| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | #ifndef _ASM_X86_TLBFLUSH_H |
| 3 | #define _ASM_X86_TLBFLUSH_H |
| 4 | |
| 5 | #include <linux/mm_types.h> |
| 6 | #include <linux/mmu_notifier.h> |
| 7 | #include <linux/sched.h> |
| 8 | |
| 9 | #include <asm/processor.h> |
| 10 | #include <asm/cpufeature.h> |
| 11 | #include <asm/special_insns.h> |
| 12 | #include <asm/smp.h> |
| 13 | #include <asm/invpcid.h> |
| 14 | #include <asm/pti.h> |
| 15 | #include <asm/processor-flags.h> |
| 16 | #include <asm/pgtable.h> |
| 17 | |
| 18 | DECLARE_PER_CPU(u64, tlbstate_untag_mask); |
| 19 | |
| 20 | void __flush_tlb_all(void); |
| 21 | |
| 22 | #define TLB_FLUSH_ALL -1UL |
| 23 | #define TLB_GENERATION_INVALID 0 |
| 24 | |
| 25 | void cr4_update_irqsoff(unsigned long set, unsigned long clear); |
| 26 | unsigned long cr4_read_shadow(void); |
| 27 | |
| 28 | /* Set in this cpu's CR4. */ |
| 29 | static inline void cr4_set_bits_irqsoff(unsigned long mask) |
| 30 | { |
| 31 | cr4_update_irqsoff(set: mask, clear: 0); |
| 32 | } |
| 33 | |
| 34 | /* Clear in this cpu's CR4. */ |
| 35 | static inline void cr4_clear_bits_irqsoff(unsigned long mask) |
| 36 | { |
| 37 | cr4_update_irqsoff(set: 0, clear: mask); |
| 38 | } |
| 39 | |
| 40 | /* Set in this cpu's CR4. */ |
| 41 | static inline void cr4_set_bits(unsigned long mask) |
| 42 | { |
| 43 | unsigned long flags; |
| 44 | |
| 45 | local_irq_save(flags); |
| 46 | cr4_set_bits_irqsoff(mask); |
| 47 | local_irq_restore(flags); |
| 48 | } |
| 49 | |
| 50 | /* Clear in this cpu's CR4. */ |
| 51 | static inline void cr4_clear_bits(unsigned long mask) |
| 52 | { |
| 53 | unsigned long flags; |
| 54 | |
| 55 | local_irq_save(flags); |
| 56 | cr4_clear_bits_irqsoff(mask); |
| 57 | local_irq_restore(flags); |
| 58 | } |
| 59 | |
| 60 | #ifndef MODULE |
| 61 | /* |
| 62 | * 6 because 6 should be plenty and struct tlb_state will fit in two cache |
| 63 | * lines. |
| 64 | */ |
| 65 | #define TLB_NR_DYN_ASIDS 6 |
| 66 | |
| 67 | struct tlb_context { |
| 68 | u64 ctx_id; |
| 69 | u64 tlb_gen; |
| 70 | }; |
| 71 | |
| 72 | struct tlb_state { |
| 73 | /* |
| 74 | * cpu_tlbstate.loaded_mm should match CR3 whenever interrupts |
| 75 | * are on. This means that it may not match current->active_mm, |
| 76 | * which will contain the previous user mm when we're in lazy TLB |
| 77 | * mode even if we've already switched back to swapper_pg_dir. |
| 78 | * |
| 79 | * During switch_mm_irqs_off(), loaded_mm will be set to |
| 80 | * LOADED_MM_SWITCHING during the brief interrupts-off window |
| 81 | * when CR3 and loaded_mm would otherwise be inconsistent. This |
| 82 | * is for nmi_uaccess_okay()'s benefit. |
| 83 | */ |
| 84 | struct mm_struct *loaded_mm; |
| 85 | |
| 86 | #define LOADED_MM_SWITCHING ((struct mm_struct *)1UL) |
| 87 | |
| 88 | /* Last user mm for optimizing IBPB */ |
| 89 | union { |
| 90 | struct mm_struct *last_user_mm; |
| 91 | unsigned long last_user_mm_spec; |
| 92 | }; |
| 93 | |
| 94 | u16 loaded_mm_asid; |
| 95 | u16 next_asid; |
| 96 | |
| 97 | /* |
| 98 | * If set we changed the page tables in such a way that we |
| 99 | * needed an invalidation of all contexts (aka. PCIDs / ASIDs). |
| 100 | * This tells us to go invalidate all the non-loaded ctxs[] |
| 101 | * on the next context switch. |
| 102 | * |
| 103 | * The current ctx was kept up-to-date as it ran and does not |
| 104 | * need to be invalidated. |
| 105 | */ |
| 106 | bool invalidate_other; |
| 107 | |
| 108 | #ifdef CONFIG_ADDRESS_MASKING |
| 109 | /* |
| 110 | * Active LAM mode. |
| 111 | * |
| 112 | * X86_CR3_LAM_U57/U48 shifted right by X86_CR3_LAM_U57_BIT or 0 if LAM |
| 113 | * disabled. |
| 114 | */ |
| 115 | u8 lam; |
| 116 | #endif |
| 117 | |
| 118 | /* |
| 119 | * Mask that contains TLB_NR_DYN_ASIDS+1 bits to indicate |
| 120 | * the corresponding user PCID needs a flush next time we |
| 121 | * switch to it; see SWITCH_TO_USER_CR3. |
| 122 | */ |
| 123 | unsigned short user_pcid_flush_mask; |
| 124 | |
| 125 | /* |
| 126 | * Access to this CR4 shadow and to H/W CR4 is protected by |
| 127 | * disabling interrupts when modifying either one. |
| 128 | */ |
| 129 | unsigned long cr4; |
| 130 | |
| 131 | /* |
| 132 | * This is a list of all contexts that might exist in the TLB. |
| 133 | * There is one per ASID that we use, and the ASID (what the |
| 134 | * CPU calls PCID) is the index into ctxts. |
| 135 | * |
| 136 | * For each context, ctx_id indicates which mm the TLB's user |
| 137 | * entries came from. As an invariant, the TLB will never |
| 138 | * contain entries that are out-of-date as when that mm reached |
| 139 | * the tlb_gen in the list. |
| 140 | * |
| 141 | * To be clear, this means that it's legal for the TLB code to |
| 142 | * flush the TLB without updating tlb_gen. This can happen |
| 143 | * (for now, at least) due to paravirt remote flushes. |
| 144 | * |
| 145 | * NB: context 0 is a bit special, since it's also used by |
| 146 | * various bits of init code. This is fine -- code that |
| 147 | * isn't aware of PCID will end up harmlessly flushing |
| 148 | * context 0. |
| 149 | */ |
| 150 | struct tlb_context ctxs[TLB_NR_DYN_ASIDS]; |
| 151 | }; |
| 152 | DECLARE_PER_CPU_ALIGNED(struct tlb_state, cpu_tlbstate); |
| 153 | |
| 154 | struct tlb_state_shared { |
| 155 | /* |
| 156 | * We can be in one of several states: |
| 157 | * |
| 158 | * - Actively using an mm. Our CPU's bit will be set in |
| 159 | * mm_cpumask(loaded_mm) and is_lazy == false; |
| 160 | * |
| 161 | * - Not using a real mm. loaded_mm == &init_mm. Our CPU's bit |
| 162 | * will not be set in mm_cpumask(&init_mm) and is_lazy == false. |
| 163 | * |
| 164 | * - Lazily using a real mm. loaded_mm != &init_mm, our bit |
| 165 | * is set in mm_cpumask(loaded_mm), but is_lazy == true. |
| 166 | * We're heuristically guessing that the CR3 load we |
| 167 | * skipped more than makes up for the overhead added by |
| 168 | * lazy mode. |
| 169 | */ |
| 170 | bool is_lazy; |
| 171 | }; |
| 172 | DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared); |
| 173 | |
| 174 | bool nmi_uaccess_okay(void); |
| 175 | #define nmi_uaccess_okay nmi_uaccess_okay |
| 176 | |
| 177 | /* Initialize cr4 shadow for this CPU. */ |
| 178 | static inline void cr4_init_shadow(void) |
| 179 | { |
| 180 | this_cpu_write(cpu_tlbstate.cr4, __read_cr4()); |
| 181 | } |
| 182 | |
| 183 | extern unsigned long mmu_cr4_features; |
| 184 | extern u32 *trampoline_cr4_features; |
| 185 | |
| 186 | extern void initialize_tlbstate_and_flush(void); |
| 187 | |
| 188 | /* |
| 189 | * TLB flushing: |
| 190 | * |
| 191 | * - flush_tlb_all() flushes all processes TLBs |
| 192 | * - flush_tlb_mm(mm) flushes the specified mm context TLB's |
| 193 | * - flush_tlb_page(vma, vmaddr) flushes one page |
| 194 | * - flush_tlb_range(vma, start, end) flushes a range of pages |
| 195 | * - flush_tlb_kernel_range(start, end) flushes a range of kernel pages |
| 196 | * - flush_tlb_multi(cpumask, info) flushes TLBs on multiple cpus |
| 197 | * |
| 198 | * ..but the i386 has somewhat limited tlb flushing capabilities, |
| 199 | * and page-granular flushes are available only on i486 and up. |
| 200 | */ |
| 201 | struct flush_tlb_info { |
| 202 | /* |
| 203 | * We support several kinds of flushes. |
| 204 | * |
| 205 | * - Fully flush a single mm. .mm will be set, .end will be |
| 206 | * TLB_FLUSH_ALL, and .new_tlb_gen will be the tlb_gen to |
| 207 | * which the IPI sender is trying to catch us up. |
| 208 | * |
| 209 | * - Partially flush a single mm. .mm will be set, .start and |
| 210 | * .end will indicate the range, and .new_tlb_gen will be set |
| 211 | * such that the changes between generation .new_tlb_gen-1 and |
| 212 | * .new_tlb_gen are entirely contained in the indicated range. |
| 213 | * |
| 214 | * - Fully flush all mms whose tlb_gens have been updated. .mm |
| 215 | * will be NULL, .end will be TLB_FLUSH_ALL, and .new_tlb_gen |
| 216 | * will be zero. |
| 217 | */ |
| 218 | struct mm_struct *mm; |
| 219 | unsigned long start; |
| 220 | unsigned long end; |
| 221 | u64 new_tlb_gen; |
| 222 | unsigned int initiating_cpu; |
| 223 | u8 stride_shift; |
| 224 | u8 freed_tables; |
| 225 | }; |
| 226 | |
| 227 | void flush_tlb_local(void); |
| 228 | void flush_tlb_one_user(unsigned long addr); |
| 229 | void flush_tlb_one_kernel(unsigned long addr); |
| 230 | void flush_tlb_multi(const struct cpumask *cpumask, |
| 231 | const struct flush_tlb_info *info); |
| 232 | |
| 233 | #ifdef CONFIG_PARAVIRT |
| 234 | #include <asm/paravirt.h> |
| 235 | #endif |
| 236 | |
| 237 | #define flush_tlb_mm(mm) \ |
| 238 | flush_tlb_mm_range(mm, 0UL, TLB_FLUSH_ALL, 0UL, true) |
| 239 | |
| 240 | #define flush_tlb_range(vma, start, end) \ |
| 241 | flush_tlb_mm_range((vma)->vm_mm, start, end, \ |
| 242 | ((vma)->vm_flags & VM_HUGETLB) \ |
| 243 | ? huge_page_shift(hstate_vma(vma)) \ |
| 244 | : PAGE_SHIFT, false) |
| 245 | |
| 246 | extern void flush_tlb_all(void); |
| 247 | extern void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start, |
| 248 | unsigned long end, unsigned int stride_shift, |
| 249 | bool freed_tables); |
| 250 | extern void flush_tlb_kernel_range(unsigned long start, unsigned long end); |
| 251 | |
| 252 | static inline void flush_tlb_page(struct vm_area_struct *vma, unsigned long a) |
| 253 | { |
| 254 | flush_tlb_mm_range(mm: vma->vm_mm, start: a, end: a + PAGE_SIZE, PAGE_SHIFT, freed_tables: false); |
| 255 | } |
| 256 | |
| 257 | static inline bool arch_tlbbatch_should_defer(struct mm_struct *mm) |
| 258 | { |
| 259 | bool should_defer = false; |
| 260 | |
| 261 | /* If remote CPUs need to be flushed then defer batch the flush */ |
| 262 | if (cpumask_any_but(mask: mm_cpumask(mm), get_cpu()) < nr_cpu_ids) |
| 263 | should_defer = true; |
| 264 | put_cpu(); |
| 265 | |
| 266 | return should_defer; |
| 267 | } |
| 268 | |
| 269 | static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) |
| 270 | { |
| 271 | /* |
| 272 | * Bump the generation count. This also serves as a full barrier |
| 273 | * that synchronizes with switch_mm(): callers are required to order |
| 274 | * their read of mm_cpumask after their writes to the paging |
| 275 | * structures. |
| 276 | */ |
| 277 | return atomic64_inc_return(v: &mm->context.tlb_gen); |
| 278 | } |
| 279 | |
| 280 | static inline void arch_tlbbatch_add_pending(struct arch_tlbflush_unmap_batch *batch, |
| 281 | struct mm_struct *mm, |
| 282 | unsigned long uaddr) |
| 283 | { |
| 284 | inc_mm_tlb_gen(mm); |
| 285 | cpumask_or(dstp: &batch->cpumask, src1p: &batch->cpumask, src2p: mm_cpumask(mm)); |
| 286 | mmu_notifier_arch_invalidate_secondary_tlbs(mm, start: 0, end: -1UL); |
| 287 | } |
| 288 | |
| 289 | static inline void arch_flush_tlb_batched_pending(struct mm_struct *mm) |
| 290 | { |
| 291 | flush_tlb_mm(mm); |
| 292 | } |
| 293 | |
| 294 | extern void arch_tlbbatch_flush(struct arch_tlbflush_unmap_batch *batch); |
| 295 | |
| 296 | static inline bool pte_flags_need_flush(unsigned long oldflags, |
| 297 | unsigned long newflags, |
| 298 | bool ignore_access) |
| 299 | { |
| 300 | /* |
| 301 | * Flags that require a flush when cleared but not when they are set. |
| 302 | * Only include flags that would not trigger spurious page-faults. |
| 303 | * Non-present entries are not cached. Hardware would set the |
| 304 | * dirty/access bit if needed without a fault. |
| 305 | */ |
| 306 | const pteval_t flush_on_clear = _PAGE_DIRTY | _PAGE_PRESENT | |
| 307 | _PAGE_ACCESSED; |
| 308 | const pteval_t software_flags = _PAGE_SOFTW1 | _PAGE_SOFTW2 | |
| 309 | _PAGE_SOFTW3 | _PAGE_SOFTW4 | |
| 310 | _PAGE_SAVED_DIRTY; |
| 311 | const pteval_t flush_on_change = _PAGE_RW | _PAGE_USER | _PAGE_PWT | |
| 312 | _PAGE_PCD | _PAGE_PSE | _PAGE_GLOBAL | _PAGE_PAT | |
| 313 | _PAGE_PAT_LARGE | _PAGE_PKEY_BIT0 | _PAGE_PKEY_BIT1 | |
| 314 | _PAGE_PKEY_BIT2 | _PAGE_PKEY_BIT3 | _PAGE_NX; |
| 315 | unsigned long diff = oldflags ^ newflags; |
| 316 | |
| 317 | BUILD_BUG_ON(flush_on_clear & software_flags); |
| 318 | BUILD_BUG_ON(flush_on_clear & flush_on_change); |
| 319 | BUILD_BUG_ON(flush_on_change & software_flags); |
| 320 | |
| 321 | /* Ignore software flags */ |
| 322 | diff &= ~software_flags; |
| 323 | |
| 324 | if (ignore_access) |
| 325 | diff &= ~_PAGE_ACCESSED; |
| 326 | |
| 327 | /* |
| 328 | * Did any of the 'flush_on_clear' flags was clleared set from between |
| 329 | * 'oldflags' and 'newflags'? |
| 330 | */ |
| 331 | if (diff & oldflags & flush_on_clear) |
| 332 | return true; |
| 333 | |
| 334 | /* Flush on modified flags. */ |
| 335 | if (diff & flush_on_change) |
| 336 | return true; |
| 337 | |
| 338 | /* Ensure there are no flags that were left behind */ |
| 339 | if (IS_ENABLED(CONFIG_DEBUG_VM) && |
| 340 | (diff & ~(flush_on_clear | software_flags | flush_on_change))) { |
| 341 | VM_WARN_ON_ONCE(1); |
| 342 | return true; |
| 343 | } |
| 344 | |
| 345 | return false; |
| 346 | } |
| 347 | |
| 348 | /* |
| 349 | * pte_needs_flush() checks whether permissions were demoted and require a |
| 350 | * flush. It should only be used for userspace PTEs. |
| 351 | */ |
| 352 | static inline bool pte_needs_flush(pte_t oldpte, pte_t newpte) |
| 353 | { |
| 354 | /* !PRESENT -> * ; no need for flush */ |
| 355 | if (!(pte_flags(pte: oldpte) & _PAGE_PRESENT)) |
| 356 | return false; |
| 357 | |
| 358 | /* PFN changed ; needs flush */ |
| 359 | if (pte_pfn(pte: oldpte) != pte_pfn(pte: newpte)) |
| 360 | return true; |
| 361 | |
| 362 | /* |
| 363 | * check PTE flags; ignore access-bit; see comment in |
| 364 | * ptep_clear_flush_young(). |
| 365 | */ |
| 366 | return pte_flags_need_flush(oldflags: pte_flags(pte: oldpte), newflags: pte_flags(pte: newpte), |
| 367 | ignore_access: true); |
| 368 | } |
| 369 | #define pte_needs_flush pte_needs_flush |
| 370 | |
| 371 | /* |
| 372 | * huge_pmd_needs_flush() checks whether permissions were demoted and require a |
| 373 | * flush. It should only be used for userspace huge PMDs. |
| 374 | */ |
| 375 | static inline bool huge_pmd_needs_flush(pmd_t oldpmd, pmd_t newpmd) |
| 376 | { |
| 377 | /* !PRESENT -> * ; no need for flush */ |
| 378 | if (!(pmd_flags(pmd: oldpmd) & _PAGE_PRESENT)) |
| 379 | return false; |
| 380 | |
| 381 | /* PFN changed ; needs flush */ |
| 382 | if (pmd_pfn(pmd: oldpmd) != pmd_pfn(pmd: newpmd)) |
| 383 | return true; |
| 384 | |
| 385 | /* |
| 386 | * check PMD flags; do not ignore access-bit; see |
| 387 | * pmdp_clear_flush_young(). |
| 388 | */ |
| 389 | return pte_flags_need_flush(oldflags: pmd_flags(pmd: oldpmd), newflags: pmd_flags(pmd: newpmd), |
| 390 | ignore_access: false); |
| 391 | } |
| 392 | #define huge_pmd_needs_flush huge_pmd_needs_flush |
| 393 | |
| 394 | #ifdef CONFIG_ADDRESS_MASKING |
| 395 | static inline u64 tlbstate_lam_cr3_mask(void) |
| 396 | { |
| 397 | u64 lam = this_cpu_read(cpu_tlbstate.lam); |
| 398 | |
| 399 | return lam << X86_CR3_LAM_U57_BIT; |
| 400 | } |
| 401 | |
| 402 | static inline void set_tlbstate_lam_mode(struct mm_struct *mm) |
| 403 | { |
| 404 | this_cpu_write(cpu_tlbstate.lam, |
| 405 | mm->context.lam_cr3_mask >> X86_CR3_LAM_U57_BIT); |
| 406 | this_cpu_write(tlbstate_untag_mask, mm->context.untag_mask); |
| 407 | } |
| 408 | |
| 409 | #else |
| 410 | |
| 411 | static inline u64 tlbstate_lam_cr3_mask(void) |
| 412 | { |
| 413 | return 0; |
| 414 | } |
| 415 | |
| 416 | static inline void set_tlbstate_lam_mode(struct mm_struct *mm) |
| 417 | { |
| 418 | } |
| 419 | #endif |
| 420 | #endif /* !MODULE */ |
| 421 | |
| 422 | static inline void __native_tlb_flush_global(unsigned long cr4) |
| 423 | { |
| 424 | native_write_cr4(val: cr4 ^ X86_CR4_PGE); |
| 425 | native_write_cr4(val: cr4); |
| 426 | } |
| 427 | #endif /* _ASM_X86_TLBFLUSH_H */ |
| 428 |
Definitions
- cr4_set_bits_irqsoff
- cr4_clear_bits_irqsoff
- cr4_set_bits
- cr4_clear_bits
- tlb_context
- tlb_state
- tlb_state_shared
- cr4_init_shadow
- flush_tlb_info
- flush_tlb_page
- arch_tlbbatch_should_defer
- inc_mm_tlb_gen
- arch_tlbbatch_add_pending
- arch_flush_tlb_batched_pending
- pte_flags_need_flush
- pte_needs_flush
- huge_pmd_needs_flush
- tlbstate_lam_cr3_mask
- set_tlbstate_lam_mode
Improve your Profiling and Debugging skills
Find out more