2012-03-05 18:49:27 +07:00
|
|
|
/*
|
|
|
|
* Based on arch/arm/include/asm/memory.h
|
|
|
|
*
|
|
|
|
* Copyright (C) 2000-2002 Russell King
|
|
|
|
* Copyright (C) 2012 ARM Ltd.
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
* Note: this file should not be included by non-asm/.h files
|
|
|
|
*/
|
|
|
|
#ifndef __ASM_MEMORY_H
|
|
|
|
#define __ASM_MEMORY_H
|
|
|
|
|
|
|
|
#include <linux/compiler.h>
|
|
|
|
#include <linux/const.h>
|
|
|
|
#include <linux/types.h>
|
2016-02-16 19:52:42 +07:00
|
|
|
#include <asm/bug.h>
|
2012-03-05 18:49:27 +07:00
|
|
|
#include <asm/sizes.h>
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allow for constants defined here to be used from assembly code
|
|
|
|
* by prepending the UL suffix only with actual C code compilation.
|
|
|
|
*/
|
|
|
|
#define UL(x) _AC(x, UL)
|
|
|
|
|
arm64: Fix overlapping VA allocations
PCI IO space was intended to be 16MiB, at 32MiB below MODULES_VADDR, but
commit d1e6dc91b532d3d3 ("arm64: Add architectural support for PCI")
extended this to cover the full 32MiB. The final 8KiB of this 32MiB is
also allocated for the fixmap, allowing for potential clashes between
the two.
This change was masked by assumptions in mem_init and the page table
dumping code, which assumed the I/O space to be 16MiB long through
seaparte hard-coded definitions.
This patch changes the definition of the PCI I/O space allocation to
live in asm/memory.h, along with the other VA space allocations. As the
fixmap allocation depends on the number of fixmap entries, this is moved
below the PCI I/O space allocation. Both the fixmap and PCI I/O space
are guarded with 2MB of padding. Sites assuming the I/O space was 16MiB
are moved over use new PCI_IO_{START,END} definitions, which will keep
in sync with the size of the IO space (now restored to 16MiB).
As a useful side effect, the use of the new PCI_IO_{START,END}
definitions prevents a build issue in the dumping code due to a (now
redundant) missing include of io.h for PCI_IOBASE.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Laura Abbott <lauraa@codeaurora.org>
Cc: Liviu Dudau <liviu.dudau@arm.com>
Cc: Steve Capper <steve.capper@linaro.org>
Cc: Will Deacon <will.deacon@arm.com>
[catalin.marinas@arm.com: reorder FIXADDR and PCI_IO address_markers_idx enum]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2015-01-23 01:20:35 +07:00
|
|
|
/*
|
|
|
|
* Size of the PCI I/O space. This must remain a power of two so that
|
|
|
|
* IO_SPACE_LIMIT acts as a mask for the low bits of I/O addresses.
|
|
|
|
*/
|
|
|
|
#define PCI_IO_SIZE SZ_16M
|
|
|
|
|
2012-03-05 18:49:27 +07:00
|
|
|
/*
|
2013-10-23 22:50:07 +07:00
|
|
|
* PAGE_OFFSET - the virtual address of the start of the kernel image (top
|
|
|
|
* (VA_BITS - 1))
|
2012-03-05 18:49:27 +07:00
|
|
|
* VA_BITS - the maximum number of bits for virtual addresses.
|
2015-09-17 16:38:07 +07:00
|
|
|
* VA_START - the first kernel virtual address.
|
2012-03-05 18:49:27 +07:00
|
|
|
* TASK_SIZE - the maximum size of a user space task.
|
|
|
|
* TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area.
|
|
|
|
*/
|
2014-05-12 16:40:38 +07:00
|
|
|
#define VA_BITS (CONFIG_ARM64_VA_BITS)
|
2015-09-17 16:38:07 +07:00
|
|
|
#define VA_START (UL(0xffffffffffffffff) << VA_BITS)
|
2013-10-23 22:50:07 +07:00
|
|
|
#define PAGE_OFFSET (UL(0xffffffffffffffff) << (VA_BITS - 1))
|
2016-02-16 19:52:40 +07:00
|
|
|
#define KIMAGE_VADDR (MODULES_END)
|
|
|
|
#define MODULES_END (MODULES_VADDR + MODULES_VSIZE)
|
|
|
|
#define MODULES_VADDR (VA_START + KASAN_SHADOW_SIZE)
|
arm64: add support for kernel ASLR
This adds support for KASLR is implemented, based on entropy provided by
the bootloader in the /chosen/kaslr-seed DT property. Depending on the size
of the address space (VA_BITS) and the page size, the entropy in the
virtual displacement is up to 13 bits (16k/2 levels) and up to 25 bits (all
4 levels), with the sidenote that displacements that result in the kernel
image straddling a 1GB/32MB/512MB alignment boundary (for 4KB/16KB/64KB
granule kernels, respectively) are not allowed, and will be rounded up to
an acceptable value.
If CONFIG_RANDOMIZE_MODULE_REGION_FULL is enabled, the module region is
randomized independently from the core kernel. This makes it less likely
that the location of core kernel data structures can be determined by an
adversary, but causes all function calls from modules into the core kernel
to be resolved via entries in the module PLTs.
If CONFIG_RANDOMIZE_MODULE_REGION_FULL is not enabled, the module region is
randomized by choosing a page aligned 128 MB region inside the interval
[_etext - 128 MB, _stext + 128 MB). This gives between 10 and 14 bits of
entropy (depending on page size), independently of the kernel randomization,
but still guarantees that modules are within the range of relative branch
and jump instructions (with the caveat that, since the module region is
shared with other uses of the vmalloc area, modules may need to be loaded
further away if the module region is exhausted)
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2016-01-26 20:12:01 +07:00
|
|
|
#define MODULES_VSIZE (SZ_128M)
|
2016-02-16 19:52:40 +07:00
|
|
|
#define PCI_IO_END (PAGE_OFFSET - SZ_2M)
|
arm64: Fix overlapping VA allocations
PCI IO space was intended to be 16MiB, at 32MiB below MODULES_VADDR, but
commit d1e6dc91b532d3d3 ("arm64: Add architectural support for PCI")
extended this to cover the full 32MiB. The final 8KiB of this 32MiB is
also allocated for the fixmap, allowing for potential clashes between
the two.
This change was masked by assumptions in mem_init and the page table
dumping code, which assumed the I/O space to be 16MiB long through
seaparte hard-coded definitions.
This patch changes the definition of the PCI I/O space allocation to
live in asm/memory.h, along with the other VA space allocations. As the
fixmap allocation depends on the number of fixmap entries, this is moved
below the PCI I/O space allocation. Both the fixmap and PCI I/O space
are guarded with 2MB of padding. Sites assuming the I/O space was 16MiB
are moved over use new PCI_IO_{START,END} definitions, which will keep
in sync with the size of the IO space (now restored to 16MiB).
As a useful side effect, the use of the new PCI_IO_{START,END}
definitions prevents a build issue in the dumping code due to a (now
redundant) missing include of io.h for PCI_IOBASE.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Laura Abbott <lauraa@codeaurora.org>
Cc: Liviu Dudau <liviu.dudau@arm.com>
Cc: Steve Capper <steve.capper@linaro.org>
Cc: Will Deacon <will.deacon@arm.com>
[catalin.marinas@arm.com: reorder FIXADDR and PCI_IO address_markers_idx enum]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2015-01-23 01:20:35 +07:00
|
|
|
#define PCI_IO_START (PCI_IO_END - PCI_IO_SIZE)
|
|
|
|
#define FIXADDR_TOP (PCI_IO_START - SZ_2M)
|
2012-03-05 18:49:27 +07:00
|
|
|
#define TASK_SIZE_64 (UL(1) << VA_BITS)
|
|
|
|
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
|
#define TASK_SIZE_32 UL(0x100000000)
|
|
|
|
#define TASK_SIZE (test_thread_flag(TIF_32BIT) ? \
|
|
|
|
TASK_SIZE_32 : TASK_SIZE_64)
|
2014-06-19 03:10:09 +07:00
|
|
|
#define TASK_SIZE_OF(tsk) (test_tsk_thread_flag(tsk, TIF_32BIT) ? \
|
|
|
|
TASK_SIZE_32 : TASK_SIZE_64)
|
2012-03-05 18:49:27 +07:00
|
|
|
#else
|
|
|
|
#define TASK_SIZE TASK_SIZE_64
|
|
|
|
#endif /* CONFIG_COMPAT */
|
|
|
|
|
|
|
|
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 4))
|
|
|
|
|
2016-02-16 19:52:40 +07:00
|
|
|
/*
|
|
|
|
* The size of the KASAN shadow region. This should be 1/8th of the
|
|
|
|
* size of the entire kernel virtual address space.
|
|
|
|
*/
|
|
|
|
#ifdef CONFIG_KASAN
|
|
|
|
#define KASAN_SHADOW_SIZE (UL(1) << (VA_BITS - 3))
|
|
|
|
#else
|
|
|
|
#define KASAN_SHADOW_SIZE (0)
|
|
|
|
#endif
|
|
|
|
|
2012-03-05 18:49:27 +07:00
|
|
|
/*
|
|
|
|
* Physical vs virtual RAM address space conversion. These are
|
|
|
|
* private definitions which should NOT be used outside memory.h
|
|
|
|
* files. Use virt_to_phys/phys_to_virt/__pa/__va instead.
|
|
|
|
*/
|
2016-02-16 19:52:36 +07:00
|
|
|
#define __virt_to_phys(x) ({ \
|
|
|
|
phys_addr_t __x = (phys_addr_t)(x); \
|
2016-02-23 00:46:04 +07:00
|
|
|
__x & BIT(VA_BITS - 1) ? (__x & ~PAGE_OFFSET) + PHYS_OFFSET : \
|
|
|
|
(__x - kimage_voffset); })
|
2016-02-16 19:52:36 +07:00
|
|
|
|
2016-02-23 00:46:04 +07:00
|
|
|
#define __phys_to_virt(x) ((unsigned long)((x) - PHYS_OFFSET) | PAGE_OFFSET)
|
2016-02-16 19:52:42 +07:00
|
|
|
#define __phys_to_kimg(x) ((unsigned long)((x) + kimage_voffset))
|
2012-03-05 18:49:27 +07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Convert a page to/from a physical address
|
|
|
|
*/
|
|
|
|
#define page_to_phys(page) (__pfn_to_phys(page_to_pfn(page)))
|
|
|
|
#define phys_to_page(phys) (pfn_to_page(__phys_to_pfn(phys)))
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Memory types available.
|
|
|
|
*/
|
|
|
|
#define MT_DEVICE_nGnRnE 0
|
|
|
|
#define MT_DEVICE_nGnRE 1
|
|
|
|
#define MT_DEVICE_GRE 2
|
|
|
|
#define MT_NORMAL_NC 3
|
|
|
|
#define MT_NORMAL 4
|
2015-08-07 15:36:59 +07:00
|
|
|
#define MT_NORMAL_WT 5
|
2012-03-05 18:49:27 +07:00
|
|
|
|
2012-12-08 01:35:41 +07:00
|
|
|
/*
|
|
|
|
* Memory types for Stage-2 translation
|
|
|
|
*/
|
|
|
|
#define MT_S2_NORMAL 0xf
|
|
|
|
#define MT_S2_DEVICE_nGnRE 0x1
|
|
|
|
|
2016-02-16 19:52:35 +07:00
|
|
|
#ifdef CONFIG_ARM64_4K_PAGES
|
|
|
|
#define IOREMAP_MAX_ORDER (PUD_SHIFT)
|
|
|
|
#else
|
|
|
|
#define IOREMAP_MAX_ORDER (PMD_SHIFT)
|
|
|
|
#endif
|
|
|
|
|
2016-02-16 19:52:41 +07:00
|
|
|
#ifdef CONFIG_BLK_DEV_INITRD
|
|
|
|
#define __early_init_dt_declare_initrd(__start, __end) \
|
|
|
|
do { \
|
|
|
|
initrd_start = (__start); \
|
|
|
|
initrd_end = (__end); \
|
|
|
|
} while (0)
|
|
|
|
#endif
|
|
|
|
|
2012-03-05 18:49:27 +07:00
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
|
2016-02-23 00:46:04 +07:00
|
|
|
#include <linux/bitops.h>
|
2016-02-23 00:46:03 +07:00
|
|
|
#include <linux/mmdebug.h>
|
|
|
|
|
2016-02-26 23:57:14 +07:00
|
|
|
extern s64 memstart_addr;
|
2012-03-05 18:49:27 +07:00
|
|
|
/* PHYS_OFFSET - the physical address of the start of memory. */
|
2016-02-23 00:46:03 +07:00
|
|
|
#define PHYS_OFFSET ({ VM_BUG_ON(memstart_addr & 1); memstart_addr; })
|
2016-02-16 19:52:42 +07:00
|
|
|
|
arm64: add support for kernel ASLR
This adds support for KASLR is implemented, based on entropy provided by
the bootloader in the /chosen/kaslr-seed DT property. Depending on the size
of the address space (VA_BITS) and the page size, the entropy in the
virtual displacement is up to 13 bits (16k/2 levels) and up to 25 bits (all
4 levels), with the sidenote that displacements that result in the kernel
image straddling a 1GB/32MB/512MB alignment boundary (for 4KB/16KB/64KB
granule kernels, respectively) are not allowed, and will be rounded up to
an acceptable value.
If CONFIG_RANDOMIZE_MODULE_REGION_FULL is enabled, the module region is
randomized independently from the core kernel. This makes it less likely
that the location of core kernel data structures can be determined by an
adversary, but causes all function calls from modules into the core kernel
to be resolved via entries in the module PLTs.
If CONFIG_RANDOMIZE_MODULE_REGION_FULL is not enabled, the module region is
randomized by choosing a page aligned 128 MB region inside the interval
[_etext - 128 MB, _stext + 128 MB). This gives between 10 and 14 bits of
entropy (depending on page size), independently of the kernel randomization,
but still guarantees that modules are within the range of relative branch
and jump instructions (with the caveat that, since the module region is
shared with other uses of the vmalloc area, modules may need to be loaded
further away if the module region is exhausted)
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2016-01-26 20:12:01 +07:00
|
|
|
/* the virtual base of the kernel image (minus TEXT_OFFSET) */
|
|
|
|
extern u64 kimage_vaddr;
|
|
|
|
|
2016-02-16 19:52:42 +07:00
|
|
|
/* the offset between the kernel virtual and physical mappings */
|
|
|
|
extern u64 kimage_voffset;
|
2012-03-05 18:49:27 +07:00
|
|
|
|
2015-08-18 16:34:42 +07:00
|
|
|
/*
|
2016-02-16 19:52:42 +07:00
|
|
|
* Allow all memory at the discovery stage. We will clip it later.
|
2015-08-18 16:34:42 +07:00
|
|
|
*/
|
2016-02-16 19:52:42 +07:00
|
|
|
#define MIN_MEMBLOCK_ADDR 0
|
|
|
|
#define MAX_MEMBLOCK_ADDR U64_MAX
|
2015-08-18 16:34:42 +07:00
|
|
|
|
2012-03-05 18:49:27 +07:00
|
|
|
/*
|
|
|
|
* PFNs are used to describe any physical page; this means
|
|
|
|
* PFN 0 == physical address 0.
|
|
|
|
*
|
|
|
|
* This is the PFN of the first RAM page in the kernel
|
|
|
|
* direct-mapped view. We assume this is the first page
|
|
|
|
* of RAM in the mem_map as well.
|
|
|
|
*/
|
|
|
|
#define PHYS_PFN_OFFSET (PHYS_OFFSET >> PAGE_SHIFT)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Note: Drivers should NOT use these. They are the wrong
|
|
|
|
* translation for translating DMA addresses. Use the driver
|
|
|
|
* DMA support - see dma-mapping.h.
|
|
|
|
*/
|
2014-07-28 22:25:48 +07:00
|
|
|
#define virt_to_phys virt_to_phys
|
2012-03-05 18:49:27 +07:00
|
|
|
static inline phys_addr_t virt_to_phys(const volatile void *x)
|
|
|
|
{
|
|
|
|
return __virt_to_phys((unsigned long)(x));
|
|
|
|
}
|
|
|
|
|
2014-07-28 22:25:48 +07:00
|
|
|
#define phys_to_virt phys_to_virt
|
2012-03-05 18:49:27 +07:00
|
|
|
static inline void *phys_to_virt(phys_addr_t x)
|
|
|
|
{
|
|
|
|
return (void *)(__phys_to_virt(x));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Drivers should NOT use these either.
|
|
|
|
*/
|
|
|
|
#define __pa(x) __virt_to_phys((unsigned long)(x))
|
|
|
|
#define __va(x) ((void *)__phys_to_virt((phys_addr_t)(x)))
|
|
|
|
#define pfn_to_kaddr(pfn) __va((pfn) << PAGE_SHIFT)
|
2014-05-08 22:48:13 +07:00
|
|
|
#define virt_to_pfn(x) __phys_to_pfn(__virt_to_phys(x))
|
2012-03-05 18:49:27 +07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* virt_to_page(k) convert a _valid_ virtual address to struct page *
|
|
|
|
* virt_addr_valid(k) indicates whether a virtual address is valid
|
|
|
|
*/
|
2014-10-28 12:44:01 +07:00
|
|
|
#define ARCH_PFN_OFFSET ((unsigned long)PHYS_PFN_OFFSET)
|
2012-03-05 18:49:27 +07:00
|
|
|
|
|
|
|
#define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT)
|
2013-12-11 08:23:02 +07:00
|
|
|
#define virt_addr_valid(kaddr) pfn_valid(__pa(kaddr) >> PAGE_SHIFT)
|
2012-03-05 18:49:27 +07:00
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <asm-generic/memory_model.h>
|
|
|
|
|
|
|
|
#endif
|