e99f23c5bf
- Limit the linear region to 51-bit when KVM is running in nVHE mode otherwise, depending on the placement of the ID map, kernel-VA to hyp-VA translations may produce addresses that either conflict with other HYP mappings or generate addresses outside of the 52-bit addressable range. - Instruct kmemleak not to scan the memory reserved for kdump as this range is removed from the kernel linear map and therefore not accessible. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmE7ldgACgkQa9axLQDI XvEIJRAAm6upVb+1mMtDrCpWBBc24PCfJctJruKpckH10JkfiSHZxPUGGbWH4gx6 1eb9QuVRQ5KwanZp7J/ugqYfQlWH7JQqViV5NPRX7dL/aeR/xvCem1LpcgOMP6XY 0z0LkJAqK6ayxtvhxHnG57SaCbLAE/8Ctok1pPKDOBeXqBlV1tOgpPOA2+PB9Vs6 +r4kspW/tgk4wRIl+xNjOmPxz+Ej6Y7cgzhmVnByqW0Aaer0bTUYcBNgXf0959rG cqZybW1ugdtOP8js1BsUDGJyjF05V77beyC/8h0x5bF/8tfscuxTDfMdbdlCNnpj PG/z3fnoPRzXj4hZkcMdVkwtj1CcarRkgZLIDyIOf7nlBbOlGvWsjV9SK2wsADcq 4pYMT36rv4RXs2bt1ET58a6eFWXTsC31hX+IUaIMRI7BwlJvh4JEekT7DpLvpLvJ 4qdP8KoBPRgm1b5XjRqOF7XBpLoJHSPcLQ6VvatYZcfZaUXyyAfwTpLi7CGqD+Qs rqAtMjLFYZ+vUM8clhAlLsUhAZH1JH6am+qOE8qjUGdKGqFfECv2ViB8PMRgk1MH YxHot6VhemzKre9U7aVjlHBjrxPP/zRhmLzIQ1/SrP6x6kxxF2JUR45NfUMQO810 yPW52qoSSk6P4ld6ka7jDGE0bZE2up2mkO15H6WcgML4dSoBvHQ= =7RDb -----END PGP SIGNATURE----- Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - Limit the linear region to 51-bit when KVM is running in nVHE mode. Otherwise, depending on the placement of the ID map, kernel-VA to hyp-VA translations may produce addresses that either conflict with other HYP mappings or generate addresses outside of the 52-bit addressable range. - Instruct kmemleak not to scan the memory reserved for kdump as this range is removed from the kernel linear map and therefore not accessible. * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: kdump: Skip kmemleak scan reserved memory for kdump arm64: mm: limit linear region to 51 bits for KVM in nVHE mode
470 lines
14 KiB
C
470 lines
14 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Based on arch/arm/mm/init.c
|
|
*
|
|
* Copyright (C) 1995-2005 Russell King
|
|
* Copyright (C) 2012 ARM Ltd.
|
|
*/
|
|
|
|
#include <linux/kernel.h>
|
|
#include <linux/export.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/swap.h>
|
|
#include <linux/init.h>
|
|
#include <linux/cache.h>
|
|
#include <linux/mman.h>
|
|
#include <linux/nodemask.h>
|
|
#include <linux/initrd.h>
|
|
#include <linux/gfp.h>
|
|
#include <linux/memblock.h>
|
|
#include <linux/sort.h>
|
|
#include <linux/of.h>
|
|
#include <linux/of_fdt.h>
|
|
#include <linux/dma-direct.h>
|
|
#include <linux/dma-map-ops.h>
|
|
#include <linux/efi.h>
|
|
#include <linux/swiotlb.h>
|
|
#include <linux/vmalloc.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/kexec.h>
|
|
#include <linux/crash_dump.h>
|
|
#include <linux/hugetlb.h>
|
|
#include <linux/acpi_iort.h>
|
|
#include <linux/kmemleak.h>
|
|
|
|
#include <asm/boot.h>
|
|
#include <asm/fixmap.h>
|
|
#include <asm/kasan.h>
|
|
#include <asm/kernel-pgtable.h>
|
|
#include <asm/kvm_host.h>
|
|
#include <asm/memory.h>
|
|
#include <asm/numa.h>
|
|
#include <asm/sections.h>
|
|
#include <asm/setup.h>
|
|
#include <linux/sizes.h>
|
|
#include <asm/tlb.h>
|
|
#include <asm/alternative.h>
|
|
#include <asm/xen/swiotlb-xen.h>
|
|
|
|
/*
|
|
* We need to be able to catch inadvertent references to memstart_addr
|
|
* that occur (potentially in generic code) before arm64_memblock_init()
|
|
* executes, which assigns it its actual value. So use a default value
|
|
* that cannot be mistaken for a real physical address.
|
|
*/
|
|
s64 memstart_addr __ro_after_init = -1;
|
|
EXPORT_SYMBOL(memstart_addr);
|
|
|
|
/*
|
|
* If the corresponding config options are enabled, we create both ZONE_DMA
|
|
* and ZONE_DMA32. By default ZONE_DMA covers the 32-bit addressable memory
|
|
* unless restricted on specific platforms (e.g. 30-bit on Raspberry Pi 4).
|
|
* In such case, ZONE_DMA32 covers the rest of the 32-bit addressable memory,
|
|
* otherwise it is empty.
|
|
*/
|
|
phys_addr_t arm64_dma_phys_limit __ro_after_init;
|
|
|
|
#ifdef CONFIG_KEXEC_CORE
|
|
/*
|
|
* reserve_crashkernel() - reserves memory for crash kernel
|
|
*
|
|
* This function reserves memory area given in "crashkernel=" kernel command
|
|
* line parameter. The memory reserved is used by dump capture kernel when
|
|
* primary kernel is crashing.
|
|
*/
|
|
static void __init reserve_crashkernel(void)
|
|
{
|
|
unsigned long long crash_base, crash_size;
|
|
unsigned long long crash_max = arm64_dma_phys_limit;
|
|
int ret;
|
|
|
|
ret = parse_crashkernel(boot_command_line, memblock_phys_mem_size(),
|
|
&crash_size, &crash_base);
|
|
/* no crashkernel= or invalid value specified */
|
|
if (ret || !crash_size)
|
|
return;
|
|
|
|
crash_size = PAGE_ALIGN(crash_size);
|
|
|
|
/* User specifies base address explicitly. */
|
|
if (crash_base)
|
|
crash_max = crash_base + crash_size;
|
|
|
|
/* Current arm64 boot protocol requires 2MB alignment */
|
|
crash_base = memblock_phys_alloc_range(crash_size, SZ_2M,
|
|
crash_base, crash_max);
|
|
if (!crash_base) {
|
|
pr_warn("cannot allocate crashkernel (size:0x%llx)\n",
|
|
crash_size);
|
|
return;
|
|
}
|
|
|
|
pr_info("crashkernel reserved: 0x%016llx - 0x%016llx (%lld MB)\n",
|
|
crash_base, crash_base + crash_size, crash_size >> 20);
|
|
|
|
/*
|
|
* The crashkernel memory will be removed from the kernel linear
|
|
* map. Inform kmemleak so that it won't try to access it.
|
|
*/
|
|
kmemleak_ignore_phys(crash_base);
|
|
crashk_res.start = crash_base;
|
|
crashk_res.end = crash_base + crash_size - 1;
|
|
}
|
|
#else
|
|
static void __init reserve_crashkernel(void)
|
|
{
|
|
}
|
|
#endif /* CONFIG_KEXEC_CORE */
|
|
|
|
/*
|
|
* Return the maximum physical address for a zone accessible by the given bits
|
|
* limit. If DRAM starts above 32-bit, expand the zone to the maximum
|
|
* available memory, otherwise cap it at 32-bit.
|
|
*/
|
|
static phys_addr_t __init max_zone_phys(unsigned int zone_bits)
|
|
{
|
|
phys_addr_t zone_mask = DMA_BIT_MASK(zone_bits);
|
|
phys_addr_t phys_start = memblock_start_of_DRAM();
|
|
|
|
if (phys_start > U32_MAX)
|
|
zone_mask = PHYS_ADDR_MAX;
|
|
else if (phys_start > zone_mask)
|
|
zone_mask = U32_MAX;
|
|
|
|
return min(zone_mask, memblock_end_of_DRAM() - 1) + 1;
|
|
}
|
|
|
|
static void __init zone_sizes_init(unsigned long min, unsigned long max)
|
|
{
|
|
unsigned long max_zone_pfns[MAX_NR_ZONES] = {0};
|
|
unsigned int __maybe_unused acpi_zone_dma_bits;
|
|
unsigned int __maybe_unused dt_zone_dma_bits;
|
|
phys_addr_t __maybe_unused dma32_phys_limit = max_zone_phys(32);
|
|
|
|
#ifdef CONFIG_ZONE_DMA
|
|
acpi_zone_dma_bits = fls64(acpi_iort_dma_get_max_cpu_address());
|
|
dt_zone_dma_bits = fls64(of_dma_get_max_cpu_address(NULL));
|
|
zone_dma_bits = min3(32U, dt_zone_dma_bits, acpi_zone_dma_bits);
|
|
arm64_dma_phys_limit = max_zone_phys(zone_dma_bits);
|
|
max_zone_pfns[ZONE_DMA] = PFN_DOWN(arm64_dma_phys_limit);
|
|
#endif
|
|
#ifdef CONFIG_ZONE_DMA32
|
|
max_zone_pfns[ZONE_DMA32] = PFN_DOWN(dma32_phys_limit);
|
|
if (!arm64_dma_phys_limit)
|
|
arm64_dma_phys_limit = dma32_phys_limit;
|
|
#endif
|
|
if (!arm64_dma_phys_limit)
|
|
arm64_dma_phys_limit = PHYS_MASK + 1;
|
|
max_zone_pfns[ZONE_NORMAL] = max;
|
|
|
|
free_area_init(max_zone_pfns);
|
|
}
|
|
|
|
int pfn_valid(unsigned long pfn)
|
|
{
|
|
phys_addr_t addr = PFN_PHYS(pfn);
|
|
struct mem_section *ms;
|
|
|
|
/*
|
|
* Ensure the upper PAGE_SHIFT bits are clear in the
|
|
* pfn. Else it might lead to false positives when
|
|
* some of the upper bits are set, but the lower bits
|
|
* match a valid pfn.
|
|
*/
|
|
if (PHYS_PFN(addr) != pfn)
|
|
return 0;
|
|
|
|
if (pfn_to_section_nr(pfn) >= NR_MEM_SECTIONS)
|
|
return 0;
|
|
|
|
ms = __pfn_to_section(pfn);
|
|
if (!valid_section(ms))
|
|
return 0;
|
|
|
|
/*
|
|
* ZONE_DEVICE memory does not have the memblock entries.
|
|
* memblock_is_map_memory() check for ZONE_DEVICE based
|
|
* addresses will always fail. Even the normal hotplugged
|
|
* memory will never have MEMBLOCK_NOMAP flag set in their
|
|
* memblock entries. Skip memblock search for all non early
|
|
* memory sections covering all of hotplug memory including
|
|
* both normal and ZONE_DEVICE based.
|
|
*/
|
|
if (!early_section(ms))
|
|
return pfn_section_valid(ms, pfn);
|
|
|
|
return memblock_is_memory(addr);
|
|
}
|
|
EXPORT_SYMBOL(pfn_valid);
|
|
|
|
int pfn_is_map_memory(unsigned long pfn)
|
|
{
|
|
phys_addr_t addr = PFN_PHYS(pfn);
|
|
|
|
/* avoid false positives for bogus PFNs, see comment in pfn_valid() */
|
|
if (PHYS_PFN(addr) != pfn)
|
|
return 0;
|
|
|
|
return memblock_is_map_memory(addr);
|
|
}
|
|
EXPORT_SYMBOL(pfn_is_map_memory);
|
|
|
|
static phys_addr_t memory_limit = PHYS_ADDR_MAX;
|
|
|
|
/*
|
|
* Limit the memory size that was specified via FDT.
|
|
*/
|
|
static int __init early_mem(char *p)
|
|
{
|
|
if (!p)
|
|
return 1;
|
|
|
|
memory_limit = memparse(p, &p) & PAGE_MASK;
|
|
pr_notice("Memory limited to %lldMB\n", memory_limit >> 20);
|
|
|
|
return 0;
|
|
}
|
|
early_param("mem", early_mem);
|
|
|
|
void __init arm64_memblock_init(void)
|
|
{
|
|
s64 linear_region_size = PAGE_END - _PAGE_OFFSET(vabits_actual);
|
|
|
|
/*
|
|
* Corner case: 52-bit VA capable systems running KVM in nVHE mode may
|
|
* be limited in their ability to support a linear map that exceeds 51
|
|
* bits of VA space, depending on the placement of the ID map. Given
|
|
* that the placement of the ID map may be randomized, let's simply
|
|
* limit the kernel's linear map to 51 bits as well if we detect this
|
|
* configuration.
|
|
*/
|
|
if (IS_ENABLED(CONFIG_KVM) && vabits_actual == 52 &&
|
|
is_hyp_mode_available() && !is_kernel_in_hyp_mode()) {
|
|
pr_info("Capping linear region to 51 bits for KVM in nVHE mode on LVA capable hardware.\n");
|
|
linear_region_size = min_t(u64, linear_region_size, BIT(51));
|
|
}
|
|
|
|
/* Remove memory above our supported physical address size */
|
|
memblock_remove(1ULL << PHYS_MASK_SHIFT, ULLONG_MAX);
|
|
|
|
/*
|
|
* Select a suitable value for the base of physical memory.
|
|
*/
|
|
memstart_addr = round_down(memblock_start_of_DRAM(),
|
|
ARM64_MEMSTART_ALIGN);
|
|
|
|
if ((memblock_end_of_DRAM() - memstart_addr) > linear_region_size)
|
|
pr_warn("Memory doesn't fit in the linear mapping, VA_BITS too small\n");
|
|
|
|
/*
|
|
* Remove the memory that we will not be able to cover with the
|
|
* linear mapping. Take care not to clip the kernel which may be
|
|
* high in memory.
|
|
*/
|
|
memblock_remove(max_t(u64, memstart_addr + linear_region_size,
|
|
__pa_symbol(_end)), ULLONG_MAX);
|
|
if (memstart_addr + linear_region_size < memblock_end_of_DRAM()) {
|
|
/* ensure that memstart_addr remains sufficiently aligned */
|
|
memstart_addr = round_up(memblock_end_of_DRAM() - linear_region_size,
|
|
ARM64_MEMSTART_ALIGN);
|
|
memblock_remove(0, memstart_addr);
|
|
}
|
|
|
|
/*
|
|
* If we are running with a 52-bit kernel VA config on a system that
|
|
* does not support it, we have to place the available physical
|
|
* memory in the 48-bit addressable part of the linear region, i.e.,
|
|
* we have to move it upward. Since memstart_addr represents the
|
|
* physical address of PAGE_OFFSET, we have to *subtract* from it.
|
|
*/
|
|
if (IS_ENABLED(CONFIG_ARM64_VA_BITS_52) && (vabits_actual != 52))
|
|
memstart_addr -= _PAGE_OFFSET(48) - _PAGE_OFFSET(52);
|
|
|
|
/*
|
|
* Apply the memory limit if it was set. Since the kernel may be loaded
|
|
* high up in memory, add back the kernel region that must be accessible
|
|
* via the linear mapping.
|
|
*/
|
|
if (memory_limit != PHYS_ADDR_MAX) {
|
|
memblock_mem_limit_remove_map(memory_limit);
|
|
memblock_add(__pa_symbol(_text), (u64)(_end - _text));
|
|
}
|
|
|
|
if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
|
|
/*
|
|
* Add back the memory we just removed if it results in the
|
|
* initrd to become inaccessible via the linear mapping.
|
|
* Otherwise, this is a no-op
|
|
*/
|
|
u64 base = phys_initrd_start & PAGE_MASK;
|
|
u64 size = PAGE_ALIGN(phys_initrd_start + phys_initrd_size) - base;
|
|
|
|
/*
|
|
* We can only add back the initrd memory if we don't end up
|
|
* with more memory than we can address via the linear mapping.
|
|
* It is up to the bootloader to position the kernel and the
|
|
* initrd reasonably close to each other (i.e., within 32 GB of
|
|
* each other) so that all granule/#levels combinations can
|
|
* always access both.
|
|
*/
|
|
if (WARN(base < memblock_start_of_DRAM() ||
|
|
base + size > memblock_start_of_DRAM() +
|
|
linear_region_size,
|
|
"initrd not fully accessible via the linear mapping -- please check your bootloader ...\n")) {
|
|
phys_initrd_size = 0;
|
|
} else {
|
|
memblock_remove(base, size); /* clear MEMBLOCK_ flags */
|
|
memblock_add(base, size);
|
|
memblock_reserve(base, size);
|
|
}
|
|
}
|
|
|
|
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
|
|
extern u16 memstart_offset_seed;
|
|
u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
|
|
int parange = cpuid_feature_extract_unsigned_field(
|
|
mmfr0, ID_AA64MMFR0_PARANGE_SHIFT);
|
|
s64 range = linear_region_size -
|
|
BIT(id_aa64mmfr0_parange_to_phys_shift(parange));
|
|
|
|
/*
|
|
* If the size of the linear region exceeds, by a sufficient
|
|
* margin, the size of the region that the physical memory can
|
|
* span, randomize the linear region as well.
|
|
*/
|
|
if (memstart_offset_seed > 0 && range >= (s64)ARM64_MEMSTART_ALIGN) {
|
|
range /= ARM64_MEMSTART_ALIGN;
|
|
memstart_addr -= ARM64_MEMSTART_ALIGN *
|
|
((range * memstart_offset_seed) >> 16);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Register the kernel text, kernel data, initrd, and initial
|
|
* pagetables with memblock.
|
|
*/
|
|
memblock_reserve(__pa_symbol(_stext), _end - _stext);
|
|
if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
|
|
/* the generic initrd code expects virtual addresses */
|
|
initrd_start = __phys_to_virt(phys_initrd_start);
|
|
initrd_end = initrd_start + phys_initrd_size;
|
|
}
|
|
|
|
early_init_fdt_scan_reserved_mem();
|
|
|
|
high_memory = __va(memblock_end_of_DRAM() - 1) + 1;
|
|
}
|
|
|
|
void __init bootmem_init(void)
|
|
{
|
|
unsigned long min, max;
|
|
|
|
min = PFN_UP(memblock_start_of_DRAM());
|
|
max = PFN_DOWN(memblock_end_of_DRAM());
|
|
|
|
early_memtest(min << PAGE_SHIFT, max << PAGE_SHIFT);
|
|
|
|
max_pfn = max_low_pfn = max;
|
|
min_low_pfn = min;
|
|
|
|
arch_numa_init();
|
|
|
|
/*
|
|
* must be done after arch_numa_init() which calls numa_init() to
|
|
* initialize node_online_map that gets used in hugetlb_cma_reserve()
|
|
* while allocating required CMA size across online nodes.
|
|
*/
|
|
#if defined(CONFIG_HUGETLB_PAGE) && defined(CONFIG_CMA)
|
|
arm64_hugetlb_cma_reserve();
|
|
#endif
|
|
|
|
dma_pernuma_cma_reserve();
|
|
|
|
kvm_hyp_reserve();
|
|
|
|
/*
|
|
* sparse_init() tries to allocate memory from memblock, so must be
|
|
* done after the fixed reservations
|
|
*/
|
|
sparse_init();
|
|
zone_sizes_init(min, max);
|
|
|
|
/*
|
|
* Reserve the CMA area after arm64_dma_phys_limit was initialised.
|
|
*/
|
|
dma_contiguous_reserve(arm64_dma_phys_limit);
|
|
|
|
/*
|
|
* request_standard_resources() depends on crashkernel's memory being
|
|
* reserved, so do it here.
|
|
*/
|
|
reserve_crashkernel();
|
|
|
|
memblock_dump_all();
|
|
}
|
|
|
|
/*
|
|
* mem_init() marks the free areas in the mem_map and tells us how much memory
|
|
* is free. This is done after various parts of the system have claimed their
|
|
* memory after the kernel image.
|
|
*/
|
|
void __init mem_init(void)
|
|
{
|
|
if (swiotlb_force == SWIOTLB_FORCE ||
|
|
max_pfn > PFN_DOWN(arm64_dma_phys_limit))
|
|
swiotlb_init(1);
|
|
else if (!xen_swiotlb_detect())
|
|
swiotlb_force = SWIOTLB_NO_FORCE;
|
|
|
|
set_max_mapnr(max_pfn - PHYS_PFN_OFFSET);
|
|
|
|
/* this will put all unused low memory onto the freelists */
|
|
memblock_free_all();
|
|
|
|
/*
|
|
* Check boundaries twice: Some fundamental inconsistencies can be
|
|
* detected at build time already.
|
|
*/
|
|
#ifdef CONFIG_COMPAT
|
|
BUILD_BUG_ON(TASK_SIZE_32 > DEFAULT_MAP_WINDOW_64);
|
|
#endif
|
|
|
|
/*
|
|
* Selected page table levels should match when derived from
|
|
* scratch using the virtual address range and page size.
|
|
*/
|
|
BUILD_BUG_ON(ARM64_HW_PGTABLE_LEVELS(CONFIG_ARM64_VA_BITS) !=
|
|
CONFIG_PGTABLE_LEVELS);
|
|
|
|
if (PAGE_SIZE >= 16384 && get_num_physpages() <= 128) {
|
|
extern int sysctl_overcommit_memory;
|
|
/*
|
|
* On a machine this small we won't get anywhere without
|
|
* overcommit, so turn it on by default.
|
|
*/
|
|
sysctl_overcommit_memory = OVERCOMMIT_ALWAYS;
|
|
}
|
|
}
|
|
|
|
void free_initmem(void)
|
|
{
|
|
free_reserved_area(lm_alias(__init_begin),
|
|
lm_alias(__init_end),
|
|
POISON_FREE_INITMEM, "unused kernel");
|
|
/*
|
|
* Unmap the __init region but leave the VM area in place. This
|
|
* prevents the region from being reused for kernel modules, which
|
|
* is not supported by kallsyms.
|
|
*/
|
|
vunmap_range((u64)__init_begin, (u64)__init_end);
|
|
}
|
|
|
|
void dump_mem_limit(void)
|
|
{
|
|
if (memory_limit != PHYS_ADDR_MAX) {
|
|
pr_emerg("Memory Limit: %llu MB\n", memory_limit >> 20);
|
|
} else {
|
|
pr_emerg("Memory Limit: none\n");
|
|
}
|
|
}
|