1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Based on arch/arm/mm/init.c
4  *
5  * Copyright (C) 1995-2005 Russell King
6  * Copyright (C) 2012 ARM Ltd.
7  */
8 
9 #include <linux/kernel.h>
10 #include <linux/export.h>
11 #include <linux/errno.h>
12 #include <linux/swap.h>
13 #include <linux/init.h>
14 #include <linux/cache.h>
15 #include <linux/mman.h>
16 #include <linux/nodemask.h>
17 #include <linux/initrd.h>
18 #include <linux/gfp.h>
19 #include <linux/memblock.h>
20 #include <linux/sort.h>
21 #include <linux/of.h>
22 #include <linux/of_fdt.h>
23 #include <linux/dma-direct.h>
24 #include <linux/dma-map-ops.h>
25 #include <linux/efi.h>
26 #include <linux/swiotlb.h>
27 #include <linux/vmalloc.h>
28 #include <linux/mm.h>
29 #include <linux/kexec.h>
30 #include <linux/crash_dump.h>
31 #include <linux/hugetlb.h>
32 #include <linux/acpi_iort.h>
33 #include <linux/kmemleak.h>
34 
35 #include <asm/boot.h>
36 #include <asm/fixmap.h>
37 #include <asm/kasan.h>
38 #include <asm/kernel-pgtable.h>
39 #include <asm/kvm_host.h>
40 #include <asm/memory.h>
41 #include <asm/numa.h>
42 #include <asm/sections.h>
43 #include <asm/setup.h>
44 #include <linux/sizes.h>
45 #include <asm/tlb.h>
46 #include <asm/alternative.h>
47 #include <asm/xen/swiotlb-xen.h>
48 
49 /*
50  * We need to be able to catch inadvertent references to memstart_addr
51  * that occur (potentially in generic code) before arm64_memblock_init()
52  * executes, which assigns it its actual value. So use a default value
53  * that cannot be mistaken for a real physical address.
54  */
55 s64 memstart_addr __ro_after_init = -1;
56 EXPORT_SYMBOL(memstart_addr);
57 
58 /*
59  * If the corresponding config options are enabled, we create both ZONE_DMA
60  * and ZONE_DMA32. By default ZONE_DMA covers the 32-bit addressable memory
61  * unless restricted on specific platforms (e.g. 30-bit on Raspberry Pi 4).
62  * In such case, ZONE_DMA32 covers the rest of the 32-bit addressable memory,
63  * otherwise it is empty.
64  *
65  * Memory reservation for crash kernel either done early or deferred
66  * depending on DMA memory zones configs (ZONE_DMA) --
67  *
68  * In absence of ZONE_DMA configs arm64_dma_phys_limit initialized
69  * here instead of max_zone_phys().  This lets early reservation of
70  * crash kernel memory which has a dependency on arm64_dma_phys_limit.
71  * Reserving memory early for crash kernel allows linear creation of block
72  * mappings (greater than page-granularity) for all the memory bank rangs.
73  * In this scheme a comparatively quicker boot is observed.
74  *
75  * If ZONE_DMA configs are defined, crash kernel memory reservation
76  * is delayed until DMA zone memory range size initialization performed in
77  * zone_sizes_init().  The defer is necessary to steer clear of DMA zone
78  * memory range to avoid overlap allocation.  So crash kernel memory boundaries
79  * are not known when mapping all bank memory ranges, which otherwise means
80  * not possible to exclude crash kernel range from creating block mappings
81  * so page-granularity mappings are created for the entire memory range.
82  * Hence a slightly slower boot is observed.
83  *
84  * Note: Page-granularity mappings are necessary for crash kernel memory
85  * range for shrinking its size via /sys/kernel/kexec_crash_size interface.
86  */
87 #if IS_ENABLED(CONFIG_ZONE_DMA) || IS_ENABLED(CONFIG_ZONE_DMA32)
88 phys_addr_t __ro_after_init arm64_dma_phys_limit;
89 #else
90 phys_addr_t __ro_after_init arm64_dma_phys_limit = PHYS_MASK + 1;
91 #endif
92 
93 /* Current arm64 boot protocol requires 2MB alignment */
94 #define CRASH_ALIGN			SZ_2M
95 
96 #define CRASH_ADDR_LOW_MAX		arm64_dma_phys_limit
97 #define CRASH_ADDR_HIGH_MAX		(PHYS_MASK + 1)
98 
reserve_crashkernel_low(unsigned long long low_size)99 static int __init reserve_crashkernel_low(unsigned long long low_size)
100 {
101 	unsigned long long low_base;
102 
103 	low_base = memblock_phys_alloc_range(low_size, CRASH_ALIGN, 0, CRASH_ADDR_LOW_MAX);
104 	if (!low_base) {
105 		pr_err("cannot allocate crashkernel low memory (size:0x%llx).\n", low_size);
106 		return -ENOMEM;
107 	}
108 
109 	pr_info("crashkernel low memory reserved: 0x%08llx - 0x%08llx (%lld MB)\n",
110 		low_base, low_base + low_size, low_size >> 20);
111 
112 	crashk_low_res.start = low_base;
113 	crashk_low_res.end   = low_base + low_size - 1;
114 	insert_resource(&iomem_resource, &crashk_low_res);
115 
116 	return 0;
117 }
118 
119 /*
120  * reserve_crashkernel() - reserves memory for crash kernel
121  *
122  * This function reserves memory area given in "crashkernel=" kernel command
123  * line parameter. The memory reserved is used by dump capture kernel when
124  * primary kernel is crashing.
125  */
reserve_crashkernel(void)126 static void __init reserve_crashkernel(void)
127 {
128 	unsigned long long crash_base, crash_size;
129 	unsigned long long crash_low_size = 0;
130 	unsigned long long crash_max = CRASH_ADDR_LOW_MAX;
131 	char *cmdline = boot_command_line;
132 	int ret;
133 
134 	if (!IS_ENABLED(CONFIG_KEXEC_CORE))
135 		return;
136 
137 	/* crashkernel=X[@offset] */
138 	ret = parse_crashkernel(cmdline, memblock_phys_mem_size(),
139 				&crash_size, &crash_base);
140 	if (ret == -ENOENT) {
141 		ret = parse_crashkernel_high(cmdline, 0, &crash_size, &crash_base);
142 		if (ret || !crash_size)
143 			return;
144 
145 		/*
146 		 * crashkernel=Y,low can be specified or not, but invalid value
147 		 * is not allowed.
148 		 */
149 		ret = parse_crashkernel_low(cmdline, 0, &crash_low_size, &crash_base);
150 		if (ret && (ret != -ENOENT))
151 			return;
152 
153 		crash_max = CRASH_ADDR_HIGH_MAX;
154 	} else if (ret || !crash_size) {
155 		/* The specified value is invalid */
156 		return;
157 	}
158 
159 	crash_size = PAGE_ALIGN(crash_size);
160 
161 	/* User specifies base address explicitly. */
162 	if (crash_base)
163 		crash_max = crash_base + crash_size;
164 
165 	crash_base = memblock_phys_alloc_range(crash_size, CRASH_ALIGN,
166 					       crash_base, crash_max);
167 	if (!crash_base) {
168 		pr_warn("cannot allocate crashkernel (size:0x%llx)\n",
169 			crash_size);
170 		return;
171 	}
172 
173 	if ((crash_base >= CRASH_ADDR_LOW_MAX) &&
174 	     crash_low_size && reserve_crashkernel_low(crash_low_size)) {
175 		memblock_phys_free(crash_base, crash_size);
176 		return;
177 	}
178 
179 	pr_info("crashkernel reserved: 0x%016llx - 0x%016llx (%lld MB)\n",
180 		crash_base, crash_base + crash_size, crash_size >> 20);
181 
182 	/*
183 	 * The crashkernel memory will be removed from the kernel linear
184 	 * map. Inform kmemleak so that it won't try to access it.
185 	 */
186 	kmemleak_ignore_phys(crash_base);
187 	if (crashk_low_res.end)
188 		kmemleak_ignore_phys(crashk_low_res.start);
189 
190 	crashk_res.start = crash_base;
191 	crashk_res.end = crash_base + crash_size - 1;
192 	insert_resource(&iomem_resource, &crashk_res);
193 }
194 
195 /*
196  * Return the maximum physical address for a zone accessible by the given bits
197  * limit. If DRAM starts above 32-bit, expand the zone to the maximum
198  * available memory, otherwise cap it at 32-bit.
199  */
max_zone_phys(unsigned int zone_bits)200 static phys_addr_t __init max_zone_phys(unsigned int zone_bits)
201 {
202 	phys_addr_t zone_mask = DMA_BIT_MASK(zone_bits);
203 	phys_addr_t phys_start = memblock_start_of_DRAM();
204 
205 	if (phys_start > U32_MAX)
206 		zone_mask = PHYS_ADDR_MAX;
207 	else if (phys_start > zone_mask)
208 		zone_mask = U32_MAX;
209 
210 	return min(zone_mask, memblock_end_of_DRAM() - 1) + 1;
211 }
212 
zone_sizes_init(void)213 static void __init zone_sizes_init(void)
214 {
215 	unsigned long max_zone_pfns[MAX_NR_ZONES]  = {0};
216 	unsigned int __maybe_unused acpi_zone_dma_bits;
217 	unsigned int __maybe_unused dt_zone_dma_bits;
218 	phys_addr_t __maybe_unused dma32_phys_limit = max_zone_phys(32);
219 
220 #ifdef CONFIG_ZONE_DMA
221 	acpi_zone_dma_bits = fls64(acpi_iort_dma_get_max_cpu_address());
222 	dt_zone_dma_bits = fls64(of_dma_get_max_cpu_address(NULL));
223 	zone_dma_bits = min3(32U, dt_zone_dma_bits, acpi_zone_dma_bits);
224 	arm64_dma_phys_limit = max_zone_phys(zone_dma_bits);
225 	max_zone_pfns[ZONE_DMA] = PFN_DOWN(arm64_dma_phys_limit);
226 #endif
227 #ifdef CONFIG_ZONE_DMA32
228 	max_zone_pfns[ZONE_DMA32] = PFN_DOWN(dma32_phys_limit);
229 	if (!arm64_dma_phys_limit)
230 		arm64_dma_phys_limit = dma32_phys_limit;
231 #endif
232 	max_zone_pfns[ZONE_NORMAL] = max_pfn;
233 
234 	free_area_init(max_zone_pfns);
235 }
236 
pfn_is_map_memory(unsigned long pfn)237 int pfn_is_map_memory(unsigned long pfn)
238 {
239 	phys_addr_t addr = PFN_PHYS(pfn);
240 
241 	/* avoid false positives for bogus PFNs, see comment in pfn_valid() */
242 	if (PHYS_PFN(addr) != pfn)
243 		return 0;
244 
245 	return memblock_is_map_memory(addr);
246 }
247 EXPORT_SYMBOL(pfn_is_map_memory);
248 
249 static phys_addr_t memory_limit __ro_after_init = PHYS_ADDR_MAX;
250 
251 /*
252  * Limit the memory size that was specified via FDT.
253  */
early_mem(char * p)254 static int __init early_mem(char *p)
255 {
256 	if (!p)
257 		return 1;
258 
259 	memory_limit = memparse(p, &p) & PAGE_MASK;
260 	pr_notice("Memory limited to %lldMB\n", memory_limit >> 20);
261 
262 	return 0;
263 }
264 early_param("mem", early_mem);
265 
arm64_memblock_init(void)266 void __init arm64_memblock_init(void)
267 {
268 	s64 linear_region_size = PAGE_END - _PAGE_OFFSET(vabits_actual);
269 
270 	/*
271 	 * Corner case: 52-bit VA capable systems running KVM in nVHE mode may
272 	 * be limited in their ability to support a linear map that exceeds 51
273 	 * bits of VA space, depending on the placement of the ID map. Given
274 	 * that the placement of the ID map may be randomized, let's simply
275 	 * limit the kernel's linear map to 51 bits as well if we detect this
276 	 * configuration.
277 	 */
278 	if (IS_ENABLED(CONFIG_KVM) && vabits_actual == 52 &&
279 	    is_hyp_mode_available() && !is_kernel_in_hyp_mode()) {
280 		pr_info("Capping linear region to 51 bits for KVM in nVHE mode on LVA capable hardware.\n");
281 		linear_region_size = min_t(u64, linear_region_size, BIT(51));
282 	}
283 
284 	/* Remove memory above our supported physical address size */
285 	memblock_remove(1ULL << PHYS_MASK_SHIFT, ULLONG_MAX);
286 
287 	/*
288 	 * Select a suitable value for the base of physical memory.
289 	 */
290 	memstart_addr = round_down(memblock_start_of_DRAM(),
291 				   ARM64_MEMSTART_ALIGN);
292 
293 	if ((memblock_end_of_DRAM() - memstart_addr) > linear_region_size)
294 		pr_warn("Memory doesn't fit in the linear mapping, VA_BITS too small\n");
295 
296 	/*
297 	 * Remove the memory that we will not be able to cover with the
298 	 * linear mapping. Take care not to clip the kernel which may be
299 	 * high in memory.
300 	 */
301 	memblock_remove(max_t(u64, memstart_addr + linear_region_size,
302 			__pa_symbol(_end)), ULLONG_MAX);
303 	if (memstart_addr + linear_region_size < memblock_end_of_DRAM()) {
304 		/* ensure that memstart_addr remains sufficiently aligned */
305 		memstart_addr = round_up(memblock_end_of_DRAM() - linear_region_size,
306 					 ARM64_MEMSTART_ALIGN);
307 		memblock_remove(0, memstart_addr);
308 	}
309 
310 	/*
311 	 * If we are running with a 52-bit kernel VA config on a system that
312 	 * does not support it, we have to place the available physical
313 	 * memory in the 48-bit addressable part of the linear region, i.e.,
314 	 * we have to move it upward. Since memstart_addr represents the
315 	 * physical address of PAGE_OFFSET, we have to *subtract* from it.
316 	 */
317 	if (IS_ENABLED(CONFIG_ARM64_VA_BITS_52) && (vabits_actual != 52))
318 		memstart_addr -= _PAGE_OFFSET(48) - _PAGE_OFFSET(52);
319 
320 	/*
321 	 * Apply the memory limit if it was set. Since the kernel may be loaded
322 	 * high up in memory, add back the kernel region that must be accessible
323 	 * via the linear mapping.
324 	 */
325 	if (memory_limit != PHYS_ADDR_MAX) {
326 		memblock_mem_limit_remove_map(memory_limit);
327 		memblock_add(__pa_symbol(_text), (u64)(_end - _text));
328 	}
329 
330 	if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
331 		/*
332 		 * Add back the memory we just removed if it results in the
333 		 * initrd to become inaccessible via the linear mapping.
334 		 * Otherwise, this is a no-op
335 		 */
336 		u64 base = phys_initrd_start & PAGE_MASK;
337 		u64 size = PAGE_ALIGN(phys_initrd_start + phys_initrd_size) - base;
338 
339 		/*
340 		 * We can only add back the initrd memory if we don't end up
341 		 * with more memory than we can address via the linear mapping.
342 		 * It is up to the bootloader to position the kernel and the
343 		 * initrd reasonably close to each other (i.e., within 32 GB of
344 		 * each other) so that all granule/#levels combinations can
345 		 * always access both.
346 		 */
347 		if (WARN(base < memblock_start_of_DRAM() ||
348 			 base + size > memblock_start_of_DRAM() +
349 				       linear_region_size,
350 			"initrd not fully accessible via the linear mapping -- please check your bootloader ...\n")) {
351 			phys_initrd_size = 0;
352 		} else {
353 			memblock_add(base, size);
354 			memblock_clear_nomap(base, size);
355 			memblock_reserve(base, size);
356 		}
357 	}
358 
359 	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
360 		extern u16 memstart_offset_seed;
361 		u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
362 		int parange = cpuid_feature_extract_unsigned_field(
363 					mmfr0, ID_AA64MMFR0_EL1_PARANGE_SHIFT);
364 		s64 range = linear_region_size -
365 			    BIT(id_aa64mmfr0_parange_to_phys_shift(parange));
366 
367 		/*
368 		 * If the size of the linear region exceeds, by a sufficient
369 		 * margin, the size of the region that the physical memory can
370 		 * span, randomize the linear region as well.
371 		 */
372 		if (memstart_offset_seed > 0 && range >= (s64)ARM64_MEMSTART_ALIGN) {
373 			range /= ARM64_MEMSTART_ALIGN;
374 			memstart_addr -= ARM64_MEMSTART_ALIGN *
375 					 ((range * memstart_offset_seed) >> 16);
376 		}
377 	}
378 
379 	/*
380 	 * Register the kernel text, kernel data, initrd, and initial
381 	 * pagetables with memblock.
382 	 */
383 	memblock_reserve(__pa_symbol(_stext), _end - _stext);
384 	if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {
385 		/* the generic initrd code expects virtual addresses */
386 		initrd_start = __phys_to_virt(phys_initrd_start);
387 		initrd_end = initrd_start + phys_initrd_size;
388 	}
389 
390 	early_init_fdt_scan_reserved_mem();
391 
392 	if (!defer_reserve_crashkernel())
393 		reserve_crashkernel();
394 
395 	high_memory = __va(memblock_end_of_DRAM() - 1) + 1;
396 }
397 
bootmem_init(void)398 void __init bootmem_init(void)
399 {
400 	unsigned long min, max;
401 
402 	min = PFN_UP(memblock_start_of_DRAM());
403 	max = PFN_DOWN(memblock_end_of_DRAM());
404 
405 	early_memtest(min << PAGE_SHIFT, max << PAGE_SHIFT);
406 
407 	max_pfn = max_low_pfn = max;
408 	min_low_pfn = min;
409 
410 	arch_numa_init();
411 
412 	/*
413 	 * must be done after arch_numa_init() which calls numa_init() to
414 	 * initialize node_online_map that gets used in hugetlb_cma_reserve()
415 	 * while allocating required CMA size across online nodes.
416 	 */
417 #if defined(CONFIG_HUGETLB_PAGE) && defined(CONFIG_CMA)
418 	arm64_hugetlb_cma_reserve();
419 #endif
420 
421 	dma_pernuma_cma_reserve();
422 
423 	kvm_hyp_reserve();
424 
425 	/*
426 	 * sparse_init() tries to allocate memory from memblock, so must be
427 	 * done after the fixed reservations
428 	 */
429 	sparse_init();
430 	zone_sizes_init();
431 
432 	/*
433 	 * Reserve the CMA area after arm64_dma_phys_limit was initialised.
434 	 */
435 	dma_contiguous_reserve(arm64_dma_phys_limit);
436 
437 	/*
438 	 * request_standard_resources() depends on crashkernel's memory being
439 	 * reserved, so do it here.
440 	 */
441 	if (defer_reserve_crashkernel())
442 		reserve_crashkernel();
443 
444 	memblock_dump_all();
445 }
446 
447 /*
448  * mem_init() marks the free areas in the mem_map and tells us how much memory
449  * is free.  This is done after various parts of the system have claimed their
450  * memory after the kernel image.
451  */
mem_init(void)452 void __init mem_init(void)
453 {
454 	swiotlb_init(max_pfn > PFN_DOWN(arm64_dma_phys_limit), SWIOTLB_VERBOSE);
455 
456 	/* this will put all unused low memory onto the freelists */
457 	memblock_free_all();
458 
459 	/*
460 	 * Check boundaries twice: Some fundamental inconsistencies can be
461 	 * detected at build time already.
462 	 */
463 #ifdef CONFIG_COMPAT
464 	BUILD_BUG_ON(TASK_SIZE_32 > DEFAULT_MAP_WINDOW_64);
465 #endif
466 
467 	/*
468 	 * Selected page table levels should match when derived from
469 	 * scratch using the virtual address range and page size.
470 	 */
471 	BUILD_BUG_ON(ARM64_HW_PGTABLE_LEVELS(CONFIG_ARM64_VA_BITS) !=
472 		     CONFIG_PGTABLE_LEVELS);
473 
474 	if (PAGE_SIZE >= 16384 && get_num_physpages() <= 128) {
475 		extern int sysctl_overcommit_memory;
476 		/*
477 		 * On a machine this small we won't get anywhere without
478 		 * overcommit, so turn it on by default.
479 		 */
480 		sysctl_overcommit_memory = OVERCOMMIT_ALWAYS;
481 	}
482 }
483 
free_initmem(void)484 void free_initmem(void)
485 {
486 	free_reserved_area(lm_alias(__init_begin),
487 			   lm_alias(__init_end),
488 			   POISON_FREE_INITMEM, "unused kernel");
489 	/*
490 	 * Unmap the __init region but leave the VM area in place. This
491 	 * prevents the region from being reused for kernel modules, which
492 	 * is not supported by kallsyms.
493 	 */
494 	vunmap_range((u64)__init_begin, (u64)__init_end);
495 }
496 
dump_mem_limit(void)497 void dump_mem_limit(void)
498 {
499 	if (memory_limit != PHYS_ADDR_MAX) {
500 		pr_emerg("Memory Limit: %llu MB\n", memory_limit >> 20);
501 	} else {
502 		pr_emerg("Memory Limit: none\n");
503 	}
504 }
505