[linux-2.6-block.git] / arch / powerpc / mm / book3s64 / subpage_prot.c

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * Copyright 2007-2008 Paul Mackerras, IBM Corp.
 */

#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/gfp.h>
#include <linux/types.h>
#include <linux/pagewalk.h>
#include <linux/hugetlb.h>
#include <linux/syscalls.h>

#include <linux/pgtable.h>
#include <linux/uaccess.h>

/*
 * Free all pages allocated for subpage protection maps and pointers.
 * Also makes sure that the subpage_prot_table structure is
 * reinitialized for the next user.
 */
void subpage_prot_free(struct mm_struct *mm)
{
	struct subpage_prot_table *spt = mm_ctx_subpage_prot(&mm->context);
	unsigned long i, j, addr;
	u32 **p;

	if (!spt)
		return;

	for (i = 0; i < 4; ++i) {
		if (spt->low_prot[i]) {
			free_page((unsigned long)spt->low_prot[i]);
			spt->low_prot[i] = NULL;
		}
	}
	addr = 0;
	for (i = 0; i < (TASK_SIZE_USER64 >> 43); ++i) {
		p = spt->protptrs[i];
		if (!p)
			continue;
		spt->protptrs[i] = NULL;
		for (j = 0; j < SBP_L2_COUNT && addr < spt->maxaddr;
		     ++j, addr += PAGE_SIZE)
			if (p[j])
				free_page((unsigned long)p[j]);
		free_page((unsigned long)p);
	}
	spt->maxaddr = 0;
	kfree(spt);
}

static void hpte_flush_range(struct mm_struct *mm, unsigned long addr,
			     int npages)
{
	pgd_t *pgd;
	p4d_t *p4d;
	pud_t *pud;
	pmd_t *pmd;
	pte_t *pte;
	spinlock_t *ptl;

	pgd = pgd_offset(mm, addr);
	p4d = p4d_offset(pgd, addr);
	if (p4d_none(*p4d))
		return;
	pud = pud_offset(p4d, addr);
	if (pud_none(*pud))
		return;
	pmd = pmd_offset(pud, addr);
	if (pmd_none(*pmd))
		return;
	pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
	if (!pte)
		return;
	arch_enter_lazy_mmu_mode();
	for (; npages > 0; --npages) {
		pte_update(mm, addr, pte, 0, 0, 0);
		addr += PAGE_SIZE;
		++pte;
	}
	arch_leave_lazy_mmu_mode();
	pte_unmap_unlock(pte - 1, ptl);
}

/*
 * Clear the subpage protection map for an address range, allowing
 * all accesses that are allowed by the pte permissions.
 */
static void subpage_prot_clear(unsigned long addr, unsigned long len)
{
	struct mm_struct *mm = current->mm;
	struct subpage_prot_table *spt;
	u32 **spm, *spp;
	unsigned long i;
	size_t nw;
	unsigned long next, limit;

	mmap_write_lock(mm);

	spt = mm_ctx_subpage_prot(&mm->context);
	if (!spt)
		goto err_out;

	limit = addr + len;
	if (limit > spt->maxaddr)
		limit = spt->maxaddr;
	for (; addr < limit; addr = next) {
		next = pmd_addr_end(addr, limit);
		if (addr < 0x100000000UL) {
			spm = spt->low_prot;
		} else {
			spm = spt->protptrs[addr >> SBP_L3_SHIFT];
			if (!spm)
				continue;
		}
		spp = spm[(addr >> SBP_L2_SHIFT) & (SBP_L2_COUNT - 1)];
		if (!spp)
			continue;
		spp += (addr >> PAGE_SHIFT) & (SBP_L1_COUNT - 1);

		i = (addr >> PAGE_SHIFT) & (PTRS_PER_PTE - 1);
		nw = PTRS_PER_PTE - i;
		if (addr + (nw << PAGE_SHIFT) > next)
			nw = (next - addr) >> PAGE_SHIFT;

		memset(spp, 0, nw * sizeof(u32));

		/* now flush any existing HPTEs for the range */
		hpte_flush_range(mm, addr, nw);
	}

err_out:
	mmap_write_unlock(mm);
}

#ifdef CONFIG_TRANSPARENT_HUGEPAGE
static int subpage_walk_pmd_entry(pmd_t *pmd, unsigned long addr,
				  unsigned long end, struct mm_walk *walk)
{
	struct vm_area_struct *vma = walk->vma;
	split_huge_pmd(vma, pmd, addr);
	return 0;
}

static const struct mm_walk_ops subpage_walk_ops = {
	.pmd_entry	= subpage_walk_pmd_entry,
	.walk_lock	= PGWALK_WRLOCK_VERIFY,
};

static void subpage_mark_vma_nohuge(struct mm_struct *mm, unsigned long addr,
				    unsigned long len)
{
	struct vm_area_struct *vma;
	VMA_ITERATOR(vmi, mm, addr);

	/*
	 * We don't try too hard, we just mark all the vma in that range
	 * VM_NOHUGEPAGE and split them.
	 */
	for_each_vma_range(vmi, vma, addr + len) {
		vm_flags_set(vma, VM_NOHUGEPAGE);
		walk_page_vma(vma, &subpage_walk_ops, NULL);
	}
}
#else
static void subpage_mark_vma_nohuge(struct mm_struct *mm, unsigned long addr,
				    unsigned long len)
{
	return;
}
#endif

/*
 * Copy in a subpage protection map for an address range.
 * The map has 2 bits per 4k subpage, so 32 bits per 64k page.
 * Each 2-bit field is 0 to allow any access, 1 to prevent writes,
 * 2 or 3 to prevent all accesses.
 * Note that the normal page protections also apply; the subpage
 * protection mechanism is an additional constraint, so putting 0
 * in a 2-bit field won't allow writes to a page that is otherwise
 * write-protected.
 */
SYSCALL_DEFINE3(subpage_prot, unsigned long, addr,
		unsigned long, len, u32 __user *, map)
{
	struct mm_struct *mm = current->mm;
	struct subpage_prot_table *spt;
	u32 **spm, *spp;
	unsigned long i;
	size_t nw;
	unsigned long next, limit;
	int err;

	if (radix_enabled())
		return -ENOENT;

	/* Check parameters */
	if ((addr & ~PAGE_MASK) || (len & ~PAGE_MASK) ||
	    addr >= mm->task_size || len >= mm->task_size ||
	    addr + len > mm->task_size)
		return -EINVAL;

	if (is_hugepage_only_range(mm, addr, len))
		return -EINVAL;

	if (!map) {
		/* Clear out the protection map for the address range */
		subpage_prot_clear(addr, len);
		return 0;
	}

	if (!access_ok(map, (len >> PAGE_SHIFT) * sizeof(u32)))
		return -EFAULT;

	mmap_write_lock(mm);

	spt = mm_ctx_subpage_prot(&mm->context);
	if (!spt) {
		/*
		 * Allocate subpage prot table if not already done.
		 * Do this with mmap_lock held
		 */
		spt = kzalloc(sizeof(struct subpage_prot_table), GFP_KERNEL);
		if (!spt) {
			err = -ENOMEM;
			goto out;
		}
		mm->context.hash_context->spt = spt;
	}

	subpage_mark_vma_nohuge(mm, addr, len);
	for (limit = addr + len; addr < limit; addr = next) {
		next = pmd_addr_end(addr, limit);
		err = -ENOMEM;
		if (addr < 0x100000000UL) {
			spm = spt->low_prot;
		} else {
			spm = spt->protptrs[addr >> SBP_L3_SHIFT];
			if (!spm) {
				spm = (u32 **)get_zeroed_page(GFP_KERNEL);
				if (!spm)
					goto out;
				spt->protptrs[addr >> SBP_L3_SHIFT] = spm;
			}
		}
		spm += (addr >> SBP_L2_SHIFT) & (SBP_L2_COUNT - 1);
		spp = *spm;
		if (!spp) {
			spp = (u32 *)get_zeroed_page(GFP_KERNEL);
			if (!spp)
				goto out;
			*spm = spp;
		}
		spp += (addr >> PAGE_SHIFT) & (SBP_L1_COUNT - 1);

		local_irq_disable();
		demote_segment_4k(mm, addr);
		local_irq_enable();

		i = (addr >> PAGE_SHIFT) & (PTRS_PER_PTE - 1);
		nw = PTRS_PER_PTE - i;
		if (addr + (nw << PAGE_SHIFT) > next)
			nw = (next - addr) >> PAGE_SHIFT;

		mmap_write_unlock(mm);
		if (__copy_from_user(spp, map, nw * sizeof(u32)))
			return -EFAULT;
		map += nw;
		mmap_write_lock(mm);

		/* now flush any existing HPTEs for the range */
		hpte_flush_range(mm, addr, nw);
	}
	if (limit > spt->maxaddr)
		spt->maxaddr = limit;
	err = 0;
 out:
	mmap_write_unlock(mm);
	return err;
}
Commit	Line	Data
2874c5fd	1	// SPDX-License-Identifier: GPL-2.0-or-later
fa28237c PM	2	/*
fa28237c PM	3	* Copyright 2007-2008 Paul Mackerras, IBM Corp.
fa28237c PM	4	*/
	5
	6	#include <linux/errno.h>
	7	#include <linux/kernel.h>
	8	#include <linux/gfp.h>
fa28237c	9	#include <linux/types.h>
a520110e	10	#include <linux/pagewalk.h>
fa28237c	11	#include <linux/hugetlb.h>
3691d614	12	#include <linux/syscalls.h>
fa28237c	13
ca5999fd	14	#include <linux/pgtable.h>
7c0f6ba6	15	#include <linux/uaccess.h>
fa28237c PM	16
	17	/*
	18	* Free all pages allocated for subpage protection maps and pointers.
	19	* Also makes sure that the subpage_prot_table structure is
	20	* reinitialized for the next user.
	21	*/
d28513bc	22	void subpage_prot_free(struct mm_struct *mm)
fa28237c	23	{
60458fba	24	struct subpage_prot_table *spt = mm_ctx_subpage_prot(&mm->context);
fa28237c PM	25	unsigned long i, j, addr;
	26	u32 **p;
	27
ef629cc5 AK	28	if (!spt)
	29	return;
	30
fa28237c PM	31	for (i = 0; i < 4; ++i) {
	32	if (spt->low_prot[i]) {
	33	free_page((unsigned long)spt->low_prot[i]);
	34	spt->low_prot[i] = NULL;
	35	}
	36	}
	37	addr = 0;
0da12a7a	38	for (i = 0; i < (TASK_SIZE_USER64 >> 43); ++i) {
fa28237c PM	39	p = spt->protptrs[i];
	40	if (!p)
	41	continue;
	42	spt->protptrs[i] = NULL;
	43	for (j = 0; j < SBP_L2_COUNT && addr < spt->maxaddr;
	44	++j, addr += PAGE_SIZE)
	45	if (p[j])
	46	free_page((unsigned long)p[j]);
	47	free_page((unsigned long)p);
	48	}
	49	spt->maxaddr = 0;
ef629cc5	50	kfree(spt);
d28513bc DG	51	}
d28513bc DG	52
fa28237c PM	53	static void hpte_flush_range(struct mm_struct *mm, unsigned long addr,
	54	int npages)
	55	{
	56	pgd_t *pgd;
2fb47060	57	p4d_t *p4d;
fa28237c PM	58	pud_t *pud;
	59	pmd_t *pmd;
	60	pte_t *pte;
	61	spinlock_t *ptl;
	62
	63	pgd = pgd_offset(mm, addr);
2fb47060 MR	64	p4d = p4d_offset(pgd, addr);
2fb47060 MR	65	if (p4d_none(*p4d))
fa28237c	66	return;
2fb47060	67	pud = pud_offset(p4d, addr);
fa28237c PM	68	if (pud_none(*pud))
	69	return;
	70	pmd = pmd_offset(pud, addr);
	71	if (pmd_none(*pmd))
	72	return;
	73	pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
0c31f29b HD	74	if (!pte)
0c31f29b HD	75	return;
fa28237c PM	76	arch_enter_lazy_mmu_mode();
fa28237c PM	77	for (; npages > 0; --npages) {
88247e8d	78	pte_update(mm, addr, pte, 0, 0, 0);
fa28237c PM	79	addr += PAGE_SIZE;
	80	++pte;
	81	}
	82	arch_leave_lazy_mmu_mode();
	83	pte_unmap_unlock(pte - 1, ptl);
	84	}
	85
	86	/*
	87	* Clear the subpage protection map for an address range, allowing
	88	* all accesses that are allowed by the pte permissions.
	89	*/
	90	static void subpage_prot_clear(unsigned long addr, unsigned long len)
	91	{
	92	struct mm_struct *mm = current->mm;
2c474c03	93	struct subpage_prot_table *spt;
fa28237c	94	u32 *spm, spp;
6b5e7229 JM	95	unsigned long i;
6b5e7229 JM	96	size_t nw;
fa28237c PM	97	unsigned long next, limit;
fa28237c PM	98
d8ed45c5	99	mmap_write_lock(mm);
2c474c03 AK	100
2c474c03 AK	101	spt = mm_ctx_subpage_prot(&mm->context);
ef629cc5	102	if (!spt)
2c474c03	103	goto err_out;
ef629cc5	104
fa28237c PM	105	limit = addr + len;
	106	if (limit > spt->maxaddr)
	107	limit = spt->maxaddr;
	108	for (; addr < limit; addr = next) {
	109	next = pmd_addr_end(addr, limit);
b0d436c7	110	if (addr < 0x100000000UL) {
fa28237c PM	111	spm = spt->low_prot;
	112	} else {
	113	spm = spt->protptrs[addr >> SBP_L3_SHIFT];
	114	if (!spm)
	115	continue;
	116	}
	117	spp = spm[(addr >> SBP_L2_SHIFT) & (SBP_L2_COUNT - 1)];
	118	if (!spp)
	119	continue;
	120	spp += (addr >> PAGE_SHIFT) & (SBP_L1_COUNT - 1);
	121
	122	i = (addr >> PAGE_SHIFT) & (PTRS_PER_PTE - 1);
	123	nw = PTRS_PER_PTE - i;
	124	if (addr + (nw << PAGE_SHIFT) > next)
	125	nw = (next - addr) >> PAGE_SHIFT;
	126
	127	memset(spp, 0, nw * sizeof(u32));
	128
	129	/* now flush any existing HPTEs for the range */
	130	hpte_flush_range(mm, addr, nw);
	131	}
2c474c03 AK	132
2c474c03 AK	133	err_out:
d8ed45c5	134	mmap_write_unlock(mm);
fa28237c PM	135	}
fa28237c PM	136
d8e355a2 AK	137	#ifdef CONFIG_TRANSPARENT_HUGEPAGE
	138	static int subpage_walk_pmd_entry(pmd_t *pmd, unsigned long addr,
	139	unsigned long end, struct mm_walk *walk)
	140	{
1757bbd9	141	struct vm_area_struct *vma = walk->vma;
78ddc534	142	split_huge_pmd(vma, pmd, addr);
d8e355a2 AK	143	return 0;
	144	}
	145
7b86ac33 CH	146	static const struct mm_walk_ops subpage_walk_ops = {
7b86ac33 CH	147	.pmd_entry = subpage_walk_pmd_entry,
49b06385	148	.walk_lock = PGWALK_WRLOCK_VERIFY,
7b86ac33 CH	149	};
7b86ac33 CH	150
d8e355a2 AK	151	static void subpage_mark_vma_nohuge(struct mm_struct *mm, unsigned long addr,
	152	unsigned long len)
	153	{
	154	struct vm_area_struct *vma;
405e6691	155	VMA_ITERATOR(vmi, mm, addr);
d8e355a2 AK	156
	157	/*
	158	* We don't try too hard, we just mark all the vma in that range
	159	* VM_NOHUGEPAGE and split them.
	160	*/
405e6691	161	for_each_vma_range(vmi, vma, addr + len) {
1c71222e	162	vm_flags_set(vma, VM_NOHUGEPAGE);
7b86ac33	163	walk_page_vma(vma, &subpage_walk_ops, NULL);
d8e355a2 AK	164	}
	165	}
	166	#else
	167	static void subpage_mark_vma_nohuge(struct mm_struct *mm, unsigned long addr,
	168	unsigned long len)
	169	{
	170	return;
	171	}
	172	#endif
	173
fa28237c PM	174	/*
	175	* Copy in a subpage protection map for an address range.
	176	* The map has 2 bits per 4k subpage, so 32 bits per 64k page.
	177	* Each 2-bit field is 0 to allow any access, 1 to prevent writes,
	178	* 2 or 3 to prevent all accesses.
	179	* Note that the normal page protections also apply; the subpage
	180	* protection mechanism is an additional constraint, so putting 0
	181	* in a 2-bit field won't allow writes to a page that is otherwise
	182	* write-protected.
	183	*/
3691d614 AV	184	SYSCALL_DEFINE3(subpage_prot, unsigned long, addr,
3691d614 AV	185	unsigned long, len, u32 __user *, map)
fa28237c PM	186	{
fa28237c PM	187	struct mm_struct *mm = current->mm;
2c474c03	188	struct subpage_prot_table *spt;
fa28237c	189	u32 *spm, spp;
6b5e7229 JM	190	unsigned long i;
6b5e7229 JM	191	size_t nw;
fa28237c PM	192	unsigned long next, limit;
	193	int err;
	194
5b2b8071 AK	195	if (radix_enabled())
	196	return -ENOENT;
	197
fa28237c PM	198	/* Check parameters */
fa28237c PM	199	if ((addr & ~PAGE_MASK) \|\| (len & ~PAGE_MASK) \|\|
be77e999 AK	200	addr >= mm->task_size \|\| len >= mm->task_size \|\|
be77e999 AK	201	addr + len > mm->task_size)
fa28237c PM	202	return -EINVAL;
	203
	204	if (is_hugepage_only_range(mm, addr, len))
	205	return -EINVAL;
	206
	207	if (!map) {
	208	/* Clear out the protection map for the address range */
	209	subpage_prot_clear(addr, len);
	210	return 0;
	211	}
	212
96d4f267	213	if (!access_ok(map, (len >> PAGE_SHIFT) * sizeof(u32)))
fa28237c PM	214	return -EFAULT;
fa28237c PM	215
d8ed45c5	216	mmap_write_lock(mm);
ef629cc5	217
2c474c03	218	spt = mm_ctx_subpage_prot(&mm->context);
ef629cc5 AK	219	if (!spt) {
	220	/*
	221	* Allocate subpage prot table if not already done.
c1e8d7c6	222	* Do this with mmap_lock held
ef629cc5 AK	223	*/
	224	spt = kzalloc(sizeof(struct subpage_prot_table), GFP_KERNEL);
	225	if (!spt) {
	226	err = -ENOMEM;
	227	goto out;
	228	}
	229	mm->context.hash_context->spt = spt;
	230	}
	231
d8e355a2	232	subpage_mark_vma_nohuge(mm, addr, len);
fa28237c PM	233	for (limit = addr + len; addr < limit; addr = next) {
	234	next = pmd_addr_end(addr, limit);
	235	err = -ENOMEM;
b0d436c7	236	if (addr < 0x100000000UL) {
fa28237c PM	237	spm = spt->low_prot;
	238	} else {
	239	spm = spt->protptrs[addr >> SBP_L3_SHIFT];
	240	if (!spm) {
	241	spm = (u32 **)get_zeroed_page(GFP_KERNEL);
	242	if (!spm)
	243	goto out;
	244	spt->protptrs[addr >> SBP_L3_SHIFT] = spm;
	245	}
	246	}
	247	spm += (addr >> SBP_L2_SHIFT) & (SBP_L2_COUNT - 1);
	248	spp = *spm;
	249	if (!spp) {
	250	spp = (u32 *)get_zeroed_page(GFP_KERNEL);
	251	if (!spp)
	252	goto out;
	253	*spm = spp;
	254	}
	255	spp += (addr >> PAGE_SHIFT) & (SBP_L1_COUNT - 1);
	256
	257	local_irq_disable();
	258	demote_segment_4k(mm, addr);
	259	local_irq_enable();
	260
	261	i = (addr >> PAGE_SHIFT) & (PTRS_PER_PTE - 1);
	262	nw = PTRS_PER_PTE - i;
	263	if (addr + (nw << PAGE_SHIFT) > next)
	264	nw = (next - addr) >> PAGE_SHIFT;
	265
d8ed45c5	266	mmap_write_unlock(mm);
fa28237c	267	if (__copy_from_user(spp, map, nw * sizeof(u32)))
a967f161	268	return -EFAULT;
fa28237c	269	map += nw;
d8ed45c5	270	mmap_write_lock(mm);
fa28237c PM	271
	272	/* now flush any existing HPTEs for the range */
	273	hpte_flush_range(mm, addr, nw);
	274	}
	275	if (limit > spt->maxaddr)
	276	spt->maxaddr = limit;
	277	err = 0;
	278	out:
d8ed45c5	279	mmap_write_unlock(mm);
fa28237c PM	280	return err;
fa28237c PM	281	}