xref: /openbmc/linux/arch/powerpc/mm/book3s32/mmu.c (revision f97cee494dc92395a668445bcd24d34c89f4ff8c)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * This file contains the routines for handling the MMU on those
4  * PowerPC implementations where the MMU substantially follows the
5  * architecture specification.  This includes the 6xx, 7xx, 7xxx,
6  * and 8260 implementations but excludes the 8xx and 4xx.
7  *  -- paulus
8  *
9  *  Derived from arch/ppc/mm/init.c:
10  *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
11  *
12  *  Modifications by Paul Mackerras (PowerMac) (paulus@cs.anu.edu.au)
13  *  and Cort Dougan (PReP) (cort@cs.nmt.edu)
14  *    Copyright (C) 1996 Paul Mackerras
15  *
16  *  Derived from "arch/i386/mm/init.c"
17  *    Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
18  */
19 
20 #include <linux/kernel.h>
21 #include <linux/mm.h>
22 #include <linux/init.h>
23 #include <linux/highmem.h>
24 #include <linux/memblock.h>
25 
26 #include <asm/prom.h>
27 #include <asm/mmu.h>
28 #include <asm/machdep.h>
29 #include <asm/code-patching.h>
30 #include <asm/sections.h>
31 
32 #include <mm/mmu_decl.h>
33 
34 struct hash_pte *Hash;
35 static unsigned long Hash_size, Hash_mask;
36 unsigned long _SDR1;
37 static unsigned int hash_mb, hash_mb2;
38 
39 struct ppc_bat BATS[8][2];	/* 8 pairs of IBAT, DBAT */
40 
41 struct batrange {		/* stores address ranges mapped by BATs */
42 	unsigned long start;
43 	unsigned long limit;
44 	phys_addr_t phys;
45 } bat_addrs[8];
46 
47 /*
48  * Return PA for this VA if it is mapped by a BAT, or 0
49  */
50 phys_addr_t v_block_mapped(unsigned long va)
51 {
52 	int b;
53 	for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b)
54 		if (va >= bat_addrs[b].start && va < bat_addrs[b].limit)
55 			return bat_addrs[b].phys + (va - bat_addrs[b].start);
56 	return 0;
57 }
58 
59 /*
60  * Return VA for a given PA or 0 if not mapped
61  */
62 unsigned long p_block_mapped(phys_addr_t pa)
63 {
64 	int b;
65 	for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b)
66 		if (pa >= bat_addrs[b].phys
67 	    	    && pa < (bat_addrs[b].limit-bat_addrs[b].start)
68 		              +bat_addrs[b].phys)
69 			return bat_addrs[b].start+(pa-bat_addrs[b].phys);
70 	return 0;
71 }
72 
73 static int find_free_bat(void)
74 {
75 	int b;
76 
77 	if (IS_ENABLED(CONFIG_PPC_BOOK3S_601)) {
78 		for (b = 0; b < 4; b++) {
79 			struct ppc_bat *bat = BATS[b];
80 
81 			if (!(bat[0].batl & 0x40))
82 				return b;
83 		}
84 	} else {
85 		int n = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4;
86 
87 		for (b = 0; b < n; b++) {
88 			struct ppc_bat *bat = BATS[b];
89 
90 			if (!(bat[1].batu & 3))
91 				return b;
92 		}
93 	}
94 	return -1;
95 }
96 
97 /*
98  * This function calculates the size of the larger block usable to map the
99  * beginning of an area based on the start address and size of that area:
100  * - max block size is 8M on 601 and 256 on other 6xx.
101  * - base address must be aligned to the block size. So the maximum block size
102  *   is identified by the lowest bit set to 1 in the base address (for instance
103  *   if base is 0x16000000, max size is 0x02000000).
104  * - block size has to be a power of two. This is calculated by finding the
105  *   highest bit set to 1.
106  */
107 static unsigned int block_size(unsigned long base, unsigned long top)
108 {
109 	unsigned int max_size = IS_ENABLED(CONFIG_PPC_BOOK3S_601) ? SZ_8M : SZ_256M;
110 	unsigned int base_shift = (ffs(base) - 1) & 31;
111 	unsigned int block_shift = (fls(top - base) - 1) & 31;
112 
113 	return min3(max_size, 1U << base_shift, 1U << block_shift);
114 }
115 
116 /*
117  * Set up one of the IBAT (block address translation) register pairs.
118  * The parameters are not checked; in particular size must be a power
119  * of 2 between 128k and 256M.
120  * Only for 603+ ...
121  */
122 static void setibat(int index, unsigned long virt, phys_addr_t phys,
123 		    unsigned int size, pgprot_t prot)
124 {
125 	unsigned int bl = (size >> 17) - 1;
126 	int wimgxpp;
127 	struct ppc_bat *bat = BATS[index];
128 	unsigned long flags = pgprot_val(prot);
129 
130 	if (!cpu_has_feature(CPU_FTR_NEED_COHERENT))
131 		flags &= ~_PAGE_COHERENT;
132 
133 	wimgxpp = (flags & _PAGE_COHERENT) | (_PAGE_EXEC ? BPP_RX : BPP_XX);
134 	bat[0].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */
135 	bat[0].batl = BAT_PHYS_ADDR(phys) | wimgxpp;
136 	if (flags & _PAGE_USER)
137 		bat[0].batu |= 1;	/* Vp = 1 */
138 }
139 
140 static void clearibat(int index)
141 {
142 	struct ppc_bat *bat = BATS[index];
143 
144 	bat[0].batu = 0;
145 	bat[0].batl = 0;
146 }
147 
148 static unsigned long __init __mmu_mapin_ram(unsigned long base, unsigned long top)
149 {
150 	int idx;
151 
152 	while ((idx = find_free_bat()) != -1 && base != top) {
153 		unsigned int size = block_size(base, top);
154 
155 		if (size < 128 << 10)
156 			break;
157 		setbat(idx, PAGE_OFFSET + base, base, size, PAGE_KERNEL_X);
158 		base += size;
159 	}
160 
161 	return base;
162 }
163 
164 unsigned long __init mmu_mapin_ram(unsigned long base, unsigned long top)
165 {
166 	unsigned long done;
167 	unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET;
168 
169 	if (__map_without_bats) {
170 		pr_debug("RAM mapped without BATs\n");
171 		return base;
172 	}
173 	if (debug_pagealloc_enabled()) {
174 		if (base >= border)
175 			return base;
176 		if (top >= border)
177 			top = border;
178 	}
179 
180 	if (!strict_kernel_rwx_enabled() || base >= border || top <= border)
181 		return __mmu_mapin_ram(base, top);
182 
183 	done = __mmu_mapin_ram(base, border);
184 	if (done != border)
185 		return done;
186 
187 	return __mmu_mapin_ram(border, top);
188 }
189 
190 static bool is_module_segment(unsigned long addr)
191 {
192 	if (!IS_ENABLED(CONFIG_MODULES))
193 		return false;
194 #ifdef MODULES_VADDR
195 	if (addr < ALIGN_DOWN(MODULES_VADDR, SZ_256M))
196 		return false;
197 	if (addr > ALIGN(MODULES_END, SZ_256M) - 1)
198 		return false;
199 #else
200 	if (addr < ALIGN_DOWN(VMALLOC_START, SZ_256M))
201 		return false;
202 	if (addr > ALIGN(VMALLOC_END, SZ_256M) - 1)
203 		return false;
204 #endif
205 	return true;
206 }
207 
208 void mmu_mark_initmem_nx(void)
209 {
210 	int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4;
211 	int i;
212 	unsigned long base = (unsigned long)_stext - PAGE_OFFSET;
213 	unsigned long top = (unsigned long)_etext - PAGE_OFFSET;
214 	unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET;
215 	unsigned long size;
216 
217 	if (IS_ENABLED(CONFIG_PPC_BOOK3S_601))
218 		return;
219 
220 	for (i = 0; i < nb - 1 && base < top && top - base > (128 << 10);) {
221 		size = block_size(base, top);
222 		setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT);
223 		base += size;
224 	}
225 	if (base < top) {
226 		size = block_size(base, top);
227 		size = max(size, 128UL << 10);
228 		if ((top - base) > size) {
229 			size <<= 1;
230 			if (strict_kernel_rwx_enabled() && base + size > border)
231 				pr_warn("Some RW data is getting mapped X. "
232 					"Adjust CONFIG_DATA_SHIFT to avoid that.\n");
233 		}
234 		setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT);
235 		base += size;
236 	}
237 	for (; i < nb; i++)
238 		clearibat(i);
239 
240 	update_bats();
241 
242 	for (i = TASK_SIZE >> 28; i < 16; i++) {
243 		/* Do not set NX on VM space for modules */
244 		if (is_module_segment(i << 28))
245 			continue;
246 
247 		mtsrin(mfsrin(i << 28) | 0x10000000, i << 28);
248 	}
249 }
250 
251 void mmu_mark_rodata_ro(void)
252 {
253 	int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4;
254 	int i;
255 
256 	if (IS_ENABLED(CONFIG_PPC_BOOK3S_601))
257 		return;
258 
259 	for (i = 0; i < nb; i++) {
260 		struct ppc_bat *bat = BATS[i];
261 
262 		if (bat_addrs[i].start < (unsigned long)__init_begin)
263 			bat[1].batl = (bat[1].batl & ~BPP_RW) | BPP_RX;
264 	}
265 
266 	update_bats();
267 }
268 
269 /*
270  * Set up one of the I/D BAT (block address translation) register pairs.
271  * The parameters are not checked; in particular size must be a power
272  * of 2 between 128k and 256M.
273  * On 603+, only set IBAT when _PAGE_EXEC is set
274  */
275 void __init setbat(int index, unsigned long virt, phys_addr_t phys,
276 		   unsigned int size, pgprot_t prot)
277 {
278 	unsigned int bl;
279 	int wimgxpp;
280 	struct ppc_bat *bat;
281 	unsigned long flags = pgprot_val(prot);
282 
283 	if (index == -1)
284 		index = find_free_bat();
285 	if (index == -1) {
286 		pr_err("%s: no BAT available for mapping 0x%llx\n", __func__,
287 		       (unsigned long long)phys);
288 		return;
289 	}
290 	bat = BATS[index];
291 
292 	if ((flags & _PAGE_NO_CACHE) ||
293 	    (cpu_has_feature(CPU_FTR_NEED_COHERENT) == 0))
294 		flags &= ~_PAGE_COHERENT;
295 
296 	bl = (size >> 17) - 1;
297 	if (!IS_ENABLED(CONFIG_PPC_BOOK3S_601)) {
298 		/* 603, 604, etc. */
299 		/* Do DBAT first */
300 		wimgxpp = flags & (_PAGE_WRITETHRU | _PAGE_NO_CACHE
301 				   | _PAGE_COHERENT | _PAGE_GUARDED);
302 		wimgxpp |= (flags & _PAGE_RW)? BPP_RW: BPP_RX;
303 		bat[1].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */
304 		bat[1].batl = BAT_PHYS_ADDR(phys) | wimgxpp;
305 		if (flags & _PAGE_USER)
306 			bat[1].batu |= 1; 	/* Vp = 1 */
307 		if (flags & _PAGE_GUARDED) {
308 			/* G bit must be zero in IBATs */
309 			flags &= ~_PAGE_EXEC;
310 		}
311 		if (flags & _PAGE_EXEC)
312 			bat[0] = bat[1];
313 		else
314 			bat[0].batu = bat[0].batl = 0;
315 	} else {
316 		/* 601 cpu */
317 		if (bl > BL_8M)
318 			bl = BL_8M;
319 		wimgxpp = flags & (_PAGE_WRITETHRU | _PAGE_NO_CACHE
320 				   | _PAGE_COHERENT);
321 		wimgxpp |= (flags & _PAGE_RW)?
322 			((flags & _PAGE_USER)? PP_RWRW: PP_RWXX): PP_RXRX;
323 		bat->batu = virt | wimgxpp | 4;	/* Ks=0, Ku=1 */
324 		bat->batl = phys | bl | 0x40;	/* V=1 */
325 	}
326 
327 	bat_addrs[index].start = virt;
328 	bat_addrs[index].limit = virt + ((bl + 1) << 17) - 1;
329 	bat_addrs[index].phys = phys;
330 }
331 
332 /*
333  * Preload a translation in the hash table
334  */
335 void hash_preload(struct mm_struct *mm, unsigned long ea)
336 {
337 	pmd_t *pmd;
338 
339 	if (!Hash)
340 		return;
341 	pmd = pmd_off(mm, ea);
342 	if (!pmd_none(*pmd))
343 		add_hash_page(mm->context.id, ea, pmd_val(*pmd));
344 }
345 
346 /*
347  * This is called at the end of handling a user page fault, when the
348  * fault has been handled by updating a PTE in the linux page tables.
349  * We use it to preload an HPTE into the hash table corresponding to
350  * the updated linux PTE.
351  *
352  * This must always be called with the pte lock held.
353  */
354 void update_mmu_cache(struct vm_area_struct *vma, unsigned long address,
355 		      pte_t *ptep)
356 {
357 	if (!mmu_has_feature(MMU_FTR_HPTE_TABLE))
358 		return;
359 	/*
360 	 * We don't need to worry about _PAGE_PRESENT here because we are
361 	 * called with either mm->page_table_lock held or ptl lock held
362 	 */
363 
364 	/* We only want HPTEs for linux PTEs that have _PAGE_ACCESSED set */
365 	if (!pte_young(*ptep) || address >= TASK_SIZE)
366 		return;
367 
368 	/* We have to test for regs NULL since init will get here first thing at boot */
369 	if (!current->thread.regs)
370 		return;
371 
372 	/* We also avoid filling the hash if not coming from a fault */
373 	if (TRAP(current->thread.regs) != 0x300 && TRAP(current->thread.regs) != 0x400)
374 		return;
375 
376 	hash_preload(vma->vm_mm, address);
377 }
378 
379 /*
380  * Initialize the hash table and patch the instructions in hashtable.S.
381  */
382 void __init MMU_init_hw(void)
383 {
384 	unsigned int n_hpteg, lg_n_hpteg;
385 
386 	if (!mmu_has_feature(MMU_FTR_HPTE_TABLE))
387 		return;
388 
389 	if ( ppc_md.progress ) ppc_md.progress("hash:enter", 0x105);
390 
391 #define LG_HPTEG_SIZE	6		/* 64 bytes per HPTEG */
392 #define SDR1_LOW_BITS	((n_hpteg - 1) >> 10)
393 #define MIN_N_HPTEG	1024		/* min 64kB hash table */
394 
395 	/*
396 	 * Allow 1 HPTE (1/8 HPTEG) for each page of memory.
397 	 * This is less than the recommended amount, but then
398 	 * Linux ain't AIX.
399 	 */
400 	n_hpteg = total_memory / (PAGE_SIZE * 8);
401 	if (n_hpteg < MIN_N_HPTEG)
402 		n_hpteg = MIN_N_HPTEG;
403 	lg_n_hpteg = __ilog2(n_hpteg);
404 	if (n_hpteg & (n_hpteg - 1)) {
405 		++lg_n_hpteg;		/* round up if not power of 2 */
406 		n_hpteg = 1 << lg_n_hpteg;
407 	}
408 	Hash_size = n_hpteg << LG_HPTEG_SIZE;
409 
410 	/*
411 	 * Find some memory for the hash table.
412 	 */
413 	if ( ppc_md.progress ) ppc_md.progress("hash:find piece", 0x322);
414 	Hash = memblock_alloc(Hash_size, Hash_size);
415 	if (!Hash)
416 		panic("%s: Failed to allocate %lu bytes align=0x%lx\n",
417 		      __func__, Hash_size, Hash_size);
418 	_SDR1 = __pa(Hash) | SDR1_LOW_BITS;
419 
420 	pr_info("Total memory = %lldMB; using %ldkB for hash table\n",
421 		(unsigned long long)(total_memory >> 20), Hash_size >> 10);
422 
423 
424 	Hash_mask = n_hpteg - 1;
425 	hash_mb2 = hash_mb = 32 - LG_HPTEG_SIZE - lg_n_hpteg;
426 	if (lg_n_hpteg > 16)
427 		hash_mb2 = 16 - LG_HPTEG_SIZE;
428 
429 	/*
430 	 * When KASAN is selected, there is already an early temporary hash
431 	 * table and the switch to the final hash table is done later.
432 	 */
433 	if (IS_ENABLED(CONFIG_KASAN))
434 		return;
435 
436 	MMU_init_hw_patch();
437 }
438 
439 void __init MMU_init_hw_patch(void)
440 {
441 	unsigned int hmask = Hash_mask >> (16 - LG_HPTEG_SIZE);
442 	unsigned int hash = (unsigned int)Hash - PAGE_OFFSET;
443 
444 	if (ppc_md.progress)
445 		ppc_md.progress("hash:patch", 0x345);
446 	if (ppc_md.progress)
447 		ppc_md.progress("hash:done", 0x205);
448 
449 	/* WARNING: Make sure nothing can trigger a KASAN check past this point */
450 
451 	/*
452 	 * Patch up the instructions in hashtable.S:create_hpte
453 	 */
454 	modify_instruction_site(&patch__hash_page_A0, 0xffff, hash >> 16);
455 	modify_instruction_site(&patch__hash_page_A1, 0x7c0, hash_mb << 6);
456 	modify_instruction_site(&patch__hash_page_A2, 0x7c0, hash_mb2 << 6);
457 	modify_instruction_site(&patch__hash_page_B, 0xffff, hmask);
458 	modify_instruction_site(&patch__hash_page_C, 0xffff, hmask);
459 
460 	/*
461 	 * Patch up the instructions in hashtable.S:flush_hash_page
462 	 */
463 	modify_instruction_site(&patch__flush_hash_A0, 0xffff, hash >> 16);
464 	modify_instruction_site(&patch__flush_hash_A1, 0x7c0, hash_mb << 6);
465 	modify_instruction_site(&patch__flush_hash_A2, 0x7c0, hash_mb2 << 6);
466 	modify_instruction_site(&patch__flush_hash_B, 0xffff, hmask);
467 }
468 
469 void setup_initial_memory_limit(phys_addr_t first_memblock_base,
470 				phys_addr_t first_memblock_size)
471 {
472 	/* We don't currently support the first MEMBLOCK not mapping 0
473 	 * physical on those processors
474 	 */
475 	BUG_ON(first_memblock_base != 0);
476 
477 	/* 601 can only access 16MB at the moment */
478 	if (IS_ENABLED(CONFIG_PPC_BOOK3S_601))
479 		memblock_set_current_limit(min_t(u64, first_memblock_size, 0x01000000));
480 	else /* Anything else has 256M mapped */
481 		memblock_set_current_limit(min_t(u64, first_memblock_size, 0x10000000));
482 }
483 
484 void __init print_system_hash_info(void)
485 {
486 	pr_info("Hash_size         = 0x%lx\n", Hash_size);
487 	if (Hash_mask)
488 		pr_info("Hash_mask         = 0x%lx\n", Hash_mask);
489 }
490 
491 #ifdef CONFIG_PPC_KUEP
492 void __init setup_kuep(bool disabled)
493 {
494 	pr_info("Activating Kernel Userspace Execution Prevention\n");
495 
496 	if (disabled)
497 		pr_warn("KUEP cannot be disabled yet on 6xx when compiled in\n");
498 }
499 #endif
500 
501 #ifdef CONFIG_PPC_KUAP
502 void __init setup_kuap(bool disabled)
503 {
504 	pr_info("Activating Kernel Userspace Access Protection\n");
505 
506 	if (disabled)
507 		pr_warn("KUAP cannot be disabled yet on 6xx when compiled in\n");
508 }
509 #endif
510