1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright 2007-2008 Paul Mackerras, IBM Corp.
6 #include <linux/errno.h>
7 #include <linux/kernel.h>
9 #include <linux/types.h>
11 #include <linux/hugetlb.h>
12 #include <linux/syscalls.h>
14 #include <asm/pgtable.h>
15 #include <linux/uaccess.h>
18 * Free all pages allocated for subpage protection maps and pointers.
19 * Also makes sure that the subpage_prot_table structure is
20 * reinitialized for the next user.
22 void subpage_prot_free(struct mm_struct *mm)
24 struct subpage_prot_table *spt = mm_ctx_subpage_prot(&mm->context);
25 unsigned long i, j, addr;
31 for (i = 0; i < 4; ++i) {
32 if (spt->low_prot[i]) {
33 free_page((unsigned long)spt->low_prot[i]);
34 spt->low_prot[i] = NULL;
38 for (i = 0; i < (TASK_SIZE_USER64 >> 43); ++i) {
42 spt->protptrs[i] = NULL;
43 for (j = 0; j < SBP_L2_COUNT && addr < spt->maxaddr;
44 ++j, addr += PAGE_SIZE)
46 free_page((unsigned long)p[j]);
47 free_page((unsigned long)p);
53 static void hpte_flush_range(struct mm_struct *mm, unsigned long addr,
62 pgd = pgd_offset(mm, addr);
65 pud = pud_offset(pgd, addr);
68 pmd = pmd_offset(pud, addr);
71 pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
72 arch_enter_lazy_mmu_mode();
73 for (; npages > 0; --npages) {
74 pte_update(mm, addr, pte, 0, 0, 0);
78 arch_leave_lazy_mmu_mode();
79 pte_unmap_unlock(pte - 1, ptl);
83 * Clear the subpage protection map for an address range, allowing
84 * all accesses that are allowed by the pte permissions.
86 static void subpage_prot_clear(unsigned long addr, unsigned long len)
88 struct mm_struct *mm = current->mm;
89 struct subpage_prot_table *spt;
93 unsigned long next, limit;
95 down_write(&mm->mmap_sem);
97 spt = mm_ctx_subpage_prot(&mm->context);
102 if (limit > spt->maxaddr)
103 limit = spt->maxaddr;
104 for (; addr < limit; addr = next) {
105 next = pmd_addr_end(addr, limit);
106 if (addr < 0x100000000UL) {
109 spm = spt->protptrs[addr >> SBP_L3_SHIFT];
113 spp = spm[(addr >> SBP_L2_SHIFT) & (SBP_L2_COUNT - 1)];
116 spp += (addr >> PAGE_SHIFT) & (SBP_L1_COUNT - 1);
118 i = (addr >> PAGE_SHIFT) & (PTRS_PER_PTE - 1);
119 nw = PTRS_PER_PTE - i;
120 if (addr + (nw << PAGE_SHIFT) > next)
121 nw = (next - addr) >> PAGE_SHIFT;
123 memset(spp, 0, nw * sizeof(u32));
125 /* now flush any existing HPTEs for the range */
126 hpte_flush_range(mm, addr, nw);
130 up_write(&mm->mmap_sem);
133 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
134 static int subpage_walk_pmd_entry(pmd_t *pmd, unsigned long addr,
135 unsigned long end, struct mm_walk *walk)
137 struct vm_area_struct *vma = walk->vma;
138 split_huge_pmd(vma, pmd, addr);
142 static void subpage_mark_vma_nohuge(struct mm_struct *mm, unsigned long addr,
145 struct vm_area_struct *vma;
146 struct mm_walk subpage_proto_walk = {
148 .pmd_entry = subpage_walk_pmd_entry,
152 * We don't try too hard, we just mark all the vma in that range
153 * VM_NOHUGEPAGE and split them.
155 vma = find_vma(mm, addr);
157 * If the range is in unmapped range, just return
159 if (vma && ((addr + len) <= vma->vm_start))
163 if (vma->vm_start >= (addr + len))
165 vma->vm_flags |= VM_NOHUGEPAGE;
166 walk_page_vma(vma, &subpage_proto_walk);
171 static void subpage_mark_vma_nohuge(struct mm_struct *mm, unsigned long addr,
179 * Copy in a subpage protection map for an address range.
180 * The map has 2 bits per 4k subpage, so 32 bits per 64k page.
181 * Each 2-bit field is 0 to allow any access, 1 to prevent writes,
182 * 2 or 3 to prevent all accesses.
183 * Note that the normal page protections also apply; the subpage
184 * protection mechanism is an additional constraint, so putting 0
185 * in a 2-bit field won't allow writes to a page that is otherwise
188 SYSCALL_DEFINE3(subpage_prot, unsigned long, addr,
189 unsigned long, len, u32 __user *, map)
191 struct mm_struct *mm = current->mm;
192 struct subpage_prot_table *spt;
196 unsigned long next, limit;
202 /* Check parameters */
203 if ((addr & ~PAGE_MASK) || (len & ~PAGE_MASK) ||
204 addr >= mm->task_size || len >= mm->task_size ||
205 addr + len > mm->task_size)
208 if (is_hugepage_only_range(mm, addr, len))
212 /* Clear out the protection map for the address range */
213 subpage_prot_clear(addr, len);
217 if (!access_ok(map, (len >> PAGE_SHIFT) * sizeof(u32)))
220 down_write(&mm->mmap_sem);
222 spt = mm_ctx_subpage_prot(&mm->context);
225 * Allocate subpage prot table if not already done.
226 * Do this with mmap_sem held
228 spt = kzalloc(sizeof(struct subpage_prot_table), GFP_KERNEL);
233 mm->context.hash_context->spt = spt;
236 subpage_mark_vma_nohuge(mm, addr, len);
237 for (limit = addr + len; addr < limit; addr = next) {
238 next = pmd_addr_end(addr, limit);
240 if (addr < 0x100000000UL) {
243 spm = spt->protptrs[addr >> SBP_L3_SHIFT];
245 spm = (u32 **)get_zeroed_page(GFP_KERNEL);
248 spt->protptrs[addr >> SBP_L3_SHIFT] = spm;
251 spm += (addr >> SBP_L2_SHIFT) & (SBP_L2_COUNT - 1);
254 spp = (u32 *)get_zeroed_page(GFP_KERNEL);
259 spp += (addr >> PAGE_SHIFT) & (SBP_L1_COUNT - 1);
262 demote_segment_4k(mm, addr);
265 i = (addr >> PAGE_SHIFT) & (PTRS_PER_PTE - 1);
266 nw = PTRS_PER_PTE - i;
267 if (addr + (nw << PAGE_SHIFT) > next)
268 nw = (next - addr) >> PAGE_SHIFT;
270 up_write(&mm->mmap_sem);
271 if (__copy_from_user(spp, map, nw * sizeof(u32)))
274 down_write(&mm->mmap_sem);
276 /* now flush any existing HPTEs for the range */
277 hpte_flush_range(mm, addr, nw);
279 if (limit > spt->maxaddr)
280 spt->maxaddr = limit;
283 up_write(&mm->mmap_sem);