2 * IOMMU API for ARM architected SMMU implementations.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17 * Copyright (C) 2013 ARM Limited
19 * Author: Will Deacon <will.deacon@arm.com>
21 * This driver currently supports:
22 * - SMMUv1 and v2 implementations
23 * - Stream-matching and stream-indexing
24 * - v7/v8 long-descriptor format
25 * - Non-secure access to the SMMU
26 * - Context fault reporting
29 #define pr_fmt(fmt) "arm-smmu: " fmt
31 #include <linux/delay.h>
32 #include <linux/dma-iommu.h>
33 #include <linux/dma-mapping.h>
34 #include <linux/err.h>
35 #include <linux/interrupt.h>
37 #include <linux/iommu.h>
38 #include <linux/iopoll.h>
39 #include <linux/module.h>
41 #include <linux/of_address.h>
42 #include <linux/pci.h>
43 #include <linux/platform_device.h>
44 #include <linux/slab.h>
45 #include <linux/spinlock.h>
47 #include <linux/amba/bus.h>
49 #include "io-pgtable.h"
51 /* Maximum number of stream IDs assigned to a single device */
52 #define MAX_MASTER_STREAMIDS MAX_PHANDLE_ARGS
54 /* Maximum number of context banks per SMMU */
55 #define ARM_SMMU_MAX_CBS 128
57 /* Maximum number of mapping groups per SMMU */
58 #define ARM_SMMU_MAX_SMRS 128
60 /* SMMU global address space */
61 #define ARM_SMMU_GR0(smmu) ((smmu)->base)
62 #define ARM_SMMU_GR1(smmu) ((smmu)->base + (1 << (smmu)->pgshift))
65 * SMMU global address space with conditional offset to access secure
66 * aliases of non-secure registers (e.g. nsCR0: 0x400, nsGFSR: 0x448,
69 #define ARM_SMMU_GR0_NS(smmu) \
71 ((smmu->options & ARM_SMMU_OPT_SECURE_CFG_ACCESS) \
75 #define smmu_writeq writeq_relaxed
77 #define smmu_writeq(reg64, addr) \
79 u64 __val = (reg64); \
80 void __iomem *__addr = (addr); \
81 writel_relaxed(__val >> 32, __addr + 4); \
82 writel_relaxed(__val, __addr); \
86 /* Configuration registers */
87 #define ARM_SMMU_GR0_sCR0 0x0
88 #define sCR0_CLIENTPD (1 << 0)
89 #define sCR0_GFRE (1 << 1)
90 #define sCR0_GFIE (1 << 2)
91 #define sCR0_GCFGFRE (1 << 4)
92 #define sCR0_GCFGFIE (1 << 5)
93 #define sCR0_USFCFG (1 << 10)
94 #define sCR0_VMIDPNE (1 << 11)
95 #define sCR0_PTM (1 << 12)
96 #define sCR0_FB (1 << 13)
97 #define sCR0_VMID16EN (1 << 31)
98 #define sCR0_BSU_SHIFT 14
99 #define sCR0_BSU_MASK 0x3
101 /* Identification registers */
102 #define ARM_SMMU_GR0_ID0 0x20
103 #define ARM_SMMU_GR0_ID1 0x24
104 #define ARM_SMMU_GR0_ID2 0x28
105 #define ARM_SMMU_GR0_ID3 0x2c
106 #define ARM_SMMU_GR0_ID4 0x30
107 #define ARM_SMMU_GR0_ID5 0x34
108 #define ARM_SMMU_GR0_ID6 0x38
109 #define ARM_SMMU_GR0_ID7 0x3c
110 #define ARM_SMMU_GR0_sGFSR 0x48
111 #define ARM_SMMU_GR0_sGFSYNR0 0x50
112 #define ARM_SMMU_GR0_sGFSYNR1 0x54
113 #define ARM_SMMU_GR0_sGFSYNR2 0x58
115 #define ID0_S1TS (1 << 30)
116 #define ID0_S2TS (1 << 29)
117 #define ID0_NTS (1 << 28)
118 #define ID0_SMS (1 << 27)
119 #define ID0_ATOSNS (1 << 26)
120 #define ID0_CTTW (1 << 14)
121 #define ID0_NUMIRPT_SHIFT 16
122 #define ID0_NUMIRPT_MASK 0xff
123 #define ID0_NUMSIDB_SHIFT 9
124 #define ID0_NUMSIDB_MASK 0xf
125 #define ID0_NUMSMRG_SHIFT 0
126 #define ID0_NUMSMRG_MASK 0xff
128 #define ID1_PAGESIZE (1 << 31)
129 #define ID1_NUMPAGENDXB_SHIFT 28
130 #define ID1_NUMPAGENDXB_MASK 7
131 #define ID1_NUMS2CB_SHIFT 16
132 #define ID1_NUMS2CB_MASK 0xff
133 #define ID1_NUMCB_SHIFT 0
134 #define ID1_NUMCB_MASK 0xff
136 #define ID2_OAS_SHIFT 4
137 #define ID2_OAS_MASK 0xf
138 #define ID2_IAS_SHIFT 0
139 #define ID2_IAS_MASK 0xf
140 #define ID2_UBS_SHIFT 8
141 #define ID2_UBS_MASK 0xf
142 #define ID2_PTFS_4K (1 << 12)
143 #define ID2_PTFS_16K (1 << 13)
144 #define ID2_PTFS_64K (1 << 14)
145 #define ID2_VMID16 (1 << 15)
147 /* Global TLB invalidation */
148 #define ARM_SMMU_GR0_TLBIVMID 0x64
149 #define ARM_SMMU_GR0_TLBIALLNSNH 0x68
150 #define ARM_SMMU_GR0_TLBIALLH 0x6c
151 #define ARM_SMMU_GR0_sTLBGSYNC 0x70
152 #define ARM_SMMU_GR0_sTLBGSTATUS 0x74
153 #define sTLBGSTATUS_GSACTIVE (1 << 0)
154 #define TLB_LOOP_TIMEOUT 1000000 /* 1s! */
156 /* Stream mapping registers */
157 #define ARM_SMMU_GR0_SMR(n) (0x800 + ((n) << 2))
158 #define SMR_VALID (1 << 31)
159 #define SMR_MASK_SHIFT 16
160 #define SMR_MASK_MASK 0x7fff
161 #define SMR_ID_SHIFT 0
162 #define SMR_ID_MASK 0x7fff
164 #define ARM_SMMU_GR0_S2CR(n) (0xc00 + ((n) << 2))
165 #define S2CR_CBNDX_SHIFT 0
166 #define S2CR_CBNDX_MASK 0xff
167 #define S2CR_TYPE_SHIFT 16
168 #define S2CR_TYPE_MASK 0x3
169 #define S2CR_TYPE_TRANS (0 << S2CR_TYPE_SHIFT)
170 #define S2CR_TYPE_BYPASS (1 << S2CR_TYPE_SHIFT)
171 #define S2CR_TYPE_FAULT (2 << S2CR_TYPE_SHIFT)
173 #define S2CR_PRIVCFG_SHIFT 24
174 #define S2CR_PRIVCFG_UNPRIV (2 << S2CR_PRIVCFG_SHIFT)
176 /* Context bank attribute registers */
177 #define ARM_SMMU_GR1_CBAR(n) (0x0 + ((n) << 2))
178 #define CBAR_VMID_SHIFT 0
179 #define CBAR_VMID_MASK 0xff
180 #define CBAR_S1_BPSHCFG_SHIFT 8
181 #define CBAR_S1_BPSHCFG_MASK 3
182 #define CBAR_S1_BPSHCFG_NSH 3
183 #define CBAR_S1_MEMATTR_SHIFT 12
184 #define CBAR_S1_MEMATTR_MASK 0xf
185 #define CBAR_S1_MEMATTR_WB 0xf
186 #define CBAR_TYPE_SHIFT 16
187 #define CBAR_TYPE_MASK 0x3
188 #define CBAR_TYPE_S2_TRANS (0 << CBAR_TYPE_SHIFT)
189 #define CBAR_TYPE_S1_TRANS_S2_BYPASS (1 << CBAR_TYPE_SHIFT)
190 #define CBAR_TYPE_S1_TRANS_S2_FAULT (2 << CBAR_TYPE_SHIFT)
191 #define CBAR_TYPE_S1_TRANS_S2_TRANS (3 << CBAR_TYPE_SHIFT)
192 #define CBAR_IRPTNDX_SHIFT 24
193 #define CBAR_IRPTNDX_MASK 0xff
195 #define ARM_SMMU_GR1_CBA2R(n) (0x800 + ((n) << 2))
196 #define CBA2R_RW64_32BIT (0 << 0)
197 #define CBA2R_RW64_64BIT (1 << 0)
198 #define CBA2R_VMID_SHIFT 16
199 #define CBA2R_VMID_MASK 0xffff
201 /* Translation context bank */
202 #define ARM_SMMU_CB_BASE(smmu) ((smmu)->base + ((smmu)->size >> 1))
203 #define ARM_SMMU_CB(smmu, n) ((n) * (1 << (smmu)->pgshift))
205 #define ARM_SMMU_CB_SCTLR 0x0
206 #define ARM_SMMU_CB_ACTLR 0x4
207 #define ARM_SMMU_CB_RESUME 0x8
208 #define ARM_SMMU_CB_TTBCR2 0x10
209 #define ARM_SMMU_CB_TTBR0 0x20
210 #define ARM_SMMU_CB_TTBR1 0x28
211 #define ARM_SMMU_CB_TTBCR 0x30
212 #define ARM_SMMU_CB_S1_MAIR0 0x38
213 #define ARM_SMMU_CB_S1_MAIR1 0x3c
214 #define ARM_SMMU_CB_PAR_LO 0x50
215 #define ARM_SMMU_CB_PAR_HI 0x54
216 #define ARM_SMMU_CB_FSR 0x58
217 #define ARM_SMMU_CB_FAR_LO 0x60
218 #define ARM_SMMU_CB_FAR_HI 0x64
219 #define ARM_SMMU_CB_FSYNR0 0x68
220 #define ARM_SMMU_CB_S1_TLBIVA 0x600
221 #define ARM_SMMU_CB_S1_TLBIASID 0x610
222 #define ARM_SMMU_CB_S1_TLBIVAL 0x620
223 #define ARM_SMMU_CB_S2_TLBIIPAS2 0x630
224 #define ARM_SMMU_CB_S2_TLBIIPAS2L 0x638
225 #define ARM_SMMU_CB_ATS1PR 0x800
226 #define ARM_SMMU_CB_ATSR 0x8f0
228 #define SCTLR_S1_ASIDPNE (1 << 12)
229 #define SCTLR_CFCFG (1 << 7)
230 #define SCTLR_CFIE (1 << 6)
231 #define SCTLR_CFRE (1 << 5)
232 #define SCTLR_E (1 << 4)
233 #define SCTLR_AFE (1 << 2)
234 #define SCTLR_TRE (1 << 1)
235 #define SCTLR_M (1 << 0)
236 #define SCTLR_EAE_SBOP (SCTLR_AFE | SCTLR_TRE)
238 #define ARM_MMU500_ACTLR_CPRE (1 << 1)
240 #define CB_PAR_F (1 << 0)
242 #define ATSR_ACTIVE (1 << 0)
244 #define RESUME_RETRY (0 << 0)
245 #define RESUME_TERMINATE (1 << 0)
247 #define TTBCR2_SEP_SHIFT 15
248 #define TTBCR2_SEP_UPSTREAM (0x7 << TTBCR2_SEP_SHIFT)
250 #define TTBRn_ASID_SHIFT 48
252 #define FSR_MULTI (1 << 31)
253 #define FSR_SS (1 << 30)
254 #define FSR_UUT (1 << 8)
255 #define FSR_ASF (1 << 7)
256 #define FSR_TLBLKF (1 << 6)
257 #define FSR_TLBMCF (1 << 5)
258 #define FSR_EF (1 << 4)
259 #define FSR_PF (1 << 3)
260 #define FSR_AFF (1 << 2)
261 #define FSR_TF (1 << 1)
263 #define FSR_IGN (FSR_AFF | FSR_ASF | \
264 FSR_TLBMCF | FSR_TLBLKF)
265 #define FSR_FAULT (FSR_MULTI | FSR_SS | FSR_UUT | \
266 FSR_EF | FSR_PF | FSR_TF | FSR_IGN)
268 #define FSYNR0_WNR (1 << 4)
270 static int force_stage;
271 module_param(force_stage, int, S_IRUGO);
272 MODULE_PARM_DESC(force_stage,
273 "Force SMMU mappings to be installed at a particular stage of translation. A value of '1' or '2' forces the corresponding stage. All other values are ignored (i.e. no stage is forced). Note that selecting a specific stage will disable support for nested translation.");
274 static bool disable_bypass;
275 module_param(disable_bypass, bool, S_IRUGO);
276 MODULE_PARM_DESC(disable_bypass,
277 "Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU.");
279 enum arm_smmu_arch_version {
284 enum arm_smmu_implementation {
290 struct arm_smmu_smr {
296 struct arm_smmu_master_cfg {
298 u16 streamids[MAX_MASTER_STREAMIDS];
299 struct arm_smmu_smr *smrs;
302 struct arm_smmu_master {
303 struct device_node *of_node;
305 struct arm_smmu_master_cfg cfg;
308 struct arm_smmu_device {
313 unsigned long pgshift;
315 #define ARM_SMMU_FEAT_COHERENT_WALK (1 << 0)
316 #define ARM_SMMU_FEAT_STREAM_MATCH (1 << 1)
317 #define ARM_SMMU_FEAT_TRANS_S1 (1 << 2)
318 #define ARM_SMMU_FEAT_TRANS_S2 (1 << 3)
319 #define ARM_SMMU_FEAT_TRANS_NESTED (1 << 4)
320 #define ARM_SMMU_FEAT_TRANS_OPS (1 << 5)
321 #define ARM_SMMU_FEAT_VMID16 (1 << 6)
324 #define ARM_SMMU_OPT_SECURE_CFG_ACCESS (1 << 0)
326 enum arm_smmu_arch_version version;
327 enum arm_smmu_implementation model;
329 u32 num_context_banks;
330 u32 num_s2_context_banks;
331 DECLARE_BITMAP(context_map, ARM_SMMU_MAX_CBS);
334 u32 num_mapping_groups;
335 DECLARE_BITMAP(smr_map, ARM_SMMU_MAX_SMRS);
337 unsigned long va_size;
338 unsigned long ipa_size;
339 unsigned long pa_size;
342 u32 num_context_irqs;
345 struct list_head list;
346 struct rb_root masters;
348 u32 cavium_id_base; /* Specific to Cavium */
351 struct arm_smmu_cfg {
356 #define INVALID_IRPTNDX 0xff
358 #define ARM_SMMU_CB_ASID(smmu, cfg) ((u16)(smmu)->cavium_id_base + (cfg)->cbndx)
359 #define ARM_SMMU_CB_VMID(smmu, cfg) ((u16)(smmu)->cavium_id_base + (cfg)->cbndx + 1)
361 enum arm_smmu_domain_stage {
362 ARM_SMMU_DOMAIN_S1 = 0,
364 ARM_SMMU_DOMAIN_NESTED,
367 struct arm_smmu_domain {
368 struct arm_smmu_device *smmu;
369 struct io_pgtable_ops *pgtbl_ops;
370 spinlock_t pgtbl_lock;
371 struct arm_smmu_cfg cfg;
372 enum arm_smmu_domain_stage stage;
373 struct mutex init_mutex; /* Protects smmu pointer */
374 struct iommu_domain domain;
377 static struct iommu_ops arm_smmu_ops;
379 static DEFINE_SPINLOCK(arm_smmu_devices_lock);
380 static LIST_HEAD(arm_smmu_devices);
382 struct arm_smmu_option_prop {
387 static atomic_t cavium_smmu_context_count = ATOMIC_INIT(0);
389 static struct arm_smmu_option_prop arm_smmu_options[] = {
390 { ARM_SMMU_OPT_SECURE_CFG_ACCESS, "calxeda,smmu-secure-config-access" },
394 static struct arm_smmu_domain *to_smmu_domain(struct iommu_domain *dom)
396 return container_of(dom, struct arm_smmu_domain, domain);
399 static void parse_driver_options(struct arm_smmu_device *smmu)
404 if (of_property_read_bool(smmu->dev->of_node,
405 arm_smmu_options[i].prop)) {
406 smmu->options |= arm_smmu_options[i].opt;
407 dev_notice(smmu->dev, "option %s\n",
408 arm_smmu_options[i].prop);
410 } while (arm_smmu_options[++i].opt);
413 static struct device_node *dev_get_dev_node(struct device *dev)
415 if (dev_is_pci(dev)) {
416 struct pci_bus *bus = to_pci_dev(dev)->bus;
418 while (!pci_is_root_bus(bus))
420 return bus->bridge->parent->of_node;
426 static struct arm_smmu_master *find_smmu_master(struct arm_smmu_device *smmu,
427 struct device_node *dev_node)
429 struct rb_node *node = smmu->masters.rb_node;
432 struct arm_smmu_master *master;
434 master = container_of(node, struct arm_smmu_master, node);
436 if (dev_node < master->of_node)
437 node = node->rb_left;
438 else if (dev_node > master->of_node)
439 node = node->rb_right;
447 static struct arm_smmu_master_cfg *
448 find_smmu_master_cfg(struct device *dev)
450 struct arm_smmu_master_cfg *cfg = NULL;
451 struct iommu_group *group = iommu_group_get(dev);
454 cfg = iommu_group_get_iommudata(group);
455 iommu_group_put(group);
461 static int insert_smmu_master(struct arm_smmu_device *smmu,
462 struct arm_smmu_master *master)
464 struct rb_node **new, *parent;
466 new = &smmu->masters.rb_node;
469 struct arm_smmu_master *this
470 = container_of(*new, struct arm_smmu_master, node);
473 if (master->of_node < this->of_node)
474 new = &((*new)->rb_left);
475 else if (master->of_node > this->of_node)
476 new = &((*new)->rb_right);
481 rb_link_node(&master->node, parent, new);
482 rb_insert_color(&master->node, &smmu->masters);
486 static int register_smmu_master(struct arm_smmu_device *smmu,
488 struct of_phandle_args *masterspec)
491 struct arm_smmu_master *master;
493 master = find_smmu_master(smmu, masterspec->np);
496 "rejecting multiple registrations for master device %s\n",
497 masterspec->np->name);
501 if (masterspec->args_count > MAX_MASTER_STREAMIDS) {
503 "reached maximum number (%d) of stream IDs for master device %s\n",
504 MAX_MASTER_STREAMIDS, masterspec->np->name);
508 master = devm_kzalloc(dev, sizeof(*master), GFP_KERNEL);
512 master->of_node = masterspec->np;
513 master->cfg.num_streamids = masterspec->args_count;
515 for (i = 0; i < master->cfg.num_streamids; ++i) {
516 u16 streamid = masterspec->args[i];
518 if (!(smmu->features & ARM_SMMU_FEAT_STREAM_MATCH) &&
519 (streamid >= smmu->num_mapping_groups)) {
521 "stream ID for master device %s greater than maximum allowed (%d)\n",
522 masterspec->np->name, smmu->num_mapping_groups);
525 master->cfg.streamids[i] = streamid;
527 return insert_smmu_master(smmu, master);
530 static struct arm_smmu_device *find_smmu_for_device(struct device *dev)
532 struct arm_smmu_device *smmu;
533 struct arm_smmu_master *master = NULL;
534 struct device_node *dev_node = dev_get_dev_node(dev);
536 spin_lock(&arm_smmu_devices_lock);
537 list_for_each_entry(smmu, &arm_smmu_devices, list) {
538 master = find_smmu_master(smmu, dev_node);
542 spin_unlock(&arm_smmu_devices_lock);
544 return master ? smmu : NULL;
547 static int __arm_smmu_alloc_bitmap(unsigned long *map, int start, int end)
552 idx = find_next_zero_bit(map, end, start);
555 } while (test_and_set_bit(idx, map));
560 static void __arm_smmu_free_bitmap(unsigned long *map, int idx)
565 /* Wait for any pending TLB invalidations to complete */
566 static void __arm_smmu_tlb_sync(struct arm_smmu_device *smmu)
569 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
571 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_sTLBGSYNC);
572 while (readl_relaxed(gr0_base + ARM_SMMU_GR0_sTLBGSTATUS)
573 & sTLBGSTATUS_GSACTIVE) {
575 if (++count == TLB_LOOP_TIMEOUT) {
576 dev_err_ratelimited(smmu->dev,
577 "TLB sync timed out -- SMMU may be deadlocked\n");
584 static void arm_smmu_tlb_sync(void *cookie)
586 struct arm_smmu_domain *smmu_domain = cookie;
587 __arm_smmu_tlb_sync(smmu_domain->smmu);
590 static void arm_smmu_tlb_inv_context(void *cookie)
592 struct arm_smmu_domain *smmu_domain = cookie;
593 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
594 struct arm_smmu_device *smmu = smmu_domain->smmu;
595 bool stage1 = cfg->cbar != CBAR_TYPE_S2_TRANS;
599 base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
600 writel_relaxed(ARM_SMMU_CB_ASID(smmu, cfg),
601 base + ARM_SMMU_CB_S1_TLBIASID);
603 base = ARM_SMMU_GR0(smmu);
604 writel_relaxed(ARM_SMMU_CB_VMID(smmu, cfg),
605 base + ARM_SMMU_GR0_TLBIVMID);
608 __arm_smmu_tlb_sync(smmu);
611 static void arm_smmu_tlb_inv_range_nosync(unsigned long iova, size_t size,
612 size_t granule, bool leaf, void *cookie)
614 struct arm_smmu_domain *smmu_domain = cookie;
615 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
616 struct arm_smmu_device *smmu = smmu_domain->smmu;
617 bool stage1 = cfg->cbar != CBAR_TYPE_S2_TRANS;
621 reg = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
622 reg += leaf ? ARM_SMMU_CB_S1_TLBIVAL : ARM_SMMU_CB_S1_TLBIVA;
624 if (!IS_ENABLED(CONFIG_64BIT) || smmu->version == ARM_SMMU_V1) {
626 iova |= ARM_SMMU_CB_ASID(smmu, cfg);
628 writel_relaxed(iova, reg);
630 } while (size -= granule);
634 iova |= (u64)ARM_SMMU_CB_ASID(smmu, cfg) << 48;
636 writeq_relaxed(iova, reg);
637 iova += granule >> 12;
638 } while (size -= granule);
642 } else if (smmu->version == ARM_SMMU_V2) {
643 reg = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
644 reg += leaf ? ARM_SMMU_CB_S2_TLBIIPAS2L :
645 ARM_SMMU_CB_S2_TLBIIPAS2;
648 writeq_relaxed(iova, reg);
649 iova += granule >> 12;
650 } while (size -= granule);
653 reg = ARM_SMMU_GR0(smmu) + ARM_SMMU_GR0_TLBIVMID;
654 writel_relaxed(ARM_SMMU_CB_VMID(smmu, cfg), reg);
658 static struct iommu_gather_ops arm_smmu_gather_ops = {
659 .tlb_flush_all = arm_smmu_tlb_inv_context,
660 .tlb_add_flush = arm_smmu_tlb_inv_range_nosync,
661 .tlb_sync = arm_smmu_tlb_sync,
664 static irqreturn_t arm_smmu_context_fault(int irq, void *dev)
667 u32 fsr, far, fsynr, resume;
669 struct iommu_domain *domain = dev;
670 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
671 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
672 struct arm_smmu_device *smmu = smmu_domain->smmu;
673 void __iomem *cb_base;
675 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
676 fsr = readl_relaxed(cb_base + ARM_SMMU_CB_FSR);
678 if (!(fsr & FSR_FAULT))
682 dev_err_ratelimited(smmu->dev,
683 "Unexpected context fault (fsr 0x%x)\n",
686 fsynr = readl_relaxed(cb_base + ARM_SMMU_CB_FSYNR0);
687 flags = fsynr & FSYNR0_WNR ? IOMMU_FAULT_WRITE : IOMMU_FAULT_READ;
689 far = readl_relaxed(cb_base + ARM_SMMU_CB_FAR_LO);
692 far = readl_relaxed(cb_base + ARM_SMMU_CB_FAR_HI);
693 iova |= ((unsigned long)far << 32);
696 if (!report_iommu_fault(domain, smmu->dev, iova, flags)) {
698 resume = RESUME_RETRY;
700 dev_err_ratelimited(smmu->dev,
701 "Unhandled context fault: iova=0x%08lx, fsynr=0x%x, cb=%d\n",
702 iova, fsynr, cfg->cbndx);
704 resume = RESUME_TERMINATE;
707 /* Clear the faulting FSR */
708 writel(fsr, cb_base + ARM_SMMU_CB_FSR);
710 /* Retry or terminate any stalled transactions */
712 writel_relaxed(resume, cb_base + ARM_SMMU_CB_RESUME);
717 static irqreturn_t arm_smmu_global_fault(int irq, void *dev)
719 u32 gfsr, gfsynr0, gfsynr1, gfsynr2;
720 struct arm_smmu_device *smmu = dev;
721 void __iomem *gr0_base = ARM_SMMU_GR0_NS(smmu);
723 gfsr = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSR);
724 gfsynr0 = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSYNR0);
725 gfsynr1 = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSYNR1);
726 gfsynr2 = readl_relaxed(gr0_base + ARM_SMMU_GR0_sGFSYNR2);
731 dev_err_ratelimited(smmu->dev,
732 "Unexpected global fault, this could be serious\n");
733 dev_err_ratelimited(smmu->dev,
734 "\tGFSR 0x%08x, GFSYNR0 0x%08x, GFSYNR1 0x%08x, GFSYNR2 0x%08x\n",
735 gfsr, gfsynr0, gfsynr1, gfsynr2);
737 writel(gfsr, gr0_base + ARM_SMMU_GR0_sGFSR);
741 static void arm_smmu_init_context_bank(struct arm_smmu_domain *smmu_domain,
742 struct io_pgtable_cfg *pgtbl_cfg)
747 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
748 struct arm_smmu_device *smmu = smmu_domain->smmu;
749 void __iomem *cb_base, *gr1_base;
751 gr1_base = ARM_SMMU_GR1(smmu);
752 stage1 = cfg->cbar != CBAR_TYPE_S2_TRANS;
753 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
755 if (smmu->version > ARM_SMMU_V1) {
757 reg = CBA2R_RW64_64BIT;
759 reg = CBA2R_RW64_32BIT;
761 /* 16-bit VMIDs live in CBA2R */
762 if (smmu->features & ARM_SMMU_FEAT_VMID16)
763 reg |= ARM_SMMU_CB_VMID(smmu, cfg) << CBA2R_VMID_SHIFT;
765 writel_relaxed(reg, gr1_base + ARM_SMMU_GR1_CBA2R(cfg->cbndx));
770 if (smmu->version == ARM_SMMU_V1)
771 reg |= cfg->irptndx << CBAR_IRPTNDX_SHIFT;
774 * Use the weakest shareability/memory types, so they are
775 * overridden by the ttbcr/pte.
778 reg |= (CBAR_S1_BPSHCFG_NSH << CBAR_S1_BPSHCFG_SHIFT) |
779 (CBAR_S1_MEMATTR_WB << CBAR_S1_MEMATTR_SHIFT);
780 } else if (!(smmu->features & ARM_SMMU_FEAT_VMID16)) {
781 /* 8-bit VMIDs live in CBAR */
782 reg |= ARM_SMMU_CB_VMID(smmu, cfg) << CBAR_VMID_SHIFT;
784 writel_relaxed(reg, gr1_base + ARM_SMMU_GR1_CBAR(cfg->cbndx));
788 reg64 = pgtbl_cfg->arm_lpae_s1_cfg.ttbr[0];
790 reg64 |= ((u64)ARM_SMMU_CB_ASID(smmu, cfg)) << TTBRn_ASID_SHIFT;
791 smmu_writeq(reg64, cb_base + ARM_SMMU_CB_TTBR0);
793 reg64 = pgtbl_cfg->arm_lpae_s1_cfg.ttbr[1];
794 reg64 |= ((u64)ARM_SMMU_CB_ASID(smmu, cfg)) << TTBRn_ASID_SHIFT;
795 smmu_writeq(reg64, cb_base + ARM_SMMU_CB_TTBR1);
797 reg64 = pgtbl_cfg->arm_lpae_s2_cfg.vttbr;
798 smmu_writeq(reg64, cb_base + ARM_SMMU_CB_TTBR0);
803 reg = pgtbl_cfg->arm_lpae_s1_cfg.tcr;
804 writel_relaxed(reg, cb_base + ARM_SMMU_CB_TTBCR);
805 if (smmu->version > ARM_SMMU_V1) {
806 reg = pgtbl_cfg->arm_lpae_s1_cfg.tcr >> 32;
807 reg |= TTBCR2_SEP_UPSTREAM;
808 writel_relaxed(reg, cb_base + ARM_SMMU_CB_TTBCR2);
811 reg = pgtbl_cfg->arm_lpae_s2_cfg.vtcr;
812 writel_relaxed(reg, cb_base + ARM_SMMU_CB_TTBCR);
815 /* MAIRs (stage-1 only) */
817 reg = pgtbl_cfg->arm_lpae_s1_cfg.mair[0];
818 writel_relaxed(reg, cb_base + ARM_SMMU_CB_S1_MAIR0);
819 reg = pgtbl_cfg->arm_lpae_s1_cfg.mair[1];
820 writel_relaxed(reg, cb_base + ARM_SMMU_CB_S1_MAIR1);
824 reg = SCTLR_CFCFG | SCTLR_CFIE | SCTLR_CFRE | SCTLR_M | SCTLR_EAE_SBOP;
826 reg |= SCTLR_S1_ASIDPNE;
830 writel_relaxed(reg, cb_base + ARM_SMMU_CB_SCTLR);
833 static int arm_smmu_init_domain_context(struct iommu_domain *domain,
834 struct arm_smmu_device *smmu)
836 int irq, start, ret = 0;
837 unsigned long ias, oas;
838 struct io_pgtable_ops *pgtbl_ops;
839 struct io_pgtable_cfg pgtbl_cfg;
840 enum io_pgtable_fmt fmt;
841 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
842 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
844 mutex_lock(&smmu_domain->init_mutex);
845 if (smmu_domain->smmu)
849 * Mapping the requested stage onto what we support is surprisingly
850 * complicated, mainly because the spec allows S1+S2 SMMUs without
851 * support for nested translation. That means we end up with the
854 * Requested Supported Actual
864 * Note that you can't actually request stage-2 mappings.
866 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S1))
867 smmu_domain->stage = ARM_SMMU_DOMAIN_S2;
868 if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S2))
869 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
871 switch (smmu_domain->stage) {
872 case ARM_SMMU_DOMAIN_S1:
873 cfg->cbar = CBAR_TYPE_S1_TRANS_S2_BYPASS;
874 start = smmu->num_s2_context_banks;
876 oas = smmu->ipa_size;
877 if (IS_ENABLED(CONFIG_64BIT))
878 fmt = ARM_64_LPAE_S1;
880 fmt = ARM_32_LPAE_S1;
882 case ARM_SMMU_DOMAIN_NESTED:
884 * We will likely want to change this if/when KVM gets
887 case ARM_SMMU_DOMAIN_S2:
888 cfg->cbar = CBAR_TYPE_S2_TRANS;
890 ias = smmu->ipa_size;
892 if (IS_ENABLED(CONFIG_64BIT))
893 fmt = ARM_64_LPAE_S2;
895 fmt = ARM_32_LPAE_S2;
902 ret = __arm_smmu_alloc_bitmap(smmu->context_map, start,
903 smmu->num_context_banks);
904 if (IS_ERR_VALUE(ret))
908 if (smmu->version == ARM_SMMU_V1) {
909 cfg->irptndx = atomic_inc_return(&smmu->irptndx);
910 cfg->irptndx %= smmu->num_context_irqs;
912 cfg->irptndx = cfg->cbndx;
915 pgtbl_cfg = (struct io_pgtable_cfg) {
916 .pgsize_bitmap = arm_smmu_ops.pgsize_bitmap,
919 .tlb = &arm_smmu_gather_ops,
920 .iommu_dev = smmu->dev,
923 smmu_domain->smmu = smmu;
924 pgtbl_ops = alloc_io_pgtable_ops(fmt, &pgtbl_cfg, smmu_domain);
930 /* Update our support page sizes to reflect the page table format */
931 arm_smmu_ops.pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
933 /* Initialise the context bank with our page table cfg */
934 arm_smmu_init_context_bank(smmu_domain, &pgtbl_cfg);
937 * Request context fault interrupt. Do this last to avoid the
938 * handler seeing a half-initialised domain state.
940 irq = smmu->irqs[smmu->num_global_irqs + cfg->irptndx];
941 ret = request_irq(irq, arm_smmu_context_fault, IRQF_SHARED,
942 "arm-smmu-context-fault", domain);
943 if (IS_ERR_VALUE(ret)) {
944 dev_err(smmu->dev, "failed to request context IRQ %d (%u)\n",
946 cfg->irptndx = INVALID_IRPTNDX;
949 mutex_unlock(&smmu_domain->init_mutex);
951 /* Publish page table ops for map/unmap */
952 smmu_domain->pgtbl_ops = pgtbl_ops;
956 smmu_domain->smmu = NULL;
958 mutex_unlock(&smmu_domain->init_mutex);
962 static void arm_smmu_destroy_domain_context(struct iommu_domain *domain)
964 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
965 struct arm_smmu_device *smmu = smmu_domain->smmu;
966 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
967 void __iomem *cb_base;
974 * Disable the context bank and free the page tables before freeing
977 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
978 writel_relaxed(0, cb_base + ARM_SMMU_CB_SCTLR);
980 if (cfg->irptndx != INVALID_IRPTNDX) {
981 irq = smmu->irqs[smmu->num_global_irqs + cfg->irptndx];
982 free_irq(irq, domain);
985 free_io_pgtable_ops(smmu_domain->pgtbl_ops);
986 __arm_smmu_free_bitmap(smmu->context_map, cfg->cbndx);
989 static struct iommu_domain *arm_smmu_domain_alloc(unsigned type)
991 struct arm_smmu_domain *smmu_domain;
993 if (type != IOMMU_DOMAIN_UNMANAGED && type != IOMMU_DOMAIN_DMA)
996 * Allocate the domain and initialise some of its data structures.
997 * We can't really do anything meaningful until we've added a
1000 smmu_domain = kzalloc(sizeof(*smmu_domain), GFP_KERNEL);
1004 if (type == IOMMU_DOMAIN_DMA &&
1005 iommu_get_dma_cookie(&smmu_domain->domain)) {
1010 mutex_init(&smmu_domain->init_mutex);
1011 spin_lock_init(&smmu_domain->pgtbl_lock);
1013 return &smmu_domain->domain;
1016 static void arm_smmu_domain_free(struct iommu_domain *domain)
1018 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1021 * Free the domain resources. We assume that all devices have
1022 * already been detached.
1024 iommu_put_dma_cookie(domain);
1025 arm_smmu_destroy_domain_context(domain);
1029 static int arm_smmu_master_configure_smrs(struct arm_smmu_device *smmu,
1030 struct arm_smmu_master_cfg *cfg)
1033 struct arm_smmu_smr *smrs;
1034 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1036 if (!(smmu->features & ARM_SMMU_FEAT_STREAM_MATCH))
1042 smrs = kmalloc_array(cfg->num_streamids, sizeof(*smrs), GFP_KERNEL);
1044 dev_err(smmu->dev, "failed to allocate %d SMRs\n",
1045 cfg->num_streamids);
1049 /* Allocate the SMRs on the SMMU */
1050 for (i = 0; i < cfg->num_streamids; ++i) {
1051 int idx = __arm_smmu_alloc_bitmap(smmu->smr_map, 0,
1052 smmu->num_mapping_groups);
1053 if (IS_ERR_VALUE(idx)) {
1054 dev_err(smmu->dev, "failed to allocate free SMR\n");
1058 smrs[i] = (struct arm_smmu_smr) {
1060 .mask = 0, /* We don't currently share SMRs */
1061 .id = cfg->streamids[i],
1065 /* It worked! Now, poke the actual hardware */
1066 for (i = 0; i < cfg->num_streamids; ++i) {
1067 u32 reg = SMR_VALID | smrs[i].id << SMR_ID_SHIFT |
1068 smrs[i].mask << SMR_MASK_SHIFT;
1069 writel_relaxed(reg, gr0_base + ARM_SMMU_GR0_SMR(smrs[i].idx));
1077 __arm_smmu_free_bitmap(smmu->smr_map, smrs[i].idx);
1082 static void arm_smmu_master_free_smrs(struct arm_smmu_device *smmu,
1083 struct arm_smmu_master_cfg *cfg)
1086 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1087 struct arm_smmu_smr *smrs = cfg->smrs;
1092 /* Invalidate the SMRs before freeing back to the allocator */
1093 for (i = 0; i < cfg->num_streamids; ++i) {
1094 u8 idx = smrs[i].idx;
1096 writel_relaxed(~SMR_VALID, gr0_base + ARM_SMMU_GR0_SMR(idx));
1097 __arm_smmu_free_bitmap(smmu->smr_map, idx);
1104 static int arm_smmu_domain_add_master(struct arm_smmu_domain *smmu_domain,
1105 struct arm_smmu_master_cfg *cfg)
1108 struct arm_smmu_device *smmu = smmu_domain->smmu;
1109 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1111 /* Devices in an IOMMU group may already be configured */
1112 ret = arm_smmu_master_configure_smrs(smmu, cfg);
1114 return ret == -EEXIST ? 0 : ret;
1117 * FIXME: This won't be needed once we have IOMMU-backed DMA ops
1118 * for all devices behind the SMMU.
1120 if (smmu_domain->domain.type == IOMMU_DOMAIN_DMA)
1123 for (i = 0; i < cfg->num_streamids; ++i) {
1126 idx = cfg->smrs ? cfg->smrs[i].idx : cfg->streamids[i];
1127 s2cr = S2CR_TYPE_TRANS | S2CR_PRIVCFG_UNPRIV |
1128 (smmu_domain->cfg.cbndx << S2CR_CBNDX_SHIFT);
1129 writel_relaxed(s2cr, gr0_base + ARM_SMMU_GR0_S2CR(idx));
1135 static void arm_smmu_domain_remove_master(struct arm_smmu_domain *smmu_domain,
1136 struct arm_smmu_master_cfg *cfg)
1139 struct arm_smmu_device *smmu = smmu_domain->smmu;
1140 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1142 /* An IOMMU group is torn down by the first device to be removed */
1143 if ((smmu->features & ARM_SMMU_FEAT_STREAM_MATCH) && !cfg->smrs)
1147 * We *must* clear the S2CR first, because freeing the SMR means
1148 * that it can be re-allocated immediately.
1150 for (i = 0; i < cfg->num_streamids; ++i) {
1151 u32 idx = cfg->smrs ? cfg->smrs[i].idx : cfg->streamids[i];
1152 u32 reg = disable_bypass ? S2CR_TYPE_FAULT : S2CR_TYPE_BYPASS;
1154 writel_relaxed(reg, gr0_base + ARM_SMMU_GR0_S2CR(idx));
1157 arm_smmu_master_free_smrs(smmu, cfg);
1160 static void arm_smmu_detach_dev(struct device *dev,
1161 struct arm_smmu_master_cfg *cfg)
1163 struct iommu_domain *domain = dev->archdata.iommu;
1164 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1166 dev->archdata.iommu = NULL;
1167 arm_smmu_domain_remove_master(smmu_domain, cfg);
1170 static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev)
1173 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1174 struct arm_smmu_device *smmu;
1175 struct arm_smmu_master_cfg *cfg;
1177 smmu = find_smmu_for_device(dev);
1179 dev_err(dev, "cannot attach to SMMU, is it on the same bus?\n");
1183 /* Ensure that the domain is finalised */
1184 ret = arm_smmu_init_domain_context(domain, smmu);
1185 if (IS_ERR_VALUE(ret))
1189 * Sanity check the domain. We don't support domains across
1192 if (smmu_domain->smmu != smmu) {
1194 "cannot attach to SMMU %s whilst already attached to domain on SMMU %s\n",
1195 dev_name(smmu_domain->smmu->dev), dev_name(smmu->dev));
1199 /* Looks ok, so add the device to the domain */
1200 cfg = find_smmu_master_cfg(dev);
1204 /* Detach the dev from its current domain */
1205 if (dev->archdata.iommu)
1206 arm_smmu_detach_dev(dev, cfg);
1208 ret = arm_smmu_domain_add_master(smmu_domain, cfg);
1210 dev->archdata.iommu = domain;
1214 static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
1215 phys_addr_t paddr, size_t size, int prot)
1218 unsigned long flags;
1219 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1220 struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
1225 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
1226 ret = ops->map(ops, iova, paddr, size, prot);
1227 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
1231 static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
1235 unsigned long flags;
1236 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1237 struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
1242 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
1243 ret = ops->unmap(ops, iova, size);
1244 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
1248 static phys_addr_t arm_smmu_iova_to_phys_hard(struct iommu_domain *domain,
1251 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1252 struct arm_smmu_device *smmu = smmu_domain->smmu;
1253 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
1254 struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
1255 struct device *dev = smmu->dev;
1256 void __iomem *cb_base;
1261 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx);
1263 /* ATS1 registers can only be written atomically */
1264 va = iova & ~0xfffUL;
1265 if (smmu->version == ARM_SMMU_V2)
1266 smmu_writeq(va, cb_base + ARM_SMMU_CB_ATS1PR);
1268 writel_relaxed(va, cb_base + ARM_SMMU_CB_ATS1PR);
1270 if (readl_poll_timeout_atomic(cb_base + ARM_SMMU_CB_ATSR, tmp,
1271 !(tmp & ATSR_ACTIVE), 5, 50)) {
1273 "iova to phys timed out on %pad. Falling back to software table walk.\n",
1275 return ops->iova_to_phys(ops, iova);
1278 phys = readl_relaxed(cb_base + ARM_SMMU_CB_PAR_LO);
1279 phys |= ((u64)readl_relaxed(cb_base + ARM_SMMU_CB_PAR_HI)) << 32;
1281 if (phys & CB_PAR_F) {
1282 dev_err(dev, "translation fault!\n");
1283 dev_err(dev, "PAR = 0x%llx\n", phys);
1287 return (phys & GENMASK_ULL(39, 12)) | (iova & 0xfff);
1290 static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain,
1294 unsigned long flags;
1295 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1296 struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
1301 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
1302 if (smmu_domain->smmu->features & ARM_SMMU_FEAT_TRANS_OPS &&
1303 smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
1304 ret = arm_smmu_iova_to_phys_hard(domain, iova);
1306 ret = ops->iova_to_phys(ops, iova);
1309 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
1314 static bool arm_smmu_capable(enum iommu_cap cap)
1317 case IOMMU_CAP_CACHE_COHERENCY:
1319 * Return true here as the SMMU can always send out coherent
1323 case IOMMU_CAP_INTR_REMAP:
1324 return true; /* MSIs are just memory writes */
1325 case IOMMU_CAP_NOEXEC:
1332 static int __arm_smmu_get_pci_sid(struct pci_dev *pdev, u16 alias, void *data)
1334 *((u16 *)data) = alias;
1335 return 0; /* Continue walking */
1338 static void __arm_smmu_release_pci_iommudata(void *data)
1343 static int arm_smmu_init_pci_device(struct pci_dev *pdev,
1344 struct iommu_group *group)
1346 struct arm_smmu_master_cfg *cfg;
1350 cfg = iommu_group_get_iommudata(group);
1352 cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
1356 iommu_group_set_iommudata(group, cfg,
1357 __arm_smmu_release_pci_iommudata);
1360 if (cfg->num_streamids >= MAX_MASTER_STREAMIDS)
1364 * Assume Stream ID == Requester ID for now.
1365 * We need a way to describe the ID mappings in FDT.
1367 pci_for_each_dma_alias(pdev, __arm_smmu_get_pci_sid, &sid);
1368 for (i = 0; i < cfg->num_streamids; ++i)
1369 if (cfg->streamids[i] == sid)
1372 /* Avoid duplicate SIDs, as this can lead to SMR conflicts */
1373 if (i == cfg->num_streamids)
1374 cfg->streamids[cfg->num_streamids++] = sid;
1379 static int arm_smmu_init_platform_device(struct device *dev,
1380 struct iommu_group *group)
1382 struct arm_smmu_device *smmu = find_smmu_for_device(dev);
1383 struct arm_smmu_master *master;
1388 master = find_smmu_master(smmu, dev->of_node);
1392 iommu_group_set_iommudata(group, &master->cfg, NULL);
1397 static int arm_smmu_add_device(struct device *dev)
1399 struct iommu_group *group;
1401 group = iommu_group_get_for_dev(dev);
1403 return PTR_ERR(group);
1405 iommu_group_put(group);
1409 static void arm_smmu_remove_device(struct device *dev)
1411 iommu_group_remove_device(dev);
1414 static struct iommu_group *arm_smmu_device_group(struct device *dev)
1416 struct iommu_group *group;
1419 if (dev_is_pci(dev))
1420 group = pci_device_group(dev);
1422 group = generic_device_group(dev);
1427 if (dev_is_pci(dev))
1428 ret = arm_smmu_init_pci_device(to_pci_dev(dev), group);
1430 ret = arm_smmu_init_platform_device(dev, group);
1433 iommu_group_put(group);
1434 group = ERR_PTR(ret);
1440 static int arm_smmu_domain_get_attr(struct iommu_domain *domain,
1441 enum iommu_attr attr, void *data)
1443 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1446 case DOMAIN_ATTR_NESTING:
1447 *(int *)data = (smmu_domain->stage == ARM_SMMU_DOMAIN_NESTED);
1454 static int arm_smmu_domain_set_attr(struct iommu_domain *domain,
1455 enum iommu_attr attr, void *data)
1458 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
1460 mutex_lock(&smmu_domain->init_mutex);
1463 case DOMAIN_ATTR_NESTING:
1464 if (smmu_domain->smmu) {
1470 smmu_domain->stage = ARM_SMMU_DOMAIN_NESTED;
1472 smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
1480 mutex_unlock(&smmu_domain->init_mutex);
1484 static struct iommu_ops arm_smmu_ops = {
1485 .capable = arm_smmu_capable,
1486 .domain_alloc = arm_smmu_domain_alloc,
1487 .domain_free = arm_smmu_domain_free,
1488 .attach_dev = arm_smmu_attach_dev,
1489 .map = arm_smmu_map,
1490 .unmap = arm_smmu_unmap,
1491 .map_sg = default_iommu_map_sg,
1492 .iova_to_phys = arm_smmu_iova_to_phys,
1493 .add_device = arm_smmu_add_device,
1494 .remove_device = arm_smmu_remove_device,
1495 .device_group = arm_smmu_device_group,
1496 .domain_get_attr = arm_smmu_domain_get_attr,
1497 .domain_set_attr = arm_smmu_domain_set_attr,
1498 .pgsize_bitmap = -1UL, /* Restricted during device attach */
1501 static void arm_smmu_device_reset(struct arm_smmu_device *smmu)
1503 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1504 void __iomem *cb_base;
1508 /* clear global FSR */
1509 reg = readl_relaxed(ARM_SMMU_GR0_NS(smmu) + ARM_SMMU_GR0_sGFSR);
1510 writel(reg, ARM_SMMU_GR0_NS(smmu) + ARM_SMMU_GR0_sGFSR);
1512 /* Mark all SMRn as invalid and all S2CRn as bypass unless overridden */
1513 reg = disable_bypass ? S2CR_TYPE_FAULT : S2CR_TYPE_BYPASS;
1514 for (i = 0; i < smmu->num_mapping_groups; ++i) {
1515 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_SMR(i));
1516 writel_relaxed(reg, gr0_base + ARM_SMMU_GR0_S2CR(i));
1519 /* Make sure all context banks are disabled and clear CB_FSR */
1520 for (i = 0; i < smmu->num_context_banks; ++i) {
1521 cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, i);
1522 writel_relaxed(0, cb_base + ARM_SMMU_CB_SCTLR);
1523 writel_relaxed(FSR_FAULT, cb_base + ARM_SMMU_CB_FSR);
1525 * Disable MMU-500's not-particularly-beneficial next-page
1526 * prefetcher for the sake of errata #841119 and #826419.
1528 if (smmu->model == ARM_MMU500) {
1529 reg = readl_relaxed(cb_base + ARM_SMMU_CB_ACTLR);
1530 reg &= ~ARM_MMU500_ACTLR_CPRE;
1531 writel_relaxed(reg, cb_base + ARM_SMMU_CB_ACTLR);
1535 /* Invalidate the TLB, just in case */
1536 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_TLBIALLH);
1537 writel_relaxed(0, gr0_base + ARM_SMMU_GR0_TLBIALLNSNH);
1539 reg = readl_relaxed(ARM_SMMU_GR0_NS(smmu) + ARM_SMMU_GR0_sCR0);
1541 /* Enable fault reporting */
1542 reg |= (sCR0_GFRE | sCR0_GFIE | sCR0_GCFGFRE | sCR0_GCFGFIE);
1544 /* Disable TLB broadcasting. */
1545 reg |= (sCR0_VMIDPNE | sCR0_PTM);
1547 /* Enable client access, handling unmatched streams as appropriate */
1548 reg &= ~sCR0_CLIENTPD;
1552 reg &= ~sCR0_USFCFG;
1554 /* Disable forced broadcasting */
1557 /* Don't upgrade barriers */
1558 reg &= ~(sCR0_BSU_MASK << sCR0_BSU_SHIFT);
1560 if (smmu->features & ARM_SMMU_FEAT_VMID16)
1561 reg |= sCR0_VMID16EN;
1563 /* Push the button */
1564 __arm_smmu_tlb_sync(smmu);
1565 writel(reg, ARM_SMMU_GR0_NS(smmu) + ARM_SMMU_GR0_sCR0);
1568 static int arm_smmu_id_size_to_bits(int size)
1587 static int arm_smmu_device_cfg_probe(struct arm_smmu_device *smmu)
1590 void __iomem *gr0_base = ARM_SMMU_GR0(smmu);
1592 bool cttw_dt, cttw_reg;
1594 dev_notice(smmu->dev, "probing hardware configuration...\n");
1595 dev_notice(smmu->dev, "SMMUv%d with:\n", smmu->version);
1598 id = readl_relaxed(gr0_base + ARM_SMMU_GR0_ID0);
1600 /* Restrict available stages based on module parameter */
1601 if (force_stage == 1)
1602 id &= ~(ID0_S2TS | ID0_NTS);
1603 else if (force_stage == 2)
1604 id &= ~(ID0_S1TS | ID0_NTS);
1606 if (id & ID0_S1TS) {
1607 smmu->features |= ARM_SMMU_FEAT_TRANS_S1;
1608 dev_notice(smmu->dev, "\tstage 1 translation\n");
1611 if (id & ID0_S2TS) {
1612 smmu->features |= ARM_SMMU_FEAT_TRANS_S2;
1613 dev_notice(smmu->dev, "\tstage 2 translation\n");
1617 smmu->features |= ARM_SMMU_FEAT_TRANS_NESTED;
1618 dev_notice(smmu->dev, "\tnested translation\n");
1621 if (!(smmu->features &
1622 (ARM_SMMU_FEAT_TRANS_S1 | ARM_SMMU_FEAT_TRANS_S2))) {
1623 dev_err(smmu->dev, "\tno translation support!\n");
1627 if ((id & ID0_S1TS) && ((smmu->version == 1) || !(id & ID0_ATOSNS))) {
1628 smmu->features |= ARM_SMMU_FEAT_TRANS_OPS;
1629 dev_notice(smmu->dev, "\taddress translation ops\n");
1633 * In order for DMA API calls to work properly, we must defer to what
1634 * the DT says about coherency, regardless of what the hardware claims.
1635 * Fortunately, this also opens up a workaround for systems where the
1636 * ID register value has ended up configured incorrectly.
1638 cttw_dt = of_dma_is_coherent(smmu->dev->of_node);
1639 cttw_reg = !!(id & ID0_CTTW);
1641 smmu->features |= ARM_SMMU_FEAT_COHERENT_WALK;
1642 if (cttw_dt || cttw_reg)
1643 dev_notice(smmu->dev, "\t%scoherent table walk\n",
1644 cttw_dt ? "" : "non-");
1645 if (cttw_dt != cttw_reg)
1646 dev_notice(smmu->dev,
1647 "\t(IDR0.CTTW overridden by dma-coherent property)\n");
1652 smmu->features |= ARM_SMMU_FEAT_STREAM_MATCH;
1653 smmu->num_mapping_groups = (id >> ID0_NUMSMRG_SHIFT) &
1655 if (smmu->num_mapping_groups == 0) {
1657 "stream-matching supported, but no SMRs present!\n");
1661 smr = SMR_MASK_MASK << SMR_MASK_SHIFT;
1662 smr |= (SMR_ID_MASK << SMR_ID_SHIFT);
1663 writel_relaxed(smr, gr0_base + ARM_SMMU_GR0_SMR(0));
1664 smr = readl_relaxed(gr0_base + ARM_SMMU_GR0_SMR(0));
1666 mask = (smr >> SMR_MASK_SHIFT) & SMR_MASK_MASK;
1667 sid = (smr >> SMR_ID_SHIFT) & SMR_ID_MASK;
1668 if ((mask & sid) != sid) {
1670 "SMR mask bits (0x%x) insufficient for ID field (0x%x)\n",
1675 dev_notice(smmu->dev,
1676 "\tstream matching with %u register groups, mask 0x%x",
1677 smmu->num_mapping_groups, mask);
1679 smmu->num_mapping_groups = (id >> ID0_NUMSIDB_SHIFT) &
1684 id = readl_relaxed(gr0_base + ARM_SMMU_GR0_ID1);
1685 smmu->pgshift = (id & ID1_PAGESIZE) ? 16 : 12;
1687 /* Check for size mismatch of SMMU address space from mapped region */
1688 size = 1 << (((id >> ID1_NUMPAGENDXB_SHIFT) & ID1_NUMPAGENDXB_MASK) + 1);
1689 size *= 2 << smmu->pgshift;
1690 if (smmu->size != size)
1692 "SMMU address space size (0x%lx) differs from mapped region size (0x%lx)!\n",
1695 smmu->num_s2_context_banks = (id >> ID1_NUMS2CB_SHIFT) & ID1_NUMS2CB_MASK;
1696 smmu->num_context_banks = (id >> ID1_NUMCB_SHIFT) & ID1_NUMCB_MASK;
1697 if (smmu->num_s2_context_banks > smmu->num_context_banks) {
1698 dev_err(smmu->dev, "impossible number of S2 context banks!\n");
1701 dev_notice(smmu->dev, "\t%u context banks (%u stage-2 only)\n",
1702 smmu->num_context_banks, smmu->num_s2_context_banks);
1704 * Cavium CN88xx erratum #27704.
1705 * Ensure ASID and VMID allocation is unique across all SMMUs in
1708 if (smmu->model == CAVIUM_SMMUV2) {
1709 smmu->cavium_id_base =
1710 atomic_add_return(smmu->num_context_banks,
1711 &cavium_smmu_context_count);
1712 smmu->cavium_id_base -= smmu->num_context_banks;
1716 id = readl_relaxed(gr0_base + ARM_SMMU_GR0_ID2);
1717 size = arm_smmu_id_size_to_bits((id >> ID2_IAS_SHIFT) & ID2_IAS_MASK);
1718 smmu->ipa_size = size;
1720 /* The output mask is also applied for bypass */
1721 size = arm_smmu_id_size_to_bits((id >> ID2_OAS_SHIFT) & ID2_OAS_MASK);
1722 smmu->pa_size = size;
1724 if (id & ID2_VMID16)
1725 smmu->features |= ARM_SMMU_FEAT_VMID16;
1728 * What the page table walker can address actually depends on which
1729 * descriptor format is in use, but since a) we don't know that yet,
1730 * and b) it can vary per context bank, this will have to do...
1732 if (dma_set_mask_and_coherent(smmu->dev, DMA_BIT_MASK(size)))
1734 "failed to set DMA mask for table walker\n");
1736 if (smmu->version == ARM_SMMU_V1) {
1737 smmu->va_size = smmu->ipa_size;
1738 size = SZ_4K | SZ_2M | SZ_1G;
1740 size = (id >> ID2_UBS_SHIFT) & ID2_UBS_MASK;
1741 smmu->va_size = arm_smmu_id_size_to_bits(size);
1742 #ifndef CONFIG_64BIT
1743 smmu->va_size = min(32UL, smmu->va_size);
1746 if (id & ID2_PTFS_4K)
1747 size |= SZ_4K | SZ_2M | SZ_1G;
1748 if (id & ID2_PTFS_16K)
1749 size |= SZ_16K | SZ_32M;
1750 if (id & ID2_PTFS_64K)
1751 size |= SZ_64K | SZ_512M;
1754 arm_smmu_ops.pgsize_bitmap &= size;
1755 dev_notice(smmu->dev, "\tSupported page sizes: 0x%08lx\n", size);
1757 if (smmu->features & ARM_SMMU_FEAT_TRANS_S1)
1758 dev_notice(smmu->dev, "\tStage-1: %lu-bit VA -> %lu-bit IPA\n",
1759 smmu->va_size, smmu->ipa_size);
1761 if (smmu->features & ARM_SMMU_FEAT_TRANS_S2)
1762 dev_notice(smmu->dev, "\tStage-2: %lu-bit IPA -> %lu-bit PA\n",
1763 smmu->ipa_size, smmu->pa_size);
1768 struct arm_smmu_match_data {
1769 enum arm_smmu_arch_version version;
1770 enum arm_smmu_implementation model;
1773 #define ARM_SMMU_MATCH_DATA(name, ver, imp) \
1774 static struct arm_smmu_match_data name = { .version = ver, .model = imp }
1776 ARM_SMMU_MATCH_DATA(smmu_generic_v1, ARM_SMMU_V1, GENERIC_SMMU);
1777 ARM_SMMU_MATCH_DATA(smmu_generic_v2, ARM_SMMU_V2, GENERIC_SMMU);
1778 ARM_SMMU_MATCH_DATA(arm_mmu500, ARM_SMMU_V2, ARM_MMU500);
1779 ARM_SMMU_MATCH_DATA(cavium_smmuv2, ARM_SMMU_V2, CAVIUM_SMMUV2);
1781 static const struct of_device_id arm_smmu_of_match[] = {
1782 { .compatible = "arm,smmu-v1", .data = &smmu_generic_v1 },
1783 { .compatible = "arm,smmu-v2", .data = &smmu_generic_v2 },
1784 { .compatible = "arm,mmu-400", .data = &smmu_generic_v1 },
1785 { .compatible = "arm,mmu-401", .data = &smmu_generic_v1 },
1786 { .compatible = "arm,mmu-500", .data = &arm_mmu500 },
1787 { .compatible = "cavium,smmu-v2", .data = &cavium_smmuv2 },
1790 MODULE_DEVICE_TABLE(of, arm_smmu_of_match);
1792 static int arm_smmu_device_dt_probe(struct platform_device *pdev)
1794 const struct of_device_id *of_id;
1795 const struct arm_smmu_match_data *data;
1796 struct resource *res;
1797 struct arm_smmu_device *smmu;
1798 struct device *dev = &pdev->dev;
1799 struct rb_node *node;
1800 struct of_phandle_args masterspec;
1801 int num_irqs, i, err;
1803 smmu = devm_kzalloc(dev, sizeof(*smmu), GFP_KERNEL);
1805 dev_err(dev, "failed to allocate arm_smmu_device\n");
1810 of_id = of_match_node(arm_smmu_of_match, dev->of_node);
1812 smmu->version = data->version;
1813 smmu->model = data->model;
1815 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
1816 smmu->base = devm_ioremap_resource(dev, res);
1817 if (IS_ERR(smmu->base))
1818 return PTR_ERR(smmu->base);
1819 smmu->size = resource_size(res);
1821 if (of_property_read_u32(dev->of_node, "#global-interrupts",
1822 &smmu->num_global_irqs)) {
1823 dev_err(dev, "missing #global-interrupts property\n");
1828 while ((res = platform_get_resource(pdev, IORESOURCE_IRQ, num_irqs))) {
1830 if (num_irqs > smmu->num_global_irqs)
1831 smmu->num_context_irqs++;
1834 if (!smmu->num_context_irqs) {
1835 dev_err(dev, "found %d interrupts but expected at least %d\n",
1836 num_irqs, smmu->num_global_irqs + 1);
1840 smmu->irqs = devm_kzalloc(dev, sizeof(*smmu->irqs) * num_irqs,
1843 dev_err(dev, "failed to allocate %d irqs\n", num_irqs);
1847 for (i = 0; i < num_irqs; ++i) {
1848 int irq = platform_get_irq(pdev, i);
1851 dev_err(dev, "failed to get irq index %d\n", i);
1854 smmu->irqs[i] = irq;
1857 err = arm_smmu_device_cfg_probe(smmu);
1862 smmu->masters = RB_ROOT;
1863 while (!of_parse_phandle_with_args(dev->of_node, "mmu-masters",
1864 "#stream-id-cells", i,
1866 err = register_smmu_master(smmu, dev, &masterspec);
1868 dev_err(dev, "failed to add master %s\n",
1869 masterspec.np->name);
1870 goto out_put_masters;
1875 dev_notice(dev, "registered %d master devices\n", i);
1877 parse_driver_options(smmu);
1879 if (smmu->version > ARM_SMMU_V1 &&
1880 smmu->num_context_banks != smmu->num_context_irqs) {
1882 "found only %d context interrupt(s) but %d required\n",
1883 smmu->num_context_irqs, smmu->num_context_banks);
1885 goto out_put_masters;
1888 for (i = 0; i < smmu->num_global_irqs; ++i) {
1889 err = request_irq(smmu->irqs[i],
1890 arm_smmu_global_fault,
1892 "arm-smmu global fault",
1895 dev_err(dev, "failed to request global IRQ %d (%u)\n",
1901 INIT_LIST_HEAD(&smmu->list);
1902 spin_lock(&arm_smmu_devices_lock);
1903 list_add(&smmu->list, &arm_smmu_devices);
1904 spin_unlock(&arm_smmu_devices_lock);
1906 arm_smmu_device_reset(smmu);
1911 free_irq(smmu->irqs[i], smmu);
1914 for (node = rb_first(&smmu->masters); node; node = rb_next(node)) {
1915 struct arm_smmu_master *master
1916 = container_of(node, struct arm_smmu_master, node);
1917 of_node_put(master->of_node);
1923 static int arm_smmu_device_remove(struct platform_device *pdev)
1926 struct device *dev = &pdev->dev;
1927 struct arm_smmu_device *curr, *smmu = NULL;
1928 struct rb_node *node;
1930 spin_lock(&arm_smmu_devices_lock);
1931 list_for_each_entry(curr, &arm_smmu_devices, list) {
1932 if (curr->dev == dev) {
1934 list_del(&smmu->list);
1938 spin_unlock(&arm_smmu_devices_lock);
1943 for (node = rb_first(&smmu->masters); node; node = rb_next(node)) {
1944 struct arm_smmu_master *master
1945 = container_of(node, struct arm_smmu_master, node);
1946 of_node_put(master->of_node);
1949 if (!bitmap_empty(smmu->context_map, ARM_SMMU_MAX_CBS))
1950 dev_err(dev, "removing device with active domains!\n");
1952 for (i = 0; i < smmu->num_global_irqs; ++i)
1953 free_irq(smmu->irqs[i], smmu);
1955 /* Turn the thing off */
1956 writel(sCR0_CLIENTPD, ARM_SMMU_GR0_NS(smmu) + ARM_SMMU_GR0_sCR0);
1960 static struct platform_driver arm_smmu_driver = {
1963 .of_match_table = of_match_ptr(arm_smmu_of_match),
1965 .probe = arm_smmu_device_dt_probe,
1966 .remove = arm_smmu_device_remove,
1969 static int __init arm_smmu_init(void)
1971 struct device_node *np;
1975 * Play nice with systems that don't have an ARM SMMU by checking that
1976 * an ARM SMMU exists in the system before proceeding with the driver
1977 * and IOMMU bus operation registration.
1979 np = of_find_matching_node(NULL, arm_smmu_of_match);
1985 ret = platform_driver_register(&arm_smmu_driver);
1989 /* Oh, for a proper bus abstraction */
1990 if (!iommu_present(&platform_bus_type))
1991 bus_set_iommu(&platform_bus_type, &arm_smmu_ops);
1993 #ifdef CONFIG_ARM_AMBA
1994 if (!iommu_present(&amba_bustype))
1995 bus_set_iommu(&amba_bustype, &arm_smmu_ops);
1999 if (!iommu_present(&pci_bus_type))
2000 bus_set_iommu(&pci_bus_type, &arm_smmu_ops);
2006 static void __exit arm_smmu_exit(void)
2008 return platform_driver_unregister(&arm_smmu_driver);
2011 subsys_initcall(arm_smmu_init);
2012 module_exit(arm_smmu_exit);
2014 MODULE_DESCRIPTION("IOMMU API for ARM architected SMMU implementations");
2015 MODULE_AUTHOR("Will Deacon <will.deacon@arm.com>");
2016 MODULE_LICENSE("GPL v2");
projects / karo-tx-linux.git / blob