iommu/vt-d: Separate page request queue from SVM

+1 -1

drivers/iommu/intel/Makefile

··· 1 1 # SPDX-License-Identifier: GPL-2.0 2 2 obj-$(CONFIG_DMAR_TABLE) += dmar.o 3 - obj-$(CONFIG_INTEL_IOMMU) += iommu.o pasid.o nested.o cache.o 3 + obj-$(CONFIG_INTEL_IOMMU) += iommu.o pasid.o nested.o cache.o prq.o 4 4 obj-$(CONFIG_DMAR_TABLE) += trace.o cap_audit.o 5 5 obj-$(CONFIG_DMAR_PERF) += perf.o 6 6 obj-$(CONFIG_INTEL_IOMMU_DEBUGFS) += debugfs.o

+7 -13

drivers/iommu/intel/iommu.c

··· 1329 1329 /* free context mapping */ 1330 1330 free_context_table(iommu); 1331 1331 1332 - #ifdef CONFIG_INTEL_IOMMU_SVM 1333 1332 if (pasid_supported(iommu)) { 1334 1333 if (ecap_prs(iommu->ecap)) 1335 - intel_svm_finish_prq(iommu); 1334 + intel_iommu_finish_prq(iommu); 1336 1335 } 1337 - #endif 1338 1336 } 1339 1337 1340 1338 /* ··· 2192 2194 2193 2195 iommu_flush_write_buffer(iommu); 2194 2196 2195 - #ifdef CONFIG_INTEL_IOMMU_SVM 2196 2197 if (pasid_supported(iommu) && ecap_prs(iommu->ecap)) { 2197 2198 /* 2198 2199 * Call dmar_alloc_hwirq() with dmar_global_lock held, 2199 2200 * could cause possible lock race condition. 2200 2201 */ 2201 2202 up_write(&dmar_global_lock); 2202 - ret = intel_svm_enable_prq(iommu); 2203 + ret = intel_iommu_enable_prq(iommu); 2203 2204 down_write(&dmar_global_lock); 2204 2205 if (ret) 2205 2206 goto free_iommu; 2206 2207 } 2207 - #endif 2208 + 2208 2209 ret = dmar_set_interrupt(iommu); 2209 2210 if (ret) 2210 2211 goto free_iommu; ··· 2616 2619 intel_iommu_init_qi(iommu); 2617 2620 iommu_flush_write_buffer(iommu); 2618 2621 2619 - #ifdef CONFIG_INTEL_IOMMU_SVM 2620 2622 if (pasid_supported(iommu) && ecap_prs(iommu->ecap)) { 2621 - ret = intel_svm_enable_prq(iommu); 2623 + ret = intel_iommu_enable_prq(iommu); 2622 2624 if (ret) 2623 2625 goto disable_iommu; 2624 2626 } 2625 - #endif 2627 + 2626 2628 ret = dmar_set_interrupt(iommu); 2627 2629 if (ret) 2628 2630 goto disable_iommu; ··· 4068 4072 intel_iommu_debugfs_remove_dev_pasid(dev_pasid); 4069 4073 kfree(dev_pasid); 4070 4074 intel_pasid_tear_down_entry(iommu, dev, pasid, false); 4071 - intel_drain_pasid_prq(dev, pasid); 4075 + intel_iommu_drain_pasid_prq(dev, pasid); 4072 4076 } 4073 4077 4074 4078 static int intel_iommu_set_dev_pasid(struct iommu_domain *domain, ··· 4411 4415 .def_domain_type = device_def_domain_type, 4412 4416 .remove_dev_pasid = intel_iommu_remove_dev_pasid, 4413 4417 .pgsize_bitmap = SZ_4K, 4414 - #ifdef CONFIG_INTEL_IOMMU_SVM 4415 - .page_response = intel_svm_page_response, 4416 - #endif 4418 + .page_response = intel_iommu_page_response, 4417 4419 .default_domain_ops = &(const struct iommu_domain_ops) { 4418 4420 .attach_dev = intel_iommu_attach_device, 4419 4421 .set_dev_pasid = intel_iommu_set_dev_pasid,

+6 -8

drivers/iommu/intel/iommu.h

··· 728 728 729 729 struct iommu_flush flush; 730 730 #endif 731 - #ifdef CONFIG_INTEL_IOMMU_SVM 732 731 struct page_req_dsc *prq; 733 732 unsigned char prq_name[16]; /* Name for PRQ interrupt */ 734 733 unsigned long prq_seq_number; 735 734 struct completion prq_complete; 736 - #endif 737 735 struct iopf_queue *iopf_queue; 738 736 unsigned char iopfq_name[16]; 739 737 /* Synchronization between fault report and iommu device release. */ ··· 1272 1274 struct context_entry *context, 1273 1275 u16 did, bool affect_domains); 1274 1276 1277 + int intel_iommu_enable_prq(struct intel_iommu *iommu); 1278 + int intel_iommu_finish_prq(struct intel_iommu *iommu); 1279 + void intel_iommu_page_response(struct device *dev, struct iopf_fault *evt, 1280 + struct iommu_page_response *msg); 1281 + void intel_iommu_drain_pasid_prq(struct device *dev, u32 pasid); 1282 + 1275 1283 #ifdef CONFIG_INTEL_IOMMU_SVM 1276 1284 void intel_svm_check(struct intel_iommu *iommu); 1277 - int intel_svm_enable_prq(struct intel_iommu *iommu); 1278 - int intel_svm_finish_prq(struct intel_iommu *iommu); 1279 - void intel_svm_page_response(struct device *dev, struct iopf_fault *evt, 1280 - struct iommu_page_response *msg); 1281 1285 struct iommu_domain *intel_svm_domain_alloc(struct device *dev, 1282 1286 struct mm_struct *mm); 1283 - void intel_drain_pasid_prq(struct device *dev, u32 pasid); 1284 1287 #else 1285 1288 static inline void intel_svm_check(struct intel_iommu *iommu) {} 1286 - static inline void intel_drain_pasid_prq(struct device *dev, u32 pasid) {} 1287 1289 static inline struct iommu_domain *intel_svm_domain_alloc(struct device *dev, 1288 1290 struct mm_struct *mm) 1289 1291 {

+410

drivers/iommu/intel/prq.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* 3 + * Copyright (C) 2015 Intel Corporation 4 + * 5 + * Originally split from drivers/iommu/intel/svm.c 6 + */ 7 + 8 + #include <linux/pci.h> 9 + #include <linux/pci-ats.h> 10 + 11 + #include "iommu.h" 12 + #include "pasid.h" 13 + #include "../iommu-pages.h" 14 + #include "trace.h" 15 + 16 + /* Page request queue descriptor */ 17 + struct page_req_dsc { 18 + union { 19 + struct { 20 + u64 type:8; 21 + u64 pasid_present:1; 22 + u64 rsvd:7; 23 + u64 rid:16; 24 + u64 pasid:20; 25 + u64 exe_req:1; 26 + u64 pm_req:1; 27 + u64 rsvd2:10; 28 + }; 29 + u64 qw_0; 30 + }; 31 + union { 32 + struct { 33 + u64 rd_req:1; 34 + u64 wr_req:1; 35 + u64 lpig:1; 36 + u64 prg_index:9; 37 + u64 addr:52; 38 + }; 39 + u64 qw_1; 40 + }; 41 + u64 qw_2; 42 + u64 qw_3; 43 + }; 44 + 45 + /** 46 + * intel_iommu_drain_pasid_prq - Drain page requests and responses for a pasid 47 + * @dev: target device 48 + * @pasid: pasid for draining 49 + * 50 + * Drain all pending page requests and responses related to @pasid in both 51 + * software and hardware. This is supposed to be called after the device 52 + * driver has stopped DMA, the pasid entry has been cleared, and both IOTLB 53 + * and DevTLB have been invalidated. 54 + * 55 + * It waits until all pending page requests for @pasid in the page fault 56 + * queue are completed by the prq handling thread. Then follow the steps 57 + * described in VT-d spec CH7.10 to drain all page requests and page 58 + * responses pending in the hardware. 59 + */ 60 + void intel_iommu_drain_pasid_prq(struct device *dev, u32 pasid) 61 + { 62 + struct device_domain_info *info; 63 + struct dmar_domain *domain; 64 + struct intel_iommu *iommu; 65 + struct qi_desc desc[3]; 66 + struct pci_dev *pdev; 67 + int head, tail; 68 + u16 sid, did; 69 + int qdep; 70 + 71 + info = dev_iommu_priv_get(dev); 72 + if (WARN_ON(!info || !dev_is_pci(dev))) 73 + return; 74 + 75 + if (!info->pri_enabled) 76 + return; 77 + 78 + iommu = info->iommu; 79 + domain = info->domain; 80 + pdev = to_pci_dev(dev); 81 + sid = PCI_DEVID(info->bus, info->devfn); 82 + did = domain ? domain_id_iommu(domain, iommu) : FLPT_DEFAULT_DID; 83 + 84 + qdep = pci_ats_queue_depth(pdev); 85 + 86 + /* 87 + * Check and wait until all pending page requests in the queue are 88 + * handled by the prq handling thread. 89 + */ 90 + prq_retry: 91 + reinit_completion(&iommu->prq_complete); 92 + tail = dmar_readq(iommu->reg + DMAR_PQT_REG) & PRQ_RING_MASK; 93 + head = dmar_readq(iommu->reg + DMAR_PQH_REG) & PRQ_RING_MASK; 94 + while (head != tail) { 95 + struct page_req_dsc *req; 96 + 97 + req = &iommu->prq[head / sizeof(*req)]; 98 + if (!req->pasid_present || req->pasid != pasid) { 99 + head = (head + sizeof(*req)) & PRQ_RING_MASK; 100 + continue; 101 + } 102 + 103 + wait_for_completion(&iommu->prq_complete); 104 + goto prq_retry; 105 + } 106 + 107 + iopf_queue_flush_dev(dev); 108 + 109 + /* 110 + * Perform steps described in VT-d spec CH7.10 to drain page 111 + * requests and responses in hardware. 112 + */ 113 + memset(desc, 0, sizeof(desc)); 114 + desc[0].qw0 = QI_IWD_STATUS_DATA(QI_DONE) | 115 + QI_IWD_FENCE | 116 + QI_IWD_TYPE; 117 + desc[1].qw0 = QI_EIOTLB_PASID(pasid) | 118 + QI_EIOTLB_DID(did) | 119 + QI_EIOTLB_GRAN(QI_GRAN_NONG_PASID) | 120 + QI_EIOTLB_TYPE; 121 + desc[2].qw0 = QI_DEV_EIOTLB_PASID(pasid) | 122 + QI_DEV_EIOTLB_SID(sid) | 123 + QI_DEV_EIOTLB_QDEP(qdep) | 124 + QI_DEIOTLB_TYPE | 125 + QI_DEV_IOTLB_PFSID(info->pfsid); 126 + qi_retry: 127 + reinit_completion(&iommu->prq_complete); 128 + qi_submit_sync(iommu, desc, 3, QI_OPT_WAIT_DRAIN); 129 + if (readl(iommu->reg + DMAR_PRS_REG) & DMA_PRS_PRO) { 130 + wait_for_completion(&iommu->prq_complete); 131 + goto qi_retry; 132 + } 133 + } 134 + 135 + static bool is_canonical_address(u64 addr) 136 + { 137 + int shift = 64 - (__VIRTUAL_MASK_SHIFT + 1); 138 + long saddr = (long)addr; 139 + 140 + return (((saddr << shift) >> shift) == saddr); 141 + } 142 + 143 + static void handle_bad_prq_event(struct intel_iommu *iommu, 144 + struct page_req_dsc *req, int result) 145 + { 146 + struct qi_desc desc = { }; 147 + 148 + pr_err("%s: Invalid page request: %08llx %08llx\n", 149 + iommu->name, ((unsigned long long *)req)[0], 150 + ((unsigned long long *)req)[1]); 151 + 152 + if (!req->lpig) 153 + return; 154 + 155 + desc.qw0 = QI_PGRP_PASID(req->pasid) | 156 + QI_PGRP_DID(req->rid) | 157 + QI_PGRP_PASID_P(req->pasid_present) | 158 + QI_PGRP_RESP_CODE(result) | 159 + QI_PGRP_RESP_TYPE; 160 + desc.qw1 = QI_PGRP_IDX(req->prg_index) | 161 + QI_PGRP_LPIG(req->lpig); 162 + 163 + qi_submit_sync(iommu, &desc, 1, 0); 164 + } 165 + 166 + static int prq_to_iommu_prot(struct page_req_dsc *req) 167 + { 168 + int prot = 0; 169 + 170 + if (req->rd_req) 171 + prot |= IOMMU_FAULT_PERM_READ; 172 + if (req->wr_req) 173 + prot |= IOMMU_FAULT_PERM_WRITE; 174 + if (req->exe_req) 175 + prot |= IOMMU_FAULT_PERM_EXEC; 176 + if (req->pm_req) 177 + prot |= IOMMU_FAULT_PERM_PRIV; 178 + 179 + return prot; 180 + } 181 + 182 + static void intel_prq_report(struct intel_iommu *iommu, struct device *dev, 183 + struct page_req_dsc *desc) 184 + { 185 + struct iopf_fault event = { }; 186 + 187 + /* Fill in event data for device specific processing */ 188 + event.fault.type = IOMMU_FAULT_PAGE_REQ; 189 + event.fault.prm.addr = (u64)desc->addr << VTD_PAGE_SHIFT; 190 + event.fault.prm.pasid = desc->pasid; 191 + event.fault.prm.grpid = desc->prg_index; 192 + event.fault.prm.perm = prq_to_iommu_prot(desc); 193 + 194 + if (desc->lpig) 195 + event.fault.prm.flags |= IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE; 196 + if (desc->pasid_present) { 197 + event.fault.prm.flags |= IOMMU_FAULT_PAGE_REQUEST_PASID_VALID; 198 + event.fault.prm.flags |= IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID; 199 + } 200 + 201 + iommu_report_device_fault(dev, &event); 202 + } 203 + 204 + static irqreturn_t prq_event_thread(int irq, void *d) 205 + { 206 + struct intel_iommu *iommu = d; 207 + struct page_req_dsc *req; 208 + int head, tail, handled; 209 + struct device *dev; 210 + u64 address; 211 + 212 + /* 213 + * Clear PPR bit before reading head/tail registers, to ensure that 214 + * we get a new interrupt if needed. 215 + */ 216 + writel(DMA_PRS_PPR, iommu->reg + DMAR_PRS_REG); 217 + 218 + tail = dmar_readq(iommu->reg + DMAR_PQT_REG) & PRQ_RING_MASK; 219 + head = dmar_readq(iommu->reg + DMAR_PQH_REG) & PRQ_RING_MASK; 220 + handled = (head != tail); 221 + while (head != tail) { 222 + req = &iommu->prq[head / sizeof(*req)]; 223 + address = (u64)req->addr << VTD_PAGE_SHIFT; 224 + 225 + if (unlikely(!req->pasid_present)) { 226 + pr_err("IOMMU: %s: Page request without PASID\n", 227 + iommu->name); 228 + bad_req: 229 + handle_bad_prq_event(iommu, req, QI_RESP_INVALID); 230 + goto prq_advance; 231 + } 232 + 233 + if (unlikely(!is_canonical_address(address))) { 234 + pr_err("IOMMU: %s: Address is not canonical\n", 235 + iommu->name); 236 + goto bad_req; 237 + } 238 + 239 + if (unlikely(req->pm_req && (req->rd_req | req->wr_req))) { 240 + pr_err("IOMMU: %s: Page request in Privilege Mode\n", 241 + iommu->name); 242 + goto bad_req; 243 + } 244 + 245 + if (unlikely(req->exe_req && req->rd_req)) { 246 + pr_err("IOMMU: %s: Execution request not supported\n", 247 + iommu->name); 248 + goto bad_req; 249 + } 250 + 251 + /* Drop Stop Marker message. No need for a response. */ 252 + if (unlikely(req->lpig && !req->rd_req && !req->wr_req)) 253 + goto prq_advance; 254 + 255 + /* 256 + * If prq is to be handled outside iommu driver via receiver of 257 + * the fault notifiers, we skip the page response here. 258 + */ 259 + mutex_lock(&iommu->iopf_lock); 260 + dev = device_rbtree_find(iommu, req->rid); 261 + if (!dev) { 262 + mutex_unlock(&iommu->iopf_lock); 263 + goto bad_req; 264 + } 265 + 266 + intel_prq_report(iommu, dev, req); 267 + trace_prq_report(iommu, dev, req->qw_0, req->qw_1, 268 + req->qw_2, req->qw_3, 269 + iommu->prq_seq_number++); 270 + mutex_unlock(&iommu->iopf_lock); 271 + prq_advance: 272 + head = (head + sizeof(*req)) & PRQ_RING_MASK; 273 + } 274 + 275 + dmar_writeq(iommu->reg + DMAR_PQH_REG, tail); 276 + 277 + /* 278 + * Clear the page request overflow bit and wake up all threads that 279 + * are waiting for the completion of this handling. 280 + */ 281 + if (readl(iommu->reg + DMAR_PRS_REG) & DMA_PRS_PRO) { 282 + pr_info_ratelimited("IOMMU: %s: PRQ overflow detected\n", 283 + iommu->name); 284 + head = dmar_readq(iommu->reg + DMAR_PQH_REG) & PRQ_RING_MASK; 285 + tail = dmar_readq(iommu->reg + DMAR_PQT_REG) & PRQ_RING_MASK; 286 + if (head == tail) { 287 + iopf_queue_discard_partial(iommu->iopf_queue); 288 + writel(DMA_PRS_PRO, iommu->reg + DMAR_PRS_REG); 289 + pr_info_ratelimited("IOMMU: %s: PRQ overflow cleared", 290 + iommu->name); 291 + } 292 + } 293 + 294 + if (!completion_done(&iommu->prq_complete)) 295 + complete(&iommu->prq_complete); 296 + 297 + return IRQ_RETVAL(handled); 298 + } 299 + 300 + int intel_iommu_enable_prq(struct intel_iommu *iommu) 301 + { 302 + struct iopf_queue *iopfq; 303 + int irq, ret; 304 + 305 + iommu->prq = iommu_alloc_pages_node(iommu->node, GFP_KERNEL, PRQ_ORDER); 306 + if (!iommu->prq) { 307 + pr_warn("IOMMU: %s: Failed to allocate page request queue\n", 308 + iommu->name); 309 + return -ENOMEM; 310 + } 311 + 312 + irq = dmar_alloc_hwirq(IOMMU_IRQ_ID_OFFSET_PRQ + iommu->seq_id, iommu->node, iommu); 313 + if (irq <= 0) { 314 + pr_err("IOMMU: %s: Failed to create IRQ vector for page request queue\n", 315 + iommu->name); 316 + ret = -EINVAL; 317 + goto free_prq; 318 + } 319 + iommu->pr_irq = irq; 320 + 321 + snprintf(iommu->iopfq_name, sizeof(iommu->iopfq_name), 322 + "dmar%d-iopfq", iommu->seq_id); 323 + iopfq = iopf_queue_alloc(iommu->iopfq_name); 324 + if (!iopfq) { 325 + pr_err("IOMMU: %s: Failed to allocate iopf queue\n", iommu->name); 326 + ret = -ENOMEM; 327 + goto free_hwirq; 328 + } 329 + iommu->iopf_queue = iopfq; 330 + 331 + snprintf(iommu->prq_name, sizeof(iommu->prq_name), "dmar%d-prq", iommu->seq_id); 332 + 333 + ret = request_threaded_irq(irq, NULL, prq_event_thread, IRQF_ONESHOT, 334 + iommu->prq_name, iommu); 335 + if (ret) { 336 + pr_err("IOMMU: %s: Failed to request IRQ for page request queue\n", 337 + iommu->name); 338 + goto free_iopfq; 339 + } 340 + dmar_writeq(iommu->reg + DMAR_PQH_REG, 0ULL); 341 + dmar_writeq(iommu->reg + DMAR_PQT_REG, 0ULL); 342 + dmar_writeq(iommu->reg + DMAR_PQA_REG, virt_to_phys(iommu->prq) | PRQ_ORDER); 343 + 344 + init_completion(&iommu->prq_complete); 345 + 346 + return 0; 347 + 348 + free_iopfq: 349 + iopf_queue_free(iommu->iopf_queue); 350 + iommu->iopf_queue = NULL; 351 + free_hwirq: 352 + dmar_free_hwirq(irq); 353 + iommu->pr_irq = 0; 354 + free_prq: 355 + iommu_free_pages(iommu->prq, PRQ_ORDER); 356 + iommu->prq = NULL; 357 + 358 + return ret; 359 + } 360 + 361 + int intel_iommu_finish_prq(struct intel_iommu *iommu) 362 + { 363 + dmar_writeq(iommu->reg + DMAR_PQH_REG, 0ULL); 364 + dmar_writeq(iommu->reg + DMAR_PQT_REG, 0ULL); 365 + dmar_writeq(iommu->reg + DMAR_PQA_REG, 0ULL); 366 + 367 + if (iommu->pr_irq) { 368 + free_irq(iommu->pr_irq, iommu); 369 + dmar_free_hwirq(iommu->pr_irq); 370 + iommu->pr_irq = 0; 371 + } 372 + 373 + if (iommu->iopf_queue) { 374 + iopf_queue_free(iommu->iopf_queue); 375 + iommu->iopf_queue = NULL; 376 + } 377 + 378 + iommu_free_pages(iommu->prq, PRQ_ORDER); 379 + iommu->prq = NULL; 380 + 381 + return 0; 382 + } 383 + 384 + void intel_iommu_page_response(struct device *dev, struct iopf_fault *evt, 385 + struct iommu_page_response *msg) 386 + { 387 + struct device_domain_info *info = dev_iommu_priv_get(dev); 388 + struct intel_iommu *iommu = info->iommu; 389 + u8 bus = info->bus, devfn = info->devfn; 390 + struct iommu_fault_page_request *prm; 391 + struct qi_desc desc; 392 + bool pasid_present; 393 + bool last_page; 394 + u16 sid; 395 + 396 + prm = &evt->fault.prm; 397 + sid = PCI_DEVID(bus, devfn); 398 + pasid_present = prm->flags & IOMMU_FAULT_PAGE_REQUEST_PASID_VALID; 399 + last_page = prm->flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE; 400 + 401 + desc.qw0 = QI_PGRP_PASID(prm->pasid) | QI_PGRP_DID(sid) | 402 + QI_PGRP_PASID_P(pasid_present) | 403 + QI_PGRP_RESP_CODE(msg->code) | 404 + QI_PGRP_RESP_TYPE; 405 + desc.qw1 = QI_PGRP_IDX(prm->grpid) | QI_PGRP_LPIG(last_page); 406 + desc.qw2 = 0; 407 + desc.qw3 = 0; 408 + 409 + qi_submit_sync(iommu, &desc, 1, 0); 410 + }

-397

drivers/iommu/intel/svm.c

··· 25 25 #include "../iommu-pages.h" 26 26 #include "trace.h" 27 27 28 - static irqreturn_t prq_event_thread(int irq, void *d); 29 - 30 - int intel_svm_enable_prq(struct intel_iommu *iommu) 31 - { 32 - struct iopf_queue *iopfq; 33 - int irq, ret; 34 - 35 - iommu->prq = iommu_alloc_pages_node(iommu->node, GFP_KERNEL, PRQ_ORDER); 36 - if (!iommu->prq) { 37 - pr_warn("IOMMU: %s: Failed to allocate page request queue\n", 38 - iommu->name); 39 - return -ENOMEM; 40 - } 41 - 42 - irq = dmar_alloc_hwirq(IOMMU_IRQ_ID_OFFSET_PRQ + iommu->seq_id, iommu->node, iommu); 43 - if (irq <= 0) { 44 - pr_err("IOMMU: %s: Failed to create IRQ vector for page request queue\n", 45 - iommu->name); 46 - ret = -EINVAL; 47 - goto free_prq; 48 - } 49 - iommu->pr_irq = irq; 50 - 51 - snprintf(iommu->iopfq_name, sizeof(iommu->iopfq_name), 52 - "dmar%d-iopfq", iommu->seq_id); 53 - iopfq = iopf_queue_alloc(iommu->iopfq_name); 54 - if (!iopfq) { 55 - pr_err("IOMMU: %s: Failed to allocate iopf queue\n", iommu->name); 56 - ret = -ENOMEM; 57 - goto free_hwirq; 58 - } 59 - iommu->iopf_queue = iopfq; 60 - 61 - snprintf(iommu->prq_name, sizeof(iommu->prq_name), "dmar%d-prq", iommu->seq_id); 62 - 63 - ret = request_threaded_irq(irq, NULL, prq_event_thread, IRQF_ONESHOT, 64 - iommu->prq_name, iommu); 65 - if (ret) { 66 - pr_err("IOMMU: %s: Failed to request IRQ for page request queue\n", 67 - iommu->name); 68 - goto free_iopfq; 69 - } 70 - dmar_writeq(iommu->reg + DMAR_PQH_REG, 0ULL); 71 - dmar_writeq(iommu->reg + DMAR_PQT_REG, 0ULL); 72 - dmar_writeq(iommu->reg + DMAR_PQA_REG, virt_to_phys(iommu->prq) | PRQ_ORDER); 73 - 74 - init_completion(&iommu->prq_complete); 75 - 76 - return 0; 77 - 78 - free_iopfq: 79 - iopf_queue_free(iommu->iopf_queue); 80 - iommu->iopf_queue = NULL; 81 - free_hwirq: 82 - dmar_free_hwirq(irq); 83 - iommu->pr_irq = 0; 84 - free_prq: 85 - iommu_free_pages(iommu->prq, PRQ_ORDER); 86 - iommu->prq = NULL; 87 - 88 - return ret; 89 - } 90 - 91 - int intel_svm_finish_prq(struct intel_iommu *iommu) 92 - { 93 - dmar_writeq(iommu->reg + DMAR_PQH_REG, 0ULL); 94 - dmar_writeq(iommu->reg + DMAR_PQT_REG, 0ULL); 95 - dmar_writeq(iommu->reg + DMAR_PQA_REG, 0ULL); 96 - 97 - if (iommu->pr_irq) { 98 - free_irq(iommu->pr_irq, iommu); 99 - dmar_free_hwirq(iommu->pr_irq); 100 - iommu->pr_irq = 0; 101 - } 102 - 103 - if (iommu->iopf_queue) { 104 - iopf_queue_free(iommu->iopf_queue); 105 - iommu->iopf_queue = NULL; 106 - } 107 - 108 - iommu_free_pages(iommu->prq, PRQ_ORDER); 109 - iommu->prq = NULL; 110 - 111 - return 0; 112 - } 113 - 114 28 void intel_svm_check(struct intel_iommu *iommu) 115 29 { 116 30 if (!pasid_supported(iommu)) ··· 152 238 kfree(dev_pasid); 153 239 154 240 return ret; 155 - } 156 - 157 - /* Page request queue descriptor */ 158 - struct page_req_dsc { 159 - union { 160 - struct { 161 - u64 type:8; 162 - u64 pasid_present:1; 163 - u64 rsvd:7; 164 - u64 rid:16; 165 - u64 pasid:20; 166 - u64 exe_req:1; 167 - u64 pm_req:1; 168 - u64 rsvd2:10; 169 - }; 170 - u64 qw_0; 171 - }; 172 - union { 173 - struct { 174 - u64 rd_req:1; 175 - u64 wr_req:1; 176 - u64 lpig:1; 177 - u64 prg_index:9; 178 - u64 addr:52; 179 - }; 180 - u64 qw_1; 181 - }; 182 - u64 qw_2; 183 - u64 qw_3; 184 - }; 185 - 186 - static bool is_canonical_address(u64 addr) 187 - { 188 - int shift = 64 - (__VIRTUAL_MASK_SHIFT + 1); 189 - long saddr = (long) addr; 190 - 191 - return (((saddr << shift) >> shift) == saddr); 192 - } 193 - 194 - /** 195 - * intel_drain_pasid_prq - Drain page requests and responses for a pasid 196 - * @dev: target device 197 - * @pasid: pasid for draining 198 - * 199 - * Drain all pending page requests and responses related to @pasid in both 200 - * software and hardware. This is supposed to be called after the device 201 - * driver has stopped DMA, the pasid entry has been cleared, and both IOTLB 202 - * and DevTLB have been invalidated. 203 - * 204 - * It waits until all pending page requests for @pasid in the page fault 205 - * queue are completed by the prq handling thread. Then follow the steps 206 - * described in VT-d spec CH7.10 to drain all page requests and page 207 - * responses pending in the hardware. 208 - */ 209 - void intel_drain_pasid_prq(struct device *dev, u32 pasid) 210 - { 211 - struct device_domain_info *info; 212 - struct dmar_domain *domain; 213 - struct intel_iommu *iommu; 214 - struct qi_desc desc[3]; 215 - struct pci_dev *pdev; 216 - int head, tail; 217 - u16 sid, did; 218 - int qdep; 219 - 220 - info = dev_iommu_priv_get(dev); 221 - if (WARN_ON(!info || !dev_is_pci(dev))) 222 - return; 223 - 224 - if (!info->pri_enabled) 225 - return; 226 - 227 - iommu = info->iommu; 228 - domain = info->domain; 229 - pdev = to_pci_dev(dev); 230 - sid = PCI_DEVID(info->bus, info->devfn); 231 - did = domain ? domain_id_iommu(domain, iommu) : FLPT_DEFAULT_DID; 232 - qdep = pci_ats_queue_depth(pdev); 233 - 234 - /* 235 - * Check and wait until all pending page requests in the queue are 236 - * handled by the prq handling thread. 237 - */ 238 - prq_retry: 239 - reinit_completion(&iommu->prq_complete); 240 - tail = dmar_readq(iommu->reg + DMAR_PQT_REG) & PRQ_RING_MASK; 241 - head = dmar_readq(iommu->reg + DMAR_PQH_REG) & PRQ_RING_MASK; 242 - while (head != tail) { 243 - struct page_req_dsc *req; 244 - 245 - req = &iommu->prq[head / sizeof(*req)]; 246 - if (!req->pasid_present || req->pasid != pasid) { 247 - head = (head + sizeof(*req)) & PRQ_RING_MASK; 248 - continue; 249 - } 250 - 251 - wait_for_completion(&iommu->prq_complete); 252 - goto prq_retry; 253 - } 254 - 255 - iopf_queue_flush_dev(dev); 256 - 257 - /* 258 - * Perform steps described in VT-d spec CH7.10 to drain page 259 - * requests and responses in hardware. 260 - */ 261 - memset(desc, 0, sizeof(desc)); 262 - desc[0].qw0 = QI_IWD_STATUS_DATA(QI_DONE) | 263 - QI_IWD_FENCE | 264 - QI_IWD_TYPE; 265 - desc[1].qw0 = QI_EIOTLB_PASID(pasid) | 266 - QI_EIOTLB_DID(did) | 267 - QI_EIOTLB_GRAN(QI_GRAN_NONG_PASID) | 268 - QI_EIOTLB_TYPE; 269 - desc[2].qw0 = QI_DEV_EIOTLB_PASID(pasid) | 270 - QI_DEV_EIOTLB_SID(sid) | 271 - QI_DEV_EIOTLB_QDEP(qdep) | 272 - QI_DEIOTLB_TYPE | 273 - QI_DEV_IOTLB_PFSID(info->pfsid); 274 - qi_retry: 275 - reinit_completion(&iommu->prq_complete); 276 - qi_submit_sync(iommu, desc, 3, QI_OPT_WAIT_DRAIN); 277 - if (readl(iommu->reg + DMAR_PRS_REG) & DMA_PRS_PRO) { 278 - wait_for_completion(&iommu->prq_complete); 279 - goto qi_retry; 280 - } 281 - } 282 - 283 - static int prq_to_iommu_prot(struct page_req_dsc *req) 284 - { 285 - int prot = 0; 286 - 287 - if (req->rd_req) 288 - prot |= IOMMU_FAULT_PERM_READ; 289 - if (req->wr_req) 290 - prot |= IOMMU_FAULT_PERM_WRITE; 291 - if (req->exe_req) 292 - prot |= IOMMU_FAULT_PERM_EXEC; 293 - if (req->pm_req) 294 - prot |= IOMMU_FAULT_PERM_PRIV; 295 - 296 - return prot; 297 - } 298 - 299 - static void intel_svm_prq_report(struct intel_iommu *iommu, struct device *dev, 300 - struct page_req_dsc *desc) 301 - { 302 - struct iopf_fault event = { }; 303 - 304 - /* Fill in event data for device specific processing */ 305 - event.fault.type = IOMMU_FAULT_PAGE_REQ; 306 - event.fault.prm.addr = (u64)desc->addr << VTD_PAGE_SHIFT; 307 - event.fault.prm.pasid = desc->pasid; 308 - event.fault.prm.grpid = desc->prg_index; 309 - event.fault.prm.perm = prq_to_iommu_prot(desc); 310 - 311 - if (desc->lpig) 312 - event.fault.prm.flags |= IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE; 313 - if (desc->pasid_present) { 314 - event.fault.prm.flags |= IOMMU_FAULT_PAGE_REQUEST_PASID_VALID; 315 - event.fault.prm.flags |= IOMMU_FAULT_PAGE_RESPONSE_NEEDS_PASID; 316 - } 317 - 318 - iommu_report_device_fault(dev, &event); 319 - } 320 - 321 - static void handle_bad_prq_event(struct intel_iommu *iommu, 322 - struct page_req_dsc *req, int result) 323 - { 324 - struct qi_desc desc = { }; 325 - 326 - pr_err("%s: Invalid page request: %08llx %08llx\n", 327 - iommu->name, ((unsigned long long *)req)[0], 328 - ((unsigned long long *)req)[1]); 329 - 330 - if (!req->lpig) 331 - return; 332 - 333 - desc.qw0 = QI_PGRP_PASID(req->pasid) | 334 - QI_PGRP_DID(req->rid) | 335 - QI_PGRP_PASID_P(req->pasid_present) | 336 - QI_PGRP_RESP_CODE(result) | 337 - QI_PGRP_RESP_TYPE; 338 - desc.qw1 = QI_PGRP_IDX(req->prg_index) | 339 - QI_PGRP_LPIG(req->lpig); 340 - 341 - qi_submit_sync(iommu, &desc, 1, 0); 342 - } 343 - 344 - static irqreturn_t prq_event_thread(int irq, void *d) 345 - { 346 - struct intel_iommu *iommu = d; 347 - struct page_req_dsc *req; 348 - int head, tail, handled; 349 - struct device *dev; 350 - u64 address; 351 - 352 - /* 353 - * Clear PPR bit before reading head/tail registers, to ensure that 354 - * we get a new interrupt if needed. 355 - */ 356 - writel(DMA_PRS_PPR, iommu->reg + DMAR_PRS_REG); 357 - 358 - tail = dmar_readq(iommu->reg + DMAR_PQT_REG) & PRQ_RING_MASK; 359 - head = dmar_readq(iommu->reg + DMAR_PQH_REG) & PRQ_RING_MASK; 360 - handled = (head != tail); 361 - while (head != tail) { 362 - req = &iommu->prq[head / sizeof(*req)]; 363 - address = (u64)req->addr << VTD_PAGE_SHIFT; 364 - 365 - if (unlikely(!req->pasid_present)) { 366 - pr_err("IOMMU: %s: Page request without PASID\n", 367 - iommu->name); 368 - bad_req: 369 - handle_bad_prq_event(iommu, req, QI_RESP_INVALID); 370 - goto prq_advance; 371 - } 372 - 373 - if (unlikely(!is_canonical_address(address))) { 374 - pr_err("IOMMU: %s: Address is not canonical\n", 375 - iommu->name); 376 - goto bad_req; 377 - } 378 - 379 - if (unlikely(req->pm_req && (req->rd_req | req->wr_req))) { 380 - pr_err("IOMMU: %s: Page request in Privilege Mode\n", 381 - iommu->name); 382 - goto bad_req; 383 - } 384 - 385 - if (unlikely(req->exe_req && req->rd_req)) { 386 - pr_err("IOMMU: %s: Execution request not supported\n", 387 - iommu->name); 388 - goto bad_req; 389 - } 390 - 391 - /* Drop Stop Marker message. No need for a response. */ 392 - if (unlikely(req->lpig && !req->rd_req && !req->wr_req)) 393 - goto prq_advance; 394 - 395 - /* 396 - * If prq is to be handled outside iommu driver via receiver of 397 - * the fault notifiers, we skip the page response here. 398 - */ 399 - mutex_lock(&iommu->iopf_lock); 400 - dev = device_rbtree_find(iommu, req->rid); 401 - if (!dev) { 402 - mutex_unlock(&iommu->iopf_lock); 403 - goto bad_req; 404 - } 405 - 406 - intel_svm_prq_report(iommu, dev, req); 407 - trace_prq_report(iommu, dev, req->qw_0, req->qw_1, 408 - req->qw_2, req->qw_3, 409 - iommu->prq_seq_number++); 410 - mutex_unlock(&iommu->iopf_lock); 411 - prq_advance: 412 - head = (head + sizeof(*req)) & PRQ_RING_MASK; 413 - } 414 - 415 - dmar_writeq(iommu->reg + DMAR_PQH_REG, tail); 416 - 417 - /* 418 - * Clear the page request overflow bit and wake up all threads that 419 - * are waiting for the completion of this handling. 420 - */ 421 - if (readl(iommu->reg + DMAR_PRS_REG) & DMA_PRS_PRO) { 422 - pr_info_ratelimited("IOMMU: %s: PRQ overflow detected\n", 423 - iommu->name); 424 - head = dmar_readq(iommu->reg + DMAR_PQH_REG) & PRQ_RING_MASK; 425 - tail = dmar_readq(iommu->reg + DMAR_PQT_REG) & PRQ_RING_MASK; 426 - if (head == tail) { 427 - iopf_queue_discard_partial(iommu->iopf_queue); 428 - writel(DMA_PRS_PRO, iommu->reg + DMAR_PRS_REG); 429 - pr_info_ratelimited("IOMMU: %s: PRQ overflow cleared", 430 - iommu->name); 431 - } 432 - } 433 - 434 - if (!completion_done(&iommu->prq_complete)) 435 - complete(&iommu->prq_complete); 436 - 437 - return IRQ_RETVAL(handled); 438 - } 439 - 440 - void intel_svm_page_response(struct device *dev, struct iopf_fault *evt, 441 - struct iommu_page_response *msg) 442 - { 443 - struct device_domain_info *info = dev_iommu_priv_get(dev); 444 - struct intel_iommu *iommu = info->iommu; 445 - u8 bus = info->bus, devfn = info->devfn; 446 - struct iommu_fault_page_request *prm; 447 - struct qi_desc desc; 448 - bool pasid_present; 449 - bool last_page; 450 - u16 sid; 451 - 452 - prm = &evt->fault.prm; 453 - sid = PCI_DEVID(bus, devfn); 454 - pasid_present = prm->flags & IOMMU_FAULT_PAGE_REQUEST_PASID_VALID; 455 - last_page = prm->flags & IOMMU_FAULT_PAGE_REQUEST_LAST_PAGE; 456 - 457 - desc.qw0 = QI_PGRP_PASID(prm->pasid) | QI_PGRP_DID(sid) | 458 - QI_PGRP_PASID_P(pasid_present) | 459 - QI_PGRP_RESP_CODE(msg->code) | 460 - QI_PGRP_RESP_TYPE; 461 - desc.qw1 = QI_PGRP_IDX(prm->grpid) | QI_PGRP_LPIG(last_page); 462 - desc.qw2 = 0; 463 - desc.qw3 = 0; 464 - 465 - qi_submit_sync(iommu, &desc, 1, 0); 466 241 } 467 242 468 243 static void intel_svm_domain_free(struct iommu_domain *domain)