Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
14cf11af PM |
2 | /* |
3 | * MMU context allocation for 64-bit kernels. | |
4 | * | |
5 | * Copyright (C) 2004 Anton Blanchard, IBM Corp. <anton@samba.org> | |
14cf11af PM |
6 | */ |
7 | ||
14cf11af PM |
8 | #include <linux/sched.h> |
9 | #include <linux/kernel.h> | |
10 | #include <linux/errno.h> | |
11 | #include <linux/string.h> | |
12 | #include <linux/types.h> | |
13 | #include <linux/mm.h> | |
4fb158f6 | 14 | #include <linux/pkeys.h> |
14cf11af PM |
15 | #include <linux/spinlock.h> |
16 | #include <linux/idr.h> | |
4b16f8e2 | 17 | #include <linux/export.h> |
5a0e3ad6 | 18 | #include <linux/gfp.h> |
851d2e2f | 19 | #include <linux/slab.h> |
14cf11af PM |
20 | |
21 | #include <asm/mmu_context.h> | |
5c1f6ee9 | 22 | #include <asm/pgalloc.h> |
14cf11af | 23 | |
ef1edbba ME |
24 | #include "internal.h" |
25 | ||
7317ac87 | 26 | static DEFINE_IDA(mmu_context_ida); |
14cf11af | 27 | |
c1ff840d | 28 | static int alloc_context_id(int min_id, int max_id) |
14cf11af | 29 | { |
b3fa6417 | 30 | return ida_alloc_range(&mmu_context_ida, min_id, max_id, GFP_KERNEL); |
e85a4710 | 31 | } |
a336f2f5 | 32 | |
82228e36 AK |
33 | void hash__reserve_context_id(int id) |
34 | { | |
b3fa6417 | 35 | int result = ida_alloc_range(&mmu_context_ida, id, id, GFP_KERNEL); |
82228e36 AK |
36 | |
37 | WARN(result != id, "mmu: Failed to reserve context id %d (rc %d)\n", id, result); | |
38 | } | |
39 | ||
a336f2f5 ME |
40 | int hash__alloc_context_id(void) |
41 | { | |
e6f81a92 AK |
42 | unsigned long max; |
43 | ||
44 | if (mmu_has_feature(MMU_FTR_68_BIT_VA)) | |
45 | max = MAX_USER_CONTEXT; | |
46 | else | |
47 | max = MAX_USER_CONTEXT_65BIT_VA; | |
48 | ||
49 | return alloc_context_id(MIN_USER_CONTEXT, max); | |
a336f2f5 ME |
50 | } |
51 | EXPORT_SYMBOL_GPL(hash__alloc_context_id); | |
52 | ||
ca72d883 ME |
53 | static int realloc_context_ids(mm_context_t *ctx) |
54 | { | |
55 | int i, id; | |
56 | ||
57 | /* | |
58 | * id 0 (aka. ctx->id) is special, we always allocate a new one, even if | |
59 | * there wasn't one allocated previously (which happens in the exec | |
60 | * case where ctx is newly allocated). | |
61 | * | |
62 | * We have to be a bit careful here. We must keep the existing ids in | |
63 | * the array, so that we can test if they're non-zero to decide if we | |
64 | * need to allocate a new one. However in case of error we must free the | |
65 | * ids we've allocated but *not* any of the existing ones (or risk a | |
66 | * UAF). That's why we decrement i at the start of the error handling | |
67 | * loop, to skip the id that we just tested but couldn't reallocate. | |
68 | */ | |
69 | for (i = 0; i < ARRAY_SIZE(ctx->extended_id); i++) { | |
70 | if (i == 0 || ctx->extended_id[i]) { | |
71 | id = hash__alloc_context_id(); | |
72 | if (id < 0) | |
73 | goto error; | |
74 | ||
75 | ctx->extended_id[i] = id; | |
76 | } | |
77 | } | |
78 | ||
79 | /* The caller expects us to return id */ | |
80 | return ctx->id; | |
81 | ||
82 | error: | |
83 | for (i--; i >= 0; i--) { | |
84 | if (ctx->extended_id[i]) | |
85 | ida_free(&mmu_context_ida, ctx->extended_id[i]); | |
86 | } | |
87 | ||
88 | return id; | |
89 | } | |
90 | ||
760573c1 ME |
91 | static int hash__init_new_context(struct mm_struct *mm) |
92 | { | |
93 | int index; | |
94 | ||
ef629cc5 AK |
95 | mm->context.hash_context = kmalloc(sizeof(struct hash_mm_context), |
96 | GFP_KERNEL); | |
65565a68 | 97 | if (!mm->context.hash_context) |
70110186 | 98 | return -ENOMEM; |
70110186 | 99 | |
760573c1 ME |
100 | /* |
101 | * The old code would re-promote on fork, we don't do that when using | |
102 | * slices as it could cause problem promoting slices that have been | |
103 | * forced down to 4K. | |
104 | * | |
105 | * For book3s we have MMU_NO_CONTEXT set to be ~0. Hence check | |
106 | * explicitly against context.id == 0. This ensures that we properly | |
107 | * initialize context slice details for newly allocated mm's (which will | |
108 | * have id == 0) and don't alter context slice inherited via fork (which | |
109 | * will have id != 0). | |
110 | * | |
111 | * We should not be calling init_new_context() on init_mm. Hence a | |
112 | * check against 0 is OK. | |
113 | */ | |
70110186 AK |
114 | if (mm->context.id == 0) { |
115 | memset(mm->context.hash_context, 0, sizeof(struct hash_mm_context)); | |
1753dd18 | 116 | slice_init_new_context_exec(mm); |
70110186 AK |
117 | } else { |
118 | /* This is fork. Copy hash_context details from current->mm */ | |
119 | memcpy(mm->context.hash_context, current->mm->context.hash_context, sizeof(struct hash_mm_context)); | |
ef629cc5 AK |
120 | #ifdef CONFIG_PPC_SUBPAGE_PROT |
121 | /* inherit subpage prot detalis if we have one. */ | |
122 | if (current->mm->context.hash_context->spt) { | |
123 | mm->context.hash_context->spt = kmalloc(sizeof(struct subpage_prot_table), | |
124 | GFP_KERNEL); | |
125 | if (!mm->context.hash_context->spt) { | |
ef629cc5 AK |
126 | kfree(mm->context.hash_context); |
127 | return -ENOMEM; | |
128 | } | |
129 | } | |
130 | #endif | |
65565a68 | 131 | } |
70110186 | 132 | |
ca72d883 | 133 | index = realloc_context_ids(&mm->context); |
65565a68 ME |
134 | if (index < 0) { |
135 | #ifdef CONFIG_PPC_SUBPAGE_PROT | |
136 | kfree(mm->context.hash_context->spt); | |
137 | #endif | |
138 | kfree(mm->context.hash_context); | |
ca72d883 | 139 | return index; |
70110186 | 140 | } |
760573c1 | 141 | |
4fb158f6 | 142 | pkey_mm_init(mm); |
760573c1 ME |
143 | return index; |
144 | } | |
145 | ||
425d3314 NP |
146 | void hash__setup_new_exec(void) |
147 | { | |
148 | slice_setup_new_exec(); | |
5434ae74 NP |
149 | |
150 | slb_setup_new_exec(); | |
425d3314 NP |
151 | } |
152 | ||
760573c1 | 153 | static int radix__init_new_context(struct mm_struct *mm) |
7e381c0f AK |
154 | { |
155 | unsigned long rts_field; | |
a25bd72b | 156 | int index, max_id; |
760573c1 | 157 | |
a25bd72b BH |
158 | max_id = (1 << mmu_pid_bits) - 1; |
159 | index = alloc_context_id(mmu_base_pid, max_id); | |
760573c1 ME |
160 | if (index < 0) |
161 | return index; | |
7e381c0f AK |
162 | |
163 | /* | |
164 | * set the process table entry, | |
165 | */ | |
b23d9c5b | 166 | rts_field = radix__get_tree_size(); |
7e381c0f | 167 | process_tb[index].prtb0 = cpu_to_be64(rts_field | __pa(mm->pgd) | RADIX_PGD_INDEX_SIZE); |
760573c1 | 168 | |
3a6a0470 BH |
169 | /* |
170 | * Order the above store with subsequent update of the PID | |
171 | * register (at which point HW can start loading/caching | |
172 | * the entry) and the corresponding load by the MMU from | |
173 | * the L2 cache. | |
174 | */ | |
175 | asm volatile("ptesync;isync" : : : "memory"); | |
176 | ||
70110186 | 177 | mm->context.hash_context = NULL; |
1ab66d1f | 178 | |
760573c1 | 179 | return index; |
7e381c0f | 180 | } |
e85a4710 AG |
181 | |
182 | int init_new_context(struct task_struct *tsk, struct mm_struct *mm) | |
183 | { | |
184 | int index; | |
185 | ||
760573c1 ME |
186 | if (radix_enabled()) |
187 | index = radix__init_new_context(mm); | |
188 | else | |
189 | index = hash__init_new_context(mm); | |
190 | ||
e85a4710 AG |
191 | if (index < 0) |
192 | return index; | |
193 | ||
9dfe5c53 | 194 | mm->context.id = index; |
14cf11af | 195 | |
5c1f6ee9 | 196 | mm->context.pte_frag = NULL; |
8a6c697b | 197 | mm->context.pmd_frag = NULL; |
15b244a8 | 198 | #ifdef CONFIG_SPAPR_TCE_IOMMU |
88f54a35 | 199 | mm_iommu_init(mm); |
5c1f6ee9 | 200 | #endif |
a619e59c | 201 | atomic_set(&mm->context.active_cpus, 0); |
aff6f8cb | 202 | atomic_set(&mm->context.copros, 0); |
a619e59c | 203 | |
14cf11af PM |
204 | return 0; |
205 | } | |
206 | ||
e85a4710 | 207 | void __destroy_context(int context_id) |
14cf11af | 208 | { |
b3fa6417 | 209 | ida_free(&mmu_context_ida, context_id); |
e85a4710 AG |
210 | } |
211 | EXPORT_SYMBOL_GPL(__destroy_context); | |
14cf11af | 212 | |
f384796c AK |
213 | static void destroy_contexts(mm_context_t *ctx) |
214 | { | |
215 | int index, context_id; | |
216 | ||
f384796c AK |
217 | for (index = 0; index < ARRAY_SIZE(ctx->extended_id); index++) { |
218 | context_id = ctx->extended_id[index]; | |
219 | if (context_id) | |
b3fa6417 | 220 | ida_free(&mmu_context_ida, context_id); |
f384796c | 221 | } |
70110186 | 222 | kfree(ctx->hash_context); |
f384796c AK |
223 | } |
224 | ||
8a6c697b AK |
225 | static void pmd_frag_destroy(void *pmd_frag) |
226 | { | |
227 | int count; | |
228 | struct page *page; | |
229 | ||
230 | page = virt_to_page(pmd_frag); | |
231 | /* drop all the pending references */ | |
232 | count = ((unsigned long)pmd_frag & ~PAGE_MASK) >> PMD_FRAG_SIZE_SHIFT; | |
233 | /* We allow PTE_FRAG_NR fragments from a PTE page */ | |
4231aba0 | 234 | if (atomic_sub_and_test(PMD_FRAG_NR - count, &page->pt_frag_refcount)) { |
8a6c697b | 235 | pgtable_pmd_page_dtor(page); |
4231aba0 | 236 | __free_page(page); |
8a6c697b AK |
237 | } |
238 | } | |
239 | ||
34c604d2 | 240 | static void destroy_pagetable_cache(struct mm_struct *mm) |
8a6c697b AK |
241 | { |
242 | void *frag; | |
243 | ||
244 | frag = mm->context.pte_frag; | |
245 | if (frag) | |
246 | pte_frag_destroy(frag); | |
247 | ||
248 | frag = mm->context.pmd_frag; | |
249 | if (frag) | |
250 | pmd_frag_destroy(frag); | |
251 | return; | |
252 | } | |
253 | ||
e85a4710 AG |
254 | void destroy_context(struct mm_struct *mm) |
255 | { | |
15b244a8 | 256 | #ifdef CONFIG_SPAPR_TCE_IOMMU |
4b6fad70 | 257 | WARN_ON_ONCE(!list_empty(&mm->context.iommu_group_mem_list)); |
15b244a8 | 258 | #endif |
7aec584e AK |
259 | /* |
260 | * For tasks which were successfully initialized we end up calling | |
261 | * arch_exit_mmap() which clears the process table entry. And | |
262 | * arch_exit_mmap() is called before the required fullmm TLB flush | |
263 | * which does a RIC=2 flush. Hence for an initialized task, we do clear | |
264 | * any cached process table entries. | |
265 | * | |
266 | * The condition below handles the error case during task init. We have | |
267 | * set the process table entry early and if we fail a task | |
268 | * initialization, we need to ensure the process table entry is zeroed. | |
269 | * We need not worry about process table entry caches because the task | |
270 | * never ran with the PID value. | |
271 | */ | |
30b49ec7 | 272 | if (radix_enabled()) |
7aec584e | 273 | process_tb[mm->context.id].prtb0 = 0; |
30b49ec7 NP |
274 | else |
275 | subpage_prot_free(mm); | |
f384796c | 276 | destroy_contexts(&mm->context); |
30b49ec7 NP |
277 | mm->context.id = MMU_NO_CONTEXT; |
278 | } | |
279 | ||
280 | void arch_exit_mmap(struct mm_struct *mm) | |
281 | { | |
34c604d2 NP |
282 | destroy_pagetable_cache(mm); |
283 | ||
c6bb0b8d BH |
284 | if (radix_enabled()) { |
285 | /* | |
286 | * Radix doesn't have a valid bit in the process table | |
287 | * entries. However we know that at least P9 implementation | |
288 | * will avoid caching an entry with an invalid RTS field, | |
289 | * and 0 is invalid. So this will do. | |
30b49ec7 NP |
290 | * |
291 | * This runs before the "fullmm" tlb flush in exit_mmap, | |
292 | * which does a RIC=2 tlbie to clear the process table | |
293 | * entry. See the "fullmm" comments in tlb-radix.c. | |
294 | * | |
295 | * No barrier required here after the store because | |
296 | * this process will do the invalidate, which starts with | |
297 | * ptesync. | |
c6bb0b8d BH |
298 | */ |
299 | process_tb[mm->context.id].prtb0 = 0; | |
30b49ec7 | 300 | } |
14cf11af | 301 | } |
7e381c0f AK |
302 | |
303 | #ifdef CONFIG_PPC_RADIX_MMU | |
304 | void radix__switch_mmu_context(struct mm_struct *prev, struct mm_struct *next) | |
305 | { | |
2bf1071a NP |
306 | mtspr(SPRN_PID, next->context.id); |
307 | isync(); | |
7e381c0f AK |
308 | } |
309 | #endif |