OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / arch / powerpc / kernel / iommu.c
blob0cfcf98aafca25e3e9cb1c210ad4f149601a9bd9
1 /*
2 * Copyright (C) 2001 Mike Corrigan & Dave Engebretsen, IBM Corporation
3 *
4 * Rewrite, cleanup, new allocation schemes, virtual merging:
5 * Copyright (C) 2004 Olof Johansson, IBM Corporation
6 * and Ben. Herrenschmidt, IBM Corporation
8 * Dynamic DMA mapping support, bus-independent parts.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include <linux/init.h>
27 #include <linux/types.h>
28 #include <linux/slab.h>
29 #include <linux/mm.h>
30 #include <linux/spinlock.h>
31 #include <linux/string.h>
32 #include <linux/dma-mapping.h>
33 #include <linux/bitmap.h>
34 #include <linux/iommu-helper.h>
35 #include <linux/crash_dump.h>
36 #include <asm/io.h>
37 #include <asm/prom.h>
38 #include <asm/iommu.h>
39 #include <asm/pci-bridge.h>
40 #include <asm/machdep.h>
41 #include <asm/kdump.h>
43 #define DBG(...)
45 static int novmerge;
47 static void __iommu_free(struct iommu_table *, dma_addr_t, unsigned int);
49 static int __init setup_iommu(char *str)
51 if (!strcmp(str, "novmerge"))
52 novmerge = 1;
53 else if (!strcmp(str, "vmerge"))
54 novmerge = 0;
55 return 1;
58 __setup("iommu=", setup_iommu);
60 static unsigned long iommu_range_alloc(struct device *dev,
61 struct iommu_table *tbl,
62 unsigned long npages,
63 unsigned long *handle,
64 unsigned long mask,
65 unsigned int align_order)
67 unsigned long n, end, start;
68 unsigned long limit;
69 int largealloc = npages > 15;
70 int pass = 0;
71 unsigned long align_mask;
72 unsigned long boundary_size;
74 align_mask = 0xffffffffffffffffl >> (64 - align_order);
76 /* This allocator was derived from x86_64's bit string search */
78 /* Sanity check */
79 if (unlikely(npages == 0)) {
80 if (printk_ratelimit())
81 WARN_ON(1);
82 return DMA_ERROR_CODE;
85 if (handle && *handle)
86 start = *handle;
87 else
88 start = largealloc ? tbl->it_largehint : tbl->it_hint;
90 /* Use only half of the table for small allocs (15 pages or less) */
91 limit = largealloc ? tbl->it_size : tbl->it_halfpoint;
93 if (largealloc && start < tbl->it_halfpoint)
94 start = tbl->it_halfpoint;
96 /* The case below can happen if we have a small segment appended
97 * to a large, or when the previous alloc was at the very end of
98 * the available space. If so, go back to the initial start.
100 if (start >= limit)
101 start = largealloc ? tbl->it_largehint : tbl->it_hint;
103 again:
105 if (limit + tbl->it_offset > mask) {
106 limit = mask - tbl->it_offset + 1;
107 /* If we're constrained on address range, first try
108 * at the masked hint to avoid O(n) search complexity,
109 * but on second pass, start at 0.
111 if ((start & mask) >= limit || pass > 0)
112 start = 0;
113 else
114 start &= mask;
117 if (dev)
118 boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
119 1 << IOMMU_PAGE_SHIFT);
120 else
121 boundary_size = ALIGN(1UL << 32, 1 << IOMMU_PAGE_SHIFT);
122 /* 4GB boundary for iseries_hv_alloc and iseries_hv_map */
124 n = iommu_area_alloc(tbl->it_map, limit, start, npages,
125 tbl->it_offset, boundary_size >> IOMMU_PAGE_SHIFT,
126 align_mask);
127 if (n == -1) {
128 if (likely(pass < 2)) {
129 /* First failure, just rescan the half of the table.
130 * Second failure, rescan the other half of the table.
132 start = (largealloc ^ pass) ? tbl->it_halfpoint : 0;
133 limit = pass ? tbl->it_size : limit;
134 pass++;
135 goto again;
136 } else {
137 /* Third failure, give up */
138 return DMA_ERROR_CODE;
142 end = n + npages;
144 /* Bump the hint to a new block for small allocs. */
145 if (largealloc) {
146 /* Don't bump to new block to avoid fragmentation */
147 tbl->it_largehint = end;
148 } else {
149 /* Overflow will be taken care of at the next allocation */
150 tbl->it_hint = (end + tbl->it_blocksize - 1) &
151 ~(tbl->it_blocksize - 1);
154 /* Update handle for SG allocations */
155 if (handle)
156 *handle = end;
158 return n;
161 static dma_addr_t iommu_alloc(struct device *dev, struct iommu_table *tbl,
162 void *page, unsigned int npages,
163 enum dma_data_direction direction,
164 unsigned long mask, unsigned int align_order,
165 struct dma_attrs *attrs)
167 unsigned long entry, flags;
168 dma_addr_t ret = DMA_ERROR_CODE;
169 int build_fail;
171 spin_lock_irqsave(&(tbl->it_lock), flags);
173 entry = iommu_range_alloc(dev, tbl, npages, NULL, mask, align_order);
175 if (unlikely(entry == DMA_ERROR_CODE)) {
176 spin_unlock_irqrestore(&(tbl->it_lock), flags);
177 return DMA_ERROR_CODE;
180 entry += tbl->it_offset; /* Offset into real TCE table */
181 ret = entry << IOMMU_PAGE_SHIFT; /* Set the return dma address */
183 /* Put the TCEs in the HW table */
184 build_fail = ppc_md.tce_build(tbl, entry, npages,
185 (unsigned long)page & IOMMU_PAGE_MASK,
186 direction, attrs);
188 /* ppc_md.tce_build() only returns non-zero for transient errors.
189 * Clean up the table bitmap in this case and return
190 * DMA_ERROR_CODE. For all other errors the functionality is
191 * not altered.
193 if (unlikely(build_fail)) {
194 __iommu_free(tbl, ret, npages);
196 spin_unlock_irqrestore(&(tbl->it_lock), flags);
197 return DMA_ERROR_CODE;
200 /* Flush/invalidate TLB caches if necessary */
201 if (ppc_md.tce_flush)
202 ppc_md.tce_flush(tbl);
204 spin_unlock_irqrestore(&(tbl->it_lock), flags);
206 /* Make sure updates are seen by hardware */
207 mb();
209 return ret;
212 static void __iommu_free(struct iommu_table *tbl, dma_addr_t dma_addr,
213 unsigned int npages)
215 unsigned long entry, free_entry;
217 entry = dma_addr >> IOMMU_PAGE_SHIFT;
218 free_entry = entry - tbl->it_offset;
220 if (((free_entry + npages) > tbl->it_size) ||
221 (entry < tbl->it_offset)) {
222 if (printk_ratelimit()) {
223 printk(KERN_INFO "iommu_free: invalid entry\n");
224 printk(KERN_INFO "\tentry = 0x%lx\n", entry);
225 printk(KERN_INFO "\tdma_addr = 0x%llx\n", (u64)dma_addr);
226 printk(KERN_INFO "\tTable = 0x%llx\n", (u64)tbl);
227 printk(KERN_INFO "\tbus# = 0x%llx\n", (u64)tbl->it_busno);
228 printk(KERN_INFO "\tsize = 0x%llx\n", (u64)tbl->it_size);
229 printk(KERN_INFO "\tstartOff = 0x%llx\n", (u64)tbl->it_offset);
230 printk(KERN_INFO "\tindex = 0x%llx\n", (u64)tbl->it_index);
231 WARN_ON(1);
233 return;
236 ppc_md.tce_free(tbl, entry, npages);
237 bitmap_clear(tbl->it_map, free_entry, npages);
240 static void iommu_free(struct iommu_table *tbl, dma_addr_t dma_addr,
241 unsigned int npages)
243 unsigned long flags;
245 spin_lock_irqsave(&(tbl->it_lock), flags);
247 __iommu_free(tbl, dma_addr, npages);
249 /* Make sure TLB cache is flushed if the HW needs it. We do
250 * not do an mb() here on purpose, it is not needed on any of
251 * the current platforms.
253 if (ppc_md.tce_flush)
254 ppc_md.tce_flush(tbl);
256 spin_unlock_irqrestore(&(tbl->it_lock), flags);
259 int iommu_map_sg(struct device *dev, struct iommu_table *tbl,
260 struct scatterlist *sglist, int nelems,
261 unsigned long mask, enum dma_data_direction direction,
262 struct dma_attrs *attrs)
264 dma_addr_t dma_next = 0, dma_addr;
265 unsigned long flags;
266 struct scatterlist *s, *outs, *segstart;
267 int outcount, incount, i, build_fail = 0;
268 unsigned int align;
269 unsigned long handle;
270 unsigned int max_seg_size;
272 BUG_ON(direction == DMA_NONE);
274 if ((nelems == 0) || !tbl)
275 return 0;
277 outs = s = segstart = &sglist[0];
278 outcount = 1;
279 incount = nelems;
280 handle = 0;
282 /* Init first segment length for backout at failure */
283 outs->dma_length = 0;
285 DBG("sg mapping %d elements:\n", nelems);
287 spin_lock_irqsave(&(tbl->it_lock), flags);
289 max_seg_size = dma_get_max_seg_size(dev);
290 for_each_sg(sglist, s, nelems, i) {
291 unsigned long vaddr, npages, entry, slen;
293 slen = s->length;
294 /* Sanity check */
295 if (slen == 0) {
296 dma_next = 0;
297 continue;
299 /* Allocate iommu entries for that segment */
300 vaddr = (unsigned long) sg_virt(s);
301 npages = iommu_num_pages(vaddr, slen, IOMMU_PAGE_SIZE);
302 align = 0;
303 if (IOMMU_PAGE_SHIFT < PAGE_SHIFT && slen >= PAGE_SIZE &&
304 (vaddr & ~PAGE_MASK) == 0)
305 align = PAGE_SHIFT - IOMMU_PAGE_SHIFT;
306 entry = iommu_range_alloc(dev, tbl, npages, &handle,
307 mask >> IOMMU_PAGE_SHIFT, align);
309 DBG(" - vaddr: %lx, size: %lx\n", vaddr, slen);
311 /* Handle failure */
312 if (unlikely(entry == DMA_ERROR_CODE)) {
313 if (printk_ratelimit())
314 dev_info(dev, "iommu_alloc failed, tbl %p "
315 "vaddr %lx npages %lu\n", tbl, vaddr,
316 npages);
317 goto failure;
320 /* Convert entry to a dma_addr_t */
321 entry += tbl->it_offset;
322 dma_addr = entry << IOMMU_PAGE_SHIFT;
323 dma_addr |= (s->offset & ~IOMMU_PAGE_MASK);
325 DBG(" - %lu pages, entry: %lx, dma_addr: %lx\n",
326 npages, entry, dma_addr);
328 /* Insert into HW table */
329 build_fail = ppc_md.tce_build(tbl, entry, npages,
330 vaddr & IOMMU_PAGE_MASK,
331 direction, attrs);
332 if(unlikely(build_fail))
333 goto failure;
335 /* If we are in an open segment, try merging */
336 if (segstart != s) {
337 DBG(" - trying merge...\n");
338 /* We cannot merge if:
339 * - allocated dma_addr isn't contiguous to previous allocation
341 if (novmerge || (dma_addr != dma_next) ||
342 (outs->dma_length + s->length > max_seg_size)) {
343 /* Can't merge: create a new segment */
344 segstart = s;
345 outcount++;
346 outs = sg_next(outs);
347 DBG(" can't merge, new segment.\n");
348 } else {
349 outs->dma_length += s->length;
350 DBG(" merged, new len: %ux\n", outs->dma_length);
354 if (segstart == s) {
355 /* This is a new segment, fill entries */
356 DBG(" - filling new segment.\n");
357 outs->dma_address = dma_addr;
358 outs->dma_length = slen;
361 /* Calculate next page pointer for contiguous check */
362 dma_next = dma_addr + slen;
364 DBG(" - dma next is: %lx\n", dma_next);
367 /* Flush/invalidate TLB caches if necessary */
368 if (ppc_md.tce_flush)
369 ppc_md.tce_flush(tbl);
371 spin_unlock_irqrestore(&(tbl->it_lock), flags);
373 DBG("mapped %d elements:\n", outcount);
375 /* For the sake of iommu_unmap_sg, we clear out the length in the
376 * next entry of the sglist if we didn't fill the list completely
378 if (outcount < incount) {
379 outs = sg_next(outs);
380 outs->dma_address = DMA_ERROR_CODE;
381 outs->dma_length = 0;
384 /* Make sure updates are seen by hardware */
385 mb();
387 return outcount;
389 failure:
390 for_each_sg(sglist, s, nelems, i) {
391 if (s->dma_length != 0) {
392 unsigned long vaddr, npages;
394 vaddr = s->dma_address & IOMMU_PAGE_MASK;
395 npages = iommu_num_pages(s->dma_address, s->dma_length,
396 IOMMU_PAGE_SIZE);
397 __iommu_free(tbl, vaddr, npages);
398 s->dma_address = DMA_ERROR_CODE;
399 s->dma_length = 0;
401 if (s == outs)
402 break;
404 spin_unlock_irqrestore(&(tbl->it_lock), flags);
405 return 0;
409 void iommu_unmap_sg(struct iommu_table *tbl, struct scatterlist *sglist,
410 int nelems, enum dma_data_direction direction,
411 struct dma_attrs *attrs)
413 struct scatterlist *sg;
414 unsigned long flags;
416 BUG_ON(direction == DMA_NONE);
418 if (!tbl)
419 return;
421 spin_lock_irqsave(&(tbl->it_lock), flags);
423 sg = sglist;
424 while (nelems--) {
425 unsigned int npages;
426 dma_addr_t dma_handle = sg->dma_address;
428 if (sg->dma_length == 0)
429 break;
430 npages = iommu_num_pages(dma_handle, sg->dma_length,
431 IOMMU_PAGE_SIZE);
432 __iommu_free(tbl, dma_handle, npages);
433 sg = sg_next(sg);
436 /* Flush/invalidate TLBs if necessary. As for iommu_free(), we
437 * do not do an mb() here, the affected platforms do not need it
438 * when freeing.
440 if (ppc_md.tce_flush)
441 ppc_md.tce_flush(tbl);
443 spin_unlock_irqrestore(&(tbl->it_lock), flags);
446 static void iommu_table_clear(struct iommu_table *tbl)
448 if (!is_kdump_kernel()) {
449 /* Clear the table in case firmware left allocations in it */
450 ppc_md.tce_free(tbl, tbl->it_offset, tbl->it_size);
451 return;
454 #ifdef CONFIG_CRASH_DUMP
455 if (ppc_md.tce_get) {
456 unsigned long index, tceval, tcecount = 0;
458 /* Reserve the existing mappings left by the first kernel. */
459 for (index = 0; index < tbl->it_size; index++) {
460 tceval = ppc_md.tce_get(tbl, index + tbl->it_offset);
462 * Freed TCE entry contains 0x7fffffffffffffff on JS20
464 if (tceval && (tceval != 0x7fffffffffffffffUL)) {
465 __set_bit(index, tbl->it_map);
466 tcecount++;
470 if ((tbl->it_size - tcecount) < KDUMP_MIN_TCE_ENTRIES) {
471 printk(KERN_WARNING "TCE table is full; freeing ");
472 printk(KERN_WARNING "%d entries for the kdump boot\n",
473 KDUMP_MIN_TCE_ENTRIES);
474 for (index = tbl->it_size - KDUMP_MIN_TCE_ENTRIES;
475 index < tbl->it_size; index++)
476 __clear_bit(index, tbl->it_map);
479 #endif
483 * Build a iommu_table structure. This contains a bit map which
484 * is used to manage allocation of the tce space.
486 struct iommu_table *iommu_init_table(struct iommu_table *tbl, int nid)
488 unsigned long sz;
489 static int welcomed = 0;
490 struct page *page;
492 /* Set aside 1/4 of the table for large allocations. */
493 tbl->it_halfpoint = tbl->it_size * 3 / 4;
495 /* number of bytes needed for the bitmap */
496 sz = (tbl->it_size + 7) >> 3;
498 page = alloc_pages_node(nid, GFP_ATOMIC, get_order(sz));
499 if (!page)
500 panic("iommu_init_table: Can't allocate %ld bytes\n", sz);
501 tbl->it_map = page_address(page);
502 memset(tbl->it_map, 0, sz);
505 * Reserve page 0 so it will not be used for any mappings.
506 * This avoids buggy drivers that consider page 0 to be invalid
507 * to crash the machine or even lose data.
509 if (tbl->it_offset == 0)
510 set_bit(0, tbl->it_map);
512 tbl->it_hint = 0;
513 tbl->it_largehint = tbl->it_halfpoint;
514 spin_lock_init(&tbl->it_lock);
516 iommu_table_clear(tbl);
518 if (!welcomed) {
519 printk(KERN_INFO "IOMMU table initialized, virtual merging %s\n",
520 novmerge ? "disabled" : "enabled");
521 welcomed = 1;
524 return tbl;
527 void iommu_free_table(struct iommu_table *tbl, const char *node_name)
529 unsigned long bitmap_sz, i;
530 unsigned int order;
532 if (!tbl || !tbl->it_map) {
533 printk(KERN_ERR "%s: expected TCE map for %s\n", __func__,
534 node_name);
535 return;
538 /* verify that table contains no entries */
539 /* it_size is in entries, and we're examining 64 at a time */
540 for (i = 0; i < (tbl->it_size/64); i++) {
541 if (tbl->it_map[i] != 0) {
542 printk(KERN_WARNING "%s: Unexpected TCEs for %s\n",
543 __func__, node_name);
544 break;
548 /* calculate bitmap size in bytes */
549 bitmap_sz = (tbl->it_size + 7) / 8;
551 /* free bitmap */
552 order = get_order(bitmap_sz);
553 free_pages((unsigned long) tbl->it_map, order);
555 /* free table */
556 kfree(tbl);
559 /* Creates TCEs for a user provided buffer. The user buffer must be
560 * contiguous real kernel storage (not vmalloc). The address passed here
561 * comprises a page address and offset into that page. The dma_addr_t
562 * returned will point to the same byte within the page as was passed in.
564 dma_addr_t iommu_map_page(struct device *dev, struct iommu_table *tbl,
565 struct page *page, unsigned long offset, size_t size,
566 unsigned long mask, enum dma_data_direction direction,
567 struct dma_attrs *attrs)
569 dma_addr_t dma_handle = DMA_ERROR_CODE;
570 void *vaddr;
571 unsigned long uaddr;
572 unsigned int npages, align;
574 BUG_ON(direction == DMA_NONE);
576 vaddr = page_address(page) + offset;
577 uaddr = (unsigned long)vaddr;
578 npages = iommu_num_pages(uaddr, size, IOMMU_PAGE_SIZE);
580 if (tbl) {
581 align = 0;
582 if (IOMMU_PAGE_SHIFT < PAGE_SHIFT && size >= PAGE_SIZE &&
583 ((unsigned long)vaddr & ~PAGE_MASK) == 0)
584 align = PAGE_SHIFT - IOMMU_PAGE_SHIFT;
586 dma_handle = iommu_alloc(dev, tbl, vaddr, npages, direction,
587 mask >> IOMMU_PAGE_SHIFT, align,
588 attrs);
589 if (dma_handle == DMA_ERROR_CODE) {
590 if (printk_ratelimit()) {
591 dev_info(dev, "iommu_alloc failed, tbl %p "
592 "vaddr %p npages %d\n", tbl, vaddr,
593 npages);
595 } else
596 dma_handle |= (uaddr & ~IOMMU_PAGE_MASK);
599 return dma_handle;
602 void iommu_unmap_page(struct iommu_table *tbl, dma_addr_t dma_handle,
603 size_t size, enum dma_data_direction direction,
604 struct dma_attrs *attrs)
606 unsigned int npages;
608 BUG_ON(direction == DMA_NONE);
610 if (tbl) {
611 npages = iommu_num_pages(dma_handle, size, IOMMU_PAGE_SIZE);
612 iommu_free(tbl, dma_handle, npages);
616 /* Allocates a contiguous real buffer and creates mappings over it.
617 * Returns the virtual address of the buffer and sets dma_handle
618 * to the dma address (mapping) of the first page.
620 void *iommu_alloc_coherent(struct device *dev, struct iommu_table *tbl,
621 size_t size, dma_addr_t *dma_handle,
622 unsigned long mask, gfp_t flag, int node)
624 void *ret = NULL;
625 dma_addr_t mapping;
626 unsigned int order;
627 unsigned int nio_pages, io_order;
628 struct page *page;
630 size = PAGE_ALIGN(size);
631 order = get_order(size);
634 * Client asked for way too much space. This is checked later
635 * anyway. It is easier to debug here for the drivers than in
636 * the tce tables.
638 if (order >= IOMAP_MAX_ORDER) {
639 dev_info(dev, "iommu_alloc_consistent size too large: 0x%lx\n",
640 size);
641 return NULL;
644 if (!tbl)
645 return NULL;
647 /* Alloc enough pages (and possibly more) */
648 page = alloc_pages_node(node, flag, order);
649 if (!page)
650 return NULL;
651 ret = page_address(page);
652 memset(ret, 0, size);
654 /* Set up tces to cover the allocated range */
655 nio_pages = size >> IOMMU_PAGE_SHIFT;
656 io_order = get_iommu_order(size);
657 mapping = iommu_alloc(dev, tbl, ret, nio_pages, DMA_BIDIRECTIONAL,
658 mask >> IOMMU_PAGE_SHIFT, io_order, NULL);
659 if (mapping == DMA_ERROR_CODE) {
660 free_pages((unsigned long)ret, order);
661 return NULL;
663 *dma_handle = mapping;
664 return ret;
667 void iommu_free_coherent(struct iommu_table *tbl, size_t size,
668 void *vaddr, dma_addr_t dma_handle)
670 if (tbl) {
671 unsigned int nio_pages;
673 size = PAGE_ALIGN(size);
674 nio_pages = size >> IOMMU_PAGE_SHIFT;
675 iommu_free(tbl, dma_handle, nio_pages);
676 size = PAGE_ALIGN(size);
677 free_pages((unsigned long)vaddr, get_order(size));