1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * This file contains the routines for handling the MMU on those 4 * PowerPC implementations where the MMU substantially follows the 5 * architecture specification. This includes the 6xx, 7xx, 7xxx, 6 * and 8260 implementations but excludes the 8xx and 4xx. 7 * -- paulus 8 * 9 * Derived from arch/ppc/mm/init.c: 10 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org) 11 * 12 * Modifications by Paul Mackerras (PowerMac) (paulus@cs.anu.edu.au) 13 * and Cort Dougan (PReP) (cort@cs.nmt.edu) 14 * Copyright (C) 1996 Paul Mackerras 15 * 16 * Derived from "arch/i386/mm/init.c" 17 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds 18 */ 19 20 #include <linux/kernel.h> 21 #include <linux/mm.h> 22 #include <linux/init.h> 23 #include <linux/highmem.h> 24 #include <linux/memblock.h> 25 26 #include <asm/prom.h> 27 #include <asm/mmu.h> 28 #include <asm/machdep.h> 29 #include <asm/code-patching.h> 30 #include <asm/sections.h> 31 32 #include <mm/mmu_decl.h> 33 34 u8 __initdata early_hash[SZ_256K] __aligned(SZ_256K) = {0}; 35 36 static struct hash_pte __initdata *Hash = (struct hash_pte *)early_hash; 37 static unsigned long __initdata Hash_size, Hash_mask; 38 static unsigned int __initdata hash_mb, hash_mb2; 39 unsigned long __initdata _SDR1; 40 41 struct ppc_bat BATS[8][2]; /* 8 pairs of IBAT, DBAT */ 42 43 static struct batrange { /* stores address ranges mapped by BATs */ 44 unsigned long start; 45 unsigned long limit; 46 phys_addr_t phys; 47 } bat_addrs[8]; 48 49 #ifdef CONFIG_SMP 50 unsigned long mmu_hash_lock; 51 #endif 52 53 /* 54 * Return PA for this VA if it is mapped by a BAT, or 0 55 */ 56 phys_addr_t v_block_mapped(unsigned long va) 57 { 58 int b; 59 for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b) 60 if (va >= bat_addrs[b].start && va < bat_addrs[b].limit) 61 return bat_addrs[b].phys + (va - bat_addrs[b].start); 62 return 0; 63 } 64 65 /* 66 * Return VA for a given PA or 0 if not mapped 67 */ 68 unsigned long p_block_mapped(phys_addr_t pa) 69 { 70 int b; 71 for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b) 72 if (pa >= bat_addrs[b].phys 73 && pa < (bat_addrs[b].limit-bat_addrs[b].start) 74 +bat_addrs[b].phys) 75 return bat_addrs[b].start+(pa-bat_addrs[b].phys); 76 return 0; 77 } 78 79 static int find_free_bat(void) 80 { 81 int b; 82 int n = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4; 83 84 for (b = 0; b < n; b++) { 85 struct ppc_bat *bat = BATS[b]; 86 87 if (!(bat[1].batu & 3)) 88 return b; 89 } 90 return -1; 91 } 92 93 /* 94 * This function calculates the size of the larger block usable to map the 95 * beginning of an area based on the start address and size of that area: 96 * - max block size is 256 on 6xx. 97 * - base address must be aligned to the block size. So the maximum block size 98 * is identified by the lowest bit set to 1 in the base address (for instance 99 * if base is 0x16000000, max size is 0x02000000). 100 * - block size has to be a power of two. This is calculated by finding the 101 * highest bit set to 1. 102 */ 103 static unsigned int block_size(unsigned long base, unsigned long top) 104 { 105 unsigned int max_size = SZ_256M; 106 unsigned int base_shift = (ffs(base) - 1) & 31; 107 unsigned int block_shift = (fls(top - base) - 1) & 31; 108 109 return min3(max_size, 1U << base_shift, 1U << block_shift); 110 } 111 112 /* 113 * Set up one of the IBAT (block address translation) register pairs. 114 * The parameters are not checked; in particular size must be a power 115 * of 2 between 128k and 256M. 116 */ 117 static void setibat(int index, unsigned long virt, phys_addr_t phys, 118 unsigned int size, pgprot_t prot) 119 { 120 unsigned int bl = (size >> 17) - 1; 121 int wimgxpp; 122 struct ppc_bat *bat = BATS[index]; 123 unsigned long flags = pgprot_val(prot); 124 125 if (!cpu_has_feature(CPU_FTR_NEED_COHERENT)) 126 flags &= ~_PAGE_COHERENT; 127 128 wimgxpp = (flags & _PAGE_COHERENT) | (_PAGE_EXEC ? BPP_RX : BPP_XX); 129 bat[0].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */ 130 bat[0].batl = BAT_PHYS_ADDR(phys) | wimgxpp; 131 if (flags & _PAGE_USER) 132 bat[0].batu |= 1; /* Vp = 1 */ 133 } 134 135 static void clearibat(int index) 136 { 137 struct ppc_bat *bat = BATS[index]; 138 139 bat[0].batu = 0; 140 bat[0].batl = 0; 141 } 142 143 static unsigned long __init __mmu_mapin_ram(unsigned long base, unsigned long top) 144 { 145 int idx; 146 147 while ((idx = find_free_bat()) != -1 && base != top) { 148 unsigned int size = block_size(base, top); 149 150 if (size < 128 << 10) 151 break; 152 setbat(idx, PAGE_OFFSET + base, base, size, PAGE_KERNEL_X); 153 base += size; 154 } 155 156 return base; 157 } 158 159 unsigned long __init mmu_mapin_ram(unsigned long base, unsigned long top) 160 { 161 unsigned long done; 162 unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET; 163 164 165 if (debug_pagealloc_enabled_or_kfence() || __map_without_bats) { 166 pr_debug_once("Read-Write memory mapped without BATs\n"); 167 if (base >= border) 168 return base; 169 if (top >= border) 170 top = border; 171 } 172 173 if (!strict_kernel_rwx_enabled() || base >= border || top <= border) 174 return __mmu_mapin_ram(base, top); 175 176 done = __mmu_mapin_ram(base, border); 177 if (done != border) 178 return done; 179 180 return __mmu_mapin_ram(border, top); 181 } 182 183 static bool is_module_segment(unsigned long addr) 184 { 185 if (!IS_ENABLED(CONFIG_MODULES)) 186 return false; 187 if (addr < ALIGN_DOWN(MODULES_VADDR, SZ_256M)) 188 return false; 189 if (addr > ALIGN(MODULES_END, SZ_256M) - 1) 190 return false; 191 return true; 192 } 193 194 void mmu_mark_initmem_nx(void) 195 { 196 int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4; 197 int i; 198 unsigned long base = (unsigned long)_stext - PAGE_OFFSET; 199 unsigned long top = (unsigned long)_etext - PAGE_OFFSET; 200 unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET; 201 unsigned long size; 202 203 for (i = 0; i < nb - 1 && base < top && top - base > (128 << 10);) { 204 size = block_size(base, top); 205 setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT); 206 base += size; 207 } 208 if (base < top) { 209 size = block_size(base, top); 210 size = max(size, 128UL << 10); 211 if ((top - base) > size) { 212 size <<= 1; 213 if (strict_kernel_rwx_enabled() && base + size > border) 214 pr_warn("Some RW data is getting mapped X. " 215 "Adjust CONFIG_DATA_SHIFT to avoid that.\n"); 216 } 217 setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT); 218 base += size; 219 } 220 for (; i < nb; i++) 221 clearibat(i); 222 223 update_bats(); 224 225 for (i = TASK_SIZE >> 28; i < 16; i++) { 226 /* Do not set NX on VM space for modules */ 227 if (is_module_segment(i << 28)) 228 continue; 229 230 mtsr(mfsr(i << 28) | 0x10000000, i << 28); 231 } 232 } 233 234 void mmu_mark_rodata_ro(void) 235 { 236 int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4; 237 int i; 238 239 for (i = 0; i < nb; i++) { 240 struct ppc_bat *bat = BATS[i]; 241 242 if (bat_addrs[i].start < (unsigned long)__init_begin) 243 bat[1].batl = (bat[1].batl & ~BPP_RW) | BPP_RX; 244 } 245 246 update_bats(); 247 } 248 249 /* 250 * Set up one of the I/D BAT (block address translation) register pairs. 251 * The parameters are not checked; in particular size must be a power 252 * of 2 between 128k and 256M. 253 * On 603+, only set IBAT when _PAGE_EXEC is set 254 */ 255 void __init setbat(int index, unsigned long virt, phys_addr_t phys, 256 unsigned int size, pgprot_t prot) 257 { 258 unsigned int bl; 259 int wimgxpp; 260 struct ppc_bat *bat; 261 unsigned long flags = pgprot_val(prot); 262 263 if (index == -1) 264 index = find_free_bat(); 265 if (index == -1) { 266 pr_err("%s: no BAT available for mapping 0x%llx\n", __func__, 267 (unsigned long long)phys); 268 return; 269 } 270 bat = BATS[index]; 271 272 if ((flags & _PAGE_NO_CACHE) || 273 (cpu_has_feature(CPU_FTR_NEED_COHERENT) == 0)) 274 flags &= ~_PAGE_COHERENT; 275 276 bl = (size >> 17) - 1; 277 /* Do DBAT first */ 278 wimgxpp = flags & (_PAGE_WRITETHRU | _PAGE_NO_CACHE 279 | _PAGE_COHERENT | _PAGE_GUARDED); 280 wimgxpp |= (flags & _PAGE_RW)? BPP_RW: BPP_RX; 281 bat[1].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */ 282 bat[1].batl = BAT_PHYS_ADDR(phys) | wimgxpp; 283 if (flags & _PAGE_USER) 284 bat[1].batu |= 1; /* Vp = 1 */ 285 if (flags & _PAGE_GUARDED) { 286 /* G bit must be zero in IBATs */ 287 flags &= ~_PAGE_EXEC; 288 } 289 if (flags & _PAGE_EXEC) 290 bat[0] = bat[1]; 291 else 292 bat[0].batu = bat[0].batl = 0; 293 294 bat_addrs[index].start = virt; 295 bat_addrs[index].limit = virt + ((bl + 1) << 17) - 1; 296 bat_addrs[index].phys = phys; 297 } 298 299 /* 300 * Preload a translation in the hash table 301 */ 302 static void hash_preload(struct mm_struct *mm, unsigned long ea) 303 { 304 pmd_t *pmd; 305 306 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) 307 return; 308 pmd = pmd_off(mm, ea); 309 if (!pmd_none(*pmd)) 310 add_hash_page(mm->context.id, ea, pmd_val(*pmd)); 311 } 312 313 /* 314 * This is called at the end of handling a user page fault, when the 315 * fault has been handled by updating a PTE in the linux page tables. 316 * We use it to preload an HPTE into the hash table corresponding to 317 * the updated linux PTE. 318 * 319 * This must always be called with the pte lock held. 320 */ 321 void update_mmu_cache(struct vm_area_struct *vma, unsigned long address, 322 pte_t *ptep) 323 { 324 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) 325 return; 326 /* 327 * We don't need to worry about _PAGE_PRESENT here because we are 328 * called with either mm->page_table_lock held or ptl lock held 329 */ 330 331 /* We only want HPTEs for linux PTEs that have _PAGE_ACCESSED set */ 332 if (!pte_young(*ptep) || address >= TASK_SIZE) 333 return; 334 335 /* We have to test for regs NULL since init will get here first thing at boot */ 336 if (!current->thread.regs) 337 return; 338 339 /* We also avoid filling the hash if not coming from a fault */ 340 if (TRAP(current->thread.regs) != 0x300 && TRAP(current->thread.regs) != 0x400) 341 return; 342 343 hash_preload(vma->vm_mm, address); 344 } 345 346 /* 347 * Initialize the hash table and patch the instructions in hashtable.S. 348 */ 349 void __init MMU_init_hw(void) 350 { 351 unsigned int n_hpteg, lg_n_hpteg; 352 353 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) 354 return; 355 356 if ( ppc_md.progress ) ppc_md.progress("hash:enter", 0x105); 357 358 #define LG_HPTEG_SIZE 6 /* 64 bytes per HPTEG */ 359 #define SDR1_LOW_BITS ((n_hpteg - 1) >> 10) 360 #define MIN_N_HPTEG 1024 /* min 64kB hash table */ 361 362 /* 363 * Allow 1 HPTE (1/8 HPTEG) for each page of memory. 364 * This is less than the recommended amount, but then 365 * Linux ain't AIX. 366 */ 367 n_hpteg = total_memory / (PAGE_SIZE * 8); 368 if (n_hpteg < MIN_N_HPTEG) 369 n_hpteg = MIN_N_HPTEG; 370 lg_n_hpteg = __ilog2(n_hpteg); 371 if (n_hpteg & (n_hpteg - 1)) { 372 ++lg_n_hpteg; /* round up if not power of 2 */ 373 n_hpteg = 1 << lg_n_hpteg; 374 } 375 Hash_size = n_hpteg << LG_HPTEG_SIZE; 376 377 /* 378 * Find some memory for the hash table. 379 */ 380 if ( ppc_md.progress ) ppc_md.progress("hash:find piece", 0x322); 381 Hash = memblock_alloc(Hash_size, Hash_size); 382 if (!Hash) 383 panic("%s: Failed to allocate %lu bytes align=0x%lx\n", 384 __func__, Hash_size, Hash_size); 385 _SDR1 = __pa(Hash) | SDR1_LOW_BITS; 386 387 pr_info("Total memory = %lldMB; using %ldkB for hash table\n", 388 (unsigned long long)(total_memory >> 20), Hash_size >> 10); 389 390 391 Hash_mask = n_hpteg - 1; 392 hash_mb2 = hash_mb = 32 - LG_HPTEG_SIZE - lg_n_hpteg; 393 if (lg_n_hpteg > 16) 394 hash_mb2 = 16 - LG_HPTEG_SIZE; 395 } 396 397 void __init MMU_init_hw_patch(void) 398 { 399 unsigned int hmask = Hash_mask >> (16 - LG_HPTEG_SIZE); 400 unsigned int hash = (unsigned int)Hash - PAGE_OFFSET; 401 402 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) 403 return; 404 405 if (ppc_md.progress) 406 ppc_md.progress("hash:patch", 0x345); 407 if (ppc_md.progress) 408 ppc_md.progress("hash:done", 0x205); 409 410 /* WARNING: Make sure nothing can trigger a KASAN check past this point */ 411 412 /* 413 * Patch up the instructions in hashtable.S:create_hpte 414 */ 415 modify_instruction_site(&patch__hash_page_A0, 0xffff, hash >> 16); 416 modify_instruction_site(&patch__hash_page_A1, 0x7c0, hash_mb << 6); 417 modify_instruction_site(&patch__hash_page_A2, 0x7c0, hash_mb2 << 6); 418 modify_instruction_site(&patch__hash_page_B, 0xffff, hmask); 419 modify_instruction_site(&patch__hash_page_C, 0xffff, hmask); 420 421 /* 422 * Patch up the instructions in hashtable.S:flush_hash_page 423 */ 424 modify_instruction_site(&patch__flush_hash_A0, 0xffff, hash >> 16); 425 modify_instruction_site(&patch__flush_hash_A1, 0x7c0, hash_mb << 6); 426 modify_instruction_site(&patch__flush_hash_A2, 0x7c0, hash_mb2 << 6); 427 modify_instruction_site(&patch__flush_hash_B, 0xffff, hmask); 428 } 429 430 void setup_initial_memory_limit(phys_addr_t first_memblock_base, 431 phys_addr_t first_memblock_size) 432 { 433 /* We don't currently support the first MEMBLOCK not mapping 0 434 * physical on those processors 435 */ 436 BUG_ON(first_memblock_base != 0); 437 438 memblock_set_current_limit(min_t(u64, first_memblock_size, SZ_256M)); 439 } 440 441 void __init print_system_hash_info(void) 442 { 443 pr_info("Hash_size = 0x%lx\n", Hash_size); 444 if (Hash_mask) 445 pr_info("Hash_mask = 0x%lx\n", Hash_mask); 446 } 447 448 #ifdef CONFIG_PPC_KUEP 449 void __init setup_kuep(bool disabled) 450 { 451 pr_info("Activating Kernel Userspace Execution Prevention\n"); 452 453 if (disabled) 454 pr_warn("KUEP cannot be disabled yet on 6xx when compiled in\n"); 455 } 456 #endif 457 458 #ifdef CONFIG_PPC_KUAP 459 void __init setup_kuap(bool disabled) 460 { 461 pr_info("Activating Kernel Userspace Access Protection\n"); 462 463 if (disabled) 464 pr_warn("KUAP cannot be disabled yet on 6xx when compiled in\n"); 465 } 466 #endif 467 468 void __init early_init_mmu(void) 469 { 470 } 471