1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright 2005, Paul Mackerras, IBM Corporation.
4 * Copyright 2009, Benjamin Herrenschmidt, IBM Corporation.
5 * Copyright 2015-2016, Aneesh Kumar K.V, IBM Corporation.
6 */
7
8 #include <linux/sched.h>
9 #include <linux/mm_types.h>
10 #include <linux/mm.h>
11 #include <linux/stop_machine.h>
12
13 #include <asm/sections.h>
14 #include <asm/mmu.h>
15 #include <asm/tlb.h>
16 #include <asm/firmware.h>
17
18 #include <mm/mmu_decl.h>
19
20 #include <trace/events/thp.h>
21
22 #if H_PGTABLE_RANGE > (USER_VSID_RANGE * (TASK_SIZE_USER64 / TASK_CONTEXT_SIZE))
23 #warning Limited user VSID range means pagetable space is wasted
24 #endif
25
26 #ifdef CONFIG_SPARSEMEM_VMEMMAP
27 /*
28 * vmemmap is the starting address of the virtual address space where
29 * struct pages are allocated for all possible PFNs present on the system
30 * including holes and bad memory (hence sparse). These virtual struct
31 * pages are stored in sequence in this virtual address space irrespective
32 * of the fact whether the corresponding PFN is valid or not. This achieves
33 * constant relationship between address of struct page and its PFN.
34 *
35 * During boot or memory hotplug operation when a new memory section is
36 * added, physical memory allocation (including hash table bolting) will
37 * be performed for the set of struct pages which are part of the memory
38 * section. This saves memory by not allocating struct pages for PFNs
39 * which are not valid.
40 *
41 * ----------------------------------------------
42 * | PHYSICAL ALLOCATION OF VIRTUAL STRUCT PAGES|
43 * ----------------------------------------------
44 *
45 * f000000000000000 c000000000000000
46 * vmemmap +--------------+ +--------------+
47 * + | page struct | +--------------> | page struct |
48 * | +--------------+ +--------------+
49 * | | page struct | +--------------> | page struct |
50 * | +--------------+ | +--------------+
51 * | | page struct | + +------> | page struct |
52 * | +--------------+ | +--------------+
53 * | | page struct | | +--> | page struct |
54 * | +--------------+ | | +--------------+
55 * | | page struct | | |
56 * | +--------------+ | |
57 * | | page struct | | |
58 * | +--------------+ | |
59 * | | page struct | | |
60 * | +--------------+ | |
61 * | | page struct | | |
62 * | +--------------+ | |
63 * | | page struct | +-------+ |
64 * | +--------------+ |
65 * | | page struct | +-----------+
66 * | +--------------+
67 * | | page struct | No mapping
68 * | +--------------+
69 * | | page struct | No mapping
70 * v +--------------+
71 *
72 * -----------------------------------------
73 * | RELATION BETWEEN STRUCT PAGES AND PFNS|
74 * -----------------------------------------
75 *
76 * vmemmap +--------------+ +---------------+
77 * + | page struct | +-------------> | PFN |
78 * | +--------------+ +---------------+
79 * | | page struct | +-------------> | PFN |
80 * | +--------------+ +---------------+
81 * | | page struct | +-------------> | PFN |
82 * | +--------------+ +---------------+
83 * | | page struct | +-------------> | PFN |
84 * | +--------------+ +---------------+
85 * | | |
86 * | +--------------+
87 * | | |
88 * | +--------------+
89 * | | |
90 * | +--------------+ +---------------+
91 * | | page struct | +-------------> | PFN |
92 * | +--------------+ +---------------+
93 * | | |
94 * | +--------------+
95 * | | |
96 * | +--------------+ +---------------+
97 * | | page struct | +-------------> | PFN |
98 * | +--------------+ +---------------+
99 * | | page struct | +-------------> | PFN |
100 * v +--------------+ +---------------+
101 */
102 /*
103 * On hash-based CPUs, the vmemmap is bolted in the hash table.
104 *
105 */
106 int __meminit hash__vmemmap_create_mapping(unsigned long start,
107 unsigned long page_size,
108 unsigned long phys)
109 {
110 int rc;
111
112 if ((start + page_size) >= H_VMEMMAP_END) {
113 pr_warn("Outside the supported range\n");
114 return -1;
115 }
116
117 rc = htab_bolt_mapping(start, start + page_size, phys,
118 pgprot_val(PAGE_KERNEL),
119 mmu_vmemmap_psize, mmu_kernel_ssize);
120 if (rc < 0) {
121 int rc2 = htab_remove_mapping(start, start + page_size,
122 mmu_vmemmap_psize,
123 mmu_kernel_ssize);
124 BUG_ON(rc2 && (rc2 != -ENOENT));
125 }
126 return rc;
127 }
128
129 #ifdef CONFIG_MEMORY_HOTPLUG
130 void hash__vmemmap_remove_mapping(unsigned long start,
131 unsigned long page_size)
132 {
133 int rc = htab_remove_mapping(start, start + page_size,
134 mmu_vmemmap_psize,
135 mmu_kernel_ssize);
136 BUG_ON((rc < 0) && (rc != -ENOENT));
137 WARN_ON(rc == -ENOENT);
138 }
139 #endif
140 #endif /* CONFIG_SPARSEMEM_VMEMMAP */
141
142 /*
143 * map_kernel_page currently only called by __ioremap
144 * map_kernel_page adds an entry to the ioremap page table
145 * and adds an entry to the HPT, possibly bolting it
146 */
147 int hash__map_kernel_page(unsigned long ea, unsigned long pa, pgprot_t prot)
148 {
149 pgd_t *pgdp;
150 p4d_t *p4dp;
151 pud_t *pudp;
152 pmd_t *pmdp;
153 pte_t *ptep;
154
155 BUILD_BUG_ON(TASK_SIZE_USER64 > H_PGTABLE_RANGE);
156 if (slab_is_available()) {
157 pgdp = pgd_offset_k(ea);
158 p4dp = p4d_offset(pgdp, ea);
159 pudp = pud_alloc(&init_mm, p4dp, ea);
160 if (!pudp)
161 return -ENOMEM;
162 pmdp = pmd_alloc(&init_mm, pudp, ea);
163 if (!pmdp)
164 return -ENOMEM;
165 ptep = pte_alloc_kernel(pmdp, ea);
166 if (!ptep)
167 return -ENOMEM;
168 set_pte_at(&init_mm, ea, ptep, pfn_pte(pa >> PAGE_SHIFT, prot));
169 } else {
170 /*
171 * If the mm subsystem is not fully up, we cannot create a
172 * linux page table entry for this mapping. Simply bolt an
173 * entry in the hardware page table.
174 *
175 */
176 if (htab_bolt_mapping(ea, ea + PAGE_SIZE, pa, pgprot_val(prot),
177 mmu_io_psize, mmu_kernel_ssize)) {
178 printk(KERN_ERR "Failed to do bolted mapping IO "
179 "memory at %016lx !\n", pa);
180 return -ENOMEM;
181 }
182 }
183
184 smp_wmb();
185 return 0;
186 }
187
188 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
189
190 unsigned long hash__pmd_hugepage_update(struct mm_struct *mm, unsigned long addr,
191 pmd_t *pmdp, unsigned long clr,
192 unsigned long set)
193 {
194 __be64 old_be, tmp;
195 unsigned long old;
196
197 #ifdef CONFIG_DEBUG_VM
198 WARN_ON(!hash__pmd_trans_huge(*pmdp) && !pmd_devmap(*pmdp));
199 assert_spin_locked(pmd_lockptr(mm, pmdp));
200 #endif
201
202 __asm__ __volatile__(
203 "1: ldarx %0,0,%3\n\
204 and. %1,%0,%6\n\
205 bne- 1b \n\
206 andc %1,%0,%4 \n\
207 or %1,%1,%7\n\
208 stdcx. %1,0,%3 \n\
209 bne- 1b"
210 : "=&r" (old_be), "=&r" (tmp), "=m" (*pmdp)
211 : "r" (pmdp), "r" (cpu_to_be64(clr)), "m" (*pmdp),
212 "r" (cpu_to_be64(H_PAGE_BUSY)), "r" (cpu_to_be64(set))
213 : "cc" );
214
215 old = be64_to_cpu(old_be);
216
217 trace_hugepage_update_pmd(addr, old, clr, set);
218 if (old & H_PAGE_HASHPTE)
219 hpte_do_hugepage_flush(mm, addr, pmdp, old);
220 return old;
221 }
222
223 pmd_t hash__pmdp_collapse_flush(struct vm_area_struct *vma, unsigned long address,
224 pmd_t *pmdp)
225 {
226 pmd_t pmd;
227
228 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
229 VM_BUG_ON(pmd_trans_huge(*pmdp));
230 VM_BUG_ON(pmd_devmap(*pmdp));
231
232 pmd = *pmdp;
233 pmd_clear(pmdp);
234 /*
235 * Wait for all pending hash_page to finish. This is needed
236 * in case of subpage collapse. When we collapse normal pages
237 * to hugepage, we first clear the pmd, then invalidate all
238 * the PTE entries. The assumption here is that any low level
239 * page fault will see a none pmd and take the slow path that
240 * will wait on mmap_lock. But we could very well be in a
241 * hash_page with local ptep pointer value. Such a hash page
242 * can result in adding new HPTE entries for normal subpages.
243 * That means we could be modifying the page content as we
244 * copy them to a huge page. So wait for parallel hash_page
245 * to finish before invalidating HPTE entries. We can do this
246 * by sending an IPI to all the cpus and executing a dummy
247 * function there.
248 */
249 serialize_against_pte_lookup(vma->vm_mm);
250 /*
251 * Now invalidate the hpte entries in the range
252 * covered by pmd. This make sure we take a
253 * fault and will find the pmd as none, which will
254 * result in a major fault which takes mmap_lock and
255 * hence wait for collapse to complete. Without this
256 * the __collapse_huge_page_copy can result in copying
257 * the old content.
258 */
259 flush_hash_table_pmd_range(vma->vm_mm, &pmd, address);
260 return pmd;
261 }
262
263 /*
264 * We want to put the pgtable in pmd and use pgtable for tracking
265 * the base page size hptes
266 */
267 void hash__pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
268 pgtable_t pgtable)
269 {
270 pgtable_t *pgtable_slot;
271
272 assert_spin_locked(pmd_lockptr(mm, pmdp));
273 /*
274 * we store the pgtable in the second half of PMD
275 */
276 pgtable_slot = (pgtable_t *)pmdp + PTRS_PER_PMD;
277 *pgtable_slot = pgtable;
278 /*
279 * expose the deposited pgtable to other cpus.
280 * before we set the hugepage PTE at pmd level
281 * hash fault code looks at the deposted pgtable
282 * to store hash index values.
283 */
284 smp_wmb();
285 }
286
287 pgtable_t hash__pgtable_trans_huge_withdraw(struct mm_struct *mm, pmd_t *pmdp)
288 {
289 pgtable_t pgtable;
290 pgtable_t *pgtable_slot;
291
292 assert_spin_locked(pmd_lockptr(mm, pmdp));
293
294 pgtable_slot = (pgtable_t *)pmdp + PTRS_PER_PMD;
295 pgtable = *pgtable_slot;
296 /*
297 * Once we withdraw, mark the entry NULL.
298 */
299 *pgtable_slot = NULL;
300 /*
301 * We store HPTE information in the deposited PTE fragment.
302 * zero out the content on withdraw.
303 */
304 memset(pgtable, 0, PTE_FRAG_SIZE);
305 return pgtable;
306 }
307
308 /*
309 * A linux hugepage PMD was changed and the corresponding hash table entries
310 * neesd to be flushed.
311 */
312 void hpte_do_hugepage_flush(struct mm_struct *mm, unsigned long addr,
313 pmd_t *pmdp, unsigned long old_pmd)
314 {
315 int ssize;
316 unsigned int psize;
317 unsigned long vsid;
318 unsigned long flags = 0;
319
320 /* get the base page size,vsid and segment size */
321 #ifdef CONFIG_DEBUG_VM
322 psize = get_slice_psize(mm, addr);
323 BUG_ON(psize == MMU_PAGE_16M);
324 #endif
325 if (old_pmd & H_PAGE_COMBO)
326 psize = MMU_PAGE_4K;
327 else
328 psize = MMU_PAGE_64K;
329
330 if (!is_kernel_addr(addr)) {
331 ssize = user_segment_size(addr);
332 vsid = get_user_vsid(&mm->context, addr, ssize);
333 WARN_ON(vsid == 0);
334 } else {
335 vsid = get_kernel_vsid(addr, mmu_kernel_ssize);
336 ssize = mmu_kernel_ssize;
337 }
338
339 if (mm_is_thread_local(mm))
340 flags |= HPTE_LOCAL_UPDATE;
341
342 return flush_hash_hugepage(vsid, addr, pmdp, psize, ssize, flags);
343 }
344
345 pmd_t hash__pmdp_huge_get_and_clear(struct mm_struct *mm,
346 unsigned long addr, pmd_t *pmdp)
347 {
348 pmd_t old_pmd;
349 pgtable_t pgtable;
350 unsigned long old;
351 pgtable_t *pgtable_slot;
352
353 old = pmd_hugepage_update(mm, addr, pmdp, ~0UL, 0);
354 old_pmd = __pmd(old);
355 /*
356 * We have pmd == none and we are holding page_table_lock.
357 * So we can safely go and clear the pgtable hash
358 * index info.
359 */
360 pgtable_slot = (pgtable_t *)pmdp + PTRS_PER_PMD;
361 pgtable = *pgtable_slot;
362 /*
363 * Let's zero out old valid and hash index details
364 * hash fault look at them.
365 */
366 memset(pgtable, 0, PTE_FRAG_SIZE);
367 return old_pmd;
368 }
369
370 int hash__has_transparent_hugepage(void)
371 {
372
373 if (!mmu_has_feature(MMU_FTR_16M_PAGE))
374 return 0;
375 /*
376 * We support THP only if PMD_SIZE is 16MB.
377 */
378 if (mmu_psize_defs[MMU_PAGE_16M].shift != PMD_SHIFT)
379 return 0;
380 /*
381 * We need to make sure that we support 16MB hugepage in a segment
382 * with base page size 64K or 4K. We only enable THP with a PAGE_SIZE
383 * of 64K.
384 */
385 /*
386 * If we have 64K HPTE, we will be using that by default
387 */
388 if (mmu_psize_defs[MMU_PAGE_64K].shift &&
389 (mmu_psize_defs[MMU_PAGE_64K].penc[MMU_PAGE_16M] == -1))
390 return 0;
391 /*
392 * Ok we only have 4K HPTE
393 */
394 if (mmu_psize_defs[MMU_PAGE_4K].penc[MMU_PAGE_16M] == -1)
395 return 0;
396
397 return 1;
398 }
399 EXPORT_SYMBOL_GPL(hash__has_transparent_hugepage);
400
401 #endif /* CONFIG_TRANSPARENT_HUGEPAGE */
402
403 #ifdef CONFIG_STRICT_KERNEL_RWX
404
405 struct change_memory_parms {
406 unsigned long start, end, newpp;
407 unsigned int step, nr_cpus;
408 atomic_t master_cpu;
409 atomic_t cpu_counter;
410 };
411
412 // We'd rather this was on the stack but it has to be in the RMO
413 static struct change_memory_parms chmem_parms;
414
415 // And therefore we need a lock to protect it from concurrent use
416 static DEFINE_MUTEX(chmem_lock);
417
418 static void change_memory_range(unsigned long start, unsigned long end,
419 unsigned int step, unsigned long newpp)
420 {
421 unsigned long idx;
422
423 pr_debug("Changing page protection on range 0x%lx-0x%lx, to 0x%lx, step 0x%x\n",
424 start, end, newpp, step);
425
426 for (idx = start; idx < end; idx += step)
427 /* Not sure if we can do much with the return value */
428 mmu_hash_ops.hpte_updateboltedpp(newpp, idx, mmu_linear_psize,
429 mmu_kernel_ssize);
430 }
431
432 static int notrace chmem_secondary_loop(struct change_memory_parms *parms)
433 {
434 unsigned long msr, tmp, flags;
435 int *p;
436
437 p = &parms->cpu_counter.counter;
438
439 local_irq_save(flags);
440 hard_irq_disable();
441
442 asm volatile (
443 // Switch to real mode and leave interrupts off
444 "mfmsr %[msr] ;"
445 "li %[tmp], %[MSR_IR_DR] ;"
446 "andc %[tmp], %[msr], %[tmp] ;"
447 "mtmsrd %[tmp] ;"
448
449 // Tell the master we are in real mode
450 "1: "
451 "lwarx %[tmp], 0, %[p] ;"
452 "addic %[tmp], %[tmp], -1 ;"
453 "stwcx. %[tmp], 0, %[p] ;"
454 "bne- 1b ;"
455
456 // Spin until the counter goes to zero
457 "2: ;"
458 "lwz %[tmp], 0(%[p]) ;"
459 "cmpwi %[tmp], 0 ;"
460 "bne- 2b ;"
461
462 // Switch back to virtual mode
463 "mtmsrd %[msr] ;"
464
465 : // outputs
466 [msr] "=&r" (msr), [tmp] "=&b" (tmp), "+m" (*p)
467 : // inputs
468 [p] "b" (p), [MSR_IR_DR] "i" (MSR_IR | MSR_DR)
469 : // clobbers
470 "cc", "xer"
471 );
472
473 local_irq_restore(flags);
474
475 return 0;
476 }
477
478 static int change_memory_range_fn(void *data)
479 {
480 struct change_memory_parms *parms = data;
481
482 // First CPU goes through, all others wait.
483 if (atomic_xchg(&parms->master_cpu, 1) == 1)
484 return chmem_secondary_loop(parms);
485
486 // Wait for all but one CPU (this one) to call-in
487 while (atomic_read(&parms->cpu_counter) > 1)
488 barrier();
489
490 change_memory_range(parms->start, parms->end, parms->step, parms->newpp);
491
492 mb();
493
494 // Signal the other CPUs that we're done
495 atomic_dec(&parms->cpu_counter);
496
497 return 0;
498 }
499
500 static bool hash__change_memory_range(unsigned long start, unsigned long end,
501 unsigned long newpp)
502 {
503 unsigned int step, shift;
504
505 shift = mmu_psize_defs[mmu_linear_psize].shift;
506 step = 1 << shift;
507
508 start = ALIGN_DOWN(start, step);
509 end = ALIGN(end, step); // aligns up
510
511 if (start >= end)
512 return false;
513
514 if (firmware_has_feature(FW_FEATURE_LPAR)) {
515 mutex_lock(&chmem_lock);
516
517 chmem_parms.start = start;
518 chmem_parms.end = end;
519 chmem_parms.step = step;
520 chmem_parms.newpp = newpp;
521 atomic_set(&chmem_parms.master_cpu, 0);
522
523 cpus_read_lock();
524
525 atomic_set(&chmem_parms.cpu_counter, num_online_cpus());
526
527 // Ensure state is consistent before we call the other CPUs
528 mb();
529
530 stop_machine_cpuslocked(change_memory_range_fn, &chmem_parms,
531 cpu_online_mask);
532
533 cpus_read_unlock();
534 mutex_unlock(&chmem_lock);
535 } else
536 change_memory_range(start, end, step, newpp);
537
538 return true;
539 }
540
541 void hash__mark_rodata_ro(void)
542 {
543 unsigned long start, end, pp;
544
545 start = (unsigned long)_stext;
546 end = (unsigned long)__end_rodata;
547
548 pp = htab_convert_pte_flags(pgprot_val(PAGE_KERNEL_ROX), HPTE_USE_KERNEL_KEY);
549
550 WARN_ON(!hash__change_memory_range(start, end, pp));
551 }
552
553 void hash__mark_initmem_nx(void)
554 {
555 unsigned long start, end, pp;
556
557 start = (unsigned long)__init_begin;
558 end = (unsigned long)__init_end;
559
560 pp = htab_convert_pte_flags(pgprot_val(PAGE_KERNEL), HPTE_USE_KERNEL_KEY);
561
562 WARN_ON(!hash__change_memory_range(start, end, pp));
563 }
564 #endif
565
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.