1 // SPDX-License-Identifier: GPL-2.0
3 * IOMMU API for ARM architected SMMUv3 implementations.
5 * Copyright (C) 2015 ARM Limited
7 * Author: Will Deacon <will.deacon@arm.com>
9 * This driver is powered by bad coffee and bombay mix.
12 #include <linux/acpi.h>
13 #include <linux/acpi_iort.h>
14 #include <linux/bitfield.h>
15 #include <linux/bitops.h>
16 #include <linux/crash_dump.h>
17 #include <linux/delay.h>
18 #include <linux/dma-iommu.h>
19 #include <linux/err.h>
20 #include <linux/interrupt.h>
21 #include <linux/io-pgtable.h>
22 #include <linux/iommu.h>
23 #include <linux/iopoll.h>
24 #include <linux/init.h>
25 #include <linux/moduleparam.h>
26 #include <linux/msi.h>
28 #include <linux/of_address.h>
29 #include <linux/of_iommu.h>
30 #include <linux/of_platform.h>
31 #include <linux/pci.h>
32 #include <linux/pci-ats.h>
33 #include <linux/platform_device.h>
35 #include <linux/amba/bus.h>
38 #define ARM_SMMU_IDR0 0x0
39 #define IDR0_ST_LVL GENMASK(28, 27)
40 #define IDR0_ST_LVL_2LVL 1
41 #define IDR0_STALL_MODEL GENMASK(25, 24)
42 #define IDR0_STALL_MODEL_STALL 0
43 #define IDR0_STALL_MODEL_FORCE 2
44 #define IDR0_TTENDIAN GENMASK(22, 21)
45 #define IDR0_TTENDIAN_MIXED 0
46 #define IDR0_TTENDIAN_LE 2
47 #define IDR0_TTENDIAN_BE 3
48 #define IDR0_CD2L (1 << 19)
49 #define IDR0_VMID16 (1 << 18)
50 #define IDR0_PRI (1 << 16)
51 #define IDR0_SEV (1 << 14)
52 #define IDR0_MSI (1 << 13)
53 #define IDR0_ASID16 (1 << 12)
54 #define IDR0_ATS (1 << 10)
55 #define IDR0_HYP (1 << 9)
56 #define IDR0_COHACC (1 << 4)
57 #define IDR0_TTF GENMASK(3, 2)
58 #define IDR0_TTF_AARCH64 2
59 #define IDR0_TTF_AARCH32_64 3
60 #define IDR0_S1P (1 << 1)
61 #define IDR0_S2P (1 << 0)
63 #define ARM_SMMU_IDR1 0x4
64 #define IDR1_TABLES_PRESET (1 << 30)
65 #define IDR1_QUEUES_PRESET (1 << 29)
66 #define IDR1_REL (1 << 28)
67 #define IDR1_CMDQS GENMASK(25, 21)
68 #define IDR1_EVTQS GENMASK(20, 16)
69 #define IDR1_PRIQS GENMASK(15, 11)
70 #define IDR1_SSIDSIZE GENMASK(10, 6)
71 #define IDR1_SIDSIZE GENMASK(5, 0)
73 #define ARM_SMMU_IDR5 0x14
74 #define IDR5_STALL_MAX GENMASK(31, 16)
75 #define IDR5_GRAN64K (1 << 6)
76 #define IDR5_GRAN16K (1 << 5)
77 #define IDR5_GRAN4K (1 << 4)
78 #define IDR5_OAS GENMASK(2, 0)
79 #define IDR5_OAS_32_BIT 0
80 #define IDR5_OAS_36_BIT 1
81 #define IDR5_OAS_40_BIT 2
82 #define IDR5_OAS_42_BIT 3
83 #define IDR5_OAS_44_BIT 4
84 #define IDR5_OAS_48_BIT 5
85 #define IDR5_OAS_52_BIT 6
86 #define IDR5_VAX GENMASK(11, 10)
87 #define IDR5_VAX_52_BIT 1
89 #define ARM_SMMU_CR0 0x20
90 #define CR0_ATSCHK (1 << 4)
91 #define CR0_CMDQEN (1 << 3)
92 #define CR0_EVTQEN (1 << 2)
93 #define CR0_PRIQEN (1 << 1)
94 #define CR0_SMMUEN (1 << 0)
96 #define ARM_SMMU_CR0ACK 0x24
98 #define ARM_SMMU_CR1 0x28
99 #define CR1_TABLE_SH GENMASK(11, 10)
100 #define CR1_TABLE_OC GENMASK(9, 8)
101 #define CR1_TABLE_IC GENMASK(7, 6)
102 #define CR1_QUEUE_SH GENMASK(5, 4)
103 #define CR1_QUEUE_OC GENMASK(3, 2)
104 #define CR1_QUEUE_IC GENMASK(1, 0)
105 /* CR1 cacheability fields don't quite follow the usual TCR-style encoding */
106 #define CR1_CACHE_NC 0
107 #define CR1_CACHE_WB 1
108 #define CR1_CACHE_WT 2
110 #define ARM_SMMU_CR2 0x2c
111 #define CR2_PTM (1 << 2)
112 #define CR2_RECINVSID (1 << 1)
113 #define CR2_E2H (1 << 0)
115 #define ARM_SMMU_GBPA 0x44
116 #define GBPA_UPDATE (1 << 31)
117 #define GBPA_ABORT (1 << 20)
119 #define ARM_SMMU_IRQ_CTRL 0x50
120 #define IRQ_CTRL_EVTQ_IRQEN (1 << 2)
121 #define IRQ_CTRL_PRIQ_IRQEN (1 << 1)
122 #define IRQ_CTRL_GERROR_IRQEN (1 << 0)
124 #define ARM_SMMU_IRQ_CTRLACK 0x54
126 #define ARM_SMMU_GERROR 0x60
127 #define GERROR_SFM_ERR (1 << 8)
128 #define GERROR_MSI_GERROR_ABT_ERR (1 << 7)
129 #define GERROR_MSI_PRIQ_ABT_ERR (1 << 6)
130 #define GERROR_MSI_EVTQ_ABT_ERR (1 << 5)
131 #define GERROR_MSI_CMDQ_ABT_ERR (1 << 4)
132 #define GERROR_PRIQ_ABT_ERR (1 << 3)
133 #define GERROR_EVTQ_ABT_ERR (1 << 2)
134 #define GERROR_CMDQ_ERR (1 << 0)
135 #define GERROR_ERR_MASK 0xfd
137 #define ARM_SMMU_GERRORN 0x64
139 #define ARM_SMMU_GERROR_IRQ_CFG0 0x68
140 #define ARM_SMMU_GERROR_IRQ_CFG1 0x70
141 #define ARM_SMMU_GERROR_IRQ_CFG2 0x74
143 #define ARM_SMMU_STRTAB_BASE 0x80
144 #define STRTAB_BASE_RA (1UL << 62)
145 #define STRTAB_BASE_ADDR_MASK GENMASK_ULL(51, 6)
147 #define ARM_SMMU_STRTAB_BASE_CFG 0x88
148 #define STRTAB_BASE_CFG_FMT GENMASK(17, 16)
149 #define STRTAB_BASE_CFG_FMT_LINEAR 0
150 #define STRTAB_BASE_CFG_FMT_2LVL 1
151 #define STRTAB_BASE_CFG_SPLIT GENMASK(10, 6)
152 #define STRTAB_BASE_CFG_LOG2SIZE GENMASK(5, 0)
154 #define ARM_SMMU_CMDQ_BASE 0x90
155 #define ARM_SMMU_CMDQ_PROD 0x98
156 #define ARM_SMMU_CMDQ_CONS 0x9c
158 #define ARM_SMMU_EVTQ_BASE 0xa0
159 #define ARM_SMMU_EVTQ_PROD 0x100a8
160 #define ARM_SMMU_EVTQ_CONS 0x100ac
161 #define ARM_SMMU_EVTQ_IRQ_CFG0 0xb0
162 #define ARM_SMMU_EVTQ_IRQ_CFG1 0xb8
163 #define ARM_SMMU_EVTQ_IRQ_CFG2 0xbc
165 #define ARM_SMMU_PRIQ_BASE 0xc0
166 #define ARM_SMMU_PRIQ_PROD 0x100c8
167 #define ARM_SMMU_PRIQ_CONS 0x100cc
168 #define ARM_SMMU_PRIQ_IRQ_CFG0 0xd0
169 #define ARM_SMMU_PRIQ_IRQ_CFG1 0xd8
170 #define ARM_SMMU_PRIQ_IRQ_CFG2 0xdc
172 /* Common MSI config fields */
173 #define MSI_CFG0_ADDR_MASK GENMASK_ULL(51, 2)
174 #define MSI_CFG2_SH GENMASK(5, 4)
175 #define MSI_CFG2_MEMATTR GENMASK(3, 0)
177 /* Common memory attribute values */
178 #define ARM_SMMU_SH_NSH 0
179 #define ARM_SMMU_SH_OSH 2
180 #define ARM_SMMU_SH_ISH 3
181 #define ARM_SMMU_MEMATTR_DEVICE_nGnRE 0x1
182 #define ARM_SMMU_MEMATTR_OIWB 0xf
184 #define Q_IDX(llq, p) ((p) & ((1 << (llq)->max_n_shift) - 1))
185 #define Q_WRP(llq, p) ((p) & (1 << (llq)->max_n_shift))
186 #define Q_OVERFLOW_FLAG (1U << 31)
187 #define Q_OVF(p) ((p) & Q_OVERFLOW_FLAG)
188 #define Q_ENT(q, p) ((q)->base + \
189 Q_IDX(&((q)->llq), p) * \
192 #define Q_BASE_RWA (1UL << 62)
193 #define Q_BASE_ADDR_MASK GENMASK_ULL(51, 5)
194 #define Q_BASE_LOG2SIZE GENMASK(4, 0)
196 /* Ensure DMA allocations are naturally aligned */
197 #ifdef CONFIG_CMA_ALIGNMENT
198 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + CONFIG_CMA_ALIGNMENT)
200 #define Q_MAX_SZ_SHIFT (PAGE_SHIFT + MAX_ORDER - 1)
206 * Linear: Enough to cover 1 << IDR1.SIDSIZE entries
207 * 2lvl: 128k L1 entries,
208 * 256 lazy entries per table (each table covers a PCI bus)
210 #define STRTAB_L1_SZ_SHIFT 20
211 #define STRTAB_SPLIT 8
213 #define STRTAB_L1_DESC_DWORDS 1
214 #define STRTAB_L1_DESC_SPAN GENMASK_ULL(4, 0)
215 #define STRTAB_L1_DESC_L2PTR_MASK GENMASK_ULL(51, 6)
217 #define STRTAB_STE_DWORDS 8
218 #define STRTAB_STE_0_V (1UL << 0)
219 #define STRTAB_STE_0_CFG GENMASK_ULL(3, 1)
220 #define STRTAB_STE_0_CFG_ABORT 0
221 #define STRTAB_STE_0_CFG_BYPASS 4
222 #define STRTAB_STE_0_CFG_S1_TRANS 5
223 #define STRTAB_STE_0_CFG_S2_TRANS 6
225 #define STRTAB_STE_0_S1FMT GENMASK_ULL(5, 4)
226 #define STRTAB_STE_0_S1FMT_LINEAR 0
227 #define STRTAB_STE_0_S1CTXPTR_MASK GENMASK_ULL(51, 6)
228 #define STRTAB_STE_0_S1CDMAX GENMASK_ULL(63, 59)
230 #define STRTAB_STE_1_S1C_CACHE_NC 0UL
231 #define STRTAB_STE_1_S1C_CACHE_WBRA 1UL
232 #define STRTAB_STE_1_S1C_CACHE_WT 2UL
233 #define STRTAB_STE_1_S1C_CACHE_WB 3UL
234 #define STRTAB_STE_1_S1CIR GENMASK_ULL(3, 2)
235 #define STRTAB_STE_1_S1COR GENMASK_ULL(5, 4)
236 #define STRTAB_STE_1_S1CSH GENMASK_ULL(7, 6)
238 #define STRTAB_STE_1_S1STALLD (1UL << 27)
240 #define STRTAB_STE_1_EATS GENMASK_ULL(29, 28)
241 #define STRTAB_STE_1_EATS_ABT 0UL
242 #define STRTAB_STE_1_EATS_TRANS 1UL
243 #define STRTAB_STE_1_EATS_S1CHK 2UL
245 #define STRTAB_STE_1_STRW GENMASK_ULL(31, 30)
246 #define STRTAB_STE_1_STRW_NSEL1 0UL
247 #define STRTAB_STE_1_STRW_EL2 2UL
249 #define STRTAB_STE_1_SHCFG GENMASK_ULL(45, 44)
250 #define STRTAB_STE_1_SHCFG_INCOMING 1UL
252 #define STRTAB_STE_2_S2VMID GENMASK_ULL(15, 0)
253 #define STRTAB_STE_2_VTCR GENMASK_ULL(50, 32)
254 #define STRTAB_STE_2_S2AA64 (1UL << 51)
255 #define STRTAB_STE_2_S2ENDI (1UL << 52)
256 #define STRTAB_STE_2_S2PTW (1UL << 54)
257 #define STRTAB_STE_2_S2R (1UL << 58)
259 #define STRTAB_STE_3_S2TTB_MASK GENMASK_ULL(51, 4)
261 /* Context descriptor (stage-1 only) */
262 #define CTXDESC_CD_DWORDS 8
263 #define CTXDESC_CD_0_TCR_T0SZ GENMASK_ULL(5, 0)
264 #define ARM64_TCR_T0SZ GENMASK_ULL(5, 0)
265 #define CTXDESC_CD_0_TCR_TG0 GENMASK_ULL(7, 6)
266 #define ARM64_TCR_TG0 GENMASK_ULL(15, 14)
267 #define CTXDESC_CD_0_TCR_IRGN0 GENMASK_ULL(9, 8)
268 #define ARM64_TCR_IRGN0 GENMASK_ULL(9, 8)
269 #define CTXDESC_CD_0_TCR_ORGN0 GENMASK_ULL(11, 10)
270 #define ARM64_TCR_ORGN0 GENMASK_ULL(11, 10)
271 #define CTXDESC_CD_0_TCR_SH0 GENMASK_ULL(13, 12)
272 #define ARM64_TCR_SH0 GENMASK_ULL(13, 12)
273 #define CTXDESC_CD_0_TCR_EPD0 (1ULL << 14)
274 #define ARM64_TCR_EPD0 (1ULL << 7)
275 #define CTXDESC_CD_0_TCR_EPD1 (1ULL << 30)
276 #define ARM64_TCR_EPD1 (1ULL << 23)
278 #define CTXDESC_CD_0_ENDI (1UL << 15)
279 #define CTXDESC_CD_0_V (1UL << 31)
281 #define CTXDESC_CD_0_TCR_IPS GENMASK_ULL(34, 32)
282 #define ARM64_TCR_IPS GENMASK_ULL(34, 32)
283 #define CTXDESC_CD_0_TCR_TBI0 (1ULL << 38)
284 #define ARM64_TCR_TBI0 (1ULL << 37)
286 #define CTXDESC_CD_0_AA64 (1UL << 41)
287 #define CTXDESC_CD_0_S (1UL << 44)
288 #define CTXDESC_CD_0_R (1UL << 45)
289 #define CTXDESC_CD_0_A (1UL << 46)
290 #define CTXDESC_CD_0_ASET (1UL << 47)
291 #define CTXDESC_CD_0_ASID GENMASK_ULL(63, 48)
293 #define CTXDESC_CD_1_TTB0_MASK GENMASK_ULL(51, 4)
295 /* Convert between AArch64 (CPU) TCR format and SMMU CD format */
296 #define ARM_SMMU_TCR2CD(tcr, fld) FIELD_PREP(CTXDESC_CD_0_TCR_##fld, \
297 FIELD_GET(ARM64_TCR_##fld, tcr))
300 #define CMDQ_ENT_SZ_SHIFT 4
301 #define CMDQ_ENT_DWORDS ((1 << CMDQ_ENT_SZ_SHIFT) >> 3)
302 #define CMDQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - CMDQ_ENT_SZ_SHIFT)
304 #define CMDQ_CONS_ERR GENMASK(30, 24)
305 #define CMDQ_ERR_CERROR_NONE_IDX 0
306 #define CMDQ_ERR_CERROR_ILL_IDX 1
307 #define CMDQ_ERR_CERROR_ABT_IDX 2
308 #define CMDQ_ERR_CERROR_ATC_INV_IDX 3
310 #define CMDQ_PROD_OWNED_FLAG Q_OVERFLOW_FLAG
313 * This is used to size the command queue and therefore must be at least
314 * BITS_PER_LONG so that the valid_map works correctly (it relies on the
315 * total number of queue entries being a multiple of BITS_PER_LONG).
317 #define CMDQ_BATCH_ENTRIES BITS_PER_LONG
319 #define CMDQ_0_OP GENMASK_ULL(7, 0)
320 #define CMDQ_0_SSV (1UL << 11)
322 #define CMDQ_PREFETCH_0_SID GENMASK_ULL(63, 32)
323 #define CMDQ_PREFETCH_1_SIZE GENMASK_ULL(4, 0)
324 #define CMDQ_PREFETCH_1_ADDR_MASK GENMASK_ULL(63, 12)
326 #define CMDQ_CFGI_0_SID GENMASK_ULL(63, 32)
327 #define CMDQ_CFGI_1_LEAF (1UL << 0)
328 #define CMDQ_CFGI_1_RANGE GENMASK_ULL(4, 0)
330 #define CMDQ_TLBI_0_VMID GENMASK_ULL(47, 32)
331 #define CMDQ_TLBI_0_ASID GENMASK_ULL(63, 48)
332 #define CMDQ_TLBI_1_LEAF (1UL << 0)
333 #define CMDQ_TLBI_1_VA_MASK GENMASK_ULL(63, 12)
334 #define CMDQ_TLBI_1_IPA_MASK GENMASK_ULL(51, 12)
336 #define CMDQ_ATC_0_SSID GENMASK_ULL(31, 12)
337 #define CMDQ_ATC_0_SID GENMASK_ULL(63, 32)
338 #define CMDQ_ATC_0_GLOBAL (1UL << 9)
339 #define CMDQ_ATC_1_SIZE GENMASK_ULL(5, 0)
340 #define CMDQ_ATC_1_ADDR_MASK GENMASK_ULL(63, 12)
342 #define CMDQ_PRI_0_SSID GENMASK_ULL(31, 12)
343 #define CMDQ_PRI_0_SID GENMASK_ULL(63, 32)
344 #define CMDQ_PRI_1_GRPID GENMASK_ULL(8, 0)
345 #define CMDQ_PRI_1_RESP GENMASK_ULL(13, 12)
347 #define CMDQ_SYNC_0_CS GENMASK_ULL(13, 12)
348 #define CMDQ_SYNC_0_CS_NONE 0
349 #define CMDQ_SYNC_0_CS_IRQ 1
350 #define CMDQ_SYNC_0_CS_SEV 2
351 #define CMDQ_SYNC_0_MSH GENMASK_ULL(23, 22)
352 #define CMDQ_SYNC_0_MSIATTR GENMASK_ULL(27, 24)
353 #define CMDQ_SYNC_0_MSIDATA GENMASK_ULL(63, 32)
354 #define CMDQ_SYNC_1_MSIADDR_MASK GENMASK_ULL(51, 2)
357 #define EVTQ_ENT_SZ_SHIFT 5
358 #define EVTQ_ENT_DWORDS ((1 << EVTQ_ENT_SZ_SHIFT) >> 3)
359 #define EVTQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - EVTQ_ENT_SZ_SHIFT)
361 #define EVTQ_0_ID GENMASK_ULL(7, 0)
364 #define PRIQ_ENT_SZ_SHIFT 4
365 #define PRIQ_ENT_DWORDS ((1 << PRIQ_ENT_SZ_SHIFT) >> 3)
366 #define PRIQ_MAX_SZ_SHIFT (Q_MAX_SZ_SHIFT - PRIQ_ENT_SZ_SHIFT)
368 #define PRIQ_0_SID GENMASK_ULL(31, 0)
369 #define PRIQ_0_SSID GENMASK_ULL(51, 32)
370 #define PRIQ_0_PERM_PRIV (1UL << 58)
371 #define PRIQ_0_PERM_EXEC (1UL << 59)
372 #define PRIQ_0_PERM_READ (1UL << 60)
373 #define PRIQ_0_PERM_WRITE (1UL << 61)
374 #define PRIQ_0_PRG_LAST (1UL << 62)
375 #define PRIQ_0_SSID_V (1UL << 63)
377 #define PRIQ_1_PRG_IDX GENMASK_ULL(8, 0)
378 #define PRIQ_1_ADDR_MASK GENMASK_ULL(63, 12)
380 /* High-level queue structures */
381 #define ARM_SMMU_POLL_TIMEOUT_US 1000000 /* 1s! */
382 #define ARM_SMMU_POLL_SPIN_COUNT 10
384 #define MSI_IOVA_BASE 0x8000000
385 #define MSI_IOVA_LENGTH 0x100000
388 * not really modular, but the easiest way to keep compat with existing
389 * bootargs behaviour is to continue using module_param_named here.
391 static bool disable_bypass = 1;
392 module_param_named(disable_bypass, disable_bypass, bool, S_IRUGO);
393 MODULE_PARM_DESC(disable_bypass,
394 "Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU.");
402 enum arm_smmu_msi_index {
409 static phys_addr_t arm_smmu_msi_cfg[ARM_SMMU_MAX_MSIS][3] = {
411 ARM_SMMU_EVTQ_IRQ_CFG0,
412 ARM_SMMU_EVTQ_IRQ_CFG1,
413 ARM_SMMU_EVTQ_IRQ_CFG2,
415 [GERROR_MSI_INDEX] = {
416 ARM_SMMU_GERROR_IRQ_CFG0,
417 ARM_SMMU_GERROR_IRQ_CFG1,
418 ARM_SMMU_GERROR_IRQ_CFG2,
421 ARM_SMMU_PRIQ_IRQ_CFG0,
422 ARM_SMMU_PRIQ_IRQ_CFG1,
423 ARM_SMMU_PRIQ_IRQ_CFG2,
427 struct arm_smmu_cmdq_ent {
430 bool substream_valid;
432 /* Command-specific fields */
434 #define CMDQ_OP_PREFETCH_CFG 0x1
441 #define CMDQ_OP_CFGI_STE 0x3
442 #define CMDQ_OP_CFGI_ALL 0x4
451 #define CMDQ_OP_TLBI_NH_ASID 0x11
452 #define CMDQ_OP_TLBI_NH_VA 0x12
453 #define CMDQ_OP_TLBI_EL2_ALL 0x20
454 #define CMDQ_OP_TLBI_S12_VMALL 0x28
455 #define CMDQ_OP_TLBI_S2_IPA 0x2a
456 #define CMDQ_OP_TLBI_NSNH_ALL 0x30
464 #define CMDQ_OP_ATC_INV 0x40
465 #define ATC_INV_SIZE_ALL 52
474 #define CMDQ_OP_PRI_RESP 0x41
482 #define CMDQ_OP_CMD_SYNC 0x46
489 struct arm_smmu_ll_queue {
500 u8 __pad[SMP_CACHE_BYTES];
501 } ____cacheline_aligned_in_smp;
505 struct arm_smmu_queue {
506 struct arm_smmu_ll_queue llq;
507 int irq; /* Wired interrupt */
515 u32 __iomem *prod_reg;
516 u32 __iomem *cons_reg;
519 struct arm_smmu_queue_poll {
522 unsigned int spin_cnt;
526 struct arm_smmu_cmdq {
527 struct arm_smmu_queue q;
528 atomic_long_t *valid_map;
533 struct arm_smmu_evtq {
534 struct arm_smmu_queue q;
538 struct arm_smmu_priq {
539 struct arm_smmu_queue q;
542 /* High-level stream table and context descriptor structures */
543 struct arm_smmu_strtab_l1_desc {
547 dma_addr_t l2ptr_dma;
550 struct arm_smmu_s1_cfg {
552 dma_addr_t cdptr_dma;
554 struct arm_smmu_ctx_desc {
562 struct arm_smmu_s2_cfg {
568 struct arm_smmu_strtab_cfg {
570 dma_addr_t strtab_dma;
571 struct arm_smmu_strtab_l1_desc *l1_desc;
572 unsigned int num_l1_ents;
578 /* An SMMUv3 instance */
579 struct arm_smmu_device {
583 #define ARM_SMMU_FEAT_2_LVL_STRTAB (1 << 0)
584 #define ARM_SMMU_FEAT_2_LVL_CDTAB (1 << 1)
585 #define ARM_SMMU_FEAT_TT_LE (1 << 2)
586 #define ARM_SMMU_FEAT_TT_BE (1 << 3)
587 #define ARM_SMMU_FEAT_PRI (1 << 4)
588 #define ARM_SMMU_FEAT_ATS (1 << 5)
589 #define ARM_SMMU_FEAT_SEV (1 << 6)
590 #define ARM_SMMU_FEAT_MSI (1 << 7)
591 #define ARM_SMMU_FEAT_COHERENCY (1 << 8)
592 #define ARM_SMMU_FEAT_TRANS_S1 (1 << 9)
593 #define ARM_SMMU_FEAT_TRANS_S2 (1 << 10)
594 #define ARM_SMMU_FEAT_STALLS (1 << 11)
595 #define ARM_SMMU_FEAT_HYP (1 << 12)
596 #define ARM_SMMU_FEAT_STALL_FORCE (1 << 13)
597 #define ARM_SMMU_FEAT_VAX (1 << 14)
600 #define ARM_SMMU_OPT_SKIP_PREFETCH (1 << 0)
601 #define ARM_SMMU_OPT_PAGE0_REGS_ONLY (1 << 1)
604 struct arm_smmu_cmdq cmdq;
605 struct arm_smmu_evtq evtq;
606 struct arm_smmu_priq priq;
611 unsigned long ias; /* IPA */
612 unsigned long oas; /* PA */
613 unsigned long pgsize_bitmap;
615 #define ARM_SMMU_MAX_ASIDS (1 << 16)
616 unsigned int asid_bits;
617 DECLARE_BITMAP(asid_map, ARM_SMMU_MAX_ASIDS);
619 #define ARM_SMMU_MAX_VMIDS (1 << 16)
620 unsigned int vmid_bits;
621 DECLARE_BITMAP(vmid_map, ARM_SMMU_MAX_VMIDS);
623 unsigned int ssid_bits;
624 unsigned int sid_bits;
626 struct arm_smmu_strtab_cfg strtab_cfg;
628 /* IOMMU core code handle */
629 struct iommu_device iommu;
632 /* SMMU private data for each master */
633 struct arm_smmu_master {
634 struct arm_smmu_device *smmu;
636 struct arm_smmu_domain *domain;
637 struct list_head domain_head;
639 unsigned int num_sids;
643 /* SMMU private data for an IOMMU domain */
644 enum arm_smmu_domain_stage {
645 ARM_SMMU_DOMAIN_S1 = 0,
647 ARM_SMMU_DOMAIN_NESTED,
648 ARM_SMMU_DOMAIN_BYPASS,
651 struct arm_smmu_domain {
652 struct arm_smmu_device *smmu;
653 struct mutex init_mutex; /* Protects smmu pointer */
655 struct io_pgtable_ops *pgtbl_ops;
657 atomic_t nr_ats_masters;
659 enum arm_smmu_domain_stage stage;
661 struct arm_smmu_s1_cfg s1_cfg;
662 struct arm_smmu_s2_cfg s2_cfg;
665 struct iommu_domain domain;
667 struct list_head devices;
668 spinlock_t devices_lock;
671 struct arm_smmu_option_prop {
676 static struct arm_smmu_option_prop arm_smmu_options[] = {
677 { ARM_SMMU_OPT_SKIP_PREFETCH, "hisilicon,broken-prefetch-cmd" },
678 { ARM_SMMU_OPT_PAGE0_REGS_ONLY, "cavium,cn9900-broken-page1-regspace"},
682 static inline void __iomem *arm_smmu_page1_fixup(unsigned long offset,
683 struct arm_smmu_device *smmu)
685 if ((offset > SZ_64K) &&
686 (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY))
689 return smmu->base + offset;
692 static struct arm_smmu_domain *to_smmu_domain(struct iommu_domain *dom)
694 return container_of(dom, struct arm_smmu_domain, domain);
697 static void parse_driver_options(struct arm_smmu_device *smmu)
702 if (of_property_read_bool(smmu->dev->of_node,
703 arm_smmu_options[i].prop)) {
704 smmu->options |= arm_smmu_options[i].opt;
705 dev_notice(smmu->dev, "option %s\n",
706 arm_smmu_options[i].prop);
708 } while (arm_smmu_options[++i].opt);
711 /* Low-level queue manipulation functions */
712 static bool queue_has_space(struct arm_smmu_ll_queue *q, u32 n)
714 u32 space, prod, cons;
716 prod = Q_IDX(q, q->prod);
717 cons = Q_IDX(q, q->cons);
719 if (Q_WRP(q, q->prod) == Q_WRP(q, q->cons))
720 space = (1 << q->max_n_shift) - (prod - cons);
727 static bool queue_full(struct arm_smmu_ll_queue *q)
729 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
730 Q_WRP(q, q->prod) != Q_WRP(q, q->cons);
733 static bool queue_empty(struct arm_smmu_ll_queue *q)
735 return Q_IDX(q, q->prod) == Q_IDX(q, q->cons) &&
736 Q_WRP(q, q->prod) == Q_WRP(q, q->cons);
739 static bool queue_consumed(struct arm_smmu_ll_queue *q, u32 prod)
741 return ((Q_WRP(q, q->cons) == Q_WRP(q, prod)) &&
742 (Q_IDX(q, q->cons) > Q_IDX(q, prod))) ||
743 ((Q_WRP(q, q->cons) != Q_WRP(q, prod)) &&
744 (Q_IDX(q, q->cons) <= Q_IDX(q, prod)));
747 static void queue_sync_cons_out(struct arm_smmu_queue *q)
750 * Ensure that all CPU accesses (reads and writes) to the queue
751 * are complete before we update the cons pointer.
754 writel_relaxed(q->llq.cons, q->cons_reg);
757 static void queue_inc_cons(struct arm_smmu_ll_queue *q)
759 u32 cons = (Q_WRP(q, q->cons) | Q_IDX(q, q->cons)) + 1;
760 q->cons = Q_OVF(q->cons) | Q_WRP(q, cons) | Q_IDX(q, cons);
763 static int queue_sync_prod_in(struct arm_smmu_queue *q)
766 u32 prod = readl_relaxed(q->prod_reg);
768 if (Q_OVF(prod) != Q_OVF(q->llq.prod))
775 static u32 queue_inc_prod_n(struct arm_smmu_ll_queue *q, int n)
777 u32 prod = (Q_WRP(q, q->prod) | Q_IDX(q, q->prod)) + n;
778 return Q_OVF(q->prod) | Q_WRP(q, prod) | Q_IDX(q, prod);
781 static void queue_poll_init(struct arm_smmu_device *smmu,
782 struct arm_smmu_queue_poll *qp)
786 qp->wfe = !!(smmu->features & ARM_SMMU_FEAT_SEV);
787 qp->timeout = ktime_add_us(ktime_get(), ARM_SMMU_POLL_TIMEOUT_US);
790 static int queue_poll(struct arm_smmu_queue_poll *qp)
792 if (ktime_compare(ktime_get(), qp->timeout) > 0)
797 } else if (++qp->spin_cnt < ARM_SMMU_POLL_SPIN_COUNT) {
808 static void queue_write(__le64 *dst, u64 *src, size_t n_dwords)
812 for (i = 0; i < n_dwords; ++i)
813 *dst++ = cpu_to_le64(*src++);
816 static void queue_read(__le64 *dst, u64 *src, size_t n_dwords)
820 for (i = 0; i < n_dwords; ++i)
821 *dst++ = le64_to_cpu(*src++);
824 static int queue_remove_raw(struct arm_smmu_queue *q, u64 *ent)
826 if (queue_empty(&q->llq))
829 queue_read(ent, Q_ENT(q, q->llq.cons), q->ent_dwords);
830 queue_inc_cons(&q->llq);
831 queue_sync_cons_out(q);
835 /* High-level queue accessors */
836 static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
838 memset(cmd, 0, 1 << CMDQ_ENT_SZ_SHIFT);
839 cmd[0] |= FIELD_PREP(CMDQ_0_OP, ent->opcode);
841 switch (ent->opcode) {
842 case CMDQ_OP_TLBI_EL2_ALL:
843 case CMDQ_OP_TLBI_NSNH_ALL:
845 case CMDQ_OP_PREFETCH_CFG:
846 cmd[0] |= FIELD_PREP(CMDQ_PREFETCH_0_SID, ent->prefetch.sid);
847 cmd[1] |= FIELD_PREP(CMDQ_PREFETCH_1_SIZE, ent->prefetch.size);
848 cmd[1] |= ent->prefetch.addr & CMDQ_PREFETCH_1_ADDR_MASK;
850 case CMDQ_OP_CFGI_STE:
851 cmd[0] |= FIELD_PREP(CMDQ_CFGI_0_SID, ent->cfgi.sid);
852 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_LEAF, ent->cfgi.leaf);
854 case CMDQ_OP_CFGI_ALL:
855 /* Cover the entire SID range */
856 cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_RANGE, 31);
858 case CMDQ_OP_TLBI_NH_VA:
859 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
860 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
861 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_VA_MASK;
863 case CMDQ_OP_TLBI_S2_IPA:
864 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
865 cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
866 cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_IPA_MASK;
868 case CMDQ_OP_TLBI_NH_ASID:
869 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
871 case CMDQ_OP_TLBI_S12_VMALL:
872 cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
874 case CMDQ_OP_ATC_INV:
875 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
876 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_GLOBAL, ent->atc.global);
877 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SSID, ent->atc.ssid);
878 cmd[0] |= FIELD_PREP(CMDQ_ATC_0_SID, ent->atc.sid);
879 cmd[1] |= FIELD_PREP(CMDQ_ATC_1_SIZE, ent->atc.size);
880 cmd[1] |= ent->atc.addr & CMDQ_ATC_1_ADDR_MASK;
882 case CMDQ_OP_PRI_RESP:
883 cmd[0] |= FIELD_PREP(CMDQ_0_SSV, ent->substream_valid);
884 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SSID, ent->pri.ssid);
885 cmd[0] |= FIELD_PREP(CMDQ_PRI_0_SID, ent->pri.sid);
886 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_GRPID, ent->pri.grpid);
887 switch (ent->pri.resp) {
895 cmd[1] |= FIELD_PREP(CMDQ_PRI_1_RESP, ent->pri.resp);
897 case CMDQ_OP_CMD_SYNC:
898 if (ent->sync.msiaddr) {
899 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_IRQ);
900 cmd[1] |= ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
902 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_SEV);
904 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
905 cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
914 static void arm_smmu_cmdq_build_sync_cmd(u64 *cmd, struct arm_smmu_device *smmu,
917 struct arm_smmu_queue *q = &smmu->cmdq.q;
918 struct arm_smmu_cmdq_ent ent = {
919 .opcode = CMDQ_OP_CMD_SYNC,
923 * Beware that Hi16xx adds an extra 32 bits of goodness to its MSI
924 * payload, so the write will zero the entire command on that platform.
926 if (smmu->features & ARM_SMMU_FEAT_MSI &&
927 smmu->features & ARM_SMMU_FEAT_COHERENCY) {
928 ent.sync.msiaddr = q->base_dma + Q_IDX(&q->llq, prod) *
932 arm_smmu_cmdq_build_cmd(cmd, &ent);
935 static void arm_smmu_cmdq_skip_err(struct arm_smmu_device *smmu)
937 static const char *cerror_str[] = {
938 [CMDQ_ERR_CERROR_NONE_IDX] = "No error",
939 [CMDQ_ERR_CERROR_ILL_IDX] = "Illegal command",
940 [CMDQ_ERR_CERROR_ABT_IDX] = "Abort on command fetch",
941 [CMDQ_ERR_CERROR_ATC_INV_IDX] = "ATC invalidate timeout",
945 u64 cmd[CMDQ_ENT_DWORDS];
946 struct arm_smmu_queue *q = &smmu->cmdq.q;
947 u32 cons = readl_relaxed(q->cons_reg);
948 u32 idx = FIELD_GET(CMDQ_CONS_ERR, cons);
949 struct arm_smmu_cmdq_ent cmd_sync = {
950 .opcode = CMDQ_OP_CMD_SYNC,
953 dev_err(smmu->dev, "CMDQ error (cons 0x%08x): %s\n", cons,
954 idx < ARRAY_SIZE(cerror_str) ? cerror_str[idx] : "Unknown");
957 case CMDQ_ERR_CERROR_ABT_IDX:
958 dev_err(smmu->dev, "retrying command fetch\n");
959 case CMDQ_ERR_CERROR_NONE_IDX:
961 case CMDQ_ERR_CERROR_ATC_INV_IDX:
963 * ATC Invalidation Completion timeout. CONS is still pointing
964 * at the CMD_SYNC. Attempt to complete other pending commands
965 * by repeating the CMD_SYNC, though we might well end up back
966 * here since the ATC invalidation may still be pending.
969 case CMDQ_ERR_CERROR_ILL_IDX:
976 * We may have concurrent producers, so we need to be careful
977 * not to touch any of the shadow cmdq state.
979 queue_read(cmd, Q_ENT(q, cons), q->ent_dwords);
980 dev_err(smmu->dev, "skipping command in error state:\n");
981 for (i = 0; i < ARRAY_SIZE(cmd); ++i)
982 dev_err(smmu->dev, "\t0x%016llx\n", (unsigned long long)cmd[i]);
984 /* Convert the erroneous command into a CMD_SYNC */
985 if (arm_smmu_cmdq_build_cmd(cmd, &cmd_sync)) {
986 dev_err(smmu->dev, "failed to convert to CMD_SYNC\n");
990 queue_write(Q_ENT(q, cons), cmd, q->ent_dwords);
994 * Command queue locking.
995 * This is a form of bastardised rwlock with the following major changes:
997 * - The only LOCK routines are exclusive_trylock() and shared_lock().
998 * Neither have barrier semantics, and instead provide only a control
1001 * - The UNLOCK routines are supplemented with shared_tryunlock(), which
1002 * fails if the caller appears to be the last lock holder (yes, this is
1003 * racy). All successful UNLOCK routines have RELEASE semantics.
1005 static void arm_smmu_cmdq_shared_lock(struct arm_smmu_cmdq *cmdq)
1010 * We can try to avoid the cmpxchg() loop by simply incrementing the
1011 * lock counter. When held in exclusive state, the lock counter is set
1012 * to INT_MIN so these increments won't hurt as the value will remain
1015 if (atomic_fetch_inc_relaxed(&cmdq->lock) >= 0)
1019 val = atomic_cond_read_relaxed(&cmdq->lock, VAL >= 0);
1020 } while (atomic_cmpxchg_relaxed(&cmdq->lock, val, val + 1) != val);
1023 static void arm_smmu_cmdq_shared_unlock(struct arm_smmu_cmdq *cmdq)
1025 (void)atomic_dec_return_release(&cmdq->lock);
1028 static bool arm_smmu_cmdq_shared_tryunlock(struct arm_smmu_cmdq *cmdq)
1030 if (atomic_read(&cmdq->lock) == 1)
1033 arm_smmu_cmdq_shared_unlock(cmdq);
1037 #define arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags) \
1040 local_irq_save(flags); \
1041 __ret = !atomic_cmpxchg_relaxed(&cmdq->lock, 0, INT_MIN); \
1043 local_irq_restore(flags); \
1047 #define arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags) \
1049 atomic_set_release(&cmdq->lock, 0); \
1050 local_irq_restore(flags); \
1055 * Command queue insertion.
1056 * This is made fiddly by our attempts to achieve some sort of scalability
1057 * since there is one queue shared amongst all of the CPUs in the system. If
1058 * you like mixed-size concurrency, dependency ordering and relaxed atomics,
1059 * then you'll *love* this monstrosity.
1061 * The basic idea is to split the queue up into ranges of commands that are
1062 * owned by a given CPU; the owner may not have written all of the commands
1063 * itself, but is responsible for advancing the hardware prod pointer when
1064 * the time comes. The algorithm is roughly:
1066 * 1. Allocate some space in the queue. At this point we also discover
1067 * whether the head of the queue is currently owned by another CPU,
1068 * or whether we are the owner.
1070 * 2. Write our commands into our allocated slots in the queue.
1072 * 3. Mark our slots as valid in arm_smmu_cmdq.valid_map.
1074 * 4. If we are an owner:
1075 * a. Wait for the previous owner to finish.
1076 * b. Mark the queue head as unowned, which tells us the range
1077 * that we are responsible for publishing.
1078 * c. Wait for all commands in our owned range to become valid.
1079 * d. Advance the hardware prod pointer.
1080 * e. Tell the next owner we've finished.
1082 * 5. If we are inserting a CMD_SYNC (we may or may not have been an
1083 * owner), then we need to stick around until it has completed:
1084 * a. If we have MSIs, the SMMU can write back into the CMD_SYNC
1085 * to clear the first 4 bytes.
1086 * b. Otherwise, we spin waiting for the hardware cons pointer to
1087 * advance past our command.
1089 * The devil is in the details, particularly the use of locking for handling
1090 * SYNC completion and freeing up space in the queue before we think that it is
1093 static void __arm_smmu_cmdq_poll_set_valid_map(struct arm_smmu_cmdq *cmdq,
1094 u32 sprod, u32 eprod, bool set)
1096 u32 swidx, sbidx, ewidx, ebidx;
1097 struct arm_smmu_ll_queue llq = {
1098 .max_n_shift = cmdq->q.llq.max_n_shift,
1102 ewidx = BIT_WORD(Q_IDX(&llq, eprod));
1103 ebidx = Q_IDX(&llq, eprod) % BITS_PER_LONG;
1105 while (llq.prod != eprod) {
1108 u32 limit = BITS_PER_LONG;
1110 swidx = BIT_WORD(Q_IDX(&llq, llq.prod));
1111 sbidx = Q_IDX(&llq, llq.prod) % BITS_PER_LONG;
1113 ptr = &cmdq->valid_map[swidx];
1115 if ((swidx == ewidx) && (sbidx < ebidx))
1118 mask = GENMASK(limit - 1, sbidx);
1121 * The valid bit is the inverse of the wrap bit. This means
1122 * that a zero-initialised queue is invalid and, after marking
1123 * all entries as valid, they become invalid again when we
1127 atomic_long_xor(mask, ptr);
1129 unsigned long valid;
1131 valid = (ULONG_MAX + !!Q_WRP(&llq, llq.prod)) & mask;
1132 atomic_long_cond_read_relaxed(ptr, (VAL & mask) == valid);
1135 llq.prod = queue_inc_prod_n(&llq, limit - sbidx);
1139 /* Mark all entries in the range [sprod, eprod) as valid */
1140 static void arm_smmu_cmdq_set_valid_map(struct arm_smmu_cmdq *cmdq,
1141 u32 sprod, u32 eprod)
1143 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, true);
1146 /* Wait for all entries in the range [sprod, eprod) to become valid */
1147 static void arm_smmu_cmdq_poll_valid_map(struct arm_smmu_cmdq *cmdq,
1148 u32 sprod, u32 eprod)
1150 __arm_smmu_cmdq_poll_set_valid_map(cmdq, sprod, eprod, false);
1153 /* Wait for the command queue to become non-full */
1154 static int arm_smmu_cmdq_poll_until_not_full(struct arm_smmu_device *smmu,
1155 struct arm_smmu_ll_queue *llq)
1157 unsigned long flags;
1158 struct arm_smmu_queue_poll qp;
1159 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1163 * Try to update our copy of cons by grabbing exclusive cmdq access. If
1164 * that fails, spin until somebody else updates it for us.
1166 if (arm_smmu_cmdq_exclusive_trylock_irqsave(cmdq, flags)) {
1167 WRITE_ONCE(cmdq->q.llq.cons, readl_relaxed(cmdq->q.cons_reg));
1168 arm_smmu_cmdq_exclusive_unlock_irqrestore(cmdq, flags);
1169 llq->val = READ_ONCE(cmdq->q.llq.val);
1173 queue_poll_init(smmu, &qp);
1175 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1176 if (!queue_full(llq))
1179 ret = queue_poll(&qp);
1186 * Wait until the SMMU signals a CMD_SYNC completion MSI.
1187 * Must be called with the cmdq lock held in some capacity.
1189 static int __arm_smmu_cmdq_poll_until_msi(struct arm_smmu_device *smmu,
1190 struct arm_smmu_ll_queue *llq)
1193 struct arm_smmu_queue_poll qp;
1194 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1195 u32 *cmd = (u32 *)(Q_ENT(&cmdq->q, llq->prod));
1197 queue_poll_init(smmu, &qp);
1200 * The MSI won't generate an event, since it's being written back
1201 * into the command queue.
1204 smp_cond_load_relaxed(cmd, !VAL || (ret = queue_poll(&qp)));
1205 llq->cons = ret ? llq->prod : queue_inc_prod_n(llq, 1);
1210 * Wait until the SMMU cons index passes llq->prod.
1211 * Must be called with the cmdq lock held in some capacity.
1213 static int __arm_smmu_cmdq_poll_until_consumed(struct arm_smmu_device *smmu,
1214 struct arm_smmu_ll_queue *llq)
1216 struct arm_smmu_queue_poll qp;
1217 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1218 u32 prod = llq->prod;
1221 queue_poll_init(smmu, &qp);
1222 llq->val = READ_ONCE(smmu->cmdq.q.llq.val);
1224 if (queue_consumed(llq, prod))
1227 ret = queue_poll(&qp);
1230 * This needs to be a readl() so that our subsequent call
1231 * to arm_smmu_cmdq_shared_tryunlock() can fail accurately.
1233 * Specifically, we need to ensure that we observe all
1234 * shared_lock()s by other CMD_SYNCs that share our owner,
1235 * so that a failing call to tryunlock() means that we're
1236 * the last one out and therefore we can safely advance
1237 * cmdq->q.llq.cons. Roughly speaking:
1239 * CPU 0 CPU1 CPU2 (us)
1249 * <control dependency>
1255 * Requires us to see CPU 0's shared_lock() acquisition.
1257 llq->cons = readl(cmdq->q.cons_reg);
1263 static int arm_smmu_cmdq_poll_until_sync(struct arm_smmu_device *smmu,
1264 struct arm_smmu_ll_queue *llq)
1266 if (smmu->features & ARM_SMMU_FEAT_MSI &&
1267 smmu->features & ARM_SMMU_FEAT_COHERENCY)
1268 return __arm_smmu_cmdq_poll_until_msi(smmu, llq);
1270 return __arm_smmu_cmdq_poll_until_consumed(smmu, llq);
1273 static void arm_smmu_cmdq_write_entries(struct arm_smmu_cmdq *cmdq, u64 *cmds,
1277 struct arm_smmu_ll_queue llq = {
1278 .max_n_shift = cmdq->q.llq.max_n_shift,
1282 for (i = 0; i < n; ++i) {
1283 u64 *cmd = &cmds[i * CMDQ_ENT_DWORDS];
1285 prod = queue_inc_prod_n(&llq, i);
1286 queue_write(Q_ENT(&cmdq->q, prod), cmd, CMDQ_ENT_DWORDS);
1291 * This is the actual insertion function, and provides the following
1292 * ordering guarantees to callers:
1294 * - There is a dma_wmb() before publishing any commands to the queue.
1295 * This can be relied upon to order prior writes to data structures
1296 * in memory (such as a CD or an STE) before the command.
1298 * - On completion of a CMD_SYNC, there is a control dependency.
1299 * This can be relied upon to order subsequent writes to memory (e.g.
1300 * freeing an IOVA) after completion of the CMD_SYNC.
1302 * - Command insertion is totally ordered, so if two CPUs each race to
1303 * insert their own list of commands then all of the commands from one
1304 * CPU will appear before any of the commands from the other CPU.
1306 static int arm_smmu_cmdq_issue_cmdlist(struct arm_smmu_device *smmu,
1307 u64 *cmds, int n, bool sync)
1309 u64 cmd_sync[CMDQ_ENT_DWORDS];
1311 unsigned long flags;
1313 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
1314 struct arm_smmu_ll_queue llq = {
1315 .max_n_shift = cmdq->q.llq.max_n_shift,
1319 /* 1. Allocate some space in the queue */
1320 local_irq_save(flags);
1321 llq.val = READ_ONCE(cmdq->q.llq.val);
1325 while (!queue_has_space(&llq, n + sync)) {
1326 local_irq_restore(flags);
1327 if (arm_smmu_cmdq_poll_until_not_full(smmu, &llq))
1328 dev_err_ratelimited(smmu->dev, "CMDQ timeout\n");
1329 local_irq_save(flags);
1332 head.cons = llq.cons;
1333 head.prod = queue_inc_prod_n(&llq, n + sync) |
1334 CMDQ_PROD_OWNED_FLAG;
1336 old = cmpxchg_relaxed(&cmdq->q.llq.val, llq.val, head.val);
1342 owner = !(llq.prod & CMDQ_PROD_OWNED_FLAG);
1343 head.prod &= ~CMDQ_PROD_OWNED_FLAG;
1344 llq.prod &= ~CMDQ_PROD_OWNED_FLAG;
1347 * 2. Write our commands into the queue
1348 * Dependency ordering from the cmpxchg() loop above.
1350 arm_smmu_cmdq_write_entries(cmdq, cmds, llq.prod, n);
1352 prod = queue_inc_prod_n(&llq, n);
1353 arm_smmu_cmdq_build_sync_cmd(cmd_sync, smmu, prod);
1354 queue_write(Q_ENT(&cmdq->q, prod), cmd_sync, CMDQ_ENT_DWORDS);
1357 * In order to determine completion of our CMD_SYNC, we must
1358 * ensure that the queue can't wrap twice without us noticing.
1359 * We achieve that by taking the cmdq lock as shared before
1360 * marking our slot as valid.
1362 arm_smmu_cmdq_shared_lock(cmdq);
1365 /* 3. Mark our slots as valid, ensuring commands are visible first */
1367 arm_smmu_cmdq_set_valid_map(cmdq, llq.prod, head.prod);
1369 /* 4. If we are the owner, take control of the SMMU hardware */
1371 /* a. Wait for previous owner to finish */
1372 atomic_cond_read_relaxed(&cmdq->owner_prod, VAL == llq.prod);
1374 /* b. Stop gathering work by clearing the owned flag */
1375 prod = atomic_fetch_andnot_relaxed(CMDQ_PROD_OWNED_FLAG,
1376 &cmdq->q.llq.atomic.prod);
1377 prod &= ~CMDQ_PROD_OWNED_FLAG;
1380 * c. Wait for any gathered work to be written to the queue.
1381 * Note that we read our own entries so that we have the control
1382 * dependency required by (d).
1384 arm_smmu_cmdq_poll_valid_map(cmdq, llq.prod, prod);
1387 * d. Advance the hardware prod pointer
1388 * Control dependency ordering from the entries becoming valid.
1390 writel_relaxed(prod, cmdq->q.prod_reg);
1393 * e. Tell the next owner we're done
1394 * Make sure we've updated the hardware first, so that we don't
1395 * race to update prod and potentially move it backwards.
1397 atomic_set_release(&cmdq->owner_prod, prod);
1400 /* 5. If we are inserting a CMD_SYNC, we must wait for it to complete */
1402 llq.prod = queue_inc_prod_n(&llq, n);
1403 ret = arm_smmu_cmdq_poll_until_sync(smmu, &llq);
1405 dev_err_ratelimited(smmu->dev,
1406 "CMD_SYNC timeout at 0x%08x [hwprod 0x%08x, hwcons 0x%08x]\n",
1408 readl_relaxed(cmdq->q.prod_reg),
1409 readl_relaxed(cmdq->q.cons_reg));
1413 * Try to unlock the cmq lock. This will fail if we're the last
1414 * reader, in which case we can safely update cmdq->q.llq.cons
1416 if (!arm_smmu_cmdq_shared_tryunlock(cmdq)) {
1417 WRITE_ONCE(cmdq->q.llq.cons, llq.cons);
1418 arm_smmu_cmdq_shared_unlock(cmdq);
1422 local_irq_restore(flags);
1426 static int arm_smmu_cmdq_issue_cmd(struct arm_smmu_device *smmu,
1427 struct arm_smmu_cmdq_ent *ent)
1429 u64 cmd[CMDQ_ENT_DWORDS];
1431 if (arm_smmu_cmdq_build_cmd(cmd, ent)) {
1432 dev_warn(smmu->dev, "ignoring unknown CMDQ opcode 0x%x\n",
1437 return arm_smmu_cmdq_issue_cmdlist(smmu, cmd, 1, false);
1440 static int arm_smmu_cmdq_issue_sync(struct arm_smmu_device *smmu)
1442 return arm_smmu_cmdq_issue_cmdlist(smmu, NULL, 0, true);
1445 /* Context descriptor manipulation functions */
1446 static u64 arm_smmu_cpu_tcr_to_cd(u64 tcr)
1450 /* Repack the TCR. Just care about TTBR0 for now */
1451 val |= ARM_SMMU_TCR2CD(tcr, T0SZ);
1452 val |= ARM_SMMU_TCR2CD(tcr, TG0);
1453 val |= ARM_SMMU_TCR2CD(tcr, IRGN0);
1454 val |= ARM_SMMU_TCR2CD(tcr, ORGN0);
1455 val |= ARM_SMMU_TCR2CD(tcr, SH0);
1456 val |= ARM_SMMU_TCR2CD(tcr, EPD0);
1457 val |= ARM_SMMU_TCR2CD(tcr, EPD1);
1458 val |= ARM_SMMU_TCR2CD(tcr, IPS);
1463 static void arm_smmu_write_ctx_desc(struct arm_smmu_device *smmu,
1464 struct arm_smmu_s1_cfg *cfg)
1469 * We don't need to issue any invalidation here, as we'll invalidate
1470 * the STE when installing the new entry anyway.
1472 val = arm_smmu_cpu_tcr_to_cd(cfg->cd.tcr) |
1476 CTXDESC_CD_0_R | CTXDESC_CD_0_A | CTXDESC_CD_0_ASET |
1477 CTXDESC_CD_0_AA64 | FIELD_PREP(CTXDESC_CD_0_ASID, cfg->cd.asid) |
1480 /* STALL_MODEL==0b10 && CD.S==0 is ILLEGAL */
1481 if (smmu->features & ARM_SMMU_FEAT_STALL_FORCE)
1482 val |= CTXDESC_CD_0_S;
1484 cfg->cdptr[0] = cpu_to_le64(val);
1486 val = cfg->cd.ttbr & CTXDESC_CD_1_TTB0_MASK;
1487 cfg->cdptr[1] = cpu_to_le64(val);
1489 cfg->cdptr[3] = cpu_to_le64(cfg->cd.mair);
1492 /* Stream table manipulation functions */
1494 arm_smmu_write_strtab_l1_desc(__le64 *dst, struct arm_smmu_strtab_l1_desc *desc)
1498 val |= FIELD_PREP(STRTAB_L1_DESC_SPAN, desc->span);
1499 val |= desc->l2ptr_dma & STRTAB_L1_DESC_L2PTR_MASK;
1501 *dst = cpu_to_le64(val);
1504 static void arm_smmu_sync_ste_for_sid(struct arm_smmu_device *smmu, u32 sid)
1506 struct arm_smmu_cmdq_ent cmd = {
1507 .opcode = CMDQ_OP_CFGI_STE,
1514 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1515 arm_smmu_cmdq_issue_sync(smmu);
1518 static void arm_smmu_write_strtab_ent(struct arm_smmu_master *master, u32 sid,
1522 * This is hideously complicated, but we only really care about
1523 * three cases at the moment:
1525 * 1. Invalid (all zero) -> bypass/fault (init)
1526 * 2. Bypass/fault -> translation/bypass (attach)
1527 * 3. Translation/bypass -> bypass/fault (detach)
1529 * Given that we can't update the STE atomically and the SMMU
1530 * doesn't read the thing in a defined order, that leaves us
1531 * with the following maintenance requirements:
1533 * 1. Update Config, return (init time STEs aren't live)
1534 * 2. Write everything apart from dword 0, sync, write dword 0, sync
1535 * 3. Update Config, sync
1537 u64 val = le64_to_cpu(dst[0]);
1538 bool ste_live = false;
1539 struct arm_smmu_device *smmu = NULL;
1540 struct arm_smmu_s1_cfg *s1_cfg = NULL;
1541 struct arm_smmu_s2_cfg *s2_cfg = NULL;
1542 struct arm_smmu_domain *smmu_domain = NULL;
1543 struct arm_smmu_cmdq_ent prefetch_cmd = {
1544 .opcode = CMDQ_OP_PREFETCH_CFG,
1551 smmu_domain = master->domain;
1552 smmu = master->smmu;
1556 switch (smmu_domain->stage) {
1557 case ARM_SMMU_DOMAIN_S1:
1558 s1_cfg = &smmu_domain->s1_cfg;
1560 case ARM_SMMU_DOMAIN_S2:
1561 case ARM_SMMU_DOMAIN_NESTED:
1562 s2_cfg = &smmu_domain->s2_cfg;
1569 if (val & STRTAB_STE_0_V) {
1570 switch (FIELD_GET(STRTAB_STE_0_CFG, val)) {
1571 case STRTAB_STE_0_CFG_BYPASS:
1573 case STRTAB_STE_0_CFG_S1_TRANS:
1574 case STRTAB_STE_0_CFG_S2_TRANS:
1577 case STRTAB_STE_0_CFG_ABORT:
1578 BUG_ON(!disable_bypass);
1581 BUG(); /* STE corruption */
1585 /* Nuke the existing STE_0 value, as we're going to rewrite it */
1586 val = STRTAB_STE_0_V;
1589 if (!smmu_domain || !(s1_cfg || s2_cfg)) {
1590 if (!smmu_domain && disable_bypass)
1591 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_ABORT);
1593 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_BYPASS);
1595 dst[0] = cpu_to_le64(val);
1596 dst[1] = cpu_to_le64(FIELD_PREP(STRTAB_STE_1_SHCFG,
1597 STRTAB_STE_1_SHCFG_INCOMING));
1598 dst[2] = 0; /* Nuke the VMID */
1600 * The SMMU can perform negative caching, so we must sync
1601 * the STE regardless of whether the old value was live.
1604 arm_smmu_sync_ste_for_sid(smmu, sid);
1610 dst[1] = cpu_to_le64(
1611 FIELD_PREP(STRTAB_STE_1_S1CIR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1612 FIELD_PREP(STRTAB_STE_1_S1COR, STRTAB_STE_1_S1C_CACHE_WBRA) |
1613 FIELD_PREP(STRTAB_STE_1_S1CSH, ARM_SMMU_SH_ISH) |
1614 FIELD_PREP(STRTAB_STE_1_STRW, STRTAB_STE_1_STRW_NSEL1));
1616 if (smmu->features & ARM_SMMU_FEAT_STALLS &&
1617 !(smmu->features & ARM_SMMU_FEAT_STALL_FORCE))
1618 dst[1] |= cpu_to_le64(STRTAB_STE_1_S1STALLD);
1620 val |= (s1_cfg->cdptr_dma & STRTAB_STE_0_S1CTXPTR_MASK) |
1621 FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S1_TRANS);
1626 dst[2] = cpu_to_le64(
1627 FIELD_PREP(STRTAB_STE_2_S2VMID, s2_cfg->vmid) |
1628 FIELD_PREP(STRTAB_STE_2_VTCR, s2_cfg->vtcr) |
1630 STRTAB_STE_2_S2ENDI |
1632 STRTAB_STE_2_S2PTW | STRTAB_STE_2_S2AA64 |
1635 dst[3] = cpu_to_le64(s2_cfg->vttbr & STRTAB_STE_3_S2TTB_MASK);
1637 val |= FIELD_PREP(STRTAB_STE_0_CFG, STRTAB_STE_0_CFG_S2_TRANS);
1640 if (master->ats_enabled)
1641 dst[1] |= cpu_to_le64(FIELD_PREP(STRTAB_STE_1_EATS,
1642 STRTAB_STE_1_EATS_TRANS));
1644 arm_smmu_sync_ste_for_sid(smmu, sid);
1645 dst[0] = cpu_to_le64(val);
1646 arm_smmu_sync_ste_for_sid(smmu, sid);
1648 /* It's likely that we'll want to use the new STE soon */
1649 if (!(smmu->options & ARM_SMMU_OPT_SKIP_PREFETCH))
1650 arm_smmu_cmdq_issue_cmd(smmu, &prefetch_cmd);
1653 static void arm_smmu_init_bypass_stes(u64 *strtab, unsigned int nent)
1657 for (i = 0; i < nent; ++i) {
1658 arm_smmu_write_strtab_ent(NULL, -1, strtab);
1659 strtab += STRTAB_STE_DWORDS;
1663 static int arm_smmu_init_l2_strtab(struct arm_smmu_device *smmu, u32 sid)
1667 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
1668 struct arm_smmu_strtab_l1_desc *desc = &cfg->l1_desc[sid >> STRTAB_SPLIT];
1673 size = 1 << (STRTAB_SPLIT + ilog2(STRTAB_STE_DWORDS) + 3);
1674 strtab = &cfg->strtab[(sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS];
1676 desc->span = STRTAB_SPLIT + 1;
1677 desc->l2ptr = dmam_alloc_coherent(smmu->dev, size, &desc->l2ptr_dma,
1678 GFP_KERNEL | __GFP_ZERO);
1681 "failed to allocate l2 stream table for SID %u\n",
1686 arm_smmu_init_bypass_stes(desc->l2ptr, 1 << STRTAB_SPLIT);
1687 arm_smmu_write_strtab_l1_desc(strtab, desc);
1691 /* IRQ and event handlers */
1692 static irqreturn_t arm_smmu_evtq_thread(int irq, void *dev)
1695 struct arm_smmu_device *smmu = dev;
1696 struct arm_smmu_queue *q = &smmu->evtq.q;
1697 struct arm_smmu_ll_queue *llq = &q->llq;
1698 u64 evt[EVTQ_ENT_DWORDS];
1701 while (!queue_remove_raw(q, evt)) {
1702 u8 id = FIELD_GET(EVTQ_0_ID, evt[0]);
1704 dev_info(smmu->dev, "event 0x%02x received:\n", id);
1705 for (i = 0; i < ARRAY_SIZE(evt); ++i)
1706 dev_info(smmu->dev, "\t0x%016llx\n",
1707 (unsigned long long)evt[i]);
1712 * Not much we can do on overflow, so scream and pretend we're
1715 if (queue_sync_prod_in(q) == -EOVERFLOW)
1716 dev_err(smmu->dev, "EVTQ overflow detected -- events lost\n");
1717 } while (!queue_empty(llq));
1719 /* Sync our overflow flag, as we believe we're up to speed */
1720 llq->cons = Q_OVF(llq->prod) | Q_WRP(llq, llq->cons) |
1721 Q_IDX(llq, llq->cons);
1725 static void arm_smmu_handle_ppr(struct arm_smmu_device *smmu, u64 *evt)
1731 sid = FIELD_GET(PRIQ_0_SID, evt[0]);
1732 ssv = FIELD_GET(PRIQ_0_SSID_V, evt[0]);
1733 ssid = ssv ? FIELD_GET(PRIQ_0_SSID, evt[0]) : 0;
1734 last = FIELD_GET(PRIQ_0_PRG_LAST, evt[0]);
1735 grpid = FIELD_GET(PRIQ_1_PRG_IDX, evt[1]);
1737 dev_info(smmu->dev, "unexpected PRI request received:\n");
1739 "\tsid 0x%08x.0x%05x: [%u%s] %sprivileged %s%s%s access at iova 0x%016llx\n",
1740 sid, ssid, grpid, last ? "L" : "",
1741 evt[0] & PRIQ_0_PERM_PRIV ? "" : "un",
1742 evt[0] & PRIQ_0_PERM_READ ? "R" : "",
1743 evt[0] & PRIQ_0_PERM_WRITE ? "W" : "",
1744 evt[0] & PRIQ_0_PERM_EXEC ? "X" : "",
1745 evt[1] & PRIQ_1_ADDR_MASK);
1748 struct arm_smmu_cmdq_ent cmd = {
1749 .opcode = CMDQ_OP_PRI_RESP,
1750 .substream_valid = ssv,
1755 .resp = PRI_RESP_DENY,
1759 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1763 static irqreturn_t arm_smmu_priq_thread(int irq, void *dev)
1765 struct arm_smmu_device *smmu = dev;
1766 struct arm_smmu_queue *q = &smmu->priq.q;
1767 struct arm_smmu_ll_queue *llq = &q->llq;
1768 u64 evt[PRIQ_ENT_DWORDS];
1771 while (!queue_remove_raw(q, evt))
1772 arm_smmu_handle_ppr(smmu, evt);
1774 if (queue_sync_prod_in(q) == -EOVERFLOW)
1775 dev_err(smmu->dev, "PRIQ overflow detected -- requests lost\n");
1776 } while (!queue_empty(llq));
1778 /* Sync our overflow flag, as we believe we're up to speed */
1779 llq->cons = Q_OVF(llq->prod) | Q_WRP(llq, llq->cons) |
1780 Q_IDX(llq, llq->cons);
1781 queue_sync_cons_out(q);
1785 static int arm_smmu_device_disable(struct arm_smmu_device *smmu);
1787 static irqreturn_t arm_smmu_gerror_handler(int irq, void *dev)
1789 u32 gerror, gerrorn, active;
1790 struct arm_smmu_device *smmu = dev;
1792 gerror = readl_relaxed(smmu->base + ARM_SMMU_GERROR);
1793 gerrorn = readl_relaxed(smmu->base + ARM_SMMU_GERRORN);
1795 active = gerror ^ gerrorn;
1796 if (!(active & GERROR_ERR_MASK))
1797 return IRQ_NONE; /* No errors pending */
1800 "unexpected global error reported (0x%08x), this could be serious\n",
1803 if (active & GERROR_SFM_ERR) {
1804 dev_err(smmu->dev, "device has entered Service Failure Mode!\n");
1805 arm_smmu_device_disable(smmu);
1808 if (active & GERROR_MSI_GERROR_ABT_ERR)
1809 dev_warn(smmu->dev, "GERROR MSI write aborted\n");
1811 if (active & GERROR_MSI_PRIQ_ABT_ERR)
1812 dev_warn(smmu->dev, "PRIQ MSI write aborted\n");
1814 if (active & GERROR_MSI_EVTQ_ABT_ERR)
1815 dev_warn(smmu->dev, "EVTQ MSI write aborted\n");
1817 if (active & GERROR_MSI_CMDQ_ABT_ERR)
1818 dev_warn(smmu->dev, "CMDQ MSI write aborted\n");
1820 if (active & GERROR_PRIQ_ABT_ERR)
1821 dev_err(smmu->dev, "PRIQ write aborted -- events may have been lost\n");
1823 if (active & GERROR_EVTQ_ABT_ERR)
1824 dev_err(smmu->dev, "EVTQ write aborted -- events may have been lost\n");
1826 if (active & GERROR_CMDQ_ERR)
1827 arm_smmu_cmdq_skip_err(smmu);
1829 writel(gerror, smmu->base + ARM_SMMU_GERRORN);
1833 static irqreturn_t arm_smmu_combined_irq_thread(int irq, void *dev)
1835 struct arm_smmu_device *smmu = dev;
1837 arm_smmu_evtq_thread(irq, dev);
1838 if (smmu->features & ARM_SMMU_FEAT_PRI)
1839 arm_smmu_priq_thread(irq, dev);
1844 static irqreturn_t arm_smmu_combined_irq_handler(int irq, void *dev)
1846 arm_smmu_gerror_handler(irq, dev);
1847 return IRQ_WAKE_THREAD;
1851 arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
1852 struct arm_smmu_cmdq_ent *cmd)
1856 /* ATC invalidates are always on 4096-bytes pages */
1857 size_t inval_grain_shift = 12;
1858 unsigned long page_start, page_end;
1860 *cmd = (struct arm_smmu_cmdq_ent) {
1861 .opcode = CMDQ_OP_ATC_INV,
1862 .substream_valid = !!ssid,
1867 cmd->atc.size = ATC_INV_SIZE_ALL;
1871 page_start = iova >> inval_grain_shift;
1872 page_end = (iova + size - 1) >> inval_grain_shift;
1875 * In an ATS Invalidate Request, the address must be aligned on the
1876 * range size, which must be a power of two number of page sizes. We
1877 * thus have to choose between grossly over-invalidating the region, or
1878 * splitting the invalidation into multiple commands. For simplicity
1879 * we'll go with the first solution, but should refine it in the future
1880 * if multiple commands are shown to be more efficient.
1882 * Find the smallest power of two that covers the range. The most
1883 * significant differing bit between the start and end addresses,
1884 * fls(start ^ end), indicates the required span. For example:
1886 * We want to invalidate pages [8; 11]. This is already the ideal range:
1887 * x = 0b1000 ^ 0b1011 = 0b11
1888 * span = 1 << fls(x) = 4
1890 * To invalidate pages [7; 10], we need to invalidate [0; 15]:
1891 * x = 0b0111 ^ 0b1010 = 0b1101
1892 * span = 1 << fls(x) = 16
1894 log2_span = fls_long(page_start ^ page_end);
1895 span_mask = (1ULL << log2_span) - 1;
1897 page_start &= ~span_mask;
1899 cmd->atc.addr = page_start << inval_grain_shift;
1900 cmd->atc.size = log2_span;
1903 static int arm_smmu_atc_inv_master(struct arm_smmu_master *master,
1904 struct arm_smmu_cmdq_ent *cmd)
1908 if (!master->ats_enabled)
1911 for (i = 0; i < master->num_sids; i++) {
1912 cmd->atc.sid = master->sids[i];
1913 arm_smmu_cmdq_issue_cmd(master->smmu, cmd);
1916 return arm_smmu_cmdq_issue_sync(master->smmu);
1919 static int arm_smmu_atc_inv_domain(struct arm_smmu_domain *smmu_domain,
1920 int ssid, unsigned long iova, size_t size)
1923 unsigned long flags;
1924 struct arm_smmu_cmdq_ent cmd;
1925 struct arm_smmu_master *master;
1927 if (!(smmu_domain->smmu->features & ARM_SMMU_FEAT_ATS))
1931 * Ensure that we've completed prior invalidation of the main TLBs
1932 * before we read 'nr_ats_masters' in case of a concurrent call to
1933 * arm_smmu_enable_ats():
1935 * // unmap() // arm_smmu_enable_ats()
1936 * TLBI+SYNC atomic_inc(&nr_ats_masters);
1938 * atomic_read(&nr_ats_masters); pci_enable_ats() // writel()
1940 * Ensures that we always see the incremented 'nr_ats_masters' count if
1941 * ATS was enabled at the PCI device before completion of the TLBI.
1944 if (!atomic_read(&smmu_domain->nr_ats_masters))
1947 arm_smmu_atc_inv_to_cmd(ssid, iova, size, &cmd);
1949 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
1950 list_for_each_entry(master, &smmu_domain->devices, domain_head)
1951 ret |= arm_smmu_atc_inv_master(master, &cmd);
1952 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
1954 return ret ? -ETIMEDOUT : 0;
1957 /* IO_PGTABLE API */
1958 static void arm_smmu_tlb_inv_context(void *cookie)
1960 struct arm_smmu_domain *smmu_domain = cookie;
1961 struct arm_smmu_device *smmu = smmu_domain->smmu;
1962 struct arm_smmu_cmdq_ent cmd;
1964 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
1965 cmd.opcode = CMDQ_OP_TLBI_NH_ASID;
1966 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
1969 cmd.opcode = CMDQ_OP_TLBI_S12_VMALL;
1970 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
1974 * NOTE: when io-pgtable is in non-strict mode, we may get here with
1975 * PTEs previously cleared by unmaps on the current CPU not yet visible
1976 * to the SMMU. We are relying on the dma_wmb() implicit during cmd
1977 * insertion to guarantee those are observed before the TLBI. Do be
1980 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
1981 arm_smmu_cmdq_issue_sync(smmu);
1982 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
1985 static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size,
1986 size_t granule, bool leaf,
1987 struct arm_smmu_domain *smmu_domain)
1989 u64 cmds[CMDQ_BATCH_ENTRIES * CMDQ_ENT_DWORDS];
1990 struct arm_smmu_device *smmu = smmu_domain->smmu;
1991 unsigned long start = iova, end = iova + size;
1993 struct arm_smmu_cmdq_ent cmd = {
2002 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
2003 cmd.opcode = CMDQ_OP_TLBI_NH_VA;
2004 cmd.tlbi.asid = smmu_domain->s1_cfg.cd.asid;
2006 cmd.opcode = CMDQ_OP_TLBI_S2_IPA;
2007 cmd.tlbi.vmid = smmu_domain->s2_cfg.vmid;
2010 while (iova < end) {
2011 if (i == CMDQ_BATCH_ENTRIES) {
2012 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, false);
2016 cmd.tlbi.addr = iova;
2017 arm_smmu_cmdq_build_cmd(&cmds[i * CMDQ_ENT_DWORDS], &cmd);
2022 arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, true);
2025 * Unfortunately, this can't be leaf-only since we may have
2026 * zapped an entire table.
2028 arm_smmu_atc_inv_domain(smmu_domain, 0, start, size);
2031 static void arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather *gather,
2032 unsigned long iova, size_t granule,
2035 struct arm_smmu_domain *smmu_domain = cookie;
2036 struct iommu_domain *domain = &smmu_domain->domain;
2038 iommu_iotlb_gather_add_page(domain, gather, iova, granule);
2041 static void arm_smmu_tlb_inv_walk(unsigned long iova, size_t size,
2042 size_t granule, void *cookie)
2044 arm_smmu_tlb_inv_range(iova, size, granule, false, cookie);
2047 static void arm_smmu_tlb_inv_leaf(unsigned long iova, size_t size,
2048 size_t granule, void *cookie)
2050 arm_smmu_tlb_inv_range(iova, size, granule, true, cookie);
2053 static const struct iommu_flush_ops arm_smmu_flush_ops = {
2054 .tlb_flush_all = arm_smmu_tlb_inv_context,
2055 .tlb_flush_walk = arm_smmu_tlb_inv_walk,
2056 .tlb_flush_leaf = arm_smmu_tlb_inv_leaf,
2057 .tlb_add_page = arm_smmu_tlb_inv_page_nosync,
2061 static bool arm_smmu_capable(enum iommu_cap cap)
2064 case IOMMU_CAP_CACHE_COHERENCY:
2066 case IOMMU_CAP_NOEXEC:
2073 static struct iommu_domain *arm_smmu_domain_alloc(unsigned type)
2075 struct arm_smmu_domain *smmu_domain;
2077 if (type != IOMMU_DOMAIN_UNMANAGED &&
2078 type != IOMMU_DOMAIN_DMA &&
2079 type != IOMMU_DOMAIN_IDENTITY)
2083 * Allocate the domain and initialise some of its data structures.
2084 * We can't really do anything meaningful until we've added a
2087 smmu_domain = kzalloc(sizeof(*smmu_domain), GFP_KERNEL);
2091 if (type == IOMMU_DOMAIN_DMA &&
2092 iommu_get_dma_cookie(&smmu_domain->domain)) {
2097 mutex_init(&smmu_domain->init_mutex);
2098 INIT_LIST_HEAD(&smmu_domain->devices);
2099 spin_lock_init(&smmu_domain->devices_lock);
2101 return &smmu_domain->domain;
2104 static int arm_smmu_bitmap_alloc(unsigned long *map, int span)
2106 int idx, size = 1 << span;
2109 idx = find_first_zero_bit(map, size);
2112 } while (test_and_set_bit(idx, map));
2117 static void arm_smmu_bitmap_free(unsigned long *map, int idx)
2119 clear_bit(idx, map);
2122 static void arm_smmu_domain_free(struct iommu_domain *domain)
2124 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2125 struct arm_smmu_device *smmu = smmu_domain->smmu;
2127 iommu_put_dma_cookie(domain);
2128 free_io_pgtable_ops(smmu_domain->pgtbl_ops);
2130 /* Free the CD and ASID, if we allocated them */
2131 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
2132 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2135 dmam_free_coherent(smmu_domain->smmu->dev,
2136 CTXDESC_CD_DWORDS << 3,
2140 arm_smmu_bitmap_free(smmu->asid_map, cfg->cd.asid);
2143 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2145 arm_smmu_bitmap_free(smmu->vmid_map, cfg->vmid);
2151 static int arm_smmu_domain_finalise_s1(struct arm_smmu_domain *smmu_domain,
2152 struct io_pgtable_cfg *pgtbl_cfg)
2156 struct arm_smmu_device *smmu = smmu_domain->smmu;
2157 struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
2159 asid = arm_smmu_bitmap_alloc(smmu->asid_map, smmu->asid_bits);
2163 cfg->cdptr = dmam_alloc_coherent(smmu->dev, CTXDESC_CD_DWORDS << 3,
2165 GFP_KERNEL | __GFP_ZERO);
2167 dev_warn(smmu->dev, "failed to allocate context descriptor\n");
2172 cfg->cd.asid = (u16)asid;
2173 cfg->cd.ttbr = pgtbl_cfg->arm_lpae_s1_cfg.ttbr[0];
2174 cfg->cd.tcr = pgtbl_cfg->arm_lpae_s1_cfg.tcr;
2175 cfg->cd.mair = pgtbl_cfg->arm_lpae_s1_cfg.mair[0];
2179 arm_smmu_bitmap_free(smmu->asid_map, asid);
2183 static int arm_smmu_domain_finalise_s2(struct arm_smmu_domain *smmu_domain,
2184 struct io_pgtable_cfg *pgtbl_cfg)
2187 struct arm_smmu_device *smmu = smmu_domain->smmu;
2188 struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
2190 vmid = arm_smmu_bitmap_alloc(smmu->vmid_map, smmu->vmid_bits);
2194 cfg->vmid = (u16)vmid;
2195 cfg->vttbr = pgtbl_cfg->arm_lpae_s2_cfg.vttbr;
2196 cfg->vtcr = pgtbl_cfg->arm_lpae_s2_cfg.vtcr;
2200 static int arm_smmu_domain_finalise(struct iommu_domain *domain)
2203 unsigned long ias, oas;
2204 enum io_pgtable_fmt fmt;
2205 struct io_pgtable_cfg pgtbl_cfg;
2206 struct io_pgtable_ops *pgtbl_ops;
2207 int (*finalise_stage_fn)(struct arm_smmu_domain *,
2208 struct io_pgtable_cfg *);
2209 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2210 struct arm_smmu_device *smmu = smmu_domain->smmu;
2212 if (domain->type == IOMMU_DOMAIN_IDENTITY) {
2213 smmu_domain->stage = ARM_SMMU_DOMAIN_BYPASS;
2217 /* Restrict the stage to what we can actually support */
2218 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S1))
2219 smmu_domain->stage = ARM_SMMU_DOMAIN_S2;
2220 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S2))
2221 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2223 switch (smmu_domain->stage) {
2224 case ARM_SMMU_DOMAIN_S1:
2225 ias = (smmu->features & ARM_SMMU_FEAT_VAX) ? 52 : 48;
2226 ias = min_t(unsigned long, ias, VA_BITS);
2228 fmt = ARM_64_LPAE_S1;
2229 finalise_stage_fn = arm_smmu_domain_finalise_s1;
2231 case ARM_SMMU_DOMAIN_NESTED:
2232 case ARM_SMMU_DOMAIN_S2:
2235 fmt = ARM_64_LPAE_S2;
2236 finalise_stage_fn = arm_smmu_domain_finalise_s2;
2242 pgtbl_cfg = (struct io_pgtable_cfg) {
2243 .pgsize_bitmap = smmu->pgsize_bitmap,
2246 .coherent_walk = smmu->features & ARM_SMMU_FEAT_COHERENCY,
2247 .tlb = &arm_smmu_flush_ops,
2248 .iommu_dev = smmu->dev,
2251 if (smmu_domain->non_strict)
2252 pgtbl_cfg.quirks |= IO_PGTABLE_QUIRK_NON_STRICT;
2254 pgtbl_ops = alloc_io_pgtable_ops(fmt, &pgtbl_cfg, smmu_domain);
2258 domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
2259 domain->geometry.aperture_end = (1UL << pgtbl_cfg.ias) - 1;
2260 domain->geometry.force_aperture = true;
2262 ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg);
2264 free_io_pgtable_ops(pgtbl_ops);
2268 smmu_domain->pgtbl_ops = pgtbl_ops;
2272 static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid)
2275 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2277 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2278 struct arm_smmu_strtab_l1_desc *l1_desc;
2281 /* Two-level walk */
2282 idx = (sid >> STRTAB_SPLIT) * STRTAB_L1_DESC_DWORDS;
2283 l1_desc = &cfg->l1_desc[idx];
2284 idx = (sid & ((1 << STRTAB_SPLIT) - 1)) * STRTAB_STE_DWORDS;
2285 step = &l1_desc->l2ptr[idx];
2287 /* Simple linear lookup */
2288 step = &cfg->strtab[sid * STRTAB_STE_DWORDS];
2294 static void arm_smmu_install_ste_for_dev(struct arm_smmu_master *master)
2297 struct arm_smmu_device *smmu = master->smmu;
2299 for (i = 0; i < master->num_sids; ++i) {
2300 u32 sid = master->sids[i];
2301 __le64 *step = arm_smmu_get_step_for_sid(smmu, sid);
2303 /* Bridged PCI devices may end up with duplicated IDs */
2304 for (j = 0; j < i; j++)
2305 if (master->sids[j] == sid)
2310 arm_smmu_write_strtab_ent(master, sid, step);
2314 #ifdef CONFIG_PCI_ATS
2315 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2317 struct pci_dev *pdev;
2318 struct arm_smmu_device *smmu = master->smmu;
2319 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(master->dev);
2321 if (!(smmu->features & ARM_SMMU_FEAT_ATS) || !dev_is_pci(master->dev) ||
2322 !(fwspec->flags & IOMMU_FWSPEC_PCI_RC_ATS) || pci_ats_disabled())
2325 pdev = to_pci_dev(master->dev);
2326 return !pdev->untrusted && pdev->ats_cap;
2329 static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
2335 static void arm_smmu_enable_ats(struct arm_smmu_master *master)
2338 struct pci_dev *pdev;
2339 struct arm_smmu_device *smmu = master->smmu;
2340 struct arm_smmu_domain *smmu_domain = master->domain;
2342 /* Don't enable ATS at the endpoint if it's not enabled in the STE */
2343 if (!master->ats_enabled)
2346 /* Smallest Translation Unit: log2 of the smallest supported granule */
2347 stu = __ffs(smmu->pgsize_bitmap);
2348 pdev = to_pci_dev(master->dev);
2350 atomic_inc(&smmu_domain->nr_ats_masters);
2351 arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
2352 if (pci_enable_ats(pdev, stu))
2353 dev_err(master->dev, "Failed to enable ATS (STU %zu)\n", stu);
2356 static void arm_smmu_disable_ats(struct arm_smmu_master *master)
2358 struct arm_smmu_cmdq_ent cmd;
2359 struct arm_smmu_domain *smmu_domain = master->domain;
2361 if (!master->ats_enabled)
2364 pci_disable_ats(to_pci_dev(master->dev));
2366 * Ensure ATS is disabled at the endpoint before we issue the
2367 * ATC invalidation via the SMMU.
2370 arm_smmu_atc_inv_to_cmd(0, 0, 0, &cmd);
2371 arm_smmu_atc_inv_master(master, &cmd);
2372 atomic_dec(&smmu_domain->nr_ats_masters);
2375 static void arm_smmu_detach_dev(struct arm_smmu_master *master)
2377 unsigned long flags;
2378 struct arm_smmu_domain *smmu_domain = master->domain;
2383 arm_smmu_disable_ats(master);
2385 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2386 list_del(&master->domain_head);
2387 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2389 master->domain = NULL;
2390 master->ats_enabled = false;
2391 arm_smmu_install_ste_for_dev(master);
2394 static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
2397 unsigned long flags;
2398 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2399 struct arm_smmu_device *smmu;
2400 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2401 struct arm_smmu_master *master;
2406 master = fwspec->iommu_priv;
2407 smmu = master->smmu;
2409 arm_smmu_detach_dev(master);
2411 mutex_lock(&smmu_domain->init_mutex);
2413 if (!smmu_domain->smmu) {
2414 smmu_domain->smmu = smmu;
2415 ret = arm_smmu_domain_finalise(domain);
2417 smmu_domain->smmu = NULL;
2420 } else if (smmu_domain->smmu != smmu) {
2422 "cannot attach to SMMU %s (upstream of %s)\n",
2423 dev_name(smmu_domain->smmu->dev),
2424 dev_name(smmu->dev));
2429 master->domain = smmu_domain;
2431 if (smmu_domain->stage != ARM_SMMU_DOMAIN_BYPASS)
2432 master->ats_enabled = arm_smmu_ats_supported(master);
2434 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1)
2435 arm_smmu_write_ctx_desc(smmu, &smmu_domain->s1_cfg);
2437 arm_smmu_install_ste_for_dev(master);
2439 spin_lock_irqsave(&smmu_domain->devices_lock, flags);
2440 list_add(&master->domain_head, &smmu_domain->devices);
2441 spin_unlock_irqrestore(&smmu_domain->devices_lock, flags);
2443 arm_smmu_enable_ats(master);
2446 mutex_unlock(&smmu_domain->init_mutex);
2450 static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
2451 phys_addr_t paddr, size_t size, int prot)
2453 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2458 return ops->map(ops, iova, paddr, size, prot);
2461 static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
2462 size_t size, struct iommu_iotlb_gather *gather)
2464 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2465 struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
2470 return ops->unmap(ops, iova, size, gather);
2473 static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain)
2475 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2477 if (smmu_domain->smmu)
2478 arm_smmu_tlb_inv_context(smmu_domain);
2481 static void arm_smmu_iotlb_sync(struct iommu_domain *domain,
2482 struct iommu_iotlb_gather *gather)
2484 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2486 arm_smmu_tlb_inv_range(gather->start, gather->end - gather->start,
2487 gather->pgsize, true, smmu_domain);
2491 arm_smmu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
2493 struct io_pgtable_ops *ops = to_smmu_domain(domain)->pgtbl_ops;
2495 if (domain->type == IOMMU_DOMAIN_IDENTITY)
2501 return ops->iova_to_phys(ops, iova);
2504 static struct platform_driver arm_smmu_driver;
2506 static int arm_smmu_match_node(struct device *dev, const void *data)
2508 return dev->fwnode == data;
2512 struct arm_smmu_device *arm_smmu_get_by_fwnode(struct fwnode_handle *fwnode)
2514 struct device *dev = driver_find_device(&arm_smmu_driver.driver, NULL,
2515 fwnode, arm_smmu_match_node);
2517 return dev ? dev_get_drvdata(dev) : NULL;
2520 static bool arm_smmu_sid_in_range(struct arm_smmu_device *smmu, u32 sid)
2522 unsigned long limit = smmu->strtab_cfg.num_l1_ents;
2524 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2525 limit *= 1UL << STRTAB_SPLIT;
2530 static struct iommu_ops arm_smmu_ops;
2532 static int arm_smmu_add_device(struct device *dev)
2535 struct arm_smmu_device *smmu;
2536 struct arm_smmu_master *master;
2537 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2538 struct iommu_group *group;
2540 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2543 * We _can_ actually withstand dodgy bus code re-calling add_device()
2544 * without an intervening remove_device()/of_xlate() sequence, but
2545 * we're not going to do so quietly...
2547 if (WARN_ON_ONCE(fwspec->iommu_priv)) {
2548 master = fwspec->iommu_priv;
2549 smmu = master->smmu;
2551 smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode);
2554 master = kzalloc(sizeof(*master), GFP_KERNEL);
2559 master->smmu = smmu;
2560 master->sids = fwspec->ids;
2561 master->num_sids = fwspec->num_ids;
2562 fwspec->iommu_priv = master;
2565 /* Check the SIDs are in range of the SMMU and our stream table */
2566 for (i = 0; i < master->num_sids; i++) {
2567 u32 sid = master->sids[i];
2569 if (!arm_smmu_sid_in_range(smmu, sid))
2572 /* Ensure l2 strtab is initialised */
2573 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB) {
2574 ret = arm_smmu_init_l2_strtab(smmu, sid);
2580 group = iommu_group_get_for_dev(dev);
2581 if (!IS_ERR(group)) {
2582 iommu_group_put(group);
2583 iommu_device_link(&smmu->iommu, dev);
2586 return PTR_ERR_OR_ZERO(group);
2589 static void arm_smmu_remove_device(struct device *dev)
2591 struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev);
2592 struct arm_smmu_master *master;
2593 struct arm_smmu_device *smmu;
2595 if (!fwspec || fwspec->ops != &arm_smmu_ops)
2598 master = fwspec->iommu_priv;
2599 smmu = master->smmu;
2600 arm_smmu_detach_dev(master);
2601 iommu_group_remove_device(dev);
2602 iommu_device_unlink(&smmu->iommu, dev);
2604 iommu_fwspec_free(dev);
2607 static struct iommu_group *arm_smmu_device_group(struct device *dev)
2609 struct iommu_group *group;
2612 * We don't support devices sharing stream IDs other than PCI RID
2613 * aliases, since the necessary ID-to-device lookup becomes rather
2614 * impractical given a potential sparse 32-bit stream ID space.
2616 if (dev_is_pci(dev))
2617 group = pci_device_group(dev);
2619 group = generic_device_group(dev);
2624 static int arm_smmu_domain_get_attr(struct iommu_domain *domain,
2625 enum iommu_attr attr, void *data)
2627 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2629 switch (domain->type) {
2630 case IOMMU_DOMAIN_UNMANAGED:
2632 case DOMAIN_ATTR_NESTING:
2633 *(int *)data = (smmu_domain->stage == ARM_SMMU_DOMAIN_NESTED);
2639 case IOMMU_DOMAIN_DMA:
2641 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2642 *(int *)data = smmu_domain->non_strict;
2653 static int arm_smmu_domain_set_attr(struct iommu_domain *domain,
2654 enum iommu_attr attr, void *data)
2657 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
2659 mutex_lock(&smmu_domain->init_mutex);
2661 switch (domain->type) {
2662 case IOMMU_DOMAIN_UNMANAGED:
2664 case DOMAIN_ATTR_NESTING:
2665 if (smmu_domain->smmu) {
2671 smmu_domain->stage = ARM_SMMU_DOMAIN_NESTED;
2673 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
2679 case IOMMU_DOMAIN_DMA:
2681 case DOMAIN_ATTR_DMA_USE_FLUSH_QUEUE:
2682 smmu_domain->non_strict = *(int *)data;
2693 mutex_unlock(&smmu_domain->init_mutex);
2697 static int arm_smmu_of_xlate(struct device *dev, struct of_phandle_args *args)
2699 return iommu_fwspec_add_ids(dev, args->args, 1);
2702 static void arm_smmu_get_resv_regions(struct device *dev,
2703 struct list_head *head)
2705 struct iommu_resv_region *region;
2706 int prot = IOMMU_WRITE | IOMMU_NOEXEC | IOMMU_MMIO;
2708 region = iommu_alloc_resv_region(MSI_IOVA_BASE, MSI_IOVA_LENGTH,
2709 prot, IOMMU_RESV_SW_MSI);
2713 list_add_tail(®ion->list, head);
2715 iommu_dma_get_resv_regions(dev, head);
2718 static void arm_smmu_put_resv_regions(struct device *dev,
2719 struct list_head *head)
2721 struct iommu_resv_region *entry, *next;
2723 list_for_each_entry_safe(entry, next, head, list)
2727 static struct iommu_ops arm_smmu_ops = {
2728 .capable = arm_smmu_capable,
2729 .domain_alloc = arm_smmu_domain_alloc,
2730 .domain_free = arm_smmu_domain_free,
2731 .attach_dev = arm_smmu_attach_dev,
2732 .map = arm_smmu_map,
2733 .unmap = arm_smmu_unmap,
2734 .flush_iotlb_all = arm_smmu_flush_iotlb_all,
2735 .iotlb_sync = arm_smmu_iotlb_sync,
2736 .iova_to_phys = arm_smmu_iova_to_phys,
2737 .add_device = arm_smmu_add_device,
2738 .remove_device = arm_smmu_remove_device,
2739 .device_group = arm_smmu_device_group,
2740 .domain_get_attr = arm_smmu_domain_get_attr,
2741 .domain_set_attr = arm_smmu_domain_set_attr,
2742 .of_xlate = arm_smmu_of_xlate,
2743 .get_resv_regions = arm_smmu_get_resv_regions,
2744 .put_resv_regions = arm_smmu_put_resv_regions,
2745 .pgsize_bitmap = -1UL, /* Restricted during device attach */
2748 /* Probing and initialisation functions */
2749 static int arm_smmu_init_one_queue(struct arm_smmu_device *smmu,
2750 struct arm_smmu_queue *q,
2751 unsigned long prod_off,
2752 unsigned long cons_off,
2753 size_t dwords, const char *name)
2758 qsz = ((1 << q->llq.max_n_shift) * dwords) << 3;
2759 q->base = dmam_alloc_coherent(smmu->dev, qsz, &q->base_dma,
2761 if (q->base || qsz < PAGE_SIZE)
2764 q->llq.max_n_shift--;
2769 "failed to allocate queue (0x%zx bytes) for %s\n",
2774 if (!WARN_ON(q->base_dma & (qsz - 1))) {
2775 dev_info(smmu->dev, "allocated %u entries for %s\n",
2776 1 << q->llq.max_n_shift, name);
2779 q->prod_reg = arm_smmu_page1_fixup(prod_off, smmu);
2780 q->cons_reg = arm_smmu_page1_fixup(cons_off, smmu);
2781 q->ent_dwords = dwords;
2783 q->q_base = Q_BASE_RWA;
2784 q->q_base |= q->base_dma & Q_BASE_ADDR_MASK;
2785 q->q_base |= FIELD_PREP(Q_BASE_LOG2SIZE, q->llq.max_n_shift);
2787 q->llq.prod = q->llq.cons = 0;
2791 static void arm_smmu_cmdq_free_bitmap(void *data)
2793 unsigned long *bitmap = data;
2794 bitmap_free(bitmap);
2797 static int arm_smmu_cmdq_init(struct arm_smmu_device *smmu)
2800 struct arm_smmu_cmdq *cmdq = &smmu->cmdq;
2801 unsigned int nents = 1 << cmdq->q.llq.max_n_shift;
2802 atomic_long_t *bitmap;
2804 atomic_set(&cmdq->owner_prod, 0);
2805 atomic_set(&cmdq->lock, 0);
2807 bitmap = (atomic_long_t *)bitmap_zalloc(nents, GFP_KERNEL);
2809 dev_err(smmu->dev, "failed to allocate cmdq bitmap\n");
2812 cmdq->valid_map = bitmap;
2813 devm_add_action(smmu->dev, arm_smmu_cmdq_free_bitmap, bitmap);
2819 static int arm_smmu_init_queues(struct arm_smmu_device *smmu)
2824 ret = arm_smmu_init_one_queue(smmu, &smmu->cmdq.q, ARM_SMMU_CMDQ_PROD,
2825 ARM_SMMU_CMDQ_CONS, CMDQ_ENT_DWORDS,
2830 ret = arm_smmu_cmdq_init(smmu);
2835 ret = arm_smmu_init_one_queue(smmu, &smmu->evtq.q, ARM_SMMU_EVTQ_PROD,
2836 ARM_SMMU_EVTQ_CONS, EVTQ_ENT_DWORDS,
2842 if (!(smmu->features & ARM_SMMU_FEAT_PRI))
2845 return arm_smmu_init_one_queue(smmu, &smmu->priq.q, ARM_SMMU_PRIQ_PROD,
2846 ARM_SMMU_PRIQ_CONS, PRIQ_ENT_DWORDS,
2850 static int arm_smmu_init_l1_strtab(struct arm_smmu_device *smmu)
2853 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2854 size_t size = sizeof(*cfg->l1_desc) * cfg->num_l1_ents;
2855 void *strtab = smmu->strtab_cfg.strtab;
2857 cfg->l1_desc = devm_kzalloc(smmu->dev, size, GFP_KERNEL);
2858 if (!cfg->l1_desc) {
2859 dev_err(smmu->dev, "failed to allocate l1 stream table desc\n");
2863 for (i = 0; i < cfg->num_l1_ents; ++i) {
2864 arm_smmu_write_strtab_l1_desc(strtab, &cfg->l1_desc[i]);
2865 strtab += STRTAB_L1_DESC_DWORDS << 3;
2871 static int arm_smmu_init_strtab_2lvl(struct arm_smmu_device *smmu)
2876 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2878 /* Calculate the L1 size, capped to the SIDSIZE. */
2879 size = STRTAB_L1_SZ_SHIFT - (ilog2(STRTAB_L1_DESC_DWORDS) + 3);
2880 size = min(size, smmu->sid_bits - STRTAB_SPLIT);
2881 cfg->num_l1_ents = 1 << size;
2883 size += STRTAB_SPLIT;
2884 if (size < smmu->sid_bits)
2886 "2-level strtab only covers %u/%u bits of SID\n",
2887 size, smmu->sid_bits);
2889 l1size = cfg->num_l1_ents * (STRTAB_L1_DESC_DWORDS << 3);
2890 strtab = dmam_alloc_coherent(smmu->dev, l1size, &cfg->strtab_dma,
2891 GFP_KERNEL | __GFP_ZERO);
2894 "failed to allocate l1 stream table (%u bytes)\n",
2898 cfg->strtab = strtab;
2900 /* Configure strtab_base_cfg for 2 levels */
2901 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_2LVL);
2902 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, size);
2903 reg |= FIELD_PREP(STRTAB_BASE_CFG_SPLIT, STRTAB_SPLIT);
2904 cfg->strtab_base_cfg = reg;
2906 return arm_smmu_init_l1_strtab(smmu);
2909 static int arm_smmu_init_strtab_linear(struct arm_smmu_device *smmu)
2914 struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
2916 size = (1 << smmu->sid_bits) * (STRTAB_STE_DWORDS << 3);
2917 strtab = dmam_alloc_coherent(smmu->dev, size, &cfg->strtab_dma,
2918 GFP_KERNEL | __GFP_ZERO);
2921 "failed to allocate linear stream table (%u bytes)\n",
2925 cfg->strtab = strtab;
2926 cfg->num_l1_ents = 1 << smmu->sid_bits;
2928 /* Configure strtab_base_cfg for a linear table covering all SIDs */
2929 reg = FIELD_PREP(STRTAB_BASE_CFG_FMT, STRTAB_BASE_CFG_FMT_LINEAR);
2930 reg |= FIELD_PREP(STRTAB_BASE_CFG_LOG2SIZE, smmu->sid_bits);
2931 cfg->strtab_base_cfg = reg;
2933 arm_smmu_init_bypass_stes(strtab, cfg->num_l1_ents);
2937 static int arm_smmu_init_strtab(struct arm_smmu_device *smmu)
2942 if (smmu->features & ARM_SMMU_FEAT_2_LVL_STRTAB)
2943 ret = arm_smmu_init_strtab_2lvl(smmu);
2945 ret = arm_smmu_init_strtab_linear(smmu);
2950 /* Set the strtab base address */
2951 reg = smmu->strtab_cfg.strtab_dma & STRTAB_BASE_ADDR_MASK;
2952 reg |= STRTAB_BASE_RA;
2953 smmu->strtab_cfg.strtab_base = reg;
2955 /* Allocate the first VMID for stage-2 bypass STEs */
2956 set_bit(0, smmu->vmid_map);
2960 static int arm_smmu_init_structures(struct arm_smmu_device *smmu)
2964 ret = arm_smmu_init_queues(smmu);
2968 return arm_smmu_init_strtab(smmu);
2971 static int arm_smmu_write_reg_sync(struct arm_smmu_device *smmu, u32 val,
2972 unsigned int reg_off, unsigned int ack_off)
2976 writel_relaxed(val, smmu->base + reg_off);
2977 return readl_relaxed_poll_timeout(smmu->base + ack_off, reg, reg == val,
2978 1, ARM_SMMU_POLL_TIMEOUT_US);
2981 /* GBPA is "special" */
2982 static int arm_smmu_update_gbpa(struct arm_smmu_device *smmu, u32 set, u32 clr)
2985 u32 reg, __iomem *gbpa = smmu->base + ARM_SMMU_GBPA;
2987 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2988 1, ARM_SMMU_POLL_TIMEOUT_US);
2994 writel_relaxed(reg | GBPA_UPDATE, gbpa);
2995 ret = readl_relaxed_poll_timeout(gbpa, reg, !(reg & GBPA_UPDATE),
2996 1, ARM_SMMU_POLL_TIMEOUT_US);
2999 dev_err(smmu->dev, "GBPA not responding to update\n");
3003 static void arm_smmu_free_msis(void *data)
3005 struct device *dev = data;
3006 platform_msi_domain_free_irqs(dev);
3009 static void arm_smmu_write_msi_msg(struct msi_desc *desc, struct msi_msg *msg)
3011 phys_addr_t doorbell;
3012 struct device *dev = msi_desc_to_dev(desc);
3013 struct arm_smmu_device *smmu = dev_get_drvdata(dev);
3014 phys_addr_t *cfg = arm_smmu_msi_cfg[desc->platform.msi_index];
3016 doorbell = (((u64)msg->address_hi) << 32) | msg->address_lo;
3017 doorbell &= MSI_CFG0_ADDR_MASK;
3019 writeq_relaxed(doorbell, smmu->base + cfg[0]);
3020 writel_relaxed(msg->data, smmu->base + cfg[1]);
3021 writel_relaxed(ARM_SMMU_MEMATTR_DEVICE_nGnRE, smmu->base + cfg[2]);
3024 static void arm_smmu_setup_msis(struct arm_smmu_device *smmu)
3026 struct msi_desc *desc;
3027 int ret, nvec = ARM_SMMU_MAX_MSIS;
3028 struct device *dev = smmu->dev;
3030 /* Clear the MSI address regs */
3031 writeq_relaxed(0, smmu->base + ARM_SMMU_GERROR_IRQ_CFG0);
3032 writeq_relaxed(0, smmu->base + ARM_SMMU_EVTQ_IRQ_CFG0);
3034 if (smmu->features & ARM_SMMU_FEAT_PRI)
3035 writeq_relaxed(0, smmu->base + ARM_SMMU_PRIQ_IRQ_CFG0);
3039 if (!(smmu->features & ARM_SMMU_FEAT_MSI))
3042 if (!dev->msi_domain) {
3043 dev_info(smmu->dev, "msi_domain absent - falling back to wired irqs\n");
3047 /* Allocate MSIs for evtq, gerror and priq. Ignore cmdq */
3048 ret = platform_msi_domain_alloc_irqs(dev, nvec, arm_smmu_write_msi_msg);
3050 dev_warn(dev, "failed to allocate MSIs - falling back to wired irqs\n");
3054 for_each_msi_entry(desc, dev) {
3055 switch (desc->platform.msi_index) {
3056 case EVTQ_MSI_INDEX:
3057 smmu->evtq.q.irq = desc->irq;
3059 case GERROR_MSI_INDEX:
3060 smmu->gerr_irq = desc->irq;
3062 case PRIQ_MSI_INDEX:
3063 smmu->priq.q.irq = desc->irq;
3065 default: /* Unknown */
3070 /* Add callback to free MSIs on teardown */
3071 devm_add_action(dev, arm_smmu_free_msis, dev);
3074 static void arm_smmu_setup_unique_irqs(struct arm_smmu_device *smmu)
3078 arm_smmu_setup_msis(smmu);
3080 /* Request interrupt lines */
3081 irq = smmu->evtq.q.irq;
3083 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3084 arm_smmu_evtq_thread,
3086 "arm-smmu-v3-evtq", smmu);
3088 dev_warn(smmu->dev, "failed to enable evtq irq\n");
3090 dev_warn(smmu->dev, "no evtq irq - events will not be reported!\n");
3093 irq = smmu->gerr_irq;
3095 ret = devm_request_irq(smmu->dev, irq, arm_smmu_gerror_handler,
3096 0, "arm-smmu-v3-gerror", smmu);
3098 dev_warn(smmu->dev, "failed to enable gerror irq\n");
3100 dev_warn(smmu->dev, "no gerr irq - errors will not be reported!\n");
3103 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3104 irq = smmu->priq.q.irq;
3106 ret = devm_request_threaded_irq(smmu->dev, irq, NULL,
3107 arm_smmu_priq_thread,
3113 "failed to enable priq irq\n");
3115 dev_warn(smmu->dev, "no priq irq - PRI will be broken\n");
3120 static int arm_smmu_setup_irqs(struct arm_smmu_device *smmu)
3123 u32 irqen_flags = IRQ_CTRL_EVTQ_IRQEN | IRQ_CTRL_GERROR_IRQEN;
3125 /* Disable IRQs first */
3126 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_IRQ_CTRL,
3127 ARM_SMMU_IRQ_CTRLACK);
3129 dev_err(smmu->dev, "failed to disable irqs\n");
3133 irq = smmu->combined_irq;
3136 * Cavium ThunderX2 implementation doesn't support unique irq
3137 * lines. Use a single irq line for all the SMMUv3 interrupts.
3139 ret = devm_request_threaded_irq(smmu->dev, irq,
3140 arm_smmu_combined_irq_handler,
3141 arm_smmu_combined_irq_thread,
3143 "arm-smmu-v3-combined-irq", smmu);
3145 dev_warn(smmu->dev, "failed to enable combined irq\n");
3147 arm_smmu_setup_unique_irqs(smmu);
3149 if (smmu->features & ARM_SMMU_FEAT_PRI)
3150 irqen_flags |= IRQ_CTRL_PRIQ_IRQEN;
3152 /* Enable interrupt generation on the SMMU */
3153 ret = arm_smmu_write_reg_sync(smmu, irqen_flags,
3154 ARM_SMMU_IRQ_CTRL, ARM_SMMU_IRQ_CTRLACK);
3156 dev_warn(smmu->dev, "failed to enable irqs\n");
3161 static int arm_smmu_device_disable(struct arm_smmu_device *smmu)
3165 ret = arm_smmu_write_reg_sync(smmu, 0, ARM_SMMU_CR0, ARM_SMMU_CR0ACK);
3167 dev_err(smmu->dev, "failed to clear cr0\n");
3172 static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
3176 struct arm_smmu_cmdq_ent cmd;
3178 /* Clear CR0 and sync (disables SMMU and queue processing) */
3179 reg = readl_relaxed(smmu->base + ARM_SMMU_CR0);
3180 if (reg & CR0_SMMUEN) {
3181 dev_warn(smmu->dev, "SMMU currently enabled! Resetting...\n");
3182 WARN_ON(is_kdump_kernel() && !disable_bypass);
3183 arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
3186 ret = arm_smmu_device_disable(smmu);
3190 /* CR1 (table and queue memory attributes) */
3191 reg = FIELD_PREP(CR1_TABLE_SH, ARM_SMMU_SH_ISH) |
3192 FIELD_PREP(CR1_TABLE_OC, CR1_CACHE_WB) |
3193 FIELD_PREP(CR1_TABLE_IC, CR1_CACHE_WB) |
3194 FIELD_PREP(CR1_QUEUE_SH, ARM_SMMU_SH_ISH) |
3195 FIELD_PREP(CR1_QUEUE_OC, CR1_CACHE_WB) |
3196 FIELD_PREP(CR1_QUEUE_IC, CR1_CACHE_WB);
3197 writel_relaxed(reg, smmu->base + ARM_SMMU_CR1);
3199 /* CR2 (random crap) */
3200 reg = CR2_PTM | CR2_RECINVSID | CR2_E2H;
3201 writel_relaxed(reg, smmu->base + ARM_SMMU_CR2);
3204 writeq_relaxed(smmu->strtab_cfg.strtab_base,
3205 smmu->base + ARM_SMMU_STRTAB_BASE);
3206 writel_relaxed(smmu->strtab_cfg.strtab_base_cfg,
3207 smmu->base + ARM_SMMU_STRTAB_BASE_CFG);
3210 writeq_relaxed(smmu->cmdq.q.q_base, smmu->base + ARM_SMMU_CMDQ_BASE);
3211 writel_relaxed(smmu->cmdq.q.llq.prod, smmu->base + ARM_SMMU_CMDQ_PROD);
3212 writel_relaxed(smmu->cmdq.q.llq.cons, smmu->base + ARM_SMMU_CMDQ_CONS);
3214 enables = CR0_CMDQEN;
3215 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3218 dev_err(smmu->dev, "failed to enable command queue\n");
3222 /* Invalidate any cached configuration */
3223 cmd.opcode = CMDQ_OP_CFGI_ALL;
3224 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3225 arm_smmu_cmdq_issue_sync(smmu);
3227 /* Invalidate any stale TLB entries */
3228 if (smmu->features & ARM_SMMU_FEAT_HYP) {
3229 cmd.opcode = CMDQ_OP_TLBI_EL2_ALL;
3230 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3233 cmd.opcode = CMDQ_OP_TLBI_NSNH_ALL;
3234 arm_smmu_cmdq_issue_cmd(smmu, &cmd);
3235 arm_smmu_cmdq_issue_sync(smmu);
3238 writeq_relaxed(smmu->evtq.q.q_base, smmu->base + ARM_SMMU_EVTQ_BASE);
3239 writel_relaxed(smmu->evtq.q.llq.prod,
3240 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_PROD, smmu));
3241 writel_relaxed(smmu->evtq.q.llq.cons,
3242 arm_smmu_page1_fixup(ARM_SMMU_EVTQ_CONS, smmu));
3244 enables |= CR0_EVTQEN;
3245 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3248 dev_err(smmu->dev, "failed to enable event queue\n");
3253 if (smmu->features & ARM_SMMU_FEAT_PRI) {
3254 writeq_relaxed(smmu->priq.q.q_base,
3255 smmu->base + ARM_SMMU_PRIQ_BASE);
3256 writel_relaxed(smmu->priq.q.llq.prod,
3257 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_PROD, smmu));
3258 writel_relaxed(smmu->priq.q.llq.cons,
3259 arm_smmu_page1_fixup(ARM_SMMU_PRIQ_CONS, smmu));
3261 enables |= CR0_PRIQEN;
3262 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3265 dev_err(smmu->dev, "failed to enable PRI queue\n");
3270 if (smmu->features & ARM_SMMU_FEAT_ATS) {
3271 enables |= CR0_ATSCHK;
3272 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3275 dev_err(smmu->dev, "failed to enable ATS check\n");
3280 ret = arm_smmu_setup_irqs(smmu);
3282 dev_err(smmu->dev, "failed to setup irqs\n");
3286 if (is_kdump_kernel())
3287 enables &= ~(CR0_EVTQEN | CR0_PRIQEN);
3289 /* Enable the SMMU interface, or ensure bypass */
3290 if (!bypass || disable_bypass) {
3291 enables |= CR0_SMMUEN;
3293 ret = arm_smmu_update_gbpa(smmu, 0, GBPA_ABORT);
3297 ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
3300 dev_err(smmu->dev, "failed to enable SMMU interface\n");
3307 static int arm_smmu_device_hw_probe(struct arm_smmu_device *smmu)
3310 bool coherent = smmu->features & ARM_SMMU_FEAT_COHERENCY;
3313 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR0);
3315 /* 2-level structures */
3316 if (FIELD_GET(IDR0_ST_LVL, reg) == IDR0_ST_LVL_2LVL)
3317 smmu->features |= ARM_SMMU_FEAT_2_LVL_STRTAB;
3319 if (reg & IDR0_CD2L)
3320 smmu->features |= ARM_SMMU_FEAT_2_LVL_CDTAB;
3323 * Translation table endianness.
3324 * We currently require the same endianness as the CPU, but this
3325 * could be changed later by adding a new IO_PGTABLE_QUIRK.
3327 switch (FIELD_GET(IDR0_TTENDIAN, reg)) {
3328 case IDR0_TTENDIAN_MIXED:
3329 smmu->features |= ARM_SMMU_FEAT_TT_LE | ARM_SMMU_FEAT_TT_BE;
3332 case IDR0_TTENDIAN_BE:
3333 smmu->features |= ARM_SMMU_FEAT_TT_BE;
3336 case IDR0_TTENDIAN_LE:
3337 smmu->features |= ARM_SMMU_FEAT_TT_LE;
3341 dev_err(smmu->dev, "unknown/unsupported TT endianness!\n");
3345 /* Boolean feature flags */
3346 if (IS_ENABLED(CONFIG_PCI_PRI) && reg & IDR0_PRI)
3347 smmu->features |= ARM_SMMU_FEAT_PRI;
3349 if (IS_ENABLED(CONFIG_PCI_ATS) && reg & IDR0_ATS)
3350 smmu->features |= ARM_SMMU_FEAT_ATS;
3353 smmu->features |= ARM_SMMU_FEAT_SEV;
3356 smmu->features |= ARM_SMMU_FEAT_MSI;
3359 smmu->features |= ARM_SMMU_FEAT_HYP;
3362 * The coherency feature as set by FW is used in preference to the ID
3363 * register, but warn on mismatch.
3365 if (!!(reg & IDR0_COHACC) != coherent)
3366 dev_warn(smmu->dev, "IDR0.COHACC overridden by FW configuration (%s)\n",
3367 coherent ? "true" : "false");
3369 switch (FIELD_GET(IDR0_STALL_MODEL, reg)) {
3370 case IDR0_STALL_MODEL_FORCE:
3371 smmu->features |= ARM_SMMU_FEAT_STALL_FORCE;
3373 case IDR0_STALL_MODEL_STALL:
3374 smmu->features |= ARM_SMMU_FEAT_STALLS;
3378 smmu->features |= ARM_SMMU_FEAT_TRANS_S1;
3381 smmu->features |= ARM_SMMU_FEAT_TRANS_S2;
3383 if (!(reg & (IDR0_S1P | IDR0_S2P))) {
3384 dev_err(smmu->dev, "no translation support!\n");
3388 /* We only support the AArch64 table format at present */
3389 switch (FIELD_GET(IDR0_TTF, reg)) {
3390 case IDR0_TTF_AARCH32_64:
3393 case IDR0_TTF_AARCH64:
3396 dev_err(smmu->dev, "AArch64 table format not supported!\n");
3400 /* ASID/VMID sizes */
3401 smmu->asid_bits = reg & IDR0_ASID16 ? 16 : 8;
3402 smmu->vmid_bits = reg & IDR0_VMID16 ? 16 : 8;
3405 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR1);
3406 if (reg & (IDR1_TABLES_PRESET | IDR1_QUEUES_PRESET | IDR1_REL)) {
3407 dev_err(smmu->dev, "embedded implementation not supported\n");
3411 /* Queue sizes, capped to ensure natural alignment */
3412 smmu->cmdq.q.llq.max_n_shift = min_t(u32, CMDQ_MAX_SZ_SHIFT,
3413 FIELD_GET(IDR1_CMDQS, reg));
3414 if (smmu->cmdq.q.llq.max_n_shift <= ilog2(CMDQ_BATCH_ENTRIES)) {
3416 * We don't support splitting up batches, so one batch of
3417 * commands plus an extra sync needs to fit inside the command
3418 * queue. There's also no way we can handle the weird alignment
3419 * restrictions on the base pointer for a unit-length queue.
3421 dev_err(smmu->dev, "command queue size <= %d entries not supported\n",
3422 CMDQ_BATCH_ENTRIES);
3426 smmu->evtq.q.llq.max_n_shift = min_t(u32, EVTQ_MAX_SZ_SHIFT,
3427 FIELD_GET(IDR1_EVTQS, reg));
3428 smmu->priq.q.llq.max_n_shift = min_t(u32, PRIQ_MAX_SZ_SHIFT,
3429 FIELD_GET(IDR1_PRIQS, reg));
3431 /* SID/SSID sizes */
3432 smmu->ssid_bits = FIELD_GET(IDR1_SSIDSIZE, reg);
3433 smmu->sid_bits = FIELD_GET(IDR1_SIDSIZE, reg);
3436 * If the SMMU supports fewer bits than would fill a single L2 stream
3437 * table, use a linear table instead.
3439 if (smmu->sid_bits <= STRTAB_SPLIT)
3440 smmu->features &= ~ARM_SMMU_FEAT_2_LVL_STRTAB;
3443 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR5);
3445 /* Maximum number of outstanding stalls */
3446 smmu->evtq.max_stalls = FIELD_GET(IDR5_STALL_MAX, reg);
3449 if (reg & IDR5_GRAN64K)
3450 smmu->pgsize_bitmap |= SZ_64K | SZ_512M;
3451 if (reg & IDR5_GRAN16K)
3452 smmu->pgsize_bitmap |= SZ_16K | SZ_32M;
3453 if (reg & IDR5_GRAN4K)
3454 smmu->pgsize_bitmap |= SZ_4K | SZ_2M | SZ_1G;
3456 /* Input address size */
3457 if (FIELD_GET(IDR5_VAX, reg) == IDR5_VAX_52_BIT)
3458 smmu->features |= ARM_SMMU_FEAT_VAX;
3460 /* Output address size */
3461 switch (FIELD_GET(IDR5_OAS, reg)) {
3462 case IDR5_OAS_32_BIT:
3465 case IDR5_OAS_36_BIT:
3468 case IDR5_OAS_40_BIT:
3471 case IDR5_OAS_42_BIT:
3474 case IDR5_OAS_44_BIT:
3477 case IDR5_OAS_52_BIT:
3479 smmu->pgsize_bitmap |= 1ULL << 42; /* 4TB */
3483 "unknown output address size. Truncating to 48-bit\n");
3485 case IDR5_OAS_48_BIT:
3489 if (arm_smmu_ops.pgsize_bitmap == -1UL)
3490 arm_smmu_ops.pgsize_bitmap = smmu->pgsize_bitmap;
3492 arm_smmu_ops.pgsize_bitmap |= smmu->pgsize_bitmap;
3494 /* Set the DMA mask for our table walker */
3495 if (dma_set_mask_and_coherent(smmu->dev, DMA_BIT_MASK(smmu->oas)))
3497 "failed to set DMA mask for table walker\n");
3499 smmu->ias = max(smmu->ias, smmu->oas);
3501 dev_info(smmu->dev, "ias %lu-bit, oas %lu-bit (features 0x%08x)\n",
3502 smmu->ias, smmu->oas, smmu->features);
3507 static void acpi_smmu_get_options(u32 model, struct arm_smmu_device *smmu)
3510 case ACPI_IORT_SMMU_V3_CAVIUM_CN99XX:
3511 smmu->options |= ARM_SMMU_OPT_PAGE0_REGS_ONLY;
3513 case ACPI_IORT_SMMU_V3_HISILICON_HI161X:
3514 smmu->options |= ARM_SMMU_OPT_SKIP_PREFETCH;
3518 dev_notice(smmu->dev, "option mask 0x%x\n", smmu->options);
3521 static int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3522 struct arm_smmu_device *smmu)
3524 struct acpi_iort_smmu_v3 *iort_smmu;
3525 struct device *dev = smmu->dev;
3526 struct acpi_iort_node *node;
3528 node = *(struct acpi_iort_node **)dev_get_platdata(dev);
3530 /* Retrieve SMMUv3 specific data */
3531 iort_smmu = (struct acpi_iort_smmu_v3 *)node->node_data;
3533 acpi_smmu_get_options(iort_smmu->model, smmu);
3535 if (iort_smmu->flags & ACPI_IORT_SMMU_V3_COHACC_OVERRIDE)
3536 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3541 static inline int arm_smmu_device_acpi_probe(struct platform_device *pdev,
3542 struct arm_smmu_device *smmu)
3548 static int arm_smmu_device_dt_probe(struct platform_device *pdev,
3549 struct arm_smmu_device *smmu)
3551 struct device *dev = &pdev->dev;
3555 if (of_property_read_u32(dev->of_node, "#iommu-cells", &cells))
3556 dev_err(dev, "missing #iommu-cells property\n");
3557 else if (cells != 1)
3558 dev_err(dev, "invalid #iommu-cells value (%d)\n", cells);
3562 parse_driver_options(smmu);
3564 if (of_dma_is_coherent(dev->of_node))
3565 smmu->features |= ARM_SMMU_FEAT_COHERENCY;
3570 static unsigned long arm_smmu_resource_size(struct arm_smmu_device *smmu)
3572 if (smmu->options & ARM_SMMU_OPT_PAGE0_REGS_ONLY)
3578 static int arm_smmu_device_probe(struct platform_device *pdev)
3581 struct resource *res;
3582 resource_size_t ioaddr;
3583 struct arm_smmu_device *smmu;
3584 struct device *dev = &pdev->dev;
3587 smmu = devm_kzalloc(dev, sizeof(*smmu), GFP_KERNEL);
3589 dev_err(dev, "failed to allocate arm_smmu_device\n");
3595 ret = arm_smmu_device_dt_probe(pdev, smmu);
3597 ret = arm_smmu_device_acpi_probe(pdev, smmu);
3602 /* Set bypass mode according to firmware probing result */
3606 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
3607 if (resource_size(res) + 1 < arm_smmu_resource_size(smmu)) {
3608 dev_err(dev, "MMIO region too small (%pr)\n", res);
3611 ioaddr = res->start;
3613 smmu->base = devm_ioremap_resource(dev, res);
3614 if (IS_ERR(smmu->base))
3615 return PTR_ERR(smmu->base);
3617 /* Interrupt lines */
3619 irq = platform_get_irq_byname(pdev, "combined");
3621 smmu->combined_irq = irq;
3623 irq = platform_get_irq_byname(pdev, "eventq");
3625 smmu->evtq.q.irq = irq;
3627 irq = platform_get_irq_byname(pdev, "priq");
3629 smmu->priq.q.irq = irq;
3631 irq = platform_get_irq_byname(pdev, "gerror");
3633 smmu->gerr_irq = irq;
3636 ret = arm_smmu_device_hw_probe(smmu);
3640 /* Initialise in-memory data structures */
3641 ret = arm_smmu_init_structures(smmu);
3645 /* Record our private device structure */
3646 platform_set_drvdata(pdev, smmu);
3648 /* Reset the device */
3649 ret = arm_smmu_device_reset(smmu, bypass);
3653 /* And we're up. Go go go! */
3654 ret = iommu_device_sysfs_add(&smmu->iommu, dev, NULL,
3655 "smmu3.%pa", &ioaddr);
3659 iommu_device_set_ops(&smmu->iommu, &arm_smmu_ops);
3660 iommu_device_set_fwnode(&smmu->iommu, dev->fwnode);
3662 ret = iommu_device_register(&smmu->iommu);
3664 dev_err(dev, "Failed to register iommu\n");
3669 if (pci_bus_type.iommu_ops != &arm_smmu_ops) {
3671 ret = bus_set_iommu(&pci_bus_type, &arm_smmu_ops);
3676 #ifdef CONFIG_ARM_AMBA
3677 if (amba_bustype.iommu_ops != &arm_smmu_ops) {
3678 ret = bus_set_iommu(&amba_bustype, &arm_smmu_ops);
3683 if (platform_bus_type.iommu_ops != &arm_smmu_ops) {
3684 ret = bus_set_iommu(&platform_bus_type, &arm_smmu_ops);
3691 static void arm_smmu_device_shutdown(struct platform_device *pdev)
3693 struct arm_smmu_device *smmu = platform_get_drvdata(pdev);
3695 arm_smmu_device_disable(smmu);
3698 static const struct of_device_id arm_smmu_of_match[] = {
3699 { .compatible = "arm,smmu-v3", },
3703 static struct platform_driver arm_smmu_driver = {
3705 .name = "arm-smmu-v3",
3706 .of_match_table = of_match_ptr(arm_smmu_of_match),
3707 .suppress_bind_attrs = true,
3709 .probe = arm_smmu_device_probe,
3710 .shutdown = arm_smmu_device_shutdown,
3712 builtin_platform_driver(arm_smmu_driver);
projects / linux.git / blob