include/asm/tlbflush.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 #ifndef _ASM_X86_TLBFLUSH_H
0003 #define _ASM_X86_TLBFLUSH_H
0004
0005 #include <linux/mm.h>
0006 #include <linux/sched.h>
0007
0008 #include <asm/processor.h>
0009 #include <asm/cpufeature.h>
0010 #include <asm/special_insns.h>
0011 #include <asm/smp.h>
0012 #include <asm/invpcid.h>
0013 #include <asm/pti.h>
0014 #include <asm/processor-flags.h>
0015
0016 void __flush_tlb_all(void);
0017
0018 #define TLB_FLUSH_ALL   -1UL
0019 #define TLB_GENERATION_INVALID  0
0020
0021 void cr4_update_irqsoff(unsigned long set, unsigned long clear);
0022 unsigned long cr4_read_shadow(void);
0023
0024 /* Set in this cpu's CR4. */
0025 static inline void cr4_set_bits_irqsoff(unsigned long mask)
0026 {
0027     cr4_update_irqsoff(mask, 0);
0028 }
0029
0030 /* Clear in this cpu's CR4. */
0031 static inline void cr4_clear_bits_irqsoff(unsigned long mask)
0032 {
0033     cr4_update_irqsoff(0, mask);
0034 }
0035
0036 /* Set in this cpu's CR4. */
0037 static inline void cr4_set_bits(unsigned long mask)
0038 {
0039     unsigned long flags;
0040
0041     local_irq_save(flags);
0042     cr4_set_bits_irqsoff(mask);
0043     local_irq_restore(flags);
0044 }
0045
0046 /* Clear in this cpu's CR4. */
0047 static inline void cr4_clear_bits(unsigned long mask)
0048 {
0049     unsigned long flags;
0050
0051     local_irq_save(flags);
0052     cr4_clear_bits_irqsoff(mask);
0053     local_irq_restore(flags);
0054 }
0055
0056 #ifndef MODULE
0057 /*
0058  * 6 because 6 should be plenty and struct tlb_state will fit in two cache
0059  * lines.
0060  */
0061 #define TLB_NR_DYN_ASIDS    6
0062
0063 struct tlb_context {
0064     u64 ctx_id;
0065     u64 tlb_gen;
0066 };
0067
0068 struct tlb_state {
0069     /*
0070      * cpu_tlbstate.loaded_mm should match CR3 whenever interrupts
0071      * are on.  This means that it may not match current->active_mm,
0072      * which will contain the previous user mm when we're in lazy TLB
0073      * mode even if we've already switched back to swapper_pg_dir.
0074      *
0075      * During switch_mm_irqs_off(), loaded_mm will be set to
0076      * LOADED_MM_SWITCHING during the brief interrupts-off window
0077      * when CR3 and loaded_mm would otherwise be inconsistent.  This
0078      * is for nmi_uaccess_okay()'s benefit.
0079      */
0080     struct mm_struct *loaded_mm;
0081
0082 #define LOADED_MM_SWITCHING ((struct mm_struct *)1UL)
0083
0084     /* Last user mm for optimizing IBPB */
0085     union {
0086         struct mm_struct    *last_user_mm;
0087         unsigned long       last_user_mm_spec;
0088     };
0089
0090     u16 loaded_mm_asid;
0091     u16 next_asid;
0092
0093     /*
0094      * If set we changed the page tables in such a way that we
0095      * needed an invalidation of all contexts (aka. PCIDs / ASIDs).
0096      * This tells us to go invalidate all the non-loaded ctxs[]
0097      * on the next context switch.
0098      *
0099      * The current ctx was kept up-to-date as it ran and does not
0100      * need to be invalidated.
0101      */
0102     bool invalidate_other;
0103
0104     /*
0105      * Mask that contains TLB_NR_DYN_ASIDS+1 bits to indicate
0106      * the corresponding user PCID needs a flush next time we
0107      * switch to it; see SWITCH_TO_USER_CR3.
0108      */
0109     unsigned short user_pcid_flush_mask;
0110
0111     /*
0112      * Access to this CR4 shadow and to H/W CR4 is protected by
0113      * disabling interrupts when modifying either one.
0114      */
0115     unsigned long cr4;
0116
0117     /*
0118      * This is a list of all contexts that might exist in the TLB.
0119      * There is one per ASID that we use, and the ASID (what the
0120      * CPU calls PCID) is the index into ctxts.
0121      *
0122      * For each context, ctx_id indicates which mm the TLB's user
0123      * entries came from.  As an invariant, the TLB will never
0124      * contain entries that are out-of-date as when that mm reached
0125      * the tlb_gen in the list.
0126      *
0127      * To be clear, this means that it's legal for the TLB code to
0128      * flush the TLB without updating tlb_gen.  This can happen
0129      * (for now, at least) due to paravirt remote flushes.
0130      *
0131      * NB: context 0 is a bit special, since it's also used by
0132      * various bits of init code.  This is fine -- code that
0133      * isn't aware of PCID will end up harmlessly flushing
0134      * context 0.
0135      */
0136     struct tlb_context ctxs[TLB_NR_DYN_ASIDS];
0137 };
0138 DECLARE_PER_CPU_ALIGNED(struct tlb_state, cpu_tlbstate);
0139
0140 struct tlb_state_shared {
0141     /*
0142      * We can be in one of several states:
0143      *
0144      *  - Actively using an mm.  Our CPU's bit will be set in
0145      *    mm_cpumask(loaded_mm) and is_lazy == false;
0146      *
0147      *  - Not using a real mm.  loaded_mm == &init_mm.  Our CPU's bit
0148      *    will not be set in mm_cpumask(&init_mm) and is_lazy == false.
0149      *
0150      *  - Lazily using a real mm.  loaded_mm != &init_mm, our bit
0151      *    is set in mm_cpumask(loaded_mm), but is_lazy == true.
0152      *    We're heuristically guessing that the CR3 load we
0153      *    skipped more than makes up for the overhead added by
0154      *    lazy mode.
0155      */
0156     bool is_lazy;
0157 };
0158 DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
0159
0160 bool nmi_uaccess_okay(void);
0161 #define nmi_uaccess_okay nmi_uaccess_okay
0162
0163 /* Initialize cr4 shadow for this CPU. */
0164 static inline void cr4_init_shadow(void)
0165 {
0166     this_cpu_write(cpu_tlbstate.cr4, __read_cr4());
0167 }
0168
0169 extern unsigned long mmu_cr4_features;
0170 extern u32 *trampoline_cr4_features;
0171
0172 extern void initialize_tlbstate_and_flush(void);
0173
0174 /*
0175  * TLB flushing:
0176  *
0177  *  - flush_tlb_all() flushes all processes TLBs
0178  *  - flush_tlb_mm(mm) flushes the specified mm context TLB's
0179  *  - flush_tlb_page(vma, vmaddr) flushes one page
0180  *  - flush_tlb_range(vma, start, end) flushes a range of pages
0181  *  - flush_tlb_kernel_range(start, end) flushes a range of kernel pages
0182  *  - flush_tlb_multi(cpumask, info) flushes TLBs on multiple cpus
0183  *
0184  * ..but the i386 has somewhat limited tlb flushing capabilities,
0185  * and page-granular flushes are available only on i486 and up.
0186  */
0187 struct flush_tlb_info {
0188     /*
0189      * We support several kinds of flushes.
0190      *
0191      * - Fully flush a single mm.  .mm will be set, .end will be
0192      *   TLB_FLUSH_ALL, and .new_tlb_gen will be the tlb_gen to
0193      *   which the IPI sender is trying to catch us up.
0194      *
0195      * - Partially flush a single mm.  .mm will be set, .start and
0196      *   .end will indicate the range, and .new_tlb_gen will be set
0197      *   such that the changes between generation .new_tlb_gen-1 and
0198      *   .new_tlb_gen are entirely contained in the indicated range.
0199      *
0200      * - Fully flush all mms whose tlb_gens have been updated.  .mm
0201      *   will be NULL, .end will be TLB_FLUSH_ALL, and .new_tlb_gen
0202      *   will be zero.
0203      */
0204     struct mm_struct    *mm;
0205     unsigned long       start;
0206     unsigned long       end;
0207     u64         new_tlb_gen;
0208     unsigned int        initiating_cpu;
0209     u8          stride_shift;
0210     u8          freed_tables;
0211 };
0212
0213 void flush_tlb_local(void);
0214 void flush_tlb_one_user(unsigned long addr);
0215 void flush_tlb_one_kernel(unsigned long addr);
0216 void flush_tlb_multi(const struct cpumask *cpumask,
0217               const struct flush_tlb_info *info);
0218
0219 #ifdef CONFIG_PARAVIRT
0220 #include <asm/paravirt.h>
0221 #endif
0222
0223 #define flush_tlb_mm(mm)                        \
0224         flush_tlb_mm_range(mm, 0UL, TLB_FLUSH_ALL, 0UL, true)
0225
0226 #define flush_tlb_range(vma, start, end)                \
0227     flush_tlb_mm_range((vma)->vm_mm, start, end,            \
0228                ((vma)->vm_flags & VM_HUGETLB)       \
0229                 ? huge_page_shift(hstate_vma(vma))  \
0230                 : PAGE_SHIFT, false)
0231
0232 extern void flush_tlb_all(void);
0233 extern void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
0234                 unsigned long end, unsigned int stride_shift,
0235                 bool freed_tables);
0236 extern void flush_tlb_kernel_range(unsigned long start, unsigned long end);
0237
0238 static inline void flush_tlb_page(struct vm_area_struct *vma, unsigned long a)
0239 {
0240     flush_tlb_mm_range(vma->vm_mm, a, a + PAGE_SIZE, PAGE_SHIFT, false);
0241 }
0242
0243 static inline u64 inc_mm_tlb_gen(struct mm_struct *mm)
0244 {
0245     /*
0246      * Bump the generation count.  This also serves as a full barrier
0247      * that synchronizes with switch_mm(): callers are required to order
0248      * their read of mm_cpumask after their writes to the paging
0249      * structures.
0250      */
0251     return atomic64_inc_return(&mm->context.tlb_gen);
0252 }
0253
0254 static inline void arch_tlbbatch_add_mm(struct arch_tlbflush_unmap_batch *batch,
0255                     struct mm_struct *mm)
0256 {
0257     inc_mm_tlb_gen(mm);
0258     cpumask_or(&batch->cpumask, &batch->cpumask, mm_cpumask(mm));
0259 }
0260
0261 extern void arch_tlbbatch_flush(struct arch_tlbflush_unmap_batch *batch);
0262
0263 static inline bool pte_flags_need_flush(unsigned long oldflags,
0264                     unsigned long newflags,
0265                     bool ignore_access)
0266 {
0267     /*
0268      * Flags that require a flush when cleared but not when they are set.
0269      * Only include flags that would not trigger spurious page-faults.
0270      * Non-present entries are not cached. Hardware would set the
0271      * dirty/access bit if needed without a fault.
0272      */
0273     const pteval_t flush_on_clear = _PAGE_DIRTY | _PAGE_PRESENT |
0274                     _PAGE_ACCESSED;
0275     const pteval_t software_flags = _PAGE_SOFTW1 | _PAGE_SOFTW2 |
0276                     _PAGE_SOFTW3 | _PAGE_SOFTW4;
0277     const pteval_t flush_on_change = _PAGE_RW | _PAGE_USER | _PAGE_PWT |
0278               _PAGE_PCD | _PAGE_PSE | _PAGE_GLOBAL | _PAGE_PAT |
0279               _PAGE_PAT_LARGE | _PAGE_PKEY_BIT0 | _PAGE_PKEY_BIT1 |
0280               _PAGE_PKEY_BIT2 | _PAGE_PKEY_BIT3 | _PAGE_NX;
0281     unsigned long diff = oldflags ^ newflags;
0282
0283     BUILD_BUG_ON(flush_on_clear & software_flags);
0284     BUILD_BUG_ON(flush_on_clear & flush_on_change);
0285     BUILD_BUG_ON(flush_on_change & software_flags);
0286
0287     /* Ignore software flags */
0288     diff &= ~software_flags;
0289
0290     if (ignore_access)
0291         diff &= ~_PAGE_ACCESSED;
0292
0293     /*
0294      * Did any of the 'flush_on_clear' flags was clleared set from between
0295      * 'oldflags' and 'newflags'?
0296      */
0297     if (diff & oldflags & flush_on_clear)
0298         return true;
0299
0300     /* Flush on modified flags. */
0301     if (diff & flush_on_change)
0302         return true;
0303
0304     /* Ensure there are no flags that were left behind */
0305     if (IS_ENABLED(CONFIG_DEBUG_VM) &&
0306         (diff & ~(flush_on_clear | software_flags | flush_on_change))) {
0307         VM_WARN_ON_ONCE(1);
0308         return true;
0309     }
0310
0311     return false;
0312 }
0313
0314 /*
0315  * pte_needs_flush() checks whether permissions were demoted and require a
0316  * flush. It should only be used for userspace PTEs.
0317  */
0318 static inline bool pte_needs_flush(pte_t oldpte, pte_t newpte)
0319 {
0320     /* !PRESENT -> * ; no need for flush */
0321     if (!(pte_flags(oldpte) & _PAGE_PRESENT))
0322         return false;
0323
0324     /* PFN changed ; needs flush */
0325     if (pte_pfn(oldpte) != pte_pfn(newpte))
0326         return true;
0327
0328     /*
0329      * check PTE flags; ignore access-bit; see comment in
0330      * ptep_clear_flush_young().
0331      */
0332     return pte_flags_need_flush(pte_flags(oldpte), pte_flags(newpte),
0333                     true);
0334 }
0335 #define pte_needs_flush pte_needs_flush
0336
0337 /*
0338  * huge_pmd_needs_flush() checks whether permissions were demoted and require a
0339  * flush. It should only be used for userspace huge PMDs.
0340  */
0341 static inline bool huge_pmd_needs_flush(pmd_t oldpmd, pmd_t newpmd)
0342 {
0343     /* !PRESENT -> * ; no need for flush */
0344     if (!(pmd_flags(oldpmd) & _PAGE_PRESENT))
0345         return false;
0346
0347     /* PFN changed ; needs flush */
0348     if (pmd_pfn(oldpmd) != pmd_pfn(newpmd))
0349         return true;
0350
0351     /*
0352      * check PMD flags; do not ignore access-bit; see
0353      * pmdp_clear_flush_young().
0354      */
0355     return pte_flags_need_flush(pmd_flags(oldpmd), pmd_flags(newpmd),
0356                     false);
0357 }
0358 #define huge_pmd_needs_flush huge_pmd_needs_flush
0359
0360 #endif /* !MODULE */
0361
0362 static inline void __native_tlb_flush_global(unsigned long cr4)
0363 {
0364     native_write_cr4(cr4 ^ X86_CR4_PGE);
0365     native_write_cr4(cr4);
0366 }
0367 #endif /* _ASM_X86_TLBFLUSH_H */