lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <57435AA1.3090602@arm.com>
Date:	Mon, 23 May 2016 20:31:45 +0100
From:	Robin Murphy <robin.murphy@....com>
To:	honghui.zhang@...iatek.com, joro@...tes.org, treding@...dia.com,
	mark.rutland@....com, matthias.bgg@...il.com, robh@...nel.org
Cc:	p.zabel@...gutronix.de, devicetree@...r.kernel.org,
	pebolle@...cali.nl, kendrick.hsu@...iatek.com, arnd@...db.de,
	srv_heupstream@...iatek.com, catalin.marinas@....com,
	will.deacon@....com, linux-kernel@...r.kernel.org,
	tfiga@...gle.com, iommu@...ts.linux-foundation.org,
	robh+dt@...nel.org, djkurtz@...gle.com, kernel@...gutronix.de,
	linux-mediatek@...ts.infradead.org,
	linux-arm-kernel@...ts.infradead.org, l.stach@...gutronix.de,
	yingjoe.chen@...iatek.com, eddie.huang@...iatek.com,
	youlin.pei@...iatek.com, erin.lo@...iatek.com
Subject: Re: [PATCH v2 4/5] iommu/mediatek: add support for mtk iommu
 generation one HW

On 19/05/16 12:49, honghui.zhang@...iatek.com wrote:
> From: Honghui Zhang <honghui.zhang@...iatek.com>
>
> Mediatek SoC's M4U has two generations of HW architcture. Generation one
> uses flat, one layer pagetable, and was shipped with ARM architecture, it
> only supports 4K size page mapping. MT2701 SoC uses this generation one
> m4u HW. Generation two uses the ARM short-descriptor translation table
> format for address translation, and was shipped with ARM64 architecture,
> MT8173 uses this generation two m4u HW. All the two generation iommu HW
> only have one iommu domain, and all its iommu clients share the same
> iova address.
>
> These two generation m4u HW have slit different register groups and
> register offset, but most register names are the same. This patch add iommu
> support for mediatek SoC mt2701.
>
> Signed-off-by: Honghui Zhang <honghui.zhang@...iatek.com>
> ---
>   drivers/iommu/Kconfig        |  19 ++
>   drivers/iommu/Makefile       |   1 +
>   drivers/iommu/mtk_iommu.h    |   3 +
>   drivers/iommu/mtk_iommu_v1.c | 742 +++++++++++++++++++++++++++++++++++++++++++
>   4 files changed, 765 insertions(+)
>   create mode 100644 drivers/iommu/mtk_iommu_v1.c
>
> diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig
> index dd1dc39..2e17d70 100644
> --- a/drivers/iommu/Kconfig
> +++ b/drivers/iommu/Kconfig
> @@ -354,4 +354,23 @@ config MTK_IOMMU
>
>   	  If unsure, say N here.
>
> +config MTK_IOMMU_V1
> +	bool "MTK IOMMU Version 1 (M4U gen1) Support"
> +	depends on ARM || ARM64

The commit message states that gen1 shipped in 32-bit hardware, and 
64-bit hardware has gen2, which implies that ARM64 here is unnecessary - 
does any SoC with 64-bit-capable CPUs and a gen1 IOMMU actually exist?

> +	depends on ARCH_MEDIATEK || COMPILE_TEST
> +	select ARM_DMA_USE_IOMMU
> +	select IOMMU_API
> +	select IOMMU_DMA

Either way you don't need this - arm64 already selects it as necessary, 
and it's not used on 32-bit.

> +	select MEMORY
> +	select MTK_SMI
> +	select COMMON_CLK_MT2701_MMSYS
> +	select COMMON_CLK_MT2701_IMGSYS
> +	select COMMON_CLK_MT2701_VDECSYS
> +	help
> +	  Support for the M4U on certain Mediatek SoCs. M4U generation 1 HW is
> +	  Multimedia Memory Managememt Unit. This option enables remapping of
> +	  DMA memory accesses for the multimedia subsystem.
> +
> +	  if unsure, say N here.
> +
>   endif # IOMMU_SUPPORT
> diff --git a/drivers/iommu/Makefile b/drivers/iommu/Makefile
> index c6edb31..778baf5 100644
> --- a/drivers/iommu/Makefile
> +++ b/drivers/iommu/Makefile
> @@ -18,6 +18,7 @@ obj-$(CONFIG_INTEL_IOMMU_SVM) += intel-svm.o
>   obj-$(CONFIG_IPMMU_VMSA) += ipmmu-vmsa.o
>   obj-$(CONFIG_IRQ_REMAP) += intel_irq_remapping.o irq_remapping.o
>   obj-$(CONFIG_MTK_IOMMU) += mtk_iommu.o
> +obj-$(CONFIG_MTK_IOMMU_V1) += mtk_iommu_v1.o
>   obj-$(CONFIG_OMAP_IOMMU) += omap-iommu.o
>   obj-$(CONFIG_OMAP_IOMMU_DEBUG) += omap-iommu-debug.o
>   obj-$(CONFIG_ROCKCHIP_IOMMU) += rockchip-iommu.o
> diff --git a/drivers/iommu/mtk_iommu.h b/drivers/iommu/mtk_iommu.h
> index 5656355..8d60f21 100644
> --- a/drivers/iommu/mtk_iommu.h
> +++ b/drivers/iommu/mtk_iommu.h
> @@ -48,6 +48,9 @@ struct mtk_iommu_domain {
>   	struct io_pgtable_ops		*iop;
>
>   	struct iommu_domain		domain;
> +	void				*pgt_va;
> +	dma_addr_t			pgt_pa;
> +	void				*cookie;

These are going to be mutually exclusive with the cfg and iop members, 
which implies it might be a good idea to use a union and not waste 
space. Or better, just forward-declare struct mtk_iommu_domain here and 
leave separate definitions private to each driver. The void *cookie is 
also an unnecessary level of abstraction, I think.

>   };
>
>   struct mtk_iommu_data {
> diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c
> new file mode 100644
> index 0000000..55023e1
> --- /dev/null
> +++ b/drivers/iommu/mtk_iommu_v1.c
> @@ -0,0 +1,742 @@
> +/*
> + * Copyright (c) 2015-2016 MediaTek Inc.
> + * Author: Yong Wu <yong.wu@...iatek.com>

Nit: is that in the sense that this patch should also have Yong's 
signed-off-by on it, or in that it's your work derived from his version 
in mtk_iommu.c?

> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + */
> +#include <linux/bootmem.h>
> +#include <linux/bug.h>
> +#include <linux/clk.h>
> +#include <linux/component.h>
> +#include <linux/device.h>
> +#include <linux/dma-iommu.h>
> +#include <linux/err.h>
> +#include <linux/interrupt.h>
> +#include <linux/io.h>
> +#include <linux/iommu.h>
> +#include <linux/iopoll.h>
> +#include <linux/kmemleak.h>
> +#include <linux/list.h>
> +#include <linux/of_address.h>
> +#include <linux/of_iommu.h>
> +#include <linux/of_irq.h>
> +#include <linux/of_platform.h>
> +#include <linux/platform_device.h>
> +#include <linux/slab.h>
> +#include <linux/spinlock.h>
> +#include <asm/barrier.h>
> +#include <asm/dma-iommu.h>
> +#include <linux/module.h>
> +#include <dt-bindings/memory/mt2701-larb-port.h>
> +#include <soc/mediatek/smi.h>
> +#include "mtk_iommu.h"
> +
> +#define REG_MMU_PT_BASE_ADDR			0x000
> +
> +#define F_ALL_INVLD				0x2
> +#define F_MMU_INV_RANGE				0x1
> +#define F_INVLD_EN0				BIT(0)
> +#define F_INVLD_EN1				BIT(1)
> +
> +#define F_MMU_FAULT_VA_MSK			0xfffff000
> +#define MTK_PROTECT_PA_ALIGN			128
> +
> +#define REG_MMU_CTRL_REG			0x210
> +#define F_MMU_CTRL_COHERENT_EN			BIT(8)
> +#define REG_MMU_IVRP_PADDR			0x214
> +#define REG_MMU_INT_CONTROL			0x220
> +#define F_INT_TRANSLATION_FAULT			BIT(0)
> +#define F_INT_MAIN_MULTI_HIT_FAULT		BIT(1)
> +#define F_INT_INVALID_PA_FAULT			BIT(2)
> +#define F_INT_ENTRY_REPLACEMENT_FAULT		BIT(3)
> +#define F_INT_TABLE_WALK_FAULT			BIT(4)
> +#define F_INT_TLB_MISS_FAULT			BIT(5)
> +#define F_INT_PFH_DMA_FIFO_OVERFLOW		BIT(6)
> +#define F_INT_MISS_DMA_FIFO_OVERFLOW		BIT(7)
> +
> +#define F_MMU_TF_PROTECT_SEL(prot)		(((prot) & 0x3) << 5)
> +#define F_INT_CLR_BIT				BIT(12)
> +
> +#define REG_MMU_FAULT_ST			0x224
> +#define REG_MMU_FAULT_VA			0x228
> +#define REG_MMU_INVLD_PA			0x22C
> +#define REG_MMU_INT_ID				0x388
> +#define REG_MMU_INVALIDATE			0x5c0
> +#define REG_MMU_INVLD_START_A			0x5c4
> +#define REG_MMU_INVLD_END_A			0x5c8
> +
> +#define REG_MMU_INV_SEL				0x5d8
> +#define REG_MMU_STANDARD_AXI_MODE		0x5e8
> +
> +#define REG_MMU_DCM				0x5f0
> +#define F_MMU_DCM_ON				BIT(1)
> +#define REG_MMU_CPE_DONE			0x60c
> +#define F_DESC_VALID				0x2
> +#define F_DESC_NONSEC				BIT(3)
> +#define MT2701_M4U_TF_LARB(TF)			(6 - (((TF) >> 13) & 0x7))
> +#define MT2701_M4U_TF_PORT(TF)			(((TF) >> 8) & 0xF)
> +/* MTK generation one iommu HW only support 4K size mapping */
> +#define MT2701_IOMMU_PAGE_SHIFT			12
> +#define MT2701_IOMMU_PAGE_SIZE			(1UL << MT2701_IOMMU_PAGE_SHIFT)
> +
> +/*
> + * MTK m4u support 4GB iova address space, and oly support 4K page

Nit: s/oly/only/

> + * mapping. So the pagetable size should be exactly as 4M.
> + */
> +#define M2701_IOMMU_PGT_SIZE			SZ_4M
> +
> +static const int mt2701_m4u_in_larb[] = {
> +	LARB0_PORT_OFFSET, LARB1_PORT_OFFSET,
> +	LARB2_PORT_OFFSET, LARB3_PORT_OFFSET
> +};
> +
> +static inline int mt2701_m4u_to_larb(int id)
> +{
> +	int i;
> +
> +	for (i = ARRAY_SIZE(mt2701_m4u_in_larb); i >= 0; i--)
> +		if ((id) >= mt2701_m4u_in_larb[i])
> +			return i;
> +
> +	return 0;
> +}

As far as I can tell, this is going to dereference mt2701_m4u_in_larb[4] 
on the first iteration. Not good.

> +
> +static inline int mt2701_m4u_to_port(int id)
> +{
> +	int larb = mt2701_m4u_to_larb(id);
> +
> +	return id - mt2701_m4u_in_larb[larb];
> +}
> +
> +static void mtk_iommu_tlb_flush_all(void *cookie)
> +{
> +	struct mtk_iommu_data *data = cookie;

You're not bound by the using the io-pgtable TLB ops interface here, so 
just make the argument of type struct mtk_iommu_data*.

> +
> +	writel_relaxed(F_INVLD_EN1 | F_INVLD_EN0,
> +			data->base + REG_MMU_INV_SEL);
> +	writel_relaxed(F_ALL_INVLD, data->base + REG_MMU_INVALIDATE);
> +	wmb(); /* Make sure the tlb flush all done */
> +}
> +
> +static void mtk_iommu_tlb_flush_range(void *cookie,
> +				unsigned long iova, size_t size)
> +{
> +	struct mtk_iommu_data *data = cookie;

Ditto.

> +	int ret;
> +	u32 tmp;
> +
> +	writel_relaxed(F_INVLD_EN1 | F_INVLD_EN0,
> +		data->base + REG_MMU_INV_SEL);
> +	writel_relaxed(iova & F_MMU_FAULT_VA_MSK,
> +		data->base + REG_MMU_INVLD_START_A);
> +	writel_relaxed((iova + size - 1) & F_MMU_FAULT_VA_MSK,
> +		data->base + REG_MMU_INVLD_END_A);
> +	writel_relaxed(F_MMU_INV_RANGE, data->base + REG_MMU_INVALIDATE);
> +
> +	ret = readl_poll_timeout_atomic(data->base + REG_MMU_CPE_DONE,
> +				tmp, tmp != 0, 10, 100000);
> +	if (ret) {
> +		dev_warn(data->dev,
> +			 "Partial TLB flush timed out, falling back to full flush\n");
> +		mtk_iommu_tlb_flush_all(cookie);
> +	}
> +	/* Clear the CPE status */
> +	writel_relaxed(0, data->base + REG_MMU_CPE_DONE);
> +}
> +
> +static irqreturn_t mtk_iommu_isr(int irq, void *dev_id)
> +{
> +	struct mtk_iommu_data *data = dev_id;
> +	struct mtk_iommu_domain *dom = data->m4u_dom;
> +	u32 int_state, regval, fault_iova, fault_pa;
> +	unsigned int fault_larb, fault_port;
> +
> +	/* Read error information from registers */
> +	int_state = readl_relaxed(data->base + REG_MMU_FAULT_ST);
> +	fault_iova = readl_relaxed(data->base + REG_MMU_FAULT_VA);
> +
> +	fault_iova &= F_MMU_FAULT_VA_MSK;
> +	fault_pa = readl_relaxed(data->base + REG_MMU_INVLD_PA);
> +	regval = readl_relaxed(data->base + REG_MMU_INT_ID);
> +	fault_larb = MT2701_M4U_TF_LARB(regval);
> +	fault_port = MT2701_M4U_TF_PORT(regval);
> +
> +	/*
> +	 * MTK v1 iommu HW could not determin whether the fault is read or

Nit: s/determin/determine/

> +	 * write fault, report as read fault.
> +	 */
> +	if (report_iommu_fault(&dom->domain, data->dev, fault_iova,
> +			IOMMU_FAULT_READ))
> +		dev_err_ratelimited(data->dev,
> +			"fault type=0x%x iova=0x%x pa=0x%x larb=%d port=%d\n",
> +			int_state, fault_iova, fault_pa,
> +			fault_larb, fault_port);
> +
> +	/* Interrupt clear */
> +	regval = readl_relaxed(data->base + REG_MMU_INT_CONTROL);
> +	regval |= F_INT_CLR_BIT;
> +	writel_relaxed(regval, data->base + REG_MMU_INT_CONTROL);
> +
> +	mtk_iommu_tlb_flush_all(data);
> +
> +	return IRQ_HANDLED;
> +}
> +
> +static void mtk_iommu_config(struct mtk_iommu_data *data,
> +			     struct device *dev, bool enable)
> +{
> +	struct mtk_iommu_client_priv *head, *cur, *next;
> +	struct mtk_smi_larb_iommu    *larb_mmu;
> +	unsigned int                 larbid, portid;
> +
> +	head = dev->archdata.iommu;
> +	list_for_each_entry_safe(cur, next, &head->client, client) {
> +		larbid = mt2701_m4u_to_larb(cur->mtk_m4u_id);
> +		portid = mt2701_m4u_to_port(cur->mtk_m4u_id);
> +		larb_mmu = &data->smi_imu.larb_imu[larbid];
> +
> +		dev_dbg(dev, "%s iommu port: %d\n",
> +			enable ? "enable" : "disable", portid);
> +
> +		if (enable)
> +			larb_mmu->mmu |= MTK_SMI_MMU_EN(portid);
> +		else
> +			larb_mmu->mmu &= ~MTK_SMI_MMU_EN(portid);
> +	}
> +}
> +
> +static void *mtk_iommu_alloc_pgt(struct device *dev,
> +				dma_addr_t *dma, gfp_t gfp)
> +{
> +	void *pages = dma_alloc_coherent(dev,
> +				M2701_IOMMU_PGT_SIZE, dma, gfp | __GFP_ZERO);

There's a dma_zalloc_coherent() wrapper macro you can use for that.

> +
> +	if (!pages)
> +		return NULL;
> +
> +	kmemleak_ignore(pages);

Kmemleak should be able to find the live reference in dom->pgt_va, so 
this is unnecessary - it's only there in the other code because of the 
tracking-allocations-by-physical-address trickery which you've otherwise 
gotten rid of here.

> +	return pages;
> +}
> +
> +static void mtk_iommu_free_pgt(struct device *dev,
> +				void *pages, dma_addr_t dma)
> +{
> +	dma_free_coherent(dev, M2701_IOMMU_PGT_SIZE, pages, dma);
> +}

In fact, I'd just inline the dma_{alloc,free} calls at the callsites of 
these functions, since they're sufficiently self-documenting.

> +
> +static int mtk_iommu_domain_finalise(struct mtk_iommu_data *data)
> +{
> +	struct mtk_iommu_domain *dom = data->m4u_dom;
> +
> +	spin_lock_init(&dom->pgtlock);
> +
> +	dom->pgt_va = mtk_iommu_alloc_pgt(data->dev,
> +				&dom->pgt_pa, GFP_KERNEL);
> +	if (!dom->pgt_va)
> +		return -ENOMEM;
> +
> +	writel(dom->pgt_pa, data->base + REG_MMU_PT_BASE_ADDR);
> +
> +	dom->cookie = (void *)data;
> +
> +	return 0;
> +}
> +
> +static struct iommu_domain *mtk_iommu_domain_alloc(unsigned type)
> +{
> +	struct mtk_iommu_domain *dom;
> +
> +	if (type != IOMMU_DOMAIN_UNMANAGED)
> +		return NULL;
> +
> +	dom = kzalloc(sizeof(*dom), GFP_KERNEL);
> +	if (!dom)
> +		return NULL;
> +
> +	return &dom->domain;
> +}
> +
> +static void mtk_iommu_domain_free(struct iommu_domain *domain)
> +{

The page table belongs to the domain, so it should be freed from here, 
not anywhere else.

> +	kfree(to_mtk_domain(domain));
> +}
> +
> +static int mtk_iommu_attach_device(struct iommu_domain *domain,
> +				   struct device *dev)
> +{
> +	struct mtk_iommu_domain *dom = to_mtk_domain(domain);
> +	struct mtk_iommu_client_priv *priv = dev->archdata.iommu;
> +	struct mtk_iommu_data *data;
> +	int ret;
> +
> +	if (!priv)
> +		return -ENODEV;
> +
> +	data = dev_get_drvdata(priv->m4udev);
> +	if (!data->m4u_dom) {
> +		data->m4u_dom = dom;
> +		ret = mtk_iommu_domain_finalise(data);
> +		if (ret) {
> +			data->m4u_dom = NULL;
> +			return ret;
> +		}
> +	} else if (data->m4u_dom != dom) {

This will never happen, because you make sure all devices are in the 
same group, so the IOMMU core code will always call you with the same 
domain here. You can safely just attach dev to dom.

> +		/* All the client devices should be in the same m4u domain */
> +		dev_err(dev, "try to attach into the error iommu domain\n");
> +		return -EPERM;
> +	}
> +
> +	mtk_iommu_config(data, dev, true);
> +	return 0;
> +}
> +
> +static void mtk_iommu_detach_device(struct iommu_domain *domain,
> +				    struct device *dev)
> +{
> +	struct mtk_iommu_client_priv *priv = dev->archdata.iommu;
> +	struct mtk_iommu_data *data;
> +
> +	if (!priv)
> +		return;
> +
> +	data = dev_get_drvdata(priv->m4udev);
> +	mtk_iommu_config(data, dev, false);
> +}
> +
> +static int mtk_iommu_map(struct iommu_domain *domain, unsigned long iova,
> +			 phys_addr_t paddr, size_t size, int prot)
> +{
> +	struct mtk_iommu_domain *dom = to_mtk_domain(domain);
> +	struct mtk_iommu_data *data = dom->cookie;
> +	unsigned int page_num = size >> MT2701_IOMMU_PAGE_SHIFT;
> +	unsigned long flags;
> +	unsigned int i;
> +	u32 *pgt_base_iova = dom->pgt_va;
> +	u32 pabase = (u32)paddr;
> +	int map_size = 0;
> +
> +	spin_lock_irqsave(&dom->pgtlock, flags);
> +	pgt_base_iova += iova  >> MT2701_IOMMU_PAGE_SHIFT;

It took me a while to figure out why this isn't just part of the 
initialisation expression; just make dom->pgt_va a u32* so that it can be.

> +	for (i = 0; i < page_num; i++) {
> +		if (pgt_base_iova[i])
> +			break;

The error case also needs to roll back any partial mapping it's managed 
so far - otherwise you end up making the initial problem worse by 
leaving behind yet more unexpected PTEs in areas that the caller thinks 
are unmapped.

> +		pgt_base_iova[i] = pabase | F_DESC_VALID | F_DESC_NONSEC;
> +		pabase += MT2701_IOMMU_PAGE_SIZE;
> +		map_size += MT2701_IOMMU_PAGE_SIZE;
> +	}
> +
> +	spin_unlock_irqrestore(&dom->pgtlock, flags);
> +
> +	mtk_iommu_tlb_flush_range(data, iova, size);
> +
> +	return map_size == size ? 0 : -EEXIST;
> +}
> +
> +static size_t mtk_iommu_unmap(struct iommu_domain *domain,
> +			      unsigned long iova, size_t size)
> +{
> +	struct mtk_iommu_domain *dom = to_mtk_domain(domain);
> +	struct mtk_iommu_data *data = dom->cookie;
> +	unsigned long flags;
> +	u32 *pgt_base_iova = dom->pgt_va;
> +	unsigned int page_num = size >> MT2701_IOMMU_PAGE_SHIFT;
> +
> +	spin_lock_irqsave(&dom->pgtlock, flags);
> +	pgt_base_iova += iova  >> MT2701_IOMMU_PAGE_SHIFT;

Same complaint as for mtk_iommu_map().

> +	memset(pgt_base_iova, 0, page_num * sizeof(u32));
> +
> +	spin_unlock_irqrestore(&dom->pgtlock, flags);
> +
> +	mtk_iommu_tlb_flush_range(data, iova, size);
> +
> +	return size;
> +}
> +
> +static phys_addr_t mtk_iommu_iova_to_phys(struct iommu_domain *domain,
> +					  dma_addr_t iova)
> +{
> +	struct mtk_iommu_domain *dom = to_mtk_domain(domain);
> +	unsigned long flags;
> +	phys_addr_t pa;
> +
> +	spin_lock_irqsave(&dom->pgtlock, flags);
> +	pa = *((u32 *)((u32 *)dom->pgt_va + (iova >> MT2701_IOMMU_PAGE_SHIFT)));

Yikes! _Definitely_ make dom->pgt_va a u32*.

> +	pa = pa & (~(MT2701_IOMMU_PAGE_SIZE - 1));
> +	spin_unlock_irqrestore(&dom->pgtlock, flags);
> +
> +	return pa;
> +}
> +
> +/*
> + * MTK generaion one iommu HW only support one iommu domain, and all the client

Nit: s/generaion/generation/

> + * sharing the same iova address space.
> + */
> +static int mtk_iommu_create_mapping(struct device *dev,
> +				    struct of_phandle_args *args)
> +{
> +	struct mtk_iommu_client_priv *head, *priv, *next;
> +	struct platform_device *m4updev;
> +	struct dma_iommu_mapping *mtk_mapping;
> +	struct device *m4udev;
> +	int ret;
> +
> +	if (args->args_count != 1) {
> +		dev_err(dev, "invalid #iommu-cells(%d) property for IOMMU\n",
> +			args->args_count);
> +		return -EINVAL;
> +	}
> +
> +	if (!dev->archdata.iommu) {
> +		/* Get the m4u device */
> +		m4updev = of_find_device_by_node(args->np);
> +		of_node_put(args->np);
> +		if (WARN_ON(!m4updev))
> +			return -EINVAL;
> +
> +		head = kzalloc(sizeof(*head), GFP_KERNEL);
> +		if (!head)
> +			return -ENOMEM;
> +
> +		dev->archdata.iommu = head;
> +		INIT_LIST_HEAD(&head->client);
> +		head->m4udev = &m4updev->dev;
> +	} else {
> +		head = dev->archdata.iommu;
> +	}
> +
> +	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> +	if (!priv) {
> +		ret = -ENOMEM;
> +		goto err_free_mem;
> +	}
> +	priv->mtk_m4u_id = args->args[0];
> +	list_add_tail(&priv->client, &head->client);
> +
> +	m4udev = head->m4udev;
> +	mtk_mapping = m4udev->archdata.iommu;
> +	if (!mtk_mapping) {
> +		/* MTK iommu support 4GB iova address space. */
> +		mtk_mapping = arm_iommu_create_mapping(&platform_bus_type,
> +						0, 1ULL << 32);
> +		if (IS_ERR(mtk_mapping)) {
> +			ret = PTR_ERR(mtk_mapping);
> +			goto err_free_mem;
> +		}
> +		m4udev->archdata.iommu = mtk_mapping;
> +	}
> +
> +	ret = arm_iommu_attach_device(dev, mtk_mapping);
> +	if (ret)
> +		goto err_release_mapping;
> +
> +	return 0;
> +
> +err_release_mapping:
> +	arm_iommu_release_mapping(mtk_mapping);
> +	m4udev->archdata.iommu = NULL;
> +err_free_mem:
> +	list_for_each_entry_safe(priv, next, &head->client, client)
> +		kfree(priv);
> +	kfree(head);
> +	dev->archdata.iommu = NULL;
> +	return ret;
> +}
> +
> +static int mtk_iommu_add_device(struct device *dev)
> +{
> +	struct iommu_group *group;
> +	struct device_node *np;
> +	struct of_phandle_args iommu_spec;
> +	int idx = 0;
> +
> +	while (!of_parse_phandle_with_args(dev->of_node, "iommus",
> +				   "#iommu-cells", idx,
> +				   &iommu_spec)) {

Hang on, this doesn't seem right - why do you need to reimplement all 
this instead of using IOMMU_OF_DECLARE()?

> +		np = iommu_spec.np;
> +		mtk_iommu_create_mapping(dev, &iommu_spec);
> +
> +		of_node_put(np);
> +		idx++;
> +	}
> +
> +	if (!dev->archdata.iommu) /* Not a iommu client device */
> +		return -ENODEV;
> +
> +	group = iommu_group_get_for_dev(dev);
> +	if (IS_ERR(group))
> +		return PTR_ERR(group);
> +
> +	iommu_group_put(group);
> +	return 0;
> +}
> +
> +static void mtk_iommu_remove_device(struct device *dev)
> +{
> +	struct mtk_iommu_client_priv *head, *cur, *next;
> +
> +	head = dev->archdata.iommu;
> +	if (!head)
> +		return;
> +
> +	list_for_each_entry_safe(cur, next, &head->client, client) {
> +		list_del(&cur->client);
> +		kfree(cur);
> +	}
> +	kfree(head);
> +	dev->archdata.iommu = NULL;
> +
> +	iommu_group_remove_device(dev);
> +}
> +
> +static struct iommu_group *mtk_iommu_device_group(struct device *dev)
> +{
> +	struct mtk_iommu_data *data;
> +	struct mtk_iommu_client_priv *priv;
> +
> +	priv = dev->archdata.iommu;
> +	if (!priv)
> +		return ERR_PTR(-ENODEV);
> +
> +	/* All the client devices are in the same m4u iommu-group */
> +	data = dev_get_drvdata(priv->m4udev);
> +	if (!data->m4u_group) {
> +		data->m4u_group = iommu_group_alloc();
> +		if (IS_ERR(data->m4u_group))
> +			dev_err(dev, "Failed to allocate M4U IOMMU group\n");
> +	}
> +	return data->m4u_group;
> +}
> +
> +static int mtk_iommu_hw_init(const struct mtk_iommu_data *data)
> +{
> +	u32 regval;
> +	int ret;
> +
> +	ret = clk_prepare_enable(data->bclk);
> +	if (ret) {
> +		dev_err(data->dev, "Failed to enable iommu bclk(%d)\n", ret);
> +		return ret;
> +	}
> +
> +	regval = F_MMU_CTRL_COHERENT_EN | F_MMU_TF_PROTECT_SEL(2);
> +	writel_relaxed(regval, data->base + REG_MMU_CTRL_REG);
> +
> +	regval = F_INT_TRANSLATION_FAULT |
> +		F_INT_MAIN_MULTI_HIT_FAULT |
> +		F_INT_INVALID_PA_FAULT |
> +		F_INT_ENTRY_REPLACEMENT_FAULT |
> +		F_INT_TABLE_WALK_FAULT |
> +		F_INT_TLB_MISS_FAULT |
> +		F_INT_PFH_DMA_FIFO_OVERFLOW |
> +		F_INT_MISS_DMA_FIFO_OVERFLOW;
> +	writel_relaxed(regval, data->base + REG_MMU_INT_CONTROL);
> +
> +	/* protect memory,hw will write here while translation fault */
> +	writel_relaxed(data->protect_base,
> +			data->base + REG_MMU_IVRP_PADDR);
> +
> +	writel_relaxed(F_MMU_DCM_ON, data->base + REG_MMU_DCM);
> +
> +	if (devm_request_irq(data->dev, data->irq, mtk_iommu_isr, 0,
> +			     dev_name(data->dev), (void *)data)) {
> +		writel_relaxed(0, data->base + REG_MMU_PT_BASE_ADDR);
> +		clk_disable_unprepare(data->bclk);
> +		dev_err(data->dev, "Failed @ IRQ-%d Request\n", data->irq);
> +		return -ENODEV;
> +	}
> +
> +	return 0;
> +}
> +
> +static struct iommu_ops mtk_iommu_ops = {
> +	.domain_alloc	= mtk_iommu_domain_alloc,
> +	.domain_free	= mtk_iommu_domain_free,
> +	.attach_dev	= mtk_iommu_attach_device,
> +	.detach_dev	= mtk_iommu_detach_device,
> +	.map		= mtk_iommu_map,
> +	.unmap		= mtk_iommu_unmap,
> +	.map_sg		= default_iommu_map_sg,
> +	.iova_to_phys	= mtk_iommu_iova_to_phys,
> +	.add_device	= mtk_iommu_add_device,
> +	.remove_device	= mtk_iommu_remove_device,
> +	.device_group	= mtk_iommu_device_group,
> +	.pgsize_bitmap	= ~0UL << MT2701_IOMMU_PAGE_SHIFT,
> +};
> +
> +static const struct of_device_id mtk_iommu_of_ids[] = {
> +	{ .compatible = "mediatek,mt2701-m4u", },
> +	{}
> +};
> +
> +static const struct component_master_ops mtk_iommu_com_ops = {
> +	.bind		= mtk_iommu_bind,
> +	.unbind		= mtk_iommu_unbind,
> +};
> +
> +static int mtk_iommu_probe(struct platform_device *pdev)
> +{
> +	struct mtk_iommu_data		*data;
> +	struct device			*dev = &pdev->dev;
> +	struct resource			*res;
> +	struct component_match		*match = NULL;
> +	void				*protect;
> +	int				i, larb_nr, ret;
> +
> +	data = devm_kzalloc(dev, sizeof(*data), GFP_KERNEL);
> +	if (!data)
> +		return -ENOMEM;
> +
> +	data->dev = dev;
> +
> +	/* Protect memory. HW will access here while translation fault.*/
> +	protect = devm_kzalloc(dev, MTK_PROTECT_PA_ALIGN * 2, GFP_KERNEL);

I think strictly this ought to have GFP_DMA as well.

> +	if (!protect)
> +		return -ENOMEM;
> +	data->protect_base = ALIGN(virt_to_phys(protect), MTK_PROTECT_PA_ALIGN);
> +
> +	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> +	data->base = devm_ioremap_resource(dev, res);
> +	if (IS_ERR(data->base))
> +		return PTR_ERR(data->base);
> +
> +	data->irq = platform_get_irq(pdev, 0);
> +	if (data->irq < 0)
> +		return data->irq;
> +
> +	data->bclk = devm_clk_get(dev, "bclk");
> +	if (IS_ERR(data->bclk))
> +		return PTR_ERR(data->bclk);
> +
> +	larb_nr = of_count_phandle_with_args(dev->of_node,
> +					"mediatek,larbs", NULL);
> +	if (larb_nr < 0)
> +		return larb_nr;
> +	data->smi_imu.larb_nr = larb_nr;
> +
> +	for (i = 0; i < larb_nr; i++) {
> +		struct device_node *larbnode;
> +		struct platform_device *plarbdev;

Nit: I wonder if the new of_for_each_phandle() iterator might make this 
larb-discovery logic cleaner? It might be worth a go now that that's 
landed in the current merge window.

> +
> +		larbnode = of_parse_phandle(dev->of_node, "mediatek,larbs", i);
> +		if (!larbnode)
> +			return -EINVAL;
> +
> +		if (!of_device_is_available(larbnode))
> +			continue;
> +
> +		plarbdev = of_find_device_by_node(larbnode);
> +		of_node_put(larbnode);
> +		if (!plarbdev) {
> +			plarbdev = of_platform_device_create(
> +						larbnode, NULL,
> +						platform_bus_type.dev_root);
> +			if (!plarbdev)
> +				return -EPROBE_DEFER;
> +		}
> +		data->smi_imu.larb_imu[i].dev = &plarbdev->dev;
> +
> +		component_match_add(dev, &match, compare_of, larbnode);
> +	}
> +
> +	platform_set_drvdata(pdev, data);
> +
> +	ret = mtk_iommu_hw_init(data);
> +	if (ret)
> +		return ret;
> +
> +	if (!iommu_present(&platform_bus_type))
> +		bus_set_iommu(&platform_bus_type,  &mtk_iommu_ops);
> +
> +	return component_master_add_with_match(dev, &mtk_iommu_com_ops, match);
> +}
> +
> +static int mtk_iommu_remove(struct platform_device *pdev)
> +{
> +	struct mtk_iommu_data *data = platform_get_drvdata(pdev);
> +	struct mtk_iommu_domain *dom = data->m4u_dom;
> +	struct device *dev = &pdev->dev;
> +
> +	mtk_iommu_free_pgt(dev, dom->pgt_va, dom->pgt_pa);
> +
> +	if (iommu_present(&platform_bus_type))
> +		bus_set_iommu(&platform_bus_type, NULL);
> +
> +	clk_disable_unprepare(data->bclk);
> +	devm_free_irq(&pdev->dev, data->irq, data);
> +	component_master_del(&pdev->dev, &mtk_iommu_com_ops);
> +	return 0;
> +}
> +
> +static int __maybe_unused mtk_iommu_suspend(struct device *dev)
> +{
> +	struct mtk_iommu_data *data = dev_get_drvdata(dev);
> +	struct mtk_iommu_suspend_reg *reg = &data->reg;
> +	void __iomem *base = data->base;
> +
> +	reg->standard_axi_mode = readl_relaxed(base +
> +					       REG_MMU_STANDARD_AXI_MODE);
> +	reg->dcm_dis = readl_relaxed(base + REG_MMU_DCM);
> +	reg->ctrl_reg = readl_relaxed(base + REG_MMU_CTRL_REG);
> +	reg->int_control0 = readl_relaxed(base + REG_MMU_INT_CONTROL);
> +	return 0;
> +}
> +
> +static int __maybe_unused mtk_iommu_resume(struct device *dev)
> +{
> +	struct mtk_iommu_data *data = dev_get_drvdata(dev);
> +	struct mtk_iommu_suspend_reg *reg = &data->reg;
> +	void __iomem *base = data->base;
> +
> +	writel_relaxed(data->m4u_dom->pgt_pa, base + REG_MMU_PT_BASE_ADDR);

Hmm, this looks like the only case where m4u_dom actually seems 
necessary - I'm pretty sure all the others could be fairly easily 
reworked to not use it (I might try having a quick hack at the existing 
M4U driver to see) - at which point we could just explicitly 
save/restore the base register here and get rid of m4u_dom entirely.

> +	writel_relaxed(reg->standard_axi_mode,
> +		       base + REG_MMU_STANDARD_AXI_MODE);
> +	writel_relaxed(reg->dcm_dis, base + REG_MMU_DCM);
> +	writel_relaxed(reg->ctrl_reg, base + REG_MMU_CTRL_REG);
> +	writel_relaxed(reg->int_control0, base + REG_MMU_INT_CONTROL);
> +	writel_relaxed(data->protect_base, base + REG_MMU_IVRP_PADDR);
> +	return 0;
> +}
> +
> +const struct dev_pm_ops mtk_iommu_pm_ops = {
> +	SET_SYSTEM_SLEEP_PM_OPS(mtk_iommu_suspend, mtk_iommu_resume)
> +};
> +
> +static struct platform_driver mtk_iommu_driver = {
> +	.probe	= mtk_iommu_probe,
> +	.remove	= mtk_iommu_remove,
> +	.driver	= {
> +		.name = "mtk-iommu",
> +		.of_match_table = mtk_iommu_of_ids,
> +		.pm = &mtk_iommu_pm_ops,
> +	}
> +};
> +
> +static int __init m4u_init(void)
> +{
> +	int ret;
> +
> +	ret = platform_driver_register(&mtk_iommu_driver);
> +	if (ret)
> +		bus_set_iommu(&platform_bus_type, NULL);

That doesn't seem necessary - the bus ops won't be set until having 
successfully probed an M4U, and you definitely won't have managed that 
before registering the driver ;)

Robin.

> +
> +	return ret;
> +}
> +
> +static void __exit m4u_exit(void)
> +{
> +	return platform_driver_unregister(&mtk_iommu_driver);
> +}
> +
> +subsys_initcall(m4u_init);
> +module_exit(m4u_exit);
> +
> +MODULE_DESCRIPTION("IOMMU API for MTK architected m4u v1 implementations");
> +MODULE_AUTHOR("Honghui Zhang <honghui.zhang@...iatek.com>");
> +MODULE_LICENSE("GPL v2");
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ