1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Based on arch/arm/mm/init.c
4 *
5 * Copyright (C) 1995-2005 Russell King
6 * Copyright (C) 2012 ARM Ltd.
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/export.h>
11 #include <linux/errno.h>
12 #include <linux/swap.h>
13 #include <linux/init.h>
14 #include <linux/cache.h>
15 #include <linux/mman.h>
16 #include <linux/nodemask.h>
17 #include <linux/initrd.h>
18 #include <linux/gfp.h>
19 #include <linux/math.h>
20 #include <linux/memblock.h>
21 #include <linux/sort.h>
22 #include <linux/of.h>
23 #include <linux/of_fdt.h>
24 #include <linux/dma-direct.h>
25 #include <linux/dma-map-ops.h>
26 #include <linux/efi.h>
27 #include <linux/swiotlb.h>
28 #include <linux/vmalloc.h>
29 #include <linux/mm.h>
30 #include <linux/kexec.h>
31 #include <linux/crash_dump.h>
32 #include <linux/hugetlb.h>
33 #include <linux/acpi_iort.h>
34 #include <linux/kmemleak.h>
35 #include <linux/execmem.h>
36
37 #include <asm/boot.h>
38 #include <asm/fixmap.h>
39 #include <asm/kasan.h>
40 #include <asm/kernel-pgtable.h>
41 #include <asm/kvm_host.h>
42 #include <asm/memory.h>
43 #include <asm/numa.h>
44 #include <asm/sections.h>
45 #include <asm/setup.h>
46 #include <linux/sizes.h>
47 #include <asm/tlb.h>
48 #include <asm/alternative.h>
49 #include <asm/xen/swiotlb-xen.h>
50
51 /*
52 * We need to be able to catch inadvertent references to memstart_addr
53 * that occur (potentially in generic code) before arm64_memblock_init()
54 * executes, which assigns it its actual value. So use a default value
55 * that cannot be mistaken for a real physical address.
56 */
57 s64 memstart_addr __ro_after_init = -1;
58 EXPORT_SYMBOL(memstart_addr);
59
60 /*
61 * If the corresponding config options are enabled, we create both ZONE_DMA
62 * and ZONE_DMA32. By default ZONE_DMA covers the 32-bit addressable memory
63 * unless restricted on specific platforms (e.g. 30-bit on Raspberry Pi 4).
64 * In such case, ZONE_DMA32 covers the rest of the 32-bit addressable memory,
65 * otherwise it is empty.
66 */
67 phys_addr_t __ro_after_init arm64_dma_phys_limit;
68
69 /*
70 * Provide a run-time mean of disabling ZONE_DMA32 if it is enabled via
71 * CONFIG_ZONE_DMA32.
72 */
73 static bool disable_dma32 __ro_after_init;
74
75 /*
76 * To make optimal use of block mappings when laying out the linear
77 * mapping, round down the base of physical memory to a size that can
78 * be mapped efficiently, i.e., either PUD_SIZE (4k granule) or PMD_SIZE
79 * (64k granule), or a multiple that can be mapped using contiguous bits
80 * in the page tables: 32 * PMD_SIZE (16k granule)
81 */
82 #if defined(CONFIG_ARM64_4K_PAGES)
83 #define ARM64_MEMSTART_SHIFT PUD_SHIFT
84 #elif defined(CONFIG_ARM64_16K_PAGES)
85 #define ARM64_MEMSTART_SHIFT CONT_PMD_SHIFT
86 #else
87 #define ARM64_MEMSTART_SHIFT PMD_SHIFT
88 #endif
89
90 /*
91 * sparsemem vmemmap imposes an additional requirement on the alignment of
92 * memstart_addr, due to the fact that the base of the vmemmap region
93 * has a direct correspondence, and needs to appear sufficiently aligned
94 * in the virtual address space.
95 */
96 #if ARM64_MEMSTART_SHIFT < SECTION_SIZE_BITS
97 #define ARM64_MEMSTART_ALIGN (1UL << SECTION_SIZE_BITS)
98 #else
99 #define ARM64_MEMSTART_ALIGN (1UL << ARM64_MEMSTART_SHIFT)
100 #endif
101
arch_reserve_crashkernel(void)102 static void __init arch_reserve_crashkernel(void)
103 {
104 unsigned long long low_size = 0;
105 unsigned long long crash_base, crash_size;
106 char *cmdline = boot_command_line;
107 bool high = false;
108 int ret;
109
110 if (!IS_ENABLED(CONFIG_CRASH_RESERVE))
111 return;
112
113 ret = parse_crashkernel(cmdline, memblock_phys_mem_size(),
114 &crash_size, &crash_base,
115 &low_size, &high);
116 if (ret)
117 return;
118
119 reserve_crashkernel_generic(cmdline, crash_size, crash_base,
120 low_size, high);
121 }
122
max_zone_phys(phys_addr_t zone_limit)123 static phys_addr_t __init max_zone_phys(phys_addr_t zone_limit)
124 {
125 return min(zone_limit, memblock_end_of_DRAM() - 1) + 1;
126 }
127
zone_sizes_init(void)128 static void __init zone_sizes_init(void)
129 {
130 unsigned long max_zone_pfns[MAX_NR_ZONES] = {0};
131 phys_addr_t __maybe_unused acpi_zone_dma_limit;
132 phys_addr_t __maybe_unused dt_zone_dma_limit;
133 phys_addr_t __maybe_unused dma32_phys_limit =
134 max_zone_phys(DMA_BIT_MASK(32));
135
136 #ifdef CONFIG_ZONE_DMA
137 acpi_zone_dma_limit = acpi_iort_dma_get_max_cpu_address();
138 dt_zone_dma_limit = of_dma_get_max_cpu_address(NULL);
139 zone_dma_limit = min(dt_zone_dma_limit, acpi_zone_dma_limit);
140 /*
141 * Information we get from firmware (e.g. DT dma-ranges) describe DMA
142 * bus constraints. Devices using DMA might have their own limitations.
143 * Some of them rely on DMA zone in low 32-bit memory. Keep low RAM
144 * DMA zone on platforms that have RAM there.
145 */
146 if (memblock_start_of_DRAM() < U32_MAX)
147 zone_dma_limit = min(zone_dma_limit, U32_MAX);
148 arm64_dma_phys_limit = max_zone_phys(zone_dma_limit);
149 max_zone_pfns[ZONE_DMA] = PFN_DOWN(arm64_dma_phys_limit);
150 #endif
151 #ifdef CONFIG_ZONE_DMA32
152 if (!disable_dma32) {
153 max_zone_pfns[ZONE_DMA32] = PFN_DOWN(dma32_phys_limit);
154 if (!arm64_dma_phys_limit)
155 arm64_dma_phys_limit = dma32_phys_limit;
156 }
157 #endif
158 if (!arm64_dma_phys_limit)
159 arm64_dma_phys_limit = PHYS_MASK + 1;
160 max_zone_pfns[ZONE_NORMAL] = max_pfn;
161
162 free_area_init(max_zone_pfns);
163 }
164
early_disable_dma32(char * buf)165 static int __init early_disable_dma32(char *buf)
166 {
167 if (!buf)
168 return -EINVAL;
169
170 if (!strcmp(buf, "on"))
171 disable_dma32 = true;
172
173 return 0;
174 }
175 early_param("disable_dma32", early_disable_dma32);
176
pfn_is_map_memory(unsigned long pfn)177 int pfn_is_map_memory(unsigned long pfn)
178 {
179 phys_addr_t addr = PFN_PHYS(pfn);
180
181 /* avoid false positives for bogus PFNs, see comment in pfn_valid() */
182 if (PHYS_PFN(addr) != pfn)
183 return 0;
184
185 return memblock_is_map_memory(addr);
186 }
187 EXPORT_SYMBOL(pfn_is_map_memory);
188
189 static phys_addr_t memory_limit __ro_after_init = PHYS_ADDR_MAX;
190
191 /*
192 * Limit the memory size that was specified via FDT.
193 */
early_mem(char * p)194 static int __init early_mem(char *p)
195 {
196 if (!p)
197 return 1;
198
199 memory_limit = memparse(p, &p) & PAGE_MASK;
200 pr_notice("Memory limited to %lldMB\n", memory_limit >> 20);
201
202 return 0;
203 }
204 early_param("mem", early_mem);
205
arm64_memblock_init(void)206 void __init arm64_memblock_init(void)
207 {
208 s64 linear_region_size = PAGE_END - _PAGE_OFFSET(vabits_actual);
209
210 /*
211 * Corner case: 52-bit VA capable systems running KVM in nVHE mode may
212 * be limited in their ability to support a linear map that exceeds 51
213 * bits of VA space, depending on the placement of the ID map. Given
214 * that the placement of the ID map may be randomized, let's simply
215 * limit the kernel's linear map to 51 bits as well if we detect this
216 * configuration.
217 */
218 if (IS_ENABLED(CONFIG_KVM) && vabits_actual == 52 &&
219 is_hyp_mode_available() && !is_kernel_in_hyp_mode()) {
220 pr_info("Capping linear region to 51 bits for KVM in nVHE mode on LVA capable hardware.\n");
221 linear_region_size = min_t(u64, linear_region_size, BIT(51));
222 }
223
224 /* Remove memory above our supported physical address size */
225 memblock_remove(1ULL << PHYS_MASK_SHIFT, ULLONG_MAX);
226
227 /*
228 * Select a suitable value for the base of physical memory.
229 */
230 memstart_addr = round_down(memblock_start_of_DRAM(),
231 ARM64_MEMSTART_ALIGN);
232
233 if ((memblock_end_of_DRAM() - memstart_addr) > linear_region_size)
234 pr_warn("Memory doesn't fit in the linear mapping, VA_BITS too small\n");
235
236 /*
237 * Remove the memory that we will not be able to cover with the
238 * linear mapping. Take care not to clip the kernel which may be
239 * high in memory.
240 */
241 memblock_remove(max_t(u64, memstart_addr + linear_region_size,
242 __pa_symbol(_end)), ULLONG_MAX);
243 if (memstart_addr + linear_region_size < memblock_end_of_DRAM()) {
244 /* ensure that memstart_addr remains sufficiently aligned */
245 memstart_addr = round_up(memblock_end_of_DRAM() - linear_region_size,
246 ARM64_MEMSTART_ALIGN);
247 memblock_remove(0, memstart_addr);
248 }
249
250 /*
251 * If we are running with a 52-bit kernel VA config on a system that
252 * does not support it, we have to place the available physical
253 * memory in the 48-bit addressable part of the linear region, i.e.,
254 * we have to move it upward. Since memstart_addr represents the
255 * physical address of PAGE_OFFSET, we have to *subtract* from it.
256 */
257 if (IS_ENABLED(CONFIG_ARM64_VA_BITS_52) && (vabits_actual != 52))
258 memstart_addr -= _PAGE_OFFSET(vabits_actual) - _PAGE_OFFSET(52);
259
260 /*
261 * Apply the memory limit if it was set. Since the kernel may be loaded
262 * high up in memory, add back the kernel region that must be accessible
263 * via the linear mapping.
264 */
265 if (memory_limit != PHYS_ADDR_MAX) {
266 memblock_mem_limit_remove_map(memory_limit);
267 memblock_add(__pa_symbol(_text), (u64)(_end - _text));
268 }
269
270 if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
271 /*
272 * Add back the memory we just removed if it results in the
273 * initrd to become inaccessible via the linear mapping.
274 * Otherwise, this is a no-op
275 */
276 u64 base = phys_initrd_start & PAGE_MASK;
277 u64 size = PAGE_ALIGN(phys_initrd_start + phys_initrd_size) - base;
278
279 /*
280 * We can only add back the initrd memory if we don't end up
281 * with more memory than we can address via the linear mapping.
282 * It is up to the bootloader to position the kernel and the
283 * initrd reasonably close to each other (i.e., within 32 GB of
284 * each other) so that all granule/#levels combinations can
285 * always access both.
286 */
287 if (WARN(base < memblock_start_of_DRAM() ||
288 base + size > memblock_start_of_DRAM() +
289 linear_region_size,
290 "initrd not fully accessible via the linear mapping -- please check your bootloader ...\n")) {
291 phys_initrd_size = 0;
292 } else {
293 memblock_add(base, size);
294 memblock_clear_nomap(base, size);
295 memblock_reserve(base, size);
296 }
297 }
298
299 if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
300 extern u16 memstart_offset_seed;
301 u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
302 int parange = cpuid_feature_extract_unsigned_field(
303 mmfr0, ID_AA64MMFR0_EL1_PARANGE_SHIFT);
304 s64 range = linear_region_size -
305 BIT(id_aa64mmfr0_parange_to_phys_shift(parange));
306
307 /*
308 * If the size of the linear region exceeds, by a sufficient
309 * margin, the size of the region that the physical memory can
310 * span, randomize the linear region as well.
311 */
312 if (memstart_offset_seed > 0 && range >= (s64)ARM64_MEMSTART_ALIGN) {
313 range /= ARM64_MEMSTART_ALIGN;
314 memstart_addr -= ARM64_MEMSTART_ALIGN *
315 ((range * memstart_offset_seed) >> 16);
316 }
317 }
318
319 /*
320 * Register the kernel text, kernel data, initrd, and initial
321 * pagetables with memblock.
322 */
323 memblock_reserve(__pa_symbol(_stext), _end - _stext);
324 if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
325 /* the generic initrd code expects virtual addresses */
326 initrd_start = __phys_to_virt(phys_initrd_start);
327 initrd_end = initrd_start + phys_initrd_size;
328 }
329
330 early_init_fdt_scan_reserved_mem();
331
332 high_memory = __va(memblock_end_of_DRAM() - 1) + 1;
333 }
334
bootmem_init(void)335 void __init bootmem_init(void)
336 {
337 unsigned long min, max;
338
339 min = PFN_UP(memblock_start_of_DRAM());
340 max = PFN_DOWN(memblock_end_of_DRAM());
341
342 early_memtest(min << PAGE_SHIFT, max << PAGE_SHIFT);
343
344 max_pfn = max_low_pfn = max;
345 min_low_pfn = min;
346
347 arch_numa_init();
348
349 /*
350 * must be done after arch_numa_init() which calls numa_init() to
351 * initialize node_online_map that gets used in hugetlb_cma_reserve()
352 * while allocating required CMA size across online nodes.
353 */
354 #if defined(CONFIG_HUGETLB_PAGE) && defined(CONFIG_CMA)
355 arm64_hugetlb_cma_reserve();
356 #endif
357
358 kvm_hyp_reserve();
359
360 /*
361 * sparse_init() tries to allocate memory from memblock, so must be
362 * done after the fixed reservations
363 */
364 sparse_init();
365 zone_sizes_init();
366
367 /*
368 * Reserve the CMA area after arm64_dma_phys_limit was initialised.
369 */
370 dma_contiguous_reserve(arm64_dma_phys_limit);
371
372 /*
373 * request_standard_resources() depends on crashkernel's memory being
374 * reserved, so do it here.
375 */
376 arch_reserve_crashkernel();
377
378 memblock_dump_all();
379 }
380
381 /*
382 * mem_init() marks the free areas in the mem_map and tells us how much memory
383 * is free. This is done after various parts of the system have claimed their
384 * memory after the kernel image.
385 */
mem_init(void)386 void __init mem_init(void)
387 {
388 bool swiotlb = max_pfn > PFN_DOWN(arm64_dma_phys_limit);
389
390 if (IS_ENABLED(CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC) && !swiotlb) {
391 /*
392 * If no bouncing needed for ZONE_DMA, reduce the swiotlb
393 * buffer for kmalloc() bouncing to 1MB per 1GB of RAM.
394 */
395 unsigned long size =
396 DIV_ROUND_UP(memblock_phys_mem_size(), 1024);
397 swiotlb_adjust_size(min(swiotlb_size_or_default(), size));
398 swiotlb = true;
399 }
400
401 swiotlb_init(swiotlb, SWIOTLB_VERBOSE);
402
403 /* this will put all unused low memory onto the freelists */
404 memblock_free_all();
405
406 /*
407 * Check boundaries twice: Some fundamental inconsistencies can be
408 * detected at build time already.
409 */
410 #ifdef CONFIG_COMPAT
411 BUILD_BUG_ON(TASK_SIZE_32 > DEFAULT_MAP_WINDOW_64);
412 #endif
413
414 /*
415 * Selected page table levels should match when derived from
416 * scratch using the virtual address range and page size.
417 */
418 BUILD_BUG_ON(ARM64_HW_PGTABLE_LEVELS(CONFIG_ARM64_VA_BITS) !=
419 CONFIG_PGTABLE_LEVELS);
420
421 if (PAGE_SIZE >= 16384 && get_num_physpages() <= 128) {
422 extern int sysctl_overcommit_memory;
423 /*
424 * On a machine this small we won't get anywhere without
425 * overcommit, so turn it on by default.
426 */
427 sysctl_overcommit_memory = OVERCOMMIT_ALWAYS;
428 }
429 }
430
free_initmem(void)431 void free_initmem(void)
432 {
433 void *lm_init_begin = lm_alias(__init_begin);
434 void *lm_init_end = lm_alias(__init_end);
435
436 WARN_ON(!IS_ALIGNED((unsigned long)lm_init_begin, PAGE_SIZE));
437 WARN_ON(!IS_ALIGNED((unsigned long)lm_init_end, PAGE_SIZE));
438
439 /* Delete __init region from memblock.reserved. */
440 memblock_free(lm_init_begin, lm_init_end - lm_init_begin);
441
442 free_reserved_area(lm_init_begin, lm_init_end,
443 POISON_FREE_INITMEM, "unused kernel");
444 /*
445 * Unmap the __init region but leave the VM area in place. This
446 * prevents the region from being reused for kernel modules, which
447 * is not supported by kallsyms.
448 */
449 vunmap_range((u64)__init_begin, (u64)__init_end);
450 }
451
dump_mem_limit(void)452 void dump_mem_limit(void)
453 {
454 if (memory_limit != PHYS_ADDR_MAX) {
455 pr_emerg("Memory Limit: %llu MB\n", memory_limit >> 20);
456 } else {
457 pr_emerg("Memory Limit: none\n");
458 }
459 }
460
461 #ifdef CONFIG_EXECMEM
462 static u64 module_direct_base __ro_after_init = 0;
463 static u64 module_plt_base __ro_after_init = 0;
464
465 /*
466 * Choose a random page-aligned base address for a window of 'size' bytes which
467 * entirely contains the interval [start, end - 1].
468 */
random_bounding_box(u64 size,u64 start,u64 end)469 static u64 __init random_bounding_box(u64 size, u64 start, u64 end)
470 {
471 u64 max_pgoff, pgoff;
472
473 if ((end - start) >= size)
474 return 0;
475
476 max_pgoff = (size - (end - start)) / PAGE_SIZE;
477 pgoff = get_random_u32_inclusive(0, max_pgoff);
478
479 return start - pgoff * PAGE_SIZE;
480 }
481
482 /*
483 * Modules may directly reference data and text anywhere within the kernel
484 * image and other modules. References using PREL32 relocations have a +/-2G
485 * range, and so we need to ensure that the entire kernel image and all modules
486 * fall within a 2G window such that these are always within range.
487 *
488 * Modules may directly branch to functions and code within the kernel text,
489 * and to functions and code within other modules. These branches will use
490 * CALL26/JUMP26 relocations with a +/-128M range. Without PLTs, we must ensure
491 * that the entire kernel text and all module text falls within a 128M window
492 * such that these are always within range. With PLTs, we can expand this to a
493 * 2G window.
494 *
495 * We chose the 128M region to surround the entire kernel image (rather than
496 * just the text) as using the same bounds for the 128M and 2G regions ensures
497 * by construction that we never select a 128M region that is not a subset of
498 * the 2G region. For very large and unusual kernel configurations this means
499 * we may fall back to PLTs where they could have been avoided, but this keeps
500 * the logic significantly simpler.
501 */
module_init_limits(void)502 static int __init module_init_limits(void)
503 {
504 u64 kernel_end = (u64)_end;
505 u64 kernel_start = (u64)_text;
506 u64 kernel_size = kernel_end - kernel_start;
507
508 /*
509 * The default modules region is placed immediately below the kernel
510 * image, and is large enough to use the full 2G relocation range.
511 */
512 BUILD_BUG_ON(KIMAGE_VADDR != MODULES_END);
513 BUILD_BUG_ON(MODULES_VSIZE < SZ_2G);
514
515 if (!kaslr_enabled()) {
516 if (kernel_size < SZ_128M)
517 module_direct_base = kernel_end - SZ_128M;
518 if (kernel_size < SZ_2G)
519 module_plt_base = kernel_end - SZ_2G;
520 } else {
521 u64 min = kernel_start;
522 u64 max = kernel_end;
523
524 if (IS_ENABLED(CONFIG_RANDOMIZE_MODULE_REGION_FULL)) {
525 pr_info("2G module region forced by RANDOMIZE_MODULE_REGION_FULL\n");
526 } else {
527 module_direct_base = random_bounding_box(SZ_128M, min, max);
528 if (module_direct_base) {
529 min = module_direct_base;
530 max = module_direct_base + SZ_128M;
531 }
532 }
533
534 module_plt_base = random_bounding_box(SZ_2G, min, max);
535 }
536
537 pr_info("%llu pages in range for non-PLT usage",
538 module_direct_base ? (SZ_128M - kernel_size) / PAGE_SIZE : 0);
539 pr_info("%llu pages in range for PLT usage",
540 module_plt_base ? (SZ_2G - kernel_size) / PAGE_SIZE : 0);
541
542 return 0;
543 }
544
545 static struct execmem_info execmem_info __ro_after_init;
546
execmem_arch_setup(void)547 struct execmem_info __init *execmem_arch_setup(void)
548 {
549 unsigned long fallback_start = 0, fallback_end = 0;
550 unsigned long start = 0, end = 0;
551
552 module_init_limits();
553
554 /*
555 * Where possible, prefer to allocate within direct branch range of the
556 * kernel such that no PLTs are necessary.
557 */
558 if (module_direct_base) {
559 start = module_direct_base;
560 end = module_direct_base + SZ_128M;
561
562 if (module_plt_base) {
563 fallback_start = module_plt_base;
564 fallback_end = module_plt_base + SZ_2G;
565 }
566 } else if (module_plt_base) {
567 start = module_plt_base;
568 end = module_plt_base + SZ_2G;
569 }
570
571 execmem_info = (struct execmem_info){
572 .ranges = {
573 [EXECMEM_DEFAULT] = {
574 .start = start,
575 .end = end,
576 .pgprot = PAGE_KERNEL,
577 .alignment = 1,
578 .fallback_start = fallback_start,
579 .fallback_end = fallback_end,
580 },
581 [EXECMEM_KPROBES] = {
582 .start = VMALLOC_START,
583 .end = VMALLOC_END,
584 .pgprot = PAGE_KERNEL_ROX,
585 .alignment = 1,
586 },
587 [EXECMEM_BPF] = {
588 .start = VMALLOC_START,
589 .end = VMALLOC_END,
590 .pgprot = PAGE_KERNEL,
591 .alignment = 1,
592 },
593 },
594 };
595
596 return &execmem_info;
597 }
598 #endif /* CONFIG_EXECMEM */
599