2 * Copyright (C) 2007-2009 Advanced Micro Devices, Inc.
3 * Author: Joerg Roedel <joerg.roedel@amd.com>
4 * Leo Duran <leo.duran@amd.com>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 #include <linux/pci.h>
21 #include <linux/gfp.h>
22 #include <linux/bitops.h>
23 #include <linux/debugfs.h>
24 #include <linux/scatterlist.h>
25 #include <linux/dma-mapping.h>
26 #include <linux/iommu-helper.h>
27 #include <linux/iommu.h>
28 #include <asm/proto.h>
29 #include <asm/iommu.h>
31 #include <asm/amd_iommu_proto.h>
32 #include <asm/amd_iommu_types.h>
33 #include <asm/amd_iommu.h>
35 #define CMD_SET_TYPE(cmd, t) ((cmd)->data[1] |= ((t) << 28))
37 #define EXIT_LOOP_COUNT 10000000
39 static DEFINE_RWLOCK(amd_iommu_devtable_lock);
41 /* A list of preallocated protection domains */
42 static LIST_HEAD(iommu_pd_list);
43 static DEFINE_SPINLOCK(iommu_pd_list_lock);
46 * Domain for untranslated devices - only allocated
47 * if iommu=pt passed on kernel cmd line.
49 static struct protection_domain *pt_domain;
51 static struct iommu_ops amd_iommu_ops;
54 * general struct to manage commands send to an IOMMU
60 static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
61 struct unity_map_entry *e);
62 static struct dma_ops_domain *find_protection_domain(u16 devid);
63 static u64 *alloc_pte(struct protection_domain *domain,
64 unsigned long address, int end_lvl,
65 u64 **pte_page, gfp_t gfp);
66 static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
67 unsigned long start_page,
69 static void reset_iommu_command_buffer(struct amd_iommu *iommu);
70 static u64 *fetch_pte(struct protection_domain *domain,
71 unsigned long address, int map_size);
72 static void update_domain(struct protection_domain *domain);
74 #ifdef CONFIG_AMD_IOMMU_STATS
77 * Initialization code for statistics collection
80 DECLARE_STATS_COUNTER(compl_wait);
81 DECLARE_STATS_COUNTER(cnt_map_single);
82 DECLARE_STATS_COUNTER(cnt_unmap_single);
83 DECLARE_STATS_COUNTER(cnt_map_sg);
84 DECLARE_STATS_COUNTER(cnt_unmap_sg);
85 DECLARE_STATS_COUNTER(cnt_alloc_coherent);
86 DECLARE_STATS_COUNTER(cnt_free_coherent);
87 DECLARE_STATS_COUNTER(cross_page);
88 DECLARE_STATS_COUNTER(domain_flush_single);
89 DECLARE_STATS_COUNTER(domain_flush_all);
90 DECLARE_STATS_COUNTER(alloced_io_mem);
91 DECLARE_STATS_COUNTER(total_map_requests);
93 static struct dentry *stats_dir;
94 static struct dentry *de_isolate;
95 static struct dentry *de_fflush;
97 static void amd_iommu_stats_add(struct __iommu_counter *cnt)
99 if (stats_dir == NULL)
102 cnt->dent = debugfs_create_u64(cnt->name, 0444, stats_dir,
106 static void amd_iommu_stats_init(void)
108 stats_dir = debugfs_create_dir("amd-iommu", NULL);
109 if (stats_dir == NULL)
112 de_isolate = debugfs_create_bool("isolation", 0444, stats_dir,
113 (u32 *)&amd_iommu_isolate);
115 de_fflush = debugfs_create_bool("fullflush", 0444, stats_dir,
116 (u32 *)&amd_iommu_unmap_flush);
118 amd_iommu_stats_add(&compl_wait);
119 amd_iommu_stats_add(&cnt_map_single);
120 amd_iommu_stats_add(&cnt_unmap_single);
121 amd_iommu_stats_add(&cnt_map_sg);
122 amd_iommu_stats_add(&cnt_unmap_sg);
123 amd_iommu_stats_add(&cnt_alloc_coherent);
124 amd_iommu_stats_add(&cnt_free_coherent);
125 amd_iommu_stats_add(&cross_page);
126 amd_iommu_stats_add(&domain_flush_single);
127 amd_iommu_stats_add(&domain_flush_all);
128 amd_iommu_stats_add(&alloced_io_mem);
129 amd_iommu_stats_add(&total_map_requests);
134 /****************************************************************************
136 * Interrupt handling functions
138 ****************************************************************************/
140 static void dump_dte_entry(u16 devid)
144 for (i = 0; i < 8; ++i)
145 pr_err("AMD-Vi: DTE[%d]: %08x\n", i,
146 amd_iommu_dev_table[devid].data[i]);
149 static void dump_command(unsigned long phys_addr)
151 struct iommu_cmd *cmd = phys_to_virt(phys_addr);
154 for (i = 0; i < 4; ++i)
155 pr_err("AMD-Vi: CMD[%d]: %08x\n", i, cmd->data[i]);
158 static void iommu_print_event(struct amd_iommu *iommu, void *__evt)
161 int type = (event[1] >> EVENT_TYPE_SHIFT) & EVENT_TYPE_MASK;
162 int devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK;
163 int domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK;
164 int flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK;
165 u64 address = (u64)(((u64)event[3]) << 32) | event[2];
167 printk(KERN_ERR "AMD-Vi: Event logged [");
170 case EVENT_TYPE_ILL_DEV:
171 printk("ILLEGAL_DEV_TABLE_ENTRY device=%02x:%02x.%x "
172 "address=0x%016llx flags=0x%04x]\n",
173 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
175 dump_dte_entry(devid);
177 case EVENT_TYPE_IO_FAULT:
178 printk("IO_PAGE_FAULT device=%02x:%02x.%x "
179 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
180 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
181 domid, address, flags);
183 case EVENT_TYPE_DEV_TAB_ERR:
184 printk("DEV_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
185 "address=0x%016llx flags=0x%04x]\n",
186 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
189 case EVENT_TYPE_PAGE_TAB_ERR:
190 printk("PAGE_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
191 "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
192 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
193 domid, address, flags);
195 case EVENT_TYPE_ILL_CMD:
196 printk("ILLEGAL_COMMAND_ERROR address=0x%016llx]\n", address);
197 reset_iommu_command_buffer(iommu);
198 dump_command(address);
200 case EVENT_TYPE_CMD_HARD_ERR:
201 printk("COMMAND_HARDWARE_ERROR address=0x%016llx "
202 "flags=0x%04x]\n", address, flags);
204 case EVENT_TYPE_IOTLB_INV_TO:
205 printk("IOTLB_INV_TIMEOUT device=%02x:%02x.%x "
206 "address=0x%016llx]\n",
207 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
210 case EVENT_TYPE_INV_DEV_REQ:
211 printk("INVALID_DEVICE_REQUEST device=%02x:%02x.%x "
212 "address=0x%016llx flags=0x%04x]\n",
213 PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
217 printk(KERN_ERR "UNKNOWN type=0x%02x]\n", type);
221 static void iommu_poll_events(struct amd_iommu *iommu)
226 spin_lock_irqsave(&iommu->lock, flags);
228 head = readl(iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
229 tail = readl(iommu->mmio_base + MMIO_EVT_TAIL_OFFSET);
231 while (head != tail) {
232 iommu_print_event(iommu, iommu->evt_buf + head);
233 head = (head + EVENT_ENTRY_SIZE) % iommu->evt_buf_size;
236 writel(head, iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
238 spin_unlock_irqrestore(&iommu->lock, flags);
241 irqreturn_t amd_iommu_int_handler(int irq, void *data)
243 struct amd_iommu *iommu;
245 for_each_iommu(iommu)
246 iommu_poll_events(iommu);
251 /****************************************************************************
253 * IOMMU command queuing functions
255 ****************************************************************************/
258 * Writes the command to the IOMMUs command buffer and informs the
259 * hardware about the new command. Must be called with iommu->lock held.
261 static int __iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
266 tail = readl(iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
267 target = iommu->cmd_buf + tail;
268 memcpy_toio(target, cmd, sizeof(*cmd));
269 tail = (tail + sizeof(*cmd)) % iommu->cmd_buf_size;
270 head = readl(iommu->mmio_base + MMIO_CMD_HEAD_OFFSET);
273 writel(tail, iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
279 * General queuing function for commands. Takes iommu->lock and calls
280 * __iommu_queue_command().
282 static int iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
287 spin_lock_irqsave(&iommu->lock, flags);
288 ret = __iommu_queue_command(iommu, cmd);
290 iommu->need_sync = true;
291 spin_unlock_irqrestore(&iommu->lock, flags);
297 * This function waits until an IOMMU has completed a completion
300 static void __iommu_wait_for_completion(struct amd_iommu *iommu)
306 INC_STATS_COUNTER(compl_wait);
308 while (!ready && (i < EXIT_LOOP_COUNT)) {
310 /* wait for the bit to become one */
311 status = readl(iommu->mmio_base + MMIO_STATUS_OFFSET);
312 ready = status & MMIO_STATUS_COM_WAIT_INT_MASK;
315 /* set bit back to zero */
316 status &= ~MMIO_STATUS_COM_WAIT_INT_MASK;
317 writel(status, iommu->mmio_base + MMIO_STATUS_OFFSET);
319 if (unlikely(i == EXIT_LOOP_COUNT)) {
320 spin_unlock(&iommu->lock);
321 reset_iommu_command_buffer(iommu);
322 spin_lock(&iommu->lock);
327 * This function queues a completion wait command into the command
330 static int __iommu_completion_wait(struct amd_iommu *iommu)
332 struct iommu_cmd cmd;
334 memset(&cmd, 0, sizeof(cmd));
335 cmd.data[0] = CMD_COMPL_WAIT_INT_MASK;
336 CMD_SET_TYPE(&cmd, CMD_COMPL_WAIT);
338 return __iommu_queue_command(iommu, &cmd);
342 * This function is called whenever we need to ensure that the IOMMU has
343 * completed execution of all commands we sent. It sends a
344 * COMPLETION_WAIT command and waits for it to finish. The IOMMU informs
345 * us about that by writing a value to a physical address we pass with
348 static int iommu_completion_wait(struct amd_iommu *iommu)
353 spin_lock_irqsave(&iommu->lock, flags);
355 if (!iommu->need_sync)
358 ret = __iommu_completion_wait(iommu);
360 iommu->need_sync = false;
365 __iommu_wait_for_completion(iommu);
368 spin_unlock_irqrestore(&iommu->lock, flags);
373 static void iommu_flush_complete(struct protection_domain *domain)
377 for (i = 0; i < amd_iommus_present; ++i) {
378 if (!domain->dev_iommu[i])
382 * Devices of this domain are behind this IOMMU
383 * We need to wait for completion of all commands.
385 iommu_completion_wait(amd_iommus[i]);
390 * Command send function for invalidating a device table entry
392 static int iommu_queue_inv_dev_entry(struct amd_iommu *iommu, u16 devid)
394 struct iommu_cmd cmd;
397 BUG_ON(iommu == NULL);
399 memset(&cmd, 0, sizeof(cmd));
400 CMD_SET_TYPE(&cmd, CMD_INV_DEV_ENTRY);
403 ret = iommu_queue_command(iommu, &cmd);
408 static void __iommu_build_inv_iommu_pages(struct iommu_cmd *cmd, u64 address,
409 u16 domid, int pde, int s)
411 memset(cmd, 0, sizeof(*cmd));
412 address &= PAGE_MASK;
413 CMD_SET_TYPE(cmd, CMD_INV_IOMMU_PAGES);
414 cmd->data[1] |= domid;
415 cmd->data[2] = lower_32_bits(address);
416 cmd->data[3] = upper_32_bits(address);
417 if (s) /* size bit - we flush more than one 4kb page */
418 cmd->data[2] |= CMD_INV_IOMMU_PAGES_SIZE_MASK;
419 if (pde) /* PDE bit - we wan't flush everything not only the PTEs */
420 cmd->data[2] |= CMD_INV_IOMMU_PAGES_PDE_MASK;
424 * Generic command send function for invalidaing TLB entries
426 static int iommu_queue_inv_iommu_pages(struct amd_iommu *iommu,
427 u64 address, u16 domid, int pde, int s)
429 struct iommu_cmd cmd;
432 __iommu_build_inv_iommu_pages(&cmd, address, domid, pde, s);
434 ret = iommu_queue_command(iommu, &cmd);
440 * TLB invalidation function which is called from the mapping functions.
441 * It invalidates a single PTE if the range to flush is within a single
442 * page. Otherwise it flushes the whole TLB of the IOMMU.
444 static void __iommu_flush_pages(struct protection_domain *domain,
445 u64 address, size_t size, int pde)
448 unsigned long pages = iommu_num_pages(address, size, PAGE_SIZE);
450 address &= PAGE_MASK;
454 * If we have to flush more than one page, flush all
455 * TLB entries for this domain
457 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
462 for (i = 0; i < amd_iommus_present; ++i) {
463 if (!domain->dev_iommu[i])
467 * Devices of this domain are behind this IOMMU
468 * We need a TLB flush
470 iommu_queue_inv_iommu_pages(amd_iommus[i], address,
477 static void iommu_flush_pages(struct protection_domain *domain,
478 u64 address, size_t size)
480 __iommu_flush_pages(domain, address, size, 0);
483 /* Flush the whole IO/TLB for a given protection domain */
484 static void iommu_flush_tlb(struct protection_domain *domain)
486 __iommu_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 0);
489 /* Flush the whole IO/TLB for a given protection domain - including PDE */
490 static void iommu_flush_tlb_pde(struct protection_domain *domain)
492 __iommu_flush_pages(domain, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, 1);
496 * This function flushes all domains that have devices on the given IOMMU
498 static void flush_all_domains_on_iommu(struct amd_iommu *iommu)
500 u64 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
501 struct protection_domain *domain;
504 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
506 list_for_each_entry(domain, &amd_iommu_pd_list, list) {
507 if (domain->dev_iommu[iommu->index] == 0)
510 spin_lock(&domain->lock);
511 iommu_queue_inv_iommu_pages(iommu, address, domain->id, 1, 1);
512 iommu_flush_complete(domain);
513 spin_unlock(&domain->lock);
516 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
520 * This function uses heavy locking and may disable irqs for some time. But
521 * this is no issue because it is only called during resume.
523 void amd_iommu_flush_all_domains(void)
525 struct protection_domain *domain;
528 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
530 list_for_each_entry(domain, &amd_iommu_pd_list, list) {
531 spin_lock(&domain->lock);
532 iommu_flush_tlb_pde(domain);
533 iommu_flush_complete(domain);
534 spin_unlock(&domain->lock);
537 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
540 static void flush_all_devices_for_iommu(struct amd_iommu *iommu)
544 for (i = 0; i <= amd_iommu_last_bdf; ++i) {
545 if (iommu != amd_iommu_rlookup_table[i])
548 iommu_queue_inv_dev_entry(iommu, i);
549 iommu_completion_wait(iommu);
553 static void flush_devices_by_domain(struct protection_domain *domain)
555 struct amd_iommu *iommu;
558 for (i = 0; i <= amd_iommu_last_bdf; ++i) {
559 if ((domain == NULL && amd_iommu_pd_table[i] == NULL) ||
560 (amd_iommu_pd_table[i] != domain))
563 iommu = amd_iommu_rlookup_table[i];
567 iommu_queue_inv_dev_entry(iommu, i);
568 iommu_completion_wait(iommu);
572 static void reset_iommu_command_buffer(struct amd_iommu *iommu)
574 pr_err("AMD-Vi: Resetting IOMMU command buffer\n");
576 if (iommu->reset_in_progress)
577 panic("AMD-Vi: ILLEGAL_COMMAND_ERROR while resetting command buffer\n");
579 iommu->reset_in_progress = true;
581 amd_iommu_reset_cmd_buffer(iommu);
582 flush_all_devices_for_iommu(iommu);
583 flush_all_domains_on_iommu(iommu);
585 iommu->reset_in_progress = false;
588 void amd_iommu_flush_all_devices(void)
590 flush_devices_by_domain(NULL);
593 /****************************************************************************
595 * The functions below are used the create the page table mappings for
596 * unity mapped regions.
598 ****************************************************************************/
601 * Generic mapping functions. It maps a physical address into a DMA
602 * address space. It allocates the page table pages if necessary.
603 * In the future it can be extended to a generic mapping function
604 * supporting all features of AMD IOMMU page tables like level skipping
605 * and full 64 bit address spaces.
607 static int iommu_map_page(struct protection_domain *dom,
608 unsigned long bus_addr,
609 unsigned long phys_addr,
615 bus_addr = PAGE_ALIGN(bus_addr);
616 phys_addr = PAGE_ALIGN(phys_addr);
618 BUG_ON(!PM_ALIGNED(map_size, bus_addr));
619 BUG_ON(!PM_ALIGNED(map_size, phys_addr));
621 if (!(prot & IOMMU_PROT_MASK))
624 pte = alloc_pte(dom, bus_addr, map_size, NULL, GFP_KERNEL);
626 if (IOMMU_PTE_PRESENT(*pte))
629 __pte = phys_addr | IOMMU_PTE_P;
630 if (prot & IOMMU_PROT_IR)
631 __pte |= IOMMU_PTE_IR;
632 if (prot & IOMMU_PROT_IW)
633 __pte |= IOMMU_PTE_IW;
642 static void iommu_unmap_page(struct protection_domain *dom,
643 unsigned long bus_addr, int map_size)
645 u64 *pte = fetch_pte(dom, bus_addr, map_size);
652 * This function checks if a specific unity mapping entry is needed for
653 * this specific IOMMU.
655 static int iommu_for_unity_map(struct amd_iommu *iommu,
656 struct unity_map_entry *entry)
660 for (i = entry->devid_start; i <= entry->devid_end; ++i) {
661 bdf = amd_iommu_alias_table[i];
662 if (amd_iommu_rlookup_table[bdf] == iommu)
670 * Init the unity mappings for a specific IOMMU in the system
672 * Basically iterates over all unity mapping entries and applies them to
673 * the default domain DMA of that IOMMU if necessary.
675 static int iommu_init_unity_mappings(struct amd_iommu *iommu)
677 struct unity_map_entry *entry;
680 list_for_each_entry(entry, &amd_iommu_unity_map, list) {
681 if (!iommu_for_unity_map(iommu, entry))
683 ret = dma_ops_unity_map(iommu->default_dom, entry);
692 * This function actually applies the mapping to the page table of the
695 static int dma_ops_unity_map(struct dma_ops_domain *dma_dom,
696 struct unity_map_entry *e)
701 for (addr = e->address_start; addr < e->address_end;
703 ret = iommu_map_page(&dma_dom->domain, addr, addr, e->prot,
708 * if unity mapping is in aperture range mark the page
709 * as allocated in the aperture
711 if (addr < dma_dom->aperture_size)
712 __set_bit(addr >> PAGE_SHIFT,
713 dma_dom->aperture[0]->bitmap);
720 * Inits the unity mappings required for a specific device
722 static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
725 struct unity_map_entry *e;
728 list_for_each_entry(e, &amd_iommu_unity_map, list) {
729 if (!(devid >= e->devid_start && devid <= e->devid_end))
731 ret = dma_ops_unity_map(dma_dom, e);
739 /****************************************************************************
741 * The next functions belong to the address allocator for the dma_ops
742 * interface functions. They work like the allocators in the other IOMMU
743 * drivers. Its basically a bitmap which marks the allocated pages in
744 * the aperture. Maybe it could be enhanced in the future to a more
745 * efficient allocator.
747 ****************************************************************************/
750 * The address allocator core functions.
752 * called with domain->lock held
756 * This function checks if there is a PTE for a given dma address. If
757 * there is one, it returns the pointer to it.
759 static u64 *fetch_pte(struct protection_domain *domain,
760 unsigned long address, int map_size)
765 level = domain->mode - 1;
766 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
768 while (level > map_size) {
769 if (!IOMMU_PTE_PRESENT(*pte))
774 pte = IOMMU_PTE_PAGE(*pte);
775 pte = &pte[PM_LEVEL_INDEX(level, address)];
777 if ((PM_PTE_LEVEL(*pte) == 0) && level != map_size) {
787 * This function is used to add a new aperture range to an existing
788 * aperture in case of dma_ops domain allocation or address allocation
791 static int alloc_new_range(struct dma_ops_domain *dma_dom,
792 bool populate, gfp_t gfp)
794 int index = dma_dom->aperture_size >> APERTURE_RANGE_SHIFT;
795 struct amd_iommu *iommu;
798 #ifdef CONFIG_IOMMU_STRESS
802 if (index >= APERTURE_MAX_RANGES)
805 dma_dom->aperture[index] = kzalloc(sizeof(struct aperture_range), gfp);
806 if (!dma_dom->aperture[index])
809 dma_dom->aperture[index]->bitmap = (void *)get_zeroed_page(gfp);
810 if (!dma_dom->aperture[index]->bitmap)
813 dma_dom->aperture[index]->offset = dma_dom->aperture_size;
816 unsigned long address = dma_dom->aperture_size;
817 int i, num_ptes = APERTURE_RANGE_PAGES / 512;
820 for (i = 0; i < num_ptes; ++i) {
821 pte = alloc_pte(&dma_dom->domain, address, PM_MAP_4k,
826 dma_dom->aperture[index]->pte_pages[i] = pte_page;
828 address += APERTURE_RANGE_SIZE / 64;
832 dma_dom->aperture_size += APERTURE_RANGE_SIZE;
834 /* Intialize the exclusion range if necessary */
835 for_each_iommu(iommu) {
836 if (iommu->exclusion_start &&
837 iommu->exclusion_start >= dma_dom->aperture[index]->offset
838 && iommu->exclusion_start < dma_dom->aperture_size) {
839 unsigned long startpage;
840 int pages = iommu_num_pages(iommu->exclusion_start,
841 iommu->exclusion_length,
843 startpage = iommu->exclusion_start >> PAGE_SHIFT;
844 dma_ops_reserve_addresses(dma_dom, startpage, pages);
849 * Check for areas already mapped as present in the new aperture
850 * range and mark those pages as reserved in the allocator. Such
851 * mappings may already exist as a result of requested unity
852 * mappings for devices.
854 for (i = dma_dom->aperture[index]->offset;
855 i < dma_dom->aperture_size;
857 u64 *pte = fetch_pte(&dma_dom->domain, i, PM_MAP_4k);
858 if (!pte || !IOMMU_PTE_PRESENT(*pte))
861 dma_ops_reserve_addresses(dma_dom, i << PAGE_SHIFT, 1);
864 update_domain(&dma_dom->domain);
869 update_domain(&dma_dom->domain);
871 free_page((unsigned long)dma_dom->aperture[index]->bitmap);
873 kfree(dma_dom->aperture[index]);
874 dma_dom->aperture[index] = NULL;
879 static unsigned long dma_ops_area_alloc(struct device *dev,
880 struct dma_ops_domain *dom,
882 unsigned long align_mask,
886 unsigned long next_bit = dom->next_address % APERTURE_RANGE_SIZE;
887 int max_index = dom->aperture_size >> APERTURE_RANGE_SHIFT;
888 int i = start >> APERTURE_RANGE_SHIFT;
889 unsigned long boundary_size;
890 unsigned long address = -1;
893 next_bit >>= PAGE_SHIFT;
895 boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
896 PAGE_SIZE) >> PAGE_SHIFT;
898 for (;i < max_index; ++i) {
899 unsigned long offset = dom->aperture[i]->offset >> PAGE_SHIFT;
901 if (dom->aperture[i]->offset >= dma_mask)
904 limit = iommu_device_max_index(APERTURE_RANGE_PAGES, offset,
905 dma_mask >> PAGE_SHIFT);
907 address = iommu_area_alloc(dom->aperture[i]->bitmap,
908 limit, next_bit, pages, 0,
909 boundary_size, align_mask);
911 address = dom->aperture[i]->offset +
912 (address << PAGE_SHIFT);
913 dom->next_address = address + (pages << PAGE_SHIFT);
923 static unsigned long dma_ops_alloc_addresses(struct device *dev,
924 struct dma_ops_domain *dom,
926 unsigned long align_mask,
929 unsigned long address;
931 #ifdef CONFIG_IOMMU_STRESS
932 dom->next_address = 0;
933 dom->need_flush = true;
936 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
937 dma_mask, dom->next_address);
940 dom->next_address = 0;
941 address = dma_ops_area_alloc(dev, dom, pages, align_mask,
943 dom->need_flush = true;
946 if (unlikely(address == -1))
947 address = DMA_ERROR_CODE;
949 WARN_ON((address + (PAGE_SIZE*pages)) > dom->aperture_size);
955 * The address free function.
957 * called with domain->lock held
959 static void dma_ops_free_addresses(struct dma_ops_domain *dom,
960 unsigned long address,
963 unsigned i = address >> APERTURE_RANGE_SHIFT;
964 struct aperture_range *range = dom->aperture[i];
966 BUG_ON(i >= APERTURE_MAX_RANGES || range == NULL);
968 #ifdef CONFIG_IOMMU_STRESS
973 if (address >= dom->next_address)
974 dom->need_flush = true;
976 address = (address % APERTURE_RANGE_SIZE) >> PAGE_SHIFT;
978 iommu_area_free(range->bitmap, address, pages);
982 /****************************************************************************
984 * The next functions belong to the domain allocation. A domain is
985 * allocated for every IOMMU as the default domain. If device isolation
986 * is enabled, every device get its own domain. The most important thing
987 * about domains is the page table mapping the DMA address space they
990 ****************************************************************************/
993 * This function adds a protection domain to the global protection domain list
995 static void add_domain_to_list(struct protection_domain *domain)
999 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1000 list_add(&domain->list, &amd_iommu_pd_list);
1001 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1005 * This function removes a protection domain to the global
1006 * protection domain list
1008 static void del_domain_from_list(struct protection_domain *domain)
1010 unsigned long flags;
1012 spin_lock_irqsave(&amd_iommu_pd_lock, flags);
1013 list_del(&domain->list);
1014 spin_unlock_irqrestore(&amd_iommu_pd_lock, flags);
1017 static u16 domain_id_alloc(void)
1019 unsigned long flags;
1022 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1023 id = find_first_zero_bit(amd_iommu_pd_alloc_bitmap, MAX_DOMAIN_ID);
1025 if (id > 0 && id < MAX_DOMAIN_ID)
1026 __set_bit(id, amd_iommu_pd_alloc_bitmap);
1029 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1034 static void domain_id_free(int id)
1036 unsigned long flags;
1038 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1039 if (id > 0 && id < MAX_DOMAIN_ID)
1040 __clear_bit(id, amd_iommu_pd_alloc_bitmap);
1041 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1045 * Used to reserve address ranges in the aperture (e.g. for exclusion
1048 static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
1049 unsigned long start_page,
1052 unsigned int i, last_page = dom->aperture_size >> PAGE_SHIFT;
1054 if (start_page + pages > last_page)
1055 pages = last_page - start_page;
1057 for (i = start_page; i < start_page + pages; ++i) {
1058 int index = i / APERTURE_RANGE_PAGES;
1059 int page = i % APERTURE_RANGE_PAGES;
1060 __set_bit(page, dom->aperture[index]->bitmap);
1064 static void free_pagetable(struct protection_domain *domain)
1069 p1 = domain->pt_root;
1074 for (i = 0; i < 512; ++i) {
1075 if (!IOMMU_PTE_PRESENT(p1[i]))
1078 p2 = IOMMU_PTE_PAGE(p1[i]);
1079 for (j = 0; j < 512; ++j) {
1080 if (!IOMMU_PTE_PRESENT(p2[j]))
1082 p3 = IOMMU_PTE_PAGE(p2[j]);
1083 free_page((unsigned long)p3);
1086 free_page((unsigned long)p2);
1089 free_page((unsigned long)p1);
1091 domain->pt_root = NULL;
1095 * Free a domain, only used if something went wrong in the
1096 * allocation path and we need to free an already allocated page table
1098 static void dma_ops_domain_free(struct dma_ops_domain *dom)
1105 del_domain_from_list(&dom->domain);
1107 free_pagetable(&dom->domain);
1109 for (i = 0; i < APERTURE_MAX_RANGES; ++i) {
1110 if (!dom->aperture[i])
1112 free_page((unsigned long)dom->aperture[i]->bitmap);
1113 kfree(dom->aperture[i]);
1120 * Allocates a new protection domain usable for the dma_ops functions.
1121 * It also intializes the page table and the address allocator data
1122 * structures required for the dma_ops interface
1124 static struct dma_ops_domain *dma_ops_domain_alloc(struct amd_iommu *iommu)
1126 struct dma_ops_domain *dma_dom;
1128 dma_dom = kzalloc(sizeof(struct dma_ops_domain), GFP_KERNEL);
1132 spin_lock_init(&dma_dom->domain.lock);
1134 dma_dom->domain.id = domain_id_alloc();
1135 if (dma_dom->domain.id == 0)
1137 dma_dom->domain.mode = PAGE_MODE_2_LEVEL;
1138 dma_dom->domain.pt_root = (void *)get_zeroed_page(GFP_KERNEL);
1139 dma_dom->domain.flags = PD_DMA_OPS_MASK;
1140 dma_dom->domain.priv = dma_dom;
1141 if (!dma_dom->domain.pt_root)
1144 dma_dom->need_flush = false;
1145 dma_dom->target_dev = 0xffff;
1147 add_domain_to_list(&dma_dom->domain);
1149 if (alloc_new_range(dma_dom, true, GFP_KERNEL))
1153 * mark the first page as allocated so we never return 0 as
1154 * a valid dma-address. So we can use 0 as error value
1156 dma_dom->aperture[0]->bitmap[0] = 1;
1157 dma_dom->next_address = 0;
1163 dma_ops_domain_free(dma_dom);
1169 * little helper function to check whether a given protection domain is a
1172 static bool dma_ops_domain(struct protection_domain *domain)
1174 return domain->flags & PD_DMA_OPS_MASK;
1178 * Find out the protection domain structure for a given PCI device. This
1179 * will give us the pointer to the page table root for example.
1181 static struct protection_domain *domain_for_device(u16 devid)
1183 struct protection_domain *dom;
1184 unsigned long flags;
1186 read_lock_irqsave(&amd_iommu_devtable_lock, flags);
1187 dom = amd_iommu_pd_table[devid];
1188 read_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1193 static void set_dte_entry(u16 devid, struct protection_domain *domain)
1195 u64 pte_root = virt_to_phys(domain->pt_root);
1197 pte_root |= (domain->mode & DEV_ENTRY_MODE_MASK)
1198 << DEV_ENTRY_MODE_SHIFT;
1199 pte_root |= IOMMU_PTE_IR | IOMMU_PTE_IW | IOMMU_PTE_P | IOMMU_PTE_TV;
1201 amd_iommu_dev_table[devid].data[2] = domain->id;
1202 amd_iommu_dev_table[devid].data[1] = upper_32_bits(pte_root);
1203 amd_iommu_dev_table[devid].data[0] = lower_32_bits(pte_root);
1205 amd_iommu_pd_table[devid] = domain;
1209 * If a device is not yet associated with a domain, this function does
1210 * assigns it visible for the hardware
1212 static void __attach_device(struct amd_iommu *iommu,
1213 struct protection_domain *domain,
1217 spin_lock(&domain->lock);
1219 /* update DTE entry */
1220 set_dte_entry(devid, domain);
1222 /* Do reference counting */
1223 domain->dev_iommu[iommu->index] += 1;
1224 domain->dev_cnt += 1;
1227 spin_unlock(&domain->lock);
1231 * If a device is not yet associated with a domain, this function does
1232 * assigns it visible for the hardware
1234 static void attach_device(struct amd_iommu *iommu,
1235 struct protection_domain *domain,
1238 unsigned long flags;
1240 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1241 __attach_device(iommu, domain, devid);
1242 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1245 * We might boot into a crash-kernel here. The crashed kernel
1246 * left the caches in the IOMMU dirty. So we have to flush
1247 * here to evict all dirty stuff.
1249 iommu_queue_inv_dev_entry(iommu, devid);
1250 iommu_flush_tlb_pde(domain);
1254 * Removes a device from a protection domain (unlocked)
1256 static void __detach_device(struct protection_domain *domain, u16 devid)
1258 struct amd_iommu *iommu = amd_iommu_rlookup_table[devid];
1263 spin_lock(&domain->lock);
1265 /* remove domain from the lookup table */
1266 amd_iommu_pd_table[devid] = NULL;
1268 /* remove entry from the device table seen by the hardware */
1269 amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
1270 amd_iommu_dev_table[devid].data[1] = 0;
1271 amd_iommu_dev_table[devid].data[2] = 0;
1273 amd_iommu_apply_erratum_63(devid);
1275 /* decrease reference counters */
1276 domain->dev_iommu[iommu->index] -= 1;
1277 domain->dev_cnt -= 1;
1280 spin_unlock(&domain->lock);
1283 * If we run in passthrough mode the device must be assigned to the
1284 * passthrough domain if it is detached from any other domain
1286 if (iommu_pass_through) {
1287 struct amd_iommu *iommu = amd_iommu_rlookup_table[devid];
1288 __attach_device(iommu, pt_domain, devid);
1293 * Removes a device from a protection domain (with devtable_lock held)
1295 static void detach_device(struct protection_domain *domain, u16 devid)
1297 unsigned long flags;
1299 /* lock device table */
1300 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1301 __detach_device(domain, devid);
1302 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1305 static int device_change_notifier(struct notifier_block *nb,
1306 unsigned long action, void *data)
1308 struct device *dev = data;
1309 struct pci_dev *pdev = to_pci_dev(dev);
1310 u16 devid = calc_devid(pdev->bus->number, pdev->devfn);
1311 struct protection_domain *domain;
1312 struct dma_ops_domain *dma_domain;
1313 struct amd_iommu *iommu;
1314 unsigned long flags;
1316 if (devid > amd_iommu_last_bdf)
1319 devid = amd_iommu_alias_table[devid];
1321 iommu = amd_iommu_rlookup_table[devid];
1325 domain = domain_for_device(devid);
1327 if (domain && !dma_ops_domain(domain))
1328 WARN_ONCE(1, "AMD IOMMU WARNING: device %s already bound "
1329 "to a non-dma-ops domain\n", dev_name(dev));
1332 case BUS_NOTIFY_UNBOUND_DRIVER:
1335 if (iommu_pass_through)
1337 detach_device(domain, devid);
1339 case BUS_NOTIFY_ADD_DEVICE:
1340 /* allocate a protection domain if a device is added */
1341 dma_domain = find_protection_domain(devid);
1344 dma_domain = dma_ops_domain_alloc(iommu);
1347 dma_domain->target_dev = devid;
1349 spin_lock_irqsave(&iommu_pd_list_lock, flags);
1350 list_add_tail(&dma_domain->list, &iommu_pd_list);
1351 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
1358 iommu_queue_inv_dev_entry(iommu, devid);
1359 iommu_completion_wait(iommu);
1365 static struct notifier_block device_nb = {
1366 .notifier_call = device_change_notifier,
1369 /*****************************************************************************
1371 * The next functions belong to the dma_ops mapping/unmapping code.
1373 *****************************************************************************/
1376 * This function checks if the driver got a valid device from the caller to
1377 * avoid dereferencing invalid pointers.
1379 static bool check_device(struct device *dev)
1382 struct pci_dev *pcidev;
1384 if (!dev || !dev->dma_mask)
1387 /* No device or no PCI device */
1388 if (!dev || dev->bus != &pci_bus_type)
1391 pcidev = to_pci_dev(dev);
1393 bdf = calc_devid(pcidev->bus->number, pcidev->devfn);
1395 /* Out of our scope? */
1396 if (bdf > amd_iommu_last_bdf)
1399 if (amd_iommu_rlookup_table[bdf] == NULL)
1406 * In this function the list of preallocated protection domains is traversed to
1407 * find the domain for a specific device
1409 static struct dma_ops_domain *find_protection_domain(u16 devid)
1411 struct dma_ops_domain *entry, *ret = NULL;
1412 unsigned long flags;
1414 if (list_empty(&iommu_pd_list))
1417 spin_lock_irqsave(&iommu_pd_list_lock, flags);
1419 list_for_each_entry(entry, &iommu_pd_list, list) {
1420 if (entry->target_dev == devid) {
1426 spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
1432 * In the dma_ops path we only have the struct device. This function
1433 * finds the corresponding IOMMU, the protection domain and the
1434 * requestor id for a given device.
1435 * If the device is not yet associated with a domain this is also done
1438 static bool get_device_resources(struct device *dev,
1439 struct amd_iommu **iommu,
1440 struct protection_domain **domain,
1443 struct dma_ops_domain *dma_dom;
1444 struct pci_dev *pcidev;
1447 if (!check_device(dev))
1450 pcidev = to_pci_dev(dev);
1451 _bdf = calc_devid(pcidev->bus->number, pcidev->devfn);
1452 *bdf = amd_iommu_alias_table[_bdf];
1453 *iommu = amd_iommu_rlookup_table[*bdf];
1454 *domain = domain_for_device(*bdf);
1456 if (*domain == NULL) {
1457 dma_dom = find_protection_domain(*bdf);
1459 dma_dom = (*iommu)->default_dom;
1460 *domain = &dma_dom->domain;
1461 attach_device(*iommu, *domain, *bdf);
1462 DUMP_printk("Using protection domain %d for device %s\n",
1463 (*domain)->id, dev_name(dev));
1466 if (domain_for_device(_bdf) == NULL)
1467 attach_device(*iommu, *domain, _bdf);
1472 static void update_device_table(struct protection_domain *domain)
1474 unsigned long flags;
1477 for (i = 0; i <= amd_iommu_last_bdf; ++i) {
1478 if (amd_iommu_pd_table[i] != domain)
1480 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
1481 set_dte_entry(i, domain);
1482 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
1486 static void update_domain(struct protection_domain *domain)
1488 if (!domain->updated)
1491 update_device_table(domain);
1492 flush_devices_by_domain(domain);
1493 iommu_flush_tlb_pde(domain);
1495 domain->updated = false;
1499 * This function is used to add another level to an IO page table. Adding
1500 * another level increases the size of the address space by 9 bits to a size up
1503 static bool increase_address_space(struct protection_domain *domain,
1508 if (domain->mode == PAGE_MODE_6_LEVEL)
1509 /* address space already 64 bit large */
1512 pte = (void *)get_zeroed_page(gfp);
1516 *pte = PM_LEVEL_PDE(domain->mode,
1517 virt_to_phys(domain->pt_root));
1518 domain->pt_root = pte;
1520 domain->updated = true;
1525 static u64 *alloc_pte(struct protection_domain *domain,
1526 unsigned long address,
1534 while (address > PM_LEVEL_SIZE(domain->mode))
1535 increase_address_space(domain, gfp);
1537 level = domain->mode - 1;
1538 pte = &domain->pt_root[PM_LEVEL_INDEX(level, address)];
1540 while (level > end_lvl) {
1541 if (!IOMMU_PTE_PRESENT(*pte)) {
1542 page = (u64 *)get_zeroed_page(gfp);
1545 *pte = PM_LEVEL_PDE(level, virt_to_phys(page));
1550 pte = IOMMU_PTE_PAGE(*pte);
1552 if (pte_page && level == end_lvl)
1555 pte = &pte[PM_LEVEL_INDEX(level, address)];
1562 * This function fetches the PTE for a given address in the aperture
1564 static u64* dma_ops_get_pte(struct dma_ops_domain *dom,
1565 unsigned long address)
1567 struct aperture_range *aperture;
1568 u64 *pte, *pte_page;
1570 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
1574 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
1576 pte = alloc_pte(&dom->domain, address, PM_MAP_4k, &pte_page,
1578 aperture->pte_pages[APERTURE_PAGE_INDEX(address)] = pte_page;
1580 pte += PM_LEVEL_INDEX(0, address);
1582 update_domain(&dom->domain);
1588 * This is the generic map function. It maps one 4kb page at paddr to
1589 * the given address in the DMA address space for the domain.
1591 static dma_addr_t dma_ops_domain_map(struct dma_ops_domain *dom,
1592 unsigned long address,
1598 WARN_ON(address > dom->aperture_size);
1602 pte = dma_ops_get_pte(dom, address);
1604 return DMA_ERROR_CODE;
1606 __pte = paddr | IOMMU_PTE_P | IOMMU_PTE_FC;
1608 if (direction == DMA_TO_DEVICE)
1609 __pte |= IOMMU_PTE_IR;
1610 else if (direction == DMA_FROM_DEVICE)
1611 __pte |= IOMMU_PTE_IW;
1612 else if (direction == DMA_BIDIRECTIONAL)
1613 __pte |= IOMMU_PTE_IR | IOMMU_PTE_IW;
1619 return (dma_addr_t)address;
1623 * The generic unmapping function for on page in the DMA address space.
1625 static void dma_ops_domain_unmap(struct dma_ops_domain *dom,
1626 unsigned long address)
1628 struct aperture_range *aperture;
1631 if (address >= dom->aperture_size)
1634 aperture = dom->aperture[APERTURE_RANGE_INDEX(address)];
1638 pte = aperture->pte_pages[APERTURE_PAGE_INDEX(address)];
1642 pte += PM_LEVEL_INDEX(0, address);
1650 * This function contains common code for mapping of a physically
1651 * contiguous memory region into DMA address space. It is used by all
1652 * mapping functions provided with this IOMMU driver.
1653 * Must be called with the domain lock held.
1655 static dma_addr_t __map_single(struct device *dev,
1656 struct dma_ops_domain *dma_dom,
1663 dma_addr_t offset = paddr & ~PAGE_MASK;
1664 dma_addr_t address, start, ret;
1666 unsigned long align_mask = 0;
1669 pages = iommu_num_pages(paddr, size, PAGE_SIZE);
1672 INC_STATS_COUNTER(total_map_requests);
1675 INC_STATS_COUNTER(cross_page);
1678 align_mask = (1UL << get_order(size)) - 1;
1681 address = dma_ops_alloc_addresses(dev, dma_dom, pages, align_mask,
1683 if (unlikely(address == DMA_ERROR_CODE)) {
1685 * setting next_address here will let the address
1686 * allocator only scan the new allocated range in the
1687 * first run. This is a small optimization.
1689 dma_dom->next_address = dma_dom->aperture_size;
1691 if (alloc_new_range(dma_dom, false, GFP_ATOMIC))
1695 * aperture was sucessfully enlarged by 128 MB, try
1702 for (i = 0; i < pages; ++i) {
1703 ret = dma_ops_domain_map(dma_dom, start, paddr, dir);
1704 if (ret == DMA_ERROR_CODE)
1712 ADD_STATS_COUNTER(alloced_io_mem, size);
1714 if (unlikely(dma_dom->need_flush && !amd_iommu_unmap_flush)) {
1715 iommu_flush_tlb(&dma_dom->domain);
1716 dma_dom->need_flush = false;
1717 } else if (unlikely(amd_iommu_np_cache))
1718 iommu_flush_pages(&dma_dom->domain, address, size);
1725 for (--i; i >= 0; --i) {
1727 dma_ops_domain_unmap(dma_dom, start);
1730 dma_ops_free_addresses(dma_dom, address, pages);
1732 return DMA_ERROR_CODE;
1736 * Does the reverse of the __map_single function. Must be called with
1737 * the domain lock held too
1739 static void __unmap_single(struct dma_ops_domain *dma_dom,
1740 dma_addr_t dma_addr,
1744 dma_addr_t i, start;
1747 if ((dma_addr == DMA_ERROR_CODE) ||
1748 (dma_addr + size > dma_dom->aperture_size))
1751 pages = iommu_num_pages(dma_addr, size, PAGE_SIZE);
1752 dma_addr &= PAGE_MASK;
1755 for (i = 0; i < pages; ++i) {
1756 dma_ops_domain_unmap(dma_dom, start);
1760 SUB_STATS_COUNTER(alloced_io_mem, size);
1762 dma_ops_free_addresses(dma_dom, dma_addr, pages);
1764 if (amd_iommu_unmap_flush || dma_dom->need_flush) {
1765 iommu_flush_pages(&dma_dom->domain, dma_addr, size);
1766 dma_dom->need_flush = false;
1771 * The exported map_single function for dma_ops.
1773 static dma_addr_t map_page(struct device *dev, struct page *page,
1774 unsigned long offset, size_t size,
1775 enum dma_data_direction dir,
1776 struct dma_attrs *attrs)
1778 unsigned long flags;
1779 struct amd_iommu *iommu;
1780 struct protection_domain *domain;
1784 phys_addr_t paddr = page_to_phys(page) + offset;
1786 INC_STATS_COUNTER(cnt_map_single);
1788 if (!get_device_resources(dev, &iommu, &domain, &devid))
1789 /* device not handled by any AMD IOMMU */
1790 return (dma_addr_t)paddr;
1792 dma_mask = *dev->dma_mask;
1794 if (!dma_ops_domain(domain))
1795 return DMA_ERROR_CODE;
1797 spin_lock_irqsave(&domain->lock, flags);
1798 addr = __map_single(dev, domain->priv, paddr, size, dir, false,
1800 if (addr == DMA_ERROR_CODE)
1803 iommu_flush_complete(domain);
1806 spin_unlock_irqrestore(&domain->lock, flags);
1812 * The exported unmap_single function for dma_ops.
1814 static void unmap_page(struct device *dev, dma_addr_t dma_addr, size_t size,
1815 enum dma_data_direction dir, struct dma_attrs *attrs)
1817 unsigned long flags;
1818 struct amd_iommu *iommu;
1819 struct protection_domain *domain;
1822 INC_STATS_COUNTER(cnt_unmap_single);
1824 if (!get_device_resources(dev, &iommu, &domain, &devid))
1825 /* device not handled by any AMD IOMMU */
1828 if (!dma_ops_domain(domain))
1831 spin_lock_irqsave(&domain->lock, flags);
1833 __unmap_single(domain->priv, dma_addr, size, dir);
1835 iommu_flush_complete(domain);
1837 spin_unlock_irqrestore(&domain->lock, flags);
1841 * This is a special map_sg function which is used if we should map a
1842 * device which is not handled by an AMD IOMMU in the system.
1844 static int map_sg_no_iommu(struct device *dev, struct scatterlist *sglist,
1845 int nelems, int dir)
1847 struct scatterlist *s;
1850 for_each_sg(sglist, s, nelems, i) {
1851 s->dma_address = (dma_addr_t)sg_phys(s);
1852 s->dma_length = s->length;
1859 * The exported map_sg function for dma_ops (handles scatter-gather
1862 static int map_sg(struct device *dev, struct scatterlist *sglist,
1863 int nelems, enum dma_data_direction dir,
1864 struct dma_attrs *attrs)
1866 unsigned long flags;
1867 struct amd_iommu *iommu;
1868 struct protection_domain *domain;
1871 struct scatterlist *s;
1873 int mapped_elems = 0;
1876 INC_STATS_COUNTER(cnt_map_sg);
1878 if (!get_device_resources(dev, &iommu, &domain, &devid))
1879 return map_sg_no_iommu(dev, sglist, nelems, dir);
1881 dma_mask = *dev->dma_mask;
1883 if (!dma_ops_domain(domain))
1886 spin_lock_irqsave(&domain->lock, flags);
1888 for_each_sg(sglist, s, nelems, i) {
1891 s->dma_address = __map_single(dev, domain->priv,
1892 paddr, s->length, dir, false,
1895 if (s->dma_address) {
1896 s->dma_length = s->length;
1902 iommu_flush_complete(domain);
1905 spin_unlock_irqrestore(&domain->lock, flags);
1907 return mapped_elems;
1909 for_each_sg(sglist, s, mapped_elems, i) {
1911 __unmap_single(domain->priv, s->dma_address,
1912 s->dma_length, dir);
1913 s->dma_address = s->dma_length = 0;
1922 * The exported map_sg function for dma_ops (handles scatter-gather
1925 static void unmap_sg(struct device *dev, struct scatterlist *sglist,
1926 int nelems, enum dma_data_direction dir,
1927 struct dma_attrs *attrs)
1929 unsigned long flags;
1930 struct amd_iommu *iommu;
1931 struct protection_domain *domain;
1932 struct scatterlist *s;
1936 INC_STATS_COUNTER(cnt_unmap_sg);
1938 if (!get_device_resources(dev, &iommu, &domain, &devid))
1941 if (!dma_ops_domain(domain))
1944 spin_lock_irqsave(&domain->lock, flags);
1946 for_each_sg(sglist, s, nelems, i) {
1947 __unmap_single(domain->priv, s->dma_address,
1948 s->dma_length, dir);
1949 s->dma_address = s->dma_length = 0;
1952 iommu_flush_complete(domain);
1954 spin_unlock_irqrestore(&domain->lock, flags);
1958 * The exported alloc_coherent function for dma_ops.
1960 static void *alloc_coherent(struct device *dev, size_t size,
1961 dma_addr_t *dma_addr, gfp_t flag)
1963 unsigned long flags;
1965 struct amd_iommu *iommu;
1966 struct protection_domain *domain;
1969 u64 dma_mask = dev->coherent_dma_mask;
1971 INC_STATS_COUNTER(cnt_alloc_coherent);
1973 if (!get_device_resources(dev, &iommu, &domain, &devid)) {
1974 virt_addr = (void *)__get_free_pages(flag, get_order(size));
1975 *dma_addr = __pa(virt_addr);
1979 dma_mask = dev->coherent_dma_mask;
1980 flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
1983 virt_addr = (void *)__get_free_pages(flag, get_order(size));
1987 paddr = virt_to_phys(virt_addr);
1989 if (!dma_ops_domain(domain))
1993 dma_mask = *dev->dma_mask;
1995 spin_lock_irqsave(&domain->lock, flags);
1997 *dma_addr = __map_single(dev, domain->priv, paddr,
1998 size, DMA_BIDIRECTIONAL, true, dma_mask);
2000 if (*dma_addr == DMA_ERROR_CODE) {
2001 spin_unlock_irqrestore(&domain->lock, flags);
2005 iommu_flush_complete(domain);
2007 spin_unlock_irqrestore(&domain->lock, flags);
2013 free_pages((unsigned long)virt_addr, get_order(size));
2019 * The exported free_coherent function for dma_ops.
2021 static void free_coherent(struct device *dev, size_t size,
2022 void *virt_addr, dma_addr_t dma_addr)
2024 unsigned long flags;
2025 struct amd_iommu *iommu;
2026 struct protection_domain *domain;
2029 INC_STATS_COUNTER(cnt_free_coherent);
2031 if (!get_device_resources(dev, &iommu, &domain, &devid))
2034 if (!dma_ops_domain(domain))
2037 spin_lock_irqsave(&domain->lock, flags);
2039 __unmap_single(domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
2041 iommu_flush_complete(domain);
2043 spin_unlock_irqrestore(&domain->lock, flags);
2046 free_pages((unsigned long)virt_addr, get_order(size));
2050 * This function is called by the DMA layer to find out if we can handle a
2051 * particular device. It is part of the dma_ops.
2053 static int amd_iommu_dma_supported(struct device *dev, u64 mask)
2055 return check_device(dev);
2059 * The function for pre-allocating protection domains.
2061 * If the driver core informs the DMA layer if a driver grabs a device
2062 * we don't need to preallocate the protection domains anymore.
2063 * For now we have to.
2065 static void prealloc_protection_domains(void)
2067 struct pci_dev *dev = NULL;
2068 struct dma_ops_domain *dma_dom;
2069 struct amd_iommu *iommu;
2072 while ((dev = pci_get_device(PCI_ANY_ID, PCI_ANY_ID, dev)) != NULL) {
2073 __devid = devid = calc_devid(dev->bus->number, dev->devfn);
2074 if (devid > amd_iommu_last_bdf)
2076 devid = amd_iommu_alias_table[devid];
2077 if (domain_for_device(devid))
2079 iommu = amd_iommu_rlookup_table[devid];
2082 dma_dom = dma_ops_domain_alloc(iommu);
2085 init_unity_mappings_for_device(dma_dom, devid);
2086 dma_dom->target_dev = devid;
2088 attach_device(iommu, &dma_dom->domain, devid);
2089 if (__devid != devid)
2090 attach_device(iommu, &dma_dom->domain, __devid);
2092 list_add_tail(&dma_dom->list, &iommu_pd_list);
2096 static struct dma_map_ops amd_iommu_dma_ops = {
2097 .alloc_coherent = alloc_coherent,
2098 .free_coherent = free_coherent,
2099 .map_page = map_page,
2100 .unmap_page = unmap_page,
2102 .unmap_sg = unmap_sg,
2103 .dma_supported = amd_iommu_dma_supported,
2107 * The function which clues the AMD IOMMU driver into dma_ops.
2109 int __init amd_iommu_init_dma_ops(void)
2111 struct amd_iommu *iommu;
2115 * first allocate a default protection domain for every IOMMU we
2116 * found in the system. Devices not assigned to any other
2117 * protection domain will be assigned to the default one.
2119 for_each_iommu(iommu) {
2120 iommu->default_dom = dma_ops_domain_alloc(iommu);
2121 if (iommu->default_dom == NULL)
2123 iommu->default_dom->domain.flags |= PD_DEFAULT_MASK;
2124 ret = iommu_init_unity_mappings(iommu);
2130 * If device isolation is enabled, pre-allocate the protection
2131 * domains for each device.
2133 if (amd_iommu_isolate)
2134 prealloc_protection_domains();
2138 #ifdef CONFIG_GART_IOMMU
2139 gart_iommu_aperture_disabled = 1;
2140 gart_iommu_aperture = 0;
2143 /* Make the driver finally visible to the drivers */
2144 dma_ops = &amd_iommu_dma_ops;
2146 register_iommu(&amd_iommu_ops);
2148 bus_register_notifier(&pci_bus_type, &device_nb);
2150 amd_iommu_stats_init();
2156 for_each_iommu(iommu) {
2157 if (iommu->default_dom)
2158 dma_ops_domain_free(iommu->default_dom);
2164 /*****************************************************************************
2166 * The following functions belong to the exported interface of AMD IOMMU
2168 * This interface allows access to lower level functions of the IOMMU
2169 * like protection domain handling and assignement of devices to domains
2170 * which is not possible with the dma_ops interface.
2172 *****************************************************************************/
2174 static void cleanup_domain(struct protection_domain *domain)
2176 unsigned long flags;
2179 write_lock_irqsave(&amd_iommu_devtable_lock, flags);
2181 for (devid = 0; devid <= amd_iommu_last_bdf; ++devid)
2182 if (amd_iommu_pd_table[devid] == domain)
2183 __detach_device(domain, devid);
2185 write_unlock_irqrestore(&amd_iommu_devtable_lock, flags);
2188 static void protection_domain_free(struct protection_domain *domain)
2193 del_domain_from_list(domain);
2196 domain_id_free(domain->id);
2201 static struct protection_domain *protection_domain_alloc(void)
2203 struct protection_domain *domain;
2205 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
2209 spin_lock_init(&domain->lock);
2210 domain->id = domain_id_alloc();
2214 add_domain_to_list(domain);
2224 static int amd_iommu_domain_init(struct iommu_domain *dom)
2226 struct protection_domain *domain;
2228 domain = protection_domain_alloc();
2232 domain->mode = PAGE_MODE_3_LEVEL;
2233 domain->pt_root = (void *)get_zeroed_page(GFP_KERNEL);
2234 if (!domain->pt_root)
2242 protection_domain_free(domain);
2247 static void amd_iommu_domain_destroy(struct iommu_domain *dom)
2249 struct protection_domain *domain = dom->priv;
2254 if (domain->dev_cnt > 0)
2255 cleanup_domain(domain);
2257 BUG_ON(domain->dev_cnt != 0);
2259 free_pagetable(domain);
2261 domain_id_free(domain->id);
2268 static void amd_iommu_detach_device(struct iommu_domain *dom,
2271 struct protection_domain *domain = dom->priv;
2272 struct amd_iommu *iommu;
2273 struct pci_dev *pdev;
2276 if (dev->bus != &pci_bus_type)
2279 pdev = to_pci_dev(dev);
2281 devid = calc_devid(pdev->bus->number, pdev->devfn);
2284 detach_device(domain, devid);
2286 iommu = amd_iommu_rlookup_table[devid];
2290 iommu_queue_inv_dev_entry(iommu, devid);
2291 iommu_completion_wait(iommu);
2294 static int amd_iommu_attach_device(struct iommu_domain *dom,
2297 struct protection_domain *domain = dom->priv;
2298 struct protection_domain *old_domain;
2299 struct amd_iommu *iommu;
2300 struct pci_dev *pdev;
2303 if (dev->bus != &pci_bus_type)
2306 pdev = to_pci_dev(dev);
2308 devid = calc_devid(pdev->bus->number, pdev->devfn);
2310 if (devid >= amd_iommu_last_bdf ||
2311 devid != amd_iommu_alias_table[devid])
2314 iommu = amd_iommu_rlookup_table[devid];
2318 old_domain = domain_for_device(devid);
2320 detach_device(old_domain, devid);
2322 attach_device(iommu, domain, devid);
2324 iommu_completion_wait(iommu);
2329 static int amd_iommu_map_range(struct iommu_domain *dom,
2330 unsigned long iova, phys_addr_t paddr,
2331 size_t size, int iommu_prot)
2333 struct protection_domain *domain = dom->priv;
2334 unsigned long i, npages = iommu_num_pages(paddr, size, PAGE_SIZE);
2338 if (iommu_prot & IOMMU_READ)
2339 prot |= IOMMU_PROT_IR;
2340 if (iommu_prot & IOMMU_WRITE)
2341 prot |= IOMMU_PROT_IW;
2346 for (i = 0; i < npages; ++i) {
2347 ret = iommu_map_page(domain, iova, paddr, prot, PM_MAP_4k);
2358 static void amd_iommu_unmap_range(struct iommu_domain *dom,
2359 unsigned long iova, size_t size)
2362 struct protection_domain *domain = dom->priv;
2363 unsigned long i, npages = iommu_num_pages(iova, size, PAGE_SIZE);
2367 for (i = 0; i < npages; ++i) {
2368 iommu_unmap_page(domain, iova, PM_MAP_4k);
2372 iommu_flush_tlb_pde(domain);
2375 static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom,
2378 struct protection_domain *domain = dom->priv;
2379 unsigned long offset = iova & ~PAGE_MASK;
2383 pte = fetch_pte(domain, iova, PM_MAP_4k);
2385 if (!pte || !IOMMU_PTE_PRESENT(*pte))
2388 paddr = *pte & IOMMU_PAGE_MASK;
2394 static int amd_iommu_domain_has_cap(struct iommu_domain *domain,
2400 static struct iommu_ops amd_iommu_ops = {
2401 .domain_init = amd_iommu_domain_init,
2402 .domain_destroy = amd_iommu_domain_destroy,
2403 .attach_dev = amd_iommu_attach_device,
2404 .detach_dev = amd_iommu_detach_device,
2405 .map = amd_iommu_map_range,
2406 .unmap = amd_iommu_unmap_range,
2407 .iova_to_phys = amd_iommu_iova_to_phys,
2408 .domain_has_cap = amd_iommu_domain_has_cap,
2411 /*****************************************************************************
2413 * The next functions do a basic initialization of IOMMU for pass through
2416 * In passthrough mode the IOMMU is initialized and enabled but not used for
2417 * DMA-API translation.
2419 *****************************************************************************/
2421 int __init amd_iommu_init_passthrough(void)
2423 struct pci_dev *dev = NULL;
2426 /* allocate passthroug domain */
2427 pt_domain = protection_domain_alloc();
2431 pt_domain->mode |= PAGE_MODE_NONE;
2433 while ((dev = pci_get_device(PCI_ANY_ID, PCI_ANY_ID, dev)) != NULL) {
2434 struct amd_iommu *iommu;
2436 devid = calc_devid(dev->bus->number, dev->devfn);
2437 if (devid > amd_iommu_last_bdf)
2440 devid2 = amd_iommu_alias_table[devid];
2442 iommu = amd_iommu_rlookup_table[devid2];
2446 __attach_device(iommu, pt_domain, devid);
2447 __attach_device(iommu, pt_domain, devid2);
2450 pr_info("AMD-Vi: Initialized for Passthrough Mode\n");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob