1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * This file contains the routines for handling the MMU on those 4 * PowerPC implementations where the MMU substantially follows the 5 * architecture specification. This includes the 6xx, 7xx, 7xxx, 6 * and 8260 implementations but excludes the 8xx and 4xx. 7 * -- paulus 8 * 9 * Derived from arch/ppc/mm/init.c: 10 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org) 11 * 12 * Modifications by Paul Mackerras (PowerMac) (paulus@cs.anu.edu.au) 13 * and Cort Dougan (PReP) (cort@cs.nmt.edu) 14 * Copyright (C) 1996 Paul Mackerras 15 * 16 * Derived from "arch/i386/mm/init.c" 17 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds 18 */ 19 20 #include <linux/kernel.h> 21 #include <linux/mm.h> 22 #include <linux/init.h> 23 #include <linux/highmem.h> 24 #include <linux/memblock.h> 25 26 #include <asm/prom.h> 27 #include <asm/mmu.h> 28 #include <asm/machdep.h> 29 #include <asm/code-patching.h> 30 #include <asm/sections.h> 31 32 #include <mm/mmu_decl.h> 33 34 struct hash_pte *Hash; 35 static unsigned long Hash_size, Hash_mask; 36 unsigned long _SDR1; 37 static unsigned int hash_mb, hash_mb2; 38 39 struct ppc_bat BATS[8][2]; /* 8 pairs of IBAT, DBAT */ 40 41 struct batrange { /* stores address ranges mapped by BATs */ 42 unsigned long start; 43 unsigned long limit; 44 phys_addr_t phys; 45 } bat_addrs[8]; 46 47 /* 48 * Return PA for this VA if it is mapped by a BAT, or 0 49 */ 50 phys_addr_t v_block_mapped(unsigned long va) 51 { 52 int b; 53 for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b) 54 if (va >= bat_addrs[b].start && va < bat_addrs[b].limit) 55 return bat_addrs[b].phys + (va - bat_addrs[b].start); 56 return 0; 57 } 58 59 /* 60 * Return VA for a given PA or 0 if not mapped 61 */ 62 unsigned long p_block_mapped(phys_addr_t pa) 63 { 64 int b; 65 for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b) 66 if (pa >= bat_addrs[b].phys 67 && pa < (bat_addrs[b].limit-bat_addrs[b].start) 68 +bat_addrs[b].phys) 69 return bat_addrs[b].start+(pa-bat_addrs[b].phys); 70 return 0; 71 } 72 73 static int find_free_bat(void) 74 { 75 int b; 76 77 if (IS_ENABLED(CONFIG_PPC_BOOK3S_601)) { 78 for (b = 0; b < 4; b++) { 79 struct ppc_bat *bat = BATS[b]; 80 81 if (!(bat[0].batl & 0x40)) 82 return b; 83 } 84 } else { 85 int n = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4; 86 87 for (b = 0; b < n; b++) { 88 struct ppc_bat *bat = BATS[b]; 89 90 if (!(bat[1].batu & 3)) 91 return b; 92 } 93 } 94 return -1; 95 } 96 97 /* 98 * This function calculates the size of the larger block usable to map the 99 * beginning of an area based on the start address and size of that area: 100 * - max block size is 8M on 601 and 256 on other 6xx. 101 * - base address must be aligned to the block size. So the maximum block size 102 * is identified by the lowest bit set to 1 in the base address (for instance 103 * if base is 0x16000000, max size is 0x02000000). 104 * - block size has to be a power of two. This is calculated by finding the 105 * highest bit set to 1. 106 */ 107 static unsigned int block_size(unsigned long base, unsigned long top) 108 { 109 unsigned int max_size = IS_ENABLED(CONFIG_PPC_BOOK3S_601) ? SZ_8M : SZ_256M; 110 unsigned int base_shift = (ffs(base) - 1) & 31; 111 unsigned int block_shift = (fls(top - base) - 1) & 31; 112 113 return min3(max_size, 1U << base_shift, 1U << block_shift); 114 } 115 116 /* 117 * Set up one of the IBAT (block address translation) register pairs. 118 * The parameters are not checked; in particular size must be a power 119 * of 2 between 128k and 256M. 120 * Only for 603+ ... 121 */ 122 static void setibat(int index, unsigned long virt, phys_addr_t phys, 123 unsigned int size, pgprot_t prot) 124 { 125 unsigned int bl = (size >> 17) - 1; 126 int wimgxpp; 127 struct ppc_bat *bat = BATS[index]; 128 unsigned long flags = pgprot_val(prot); 129 130 if (!cpu_has_feature(CPU_FTR_NEED_COHERENT)) 131 flags &= ~_PAGE_COHERENT; 132 133 wimgxpp = (flags & _PAGE_COHERENT) | (_PAGE_EXEC ? BPP_RX : BPP_XX); 134 bat[0].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */ 135 bat[0].batl = BAT_PHYS_ADDR(phys) | wimgxpp; 136 if (flags & _PAGE_USER) 137 bat[0].batu |= 1; /* Vp = 1 */ 138 } 139 140 static void clearibat(int index) 141 { 142 struct ppc_bat *bat = BATS[index]; 143 144 bat[0].batu = 0; 145 bat[0].batl = 0; 146 } 147 148 static unsigned long __init __mmu_mapin_ram(unsigned long base, unsigned long top) 149 { 150 int idx; 151 152 while ((idx = find_free_bat()) != -1 && base != top) { 153 unsigned int size = block_size(base, top); 154 155 if (size < 128 << 10) 156 break; 157 setbat(idx, PAGE_OFFSET + base, base, size, PAGE_KERNEL_X); 158 base += size; 159 } 160 161 return base; 162 } 163 164 unsigned long __init mmu_mapin_ram(unsigned long base, unsigned long top) 165 { 166 unsigned long done; 167 unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET; 168 169 if (__map_without_bats) { 170 pr_debug("RAM mapped without BATs\n"); 171 return base; 172 } 173 if (debug_pagealloc_enabled()) { 174 if (base >= border) 175 return base; 176 if (top >= border) 177 top = border; 178 } 179 180 if (!strict_kernel_rwx_enabled() || base >= border || top <= border) 181 return __mmu_mapin_ram(base, top); 182 183 done = __mmu_mapin_ram(base, border); 184 if (done != border) 185 return done; 186 187 return __mmu_mapin_ram(border, top); 188 } 189 190 static bool is_module_segment(unsigned long addr) 191 { 192 if (!IS_ENABLED(CONFIG_MODULES)) 193 return false; 194 #ifdef MODULES_VADDR 195 if (addr < ALIGN_DOWN(MODULES_VADDR, SZ_256M)) 196 return false; 197 if (addr > ALIGN(MODULES_END, SZ_256M) - 1) 198 return false; 199 #else 200 if (addr < ALIGN_DOWN(VMALLOC_START, SZ_256M)) 201 return false; 202 if (addr > ALIGN(VMALLOC_END, SZ_256M) - 1) 203 return false; 204 #endif 205 return true; 206 } 207 208 void mmu_mark_initmem_nx(void) 209 { 210 int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4; 211 int i; 212 unsigned long base = (unsigned long)_stext - PAGE_OFFSET; 213 unsigned long top = (unsigned long)_etext - PAGE_OFFSET; 214 unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET; 215 unsigned long size; 216 217 if (IS_ENABLED(CONFIG_PPC_BOOK3S_601)) 218 return; 219 220 for (i = 0; i < nb - 1 && base < top && top - base > (128 << 10);) { 221 size = block_size(base, top); 222 setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT); 223 base += size; 224 } 225 if (base < top) { 226 size = block_size(base, top); 227 size = max(size, 128UL << 10); 228 if ((top - base) > size) { 229 size <<= 1; 230 if (strict_kernel_rwx_enabled() && base + size > border) 231 pr_warn("Some RW data is getting mapped X. " 232 "Adjust CONFIG_DATA_SHIFT to avoid that.\n"); 233 } 234 setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT); 235 base += size; 236 } 237 for (; i < nb; i++) 238 clearibat(i); 239 240 update_bats(); 241 242 for (i = TASK_SIZE >> 28; i < 16; i++) { 243 /* Do not set NX on VM space for modules */ 244 if (is_module_segment(i << 28)) 245 continue; 246 247 mtsrin(mfsrin(i << 28) | 0x10000000, i << 28); 248 } 249 } 250 251 void mmu_mark_rodata_ro(void) 252 { 253 int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4; 254 int i; 255 256 if (IS_ENABLED(CONFIG_PPC_BOOK3S_601)) 257 return; 258 259 for (i = 0; i < nb; i++) { 260 struct ppc_bat *bat = BATS[i]; 261 262 if (bat_addrs[i].start < (unsigned long)__init_begin) 263 bat[1].batl = (bat[1].batl & ~BPP_RW) | BPP_RX; 264 } 265 266 update_bats(); 267 } 268 269 /* 270 * Set up one of the I/D BAT (block address translation) register pairs. 271 * The parameters are not checked; in particular size must be a power 272 * of 2 between 128k and 256M. 273 * On 603+, only set IBAT when _PAGE_EXEC is set 274 */ 275 void __init setbat(int index, unsigned long virt, phys_addr_t phys, 276 unsigned int size, pgprot_t prot) 277 { 278 unsigned int bl; 279 int wimgxpp; 280 struct ppc_bat *bat; 281 unsigned long flags = pgprot_val(prot); 282 283 if (index == -1) 284 index = find_free_bat(); 285 if (index == -1) { 286 pr_err("%s: no BAT available for mapping 0x%llx\n", __func__, 287 (unsigned long long)phys); 288 return; 289 } 290 bat = BATS[index]; 291 292 if ((flags & _PAGE_NO_CACHE) || 293 (cpu_has_feature(CPU_FTR_NEED_COHERENT) == 0)) 294 flags &= ~_PAGE_COHERENT; 295 296 bl = (size >> 17) - 1; 297 if (!IS_ENABLED(CONFIG_PPC_BOOK3S_601)) { 298 /* 603, 604, etc. */ 299 /* Do DBAT first */ 300 wimgxpp = flags & (_PAGE_WRITETHRU | _PAGE_NO_CACHE 301 | _PAGE_COHERENT | _PAGE_GUARDED); 302 wimgxpp |= (flags & _PAGE_RW)? BPP_RW: BPP_RX; 303 bat[1].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */ 304 bat[1].batl = BAT_PHYS_ADDR(phys) | wimgxpp; 305 if (flags & _PAGE_USER) 306 bat[1].batu |= 1; /* Vp = 1 */ 307 if (flags & _PAGE_GUARDED) { 308 /* G bit must be zero in IBATs */ 309 flags &= ~_PAGE_EXEC; 310 } 311 if (flags & _PAGE_EXEC) 312 bat[0] = bat[1]; 313 else 314 bat[0].batu = bat[0].batl = 0; 315 } else { 316 /* 601 cpu */ 317 if (bl > BL_8M) 318 bl = BL_8M; 319 wimgxpp = flags & (_PAGE_WRITETHRU | _PAGE_NO_CACHE 320 | _PAGE_COHERENT); 321 wimgxpp |= (flags & _PAGE_RW)? 322 ((flags & _PAGE_USER)? PP_RWRW: PP_RWXX): PP_RXRX; 323 bat->batu = virt | wimgxpp | 4; /* Ks=0, Ku=1 */ 324 bat->batl = phys | bl | 0x40; /* V=1 */ 325 } 326 327 bat_addrs[index].start = virt; 328 bat_addrs[index].limit = virt + ((bl + 1) << 17) - 1; 329 bat_addrs[index].phys = phys; 330 } 331 332 /* 333 * Preload a translation in the hash table 334 */ 335 void hash_preload(struct mm_struct *mm, unsigned long ea) 336 { 337 pmd_t *pmd; 338 339 if (!Hash) 340 return; 341 pmd = pmd_off(mm, ea); 342 if (!pmd_none(*pmd)) 343 add_hash_page(mm->context.id, ea, pmd_val(*pmd)); 344 } 345 346 /* 347 * This is called at the end of handling a user page fault, when the 348 * fault has been handled by updating a PTE in the linux page tables. 349 * We use it to preload an HPTE into the hash table corresponding to 350 * the updated linux PTE. 351 * 352 * This must always be called with the pte lock held. 353 */ 354 void update_mmu_cache(struct vm_area_struct *vma, unsigned long address, 355 pte_t *ptep) 356 { 357 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) 358 return; 359 /* 360 * We don't need to worry about _PAGE_PRESENT here because we are 361 * called with either mm->page_table_lock held or ptl lock held 362 */ 363 364 /* We only want HPTEs for linux PTEs that have _PAGE_ACCESSED set */ 365 if (!pte_young(*ptep) || address >= TASK_SIZE) 366 return; 367 368 /* We have to test for regs NULL since init will get here first thing at boot */ 369 if (!current->thread.regs) 370 return; 371 372 /* We also avoid filling the hash if not coming from a fault */ 373 if (TRAP(current->thread.regs) != 0x300 && TRAP(current->thread.regs) != 0x400) 374 return; 375 376 hash_preload(vma->vm_mm, address); 377 } 378 379 /* 380 * Initialize the hash table and patch the instructions in hashtable.S. 381 */ 382 void __init MMU_init_hw(void) 383 { 384 unsigned int n_hpteg, lg_n_hpteg; 385 386 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) 387 return; 388 389 if ( ppc_md.progress ) ppc_md.progress("hash:enter", 0x105); 390 391 #define LG_HPTEG_SIZE 6 /* 64 bytes per HPTEG */ 392 #define SDR1_LOW_BITS ((n_hpteg - 1) >> 10) 393 #define MIN_N_HPTEG 1024 /* min 64kB hash table */ 394 395 /* 396 * Allow 1 HPTE (1/8 HPTEG) for each page of memory. 397 * This is less than the recommended amount, but then 398 * Linux ain't AIX. 399 */ 400 n_hpteg = total_memory / (PAGE_SIZE * 8); 401 if (n_hpteg < MIN_N_HPTEG) 402 n_hpteg = MIN_N_HPTEG; 403 lg_n_hpteg = __ilog2(n_hpteg); 404 if (n_hpteg & (n_hpteg - 1)) { 405 ++lg_n_hpteg; /* round up if not power of 2 */ 406 n_hpteg = 1 << lg_n_hpteg; 407 } 408 Hash_size = n_hpteg << LG_HPTEG_SIZE; 409 410 /* 411 * Find some memory for the hash table. 412 */ 413 if ( ppc_md.progress ) ppc_md.progress("hash:find piece", 0x322); 414 Hash = memblock_alloc(Hash_size, Hash_size); 415 if (!Hash) 416 panic("%s: Failed to allocate %lu bytes align=0x%lx\n", 417 __func__, Hash_size, Hash_size); 418 _SDR1 = __pa(Hash) | SDR1_LOW_BITS; 419 420 pr_info("Total memory = %lldMB; using %ldkB for hash table\n", 421 (unsigned long long)(total_memory >> 20), Hash_size >> 10); 422 423 424 Hash_mask = n_hpteg - 1; 425 hash_mb2 = hash_mb = 32 - LG_HPTEG_SIZE - lg_n_hpteg; 426 if (lg_n_hpteg > 16) 427 hash_mb2 = 16 - LG_HPTEG_SIZE; 428 429 /* 430 * When KASAN is selected, there is already an early temporary hash 431 * table and the switch to the final hash table is done later. 432 */ 433 if (IS_ENABLED(CONFIG_KASAN)) 434 return; 435 436 MMU_init_hw_patch(); 437 } 438 439 void __init MMU_init_hw_patch(void) 440 { 441 unsigned int hmask = Hash_mask >> (16 - LG_HPTEG_SIZE); 442 unsigned int hash = (unsigned int)Hash - PAGE_OFFSET; 443 444 if (ppc_md.progress) 445 ppc_md.progress("hash:patch", 0x345); 446 if (ppc_md.progress) 447 ppc_md.progress("hash:done", 0x205); 448 449 /* WARNING: Make sure nothing can trigger a KASAN check past this point */ 450 451 /* 452 * Patch up the instructions in hashtable.S:create_hpte 453 */ 454 modify_instruction_site(&patch__hash_page_A0, 0xffff, hash >> 16); 455 modify_instruction_site(&patch__hash_page_A1, 0x7c0, hash_mb << 6); 456 modify_instruction_site(&patch__hash_page_A2, 0x7c0, hash_mb2 << 6); 457 modify_instruction_site(&patch__hash_page_B, 0xffff, hmask); 458 modify_instruction_site(&patch__hash_page_C, 0xffff, hmask); 459 460 /* 461 * Patch up the instructions in hashtable.S:flush_hash_page 462 */ 463 modify_instruction_site(&patch__flush_hash_A0, 0xffff, hash >> 16); 464 modify_instruction_site(&patch__flush_hash_A1, 0x7c0, hash_mb << 6); 465 modify_instruction_site(&patch__flush_hash_A2, 0x7c0, hash_mb2 << 6); 466 modify_instruction_site(&patch__flush_hash_B, 0xffff, hmask); 467 } 468 469 void setup_initial_memory_limit(phys_addr_t first_memblock_base, 470 phys_addr_t first_memblock_size) 471 { 472 /* We don't currently support the first MEMBLOCK not mapping 0 473 * physical on those processors 474 */ 475 BUG_ON(first_memblock_base != 0); 476 477 /* 601 can only access 16MB at the moment */ 478 if (IS_ENABLED(CONFIG_PPC_BOOK3S_601)) 479 memblock_set_current_limit(min_t(u64, first_memblock_size, 0x01000000)); 480 else /* Anything else has 256M mapped */ 481 memblock_set_current_limit(min_t(u64, first_memblock_size, 0x10000000)); 482 } 483 484 void __init print_system_hash_info(void) 485 { 486 pr_info("Hash_size = 0x%lx\n", Hash_size); 487 if (Hash_mask) 488 pr_info("Hash_mask = 0x%lx\n", Hash_mask); 489 } 490 491 #ifdef CONFIG_PPC_KUEP 492 void __init setup_kuep(bool disabled) 493 { 494 pr_info("Activating Kernel Userspace Execution Prevention\n"); 495 496 if (disabled) 497 pr_warn("KUEP cannot be disabled yet on 6xx when compiled in\n"); 498 } 499 #endif 500 501 #ifdef CONFIG_PPC_KUAP 502 void __init setup_kuap(bool disabled) 503 { 504 pr_info("Activating Kernel Userspace Access Protection\n"); 505 506 if (disabled) 507 pr_warn("KUAP cannot be disabled yet on 6xx when compiled in\n"); 508 } 509 #endif 510