1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Based on arch/arm/mm/init.c
4 *
5 * Copyright (C) 1995-2005 Russell King
6 * Copyright (C) 2012 ARM Ltd.
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/export.h>
11 #include <linux/errno.h>
12 #include <linux/swap.h>
13 #include <linux/init.h>
14 #include <linux/cache.h>
15 #include <linux/mman.h>
16 #include <linux/nodemask.h>
17 #include <linux/initrd.h>
18 #include <linux/gfp.h>
19 #include <linux/math.h>
20 #include <linux/memblock.h>
21 #include <linux/sort.h>
22 #include <linux/of.h>
23 #include <linux/of_fdt.h>
24 #include <linux/dma-direct.h>
25 #include <linux/dma-map-ops.h>
26 #include <linux/efi.h>
27 #include <linux/swiotlb.h>
28 #include <linux/vmalloc.h>
29 #include <linux/mm.h>
30 #include <linux/kexec.h>
31 #include <linux/crash_dump.h>
32 #include <linux/hugetlb.h>
33 #include <linux/acpi_iort.h>
34 #include <linux/kmemleak.h>
35 #include <linux/execmem.h>
36
37 #include <asm/boot.h>
38 #include <asm/fixmap.h>
39 #include <asm/kasan.h>
40 #include <asm/kernel-pgtable.h>
41 #include <asm/kvm_host.h>
42 #include <asm/memory.h>
43 #include <asm/numa.h>
44 #include <asm/rsi.h>
45 #include <asm/sections.h>
46 #include <asm/setup.h>
47 #include <linux/sizes.h>
48 #include <asm/tlb.h>
49 #include <asm/alternative.h>
50 #include <asm/xen/swiotlb-xen.h>
51
52 /*
53 * We need to be able to catch inadvertent references to memstart_addr
54 * that occur (potentially in generic code) before arm64_memblock_init()
55 * executes, which assigns it its actual value. So use a default value
56 * that cannot be mistaken for a real physical address.
57 */
58 s64 memstart_addr __ro_after_init = -1;
59 EXPORT_SYMBOL(memstart_addr);
60
61 /*
62 * If the corresponding config options are enabled, we create both ZONE_DMA
63 * and ZONE_DMA32. By default ZONE_DMA covers the 32-bit addressable memory
64 * unless restricted on specific platforms (e.g. 30-bit on Raspberry Pi 4).
65 * In such case, ZONE_DMA32 covers the rest of the 32-bit addressable memory,
66 * otherwise it is empty.
67 */
68 phys_addr_t __ro_after_init arm64_dma_phys_limit;
69
70 /*
71 * To make optimal use of block mappings when laying out the linear
72 * mapping, round down the base of physical memory to a size that can
73 * be mapped efficiently, i.e., either PUD_SIZE (4k granule) or PMD_SIZE
74 * (64k granule), or a multiple that can be mapped using contiguous bits
75 * in the page tables: 32 * PMD_SIZE (16k granule)
76 */
77 #if defined(CONFIG_ARM64_4K_PAGES)
78 #define ARM64_MEMSTART_SHIFT PUD_SHIFT
79 #elif defined(CONFIG_ARM64_16K_PAGES)
80 #define ARM64_MEMSTART_SHIFT CONT_PMD_SHIFT
81 #else
82 #define ARM64_MEMSTART_SHIFT PMD_SHIFT
83 #endif
84
85 /*
86 * sparsemem vmemmap imposes an additional requirement on the alignment of
87 * memstart_addr, due to the fact that the base of the vmemmap region
88 * has a direct correspondence, and needs to appear sufficiently aligned
89 * in the virtual address space.
90 */
91 #if ARM64_MEMSTART_SHIFT < SECTION_SIZE_BITS
92 #define ARM64_MEMSTART_ALIGN (1UL << SECTION_SIZE_BITS)
93 #else
94 #define ARM64_MEMSTART_ALIGN (1UL << ARM64_MEMSTART_SHIFT)
95 #endif
96
arch_reserve_crashkernel(void)97 static void __init arch_reserve_crashkernel(void)
98 {
99 unsigned long long low_size = 0;
100 unsigned long long crash_base, crash_size;
101 bool high = false;
102 int ret;
103
104 if (!IS_ENABLED(CONFIG_CRASH_RESERVE))
105 return;
106
107 ret = parse_crashkernel(boot_command_line, memblock_phys_mem_size(),
108 &crash_size, &crash_base,
109 &low_size, NULL, &high);
110 if (ret)
111 return;
112
113 reserve_crashkernel_generic(crash_size, crash_base, low_size, high);
114 }
115
max_zone_phys(phys_addr_t zone_limit)116 static phys_addr_t __init max_zone_phys(phys_addr_t zone_limit)
117 {
118 return min(zone_limit, memblock_end_of_DRAM() - 1) + 1;
119 }
120
arch_zone_limits_init(unsigned long * max_zone_pfns)121 void __init arch_zone_limits_init(unsigned long *max_zone_pfns)
122 {
123 phys_addr_t __maybe_unused dma32_phys_limit =
124 max_zone_phys(DMA_BIT_MASK(32));
125
126 #ifdef CONFIG_ZONE_DMA
127 max_zone_pfns[ZONE_DMA] = PFN_DOWN(max_zone_phys(zone_dma_limit));
128 #endif
129 #ifdef CONFIG_ZONE_DMA32
130 max_zone_pfns[ZONE_DMA32] = PFN_DOWN(dma32_phys_limit);
131 #endif
132 max_zone_pfns[ZONE_NORMAL] = max_pfn;
133 }
134
dma_limits_init(void)135 static void __init dma_limits_init(void)
136 {
137 phys_addr_t __maybe_unused acpi_zone_dma_limit;
138 phys_addr_t __maybe_unused dt_zone_dma_limit;
139 phys_addr_t __maybe_unused dma32_phys_limit =
140 max_zone_phys(DMA_BIT_MASK(32));
141
142 #ifdef CONFIG_ZONE_DMA
143 acpi_zone_dma_limit = acpi_iort_dma_get_max_cpu_address();
144 dt_zone_dma_limit = of_dma_get_max_cpu_address(NULL);
145 zone_dma_limit = min(dt_zone_dma_limit, acpi_zone_dma_limit);
146 /*
147 * Information we get from firmware (e.g. DT dma-ranges) describe DMA
148 * bus constraints. Devices using DMA might have their own limitations.
149 * Some of them rely on DMA zone in low 32-bit memory. Keep low RAM
150 * DMA zone on platforms that have RAM there.
151 */
152 if (memblock_start_of_DRAM() < U32_MAX)
153 zone_dma_limit = min(zone_dma_limit, U32_MAX);
154 arm64_dma_phys_limit = max_zone_phys(zone_dma_limit);
155 #endif
156 #ifdef CONFIG_ZONE_DMA32
157 if (!arm64_dma_phys_limit)
158 arm64_dma_phys_limit = dma32_phys_limit;
159 #endif
160 if (!arm64_dma_phys_limit)
161 arm64_dma_phys_limit = PHYS_MASK + 1;
162 }
163
pfn_is_map_memory(unsigned long pfn)164 int pfn_is_map_memory(unsigned long pfn)
165 {
166 phys_addr_t addr = PFN_PHYS(pfn);
167
168 /* avoid false positives for bogus PFNs, see comment in pfn_valid() */
169 if (PHYS_PFN(addr) != pfn)
170 return 0;
171
172 return memblock_is_map_memory(addr);
173 }
174 EXPORT_SYMBOL(pfn_is_map_memory);
175
176 static phys_addr_t memory_limit __ro_after_init = PHYS_ADDR_MAX;
177
178 /*
179 * Limit the memory size that was specified via FDT.
180 */
early_mem(char * p)181 static int __init early_mem(char *p)
182 {
183 if (!p)
184 return 1;
185
186 memory_limit = memparse(p, &p) & PAGE_MASK;
187 pr_notice("Memory limited to %lldMB\n", memory_limit >> 20);
188
189 return 0;
190 }
191 early_param("mem", early_mem);
192
arm64_memblock_init(void)193 void __init arm64_memblock_init(void)
194 {
195 s64 linear_region_size = PAGE_END - _PAGE_OFFSET(vabits_actual);
196
197 /*
198 * Corner case: 52-bit VA capable systems running KVM in nVHE mode may
199 * be limited in their ability to support a linear map that exceeds 51
200 * bits of VA space, depending on the placement of the ID map. Given
201 * that the placement of the ID map may be randomized, let's simply
202 * limit the kernel's linear map to 51 bits as well if we detect this
203 * configuration.
204 */
205 if (IS_ENABLED(CONFIG_KVM) && vabits_actual == 52 &&
206 is_hyp_mode_available() && !is_kernel_in_hyp_mode()) {
207 pr_info("Capping linear region to 51 bits for KVM in nVHE mode on LVA capable hardware.\n");
208 linear_region_size = min_t(u64, linear_region_size, BIT(51));
209 }
210
211 /* Remove memory above our supported physical address size */
212 memblock_remove(1ULL << PHYS_MASK_SHIFT, ULLONG_MAX);
213
214 /*
215 * Select a suitable value for the base of physical memory.
216 */
217 memstart_addr = round_down(memblock_start_of_DRAM(),
218 ARM64_MEMSTART_ALIGN);
219
220 if ((memblock_end_of_DRAM() - memstart_addr) > linear_region_size)
221 pr_warn("Memory doesn't fit in the linear mapping, VA_BITS too small\n");
222
223 /*
224 * Remove the memory that we will not be able to cover with the
225 * linear mapping. Take care not to clip the kernel which may be
226 * high in memory.
227 */
228 memblock_remove(max_t(u64, memstart_addr + linear_region_size,
229 __pa_symbol(_end)), ULLONG_MAX);
230 if (memstart_addr + linear_region_size < memblock_end_of_DRAM()) {
231 /* ensure that memstart_addr remains sufficiently aligned */
232 memstart_addr = round_up(memblock_end_of_DRAM() - linear_region_size,
233 ARM64_MEMSTART_ALIGN);
234 memblock_remove(0, memstart_addr);
235 }
236
237 /*
238 * If we are running with a 52-bit kernel VA config on a system that
239 * does not support it, we have to place the available physical
240 * memory in the 48-bit addressable part of the linear region, i.e.,
241 * we have to move it upward. Since memstart_addr represents the
242 * physical address of PAGE_OFFSET, we have to *subtract* from it.
243 */
244 if (IS_ENABLED(CONFIG_ARM64_VA_BITS_52) && (vabits_actual != 52))
245 memstart_addr -= _PAGE_OFFSET(vabits_actual) - _PAGE_OFFSET(52);
246
247 /*
248 * Apply the memory limit if it was set. Since the kernel may be loaded
249 * high up in memory, add back the kernel region that must be accessible
250 * via the linear mapping.
251 */
252 if (memory_limit != PHYS_ADDR_MAX) {
253 memblock_mem_limit_remove_map(memory_limit);
254 memblock_add(__pa_symbol(_text), (resource_size_t)(_end - _text));
255 }
256
257 if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
258 /*
259 * Add back the memory we just removed if it results in the
260 * initrd to become inaccessible via the linear mapping.
261 * Otherwise, this is a no-op
262 */
263 phys_addr_t base = phys_initrd_start & PAGE_MASK;
264 resource_size_t size = PAGE_ALIGN(phys_initrd_start + phys_initrd_size) - base;
265
266 /*
267 * We can only add back the initrd memory if we don't end up
268 * with more memory than we can address via the linear mapping.
269 * It is up to the bootloader to position the kernel and the
270 * initrd reasonably close to each other (i.e., within 32 GB of
271 * each other) so that all granule/#levels combinations can
272 * always access both.
273 */
274 if (WARN(base < memblock_start_of_DRAM() ||
275 base + size > memblock_start_of_DRAM() +
276 linear_region_size,
277 "initrd not fully accessible via the linear mapping -- please check your bootloader ...\n")) {
278 phys_initrd_size = 0;
279 } else {
280 memblock_add(base, size);
281 memblock_clear_nomap(base, size);
282 memblock_reserve(base, size);
283 }
284 }
285
286 /*
287 * Register the kernel text, kernel data, initrd, and initial
288 * pagetables with memblock.
289 */
290 memblock_reserve(__pa_symbol(_text), _end - _text);
291 if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
292 /* the generic initrd code expects virtual addresses */
293 initrd_start = __phys_to_virt(phys_initrd_start);
294 initrd_end = initrd_start + phys_initrd_size;
295 }
296
297 early_init_fdt_scan_reserved_mem();
298 }
299
bootmem_init(void)300 void __init bootmem_init(void)
301 {
302 unsigned long min, max;
303
304 min = PFN_UP(memblock_start_of_DRAM());
305 max = PFN_DOWN(memblock_end_of_DRAM());
306
307 early_memtest(min << PAGE_SHIFT, max << PAGE_SHIFT);
308
309 max_pfn = max_low_pfn = max;
310 min_low_pfn = min;
311
312 arch_numa_init();
313
314 kvm_hyp_reserve();
315 dma_limits_init();
316
317 /*
318 * Reserve the CMA area after arm64_dma_phys_limit was initialised.
319 */
320 dma_contiguous_reserve(arm64_dma_phys_limit);
321
322 /*
323 * request_standard_resources() depends on crashkernel's memory being
324 * reserved, so do it here.
325 */
326 arch_reserve_crashkernel();
327
328 memblock_dump_all();
329 }
330
arch_mm_preinit(void)331 void __init arch_mm_preinit(void)
332 {
333 unsigned int flags = SWIOTLB_VERBOSE;
334 bool swiotlb = max_pfn > PFN_DOWN(arm64_dma_phys_limit);
335
336 if (is_realm_world()) {
337 swiotlb = true;
338 flags |= SWIOTLB_FORCE;
339 }
340
341 if (IS_ENABLED(CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC) && !swiotlb) {
342 /*
343 * If no bouncing needed for ZONE_DMA, reduce the swiotlb
344 * buffer for kmalloc() bouncing to 1MB per 1GB of RAM.
345 */
346 unsigned long size =
347 DIV_ROUND_UP(memblock_phys_mem_size(), 1024);
348 swiotlb_adjust_size(min(swiotlb_size_or_default(), size));
349 swiotlb = true;
350 }
351
352 swiotlb_init(swiotlb, flags);
353 swiotlb_update_mem_attributes();
354
355 /*
356 * Check boundaries twice: Some fundamental inconsistencies can be
357 * detected at build time already.
358 */
359 #ifdef CONFIG_COMPAT
360 BUILD_BUG_ON(TASK_SIZE_32 > DEFAULT_MAP_WINDOW_64);
361 #endif
362
363 /*
364 * Selected page table levels should match when derived from
365 * scratch using the virtual address range and page size.
366 */
367 BUILD_BUG_ON(ARM64_HW_PGTABLE_LEVELS(CONFIG_ARM64_VA_BITS) !=
368 CONFIG_PGTABLE_LEVELS);
369
370 if (PAGE_SIZE >= 16384 && get_num_physpages() <= 128) {
371 extern int sysctl_overcommit_memory;
372 /*
373 * On a machine this small we won't get anywhere without
374 * overcommit, so turn it on by default.
375 */
376 sysctl_overcommit_memory = OVERCOMMIT_ALWAYS;
377 }
378 }
379
free_initmem(void)380 void free_initmem(void)
381 {
382 void *lm_init_begin = lm_alias(__init_begin);
383 void *lm_init_end = lm_alias(__init_end);
384
385 WARN_ON(!IS_ALIGNED((unsigned long)lm_init_begin, PAGE_SIZE));
386 WARN_ON(!IS_ALIGNED((unsigned long)lm_init_end, PAGE_SIZE));
387
388 /* Delete __init region from memblock.reserved. */
389 memblock_free(lm_init_begin, lm_init_end - lm_init_begin);
390
391 free_reserved_area(lm_init_begin, lm_init_end,
392 POISON_FREE_INITMEM, "unused kernel");
393 /*
394 * Unmap the __init region but leave the VM area in place. This
395 * prevents the region from being reused for kernel modules, which
396 * is not supported by kallsyms.
397 */
398 vunmap_range((u64)__init_begin, (u64)__init_end);
399 }
400
dump_mem_limit(void)401 void dump_mem_limit(void)
402 {
403 if (memory_limit != PHYS_ADDR_MAX) {
404 pr_emerg("Memory Limit: %llu MB\n", memory_limit >> 20);
405 } else {
406 pr_emerg("Memory Limit: none\n");
407 }
408 }
409
410 #ifdef CONFIG_EXECMEM
411 static u64 module_direct_base __ro_after_init = 0;
412 static u64 module_plt_base __ro_after_init = 0;
413
414 /*
415 * Choose a random page-aligned base address for a window of 'size' bytes which
416 * entirely contains the interval [start, end - 1].
417 */
random_bounding_box(u64 size,u64 start,u64 end)418 static u64 __init random_bounding_box(u64 size, u64 start, u64 end)
419 {
420 u64 max_pgoff, pgoff;
421
422 if ((end - start) >= size)
423 return 0;
424
425 max_pgoff = (size - (end - start)) / PAGE_SIZE;
426 pgoff = get_random_u32_inclusive(0, max_pgoff);
427
428 return start - pgoff * PAGE_SIZE;
429 }
430
431 /*
432 * Modules may directly reference data and text anywhere within the kernel
433 * image and other modules. References using PREL32 relocations have a +/-2G
434 * range, and so we need to ensure that the entire kernel image and all modules
435 * fall within a 2G window such that these are always within range.
436 *
437 * Modules may directly branch to functions and code within the kernel text,
438 * and to functions and code within other modules. These branches will use
439 * CALL26/JUMP26 relocations with a +/-128M range. Without PLTs, we must ensure
440 * that the entire kernel text and all module text falls within a 128M window
441 * such that these are always within range. With PLTs, we can expand this to a
442 * 2G window.
443 *
444 * We chose the 128M region to surround the entire kernel image (rather than
445 * just the text) as using the same bounds for the 128M and 2G regions ensures
446 * by construction that we never select a 128M region that is not a subset of
447 * the 2G region. For very large and unusual kernel configurations this means
448 * we may fall back to PLTs where they could have been avoided, but this keeps
449 * the logic significantly simpler.
450 */
module_init_limits(void)451 static int __init module_init_limits(void)
452 {
453 u64 kernel_end = (u64)_end;
454 u64 kernel_start = (u64)_text;
455 u64 kernel_size = kernel_end - kernel_start;
456
457 /*
458 * The default modules region is placed immediately below the kernel
459 * image, and is large enough to use the full 2G relocation range.
460 */
461 BUILD_BUG_ON(KIMAGE_VADDR != MODULES_END);
462 BUILD_BUG_ON(MODULES_VSIZE < SZ_2G);
463
464 if (!kaslr_enabled()) {
465 if (kernel_size < SZ_128M)
466 module_direct_base = kernel_end - SZ_128M;
467 if (kernel_size < SZ_2G)
468 module_plt_base = kernel_end - SZ_2G;
469 } else {
470 u64 min = kernel_start;
471 u64 max = kernel_end;
472
473 if (IS_ENABLED(CONFIG_RANDOMIZE_MODULE_REGION_FULL)) {
474 pr_info("2G module region forced by RANDOMIZE_MODULE_REGION_FULL\n");
475 } else {
476 module_direct_base = random_bounding_box(SZ_128M, min, max);
477 if (module_direct_base) {
478 min = module_direct_base;
479 max = module_direct_base + SZ_128M;
480 }
481 }
482
483 module_plt_base = random_bounding_box(SZ_2G, min, max);
484 }
485
486 pr_info("%llu pages in range for non-PLT usage",
487 module_direct_base ? (SZ_128M - kernel_size) / PAGE_SIZE : 0);
488 pr_info("%llu pages in range for PLT usage",
489 module_plt_base ? (SZ_2G - kernel_size) / PAGE_SIZE : 0);
490
491 return 0;
492 }
493
494 static struct execmem_info execmem_info __ro_after_init;
495
execmem_arch_setup(void)496 struct execmem_info __init *execmem_arch_setup(void)
497 {
498 unsigned long fallback_start = 0, fallback_end = 0;
499 unsigned long start = 0, end = 0;
500
501 module_init_limits();
502
503 /*
504 * Where possible, prefer to allocate within direct branch range of the
505 * kernel such that no PLTs are necessary.
506 */
507 if (module_direct_base) {
508 start = module_direct_base;
509 end = module_direct_base + SZ_128M;
510
511 if (module_plt_base) {
512 fallback_start = module_plt_base;
513 fallback_end = module_plt_base + SZ_2G;
514 }
515 } else if (module_plt_base) {
516 start = module_plt_base;
517 end = module_plt_base + SZ_2G;
518 }
519
520 execmem_info = (struct execmem_info){
521 .ranges = {
522 [EXECMEM_DEFAULT] = {
523 .start = start,
524 .end = end,
525 .pgprot = PAGE_KERNEL,
526 .alignment = 1,
527 .fallback_start = fallback_start,
528 .fallback_end = fallback_end,
529 },
530 [EXECMEM_KPROBES] = {
531 .start = VMALLOC_START,
532 .end = VMALLOC_END,
533 .pgprot = PAGE_KERNEL_ROX,
534 .alignment = 1,
535 },
536 [EXECMEM_BPF] = {
537 .start = VMALLOC_START,
538 .end = VMALLOC_END,
539 .pgprot = PAGE_KERNEL,
540 .alignment = 1,
541 },
542 },
543 };
544
545 return &execmem_info;
546 }
547 #endif /* CONFIG_EXECMEM */
548