]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blob - kernel/memremap.c
projects / mirror_ubuntu-hirsute-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
memremap: validate the pagemap type passed to devm_memremap_pages
[mirror_ubuntu-hirsute-kernel.git] / kernel / memremap.c
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /* Copyright(c) 2015 Intel Corporation. All rights reserved. */
3 #include <linux/device.h>
4 #include <linux/io.h>
5 #include <linux/kasan.h>
6 #include <linux/memory_hotplug.h>
7 #include <linux/mm.h>
8 #include <linux/pfn_t.h>
9 #include <linux/swap.h>
10 #include <linux/swapops.h>
11 #include <linux/types.h>
12 #include <linux/wait_bit.h>
13 #include <linux/xarray.h>
14 #include <linux/hmm.h>
15
16 static DEFINE_XARRAY(pgmap_array);
17 #define SECTION_MASK ~((1UL << PA_SECTION_SHIFT) - 1)
18 #define SECTION_SIZE (1UL << PA_SECTION_SHIFT)
19
20 #if IS_ENABLED(CONFIG_DEVICE_PRIVATE)
21 vm_fault_t device_private_entry_fault(struct vm_area_struct *vma,
22 unsigned long addr,
23 swp_entry_t entry,
24 unsigned int flags,
25 pmd_t *pmdp)
26 {
27 struct page *page = device_private_entry_to_page(entry);
28 struct hmm_devmem *devmem;
29
30 devmem = container_of(page->pgmap, typeof(*devmem), pagemap);
31
32 /*
33 * The page_fault() callback must migrate page back to system memory
34 * so that CPU can access it. This might fail for various reasons
35 * (device issue, device was unsafely unplugged, ...). When such
36 * error conditions happen, the callback must return VM_FAULT_SIGBUS.
37 *
38 * Note that because memory cgroup charges are accounted to the device
39 * memory, this should never fail because of memory restrictions (but
40 * allocation of regular system page might still fail because we are
41 * out of memory).
42 *
43 * There is a more in-depth description of what that callback can and
44 * cannot do, in include/linux/memremap.h
45 */
46 return devmem->page_fault(vma, addr, page, flags, pmdp);
47 }
48 #endif /* CONFIG_DEVICE_PRIVATE */
49
50 static void pgmap_array_delete(struct resource *res)
51 {
52 xa_store_range(&pgmap_array, PHYS_PFN(res->start), PHYS_PFN(res->end),
53 NULL, GFP_KERNEL);
54 synchronize_rcu();
55 }
56
57 static unsigned long pfn_first(struct dev_pagemap *pgmap)
58 {
59 const struct resource *res = &pgmap->res;
60 struct vmem_altmap *altmap = &pgmap->altmap;
61 unsigned long pfn;
62
63 pfn = res->start >> PAGE_SHIFT;
64 if (pgmap->altmap_valid)
65 pfn += vmem_altmap_offset(altmap);
66 return pfn;
67 }
68
69 static unsigned long pfn_end(struct dev_pagemap *pgmap)
70 {
71 const struct resource *res = &pgmap->res;
72
73 return (res->start + resource_size(res)) >> PAGE_SHIFT;
74 }
75
76 static unsigned long pfn_next(unsigned long pfn)
77 {
78 if (pfn % 1024 == 0)
79 cond_resched();
80 return pfn + 1;
81 }
82
83 #define for_each_device_pfn(pfn, map) \
84 for (pfn = pfn_first(map); pfn < pfn_end(map); pfn = pfn_next(pfn))
85
86 static void devm_memremap_pages_release(void *data)
87 {
88 struct dev_pagemap *pgmap = data;
89 struct device *dev = pgmap->dev;
90 struct resource *res = &pgmap->res;
91 resource_size_t align_start, align_size;
92 unsigned long pfn;
93 int nid;
94
95 pgmap->kill(pgmap->ref);
96 for_each_device_pfn(pfn, pgmap)
97 put_page(pfn_to_page(pfn));
98 pgmap->cleanup(pgmap->ref);
99
100 /* pages are dead and unused, undo the arch mapping */
101 align_start = res->start & ~(SECTION_SIZE - 1);
102 align_size = ALIGN(res->start + resource_size(res), SECTION_SIZE)
103 - align_start;
104
105 nid = page_to_nid(pfn_to_page(align_start >> PAGE_SHIFT));
106
107 mem_hotplug_begin();
108 if (pgmap->type == MEMORY_DEVICE_PRIVATE) {
109 pfn = align_start >> PAGE_SHIFT;
110 __remove_pages(page_zone(pfn_to_page(pfn)), pfn,
111 align_size >> PAGE_SHIFT, NULL);
112 } else {
113 arch_remove_memory(nid, align_start, align_size,
114 pgmap->altmap_valid ? &pgmap->altmap : NULL);
115 kasan_remove_zero_shadow(__va(align_start), align_size);
116 }
117 mem_hotplug_done();
118
119 untrack_pfn(NULL, PHYS_PFN(align_start), align_size);
120 pgmap_array_delete(res);
121 dev_WARN_ONCE(dev, pgmap->altmap.alloc,
122 "%s: failed to free all reserved pages\n", __func__);
123 }
124
125 /**
126 * devm_memremap_pages - remap and provide memmap backing for the given resource
127 * @dev: hosting device for @res
128 * @pgmap: pointer to a struct dev_pagemap
129 *
130 * Notes:
131 * 1/ At a minimum the res, ref and type members of @pgmap must be initialized
132 * by the caller before passing it to this function
133 *
134 * 2/ The altmap field may optionally be initialized, in which case altmap_valid
135 * must be set to true
136 *
137 * 3/ pgmap->ref must be 'live' on entry and will be killed and reaped
138 * at devm_memremap_pages_release() time, or if this routine fails.
139 *
140 * 4/ res is expected to be a host memory range that could feasibly be
141 * treated as a "System RAM" range, i.e. not a device mmio range, but
142 * this is not enforced.
143 */
144 void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap)
145 {
146 resource_size_t align_start, align_size, align_end;
147 struct vmem_altmap *altmap = pgmap->altmap_valid ?
148 &pgmap->altmap : NULL;
149 struct resource *res = &pgmap->res;
150 struct dev_pagemap *conflict_pgmap;
151 struct mhp_restrictions restrictions = {
152 /*
153 * We do not want any optional features only our own memmap
154 */
155 .altmap = altmap,
156 };
157 pgprot_t pgprot = PAGE_KERNEL;
158 int error, nid, is_ram;
159
160 switch (pgmap->type) {
161 case MEMORY_DEVICE_PRIVATE:
162 if (!IS_ENABLED(CONFIG_DEVICE_PRIVATE)) {
163 WARN(1, "Device private memory not supported\n");
164 return ERR_PTR(-EINVAL);
165 }
166 break;
167 case MEMORY_DEVICE_FS_DAX:
168 if (!IS_ENABLED(CONFIG_ZONE_DEVICE) ||
169 IS_ENABLED(CONFIG_FS_DAX_LIMITED)) {
170 WARN(1, "File system DAX not supported\n");
171 return ERR_PTR(-EINVAL);
172 }
173 break;
174 case MEMORY_DEVICE_DEVDAX:
175 case MEMORY_DEVICE_PCI_P2PDMA:
176 break;
177 default:
178 WARN(1, "Invalid pgmap type %d\n", pgmap->type);
179 break;
180 }
181
182 if (!pgmap->ref || !pgmap->kill || !pgmap->cleanup) {
183 WARN(1, "Missing reference count teardown definition\n");
184 return ERR_PTR(-EINVAL);
185 }
186
187 align_start = res->start & ~(SECTION_SIZE - 1);
188 align_size = ALIGN(res->start + resource_size(res), SECTION_SIZE)
189 - align_start;
190 align_end = align_start + align_size - 1;
191
192 conflict_pgmap = get_dev_pagemap(PHYS_PFN(align_start), NULL);
193 if (conflict_pgmap) {
194 dev_WARN(dev, "Conflicting mapping in same section\n");
195 put_dev_pagemap(conflict_pgmap);
196 error = -ENOMEM;
197 goto err_array;
198 }
199
200 conflict_pgmap = get_dev_pagemap(PHYS_PFN(align_end), NULL);
201 if (conflict_pgmap) {
202 dev_WARN(dev, "Conflicting mapping in same section\n");
203 put_dev_pagemap(conflict_pgmap);
204 error = -ENOMEM;
205 goto err_array;
206 }
207
208 is_ram = region_intersects(align_start, align_size,
209 IORESOURCE_SYSTEM_RAM, IORES_DESC_NONE);
210
211 if (is_ram != REGION_DISJOINT) {
212 WARN_ONCE(1, "%s attempted on %s region %pr\n", __func__,
213 is_ram == REGION_MIXED ? "mixed" : "ram", res);
214 error = -ENXIO;
215 goto err_array;
216 }
217
218 pgmap->dev = dev;
219
220 error = xa_err(xa_store_range(&pgmap_array, PHYS_PFN(res->start),
221 PHYS_PFN(res->end), pgmap, GFP_KERNEL));
222 if (error)
223 goto err_array;
224
225 nid = dev_to_node(dev);
226 if (nid < 0)
227 nid = numa_mem_id();
228
229 error = track_pfn_remap(NULL, &pgprot, PHYS_PFN(align_start), 0,
230 align_size);
231 if (error)
232 goto err_pfn_remap;
233
234 mem_hotplug_begin();
235
236 /*
237 * For device private memory we call add_pages() as we only need to
238 * allocate and initialize struct page for the device memory. More-
239 * over the device memory is un-accessible thus we do not want to
240 * create a linear mapping for the memory like arch_add_memory()
241 * would do.
242 *
243 * For all other device memory types, which are accessible by
244 * the CPU, we do want the linear mapping and thus use
245 * arch_add_memory().
246 */
247 if (pgmap->type == MEMORY_DEVICE_PRIVATE) {
248 error = add_pages(nid, align_start >> PAGE_SHIFT,
249 align_size >> PAGE_SHIFT, &restrictions);
250 } else {
251 error = kasan_add_zero_shadow(__va(align_start), align_size);
252 if (error) {
253 mem_hotplug_done();
254 goto err_kasan;
255 }
256
257 error = arch_add_memory(nid, align_start, align_size,
258 &restrictions);
259 }
260
261 if (!error) {
262 struct zone *zone;
263
264 zone = &NODE_DATA(nid)->node_zones[ZONE_DEVICE];
265 move_pfn_range_to_zone(zone, align_start >> PAGE_SHIFT,
266 align_size >> PAGE_SHIFT, altmap);
267 }
268
269 mem_hotplug_done();
270 if (error)
271 goto err_add_memory;
272
273 /*
274 * Initialization of the pages has been deferred until now in order
275 * to allow us to do the work while not holding the hotplug lock.
276 */
277 memmap_init_zone_device(&NODE_DATA(nid)->node_zones[ZONE_DEVICE],
278 align_start >> PAGE_SHIFT,
279 align_size >> PAGE_SHIFT, pgmap);
280 percpu_ref_get_many(pgmap->ref, pfn_end(pgmap) - pfn_first(pgmap));
281
282 error = devm_add_action_or_reset(dev, devm_memremap_pages_release,
283 pgmap);
284 if (error)
285 return ERR_PTR(error);
286
287 return __va(res->start);
288
289 err_add_memory:
290 kasan_remove_zero_shadow(__va(align_start), align_size);
291 err_kasan:
292 untrack_pfn(NULL, PHYS_PFN(align_start), align_size);
293 err_pfn_remap:
294 pgmap_array_delete(res);
295 err_array:
296 pgmap->kill(pgmap->ref);
297 pgmap->cleanup(pgmap->ref);
298
299 return ERR_PTR(error);
300 }
301 EXPORT_SYMBOL_GPL(devm_memremap_pages);
302
303 void devm_memunmap_pages(struct device *dev, struct dev_pagemap *pgmap)
304 {
305 devm_release_action(dev, devm_memremap_pages_release, pgmap);
306 }
307 EXPORT_SYMBOL_GPL(devm_memunmap_pages);
308
309 unsigned long vmem_altmap_offset(struct vmem_altmap *altmap)
310 {
311 /* number of pfns from base where pfn_to_page() is valid */
312 return altmap->reserve + altmap->free;
313 }
314
315 void vmem_altmap_free(struct vmem_altmap *altmap, unsigned long nr_pfns)
316 {
317 altmap->alloc -= nr_pfns;
318 }
319
320 /**
321 * get_dev_pagemap() - take a new live reference on the dev_pagemap for @pfn
322 * @pfn: page frame number to lookup page_map
323 * @pgmap: optional known pgmap that already has a reference
324 *
325 * If @pgmap is non-NULL and covers @pfn it will be returned as-is. If @pgmap
326 * is non-NULL but does not cover @pfn the reference to it will be released.
327 */
328 struct dev_pagemap *get_dev_pagemap(unsigned long pfn,
329 struct dev_pagemap *pgmap)
330 {
331 resource_size_t phys = PFN_PHYS(pfn);
332
333 /*
334 * In the cached case we're already holding a live reference.
335 */
336 if (pgmap) {
337 if (phys >= pgmap->res.start && phys <= pgmap->res.end)
338 return pgmap;
339 put_dev_pagemap(pgmap);
340 }
341
342 /* fall back to slow path lookup */
343 rcu_read_lock();
344 pgmap = xa_load(&pgmap_array, PHYS_PFN(phys));
345 if (pgmap && !percpu_ref_tryget_live(pgmap->ref))
346 pgmap = NULL;
347 rcu_read_unlock();
348
349 return pgmap;
350 }
351 EXPORT_SYMBOL_GPL(get_dev_pagemap);
352
353 #ifdef CONFIG_DEV_PAGEMAP_OPS
354 DEFINE_STATIC_KEY_FALSE(devmap_managed_key);
355 EXPORT_SYMBOL(devmap_managed_key);
356 static atomic_t devmap_enable;
357
358 /*
359 * Toggle the static key for ->page_free() callbacks when dev_pagemap
360 * pages go idle.
361 */
362 void dev_pagemap_get_ops(void)
363 {
364 if (atomic_inc_return(&devmap_enable) == 1)
365 static_branch_enable(&devmap_managed_key);
366 }
367 EXPORT_SYMBOL_GPL(dev_pagemap_get_ops);
368
369 void dev_pagemap_put_ops(void)
370 {
371 if (atomic_dec_and_test(&devmap_enable))
372 static_branch_disable(&devmap_managed_key);
373 }
374 EXPORT_SYMBOL_GPL(dev_pagemap_put_ops);
375
376 void __put_devmap_managed_page(struct page *page)
377 {
378 int count = page_ref_dec_return(page);
379
380 /*
381 * If refcount is 1 then page is freed and refcount is stable as nobody
382 * holds a reference on the page.
383 */
384 if (count == 1) {
385 /* Clear Active bit in case of parallel mark_page_accessed */
386 __ClearPageActive(page);
387 __ClearPageWaiters(page);
388
389 mem_cgroup_uncharge(page);
390
391 page->pgmap->page_free(page, page->pgmap->data);
392 } else if (!count)
393 __put_page(page);
394 }
395 EXPORT_SYMBOL(__put_devmap_managed_page);
396 #endif /* CONFIG_DEV_PAGEMAP_OPS */
Ubuntu Hirsute Linux kernel mirror