arch/x86/mm/tlb.c

   1 #include <linux/init.h>
   2
   3 #include <linux/mm.h>
   4 #include <linux/spinlock.h>
   5 #include <linux/smp.h>
   6 #include <linux/interrupt.h>
   7 #include <linux/export.h>
   8 #include <linux/cpu.h>
   9
  10 #include <asm/tlbflush.h>
  11 #include <asm/mmu_context.h>
  12 #include <asm/cache.h>
  13 #include <asm/apic.h>
  14 #include <asm/uv/uv.h>
  15 #include <linux/debugfs.h>
  16
  17 /*
  18  *      TLB flushing, formerly SMP-only
  19  *              c/o Linus Torvalds.
  20  *
  21  *      These mean you can really definitely utterly forget about
  22  *      writing to user space from interrupts. (Its not allowed anyway).
  23  *
  24  *      Optimizations Manfred Spraul <manfred@colorfullife.com>
  25  *
  26  *      More scalable flush, from Andi Kleen
  27  *
  28  *      Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi
  29  */
  30
  31 void leave_mm(int cpu)
  32 {
  33         struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm);
  34
  35         /*
  36          * It's plausible that we're in lazy TLB mode while our mm is init_mm.
  37          * If so, our callers still expect us to flush the TLB, but there
  38          * aren't any user TLB entries in init_mm to worry about.
  39          *
  40          * This needs to happen before any other sanity checks due to
  41          * intel_idle's shenanigans.
  42          */
  43         if (loaded_mm == &init_mm)
  44                 return;
  45
  46         if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
  47                 BUG();
  48
  49         switch_mm(NULL, &init_mm, NULL);
  50 }
  51 EXPORT_SYMBOL_GPL(leave_mm);
  52
  53 void switch_mm(struct mm_struct *prev, struct mm_struct *next,
  54                struct task_struct *tsk)
  55 {
  56         unsigned long flags;
  57
  58         local_irq_save(flags);
  59         switch_mm_irqs_off(prev, next, tsk);
  60         local_irq_restore(flags);
  61 }
  62
  63 void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
  64                         struct task_struct *tsk)
  65 {
  66         unsigned cpu = smp_processor_id();
  67         struct mm_struct *real_prev = this_cpu_read(cpu_tlbstate.loaded_mm);
  68
  69         /*
  70          * NB: The scheduler will call us with prev == next when
  71          * switching from lazy TLB mode to normal mode if active_mm
  72          * isn't changing.  When this happens, there is no guarantee
  73          * that CR3 (and hence cpu_tlbstate.loaded_mm) matches next.
  74          *
  75          * NB: leave_mm() calls us with prev == NULL and tsk == NULL.
  76          */
  77
  78         this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
  79
  80         if (real_prev == next) {
  81                 /*
  82                  * There's nothing to do: we always keep the per-mm control
  83                  * regs in sync with cpu_tlbstate.loaded_mm.  Just
  84                  * sanity-check mm_cpumask.
  85                  */
  86                 if (WARN_ON_ONCE(!cpumask_test_cpu(cpu, mm_cpumask(next))))
  87                         cpumask_set_cpu(cpu, mm_cpumask(next));
  88                 return;
  89         }
  90
  91         if (IS_ENABLED(CONFIG_VMAP_STACK)) {
  92                 /*
  93                  * If our current stack is in vmalloc space and isn't
  94                  * mapped in the new pgd, we'll double-fault.  Forcibly
  95                  * map it.
  96                  */
  97                 unsigned int stack_pgd_index = pgd_index(current_stack_pointer());
  98
  99                 pgd_t *pgd = next->pgd + stack_pgd_index;
 100
 101                 if (unlikely(pgd_none(*pgd)))
 102                         set_pgd(pgd, init_mm.pgd[stack_pgd_index]);
 103         }
 104
 105         this_cpu_write(cpu_tlbstate.loaded_mm, next);
 106
 107         WARN_ON_ONCE(cpumask_test_cpu(cpu, mm_cpumask(next)));
 108         cpumask_set_cpu(cpu, mm_cpumask(next));
 109
 110         /*
 111          * Re-load page tables.
 112          *
 113          * This logic has an ordering constraint:
 114          *
 115          *  CPU 0: Write to a PTE for 'next'
 116          *  CPU 0: load bit 1 in mm_cpumask.  if nonzero, send IPI.
 117          *  CPU 1: set bit 1 in next's mm_cpumask
 118          *  CPU 1: load from the PTE that CPU 0 writes (implicit)
 119          *
 120          * We need to prevent an outcome in which CPU 1 observes
 121          * the new PTE value and CPU 0 observes bit 1 clear in
 122          * mm_cpumask.  (If that occurs, then the IPI will never
 123          * be sent, and CPU 0's TLB will contain a stale entry.)
 124          *
 125          * The bad outcome can occur if either CPU's load is
 126          * reordered before that CPU's store, so both CPUs must
 127          * execute full barriers to prevent this from happening.
 128          *
 129          * Thus, switch_mm needs a full barrier between the
 130          * store to mm_cpumask and any operation that could load
 131          * from next->pgd.  TLB fills are special and can happen
 132          * due to instruction fetches or for no reason at all,
 133          * and neither LOCK nor MFENCE orders them.
 134          * Fortunately, load_cr3() is serializing and gives the
 135          * ordering guarantee we need.
 136          */
 137         load_cr3(next->pgd);
 138
 139         /*
 140          * This gets called via leave_mm() in the idle path where RCU
 141          * functions differently.  Tracing normally uses RCU, so we have to
 142          * call the tracepoint specially here.
 143          */
 144         trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
 145
 146         /* Stop flush ipis for the previous mm */
 147         WARN_ON_ONCE(!cpumask_test_cpu(cpu, mm_cpumask(real_prev)) &&
 148                      real_prev != &init_mm);
 149         cpumask_clear_cpu(cpu, mm_cpumask(real_prev));
 150
 151         /* Load per-mm CR4 and LDTR state */
 152         load_mm_cr4(next);
 153         switch_ldt(real_prev, next);
 154 }
 155
 156 /*
 157  * The flush IPI assumes that a thread switch happens in this order:
 158  * [cpu0: the cpu that switches]
 159  * 1) switch_mm() either 1a) or 1b)
 160  * 1a) thread switch to a different mm
 161  * 1a1) set cpu_tlbstate to TLBSTATE_OK
 162  *      Now the tlb flush NMI handler flush_tlb_func won't call leave_mm
 163  *      if cpu0 was in lazy tlb mode.
 164  * 1a2) update cpu active_mm
 165  *      Now cpu0 accepts tlb flushes for the new mm.
 166  * 1a3) cpu_set(cpu, new_mm->cpu_vm_mask);
 167  *      Now the other cpus will send tlb flush ipis.
 168  * 1a4) change cr3.
 169  * 1a5) cpu_clear(cpu, old_mm->cpu_vm_mask);
 170  *      Stop ipi delivery for the old mm. This is not synchronized with
 171  *      the other cpus, but flush_tlb_func ignore flush ipis for the wrong
 172  *      mm, and in the worst case we perform a superfluous tlb flush.
 173  * 1b) thread switch without mm change
 174  *      cpu active_mm is correct, cpu0 already handles flush ipis.
 175  * 1b1) set cpu_tlbstate to TLBSTATE_OK
 176  * 1b2) test_and_set the cpu bit in cpu_vm_mask.
 177  *      Atomically set the bit [other cpus will start sending flush ipis],
 178  *      and test the bit.
 179  * 1b3) if the bit was 0: leave_mm was called, flush the tlb.
 180  * 2) switch %%esp, ie current
 181  *
 182  * The interrupt must handle 2 special cases:
 183  * - cr3 is changed before %%esp, ie. it cannot use current->{active_,}mm.
 184  * - the cpu performs speculative tlb reads, i.e. even if the cpu only
 185  *   runs in kernel space, the cpu could load tlb entries for user space
 186  *   pages.
 187  *
 188  * The good news is that cpu_tlbstate is local to each cpu, no
 189  * write/read ordering problems.
 190  */
 191
 192 static void flush_tlb_func_common(const struct flush_tlb_info *f,
 193                                   bool local, enum tlb_flush_reason reason)
 194 {
 195         if (this_cpu_read(cpu_tlbstate.state) != TLBSTATE_OK) {
 196                 leave_mm(smp_processor_id());
 197                 return;
 198         }
 199
 200         if (f->end == TLB_FLUSH_ALL) {
 201                 local_flush_tlb();
 202                 if (local)
 203                         count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
 204                 trace_tlb_flush(reason, TLB_FLUSH_ALL);
 205         } else {
 206                 unsigned long addr;
 207                 unsigned long nr_pages = (f->end - f->start) >> PAGE_SHIFT;
 208                 addr = f->start;
 209                 while (addr < f->end) {
 210                         __flush_tlb_single(addr);
 211                         addr += PAGE_SIZE;
 212                 }
 213                 if (local)
 214                         count_vm_tlb_events(NR_TLB_LOCAL_FLUSH_ONE, nr_pages);
 215                 trace_tlb_flush(reason, nr_pages);
 216         }
 217 }
 218
 219 static void flush_tlb_func_local(void *info, enum tlb_flush_reason reason)
 220 {
 221         const struct flush_tlb_info *f = info;
 222
 223         flush_tlb_func_common(f, true, reason);
 224 }
 225
 226 static void flush_tlb_func_remote(void *info)
 227 {
 228         const struct flush_tlb_info *f = info;
 229
 230         inc_irq_stat(irq_tlb_count);
 231
 232         if (f->mm && f->mm != this_cpu_read(cpu_tlbstate.loaded_mm))
 233                 return;
 234
 235         count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
 236         flush_tlb_func_common(f, false, TLB_REMOTE_SHOOTDOWN);
 237 }
 238
 239 void native_flush_tlb_others(const struct cpumask *cpumask,
 240                              const struct flush_tlb_info *info)
 241 {
 242         count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
 243         if (info->end == TLB_FLUSH_ALL)
 244                 trace_tlb_flush(TLB_REMOTE_SEND_IPI, TLB_FLUSH_ALL);
 245         else
 246                 trace_tlb_flush(TLB_REMOTE_SEND_IPI,
 247                                 (info->end - info->start) >> PAGE_SHIFT);
 248
 249         if (is_uv_system()) {
 250                 unsigned int cpu;
 251
 252                 cpu = smp_processor_id();
 253                 cpumask = uv_flush_tlb_others(cpumask, info);
 254                 if (cpumask)
 255                         smp_call_function_many(cpumask, flush_tlb_func_remote,
 256                                                (void *)info, 1);
 257                 return;
 258         }
 259         smp_call_function_many(cpumask, flush_tlb_func_remote,
 260                                (void *)info, 1);
 261 }
 262
 263 /*
 264  * See Documentation/x86/tlb.txt for details.  We choose 33
 265  * because it is large enough to cover the vast majority (at
 266  * least 95%) of allocations, and is small enough that we are
 267  * confident it will not cause too much overhead.  Each single
 268  * flush is about 100 ns, so this caps the maximum overhead at
 269  * _about_ 3,000 ns.
 270  *
 271  * This is in units of pages.
 272  */
 273 static unsigned long tlb_single_page_flush_ceiling __read_mostly = 33;
 274
 275 void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
 276                                 unsigned long end, unsigned long vmflag)
 277 {
 278         int cpu;
 279
 280         struct flush_tlb_info info = {
 281                 .mm = mm,
 282         };
 283
 284         cpu = get_cpu();
 285
 286         /* Synchronize with switch_mm. */
 287         smp_mb();
 288
 289         /* Should we flush just the requested range? */
 290         if ((end != TLB_FLUSH_ALL) &&
 291             !(vmflag & VM_HUGETLB) &&
 292             ((end - start) >> PAGE_SHIFT) <= tlb_single_page_flush_ceiling) {
 293                 info.start = start;
 294                 info.end = end;
 295         } else {
 296                 info.start = 0UL;
 297                 info.end = TLB_FLUSH_ALL;
 298         }
 299
 300         if (mm == this_cpu_read(cpu_tlbstate.loaded_mm))
 301                 flush_tlb_func_local(&info, TLB_LOCAL_MM_SHOOTDOWN);
 302         if (cpumask_any_but(mm_cpumask(mm), cpu) < nr_cpu_ids)
 303                 flush_tlb_others(mm_cpumask(mm), &info);
 304         put_cpu();
 305 }
 306
 307
 308 static void do_flush_tlb_all(void *info)
 309 {
 310         count_vm_tlb_event(NR_TLB_REMOTE_FLUSH_RECEIVED);
 311         __flush_tlb_all();
 312         if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_LAZY)
 313                 leave_mm(smp_processor_id());
 314 }
 315
 316 void flush_tlb_all(void)
 317 {
 318         count_vm_tlb_event(NR_TLB_REMOTE_FLUSH);
 319         on_each_cpu(do_flush_tlb_all, NULL, 1);
 320 }
 321
 322 static void do_kernel_range_flush(void *info)
 323 {
 324         struct flush_tlb_info *f = info;
 325         unsigned long addr;
 326
 327         /* flush range by one by one 'invlpg' */
 328         for (addr = f->start; addr < f->end; addr += PAGE_SIZE)
 329                 __flush_tlb_single(addr);
 330 }
 331
 332 void flush_tlb_kernel_range(unsigned long start, unsigned long end)
 333 {
 334
 335         /* Balance as user space task's flush, a bit conservative */
 336         if (end == TLB_FLUSH_ALL ||
 337             (end - start) > tlb_single_page_flush_ceiling << PAGE_SHIFT) {
 338                 on_each_cpu(do_flush_tlb_all, NULL, 1);
 339         } else {
 340                 struct flush_tlb_info info;
 341                 info.start = start;
 342                 info.end = end;
 343                 on_each_cpu(do_kernel_range_flush, &info, 1);
 344         }
 345 }
 346
 347 void arch_tlbbatch_flush(struct arch_tlbflush_unmap_batch *batch)
 348 {
 349         struct flush_tlb_info info = {
 350                 .mm = NULL,
 351                 .start = 0UL,
 352                 .end = TLB_FLUSH_ALL,
 353         };
 354
 355         int cpu = get_cpu();
 356
 357         if (cpumask_test_cpu(cpu, &batch->cpumask))
 358                 flush_tlb_func_local(&info, TLB_LOCAL_SHOOTDOWN);
 359         if (cpumask_any_but(&batch->cpumask, cpu) < nr_cpu_ids)
 360                 flush_tlb_others(&batch->cpumask, &info);
 361         cpumask_clear(&batch->cpumask);
 362
 363         put_cpu();
 364 }
 365
 366 static ssize_t tlbflush_read_file(struct file *file, char __user *user_buf,
 367                              size_t count, loff_t *ppos)
 368 {
 369         char buf[32];
 370         unsigned int len;
 371
 372         len = sprintf(buf, "%ld\n", tlb_single_page_flush_ceiling);
 373         return simple_read_from_buffer(user_buf, count, ppos, buf, len);
 374 }
 375
 376 static ssize_t tlbflush_write_file(struct file *file,
 377                  const char __user *user_buf, size_t count, loff_t *ppos)
 378 {
 379         char buf[32];
 380         ssize_t len;
 381         int ceiling;
 382
 383         len = min(count, sizeof(buf) - 1);
 384         if (copy_from_user(buf, user_buf, len))
 385                 return -EFAULT;
 386
 387         buf[len] = '\0';
 388         if (kstrtoint(buf, 0, &ceiling))
 389                 return -EINVAL;
 390
 391         if (ceiling < 0)
 392                 return -EINVAL;
 393
 394         tlb_single_page_flush_ceiling = ceiling;
 395         return count;
 396 }
 397
 398 static const struct file_operations fops_tlbflush = {
 399         .read = tlbflush_read_file,
 400         .write = tlbflush_write_file,
 401         .llseek = default_llseek,
 402 };
 403
 404 static int __init create_tlb_single_page_flush_ceiling(void)
 405 {
 406         debugfs_create_file("tlb_single_page_flush_ceiling", S_IRUSR | S_IWUSR,
 407                             arch_debugfs_dir, NULL, &fops_tlbflush);
 408         return 0;
 409 }
 410 late_initcall(create_tlb_single_page_flush_ceiling);