2b5548b681
Since the address of swapper_pg_dir is fixed for a given kernel image, it is an attractive target for manipulation via an arbitrary write. To mitigate this we'd like to make it read-only by moving it into the rodata section. We require that swapper_pg_dir is at a fixed offset from tramp_pg_dir and reserved_ttbr0, so these will also need to move into rodata. However, swapper_pg_dir is allocated along with some transient page tables used for boot which we do not want to move into rodata. As a step towards this, this patch separates the boot-time page tables into a new init_pg_dir, and reduces swapper_pg_dir to the single page it needs to be. This allows us to retain the relationship between swapper_pg_dir, tramp_pg_dir, and swapper_pg_dir, while cleanly separating these from the boot-time page tables. The init_pg_dir holds all of the pgd/pud/pmd/pte levels needed during boot, and all of these levels will be freed when we switch to the swapper_pg_dir, which is initialized by the existing code in paging_init(). Since we start off on the init_pg_dir, we no longer need to allocate a transient page table in paging_init() in order to ensure that swapper_pg_dir isn't live while we initialize it. There should be no functional change as a result of this patch. Signed-off-by: Jun Yao <yaojun8558363@gmail.com> Reviewed-by: James Morse <james.morse@arm.com> [Mark: place init_pg_dir after BSS, fold mm changes, commit message] Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
163 lines
5.7 KiB
C
163 lines
5.7 KiB
C
/*
|
|
* Kernel page table mapping
|
|
*
|
|
* Copyright (C) 2015 ARM Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef __ASM_KERNEL_PGTABLE_H
|
|
#define __ASM_KERNEL_PGTABLE_H
|
|
|
|
#include <asm/pgtable.h>
|
|
#include <asm/sparsemem.h>
|
|
|
|
/*
|
|
* The linear mapping and the start of memory are both 2M aligned (per
|
|
* the arm64 booting.txt requirements). Hence we can use section mapping
|
|
* with 4K (section size = 2M) but not with 16K (section size = 32M) or
|
|
* 64K (section size = 512M).
|
|
*/
|
|
#ifdef CONFIG_ARM64_4K_PAGES
|
|
#define ARM64_SWAPPER_USES_SECTION_MAPS 1
|
|
#else
|
|
#define ARM64_SWAPPER_USES_SECTION_MAPS 0
|
|
#endif
|
|
|
|
/*
|
|
* The idmap and swapper page tables need some space reserved in the kernel
|
|
* image. Both require pgd, pud (4 levels only) and pmd tables to (section)
|
|
* map the kernel. With the 64K page configuration, swapper and idmap need to
|
|
* map to pte level. The swapper also maps the FDT (see __create_page_tables
|
|
* for more information). Note that the number of ID map translation levels
|
|
* could be increased on the fly if system RAM is out of reach for the default
|
|
* VA range, so pages required to map highest possible PA are reserved in all
|
|
* cases.
|
|
*/
|
|
#if ARM64_SWAPPER_USES_SECTION_MAPS
|
|
#define SWAPPER_PGTABLE_LEVELS (CONFIG_PGTABLE_LEVELS - 1)
|
|
#define IDMAP_PGTABLE_LEVELS (ARM64_HW_PGTABLE_LEVELS(PHYS_MASK_SHIFT) - 1)
|
|
#else
|
|
#define SWAPPER_PGTABLE_LEVELS (CONFIG_PGTABLE_LEVELS)
|
|
#define IDMAP_PGTABLE_LEVELS (ARM64_HW_PGTABLE_LEVELS(PHYS_MASK_SHIFT))
|
|
#endif
|
|
|
|
|
|
/*
|
|
* If KASLR is enabled, then an offset K is added to the kernel address
|
|
* space. The bottom 21 bits of this offset are zero to guarantee 2MB
|
|
* alignment for PA and VA.
|
|
*
|
|
* For each pagetable level of the swapper, we know that the shift will
|
|
* be larger than 21 (for the 4KB granule case we use section maps thus
|
|
* the smallest shift is actually 30) thus there is the possibility that
|
|
* KASLR can increase the number of pagetable entries by 1, so we make
|
|
* room for this extra entry.
|
|
*
|
|
* Note KASLR cannot increase the number of required entries for a level
|
|
* by more than one because it increments both the virtual start and end
|
|
* addresses equally (the extra entry comes from the case where the end
|
|
* address is just pushed over a boundary and the start address isn't).
|
|
*/
|
|
|
|
#ifdef CONFIG_RANDOMIZE_BASE
|
|
#define EARLY_KASLR (1)
|
|
#else
|
|
#define EARLY_KASLR (0)
|
|
#endif
|
|
|
|
#define EARLY_ENTRIES(vstart, vend, shift) (((vend) >> (shift)) \
|
|
- ((vstart) >> (shift)) + 1 + EARLY_KASLR)
|
|
|
|
#define EARLY_PGDS(vstart, vend) (EARLY_ENTRIES(vstart, vend, PGDIR_SHIFT))
|
|
|
|
#if SWAPPER_PGTABLE_LEVELS > 3
|
|
#define EARLY_PUDS(vstart, vend) (EARLY_ENTRIES(vstart, vend, PUD_SHIFT))
|
|
#else
|
|
#define EARLY_PUDS(vstart, vend) (0)
|
|
#endif
|
|
|
|
#if SWAPPER_PGTABLE_LEVELS > 2
|
|
#define EARLY_PMDS(vstart, vend) (EARLY_ENTRIES(vstart, vend, SWAPPER_TABLE_SHIFT))
|
|
#else
|
|
#define EARLY_PMDS(vstart, vend) (0)
|
|
#endif
|
|
|
|
#define EARLY_PAGES(vstart, vend) ( 1 /* PGDIR page */ \
|
|
+ EARLY_PGDS((vstart), (vend)) /* each PGDIR needs a next level page table */ \
|
|
+ EARLY_PUDS((vstart), (vend)) /* each PUD needs a next level page table */ \
|
|
+ EARLY_PMDS((vstart), (vend))) /* each PMD needs a next level page table */
|
|
#define INIT_DIR_SIZE (PAGE_SIZE * EARLY_PAGES(KIMAGE_VADDR + TEXT_OFFSET, _end))
|
|
#define IDMAP_DIR_SIZE (IDMAP_PGTABLE_LEVELS * PAGE_SIZE)
|
|
|
|
#ifdef CONFIG_ARM64_SW_TTBR0_PAN
|
|
#define RESERVED_TTBR0_SIZE (PAGE_SIZE)
|
|
#else
|
|
#define RESERVED_TTBR0_SIZE (0)
|
|
#endif
|
|
|
|
/* Initial memory map size */
|
|
#if ARM64_SWAPPER_USES_SECTION_MAPS
|
|
#define SWAPPER_BLOCK_SHIFT SECTION_SHIFT
|
|
#define SWAPPER_BLOCK_SIZE SECTION_SIZE
|
|
#define SWAPPER_TABLE_SHIFT PUD_SHIFT
|
|
#else
|
|
#define SWAPPER_BLOCK_SHIFT PAGE_SHIFT
|
|
#define SWAPPER_BLOCK_SIZE PAGE_SIZE
|
|
#define SWAPPER_TABLE_SHIFT PMD_SHIFT
|
|
#endif
|
|
|
|
/* The size of the initial kernel direct mapping */
|
|
#define SWAPPER_INIT_MAP_SIZE (_AC(1, UL) << SWAPPER_TABLE_SHIFT)
|
|
|
|
/*
|
|
* Initial memory map attributes.
|
|
*/
|
|
#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
|
|
#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
|
|
|
|
#if ARM64_SWAPPER_USES_SECTION_MAPS
|
|
#define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS)
|
|
#else
|
|
#define SWAPPER_MM_MMUFLAGS (PTE_ATTRINDX(MT_NORMAL) | SWAPPER_PTE_FLAGS)
|
|
#endif
|
|
|
|
/*
|
|
* To make optimal use of block mappings when laying out the linear
|
|
* mapping, round down the base of physical memory to a size that can
|
|
* be mapped efficiently, i.e., either PUD_SIZE (4k granule) or PMD_SIZE
|
|
* (64k granule), or a multiple that can be mapped using contiguous bits
|
|
* in the page tables: 32 * PMD_SIZE (16k granule)
|
|
*/
|
|
#if defined(CONFIG_ARM64_4K_PAGES)
|
|
#define ARM64_MEMSTART_SHIFT PUD_SHIFT
|
|
#elif defined(CONFIG_ARM64_16K_PAGES)
|
|
#define ARM64_MEMSTART_SHIFT (PMD_SHIFT + 5)
|
|
#else
|
|
#define ARM64_MEMSTART_SHIFT PMD_SHIFT
|
|
#endif
|
|
|
|
/*
|
|
* sparsemem vmemmap imposes an additional requirement on the alignment of
|
|
* memstart_addr, due to the fact that the base of the vmemmap region
|
|
* has a direct correspondence, and needs to appear sufficiently aligned
|
|
* in the virtual address space.
|
|
*/
|
|
#if defined(CONFIG_SPARSEMEM_VMEMMAP) && ARM64_MEMSTART_SHIFT < SECTION_SIZE_BITS
|
|
#define ARM64_MEMSTART_ALIGN (1UL << SECTION_SIZE_BITS)
|
|
#else
|
|
#define ARM64_MEMSTART_ALIGN (1UL << ARM64_MEMSTART_SHIFT)
|
|
#endif
|
|
|
|
#endif /* __ASM_KERNEL_PGTABLE_H */
|