1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Based on arch/arm/mm/init.c 4 * 5 * Copyright (C) 1995-2005 Russell King 6 * Copyright (C) 2012 ARM Ltd. 7 */ 8 9 #include <linux/kernel.h> 10 #include <linux/export.h> 11 #include <linux/errno.h> 12 #include <linux/swap.h> 13 #include <linux/init.h> 14 #include <linux/cache.h> 15 #include <linux/mman.h> 16 #include <linux/nodemask.h> 17 #include <linux/initrd.h> 18 #include <linux/gfp.h> 19 #include <linux/math.h> 20 #include <linux/memblock.h> 21 #include <linux/sort.h> 22 #include <linux/of.h> 23 #include <linux/of_fdt.h> 24 #include <linux/dma-direct.h> 25 #include <linux/dma-map-ops.h> 26 #include <linux/efi.h> 27 #include <linux/swiotlb.h> 28 #include <linux/vmalloc.h> 29 #include <linux/mm.h> 30 #include <linux/kexec.h> 31 #include <linux/crash_dump.h> 32 #include <linux/hugetlb.h> 33 #include <linux/acpi_iort.h> 34 #include <linux/kmemleak.h> 35 #include <linux/execmem.h> 36 37 #include <asm/boot.h> 38 #include <asm/fixmap.h> 39 #include <asm/kasan.h> 40 #include <asm/kernel-pgtable.h> 41 #include <asm/kvm_host.h> 42 #include <asm/memory.h> 43 #include <asm/numa.h> 44 #include <asm/rsi.h> 45 #include <asm/sections.h> 46 #include <asm/setup.h> 47 #include <linux/sizes.h> 48 #include <asm/tlb.h> 49 #include <asm/alternative.h> 50 #include <asm/xen/swiotlb-xen.h> 51 52 /* 53 * We need to be able to catch inadvertent references to memstart_addr 54 * that occur (potentially in generic code) before arm64_memblock_init() 55 * executes, which assigns it its actual value. So use a default value 56 * that cannot be mistaken for a real physical address. 57 */ 58 s64 memstart_addr __ro_after_init = -1; 59 EXPORT_SYMBOL(memstart_addr); 60 61 /* 62 * If the corresponding config options are enabled, we create both ZONE_DMA 63 * and ZONE_DMA32. By default ZONE_DMA covers the 32-bit addressable memory 64 * unless restricted on specific platforms (e.g. 30-bit on Raspberry Pi 4). 65 * In such case, ZONE_DMA32 covers the rest of the 32-bit addressable memory, 66 * otherwise it is empty. 67 */ 68 phys_addr_t __ro_after_init arm64_dma_phys_limit; 69 70 /* 71 * To make optimal use of block mappings when laying out the linear 72 * mapping, round down the base of physical memory to a size that can 73 * be mapped efficiently, i.e., either PUD_SIZE (4k granule) or PMD_SIZE 74 * (64k granule), or a multiple that can be mapped using contiguous bits 75 * in the page tables: 32 * PMD_SIZE (16k granule) 76 */ 77 #if defined(CONFIG_ARM64_4K_PAGES) 78 #define ARM64_MEMSTART_SHIFT PUD_SHIFT 79 #elif defined(CONFIG_ARM64_16K_PAGES) 80 #define ARM64_MEMSTART_SHIFT CONT_PMD_SHIFT 81 #else 82 #define ARM64_MEMSTART_SHIFT PMD_SHIFT 83 #endif 84 85 /* 86 * sparsemem vmemmap imposes an additional requirement on the alignment of 87 * memstart_addr, due to the fact that the base of the vmemmap region 88 * has a direct correspondence, and needs to appear sufficiently aligned 89 * in the virtual address space. 90 */ 91 #if ARM64_MEMSTART_SHIFT < SECTION_SIZE_BITS 92 #define ARM64_MEMSTART_ALIGN (1UL << SECTION_SIZE_BITS) 93 #else 94 #define ARM64_MEMSTART_ALIGN (1UL << ARM64_MEMSTART_SHIFT) 95 #endif 96 97 static void __init arch_reserve_crashkernel(void) 98 { 99 unsigned long long low_size = 0; 100 unsigned long long crash_base, crash_size; 101 bool high = false; 102 int ret; 103 104 if (!IS_ENABLED(CONFIG_CRASH_RESERVE)) 105 return; 106 107 ret = parse_crashkernel(boot_command_line, memblock_phys_mem_size(), 108 &crash_size, &crash_base, 109 &low_size, &high); 110 if (ret) 111 return; 112 113 reserve_crashkernel_generic(crash_size, crash_base, low_size, high); 114 } 115 116 static phys_addr_t __init max_zone_phys(phys_addr_t zone_limit) 117 { 118 return min(zone_limit, memblock_end_of_DRAM() - 1) + 1; 119 } 120 121 static void __init zone_sizes_init(void) 122 { 123 unsigned long max_zone_pfns[MAX_NR_ZONES] = {0}; 124 phys_addr_t __maybe_unused acpi_zone_dma_limit; 125 phys_addr_t __maybe_unused dt_zone_dma_limit; 126 phys_addr_t __maybe_unused dma32_phys_limit = 127 max_zone_phys(DMA_BIT_MASK(32)); 128 129 #ifdef CONFIG_ZONE_DMA 130 acpi_zone_dma_limit = acpi_iort_dma_get_max_cpu_address(); 131 dt_zone_dma_limit = of_dma_get_max_cpu_address(NULL); 132 zone_dma_limit = min(dt_zone_dma_limit, acpi_zone_dma_limit); 133 /* 134 * Information we get from firmware (e.g. DT dma-ranges) describe DMA 135 * bus constraints. Devices using DMA might have their own limitations. 136 * Some of them rely on DMA zone in low 32-bit memory. Keep low RAM 137 * DMA zone on platforms that have RAM there. 138 */ 139 if (memblock_start_of_DRAM() < U32_MAX) 140 zone_dma_limit = min(zone_dma_limit, U32_MAX); 141 arm64_dma_phys_limit = max_zone_phys(zone_dma_limit); 142 max_zone_pfns[ZONE_DMA] = PFN_DOWN(arm64_dma_phys_limit); 143 #endif 144 #ifdef CONFIG_ZONE_DMA32 145 max_zone_pfns[ZONE_DMA32] = PFN_DOWN(dma32_phys_limit); 146 if (!arm64_dma_phys_limit) 147 arm64_dma_phys_limit = dma32_phys_limit; 148 #endif 149 if (!arm64_dma_phys_limit) 150 arm64_dma_phys_limit = PHYS_MASK + 1; 151 max_zone_pfns[ZONE_NORMAL] = max_pfn; 152 153 free_area_init(max_zone_pfns); 154 } 155 156 int pfn_is_map_memory(unsigned long pfn) 157 { 158 phys_addr_t addr = PFN_PHYS(pfn); 159 160 /* avoid false positives for bogus PFNs, see comment in pfn_valid() */ 161 if (PHYS_PFN(addr) != pfn) 162 return 0; 163 164 return memblock_is_map_memory(addr); 165 } 166 EXPORT_SYMBOL(pfn_is_map_memory); 167 168 static phys_addr_t memory_limit __ro_after_init = PHYS_ADDR_MAX; 169 170 /* 171 * Limit the memory size that was specified via FDT. 172 */ 173 static int __init early_mem(char *p) 174 { 175 if (!p) 176 return 1; 177 178 memory_limit = memparse(p, &p) & PAGE_MASK; 179 pr_notice("Memory limited to %lldMB\n", memory_limit >> 20); 180 181 return 0; 182 } 183 early_param("mem", early_mem); 184 185 void __init arm64_memblock_init(void) 186 { 187 s64 linear_region_size = PAGE_END - _PAGE_OFFSET(vabits_actual); 188 189 /* 190 * Corner case: 52-bit VA capable systems running KVM in nVHE mode may 191 * be limited in their ability to support a linear map that exceeds 51 192 * bits of VA space, depending on the placement of the ID map. Given 193 * that the placement of the ID map may be randomized, let's simply 194 * limit the kernel's linear map to 51 bits as well if we detect this 195 * configuration. 196 */ 197 if (IS_ENABLED(CONFIG_KVM) && vabits_actual == 52 && 198 is_hyp_mode_available() && !is_kernel_in_hyp_mode()) { 199 pr_info("Capping linear region to 51 bits for KVM in nVHE mode on LVA capable hardware.\n"); 200 linear_region_size = min_t(u64, linear_region_size, BIT(51)); 201 } 202 203 /* Remove memory above our supported physical address size */ 204 memblock_remove(1ULL << PHYS_MASK_SHIFT, ULLONG_MAX); 205 206 /* 207 * Select a suitable value for the base of physical memory. 208 */ 209 memstart_addr = round_down(memblock_start_of_DRAM(), 210 ARM64_MEMSTART_ALIGN); 211 212 if ((memblock_end_of_DRAM() - memstart_addr) > linear_region_size) 213 pr_warn("Memory doesn't fit in the linear mapping, VA_BITS too small\n"); 214 215 /* 216 * Remove the memory that we will not be able to cover with the 217 * linear mapping. Take care not to clip the kernel which may be 218 * high in memory. 219 */ 220 memblock_remove(max_t(u64, memstart_addr + linear_region_size, 221 __pa_symbol(_end)), ULLONG_MAX); 222 if (memstart_addr + linear_region_size < memblock_end_of_DRAM()) { 223 /* ensure that memstart_addr remains sufficiently aligned */ 224 memstart_addr = round_up(memblock_end_of_DRAM() - linear_region_size, 225 ARM64_MEMSTART_ALIGN); 226 memblock_remove(0, memstart_addr); 227 } 228 229 /* 230 * If we are running with a 52-bit kernel VA config on a system that 231 * does not support it, we have to place the available physical 232 * memory in the 48-bit addressable part of the linear region, i.e., 233 * we have to move it upward. Since memstart_addr represents the 234 * physical address of PAGE_OFFSET, we have to *subtract* from it. 235 */ 236 if (IS_ENABLED(CONFIG_ARM64_VA_BITS_52) && (vabits_actual != 52)) 237 memstart_addr -= _PAGE_OFFSET(vabits_actual) - _PAGE_OFFSET(52); 238 239 /* 240 * Apply the memory limit if it was set. Since the kernel may be loaded 241 * high up in memory, add back the kernel region that must be accessible 242 * via the linear mapping. 243 */ 244 if (memory_limit != PHYS_ADDR_MAX) { 245 memblock_mem_limit_remove_map(memory_limit); 246 memblock_add(__pa_symbol(_text), (u64)(_end - _text)); 247 } 248 249 if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) { 250 /* 251 * Add back the memory we just removed if it results in the 252 * initrd to become inaccessible via the linear mapping. 253 * Otherwise, this is a no-op 254 */ 255 u64 base = phys_initrd_start & PAGE_MASK; 256 u64 size = PAGE_ALIGN(phys_initrd_start + phys_initrd_size) - base; 257 258 /* 259 * We can only add back the initrd memory if we don't end up 260 * with more memory than we can address via the linear mapping. 261 * It is up to the bootloader to position the kernel and the 262 * initrd reasonably close to each other (i.e., within 32 GB of 263 * each other) so that all granule/#levels combinations can 264 * always access both. 265 */ 266 if (WARN(base < memblock_start_of_DRAM() || 267 base + size > memblock_start_of_DRAM() + 268 linear_region_size, 269 "initrd not fully accessible via the linear mapping -- please check your bootloader ...\n")) { 270 phys_initrd_size = 0; 271 } else { 272 memblock_add(base, size); 273 memblock_clear_nomap(base, size); 274 memblock_reserve(base, size); 275 } 276 } 277 278 /* 279 * Register the kernel text, kernel data, initrd, and initial 280 * pagetables with memblock. 281 */ 282 memblock_reserve(__pa_symbol(_stext), _end - _stext); 283 if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) { 284 /* the generic initrd code expects virtual addresses */ 285 initrd_start = __phys_to_virt(phys_initrd_start); 286 initrd_end = initrd_start + phys_initrd_size; 287 } 288 289 early_init_fdt_scan_reserved_mem(); 290 } 291 292 void __init bootmem_init(void) 293 { 294 unsigned long min, max; 295 296 min = PFN_UP(memblock_start_of_DRAM()); 297 max = PFN_DOWN(memblock_end_of_DRAM()); 298 299 early_memtest(min << PAGE_SHIFT, max << PAGE_SHIFT); 300 301 max_pfn = max_low_pfn = max; 302 min_low_pfn = min; 303 304 arch_numa_init(); 305 306 /* 307 * must be done after arch_numa_init() which calls numa_init() to 308 * initialize node_online_map that gets used in hugetlb_cma_reserve() 309 * while allocating required CMA size across online nodes. 310 */ 311 #if defined(CONFIG_HUGETLB_PAGE) && defined(CONFIG_CMA) 312 arm64_hugetlb_cma_reserve(); 313 #endif 314 315 kvm_hyp_reserve(); 316 317 /* 318 * sparse_init() tries to allocate memory from memblock, so must be 319 * done after the fixed reservations 320 */ 321 sparse_init(); 322 zone_sizes_init(); 323 324 /* 325 * Reserve the CMA area after arm64_dma_phys_limit was initialised. 326 */ 327 dma_contiguous_reserve(arm64_dma_phys_limit); 328 329 /* 330 * request_standard_resources() depends on crashkernel's memory being 331 * reserved, so do it here. 332 */ 333 arch_reserve_crashkernel(); 334 335 memblock_dump_all(); 336 } 337 338 void __init arch_mm_preinit(void) 339 { 340 unsigned int flags = SWIOTLB_VERBOSE; 341 bool swiotlb = max_pfn > PFN_DOWN(arm64_dma_phys_limit); 342 343 if (is_realm_world()) { 344 swiotlb = true; 345 flags |= SWIOTLB_FORCE; 346 } 347 348 if (IS_ENABLED(CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC) && !swiotlb) { 349 /* 350 * If no bouncing needed for ZONE_DMA, reduce the swiotlb 351 * buffer for kmalloc() bouncing to 1MB per 1GB of RAM. 352 */ 353 unsigned long size = 354 DIV_ROUND_UP(memblock_phys_mem_size(), 1024); 355 swiotlb_adjust_size(min(swiotlb_size_or_default(), size)); 356 swiotlb = true; 357 } 358 359 swiotlb_init(swiotlb, flags); 360 swiotlb_update_mem_attributes(); 361 362 /* 363 * Check boundaries twice: Some fundamental inconsistencies can be 364 * detected at build time already. 365 */ 366 #ifdef CONFIG_COMPAT 367 BUILD_BUG_ON(TASK_SIZE_32 > DEFAULT_MAP_WINDOW_64); 368 #endif 369 370 /* 371 * Selected page table levels should match when derived from 372 * scratch using the virtual address range and page size. 373 */ 374 BUILD_BUG_ON(ARM64_HW_PGTABLE_LEVELS(CONFIG_ARM64_VA_BITS) != 375 CONFIG_PGTABLE_LEVELS); 376 377 if (PAGE_SIZE >= 16384 && get_num_physpages() <= 128) { 378 extern int sysctl_overcommit_memory; 379 /* 380 * On a machine this small we won't get anywhere without 381 * overcommit, so turn it on by default. 382 */ 383 sysctl_overcommit_memory = OVERCOMMIT_ALWAYS; 384 } 385 } 386 387 void free_initmem(void) 388 { 389 void *lm_init_begin = lm_alias(__init_begin); 390 void *lm_init_end = lm_alias(__init_end); 391 392 WARN_ON(!IS_ALIGNED((unsigned long)lm_init_begin, PAGE_SIZE)); 393 WARN_ON(!IS_ALIGNED((unsigned long)lm_init_end, PAGE_SIZE)); 394 395 /* Delete __init region from memblock.reserved. */ 396 memblock_free(lm_init_begin, lm_init_end - lm_init_begin); 397 398 free_reserved_area(lm_init_begin, lm_init_end, 399 POISON_FREE_INITMEM, "unused kernel"); 400 /* 401 * Unmap the __init region but leave the VM area in place. This 402 * prevents the region from being reused for kernel modules, which 403 * is not supported by kallsyms. 404 */ 405 vunmap_range((u64)__init_begin, (u64)__init_end); 406 } 407 408 void dump_mem_limit(void) 409 { 410 if (memory_limit != PHYS_ADDR_MAX) { 411 pr_emerg("Memory Limit: %llu MB\n", memory_limit >> 20); 412 } else { 413 pr_emerg("Memory Limit: none\n"); 414 } 415 } 416 417 #ifdef CONFIG_EXECMEM 418 static u64 module_direct_base __ro_after_init = 0; 419 static u64 module_plt_base __ro_after_init = 0; 420 421 /* 422 * Choose a random page-aligned base address for a window of 'size' bytes which 423 * entirely contains the interval [start, end - 1]. 424 */ 425 static u64 __init random_bounding_box(u64 size, u64 start, u64 end) 426 { 427 u64 max_pgoff, pgoff; 428 429 if ((end - start) >= size) 430 return 0; 431 432 max_pgoff = (size - (end - start)) / PAGE_SIZE; 433 pgoff = get_random_u32_inclusive(0, max_pgoff); 434 435 return start - pgoff * PAGE_SIZE; 436 } 437 438 /* 439 * Modules may directly reference data and text anywhere within the kernel 440 * image and other modules. References using PREL32 relocations have a +/-2G 441 * range, and so we need to ensure that the entire kernel image and all modules 442 * fall within a 2G window such that these are always within range. 443 * 444 * Modules may directly branch to functions and code within the kernel text, 445 * and to functions and code within other modules. These branches will use 446 * CALL26/JUMP26 relocations with a +/-128M range. Without PLTs, we must ensure 447 * that the entire kernel text and all module text falls within a 128M window 448 * such that these are always within range. With PLTs, we can expand this to a 449 * 2G window. 450 * 451 * We chose the 128M region to surround the entire kernel image (rather than 452 * just the text) as using the same bounds for the 128M and 2G regions ensures 453 * by construction that we never select a 128M region that is not a subset of 454 * the 2G region. For very large and unusual kernel configurations this means 455 * we may fall back to PLTs where they could have been avoided, but this keeps 456 * the logic significantly simpler. 457 */ 458 static int __init module_init_limits(void) 459 { 460 u64 kernel_end = (u64)_end; 461 u64 kernel_start = (u64)_text; 462 u64 kernel_size = kernel_end - kernel_start; 463 464 /* 465 * The default modules region is placed immediately below the kernel 466 * image, and is large enough to use the full 2G relocation range. 467 */ 468 BUILD_BUG_ON(KIMAGE_VADDR != MODULES_END); 469 BUILD_BUG_ON(MODULES_VSIZE < SZ_2G); 470 471 if (!kaslr_enabled()) { 472 if (kernel_size < SZ_128M) 473 module_direct_base = kernel_end - SZ_128M; 474 if (kernel_size < SZ_2G) 475 module_plt_base = kernel_end - SZ_2G; 476 } else { 477 u64 min = kernel_start; 478 u64 max = kernel_end; 479 480 if (IS_ENABLED(CONFIG_RANDOMIZE_MODULE_REGION_FULL)) { 481 pr_info("2G module region forced by RANDOMIZE_MODULE_REGION_FULL\n"); 482 } else { 483 module_direct_base = random_bounding_box(SZ_128M, min, max); 484 if (module_direct_base) { 485 min = module_direct_base; 486 max = module_direct_base + SZ_128M; 487 } 488 } 489 490 module_plt_base = random_bounding_box(SZ_2G, min, max); 491 } 492 493 pr_info("%llu pages in range for non-PLT usage", 494 module_direct_base ? (SZ_128M - kernel_size) / PAGE_SIZE : 0); 495 pr_info("%llu pages in range for PLT usage", 496 module_plt_base ? (SZ_2G - kernel_size) / PAGE_SIZE : 0); 497 498 return 0; 499 } 500 501 static struct execmem_info execmem_info __ro_after_init; 502 503 struct execmem_info __init *execmem_arch_setup(void) 504 { 505 unsigned long fallback_start = 0, fallback_end = 0; 506 unsigned long start = 0, end = 0; 507 508 module_init_limits(); 509 510 /* 511 * Where possible, prefer to allocate within direct branch range of the 512 * kernel such that no PLTs are necessary. 513 */ 514 if (module_direct_base) { 515 start = module_direct_base; 516 end = module_direct_base + SZ_128M; 517 518 if (module_plt_base) { 519 fallback_start = module_plt_base; 520 fallback_end = module_plt_base + SZ_2G; 521 } 522 } else if (module_plt_base) { 523 start = module_plt_base; 524 end = module_plt_base + SZ_2G; 525 } 526 527 execmem_info = (struct execmem_info){ 528 .ranges = { 529 [EXECMEM_DEFAULT] = { 530 .start = start, 531 .end = end, 532 .pgprot = PAGE_KERNEL, 533 .alignment = 1, 534 .fallback_start = fallback_start, 535 .fallback_end = fallback_end, 536 }, 537 [EXECMEM_KPROBES] = { 538 .start = VMALLOC_START, 539 .end = VMALLOC_END, 540 .pgprot = PAGE_KERNEL_ROX, 541 .alignment = 1, 542 }, 543 [EXECMEM_BPF] = { 544 .start = VMALLOC_START, 545 .end = VMALLOC_END, 546 .pgprot = PAGE_KERNEL, 547 .alignment = 1, 548 }, 549 }, 550 }; 551 552 return &execmem_info; 553 } 554 #endif /* CONFIG_EXECMEM */ 555