1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _ASM_X86_TLBFLUSH_H
3#define _ASM_X86_TLBFLUSH_H
4
5#include <linux/mm.h>
6#include <linux/sched.h>
7
8#include <asm/processor.h>
9#include <asm/cpufeature.h>
10#include <asm/special_insns.h>
11#include <asm/smp.h>
12#include <asm/invpcid.h>
13#include <asm/pti.h>
14#include <asm/processor-flags.h>
15
16void __flush_tlb_all(void);
17
18#define TLB_FLUSH_ALL -1UL
19#define TLB_GENERATION_INVALID 0
20
21void cr4_update_irqsoff(unsigned long set, unsigned long clear);
22unsigned long cr4_read_shadow(void);
23
24/* Set in this cpu's CR4. */
25static inline void cr4_set_bits_irqsoff(unsigned long mask)
26{
27 cr4_update_irqsoff(mask, 0);
28}
29
30/* Clear in this cpu's CR4. */
31static inline void cr4_clear_bits_irqsoff(unsigned long mask)
32{
33 cr4_update_irqsoff(0, mask);
34}
35
36/* Set in this cpu's CR4. */
37static inline void cr4_set_bits(unsigned long mask)
38{
39 unsigned long flags;
40
41 local_irq_save(flags);
42 cr4_set_bits_irqsoff(mask);
43 local_irq_restore(flags);
44}
45
46/* Clear in this cpu's CR4. */
47static inline void cr4_clear_bits(unsigned long mask)
48{
49 unsigned long flags;
50
51 local_irq_save(flags);
52 cr4_clear_bits_irqsoff(mask);
53 local_irq_restore(flags);
54}
55
56#ifndef MODULE
57/*
58 * 6 because 6 should be plenty and struct tlb_state will fit in two cache
59 * lines.
60 */
61#define TLB_NR_DYN_ASIDS 6
62
63struct tlb_context {
64 u64 ctx_id;
65 u64 tlb_gen;
66};
67
68struct tlb_state {
69 /*
70 * cpu_tlbstate.loaded_mm should match CR3 whenever interrupts
71 * are on. This means that it may not match current->active_mm,
72 * which will contain the previous user mm when we're in lazy TLB
73 * mode even if we've already switched back to swapper_pg_dir.
74 *
75 * During switch_mm_irqs_off(), loaded_mm will be set to
76 * LOADED_MM_SWITCHING during the brief interrupts-off window
77 * when CR3 and loaded_mm would otherwise be inconsistent. This
78 * is for nmi_uaccess_okay()'s benefit.
79 */
80 struct mm_struct *loaded_mm;
81
82#define LOADED_MM_SWITCHING ((struct mm_struct *)1UL)
83
84 /* Last user mm for optimizing IBPB */
85 union {
86 struct mm_struct *last_user_mm;
87 unsigned long last_user_mm_spec;
88 };
89
90 u16 loaded_mm_asid;
91 u16 next_asid;
92
93 /*
94 * If set we changed the page tables in such a way that we
95 * needed an invalidation of all contexts (aka. PCIDs / ASIDs).
96 * This tells us to go invalidate all the non-loaded ctxs[]
97 * on the next context switch.
98 *
99 * The current ctx was kept up-to-date as it ran and does not
100 * need to be invalidated.
101 */
102 bool invalidate_other;
103
104 /*
105 * Mask that contains TLB_NR_DYN_ASIDS+1 bits to indicate
106 * the corresponding user PCID needs a flush next time we
107 * switch to it; see SWITCH_TO_USER_CR3.
108 */
109 unsigned short user_pcid_flush_mask;
110
111 /*
112 * Access to this CR4 shadow and to H/W CR4 is protected by
113 * disabling interrupts when modifying either one.
114 */
115 unsigned long cr4;
116
117 /*
118 * This is a list of all contexts that might exist in the TLB.
119 * There is one per ASID that we use, and the ASID (what the
120 * CPU calls PCID) is the index into ctxts.
121 *
122 * For each context, ctx_id indicates which mm the TLB's user
123 * entries came from. As an invariant, the TLB will never
124 * contain entries that are out-of-date as when that mm reached
125 * the tlb_gen in the list.
126 *
127 * To be clear, this means that it's legal for the TLB code to
128 * flush the TLB without updating tlb_gen. This can happen
129 * (for now, at least) due to paravirt remote flushes.
130 *
131 * NB: context 0 is a bit special, since it's also used by
132 * various bits of init code. This is fine -- code that
133 * isn't aware of PCID will end up harmlessly flushing
134 * context 0.
135 */
136 struct tlb_context ctxs[TLB_NR_DYN_ASIDS];
137};
138DECLARE_PER_CPU_ALIGNED(struct tlb_state, cpu_tlbstate);
139
140struct tlb_state_shared {
141 /*
142 * We can be in one of several states:
143 *
144 * - Actively using an mm. Our CPU's bit will be set in
145 * mm_cpumask(loaded_mm) and is_lazy == false;
146 *
147 * - Not using a real mm. loaded_mm == &init_mm. Our CPU's bit
148 * will not be set in mm_cpumask(&init_mm) and is_lazy == false.
149 *
150 * - Lazily using a real mm. loaded_mm != &init_mm, our bit
151 * is set in mm_cpumask(loaded_mm), but is_lazy == true.
152 * We're heuristically guessing that the CR3 load we
153 * skipped more than makes up for the overhead added by
154 * lazy mode.
155 */
156 bool is_lazy;
157};
158DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
159
160bool nmi_uaccess_okay(void);
161#define nmi_uaccess_okay nmi_uaccess_okay
162
163/* Initialize cr4 shadow for this CPU. */
164static inline void cr4_init_shadow(void)
165{
166 this_cpu_write(cpu_tlbstate.cr4, __read_cr4());
167}
168
169extern unsigned long mmu_cr4_features;
170extern u32 *trampoline_cr4_features;
171
172extern void initialize_tlbstate_and_flush(void);
173
174/*
175 * TLB flushing:
176 *
177 * - flush_tlb_all() flushes all processes TLBs
178 * - flush_tlb_mm(mm) flushes the specified mm context TLB's
179 * - flush_tlb_page(vma, vmaddr) flushes one page
180 * - flush_tlb_range(vma, start, end) flushes a range of pages
181 * - flush_tlb_kernel_range(start, end) flushes a range of kernel pages
182 * - flush_tlb_multi(cpumask, info) flushes TLBs on multiple cpus
183 *
184 * ..but the i386 has somewhat limited tlb flushing capabilities,
185 * and page-granular flushes are available only on i486 and up.
186 */
187struct flush_tlb_info {
188 /*
189 * We support several kinds of flushes.
190 *
191 * - Fully flush a single mm. .mm will be set, .end will be
192 * TLB_FLUSH_ALL, and .new_tlb_gen will be the tlb_gen to
193 * which the IPI sender is trying to catch us up.
194 *
195 * - Partially flush a single mm. .mm will be set, .start and
196 * .end will indicate the range, and .new_tlb_gen will be set
197 * such that the changes between generation .new_tlb_gen-1 and
198 * .new_tlb_gen are entirely contained in the indicated range.
199 *
200 * - Fully flush all mms whose tlb_gens have been updated. .mm
201 * will be NULL, .end will be TLB_FLUSH_ALL, and .new_tlb_gen
202 * will be zero.
203 */
204 struct mm_struct *mm;
205 unsigned long start;
206 unsigned long end;
207 u64 new_tlb_gen;
208 unsigned int initiating_cpu;
209 u8 stride_shift;
210 u8 freed_tables;
211};
212
213void flush_tlb_local(void);
214void flush_tlb_one_user(unsigned long addr);
215void flush_tlb_one_kernel(unsigned long addr);
216void flush_tlb_multi(const struct cpumask *cpumask,
217 const struct flush_tlb_info *info);
218
219#ifdef CONFIG_PARAVIRT
220#include <asm/paravirt.h>
221#endif
222
223#define flush_tlb_mm(mm) \
224 flush_tlb_mm_range(mm, 0UL, TLB_FLUSH_ALL, 0UL, true)
225
226#define flush_tlb_range(vma, start, end) \
227 flush_tlb_mm_range((vma)->vm_mm, start, end, \
228 ((vma)->vm_flags & VM_HUGETLB) \
229 ? huge_page_shift(hstate_vma(vma)) \
230 : PAGE_SHIFT, false)
231
232extern void flush_tlb_all(void);
233extern void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
234 unsigned long end, unsigned int stride_shift,
235 bool freed_tables);
236extern void flush_tlb_kernel_range(unsigned long start, unsigned long end);
237
238static inline void flush_tlb_page(struct vm_area_struct *vma, unsigned long a)
239{
240 flush_tlb_mm_range(vma->vm_mm, a, a + PAGE_SIZE, PAGE_SHIFT, false);
241}
242
243static inline u64 inc_mm_tlb_gen(struct mm_struct *mm)
244{
245 /*
246 * Bump the generation count. This also serves as a full barrier
247 * that synchronizes with switch_mm(): callers are required to order
248 * their read of mm_cpumask after their writes to the paging
249 * structures.
250 */
251 return atomic64_inc_return(&mm->context.tlb_gen);
252}
253
254static inline void arch_tlbbatch_add_mm(struct arch_tlbflush_unmap_batch *batch,
255 struct mm_struct *mm)
256{
257 inc_mm_tlb_gen(mm);
258 cpumask_or(&batch->cpumask, &batch->cpumask, mm_cpumask(mm));
259}
260
261extern void arch_tlbbatch_flush(struct arch_tlbflush_unmap_batch *batch);
262
263static inline bool pte_flags_need_flush(unsigned long oldflags,
264 unsigned long newflags,
265 bool ignore_access)
266{
267 /*
268 * Flags that require a flush when cleared but not when they are set.
269 * Only include flags that would not trigger spurious page-faults.
270 * Non-present entries are not cached. Hardware would set the
271 * dirty/access bit if needed without a fault.
272 */
273 const pteval_t flush_on_clear = _PAGE_DIRTY | _PAGE_PRESENT |
274 _PAGE_ACCESSED;
275 const pteval_t software_flags = _PAGE_SOFTW1 | _PAGE_SOFTW2 |
276 _PAGE_SOFTW3 | _PAGE_SOFTW4;
277 const pteval_t flush_on_change = _PAGE_RW | _PAGE_USER | _PAGE_PWT |
278 _PAGE_PCD | _PAGE_PSE | _PAGE_GLOBAL | _PAGE_PAT |
279 _PAGE_PAT_LARGE | _PAGE_PKEY_BIT0 | _PAGE_PKEY_BIT1 |
280 _PAGE_PKEY_BIT2 | _PAGE_PKEY_BIT3 | _PAGE_NX;
281 unsigned long diff = oldflags ^ newflags;
282
283 BUILD_BUG_ON(flush_on_clear & software_flags);
284 BUILD_BUG_ON(flush_on_clear & flush_on_change);
285 BUILD_BUG_ON(flush_on_change & software_flags);
286
287 /* Ignore software flags */
288 diff &= ~software_flags;
289
290 if (ignore_access)
291 diff &= ~_PAGE_ACCESSED;
292
293 /*
294 * Did any of the 'flush_on_clear' flags was clleared set from between
295 * 'oldflags' and 'newflags'?
296 */
297 if (diff & oldflags & flush_on_clear)
298 return true;
299
300 /* Flush on modified flags. */
301 if (diff & flush_on_change)
302 return true;
303
304 /* Ensure there are no flags that were left behind */
305 if (IS_ENABLED(CONFIG_DEBUG_VM) &&
306 (diff & ~(flush_on_clear | software_flags | flush_on_change))) {
307 VM_WARN_ON_ONCE(1);
308 return true;
309 }
310
311 return false;
312}
313
314/*
315 * pte_needs_flush() checks whether permissions were demoted and require a
316 * flush. It should only be used for userspace PTEs.
317 */
318static inline bool pte_needs_flush(pte_t oldpte, pte_t newpte)
319{
320 /* !PRESENT -> * ; no need for flush */
321 if (!(pte_flags(oldpte) & _PAGE_PRESENT))
322 return false;
323
324 /* PFN changed ; needs flush */
325 if (pte_pfn(oldpte) != pte_pfn(newpte))
326 return true;
327
328 /*
329 * check PTE flags; ignore access-bit; see comment in
330 * ptep_clear_flush_young().
331 */
332 return pte_flags_need_flush(pte_flags(oldpte), pte_flags(newpte),
333 true);
334}
335#define pte_needs_flush pte_needs_flush
336
337/*
338 * huge_pmd_needs_flush() checks whether permissions were demoted and require a
339 * flush. It should only be used for userspace huge PMDs.
340 */
341static inline bool huge_pmd_needs_flush(pmd_t oldpmd, pmd_t newpmd)
342{
343 /* !PRESENT -> * ; no need for flush */
344 if (!(pmd_flags(oldpmd) & _PAGE_PRESENT))
345 return false;
346
347 /* PFN changed ; needs flush */
348 if (pmd_pfn(oldpmd) != pmd_pfn(newpmd))
349 return true;
350
351 /*
352 * check PMD flags; do not ignore access-bit; see
353 * pmdp_clear_flush_young().
354 */
355 return pte_flags_need_flush(pmd_flags(oldpmd), pmd_flags(newpmd),
356 false);
357}
358#define huge_pmd_needs_flush huge_pmd_needs_flush
359
360#endif /* !MODULE */
361
362static inline void __native_tlb_flush_global(unsigned long cr4)
363{
364 native_write_cr4(cr4 ^ X86_CR4_PGE);
365 native_write_cr4(cr4);
366}
367#endif /* _ASM_X86_TLBFLUSH_H */
368

source code of linux/arch/x86/include/asm/tlbflush.h