[linux-2.6-block.git] / arch / powerpc / mm / book3s64 / mmu_context.c

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 *  MMU context allocation for 64-bit kernels.
 *
 *  Copyright (C) 2004 Anton Blanchard, IBM Corp. <anton@samba.org>
 */

#include <linux/sched.h>
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/types.h>
#include <linux/mm.h>
#include <linux/pkeys.h>
#include <linux/spinlock.h>
#include <linux/idr.h>
#include <linux/export.h>
#include <linux/gfp.h>
#include <linux/slab.h>

#include <asm/mmu_context.h>
#include <asm/pgalloc.h>

#include "internal.h"

static DEFINE_IDA(mmu_context_ida);

static int alloc_context_id(int min_id, int max_id)
{
	return ida_alloc_range(&mmu_context_ida, min_id, max_id, GFP_KERNEL);
}

void hash__reserve_context_id(int id)
{
	int result = ida_alloc_range(&mmu_context_ida, id, id, GFP_KERNEL);

	WARN(result != id, "mmu: Failed to reserve context id %d (rc %d)\n", id, result);
}

int hash__alloc_context_id(void)
{
	unsigned long max;

	if (mmu_has_feature(MMU_FTR_68_BIT_VA))
		max = MAX_USER_CONTEXT;
	else
		max = MAX_USER_CONTEXT_65BIT_VA;

	return alloc_context_id(MIN_USER_CONTEXT, max);
}
EXPORT_SYMBOL_GPL(hash__alloc_context_id);

static int realloc_context_ids(mm_context_t *ctx)
{
	int i, id;

	/*
	 * id 0 (aka. ctx->id) is special, we always allocate a new one, even if
	 * there wasn't one allocated previously (which happens in the exec
	 * case where ctx is newly allocated).
	 *
	 * We have to be a bit careful here. We must keep the existing ids in
	 * the array, so that we can test if they're non-zero to decide if we
	 * need to allocate a new one. However in case of error we must free the
	 * ids we've allocated but *not* any of the existing ones (or risk a
	 * UAF). That's why we decrement i at the start of the error handling
	 * loop, to skip the id that we just tested but couldn't reallocate.
	 */
	for (i = 0; i < ARRAY_SIZE(ctx->extended_id); i++) {
		if (i == 0 || ctx->extended_id[i]) {
			id = hash__alloc_context_id();
			if (id < 0)
				goto error;

			ctx->extended_id[i] = id;
		}
	}

	/* The caller expects us to return id */
	return ctx->id;

error:
	for (i--; i >= 0; i--) {
		if (ctx->extended_id[i])
			ida_free(&mmu_context_ida, ctx->extended_id[i]);
	}

	return id;
}

static int hash__init_new_context(struct mm_struct *mm)
{
	int index;

	mm->context.hash_context = kmalloc(sizeof(struct hash_mm_context),
					   GFP_KERNEL);
	if (!mm->context.hash_context)
		return -ENOMEM;

	/*
	 * The old code would re-promote on fork, we don't do that when using
	 * slices as it could cause problem promoting slices that have been
	 * forced down to 4K.
	 *
	 * For book3s we have MMU_NO_CONTEXT set to be ~0. Hence check
	 * explicitly against context.id == 0. This ensures that we properly
	 * initialize context slice details for newly allocated mm's (which will
	 * have id == 0) and don't alter context slice inherited via fork (which
	 * will have id != 0).
	 *
	 * We should not be calling init_new_context() on init_mm. Hence a
	 * check against 0 is OK.
	 */
	if (mm->context.id == 0) {
		memset(mm->context.hash_context, 0, sizeof(struct hash_mm_context));
		slice_init_new_context_exec(mm);
	} else {
		/* This is fork. Copy hash_context details from current->mm */
		memcpy(mm->context.hash_context, current->mm->context.hash_context, sizeof(struct hash_mm_context));
#ifdef CONFIG_PPC_SUBPAGE_PROT
		/* inherit subpage prot detalis if we have one. */
		if (current->mm->context.hash_context->spt) {
			mm->context.hash_context->spt = kmalloc(sizeof(struct subpage_prot_table),
								GFP_KERNEL);
			if (!mm->context.hash_context->spt) {
				kfree(mm->context.hash_context);
				return -ENOMEM;
			}
		}
#endif
	}

	index = realloc_context_ids(&mm->context);
	if (index < 0) {
#ifdef CONFIG_PPC_SUBPAGE_PROT
		kfree(mm->context.hash_context->spt);
#endif
		kfree(mm->context.hash_context);
		return index;
	}

	pkey_mm_init(mm);
	return index;
}

void hash__setup_new_exec(void)
{
	slice_setup_new_exec();

	slb_setup_new_exec();
}

static int radix__init_new_context(struct mm_struct *mm)
{
	unsigned long rts_field;
	int index, max_id;

	max_id = (1 << mmu_pid_bits) - 1;
	index = alloc_context_id(mmu_base_pid, max_id);
	if (index < 0)
		return index;

	/*
	 * set the process table entry,
	 */
	rts_field = radix__get_tree_size();
	process_tb[index].prtb0 = cpu_to_be64(rts_field | __pa(mm->pgd) | RADIX_PGD_INDEX_SIZE);

	/*
	 * Order the above store with subsequent update of the PID
	 * register (at which point HW can start loading/caching
	 * the entry) and the corresponding load by the MMU from
	 * the L2 cache.
	 */
	asm volatile("ptesync;isync" : : : "memory");

	mm->context.hash_context = NULL;

	return index;
}

int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
{
	int index;

	if (radix_enabled())
		index = radix__init_new_context(mm);
	else
		index = hash__init_new_context(mm);

	if (index < 0)
		return index;

	mm->context.id = index;

	mm->context.pte_frag = NULL;
	mm->context.pmd_frag = NULL;
#ifdef CONFIG_SPAPR_TCE_IOMMU
	mm_iommu_init(mm);
#endif
	atomic_set(&mm->context.active_cpus, 0);
	atomic_set(&mm->context.copros, 0);

	return 0;
}

void __destroy_context(int context_id)
{
	ida_free(&mmu_context_ida, context_id);
}
EXPORT_SYMBOL_GPL(__destroy_context);

static void destroy_contexts(mm_context_t *ctx)
{
	int index, context_id;

	for (index = 0; index < ARRAY_SIZE(ctx->extended_id); index++) {
		context_id = ctx->extended_id[index];
		if (context_id)
			ida_free(&mmu_context_ida, context_id);
	}
	kfree(ctx->hash_context);
}

static void pmd_frag_destroy(void *pmd_frag)
{
	int count;
	struct page *page;

	page = virt_to_page(pmd_frag);
	/* drop all the pending references */
	count = ((unsigned long)pmd_frag & ~PAGE_MASK) >> PMD_FRAG_SIZE_SHIFT;
	/* We allow PTE_FRAG_NR fragments from a PTE page */
	if (atomic_sub_and_test(PMD_FRAG_NR - count, &page->pt_frag_refcount)) {
		pgtable_pmd_page_dtor(page);
		__free_page(page);
	}
}

static void destroy_pagetable_cache(struct mm_struct *mm)
{
	void *frag;

	frag = mm->context.pte_frag;
	if (frag)
		pte_frag_destroy(frag);

	frag = mm->context.pmd_frag;
	if (frag)
		pmd_frag_destroy(frag);
	return;
}

void destroy_context(struct mm_struct *mm)
{
#ifdef CONFIG_SPAPR_TCE_IOMMU
	WARN_ON_ONCE(!list_empty(&mm->context.iommu_group_mem_list));
#endif
	/*
	 * For tasks which were successfully initialized we end up calling
	 * arch_exit_mmap() which clears the process table entry. And
	 * arch_exit_mmap() is called before the required fullmm TLB flush
	 * which does a RIC=2 flush. Hence for an initialized task, we do clear
	 * any cached process table entries.
	 *
	 * The condition below handles the error case during task init. We have
	 * set the process table entry early and if we fail a task
	 * initialization, we need to ensure the process table entry is zeroed.
	 * We need not worry about process table entry caches because the task
	 * never ran with the PID value.
	 */
	if (radix_enabled())
		process_tb[mm->context.id].prtb0 = 0;
	else
		subpage_prot_free(mm);
	destroy_contexts(&mm->context);
	mm->context.id = MMU_NO_CONTEXT;
}

void arch_exit_mmap(struct mm_struct *mm)
{
	destroy_pagetable_cache(mm);

	if (radix_enabled()) {
		/*
		 * Radix doesn't have a valid bit in the process table
		 * entries. However we know that at least P9 implementation
		 * will avoid caching an entry with an invalid RTS field,
		 * and 0 is invalid. So this will do.
		 *
		 * This runs before the "fullmm" tlb flush in exit_mmap,
		 * which does a RIC=2 tlbie to clear the process table
		 * entry. See the "fullmm" comments in tlb-radix.c.
		 *
		 * No barrier required here after the store because
		 * this process will do the invalidate, which starts with
		 * ptesync.
		 */
		process_tb[mm->context.id].prtb0 = 0;
	}
}

#ifdef CONFIG_PPC_RADIX_MMU
void radix__switch_mmu_context(struct mm_struct *prev, struct mm_struct *next)
{
	mtspr(SPRN_PID, next->context.id);
	isync();
}
#endif
Commit	Line	Data
2874c5fd	1	// SPDX-License-Identifier: GPL-2.0-or-later
14cf11af PM	2	/*
	3	* MMU context allocation for 64-bit kernels.
	4	*
	5	* Copyright (C) 2004 Anton Blanchard, IBM Corp. <anton@samba.org>
14cf11af PM	6	*/
14cf11af PM	7
14cf11af PM	8	#include <linux/sched.h>
	9	#include <linux/kernel.h>
	10	#include <linux/errno.h>
	11	#include <linux/string.h>
	12	#include <linux/types.h>
	13	#include <linux/mm.h>
4fb158f6	14	#include <linux/pkeys.h>
14cf11af PM	15	#include <linux/spinlock.h>
14cf11af PM	16	#include <linux/idr.h>
4b16f8e2	17	#include <linux/export.h>
5a0e3ad6	18	#include <linux/gfp.h>
851d2e2f	19	#include <linux/slab.h>
14cf11af PM	20
14cf11af PM	21	#include <asm/mmu_context.h>
5c1f6ee9	22	#include <asm/pgalloc.h>
14cf11af	23
ef1edbba ME	24	#include "internal.h"
ef1edbba ME	25
7317ac87	26	static DEFINE_IDA(mmu_context_ida);
14cf11af	27
c1ff840d	28	static int alloc_context_id(int min_id, int max_id)
14cf11af	29	{
b3fa6417	30	return ida_alloc_range(&mmu_context_ida, min_id, max_id, GFP_KERNEL);
e85a4710	31	}
a336f2f5	32
82228e36 AK	33	void hash__reserve_context_id(int id)
82228e36 AK	34	{
b3fa6417	35	int result = ida_alloc_range(&mmu_context_ida, id, id, GFP_KERNEL);
82228e36 AK	36
	37	WARN(result != id, "mmu: Failed to reserve context id %d (rc %d)\n", id, result);
	38	}
	39
a336f2f5 ME	40	int hash__alloc_context_id(void)
a336f2f5 ME	41	{
e6f81a92 AK	42	unsigned long max;
	43
	44	if (mmu_has_feature(MMU_FTR_68_BIT_VA))
	45	max = MAX_USER_CONTEXT;
	46	else
	47	max = MAX_USER_CONTEXT_65BIT_VA;
	48
	49	return alloc_context_id(MIN_USER_CONTEXT, max);
a336f2f5 ME	50	}
	51	EXPORT_SYMBOL_GPL(hash__alloc_context_id);
	52
ca72d883 ME	53	static int realloc_context_ids(mm_context_t *ctx)
	54	{
	55	int i, id;
	56
	57	/*
	58	* id 0 (aka. ctx->id) is special, we always allocate a new one, even if
	59	* there wasn't one allocated previously (which happens in the exec
	60	* case where ctx is newly allocated).
	61	*
	62	* We have to be a bit careful here. We must keep the existing ids in
	63	* the array, so that we can test if they're non-zero to decide if we
	64	* need to allocate a new one. However in case of error we must free the
	65	* ids we've allocated but not any of the existing ones (or risk a
	66	* UAF). That's why we decrement i at the start of the error handling
	67	* loop, to skip the id that we just tested but couldn't reallocate.
	68	*/
	69	for (i = 0; i < ARRAY_SIZE(ctx->extended_id); i++) {
	70	if (i == 0 \|\| ctx->extended_id[i]) {
	71	id = hash__alloc_context_id();
	72	if (id < 0)
	73	goto error;
	74
	75	ctx->extended_id[i] = id;
	76	}
	77	}
	78
	79	/* The caller expects us to return id */
	80	return ctx->id;
	81
	82	error:
	83	for (i--; i >= 0; i--) {
	84	if (ctx->extended_id[i])
	85	ida_free(&mmu_context_ida, ctx->extended_id[i]);
	86	}
	87
	88	return id;
	89	}
	90
760573c1 ME	91	static int hash__init_new_context(struct mm_struct *mm)
	92	{
	93	int index;
	94
ef629cc5 AK	95	mm->context.hash_context = kmalloc(sizeof(struct hash_mm_context),
ef629cc5 AK	96	GFP_KERNEL);
65565a68	97	if (!mm->context.hash_context)
70110186	98	return -ENOMEM;
70110186	99
760573c1 ME	100	/*
	101	* The old code would re-promote on fork, we don't do that when using
	102	* slices as it could cause problem promoting slices that have been
	103	* forced down to 4K.
	104	*
	105	* For book3s we have MMU_NO_CONTEXT set to be ~0. Hence check
	106	* explicitly against context.id == 0. This ensures that we properly
	107	* initialize context slice details for newly allocated mm's (which will
	108	* have id == 0) and don't alter context slice inherited via fork (which
	109	* will have id != 0).
	110	*
	111	* We should not be calling init_new_context() on init_mm. Hence a
	112	* check against 0 is OK.
	113	*/
70110186 AK	114	if (mm->context.id == 0) {
70110186 AK	115	memset(mm->context.hash_context, 0, sizeof(struct hash_mm_context));
1753dd18	116	slice_init_new_context_exec(mm);
70110186 AK	117	} else {
	118	/* This is fork. Copy hash_context details from current->mm */
	119	memcpy(mm->context.hash_context, current->mm->context.hash_context, sizeof(struct hash_mm_context));
ef629cc5 AK	120	#ifdef CONFIG_PPC_SUBPAGE_PROT
	121	/* inherit subpage prot detalis if we have one. */
	122	if (current->mm->context.hash_context->spt) {
	123	mm->context.hash_context->spt = kmalloc(sizeof(struct subpage_prot_table),
	124	GFP_KERNEL);
	125	if (!mm->context.hash_context->spt) {
ef629cc5 AK	126	kfree(mm->context.hash_context);
	127	return -ENOMEM;
	128	}
	129	}
	130	#endif
65565a68	131	}
70110186	132
ca72d883	133	index = realloc_context_ids(&mm->context);
65565a68 ME	134	if (index < 0) {
	135	#ifdef CONFIG_PPC_SUBPAGE_PROT
	136	kfree(mm->context.hash_context->spt);
	137	#endif
	138	kfree(mm->context.hash_context);
ca72d883	139	return index;
70110186	140	}
760573c1	141
4fb158f6	142	pkey_mm_init(mm);
760573c1 ME	143	return index;
	144	}
	145
425d3314 NP	146	void hash__setup_new_exec(void)
	147	{
	148	slice_setup_new_exec();
5434ae74 NP	149
5434ae74 NP	150	slb_setup_new_exec();
425d3314 NP	151	}
425d3314 NP	152
760573c1	153	static int radix__init_new_context(struct mm_struct *mm)
7e381c0f AK	154	{
7e381c0f AK	155	unsigned long rts_field;
a25bd72b	156	int index, max_id;
760573c1	157
a25bd72b BH	158	max_id = (1 << mmu_pid_bits) - 1;
a25bd72b BH	159	index = alloc_context_id(mmu_base_pid, max_id);
760573c1 ME	160	if (index < 0)
760573c1 ME	161	return index;
7e381c0f AK	162
	163	/*
	164	* set the process table entry,
	165	*/
b23d9c5b	166	rts_field = radix__get_tree_size();
7e381c0f	167	process_tb[index].prtb0 = cpu_to_be64(rts_field \| __pa(mm->pgd) \| RADIX_PGD_INDEX_SIZE);
760573c1	168
3a6a0470 BH	169	/*
	170	* Order the above store with subsequent update of the PID
	171	* register (at which point HW can start loading/caching
	172	* the entry) and the corresponding load by the MMU from
	173	* the L2 cache.
	174	*/
	175	asm volatile("ptesync;isync" : : : "memory");
	176
70110186	177	mm->context.hash_context = NULL;
1ab66d1f	178
760573c1	179	return index;
7e381c0f	180	}
e85a4710 AG	181
	182	int init_new_context(struct task_struct tsk, struct mm_struct mm)
	183	{
	184	int index;
	185
760573c1 ME	186	if (radix_enabled())
	187	index = radix__init_new_context(mm);
	188	else
	189	index = hash__init_new_context(mm);
	190
e85a4710 AG	191	if (index < 0)
	192	return index;
	193
9dfe5c53	194	mm->context.id = index;
14cf11af	195
5c1f6ee9	196	mm->context.pte_frag = NULL;
8a6c697b	197	mm->context.pmd_frag = NULL;
15b244a8	198	#ifdef CONFIG_SPAPR_TCE_IOMMU
88f54a35	199	mm_iommu_init(mm);
5c1f6ee9	200	#endif
a619e59c	201	atomic_set(&mm->context.active_cpus, 0);
aff6f8cb	202	atomic_set(&mm->context.copros, 0);
a619e59c	203
14cf11af PM	204	return 0;
	205	}
	206
e85a4710	207	void __destroy_context(int context_id)
14cf11af	208	{
b3fa6417	209	ida_free(&mmu_context_ida, context_id);
e85a4710 AG	210	}
e85a4710 AG	211	EXPORT_SYMBOL_GPL(__destroy_context);
14cf11af	212
f384796c AK	213	static void destroy_contexts(mm_context_t *ctx)
	214	{
	215	int index, context_id;
	216
f384796c AK	217	for (index = 0; index < ARRAY_SIZE(ctx->extended_id); index++) {
	218	context_id = ctx->extended_id[index];
	219	if (context_id)
b3fa6417	220	ida_free(&mmu_context_ida, context_id);
f384796c	221	}
70110186	222	kfree(ctx->hash_context);
f384796c AK	223	}
f384796c AK	224
8a6c697b AK	225	static void pmd_frag_destroy(void *pmd_frag)
	226	{
	227	int count;
	228	struct page *page;
	229
	230	page = virt_to_page(pmd_frag);
	231	/* drop all the pending references */
	232	count = ((unsigned long)pmd_frag & ~PAGE_MASK) >> PMD_FRAG_SIZE_SHIFT;
	233	/* We allow PTE_FRAG_NR fragments from a PTE page */
4231aba0	234	if (atomic_sub_and_test(PMD_FRAG_NR - count, &page->pt_frag_refcount)) {
8a6c697b	235	pgtable_pmd_page_dtor(page);
4231aba0	236	__free_page(page);
8a6c697b AK	237	}
	238	}
	239
34c604d2	240	static void destroy_pagetable_cache(struct mm_struct *mm)
8a6c697b AK	241	{
	242	void *frag;
	243
	244	frag = mm->context.pte_frag;
	245	if (frag)
	246	pte_frag_destroy(frag);
	247
	248	frag = mm->context.pmd_frag;
	249	if (frag)
	250	pmd_frag_destroy(frag);
	251	return;
	252	}
	253
e85a4710 AG	254	void destroy_context(struct mm_struct *mm)
e85a4710 AG	255	{
15b244a8	256	#ifdef CONFIG_SPAPR_TCE_IOMMU
4b6fad70	257	WARN_ON_ONCE(!list_empty(&mm->context.iommu_group_mem_list));
15b244a8	258	#endif
7aec584e AK	259	/*
	260	* For tasks which were successfully initialized we end up calling
	261	* arch_exit_mmap() which clears the process table entry. And
	262	* arch_exit_mmap() is called before the required fullmm TLB flush
	263	* which does a RIC=2 flush. Hence for an initialized task, we do clear
	264	* any cached process table entries.
	265	*
	266	* The condition below handles the error case during task init. We have
	267	* set the process table entry early and if we fail a task
	268	* initialization, we need to ensure the process table entry is zeroed.
	269	* We need not worry about process table entry caches because the task
	270	* never ran with the PID value.
	271	*/
30b49ec7	272	if (radix_enabled())
7aec584e	273	process_tb[mm->context.id].prtb0 = 0;
30b49ec7 NP	274	else
30b49ec7 NP	275	subpage_prot_free(mm);
f384796c	276	destroy_contexts(&mm->context);
30b49ec7 NP	277	mm->context.id = MMU_NO_CONTEXT;
	278	}
	279
	280	void arch_exit_mmap(struct mm_struct *mm)
	281	{
34c604d2 NP	282	destroy_pagetable_cache(mm);
34c604d2 NP	283
c6bb0b8d BH	284	if (radix_enabled()) {
	285	/*
	286	* Radix doesn't have a valid bit in the process table
	287	* entries. However we know that at least P9 implementation
	288	* will avoid caching an entry with an invalid RTS field,
	289	* and 0 is invalid. So this will do.
30b49ec7 NP	290	*
	291	* This runs before the "fullmm" tlb flush in exit_mmap,
	292	* which does a RIC=2 tlbie to clear the process table
	293	* entry. See the "fullmm" comments in tlb-radix.c.
	294	*
	295	* No barrier required here after the store because
	296	* this process will do the invalidate, which starts with
	297	* ptesync.
c6bb0b8d BH	298	*/
c6bb0b8d BH	299	process_tb[mm->context.id].prtb0 = 0;
30b49ec7	300	}
14cf11af	301	}
7e381c0f AK	302
	303	#ifdef CONFIG_PPC_RADIX_MMU
	304	void radix__switch_mmu_context(struct mm_struct prev, struct mm_struct next)
	305	{
2bf1071a NP	306	mtspr(SPRN_PID, next->context.id);
2bf1071a NP	307	isync();
7e381c0f AK	308	}
7e381c0f AK	309	#endif