1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * This file contains the routines for handling the MMU on those
4 * PowerPC implementations where the MMU substantially follows the
5 * architecture specification. This includes the 6xx, 7xx, 7xxx,
6 * and 8260 implementations but excludes the 8xx and 4xx.
7 * -- paulus
8 *
9 * Derived from arch/ppc/mm/init.c:
10 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
11 *
12 * Modifications by Paul Mackerras (PowerMac) (paulus@cs.anu.edu.au)
13 * and Cort Dougan (PReP) (cort@cs.nmt.edu)
14 * Copyright (C) 1996 Paul Mackerras
15 *
16 * Derived from "arch/i386/mm/init.c"
17 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds
18 */
19
20 #include <linux/kernel.h>
21 #include <linux/mm.h>
22 #include <linux/init.h>
23 #include <linux/highmem.h>
24 #include <linux/memblock.h>
25
26 #include <asm/prom.h>
27 #include <asm/mmu.h>
28 #include <asm/machdep.h>
29 #include <asm/code-patching.h>
30 #include <asm/sections.h>
31
32 #include <mm/mmu_decl.h>
33
34 u8 __initdata early_hash[SZ_256K] __aligned(SZ_256K) = {0};
35
36 struct hash_pte *Hash;
37 static unsigned long Hash_size, Hash_mask;
38 unsigned long _SDR1;
39 static unsigned int hash_mb, hash_mb2;
40
41 struct ppc_bat BATS[8][2]; /* 8 pairs of IBAT, DBAT */
42
43 struct batrange { /* stores address ranges mapped by BATs */
44 unsigned long start;
45 unsigned long limit;
46 phys_addr_t phys;
47 } bat_addrs[8];
48
49 /*
50 * Return PA for this VA if it is mapped by a BAT, or 0
51 */
v_block_mapped(unsigned long va)52 phys_addr_t v_block_mapped(unsigned long va)
53 {
54 int b;
55 for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b)
56 if (va >= bat_addrs[b].start && va < bat_addrs[b].limit)
57 return bat_addrs[b].phys + (va - bat_addrs[b].start);
58 return 0;
59 }
60
61 /*
62 * Return VA for a given PA or 0 if not mapped
63 */
p_block_mapped(phys_addr_t pa)64 unsigned long p_block_mapped(phys_addr_t pa)
65 {
66 int b;
67 for (b = 0; b < ARRAY_SIZE(bat_addrs); ++b)
68 if (pa >= bat_addrs[b].phys
69 && pa < (bat_addrs[b].limit-bat_addrs[b].start)
70 +bat_addrs[b].phys)
71 return bat_addrs[b].start+(pa-bat_addrs[b].phys);
72 return 0;
73 }
74
find_free_bat(void)75 static int find_free_bat(void)
76 {
77 int b;
78 int n = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4;
79
80 for (b = 0; b < n; b++) {
81 struct ppc_bat *bat = BATS[b];
82
83 if (!(bat[1].batu & 3))
84 return b;
85 }
86 return -1;
87 }
88
89 /*
90 * This function calculates the size of the larger block usable to map the
91 * beginning of an area based on the start address and size of that area:
92 * - max block size is 256 on 6xx.
93 * - base address must be aligned to the block size. So the maximum block size
94 * is identified by the lowest bit set to 1 in the base address (for instance
95 * if base is 0x16000000, max size is 0x02000000).
96 * - block size has to be a power of two. This is calculated by finding the
97 * highest bit set to 1.
98 */
block_size(unsigned long base,unsigned long top)99 static unsigned int block_size(unsigned long base, unsigned long top)
100 {
101 unsigned int max_size = SZ_256M;
102 unsigned int base_shift = (ffs(base) - 1) & 31;
103 unsigned int block_shift = (fls(top - base) - 1) & 31;
104
105 return min3(max_size, 1U << base_shift, 1U << block_shift);
106 }
107
108 /*
109 * Set up one of the IBAT (block address translation) register pairs.
110 * The parameters are not checked; in particular size must be a power
111 * of 2 between 128k and 256M.
112 */
setibat(int index,unsigned long virt,phys_addr_t phys,unsigned int size,pgprot_t prot)113 static void setibat(int index, unsigned long virt, phys_addr_t phys,
114 unsigned int size, pgprot_t prot)
115 {
116 unsigned int bl = (size >> 17) - 1;
117 int wimgxpp;
118 struct ppc_bat *bat = BATS[index];
119 unsigned long flags = pgprot_val(prot);
120
121 if (!cpu_has_feature(CPU_FTR_NEED_COHERENT))
122 flags &= ~_PAGE_COHERENT;
123
124 wimgxpp = (flags & _PAGE_COHERENT) | (_PAGE_EXEC ? BPP_RX : BPP_XX);
125 bat[0].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */
126 bat[0].batl = BAT_PHYS_ADDR(phys) | wimgxpp;
127 if (flags & _PAGE_USER)
128 bat[0].batu |= 1; /* Vp = 1 */
129 }
130
clearibat(int index)131 static void clearibat(int index)
132 {
133 struct ppc_bat *bat = BATS[index];
134
135 bat[0].batu = 0;
136 bat[0].batl = 0;
137 }
138
__mmu_mapin_ram(unsigned long base,unsigned long top)139 static unsigned long __init __mmu_mapin_ram(unsigned long base, unsigned long top)
140 {
141 int idx;
142
143 while ((idx = find_free_bat()) != -1 && base != top) {
144 unsigned int size = block_size(base, top);
145
146 if (size < 128 << 10)
147 break;
148 setbat(idx, PAGE_OFFSET + base, base, size, PAGE_KERNEL_X);
149 base += size;
150 }
151
152 return base;
153 }
154
mmu_mapin_ram(unsigned long base,unsigned long top)155 unsigned long __init mmu_mapin_ram(unsigned long base, unsigned long top)
156 {
157 unsigned long done;
158 unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET;
159
160 if (__map_without_bats) {
161 pr_debug("RAM mapped without BATs\n");
162 return base;
163 }
164 if (debug_pagealloc_enabled()) {
165 if (base >= border)
166 return base;
167 if (top >= border)
168 top = border;
169 }
170
171 if (!strict_kernel_rwx_enabled() || base >= border || top <= border)
172 return __mmu_mapin_ram(base, top);
173
174 done = __mmu_mapin_ram(base, border);
175 if (done != border)
176 return done;
177
178 return __mmu_mapin_ram(border, top);
179 }
180
is_module_segment(unsigned long addr)181 static bool is_module_segment(unsigned long addr)
182 {
183 if (!IS_ENABLED(CONFIG_MODULES))
184 return false;
185 #ifdef MODULES_VADDR
186 if (addr < ALIGN_DOWN(MODULES_VADDR, SZ_256M))
187 return false;
188 if (addr > ALIGN(MODULES_END, SZ_256M) - 1)
189 return false;
190 #else
191 if (addr < ALIGN_DOWN(VMALLOC_START, SZ_256M))
192 return false;
193 if (addr > ALIGN(VMALLOC_END, SZ_256M) - 1)
194 return false;
195 #endif
196 return true;
197 }
198
mmu_mark_initmem_nx(void)199 void mmu_mark_initmem_nx(void)
200 {
201 int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4;
202 int i;
203 unsigned long base = (unsigned long)_stext - PAGE_OFFSET;
204 unsigned long top = (unsigned long)_etext - PAGE_OFFSET;
205 unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET;
206 unsigned long size;
207
208 for (i = 0; i < nb - 1 && base < top && top - base > (128 << 10);) {
209 size = block_size(base, top);
210 setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT);
211 base += size;
212 }
213 if (base < top) {
214 size = block_size(base, top);
215 size = max(size, 128UL << 10);
216 if ((top - base) > size) {
217 size <<= 1;
218 if (strict_kernel_rwx_enabled() && base + size > border)
219 pr_warn("Some RW data is getting mapped X. "
220 "Adjust CONFIG_DATA_SHIFT to avoid that.\n");
221 }
222 setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT);
223 base += size;
224 }
225 for (; i < nb; i++)
226 clearibat(i);
227
228 update_bats();
229
230 for (i = TASK_SIZE >> 28; i < 16; i++) {
231 /* Do not set NX on VM space for modules */
232 if (is_module_segment(i << 28))
233 continue;
234
235 mtsrin(mfsrin(i << 28) | 0x10000000, i << 28);
236 }
237 }
238
mmu_mark_rodata_ro(void)239 void mmu_mark_rodata_ro(void)
240 {
241 int nb = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4;
242 int i;
243
244 for (i = 0; i < nb; i++) {
245 struct ppc_bat *bat = BATS[i];
246
247 if (bat_addrs[i].start < (unsigned long)__init_begin)
248 bat[1].batl = (bat[1].batl & ~BPP_RW) | BPP_RX;
249 }
250
251 update_bats();
252 }
253
254 /*
255 * Set up one of the I/D BAT (block address translation) register pairs.
256 * The parameters are not checked; in particular size must be a power
257 * of 2 between 128k and 256M.
258 * On 603+, only set IBAT when _PAGE_EXEC is set
259 */
setbat(int index,unsigned long virt,phys_addr_t phys,unsigned int size,pgprot_t prot)260 void __init setbat(int index, unsigned long virt, phys_addr_t phys,
261 unsigned int size, pgprot_t prot)
262 {
263 unsigned int bl;
264 int wimgxpp;
265 struct ppc_bat *bat;
266 unsigned long flags = pgprot_val(prot);
267
268 if (index == -1)
269 index = find_free_bat();
270 if (index == -1) {
271 pr_err("%s: no BAT available for mapping 0x%llx\n", __func__,
272 (unsigned long long)phys);
273 return;
274 }
275 bat = BATS[index];
276
277 if ((flags & _PAGE_NO_CACHE) ||
278 (cpu_has_feature(CPU_FTR_NEED_COHERENT) == 0))
279 flags &= ~_PAGE_COHERENT;
280
281 bl = (size >> 17) - 1;
282 /* Do DBAT first */
283 wimgxpp = flags & (_PAGE_WRITETHRU | _PAGE_NO_CACHE
284 | _PAGE_COHERENT | _PAGE_GUARDED);
285 wimgxpp |= (flags & _PAGE_RW)? BPP_RW: BPP_RX;
286 bat[1].batu = virt | (bl << 2) | 2; /* Vs=1, Vp=0 */
287 bat[1].batl = BAT_PHYS_ADDR(phys) | wimgxpp;
288 if (flags & _PAGE_USER)
289 bat[1].batu |= 1; /* Vp = 1 */
290 if (flags & _PAGE_GUARDED) {
291 /* G bit must be zero in IBATs */
292 flags &= ~_PAGE_EXEC;
293 }
294 if (flags & _PAGE_EXEC)
295 bat[0] = bat[1];
296 else
297 bat[0].batu = bat[0].batl = 0;
298
299 bat_addrs[index].start = virt;
300 bat_addrs[index].limit = virt + ((bl + 1) << 17) - 1;
301 bat_addrs[index].phys = phys;
302 }
303
304 /*
305 * Preload a translation in the hash table
306 */
hash_preload(struct mm_struct * mm,unsigned long ea)307 void hash_preload(struct mm_struct *mm, unsigned long ea)
308 {
309 pmd_t *pmd;
310
311 if (!Hash)
312 return;
313 pmd = pmd_off(mm, ea);
314 if (!pmd_none(*pmd))
315 add_hash_page(mm->context.id, ea, pmd_val(*pmd));
316 }
317
318 /*
319 * This is called at the end of handling a user page fault, when the
320 * fault has been handled by updating a PTE in the linux page tables.
321 * We use it to preload an HPTE into the hash table corresponding to
322 * the updated linux PTE.
323 *
324 * This must always be called with the pte lock held.
325 */
update_mmu_cache(struct vm_area_struct * vma,unsigned long address,pte_t * ptep)326 void update_mmu_cache(struct vm_area_struct *vma, unsigned long address,
327 pte_t *ptep)
328 {
329 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE))
330 return;
331 /*
332 * We don't need to worry about _PAGE_PRESENT here because we are
333 * called with either mm->page_table_lock held or ptl lock held
334 */
335
336 /* We only want HPTEs for linux PTEs that have _PAGE_ACCESSED set */
337 if (!pte_young(*ptep) || address >= TASK_SIZE)
338 return;
339
340 /* We have to test for regs NULL since init will get here first thing at boot */
341 if (!current->thread.regs)
342 return;
343
344 /* We also avoid filling the hash if not coming from a fault */
345 if (TRAP(current->thread.regs) != 0x300 && TRAP(current->thread.regs) != 0x400)
346 return;
347
348 hash_preload(vma->vm_mm, address);
349 }
350
351 /*
352 * Initialize the hash table and patch the instructions in hashtable.S.
353 */
MMU_init_hw(void)354 void __init MMU_init_hw(void)
355 {
356 unsigned int n_hpteg, lg_n_hpteg;
357
358 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE))
359 return;
360
361 if ( ppc_md.progress ) ppc_md.progress("hash:enter", 0x105);
362
363 #define LG_HPTEG_SIZE 6 /* 64 bytes per HPTEG */
364 #define SDR1_LOW_BITS ((n_hpteg - 1) >> 10)
365 #define MIN_N_HPTEG 1024 /* min 64kB hash table */
366
367 /*
368 * Allow 1 HPTE (1/8 HPTEG) for each page of memory.
369 * This is less than the recommended amount, but then
370 * Linux ain't AIX.
371 */
372 n_hpteg = total_memory / (PAGE_SIZE * 8);
373 if (n_hpteg < MIN_N_HPTEG)
374 n_hpteg = MIN_N_HPTEG;
375 lg_n_hpteg = __ilog2(n_hpteg);
376 if (n_hpteg & (n_hpteg - 1)) {
377 ++lg_n_hpteg; /* round up if not power of 2 */
378 n_hpteg = 1 << lg_n_hpteg;
379 }
380 Hash_size = n_hpteg << LG_HPTEG_SIZE;
381
382 /*
383 * Find some memory for the hash table.
384 */
385 if ( ppc_md.progress ) ppc_md.progress("hash:find piece", 0x322);
386 Hash = memblock_alloc(Hash_size, Hash_size);
387 if (!Hash)
388 panic("%s: Failed to allocate %lu bytes align=0x%lx\n",
389 __func__, Hash_size, Hash_size);
390 _SDR1 = __pa(Hash) | SDR1_LOW_BITS;
391
392 pr_info("Total memory = %lldMB; using %ldkB for hash table\n",
393 (unsigned long long)(total_memory >> 20), Hash_size >> 10);
394
395
396 Hash_mask = n_hpteg - 1;
397 hash_mb2 = hash_mb = 32 - LG_HPTEG_SIZE - lg_n_hpteg;
398 if (lg_n_hpteg > 16)
399 hash_mb2 = 16 - LG_HPTEG_SIZE;
400 }
401
MMU_init_hw_patch(void)402 void __init MMU_init_hw_patch(void)
403 {
404 unsigned int hmask = Hash_mask >> (16 - LG_HPTEG_SIZE);
405 unsigned int hash = (unsigned int)Hash - PAGE_OFFSET;
406
407 if (!mmu_has_feature(MMU_FTR_HPTE_TABLE))
408 return;
409
410 if (ppc_md.progress)
411 ppc_md.progress("hash:patch", 0x345);
412 if (ppc_md.progress)
413 ppc_md.progress("hash:done", 0x205);
414
415 /* WARNING: Make sure nothing can trigger a KASAN check past this point */
416
417 /*
418 * Patch up the instructions in hashtable.S:create_hpte
419 */
420 modify_instruction_site(&patch__hash_page_A0, 0xffff, hash >> 16);
421 modify_instruction_site(&patch__hash_page_A1, 0x7c0, hash_mb << 6);
422 modify_instruction_site(&patch__hash_page_A2, 0x7c0, hash_mb2 << 6);
423 modify_instruction_site(&patch__hash_page_B, 0xffff, hmask);
424 modify_instruction_site(&patch__hash_page_C, 0xffff, hmask);
425
426 /*
427 * Patch up the instructions in hashtable.S:flush_hash_page
428 */
429 modify_instruction_site(&patch__flush_hash_A0, 0xffff, hash >> 16);
430 modify_instruction_site(&patch__flush_hash_A1, 0x7c0, hash_mb << 6);
431 modify_instruction_site(&patch__flush_hash_A2, 0x7c0, hash_mb2 << 6);
432 modify_instruction_site(&patch__flush_hash_B, 0xffff, hmask);
433 }
434
setup_initial_memory_limit(phys_addr_t first_memblock_base,phys_addr_t first_memblock_size)435 void setup_initial_memory_limit(phys_addr_t first_memblock_base,
436 phys_addr_t first_memblock_size)
437 {
438 /* We don't currently support the first MEMBLOCK not mapping 0
439 * physical on those processors
440 */
441 BUG_ON(first_memblock_base != 0);
442
443 memblock_set_current_limit(min_t(u64, first_memblock_size, SZ_256M));
444 }
445
print_system_hash_info(void)446 void __init print_system_hash_info(void)
447 {
448 pr_info("Hash_size = 0x%lx\n", Hash_size);
449 if (Hash_mask)
450 pr_info("Hash_mask = 0x%lx\n", Hash_mask);
451 }
452
453 #ifdef CONFIG_PPC_KUEP
setup_kuep(bool disabled)454 void __init setup_kuep(bool disabled)
455 {
456 pr_info("Activating Kernel Userspace Execution Prevention\n");
457
458 if (disabled)
459 pr_warn("KUEP cannot be disabled yet on 6xx when compiled in\n");
460 }
461 #endif
462
463 #ifdef CONFIG_PPC_KUAP
setup_kuap(bool disabled)464 void __init setup_kuap(bool disabled)
465 {
466 pr_info("Activating Kernel Userspace Access Protection\n");
467
468 if (disabled)
469 pr_warn("KUAP cannot be disabled yet on 6xx when compiled in\n");
470 }
471 #endif
472