2019-05-27 08:55:01 +02:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
2016-04-29 23:25:41 +10:00
|
|
|
#ifndef _ASM_POWERPC_BOOK3S_64_MMU_HASH_H_
|
|
|
|
|
#define _ASM_POWERPC_BOOK3S_64_MMU_HASH_H_
|
2007-04-27 11:53:52 +10:00
|
|
|
/*
|
|
|
|
|
* PowerPC64 memory management structures
|
|
|
|
|
*
|
|
|
|
|
* Dave Engebretsen & Mike Corrigan <{engebret|mikejc}@us.ibm.com>
|
|
|
|
|
* PPC64 rework.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <asm/page.h>
|
2015-10-09 08:32:21 +05:30
|
|
|
#include <asm/bug.h>
|
2018-07-05 16:24:57 +00:00
|
|
|
#include <asm/asm-const.h>
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2012-09-10 02:52:57 +00:00
|
|
|
/*
|
|
|
|
|
* This is necessary to get the definition of PGTABLE_RANGE which we
|
|
|
|
|
* need for various slices related matters. Note that this isn't the
|
|
|
|
|
* complete pgtable.h but only a portion of it.
|
|
|
|
|
*/
|
2015-12-01 09:06:28 +05:30
|
|
|
#include <asm/book3s/64/pgtable.h>
|
2022-04-09 19:17:30 +02:00
|
|
|
#include <asm/book3s/64/slice.h>
|
2019-01-31 10:08:48 +00:00
|
|
|
#include <asm/task_size_64.h>
|
2016-07-23 14:42:40 +05:30
|
|
|
#include <asm/cpu_has_feature.h>
|
2012-09-10 02:52:57 +00:00
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
/*
|
|
|
|
|
* SLB
|
|
|
|
|
*/
|
|
|
|
|
|
2018-09-15 01:30:48 +10:00
|
|
|
#define SLB_NUM_BOLTED 2
|
2007-04-27 11:53:52 +10:00
|
|
|
#define SLB_CACHE_ENTRIES 8
|
2009-08-28 12:06:29 +00:00
|
|
|
#define SLB_MIN_SIZE 32
|
2007-04-27 11:53:52 +10:00
|
|
|
|
|
|
|
|
/* Bits in the SLB ESID word */
|
|
|
|
|
#define SLB_ESID_V ASM_CONST(0x0000000008000000) /* valid */
|
|
|
|
|
|
|
|
|
|
/* Bits in the SLB VSID word */
|
|
|
|
|
#define SLB_VSID_SHIFT 12
|
2017-03-29 17:21:53 +11:00
|
|
|
#define SLB_VSID_SHIFT_256M SLB_VSID_SHIFT
|
2007-10-11 20:37:10 +10:00
|
|
|
#define SLB_VSID_SHIFT_1T 24
|
|
|
|
|
#define SLB_VSID_SSIZE_SHIFT 62
|
2007-04-27 11:53:52 +10:00
|
|
|
#define SLB_VSID_B ASM_CONST(0xc000000000000000)
|
|
|
|
|
#define SLB_VSID_B_256M ASM_CONST(0x0000000000000000)
|
|
|
|
|
#define SLB_VSID_B_1T ASM_CONST(0x4000000000000000)
|
|
|
|
|
#define SLB_VSID_KS ASM_CONST(0x0000000000000800)
|
|
|
|
|
#define SLB_VSID_KP ASM_CONST(0x0000000000000400)
|
|
|
|
|
#define SLB_VSID_N ASM_CONST(0x0000000000000200) /* no-execute */
|
|
|
|
|
#define SLB_VSID_L ASM_CONST(0x0000000000000100)
|
|
|
|
|
#define SLB_VSID_C ASM_CONST(0x0000000000000080) /* class */
|
|
|
|
|
#define SLB_VSID_LP ASM_CONST(0x0000000000000030)
|
|
|
|
|
#define SLB_VSID_LP_00 ASM_CONST(0x0000000000000000)
|
|
|
|
|
#define SLB_VSID_LP_01 ASM_CONST(0x0000000000000010)
|
|
|
|
|
#define SLB_VSID_LP_10 ASM_CONST(0x0000000000000020)
|
|
|
|
|
#define SLB_VSID_LP_11 ASM_CONST(0x0000000000000030)
|
|
|
|
|
#define SLB_VSID_LLP (SLB_VSID_L|SLB_VSID_LP)
|
|
|
|
|
|
|
|
|
|
#define SLB_VSID_KERNEL (SLB_VSID_KP)
|
|
|
|
|
#define SLB_VSID_USER (SLB_VSID_KP|SLB_VSID_KS|SLB_VSID_C)
|
|
|
|
|
|
|
|
|
|
#define SLBIE_C (0x08000000)
|
2007-10-11 20:37:10 +10:00
|
|
|
#define SLBIE_SSIZE_SHIFT 25
|
2007-04-27 11:53:52 +10:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Hash table
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define HPTES_PER_GROUP 8
|
|
|
|
|
|
2007-05-10 15:28:44 +10:00
|
|
|
#define HPTE_V_SSIZE_SHIFT 62
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_V_AVPN_SHIFT 7
|
2016-11-11 16:55:03 +11:00
|
|
|
#define HPTE_V_COMMON_BITS ASM_CONST(0x000fffffffffffff)
|
2007-05-10 15:28:44 +10:00
|
|
|
#define HPTE_V_AVPN ASM_CONST(0x3fffffffffffff80)
|
2016-11-11 16:55:03 +11:00
|
|
|
#define HPTE_V_AVPN_3_0 ASM_CONST(0x000fffffffffff80)
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_V_AVPN_VAL(x) (((x) & HPTE_V_AVPN) >> HPTE_V_AVPN_SHIFT)
|
2007-11-27 03:24:43 +11:00
|
|
|
#define HPTE_V_COMPARE(x,y) (!(((x) ^ (y)) & 0xffffffffffffff80UL))
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_V_BOLTED ASM_CONST(0x0000000000000010)
|
|
|
|
|
#define HPTE_V_LOCK ASM_CONST(0x0000000000000008)
|
|
|
|
|
#define HPTE_V_LARGE ASM_CONST(0x0000000000000004)
|
|
|
|
|
#define HPTE_V_SECONDARY ASM_CONST(0x0000000000000002)
|
|
|
|
|
#define HPTE_V_VALID ASM_CONST(0x0000000000000001)
|
|
|
|
|
|
2016-04-29 23:25:43 +10:00
|
|
|
/*
|
2016-11-11 16:55:03 +11:00
|
|
|
* ISA 3.0 has a different HPTE format.
|
2016-04-29 23:25:43 +10:00
|
|
|
*/
|
|
|
|
|
#define HPTE_R_3_0_SSIZE_SHIFT 58
|
2016-11-11 16:55:03 +11:00
|
|
|
#define HPTE_R_3_0_SSIZE_MASK (3ull << HPTE_R_3_0_SSIZE_SHIFT)
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_R_PP0 ASM_CONST(0x8000000000000000)
|
|
|
|
|
#define HPTE_R_TS ASM_CONST(0x4000000000000000)
|
KVM: PPC: Add support for Book3S processors in hypervisor mode
This adds support for KVM running on 64-bit Book 3S processors,
specifically POWER7, in hypervisor mode. Using hypervisor mode means
that the guest can use the processor's supervisor mode. That means
that the guest can execute privileged instructions and access privileged
registers itself without trapping to the host. This gives excellent
performance, but does mean that KVM cannot emulate a processor
architecture other than the one that the hardware implements.
This code assumes that the guest is running paravirtualized using the
PAPR (Power Architecture Platform Requirements) interface, which is the
interface that IBM's PowerVM hypervisor uses. That means that existing
Linux distributions that run on IBM pSeries machines will also run
under KVM without modification. In order to communicate the PAPR
hypercalls to qemu, this adds a new KVM_EXIT_PAPR_HCALL exit code
to include/linux/kvm.h.
Currently the choice between book3s_hv support and book3s_pr support
(i.e. the existing code, which runs the guest in user mode) has to be
made at kernel configuration time, so a given kernel binary can only
do one or the other.
This new book3s_hv code doesn't support MMIO emulation at present.
Since we are running paravirtualized guests, this isn't a serious
restriction.
With the guest running in supervisor mode, most exceptions go straight
to the guest. We will never get data or instruction storage or segment
interrupts, alignment interrupts, decrementer interrupts, program
interrupts, single-step interrupts, etc., coming to the hypervisor from
the guest. Therefore this introduces a new KVMTEST_NONHV macro for the
exception entry path so that we don't have to do the KVM test on entry
to those exception handlers.
We do however get hypervisor decrementer, hypervisor data storage,
hypervisor instruction storage, and hypervisor emulation assist
interrupts, so we have to handle those.
In hypervisor mode, real-mode accesses can access all of RAM, not just
a limited amount. Therefore we put all the guest state in the vcpu.arch
and use the shadow_vcpu in the PACA only for temporary scratch space.
We allocate the vcpu with kzalloc rather than vzalloc, and we don't use
anything in the kvmppc_vcpu_book3s struct, so we don't allocate it.
We don't have a shared page with the guest, but we still need a
kvm_vcpu_arch_shared struct to store the values of various registers,
so we include one in the vcpu_arch struct.
The POWER7 processor has a restriction that all threads in a core have
to be in the same partition. MMU-on kernel code counts as a partition
(partition 0), so we have to do a partition switch on every entry to and
exit from the guest. At present we require the host and guest to run
in single-thread mode because of this hardware restriction.
This code allocates a hashed page table for the guest and initializes
it with HPTEs for the guest's Virtual Real Memory Area (VRMA). We
require that the guest memory is allocated using 16MB huge pages, in
order to simplify the low-level memory management. This also means that
we can get away without tracking paging activity in the host for now,
since huge pages can't be paged or swapped.
This also adds a few new exports needed by the book3s_hv code.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2011-06-29 00:21:34 +00:00
|
|
|
#define HPTE_R_KEY_HI ASM_CONST(0x3000000000000000)
|
2020-07-09 08:59:25 +05:30
|
|
|
#define HPTE_R_KEY_BIT4 ASM_CONST(0x2000000000000000)
|
|
|
|
|
#define HPTE_R_KEY_BIT3 ASM_CONST(0x1000000000000000)
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_R_RPN_SHIFT 12
|
KVM: PPC: Add support for Book3S processors in hypervisor mode
This adds support for KVM running on 64-bit Book 3S processors,
specifically POWER7, in hypervisor mode. Using hypervisor mode means
that the guest can use the processor's supervisor mode. That means
that the guest can execute privileged instructions and access privileged
registers itself without trapping to the host. This gives excellent
performance, but does mean that KVM cannot emulate a processor
architecture other than the one that the hardware implements.
This code assumes that the guest is running paravirtualized using the
PAPR (Power Architecture Platform Requirements) interface, which is the
interface that IBM's PowerVM hypervisor uses. That means that existing
Linux distributions that run on IBM pSeries machines will also run
under KVM without modification. In order to communicate the PAPR
hypercalls to qemu, this adds a new KVM_EXIT_PAPR_HCALL exit code
to include/linux/kvm.h.
Currently the choice between book3s_hv support and book3s_pr support
(i.e. the existing code, which runs the guest in user mode) has to be
made at kernel configuration time, so a given kernel binary can only
do one or the other.
This new book3s_hv code doesn't support MMIO emulation at present.
Since we are running paravirtualized guests, this isn't a serious
restriction.
With the guest running in supervisor mode, most exceptions go straight
to the guest. We will never get data or instruction storage or segment
interrupts, alignment interrupts, decrementer interrupts, program
interrupts, single-step interrupts, etc., coming to the hypervisor from
the guest. Therefore this introduces a new KVMTEST_NONHV macro for the
exception entry path so that we don't have to do the KVM test on entry
to those exception handlers.
We do however get hypervisor decrementer, hypervisor data storage,
hypervisor instruction storage, and hypervisor emulation assist
interrupts, so we have to handle those.
In hypervisor mode, real-mode accesses can access all of RAM, not just
a limited amount. Therefore we put all the guest state in the vcpu.arch
and use the shadow_vcpu in the PACA only for temporary scratch space.
We allocate the vcpu with kzalloc rather than vzalloc, and we don't use
anything in the kvmppc_vcpu_book3s struct, so we don't allocate it.
We don't have a shared page with the guest, but we still need a
kvm_vcpu_arch_shared struct to store the values of various registers,
so we include one in the vcpu_arch struct.
The POWER7 processor has a restriction that all threads in a core have
to be in the same partition. MMU-on kernel code counts as a partition
(partition 0), so we have to do a partition switch on every entry to and
exit from the guest. At present we require the host and guest to run
in single-thread mode because of this hardware restriction.
This code allocates a hashed page table for the guest and initializes
it with HPTEs for the guest's Virtual Real Memory Area (VRMA). We
require that the guest memory is allocated using 16MB huge pages, in
order to simplify the low-level memory management. This also means that
we can get away without tracking paging activity in the host for now,
since huge pages can't be paged or swapped.
This also adds a few new exports needed by the book3s_hv code.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2011-06-29 00:21:34 +00:00
|
|
|
#define HPTE_R_RPN ASM_CONST(0x0ffffffffffff000)
|
2016-11-11 16:55:03 +11:00
|
|
|
#define HPTE_R_RPN_3_0 ASM_CONST(0x01fffffffffff000)
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_R_PP ASM_CONST(0x0000000000000003)
|
2016-06-08 19:55:55 +05:30
|
|
|
#define HPTE_R_PPP ASM_CONST(0x8000000000000003)
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_R_N ASM_CONST(0x0000000000000004)
|
KVM: PPC: Add support for Book3S processors in hypervisor mode
This adds support for KVM running on 64-bit Book 3S processors,
specifically POWER7, in hypervisor mode. Using hypervisor mode means
that the guest can use the processor's supervisor mode. That means
that the guest can execute privileged instructions and access privileged
registers itself without trapping to the host. This gives excellent
performance, but does mean that KVM cannot emulate a processor
architecture other than the one that the hardware implements.
This code assumes that the guest is running paravirtualized using the
PAPR (Power Architecture Platform Requirements) interface, which is the
interface that IBM's PowerVM hypervisor uses. That means that existing
Linux distributions that run on IBM pSeries machines will also run
under KVM without modification. In order to communicate the PAPR
hypercalls to qemu, this adds a new KVM_EXIT_PAPR_HCALL exit code
to include/linux/kvm.h.
Currently the choice between book3s_hv support and book3s_pr support
(i.e. the existing code, which runs the guest in user mode) has to be
made at kernel configuration time, so a given kernel binary can only
do one or the other.
This new book3s_hv code doesn't support MMIO emulation at present.
Since we are running paravirtualized guests, this isn't a serious
restriction.
With the guest running in supervisor mode, most exceptions go straight
to the guest. We will never get data or instruction storage or segment
interrupts, alignment interrupts, decrementer interrupts, program
interrupts, single-step interrupts, etc., coming to the hypervisor from
the guest. Therefore this introduces a new KVMTEST_NONHV macro for the
exception entry path so that we don't have to do the KVM test on entry
to those exception handlers.
We do however get hypervisor decrementer, hypervisor data storage,
hypervisor instruction storage, and hypervisor emulation assist
interrupts, so we have to handle those.
In hypervisor mode, real-mode accesses can access all of RAM, not just
a limited amount. Therefore we put all the guest state in the vcpu.arch
and use the shadow_vcpu in the PACA only for temporary scratch space.
We allocate the vcpu with kzalloc rather than vzalloc, and we don't use
anything in the kvmppc_vcpu_book3s struct, so we don't allocate it.
We don't have a shared page with the guest, but we still need a
kvm_vcpu_arch_shared struct to store the values of various registers,
so we include one in the vcpu_arch struct.
The POWER7 processor has a restriction that all threads in a core have
to be in the same partition. MMU-on kernel code counts as a partition
(partition 0), so we have to do a partition switch on every entry to and
exit from the guest. At present we require the host and guest to run
in single-thread mode because of this hardware restriction.
This code allocates a hashed page table for the guest and initializes
it with HPTEs for the guest's Virtual Real Memory Area (VRMA). We
require that the guest memory is allocated using 16MB huge pages, in
order to simplify the low-level memory management. This also means that
we can get away without tracking paging activity in the host for now,
since huge pages can't be paged or swapped.
This also adds a few new exports needed by the book3s_hv code.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2011-06-29 00:21:34 +00:00
|
|
|
#define HPTE_R_G ASM_CONST(0x0000000000000008)
|
|
|
|
|
#define HPTE_R_M ASM_CONST(0x0000000000000010)
|
|
|
|
|
#define HPTE_R_I ASM_CONST(0x0000000000000020)
|
|
|
|
|
#define HPTE_R_W ASM_CONST(0x0000000000000040)
|
|
|
|
|
#define HPTE_R_WIMG ASM_CONST(0x0000000000000078)
|
2007-04-27 11:53:52 +10:00
|
|
|
#define HPTE_R_C ASM_CONST(0x0000000000000080)
|
|
|
|
|
#define HPTE_R_R ASM_CONST(0x0000000000000100)
|
KVM: PPC: Add support for Book3S processors in hypervisor mode
This adds support for KVM running on 64-bit Book 3S processors,
specifically POWER7, in hypervisor mode. Using hypervisor mode means
that the guest can use the processor's supervisor mode. That means
that the guest can execute privileged instructions and access privileged
registers itself without trapping to the host. This gives excellent
performance, but does mean that KVM cannot emulate a processor
architecture other than the one that the hardware implements.
This code assumes that the guest is running paravirtualized using the
PAPR (Power Architecture Platform Requirements) interface, which is the
interface that IBM's PowerVM hypervisor uses. That means that existing
Linux distributions that run on IBM pSeries machines will also run
under KVM without modification. In order to communicate the PAPR
hypercalls to qemu, this adds a new KVM_EXIT_PAPR_HCALL exit code
to include/linux/kvm.h.
Currently the choice between book3s_hv support and book3s_pr support
(i.e. the existing code, which runs the guest in user mode) has to be
made at kernel configuration time, so a given kernel binary can only
do one or the other.
This new book3s_hv code doesn't support MMIO emulation at present.
Since we are running paravirtualized guests, this isn't a serious
restriction.
With the guest running in supervisor mode, most exceptions go straight
to the guest. We will never get data or instruction storage or segment
interrupts, alignment interrupts, decrementer interrupts, program
interrupts, single-step interrupts, etc., coming to the hypervisor from
the guest. Therefore this introduces a new KVMTEST_NONHV macro for the
exception entry path so that we don't have to do the KVM test on entry
to those exception handlers.
We do however get hypervisor decrementer, hypervisor data storage,
hypervisor instruction storage, and hypervisor emulation assist
interrupts, so we have to handle those.
In hypervisor mode, real-mode accesses can access all of RAM, not just
a limited amount. Therefore we put all the guest state in the vcpu.arch
and use the shadow_vcpu in the PACA only for temporary scratch space.
We allocate the vcpu with kzalloc rather than vzalloc, and we don't use
anything in the kvmppc_vcpu_book3s struct, so we don't allocate it.
We don't have a shared page with the guest, but we still need a
kvm_vcpu_arch_shared struct to store the values of various registers,
so we include one in the vcpu_arch struct.
The POWER7 processor has a restriction that all threads in a core have
to be in the same partition. MMU-on kernel code counts as a partition
(partition 0), so we have to do a partition switch on every entry to and
exit from the guest. At present we require the host and guest to run
in single-thread mode because of this hardware restriction.
This code allocates a hashed page table for the guest and initializes
it with HPTEs for the guest's Virtual Real Memory Area (VRMA). We
require that the guest memory is allocated using 16MB huge pages, in
order to simplify the low-level memory management. This also means that
we can get away without tracking paging activity in the host for now,
since huge pages can't be paged or swapped.
This also adds a few new exports needed by the book3s_hv code.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2011-06-29 00:21:34 +00:00
|
|
|
#define HPTE_R_KEY_LO ASM_CONST(0x0000000000000e00)
|
2018-01-18 17:50:36 -08:00
|
|
|
#define HPTE_R_KEY_BIT2 ASM_CONST(0x0000000000000800)
|
2020-07-09 08:59:25 +05:30
|
|
|
#define HPTE_R_KEY_BIT1 ASM_CONST(0x0000000000000400)
|
|
|
|
|
#define HPTE_R_KEY_BIT0 ASM_CONST(0x0000000000000200)
|
2017-07-31 14:39:59 -07:00
|
|
|
#define HPTE_R_KEY (HPTE_R_KEY_LO | HPTE_R_KEY_HI)
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2007-06-14 15:31:34 +10:00
|
|
|
#define HPTE_V_1TB_SEG ASM_CONST(0x4000000000000000)
|
|
|
|
|
#define HPTE_V_VRMA_MASK ASM_CONST(0x4001ffffff000000)
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
/* Values for PP (assumes Ks=0, Kp=1) */
|
|
|
|
|
#define PP_RWXX 0 /* Supervisor read/write, User none */
|
|
|
|
|
#define PP_RWRX 1 /* Supervisor read/write, User read */
|
|
|
|
|
#define PP_RWRW 2 /* Supervisor read/write, User read/write */
|
|
|
|
|
#define PP_RXRX 3 /* Supervisor read, User read */
|
KVM: PPC: Implement MMIO emulation support for Book3S HV guests
This provides the low-level support for MMIO emulation in Book3S HV
guests. When the guest tries to map a page which is not covered by
any memslot, that page is taken to be an MMIO emulation page. Instead
of inserting a valid HPTE, we insert an HPTE that has the valid bit
clear but another hypervisor software-use bit set, which we call
HPTE_V_ABSENT, to indicate that this is an absent page. An
absent page is treated much like a valid page as far as guest hcalls
(H_ENTER, H_REMOVE, H_READ etc.) are concerned, except of course that
an absent HPTE doesn't need to be invalidated with tlbie since it
was never valid as far as the hardware is concerned.
When the guest accesses a page for which there is an absent HPTE, it
will take a hypervisor data storage interrupt (HDSI) since we now set
the VPM1 bit in the LPCR. Our HDSI handler for HPTE-not-present faults
looks up the hash table and if it finds an absent HPTE mapping the
requested virtual address, will switch to kernel mode and handle the
fault in kvmppc_book3s_hv_page_fault(), which at present just calls
kvmppc_hv_emulate_mmio() to set up the MMIO emulation.
This is based on an earlier patch by Benjamin Herrenschmidt, but since
heavily reworked.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Avi Kivity <avi@redhat.com>
2011-12-12 12:36:37 +00:00
|
|
|
#define PP_RXXX (HPTE_R_PP0 | 2) /* Supervisor read, user none */
|
2007-04-27 11:53:52 +10:00
|
|
|
|
KVM: PPC: Book3S HV: Handle guest-caused machine checks on POWER7 without panicking
Currently, if a machine check interrupt happens while we are in the
guest, we exit the guest and call the host's machine check handler,
which tends to cause the host to panic. Some machine checks can be
triggered by the guest; for example, if the guest creates two entries
in the SLB that map the same effective address, and then accesses that
effective address, the CPU will take a machine check interrupt.
To handle this better, when a machine check happens inside the guest,
we call a new function, kvmppc_realmode_machine_check(), while still in
real mode before exiting the guest. On POWER7, it handles the cases
that the guest can trigger, either by flushing and reloading the SLB,
or by flushing the TLB, and then it delivers the machine check interrupt
directly to the guest without going back to the host. On POWER7, the
OPAL firmware patches the machine check interrupt vector so that it
gets control first, and it leaves behind its analysis of the situation
in a structure pointed to by the opal_mc_evt field of the paca. The
kvmppc_realmode_machine_check() function looks at this, and if OPAL
reports that there was no error, or that it has handled the error, we
also go straight back to the guest with a machine check. We have to
deliver a machine check to the guest since the machine check interrupt
might have trashed valid values in SRR0/1.
If the machine check is one we can't handle in real mode, and one that
OPAL hasn't already handled, or on PPC970, we exit the guest and call
the host's machine check handler. We do this by jumping to the
machine_check_fwnmi label, rather than absolute address 0x200, because
we don't want to re-execute OPAL's handler on POWER7. On PPC970, the
two are equivalent because address 0x200 just contains a branch.
Then, if the host machine check handler decides that the system can
continue executing, kvmppc_handle_exit() delivers a machine check
interrupt to the guest -- once again to let the guest know that SRR0/1
have been modified.
Signed-off-by: Paul Mackerras <paulus@samba.org>
[agraf: fix checkpatch warnings]
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-23 22:37:50 +00:00
|
|
|
/* Fields for tlbiel instruction in architecture 2.06 */
|
|
|
|
|
#define TLBIEL_INVAL_SEL_MASK 0xc00 /* invalidation selector */
|
|
|
|
|
#define TLBIEL_INVAL_PAGE 0x000 /* invalidate a single page */
|
|
|
|
|
#define TLBIEL_INVAL_SET_LPID 0x800 /* invalidate a set for current LPID */
|
|
|
|
|
#define TLBIEL_INVAL_SET 0xc00 /* invalidate a set for all LPIDs */
|
|
|
|
|
#define TLBIEL_INVAL_SET_MASK 0xfff000 /* set number to inval. */
|
|
|
|
|
#define TLBIEL_INVAL_SET_SHIFT 12
|
|
|
|
|
|
|
|
|
|
#define POWER7_TLB_SETS 128 /* # sets in POWER7 TLB */
|
2014-12-19 08:41:05 +05:30
|
|
|
#define POWER8_TLB_SETS 512 /* # sets in POWER8 TLB */
|
2016-02-19 11:16:24 +11:00
|
|
|
#define POWER9_TLB_SETS_HASH 256 /* # sets in POWER9 TLB Hash mode */
|
2016-04-29 23:26:05 +10:00
|
|
|
#define POWER9_TLB_SETS_RADIX 128 /* # sets in POWER9 TLB Radix mode */
|
KVM: PPC: Book3S HV: Handle guest-caused machine checks on POWER7 without panicking
Currently, if a machine check interrupt happens while we are in the
guest, we exit the guest and call the host's machine check handler,
which tends to cause the host to panic. Some machine checks can be
triggered by the guest; for example, if the guest creates two entries
in the SLB that map the same effective address, and then accesses that
effective address, the CPU will take a machine check interrupt.
To handle this better, when a machine check happens inside the guest,
we call a new function, kvmppc_realmode_machine_check(), while still in
real mode before exiting the guest. On POWER7, it handles the cases
that the guest can trigger, either by flushing and reloading the SLB,
or by flushing the TLB, and then it delivers the machine check interrupt
directly to the guest without going back to the host. On POWER7, the
OPAL firmware patches the machine check interrupt vector so that it
gets control first, and it leaves behind its analysis of the situation
in a structure pointed to by the opal_mc_evt field of the paca. The
kvmppc_realmode_machine_check() function looks at this, and if OPAL
reports that there was no error, or that it has handled the error, we
also go straight back to the guest with a machine check. We have to
deliver a machine check to the guest since the machine check interrupt
might have trashed valid values in SRR0/1.
If the machine check is one we can't handle in real mode, and one that
OPAL hasn't already handled, or on PPC970, we exit the guest and call
the host's machine check handler. We do this by jumping to the
machine_check_fwnmi label, rather than absolute address 0x200, because
we don't want to re-execute OPAL's handler on POWER7. On PPC970, the
two are equivalent because address 0x200 just contains a branch.
Then, if the host machine check handler decides that the system can
continue executing, kvmppc_handle_exit() delivers a machine check
interrupt to the guest -- once again to let the guest know that SRR0/1
have been modified.
Signed-off-by: Paul Mackerras <paulus@samba.org>
[agraf: fix checkpatch warnings]
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-23 22:37:50 +00:00
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
|
|
2016-07-05 15:03:58 +10:00
|
|
|
struct mmu_hash_ops {
|
|
|
|
|
void (*hpte_invalidate)(unsigned long slot,
|
|
|
|
|
unsigned long vpn,
|
|
|
|
|
int bpsize, int apsize,
|
|
|
|
|
int ssize, int local);
|
|
|
|
|
long (*hpte_updatepp)(unsigned long slot,
|
|
|
|
|
unsigned long newpp,
|
|
|
|
|
unsigned long vpn,
|
|
|
|
|
int bpsize, int apsize,
|
|
|
|
|
int ssize, unsigned long flags);
|
|
|
|
|
void (*hpte_updateboltedpp)(unsigned long newpp,
|
|
|
|
|
unsigned long ea,
|
|
|
|
|
int psize, int ssize);
|
|
|
|
|
long (*hpte_insert)(unsigned long hpte_group,
|
|
|
|
|
unsigned long vpn,
|
|
|
|
|
unsigned long prpn,
|
|
|
|
|
unsigned long rflags,
|
|
|
|
|
unsigned long vflags,
|
|
|
|
|
int psize, int apsize,
|
|
|
|
|
int ssize);
|
|
|
|
|
long (*hpte_remove)(unsigned long hpte_group);
|
|
|
|
|
int (*hpte_removebolted)(unsigned long ea,
|
|
|
|
|
int psize, int ssize);
|
|
|
|
|
void (*flush_hash_range)(unsigned long number, int local);
|
|
|
|
|
void (*hugepage_invalidate)(unsigned long vsid,
|
|
|
|
|
unsigned long addr,
|
|
|
|
|
unsigned char *hpte_slot_array,
|
|
|
|
|
int psize, int ssize, int local);
|
2016-12-09 11:07:36 +11:00
|
|
|
int (*resize_hpt)(unsigned long shift);
|
2016-07-05 15:03:58 +10:00
|
|
|
/*
|
|
|
|
|
* Special for kexec.
|
|
|
|
|
* To be called in real mode with interrupts disabled. No locks are
|
|
|
|
|
* taken as such, concurrent access on pre POWER5 hardware could result
|
|
|
|
|
* in a deadlock.
|
|
|
|
|
* The linear mapping is destroyed as well.
|
|
|
|
|
*/
|
|
|
|
|
void (*hpte_clear_all)(void);
|
|
|
|
|
};
|
|
|
|
|
extern struct mmu_hash_ops mmu_hash_ops;
|
|
|
|
|
|
2007-06-13 14:52:56 +10:00
|
|
|
struct hash_pte {
|
2013-09-23 12:04:36 +10:00
|
|
|
__be64 v;
|
|
|
|
|
__be64 r;
|
2007-06-13 14:52:56 +10:00
|
|
|
};
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2007-06-13 14:52:56 +10:00
|
|
|
extern struct hash_pte *htab_address;
|
2007-04-27 11:53:52 +10:00
|
|
|
extern unsigned long htab_size_bytes;
|
|
|
|
|
extern unsigned long htab_hash_mask;
|
|
|
|
|
|
2013-04-28 09:37:29 +00:00
|
|
|
|
|
|
|
|
static inline int shift_to_mmu_psize(unsigned int shift)
|
|
|
|
|
{
|
|
|
|
|
int psize;
|
|
|
|
|
|
|
|
|
|
for (psize = 0; psize < MMU_PAGE_COUNT; ++psize)
|
|
|
|
|
if (mmu_psize_defs[psize].shift == shift)
|
|
|
|
|
return psize;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned int mmu_psize_to_shift(unsigned int mmu_psize)
|
|
|
|
|
{
|
|
|
|
|
if (mmu_psize_defs[mmu_psize].shift)
|
|
|
|
|
return mmu_psize_defs[mmu_psize].shift;
|
|
|
|
|
BUG();
|
|
|
|
|
}
|
2007-04-27 11:53:52 +10:00
|
|
|
|
KVM: PPC: Book3S HV: Implement H_TLB_INVALIDATE hcall
When running a nested (L2) guest the guest (L1) hypervisor will use
the H_TLB_INVALIDATE hcall when it needs to change the partition
scoped page tables or the partition table which it manages. It will
use this hcall in the situations where it would use a partition-scoped
tlbie instruction if it were running in hypervisor mode.
The H_TLB_INVALIDATE hcall can invalidate different scopes:
Invalidate TLB for a given target address:
- This invalidates a single L2 -> L1 pte
- We need to invalidate any L2 -> L0 shadow_pgtable ptes which map the L2
address space which is being invalidated. This is because a single
L2 -> L1 pte may have been mapped with more than one pte in the
L2 -> L0 page tables.
Invalidate the entire TLB for a given LPID or for all LPIDs:
- Invalidate the entire shadow_pgtable for a given nested guest, or
for all nested guests.
Invalidate the PWC (page walk cache) for a given LPID or for all LPIDs:
- We don't cache the PWC, so nothing to do.
Invalidate the entire TLB, PWC and partition table for a given/all LPIDs:
- Here we re-read the partition table entry and remove the nested state
for any nested guest for which the first doubleword of the partition
table entry is now zero.
The H_TLB_INVALIDATE hcall takes as parameters the tlbie instruction
word (of which only the RIC, PRS and R fields are used), the rS value
(giving the lpid, where required) and the rB value (giving the IS, AP
and EPN values).
[paulus@ozlabs.org - adapted to having the partition table in guest
memory, added the H_TLB_INVALIDATE implementation, removed tlbie
instruction emulation, reworded the commit message.]
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2018-10-08 16:31:09 +11:00
|
|
|
static inline unsigned int ap_to_shift(unsigned long ap)
|
|
|
|
|
{
|
|
|
|
|
int psize;
|
|
|
|
|
|
|
|
|
|
for (psize = 0; psize < MMU_PAGE_COUNT; psize++) {
|
|
|
|
|
if (mmu_psize_defs[psize].ap == ap)
|
|
|
|
|
return mmu_psize_defs[psize].shift;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-13 15:06:37 +05:30
|
|
|
static inline unsigned long get_sllp_encoding(int psize)
|
|
|
|
|
{
|
|
|
|
|
unsigned long sllp;
|
|
|
|
|
|
|
|
|
|
sllp = ((mmu_psize_defs[psize].sllp & SLB_VSID_L) >> 6) |
|
|
|
|
|
((mmu_psize_defs[psize].sllp & SLB_VSID_LP) >> 4);
|
|
|
|
|
return sllp;
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
|
|
2007-05-10 15:28:44 +10:00
|
|
|
/*
|
|
|
|
|
* Segment sizes.
|
|
|
|
|
* These are the values used by hardware in the B field of
|
|
|
|
|
* SLB entries and the first dword of MMU hashtable entries.
|
|
|
|
|
* The B field is 2 bits; the values 2 and 3 are unused and reserved.
|
|
|
|
|
*/
|
|
|
|
|
#define MMU_SEGSIZE_256M 0
|
|
|
|
|
#define MMU_SEGSIZE_1T 1
|
|
|
|
|
|
2012-09-10 02:52:50 +00:00
|
|
|
/*
|
|
|
|
|
* encode page number shift.
|
|
|
|
|
* in order to fit the 78 bit va in a 64 bit variable we shift the va by
|
|
|
|
|
* 12 bits. This enable us to address upto 76 bit va.
|
|
|
|
|
* For hpt hash from a va we can ignore the page size bits of va and for
|
|
|
|
|
* hpte encoding we ignore up to 23 bits of va. So ignoring lower 12 bits ensure
|
|
|
|
|
* we work in all cases including 4k page size.
|
|
|
|
|
*/
|
|
|
|
|
#define VPN_SHIFT 12
|
2007-10-11 20:37:10 +10:00
|
|
|
|
2013-04-28 09:37:35 +00:00
|
|
|
/*
|
|
|
|
|
* HPTE Large Page (LP) details
|
|
|
|
|
*/
|
|
|
|
|
#define LP_SHIFT 12
|
|
|
|
|
#define LP_BITS 8
|
|
|
|
|
#define LP_MASK(i) ((0xFF >> (i)) << LP_SHIFT)
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
|
|
2014-10-08 19:54:51 +11:00
|
|
|
static inline int slb_vsid_shift(int ssize)
|
|
|
|
|
{
|
|
|
|
|
if (ssize == MMU_SEGSIZE_256M)
|
|
|
|
|
return SLB_VSID_SHIFT;
|
|
|
|
|
return SLB_VSID_SHIFT_1T;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-10 02:52:50 +00:00
|
|
|
static inline int segment_shift(int ssize)
|
|
|
|
|
{
|
|
|
|
|
if (ssize == MMU_SEGSIZE_256M)
|
|
|
|
|
return SID_SHIFT;
|
|
|
|
|
return SID_SHIFT_1T;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-02 17:20:43 +10:00
|
|
|
/*
|
|
|
|
|
* This array is indexed by the LP field of the HPTE second dword.
|
|
|
|
|
* Since this field may contain some RPN bits, some entries are
|
|
|
|
|
* replicated so that we get the same value irrespective of RPN.
|
|
|
|
|
* The top 4 bits are the page size index (MMU_PAGE_*) for the
|
|
|
|
|
* actual page size, the bottom 4 bits are the base page size.
|
|
|
|
|
*/
|
|
|
|
|
extern u8 hpte_page_sizes[1 << LP_BITS];
|
|
|
|
|
|
|
|
|
|
static inline unsigned long __hpte_page_size(unsigned long h, unsigned long l,
|
|
|
|
|
bool is_base_size)
|
|
|
|
|
{
|
|
|
|
|
unsigned int i, lp;
|
|
|
|
|
|
|
|
|
|
if (!(h & HPTE_V_LARGE))
|
|
|
|
|
return 1ul << 12;
|
|
|
|
|
|
|
|
|
|
/* Look at the 8 bit LP value */
|
|
|
|
|
lp = (l >> LP_SHIFT) & ((1 << LP_BITS) - 1);
|
|
|
|
|
i = hpte_page_sizes[lp];
|
|
|
|
|
if (!i)
|
|
|
|
|
return 0;
|
|
|
|
|
if (!is_base_size)
|
|
|
|
|
i >>= 4;
|
|
|
|
|
return 1ul << mmu_psize_defs[i & 0xf].shift;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long hpte_page_size(unsigned long h, unsigned long l)
|
|
|
|
|
{
|
|
|
|
|
return __hpte_page_size(h, l, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long hpte_base_page_size(unsigned long h, unsigned long l)
|
|
|
|
|
{
|
|
|
|
|
return __hpte_page_size(h, l, 1);
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
/*
|
2007-10-11 20:37:10 +10:00
|
|
|
* The current system page and segment sizes
|
2007-04-27 11:53:52 +10:00
|
|
|
*/
|
2007-10-11 20:37:10 +10:00
|
|
|
extern int mmu_kernel_ssize;
|
|
|
|
|
extern int mmu_highuser_ssize;
|
2007-12-06 17:24:48 +11:00
|
|
|
extern u16 mmu_slb_size;
|
2008-05-08 14:27:08 +10:00
|
|
|
extern unsigned long tce_alloc_start, tce_alloc_end;
|
2007-04-27 11:53:52 +10:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the processor supports 64k normal pages but not 64k cache
|
|
|
|
|
* inhibited pages, we have to be prepared to switch processes
|
|
|
|
|
* to use 4k pages when they create cache-inhibited mappings.
|
|
|
|
|
* If this is the case, mmu_ci_restrictions will be set to 1.
|
|
|
|
|
*/
|
|
|
|
|
extern int mmu_ci_restrictions;
|
|
|
|
|
|
2012-09-10 02:52:50 +00:00
|
|
|
/*
|
|
|
|
|
* This computes the AVPN and B fields of the first dword of a HPTE,
|
|
|
|
|
* for use when we want to match an existing PTE. The bottom 7 bits
|
|
|
|
|
* of the returned value are zero.
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned long hpte_encode_avpn(unsigned long vpn, int psize,
|
|
|
|
|
int ssize)
|
|
|
|
|
{
|
|
|
|
|
unsigned long v;
|
|
|
|
|
/*
|
|
|
|
|
* The AVA field omits the low-order 23 bits of the 78 bits VA.
|
|
|
|
|
* These bits are not needed in the PTE, because the
|
|
|
|
|
* low-order b of these bits are part of the byte offset
|
|
|
|
|
* into the virtual page and, if b < 23, the high-order
|
|
|
|
|
* 23-b of these bits are always used in selecting the
|
|
|
|
|
* PTEGs to be searched
|
|
|
|
|
*/
|
|
|
|
|
v = (vpn >> (23 - VPN_SHIFT)) & ~(mmu_psize_defs[psize].avpnm);
|
|
|
|
|
v <<= HPTE_V_AVPN_SHIFT;
|
2016-11-11 16:55:03 +11:00
|
|
|
v |= ((unsigned long) ssize) << HPTE_V_SSIZE_SHIFT;
|
2012-09-10 02:52:50 +00:00
|
|
|
return v;
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-11 16:55:03 +11:00
|
|
|
/*
|
|
|
|
|
* ISA v3.0 defines a new HPTE format, which differs from the old
|
|
|
|
|
* format in having smaller AVPN and ARPN fields, and the B field
|
|
|
|
|
* in the second dword instead of the first.
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned long hpte_old_to_new_v(unsigned long v)
|
|
|
|
|
{
|
|
|
|
|
/* trim AVPN, drop B */
|
|
|
|
|
return v & HPTE_V_COMMON_BITS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long hpte_old_to_new_r(unsigned long v, unsigned long r)
|
|
|
|
|
{
|
|
|
|
|
/* move B field from 1st to 2nd dword, trim ARPN */
|
|
|
|
|
return (r & ~HPTE_R_3_0_SSIZE_MASK) |
|
|
|
|
|
(((v) >> HPTE_V_SSIZE_SHIFT) << HPTE_R_3_0_SSIZE_SHIFT);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long hpte_new_to_old_v(unsigned long v, unsigned long r)
|
|
|
|
|
{
|
|
|
|
|
/* insert B field */
|
|
|
|
|
return (v & HPTE_V_COMMON_BITS) |
|
|
|
|
|
((r & HPTE_R_3_0_SSIZE_MASK) <<
|
|
|
|
|
(HPTE_V_SSIZE_SHIFT - HPTE_R_3_0_SSIZE_SHIFT));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long hpte_new_to_old_r(unsigned long r)
|
|
|
|
|
{
|
|
|
|
|
/* clear out B field */
|
|
|
|
|
return r & ~HPTE_R_3_0_SSIZE_MASK;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-29 14:06:30 +05:30
|
|
|
static inline unsigned long hpte_get_old_v(struct hash_pte *hptep)
|
|
|
|
|
{
|
|
|
|
|
unsigned long hpte_v;
|
|
|
|
|
|
|
|
|
|
hpte_v = be64_to_cpu(hptep->v);
|
|
|
|
|
if (cpu_has_feature(CPU_FTR_ARCH_300))
|
|
|
|
|
hpte_v = hpte_new_to_old_v(hpte_v, be64_to_cpu(hptep->r));
|
|
|
|
|
return hpte_v;
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
/*
|
|
|
|
|
* This function sets the AVPN and L fields of the HPTE appropriately
|
2013-04-28 09:37:35 +00:00
|
|
|
* using the base page size and actual page size.
|
2007-04-27 11:53:52 +10:00
|
|
|
*/
|
2013-04-28 09:37:35 +00:00
|
|
|
static inline unsigned long hpte_encode_v(unsigned long vpn, int base_psize,
|
|
|
|
|
int actual_psize, int ssize)
|
2007-04-27 11:53:52 +10:00
|
|
|
{
|
2007-10-11 20:37:10 +10:00
|
|
|
unsigned long v;
|
2013-04-28 09:37:35 +00:00
|
|
|
v = hpte_encode_avpn(vpn, base_psize, ssize);
|
|
|
|
|
if (actual_psize != MMU_PAGE_4K)
|
2007-04-27 11:53:52 +10:00
|
|
|
v |= HPTE_V_LARGE;
|
|
|
|
|
return v;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This function sets the ARPN, and LP fields of the HPTE appropriately
|
|
|
|
|
* for the page size. We assume the pa is already "clean" that is properly
|
|
|
|
|
* aligned for the requested page size
|
|
|
|
|
*/
|
2013-04-28 09:37:35 +00:00
|
|
|
static inline unsigned long hpte_encode_r(unsigned long pa, int base_psize,
|
2016-11-11 16:55:03 +11:00
|
|
|
int actual_psize)
|
2007-04-27 11:53:52 +10:00
|
|
|
{
|
|
|
|
|
/* A 4K page needs no special encoding */
|
2013-04-28 09:37:35 +00:00
|
|
|
if (actual_psize == MMU_PAGE_4K)
|
2007-04-27 11:53:52 +10:00
|
|
|
return pa & HPTE_R_RPN;
|
|
|
|
|
else {
|
2013-04-28 09:37:35 +00:00
|
|
|
unsigned int penc = mmu_psize_defs[base_psize].penc[actual_psize];
|
|
|
|
|
unsigned int shift = mmu_psize_defs[actual_psize].shift;
|
|
|
|
|
return (pa & ~((1ul << shift) - 1)) | (penc << LP_SHIFT);
|
2007-04-27 11:53:52 +10:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2012-09-10 02:52:50 +00:00
|
|
|
* Build a VPN_SHIFT bit shifted va given VSID, EA and segment size.
|
2007-04-27 11:53:52 +10:00
|
|
|
*/
|
2012-09-10 02:52:50 +00:00
|
|
|
static inline unsigned long hpt_vpn(unsigned long ea,
|
|
|
|
|
unsigned long vsid, int ssize)
|
2007-10-11 20:37:10 +10:00
|
|
|
{
|
2012-09-10 02:52:50 +00:00
|
|
|
unsigned long mask;
|
|
|
|
|
int s_shift = segment_shift(ssize);
|
|
|
|
|
|
|
|
|
|
mask = (1ul << (s_shift - VPN_SHIFT)) - 1;
|
|
|
|
|
return (vsid << (s_shift - VPN_SHIFT)) | ((ea >> VPN_SHIFT) & mask);
|
2007-10-11 20:37:10 +10:00
|
|
|
}
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2007-10-11 20:37:10 +10:00
|
|
|
/*
|
|
|
|
|
* This hashes a virtual address
|
|
|
|
|
*/
|
2012-09-10 02:52:50 +00:00
|
|
|
static inline unsigned long hpt_hash(unsigned long vpn,
|
|
|
|
|
unsigned int shift, int ssize)
|
2007-04-27 11:53:52 +10:00
|
|
|
{
|
2017-03-22 09:06:56 +05:30
|
|
|
unsigned long mask;
|
2007-10-11 20:37:10 +10:00
|
|
|
unsigned long hash, vsid;
|
|
|
|
|
|
2012-09-10 02:52:50 +00:00
|
|
|
/* VPN_SHIFT can be atmost 12 */
|
2007-10-11 20:37:10 +10:00
|
|
|
if (ssize == MMU_SEGSIZE_256M) {
|
2012-09-10 02:52:50 +00:00
|
|
|
mask = (1ul << (SID_SHIFT - VPN_SHIFT)) - 1;
|
|
|
|
|
hash = (vpn >> (SID_SHIFT - VPN_SHIFT)) ^
|
|
|
|
|
((vpn & mask) >> (shift - VPN_SHIFT));
|
2007-10-11 20:37:10 +10:00
|
|
|
} else {
|
2012-09-10 02:52:50 +00:00
|
|
|
mask = (1ul << (SID_SHIFT_1T - VPN_SHIFT)) - 1;
|
|
|
|
|
vsid = vpn >> (SID_SHIFT_1T - VPN_SHIFT);
|
|
|
|
|
hash = vsid ^ (vsid << 25) ^
|
|
|
|
|
((vpn & mask) >> (shift - VPN_SHIFT)) ;
|
2007-10-11 20:37:10 +10:00
|
|
|
}
|
|
|
|
|
return hash & 0x7fffffffffUL;
|
2007-04-27 11:53:52 +10:00
|
|
|
}
|
|
|
|
|
|
2014-12-04 11:00:14 +05:30
|
|
|
#define HPTE_LOCAL_UPDATE 0x1
|
|
|
|
|
#define HPTE_NOHPTE_UPDATE 0x2
|
2020-11-27 10:14:10 +05:30
|
|
|
#define HPTE_USE_KERNEL_KEY 0x4
|
2014-12-04 11:00:14 +05:30
|
|
|
|
2021-01-04 15:31:56 +01:00
|
|
|
long hpte_insert_repeating(unsigned long hash, unsigned long vpn, unsigned long pa,
|
|
|
|
|
unsigned long rlags, unsigned long vflags, int psize, int ssize);
|
2007-04-27 11:53:52 +10:00
|
|
|
extern int __hash_page_4K(unsigned long ea, unsigned long access,
|
|
|
|
|
unsigned long vsid, pte_t *ptep, unsigned long trap,
|
2014-12-04 11:00:14 +05:30
|
|
|
unsigned long flags, int ssize, int subpage_prot);
|
2007-04-27 11:53:52 +10:00
|
|
|
extern int __hash_page_64K(unsigned long ea, unsigned long access,
|
|
|
|
|
unsigned long vsid, pte_t *ptep, unsigned long trap,
|
2014-12-04 11:00:14 +05:30
|
|
|
unsigned long flags, int ssize);
|
2007-04-27 11:53:52 +10:00
|
|
|
struct mm_struct;
|
2009-10-26 19:24:31 +00:00
|
|
|
unsigned int hash_page_do_lazy_icache(unsigned int pp, pte_t pte, int trap);
|
2014-12-04 11:00:14 +05:30
|
|
|
extern int hash_page_mm(struct mm_struct *mm, unsigned long ea,
|
|
|
|
|
unsigned long access, unsigned long trap,
|
|
|
|
|
unsigned long flags);
|
|
|
|
|
extern int hash_page(unsigned long ea, unsigned long access, unsigned long trap,
|
|
|
|
|
unsigned long dsisr);
|
2021-01-04 15:31:55 +01:00
|
|
|
void low_hash_fault(struct pt_regs *regs, unsigned long address, int rc);
|
|
|
|
|
int __hash_page(unsigned long trap, unsigned long ea, unsigned long dsisr, unsigned long msr);
|
powerpc/mm: Allow more flexible layouts for hugepage pagetables
Currently each available hugepage size uses a slightly different
pagetable layout: that is, the bottem level table of pointers to
hugepages is a different size, and may branch off from the normal page
tables at a different level. Every hugepage aware path that needs to
walk the pagetables must therefore look up the hugepage size from the
slice info first, and work out the correct way to walk the pagetables
accordingly. Future hardware is likely to add more possible hugepage
sizes, more layout options and more mess.
This patch, therefore reworks the handling of hugepage pagetables to
reduce this complexity. In the new scheme, instead of having to
consult the slice mask, pagetable walking code can check a flag in the
PGD/PUD/PMD entries to see where to branch off to hugepage pagetables,
and the entry also contains the information (eseentially hugepage
shift) necessary to then interpret that table without recourse to the
slice mask. This scheme can be extended neatly to handle multiple
levels of self-describing "special" hugepage pagetables, although for
now we assume only one level exists.
This approach means that only the pagetable allocation path needs to
know how the pagetables should be set out. All other (hugepage)
pagetable walking paths can just interpret the structure as they go.
There already was a flag bit in PGD/PUD/PMD entries for hugepage
directory pointers, but it was only used for debug. We alter that
flag bit to instead be a 0 in the MSB to indicate a hugepage pagetable
pointer (normally it would be 1 since the pointer lies in the linear
mapping). This means that asm pagetable walking can test for (and
punt on) hugepage pointers with the same test that checks for
unpopulated page directory entries (beq becomes bge), since hugepage
pointers will always be positive, and normal pointers always negative.
While we're at it, we get rid of the confusing (and grep defeating)
#defining of hugepte_shift to be the same thing as mmu_huge_psizes.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2009-10-26 19:24:31 +00:00
|
|
|
int __hash_page_huge(unsigned long ea, unsigned long access, unsigned long vsid,
|
2014-12-04 11:00:14 +05:30
|
|
|
pte_t *ptep, unsigned long trap, unsigned long flags,
|
|
|
|
|
int ssize, unsigned int shift, unsigned int mmu_psize);
|
2013-06-20 14:30:21 +05:30
|
|
|
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
|
|
|
|
|
extern int __hash_page_thp(unsigned long ea, unsigned long access,
|
|
|
|
|
unsigned long vsid, pmd_t *pmdp, unsigned long trap,
|
2014-12-04 11:00:14 +05:30
|
|
|
unsigned long flags, int ssize, unsigned int psize);
|
2013-06-20 14:30:21 +05:30
|
|
|
#else
|
|
|
|
|
static inline int __hash_page_thp(unsigned long ea, unsigned long access,
|
|
|
|
|
unsigned long vsid, pmd_t *pmdp,
|
2014-12-04 11:00:14 +05:30
|
|
|
unsigned long trap, unsigned long flags,
|
2013-06-20 14:30:21 +05:30
|
|
|
int ssize, unsigned int psize)
|
|
|
|
|
{
|
|
|
|
|
BUG();
|
2013-06-24 09:35:55 -05:00
|
|
|
return -1;
|
2013-06-20 14:30:21 +05:30
|
|
|
}
|
|
|
|
|
#endif
|
2010-07-23 10:31:13 +10:00
|
|
|
extern void hash_failure_debug(unsigned long ea, unsigned long access,
|
|
|
|
|
unsigned long vsid, unsigned long trap,
|
2013-04-28 09:37:37 +00:00
|
|
|
int ssize, int psize, int lpsize,
|
|
|
|
|
unsigned long pte);
|
2007-04-27 11:53:52 +10:00
|
|
|
extern int htab_bolt_mapping(unsigned long vstart, unsigned long vend,
|
2008-08-05 16:19:56 +10:00
|
|
|
unsigned long pstart, unsigned long prot,
|
2007-10-11 20:37:10 +10:00
|
|
|
int psize, int ssize);
|
2014-08-20 08:55:21 +10:00
|
|
|
int htab_remove_mapping(unsigned long vstart, unsigned long vend,
|
|
|
|
|
int psize, int ssize);
|
2017-07-28 10:31:26 +05:30
|
|
|
extern void pseries_add_gpage(u64 addr, u64 page_size, unsigned long number_of_pages);
|
[POWERPC] Provide a way to protect 4k subpages when using 64k pages
Using 64k pages on 64-bit PowerPC systems makes life difficult for
emulators that are trying to emulate an ISA, such as x86, which use a
smaller page size, since the emulator can no longer use the MMU and
the normal system calls for controlling page protections. Of course,
the emulator can emulate the MMU by checking and possibly remapping
the address for each memory access in software, but that is pretty
slow.
This provides a facility for such programs to control the access
permissions on individual 4k sub-pages of 64k pages. The idea is
that the emulator supplies an array of protection masks to apply to a
specified range of virtual addresses. These masks are applied at the
level where hardware PTEs are inserted into the hardware page table
based on the Linux PTEs, so the Linux PTEs are not affected. Note
that this new mechanism does not allow any access that would otherwise
be prohibited; it can only prohibit accesses that would otherwise be
allowed. This new facility is only available on 64-bit PowerPC and
only when the kernel is configured for 64k pages.
The masks are supplied using a new subpage_prot system call, which
takes a starting virtual address and length, and a pointer to an array
of protection masks in memory. The array has a 32-bit word per 64k
page to be protected; each 32-bit word consists of 16 2-bit fields,
for which 0 allows any access (that is otherwise allowed), 1 prevents
write accesses, and 2 or 3 prevent any access.
Implicit in this is that the regions of the address space that are
protected are switched to use 4k hardware pages rather than 64k
hardware pages (on machines with hardware 64k page support). In fact
the whole process is switched to use 4k hardware pages when the
subpage_prot system call is used, but this could be improved in future
to switch only the affected segments.
The subpage protection bits are stored in a 3 level tree akin to the
page table tree. The top level of this tree is stored in a structure
that is appended to the top level of the page table tree, i.e., the
pgd array. Since it will often only be 32-bit addresses (below 4GB)
that are protected, the pointers to the first four bottom level pages
are also stored in this structure (each bottom level page contains the
protection bits for 1GB of address space), so the protection bits for
addresses below 4GB can be accessed with one fewer loads than those
for higher addresses.
Signed-off-by: Paul Mackerras <paulus@samba.org>
2008-01-24 08:35:13 +11:00
|
|
|
extern void demote_segment_4k(struct mm_struct *mm, unsigned long addr);
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2018-09-15 01:30:55 +10:00
|
|
|
extern void hash__setup_new_exec(void);
|
|
|
|
|
|
2016-07-26 10:33:03 +10:00
|
|
|
#ifdef CONFIG_PPC_PSERIES
|
|
|
|
|
void hpte_init_pseries(void);
|
|
|
|
|
#else
|
|
|
|
|
static inline void hpte_init_pseries(void) { }
|
|
|
|
|
#endif
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
extern void hpte_init_native(void);
|
|
|
|
|
|
2018-09-11 19:57:15 +05:30
|
|
|
struct slb_entry {
|
|
|
|
|
u64 esid;
|
|
|
|
|
u64 vsid;
|
|
|
|
|
};
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
extern void slb_initialize(void);
|
2018-10-03 00:27:58 +10:00
|
|
|
void slb_flush_and_restore_bolted(void);
|
2018-08-10 16:42:48 +10:00
|
|
|
void slb_flush_all_realmode(void);
|
|
|
|
|
void __slb_restore_bolted_realmode(void);
|
|
|
|
|
void slb_restore_bolted_realmode(void);
|
2018-09-11 19:57:15 +05:30
|
|
|
void slb_save_contents(struct slb_entry *slb_ptr);
|
|
|
|
|
void slb_dump_contents(struct slb_entry *slb_ptr);
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2007-08-03 11:55:39 +10:00
|
|
|
extern void slb_vmalloc_update(void);
|
2021-01-04 15:31:57 +01:00
|
|
|
void preload_new_slb_context(unsigned long start, unsigned long sp);
|
2021-12-02 00:41:52 +10:00
|
|
|
|
|
|
|
|
#ifdef CONFIG_PPC_64S_HASH_MMU
|
|
|
|
|
void slb_set_size(u16 size);
|
|
|
|
|
#else
|
|
|
|
|
static inline void slb_set_size(u16 size) { }
|
|
|
|
|
#endif
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
|
|
|
|
|
|
/*
|
2012-09-10 02:52:56 +00:00
|
|
|
* VSID allocation (256MB segment)
|
2007-04-27 11:53:52 +10:00
|
|
|
*
|
2013-03-13 03:34:54 +00:00
|
|
|
* We first generate a 37-bit "proto-VSID". Proto-VSIDs are generated
|
|
|
|
|
* from mmu context id and effective segment id of the address.
|
2007-04-27 11:53:52 +10:00
|
|
|
*
|
2017-03-29 23:10:22 +11:00
|
|
|
* For user processes max context id is limited to MAX_USER_CONTEXT.
|
2018-09-20 14:03:58 +05:30
|
|
|
* more details in get_user_context
|
|
|
|
|
*
|
|
|
|
|
* For kernel space get_kernel_context
|
2007-04-27 11:53:52 +10:00
|
|
|
*
|
|
|
|
|
* The proto-VSIDs are then scrambled into real VSIDs with the
|
|
|
|
|
* multiplicative hash:
|
|
|
|
|
*
|
|
|
|
|
* VSID = (proto-VSID * VSID_MULTIPLIER) % VSID_MODULUS
|
|
|
|
|
*
|
2012-09-10 02:52:56 +00:00
|
|
|
* VSID_MULTIPLIER is prime, so in particular it is
|
2007-04-27 11:53:52 +10:00
|
|
|
* co-prime to VSID_MODULUS, making this a 1:1 scrambling function.
|
|
|
|
|
* Because the modulus is 2^n-1 we can compute it efficiently without
|
2013-03-13 03:34:54 +00:00
|
|
|
* a divide or extra multiply (see below). The scramble function gives
|
|
|
|
|
* robust scattering in the hash table (at least based on some initial
|
|
|
|
|
* results).
|
2007-04-27 11:53:52 +10:00
|
|
|
*
|
2017-03-29 23:10:22 +11:00
|
|
|
* We use VSID 0 to indicate an invalid VSID. The means we can't use context id
|
|
|
|
|
* 0, because a context id of 0 and an EA of 0 gives a proto-VSID of 0, which
|
|
|
|
|
* will produce a VSID of 0.
|
2007-04-27 11:53:52 +10:00
|
|
|
*
|
2013-03-13 03:34:54 +00:00
|
|
|
* We also need to avoid the last segment of the last context, because that
|
|
|
|
|
* would give a protovsid of 0x1fffffffff. That will result in a VSID 0
|
2017-03-29 23:10:22 +11:00
|
|
|
* because of the modulo operation in vsid scramble.
|
2007-04-27 11:53:52 +10:00
|
|
|
*/
|
|
|
|
|
|
2017-03-29 17:21:53 +11:00
|
|
|
/*
|
|
|
|
|
* Max Va bits we support as of now is 68 bits. We want 19 bit
|
|
|
|
|
* context ID.
|
|
|
|
|
* Restrictions:
|
|
|
|
|
* GPU has restrictions of not able to access beyond 128TB
|
|
|
|
|
* (47 bit effective address). We also cannot do more than 20bit PID.
|
|
|
|
|
* For p4 and p5 which can only do 65 bit VA, we restrict our CONTEXT_BITS
|
|
|
|
|
* to 16 bits (ie, we can only have 2^16 pids at the same time).
|
|
|
|
|
*/
|
|
|
|
|
#define VA_BITS 68
|
2013-03-13 03:34:53 +00:00
|
|
|
#define CONTEXT_BITS 19
|
2017-03-29 17:21:53 +11:00
|
|
|
#define ESID_BITS (VA_BITS - (SID_SHIFT + CONTEXT_BITS))
|
|
|
|
|
#define ESID_BITS_1T (VA_BITS - (SID_SHIFT_1T + CONTEXT_BITS))
|
2013-03-13 03:34:53 +00:00
|
|
|
|
2017-01-28 21:18:40 +05:30
|
|
|
#define ESID_BITS_MASK ((1 << ESID_BITS) - 1)
|
|
|
|
|
#define ESID_BITS_1T_MASK ((1 << ESID_BITS_1T) - 1)
|
|
|
|
|
|
2018-09-20 14:03:58 +05:30
|
|
|
/*
|
|
|
|
|
* Now certain config support MAX_PHYSMEM more than 512TB. Hence we will need
|
|
|
|
|
* to use more than one context for linear mapping the kernel.
|
|
|
|
|
* For vmalloc and memmap, we use just one context with 512TB. With 64 byte
|
|
|
|
|
* struct page size, we need ony 32 TB in memmap for 2PB (51 bits (MAX_PHYSMEM_BITS)).
|
|
|
|
|
*/
|
2020-06-08 12:39:04 +05:30
|
|
|
#if (H_MAX_PHYSMEM_BITS > MAX_EA_BITS_PER_CONTEXT)
|
|
|
|
|
#define MAX_KERNEL_CTX_CNT (1UL << (H_MAX_PHYSMEM_BITS - MAX_EA_BITS_PER_CONTEXT))
|
2018-09-20 14:03:58 +05:30
|
|
|
#else
|
|
|
|
|
#define MAX_KERNEL_CTX_CNT 1
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#define MAX_VMALLOC_CTX_CNT 1
|
2019-04-17 18:29:14 +05:30
|
|
|
#define MAX_IO_CTX_CNT 1
|
|
|
|
|
#define MAX_VMEMMAP_CTX_CNT 1
|
2018-09-20 14:03:58 +05:30
|
|
|
|
2013-03-13 03:34:54 +00:00
|
|
|
/*
|
|
|
|
|
* 256MB segment
|
2013-03-13 03:34:55 +00:00
|
|
|
* The proto-VSID space has 2^(CONTEX_BITS + ESID_BITS) - 1 segments
|
2017-03-29 23:10:22 +11:00
|
|
|
* available for user + kernel mapping. VSID 0 is reserved as invalid, contexts
|
|
|
|
|
* 1-4 are used for kernel mapping. Each segment contains 2^28 bytes. Each
|
2017-03-29 17:21:53 +11:00
|
|
|
* context maps 2^49 bytes (512TB).
|
2017-03-29 23:10:22 +11:00
|
|
|
*
|
|
|
|
|
* We also need to avoid the last segment of the last context, because that
|
|
|
|
|
* would give a protovsid of 0x1fffffffff. That will result in a VSID 0
|
|
|
|
|
* because of the modulo operation in vsid scramble.
|
2018-09-20 14:03:58 +05:30
|
|
|
*
|
2013-03-13 03:34:54 +00:00
|
|
|
*/
|
2017-03-29 23:10:22 +11:00
|
|
|
#define MAX_USER_CONTEXT ((ASM_CONST(1) << CONTEXT_BITS) - 2)
|
powerpc/mm/hash: Fix sharing context ids between kernel & userspace
Commit 0034d395f89d ("powerpc/mm/hash64: Map all the kernel regions in
the same 0xc range") has a bug in the definition of MIN_USER_CONTEXT.
The result is that the context id used for the vmemmap and the lowest
context id handed out to userspace are the same. The context id is
essentially the process identifier as far as the first stage of the
MMU translation is concerned.
This can result in multiple SLB entries with the same VSID (Virtual
Segment ID), accessible to the kernel and some random userspace
process that happens to get the overlapping id, which is not expected
eg:
07 c00c000008000000 40066bdea7000500 1T ESID= c00c00 VSID= 66bdea7 LLP:100
12 0002000008000000 40066bdea7000d80 1T ESID= 200 VSID= 66bdea7 LLP:100
Even though the user process and the kernel use the same VSID, the
permissions in the hash page table prevent the user process from
reading or writing to any kernel mappings.
It can also lead to SLB entries with different base page size
encodings (LLP), eg:
05 c00c000008000000 00006bde0053b500 256M ESID=c00c00000 VSID= 6bde0053b LLP:100
09 0000000008000000 00006bde0053bc80 256M ESID= 0 VSID= 6bde0053b LLP: 0
Such SLB entries can result in machine checks, eg. as seen on a G5:
Oops: Machine check, sig: 7 [#1]
BE PAGE SIZE=64K MU-Hash SMP NR_CPUS=4 NUMA Power Mac
NIP: c00000000026f248 LR: c000000000295e58 CTR: 0000000000000000
REGS: c0000000erfd3d70 TRAP: 0200 Tainted: G M (5.5.0-rcl-gcc-8.2.0-00010-g228b667d8ea1)
MSR: 9000000000109032 <SF,HV,EE,ME,IR,DR,RI> CR: 24282048 XER: 00000000
DAR: c00c000000612c80 DSISR: 00000400 IRQMASK: 0
...
NIP [c00000000026f248] .kmem_cache_free+0x58/0x140
LR [c088000008295e58] .putname 8x88/0xa
Call Trace:
.putname+0xB8/0xa
.filename_lookup.part.76+0xbe/0x160
.do_faccessat+0xe0/0x380
system_call+0x5c/ex68
This happens with 256MB segments and 64K pages, as the duplicate VSID
is hit with the first vmemmap segment and the first user segment, and
older 32-bit userspace maps things in the first user segment.
On other CPUs a machine check is not seen. Instead the userspace
process can get stuck continuously faulting, with the fault never
properly serviced, due to the kernel not understanding that there is
already a HPTE for the address but with inaccessible permissions.
On machines with 1T segments we've not seen the bug hit other than by
deliberately exercising it. That seems to be just a matter of luck
though, due to the typical layout of the user virtual address space
and the ranges of vmemmap that are typically populated.
To fix it we add 2 to MIN_USER_CONTEXT. This ensures the lowest
context given to userspace doesn't overlap with the VMEMMAP context,
or with the context for INVALID_REGION_ID.
Fixes: 0034d395f89d ("powerpc/mm/hash64: Map all the kernel regions in the same 0xc range")
Cc: stable@vger.kernel.org # v5.2+
Reported-by: Christian Marillat <marillat@debian.org>
Reported-by: Romain Dolbeau <romain@dolbeau.org>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
[mpe: Account for INVALID_REGION_ID, mostly rewrite change log]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200123102547.11623-1-mpe@ellerman.id.au
2020-01-08 11:14:22 +05:30
|
|
|
|
|
|
|
|
// The + 2 accounts for INVALID_REGION and 1 more to avoid overlap with kernel
|
2018-09-20 14:03:58 +05:30
|
|
|
#define MIN_USER_CONTEXT (MAX_KERNEL_CTX_CNT + MAX_VMALLOC_CTX_CNT + \
|
powerpc/mm/hash: Fix sharing context ids between kernel & userspace
Commit 0034d395f89d ("powerpc/mm/hash64: Map all the kernel regions in
the same 0xc range") has a bug in the definition of MIN_USER_CONTEXT.
The result is that the context id used for the vmemmap and the lowest
context id handed out to userspace are the same. The context id is
essentially the process identifier as far as the first stage of the
MMU translation is concerned.
This can result in multiple SLB entries with the same VSID (Virtual
Segment ID), accessible to the kernel and some random userspace
process that happens to get the overlapping id, which is not expected
eg:
07 c00c000008000000 40066bdea7000500 1T ESID= c00c00 VSID= 66bdea7 LLP:100
12 0002000008000000 40066bdea7000d80 1T ESID= 200 VSID= 66bdea7 LLP:100
Even though the user process and the kernel use the same VSID, the
permissions in the hash page table prevent the user process from
reading or writing to any kernel mappings.
It can also lead to SLB entries with different base page size
encodings (LLP), eg:
05 c00c000008000000 00006bde0053b500 256M ESID=c00c00000 VSID= 6bde0053b LLP:100
09 0000000008000000 00006bde0053bc80 256M ESID= 0 VSID= 6bde0053b LLP: 0
Such SLB entries can result in machine checks, eg. as seen on a G5:
Oops: Machine check, sig: 7 [#1]
BE PAGE SIZE=64K MU-Hash SMP NR_CPUS=4 NUMA Power Mac
NIP: c00000000026f248 LR: c000000000295e58 CTR: 0000000000000000
REGS: c0000000erfd3d70 TRAP: 0200 Tainted: G M (5.5.0-rcl-gcc-8.2.0-00010-g228b667d8ea1)
MSR: 9000000000109032 <SF,HV,EE,ME,IR,DR,RI> CR: 24282048 XER: 00000000
DAR: c00c000000612c80 DSISR: 00000400 IRQMASK: 0
...
NIP [c00000000026f248] .kmem_cache_free+0x58/0x140
LR [c088000008295e58] .putname 8x88/0xa
Call Trace:
.putname+0xB8/0xa
.filename_lookup.part.76+0xbe/0x160
.do_faccessat+0xe0/0x380
system_call+0x5c/ex68
This happens with 256MB segments and 64K pages, as the duplicate VSID
is hit with the first vmemmap segment and the first user segment, and
older 32-bit userspace maps things in the first user segment.
On other CPUs a machine check is not seen. Instead the userspace
process can get stuck continuously faulting, with the fault never
properly serviced, due to the kernel not understanding that there is
already a HPTE for the address but with inaccessible permissions.
On machines with 1T segments we've not seen the bug hit other than by
deliberately exercising it. That seems to be just a matter of luck
though, due to the typical layout of the user virtual address space
and the ranges of vmemmap that are typically populated.
To fix it we add 2 to MIN_USER_CONTEXT. This ensures the lowest
context given to userspace doesn't overlap with the VMEMMAP context,
or with the context for INVALID_REGION_ID.
Fixes: 0034d395f89d ("powerpc/mm/hash64: Map all the kernel regions in the same 0xc range")
Cc: stable@vger.kernel.org # v5.2+
Reported-by: Christian Marillat <marillat@debian.org>
Reported-by: Romain Dolbeau <romain@dolbeau.org>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
[mpe: Account for INVALID_REGION_ID, mostly rewrite change log]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200123102547.11623-1-mpe@ellerman.id.au
2020-01-08 11:14:22 +05:30
|
|
|
MAX_IO_CTX_CNT + MAX_VMEMMAP_CTX_CNT + 2)
|
|
|
|
|
|
2017-03-29 17:21:53 +11:00
|
|
|
/*
|
|
|
|
|
* For platforms that support on 65bit VA we limit the context bits
|
|
|
|
|
*/
|
|
|
|
|
#define MAX_USER_CONTEXT_65BIT_VA ((ASM_CONST(1) << (65 - (SID_SHIFT + ESID_BITS))) - 2)
|
|
|
|
|
|
2012-09-10 02:52:55 +00:00
|
|
|
/*
|
|
|
|
|
* This should be computed such that protovosid * vsid_mulitplier
|
2017-03-29 17:21:53 +11:00
|
|
|
* doesn't overflow 64 bits. The vsid_mutliplier should also be
|
|
|
|
|
* co-prime to vsid_modulus. We also need to make sure that number
|
|
|
|
|
* of bits in multiplied result (dividend) is less than twice the number of
|
|
|
|
|
* protovsid bits for our modulus optmization to work.
|
|
|
|
|
*
|
|
|
|
|
* The below table shows the current values used.
|
|
|
|
|
* |-------+------------+----------------------+------------+-------------------|
|
|
|
|
|
* | | Prime Bits | proto VSID_BITS_65VA | Total Bits | 2* prot VSID_BITS |
|
|
|
|
|
* |-------+------------+----------------------+------------+-------------------|
|
|
|
|
|
* | 1T | 24 | 25 | 49 | 50 |
|
|
|
|
|
* |-------+------------+----------------------+------------+-------------------|
|
|
|
|
|
* | 256MB | 24 | 37 | 61 | 74 |
|
|
|
|
|
* |-------+------------+----------------------+------------+-------------------|
|
|
|
|
|
*
|
|
|
|
|
* |-------+------------+----------------------+------------+--------------------|
|
|
|
|
|
* | | Prime Bits | proto VSID_BITS_68VA | Total Bits | 2* proto VSID_BITS |
|
|
|
|
|
* |-------+------------+----------------------+------------+--------------------|
|
|
|
|
|
* | 1T | 24 | 28 | 52 | 56 |
|
|
|
|
|
* |-------+------------+----------------------+------------+--------------------|
|
|
|
|
|
* | 256MB | 24 | 40 | 64 | 80 |
|
|
|
|
|
* |-------+------------+----------------------+------------+--------------------|
|
|
|
|
|
*
|
2012-09-10 02:52:55 +00:00
|
|
|
*/
|
|
|
|
|
#define VSID_MULTIPLIER_256M ASM_CONST(12538073) /* 24-bit prime */
|
2017-03-29 17:21:53 +11:00
|
|
|
#define VSID_BITS_256M (VA_BITS - SID_SHIFT)
|
|
|
|
|
#define VSID_BITS_65_256M (65 - SID_SHIFT)
|
2017-03-22 09:07:00 +05:30
|
|
|
/*
|
|
|
|
|
* Modular multiplicative inverse of VSID_MULTIPLIER under modulo VSID_MODULUS
|
|
|
|
|
*/
|
|
|
|
|
#define VSID_MULINV_256M ASM_CONST(665548017062)
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2007-10-11 20:37:10 +10:00
|
|
|
#define VSID_MULTIPLIER_1T ASM_CONST(12538073) /* 24-bit prime */
|
2017-03-29 17:21:53 +11:00
|
|
|
#define VSID_BITS_1T (VA_BITS - SID_SHIFT_1T)
|
|
|
|
|
#define VSID_BITS_65_1T (65 - SID_SHIFT_1T)
|
2017-03-22 09:07:00 +05:30
|
|
|
#define VSID_MULINV_1T ASM_CONST(209034062)
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2017-03-22 09:07:00 +05:30
|
|
|
/* 1TB VSID reserved for VRMA */
|
|
|
|
|
#define VRMA_VSID 0x1ffffffUL
|
2013-03-13 03:34:55 +00:00
|
|
|
#define USER_VSID_RANGE (1UL << (ESID_BITS + SID_SHIFT))
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2012-09-10 02:52:57 +00:00
|
|
|
/* 4 bits per slice and we have one slice per 1TB */
|
2017-03-22 09:06:58 +05:30
|
|
|
#define SLICE_ARRAY_SIZE (H_PGTABLE_RANGE >> 41)
|
2019-04-17 18:33:48 +05:30
|
|
|
#define LOW_SLICE_ARRAY_SZ (BITS_PER_LONG / BITS_PER_BYTE)
|
2019-04-17 18:33:50 +05:30
|
|
|
#define TASK_SLICE_ARRAY_SZ(x) ((x)->hash_context->slb_addr_limit >> 41)
|
2007-04-27 11:53:52 +10:00
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
|
|
2009-11-26 18:56:04 +00:00
|
|
|
#ifdef CONFIG_PPC_SUBPAGE_PROT
|
|
|
|
|
/*
|
|
|
|
|
* For the sub-page protection option, we extend the PGD with one of
|
|
|
|
|
* these. Basically we have a 3-level tree, with the top level being
|
|
|
|
|
* the protptrs array. To optimize speed and memory consumption when
|
|
|
|
|
* only addresses < 4GB are being protected, pointers to the first
|
|
|
|
|
* four pages of sub-page protection words are stored in the low_prot
|
|
|
|
|
* array.
|
|
|
|
|
* Each page of sub-page protection words protects 1GB (4 bytes
|
|
|
|
|
* protects 64k). For the 3-level tree, each page of pointers then
|
|
|
|
|
* protects 8TB.
|
|
|
|
|
*/
|
|
|
|
|
struct subpage_prot_table {
|
|
|
|
|
unsigned long maxaddr; /* only addresses < this are protected */
|
2014-07-15 20:22:30 +05:30
|
|
|
unsigned int **protptrs[(TASK_SIZE_USER64 >> 43)];
|
2009-11-26 18:56:04 +00:00
|
|
|
unsigned int *low_prot[4];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define SBP_L1_BITS (PAGE_SHIFT - 2)
|
|
|
|
|
#define SBP_L2_BITS (PAGE_SHIFT - 3)
|
|
|
|
|
#define SBP_L1_COUNT (1 << SBP_L1_BITS)
|
|
|
|
|
#define SBP_L2_COUNT (1 << SBP_L2_BITS)
|
|
|
|
|
#define SBP_L2_SHIFT (PAGE_SHIFT + SBP_L1_BITS)
|
|
|
|
|
#define SBP_L3_SHIFT (SBP_L2_SHIFT + SBP_L2_BITS)
|
|
|
|
|
|
|
|
|
|
extern void subpage_prot_free(struct mm_struct *mm);
|
|
|
|
|
#else
|
|
|
|
|
static inline void subpage_prot_free(struct mm_struct *mm) {}
|
|
|
|
|
#endif /* CONFIG_PPC_SUBPAGE_PROT */
|
|
|
|
|
|
2019-04-17 18:33:50 +05:30
|
|
|
/*
|
|
|
|
|
* One bit per slice. We have lower slices which cover 256MB segments
|
|
|
|
|
* upto 4G range. That gets us 16 low slices. For the rest we track slices
|
|
|
|
|
* in 1TB size.
|
|
|
|
|
*/
|
|
|
|
|
struct slice_mask {
|
|
|
|
|
u64 low_slices;
|
|
|
|
|
DECLARE_BITMAP(high_slices, SLICE_NUM_HIGH);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct hash_mm_context {
|
|
|
|
|
u16 user_psize; /* page size index */
|
|
|
|
|
|
|
|
|
|
/* SLB page size encodings*/
|
|
|
|
|
unsigned char low_slices_psize[LOW_SLICE_ARRAY_SZ];
|
|
|
|
|
unsigned char high_slices_psize[SLICE_ARRAY_SIZE];
|
|
|
|
|
unsigned long slb_addr_limit;
|
|
|
|
|
#ifdef CONFIG_PPC_64K_PAGES
|
|
|
|
|
struct slice_mask mask_64k;
|
|
|
|
|
#endif
|
|
|
|
|
struct slice_mask mask_4k;
|
|
|
|
|
#ifdef CONFIG_HUGETLB_PAGE
|
|
|
|
|
struct slice_mask mask_16m;
|
|
|
|
|
struct slice_mask mask_16g;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_PPC_SUBPAGE_PROT
|
2019-04-17 18:33:51 +05:30
|
|
|
struct subpage_prot_table *spt;
|
2019-04-17 18:33:50 +05:30
|
|
|
#endif /* CONFIG_PPC_SUBPAGE_PROT */
|
|
|
|
|
};
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
#if 0
|
2007-10-11 20:37:10 +10:00
|
|
|
/*
|
|
|
|
|
* The code below is equivalent to this function for arguments
|
|
|
|
|
* < 2^VSID_BITS, which is all this should ever be called
|
|
|
|
|
* with. However gcc is not clever enough to compute the
|
|
|
|
|
* modulus (2^n-1) without a second multiply.
|
|
|
|
|
*/
|
2010-08-02 20:35:18 +00:00
|
|
|
#define vsid_scramble(protovsid, size) \
|
2007-10-11 20:37:10 +10:00
|
|
|
((((protovsid) * VSID_MULTIPLIER_##size) % VSID_MODULUS_##size))
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2017-03-29 17:21:53 +11:00
|
|
|
/* simplified form avoiding mod operation */
|
2007-10-11 20:37:10 +10:00
|
|
|
#define vsid_scramble(protovsid, size) \
|
|
|
|
|
({ \
|
|
|
|
|
unsigned long x; \
|
|
|
|
|
x = (protovsid) * VSID_MULTIPLIER_##size; \
|
|
|
|
|
x = (x >> VSID_BITS_##size) + (x & VSID_MODULUS_##size); \
|
|
|
|
|
(x + ((x+1) >> VSID_BITS_##size)) & VSID_MODULUS_##size; \
|
|
|
|
|
})
|
2017-03-29 17:21:53 +11:00
|
|
|
|
|
|
|
|
#else /* 1 */
|
|
|
|
|
static inline unsigned long vsid_scramble(unsigned long protovsid,
|
|
|
|
|
unsigned long vsid_multiplier, int vsid_bits)
|
|
|
|
|
{
|
|
|
|
|
unsigned long vsid;
|
|
|
|
|
unsigned long vsid_modulus = ((1UL << vsid_bits) - 1);
|
|
|
|
|
/*
|
|
|
|
|
* We have same multipler for both 256 and 1T segements now
|
|
|
|
|
*/
|
|
|
|
|
vsid = protovsid * vsid_multiplier;
|
|
|
|
|
vsid = (vsid >> vsid_bits) + (vsid & vsid_modulus);
|
|
|
|
|
return (vsid + ((vsid + 1) >> vsid_bits)) & vsid_modulus;
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-27 11:53:52 +10:00
|
|
|
#endif /* 1 */
|
|
|
|
|
|
2007-10-11 20:37:10 +10:00
|
|
|
/* Returns the segment size indicator for a user address */
|
|
|
|
|
static inline int user_segment_size(unsigned long addr)
|
2007-04-27 11:53:52 +10:00
|
|
|
{
|
2007-10-11 20:37:10 +10:00
|
|
|
/* Use 1T segments if possible for addresses >= 1T */
|
|
|
|
|
if (addr >= (1UL << SID_SHIFT_1T))
|
|
|
|
|
return mmu_highuser_ssize;
|
|
|
|
|
return MMU_SEGSIZE_256M;
|
2007-04-27 11:53:52 +10:00
|
|
|
}
|
|
|
|
|
|
2007-10-11 20:37:10 +10:00
|
|
|
static inline unsigned long get_vsid(unsigned long context, unsigned long ea,
|
|
|
|
|
int ssize)
|
|
|
|
|
{
|
2017-03-29 17:21:53 +11:00
|
|
|
unsigned long va_bits = VA_BITS;
|
|
|
|
|
unsigned long vsid_bits;
|
|
|
|
|
unsigned long protovsid;
|
|
|
|
|
|
2013-03-13 03:34:54 +00:00
|
|
|
/*
|
|
|
|
|
* Bad address. We return VSID 0 for that
|
|
|
|
|
*/
|
2019-04-17 18:29:14 +05:30
|
|
|
if ((ea & EA_MASK) >= H_PGTABLE_RANGE)
|
2013-03-13 03:34:54 +00:00
|
|
|
return 0;
|
|
|
|
|
|
2017-03-29 17:21:53 +11:00
|
|
|
if (!mmu_has_feature(MMU_FTR_68_BIT_VA))
|
|
|
|
|
va_bits = 65;
|
|
|
|
|
|
|
|
|
|
if (ssize == MMU_SEGSIZE_256M) {
|
|
|
|
|
vsid_bits = va_bits - SID_SHIFT;
|
|
|
|
|
protovsid = (context << ESID_BITS) |
|
|
|
|
|
((ea >> SID_SHIFT) & ESID_BITS_MASK);
|
|
|
|
|
return vsid_scramble(protovsid, VSID_MULTIPLIER_256M, vsid_bits);
|
|
|
|
|
}
|
|
|
|
|
/* 1T segment */
|
|
|
|
|
vsid_bits = va_bits - SID_SHIFT_1T;
|
|
|
|
|
protovsid = (context << ESID_BITS_1T) |
|
|
|
|
|
((ea >> SID_SHIFT_1T) & ESID_BITS_1T_MASK);
|
|
|
|
|
return vsid_scramble(protovsid, VSID_MULTIPLIER_1T, vsid_bits);
|
2007-10-11 20:37:10 +10:00
|
|
|
}
|
|
|
|
|
|
2018-09-20 14:03:58 +05:30
|
|
|
/*
|
2020-07-25 17:38:01 -07:00
|
|
|
* For kernel space, we use context ids as
|
2018-09-20 14:03:58 +05:30
|
|
|
* below. Range is 512TB per context.
|
|
|
|
|
*
|
|
|
|
|
* 0x00001 - [ 0xc000000000000000 - 0xc001ffffffffffff]
|
|
|
|
|
* 0x00002 - [ 0xc002000000000000 - 0xc003ffffffffffff]
|
|
|
|
|
* 0x00003 - [ 0xc004000000000000 - 0xc005ffffffffffff]
|
|
|
|
|
* 0x00004 - [ 0xc006000000000000 - 0xc007ffffffffffff]
|
|
|
|
|
*
|
2019-04-17 18:29:14 +05:30
|
|
|
* vmap, IO, vmemap
|
|
|
|
|
*
|
|
|
|
|
* 0x00005 - [ 0xc008000000000000 - 0xc009ffffffffffff]
|
|
|
|
|
* 0x00006 - [ 0xc00a000000000000 - 0xc00bffffffffffff]
|
|
|
|
|
* 0x00007 - [ 0xc00c000000000000 - 0xc00dffffffffffff]
|
|
|
|
|
*
|
2018-09-20 14:03:58 +05:30
|
|
|
*/
|
|
|
|
|
static inline unsigned long get_kernel_context(unsigned long ea)
|
|
|
|
|
{
|
2019-04-17 18:29:14 +05:30
|
|
|
unsigned long region_id = get_region_id(ea);
|
2018-09-20 14:03:58 +05:30
|
|
|
unsigned long ctx;
|
|
|
|
|
/*
|
2019-04-17 18:29:14 +05:30
|
|
|
* Depending on Kernel config, kernel region can have one context
|
|
|
|
|
* or more.
|
2018-09-20 14:03:58 +05:30
|
|
|
*/
|
2019-04-17 18:29:19 +05:30
|
|
|
if (region_id == LINEAR_MAP_REGION_ID) {
|
2018-09-20 14:03:58 +05:30
|
|
|
/*
|
|
|
|
|
* We already verified ea to be not beyond the addr limit.
|
|
|
|
|
*/
|
2019-04-17 18:29:14 +05:30
|
|
|
ctx = 1 + ((ea & EA_MASK) >> MAX_EA_BITS_PER_CONTEXT);
|
2018-09-20 14:03:58 +05:30
|
|
|
} else
|
2019-04-17 18:29:17 +05:30
|
|
|
ctx = region_id + MAX_KERNEL_CTX_CNT - 1;
|
2018-09-20 14:03:58 +05:30
|
|
|
return ctx;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-13 03:34:54 +00:00
|
|
|
/*
|
|
|
|
|
* This is only valid for addresses >= PAGE_OFFSET
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned long get_kernel_vsid(unsigned long ea, int ssize)
|
|
|
|
|
{
|
|
|
|
|
unsigned long context;
|
|
|
|
|
|
2017-03-29 23:10:34 +11:00
|
|
|
if (!is_kernel_addr(ea))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2018-09-20 14:03:58 +05:30
|
|
|
context = get_kernel_context(ea);
|
2013-03-13 03:34:54 +00:00
|
|
|
return get_vsid(context, ea, ssize);
|
|
|
|
|
}
|
2016-02-09 13:32:43 +10:00
|
|
|
|
|
|
|
|
unsigned htab_shift_for_mem_size(unsigned long mem_size);
|
|
|
|
|
|
2020-11-30 14:00:57 +05:30
|
|
|
enum slb_index {
|
|
|
|
|
LINEAR_INDEX = 0, /* Kernel linear map (0xc000000000000000) */
|
|
|
|
|
KSTACK_INDEX = 1, /* Kernel stack map */
|
|
|
|
|
};
|
2007-04-27 11:53:52 +10:00
|
|
|
|
2020-11-30 14:00:57 +05:30
|
|
|
#define slb_esid_mask(ssize) \
|
|
|
|
|
(((ssize) == MMU_SEGSIZE_256M) ? ESID_MASK : ESID_MASK_1T)
|
|
|
|
|
|
|
|
|
|
static inline unsigned long mk_esid_data(unsigned long ea, int ssize,
|
|
|
|
|
enum slb_index index)
|
|
|
|
|
{
|
|
|
|
|
return (ea & slb_esid_mask(ssize)) | SLB_ESID_V | index;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long __mk_vsid_data(unsigned long vsid, int ssize,
|
|
|
|
|
unsigned long flags)
|
|
|
|
|
{
|
|
|
|
|
return (vsid << slb_vsid_shift(ssize)) | flags |
|
|
|
|
|
((unsigned long)ssize << SLB_VSID_SSIZE_SHIFT);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long mk_vsid_data(unsigned long ea, int ssize,
|
|
|
|
|
unsigned long flags)
|
|
|
|
|
{
|
|
|
|
|
return __mk_vsid_data(get_kernel_vsid(ea, ssize), ssize, flags);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /* __ASSEMBLY__ */
|
2016-04-29 23:25:41 +10:00
|
|
|
#endif /* _ASM_POWERPC_BOOK3S_64_MMU_HASH_H_ */
|