3516 for_each_active_dev_scope(drhd->devices,
3517 drhd->devices_cnt, i, dev)
3518 if (!dev_is_pci(dev) || !IS_GFX_DEVICE(to_pci_dev(dev)))
3520 if (i < drhd->devices_cnt)
3523 /* This IOMMU has *only* gfx devices. Either bypass it or
3524 set the gfx_mapped flag, as appropriate */
3526 intel_iommu_gfx_mapped = 1;
3529 for_each_active_dev_scope(drhd->devices,
3530 drhd->devices_cnt, i, dev)
3531 dev->archdata.iommu = DUMMY_DEVICE_DOMAIN_INFO;
3536 #ifdef CONFIG_SUSPEND
3537 static int init_iommu_hw(void)
3539 struct dmar_drhd_unit *drhd;
3540 struct intel_iommu *iommu = NULL;
3542 for_each_active_iommu(iommu, drhd)
3544 dmar_reenable_qi(iommu);
3546 for_each_iommu(iommu, drhd) {
3547 if (drhd->ignored) {
3549 * we always have to disable PMRs or DMA may fail on
3553 iommu_disable_protect_mem_regions(iommu);
3557 iommu_flush_write_buffer(iommu);
3559 iommu_set_root_entry(iommu);
3561 iommu->flush.flush_context(iommu, 0, 0, 0,
3562 DMA_CCMD_GLOBAL_INVL);
3563 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3564 iommu_enable_translation(iommu);
3565 iommu_disable_protect_mem_regions(iommu);
3571 static void iommu_flush_all(void)
3573 struct dmar_drhd_unit *drhd;
3574 struct intel_iommu *iommu;
3576 for_each_active_iommu(iommu, drhd) {
3577 iommu->flush.flush_context(iommu, 0, 0, 0,
3578 DMA_CCMD_GLOBAL_INVL);
3579 iommu->flush.flush_iotlb(iommu, 0, 0, 0,
3580 DMA_TLB_GLOBAL_FLUSH);
3584 static int iommu_suspend(void)
3586 struct dmar_drhd_unit *drhd;
3587 struct intel_iommu *iommu = NULL;
3590 for_each_active_iommu(iommu, drhd) {
3591 iommu->iommu_state = kzalloc(sizeof(u32) * MAX_SR_DMAR_REGS,
3593 if (!iommu->iommu_state)
3599 for_each_active_iommu(iommu, drhd) {
3600 iommu_disable_translation(iommu);
3602 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3604 iommu->iommu_state[SR_DMAR_FECTL_REG] =
3605 readl(iommu->reg + DMAR_FECTL_REG);
3606 iommu->iommu_state[SR_DMAR_FEDATA_REG] =
3607 readl(iommu->reg + DMAR_FEDATA_REG);
3608 iommu->iommu_state[SR_DMAR_FEADDR_REG] =
3609 readl(iommu->reg + DMAR_FEADDR_REG);
3610 iommu->iommu_state[SR_DMAR_FEUADDR_REG] =
3611 readl(iommu->reg + DMAR_FEUADDR_REG);
3613 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3618 for_each_active_iommu(iommu, drhd)
3619 kfree(iommu->iommu_state);
3624 static void iommu_resume(void)
3626 struct dmar_drhd_unit *drhd;
3627 struct intel_iommu *iommu = NULL;
3630 if (init_iommu_hw()) {
3632 panic("tboot: IOMMU setup failed, DMAR can not resume!\n");
3634 WARN(1, "IOMMU setup failed, DMAR can not resume!\n");
3638 for_each_active_iommu(iommu, drhd) {
3640 raw_spin_lock_irqsave(&iommu->register_lock, flag);
3642 writel(iommu->iommu_state[SR_DMAR_FECTL_REG],
3643 iommu->reg + DMAR_FECTL_REG);
3644 writel(iommu->iommu_state[SR_DMAR_FEDATA_REG],
3645 iommu->reg + DMAR_FEDATA_REG);
3646 writel(iommu->iommu_state[SR_DMAR_FEADDR_REG],
3647 iommu->reg + DMAR_FEADDR_REG);
3648 writel(iommu->iommu_state[SR_DMAR_FEUADDR_REG],
3649 iommu->reg + DMAR_FEUADDR_REG);
3651 raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
3654 for_each_active_iommu(iommu, drhd)
3655 kfree(iommu->iommu_state);
3658 static struct syscore_ops iommu_syscore_ops = {
3659 .resume = iommu_resume,
3660 .suspend = iommu_suspend,
3663 static void __init init_iommu_pm_ops(void)
3665 register_syscore_ops(&iommu_syscore_ops);
3669 static inline void init_iommu_pm_ops(void) {}
3670 #endif /* CONFIG_PM */
3673 int __init dmar_parse_one_rmrr(struct acpi_dmar_header *header, void *arg)
3675 struct acpi_dmar_reserved_memory *rmrr;
3676 struct dmar_rmrr_unit *rmrru;
3678 rmrru = kzalloc(sizeof(*rmrru), GFP_KERNEL);
3682 rmrru->hdr = header;
3683 rmrr = (struct acpi_dmar_reserved_memory *)header;
3684 rmrru->base_address = rmrr->base_address;
3685 rmrru->end_address = rmrr->end_address;
3686 rmrru->devices = dmar_alloc_dev_scope((void *)(rmrr + 1),
3687 ((void *)rmrr) + rmrr->header.length,
3688 &rmrru->devices_cnt);
3689 if (rmrru->devices_cnt && rmrru->devices == NULL) {
3694 list_add(&rmrru->list, &dmar_rmrr_units);
3699 static struct dmar_atsr_unit *dmar_find_atsr(struct acpi_dmar_atsr *atsr)
3701 struct dmar_atsr_unit *atsru;
3702 struct acpi_dmar_atsr *tmp;
3704 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
3705 tmp = (struct acpi_dmar_atsr *)atsru->hdr;
3706 if (atsr->segment != tmp->segment)
3708 if (atsr->header.length != tmp->header.length)
3710 if (memcmp(atsr, tmp, atsr->header.length) == 0)
3717 int dmar_parse_one_atsr(struct acpi_dmar_header *hdr, void *arg)
3719 struct acpi_dmar_atsr *atsr;
3720 struct dmar_atsr_unit *atsru;
3722 if (system_state != SYSTEM_BOOTING && !intel_iommu_enabled)
3725 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
3726 atsru = dmar_find_atsr(atsr);
3730 atsru = kzalloc(sizeof(*atsru) + hdr->length, GFP_KERNEL);
3735 * If memory is allocated from slab by ACPI _DSM method, we need to
3736 * copy the memory content because the memory buffer will be freed
3739 atsru->hdr = (void *)(atsru + 1);
3740 memcpy(atsru->hdr, hdr, hdr->length);
3741 atsru->include_all = atsr->flags & 0x1;
3742 if (!atsru->include_all) {
3743 atsru->devices = dmar_alloc_dev_scope((void *)(atsr + 1),
3744 (void *)atsr + atsr->header.length,
3745 &atsru->devices_cnt);
3746 if (atsru->devices_cnt && atsru->devices == NULL) {
3752 list_add_rcu(&atsru->list, &dmar_atsr_units);
3757 static void intel_iommu_free_atsr(struct dmar_atsr_unit *atsru)
3759 dmar_free_dev_scope(&atsru->devices, &atsru->devices_cnt);
3763 int dmar_release_one_atsr(struct acpi_dmar_header *hdr, void *arg)
3765 struct acpi_dmar_atsr *atsr;
3766 struct dmar_atsr_unit *atsru;
3768 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
3769 atsru = dmar_find_atsr(atsr);
3771 list_del_rcu(&atsru->list);
3773 intel_iommu_free_atsr(atsru);
3779 int dmar_check_one_atsr(struct acpi_dmar_header *hdr, void *arg)
3783 struct acpi_dmar_atsr *atsr;
3784 struct dmar_atsr_unit *atsru;
3786 atsr = container_of(hdr, struct acpi_dmar_atsr, header);
3787 atsru = dmar_find_atsr(atsr);
3791 if (!atsru->include_all && atsru->devices && atsru->devices_cnt)
3792 for_each_active_dev_scope(atsru->devices, atsru->devices_cnt,
3799 static int intel_iommu_add(struct dmar_drhd_unit *dmaru)
3802 struct intel_iommu *iommu = dmaru->iommu;
3804 if (g_iommus[iommu->seq_id])
3807 if (hw_pass_through && !ecap_pass_through(iommu->ecap)) {
3808 pr_warn("IOMMU: %s doesn't support hardware pass through.\n",
3812 if (!ecap_sc_support(iommu->ecap) &&
3813 domain_update_iommu_snooping(iommu)) {
3814 pr_warn("IOMMU: %s doesn't support snooping.\n",
3818 sp = domain_update_iommu_superpage(iommu) - 1;
3819 if (sp >= 0 && !(cap_super_page_val(iommu->cap) & (1 << sp))) {
3820 pr_warn("IOMMU: %s doesn't support large page.\n",
3826 * Disable translation if already enabled prior to OS handover.
3828 if (iommu->gcmd & DMA_GCMD_TE)
3829 iommu_disable_translation(iommu);
3831 g_iommus[iommu->seq_id] = iommu;
3832 ret = iommu_init_domains(iommu);
3834 ret = iommu_alloc_root_entry(iommu);
3838 if (dmaru->ignored) {
3840 * we always have to disable PMRs or DMA may fail on this device
3843 iommu_disable_protect_mem_regions(iommu);
3847 intel_iommu_init_qi(iommu);
3848 iommu_flush_write_buffer(iommu);
3849 ret = dmar_set_interrupt(iommu);
3853 iommu_set_root_entry(iommu);
3854 iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
3855 iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
3856 iommu_enable_translation(iommu);
3859 ret = iommu_attach_domain(si_domain, iommu);
3860 if (ret < 0 || si_domain->id != ret)
3862 domain_attach_iommu(si_domain, iommu);
3865 iommu_disable_protect_mem_regions(iommu);
3869 disable_dmar_iommu(iommu);
3871 free_dmar_iommu(iommu);
3875 int dmar_iommu_hotplug(struct dmar_drhd_unit *dmaru, bool insert)
3878 struct intel_iommu *iommu = dmaru->iommu;
3880 if (!intel_iommu_enabled)
3886 ret = intel_iommu_add(dmaru);
3888 disable_dmar_iommu(iommu);
3889 free_dmar_iommu(iommu);
3895 static void intel_iommu_free_dmars(void)
3897 struct dmar_rmrr_unit *rmrru, *rmrr_n;
3898 struct dmar_atsr_unit *atsru, *atsr_n;
3900 list_for_each_entry_safe(rmrru, rmrr_n, &dmar_rmrr_units, list) {
3901 list_del(&rmrru->list);
3902 dmar_free_dev_scope(&rmrru->devices, &rmrru->devices_cnt);
3906 list_for_each_entry_safe(atsru, atsr_n, &dmar_atsr_units, list) {
3907 list_del(&atsru->list);
3908 intel_iommu_free_atsr(atsru);
3912 int dmar_find_matched_atsr_unit(struct pci_dev *dev)
3915 struct pci_bus *bus;
3916 struct pci_dev *bridge = NULL;
3918 struct acpi_dmar_atsr *atsr;
3919 struct dmar_atsr_unit *atsru;
3921 dev = pci_physfn(dev);
3922 for (bus = dev->bus; bus; bus = bus->parent) {
3924 if (!bridge || !pci_is_pcie(bridge) ||
3925 pci_pcie_type(bridge) == PCI_EXP_TYPE_PCI_BRIDGE)
3927 if (pci_pcie_type(bridge) == PCI_EXP_TYPE_ROOT_PORT)
3934 list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
3935 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
3936 if (atsr->segment != pci_domain_nr(dev->bus))
3939 for_each_dev_scope(atsru->devices, atsru->devices_cnt, i, tmp)
3940 if (tmp == &bridge->dev)
3943 if (atsru->include_all)
3953 int dmar_iommu_notify_scope_dev(struct dmar_pci_notify_info *info)
3956 struct dmar_rmrr_unit *rmrru;
3957 struct dmar_atsr_unit *atsru;
3958 struct acpi_dmar_atsr *atsr;
3959 struct acpi_dmar_reserved_memory *rmrr;
3961 if (!intel_iommu_enabled && system_state != SYSTEM_BOOTING)
3964 list_for_each_entry(rmrru, &dmar_rmrr_units, list) {
3965 rmrr = container_of(rmrru->hdr,
3966 struct acpi_dmar_reserved_memory, header);
3967 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
3968 ret = dmar_insert_dev_scope(info, (void *)(rmrr + 1),
3969 ((void *)rmrr) + rmrr->header.length,
3970 rmrr->segment, rmrru->devices,
3971 rmrru->devices_cnt);
3974 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
3975 dmar_remove_dev_scope(info, rmrr->segment,
3976 rmrru->devices, rmrru->devices_cnt);
3980 list_for_each_entry(atsru, &dmar_atsr_units, list) {
3981 if (atsru->include_all)
3984 atsr = container_of(atsru->hdr, struct acpi_dmar_atsr, header);
3985 if (info->event == BUS_NOTIFY_ADD_DEVICE) {
3986 ret = dmar_insert_dev_scope(info, (void *)(atsr + 1),
3987 (void *)atsr + atsr->header.length,
3988 atsr->segment, atsru->devices,
3989 atsru->devices_cnt);
3994 } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
3995 if (dmar_remove_dev_scope(info, atsr->segment,
3996 atsru->devices, atsru->devices_cnt))
4005 * Here we only respond to action of unbound device from driver.
4007 * Added device is not attached to its DMAR domain here yet. That will happen
4008 * when mapping the device to iova.
4010 static int device_notifier(struct notifier_block *nb,
4011 unsigned long action, void *data)
4013 struct device *dev = data;
4014 struct dmar_domain *domain;
4016 if (iommu_dummy(dev))
4019 if (action != BUS_NOTIFY_REMOVED_DEVICE)
4022 domain = find_domain(dev);
4026 down_read(&dmar_global_lock);
4027 domain_remove_one_dev_info(domain, dev);
4028 if (!domain_type_is_vm_or_si(domain) && list_empty(&domain->devices))
4029 domain_exit(domain);
4030 up_read(&dmar_global_lock);
4035 static struct notifier_block device_nb = {
4036 .notifier_call = device_notifier,
4039 static int intel_iommu_memory_notifier(struct notifier_block *nb,
4040 unsigned long val, void *v)
4042 struct memory_notify *mhp = v;
4043 unsigned long long start, end;
4044 unsigned long start_vpfn, last_vpfn;
4047 case MEM_GOING_ONLINE:
4048 start = mhp->start_pfn << PAGE_SHIFT;
4049 end = ((mhp->start_pfn + mhp->nr_pages) << PAGE_SHIFT) - 1;
4050 if (iommu_domain_identity_map(si_domain, start, end)) {
4051 pr_warn("dmar: failed to build identity map for [%llx-%llx]\n",
4058 case MEM_CANCEL_ONLINE:
4059 start_vpfn = mm_to_dma_pfn(mhp->start_pfn);
4060 last_vpfn = mm_to_dma_pfn(mhp->start_pfn + mhp->nr_pages - 1);
4061 while (start_vpfn <= last_vpfn) {
4063 struct dmar_drhd_unit *drhd;
4064 struct intel_iommu *iommu;
4065 struct page *freelist;
4067 iova = find_iova(&si_domain->iovad, start_vpfn);
4069 pr_debug("dmar: failed get IOVA for PFN %lx\n",
4074 iova = split_and_remove_iova(&si_domain->iovad, iova,
4075 start_vpfn, last_vpfn);
4077 pr_warn("dmar: failed to split IOVA PFN [%lx-%lx]\n",
4078 start_vpfn, last_vpfn);
4082 freelist = domain_unmap(si_domain, iova->pfn_lo,
4086 for_each_active_iommu(iommu, drhd)
4087 iommu_flush_iotlb_psi(iommu, si_domain->id,
4088 iova->pfn_lo, iova_size(iova),
4091 dma_free_pagelist(freelist);
4093 start_vpfn = iova->pfn_hi + 1;
4094 free_iova_mem(iova);
4102 static struct notifier_block intel_iommu_memory_nb = {
4103 .notifier_call = intel_iommu_memory_notifier,
4108 static ssize_t intel_iommu_show_version(struct device *dev,
4109 struct device_attribute *attr,
4112 struct intel_iommu *iommu = dev_get_drvdata(dev);
4113 u32 ver = readl(iommu->reg + DMAR_VER_REG);
4114 return sprintf(buf, "%d:%d\n",
4115 DMAR_VER_MAJOR(ver), DMAR_VER_MINOR(ver));
4117 static DEVICE_ATTR(version, S_IRUGO, intel_iommu_show_version, NULL);
4119 static ssize_t intel_iommu_show_address(struct device *dev,
4120 struct device_attribute *attr,
4123 struct intel_iommu *iommu = dev_get_drvdata(dev);
4124 return sprintf(buf, "%llx\n", iommu->reg_phys);
4126 static DEVICE_ATTR(address, S_IRUGO, intel_iommu_show_address, NULL);
4128 static ssize_t intel_iommu_show_cap(struct device *dev,
4129 struct device_attribute *attr,
4132 struct intel_iommu *iommu = dev_get_drvdata(dev);
4133 return sprintf(buf, "%llx\n", iommu->cap);
4135 static DEVICE_ATTR(cap, S_IRUGO, intel_iommu_show_cap, NULL);
4137 static ssize_t intel_iommu_show_ecap(struct device *dev,
4138 struct device_attribute *attr,
4141 struct intel_iommu *iommu = dev_get_drvdata(dev);
4142 return sprintf(buf, "%llx\n", iommu->ecap);
4144 static DEVICE_ATTR(ecap, S_IRUGO, intel_iommu_show_ecap, NULL);
4146 static struct attribute *intel_iommu_attrs[] = {
4147 &dev_attr_version.attr,
4148 &dev_attr_address.attr,
4150 &dev_attr_ecap.attr,
4154 static struct attribute_group intel_iommu_group = {
4155 .name = "intel-iommu",
4156 .attrs = intel_iommu_attrs,
4159 const struct attribute_group *intel_iommu_groups[] = {
4164 int __init intel_iommu_init(void)
4167 struct dmar_drhd_unit *drhd;
4168 struct intel_iommu *iommu;
4170 /* VT-d is required for a TXT/tboot launch, so enforce that */
4171 force_on = tboot_force_iommu();
4173 if (iommu_init_mempool()) {
4175 panic("tboot: Failed to initialize iommu memory\n");
4179 down_write(&dmar_global_lock);
4180 if (dmar_table_init()) {
4182 panic("tboot: Failed to initialize DMAR table\n");
4187 * Disable translation if already enabled prior to OS handover.
4189 for_each_active_iommu(iommu, drhd)
4190 if (iommu->gcmd & DMA_GCMD_TE)
4191 iommu_disable_translation(iommu);
4193 if (dmar_dev_scope_init() < 0) {
4195 panic("tboot: Failed to initialize DMAR device scope\n");
4199 if (no_iommu || dmar_disabled)
4202 if (list_empty(&dmar_rmrr_units))
4203 printk(KERN_INFO "DMAR: No RMRR found\n");
4205 if (list_empty(&dmar_atsr_units))
4206 printk(KERN_INFO "DMAR: No ATSR found\n");
4208 if (dmar_init_reserved_ranges()) {
4210 panic("tboot: Failed to reserve iommu ranges\n");
4211 goto out_free_reserved_range;
4214 init_no_remapping_devices();
4219 panic("tboot: Failed to initialize DMARs\n");
4220 printk(KERN_ERR "IOMMU: dmar init failed\n");
4221 goto out_free_reserved_range;
4223 up_write(&dmar_global_lock);
4225 "PCI-DMA: Intel(R) Virtualization Technology for Directed I/O\n");
4227 init_timer(&unmap_timer);
4228 #ifdef CONFIG_SWIOTLB
4231 dma_ops = &intel_dma_ops;
4233 init_iommu_pm_ops();
4235 for_each_active_iommu(iommu, drhd)
4236 iommu->iommu_dev = iommu_device_create(NULL, iommu,
4240 bus_set_iommu(&pci_bus_type, &intel_iommu_ops);
4241 bus_register_notifier(&pci_bus_type, &device_nb);
4242 if (si_domain && !hw_pass_through)
4243 register_memory_notifier(&intel_iommu_memory_nb);
4245 intel_iommu_enabled = 1;
4249 out_free_reserved_range:
4250 put_iova_domain(&reserved_iova_list);
4252 intel_iommu_free_dmars();
4253 up_write(&dmar_global_lock);
4254 iommu_exit_mempool();
4258 static int iommu_detach_dev_cb(struct pci_dev *pdev, u16 alias, void *opaque)
4260 struct intel_iommu *iommu = opaque;
4262 iommu_detach_dev(iommu, PCI_BUS_NUM(alias), alias & 0xff);
4267 * NB - intel-iommu lacks any sort of reference counting for the users of
4268 * dependent devices. If multiple endpoints have intersecting dependent
4269 * devices, unbinding the driver from any one of them will possibly leave
4270 * the others unable to operate.
4272 static void iommu_detach_dependent_devices(struct intel_iommu *iommu,
4275 if (!iommu || !dev || !dev_is_pci(dev))
4278 pci_for_each_dma_alias(to_pci_dev(dev), &iommu_detach_dev_cb, iommu);
4281 static void domain_remove_one_dev_info(struct dmar_domain *domain,
4284 struct device_domain_info *info, *tmp;
4285 struct intel_iommu *iommu;
4286 unsigned long flags;
4290 iommu = device_to_iommu(dev, &bus, &devfn);
4294 spin_lock_irqsave(&device_domain_lock, flags);
4295 list_for_each_entry_safe(info, tmp, &domain->devices, link) {
4296 if (info->iommu == iommu && info->bus == bus &&
4297 info->devfn == devfn) {
4298 unlink_domain_info(info);
4299 spin_unlock_irqrestore(&device_domain_lock, flags);
4301 iommu_disable_dev_iotlb(info);
4302 iommu_detach_dev(iommu, info->bus, info->devfn);
4303 iommu_detach_dependent_devices(iommu, dev);
4304 free_devinfo_mem(info);
4306 spin_lock_irqsave(&device_domain_lock, flags);
4314 /* if there is no other devices under the same iommu
4315 * owned by this domain, clear this iommu in iommu_bmp
4316 * update iommu count and coherency
4318 if (info->iommu == iommu)
4322 spin_unlock_irqrestore(&device_domain_lock, flags);
4325 domain_detach_iommu(domain, iommu);
4326 if (!domain_type_is_vm_or_si(domain))
4327 iommu_detach_domain(domain, iommu);
4331 static int md_domain_init(struct dmar_domain *domain, int guest_width)
4335 init_iova_domain(&domain->iovad, VTD_PAGE_SIZE, IOVA_START_PFN,
4337 domain_reserve_special_ranges(domain);
4339 /* calculate AGAW */
4340 domain->gaw = guest_width;
4341 adjust_width = guestwidth_to_adjustwidth(guest_width);
4342 domain->agaw = width_to_agaw(adjust_width);
4344 domain->iommu_coherency = 0;
4345 domain->iommu_snooping = 0;
4346 domain->iommu_superpage = 0;
4347 domain->max_addr = 0;
4349 /* always allocate the top pgd */
4350 domain->pgd = (struct dma_pte *)alloc_pgtable_page(domain->nid);
4353 domain_flush_cache(domain, domain->pgd, PAGE_SIZE);
4357 static struct iommu_domain *intel_iommu_domain_alloc(unsigned type)
4359 struct dmar_domain *dmar_domain;
4360 struct iommu_domain *domain;
4362 if (type != IOMMU_DOMAIN_UNMANAGED)
4365 dmar_domain = alloc_domain(DOMAIN_FLAG_VIRTUAL_MACHINE);
4368 "intel_iommu_domain_init: dmar_domain == NULL\n");
4371 if (md_domain_init(dmar_domain, DEFAULT_DOMAIN_ADDRESS_WIDTH)) {
4373 "intel_iommu_domain_init() failed\n");
4374 domain_exit(dmar_domain);
4377 domain_update_iommu_cap(dmar_domain);
4379 domain = &dmar_domain->domain;
4380 domain->geometry.aperture_start = 0;
4381 domain->geometry.aperture_end = __DOMAIN_MAX_ADDR(dmar_domain->gaw);
4382 domain->geometry.force_aperture = true;
4387 static void intel_iommu_domain_free(struct iommu_domain *domain)
4389 domain_exit(to_dmar_domain(domain));
4392 static int intel_iommu_attach_device(struct iommu_domain *domain,
4395 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4396 struct intel_iommu *iommu;
4400 if (device_is_rmrr_locked(dev)) {
4401 dev_warn(dev, "Device is ineligible for IOMMU domain attach due to platform RMRR requirement. Contact your platform vendor.\n");
4405 /* normally dev is not mapped */
4406 if (unlikely(domain_context_mapped(dev))) {
4407 struct dmar_domain *old_domain;
4409 old_domain = find_domain(dev);
4411 if (domain_type_is_vm_or_si(dmar_domain))
4412 domain_remove_one_dev_info(old_domain, dev);
4414 domain_remove_dev_info(old_domain);
4416 if (!domain_type_is_vm_or_si(old_domain) &&
4417 list_empty(&old_domain->devices))
4418 domain_exit(old_domain);
4422 iommu = device_to_iommu(dev, &bus, &devfn);
4426 /* check if this iommu agaw is sufficient for max mapped address */
4427 addr_width = agaw_to_width(iommu->agaw);
4428 if (addr_width > cap_mgaw(iommu->cap))
4429 addr_width = cap_mgaw(iommu->cap);
4431 if (dmar_domain->max_addr > (1LL << addr_width)) {
4432 printk(KERN_ERR "%s: iommu width (%d) is not "
4433 "sufficient for the mapped address (%llx)\n",
4434 __func__, addr_width, dmar_domain->max_addr);
4437 dmar_domain->gaw = addr_width;
4440 * Knock out extra levels of page tables if necessary
4442 while (iommu->agaw < dmar_domain->agaw) {
4443 struct dma_pte *pte;
4445 pte = dmar_domain->pgd;
4446 if (dma_pte_present(pte)) {
4447 dmar_domain->pgd = (struct dma_pte *)
4448 phys_to_virt(dma_pte_addr(pte));
4449 free_pgtable_page(pte);
4451 dmar_domain->agaw--;
4454 return domain_add_dev_info(dmar_domain, dev, CONTEXT_TT_MULTI_LEVEL);
4457 static void intel_iommu_detach_device(struct iommu_domain *domain,
4460 domain_remove_one_dev_info(to_dmar_domain(domain), dev);
4463 static int intel_iommu_map(struct iommu_domain *domain,
4464 unsigned long iova, phys_addr_t hpa,
4465 size_t size, int iommu_prot)
4467 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4472 if (iommu_prot & IOMMU_READ)
4473 prot |= DMA_PTE_READ;
4474 if (iommu_prot & IOMMU_WRITE)
4475 prot |= DMA_PTE_WRITE;
4476 if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
4477 prot |= DMA_PTE_SNP;
4479 max_addr = iova + size;
4480 if (dmar_domain->max_addr < max_addr) {
4483 /* check if minimum agaw is sufficient for mapped address */
4484 end = __DOMAIN_MAX_ADDR(dmar_domain->gaw) + 1;
4485 if (end < max_addr) {
4486 printk(KERN_ERR "%s: iommu width (%d) is not "
4487 "sufficient for the mapped address (%llx)\n",
4488 __func__, dmar_domain->gaw, max_addr);
4491 dmar_domain->max_addr = max_addr;
4493 /* Round up size to next multiple of PAGE_SIZE, if it and
4494 the low bits of hpa would take us onto the next page */
4495 size = aligned_nrpages(hpa, size);
4496 ret = domain_pfn_mapping(dmar_domain, iova >> VTD_PAGE_SHIFT,
4497 hpa >> VTD_PAGE_SHIFT, size, prot);
4501 static size_t intel_iommu_unmap(struct iommu_domain *domain,
4502 unsigned long iova, size_t size)
4504 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4505 struct page *freelist = NULL;
4506 struct intel_iommu *iommu;
4507 unsigned long start_pfn, last_pfn;
4508 unsigned int npages;
4509 int iommu_id, num, ndomains, level = 0;
4511 /* Cope with horrid API which requires us to unmap more than the
4512 size argument if it happens to be a large-page mapping. */
4513 if (!pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level))
4516 if (size < VTD_PAGE_SIZE << level_to_offset_bits(level))
4517 size = VTD_PAGE_SIZE << level_to_offset_bits(level);
4519 start_pfn = iova >> VTD_PAGE_SHIFT;
4520 last_pfn = (iova + size - 1) >> VTD_PAGE_SHIFT;
4522 freelist = domain_unmap(dmar_domain, start_pfn, last_pfn);
4524 npages = last_pfn - start_pfn + 1;
4526 for_each_set_bit(iommu_id, dmar_domain->iommu_bmp, g_num_of_iommus) {
4527 iommu = g_iommus[iommu_id];
4530 * find bit position of dmar_domain
4532 ndomains = cap_ndoms(iommu->cap);
4533 for_each_set_bit(num, iommu->domain_ids, ndomains) {
4534 if (iommu->domains[num] == dmar_domain)
4535 iommu_flush_iotlb_psi(iommu, num, start_pfn,
4536 npages, !freelist, 0);
4541 dma_free_pagelist(freelist);
4543 if (dmar_domain->max_addr == iova + size)
4544 dmar_domain->max_addr = iova;
4549 static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
4552 struct dmar_domain *dmar_domain = to_dmar_domain(domain);
4553 struct dma_pte *pte;
4557 pte = pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level);
4559 phys = dma_pte_addr(pte);
4564 static bool intel_iommu_capable(enum iommu_cap cap)
4566 if (cap == IOMMU_CAP_CACHE_COHERENCY)
4567 return domain_update_iommu_snooping(NULL) == 1;
4568 if (cap == IOMMU_CAP_INTR_REMAP)
4569 return irq_remapping_enabled == 1;
4574 static int intel_iommu_add_device(struct device *dev)
4576 struct intel_iommu *iommu;
4577 struct iommu_group *group;
4580 iommu = device_to_iommu(dev, &bus, &devfn);
4584 iommu_device_link(iommu->iommu_dev, dev);
4586 group = iommu_group_get_for_dev(dev);
4589 return PTR_ERR(group);
4591 iommu_group_put(group);
4595 static void intel_iommu_remove_device(struct device *dev)
4597 struct intel_iommu *iommu;
4600 iommu = device_to_iommu(dev, &bus, &devfn);
4604 iommu_group_remove_device(dev);
4606 iommu_device_unlink(iommu->iommu_dev, dev);
4609 static const struct iommu_ops intel_iommu_ops = {
4610 .capable = intel_iommu_capable,
4611 .domain_alloc = intel_iommu_domain_alloc,
4612 .domain_free = intel_iommu_domain_free,
4613 .attach_dev = intel_iommu_attach_device,
4614 .detach_dev = intel_iommu_detach_device,
4615 .map = intel_iommu_map,
4616 .unmap = intel_iommu_unmap,
4617 .map_sg = default_iommu_map_sg,
4618 .iova_to_phys = intel_iommu_iova_to_phys,
4619 .add_device = intel_iommu_add_device,
4620 .remove_device = intel_iommu_remove_device,
4621 .pgsize_bitmap = INTEL_IOMMU_PGSIZES,
4624 static void quirk_iommu_g4x_gfx(struct pci_dev *dev)
4626 /* G4x/GM45 integrated gfx dmar support is totally busted. */
4627 printk(KERN_INFO "DMAR: Disabling IOMMU for graphics on this chipset\n");
4631 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_g4x_gfx);
4632 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_g4x_gfx);
4633 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_g4x_gfx);
4634 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_g4x_gfx);
4635 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_g4x_gfx);
4636 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_g4x_gfx);
4637 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_g4x_gfx);
4639 static void quirk_iommu_rwbf(struct pci_dev *dev)
4642 * Mobile 4 Series Chipset neglects to set RWBF capability,
4643 * but needs it. Same seems to hold for the desktop versions.
4645 printk(KERN_INFO "DMAR: Forcing write-buffer flush capability\n");
4649 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_rwbf);
4650 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_rwbf);
4651 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_rwbf);
4652 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_rwbf);
4653 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_rwbf);
4654 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_rwbf);
4655 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_rwbf);
4658 #define GGC_MEMORY_SIZE_MASK (0xf << 8)
4659 #define GGC_MEMORY_SIZE_NONE (0x0 << 8)
4660 #define GGC_MEMORY_SIZE_1M (0x1 << 8)
4661 #define GGC_MEMORY_SIZE_2M (0x3 << 8)
4662 #define GGC_MEMORY_VT_ENABLED (0x8 << 8)
4663 #define GGC_MEMORY_SIZE_2M_VT (0x9 << 8)
4664 #define GGC_MEMORY_SIZE_3M_VT (0xa << 8)
4665 #define GGC_MEMORY_SIZE_4M_VT (0xb << 8)
4667 static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev)
4671 if (pci_read_config_word(dev, GGC, &ggc))
4674 if (!(ggc & GGC_MEMORY_VT_ENABLED)) {
4675 printk(KERN_INFO "DMAR: BIOS has allocated no shadow GTT; disabling IOMMU for graphics\n");
4677 } else if (dmar_map_gfx) {
4678 /* we have to ensure the gfx device is idle before we flush */
4679 printk(KERN_INFO "DMAR: Disabling batched IOTLB flush on Ironlake\n");
4680 intel_iommu_strict = 1;
4683 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0040, quirk_calpella_no_shadow_gtt);
4684 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0044, quirk_calpella_no_shadow_gtt);
4685 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0062, quirk_calpella_no_shadow_gtt);
4686 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x006a, quirk_calpella_no_shadow_gtt);
4688 /* On Tylersburg chipsets, some BIOSes have been known to enable the
4689 ISOCH DMAR unit for the Azalia sound device, but not give it any
4690 TLB entries, which causes it to deadlock. Check for that. We do
4691 this in a function called from init_dmars(), instead of in a PCI
4692 quirk, because we don't want to print the obnoxious "BIOS broken"
4693 message if VT-d is actually disabled.
4695 static void __init check_tylersburg_isoch(void)
4697 struct pci_dev *pdev;
4698 uint32_t vtisochctrl;
4700 /* If there's no Azalia in the system anyway, forget it. */
4701 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL);
4706 /* System Management Registers. Might be hidden, in which case
4707 we can't do the sanity check. But that's OK, because the
4708 known-broken BIOSes _don't_ actually hide it, so far. */
4709 pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x342e, NULL);
4713 if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) {
4720 /* If Azalia DMA is routed to the non-isoch DMAR unit, fine. */
4721 if (vtisochctrl & 1)
4724 /* Drop all bits other than the number of TLB entries */
4725 vtisochctrl &= 0x1c;
4727 /* If we have the recommended number of TLB entries (16), fine. */
4728 if (vtisochctrl == 0x10)
4731 /* Zero TLB entries? You get to ride the short bus to school. */
4733 WARN(1, "Your BIOS is broken; DMA routed to ISOCH DMAR unit but no TLB space.\n"
4734 "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
4735 dmi_get_system_info(DMI_BIOS_VENDOR),
4736 dmi_get_system_info(DMI_BIOS_VERSION),
4737 dmi_get_system_info(DMI_PRODUCT_VERSION));
4738 iommu_identity_mapping |= IDENTMAP_AZALIA;
4742 printk(KERN_WARNING "DMAR: Recommended TLB entries for ISOCH unit is 16; your BIOS set %d\n",
Code Review / kvmfornfv.git / blob