Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

+6

Documentation/admin-guide/kdump/vmcoreinfo.rst

··· 393 393 The kernel randomization offset. Used to compute the page offset. If 394 394 KASLR is disabled, this value is zero. 395 395 396 + KERNELPACMASK 397 + ------------- 398 + 399 + The mask to extract the Pointer Authentication Code from a kernel virtual 400 + address. 401 + 396 402 arm 397 403 === 398 404

+2 -1

Documentation/arm64/booting.rst

··· 173 173 - Caches, MMUs 174 174 175 175 The MMU must be off. 176 - Instruction cache may be on or off. 176 + The instruction cache may be on or off, and must not hold any stale 177 + entries corresponding to the loaded kernel image. 177 178 The address range corresponding to the loaded kernel image must be 178 179 cleaned to the PoC. In the presence of a system cache or other 179 180 coherent masters with caches enabled, this will typically require

+2

Documentation/arm64/cpu-feature-registers.rst

··· 176 176 +------------------------------+---------+---------+ 177 177 | SSBS | [7-4] | y | 178 178 +------------------------------+---------+---------+ 179 + | BT | [3-0] | y | 180 + +------------------------------+---------+---------+ 179 181 180 182 181 183 4) MIDR_EL1 - Main ID Register

+5

Documentation/arm64/elf_hwcaps.rst

··· 236 236 237 237 Functionality implied by ID_AA64ISAR0_EL1.RNDR == 0b0001. 238 238 239 + HWCAP2_BTI 240 + 241 + Functionality implied by ID_AA64PFR0_EL1.BT == 0b0001. 242 + 243 + 239 244 4. Unused AT_HWCAP bits 240 245 ----------------------- 241 246

+4 -4

Documentation/arm64/silicon-errata.rst

··· 64 64 +----------------+-----------------+-----------------+-----------------------------+ 65 65 | ARM | Cortex-A53 | #843419 | ARM64_ERRATUM_843419 | 66 66 +----------------+-----------------+-----------------+-----------------------------+ 67 + | ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 | 68 + +----------------+-----------------+-----------------+-----------------------------+ 69 + | ARM | Cortex-A55 | #1530923 | ARM64_ERRATUM_1530923 | 70 + +----------------+-----------------+-----------------+-----------------------------+ 67 71 | ARM | Cortex-A57 | #832075 | ARM64_ERRATUM_832075 | 68 72 +----------------+-----------------+-----------------+-----------------------------+ 69 73 | ARM | Cortex-A57 | #852523 | N/A | ··· 82 78 +----------------+-----------------+-----------------+-----------------------------+ 83 79 | ARM | Cortex-A73 | #858921 | ARM64_ERRATUM_858921 | 84 80 +----------------+-----------------+-----------------+-----------------------------+ 85 - | ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 | 86 - +----------------+-----------------+-----------------+-----------------------------+ 87 81 | ARM | Cortex-A76 | #1188873,1418040| ARM64_ERRATUM_1418040 | 88 82 +----------------+-----------------+-----------------+-----------------------------+ 89 83 | ARM | Cortex-A76 | #1165522 | ARM64_ERRATUM_1165522 | ··· 89 87 | ARM | Cortex-A76 | #1286807 | ARM64_ERRATUM_1286807 | 90 88 +----------------+-----------------+-----------------+-----------------------------+ 91 89 | ARM | Cortex-A76 | #1463225 | ARM64_ERRATUM_1463225 | 92 - +----------------+-----------------+-----------------+-----------------------------+ 93 - | ARM | Cortex-A55 | #1530923 | ARM64_ERRATUM_1530923 | 94 90 +----------------+-----------------+-----------------+-----------------------------+ 95 91 | ARM | Neoverse-N1 | #1188873,1418040| ARM64_ERRATUM_1418040 | 96 92 +----------------+-----------------+-----------------+-----------------------------+

+1

Documentation/filesystems/proc.rst

··· 543 543 hg huge page advise flag 544 544 nh no huge page advise flag 545 545 mg mergable advise flag 546 + bt - arm64 BTI guarded page 546 547 == ======================================= 547 548 548 549 Note that there is no guarantee that every flag and associated mnemonic will

+9

MAINTAINERS

··· 15518 15518 S: Odd Fixes 15519 15519 F: drivers/net/ethernet/smsc/smc91x.* 15520 15520 15521 + SECURE MONITOR CALL(SMC) CALLING CONVENTION (SMCCC) 15522 + M: Mark Rutland <mark.rutland@arm.com> 15523 + M: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> 15524 + M: Sudeep Holla <sudeep.holla@arm.com> 15525 + L: linux-arm-kernel@lists.infradead.org 15526 + S: Maintained 15527 + F: drivers/firmware/smccc/ 15528 + F: include/linux/arm-smccc.h 15529 + 15521 15530 SMIA AND SMIA++ IMAGE SENSOR DRIVER 15522 15531 M: Sakari Ailus <sakari.ailus@linux.intel.com> 15523 15532 L: linux-media@vger.kernel.org

+6

Makefile

··· 862 862 KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone) 863 863 endif 864 864 865 + ifdef CONFIG_SHADOW_CALL_STACK 866 + CC_FLAGS_SCS := -fsanitize=shadow-call-stack 867 + KBUILD_CFLAGS += $(CC_FLAGS_SCS) 868 + export CC_FLAGS_SCS 869 + endif 870 + 865 871 # arch Makefile may override CC so keep this after arch Makefile is included 866 872 NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include) 867 873

+25

arch/Kconfig

··· 533 533 about 20% of all kernel functions, which increases the kernel code 534 534 size by about 2%. 535 535 536 + config ARCH_SUPPORTS_SHADOW_CALL_STACK 537 + bool 538 + help 539 + An architecture should select this if it supports Clang's Shadow 540 + Call Stack and implements runtime support for shadow stack 541 + switching. 542 + 543 + config SHADOW_CALL_STACK 544 + bool "Clang Shadow Call Stack" 545 + depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK 546 + depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER 547 + help 548 + This option enables Clang's Shadow Call Stack, which uses a 549 + shadow stack to protect function return addresses from being 550 + overwritten by an attacker. More information can be found in 551 + Clang's documentation: 552 + 553 + https://clang.llvm.org/docs/ShadowCallStack.html 554 + 555 + Note that security guarantees in the kernel differ from the 556 + ones documented for user space. The kernel must store addresses 557 + of shadow stacks in memory, which means an attacker capable of 558 + reading and writing arbitrary memory may be able to locate them 559 + and hijack control flow by modifying the stacks. 560 + 536 561 config HAVE_ARCH_WITHIN_STACK_FRAMES 537 562 bool 538 563 help

+106 -58

arch/arm64/Kconfig

··· 9 9 select ACPI_MCFG if (ACPI && PCI) 10 10 select ACPI_SPCR_TABLE if ACPI 11 11 select ACPI_PPTT if ACPI 12 + select ARCH_BINFMT_ELF_STATE 12 13 select ARCH_HAS_DEBUG_VIRTUAL 13 14 select ARCH_HAS_DEVMEM_IS_ALLOWED 14 15 select ARCH_HAS_DMA_PREP_COHERENT ··· 34 33 select ARCH_HAS_SYSCALL_WRAPPER 35 34 select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT 36 35 select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST 36 + select ARCH_HAVE_ELF_PROT 37 37 select ARCH_HAVE_NMI_SAFE_CMPXCHG 38 38 select ARCH_INLINE_READ_LOCK if !PREEMPTION 39 39 select ARCH_INLINE_READ_LOCK_BH if !PREEMPTION ··· 64 62 select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPTION 65 63 select ARCH_KEEP_MEMBLOCK 66 64 select ARCH_USE_CMPXCHG_LOCKREF 65 + select ARCH_USE_GNU_PROPERTY 67 66 select ARCH_USE_QUEUED_RWLOCKS 68 67 select ARCH_USE_QUEUED_SPINLOCKS 68 + select ARCH_USE_SYM_ANNOTATIONS 69 69 select ARCH_SUPPORTS_MEMORY_FAILURE 70 + select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK 70 71 select ARCH_SUPPORTS_ATOMIC_RMW 71 72 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 && (GCC_VERSION >= 50000 || CC_IS_CLANG) 72 73 select ARCH_SUPPORTS_NUMA_BALANCING ··· 530 525 531 526 If unsure, say Y. 532 527 533 - config ARM64_WORKAROUND_SPECULATIVE_AT_VHE 528 + config ARM64_WORKAROUND_SPECULATIVE_AT 534 529 bool 535 530 536 531 config ARM64_ERRATUM_1165522 537 - bool "Cortex-A76: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 532 + bool "Cortex-A76: 1165522: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 538 533 default y 539 - select ARM64_WORKAROUND_SPECULATIVE_AT_VHE 534 + select ARM64_WORKAROUND_SPECULATIVE_AT 540 535 help 541 536 This option adds a workaround for ARM Cortex-A76 erratum 1165522. 542 537 ··· 546 541 547 542 If unsure, say Y. 548 543 549 - config ARM64_ERRATUM_1530923 550 - bool "Cortex-A55: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 544 + config ARM64_ERRATUM_1319367 545 + bool "Cortex-A57/A72: 1319537: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 551 546 default y 552 - select ARM64_WORKAROUND_SPECULATIVE_AT_VHE 547 + select ARM64_WORKAROUND_SPECULATIVE_AT 548 + help 549 + This option adds work arounds for ARM Cortex-A57 erratum 1319537 550 + and A72 erratum 1319367 551 + 552 + Cortex-A57 and A72 cores could end-up with corrupted TLBs by 553 + speculating an AT instruction during a guest context switch. 554 + 555 + If unsure, say Y. 556 + 557 + config ARM64_ERRATUM_1530923 558 + bool "Cortex-A55: 1530923: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 559 + default y 560 + select ARM64_WORKAROUND_SPECULATIVE_AT 553 561 help 554 562 This option adds a workaround for ARM Cortex-A55 erratum 1530923. 555 563 ··· 571 553 context switch. 572 554 573 555 If unsure, say Y. 556 + 557 + config ARM64_WORKAROUND_REPEAT_TLBI 558 + bool 574 559 575 560 config ARM64_ERRATUM_1286807 576 561 bool "Cortex-A76: Modification of the translation table for a virtual address might lead to read-after-read ordering violation" ··· 590 569 TLBI+DSB completes before a read using the translation being 591 570 invalidated has been observed by other observers. The 592 571 workaround repeats the TLBI+DSB operation. 593 - 594 - config ARM64_WORKAROUND_SPECULATIVE_AT_NVHE 595 - bool 596 - 597 - config ARM64_ERRATUM_1319367 598 - bool "Cortex-A57/A72: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 599 - default y 600 - select ARM64_WORKAROUND_SPECULATIVE_AT_NVHE 601 - help 602 - This option adds work arounds for ARM Cortex-A57 erratum 1319537 603 - and A72 erratum 1319367 604 - 605 - Cortex-A57 and A72 cores could end-up with corrupted TLBs by 606 - speculating an AT instruction during a guest context switch. 607 - 608 - If unsure, say Y. 609 572 610 573 config ARM64_ERRATUM_1463225 611 574 bool "Cortex-A76: Software Step might prevent interrupt recognition" ··· 700 695 701 696 If unsure, say Y. 702 697 698 + config FUJITSU_ERRATUM_010001 699 + bool "Fujitsu-A64FX erratum E#010001: Undefined fault may occur wrongly" 700 + default y 701 + help 702 + This option adds a workaround for Fujitsu-A64FX erratum E#010001. 703 + On some variants of the Fujitsu-A64FX cores ver(1.0, 1.1), memory 704 + accesses may cause undefined fault (Data abort, DFSC=0b111111). 705 + This fault occurs under a specific hardware condition when a 706 + load/store instruction performs an address translation using: 707 + case-1 TTBR0_EL1 with TCR_EL1.NFD0 == 1. 708 + case-2 TTBR0_EL2 with TCR_EL2.NFD0 == 1. 709 + case-3 TTBR1_EL1 with TCR_EL1.NFD1 == 1. 710 + case-4 TTBR1_EL2 with TCR_EL2.NFD1 == 1. 711 + 712 + The workaround is to ensure these bits are clear in TCR_ELx. 713 + The workaround only affects the Fujitsu-A64FX. 714 + 715 + If unsure, say Y. 716 + 717 + config HISILICON_ERRATUM_161600802 718 + bool "Hip07 161600802: Erroneous redistributor VLPI base" 719 + default y 720 + help 721 + The HiSilicon Hip07 SoC uses the wrong redistributor base 722 + when issued ITS commands such as VMOVP and VMAPP, and requires 723 + a 128kB offset to be applied to the target address in this commands. 724 + 725 + If unsure, say Y. 726 + 703 727 config QCOM_FALKOR_ERRATUM_1003 704 728 bool "Falkor E1003: Incorrect translation due to ASID change" 705 729 default y ··· 739 705 then only for entries in the walk cache, since the leaf translation 740 706 is unchanged. Work around the erratum by invalidating the walk cache 741 707 entries for the trampoline before entering the kernel proper. 742 - 743 - config ARM64_WORKAROUND_REPEAT_TLBI 744 - bool 745 708 746 709 config QCOM_FALKOR_ERRATUM_1009 747 710 bool "Falkor E1009: Prematurely complete a DSB after a TLBI" ··· 761 730 762 731 If unsure, say Y. 763 732 764 - config SOCIONEXT_SYNQUACER_PREITS 765 - bool "Socionext Synquacer: Workaround for GICv3 pre-ITS" 766 - default y 767 - help 768 - Socionext Synquacer SoCs implement a separate h/w block to generate 769 - MSI doorbell writes with non-zero values for the device ID. 770 - 771 - If unsure, say Y. 772 - 773 - config HISILICON_ERRATUM_161600802 774 - bool "Hip07 161600802: Erroneous redistributor VLPI base" 775 - default y 776 - help 777 - The HiSilicon Hip07 SoC uses the wrong redistributor base 778 - when issued ITS commands such as VMOVP and VMAPP, and requires 779 - a 128kB offset to be applied to the target address in this commands. 780 - 781 - If unsure, say Y. 782 - 783 733 config QCOM_FALKOR_ERRATUM_E1041 784 734 bool "Falkor E1041: Speculative instruction fetches might cause errant memory access" 785 735 default y ··· 771 759 772 760 If unsure, say Y. 773 761 774 - config FUJITSU_ERRATUM_010001 775 - bool "Fujitsu-A64FX erratum E#010001: Undefined fault may occur wrongly" 762 + config SOCIONEXT_SYNQUACER_PREITS 763 + bool "Socionext Synquacer: Workaround for GICv3 pre-ITS" 776 764 default y 777 765 help 778 - This option adds a workaround for Fujitsu-A64FX erratum E#010001. 779 - On some variants of the Fujitsu-A64FX cores ver(1.0, 1.1), memory 780 - accesses may cause undefined fault (Data abort, DFSC=0b111111). 781 - This fault occurs under a specific hardware condition when a 782 - load/store instruction performs an address translation using: 783 - case-1 TTBR0_EL1 with TCR_EL1.NFD0 == 1. 784 - case-2 TTBR0_EL2 with TCR_EL2.NFD0 == 1. 785 - case-3 TTBR1_EL1 with TCR_EL1.NFD1 == 1. 786 - case-4 TTBR1_EL2 with TCR_EL2.NFD1 == 1. 787 - 788 - The workaround is to ensure these bits are clear in TCR_ELx. 789 - The workaround only affects the Fujitsu-A64FX. 766 + Socionext Synquacer SoCs implement a separate h/w block to generate 767 + MSI doorbell writes with non-zero values for the device ID. 790 768 791 769 If unsure, say Y. 792 770 ··· 1027 1025 1028 1026 config ARCH_ENABLE_SPLIT_PMD_PTLOCK 1029 1027 def_bool y if PGTABLE_LEVELS > 2 1028 + 1029 + # Supported by clang >= 7.0 1030 + config CC_HAVE_SHADOW_CALL_STACK 1031 + def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) 1030 1032 1031 1033 config SECCOMP 1032 1034 bool "Enable seccomp to safely compute untrusted bytecode" ··· 1590 1584 endmenu 1591 1585 1592 1586 menu "ARMv8.5 architectural features" 1587 + 1588 + config ARM64_BTI 1589 + bool "Branch Target Identification support" 1590 + default y 1591 + help 1592 + Branch Target Identification (part of the ARMv8.5 Extensions) 1593 + provides a mechanism to limit the set of locations to which computed 1594 + branch instructions such as BR or BLR can jump. 1595 + 1596 + To make use of BTI on CPUs that support it, say Y. 1597 + 1598 + BTI is intended to provide complementary protection to other control 1599 + flow integrity protection mechanisms, such as the Pointer 1600 + authentication mechanism provided as part of the ARMv8.3 Extensions. 1601 + For this reason, it does not make sense to enable this option without 1602 + also enabling support for pointer authentication. Thus, when 1603 + enabling this option you should also select ARM64_PTR_AUTH=y. 1604 + 1605 + Userspace binaries must also be specifically compiled to make use of 1606 + this mechanism. If you say N here or the hardware does not support 1607 + BTI, such binaries can still run, but you get no additional 1608 + enforcement of branch destinations. 1609 + 1610 + config ARM64_BTI_KERNEL 1611 + bool "Use Branch Target Identification for kernel" 1612 + default y 1613 + depends on ARM64_BTI 1614 + depends on ARM64_PTR_AUTH 1615 + depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI 1616 + # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697 1617 + depends on !CC_IS_GCC || GCC_VERSION >= 100100 1618 + depends on !(CC_IS_CLANG && GCOV_KERNEL) 1619 + depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS) 1620 + help 1621 + Build the kernel with Branch Target Identification annotations 1622 + and enable enforcement of this for kernel code. When this option 1623 + is enabled and the system supports BTI all kernel code including 1624 + modular code must have BTI enabled. 1625 + 1626 + config CC_HAS_BRANCH_PROT_PAC_RET_BTI 1627 + # GCC 9 or later, clang 8 or later 1628 + def_bool $(cc-option,-mbranch-protection=pac-ret+leaf+bti) 1593 1629 1594 1630 config ARM64_E0PD 1595 1631 bool "Enable support for E0PD"

+13 -3

arch/arm64/Makefile

··· 12 12 13 13 LDFLAGS_vmlinux :=--no-undefined -X 14 14 CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET) 15 - GZFLAGS :=-9 16 15 17 16 ifeq ($(CONFIG_RELOCATABLE), y) 18 17 # Pass --no-apply-dynamic-relocs to restore pre-binutils-2.27 behaviour ··· 70 71 71 72 ifeq ($(CONFIG_ARM64_PTR_AUTH),y) 72 73 branch-prot-flags-$(CONFIG_CC_HAS_SIGN_RETURN_ADDRESS) := -msign-return-address=all 74 + # We enable additional protection for leaf functions as there is some 75 + # narrow potential for ROP protection benefits and no substantial 76 + # performance impact has been observed. 77 + ifeq ($(CONFIG_ARM64_BTI_KERNEL),y) 78 + branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI) := -mbranch-protection=pac-ret+leaf+bti 79 + else 73 80 branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET) := -mbranch-protection=pac-ret+leaf 81 + endif 74 82 # -march=armv8.3-a enables the non-nops instructions for PAC, to avoid the 75 83 # compiler to generate them and consequently to break the single image contract 76 84 # we pass it only to the assembler. This option is utilized only in case of non ··· 86 80 endif 87 81 88 82 KBUILD_CFLAGS += $(branch-prot-flags-y) 83 + 84 + ifeq ($(CONFIG_SHADOW_CALL_STACK), y) 85 + KBUILD_CFLAGS += -ffixed-x18 86 + endif 89 87 90 88 ifeq ($(CONFIG_CPU_BIG_ENDIAN), y) 91 89 KBUILD_CPPFLAGS += -mbig-endian ··· 128 118 int(2 * 1024 * 1024 / (2 ^ $(CONFIG_ARM64_PAGE_SHIFT)) * \ 129 119 rand()) * (2 ^ $(CONFIG_ARM64_PAGE_SHIFT))}") 130 120 else 131 - TEXT_OFFSET := 0x00080000 121 + TEXT_OFFSET := 0x0 132 122 endif 133 123 134 124 ifeq ($(CONFIG_KASAN_SW_TAGS), y) ··· 141 131 KBUILD_CPPFLAGS += -DKASAN_SHADOW_SCALE_SHIFT=$(KASAN_SHADOW_SCALE_SHIFT) 142 132 KBUILD_AFLAGS += -DKASAN_SHADOW_SCALE_SHIFT=$(KASAN_SHADOW_SCALE_SHIFT) 143 133 144 - export TEXT_OFFSET GZFLAGS 134 + export TEXT_OFFSET 145 135 146 136 core-y += arch/arm64/ 147 137 libs-y := arch/arm64/lib/ $(libs-y)

+39 -6

arch/arm64/include/asm/asm_pointer_auth.h

··· 39 39 alternative_else_nop_endif 40 40 .endm 41 41 42 - .macro ptrauth_keys_install_kernel tsk, sync, tmp1, tmp2, tmp3 43 - alternative_if ARM64_HAS_ADDRESS_AUTH 42 + .macro __ptrauth_keys_install_kernel_nosync tsk, tmp1, tmp2, tmp3 44 43 mov \tmp1, #THREAD_KEYS_KERNEL 45 44 add \tmp1, \tsk, \tmp1 46 45 ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KERNEL_KEY_APIA] 47 46 msr_s SYS_APIAKEYLO_EL1, \tmp2 48 47 msr_s SYS_APIAKEYHI_EL1, \tmp3 49 - .if \sync == 1 50 - isb 51 - .endif 48 + .endm 49 + 50 + .macro ptrauth_keys_install_kernel_nosync tsk, tmp1, tmp2, tmp3 51 + alternative_if ARM64_HAS_ADDRESS_AUTH 52 + __ptrauth_keys_install_kernel_nosync \tsk, \tmp1, \tmp2, \tmp3 52 53 alternative_else_nop_endif 54 + .endm 55 + 56 + .macro ptrauth_keys_install_kernel tsk, tmp1, tmp2, tmp3 57 + alternative_if ARM64_HAS_ADDRESS_AUTH 58 + __ptrauth_keys_install_kernel_nosync \tsk, \tmp1, \tmp2, \tmp3 59 + isb 60 + alternative_else_nop_endif 61 + .endm 62 + 63 + .macro __ptrauth_keys_init_cpu tsk, tmp1, tmp2, tmp3 64 + mrs \tmp1, id_aa64isar1_el1 65 + ubfx \tmp1, \tmp1, #ID_AA64ISAR1_APA_SHIFT, #8 66 + cbz \tmp1, .Lno_addr_auth\@ 67 + mov_q \tmp1, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB | \ 68 + SCTLR_ELx_ENDA | SCTLR_ELx_ENDB) 69 + mrs \tmp2, sctlr_el1 70 + orr \tmp2, \tmp2, \tmp1 71 + msr sctlr_el1, \tmp2 72 + __ptrauth_keys_install_kernel_nosync \tsk, \tmp1, \tmp2, \tmp3 73 + isb 74 + .Lno_addr_auth\@: 75 + .endm 76 + 77 + .macro ptrauth_keys_init_cpu tsk, tmp1, tmp2, tmp3 78 + alternative_if_not ARM64_HAS_ADDRESS_AUTH 79 + b .Lno_addr_auth\@ 80 + alternative_else_nop_endif 81 + __ptrauth_keys_init_cpu \tsk, \tmp1, \tmp2, \tmp3 82 + .Lno_addr_auth\@: 53 83 .endm 54 84 55 85 #else /* CONFIG_ARM64_PTR_AUTH */ ··· 87 57 .macro ptrauth_keys_install_user tsk, tmp1, tmp2, tmp3 88 58 .endm 89 59 90 - .macro ptrauth_keys_install_kernel tsk, sync, tmp1, tmp2, tmp3 60 + .macro ptrauth_keys_install_kernel_nosync tsk, tmp1, tmp2, tmp3 61 + .endm 62 + 63 + .macro ptrauth_keys_install_kernel tsk, tmp1, tmp2, tmp3 91 64 .endm 92 65 93 66 #endif /* CONFIG_ARM64_PTR_AUTH */

+50

arch/arm64/include/asm/assembler.h

··· 736 736 .Lyield_out_\@ : 737 737 .endm 738 738 739 + /* 740 + * This macro emits a program property note section identifying 741 + * architecture features which require special handling, mainly for 742 + * use in assembly files included in the VDSO. 743 + */ 744 + 745 + #define NT_GNU_PROPERTY_TYPE_0 5 746 + #define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000 747 + 748 + #define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) 749 + #define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1U << 1) 750 + 751 + #ifdef CONFIG_ARM64_BTI_KERNEL 752 + #define GNU_PROPERTY_AARCH64_FEATURE_1_DEFAULT \ 753 + ((GNU_PROPERTY_AARCH64_FEATURE_1_BTI | \ 754 + GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) 755 + #endif 756 + 757 + #ifdef GNU_PROPERTY_AARCH64_FEATURE_1_DEFAULT 758 + .macro emit_aarch64_feature_1_and, feat=GNU_PROPERTY_AARCH64_FEATURE_1_DEFAULT 759 + .pushsection .note.gnu.property, "a" 760 + .align 3 761 + .long 2f - 1f 762 + .long 6f - 3f 763 + .long NT_GNU_PROPERTY_TYPE_0 764 + 1: .string "GNU" 765 + 2: 766 + .align 3 767 + 3: .long GNU_PROPERTY_AARCH64_FEATURE_1_AND 768 + .long 5f - 4f 769 + 4: 770 + /* 771 + * This is described with an array of char in the Linux API 772 + * spec but the text and all other usage (including binutils, 773 + * clang and GCC) treat this as a 32 bit value so no swizzling 774 + * is required for big endian. 775 + */ 776 + .long \feat 777 + 5: 778 + .align 3 779 + 6: 780 + .popsection 781 + .endm 782 + 783 + #else 784 + .macro emit_aarch64_feature_1_and, feat=0 785 + .endm 786 + 787 + #endif /* GNU_PROPERTY_AARCH64_FEATURE_1_DEFAULT */ 788 + 739 789 #endif /* __ASM_ASSEMBLER_H */

+3 -3

arch/arm64/include/asm/cacheflush.h

··· 79 79 * IPI all online CPUs so that they undergo a context synchronization 80 80 * event and are forced to refetch the new instructions. 81 81 */ 82 - #ifdef CONFIG_KGDB 82 + 83 83 /* 84 84 * KGDB performs cache maintenance with interrupts disabled, so we 85 85 * will deadlock trying to IPI the secondary CPUs. In theory, we can ··· 89 89 * the patching operation, so we don't need extra IPIs here anyway. 90 90 * In which case, add a KGDB-specific bodge and return early. 91 91 */ 92 - if (kgdb_connected && irqs_disabled()) 92 + if (in_dbg_master()) 93 93 return; 94 - #endif 94 + 95 95 kick_all_cpus_sync(); 96 96 } 97 97

-4

arch/arm64/include/asm/compiler.h

··· 2 2 #ifndef __ASM_COMPILER_H 3 3 #define __ASM_COMPILER_H 4 4 5 - #if defined(CONFIG_ARM64_PTR_AUTH) 6 - 7 5 /* 8 6 * The EL0/EL1 pointer bits used by a pointer authentication code. 9 7 * This is dependent on TBI0/TBI1 being enabled, or bits 63:56 would also apply. ··· 16 18 17 19 #define __builtin_return_address(val) \ 18 20 (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val))) 19 - 20 - #endif /* CONFIG_ARM64_PTR_AUTH */ 21 21 22 22 #endif /* __ASM_COMPILER_H */

+4

arch/arm64/include/asm/cpu.h

··· 33 33 u64 reg_id_aa64zfr0; 34 34 35 35 u32 reg_id_dfr0; 36 + u32 reg_id_dfr1; 36 37 u32 reg_id_isar0; 37 38 u32 reg_id_isar1; 38 39 u32 reg_id_isar2; ··· 45 44 u32 reg_id_mmfr1; 46 45 u32 reg_id_mmfr2; 47 46 u32 reg_id_mmfr3; 47 + u32 reg_id_mmfr4; 48 + u32 reg_id_mmfr5; 48 49 u32 reg_id_pfr0; 49 50 u32 reg_id_pfr1; 51 + u32 reg_id_pfr2; 50 52 51 53 u32 reg_mvfr0; 52 54 u32 reg_mvfr1;

+9 -8

arch/arm64/include/asm/cpucaps.h

··· 44 44 #define ARM64_SSBS 34 45 45 #define ARM64_WORKAROUND_1418040 35 46 46 #define ARM64_HAS_SB 36 47 - #define ARM64_WORKAROUND_SPECULATIVE_AT_VHE 37 47 + #define ARM64_WORKAROUND_SPECULATIVE_AT 37 48 48 #define ARM64_HAS_ADDRESS_AUTH_ARCH 38 49 49 #define ARM64_HAS_ADDRESS_AUTH_IMP_DEF 39 50 50 #define ARM64_HAS_GENERIC_AUTH_ARCH 40 ··· 55 55 #define ARM64_WORKAROUND_CAVIUM_TX2_219_TVM 45 56 56 #define ARM64_WORKAROUND_CAVIUM_TX2_219_PRFM 46 57 57 #define ARM64_WORKAROUND_1542419 47 58 - #define ARM64_WORKAROUND_SPECULATIVE_AT_NVHE 48 59 - #define ARM64_HAS_E0PD 49 60 - #define ARM64_HAS_RNG 50 61 - #define ARM64_HAS_AMU_EXTN 51 62 - #define ARM64_HAS_ADDRESS_AUTH 52 63 - #define ARM64_HAS_GENERIC_AUTH 53 58 + #define ARM64_HAS_E0PD 48 59 + #define ARM64_HAS_RNG 49 60 + #define ARM64_HAS_AMU_EXTN 50 61 + #define ARM64_HAS_ADDRESS_AUTH 51 62 + #define ARM64_HAS_GENERIC_AUTH 52 63 + #define ARM64_HAS_32BIT_EL1 53 64 + #define ARM64_BTI 54 64 65 65 - #define ARM64_NCAPS 54 66 + #define ARM64_NCAPS 55 66 67 67 68 #endif /* __ASM_CPUCAPS_H */

+30

arch/arm64/include/asm/cpufeature.h

··· 551 551 cpuid_feature_extract_unsigned_field(mmfr0, ID_AA64MMFR0_BIGENDEL0_SHIFT) == 0x1; 552 552 } 553 553 554 + static inline bool id_aa64pfr0_32bit_el1(u64 pfr0) 555 + { 556 + u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL1_SHIFT); 557 + 558 + return val == ID_AA64PFR0_EL1_32BIT_64BIT; 559 + } 560 + 554 561 static inline bool id_aa64pfr0_32bit_el0(u64 pfr0) 555 562 { 556 563 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL0_SHIFT); ··· 687 680 system_uses_irq_prio_masking(); 688 681 } 689 682 683 + static inline bool system_supports_bti(void) 684 + { 685 + return IS_ENABLED(CONFIG_ARM64_BTI) && cpus_have_const_cap(ARM64_BTI); 686 + } 687 + 690 688 #define ARM64_BP_HARDEN_UNKNOWN -1 691 689 #define ARM64_BP_HARDEN_WA_NEEDED 0 692 690 #define ARM64_BP_HARDEN_NOT_REQUIRED 1 ··· 756 744 /* Check whether the cpu supports the Activity Monitors Unit (AMU) */ 757 745 extern bool cpu_has_amu_feat(int cpu); 758 746 #endif 747 + 748 + static inline unsigned int get_vmid_bits(u64 mmfr1) 749 + { 750 + int vmid_bits; 751 + 752 + vmid_bits = cpuid_feature_extract_unsigned_field(mmfr1, 753 + ID_AA64MMFR1_VMIDBITS_SHIFT); 754 + if (vmid_bits == ID_AA64MMFR1_VMIDBITS_16) 755 + return 16; 756 + 757 + /* 758 + * Return the default here even if any reserved 759 + * value is fetched from the system register. 760 + */ 761 + return 8; 762 + } 763 + 764 + u32 get_kvm_ipa_limit(void); 759 765 760 766 #endif /* __ASSEMBLY__ */ 761 767

+2

arch/arm64/include/asm/debug-monitors.h

··· 125 125 126 126 int aarch32_break_handler(struct pt_regs *regs); 127 127 128 + void debug_traps_init(void); 129 + 128 130 #endif /* __ASSEMBLY */ 129 131 #endif /* __ASM_DEBUG_MONITORS_H */

+50

arch/arm64/include/asm/elf.h

··· 114 114 115 115 #ifndef __ASSEMBLY__ 116 116 117 + #include <uapi/linux/elf.h> 117 118 #include <linux/bug.h> 119 + #include <linux/errno.h> 120 + #include <linux/fs.h> 121 + #include <linux/types.h> 118 122 #include <asm/processor.h> /* for signal_minsigstksz, used by ARCH_DLINFO */ 119 123 120 124 typedef unsigned long elf_greg_t; ··· 227 223 aarch32_setup_additional_pages 228 224 229 225 #endif /* CONFIG_COMPAT */ 226 + 227 + struct arch_elf_state { 228 + int flags; 229 + }; 230 + 231 + #define ARM64_ELF_BTI (1 << 0) 232 + 233 + #define INIT_ARCH_ELF_STATE { \ 234 + .flags = 0, \ 235 + } 236 + 237 + static inline int arch_parse_elf_property(u32 type, const void *data, 238 + size_t datasz, bool compat, 239 + struct arch_elf_state *arch) 240 + { 241 + /* No known properties for AArch32 yet */ 242 + if (IS_ENABLED(CONFIG_COMPAT) && compat) 243 + return 0; 244 + 245 + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { 246 + const u32 *p = data; 247 + 248 + if (datasz != sizeof(*p)) 249 + return -ENOEXEC; 250 + 251 + if (system_supports_bti() && 252 + (*p & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) 253 + arch->flags |= ARM64_ELF_BTI; 254 + } 255 + 256 + return 0; 257 + } 258 + 259 + static inline int arch_elf_pt_proc(void *ehdr, void *phdr, 260 + struct file *f, bool is_interp, 261 + struct arch_elf_state *state) 262 + { 263 + return 0; 264 + } 265 + 266 + static inline int arch_check_elf(void *ehdr, bool has_interp, 267 + void *interp_ehdr, 268 + struct arch_elf_state *state) 269 + { 270 + return 0; 271 + } 230 272 231 273 #endif /* !__ASSEMBLY__ */ 232 274

+1 -1

arch/arm64/include/asm/esr.h

··· 22 22 #define ESR_ELx_EC_PAC (0x09) /* EL2 and above */ 23 23 /* Unallocated EC: 0x0A - 0x0B */ 24 24 #define ESR_ELx_EC_CP14_64 (0x0C) 25 - /* Unallocated EC: 0x0d */ 25 + #define ESR_ELx_EC_BTI (0x0D) 26 26 #define ESR_ELx_EC_ILL (0x0E) 27 27 /* Unallocated EC: 0x0F - 0x10 */ 28 28 #define ESR_ELx_EC_SVC32 (0x11)

+1

arch/arm64/include/asm/exception.h

··· 34 34 asmlinkage void enter_from_user_mode(void); 35 35 void do_mem_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs); 36 36 void do_undefinstr(struct pt_regs *regs); 37 + void do_bti(struct pt_regs *regs); 37 38 asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr); 38 39 void do_debug_exception(unsigned long addr_if_watchpoint, unsigned int esr, 39 40 struct pt_regs *regs);

+1

arch/arm64/include/asm/hwcap.h

··· 94 94 #define KERNEL_HWCAP_BF16 __khwcap2_feature(BF16) 95 95 #define KERNEL_HWCAP_DGH __khwcap2_feature(DGH) 96 96 #define KERNEL_HWCAP_RNG __khwcap2_feature(RNG) 97 + #define KERNEL_HWCAP_BTI __khwcap2_feature(BTI) 97 98 98 99 /* 99 100 * This yields a mask that user programs can use to figure out what

+27 -3

arch/arm64/include/asm/insn.h

··· 39 39 * system instructions */ 40 40 }; 41 41 42 - enum aarch64_insn_hint_op { 42 + enum aarch64_insn_hint_cr_op { 43 43 AARCH64_INSN_HINT_NOP = 0x0 << 5, 44 44 AARCH64_INSN_HINT_YIELD = 0x1 << 5, 45 45 AARCH64_INSN_HINT_WFE = 0x2 << 5, 46 46 AARCH64_INSN_HINT_WFI = 0x3 << 5, 47 47 AARCH64_INSN_HINT_SEV = 0x4 << 5, 48 48 AARCH64_INSN_HINT_SEVL = 0x5 << 5, 49 + 50 + AARCH64_INSN_HINT_XPACLRI = 0x07 << 5, 51 + AARCH64_INSN_HINT_PACIA_1716 = 0x08 << 5, 52 + AARCH64_INSN_HINT_PACIB_1716 = 0x0A << 5, 53 + AARCH64_INSN_HINT_AUTIA_1716 = 0x0C << 5, 54 + AARCH64_INSN_HINT_AUTIB_1716 = 0x0E << 5, 55 + AARCH64_INSN_HINT_PACIAZ = 0x18 << 5, 56 + AARCH64_INSN_HINT_PACIASP = 0x19 << 5, 57 + AARCH64_INSN_HINT_PACIBZ = 0x1A << 5, 58 + AARCH64_INSN_HINT_PACIBSP = 0x1B << 5, 59 + AARCH64_INSN_HINT_AUTIAZ = 0x1C << 5, 60 + AARCH64_INSN_HINT_AUTIASP = 0x1D << 5, 61 + AARCH64_INSN_HINT_AUTIBZ = 0x1E << 5, 62 + AARCH64_INSN_HINT_AUTIBSP = 0x1F << 5, 63 + 64 + AARCH64_INSN_HINT_ESB = 0x10 << 5, 65 + AARCH64_INSN_HINT_PSB = 0x11 << 5, 66 + AARCH64_INSN_HINT_TSB = 0x12 << 5, 67 + AARCH64_INSN_HINT_CSDB = 0x14 << 5, 68 + 69 + AARCH64_INSN_HINT_BTI = 0x20 << 5, 70 + AARCH64_INSN_HINT_BTIC = 0x22 << 5, 71 + AARCH64_INSN_HINT_BTIJ = 0x24 << 5, 72 + AARCH64_INSN_HINT_BTIJC = 0x26 << 5, 49 73 }; 50 74 51 75 enum aarch64_insn_imm_type { ··· 368 344 369 345 #undef __AARCH64_INSN_FUNCS 370 346 371 - bool aarch64_insn_is_nop(u32 insn); 347 + bool aarch64_insn_is_steppable_hint(u32 insn); 372 348 bool aarch64_insn_is_branch_imm(u32 insn); 373 349 374 350 static inline bool aarch64_insn_is_adr_adrp(u32 insn) ··· 394 370 enum aarch64_insn_branch_type type); 395 371 u32 aarch64_insn_gen_cond_branch_imm(unsigned long pc, unsigned long addr, 396 372 enum aarch64_insn_condition cond); 397 - u32 aarch64_insn_gen_hint(enum aarch64_insn_hint_op op); 373 + u32 aarch64_insn_gen_hint(enum aarch64_insn_hint_cr_op op); 398 374 u32 aarch64_insn_gen_nop(void); 399 375 u32 aarch64_insn_gen_branch_reg(enum aarch64_insn_register reg, 400 376 enum aarch64_insn_branch_type type);

+4 -2

arch/arm64/include/asm/kvm_emulate.h

··· 507 507 508 508 static __always_inline void kvm_skip_instr(struct kvm_vcpu *vcpu, bool is_wide_instr) 509 509 { 510 - if (vcpu_mode_is_32bit(vcpu)) 510 + if (vcpu_mode_is_32bit(vcpu)) { 511 511 kvm_skip_instr32(vcpu, is_wide_instr); 512 - else 512 + } else { 513 513 *vcpu_pc(vcpu) += 4; 514 + *vcpu_cpsr(vcpu) &= ~PSR_BTYPE_MASK; 515 + } 514 516 515 517 /* advance the singlestep state machine */ 516 518 *vcpu_cpsr(vcpu) &= ~DBG_SPSR_SS;

+1 -5

arch/arm64/include/asm/kvm_host.h

··· 573 573 if (system_supports_sve()) 574 574 return true; 575 575 576 - /* Some implementations have defects that confine them to VHE */ 577 - if (cpus_have_cap(ARM64_WORKAROUND_SPECULATIVE_AT_VHE)) 578 - return true; 579 - 580 576 return false; 581 577 } 582 578 ··· 666 670 void kvm_vcpu_load_sysregs(struct kvm_vcpu *vcpu); 667 671 void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu); 668 672 669 - void kvm_set_ipa_limit(void); 673 + int kvm_set_ipa_limit(void); 670 674 671 675 #define __KVM_HAVE_ARCH_VM_ALLOC 672 676 struct kvm *kvm_arch_alloc_vm(void);

+1 -19

arch/arm64/include/asm/kvm_hyp.h

··· 10 10 #include <linux/compiler.h> 11 11 #include <linux/kvm_host.h> 12 12 #include <asm/alternative.h> 13 - #include <asm/kvm_mmu.h> 14 13 #include <asm/sysreg.h> 15 14 16 - #define __hyp_text __section(.hyp.text) notrace 15 + #define __hyp_text __section(.hyp.text) notrace __noscs 17 16 18 17 #define read_sysreg_elx(r,nvh,vh) \ 19 18 ({ \ ··· 86 87 87 88 u64 __guest_enter(struct kvm_vcpu *vcpu, struct kvm_cpu_context *host_ctxt); 88 89 void __noreturn __hyp_do_panic(unsigned long, ...); 89 - 90 - /* 91 - * Must be called from hyp code running at EL2 with an updated VTTBR 92 - * and interrupts disabled. 93 - */ 94 - static __always_inline void __hyp_text __load_guest_stage2(struct kvm *kvm) 95 - { 96 - write_sysreg(kvm->arch.vtcr, vtcr_el2); 97 - write_sysreg(kvm_get_vttbr(kvm), vttbr_el2); 98 - 99 - /* 100 - * ARM errata 1165522 and 1530923 require the actual execution of the 101 - * above before we can switch to the EL1/EL0 translation regime used by 102 - * the guest. 103 - */ 104 - asm(ALTERNATIVE("nop", "isb", ARM64_WORKAROUND_SPECULATIVE_AT_VHE)); 105 - } 106 90 107 91 #endif /* __ARM64_KVM_HYP_H__ */ 108 92

+18 -1

arch/arm64/include/asm/kvm_mmu.h

··· 416 416 { 417 417 int reg = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1); 418 418 419 - return (cpuid_feature_extract_unsigned_field(reg, ID_AA64MMFR1_VMIDBITS_SHIFT) == 2) ? 16 : 8; 419 + return get_vmid_bits(reg); 420 420 } 421 421 422 422 /* ··· 602 602 baddr = kvm->arch.pgd_phys; 603 603 vmid_field = (u64)vmid->vmid << VTTBR_VMID_SHIFT; 604 604 return kvm_phys_to_vttbr(baddr) | vmid_field | cnp; 605 + } 606 + 607 + /* 608 + * Must be called from hyp code running at EL2 with an updated VTTBR 609 + * and interrupts disabled. 610 + */ 611 + static __always_inline void __load_guest_stage2(struct kvm *kvm) 612 + { 613 + write_sysreg(kvm->arch.vtcr, vtcr_el2); 614 + write_sysreg(kvm_get_vttbr(kvm), vttbr_el2); 615 + 616 + /* 617 + * ARM errata 1165522 and 1530923 require the actual execution of the 618 + * above before we can switch to the EL1/EL0 translation regime used by 619 + * the guest. 620 + */ 621 + asm(ALTERNATIVE("nop", "isb", ARM64_WORKAROUND_SPECULATIVE_AT)); 605 622 } 606 623 607 624 #endif /* __ASSEMBLY__ */

+46

arch/arm64/include/asm/linkage.h

··· 4 4 #define __ALIGN .align 2 5 5 #define __ALIGN_STR ".align 2" 6 6 7 + #if defined(CONFIG_ARM64_BTI_KERNEL) && defined(__aarch64__) 8 + 9 + /* 10 + * Since current versions of gas reject the BTI instruction unless we 11 + * set the architecture version to v8.5 we use the hint instruction 12 + * instead. 13 + */ 14 + #define BTI_C hint 34 ; 15 + #define BTI_J hint 36 ; 16 + 17 + /* 18 + * When using in-kernel BTI we need to ensure that PCS-conformant assembly 19 + * functions have suitable annotations. Override SYM_FUNC_START to insert 20 + * a BTI landing pad at the start of everything. 21 + */ 22 + #define SYM_FUNC_START(name) \ 23 + SYM_START(name, SYM_L_GLOBAL, SYM_A_ALIGN) \ 24 + BTI_C 25 + 26 + #define SYM_FUNC_START_NOALIGN(name) \ 27 + SYM_START(name, SYM_L_GLOBAL, SYM_A_NONE) \ 28 + BTI_C 29 + 30 + #define SYM_FUNC_START_LOCAL(name) \ 31 + SYM_START(name, SYM_L_LOCAL, SYM_A_ALIGN) \ 32 + BTI_C 33 + 34 + #define SYM_FUNC_START_LOCAL_NOALIGN(name) \ 35 + SYM_START(name, SYM_L_LOCAL, SYM_A_NONE) \ 36 + BTI_C 37 + 38 + #define SYM_FUNC_START_WEAK(name) \ 39 + SYM_START(name, SYM_L_WEAK, SYM_A_ALIGN) \ 40 + BTI_C 41 + 42 + #define SYM_FUNC_START_WEAK_NOALIGN(name) \ 43 + SYM_START(name, SYM_L_WEAK, SYM_A_NONE) \ 44 + BTI_C 45 + 46 + #define SYM_INNER_LABEL(name, linkage) \ 47 + .type name SYM_T_NONE ASM_NL \ 48 + SYM_ENTRY(name, linkage, SYM_A_NONE) \ 49 + BTI_J 50 + 51 + #endif 52 + 7 53 /* 8 54 * Annotate a function as position independent, i.e., safe to be called before 9 55 * the kernel virtual mapping is activated.

+37

arch/arm64/include/asm/mman.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + #ifndef __ASM_MMAN_H__ 3 + #define __ASM_MMAN_H__ 4 + 5 + #include <linux/compiler.h> 6 + #include <linux/types.h> 7 + #include <uapi/asm/mman.h> 8 + 9 + static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot, 10 + unsigned long pkey __always_unused) 11 + { 12 + if (system_supports_bti() && (prot & PROT_BTI)) 13 + return VM_ARM64_BTI; 14 + 15 + return 0; 16 + } 17 + #define arch_calc_vm_prot_bits(prot, pkey) arch_calc_vm_prot_bits(prot, pkey) 18 + 19 + static inline pgprot_t arch_vm_get_page_prot(unsigned long vm_flags) 20 + { 21 + return (vm_flags & VM_ARM64_BTI) ? __pgprot(PTE_GP) : __pgprot(0); 22 + } 23 + #define arch_vm_get_page_prot(vm_flags) arch_vm_get_page_prot(vm_flags) 24 + 25 + static inline bool arch_validate_prot(unsigned long prot, 26 + unsigned long addr __always_unused) 27 + { 28 + unsigned long supported = PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM; 29 + 30 + if (system_supports_bti()) 31 + supported |= PROT_BTI; 32 + 33 + return (prot & ~supported) == 0; 34 + } 35 + #define arch_validate_prot(prot, addr) arch_validate_prot(prot, addr) 36 + 37 + #endif /* ! __ASM_MMAN_H__ */

+1 -1

arch/arm64/include/asm/pgtable-hwdef.h

··· 151 151 #define PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ 152 152 #define PTE_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ 153 153 #define PTE_NG (_AT(pteval_t, 1) << 11) /* nG */ 154 + #define PTE_GP (_AT(pteval_t, 1) << 50) /* BTI guarded */ 154 155 #define PTE_DBM (_AT(pteval_t, 1) << 51) /* Dirty Bit Management */ 155 156 #define PTE_CONT (_AT(pteval_t, 1) << 52) /* Contiguous range */ 156 157 #define PTE_PXN (_AT(pteval_t, 1) << 53) /* Privileged XN */ ··· 191 190 * Memory Attribute override for Stage-2 (MemAttr[3:0]) 192 191 */ 193 192 #define PTE_S2_MEMATTR(t) (_AT(pteval_t, (t)) << 2) 194 - #define PTE_S2_MEMATTR_MASK (_AT(pteval_t, 0xf) << 2) 195 193 196 194 /* 197 195 * EL2/HYP PTE/PMD definitions

+11

arch/arm64/include/asm/pgtable-prot.h

··· 21 21 22 22 #ifndef __ASSEMBLY__ 23 23 24 + #include <asm/cpufeature.h> 24 25 #include <asm/pgtable-types.h> 25 26 26 27 extern bool arm64_use_ng_mappings; ··· 31 30 32 31 #define PTE_MAYBE_NG (arm64_use_ng_mappings ? PTE_NG : 0) 33 32 #define PMD_MAYBE_NG (arm64_use_ng_mappings ? PMD_SECT_NG : 0) 33 + 34 + /* 35 + * If we have userspace only BTI we don't want to mark kernel pages 36 + * guarded even if the system does support BTI. 37 + */ 38 + #ifdef CONFIG_ARM64_BTI_KERNEL 39 + #define PTE_MAYBE_GP (system_supports_bti() ? PTE_GP : 0) 40 + #else 41 + #define PTE_MAYBE_GP 0 42 + #endif 34 43 35 44 #define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG) 36 45 #define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG)

+5 -4

arch/arm64/include/asm/pgtable.h

··· 457 457 extern pgd_t init_pg_end[]; 458 458 extern pgd_t swapper_pg_dir[PTRS_PER_PGD]; 459 459 extern pgd_t idmap_pg_dir[PTRS_PER_PGD]; 460 + extern pgd_t idmap_pg_end[]; 460 461 extern pgd_t tramp_pg_dir[PTRS_PER_PGD]; 461 462 462 463 extern void set_swapper_pgd(pgd_t *pgdp, pgd_t pgd); ··· 509 508 #define pte_set_fixmap_offset(pmd, addr) pte_set_fixmap(pte_offset_phys(pmd, addr)) 510 509 #define pte_clear_fixmap() clear_fixmap(FIX_PTE) 511 510 512 - #define pmd_page(pmd) pfn_to_page(__phys_to_pfn(__pmd_to_phys(pmd))) 511 + #define pmd_page(pmd) phys_to_page(__pmd_to_phys(pmd)) 513 512 514 513 /* use ONLY for statically allocated translation tables */ 515 514 #define pte_offset_kimg(dir,addr) ((pte_t *)__phys_to_kimg(pte_offset_phys((dir), (addr)))) ··· 567 566 #define pmd_set_fixmap_offset(pud, addr) pmd_set_fixmap(pmd_offset_phys(pud, addr)) 568 567 #define pmd_clear_fixmap() clear_fixmap(FIX_PMD) 569 568 570 - #define pud_page(pud) pfn_to_page(__phys_to_pfn(__pud_to_phys(pud))) 569 + #define pud_page(pud) phys_to_page(__pud_to_phys(pud)) 571 570 572 571 /* use ONLY for statically allocated translation tables */ 573 572 #define pmd_offset_kimg(dir,addr) ((pmd_t *)__phys_to_kimg(pmd_offset_phys((dir), (addr)))) ··· 625 624 #define pud_set_fixmap_offset(pgd, addr) pud_set_fixmap(pud_offset_phys(pgd, addr)) 626 625 #define pud_clear_fixmap() clear_fixmap(FIX_PUD) 627 626 628 - #define pgd_page(pgd) pfn_to_page(__phys_to_pfn(__pgd_to_phys(pgd))) 627 + #define pgd_page(pgd) phys_to_page(__pgd_to_phys(pgd)) 629 628 630 629 /* use ONLY for statically allocated translation tables */ 631 630 #define pud_offset_kimg(dir,addr) ((pud_t *)__phys_to_kimg(pud_offset_phys((dir), (addr)))) ··· 661 660 static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) 662 661 { 663 662 const pteval_t mask = PTE_USER | PTE_PXN | PTE_UXN | PTE_RDONLY | 664 - PTE_PROT_NONE | PTE_VALID | PTE_WRITE; 663 + PTE_PROT_NONE | PTE_VALID | PTE_WRITE | PTE_GP; 665 664 /* preserve the hardware dirty information */ 666 665 if (pte_hw_dirty(pte)) 667 666 pte = pte_mkdirty(pte);

+1

arch/arm64/include/asm/ptrace.h

··· 35 35 #define GIC_PRIO_PSR_I_SET (1 << 4) 36 36 37 37 /* Additional SPSR bits not exposed in the UABI */ 38 + 38 39 #define PSR_IL_BIT (1 << 20) 39 40 40 41 /* AArch32-specific ptrace requests */

+29

arch/arm64/include/asm/scs.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + #ifndef _ASM_SCS_H 3 + #define _ASM_SCS_H 4 + 5 + #ifdef __ASSEMBLY__ 6 + 7 + #include <asm/asm-offsets.h> 8 + 9 + #ifdef CONFIG_SHADOW_CALL_STACK 10 + scs_sp .req x18 11 + 12 + .macro scs_load tsk, tmp 13 + ldr scs_sp, [\tsk, #TSK_TI_SCS_SP] 14 + .endm 15 + 16 + .macro scs_save tsk, tmp 17 + str scs_sp, [\tsk, #TSK_TI_SCS_SP] 18 + .endm 19 + #else 20 + .macro scs_load tsk, tmp 21 + .endm 22 + 23 + .macro scs_save tsk, tmp 24 + .endm 25 + #endif /* CONFIG_SHADOW_CALL_STACK */ 26 + 27 + #endif /* __ASSEMBLY __ */ 28 + 29 + #endif /* _ASM_SCS_H */

-11

arch/arm64/include/asm/smp.h

··· 23 23 #define CPU_STUCK_REASON_52_BIT_VA (UL(1) << CPU_STUCK_REASON_SHIFT) 24 24 #define CPU_STUCK_REASON_NO_GRAN (UL(2) << CPU_STUCK_REASON_SHIFT) 25 25 26 - /* Possible options for __cpu_setup */ 27 - /* Option to setup primary cpu */ 28 - #define ARM64_CPU_BOOT_PRIMARY (1) 29 - /* Option to setup secondary cpus */ 30 - #define ARM64_CPU_BOOT_SECONDARY (2) 31 - /* Option to setup cpus for different cpu run time services */ 32 - #define ARM64_CPU_RUNTIME (3) 33 - 34 26 #ifndef __ASSEMBLY__ 35 27 36 28 #include <asm/percpu.h> ··· 88 96 struct secondary_data { 89 97 void *stack; 90 98 struct task_struct *task; 91 - #ifdef CONFIG_ARM64_PTR_AUTH 92 - struct ptrauth_keys_kernel ptrauth_key; 93 - #endif 94 99 long status; 95 100 }; 96 101

+14 -26

arch/arm64/include/asm/stacktrace.h

··· 68 68 69 69 DECLARE_PER_CPU(unsigned long *, irq_stack_ptr); 70 70 71 - static inline bool on_irq_stack(unsigned long sp, 71 + static inline bool on_stack(unsigned long sp, unsigned long low, 72 + unsigned long high, enum stack_type type, 72 73 struct stack_info *info) 73 74 { 74 - unsigned long low = (unsigned long)raw_cpu_read(irq_stack_ptr); 75 - unsigned long high = low + IRQ_STACK_SIZE; 76 - 77 75 if (!low) 78 76 return false; 79 77 ··· 81 83 if (info) { 82 84 info->low = low; 83 85 info->high = high; 84 - info->type = STACK_TYPE_IRQ; 86 + info->type = type; 85 87 } 86 - 87 88 return true; 89 + } 90 + 91 + static inline bool on_irq_stack(unsigned long sp, 92 + struct stack_info *info) 93 + { 94 + unsigned long low = (unsigned long)raw_cpu_read(irq_stack_ptr); 95 + unsigned long high = low + IRQ_STACK_SIZE; 96 + 97 + return on_stack(sp, low, high, STACK_TYPE_IRQ, info); 88 98 } 89 99 90 100 static inline bool on_task_stack(const struct task_struct *tsk, ··· 102 96 unsigned long low = (unsigned long)task_stack_page(tsk); 103 97 unsigned long high = low + THREAD_SIZE; 104 98 105 - if (sp < low || sp >= high) 106 - return false; 107 - 108 - if (info) { 109 - info->low = low; 110 - info->high = high; 111 - info->type = STACK_TYPE_TASK; 112 - } 113 - 114 - return true; 99 + return on_stack(sp, low, high, STACK_TYPE_TASK, info); 115 100 } 116 101 117 102 #ifdef CONFIG_VMAP_STACK ··· 114 117 unsigned long low = (unsigned long)raw_cpu_ptr(overflow_stack); 115 118 unsigned long high = low + OVERFLOW_STACK_SIZE; 116 119 117 - if (sp < low || sp >= high) 118 - return false; 119 - 120 - if (info) { 121 - info->low = low; 122 - info->high = high; 123 - info->type = STACK_TYPE_OVERFLOW; 124 - } 125 - 126 - return true; 120 + return on_stack(sp, low, high, STACK_TYPE_OVERFLOW, info); 127 121 } 128 122 #else 129 123 static inline bool on_overflow_stack(unsigned long sp,

+1 -1

arch/arm64/include/asm/suspend.h

··· 2 2 #ifndef __ASM_SUSPEND_H 3 3 #define __ASM_SUSPEND_H 4 4 5 - #define NR_CTX_REGS 12 5 + #define NR_CTX_REGS 13 6 6 #define NR_CALLEE_SAVED_REGS 12 7 7 8 8 /*

+65 -12

arch/arm64/include/asm/sysreg.h

··· 105 105 #define SYS_DC_CSW sys_insn(1, 0, 7, 10, 2) 106 106 #define SYS_DC_CISW sys_insn(1, 0, 7, 14, 2) 107 107 108 + /* 109 + * System registers, organised loosely by encoding but grouped together 110 + * where the architected name contains an index. e.g. ID_MMFR<n>_EL1. 111 + */ 108 112 #define SYS_OSDTRRX_EL1 sys_reg(2, 0, 0, 0, 2) 109 113 #define SYS_MDCCINT_EL1 sys_reg(2, 0, 0, 2, 0) 110 114 #define SYS_MDSCR_EL1 sys_reg(2, 0, 0, 2, 2) ··· 138 134 139 135 #define SYS_ID_PFR0_EL1 sys_reg(3, 0, 0, 1, 0) 140 136 #define SYS_ID_PFR1_EL1 sys_reg(3, 0, 0, 1, 1) 137 + #define SYS_ID_PFR2_EL1 sys_reg(3, 0, 0, 3, 4) 141 138 #define SYS_ID_DFR0_EL1 sys_reg(3, 0, 0, 1, 2) 139 + #define SYS_ID_DFR1_EL1 sys_reg(3, 0, 0, 3, 5) 142 140 #define SYS_ID_AFR0_EL1 sys_reg(3, 0, 0, 1, 3) 143 141 #define SYS_ID_MMFR0_EL1 sys_reg(3, 0, 0, 1, 4) 144 142 #define SYS_ID_MMFR1_EL1 sys_reg(3, 0, 0, 1, 5) 145 143 #define SYS_ID_MMFR2_EL1 sys_reg(3, 0, 0, 1, 6) 146 144 #define SYS_ID_MMFR3_EL1 sys_reg(3, 0, 0, 1, 7) 145 + #define SYS_ID_MMFR4_EL1 sys_reg(3, 0, 0, 2, 6) 146 + #define SYS_ID_MMFR5_EL1 sys_reg(3, 0, 0, 3, 6) 147 147 148 148 #define SYS_ID_ISAR0_EL1 sys_reg(3, 0, 0, 2, 0) 149 149 #define SYS_ID_ISAR1_EL1 sys_reg(3, 0, 0, 2, 1) ··· 155 147 #define SYS_ID_ISAR3_EL1 sys_reg(3, 0, 0, 2, 3) 156 148 #define SYS_ID_ISAR4_EL1 sys_reg(3, 0, 0, 2, 4) 157 149 #define SYS_ID_ISAR5_EL1 sys_reg(3, 0, 0, 2, 5) 158 - #define SYS_ID_MMFR4_EL1 sys_reg(3, 0, 0, 2, 6) 159 150 #define SYS_ID_ISAR6_EL1 sys_reg(3, 0, 0, 2, 7) 160 151 161 152 #define SYS_MVFR0_EL1 sys_reg(3, 0, 0, 3, 0) ··· 559 552 #endif 560 553 561 554 /* SCTLR_EL1 specific flags. */ 555 + #define SCTLR_EL1_BT1 (BIT(36)) 556 + #define SCTLR_EL1_BT0 (BIT(35)) 562 557 #define SCTLR_EL1_UCI (BIT(26)) 563 558 #define SCTLR_EL1_E0E (BIT(24)) 564 559 #define SCTLR_EL1_SPAN (BIT(23)) ··· 603 594 604 595 /* id_aa64isar0 */ 605 596 #define ID_AA64ISAR0_RNDR_SHIFT 60 597 + #define ID_AA64ISAR0_TLB_SHIFT 56 606 598 #define ID_AA64ISAR0_TS_SHIFT 52 607 599 #define ID_AA64ISAR0_FHM_SHIFT 48 608 600 #define ID_AA64ISAR0_DP_SHIFT 44 ··· 647 637 #define ID_AA64PFR0_CSV2_SHIFT 56 648 638 #define ID_AA64PFR0_DIT_SHIFT 48 649 639 #define ID_AA64PFR0_AMU_SHIFT 44 640 + #define ID_AA64PFR0_MPAM_SHIFT 40 641 + #define ID_AA64PFR0_SEL2_SHIFT 36 650 642 #define ID_AA64PFR0_SVE_SHIFT 32 651 643 #define ID_AA64PFR0_RAS_SHIFT 28 652 644 #define ID_AA64PFR0_GIC_SHIFT 24 ··· 667 655 #define ID_AA64PFR0_ASIMD_NI 0xf 668 656 #define ID_AA64PFR0_ASIMD_SUPPORTED 0x0 669 657 #define ID_AA64PFR0_EL1_64BIT_ONLY 0x1 658 + #define ID_AA64PFR0_EL1_32BIT_64BIT 0x2 670 659 #define ID_AA64PFR0_EL0_64BIT_ONLY 0x1 671 660 #define ID_AA64PFR0_EL0_32BIT_64BIT 0x2 672 661 673 662 /* id_aa64pfr1 */ 663 + #define ID_AA64PFR1_MPAMFRAC_SHIFT 16 664 + #define ID_AA64PFR1_RASFRAC_SHIFT 12 665 + #define ID_AA64PFR1_MTE_SHIFT 8 674 666 #define ID_AA64PFR1_SSBS_SHIFT 4 667 + #define ID_AA64PFR1_BT_SHIFT 0 675 668 676 669 #define ID_AA64PFR1_SSBS_PSTATE_NI 0 677 670 #define ID_AA64PFR1_SSBS_PSTATE_ONLY 1 678 671 #define ID_AA64PFR1_SSBS_PSTATE_INSNS 2 672 + #define ID_AA64PFR1_BT_BTI 0x1 679 673 680 674 /* id_aa64zfr0 */ 681 675 #define ID_AA64ZFR0_F64MM_SHIFT 56 ··· 706 688 #define ID_AA64ZFR0_SVEVER_SVE2 0x1 707 689 708 690 /* id_aa64mmfr0 */ 691 + #define ID_AA64MMFR0_TGRAN4_2_SHIFT 40 692 + #define ID_AA64MMFR0_TGRAN64_2_SHIFT 36 693 + #define ID_AA64MMFR0_TGRAN16_2_SHIFT 32 709 694 #define ID_AA64MMFR0_TGRAN4_SHIFT 28 710 695 #define ID_AA64MMFR0_TGRAN64_SHIFT 24 711 696 #define ID_AA64MMFR0_TGRAN16_SHIFT 20 ··· 773 752 774 753 #define ID_DFR0_PERFMON_8_1 0x4 775 754 755 + #define ID_ISAR4_SWP_FRAC_SHIFT 28 756 + #define ID_ISAR4_PSR_M_SHIFT 24 757 + #define ID_ISAR4_SYNCH_PRIM_FRAC_SHIFT 20 758 + #define ID_ISAR4_BARRIER_SHIFT 16 759 + #define ID_ISAR4_SMC_SHIFT 12 760 + #define ID_ISAR4_WRITEBACK_SHIFT 8 761 + #define ID_ISAR4_WITHSHIFTS_SHIFT 4 762 + #define ID_ISAR4_UNPRIV_SHIFT 0 763 + 764 + #define ID_DFR1_MTPMU_SHIFT 0 765 + 766 + #define ID_ISAR0_DIVIDE_SHIFT 24 767 + #define ID_ISAR0_DEBUG_SHIFT 20 768 + #define ID_ISAR0_COPROC_SHIFT 16 769 + #define ID_ISAR0_CMPBRANCH_SHIFT 12 770 + #define ID_ISAR0_BITFIELD_SHIFT 8 771 + #define ID_ISAR0_BITCOUNT_SHIFT 4 772 + #define ID_ISAR0_SWAP_SHIFT 0 773 + 776 774 #define ID_ISAR5_RDM_SHIFT 24 777 775 #define ID_ISAR5_CRC32_SHIFT 16 778 776 #define ID_ISAR5_SHA2_SHIFT 12 ··· 806 766 #define ID_ISAR6_FHM_SHIFT 8 807 767 #define ID_ISAR6_DP_SHIFT 4 808 768 #define ID_ISAR6_JSCVT_SHIFT 0 769 + 770 + #define ID_MMFR4_EVT_SHIFT 28 771 + #define ID_MMFR4_CCIDX_SHIFT 24 772 + #define ID_MMFR4_LSM_SHIFT 20 773 + #define ID_MMFR4_HPDS_SHIFT 16 774 + #define ID_MMFR4_CNP_SHIFT 12 775 + #define ID_MMFR4_XNX_SHIFT 8 776 + #define ID_MMFR4_SPECSEI_SHIFT 0 777 + 778 + #define ID_MMFR5_ETS_SHIFT 0 779 + 780 + #define ID_PFR0_DIT_SHIFT 24 781 + #define ID_PFR0_CSV2_SHIFT 16 782 + 783 + #define ID_PFR2_SSBS_SHIFT 4 784 + #define ID_PFR2_CSV3_SHIFT 0 809 785 810 786 #define MVFR0_FPROUND_SHIFT 28 811 787 #define MVFR0_FPSHVEC_SHIFT 24 ··· 841 785 #define MVFR1_FPDNAN_SHIFT 4 842 786 #define MVFR1_FPFTZ_SHIFT 0 843 787 844 - 845 - #define ID_AA64MMFR0_TGRAN4_SHIFT 28 846 - #define ID_AA64MMFR0_TGRAN64_SHIFT 24 847 - #define ID_AA64MMFR0_TGRAN16_SHIFT 20 848 - 849 - #define ID_AA64MMFR0_TGRAN4_NI 0xf 850 - #define ID_AA64MMFR0_TGRAN4_SUPPORTED 0x0 851 - #define ID_AA64MMFR0_TGRAN64_NI 0xf 852 - #define ID_AA64MMFR0_TGRAN64_SUPPORTED 0x0 853 - #define ID_AA64MMFR0_TGRAN16_NI 0x0 854 - #define ID_AA64MMFR0_TGRAN16_SUPPORTED 0x1 788 + #define ID_PFR1_GIC_SHIFT 28 789 + #define ID_PFR1_VIRT_FRAC_SHIFT 24 790 + #define ID_PFR1_SEC_FRAC_SHIFT 20 791 + #define ID_PFR1_GENTIMER_SHIFT 16 792 + #define ID_PFR1_VIRTUALIZATION_SHIFT 12 793 + #define ID_PFR1_MPROGMOD_SHIFT 8 794 + #define ID_PFR1_SECURITY_SHIFT 4 795 + #define ID_PFR1_PROGMOD_SHIFT 0 855 796 856 797 #if defined(CONFIG_ARM64_4K_PAGES) 857 798 #define ID_AA64MMFR0_TGRAN_SHIFT ID_AA64MMFR0_TGRAN4_SHIFT

+13

arch/arm64/include/asm/thread_info.h

··· 41 41 #endif 42 42 } preempt; 43 43 }; 44 + #ifdef CONFIG_SHADOW_CALL_STACK 45 + void *scs_base; 46 + void *scs_sp; 47 + #endif 44 48 }; 45 49 46 50 #define thread_saved_pc(tsk) \ ··· 104 100 _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \ 105 101 _TIF_SYSCALL_EMU) 106 102 103 + #ifdef CONFIG_SHADOW_CALL_STACK 104 + #define INIT_SCS \ 105 + .scs_base = init_shadow_call_stack, \ 106 + .scs_sp = init_shadow_call_stack, 107 + #else 108 + #define INIT_SCS 109 + #endif 110 + 107 111 #define INIT_THREAD_INFO(tsk) \ 108 112 { \ 109 113 .flags = _TIF_FOREIGN_FPSTATE, \ 110 114 .preempt_count = INIT_PREEMPT_COUNT, \ 111 115 .addr_limit = KERNEL_DS, \ 116 + INIT_SCS \ 112 117 } 113 118 114 119 #endif /* __ASM_THREAD_INFO_H */

+1

arch/arm64/include/uapi/asm/hwcap.h

··· 73 73 #define HWCAP2_BF16 (1 << 14) 74 74 #define HWCAP2_DGH (1 << 15) 75 75 #define HWCAP2_RNG (1 << 16) 76 + #define HWCAP2_BTI (1 << 17) 76 77 77 78 #endif /* _UAPI__ASM_HWCAP_H */

+9

arch/arm64/include/uapi/asm/mman.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2 + #ifndef _UAPI__ASM_MMAN_H 3 + #define _UAPI__ASM_MMAN_H 4 + 5 + #include <asm-generic/mman.h> 6 + 7 + #define PROT_BTI 0x10 /* BTI guarded page */ 8 + 9 + #endif /* ! _UAPI__ASM_MMAN_H */

+9

arch/arm64/include/uapi/asm/ptrace.h

··· 46 46 #define PSR_I_BIT 0x00000080 47 47 #define PSR_A_BIT 0x00000100 48 48 #define PSR_D_BIT 0x00000200 49 + #define PSR_BTYPE_MASK 0x00000c00 49 50 #define PSR_SSBS_BIT 0x00001000 50 51 #define PSR_PAN_BIT 0x00400000 51 52 #define PSR_UAO_BIT 0x00800000 ··· 56 55 #define PSR_Z_BIT 0x40000000 57 56 #define PSR_N_BIT 0x80000000 58 57 58 + #define PSR_BTYPE_SHIFT 10 59 + 59 60 /* 60 61 * Groups of PSR bits 61 62 */ ··· 65 62 #define PSR_s 0x00ff0000 /* Status */ 66 63 #define PSR_x 0x0000ff00 /* Extension */ 67 64 #define PSR_c 0x000000ff /* Control */ 65 + 66 + /* Convenience names for the values of PSTATE.BTYPE */ 67 + #define PSR_BTYPE_NONE (0b00 << PSR_BTYPE_SHIFT) 68 + #define PSR_BTYPE_JC (0b01 << PSR_BTYPE_SHIFT) 69 + #define PSR_BTYPE_C (0b10 << PSR_BTYPE_SHIFT) 70 + #define PSR_BTYPE_J (0b11 << PSR_BTYPE_SHIFT) 68 71 69 72 /* syscall emulation path in ptrace */ 70 73 #define PTRACE_SYSEMU 31

+1

arch/arm64/kernel/Makefile

··· 63 63 obj-$(CONFIG_ARM_SDE_INTERFACE) += sdei.o 64 64 obj-$(CONFIG_ARM64_SSBD) += ssbd.o 65 65 obj-$(CONFIG_ARM64_PTR_AUTH) += pointer_auth.o 66 + obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o 66 67 67 68 obj-y += vdso/ probes/ 68 69 obj-$(CONFIG_COMPAT_VDSO) += vdso32/

+4 -3

arch/arm64/kernel/asm-offsets.c

··· 34 34 #ifdef CONFIG_ARM64_SW_TTBR0_PAN 35 35 DEFINE(TSK_TI_TTBR0, offsetof(struct task_struct, thread_info.ttbr0)); 36 36 #endif 37 + #ifdef CONFIG_SHADOW_CALL_STACK 38 + DEFINE(TSK_TI_SCS_BASE, offsetof(struct task_struct, thread_info.scs_base)); 39 + DEFINE(TSK_TI_SCS_SP, offsetof(struct task_struct, thread_info.scs_sp)); 40 + #endif 37 41 DEFINE(TSK_STACK, offsetof(struct task_struct, stack)); 38 42 #ifdef CONFIG_STACKPROTECTOR 39 43 DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct, stack_canary)); ··· 96 92 BLANK(); 97 93 DEFINE(CPU_BOOT_STACK, offsetof(struct secondary_data, stack)); 98 94 DEFINE(CPU_BOOT_TASK, offsetof(struct secondary_data, task)); 99 - #ifdef CONFIG_ARM64_PTR_AUTH 100 - DEFINE(CPU_BOOT_PTRAUTH_KEY, offsetof(struct secondary_data, ptrauth_key)); 101 - #endif 102 95 BLANK(); 103 96 #ifdef CONFIG_KVM_ARM_HOST 104 97 DEFINE(VCPU_CONTEXT, offsetof(struct kvm_vcpu, arch.ctxt));

+2 -2

arch/arm64/kernel/cpu-reset.S

··· 29 29 * branch to what would be the reset vector. It must be executed with the 30 30 * flat identity mapping. 31 31 */ 32 - ENTRY(__cpu_soft_restart) 32 + SYM_CODE_START(__cpu_soft_restart) 33 33 /* Clear sctlr_el1 flags. */ 34 34 mrs x12, sctlr_el1 35 35 mov_q x13, SCTLR_ELx_FLAGS ··· 47 47 mov x1, x3 // arg1 48 48 mov x2, x4 // arg2 49 49 br x8 50 - ENDPROC(__cpu_soft_restart) 50 + SYM_CODE_END(__cpu_soft_restart) 51 51 52 52 .popsection

+13 -16

arch/arm64/kernel/cpu_errata.c

··· 635 635 return is_midr_in_range(midr, &range) && has_dic; 636 636 } 637 637 638 - #if defined(CONFIG_HARDEN_EL2_VECTORS) || defined(CONFIG_ARM64_ERRATUM_1319367) 638 + #if defined(CONFIG_HARDEN_EL2_VECTORS) 639 639 640 640 static const struct midr_range ca57_a72[] = { 641 641 MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), ··· 757 757 }; 758 758 #endif 759 759 760 - #ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_AT_VHE 761 - static const struct midr_range erratum_speculative_at_vhe_list[] = { 760 + #ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_AT 761 + static const struct midr_range erratum_speculative_at_list[] = { 762 762 #ifdef CONFIG_ARM64_ERRATUM_1165522 763 763 /* Cortex A76 r0p0 to r2p0 */ 764 764 MIDR_RANGE(MIDR_CORTEX_A76, 0, 0, 2, 0), 765 + #endif 766 + #ifdef CONFIG_ARM64_ERRATUM_1319367 767 + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), 768 + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), 765 769 #endif 766 770 #ifdef CONFIG_ARM64_ERRATUM_1530923 767 771 /* Cortex A55 r0p0 to r2p0 */ ··· 778 774 const struct arm64_cpu_capabilities arm64_errata[] = { 779 775 #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE 780 776 { 781 - .desc = "ARM errata 826319, 827319, 824069, 819472", 777 + .desc = "ARM errata 826319, 827319, 824069, or 819472", 782 778 .capability = ARM64_WORKAROUND_CLEAN_CACHE, 783 779 ERRATA_MIDR_RANGE_LIST(workaround_clean_cache), 784 780 .cpu_enable = cpu_enable_cache_maint_trap, ··· 860 856 #endif 861 857 #ifdef CONFIG_ARM64_WORKAROUND_REPEAT_TLBI 862 858 { 863 - .desc = "Qualcomm erratum 1009, ARM erratum 1286807", 859 + .desc = "Qualcomm erratum 1009, or ARM erratum 1286807", 864 860 .capability = ARM64_WORKAROUND_REPEAT_TLBI, 865 861 .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, 866 862 .matches = cpucap_multi_entry_cap_matches, ··· 901 897 ERRATA_MIDR_RANGE_LIST(erratum_1418040_list), 902 898 }, 903 899 #endif 904 - #ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_AT_VHE 900 + #ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_AT 905 901 { 906 - .desc = "ARM errata 1165522, 1530923", 907 - .capability = ARM64_WORKAROUND_SPECULATIVE_AT_VHE, 908 - ERRATA_MIDR_RANGE_LIST(erratum_speculative_at_vhe_list), 902 + .desc = "ARM errata 1165522, 1319367, or 1530923", 903 + .capability = ARM64_WORKAROUND_SPECULATIVE_AT, 904 + ERRATA_MIDR_RANGE_LIST(erratum_speculative_at_list), 909 905 }, 910 906 #endif 911 907 #ifdef CONFIG_ARM64_ERRATUM_1463225 ··· 937 933 .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, 938 934 .matches = has_neoverse_n1_erratum_1542419, 939 935 .cpu_enable = cpu_enable_trap_ctr_access, 940 - }, 941 - #endif 942 - #ifdef CONFIG_ARM64_ERRATUM_1319367 943 - { 944 - .desc = "ARM erratum 1319367", 945 - .capability = ARM64_WORKAROUND_SPECULATIVE_AT_NVHE, 946 - ERRATA_MIDR_RANGE_LIST(ca57_a72), 947 936 }, 948 937 #endif 949 938 {

+383 -72

arch/arm64/kernel/cpufeature.c

··· 3 3 * Contains CPU feature definitions 4 4 * 5 5 * Copyright (C) 2015 ARM Ltd. 6 + * 7 + * A note for the weary kernel hacker: the code here is confusing and hard to 8 + * follow! That's partly because it's solving a nasty problem, but also because 9 + * there's a little bit of over-abstraction that tends to obscure what's going 10 + * on behind a maze of helper functions and macros. 11 + * 12 + * The basic problem is that hardware folks have started gluing together CPUs 13 + * with distinct architectural features; in some cases even creating SoCs where 14 + * user-visible instructions are available only on a subset of the available 15 + * cores. We try to address this by snapshotting the feature registers of the 16 + * boot CPU and comparing these with the feature registers of each secondary 17 + * CPU when bringing them up. If there is a mismatch, then we update the 18 + * snapshot state to indicate the lowest-common denominator of the feature, 19 + * known as the "safe" value. This snapshot state can be queried to view the 20 + * "sanitised" value of a feature register. 21 + * 22 + * The sanitised register values are used to decide which capabilities we 23 + * have in the system. These may be in the form of traditional "hwcaps" 24 + * advertised to userspace or internal "cpucaps" which are used to configure 25 + * things like alternative patching and static keys. While a feature mismatch 26 + * may result in a TAINT_CPU_OUT_OF_SPEC kernel taint, a capability mismatch 27 + * may prevent a CPU from being onlined at all. 28 + * 29 + * Some implementation details worth remembering: 30 + * 31 + * - Mismatched features are *always* sanitised to a "safe" value, which 32 + * usually indicates that the feature is not supported. 33 + * 34 + * - A mismatched feature marked with FTR_STRICT will cause a "SANITY CHECK" 35 + * warning when onlining an offending CPU and the kernel will be tainted 36 + * with TAINT_CPU_OUT_OF_SPEC. 37 + * 38 + * - Features marked as FTR_VISIBLE have their sanitised value visible to 39 + * userspace. FTR_VISIBLE features in registers that are only visible 40 + * to EL0 by trapping *must* have a corresponding HWCAP so that late 41 + * onlining of CPUs cannot lead to features disappearing at runtime. 42 + * 43 + * - A "feature" is typically a 4-bit register field. A "capability" is the 44 + * high-level description derived from the sanitised field value. 45 + * 46 + * - Read the Arm ARM (DDI 0487F.a) section D13.1.3 ("Principles of the ID 47 + * scheme for fields in ID registers") to understand when feature fields 48 + * may be signed or unsigned (FTR_SIGNED and FTR_UNSIGNED accordingly). 49 + * 50 + * - KVM exposes its own view of the feature registers to guest operating 51 + * systems regardless of FTR_VISIBLE. This is typically driven from the 52 + * sanitised register values to allow virtual CPUs to be migrated between 53 + * arbitrary physical CPUs, but some features not present on the host are 54 + * also advertised and emulated. Look at sys_reg_descs[] for the gory 55 + * details. 56 + * 57 + * - If the arm64_ftr_bits[] for a register has a missing field, then this 58 + * field is treated as STRICT RES0, including for read_sanitised_ftr_reg(). 59 + * This is stronger than FTR_HIDDEN and can be used to hide features from 60 + * KVM guests. 6 61 */ 7 62 8 63 #define pr_fmt(fmt) "CPU features: " fmt ··· 179 124 */ 180 125 static const struct arm64_ftr_bits ftr_id_aa64isar0[] = { 181 126 ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_RNDR_SHIFT, 4, 0), 127 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_TLB_SHIFT, 4, 0), 182 128 ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_TS_SHIFT, 4, 0), 183 129 ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_FHM_SHIFT, 4, 0), 184 130 ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_DP_SHIFT, 4, 0), ··· 222 166 ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV2_SHIFT, 4, 0), 223 167 ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_DIT_SHIFT, 4, 0), 224 168 ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_AMU_SHIFT, 4, 0), 169 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_MPAM_SHIFT, 4, 0), 170 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SEL2_SHIFT, 4, 0), 225 171 ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), 226 172 FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0), 227 173 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_RAS_SHIFT, 4, 0), 228 174 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_GIC_SHIFT, 4, 0), 229 175 S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI), 230 176 S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_FP_SHIFT, 4, ID_AA64PFR0_FP_NI), 231 - /* Linux doesn't care about the EL3 */ 232 177 ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL3_SHIFT, 4, 0), 233 - ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL2_SHIFT, 4, 0), 234 - ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL1_SHIFT, 4, ID_AA64PFR0_EL1_64BIT_ONLY), 235 - ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL0_SHIFT, 4, ID_AA64PFR0_EL0_64BIT_ONLY), 178 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL2_SHIFT, 4, 0), 179 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL1_SHIFT, 4, ID_AA64PFR0_EL1_64BIT_ONLY), 180 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL0_SHIFT, 4, ID_AA64PFR0_EL0_64BIT_ONLY), 236 181 ARM64_FTR_END, 237 182 }; 238 183 239 184 static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { 185 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_MPAMFRAC_SHIFT, 4, 0), 186 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_RASFRAC_SHIFT, 4, 0), 240 187 ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI), 188 + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_BTI), 189 + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_BT_SHIFT, 4, 0), 241 190 ARM64_FTR_END, 242 191 }; 243 192 ··· 269 208 }; 270 209 271 210 static const struct arm64_ftr_bits ftr_id_aa64mmfr0[] = { 211 + /* 212 + * Page size not being supported at Stage-2 is not fatal. You 213 + * just give up KVM if PAGE_SIZE isn't supported there. Go fix 214 + * your favourite nesting hypervisor. 215 + * 216 + * There is a small corner case where the hypervisor explicitly 217 + * advertises a given granule size at Stage-2 (value 2) on some 218 + * vCPUs, and uses the fallback to Stage-1 (value 0) for other 219 + * vCPUs. Although this is not forbidden by the architecture, it 220 + * indicates that the hypervisor is being silly (or buggy). 221 + * 222 + * We make no effort to cope with this and pretend that if these 223 + * fields are inconsistent across vCPUs, then it isn't worth 224 + * trying to bring KVM up. 225 + */ 226 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64MMFR0_TGRAN4_2_SHIFT, 4, 1), 227 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64MMFR0_TGRAN64_2_SHIFT, 4, 1), 228 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64MMFR0_TGRAN16_2_SHIFT, 4, 1), 272 229 /* 273 230 * We already refuse to boot CPUs that don't support our configured 274 231 * page size, so we can only detect mismatches for a page size other ··· 326 247 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_FWB_SHIFT, 4, 0), 327 248 ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_AT_SHIFT, 4, 0), 328 249 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_LVA_SHIFT, 4, 0), 329 - ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_IESB_SHIFT, 4, 0), 250 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_IESB_SHIFT, 4, 0), 330 251 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_LSM_SHIFT, 4, 0), 331 252 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_UAO_SHIFT, 4, 0), 332 253 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_CNP_SHIFT, 4, 0), ··· 368 289 }; 369 290 370 291 static const struct arm64_ftr_bits ftr_id_aa64dfr0[] = { 371 - ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, 36, 28, 0), 292 + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 36, 4, 0), 372 293 ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64DFR0_PMSVER_SHIFT, 4, 0), 373 294 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64DFR0_CTX_CMPS_SHIFT, 4, 0), 374 295 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64DFR0_WRPS_SHIFT, 4, 0), ··· 395 316 ARM64_FTR_END, 396 317 }; 397 318 319 + static const struct arm64_ftr_bits ftr_id_isar0[] = { 320 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_DIVIDE_SHIFT, 4, 0), 321 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_DEBUG_SHIFT, 4, 0), 322 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_COPROC_SHIFT, 4, 0), 323 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_CMPBRANCH_SHIFT, 4, 0), 324 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_BITFIELD_SHIFT, 4, 0), 325 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_BITCOUNT_SHIFT, 4, 0), 326 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_SWAP_SHIFT, 4, 0), 327 + ARM64_FTR_END, 328 + }; 398 329 399 330 static const struct arm64_ftr_bits ftr_id_isar5[] = { 400 331 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR5_RDM_SHIFT, 4, 0), ··· 417 328 }; 418 329 419 330 static const struct arm64_ftr_bits ftr_id_mmfr4[] = { 331 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_EVT_SHIFT, 4, 0), 332 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_CCIDX_SHIFT, 4, 0), 333 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_LSM_SHIFT, 4, 0), 334 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_HPDS_SHIFT, 4, 0), 335 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_CNP_SHIFT, 4, 0), 336 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_XNX_SHIFT, 4, 0), 420 337 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 4, 4, 0), /* ac2 */ 338 + /* 339 + * SpecSEI = 1 indicates that the PE might generate an SError on an 340 + * external abort on speculative read. It is safe to assume that an 341 + * SError might be generated than it will not be. Hence it has been 342 + * classified as FTR_HIGHER_SAFE. 343 + */ 344 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_HIGHER_SAFE, ID_MMFR4_SPECSEI_SHIFT, 4, 0), 345 + ARM64_FTR_END, 346 + }; 347 + 348 + static const struct arm64_ftr_bits ftr_id_isar4[] = { 349 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_SWP_FRAC_SHIFT, 4, 0), 350 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_PSR_M_SHIFT, 4, 0), 351 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_SYNCH_PRIM_FRAC_SHIFT, 4, 0), 352 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_BARRIER_SHIFT, 4, 0), 353 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_SMC_SHIFT, 4, 0), 354 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_WRITEBACK_SHIFT, 4, 0), 355 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_WITHSHIFTS_SHIFT, 4, 0), 356 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_UNPRIV_SHIFT, 4, 0), 357 + ARM64_FTR_END, 358 + }; 359 + 360 + static const struct arm64_ftr_bits ftr_id_mmfr5[] = { 361 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR5_ETS_SHIFT, 4, 0), 421 362 ARM64_FTR_END, 422 363 }; 423 364 ··· 463 344 }; 464 345 465 346 static const struct arm64_ftr_bits ftr_id_pfr0[] = { 347 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR0_DIT_SHIFT, 4, 0), 348 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR0_CSV2_SHIFT, 4, 0), 466 349 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 12, 4, 0), /* State3 */ 467 350 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 8, 4, 0), /* State2 */ 468 351 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 4, 4, 0), /* State1 */ ··· 472 351 ARM64_FTR_END, 473 352 }; 474 353 354 + static const struct arm64_ftr_bits ftr_id_pfr1[] = { 355 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_GIC_SHIFT, 4, 0), 356 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_VIRT_FRAC_SHIFT, 4, 0), 357 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_SEC_FRAC_SHIFT, 4, 0), 358 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_GENTIMER_SHIFT, 4, 0), 359 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_VIRTUALIZATION_SHIFT, 4, 0), 360 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_MPROGMOD_SHIFT, 4, 0), 361 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_SECURITY_SHIFT, 4, 0), 362 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_PROGMOD_SHIFT, 4, 0), 363 + ARM64_FTR_END, 364 + }; 365 + 366 + static const struct arm64_ftr_bits ftr_id_pfr2[] = { 367 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR2_SSBS_SHIFT, 4, 0), 368 + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR2_CSV3_SHIFT, 4, 0), 369 + ARM64_FTR_END, 370 + }; 371 + 475 372 static const struct arm64_ftr_bits ftr_id_dfr0[] = { 476 - ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0), 373 + /* [31:28] TraceFilt */ 477 374 S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 24, 4, 0xf), /* PerfMon */ 478 375 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 20, 4, 0), 479 376 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 0), ··· 499 360 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 8, 4, 0), 500 361 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 4, 4, 0), 501 362 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), 363 + ARM64_FTR_END, 364 + }; 365 + 366 + static const struct arm64_ftr_bits ftr_id_dfr1[] = { 367 + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR1_MTPMU_SHIFT, 4, 0), 502 368 ARM64_FTR_END, 503 369 }; 504 370 ··· 517 373 * Common ftr bits for a 32bit register with all hidden, strict 518 374 * attributes, with 4bit feature fields and a default safe value of 519 375 * 0. Covers the following 32bit registers: 520 - * id_isar[0-4], id_mmfr[1-3], id_pfr1, mvfr[0-1] 376 + * id_isar[1-4], id_mmfr[1-3], id_pfr1, mvfr[0-1] 521 377 */ 522 378 static const struct arm64_ftr_bits ftr_generic_32bits[] = { 523 379 ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0), ··· 555 411 556 412 /* Op1 = 0, CRn = 0, CRm = 1 */ 557 413 ARM64_FTR_REG(SYS_ID_PFR0_EL1, ftr_id_pfr0), 558 - ARM64_FTR_REG(SYS_ID_PFR1_EL1, ftr_generic_32bits), 414 + ARM64_FTR_REG(SYS_ID_PFR1_EL1, ftr_id_pfr1), 559 415 ARM64_FTR_REG(SYS_ID_DFR0_EL1, ftr_id_dfr0), 560 416 ARM64_FTR_REG(SYS_ID_MMFR0_EL1, ftr_id_mmfr0), 561 417 ARM64_FTR_REG(SYS_ID_MMFR1_EL1, ftr_generic_32bits), ··· 563 419 ARM64_FTR_REG(SYS_ID_MMFR3_EL1, ftr_generic_32bits), 564 420 565 421 /* Op1 = 0, CRn = 0, CRm = 2 */ 566 - ARM64_FTR_REG(SYS_ID_ISAR0_EL1, ftr_generic_32bits), 422 + ARM64_FTR_REG(SYS_ID_ISAR0_EL1, ftr_id_isar0), 567 423 ARM64_FTR_REG(SYS_ID_ISAR1_EL1, ftr_generic_32bits), 568 424 ARM64_FTR_REG(SYS_ID_ISAR2_EL1, ftr_generic_32bits), 569 425 ARM64_FTR_REG(SYS_ID_ISAR3_EL1, ftr_generic_32bits), 570 - ARM64_FTR_REG(SYS_ID_ISAR4_EL1, ftr_generic_32bits), 426 + ARM64_FTR_REG(SYS_ID_ISAR4_EL1, ftr_id_isar4), 571 427 ARM64_FTR_REG(SYS_ID_ISAR5_EL1, ftr_id_isar5), 572 428 ARM64_FTR_REG(SYS_ID_MMFR4_EL1, ftr_id_mmfr4), 573 429 ARM64_FTR_REG(SYS_ID_ISAR6_EL1, ftr_id_isar6), ··· 576 432 ARM64_FTR_REG(SYS_MVFR0_EL1, ftr_generic_32bits), 577 433 ARM64_FTR_REG(SYS_MVFR1_EL1, ftr_generic_32bits), 578 434 ARM64_FTR_REG(SYS_MVFR2_EL1, ftr_mvfr2), 435 + ARM64_FTR_REG(SYS_ID_PFR2_EL1, ftr_id_pfr2), 436 + ARM64_FTR_REG(SYS_ID_DFR1_EL1, ftr_id_dfr1), 437 + ARM64_FTR_REG(SYS_ID_MMFR5_EL1, ftr_id_mmfr5), 579 438 580 439 /* Op1 = 0, CRn = 0, CRm = 4 */ 581 440 ARM64_FTR_REG(SYS_ID_AA64PFR0_EL1, ftr_id_aa64pfr0), ··· 615 468 } 616 469 617 470 /* 618 - * get_arm64_ftr_reg - Lookup a feature register entry using its 619 - * sys_reg() encoding. With the array arm64_ftr_regs sorted in the 620 - * ascending order of sys_id , we use binary search to find a matching 471 + * get_arm64_ftr_reg_nowarn - Looks up a feature register entry using 472 + * its sys_reg() encoding. With the array arm64_ftr_regs sorted in the 473 + * ascending order of sys_id, we use binary search to find a matching 621 474 * entry. 622 475 * 623 476 * returns - Upon success, matching ftr_reg entry for id. 624 477 * - NULL on failure. It is upto the caller to decide 625 478 * the impact of a failure. 626 479 */ 627 - static struct arm64_ftr_reg *get_arm64_ftr_reg(u32 sys_id) 480 + static struct arm64_ftr_reg *get_arm64_ftr_reg_nowarn(u32 sys_id) 628 481 { 629 482 const struct __ftr_reg_entry *ret; 630 483 ··· 636 489 if (ret) 637 490 return ret->reg; 638 491 return NULL; 492 + } 493 + 494 + /* 495 + * get_arm64_ftr_reg - Looks up a feature register entry using 496 + * its sys_reg() encoding. This calls get_arm64_ftr_reg_nowarn(). 497 + * 498 + * returns - Upon success, matching ftr_reg entry for id. 499 + * - NULL on failure but with an WARN_ON(). 500 + */ 501 + static struct arm64_ftr_reg *get_arm64_ftr_reg(u32 sys_id) 502 + { 503 + struct arm64_ftr_reg *reg; 504 + 505 + reg = get_arm64_ftr_reg_nowarn(sys_id); 506 + 507 + /* 508 + * Requesting a non-existent register search is an error. Warn 509 + * and let the caller handle it. 510 + */ 511 + WARN_ON(!reg); 512 + return reg; 639 513 } 640 514 641 515 static u64 arm64_ftr_set_value(const struct arm64_ftr_bits *ftrp, s64 reg, ··· 720 552 const struct arm64_ftr_bits *ftrp; 721 553 struct arm64_ftr_reg *reg = get_arm64_ftr_reg(sys_reg); 722 554 723 - BUG_ON(!reg); 555 + if (!reg) 556 + return; 724 557 725 558 for (ftrp = reg->ftr_bits; ftrp->width; ftrp++) { 726 559 u64 ftr_mask = arm64_ftr_mask(ftrp); ··· 794 625 795 626 if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) { 796 627 init_cpu_ftr_reg(SYS_ID_DFR0_EL1, info->reg_id_dfr0); 628 + init_cpu_ftr_reg(SYS_ID_DFR1_EL1, info->reg_id_dfr1); 797 629 init_cpu_ftr_reg(SYS_ID_ISAR0_EL1, info->reg_id_isar0); 798 630 init_cpu_ftr_reg(SYS_ID_ISAR1_EL1, info->reg_id_isar1); 799 631 init_cpu_ftr_reg(SYS_ID_ISAR2_EL1, info->reg_id_isar2); ··· 806 636 init_cpu_ftr_reg(SYS_ID_MMFR1_EL1, info->reg_id_mmfr1); 807 637 init_cpu_ftr_reg(SYS_ID_MMFR2_EL1, info->reg_id_mmfr2); 808 638 init_cpu_ftr_reg(SYS_ID_MMFR3_EL1, info->reg_id_mmfr3); 639 + init_cpu_ftr_reg(SYS_ID_MMFR4_EL1, info->reg_id_mmfr4); 640 + init_cpu_ftr_reg(SYS_ID_MMFR5_EL1, info->reg_id_mmfr5); 809 641 init_cpu_ftr_reg(SYS_ID_PFR0_EL1, info->reg_id_pfr0); 810 642 init_cpu_ftr_reg(SYS_ID_PFR1_EL1, info->reg_id_pfr1); 643 + init_cpu_ftr_reg(SYS_ID_PFR2_EL1, info->reg_id_pfr2); 811 644 init_cpu_ftr_reg(SYS_MVFR0_EL1, info->reg_mvfr0); 812 645 init_cpu_ftr_reg(SYS_MVFR1_EL1, info->reg_mvfr1); 813 646 init_cpu_ftr_reg(SYS_MVFR2_EL1, info->reg_mvfr2); ··· 855 682 { 856 683 struct arm64_ftr_reg *regp = get_arm64_ftr_reg(sys_id); 857 684 858 - BUG_ON(!regp); 685 + if (!regp) 686 + return 0; 687 + 859 688 update_cpu_ftr_reg(regp, val); 860 689 if ((boot & regp->strict_mask) == (val & regp->strict_mask)) 861 690 return 0; 862 691 pr_warn("SANITY CHECK: Unexpected variation in %s. Boot CPU: %#016llx, CPU%d: %#016llx\n", 863 692 regp->name, boot, cpu, val); 864 693 return 1; 694 + } 695 + 696 + static void relax_cpu_ftr_reg(u32 sys_id, int field) 697 + { 698 + const struct arm64_ftr_bits *ftrp; 699 + struct arm64_ftr_reg *regp = get_arm64_ftr_reg(sys_id); 700 + 701 + if (!regp) 702 + return; 703 + 704 + for (ftrp = regp->ftr_bits; ftrp->width; ftrp++) { 705 + if (ftrp->shift == field) { 706 + regp->strict_mask &= ~arm64_ftr_mask(ftrp); 707 + break; 708 + } 709 + } 710 + 711 + /* Bogus field? */ 712 + WARN_ON(!ftrp->width); 713 + } 714 + 715 + static int update_32bit_cpu_features(int cpu, struct cpuinfo_arm64 *info, 716 + struct cpuinfo_arm64 *boot) 717 + { 718 + int taint = 0; 719 + u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); 720 + 721 + /* 722 + * If we don't have AArch32 at all then skip the checks entirely 723 + * as the register values may be UNKNOWN and we're not going to be 724 + * using them for anything. 725 + */ 726 + if (!id_aa64pfr0_32bit_el0(pfr0)) 727 + return taint; 728 + 729 + /* 730 + * If we don't have AArch32 at EL1, then relax the strictness of 731 + * EL1-dependent register fields to avoid spurious sanity check fails. 732 + */ 733 + if (!id_aa64pfr0_32bit_el1(pfr0)) { 734 + relax_cpu_ftr_reg(SYS_ID_ISAR4_EL1, ID_ISAR4_SMC_SHIFT); 735 + relax_cpu_ftr_reg(SYS_ID_PFR1_EL1, ID_PFR1_VIRT_FRAC_SHIFT); 736 + relax_cpu_ftr_reg(SYS_ID_PFR1_EL1, ID_PFR1_SEC_FRAC_SHIFT); 737 + relax_cpu_ftr_reg(SYS_ID_PFR1_EL1, ID_PFR1_VIRTUALIZATION_SHIFT); 738 + relax_cpu_ftr_reg(SYS_ID_PFR1_EL1, ID_PFR1_SECURITY_SHIFT); 739 + relax_cpu_ftr_reg(SYS_ID_PFR1_EL1, ID_PFR1_PROGMOD_SHIFT); 740 + } 741 + 742 + taint |= check_update_ftr_reg(SYS_ID_DFR0_EL1, cpu, 743 + info->reg_id_dfr0, boot->reg_id_dfr0); 744 + taint |= check_update_ftr_reg(SYS_ID_DFR1_EL1, cpu, 745 + info->reg_id_dfr1, boot->reg_id_dfr1); 746 + taint |= check_update_ftr_reg(SYS_ID_ISAR0_EL1, cpu, 747 + info->reg_id_isar0, boot->reg_id_isar0); 748 + taint |= check_update_ftr_reg(SYS_ID_ISAR1_EL1, cpu, 749 + info->reg_id_isar1, boot->reg_id_isar1); 750 + taint |= check_update_ftr_reg(SYS_ID_ISAR2_EL1, cpu, 751 + info->reg_id_isar2, boot->reg_id_isar2); 752 + taint |= check_update_ftr_reg(SYS_ID_ISAR3_EL1, cpu, 753 + info->reg_id_isar3, boot->reg_id_isar3); 754 + taint |= check_update_ftr_reg(SYS_ID_ISAR4_EL1, cpu, 755 + info->reg_id_isar4, boot->reg_id_isar4); 756 + taint |= check_update_ftr_reg(SYS_ID_ISAR5_EL1, cpu, 757 + info->reg_id_isar5, boot->reg_id_isar5); 758 + taint |= check_update_ftr_reg(SYS_ID_ISAR6_EL1, cpu, 759 + info->reg_id_isar6, boot->reg_id_isar6); 760 + 761 + /* 762 + * Regardless of the value of the AuxReg field, the AIFSR, ADFSR, and 763 + * ACTLR formats could differ across CPUs and therefore would have to 764 + * be trapped for virtualization anyway. 765 + */ 766 + taint |= check_update_ftr_reg(SYS_ID_MMFR0_EL1, cpu, 767 + info->reg_id_mmfr0, boot->reg_id_mmfr0); 768 + taint |= check_update_ftr_reg(SYS_ID_MMFR1_EL1, cpu, 769 + info->reg_id_mmfr1, boot->reg_id_mmfr1); 770 + taint |= check_update_ftr_reg(SYS_ID_MMFR2_EL1, cpu, 771 + info->reg_id_mmfr2, boot->reg_id_mmfr2); 772 + taint |= check_update_ftr_reg(SYS_ID_MMFR3_EL1, cpu, 773 + info->reg_id_mmfr3, boot->reg_id_mmfr3); 774 + taint |= check_update_ftr_reg(SYS_ID_MMFR4_EL1, cpu, 775 + info->reg_id_mmfr4, boot->reg_id_mmfr4); 776 + taint |= check_update_ftr_reg(SYS_ID_MMFR5_EL1, cpu, 777 + info->reg_id_mmfr5, boot->reg_id_mmfr5); 778 + taint |= check_update_ftr_reg(SYS_ID_PFR0_EL1, cpu, 779 + info->reg_id_pfr0, boot->reg_id_pfr0); 780 + taint |= check_update_ftr_reg(SYS_ID_PFR1_EL1, cpu, 781 + info->reg_id_pfr1, boot->reg_id_pfr1); 782 + taint |= check_update_ftr_reg(SYS_ID_PFR2_EL1, cpu, 783 + info->reg_id_pfr2, boot->reg_id_pfr2); 784 + taint |= check_update_ftr_reg(SYS_MVFR0_EL1, cpu, 785 + info->reg_mvfr0, boot->reg_mvfr0); 786 + taint |= check_update_ftr_reg(SYS_MVFR1_EL1, cpu, 787 + info->reg_mvfr1, boot->reg_mvfr1); 788 + taint |= check_update_ftr_reg(SYS_MVFR2_EL1, cpu, 789 + info->reg_mvfr2, boot->reg_mvfr2); 790 + 791 + return taint; 865 792 } 866 793 867 794 /* ··· 1026 753 taint |= check_update_ftr_reg(SYS_ID_AA64MMFR2_EL1, cpu, 1027 754 info->reg_id_aa64mmfr2, boot->reg_id_aa64mmfr2); 1028 755 1029 - /* 1030 - * EL3 is not our concern. 1031 - */ 1032 756 taint |= check_update_ftr_reg(SYS_ID_AA64PFR0_EL1, cpu, 1033 757 info->reg_id_aa64pfr0, boot->reg_id_aa64pfr0); 1034 758 taint |= check_update_ftr_reg(SYS_ID_AA64PFR1_EL1, cpu, ··· 1033 763 1034 764 taint |= check_update_ftr_reg(SYS_ID_AA64ZFR0_EL1, cpu, 1035 765 info->reg_id_aa64zfr0, boot->reg_id_aa64zfr0); 1036 - 1037 - /* 1038 - * If we have AArch32, we care about 32-bit features for compat. 1039 - * If the system doesn't support AArch32, don't update them. 1040 - */ 1041 - if (id_aa64pfr0_32bit_el0(read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1)) && 1042 - id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) { 1043 - 1044 - taint |= check_update_ftr_reg(SYS_ID_DFR0_EL1, cpu, 1045 - info->reg_id_dfr0, boot->reg_id_dfr0); 1046 - taint |= check_update_ftr_reg(SYS_ID_ISAR0_EL1, cpu, 1047 - info->reg_id_isar0, boot->reg_id_isar0); 1048 - taint |= check_update_ftr_reg(SYS_ID_ISAR1_EL1, cpu, 1049 - info->reg_id_isar1, boot->reg_id_isar1); 1050 - taint |= check_update_ftr_reg(SYS_ID_ISAR2_EL1, cpu, 1051 - info->reg_id_isar2, boot->reg_id_isar2); 1052 - taint |= check_update_ftr_reg(SYS_ID_ISAR3_EL1, cpu, 1053 - info->reg_id_isar3, boot->reg_id_isar3); 1054 - taint |= check_update_ftr_reg(SYS_ID_ISAR4_EL1, cpu, 1055 - info->reg_id_isar4, boot->reg_id_isar4); 1056 - taint |= check_update_ftr_reg(SYS_ID_ISAR5_EL1, cpu, 1057 - info->reg_id_isar5, boot->reg_id_isar5); 1058 - taint |= check_update_ftr_reg(SYS_ID_ISAR6_EL1, cpu, 1059 - info->reg_id_isar6, boot->reg_id_isar6); 1060 - 1061 - /* 1062 - * Regardless of the value of the AuxReg field, the AIFSR, ADFSR, and 1063 - * ACTLR formats could differ across CPUs and therefore would have to 1064 - * be trapped for virtualization anyway. 1065 - */ 1066 - taint |= check_update_ftr_reg(SYS_ID_MMFR0_EL1, cpu, 1067 - info->reg_id_mmfr0, boot->reg_id_mmfr0); 1068 - taint |= check_update_ftr_reg(SYS_ID_MMFR1_EL1, cpu, 1069 - info->reg_id_mmfr1, boot->reg_id_mmfr1); 1070 - taint |= check_update_ftr_reg(SYS_ID_MMFR2_EL1, cpu, 1071 - info->reg_id_mmfr2, boot->reg_id_mmfr2); 1072 - taint |= check_update_ftr_reg(SYS_ID_MMFR3_EL1, cpu, 1073 - info->reg_id_mmfr3, boot->reg_id_mmfr3); 1074 - taint |= check_update_ftr_reg(SYS_ID_PFR0_EL1, cpu, 1075 - info->reg_id_pfr0, boot->reg_id_pfr0); 1076 - taint |= check_update_ftr_reg(SYS_ID_PFR1_EL1, cpu, 1077 - info->reg_id_pfr1, boot->reg_id_pfr1); 1078 - taint |= check_update_ftr_reg(SYS_MVFR0_EL1, cpu, 1079 - info->reg_mvfr0, boot->reg_mvfr0); 1080 - taint |= check_update_ftr_reg(SYS_MVFR1_EL1, cpu, 1081 - info->reg_mvfr1, boot->reg_mvfr1); 1082 - taint |= check_update_ftr_reg(SYS_MVFR2_EL1, cpu, 1083 - info->reg_mvfr2, boot->reg_mvfr2); 1084 - } 1085 766 1086 767 if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) { 1087 768 taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu, ··· 1043 822 !system_capabilities_finalized()) 1044 823 sve_update_vq_map(); 1045 824 } 825 + 826 + /* 827 + * This relies on a sanitised view of the AArch64 ID registers 828 + * (e.g. SYS_ID_AA64PFR0_EL1), so we call it last. 829 + */ 830 + taint |= update_32bit_cpu_features(cpu, info, boot); 1046 831 1047 832 /* 1048 833 * Mismatched CPU features are a recipe for disaster. Don't even ··· 1064 837 { 1065 838 struct arm64_ftr_reg *regp = get_arm64_ftr_reg(id); 1066 839 1067 - /* We shouldn't get a request for an unsupported register */ 1068 - BUG_ON(!regp); 840 + if (!regp) 841 + return 0; 1069 842 return regp->sys_val; 1070 843 } 1071 844 ··· 1081 854 switch (sys_id) { 1082 855 read_sysreg_case(SYS_ID_PFR0_EL1); 1083 856 read_sysreg_case(SYS_ID_PFR1_EL1); 857 + read_sysreg_case(SYS_ID_PFR2_EL1); 1084 858 read_sysreg_case(SYS_ID_DFR0_EL1); 859 + read_sysreg_case(SYS_ID_DFR1_EL1); 1085 860 read_sysreg_case(SYS_ID_MMFR0_EL1); 1086 861 read_sysreg_case(SYS_ID_MMFR1_EL1); 1087 862 read_sysreg_case(SYS_ID_MMFR2_EL1); 1088 863 read_sysreg_case(SYS_ID_MMFR3_EL1); 864 + read_sysreg_case(SYS_ID_MMFR4_EL1); 865 + read_sysreg_case(SYS_ID_MMFR5_EL1); 1089 866 read_sysreg_case(SYS_ID_ISAR0_EL1); 1090 867 read_sysreg_case(SYS_ID_ISAR1_EL1); 1091 868 read_sysreg_case(SYS_ID_ISAR2_EL1); ··· 1640 1409 } 1641 1410 #endif 1642 1411 1412 + #ifdef CONFIG_ARM64_BTI 1413 + static void bti_enable(const struct arm64_cpu_capabilities *__unused) 1414 + { 1415 + /* 1416 + * Use of X16/X17 for tail-calls and trampolines that jump to 1417 + * function entry points using BR is a requirement for 1418 + * marking binaries with GNU_PROPERTY_AARCH64_FEATURE_1_BTI. 1419 + * So, be strict and forbid other BRs using other registers to 1420 + * jump onto a PACIxSP instruction: 1421 + */ 1422 + sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_BT0 | SCTLR_EL1_BT1); 1423 + isb(); 1424 + } 1425 + #endif /* CONFIG_ARM64_BTI */ 1426 + 1643 1427 /* Internal helper functions to match cpu capability type */ 1644 1428 static bool 1645 1429 cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) ··· 1757 1511 .field_pos = ID_AA64PFR0_EL0_SHIFT, 1758 1512 .min_field_value = ID_AA64PFR0_EL0_32BIT_64BIT, 1759 1513 }, 1514 + #ifdef CONFIG_KVM 1515 + { 1516 + .desc = "32-bit EL1 Support", 1517 + .capability = ARM64_HAS_32BIT_EL1, 1518 + .type = ARM64_CPUCAP_SYSTEM_FEATURE, 1519 + .matches = has_cpuid_feature, 1520 + .sys_reg = SYS_ID_AA64PFR0_EL1, 1521 + .sign = FTR_UNSIGNED, 1522 + .field_pos = ID_AA64PFR0_EL1_SHIFT, 1523 + .min_field_value = ID_AA64PFR0_EL1_32BIT_64BIT, 1524 + }, 1525 + #endif 1760 1526 { 1761 1527 .desc = "Kernel page table isolation (KPTI)", 1762 1528 .capability = ARM64_UNMAP_KERNEL_AT_EL0, ··· 2037 1779 .min_field_value = 1, 2038 1780 }, 2039 1781 #endif 1782 + #ifdef CONFIG_ARM64_BTI 1783 + { 1784 + .desc = "Branch Target Identification", 1785 + .capability = ARM64_BTI, 1786 + #ifdef CONFIG_ARM64_BTI_KERNEL 1787 + .type = ARM64_CPUCAP_STRICT_BOOT_CPU_FEATURE, 1788 + #else 1789 + .type = ARM64_CPUCAP_SYSTEM_FEATURE, 1790 + #endif 1791 + .matches = has_cpuid_feature, 1792 + .cpu_enable = bti_enable, 1793 + .sys_reg = SYS_ID_AA64PFR1_EL1, 1794 + .field_pos = ID_AA64PFR1_BT_SHIFT, 1795 + .min_field_value = ID_AA64PFR1_BT_BTI, 1796 + .sign = FTR_UNSIGNED, 1797 + }, 1798 + #endif 2040 1799 {}, 2041 1800 }; 2042 1801 ··· 2163 1888 HWCAP_CAP(SYS_ID_AA64ZFR0_EL1, ID_AA64ZFR0_F64MM_SHIFT, FTR_UNSIGNED, ID_AA64ZFR0_F64MM, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), 2164 1889 #endif 2165 1890 HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_SSBS_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_SSBS_PSTATE_INSNS, CAP_HWCAP, KERNEL_HWCAP_SSBS), 1891 + #ifdef CONFIG_ARM64_BTI 1892 + HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_BT_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_BT_BTI, CAP_HWCAP, KERNEL_HWCAP_BTI), 1893 + #endif 2166 1894 #ifdef CONFIG_ARM64_PTR_AUTH 2167 1895 HWCAP_MULTI_CAP(ptr_auth_hwcap_addr_matches, CAP_HWCAP, KERNEL_HWCAP_PACA), 2168 1896 HWCAP_MULTI_CAP(ptr_auth_hwcap_gen_matches, CAP_HWCAP, KERNEL_HWCAP_PACG), ··· 2459 2181 /* Add checks on other ZCR bits here if necessary */ 2460 2182 } 2461 2183 2184 + static void verify_hyp_capabilities(void) 2185 + { 2186 + u64 safe_mmfr1, mmfr0, mmfr1; 2187 + int parange, ipa_max; 2188 + unsigned int safe_vmid_bits, vmid_bits; 2189 + 2190 + if (!IS_ENABLED(CONFIG_KVM) || !IS_ENABLED(CONFIG_KVM_ARM_HOST)) 2191 + return; 2192 + 2193 + safe_mmfr1 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1); 2194 + mmfr0 = read_cpuid(ID_AA64MMFR0_EL1); 2195 + mmfr1 = read_cpuid(ID_AA64MMFR1_EL1); 2196 + 2197 + /* Verify VMID bits */ 2198 + safe_vmid_bits = get_vmid_bits(safe_mmfr1); 2199 + vmid_bits = get_vmid_bits(mmfr1); 2200 + if (vmid_bits < safe_vmid_bits) { 2201 + pr_crit("CPU%d: VMID width mismatch\n", smp_processor_id()); 2202 + cpu_die_early(); 2203 + } 2204 + 2205 + /* Verify IPA range */ 2206 + parange = cpuid_feature_extract_unsigned_field(mmfr0, 2207 + ID_AA64MMFR0_PARANGE_SHIFT); 2208 + ipa_max = id_aa64mmfr0_parange_to_phys_shift(parange); 2209 + if (ipa_max < get_kvm_ipa_limit()) { 2210 + pr_crit("CPU%d: IPA range mismatch\n", smp_processor_id()); 2211 + cpu_die_early(); 2212 + } 2213 + } 2462 2214 2463 2215 /* 2464 2216 * Run through the enabled system capabilities and enable() it on this CPU. ··· 2514 2206 2515 2207 if (system_supports_sve()) 2516 2208 verify_sve_features(); 2209 + 2210 + if (is_hyp_mode_available()) 2211 + verify_hyp_capabilities(); 2517 2212 } 2518 2213 2519 2214 void check_local_cpu_capabilities(void) ··· 2705 2394 if (sys_reg_CRm(id) == 0) 2706 2395 return emulate_id_reg(id, valp); 2707 2396 2708 - regp = get_arm64_ftr_reg(id); 2397 + regp = get_arm64_ftr_reg_nowarn(id); 2709 2398 if (regp) 2710 2399 *valp = arm64_ftr_reg_user_value(regp); 2711 2400 else

+7 -2

arch/arm64/kernel/cpuinfo.c

··· 92 92 "bf16", 93 93 "dgh", 94 94 "rng", 95 + "bti", 95 96 NULL 96 97 }; 97 98 ··· 312 311 } 313 312 return 0; 314 313 } 314 + device_initcall(cpuinfo_regs_init); 315 + 315 316 static void cpuinfo_detect_icache_policy(struct cpuinfo_arm64 *info) 316 317 { 317 318 unsigned int cpu = smp_processor_id(); ··· 365 362 /* Update the 32bit ID registers only if AArch32 is implemented */ 366 363 if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) { 367 364 info->reg_id_dfr0 = read_cpuid(ID_DFR0_EL1); 365 + info->reg_id_dfr1 = read_cpuid(ID_DFR1_EL1); 368 366 info->reg_id_isar0 = read_cpuid(ID_ISAR0_EL1); 369 367 info->reg_id_isar1 = read_cpuid(ID_ISAR1_EL1); 370 368 info->reg_id_isar2 = read_cpuid(ID_ISAR2_EL1); ··· 377 373 info->reg_id_mmfr1 = read_cpuid(ID_MMFR1_EL1); 378 374 info->reg_id_mmfr2 = read_cpuid(ID_MMFR2_EL1); 379 375 info->reg_id_mmfr3 = read_cpuid(ID_MMFR3_EL1); 376 + info->reg_id_mmfr4 = read_cpuid(ID_MMFR4_EL1); 377 + info->reg_id_mmfr5 = read_cpuid(ID_MMFR5_EL1); 380 378 info->reg_id_pfr0 = read_cpuid(ID_PFR0_EL1); 381 379 info->reg_id_pfr1 = read_cpuid(ID_PFR1_EL1); 380 + info->reg_id_pfr2 = read_cpuid(ID_PFR2_EL1); 382 381 383 382 info->reg_mvfr0 = read_cpuid(MVFR0_EL1); 384 383 info->reg_mvfr1 = read_cpuid(MVFR1_EL1); ··· 410 403 boot_cpu_data = *info; 411 404 init_cpu_features(&boot_cpu_data); 412 405 } 413 - 414 - device_initcall(cpuinfo_regs_init);

+4

arch/arm64/kernel/crash_core.c

··· 5 5 */ 6 6 7 7 #include <linux/crash_core.h> 8 + #include <asm/cpufeature.h> 8 9 #include <asm/memory.h> 9 10 10 11 void arch_crash_save_vmcoreinfo(void) ··· 17 16 vmcoreinfo_append_str("NUMBER(PHYS_OFFSET)=0x%llx\n", 18 17 PHYS_OFFSET); 19 18 vmcoreinfo_append_str("KERNELOFFSET=%lx\n", kaslr_offset()); 19 + vmcoreinfo_append_str("NUMBER(KERNELPACMASK)=0x%llx\n", 20 + system_supports_address_auth() ? 21 + ptrauth_kernel_pac_mask() : 0); 20 22 }

+1 -3

arch/arm64/kernel/debug-monitors.c

··· 376 376 } 377 377 NOKPROBE_SYMBOL(aarch32_break_handler); 378 378 379 - static int __init debug_traps_init(void) 379 + void __init debug_traps_init(void) 380 380 { 381 381 hook_debug_fault_code(DBG_ESR_EVT_HWSS, single_step_handler, SIGTRAP, 382 382 TRAP_TRACE, "single-step handler"); 383 383 hook_debug_fault_code(DBG_ESR_EVT_BRK, brk_handler, SIGTRAP, 384 384 TRAP_BRKPT, "ptrace BRK handler"); 385 - return 0; 386 385 } 387 - arch_initcall(debug_traps_init); 388 386 389 387 /* Re-enable single step for syscall restarting. */ 390 388 void user_rewind_single_step(struct task_struct *task)

+1 -1

arch/arm64/kernel/efi-entry.S

··· 19 19 * point stored in x0. Save those values in registers which are 20 20 * callee preserved. 21 21 */ 22 - ldr w2, =stext_offset 22 + ldr w2, =primary_entry_offset 23 23 add x19, x0, x2 // relocated Image entrypoint 24 24 mov x20, x1 // DTB address 25 25

+1 -1

arch/arm64/kernel/efi-header.S

··· 32 32 33 33 extra_header_fields: 34 34 .quad 0 // ImageBase 35 - .long SZ_4K // SectionAlignment 35 + .long SEGMENT_ALIGN // SectionAlignment 36 36 .long PECOFF_FILE_ALIGNMENT // FileAlignment 37 37 .short 0 // MajorOperatingSystemVersion 38 38 .short 0 // MinorOperatingSystemVersion

+12 -3

arch/arm64/kernel/efi-rt-wrapper.S

··· 5 5 6 6 #include <linux/linkage.h> 7 7 8 - ENTRY(__efi_rt_asm_wrapper) 8 + SYM_FUNC_START(__efi_rt_asm_wrapper) 9 9 stp x29, x30, [sp, #-32]! 10 10 mov x29, sp 11 11 ··· 34 34 ldp x29, x30, [sp], #32 35 35 b.ne 0f 36 36 ret 37 - 0: b efi_handle_corrupted_x18 // tail call 38 - ENDPROC(__efi_rt_asm_wrapper) 37 + 0: 38 + /* 39 + * With CONFIG_SHADOW_CALL_STACK, the kernel uses x18 to store a 40 + * shadow stack pointer, which we need to restore before returning to 41 + * potentially instrumented code. This is safe because the wrapper is 42 + * called with preemption disabled and a separate shadow stack is used 43 + * for interrupts. 44 + */ 45 + mov x18, x2 46 + b efi_handle_corrupted_x18 // tail call 47 + SYM_FUNC_END(__efi_rt_asm_wrapper)

+12 -1

arch/arm64/kernel/entry-common.c

··· 94 94 break; 95 95 default: 96 96 el1_inv(regs, esr); 97 - }; 97 + } 98 98 } 99 99 NOKPROBE_SYMBOL(el1_sync_handler); 100 100 ··· 188 188 } 189 189 NOKPROBE_SYMBOL(el0_undef); 190 190 191 + static void notrace el0_bti(struct pt_regs *regs) 192 + { 193 + user_exit_irqoff(); 194 + local_daif_restore(DAIF_PROCCTX); 195 + do_bti(regs); 196 + } 197 + NOKPROBE_SYMBOL(el0_bti); 198 + 191 199 static void notrace el0_inv(struct pt_regs *regs, unsigned long esr) 192 200 { 193 201 user_exit_irqoff(); ··· 262 254 break; 263 255 case ESR_ELx_EC_UNKNOWN: 264 256 el0_undef(regs); 257 + break; 258 + case ESR_ELx_EC_BTI: 259 + el0_bti(regs); 265 260 break; 266 261 case ESR_ELx_EC_BREAKPT_LOW: 267 262 case ESR_ELx_EC_SOFTSTP_LOW:

+10 -10

arch/arm64/kernel/entry-fpsimd.S

··· 16 16 * 17 17 * x0 - pointer to struct fpsimd_state 18 18 */ 19 - ENTRY(fpsimd_save_state) 19 + SYM_FUNC_START(fpsimd_save_state) 20 20 fpsimd_save x0, 8 21 21 ret 22 - ENDPROC(fpsimd_save_state) 22 + SYM_FUNC_END(fpsimd_save_state) 23 23 24 24 /* 25 25 * Load the FP registers. 26 26 * 27 27 * x0 - pointer to struct fpsimd_state 28 28 */ 29 - ENTRY(fpsimd_load_state) 29 + SYM_FUNC_START(fpsimd_load_state) 30 30 fpsimd_restore x0, 8 31 31 ret 32 - ENDPROC(fpsimd_load_state) 32 + SYM_FUNC_END(fpsimd_load_state) 33 33 34 34 #ifdef CONFIG_ARM64_SVE 35 - ENTRY(sve_save_state) 35 + SYM_FUNC_START(sve_save_state) 36 36 sve_save 0, x1, 2 37 37 ret 38 - ENDPROC(sve_save_state) 38 + SYM_FUNC_END(sve_save_state) 39 39 40 - ENTRY(sve_load_state) 40 + SYM_FUNC_START(sve_load_state) 41 41 sve_load 0, x1, x2, 3, x4 42 42 ret 43 - ENDPROC(sve_load_state) 43 + SYM_FUNC_END(sve_load_state) 44 44 45 - ENTRY(sve_get_vl) 45 + SYM_FUNC_START(sve_get_vl) 46 46 _sve_rdvl 0, 1 47 47 ret 48 - ENDPROC(sve_get_vl) 48 + SYM_FUNC_END(sve_get_vl) 49 49 #endif /* CONFIG_ARM64_SVE */

+3 -2

arch/arm64/kernel/entry-ftrace.S

··· 23 23 * 24 24 * ... where <entry> is either ftrace_caller or ftrace_regs_caller. 25 25 * 26 - * Each instrumented function follows the AAPCS, so here x0-x8 and x19-x30 are 27 - * live, and x9-x18 are safe to clobber. 26 + * Each instrumented function follows the AAPCS, so here x0-x8 and x18-x30 are 27 + * live (x18 holds the Shadow Call Stack pointer), and x9-x17 are safe to 28 + * clobber. 28 29 * 29 30 * We save the callsite's context into a pt_regs before invoking any ftrace 30 31 * callbacks. So that we can get a sensible backtrace, we create a stack record

+51 -18

arch/arm64/kernel/entry.S

··· 23 23 #include <asm/mmu.h> 24 24 #include <asm/processor.h> 25 25 #include <asm/ptrace.h> 26 + #include <asm/scs.h> 26 27 #include <asm/thread_info.h> 27 28 #include <asm/asm-uaccess.h> 28 29 #include <asm/unistd.h> ··· 179 178 180 179 apply_ssbd 1, x22, x23 181 180 182 - ptrauth_keys_install_kernel tsk, 1, x20, x22, x23 181 + ptrauth_keys_install_kernel tsk, x20, x22, x23 182 + 183 + scs_load tsk, x20 183 184 .else 184 185 add x21, sp, #S_FRAME_SIZE 185 186 get_current_task tsk ··· 346 343 msr cntkctl_el1, x1 347 344 4: 348 345 #endif 346 + scs_save tsk, x0 347 + 349 348 /* No kernel C function calls after this as user keys are set. */ 350 349 ptrauth_keys_install_user tsk, x0, x1, x2 351 350 ··· 393 388 394 389 .macro irq_stack_entry 395 390 mov x19, sp // preserve the original sp 391 + #ifdef CONFIG_SHADOW_CALL_STACK 392 + mov x24, scs_sp // preserve the original shadow stack 393 + #endif 396 394 397 395 /* 398 396 * Compare sp with the base of the task stack. ··· 413 405 414 406 /* switch to the irq stack */ 415 407 mov sp, x26 408 + 409 + #ifdef CONFIG_SHADOW_CALL_STACK 410 + /* also switch to the irq shadow stack */ 411 + adr_this_cpu scs_sp, irq_shadow_call_stack, x26 412 + #endif 413 + 416 414 9998: 417 415 .endm 418 416 419 417 /* 420 - * x19 should be preserved between irq_stack_entry and 421 - * irq_stack_exit. 418 + * The callee-saved regs (x19-x29) should be preserved between 419 + * irq_stack_entry and irq_stack_exit, but note that kernel_entry 420 + * uses x20-x23 to store data for later use. 422 421 */ 423 422 .macro irq_stack_exit 424 423 mov sp, x19 424 + #ifdef CONFIG_SHADOW_CALL_STACK 425 + mov scs_sp, x24 426 + #endif 425 427 .endm 426 428 427 429 /* GPRs used by entry code */ ··· 746 728 SYM_CODE_END(el0_error) 747 729 748 730 /* 749 - * Ok, we need to do extra processing, enter the slow path. 750 - */ 751 - work_pending: 752 - mov x0, sp // 'regs' 753 - bl do_notify_resume 754 - #ifdef CONFIG_TRACE_IRQFLAGS 755 - bl trace_hardirqs_on // enabled while in userspace 756 - #endif 757 - ldr x1, [tsk, #TSK_TI_FLAGS] // re-check for single-step 758 - b finish_ret_to_user 759 - /* 760 731 * "slow" syscall return path. 761 732 */ 762 - ret_to_user: 733 + SYM_CODE_START_LOCAL(ret_to_user) 763 734 disable_daif 764 735 gic_prio_kentry_setup tmp=x3 765 736 ldr x1, [tsk, #TSK_TI_FLAGS] ··· 760 753 bl stackleak_erase 761 754 #endif 762 755 kernel_exit 0 763 - ENDPROC(ret_to_user) 756 + 757 + /* 758 + * Ok, we need to do extra processing, enter the slow path. 759 + */ 760 + work_pending: 761 + mov x0, sp // 'regs' 762 + bl do_notify_resume 763 + #ifdef CONFIG_TRACE_IRQFLAGS 764 + bl trace_hardirqs_on // enabled while in userspace 765 + #endif 766 + ldr x1, [tsk, #TSK_TI_FLAGS] // re-check for single-step 767 + b finish_ret_to_user 768 + SYM_CODE_END(ret_to_user) 764 769 765 770 .popsection // .entry.text 766 771 ··· 919 900 ldr lr, [x8] 920 901 mov sp, x9 921 902 msr sp_el0, x1 922 - ptrauth_keys_install_kernel x1, 1, x8, x9, x10 903 + ptrauth_keys_install_kernel x1, x8, x9, x10 904 + scs_save x0, x8 905 + scs_load x1, x8 923 906 ret 924 907 SYM_FUNC_END(cpu_switch_to) 925 908 NOKPROBE(cpu_switch_to) ··· 1050 1029 1051 1030 mov x19, x1 1052 1031 1032 + #if defined(CONFIG_VMAP_STACK) || defined(CONFIG_SHADOW_CALL_STACK) 1033 + ldrb w4, [x19, #SDEI_EVENT_PRIORITY] 1034 + #endif 1035 + 1053 1036 #ifdef CONFIG_VMAP_STACK 1054 1037 /* 1055 1038 * entry.S may have been using sp as a scratch register, find whether 1056 1039 * this is a normal or critical event and switch to the appropriate 1057 1040 * stack for this CPU. 1058 1041 */ 1059 - ldrb w4, [x19, #SDEI_EVENT_PRIORITY] 1060 1042 cbnz w4, 1f 1061 1043 ldr_this_cpu dst=x5, sym=sdei_stack_normal_ptr, tmp=x6 1062 1044 b 2f ··· 1067 1043 2: mov x6, #SDEI_STACK_SIZE 1068 1044 add x5, x5, x6 1069 1045 mov sp, x5 1046 + #endif 1047 + 1048 + #ifdef CONFIG_SHADOW_CALL_STACK 1049 + /* Use a separate shadow call stack for normal and critical events */ 1050 + cbnz w4, 3f 1051 + adr_this_cpu dst=scs_sp, sym=sdei_shadow_call_stack_normal, tmp=x6 1052 + b 4f 1053 + 3: adr_this_cpu dst=scs_sp, sym=sdei_shadow_call_stack_critical, tmp=x6 1054 + 4: 1070 1055 #endif 1071 1056 1072 1057 /*

+34 -15

arch/arm64/kernel/head.S

··· 13 13 #include <linux/init.h> 14 14 #include <linux/irqchip/arm-gic-v3.h> 15 15 16 + #include <asm/asm_pointer_auth.h> 16 17 #include <asm/assembler.h> 17 18 #include <asm/boot.h> 18 19 #include <asm/ptrace.h> ··· 28 27 #include <asm/pgtable-hwdef.h> 29 28 #include <asm/pgtable.h> 30 29 #include <asm/page.h> 30 + #include <asm/scs.h> 31 31 #include <asm/smp.h> 32 32 #include <asm/sysreg.h> 33 33 #include <asm/thread_info.h> ··· 72 70 * its opcode forms the magic "MZ" signature required by UEFI. 73 71 */ 74 72 add x13, x18, #0x16 75 - b stext 73 + b primary_entry 76 74 #else 77 - b stext // branch to kernel start, magic 75 + b primary_entry // branch to kernel start, magic 78 76 .long 0 // reserved 79 77 #endif 80 78 le64sym _kernel_offset_le // Image load offset from start of RAM, little-endian ··· 100 98 * primary lowlevel boot path: 101 99 * 102 100 * Register Scope Purpose 103 - * x21 stext() .. start_kernel() FDT pointer passed at boot in x0 104 - * x23 stext() .. start_kernel() physical misalignment/KASLR offset 105 - * x28 __create_page_tables() callee preserved temp register 106 - * x19/x20 __primary_switch() callee preserved temp registers 107 - * x24 __primary_switch() .. relocate_kernel() 108 - * current RELR displacement 101 + * x21 primary_entry() .. start_kernel() FDT pointer passed at boot in x0 102 + * x23 primary_entry() .. start_kernel() physical misalignment/KASLR offset 103 + * x28 __create_page_tables() callee preserved temp register 104 + * x19/x20 __primary_switch() callee preserved temp registers 105 + * x24 __primary_switch() .. relocate_kernel() current RELR displacement 109 106 */ 110 - SYM_CODE_START(stext) 107 + SYM_CODE_START(primary_entry) 111 108 bl preserve_boot_args 112 109 bl el2_setup // Drop to EL1, w0=cpu_boot_mode 113 110 adrp x23, __PHYS_OFFSET ··· 119 118 * On return, the CPU will be ready for the MMU to be turned on and 120 119 * the TCR will have been set. 121 120 */ 122 - mov x0, #ARM64_CPU_BOOT_PRIMARY 123 121 bl __cpu_setup // initialise processor 124 122 b __primary_switch 125 - SYM_CODE_END(stext) 123 + SYM_CODE_END(primary_entry) 126 124 127 125 /* 128 126 * Preserve the arguments passed by the bootloader in x0 .. x3 ··· 394 394 395 395 /* 396 396 * Since the page tables have been populated with non-cacheable 397 - * accesses (MMU disabled), invalidate the idmap and swapper page 398 - * tables again to remove any speculatively loaded cache lines. 397 + * accesses (MMU disabled), invalidate those tables again to 398 + * remove any speculatively loaded cache lines. 399 399 */ 400 + dmb sy 401 + 400 402 adrp x0, idmap_pg_dir 403 + adrp x1, idmap_pg_end 404 + sub x1, x1, x0 405 + bl __inval_dcache_area 406 + 407 + adrp x0, init_pg_dir 401 408 adrp x1, init_pg_end 402 409 sub x1, x1, x0 403 - dmb sy 404 410 bl __inval_dcache_area 405 411 406 412 ret x28 ··· 423 417 adr_l x5, init_task 424 418 msr sp_el0, x5 // Save thread_info 425 419 420 + #ifdef CONFIG_ARM64_PTR_AUTH 421 + __ptrauth_keys_init_cpu x5, x6, x7, x8 422 + #endif 423 + 426 424 adr_l x8, vectors // load VBAR_EL1 with virtual 427 425 msr vbar_el1, x8 // vector table address 428 426 isb 429 427 430 428 stp xzr, x30, [sp, #-16]! 431 429 mov x29, sp 430 + 431 + #ifdef CONFIG_SHADOW_CALL_STACK 432 + adr_l scs_sp, init_shadow_call_stack // Set shadow call stack 433 + #endif 432 434 433 435 str_l x21, __fdt_pointer, x5 // Save FDT pointer 434 436 ··· 731 717 * Common entry point for secondary CPUs. 732 718 */ 733 719 bl __cpu_secondary_check52bitva 734 - mov x0, #ARM64_CPU_BOOT_SECONDARY 735 720 bl __cpu_setup // initialise processor 736 721 adrp x1, swapper_pg_dir 737 722 bl __enable_mmu ··· 750 737 ldr x2, [x0, #CPU_BOOT_TASK] 751 738 cbz x2, __secondary_too_slow 752 739 msr sp_el0, x2 740 + scs_load x2, x3 753 741 mov x29, #0 754 742 mov x30, #0 743 + 744 + #ifdef CONFIG_ARM64_PTR_AUTH 745 + ptrauth_keys_init_cpu x2, x3, x4, x5 746 + #endif 747 + 755 748 b secondary_start_kernel 756 749 SYM_FUNC_END(__secondary_switched) 757 750

+8 -8

arch/arm64/kernel/hibernate-asm.S

··· 65 65 * x5: physical address of a zero page that remains zero after resume 66 66 */ 67 67 .pushsection ".hibernate_exit.text", "ax" 68 - ENTRY(swsusp_arch_suspend_exit) 68 + SYM_CODE_START(swsusp_arch_suspend_exit) 69 69 /* 70 70 * We execute from ttbr0, change ttbr1 to our copied linear map tables 71 71 * with a break-before-make via the zero page ··· 110 110 cbz x24, 3f /* Do we need to re-initialise EL2? */ 111 111 hvc #0 112 112 3: ret 113 - ENDPROC(swsusp_arch_suspend_exit) 113 + SYM_CODE_END(swsusp_arch_suspend_exit) 114 114 115 115 /* 116 116 * Restore the hyp stub. ··· 119 119 * 120 120 * x24: The physical address of __hyp_stub_vectors 121 121 */ 122 - el1_sync: 122 + SYM_CODE_START_LOCAL(el1_sync) 123 123 msr vbar_el2, x24 124 124 eret 125 - ENDPROC(el1_sync) 125 + SYM_CODE_END(el1_sync) 126 126 127 127 .macro invalid_vector label 128 - \label: 128 + SYM_CODE_START_LOCAL(\label) 129 129 b \label 130 - ENDPROC(\label) 130 + SYM_CODE_END(\label) 131 131 .endm 132 132 133 133 invalid_vector el2_sync_invalid ··· 141 141 142 142 /* el2 vectors - switch el2 here while we restore the memory image. */ 143 143 .align 11 144 - ENTRY(hibernate_el2_vectors) 144 + SYM_CODE_START(hibernate_el2_vectors) 145 145 ventry el2_sync_invalid // Synchronous EL2t 146 146 ventry el2_irq_invalid // IRQ EL2t 147 147 ventry el2_fiq_invalid // FIQ EL2t ··· 161 161 ventry el1_irq_invalid // IRQ 32-bit EL1 162 162 ventry el1_fiq_invalid // FIQ 32-bit EL1 163 163 ventry el1_error_invalid // Error 32-bit EL1 164 - END(hibernate_el2_vectors) 164 + SYM_CODE_END(hibernate_el2_vectors) 165 165 166 166 .popsection

+10 -10

arch/arm64/kernel/hyp-stub.S

··· 21 21 22 22 .align 11 23 23 24 - ENTRY(__hyp_stub_vectors) 24 + SYM_CODE_START(__hyp_stub_vectors) 25 25 ventry el2_sync_invalid // Synchronous EL2t 26 26 ventry el2_irq_invalid // IRQ EL2t 27 27 ventry el2_fiq_invalid // FIQ EL2t ··· 41 41 ventry el1_irq_invalid // IRQ 32-bit EL1 42 42 ventry el1_fiq_invalid // FIQ 32-bit EL1 43 43 ventry el1_error_invalid // Error 32-bit EL1 44 - ENDPROC(__hyp_stub_vectors) 44 + SYM_CODE_END(__hyp_stub_vectors) 45 45 46 46 .align 11 47 47 48 - el1_sync: 48 + SYM_CODE_START_LOCAL(el1_sync) 49 49 cmp x0, #HVC_SET_VECTORS 50 50 b.ne 2f 51 51 msr vbar_el2, x1 ··· 68 68 69 69 9: mov x0, xzr 70 70 eret 71 - ENDPROC(el1_sync) 71 + SYM_CODE_END(el1_sync) 72 72 73 73 .macro invalid_vector label 74 - \label: 74 + SYM_CODE_START_LOCAL(\label) 75 75 b \label 76 - ENDPROC(\label) 76 + SYM_CODE_END(\label) 77 77 .endm 78 78 79 79 invalid_vector el2_sync_invalid ··· 106 106 * initialisation entry point. 107 107 */ 108 108 109 - ENTRY(__hyp_set_vectors) 109 + SYM_FUNC_START(__hyp_set_vectors) 110 110 mov x1, x0 111 111 mov x0, #HVC_SET_VECTORS 112 112 hvc #0 113 113 ret 114 - ENDPROC(__hyp_set_vectors) 114 + SYM_FUNC_END(__hyp_set_vectors) 115 115 116 - ENTRY(__hyp_reset_vectors) 116 + SYM_FUNC_START(__hyp_reset_vectors) 117 117 mov x0, #HVC_RESET_VECTORS 118 118 hvc #0 119 119 ret 120 - ENDPROC(__hyp_reset_vectors) 120 + SYM_FUNC_END(__hyp_reset_vectors)

+1 -1

arch/arm64/kernel/image-vars.h

··· 13 13 #ifdef CONFIG_EFI 14 14 15 15 __efistub_kernel_size = _edata - _text; 16 - __efistub_stext_offset = stext - _text; 16 + __efistub_primary_entry_offset = primary_entry - _text; 17 17 18 18 19 19 /*

+29 -17

arch/arm64/kernel/insn.c

··· 51 51 return aarch64_insn_encoding_class[(insn >> 25) & 0xf]; 52 52 } 53 53 54 - /* NOP is an alias of HINT */ 55 - bool __kprobes aarch64_insn_is_nop(u32 insn) 54 + bool __kprobes aarch64_insn_is_steppable_hint(u32 insn) 56 55 { 57 56 if (!aarch64_insn_is_hint(insn)) 58 57 return false; 59 58 60 59 switch (insn & 0xFE0) { 61 - case AARCH64_INSN_HINT_YIELD: 62 - case AARCH64_INSN_HINT_WFE: 63 - case AARCH64_INSN_HINT_WFI: 64 - case AARCH64_INSN_HINT_SEV: 65 - case AARCH64_INSN_HINT_SEVL: 66 - return false; 67 - default: 60 + case AARCH64_INSN_HINT_XPACLRI: 61 + case AARCH64_INSN_HINT_PACIA_1716: 62 + case AARCH64_INSN_HINT_PACIB_1716: 63 + case AARCH64_INSN_HINT_AUTIA_1716: 64 + case AARCH64_INSN_HINT_AUTIB_1716: 65 + case AARCH64_INSN_HINT_PACIAZ: 66 + case AARCH64_INSN_HINT_PACIASP: 67 + case AARCH64_INSN_HINT_PACIBZ: 68 + case AARCH64_INSN_HINT_PACIBSP: 69 + case AARCH64_INSN_HINT_AUTIAZ: 70 + case AARCH64_INSN_HINT_AUTIASP: 71 + case AARCH64_INSN_HINT_AUTIBZ: 72 + case AARCH64_INSN_HINT_AUTIBSP: 73 + case AARCH64_INSN_HINT_BTI: 74 + case AARCH64_INSN_HINT_BTIC: 75 + case AARCH64_INSN_HINT_BTIJ: 76 + case AARCH64_INSN_HINT_BTIJC: 77 + case AARCH64_INSN_HINT_NOP: 68 78 return true; 79 + default: 80 + return false; 69 81 } 70 82 } 71 83 ··· 586 574 offset >> 2); 587 575 } 588 576 589 - u32 __kprobes aarch64_insn_gen_hint(enum aarch64_insn_hint_op op) 577 + u32 __kprobes aarch64_insn_gen_hint(enum aarch64_insn_hint_cr_op op) 590 578 { 591 579 return aarch64_insn_get_hint_value() | op; 592 580 } ··· 1547 1535 u32 insn) 1548 1536 { 1549 1537 unsigned int immr, imms, n, ones, ror, esz, tmp; 1550 - u64 mask = ~0UL; 1551 - 1552 - /* Can't encode full zeroes or full ones */ 1553 - if (!imm || !~imm) 1554 - return AARCH64_BREAK_FAULT; 1538 + u64 mask; 1555 1539 1556 1540 switch (variant) { 1557 1541 case AARCH64_INSN_VARIANT_32BIT: 1558 - if (upper_32_bits(imm)) 1559 - return AARCH64_BREAK_FAULT; 1560 1542 esz = 32; 1561 1543 break; 1562 1544 case AARCH64_INSN_VARIANT_64BIT: ··· 1561 1555 pr_err("%s: unknown variant encoding %d\n", __func__, variant); 1562 1556 return AARCH64_BREAK_FAULT; 1563 1557 } 1558 + 1559 + mask = GENMASK(esz - 1, 0); 1560 + 1561 + /* Can't encode full zeroes, full ones, or value wider than the mask */ 1562 + if (!imm || imm == mask || imm & ~mask) 1563 + return AARCH64_BREAK_FAULT; 1564 1564 1565 1565 /* 1566 1566 * Inverse of Replicate(). Try to spot a repeating pattern

+7 -7

arch/arm64/kernel/machine_kexec_file.c

··· 138 138 139 139 /* add rng-seed */ 140 140 if (rng_is_initialized()) { 141 - u8 rng_seed[RNG_SEED_SIZE]; 142 - get_random_bytes(rng_seed, RNG_SEED_SIZE); 143 - ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed, 144 - RNG_SEED_SIZE); 141 + void *rng_seed; 142 + ret = fdt_setprop_placeholder(dtb, off, FDT_PROP_RNG_SEED, 143 + RNG_SEED_SIZE, &rng_seed); 145 144 if (ret) 146 145 goto out; 146 + get_random_bytes(rng_seed, RNG_SEED_SIZE); 147 147 } else { 148 148 pr_notice("RNG is not initialised: omitting \"%s\" property\n", 149 149 FDT_PROP_RNG_SEED); ··· 284 284 image->arch.elf_headers_sz = headers_sz; 285 285 286 286 pr_debug("Loaded elf core header at 0x%lx bufsz=0x%lx memsz=0x%lx\n", 287 - image->arch.elf_headers_mem, headers_sz, headers_sz); 287 + image->arch.elf_headers_mem, kbuf.bufsz, kbuf.memsz); 288 288 } 289 289 290 290 /* load initrd */ ··· 305 305 initrd_load_addr = kbuf.mem; 306 306 307 307 pr_debug("Loaded initrd at 0x%lx bufsz=0x%lx memsz=0x%lx\n", 308 - initrd_load_addr, initrd_len, initrd_len); 308 + initrd_load_addr, kbuf.bufsz, kbuf.memsz); 309 309 } 310 310 311 311 /* load dtb */ ··· 332 332 image->arch.dtb_mem = kbuf.mem; 333 333 334 334 pr_debug("Loaded dtb at 0x%lx bufsz=0x%lx memsz=0x%lx\n", 335 - kbuf.mem, dtb_len, dtb_len); 335 + kbuf.mem, kbuf.bufsz, kbuf.memsz); 336 336 337 337 return 0; 338 338

+1 -1

arch/arm64/kernel/paravirt.c

··· 120 120 struct arm_smccc_res res; 121 121 122 122 /* To detect the presence of PV time support we require SMCCC 1.1+ */ 123 - if (psci_ops.smccc_version < SMCCC_VERSION_1_1) 123 + if (arm_smccc_1_1_get_conduit() == SMCCC_CONDUIT_NONE) 124 124 return false; 125 125 126 126 arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,

+1 -1

arch/arm64/kernel/probes/decode-insn.c

··· 46 46 * except for the NOP case. 47 47 */ 48 48 if (aarch64_insn_is_hint(insn)) 49 - return aarch64_insn_is_nop(insn); 49 + return aarch64_insn_is_steppable_hint(insn); 50 50 51 51 return true; 52 52 }

+2 -2

arch/arm64/kernel/probes/kprobes_trampoline.S

··· 61 61 ldp x28, x29, [sp, #S_X28] 62 62 .endm 63 63 64 - ENTRY(kretprobe_trampoline) 64 + SYM_CODE_START(kretprobe_trampoline) 65 65 sub sp, sp, #S_FRAME_SIZE 66 66 67 67 save_all_base_regs ··· 79 79 add sp, sp, #S_FRAME_SIZE 80 80 ret 81 81 82 - ENDPROC(kretprobe_trampoline) 82 + SYM_CODE_END(kretprobe_trampoline)

+39 -2

arch/arm64/kernel/process.c

··· 11 11 12 12 #include <linux/compat.h> 13 13 #include <linux/efi.h> 14 + #include <linux/elf.h> 14 15 #include <linux/export.h> 15 16 #include <linux/sched.h> 16 17 #include <linux/sched/debug.h> ··· 19 18 #include <linux/sched/task_stack.h> 20 19 #include <linux/kernel.h> 21 20 #include <linux/lockdep.h> 21 + #include <linux/mman.h> 22 22 #include <linux/mm.h> 23 23 #include <linux/stddef.h> 24 24 #include <linux/sysctl.h> ··· 211 209 while (1); 212 210 } 213 211 212 + #define bstr(suffix, str) [PSR_BTYPE_ ## suffix >> PSR_BTYPE_SHIFT] = str 213 + static const char *const btypes[] = { 214 + bstr(NONE, "--"), 215 + bstr( JC, "jc"), 216 + bstr( C, "-c"), 217 + bstr( J , "j-") 218 + }; 219 + #undef bstr 220 + 214 221 static void print_pstate(struct pt_regs *regs) 215 222 { 216 223 u64 pstate = regs->pstate; ··· 238 227 pstate & PSR_AA32_I_BIT ? 'I' : 'i', 239 228 pstate & PSR_AA32_F_BIT ? 'F' : 'f'); 240 229 } else { 241 - printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN %cUAO)\n", 230 + const char *btype_str = btypes[(pstate & PSR_BTYPE_MASK) >> 231 + PSR_BTYPE_SHIFT]; 232 + 233 + printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN %cUAO BTYPE=%s)\n", 242 234 pstate, 243 235 pstate & PSR_N_BIT ? 'N' : 'n', 244 236 pstate & PSR_Z_BIT ? 'Z' : 'z', ··· 252 238 pstate & PSR_I_BIT ? 'I' : 'i', 253 239 pstate & PSR_F_BIT ? 'F' : 'f', 254 240 pstate & PSR_PAN_BIT ? '+' : '-', 255 - pstate & PSR_UAO_BIT ? '+' : '-'); 241 + pstate & PSR_UAO_BIT ? '+' : '-', 242 + btype_str); 256 243 } 257 244 } 258 245 ··· 670 655 if (system_capabilities_finalized()) 671 656 preempt_schedule_irq(); 672 657 } 658 + 659 + #ifdef CONFIG_BINFMT_ELF 660 + int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state, 661 + bool has_interp, bool is_interp) 662 + { 663 + /* 664 + * For dynamically linked executables the interpreter is 665 + * responsible for setting PROT_BTI on everything except 666 + * itself. 667 + */ 668 + if (is_interp != has_interp) 669 + return prot; 670 + 671 + if (!(state->flags & ARM64_ELF_BTI)) 672 + return prot; 673 + 674 + if (prot & PROT_EXEC) 675 + prot |= PROT_BTI; 676 + 677 + return prot; 678 + } 679 + #endif

+1 -1

arch/arm64/kernel/ptrace.c

··· 1875 1875 */ 1876 1876 #define SPSR_EL1_AARCH64_RES0_BITS \ 1877 1877 (GENMASK_ULL(63, 32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ 1878 - GENMASK_ULL(20, 13) | GENMASK_ULL(11, 10) | GENMASK_ULL(5, 5)) 1878 + GENMASK_ULL(20, 13) | GENMASK_ULL(5, 5)) 1879 1879 #define SPSR_EL1_AARCH32_RES0_BITS \ 1880 1880 (GENMASK_ULL(63, 32) | GENMASK_ULL(22, 22) | GENMASK_ULL(20, 20)) 1881 1881

+22 -22

arch/arm64/kernel/reloc_test_syms.S

··· 5 5 6 6 #include <linux/linkage.h> 7 7 8 - ENTRY(absolute_data64) 8 + SYM_FUNC_START(absolute_data64) 9 9 ldr x0, 0f 10 10 ret 11 11 0: .quad sym64_abs 12 - ENDPROC(absolute_data64) 12 + SYM_FUNC_END(absolute_data64) 13 13 14 - ENTRY(absolute_data32) 14 + SYM_FUNC_START(absolute_data32) 15 15 ldr w0, 0f 16 16 ret 17 17 0: .long sym32_abs 18 - ENDPROC(absolute_data32) 18 + SYM_FUNC_END(absolute_data32) 19 19 20 - ENTRY(absolute_data16) 20 + SYM_FUNC_START(absolute_data16) 21 21 adr x0, 0f 22 22 ldrh w0, [x0] 23 23 ret 24 24 0: .short sym16_abs, 0 25 - ENDPROC(absolute_data16) 25 + SYM_FUNC_END(absolute_data16) 26 26 27 - ENTRY(signed_movw) 27 + SYM_FUNC_START(signed_movw) 28 28 movz x0, #:abs_g2_s:sym64_abs 29 29 movk x0, #:abs_g1_nc:sym64_abs 30 30 movk x0, #:abs_g0_nc:sym64_abs 31 31 ret 32 - ENDPROC(signed_movw) 32 + SYM_FUNC_END(signed_movw) 33 33 34 - ENTRY(unsigned_movw) 34 + SYM_FUNC_START(unsigned_movw) 35 35 movz x0, #:abs_g3:sym64_abs 36 36 movk x0, #:abs_g2_nc:sym64_abs 37 37 movk x0, #:abs_g1_nc:sym64_abs 38 38 movk x0, #:abs_g0_nc:sym64_abs 39 39 ret 40 - ENDPROC(unsigned_movw) 40 + SYM_FUNC_END(unsigned_movw) 41 41 42 42 .align 12 43 43 .space 0xff8 44 - ENTRY(relative_adrp) 44 + SYM_FUNC_START(relative_adrp) 45 45 adrp x0, sym64_rel 46 46 add x0, x0, #:lo12:sym64_rel 47 47 ret 48 - ENDPROC(relative_adrp) 48 + SYM_FUNC_END(relative_adrp) 49 49 50 50 .align 12 51 51 .space 0xffc 52 - ENTRY(relative_adrp_far) 52 + SYM_FUNC_START(relative_adrp_far) 53 53 adrp x0, memstart_addr 54 54 add x0, x0, #:lo12:memstart_addr 55 55 ret 56 - ENDPROC(relative_adrp_far) 56 + SYM_FUNC_END(relative_adrp_far) 57 57 58 - ENTRY(relative_adr) 58 + SYM_FUNC_START(relative_adr) 59 59 adr x0, sym64_rel 60 60 ret 61 - ENDPROC(relative_adr) 61 + SYM_FUNC_END(relative_adr) 62 62 63 - ENTRY(relative_data64) 63 + SYM_FUNC_START(relative_data64) 64 64 adr x1, 0f 65 65 ldr x0, [x1] 66 66 add x0, x0, x1 67 67 ret 68 68 0: .quad sym64_rel - . 69 - ENDPROC(relative_data64) 69 + SYM_FUNC_END(relative_data64) 70 70 71 - ENTRY(relative_data32) 71 + SYM_FUNC_START(relative_data32) 72 72 adr x1, 0f 73 73 ldr w0, [x1] 74 74 add x0, x0, x1 75 75 ret 76 76 0: .long sym64_rel - . 77 - ENDPROC(relative_data32) 77 + SYM_FUNC_END(relative_data32) 78 78 79 - ENTRY(relative_data16) 79 + SYM_FUNC_START(relative_data16) 80 80 adr x1, 0f 81 81 ldrsh w0, [x1] 82 82 add x0, x0, x1 83 83 ret 84 84 0: .short sym64_rel - ., 0 85 - ENDPROC(relative_data16) 85 + SYM_FUNC_END(relative_data16)

+2 -2

arch/arm64/kernel/relocate_kernel.S

··· 26 26 * control_code_page, a special page which has been set up to be preserved 27 27 * during the copy operation. 28 28 */ 29 - ENTRY(arm64_relocate_new_kernel) 29 + SYM_CODE_START(arm64_relocate_new_kernel) 30 30 31 31 /* Setup the list loop variables. */ 32 32 mov x18, x2 /* x18 = dtb address */ ··· 111 111 mov x3, xzr 112 112 br x17 113 113 114 - ENDPROC(arm64_relocate_new_kernel) 114 + SYM_CODE_END(arm64_relocate_new_kernel) 115 115 116 116 .align 3 /* To keep the 64-bit values below naturally aligned. */ 117 117

+16

arch/arm64/kernel/scs.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* 3 + * Shadow Call Stack support. 4 + * 5 + * Copyright (C) 2019 Google LLC 6 + */ 7 + 8 + #include <linux/percpu.h> 9 + #include <linux/scs.h> 10 + 11 + DEFINE_SCS(irq_shadow_call_stack); 12 + 13 + #ifdef CONFIG_ARM_SDE_INTERFACE 14 + DEFINE_SCS(sdei_shadow_call_stack_normal); 15 + DEFINE_SCS(sdei_shadow_call_stack_critical); 16 + #endif

+2 -26

arch/arm64/kernel/sdei.c

··· 95 95 unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_normal_ptr); 96 96 unsigned long high = low + SDEI_STACK_SIZE; 97 97 98 - if (!low) 99 - return false; 100 - 101 - if (sp < low || sp >= high) 102 - return false; 103 - 104 - if (info) { 105 - info->low = low; 106 - info->high = high; 107 - info->type = STACK_TYPE_SDEI_NORMAL; 108 - } 109 - 110 - return true; 98 + return on_stack(sp, low, high, STACK_TYPE_SDEI_NORMAL, info); 111 99 } 112 100 113 101 static bool on_sdei_critical_stack(unsigned long sp, struct stack_info *info) ··· 103 115 unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_critical_ptr); 104 116 unsigned long high = low + SDEI_STACK_SIZE; 105 117 106 - if (!low) 107 - return false; 108 - 109 - if (sp < low || sp >= high) 110 - return false; 111 - 112 - if (info) { 113 - info->low = low; 114 - info->high = high; 115 - info->type = STACK_TYPE_SDEI_CRITICAL; 116 - } 117 - 118 - return true; 118 + return on_stack(sp, low, high, STACK_TYPE_SDEI_CRITICAL, info); 119 119 } 120 120 121 121 bool _on_sdei_stack(unsigned long sp, struct stack_info *info)

+16

arch/arm64/kernel/signal.c

··· 732 732 regs->regs[29] = (unsigned long)&user->next_frame->fp; 733 733 regs->pc = (unsigned long)ka->sa.sa_handler; 734 734 735 + /* 736 + * Signal delivery is a (wacky) indirect function call in 737 + * userspace, so simulate the same setting of BTYPE as a BLR 738 + * <register containing the signal handler entry point>. 739 + * Signal delivery to a location in a PROT_BTI guarded page 740 + * that is not a function entry point will now trigger a 741 + * SIGILL in userspace. 742 + * 743 + * If the signal handler entry point is not in a PROT_BTI 744 + * guarded page, this is harmless. 745 + */ 746 + if (system_supports_bti()) { 747 + regs->pstate &= ~PSR_BTYPE_MASK; 748 + regs->pstate |= PSR_BTYPE_C; 749 + } 750 + 735 751 if (ka->sa.sa_flags & SA_RESTORER) 736 752 sigtramp = ka->sa.sa_restorer; 737 753 else

+6 -7

arch/arm64/kernel/sleep.S

··· 62 62 * 63 63 * x0 = struct sleep_stack_data area 64 64 */ 65 - ENTRY(__cpu_suspend_enter) 65 + SYM_FUNC_START(__cpu_suspend_enter) 66 66 stp x29, lr, [x0, #SLEEP_STACK_DATA_CALLEE_REGS] 67 67 stp x19, x20, [x0,#SLEEP_STACK_DATA_CALLEE_REGS+16] 68 68 stp x21, x22, [x0,#SLEEP_STACK_DATA_CALLEE_REGS+32] ··· 95 95 ldp x29, lr, [sp], #16 96 96 mov x0, #1 97 97 ret 98 - ENDPROC(__cpu_suspend_enter) 98 + SYM_FUNC_END(__cpu_suspend_enter) 99 99 100 100 .pushsection ".idmap.text", "awx" 101 - ENTRY(cpu_resume) 101 + SYM_CODE_START(cpu_resume) 102 102 bl el2_setup // if in EL2 drop to EL1 cleanly 103 - mov x0, #ARM64_CPU_RUNTIME 104 103 bl __cpu_setup 105 104 /* enable the MMU early - so we can access sleep_save_stash by va */ 106 105 adrp x1, swapper_pg_dir 107 106 bl __enable_mmu 108 107 ldr x8, =_cpu_resume 109 108 br x8 110 - ENDPROC(cpu_resume) 109 + SYM_CODE_END(cpu_resume) 111 110 .ltorg 112 111 .popsection 113 112 114 - ENTRY(_cpu_resume) 113 + SYM_FUNC_START(_cpu_resume) 115 114 mrs x1, mpidr_el1 116 115 adr_l x8, mpidr_hash // x8 = struct mpidr_hash virt address 117 116 ··· 146 147 ldp x29, lr, [x29] 147 148 mov x0, #0 148 149 ret 149 - ENDPROC(_cpu_resume) 150 + SYM_FUNC_END(_cpu_resume)

+4 -4

arch/arm64/kernel/smccc-call.S

··· 30 30 * unsigned long a6, unsigned long a7, struct arm_smccc_res *res, 31 31 * struct arm_smccc_quirk *quirk) 32 32 */ 33 - ENTRY(__arm_smccc_smc) 33 + SYM_FUNC_START(__arm_smccc_smc) 34 34 SMCCC smc 35 - ENDPROC(__arm_smccc_smc) 35 + SYM_FUNC_END(__arm_smccc_smc) 36 36 EXPORT_SYMBOL(__arm_smccc_smc) 37 37 38 38 /* ··· 41 41 * unsigned long a6, unsigned long a7, struct arm_smccc_res *res, 42 42 * struct arm_smccc_quirk *quirk) 43 43 */ 44 - ENTRY(__arm_smccc_hvc) 44 + SYM_FUNC_START(__arm_smccc_hvc) 45 45 SMCCC hvc 46 - ENDPROC(__arm_smccc_hvc) 46 + SYM_FUNC_END(__arm_smccc_hvc) 47 47 EXPORT_SYMBOL(__arm_smccc_hvc)

+1 -9

arch/arm64/kernel/smp.c

··· 65 65 */ 66 66 struct secondary_data secondary_data; 67 67 /* Number of CPUs which aren't online, but looping in kernel text. */ 68 - int cpus_stuck_in_kernel; 68 + static int cpus_stuck_in_kernel; 69 69 70 70 enum ipi_msg_type { 71 71 IPI_RESCHEDULE, ··· 114 114 */ 115 115 secondary_data.task = idle; 116 116 secondary_data.stack = task_stack_page(idle) + THREAD_SIZE; 117 - #if defined(CONFIG_ARM64_PTR_AUTH) 118 - secondary_data.ptrauth_key.apia.lo = idle->thread.keys_kernel.apia.lo; 119 - secondary_data.ptrauth_key.apia.hi = idle->thread.keys_kernel.apia.hi; 120 - #endif 121 117 update_cpu_boot_status(CPU_MMU_OFF); 122 118 __flush_dcache_area(&secondary_data, sizeof(secondary_data)); 123 119 ··· 136 140 pr_crit("CPU%u: failed to come online\n", cpu); 137 141 secondary_data.task = NULL; 138 142 secondary_data.stack = NULL; 139 - #if defined(CONFIG_ARM64_PTR_AUTH) 140 - secondary_data.ptrauth_key.apia.lo = 0; 141 - secondary_data.ptrauth_key.apia.hi = 0; 142 - #endif 143 143 __flush_dcache_area(&secondary_data, sizeof(secondary_data)); 144 144 status = READ_ONCE(secondary_data.status); 145 145 if (status == CPU_MMU_OFF)

+18

arch/arm64/kernel/syscall.c

··· 98 98 regs->orig_x0 = regs->regs[0]; 99 99 regs->syscallno = scno; 100 100 101 + /* 102 + * BTI note: 103 + * The architecture does not guarantee that SPSR.BTYPE is zero 104 + * on taking an SVC, so we could return to userspace with a 105 + * non-zero BTYPE after the syscall. 106 + * 107 + * This shouldn't matter except when userspace is explicitly 108 + * doing something stupid, such as setting PROT_BTI on a page 109 + * that lacks conforming BTI/PACIxSP instructions, falling 110 + * through from one executable page to another with differing 111 + * PROT_BTI, or messing with BTYPE via ptrace: in such cases, 112 + * userspace should not be surprised if a SIGILL occurs on 113 + * syscall return. 114 + * 115 + * So, don't touch regs->pstate & PSR_BTYPE_MASK here. 116 + * (Similarly for HVC and SMC elsewhere.) 117 + */ 118 + 101 119 cortex_a76_erratum_1463225_svc_handler(); 102 120 local_daif_restore(DAIF_PROCCTX); 103 121 user_exit();

+72 -61

arch/arm64/kernel/traps.c

··· 272 272 } 273 273 } 274 274 275 + #ifdef CONFIG_COMPAT 276 + #define PSTATE_IT_1_0_SHIFT 25 277 + #define PSTATE_IT_1_0_MASK (0x3 << PSTATE_IT_1_0_SHIFT) 278 + #define PSTATE_IT_7_2_SHIFT 10 279 + #define PSTATE_IT_7_2_MASK (0x3f << PSTATE_IT_7_2_SHIFT) 280 + 281 + static u32 compat_get_it_state(struct pt_regs *regs) 282 + { 283 + u32 it, pstate = regs->pstate; 284 + 285 + it = (pstate & PSTATE_IT_1_0_MASK) >> PSTATE_IT_1_0_SHIFT; 286 + it |= ((pstate & PSTATE_IT_7_2_MASK) >> PSTATE_IT_7_2_SHIFT) << 2; 287 + 288 + return it; 289 + } 290 + 291 + static void compat_set_it_state(struct pt_regs *regs, u32 it) 292 + { 293 + u32 pstate_it; 294 + 295 + pstate_it = (it << PSTATE_IT_1_0_SHIFT) & PSTATE_IT_1_0_MASK; 296 + pstate_it |= ((it >> 2) << PSTATE_IT_7_2_SHIFT) & PSTATE_IT_7_2_MASK; 297 + 298 + regs->pstate &= ~PSR_AA32_IT_MASK; 299 + regs->pstate |= pstate_it; 300 + } 301 + 302 + static void advance_itstate(struct pt_regs *regs) 303 + { 304 + u32 it; 305 + 306 + /* ARM mode */ 307 + if (!(regs->pstate & PSR_AA32_T_BIT) || 308 + !(regs->pstate & PSR_AA32_IT_MASK)) 309 + return; 310 + 311 + it = compat_get_it_state(regs); 312 + 313 + /* 314 + * If this is the last instruction of the block, wipe the IT 315 + * state. Otherwise advance it. 316 + */ 317 + if (!(it & 7)) 318 + it = 0; 319 + else 320 + it = (it & 0xe0) | ((it << 1) & 0x1f); 321 + 322 + compat_set_it_state(regs, it); 323 + } 324 + #else 325 + static void advance_itstate(struct pt_regs *regs) 326 + { 327 + } 328 + #endif 329 + 275 330 void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) 276 331 { 277 332 regs->pc += size; ··· 337 282 */ 338 283 if (user_mode(regs)) 339 284 user_fastforward_single_step(current); 285 + 286 + if (compat_user_mode(regs)) 287 + advance_itstate(regs); 288 + else 289 + regs->pstate &= ~PSR_BTYPE_MASK; 340 290 } 341 291 342 292 static LIST_HEAD(undef_hook); ··· 470 410 force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); 471 411 } 472 412 NOKPROBE_SYMBOL(do_undefinstr); 413 + 414 + void do_bti(struct pt_regs *regs) 415 + { 416 + BUG_ON(!user_mode(regs)); 417 + force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); 418 + } 419 + NOKPROBE_SYMBOL(do_bti); 473 420 474 421 #define __user_cache_maint(insn, address, res) \ 475 422 if (address >= user_addr_max()) { \ ··· 633 566 {}, 634 567 }; 635 568 636 - 637 569 #ifdef CONFIG_COMPAT 638 - #define PSTATE_IT_1_0_SHIFT 25 639 - #define PSTATE_IT_1_0_MASK (0x3 << PSTATE_IT_1_0_SHIFT) 640 - #define PSTATE_IT_7_2_SHIFT 10 641 - #define PSTATE_IT_7_2_MASK (0x3f << PSTATE_IT_7_2_SHIFT) 642 - 643 - static u32 compat_get_it_state(struct pt_regs *regs) 644 - { 645 - u32 it, pstate = regs->pstate; 646 - 647 - it = (pstate & PSTATE_IT_1_0_MASK) >> PSTATE_IT_1_0_SHIFT; 648 - it |= ((pstate & PSTATE_IT_7_2_MASK) >> PSTATE_IT_7_2_SHIFT) << 2; 649 - 650 - return it; 651 - } 652 - 653 - static void compat_set_it_state(struct pt_regs *regs, u32 it) 654 - { 655 - u32 pstate_it; 656 - 657 - pstate_it = (it << PSTATE_IT_1_0_SHIFT) & PSTATE_IT_1_0_MASK; 658 - pstate_it |= ((it >> 2) << PSTATE_IT_7_2_SHIFT) & PSTATE_IT_7_2_MASK; 659 - 660 - regs->pstate &= ~PSR_AA32_IT_MASK; 661 - regs->pstate |= pstate_it; 662 - } 663 - 664 570 static bool cp15_cond_valid(unsigned int esr, struct pt_regs *regs) 665 571 { 666 572 int cond; ··· 654 614 return aarch32_opcode_cond_checks[cond](regs->pstate); 655 615 } 656 616 657 - static void advance_itstate(struct pt_regs *regs) 658 - { 659 - u32 it; 660 - 661 - /* ARM mode */ 662 - if (!(regs->pstate & PSR_AA32_T_BIT) || 663 - !(regs->pstate & PSR_AA32_IT_MASK)) 664 - return; 665 - 666 - it = compat_get_it_state(regs); 667 - 668 - /* 669 - * If this is the last instruction of the block, wipe the IT 670 - * state. Otherwise advance it. 671 - */ 672 - if (!(it & 7)) 673 - it = 0; 674 - else 675 - it = (it & 0xe0) | ((it << 1) & 0x1f); 676 - 677 - compat_set_it_state(regs, it); 678 - } 679 - 680 - static void arm64_compat_skip_faulting_instruction(struct pt_regs *regs, 681 - unsigned int sz) 682 - { 683 - advance_itstate(regs); 684 - arm64_skip_faulting_instruction(regs, sz); 685 - } 686 - 687 617 static void compat_cntfrq_read_handler(unsigned int esr, struct pt_regs *regs) 688 618 { 689 619 int reg = (esr & ESR_ELx_CP15_32_ISS_RT_MASK) >> ESR_ELx_CP15_32_ISS_RT_SHIFT; 690 620 691 621 pt_regs_write_reg(regs, reg, arch_timer_get_rate()); 692 - arm64_compat_skip_faulting_instruction(regs, 4); 622 + arm64_skip_faulting_instruction(regs, 4); 693 623 } 694 624 695 625 static const struct sys64_hook cp15_32_hooks[] = { ··· 679 669 680 670 pt_regs_write_reg(regs, rt, lower_32_bits(val)); 681 671 pt_regs_write_reg(regs, rt2, upper_32_bits(val)); 682 - arm64_compat_skip_faulting_instruction(regs, 4); 672 + arm64_skip_faulting_instruction(regs, 4); 683 673 } 684 674 685 675 static const struct sys64_hook cp15_64_hooks[] = { ··· 700 690 * There is no T16 variant of a CP access, so we 701 691 * always advance PC by 4 bytes. 702 692 */ 703 - arm64_compat_skip_faulting_instruction(regs, 4); 693 + arm64_skip_faulting_instruction(regs, 4); 704 694 return; 705 695 } 706 696 ··· 763 753 [ESR_ELx_EC_CP10_ID] = "CP10 MRC/VMRS", 764 754 [ESR_ELx_EC_PAC] = "PAC", 765 755 [ESR_ELx_EC_CP14_64] = "CP14 MCRR/MRRC", 756 + [ESR_ELx_EC_BTI] = "BTI", 766 757 [ESR_ELx_EC_ILL] = "PSTATE.IL", 767 758 [ESR_ELx_EC_SVC32] = "SVC (AArch32)", 768 759 [ESR_ELx_EC_HVC32] = "HVC (AArch32)", ··· 1054 1043 return bug_handler(regs, esr) != DBG_HOOK_HANDLED; 1055 1044 } 1056 1045 1057 - /* This registration must happen early, before debug_traps_init(). */ 1058 1046 void __init trap_init(void) 1059 1047 { 1060 1048 register_kernel_break_hook(&bug_break_hook); 1061 1049 #ifdef CONFIG_KASAN_SW_TAGS 1062 1050 register_kernel_break_hook(&kasan_break_hook); 1063 1051 #endif 1052 + debug_traps_init(); 1064 1053 }

+73 -82

arch/arm64/kernel/vdso.c

··· 33 33 extern char vdso32_start[], vdso32_end[]; 34 34 #endif /* CONFIG_COMPAT_VDSO */ 35 35 36 - /* vdso_lookup arch_index */ 37 - enum arch_vdso_type { 38 - ARM64_VDSO = 0, 36 + enum vdso_abi { 37 + VDSO_ABI_AA64, 39 38 #ifdef CONFIG_COMPAT_VDSO 40 - ARM64_VDSO32 = 1, 39 + VDSO_ABI_AA32, 41 40 #endif /* CONFIG_COMPAT_VDSO */ 42 41 }; 43 - #ifdef CONFIG_COMPAT_VDSO 44 - #define VDSO_TYPES (ARM64_VDSO32 + 1) 45 - #else 46 - #define VDSO_TYPES (ARM64_VDSO + 1) 47 - #endif /* CONFIG_COMPAT_VDSO */ 48 42 49 - struct __vdso_abi { 43 + struct vdso_abi_info { 50 44 const char *name; 51 45 const char *vdso_code_start; 52 46 const char *vdso_code_end; ··· 51 57 struct vm_special_mapping *cm; 52 58 }; 53 59 54 - static struct __vdso_abi vdso_lookup[VDSO_TYPES] __ro_after_init = { 55 - { 60 + static struct vdso_abi_info vdso_info[] __ro_after_init = { 61 + [VDSO_ABI_AA64] = { 56 62 .name = "vdso", 57 63 .vdso_code_start = vdso_start, 58 64 .vdso_code_end = vdso_end, 59 65 }, 60 66 #ifdef CONFIG_COMPAT_VDSO 61 - { 67 + [VDSO_ABI_AA32] = { 62 68 .name = "vdso32", 63 69 .vdso_code_start = vdso32_start, 64 70 .vdso_code_end = vdso32_end, ··· 75 81 } vdso_data_store __page_aligned_data; 76 82 struct vdso_data *vdso_data = vdso_data_store.data; 77 83 78 - static int __vdso_remap(enum arch_vdso_type arch_index, 84 + static int __vdso_remap(enum vdso_abi abi, 79 85 const struct vm_special_mapping *sm, 80 86 struct vm_area_struct *new_vma) 81 87 { 82 88 unsigned long new_size = new_vma->vm_end - new_vma->vm_start; 83 - unsigned long vdso_size = vdso_lookup[arch_index].vdso_code_end - 84 - vdso_lookup[arch_index].vdso_code_start; 89 + unsigned long vdso_size = vdso_info[abi].vdso_code_end - 90 + vdso_info[abi].vdso_code_start; 85 91 86 92 if (vdso_size != new_size) 87 93 return -EINVAL; ··· 91 97 return 0; 92 98 } 93 99 94 - static int __vdso_init(enum arch_vdso_type arch_index) 100 + static int __vdso_init(enum vdso_abi abi) 95 101 { 96 102 int i; 97 103 struct page **vdso_pagelist; 98 104 unsigned long pfn; 99 105 100 - if (memcmp(vdso_lookup[arch_index].vdso_code_start, "\177ELF", 4)) { 106 + if (memcmp(vdso_info[abi].vdso_code_start, "\177ELF", 4)) { 101 107 pr_err("vDSO is not a valid ELF object!\n"); 102 108 return -EINVAL; 103 109 } 104 110 105 - vdso_lookup[arch_index].vdso_pages = ( 106 - vdso_lookup[arch_index].vdso_code_end - 107 - vdso_lookup[arch_index].vdso_code_start) >> 111 + vdso_info[abi].vdso_pages = ( 112 + vdso_info[abi].vdso_code_end - 113 + vdso_info[abi].vdso_code_start) >> 108 114 PAGE_SHIFT; 109 115 110 116 /* Allocate the vDSO pagelist, plus a page for the data. */ 111 - vdso_pagelist = kcalloc(vdso_lookup[arch_index].vdso_pages + 1, 117 + vdso_pagelist = kcalloc(vdso_info[abi].vdso_pages + 1, 112 118 sizeof(struct page *), 113 119 GFP_KERNEL); 114 120 if (vdso_pagelist == NULL) ··· 119 125 120 126 121 127 /* Grab the vDSO code pages. */ 122 - pfn = sym_to_pfn(vdso_lookup[arch_index].vdso_code_start); 128 + pfn = sym_to_pfn(vdso_info[abi].vdso_code_start); 123 129 124 - for (i = 0; i < vdso_lookup[arch_index].vdso_pages; i++) 130 + for (i = 0; i < vdso_info[abi].vdso_pages; i++) 125 131 vdso_pagelist[i + 1] = pfn_to_page(pfn + i); 126 132 127 - vdso_lookup[arch_index].dm->pages = &vdso_pagelist[0]; 128 - vdso_lookup[arch_index].cm->pages = &vdso_pagelist[1]; 133 + vdso_info[abi].dm->pages = &vdso_pagelist[0]; 134 + vdso_info[abi].cm->pages = &vdso_pagelist[1]; 129 135 130 136 return 0; 131 137 } 132 138 133 - static int __setup_additional_pages(enum arch_vdso_type arch_index, 139 + static int __setup_additional_pages(enum vdso_abi abi, 134 140 struct mm_struct *mm, 135 141 struct linux_binprm *bprm, 136 142 int uses_interp) 137 143 { 138 144 unsigned long vdso_base, vdso_text_len, vdso_mapping_len; 145 + unsigned long gp_flags = 0; 139 146 void *ret; 140 147 141 - vdso_text_len = vdso_lookup[arch_index].vdso_pages << PAGE_SHIFT; 148 + vdso_text_len = vdso_info[abi].vdso_pages << PAGE_SHIFT; 142 149 /* Be sure to map the data page */ 143 150 vdso_mapping_len = vdso_text_len + PAGE_SIZE; 144 151 ··· 151 156 152 157 ret = _install_special_mapping(mm, vdso_base, PAGE_SIZE, 153 158 VM_READ|VM_MAYREAD, 154 - vdso_lookup[arch_index].dm); 159 + vdso_info[abi].dm); 155 160 if (IS_ERR(ret)) 156 161 goto up_fail; 162 + 163 + if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL) && system_supports_bti()) 164 + gp_flags = VM_ARM64_BTI; 157 165 158 166 vdso_base += PAGE_SIZE; 159 167 mm->context.vdso = (void *)vdso_base; 160 168 ret = _install_special_mapping(mm, vdso_base, vdso_text_len, 161 - VM_READ|VM_EXEC| 169 + VM_READ|VM_EXEC|gp_flags| 162 170 VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, 163 - vdso_lookup[arch_index].cm); 171 + vdso_info[abi].cm); 164 172 if (IS_ERR(ret)) 165 173 goto up_fail; 166 174 ··· 182 184 static int aarch32_vdso_mremap(const struct vm_special_mapping *sm, 183 185 struct vm_area_struct *new_vma) 184 186 { 185 - return __vdso_remap(ARM64_VDSO32, sm, new_vma); 187 + return __vdso_remap(VDSO_ABI_AA32, sm, new_vma); 186 188 } 187 189 #endif /* CONFIG_COMPAT_VDSO */ 188 190 189 - /* 190 - * aarch32_vdso_pages: 191 - * 0 - kuser helpers 192 - * 1 - sigreturn code 193 - * or (CONFIG_COMPAT_VDSO): 194 - * 0 - kuser helpers 195 - * 1 - vdso data 196 - * 2 - vdso code 197 - */ 198 - #define C_VECTORS 0 191 + enum aarch32_map { 192 + AA32_MAP_VECTORS, /* kuser helpers */ 199 193 #ifdef CONFIG_COMPAT_VDSO 200 - #define C_VVAR 1 201 - #define C_VDSO 2 202 - #define C_PAGES (C_VDSO + 1) 194 + AA32_MAP_VVAR, 195 + AA32_MAP_VDSO, 203 196 #else 204 - #define C_SIGPAGE 1 205 - #define C_PAGES (C_SIGPAGE + 1) 206 - #endif /* CONFIG_COMPAT_VDSO */ 207 - static struct page *aarch32_vdso_pages[C_PAGES] __ro_after_init; 208 - static struct vm_special_mapping aarch32_vdso_spec[C_PAGES] = { 209 - { 197 + AA32_MAP_SIGPAGE 198 + #endif 199 + }; 200 + 201 + static struct page *aarch32_vectors_page __ro_after_init; 202 + #ifndef CONFIG_COMPAT_VDSO 203 + static struct page *aarch32_sig_page __ro_after_init; 204 + #endif 205 + 206 + static struct vm_special_mapping aarch32_vdso_maps[] = { 207 + [AA32_MAP_VECTORS] = { 210 208 .name = "[vectors]", /* ABI */ 211 - .pages = &aarch32_vdso_pages[C_VECTORS], 209 + .pages = &aarch32_vectors_page, 212 210 }, 213 211 #ifdef CONFIG_COMPAT_VDSO 214 - { 212 + [AA32_MAP_VVAR] = { 215 213 .name = "[vvar]", 216 214 }, 217 - { 215 + [AA32_MAP_VDSO] = { 218 216 .name = "[vdso]", 219 217 .mremap = aarch32_vdso_mremap, 220 218 }, 221 219 #else 222 - { 220 + [AA32_MAP_SIGPAGE] = { 223 221 .name = "[sigpage]", /* ABI */ 224 - .pages = &aarch32_vdso_pages[C_SIGPAGE], 222 + .pages = &aarch32_sig_page, 225 223 }, 226 224 #endif /* CONFIG_COMPAT_VDSO */ 227 225 }; ··· 237 243 238 244 memcpy((void *)(vdso_page + 0x1000 - kuser_sz), __kuser_helper_start, 239 245 kuser_sz); 240 - aarch32_vdso_pages[C_VECTORS] = virt_to_page(vdso_page); 241 - flush_dcache_page(aarch32_vdso_pages[C_VECTORS]); 246 + aarch32_vectors_page = virt_to_page(vdso_page); 247 + flush_dcache_page(aarch32_vectors_page); 242 248 return 0; 243 249 } 244 250 ··· 247 253 { 248 254 int ret; 249 255 250 - vdso_lookup[ARM64_VDSO32].dm = &aarch32_vdso_spec[C_VVAR]; 251 - vdso_lookup[ARM64_VDSO32].cm = &aarch32_vdso_spec[C_VDSO]; 256 + vdso_info[VDSO_ABI_AA32].dm = &aarch32_vdso_maps[AA32_MAP_VVAR]; 257 + vdso_info[VDSO_ABI_AA32].cm = &aarch32_vdso_maps[AA32_MAP_VDSO]; 252 258 253 - ret = __vdso_init(ARM64_VDSO32); 259 + ret = __vdso_init(VDSO_ABI_AA32); 254 260 if (ret) 255 261 return ret; 256 262 ··· 269 275 return -ENOMEM; 270 276 271 277 memcpy((void *)sigpage, __aarch32_sigret_code_start, sigret_sz); 272 - aarch32_vdso_pages[C_SIGPAGE] = virt_to_page(sigpage); 273 - flush_dcache_page(aarch32_vdso_pages[C_SIGPAGE]); 278 + aarch32_sig_page = virt_to_page(sigpage); 279 + flush_dcache_page(aarch32_sig_page); 274 280 275 281 ret = aarch32_alloc_kuser_vdso_page(); 276 282 if (ret) ··· 300 306 ret = _install_special_mapping(mm, AARCH32_VECTORS_BASE, PAGE_SIZE, 301 307 VM_READ | VM_EXEC | 302 308 VM_MAYREAD | VM_MAYEXEC, 303 - &aarch32_vdso_spec[C_VECTORS]); 309 + &aarch32_vdso_maps[AA32_MAP_VECTORS]); 304 310 305 311 return PTR_ERR_OR_ZERO(ret); 306 312 } ··· 324 330 ret = _install_special_mapping(mm, addr, PAGE_SIZE, 325 331 VM_READ | VM_EXEC | VM_MAYREAD | 326 332 VM_MAYWRITE | VM_MAYEXEC, 327 - &aarch32_vdso_spec[C_SIGPAGE]); 333 + &aarch32_vdso_maps[AA32_MAP_SIGPAGE]); 328 334 if (IS_ERR(ret)) 329 335 goto out; 330 336 ··· 348 354 goto out; 349 355 350 356 #ifdef CONFIG_COMPAT_VDSO 351 - ret = __setup_additional_pages(ARM64_VDSO32, 357 + ret = __setup_additional_pages(VDSO_ABI_AA32, 352 358 mm, 353 359 bprm, 354 360 uses_interp); ··· 365 371 static int vdso_mremap(const struct vm_special_mapping *sm, 366 372 struct vm_area_struct *new_vma) 367 373 { 368 - return __vdso_remap(ARM64_VDSO, sm, new_vma); 374 + return __vdso_remap(VDSO_ABI_AA64, sm, new_vma); 369 375 } 370 376 371 - /* 372 - * aarch64_vdso_pages: 373 - * 0 - vvar 374 - * 1 - vdso 375 - */ 376 - #define A_VVAR 0 377 - #define A_VDSO 1 378 - #define A_PAGES (A_VDSO + 1) 379 - static struct vm_special_mapping vdso_spec[A_PAGES] __ro_after_init = { 380 - { 377 + enum aarch64_map { 378 + AA64_MAP_VVAR, 379 + AA64_MAP_VDSO, 380 + }; 381 + 382 + static struct vm_special_mapping aarch64_vdso_maps[] __ro_after_init = { 383 + [AA64_MAP_VVAR] = { 381 384 .name = "[vvar]", 382 385 }, 383 - { 386 + [AA64_MAP_VDSO] = { 384 387 .name = "[vdso]", 385 388 .mremap = vdso_mremap, 386 389 }, ··· 385 394 386 395 static int __init vdso_init(void) 387 396 { 388 - vdso_lookup[ARM64_VDSO].dm = &vdso_spec[A_VVAR]; 389 - vdso_lookup[ARM64_VDSO].cm = &vdso_spec[A_VDSO]; 397 + vdso_info[VDSO_ABI_AA64].dm = &aarch64_vdso_maps[AA64_MAP_VVAR]; 398 + vdso_info[VDSO_ABI_AA64].cm = &aarch64_vdso_maps[AA64_MAP_VDSO]; 390 399 391 - return __vdso_init(ARM64_VDSO); 400 + return __vdso_init(VDSO_ABI_AA64); 392 401 } 393 402 arch_initcall(vdso_init); 394 403 ··· 401 410 if (down_write_killable(&mm->mmap_sem)) 402 411 return -EINTR; 403 412 404 - ret = __setup_additional_pages(ARM64_VDSO, 413 + ret = __setup_additional_pages(VDSO_ABI_AA64, 405 414 mm, 406 415 bprm, 407 416 uses_interp);

+8 -4

arch/arm64/kernel/vdso/Makefile

··· 17 17 targets := $(obj-vdso) vdso.so vdso.so.dbg 18 18 obj-vdso := $(addprefix $(obj)/, $(obj-vdso)) 19 19 20 + btildflags-$(CONFIG_ARM64_BTI_KERNEL) += -z force-bti 21 + 22 + # -Bsymbolic has been added for consistency with arm, the compat vDSO and 23 + # potential future proofing if we end up with internal calls to the exported 24 + # routines, as x86 does (see 6f121e548f83 ("x86, vdso: Reimplement vdso.so 25 + # preparation in build-time C")). 20 26 ldflags-y := -shared -nostdlib -soname=linux-vdso.so.1 --hash-style=sysv \ 21 - --build-id -n -T 27 + -Bsymbolic --eh-frame-hdr --build-id -n $(btildflags-y) -T 22 28 23 29 ccflags-y := -fno-common -fno-builtin -fno-stack-protector -ffixed-x18 24 30 ccflags-y += -DDISABLE_BRANCH_PROFILING 25 31 26 - VDSO_LDFLAGS := -Bsymbolic 27 - 28 - CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os 32 + CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) 29 33 KBUILD_CFLAGS += $(DISABLE_LTO) 30 34 KASAN_SANITIZE := n 31 35 UBSAN_SANITIZE := n

+3

arch/arm64/kernel/vdso/note.S

··· 12 12 #include <linux/version.h> 13 13 #include <linux/elfnote.h> 14 14 #include <linux/build-salt.h> 15 + #include <asm/assembler.h> 15 16 16 17 ELFNOTE_START(Linux, 0, "a") 17 18 .long LINUX_VERSION_CODE 18 19 ELFNOTE_END 19 20 20 21 BUILD_SALT 22 + 23 + emit_aarch64_feature_1_and

+47 -7

arch/arm64/kernel/vdso/sigreturn.S

··· 1 1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 2 /* 3 3 * Sigreturn trampoline for returning from a signal when the SA_RESTORER 4 - * flag is not set. 4 + * flag is not set. It serves primarily as a hall of shame for crappy 5 + * unwinders and features an exciting but mysterious NOP instruction. 6 + * 7 + * It's also fragile as hell, so please think twice before changing anything 8 + * in here. 5 9 * 6 10 * Copyright (C) 2012 ARM Limited 7 11 * ··· 13 9 */ 14 10 15 11 #include <linux/linkage.h> 12 + #include <asm/assembler.h> 16 13 #include <asm/unistd.h> 17 14 18 15 .text 19 16 20 - nop 21 - SYM_FUNC_START(__kernel_rt_sigreturn) 17 + /* Ensure that the mysterious NOP can be associated with a function. */ 22 18 .cfi_startproc 19 + 20 + /* 21 + * .cfi_signal_frame causes the corresponding Frame Description Entry in the 22 + * .eh_frame section to be annotated as a signal frame. This allows DWARF 23 + * unwinders (e.g. libstdc++) to implement _Unwind_GetIPInfo(), which permits 24 + * unwinding out of the signal trampoline without the need for the mysterious 25 + * NOP. 26 + */ 23 27 .cfi_signal_frame 24 - .cfi_def_cfa x29, 0 25 - .cfi_offset x29, 0 * 8 26 - .cfi_offset x30, 1 * 8 28 + 29 + /* 30 + * Tell the unwinder where to locate the frame record linking back to the 31 + * interrupted context. We don't provide unwind info for registers other 32 + * than the frame pointer and the link register here; in practice, this 33 + * is sufficient for unwinding in C/C++ based runtimes and the values in 34 + * the sigcontext may have been modified by this point anyway. Debuggers 35 + * already have baked-in strategies for attempting to unwind out of signals. 36 + */ 37 + .cfi_def_cfa x29, 0 38 + .cfi_offset x29, 0 * 8 39 + .cfi_offset x30, 1 * 8 40 + 41 + /* 42 + * This mysterious NOP is required for some unwinders (e.g. libc++) that 43 + * unconditionally subtract one from the result of _Unwind_GetIP() in order to 44 + * identify the calling function. 45 + * Hack borrowed from arch/powerpc/kernel/vdso64/sigtramp.S. 46 + */ 47 + nop // Mysterious NOP 48 + 49 + /* 50 + * GDB relies on being able to identify the sigreturn instruction sequence to 51 + * unwind from signal handlers. We cannot, therefore, use SYM_FUNC_START() 52 + * here, as it will emit a BTI C instruction and break the unwinder. Thankfully, 53 + * this function is only ever called from a RET and so omitting the landing pad 54 + * is perfectly fine. 55 + */ 56 + SYM_CODE_START(__kernel_rt_sigreturn) 27 57 mov x8, #__NR_rt_sigreturn 28 58 svc #0 29 59 .cfi_endproc 30 - SYM_FUNC_END(__kernel_rt_sigreturn) 60 + SYM_CODE_END(__kernel_rt_sigreturn) 61 + 62 + emit_aarch64_feature_1_and

+3

arch/arm64/kernel/vdso/vdso.S

··· 8 8 #include <linux/init.h> 9 9 #include <linux/linkage.h> 10 10 #include <linux/const.h> 11 + #include <asm/assembler.h> 11 12 #include <asm/page.h> 12 13 13 14 .globl vdso_start, vdso_end ··· 20 19 vdso_end: 21 20 22 21 .previous 22 + 23 + emit_aarch64_feature_1_and

+11 -8

arch/arm64/kernel/vdso32/sigreturn.S

··· 3 3 * This file provides both A32 and T32 versions, in accordance with the 4 4 * arm sigreturn code. 5 5 * 6 + * Please read the comments in arch/arm64/kernel/vdso/sigreturn.S to 7 + * understand some of the craziness in here. 8 + * 6 9 * Copyright (C) 2018 ARM Limited 7 10 */ 8 11 ··· 20 17 .save {r0-r15} 21 18 .pad #COMPAT_SIGFRAME_REGS_OFFSET 22 19 nop 23 - SYM_FUNC_START(__kernel_sigreturn_arm) 20 + SYM_CODE_START(__kernel_sigreturn_arm) 24 21 mov r7, #__NR_compat_sigreturn 25 22 svc #0 26 23 .fnend 27 - SYM_FUNC_END(__kernel_sigreturn_arm) 24 + SYM_CODE_END(__kernel_sigreturn_arm) 28 25 29 26 .fnstart 30 27 .save {r0-r15} 31 28 .pad #COMPAT_RT_SIGFRAME_REGS_OFFSET 32 29 nop 33 - SYM_FUNC_START(__kernel_rt_sigreturn_arm) 30 + SYM_CODE_START(__kernel_rt_sigreturn_arm) 34 31 mov r7, #__NR_compat_rt_sigreturn 35 32 svc #0 36 33 .fnend 37 - SYM_FUNC_END(__kernel_rt_sigreturn_arm) 34 + SYM_CODE_END(__kernel_rt_sigreturn_arm) 38 35 39 36 .thumb 40 37 .fnstart 41 38 .save {r0-r15} 42 39 .pad #COMPAT_SIGFRAME_REGS_OFFSET 43 40 nop 44 - SYM_FUNC_START(__kernel_sigreturn_thumb) 41 + SYM_CODE_START(__kernel_sigreturn_thumb) 45 42 mov r7, #__NR_compat_sigreturn 46 43 svc #0 47 44 .fnend 48 - SYM_FUNC_END(__kernel_sigreturn_thumb) 45 + SYM_CODE_END(__kernel_sigreturn_thumb) 49 46 50 47 .fnstart 51 48 .save {r0-r15} 52 49 .pad #COMPAT_RT_SIGFRAME_REGS_OFFSET 53 50 nop 54 - SYM_FUNC_START(__kernel_rt_sigreturn_thumb) 51 + SYM_CODE_START(__kernel_rt_sigreturn_thumb) 55 52 mov r7, #__NR_compat_rt_sigreturn 56 53 svc #0 57 54 .fnend 58 - SYM_FUNC_END(__kernel_rt_sigreturn_thumb) 55 + SYM_CODE_END(__kernel_rt_sigreturn_thumb)

+7 -11

arch/arm64/kernel/vmlinux.lds.S

··· 17 17 18 18 #include "image.h" 19 19 20 - /* .exit.text needed in case of alternative patching */ 21 - #define ARM_EXIT_KEEP(x) x 22 - #define ARM_EXIT_DISCARD(x) 23 - 24 20 OUTPUT_ARCH(aarch64) 25 21 ENTRY(_text) 26 22 ··· 68 72 69 73 /* 70 74 * The size of the PE/COFF section that covers the kernel image, which 71 - * runs from stext to _edata, must be a round multiple of the PE/COFF 72 - * FileAlignment, which we set to its minimum value of 0x200. 'stext' 75 + * runs from _stext to _edata, must be a round multiple of the PE/COFF 76 + * FileAlignment, which we set to its minimum value of 0x200. '_stext' 73 77 * itself is 4 KB aligned, so padding out _edata to a 0x200 aligned 74 78 * boundary should be sufficient. 75 79 */ ··· 91 95 * order of matching. 92 96 */ 93 97 /DISCARD/ : { 94 - ARM_EXIT_DISCARD(EXIT_TEXT) 95 - ARM_EXIT_DISCARD(EXIT_DATA) 96 98 EXIT_CALL 97 99 *(.discard) 98 100 *(.discard.*) ··· 133 139 134 140 idmap_pg_dir = .; 135 141 . += IDMAP_DIR_SIZE; 142 + idmap_pg_end = .; 136 143 137 144 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 138 145 tramp_pg_dir = .; ··· 156 161 157 162 __exittext_begin = .; 158 163 .exit.text : { 159 - ARM_EXIT_KEEP(EXIT_TEXT) 164 + EXIT_TEXT 160 165 } 161 166 __exittext_end = .; 162 167 ··· 170 175 *(.altinstr_replacement) 171 176 } 172 177 173 - . = ALIGN(PAGE_SIZE); 178 + . = ALIGN(SEGMENT_ALIGN); 174 179 __inittext_end = .; 175 180 __initdata_begin = .; 176 181 ··· 183 188 *(.init.rodata.* .init.bss) /* from the EFI stub */ 184 189 } 185 190 .exit.data : { 186 - ARM_EXIT_KEEP(EXIT_DATA) 191 + EXIT_DATA 187 192 } 188 193 189 194 PERCPU_SECTION(L1_CACHE_BYTES) ··· 241 246 . += INIT_DIR_SIZE; 242 247 init_pg_end = .; 243 248 249 + . = ALIGN(SEGMENT_ALIGN); 244 250 __pecoff_data_size = ABSOLUTE(. - __initdata_begin); 245 251 _end = .; 246 252

+3 -3

arch/arm64/kvm/hyp/switch.c

··· 138 138 139 139 write_sysreg(val, cptr_el2); 140 140 141 - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_NVHE)) { 141 + if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { 142 142 struct kvm_cpu_context *ctxt = &vcpu->arch.ctxt; 143 143 144 144 isb(); ··· 181 181 * above before we can switch to the EL2/EL0 translation regime used by 182 182 * the host. 183 183 */ 184 - asm(ALTERNATIVE("nop", "isb", ARM64_WORKAROUND_SPECULATIVE_AT_VHE)); 184 + asm(ALTERNATIVE("nop", "isb", ARM64_WORKAROUND_SPECULATIVE_AT)); 185 185 186 186 write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1); 187 187 write_sysreg(vectors, vbar_el1); ··· 192 192 { 193 193 u64 mdcr_el2 = read_sysreg(mdcr_el2); 194 194 195 - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_NVHE)) { 195 + if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { 196 196 u64 val; 197 197 198 198 /*

+4 -2

arch/arm64/kvm/hyp/sysreg-sr.c

··· 107 107 write_sysreg(ctxt->sys_regs[MPIDR_EL1], vmpidr_el2); 108 108 write_sysreg(ctxt->sys_regs[CSSELR_EL1], csselr_el1); 109 109 110 - if (!cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_NVHE)) { 110 + if (has_vhe() || 111 + !cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { 111 112 write_sysreg_el1(ctxt->sys_regs[SCTLR_EL1], SYS_SCTLR); 112 113 write_sysreg_el1(ctxt->sys_regs[TCR_EL1], SYS_TCR); 113 114 } else if (!ctxt->__hyp_running_vcpu) { ··· 139 138 write_sysreg(ctxt->sys_regs[PAR_EL1], par_el1); 140 139 write_sysreg(ctxt->sys_regs[TPIDR_EL1], tpidr_el1); 141 140 142 - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_NVHE) && 141 + if (!has_vhe() && 142 + cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT) && 143 143 ctxt->__hyp_running_vcpu) { 144 144 /* 145 145 * Must only be done for host registers, hence the context

+6 -5

arch/arm64/kvm/hyp/tlb.c

··· 23 23 24 24 local_irq_save(cxt->flags); 25 25 26 - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_VHE)) { 26 + if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { 27 27 /* 28 28 * For CPUs that are affected by ARM errata 1165522 or 1530923, 29 29 * we cannot trust stage-1 to be in a correct state at that ··· 63 63 static void __hyp_text __tlb_switch_to_guest_nvhe(struct kvm *kvm, 64 64 struct tlb_inv_context *cxt) 65 65 { 66 - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_NVHE)) { 66 + if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { 67 67 u64 val; 68 68 69 69 /* ··· 79 79 isb(); 80 80 } 81 81 82 + /* __load_guest_stage2() includes an ISB for the workaround. */ 82 83 __load_guest_stage2(kvm); 83 - isb(); 84 + asm(ALTERNATIVE("isb", "nop", ARM64_WORKAROUND_SPECULATIVE_AT)); 84 85 } 85 86 86 87 static void __hyp_text __tlb_switch_to_guest(struct kvm *kvm, ··· 104 103 write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2); 105 104 isb(); 106 105 107 - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_VHE)) { 106 + if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { 108 107 /* Restore the registers to what they were */ 109 108 write_sysreg_el1(cxt->tcr, SYS_TCR); 110 109 write_sysreg_el1(cxt->sctlr, SYS_SCTLR); ··· 118 117 { 119 118 write_sysreg(0, vttbr_el2); 120 119 121 - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT_NVHE)) { 120 + if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { 122 121 /* Ensure write of the host VMID */ 123 122 isb(); 124 123 /* Restore the host's TCR_EL1 */

+50 -15

arch/arm64/kvm/reset.c

··· 46 46 PSR_AA32_I_BIT | PSR_AA32_F_BIT), 47 47 }; 48 48 49 - static bool cpu_has_32bit_el1(void) 50 - { 51 - u64 pfr0; 52 - 53 - pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); 54 - return !!(pfr0 & 0x20); 55 - } 56 - 57 49 /** 58 50 * kvm_arch_vm_ioctl_check_extension 59 51 * ··· 58 66 59 67 switch (ext) { 60 68 case KVM_CAP_ARM_EL1_32BIT: 61 - r = cpu_has_32bit_el1(); 69 + r = cpus_have_const_cap(ARM64_HAS_32BIT_EL1); 62 70 break; 63 71 case KVM_CAP_GUEST_DEBUG_HW_BPS: 64 72 r = get_num_brps(); ··· 280 288 switch (vcpu->arch.target) { 281 289 default: 282 290 if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features)) { 283 - if (!cpu_has_32bit_el1()) 291 + if (!cpus_have_const_cap(ARM64_HAS_32BIT_EL1)) 284 292 goto out; 285 293 cpu_reset = &default_regs_reset32; 286 294 } else { ··· 332 340 return ret; 333 341 } 334 342 335 - void kvm_set_ipa_limit(void) 343 + u32 get_kvm_ipa_limit(void) 336 344 { 337 - unsigned int ipa_max, pa_max, va_max, parange; 345 + return kvm_ipa_limit; 346 + } 338 347 339 - parange = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1) & 0x7; 348 + int kvm_set_ipa_limit(void) 349 + { 350 + unsigned int ipa_max, pa_max, va_max, parange, tgran_2; 351 + u64 mmfr0; 352 + 353 + mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1); 354 + parange = cpuid_feature_extract_unsigned_field(mmfr0, 355 + ID_AA64MMFR0_PARANGE_SHIFT); 356 + 357 + /* 358 + * Check with ARMv8.5-GTG that our PAGE_SIZE is supported at 359 + * Stage-2. If not, things will stop very quickly. 360 + */ 361 + switch (PAGE_SIZE) { 362 + default: 363 + case SZ_4K: 364 + tgran_2 = ID_AA64MMFR0_TGRAN4_2_SHIFT; 365 + break; 366 + case SZ_16K: 367 + tgran_2 = ID_AA64MMFR0_TGRAN16_2_SHIFT; 368 + break; 369 + case SZ_64K: 370 + tgran_2 = ID_AA64MMFR0_TGRAN64_2_SHIFT; 371 + break; 372 + } 373 + 374 + switch (cpuid_feature_extract_unsigned_field(mmfr0, tgran_2)) { 375 + default: 376 + case 1: 377 + kvm_err("PAGE_SIZE not supported at Stage-2, giving up\n"); 378 + return -EINVAL; 379 + case 0: 380 + kvm_debug("PAGE_SIZE supported at Stage-2 (default)\n"); 381 + break; 382 + case 2: 383 + kvm_debug("PAGE_SIZE supported at Stage-2 (advertised)\n"); 384 + break; 385 + } 386 + 340 387 pa_max = id_aa64mmfr0_parange_to_phys_shift(parange); 341 388 342 389 /* Clamp the IPA limit to the PA size supported by the kernel */ ··· 409 378 "KVM IPA limit (%d bit) is smaller than default size\n", ipa_max); 410 379 kvm_ipa_limit = ipa_max; 411 380 kvm_info("IPA Size Limit: %dbits\n", kvm_ipa_limit); 381 + 382 + return 0; 412 383 } 413 384 414 385 /* ··· 423 390 */ 424 391 int kvm_arm_setup_stage2(struct kvm *kvm, unsigned long type) 425 392 { 426 - u64 vtcr = VTCR_EL2_FLAGS; 393 + u64 vtcr = VTCR_EL2_FLAGS, mmfr0; 427 394 u32 parange, phys_shift; 428 395 u8 lvls; 429 396 ··· 439 406 phys_shift = KVM_PHYS_SHIFT; 440 407 } 441 408 442 - parange = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1) & 7; 409 + mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1); 410 + parange = cpuid_feature_extract_unsigned_field(mmfr0, 411 + ID_AA64MMFR0_PARANGE_SHIFT); 443 412 if (parange > ID_AA64MMFR0_PARANGE_MAX) 444 413 parange = ID_AA64MMFR0_PARANGE_MAX; 445 414 vtcr |= parange << VTCR_EL2_PS_SHIFT;

+3 -3

arch/arm64/kvm/sys_regs.c

··· 1456 1456 ID_SANITISED(MVFR1_EL1), 1457 1457 ID_SANITISED(MVFR2_EL1), 1458 1458 ID_UNALLOCATED(3,3), 1459 - ID_UNALLOCATED(3,4), 1460 - ID_UNALLOCATED(3,5), 1461 - ID_UNALLOCATED(3,6), 1459 + ID_SANITISED(ID_PFR2_EL1), 1460 + ID_HIDDEN(ID_DFR1_EL1), 1461 + ID_SANITISED(ID_MMFR5_EL1), 1462 1462 ID_UNALLOCATED(3,7), 1463 1463 1464 1464 /* AArch64 ID registers */

+16 -16

arch/arm64/lib/copy_from_user.S

··· 20 20 * x0 - bytes not copied 21 21 */ 22 22 23 - .macro ldrb1 ptr, regB, val 24 - uao_user_alternative 9998f, ldrb, ldtrb, \ptr, \regB, \val 23 + .macro ldrb1 reg, ptr, val 24 + uao_user_alternative 9998f, ldrb, ldtrb, \reg, \ptr, \val 25 25 .endm 26 26 27 - .macro strb1 ptr, regB, val 28 - strb \ptr, [\regB], \val 27 + .macro strb1 reg, ptr, val 28 + strb \reg, [\ptr], \val 29 29 .endm 30 30 31 - .macro ldrh1 ptr, regB, val 32 - uao_user_alternative 9998f, ldrh, ldtrh, \ptr, \regB, \val 31 + .macro ldrh1 reg, ptr, val 32 + uao_user_alternative 9998f, ldrh, ldtrh, \reg, \ptr, \val 33 33 .endm 34 34 35 - .macro strh1 ptr, regB, val 36 - strh \ptr, [\regB], \val 35 + .macro strh1 reg, ptr, val 36 + strh \reg, [\ptr], \val 37 37 .endm 38 38 39 - .macro ldr1 ptr, regB, val 40 - uao_user_alternative 9998f, ldr, ldtr, \ptr, \regB, \val 39 + .macro ldr1 reg, ptr, val 40 + uao_user_alternative 9998f, ldr, ldtr, \reg, \ptr, \val 41 41 .endm 42 42 43 - .macro str1 ptr, regB, val 44 - str \ptr, [\regB], \val 43 + .macro str1 reg, ptr, val 44 + str \reg, [\ptr], \val 45 45 .endm 46 46 47 - .macro ldp1 ptr, regB, regC, val 48 - uao_ldp 9998f, \ptr, \regB, \regC, \val 47 + .macro ldp1 reg1, reg2, ptr, val 48 + uao_ldp 9998f, \reg1, \reg2, \ptr, \val 49 49 .endm 50 50 51 - .macro stp1 ptr, regB, regC, val 52 - stp \ptr, \regB, [\regC], \val 51 + .macro stp1 reg1, reg2, ptr, val 52 + stp \reg1, \reg2, [\ptr], \val 53 53 .endm 54 54 55 55 end .req x5

+16 -16

arch/arm64/lib/copy_in_user.S

··· 21 21 * Returns: 22 22 * x0 - bytes not copied 23 23 */ 24 - .macro ldrb1 ptr, regB, val 25 - uao_user_alternative 9998f, ldrb, ldtrb, \ptr, \regB, \val 24 + .macro ldrb1 reg, ptr, val 25 + uao_user_alternative 9998f, ldrb, ldtrb, \reg, \ptr, \val 26 26 .endm 27 27 28 - .macro strb1 ptr, regB, val 29 - uao_user_alternative 9998f, strb, sttrb, \ptr, \regB, \val 28 + .macro strb1 reg, ptr, val 29 + uao_user_alternative 9998f, strb, sttrb, \reg, \ptr, \val 30 30 .endm 31 31 32 - .macro ldrh1 ptr, regB, val 33 - uao_user_alternative 9998f, ldrh, ldtrh, \ptr, \regB, \val 32 + .macro ldrh1 reg, ptr, val 33 + uao_user_alternative 9998f, ldrh, ldtrh, \reg, \ptr, \val 34 34 .endm 35 35 36 - .macro strh1 ptr, regB, val 37 - uao_user_alternative 9998f, strh, sttrh, \ptr, \regB, \val 36 + .macro strh1 reg, ptr, val 37 + uao_user_alternative 9998f, strh, sttrh, \reg, \ptr, \val 38 38 .endm 39 39 40 - .macro ldr1 ptr, regB, val 41 - uao_user_alternative 9998f, ldr, ldtr, \ptr, \regB, \val 40 + .macro ldr1 reg, ptr, val 41 + uao_user_alternative 9998f, ldr, ldtr, \reg, \ptr, \val 42 42 .endm 43 43 44 - .macro str1 ptr, regB, val 45 - uao_user_alternative 9998f, str, sttr, \ptr, \regB, \val 44 + .macro str1 reg, ptr, val 45 + uao_user_alternative 9998f, str, sttr, \reg, \ptr, \val 46 46 .endm 47 47 48 - .macro ldp1 ptr, regB, regC, val 49 - uao_ldp 9998f, \ptr, \regB, \regC, \val 48 + .macro ldp1 reg1, reg2, ptr, val 49 + uao_ldp 9998f, \reg1, \reg2, \ptr, \val 50 50 .endm 51 51 52 - .macro stp1 ptr, regB, regC, val 53 - uao_stp 9998f, \ptr, \regB, \regC, \val 52 + .macro stp1 reg1, reg2, ptr, val 53 + uao_stp 9998f, \reg1, \reg2, \ptr, \val 54 54 .endm 55 55 56 56 end .req x5

+16 -16

arch/arm64/lib/copy_to_user.S

··· 19 19 * Returns: 20 20 * x0 - bytes not copied 21 21 */ 22 - .macro ldrb1 ptr, regB, val 23 - ldrb \ptr, [\regB], \val 22 + .macro ldrb1 reg, ptr, val 23 + ldrb \reg, [\ptr], \val 24 24 .endm 25 25 26 - .macro strb1 ptr, regB, val 27 - uao_user_alternative 9998f, strb, sttrb, \ptr, \regB, \val 26 + .macro strb1 reg, ptr, val 27 + uao_user_alternative 9998f, strb, sttrb, \reg, \ptr, \val 28 28 .endm 29 29 30 - .macro ldrh1 ptr, regB, val 31 - ldrh \ptr, [\regB], \val 30 + .macro ldrh1 reg, ptr, val 31 + ldrh \reg, [\ptr], \val 32 32 .endm 33 33 34 - .macro strh1 ptr, regB, val 35 - uao_user_alternative 9998f, strh, sttrh, \ptr, \regB, \val 34 + .macro strh1 reg, ptr, val 35 + uao_user_alternative 9998f, strh, sttrh, \reg, \ptr, \val 36 36 .endm 37 37 38 - .macro ldr1 ptr, regB, val 39 - ldr \ptr, [\regB], \val 38 + .macro ldr1 reg, ptr, val 39 + ldr \reg, [\ptr], \val 40 40 .endm 41 41 42 - .macro str1 ptr, regB, val 43 - uao_user_alternative 9998f, str, sttr, \ptr, \regB, \val 42 + .macro str1 reg, ptr, val 43 + uao_user_alternative 9998f, str, sttr, \reg, \ptr, \val 44 44 .endm 45 45 46 - .macro ldp1 ptr, regB, regC, val 47 - ldp \ptr, \regB, [\regC], \val 46 + .macro ldp1 reg1, reg2, ptr, val 47 + ldp \reg1, \reg2, [\ptr], \val 48 48 .endm 49 49 50 - .macro stp1 ptr, regB, regC, val 51 - uao_stp 9998f, \ptr, \regB, \regC, \val 50 + .macro stp1 reg1, reg2, ptr, val 51 + uao_stp 9998f, \reg1, \reg2, \ptr, \val 52 52 .endm 53 53 54 54 end .req x5

+1 -1

arch/arm64/lib/crc32.S

··· 9 9 #include <asm/alternative.h> 10 10 #include <asm/assembler.h> 11 11 12 - .cpu generic+crc 12 + .arch armv8-a+crc 13 13 14 14 .macro __crc32, c 15 15 cmp x2, #16

+16 -16

arch/arm64/lib/memcpy.S

··· 24 24 * Returns: 25 25 * x0 - dest 26 26 */ 27 - .macro ldrb1 ptr, regB, val 28 - ldrb \ptr, [\regB], \val 27 + .macro ldrb1 reg, ptr, val 28 + ldrb \reg, [\ptr], \val 29 29 .endm 30 30 31 - .macro strb1 ptr, regB, val 32 - strb \ptr, [\regB], \val 31 + .macro strb1 reg, ptr, val 32 + strb \reg, [\ptr], \val 33 33 .endm 34 34 35 - .macro ldrh1 ptr, regB, val 36 - ldrh \ptr, [\regB], \val 35 + .macro ldrh1 reg, ptr, val 36 + ldrh \reg, [\ptr], \val 37 37 .endm 38 38 39 - .macro strh1 ptr, regB, val 40 - strh \ptr, [\regB], \val 39 + .macro strh1 reg, ptr, val 40 + strh \reg, [\ptr], \val 41 41 .endm 42 42 43 - .macro ldr1 ptr, regB, val 44 - ldr \ptr, [\regB], \val 43 + .macro ldr1 reg, ptr, val 44 + ldr \reg, [\ptr], \val 45 45 .endm 46 46 47 - .macro str1 ptr, regB, val 48 - str \ptr, [\regB], \val 47 + .macro str1 reg, ptr, val 48 + str \reg, [\ptr], \val 49 49 .endm 50 50 51 - .macro ldp1 ptr, regB, regC, val 52 - ldp \ptr, \regB, [\regC], \val 51 + .macro ldp1 reg1, reg2, ptr, val 52 + ldp \reg1, \reg2, [\ptr], \val 53 53 .endm 54 54 55 - .macro stp1 ptr, regB, regC, val 56 - stp \ptr, \regB, [\regC], \val 55 + .macro stp1 reg1, reg2, ptr, val 56 + stp \reg1, \reg2, [\ptr], \val 57 57 .endm 58 58 59 59 .weak memcpy

+5 -3

arch/arm64/mm/context.c

··· 92 92 bitmap_clear(asid_map, 0, NUM_USER_ASIDS); 93 93 } 94 94 95 + #define asid_gen_match(asid) \ 96 + (!(((asid) ^ atomic64_read(&asid_generation)) >> asid_bits)) 97 + 95 98 static void flush_context(void) 96 99 { 97 100 int i; ··· 223 220 * because atomic RmWs are totally ordered for a given location. 224 221 */ 225 222 old_active_asid = atomic64_read(&per_cpu(active_asids, cpu)); 226 - if (old_active_asid && 227 - !((asid ^ atomic64_read(&asid_generation)) >> asid_bits) && 223 + if (old_active_asid && asid_gen_match(asid) && 228 224 atomic64_cmpxchg_relaxed(&per_cpu(active_asids, cpu), 229 225 old_active_asid, asid)) 230 226 goto switch_mm_fastpath; ··· 231 229 raw_spin_lock_irqsave(&cpu_asid_lock, flags); 232 230 /* Check that our ASID belongs to the current generation. */ 233 231 asid = atomic64_read(&mm->context.id); 234 - if ((asid ^ atomic64_read(&asid_generation)) >> asid_bits) { 232 + if (!asid_gen_match(asid)) { 235 233 asid = new_context(mm); 236 234 atomic64_set(&mm->context.id, asid); 237 235 }

+5

arch/arm64/mm/dump.c

··· 146 146 .set = "UXN", 147 147 .clear = " ", 148 148 }, { 149 + .mask = PTE_GP, 150 + .val = PTE_GP, 151 + .set = "GP", 152 + .clear = " ", 153 + }, { 149 154 .mask = PTE_ATTRINDX_MASK, 150 155 .val = PTE_ATTRINDX(MT_DEVICE_nGnRnE), 151 156 .set = "DEVICE/nGnRnE",

+1 -1

arch/arm64/mm/init.c

··· 272 272 if (pfn_to_section_nr(pfn) >= NR_MEM_SECTIONS) 273 273 return 0; 274 274 275 - if (!valid_section(__nr_to_section(pfn_to_section_nr(pfn)))) 275 + if (!valid_section(__pfn_to_section(pfn))) 276 276 return 0; 277 277 #endif 278 278 return memblock_is_map_memory(addr);

+24

arch/arm64/mm/mmu.c

··· 610 610 #endif 611 611 612 612 /* 613 + * Open coded check for BTI, only for use to determine configuration 614 + * for early mappings for before the cpufeature code has run. 615 + */ 616 + static bool arm64_early_this_cpu_has_bti(void) 617 + { 618 + u64 pfr1; 619 + 620 + if (!IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)) 621 + return false; 622 + 623 + pfr1 = read_sysreg_s(SYS_ID_AA64PFR1_EL1); 624 + return cpuid_feature_extract_unsigned_field(pfr1, 625 + ID_AA64PFR1_BT_SHIFT); 626 + } 627 + 628 + /* 613 629 * Create fine-grained mappings for the kernel. 614 630 */ 615 631 static void __init map_kernel(pgd_t *pgdp) ··· 639 623 * explicitly requested with rodata=off. 640 624 */ 641 625 pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC; 626 + 627 + /* 628 + * If we have a CPU that supports BTI and a kernel built for 629 + * BTI then mark the kernel executable text as guarded pages 630 + * now so we don't have to rewrite the page tables later. 631 + */ 632 + if (arm64_early_this_cpu_has_bti()) 633 + text_prot = __pgprot_modify(text_prot, PTE_GP, PTE_GP); 642 634 643 635 /* 644 636 * Only rodata will be remapped with different permissions later on,

+2 -2

arch/arm64/mm/pageattr.c

··· 126 126 { 127 127 return change_memory_common(addr, numpages, 128 128 __pgprot(PTE_PXN), 129 - __pgprot(0)); 129 + __pgprot(PTE_MAYBE_GP)); 130 130 } 131 131 132 132 int set_memory_x(unsigned long addr, int numpages) 133 133 { 134 134 return change_memory_common(addr, numpages, 135 - __pgprot(0), 135 + __pgprot(PTE_MAYBE_GP), 136 136 __pgprot(PTE_PXN)); 137 137 } 138 138

+15 -45

arch/arm64/mm/proc.S

··· 58 58 * cpu_do_suspend - save CPU registers context 59 59 * 60 60 * x0: virtual address of context pointer 61 + * 62 + * This must be kept in sync with struct cpu_suspend_ctx in <asm/suspend.h>. 61 63 */ 62 64 SYM_FUNC_START(cpu_do_suspend) 63 65 mrs x2, tpidr_el0 ··· 84 82 stp x8, x9, [x0, #48] 85 83 stp x10, x11, [x0, #64] 86 84 stp x12, x13, [x0, #80] 85 + /* 86 + * Save x18 as it may be used as a platform register, e.g. by shadow 87 + * call stack. 88 + */ 89 + str x18, [x0, #96] 87 90 ret 88 91 SYM_FUNC_END(cpu_do_suspend) 89 92 ··· 105 98 ldp x9, x10, [x0, #48] 106 99 ldp x11, x12, [x0, #64] 107 100 ldp x13, x14, [x0, #80] 101 + /* 102 + * Restore x18, as it may be used as a platform register, and clear 103 + * the buffer to minimize the risk of exposure when used for shadow 104 + * call stack. 105 + */ 106 + ldr x18, [x0, #96] 107 + str xzr, [x0, #96] 108 108 msr tpidr_el0, x2 109 109 msr tpidrro_el0, x3 110 110 msr contextidr_el1, x4 ··· 153 139 msr_s SYS_DISR_EL1, xzr 154 140 alternative_else_nop_endif 155 141 156 - ptrauth_keys_install_kernel x14, 0, x1, x2, x3 142 + ptrauth_keys_install_kernel_nosync x14, x1, x2, x3 157 143 isb 158 144 ret 159 145 SYM_FUNC_END(cpu_do_resume) ··· 400 386 * 401 387 * Initialise the processor for turning the MMU on. 402 388 * 403 - * Input: 404 - * x0 with a flag ARM64_CPU_BOOT_PRIMARY/ARM64_CPU_BOOT_SECONDARY/ARM64_CPU_RUNTIME. 405 389 * Output: 406 390 * Return in x0 the value of the SCTLR_EL1 register. 407 391 */ ··· 458 446 1: 459 447 #endif /* CONFIG_ARM64_HW_AFDBM */ 460 448 msr tcr_el1, x10 461 - mov x1, x0 462 449 /* 463 450 * Prepare SCTLR 464 451 */ 465 452 mov_q x0, SCTLR_EL1_SET 466 - 467 - #ifdef CONFIG_ARM64_PTR_AUTH 468 - /* No ptrauth setup for run time cpus */ 469 - cmp x1, #ARM64_CPU_RUNTIME 470 - b.eq 3f 471 - 472 - /* Check if the CPU supports ptrauth */ 473 - mrs x2, id_aa64isar1_el1 474 - ubfx x2, x2, #ID_AA64ISAR1_APA_SHIFT, #8 475 - cbz x2, 3f 476 - 477 - /* 478 - * The primary cpu keys are reset here and can be 479 - * re-initialised with some proper values later. 480 - */ 481 - msr_s SYS_APIAKEYLO_EL1, xzr 482 - msr_s SYS_APIAKEYHI_EL1, xzr 483 - 484 - /* Just enable ptrauth for primary cpu */ 485 - cmp x1, #ARM64_CPU_BOOT_PRIMARY 486 - b.eq 2f 487 - 488 - /* if !system_supports_address_auth() then skip enable */ 489 - alternative_if_not ARM64_HAS_ADDRESS_AUTH 490 - b 3f 491 - alternative_else_nop_endif 492 - 493 - /* Install ptrauth key for secondary cpus */ 494 - adr_l x2, secondary_data 495 - ldr x3, [x2, #CPU_BOOT_TASK] // get secondary_data.task 496 - cbz x3, 2f // check for slow booting cpus 497 - ldp x3, x4, [x2, #CPU_BOOT_PTRAUTH_KEY] 498 - msr_s SYS_APIAKEYLO_EL1, x3 499 - msr_s SYS_APIAKEYHI_EL1, x4 500 - 501 - 2: /* Enable ptrauth instructions */ 502 - ldr x2, =SCTLR_ELx_ENIA | SCTLR_ELx_ENIB | \ 503 - SCTLR_ELx_ENDA | SCTLR_ELx_ENDB 504 - orr x0, x0, x2 505 - 3: 506 - #endif 507 453 ret // return to head.S 508 454 SYM_FUNC_END(__cpu_setup)

+30

arch/arm64/net/bpf_jit.h

··· 100 100 /* Rd = Rn OP imm12 */ 101 101 #define A64_ADD_I(sf, Rd, Rn, imm12) A64_ADDSUB_IMM(sf, Rd, Rn, imm12, ADD) 102 102 #define A64_SUB_I(sf, Rd, Rn, imm12) A64_ADDSUB_IMM(sf, Rd, Rn, imm12, SUB) 103 + #define A64_ADDS_I(sf, Rd, Rn, imm12) \ 104 + A64_ADDSUB_IMM(sf, Rd, Rn, imm12, ADD_SETFLAGS) 105 + #define A64_SUBS_I(sf, Rd, Rn, imm12) \ 106 + A64_ADDSUB_IMM(sf, Rd, Rn, imm12, SUB_SETFLAGS) 107 + /* Rn + imm12; set condition flags */ 108 + #define A64_CMN_I(sf, Rn, imm12) A64_ADDS_I(sf, A64_ZR, Rn, imm12) 109 + /* Rn - imm12; set condition flags */ 110 + #define A64_CMP_I(sf, Rn, imm12) A64_SUBS_I(sf, A64_ZR, Rn, imm12) 103 111 /* Rd = Rn */ 104 112 #define A64_MOV(sf, Rd, Rn) A64_ADD_I(sf, Rd, Rn, 0) 105 113 ··· 196 188 #define A64_ANDS(sf, Rd, Rn, Rm) A64_LOGIC_SREG(sf, Rd, Rn, Rm, AND_SETFLAGS) 197 189 /* Rn & Rm; set condition flags */ 198 190 #define A64_TST(sf, Rn, Rm) A64_ANDS(sf, A64_ZR, Rn, Rm) 191 + 192 + /* Logical (immediate) */ 193 + #define A64_LOGIC_IMM(sf, Rd, Rn, imm, type) ({ \ 194 + u64 imm64 = (sf) ? (u64)imm : (u64)(u32)imm; \ 195 + aarch64_insn_gen_logical_immediate(AARCH64_INSN_LOGIC_##type, \ 196 + A64_VARIANT(sf), Rn, Rd, imm64); \ 197 + }) 198 + /* Rd = Rn OP imm */ 199 + #define A64_AND_I(sf, Rd, Rn, imm) A64_LOGIC_IMM(sf, Rd, Rn, imm, AND) 200 + #define A64_ORR_I(sf, Rd, Rn, imm) A64_LOGIC_IMM(sf, Rd, Rn, imm, ORR) 201 + #define A64_EOR_I(sf, Rd, Rn, imm) A64_LOGIC_IMM(sf, Rd, Rn, imm, EOR) 202 + #define A64_ANDS_I(sf, Rd, Rn, imm) A64_LOGIC_IMM(sf, Rd, Rn, imm, AND_SETFLAGS) 203 + /* Rn & imm; set condition flags */ 204 + #define A64_TST_I(sf, Rn, imm) A64_ANDS_I(sf, A64_ZR, Rn, imm) 205 + 206 + /* HINTs */ 207 + #define A64_HINT(x) aarch64_insn_gen_hint(x) 208 + 209 + /* BTI */ 210 + #define A64_BTI_C A64_HINT(AARCH64_INSN_HINT_BTIC) 211 + #define A64_BTI_J A64_HINT(AARCH64_INSN_HINT_BTIJ) 212 + #define A64_BTI_JC A64_HINT(AARCH64_INSN_HINT_BTIJC) 199 213 200 214 #endif /* _BPF_JIT_H */

+71 -14

arch/arm64/net/bpf_jit_comp.c

··· 167 167 return to - from; 168 168 } 169 169 170 + static bool is_addsub_imm(u32 imm) 171 + { 172 + /* Either imm12 or shifted imm12. */ 173 + return !(imm & ~0xfff) || !(imm & ~0xfff000); 174 + } 175 + 170 176 /* Stack must be multiples of 16B */ 171 177 #define STACK_ALIGN(sz) (((sz) + 15) & ~15) 172 178 173 179 /* Tail call offset to jump into */ 180 + #if IS_ENABLED(CONFIG_ARM64_BTI_KERNEL) 181 + #define PROLOGUE_OFFSET 8 182 + #else 174 183 #define PROLOGUE_OFFSET 7 184 + #endif 175 185 176 186 static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf) 177 187 { ··· 218 208 * 219 209 */ 220 210 211 + /* BTI landing pad */ 212 + if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)) 213 + emit(A64_BTI_C, ctx); 214 + 221 215 /* Save FP and LR registers to stay align with ARM64 AAPCS */ 222 216 emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx); 223 217 emit(A64_MOV(1, A64_FP, A64_SP), ctx); ··· 244 230 cur_offset, PROLOGUE_OFFSET); 245 231 return -1; 246 232 } 233 + 234 + /* BTI landing pad for the tail call, done with a BR */ 235 + if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)) 236 + emit(A64_BTI_J, ctx); 247 237 } 248 238 249 239 ctx->stack_size = STACK_ALIGN(prog->aux->stack_depth); ··· 374 356 const bool isdw = BPF_SIZE(code) == BPF_DW; 375 357 u8 jmp_cond, reg; 376 358 s32 jmp_offset; 359 + u32 a64_insn; 377 360 378 361 #define check_imm(bits, imm) do { \ 379 362 if ((((imm) > 0) && ((imm) >> (bits))) || \ ··· 497 478 /* dst = dst OP imm */ 498 479 case BPF_ALU | BPF_ADD | BPF_K: 499 480 case BPF_ALU64 | BPF_ADD | BPF_K: 500 - emit_a64_mov_i(is64, tmp, imm, ctx); 501 - emit(A64_ADD(is64, dst, dst, tmp), ctx); 481 + if (is_addsub_imm(imm)) { 482 + emit(A64_ADD_I(is64, dst, dst, imm), ctx); 483 + } else if (is_addsub_imm(-imm)) { 484 + emit(A64_SUB_I(is64, dst, dst, -imm), ctx); 485 + } else { 486 + emit_a64_mov_i(is64, tmp, imm, ctx); 487 + emit(A64_ADD(is64, dst, dst, tmp), ctx); 488 + } 502 489 break; 503 490 case BPF_ALU | BPF_SUB | BPF_K: 504 491 case BPF_ALU64 | BPF_SUB | BPF_K: 505 - emit_a64_mov_i(is64, tmp, imm, ctx); 506 - emit(A64_SUB(is64, dst, dst, tmp), ctx); 492 + if (is_addsub_imm(imm)) { 493 + emit(A64_SUB_I(is64, dst, dst, imm), ctx); 494 + } else if (is_addsub_imm(-imm)) { 495 + emit(A64_ADD_I(is64, dst, dst, -imm), ctx); 496 + } else { 497 + emit_a64_mov_i(is64, tmp, imm, ctx); 498 + emit(A64_SUB(is64, dst, dst, tmp), ctx); 499 + } 507 500 break; 508 501 case BPF_ALU | BPF_AND | BPF_K: 509 502 case BPF_ALU64 | BPF_AND | BPF_K: 510 - emit_a64_mov_i(is64, tmp, imm, ctx); 511 - emit(A64_AND(is64, dst, dst, tmp), ctx); 503 + a64_insn = A64_AND_I(is64, dst, dst, imm); 504 + if (a64_insn != AARCH64_BREAK_FAULT) { 505 + emit(a64_insn, ctx); 506 + } else { 507 + emit_a64_mov_i(is64, tmp, imm, ctx); 508 + emit(A64_AND(is64, dst, dst, tmp), ctx); 509 + } 512 510 break; 513 511 case BPF_ALU | BPF_OR | BPF_K: 514 512 case BPF_ALU64 | BPF_OR | BPF_K: 515 - emit_a64_mov_i(is64, tmp, imm, ctx); 516 - emit(A64_ORR(is64, dst, dst, tmp), ctx); 513 + a64_insn = A64_ORR_I(is64, dst, dst, imm); 514 + if (a64_insn != AARCH64_BREAK_FAULT) { 515 + emit(a64_insn, ctx); 516 + } else { 517 + emit_a64_mov_i(is64, tmp, imm, ctx); 518 + emit(A64_ORR(is64, dst, dst, tmp), ctx); 519 + } 517 520 break; 518 521 case BPF_ALU | BPF_XOR | BPF_K: 519 522 case BPF_ALU64 | BPF_XOR | BPF_K: 520 - emit_a64_mov_i(is64, tmp, imm, ctx); 521 - emit(A64_EOR(is64, dst, dst, tmp), ctx); 523 + a64_insn = A64_EOR_I(is64, dst, dst, imm); 524 + if (a64_insn != AARCH64_BREAK_FAULT) { 525 + emit(a64_insn, ctx); 526 + } else { 527 + emit_a64_mov_i(is64, tmp, imm, ctx); 528 + emit(A64_EOR(is64, dst, dst, tmp), ctx); 529 + } 522 530 break; 523 531 case BPF_ALU | BPF_MUL | BPF_K: 524 532 case BPF_ALU64 | BPF_MUL | BPF_K: ··· 669 623 case BPF_JMP32 | BPF_JSLT | BPF_K: 670 624 case BPF_JMP32 | BPF_JSGE | BPF_K: 671 625 case BPF_JMP32 | BPF_JSLE | BPF_K: 672 - emit_a64_mov_i(is64, tmp, imm, ctx); 673 - emit(A64_CMP(is64, dst, tmp), ctx); 626 + if (is_addsub_imm(imm)) { 627 + emit(A64_CMP_I(is64, dst, imm), ctx); 628 + } else if (is_addsub_imm(-imm)) { 629 + emit(A64_CMN_I(is64, dst, -imm), ctx); 630 + } else { 631 + emit_a64_mov_i(is64, tmp, imm, ctx); 632 + emit(A64_CMP(is64, dst, tmp), ctx); 633 + } 674 634 goto emit_cond_jmp; 675 635 case BPF_JMP | BPF_JSET | BPF_K: 676 636 case BPF_JMP32 | BPF_JSET | BPF_K: 677 - emit_a64_mov_i(is64, tmp, imm, ctx); 678 - emit(A64_TST(is64, dst, tmp), ctx); 637 + a64_insn = A64_TST_I(is64, dst, imm); 638 + if (a64_insn != AARCH64_BREAK_FAULT) { 639 + emit(a64_insn, ctx); 640 + } else { 641 + emit_a64_mov_i(is64, tmp, imm, ctx); 642 + emit(A64_TST(is64, dst, tmp), ctx); 643 + } 679 644 goto emit_cond_jmp; 680 645 /* function call */ 681 646 case BPF_JMP | BPF_CALL:

+1

arch/x86/Kconfig

··· 92 92 select ARCH_USE_BUILTIN_BSWAP 93 93 select ARCH_USE_QUEUED_RWLOCKS 94 94 select ARCH_USE_QUEUED_SPINLOCKS 95 + select ARCH_USE_SYM_ANNOTATIONS 95 96 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 96 97 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64 97 98 select ARCH_WANTS_DYNAMIC_TASK_STRUCT

-9

arch/x86/Kconfig.debug

··· 99 99 100 100 If in doubt, say "Y". 101 101 102 - config DOUBLEFAULT 103 - default y 104 - bool "Enable doublefault exception handler" if EXPERT && X86_32 105 - ---help--- 106 - This option allows trapping of rare doublefault exceptions that 107 - would otherwise cause a system to silently reboot. Disabling this 108 - option saves about 4k and might cause you much additional grey 109 - hair. 110 - 111 102 config DEBUG_TLBFLUSH 112 103 bool "Set upper limit of TLB entries to flush one-by-one" 113 104 depends on DEBUG_KERNEL

-2

arch/x86/entry/entry_32.S

··· 1536 1536 jmp common_exception 1537 1537 SYM_CODE_END(debug) 1538 1538 1539 - #ifdef CONFIG_DOUBLEFAULT 1540 1539 SYM_CODE_START(double_fault) 1541 1540 1: 1542 1541 /* ··· 1575 1576 hlt 1576 1577 jmp 1b 1577 1578 SYM_CODE_END(double_fault) 1578 - #endif 1579 1579 1580 1580 /* 1581 1581 * NMI is doubly nasty. It can happen on the first instruction of

+1 -1

arch/x86/include/asm/doublefault.h

··· 2 2 #ifndef _ASM_X86_DOUBLEFAULT_H 3 3 #define _ASM_X86_DOUBLEFAULT_H 4 4 5 - #if defined(CONFIG_X86_32) && defined(CONFIG_DOUBLEFAULT) 5 + #ifdef CONFIG_X86_32 6 6 extern void doublefault_init_cpu_tss(void); 7 7 #else 8 8 static inline void doublefault_init_cpu_tss(void)

-2

arch/x86/include/asm/traps.h

··· 69 69 dotraplinkage void do_bounds(struct pt_regs *regs, long error_code); 70 70 dotraplinkage void do_invalid_op(struct pt_regs *regs, long error_code); 71 71 dotraplinkage void do_device_not_available(struct pt_regs *regs, long error_code); 72 - #if defined(CONFIG_X86_64) || defined(CONFIG_DOUBLEFAULT) 73 72 dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code, unsigned long cr2); 74 - #endif 75 73 dotraplinkage void do_coprocessor_segment_overrun(struct pt_regs *regs, long error_code); 76 74 dotraplinkage void do_invalid_TSS(struct pt_regs *regs, long error_code); 77 75 dotraplinkage void do_segment_not_present(struct pt_regs *regs, long error_code);

+1 -3

arch/x86/kernel/Makefile

··· 102 102 obj-$(CONFIG_CRASH_DUMP) += crash_dump_$(BITS).o 103 103 obj-y += kprobes/ 104 104 obj-$(CONFIG_MODULES) += module.o 105 - ifeq ($(CONFIG_X86_32),y) 106 - obj-$(CONFIG_DOUBLEFAULT) += doublefault_32.o 107 - endif 105 + obj-$(CONFIG_X86_32) += doublefault_32.o 108 106 obj-$(CONFIG_KGDB) += kgdb.o 109 107 obj-$(CONFIG_VM86) += vm86_32.o 110 108 obj-$(CONFIG_EARLY_PRINTK) += early_printk.o

-4

arch/x86/kernel/dumpstack_32.c

··· 87 87 88 88 static bool in_doublefault_stack(unsigned long *stack, struct stack_info *info) 89 89 { 90 - #ifdef CONFIG_DOUBLEFAULT 91 90 struct cpu_entry_area *cea = get_cpu_entry_area(raw_smp_processor_id()); 92 91 struct doublefault_stack *ss = &cea->doublefault_stack; 93 92 ··· 102 103 info->next_sp = (unsigned long *)this_cpu_read(cpu_tss_rw.x86_tss.sp); 103 104 104 105 return true; 105 - #else 106 - return false; 107 - #endif 108 106 } 109 107 110 108

-2

arch/x86/kernel/traps.c

··· 256 256 } 257 257 #endif 258 258 259 - #if defined(CONFIG_X86_64) || defined(CONFIG_DOUBLEFAULT) 260 259 /* 261 260 * Runs on an IST stack for x86_64 and on a special task stack for x86_32. 262 261 * ··· 379 380 die("double fault", regs, error_code); 380 381 panic("Machine halted."); 381 382 } 382 - #endif 383 383 384 384 dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) 385 385 {

+1 -3

arch/x86/mm/cpu_entry_area.c

··· 17 17 DEFINE_PER_CPU(struct cea_exception_stacks*, cea_exception_stacks); 18 18 #endif 19 19 20 - #if defined(CONFIG_X86_32) && defined(CONFIG_DOUBLEFAULT) 20 + #ifdef CONFIG_X86_32 21 21 DECLARE_PER_CPU_PAGE_ALIGNED(struct doublefault_stack, doublefault_stack); 22 22 #endif 23 23 ··· 114 114 #else 115 115 static inline void percpu_setup_exception_stacks(unsigned int cpu) 116 116 { 117 - #ifdef CONFIG_DOUBLEFAULT 118 117 struct cpu_entry_area *cea = get_cpu_entry_area(cpu); 119 118 120 119 cea_map_percpu_pages(&cea->doublefault_stack, 121 120 &per_cpu(doublefault_stack, cpu), 1, PAGE_KERNEL); 122 - #endif 123 121 } 124 122 #endif 125 123

+3 -1

drivers/acpi/arm64/gtdt.c

··· 394 394 */ 395 395 ret = acpi_gtdt_init(table, &timer_count); 396 396 if (ret || !timer_count) 397 - return ret; 397 + goto out_put_gtdt; 398 398 399 399 for_each_platform_timer(platform_timer) { 400 400 if (is_non_secure_watchdog(platform_timer)) { ··· 408 408 if (gwdt_count) 409 409 pr_info("found %d SBSA generic Watchdog(s).\n", gwdt_count); 410 410 411 + out_put_gtdt: 412 + acpi_put_table(table); 411 413 return ret; 412 414 } 413 415

+50 -76

drivers/acpi/arm64/iort.c

··· 299 299 return status; 300 300 } 301 301 302 - struct iort_workaround_oem_info { 303 - char oem_id[ACPI_OEM_ID_SIZE + 1]; 304 - char oem_table_id[ACPI_OEM_TABLE_ID_SIZE + 1]; 305 - u32 oem_revision; 306 - }; 307 - 308 - static bool apply_id_count_workaround; 309 - 310 - static struct iort_workaround_oem_info wa_info[] __initdata = { 311 - { 312 - .oem_id = "HISI ", 313 - .oem_table_id = "HIP07 ", 314 - .oem_revision = 0, 315 - }, { 316 - .oem_id = "HISI ", 317 - .oem_table_id = "HIP08 ", 318 - .oem_revision = 0, 319 - } 320 - }; 321 - 322 - static void __init 323 - iort_check_id_count_workaround(struct acpi_table_header *tbl) 324 - { 325 - int i; 326 - 327 - for (i = 0; i < ARRAY_SIZE(wa_info); i++) { 328 - if (!memcmp(wa_info[i].oem_id, tbl->oem_id, ACPI_OEM_ID_SIZE) && 329 - !memcmp(wa_info[i].oem_table_id, tbl->oem_table_id, ACPI_OEM_TABLE_ID_SIZE) && 330 - wa_info[i].oem_revision == tbl->oem_revision) { 331 - apply_id_count_workaround = true; 332 - pr_warn(FW_BUG "ID count for ID mapping entry is wrong, applying workaround\n"); 333 - break; 334 - } 335 - } 336 - } 337 - 338 - static inline u32 iort_get_map_max(struct acpi_iort_id_mapping *map) 339 - { 340 - u32 map_max = map->input_base + map->id_count; 341 - 342 - /* 343 - * The IORT specification revision D (Section 3, table 4, page 9) says 344 - * Number of IDs = The number of IDs in the range minus one, but the 345 - * IORT code ignored the "minus one", and some firmware did that too, 346 - * so apply a workaround here to keep compatible with both the spec 347 - * compliant and non-spec compliant firmwares. 348 - */ 349 - if (apply_id_count_workaround) 350 - map_max--; 351 - 352 - return map_max; 353 - } 354 - 355 302 static int iort_id_map(struct acpi_iort_id_mapping *map, u8 type, u32 rid_in, 356 - u32 *rid_out) 303 + u32 *rid_out, bool check_overlap) 357 304 { 358 305 /* Single mapping does not care for input id */ 359 306 if (map->flags & ACPI_IORT_ID_SINGLE_MAPPING) { ··· 315 368 return -ENXIO; 316 369 } 317 370 318 - if (rid_in < map->input_base || rid_in > iort_get_map_max(map)) 371 + if (rid_in < map->input_base || 372 + (rid_in > map->input_base + map->id_count)) 319 373 return -ENXIO; 320 374 375 + if (check_overlap) { 376 + /* 377 + * We already found a mapping for this input ID at the end of 378 + * another region. If it coincides with the start of this 379 + * region, we assume the prior match was due to the off-by-1 380 + * issue mentioned below, and allow it to be superseded. 381 + * Otherwise, things are *really* broken, and we just disregard 382 + * duplicate matches entirely to retain compatibility. 383 + */ 384 + pr_err(FW_BUG "[map %p] conflicting mapping for input ID 0x%x\n", 385 + map, rid_in); 386 + if (rid_in != map->input_base) 387 + return -ENXIO; 388 + 389 + pr_err(FW_BUG "applying workaround.\n"); 390 + } 391 + 321 392 *rid_out = map->output_base + (rid_in - map->input_base); 393 + 394 + /* 395 + * Due to confusion regarding the meaning of the id_count field (which 396 + * carries the number of IDs *minus 1*), we may have to disregard this 397 + * match if it is at the end of the range, and overlaps with the start 398 + * of another one. 399 + */ 400 + if (map->id_count > 0 && rid_in == map->input_base + map->id_count) 401 + return -EAGAIN; 322 402 return 0; 323 403 } 324 404 ··· 388 414 static int iort_get_id_mapping_index(struct acpi_iort_node *node) 389 415 { 390 416 struct acpi_iort_smmu_v3 *smmu; 417 + struct acpi_iort_pmcg *pmcg; 391 418 392 419 switch (node->type) { 393 420 case ACPI_IORT_NODE_SMMU_V3: ··· 416 441 417 442 return smmu->id_mapping_index; 418 443 case ACPI_IORT_NODE_PMCG: 444 + pmcg = (struct acpi_iort_pmcg *)node->node_data; 445 + if (pmcg->overflow_gsiv || node->mapping_count == 0) 446 + return -EINVAL; 447 + 419 448 return 0; 420 449 default: 421 450 return -EINVAL; ··· 435 456 /* Parse the ID mapping tree to find specified node type */ 436 457 while (node) { 437 458 struct acpi_iort_id_mapping *map; 438 - int i, index; 459 + int i, index, rc = 0; 460 + u32 out_ref = 0, map_id = id; 439 461 440 462 if (IORT_TYPE_MASK(node->type) & type_mask) { 441 463 if (id_out) ··· 470 490 if (i == index) 471 491 continue; 472 492 473 - if (!iort_id_map(map, node->type, id, &id)) 493 + rc = iort_id_map(map, node->type, map_id, &id, out_ref); 494 + if (!rc) 474 495 break; 496 + if (rc == -EAGAIN) 497 + out_ref = map->output_reference; 475 498 } 476 499 477 - if (i == node->mapping_count) 500 + if (i == node->mapping_count && !out_ref) 478 501 goto fail_map; 479 502 480 503 node = ACPI_ADD_PTR(struct acpi_iort_node, iort_table, 481 - map->output_reference); 504 + rc ? out_ref : map->output_reference); 482 505 } 483 506 484 507 fail_map: ··· 770 787 msi_domain = iort_get_platform_device_domain(dev); 771 788 if (msi_domain) 772 789 dev_set_msi_domain(dev, msi_domain); 773 - } 774 - 775 - static int __maybe_unused __get_pci_rid(struct pci_dev *pdev, u16 alias, 776 - void *data) 777 - { 778 - u32 *rid = data; 779 - 780 - *rid = alias; 781 - return 0; 782 790 } 783 791 784 792 #ifdef CONFIG_IOMMU_API ··· 1122 1148 else 1123 1149 size = 1ULL << 32; 1124 1150 1125 - if (dev_is_pci(dev)) { 1126 - ret = acpi_dma_get_range(dev, &dmaaddr, &offset, &size); 1127 - if (ret == -ENODEV) 1128 - ret = rc_dma_get_range(dev, &size); 1129 - } else { 1130 - ret = nc_dma_get_range(dev, &size); 1131 - } 1151 + ret = acpi_dma_get_range(dev, &dmaaddr, &offset, &size); 1152 + if (ret == -ENODEV) 1153 + ret = dev_is_pci(dev) ? rc_dma_get_range(dev, &size) 1154 + : nc_dma_get_range(dev, &size); 1132 1155 1133 1156 if (!ret) { 1134 1157 /* ··· 1663 1692 { 1664 1693 acpi_status status; 1665 1694 1695 + /* iort_table will be used at runtime after the iort init, 1696 + * so we don't need to call acpi_put_table() to release 1697 + * the IORT table mapping. 1698 + */ 1666 1699 status = acpi_get_table(ACPI_SIG_IORT, 0, &iort_table); 1667 1700 if (ACPI_FAILURE(status)) { 1668 1701 if (status != AE_NOT_FOUND) { ··· 1678 1703 return; 1679 1704 } 1680 1705 1681 - iort_check_id_count_workaround(iort_table); 1682 1706 iort_init_platform_devices(); 1683 1707 }

+6

drivers/base/node.c

··· 415 415 "Node %d AnonPages: %8lu kB\n" 416 416 "Node %d Shmem: %8lu kB\n" 417 417 "Node %d KernelStack: %8lu kB\n" 418 + #ifdef CONFIG_SHADOW_CALL_STACK 419 + "Node %d ShadowCallStack:%8lu kB\n" 420 + #endif 418 421 "Node %d PageTables: %8lu kB\n" 419 422 "Node %d NFS_Unstable: %8lu kB\n" 420 423 "Node %d Bounce: %8lu kB\n" ··· 441 438 nid, K(node_page_state(pgdat, NR_ANON_MAPPED)), 442 439 nid, K(i.sharedram), 443 440 nid, sum_zone_node_page_state(nid, NR_KERNEL_STACK_KB), 441 + #ifdef CONFIG_SHADOW_CALL_STACK 442 + nid, sum_zone_node_page_state(nid, NR_KERNEL_SCS_KB), 443 + #endif 444 444 nid, K(sum_zone_node_page_state(nid, NR_PAGETABLE)), 445 445 nid, K(node_page_state(pgdat, NR_UNSTABLE_NFS)), 446 446 nid, K(sum_zone_node_page_state(nid, NR_BOUNCE)),

+2 -4

drivers/firmware/Kconfig

··· 295 295 other manufacturing data and also utilize the Entropy Bit Generator 296 296 for hardware random number generation. 297 297 298 - config HAVE_ARM_SMCCC 299 - bool 300 - 301 - source "drivers/firmware/psci/Kconfig" 302 298 source "drivers/firmware/broadcom/Kconfig" 303 299 source "drivers/firmware/google/Kconfig" 304 300 source "drivers/firmware/efi/Kconfig" 305 301 source "drivers/firmware/imx/Kconfig" 306 302 source "drivers/firmware/meson/Kconfig" 303 + source "drivers/firmware/psci/Kconfig" 304 + source "drivers/firmware/smccc/Kconfig" 307 305 source "drivers/firmware/tegra/Kconfig" 308 306 source "drivers/firmware/xilinx/Kconfig" 309 307

+2 -1

drivers/firmware/Makefile

··· 23 23 obj-$(CONFIG_TURRIS_MOX_RWTM) += turris-mox-rwtm.o 24 24 25 25 obj-$(CONFIG_ARM_SCMI_PROTOCOL) += arm_scmi/ 26 - obj-y += psci/ 27 26 obj-y += broadcom/ 28 27 obj-y += meson/ 29 28 obj-$(CONFIG_GOOGLE_FIRMWARE) += google/ 30 29 obj-$(CONFIG_EFI) += efi/ 31 30 obj-$(CONFIG_UEFI_CPER) += efi/ 32 31 obj-y += imx/ 32 + obj-y += psci/ 33 + obj-y += smccc/ 33 34 obj-y += tegra/ 34 35 obj-y += xilinx/

+21 -28

drivers/firmware/arm_sdei.c

··· 429 429 430 430 return err; 431 431 } 432 - EXPORT_SYMBOL(sdei_event_enable); 433 432 434 433 static int sdei_api_event_disable(u32 event_num) 435 434 { ··· 470 471 471 472 return err; 472 473 } 473 - EXPORT_SYMBOL(sdei_event_disable); 474 474 475 475 static int sdei_api_event_unregister(u32 event_num) 476 476 { ··· 531 533 532 534 return err; 533 535 } 534 - EXPORT_SYMBOL(sdei_event_unregister); 535 536 536 537 /* 537 538 * unregister events, but don't destroy them as they are re-registered by ··· 640 643 641 644 return err; 642 645 } 643 - EXPORT_SYMBOL(sdei_event_register); 644 646 645 647 static int sdei_reregister_event_llocked(struct sdei_event *event) 646 648 { ··· 1075 1079 .probe = sdei_probe, 1076 1080 }; 1077 1081 1078 - static bool __init sdei_present_dt(void) 1079 - { 1080 - struct device_node *np, *fw_np; 1081 - 1082 - fw_np = of_find_node_by_name(NULL, "firmware"); 1083 - if (!fw_np) 1084 - return false; 1085 - 1086 - np = of_find_matching_node(fw_np, sdei_of_match); 1087 - if (!np) 1088 - return false; 1089 - of_node_put(np); 1090 - 1091 - return true; 1092 - } 1093 - 1094 1082 static bool __init sdei_present_acpi(void) 1095 1083 { 1096 1084 acpi_status status; 1097 - struct platform_device *pdev; 1098 1085 struct acpi_table_header *sdei_table_header; 1099 1086 1100 1087 if (acpi_disabled) ··· 1092 1113 if (ACPI_FAILURE(status)) 1093 1114 return false; 1094 1115 1095 - pdev = platform_device_register_simple(sdei_driver.driver.name, 0, NULL, 1096 - 0); 1097 - if (IS_ERR(pdev)) 1098 - return false; 1116 + acpi_put_table(sdei_table_header); 1099 1117 1100 1118 return true; 1101 1119 } 1102 1120 1103 1121 static int __init sdei_init(void) 1104 1122 { 1105 - if (sdei_present_dt() || sdei_present_acpi()) 1106 - platform_driver_register(&sdei_driver); 1123 + int ret = platform_driver_register(&sdei_driver); 1107 1124 1108 - return 0; 1125 + if (!ret && sdei_present_acpi()) { 1126 + struct platform_device *pdev; 1127 + 1128 + pdev = platform_device_register_simple(sdei_driver.driver.name, 1129 + 0, NULL, 0); 1130 + if (IS_ERR(pdev)) 1131 + pr_info("Failed to register ACPI:SDEI platform device %ld\n", 1132 + PTR_ERR(pdev)); 1133 + } 1134 + 1135 + return ret; 1109 1136 } 1110 1137 1111 1138 /* ··· 1128 1143 mm_segment_t orig_addr_limit; 1129 1144 u32 event_num = arg->event_num; 1130 1145 1146 + /* 1147 + * Save restore 'fs'. 1148 + * The architecture's entry code save/restores 'fs' when taking an 1149 + * exception from the kernel. This ensures addr_limit isn't inherited 1150 + * if you interrupted something that allowed the uaccess routines to 1151 + * access kernel memory. 1152 + * Do the same here because this doesn't come via the same entry code. 1153 + */ 1131 1154 orig_addr_limit = get_fs(); 1132 1155 set_fs(USER_DS); 1133 1156

+3

drivers/firmware/efi/libstub/Makefile

··· 33 33 $(call cc-option,-fno-addrsig) \ 34 34 -D__DISABLE_EXPORTS 35 35 36 + # remove SCS flags from all objects in this directory 37 + KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) 38 + 36 39 GCOV_PROFILE := n 37 40 KASAN_SANITIZE := n 38 41 UBSAN_SANITIZE := n

+5 -16

drivers/firmware/psci/psci.c

··· 46 46 * require cooperation with a Trusted OS driver. 47 47 */ 48 48 static int resident_cpu = -1; 49 + struct psci_operations psci_ops; 50 + static enum arm_smccc_conduit psci_conduit = SMCCC_CONDUIT_NONE; 49 51 50 52 bool psci_tos_resident_on(int cpu) 51 53 { 52 54 return cpu == resident_cpu; 53 - } 54 - 55 - struct psci_operations psci_ops = { 56 - .conduit = SMCCC_CONDUIT_NONE, 57 - .smccc_version = SMCCC_VERSION_1_0, 58 - }; 59 - 60 - enum arm_smccc_conduit arm_smccc_1_1_get_conduit(void) 61 - { 62 - if (psci_ops.smccc_version < SMCCC_VERSION_1_1) 63 - return SMCCC_CONDUIT_NONE; 64 - 65 - return psci_ops.conduit; 66 55 } 67 56 68 57 typedef unsigned long (psci_fn)(unsigned long, unsigned long, ··· 231 242 WARN(1, "Unexpected PSCI conduit %d\n", conduit); 232 243 } 233 244 234 - psci_ops.conduit = conduit; 245 + psci_conduit = conduit; 235 246 } 236 247 237 248 static int get_set_conduit_method(struct device_node *np) ··· 400 411 if (feature != PSCI_RET_NOT_SUPPORTED) { 401 412 u32 ret; 402 413 ret = invoke_psci_fn(ARM_SMCCC_VERSION_FUNC_ID, 0, 0, 0); 403 - if (ret == ARM_SMCCC_VERSION_1_1) { 404 - psci_ops.smccc_version = SMCCC_VERSION_1_1; 414 + if (ret >= ARM_SMCCC_VERSION_1_1) { 415 + arm_smccc_version_init(ret, psci_conduit); 405 416 ver = ret; 406 417 } 407 418 }

+16

drivers/firmware/smccc/Kconfig

··· 1 + # SPDX-License-Identifier: GPL-2.0-only 2 + config HAVE_ARM_SMCCC 3 + bool 4 + help 5 + Include support for the Secure Monitor Call (SMC) and Hypervisor 6 + Call (HVC) instructions on Armv7 and above architectures. 7 + 8 + config HAVE_ARM_SMCCC_DISCOVERY 9 + bool 10 + depends on ARM_PSCI_FW 11 + default y 12 + help 13 + SMCCC v1.0 lacked discoverability and hence PSCI v1.0 was updated 14 + to add SMCCC discovery mechanism though the PSCI firmware 15 + implementation of PSCI_FEATURES(SMCCC_VERSION) which returns 16 + success on firmware compliant to SMCCC v1.1 and above.

+3

drivers/firmware/smccc/Makefile

··· 1 + # SPDX-License-Identifier: GPL-2.0 2 + # 3 + obj-$(CONFIG_HAVE_ARM_SMCCC_DISCOVERY) += smccc.o

+31

drivers/firmware/smccc/smccc.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* 3 + * Copyright (C) 2020 Arm Limited 4 + */ 5 + 6 + #define pr_fmt(fmt) "smccc: " fmt 7 + 8 + #include <linux/init.h> 9 + #include <linux/arm-smccc.h> 10 + 11 + static u32 smccc_version = ARM_SMCCC_VERSION_1_0; 12 + static enum arm_smccc_conduit smccc_conduit = SMCCC_CONDUIT_NONE; 13 + 14 + void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit) 15 + { 16 + smccc_version = version; 17 + smccc_conduit = conduit; 18 + } 19 + 20 + enum arm_smccc_conduit arm_smccc_1_1_get_conduit(void) 21 + { 22 + if (smccc_version < ARM_SMCCC_VERSION_1_1) 23 + return SMCCC_CONDUIT_NONE; 24 + 25 + return smccc_conduit; 26 + } 27 + 28 + u32 arm_smccc_get_version(void) 29 + { 30 + return smccc_version; 31 + }

+2 -7

drivers/perf/Kconfig

··· 79 79 can give information about memory throughput and other related 80 80 events. 81 81 82 - config HISI_PMU 83 - bool "HiSilicon SoC PMU" 84 - depends on ARM64 && ACPI 85 - help 86 - Support for HiSilicon SoC uncore performance monitoring 87 - unit (PMU), such as: L3C, HHA and DDRC. 88 - 89 82 config QCOM_L2_PMU 90 83 bool "Qualcomm Technologies L2-cache PMU" 91 84 depends on ARCH_QCOM && ARM64 && ACPI ··· 121 128 Enable perf support for the ARMv8.2 Statistical Profiling 122 129 Extension, which provides periodic sampling of operations in 123 130 the CPU pipeline and reports this via the perf AUX interface. 131 + 132 + source "drivers/perf/hisilicon/Kconfig" 124 133 125 134 endmenu

+1 -3

drivers/perf/arm_dsu_pmu.c

··· 690 690 } 691 691 692 692 irq = platform_get_irq(pdev, 0); 693 - if (irq < 0) { 694 - dev_warn(&pdev->dev, "Failed to find IRQ\n"); 693 + if (irq < 0) 695 694 return -EINVAL; 696 - } 697 695 698 696 name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%s_%d", 699 697 PMUNAME, atomic_inc_return(&pmu_idx));

+4 -1

drivers/perf/arm_smmuv3_pmu.c

··· 814 814 if (err) { 815 815 dev_err(dev, "Error %d registering hotplug, PMU @%pa\n", 816 816 err, &res_0->start); 817 - return err; 817 + goto out_clear_affinity; 818 818 } 819 819 820 820 err = perf_pmu_register(&smmu_pmu->pmu, name, -1); ··· 833 833 834 834 out_unregister: 835 835 cpuhp_state_remove_instance_nocalls(cpuhp_state_num, &smmu_pmu->node); 836 + out_clear_affinity: 837 + irq_set_affinity_hint(smmu_pmu->irq, NULL); 836 838 return err; 837 839 } 838 840 ··· 844 842 845 843 perf_pmu_unregister(&smmu_pmu->pmu); 846 844 cpuhp_state_remove_instance_nocalls(cpuhp_state_num, &smmu_pmu->node); 845 + irq_set_affinity_hint(smmu_pmu->irq, NULL); 847 846 848 847 return 0; 849 848 }

+1 -3

drivers/perf/arm_spe_pmu.c

··· 1133 1133 struct platform_device *pdev = spe_pmu->pdev; 1134 1134 int irq = platform_get_irq(pdev, 0); 1135 1135 1136 - if (irq < 0) { 1137 - dev_err(&pdev->dev, "failed to get IRQ (%d)\n", irq); 1136 + if (irq < 0) 1138 1137 return -ENXIO; 1139 - } 1140 1138 1141 1139 if (!irq_is_percpu(irq)) { 1142 1140 dev_err(&pdev->dev, "expected PPI but got SPI (%d)\n", irq);

+7

drivers/perf/hisilicon/Kconfig

··· 1 + # SPDX-License-Identifier: GPL-2.0-only 2 + config HISI_PMU 3 + tristate "HiSilicon SoC PMU drivers" 4 + depends on ARM64 && ACPI 5 + help 6 + Support for HiSilicon SoC L3 Cache performance monitor, Hydra Home 7 + Agent performance monitor and DDR Controller performance monitor.

+2 -1

drivers/perf/hisilicon/Makefile

··· 1 1 # SPDX-License-Identifier: GPL-2.0-only 2 - obj-$(CONFIG_HISI_PMU) += hisi_uncore_pmu.o hisi_uncore_l3c_pmu.o hisi_uncore_hha_pmu.o hisi_uncore_ddrc_pmu.o 2 + obj-$(CONFIG_HISI_PMU) += hisi_uncore_pmu.o hisi_uncore_l3c_pmu.o \ 3 + hisi_uncore_hha_pmu.o hisi_uncore_ddrc_pmu.o

+6 -4

drivers/perf/hisilicon/hisi_uncore_ddrc_pmu.c

··· 394 394 ret = perf_pmu_register(&ddrc_pmu->pmu, name, -1); 395 395 if (ret) { 396 396 dev_err(ddrc_pmu->dev, "DDRC PMU register failed!\n"); 397 - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_DDRC_ONLINE, 398 - &ddrc_pmu->node); 397 + cpuhp_state_remove_instance_nocalls( 398 + CPUHP_AP_PERF_ARM_HISI_DDRC_ONLINE, &ddrc_pmu->node); 399 + irq_set_affinity_hint(ddrc_pmu->irq, NULL); 399 400 } 400 401 401 402 return ret; ··· 407 406 struct hisi_pmu *ddrc_pmu = platform_get_drvdata(pdev); 408 407 409 408 perf_pmu_unregister(&ddrc_pmu->pmu); 410 - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_DDRC_ONLINE, 411 - &ddrc_pmu->node); 409 + cpuhp_state_remove_instance_nocalls(CPUHP_AP_PERF_ARM_HISI_DDRC_ONLINE, 410 + &ddrc_pmu->node); 411 + irq_set_affinity_hint(ddrc_pmu->irq, NULL); 412 412 413 413 return 0; 414 414 }

+7 -5

drivers/perf/hisilicon/hisi_uncore_hha_pmu.c

··· 283 283 HISI_PMU_EVENT_ATTR(rx_wbip, 0x05), 284 284 HISI_PMU_EVENT_ATTR(rx_wtistash, 0x11), 285 285 HISI_PMU_EVENT_ATTR(rd_ddr_64b, 0x1c), 286 - HISI_PMU_EVENT_ATTR(wr_dr_64b, 0x1d), 286 + HISI_PMU_EVENT_ATTR(wr_ddr_64b, 0x1d), 287 287 HISI_PMU_EVENT_ATTR(rd_ddr_128b, 0x1e), 288 288 HISI_PMU_EVENT_ATTR(wr_ddr_128b, 0x1f), 289 289 HISI_PMU_EVENT_ATTR(spill_num, 0x20), ··· 406 406 ret = perf_pmu_register(&hha_pmu->pmu, name, -1); 407 407 if (ret) { 408 408 dev_err(hha_pmu->dev, "HHA PMU register failed!\n"); 409 - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_HHA_ONLINE, 410 - &hha_pmu->node); 409 + cpuhp_state_remove_instance_nocalls( 410 + CPUHP_AP_PERF_ARM_HISI_HHA_ONLINE, &hha_pmu->node); 411 + irq_set_affinity_hint(hha_pmu->irq, NULL); 411 412 } 412 413 413 414 return ret; ··· 419 418 struct hisi_pmu *hha_pmu = platform_get_drvdata(pdev); 420 419 421 420 perf_pmu_unregister(&hha_pmu->pmu); 422 - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_HHA_ONLINE, 423 - &hha_pmu->node); 421 + cpuhp_state_remove_instance_nocalls(CPUHP_AP_PERF_ARM_HISI_HHA_ONLINE, 422 + &hha_pmu->node); 423 + irq_set_affinity_hint(hha_pmu->irq, NULL); 424 424 425 425 return 0; 426 426 }

+6 -4

drivers/perf/hisilicon/hisi_uncore_l3c_pmu.c

··· 396 396 ret = perf_pmu_register(&l3c_pmu->pmu, name, -1); 397 397 if (ret) { 398 398 dev_err(l3c_pmu->dev, "L3C PMU register failed!\n"); 399 - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_L3_ONLINE, 400 - &l3c_pmu->node); 399 + cpuhp_state_remove_instance_nocalls( 400 + CPUHP_AP_PERF_ARM_HISI_L3_ONLINE, &l3c_pmu->node); 401 + irq_set_affinity_hint(l3c_pmu->irq, NULL); 401 402 } 402 403 403 404 return ret; ··· 409 408 struct hisi_pmu *l3c_pmu = platform_get_drvdata(pdev); 410 409 411 410 perf_pmu_unregister(&l3c_pmu->pmu); 412 - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_L3_ONLINE, 413 - &l3c_pmu->node); 411 + cpuhp_state_remove_instance_nocalls(CPUHP_AP_PERF_ARM_HISI_L3_ONLINE, 412 + &l3c_pmu->node); 413 + irq_set_affinity_hint(l3c_pmu->irq, NULL); 414 414 415 415 return 0; 416 416 }

+21 -2

drivers/perf/hisilicon/hisi_uncore_pmu.c

··· 35 35 36 36 return sprintf(buf, "%s\n", (char *)eattr->var); 37 37 } 38 + EXPORT_SYMBOL_GPL(hisi_format_sysfs_show); 38 39 39 40 /* 40 41 * PMU event attributes ··· 49 48 50 49 return sprintf(page, "config=0x%lx\n", (unsigned long)eattr->var); 51 50 } 51 + EXPORT_SYMBOL_GPL(hisi_event_sysfs_show); 52 52 53 53 /* 54 54 * sysfs cpumask attributes. For uncore PMU, we only have a single CPU to show ··· 61 59 62 60 return sprintf(buf, "%d\n", hisi_pmu->on_cpu); 63 61 } 62 + EXPORT_SYMBOL_GPL(hisi_cpumask_sysfs_show); 64 63 65 64 static bool hisi_validate_event_group(struct perf_event *event) 66 65 { ··· 100 97 { 101 98 return idx >= 0 && idx < hisi_pmu->num_counters; 102 99 } 100 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_counter_valid); 103 101 104 102 int hisi_uncore_pmu_get_event_idx(struct perf_event *event) 105 103 { ··· 117 113 118 114 return idx; 119 115 } 116 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_get_event_idx); 120 117 121 118 static void hisi_uncore_pmu_clear_event_idx(struct hisi_pmu *hisi_pmu, int idx) 122 119 { ··· 178 173 179 174 return 0; 180 175 } 176 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_event_init); 181 177 182 178 /* 183 179 * Set the counter to count the event that we're interested in, ··· 226 220 /* Write start value to the hardware event counter */ 227 221 hisi_pmu->ops->write_counter(hisi_pmu, hwc, val); 228 222 } 223 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_set_event_period); 229 224 230 225 void hisi_uncore_pmu_event_update(struct perf_event *event) 231 226 { ··· 247 240 HISI_MAX_PERIOD(hisi_pmu->counter_bits); 248 241 local64_add(delta, &event->count); 249 242 } 243 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_event_update); 250 244 251 245 void hisi_uncore_pmu_start(struct perf_event *event, int flags) 252 246 { ··· 270 262 hisi_uncore_pmu_enable_event(event); 271 263 perf_event_update_userpage(event); 272 264 } 265 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_start); 273 266 274 267 void hisi_uncore_pmu_stop(struct perf_event *event, int flags) 275 268 { ··· 287 278 hisi_uncore_pmu_event_update(event); 288 279 hwc->state |= PERF_HES_UPTODATE; 289 280 } 281 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_stop); 290 282 291 283 int hisi_uncore_pmu_add(struct perf_event *event, int flags) 292 284 { ··· 310 300 311 301 return 0; 312 302 } 303 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_add); 313 304 314 305 void hisi_uncore_pmu_del(struct perf_event *event, int flags) 315 306 { ··· 322 311 perf_event_update_userpage(event); 323 312 hisi_pmu->pmu_events.hw_events[hwc->idx] = NULL; 324 313 } 314 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_del); 325 315 326 316 void hisi_uncore_pmu_read(struct perf_event *event) 327 317 { 328 318 /* Read hardware counter and update the perf counter statistics */ 329 319 hisi_uncore_pmu_event_update(event); 330 320 } 321 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_read); 331 322 332 323 void hisi_uncore_pmu_enable(struct pmu *pmu) 333 324 { ··· 342 329 343 330 hisi_pmu->ops->start_counters(hisi_pmu); 344 331 } 332 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_enable); 345 333 346 334 void hisi_uncore_pmu_disable(struct pmu *pmu) 347 335 { ··· 350 336 351 337 hisi_pmu->ops->stop_counters(hisi_pmu); 352 338 } 339 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_disable); 353 340 354 341 355 342 /* ··· 429 414 hisi_pmu->on_cpu = cpu; 430 415 431 416 /* Overflow interrupt also should use the same CPU */ 432 - WARN_ON(irq_set_affinity(hisi_pmu->irq, cpumask_of(cpu))); 417 + WARN_ON(irq_set_affinity_hint(hisi_pmu->irq, cpumask_of(cpu))); 433 418 434 419 return 0; 435 420 } 421 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_online_cpu); 436 422 437 423 int hisi_uncore_pmu_offline_cpu(unsigned int cpu, struct hlist_node *node) 438 424 { ··· 462 446 perf_pmu_migrate_context(&hisi_pmu->pmu, cpu, target); 463 447 /* Use this CPU for event counting */ 464 448 hisi_pmu->on_cpu = target; 465 - WARN_ON(irq_set_affinity(hisi_pmu->irq, cpumask_of(target))); 449 + WARN_ON(irq_set_affinity_hint(hisi_pmu->irq, cpumask_of(target))); 466 450 467 451 return 0; 468 452 } 453 + EXPORT_SYMBOL_GPL(hisi_uncore_pmu_offline_cpu); 454 + 455 + MODULE_LICENSE("GPL v2");

+6

fs/Kconfig.binfmt

··· 36 36 config ARCH_BINFMT_ELF_STATE 37 37 bool 38 38 39 + config ARCH_HAVE_ELF_PROT 40 + bool 41 + 42 + config ARCH_USE_GNU_PROPERTY 43 + bool 44 + 39 45 config BINFMT_ELF_FDPIC 40 46 bool "Kernel support for FDPIC ELF binaries" 41 47 default y if !BINFMT_ELF

+139 -6

fs/binfmt_elf.c

··· 40 40 #include <linux/sched/coredump.h> 41 41 #include <linux/sched/task_stack.h> 42 42 #include <linux/sched/cputime.h> 43 + #include <linux/sizes.h> 44 + #include <linux/types.h> 43 45 #include <linux/cred.h> 44 46 #include <linux/dax.h> 45 47 #include <linux/uaccess.h> 46 48 #include <asm/param.h> 47 49 #include <asm/page.h> 50 + 51 + #ifndef ELF_COMPAT 52 + #define ELF_COMPAT 0 53 + #endif 48 54 49 55 #ifndef user_long_t 50 56 #define user_long_t long ··· 545 539 546 540 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */ 547 541 548 - static inline int make_prot(u32 p_flags) 542 + static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state, 543 + bool has_interp, bool is_interp) 549 544 { 550 545 int prot = 0; 551 546 ··· 556 549 prot |= PROT_WRITE; 557 550 if (p_flags & PF_X) 558 551 prot |= PROT_EXEC; 559 - return prot; 552 + 553 + return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp); 560 554 } 561 555 562 556 /* This is much more generalized than the library routine read function, ··· 567 559 568 560 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, 569 561 struct file *interpreter, 570 - unsigned long no_base, struct elf_phdr *interp_elf_phdata) 562 + unsigned long no_base, struct elf_phdr *interp_elf_phdata, 563 + struct arch_elf_state *arch_state) 571 564 { 572 565 struct elf_phdr *eppnt; 573 566 unsigned long load_addr = 0; ··· 600 591 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { 601 592 if (eppnt->p_type == PT_LOAD) { 602 593 int elf_type = MAP_PRIVATE | MAP_DENYWRITE; 603 - int elf_prot = make_prot(eppnt->p_flags); 594 + int elf_prot = make_prot(eppnt->p_flags, arch_state, 595 + true, true); 604 596 unsigned long vaddr = 0; 605 597 unsigned long k, map_addr; 606 598 ··· 692 682 * libraries. There is no binary dependent code anywhere else. 693 683 */ 694 684 685 + static int parse_elf_property(const char *data, size_t *off, size_t datasz, 686 + struct arch_elf_state *arch, 687 + bool have_prev_type, u32 *prev_type) 688 + { 689 + size_t o, step; 690 + const struct gnu_property *pr; 691 + int ret; 692 + 693 + if (*off == datasz) 694 + return -ENOENT; 695 + 696 + if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN)) 697 + return -EIO; 698 + o = *off; 699 + datasz -= *off; 700 + 701 + if (datasz < sizeof(*pr)) 702 + return -ENOEXEC; 703 + pr = (const struct gnu_property *)(data + o); 704 + o += sizeof(*pr); 705 + datasz -= sizeof(*pr); 706 + 707 + if (pr->pr_datasz > datasz) 708 + return -ENOEXEC; 709 + 710 + WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN); 711 + step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN); 712 + if (step > datasz) 713 + return -ENOEXEC; 714 + 715 + /* Properties are supposed to be unique and sorted on pr_type: */ 716 + if (have_prev_type && pr->pr_type <= *prev_type) 717 + return -ENOEXEC; 718 + *prev_type = pr->pr_type; 719 + 720 + ret = arch_parse_elf_property(pr->pr_type, data + o, 721 + pr->pr_datasz, ELF_COMPAT, arch); 722 + if (ret) 723 + return ret; 724 + 725 + *off = o + step; 726 + return 0; 727 + } 728 + 729 + #define NOTE_DATA_SZ SZ_1K 730 + #define GNU_PROPERTY_TYPE_0_NAME "GNU" 731 + #define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME)) 732 + 733 + static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, 734 + struct arch_elf_state *arch) 735 + { 736 + union { 737 + struct elf_note nhdr; 738 + char data[NOTE_DATA_SZ]; 739 + } note; 740 + loff_t pos; 741 + ssize_t n; 742 + size_t off, datasz; 743 + int ret; 744 + bool have_prev_type; 745 + u32 prev_type; 746 + 747 + if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr) 748 + return 0; 749 + 750 + /* load_elf_binary() shouldn't call us unless this is true... */ 751 + if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY)) 752 + return -ENOEXEC; 753 + 754 + /* If the properties are crazy large, that's too bad (for now): */ 755 + if (phdr->p_filesz > sizeof(note)) 756 + return -ENOEXEC; 757 + 758 + pos = phdr->p_offset; 759 + n = kernel_read(f, &note, phdr->p_filesz, &pos); 760 + 761 + BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ); 762 + if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ) 763 + return -EIO; 764 + 765 + if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || 766 + note.nhdr.n_namesz != NOTE_NAME_SZ || 767 + strncmp(note.data + sizeof(note.nhdr), 768 + GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr))) 769 + return -ENOEXEC; 770 + 771 + off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ, 772 + ELF_GNU_PROPERTY_ALIGN); 773 + if (off > n) 774 + return -ENOEXEC; 775 + 776 + if (note.nhdr.n_descsz > n - off) 777 + return -ENOEXEC; 778 + datasz = off + note.nhdr.n_descsz; 779 + 780 + have_prev_type = false; 781 + do { 782 + ret = parse_elf_property(note.data, &off, datasz, arch, 783 + have_prev_type, &prev_type); 784 + have_prev_type = true; 785 + } while (!ret); 786 + 787 + return ret == -ENOENT ? 0 : ret; 788 + } 789 + 695 790 static int load_elf_binary(struct linux_binprm *bprm) 696 791 { 697 792 struct file *interpreter = NULL; /* to shut gcc up */ ··· 804 689 int load_addr_set = 0; 805 690 unsigned long error; 806 691 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL; 692 + struct elf_phdr *elf_property_phdata = NULL; 807 693 unsigned long elf_bss, elf_brk; 808 694 int bss_prot = 0; 809 695 int retval, i; ··· 841 725 elf_ppnt = elf_phdata; 842 726 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) { 843 727 char *elf_interpreter; 728 + 729 + if (elf_ppnt->p_type == PT_GNU_PROPERTY) { 730 + elf_property_phdata = elf_ppnt; 731 + continue; 732 + } 844 733 845 734 if (elf_ppnt->p_type != PT_INTERP) 846 735 continue; ··· 940 819 goto out_free_dentry; 941 820 942 821 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */ 822 + elf_property_phdata = NULL; 943 823 elf_ppnt = interp_elf_phdata; 944 824 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++) 945 825 switch (elf_ppnt->p_type) { 826 + case PT_GNU_PROPERTY: 827 + elf_property_phdata = elf_ppnt; 828 + break; 829 + 946 830 case PT_LOPROC ... PT_HIPROC: 947 831 retval = arch_elf_pt_proc(interp_elf_ex, 948 832 elf_ppnt, interpreter, ··· 957 831 break; 958 832 } 959 833 } 834 + 835 + retval = parse_elf_properties(interpreter ?: bprm->file, 836 + elf_property_phdata, &arch_state); 837 + if (retval) 838 + goto out_free_dentry; 960 839 961 840 /* 962 841 * Allow arch code to reject the ELF at this point, whilst it's ··· 1044 913 } 1045 914 } 1046 915 1047 - elf_prot = make_prot(elf_ppnt->p_flags); 916 + elf_prot = make_prot(elf_ppnt->p_flags, &arch_state, 917 + !!interpreter, false); 1048 918 1049 919 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE; 1050 920 ··· 1188 1056 if (interpreter) { 1189 1057 elf_entry = load_elf_interp(interp_elf_ex, 1190 1058 interpreter, 1191 - load_bias, interp_elf_phdata); 1059 + load_bias, interp_elf_phdata, 1060 + &arch_state); 1192 1061 if (!IS_ERR((void *)elf_entry)) { 1193 1062 /* 1194 1063 * load_elf_interp() returns relocation

+4

fs/compat_binfmt_elf.c

··· 17 17 #include <linux/elfcore-compat.h> 18 18 #include <linux/time.h> 19 19 20 + #define ELF_COMPAT 1 21 + 20 22 /* 21 23 * Rename the basic ELF layout types to refer to the 32-bit class of files. 22 24 */ ··· 30 28 #undef elf_shdr 31 29 #undef elf_note 32 30 #undef elf_addr_t 31 + #undef ELF_GNU_PROPERTY_ALIGN 33 32 #define elfhdr elf32_hdr 34 33 #define elf_phdr elf32_phdr 35 34 #define elf_shdr elf32_shdr 36 35 #define elf_note elf32_note 37 36 #define elf_addr_t Elf32_Addr 37 + #define ELF_GNU_PROPERTY_ALIGN ELF32_GNU_PROPERTY_ALIGN 38 38 39 39 /* 40 40 * Some data types as stored in coredump.

+4

fs/proc/meminfo.c

··· 103 103 show_val_kb(m, "SUnreclaim: ", sunreclaim); 104 104 seq_printf(m, "KernelStack: %8lu kB\n", 105 105 global_zone_page_state(NR_KERNEL_STACK_KB)); 106 + #ifdef CONFIG_SHADOW_CALL_STACK 107 + seq_printf(m, "ShadowCallStack:%8lu kB\n", 108 + global_zone_page_state(NR_KERNEL_SCS_KB)); 109 + #endif 106 110 show_val_kb(m, "PageTables: ", 107 111 global_zone_page_state(NR_PAGETABLE)); 108 112

+3

fs/proc/task_mmu.c

··· 635 635 [ilog2(VM_ARCH_1)] = "ar", 636 636 [ilog2(VM_WIPEONFORK)] = "wf", 637 637 [ilog2(VM_DONTDUMP)] = "dd", 638 + #ifdef CONFIG_ARM64_BTI 639 + [ilog2(VM_ARM64_BTI)] = "bt", 640 + #endif 638 641 #ifdef CONFIG_MEM_SOFT_DIRTY 639 642 [ilog2(VM_SOFTDIRTY)] = "sd", 640 643 #endif

+23 -2

include/linux/arm-smccc.h

··· 5 5 #ifndef __LINUX_ARM_SMCCC_H 6 6 #define __LINUX_ARM_SMCCC_H 7 7 8 + #include <linux/init.h> 8 9 #include <uapi/linux/const.h> 9 10 10 11 /* 11 12 * This file provides common defines for ARM SMC Calling Convention as 12 13 * specified in 13 - * http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html 14 + * https://developer.arm.com/docs/den0028/latest 15 + * 16 + * This code is up-to-date with version DEN 0028 C 14 17 */ 15 18 16 19 #define ARM_SMCCC_STD_CALL _AC(0,U) ··· 59 56 60 57 #define ARM_SMCCC_VERSION_1_0 0x10000 61 58 #define ARM_SMCCC_VERSION_1_1 0x10001 59 + #define ARM_SMCCC_VERSION_1_2 0x10002 62 60 63 61 #define ARM_SMCCC_VERSION_FUNC_ID \ 64 62 ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ ··· 100 96 * When SMCCCv1.1 is not present, returns SMCCC_CONDUIT_NONE. 101 97 */ 102 98 enum arm_smccc_conduit arm_smccc_1_1_get_conduit(void); 99 + 100 + /** 101 + * arm_smccc_get_version() 102 + * 103 + * Returns the version to be used for SMCCCv1.1 or later. 104 + * 105 + * When SMCCCv1.1 or above is not present, returns SMCCCv1.0, but this 106 + * does not imply the presence of firmware or a valid conduit. Caller 107 + * handling SMCCCv1.0 must determine the conduit by other means. 108 + */ 109 + u32 arm_smccc_get_version(void); 110 + 111 + void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit); 103 112 104 113 /** 105 114 * struct arm_smccc_res - Result from SMC/HVC call ··· 331 314 */ 332 315 #define arm_smccc_1_1_hvc(...) __arm_smccc_1_1(SMCCC_HVC_INST, __VA_ARGS__) 333 316 334 - /* Return codes defined in ARM DEN 0070A */ 317 + /* 318 + * Return codes defined in ARM DEN 0070A 319 + * ARM DEN 0070A is now merged/consolidated into ARM DEN 0028 C 320 + */ 335 321 #define SMCCC_RET_SUCCESS 0 336 322 #define SMCCC_RET_NOT_SUPPORTED -1 337 323 #define SMCCC_RET_NOT_REQUIRED -2 324 + #define SMCCC_RET_INVALID_PARAMETER -3 338 325 339 326 /* 340 327 * Like arm_smccc_1_1* but always returns SMCCC_RET_NOT_SUPPORTED.

+4

include/linux/compiler-clang.h

··· 42 42 * compilers, like ICC. 43 43 */ 44 44 #define barrier() __asm__ __volatile__("" : : : "memory") 45 + 46 + #if __has_feature(shadow_call_stack) 47 + # define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) 48 + #endif

+4

include/linux/compiler_types.h

··· 197 197 # define randomized_struct_fields_end 198 198 #endif 199 199 200 + #ifndef __noscs 201 + # define __noscs 202 + #endif 203 + 200 204 #ifndef asm_volatile_goto 201 205 #define asm_volatile_goto(x...) asm goto(x) 202 206 #endif

+43

include/linux/elf.h

··· 2 2 #ifndef _LINUX_ELF_H 3 3 #define _LINUX_ELF_H 4 4 5 + #include <linux/types.h> 5 6 #include <asm/elf.h> 6 7 #include <uapi/linux/elf.h> 7 8 ··· 22 21 SET_PERSONALITY(ex) 23 22 #endif 24 23 24 + #define ELF32_GNU_PROPERTY_ALIGN 4 25 + #define ELF64_GNU_PROPERTY_ALIGN 8 26 + 25 27 #if ELF_CLASS == ELFCLASS32 26 28 27 29 extern Elf32_Dyn _DYNAMIC []; ··· 35 31 #define elf_addr_t Elf32_Off 36 32 #define Elf_Half Elf32_Half 37 33 #define Elf_Word Elf32_Word 34 + #define ELF_GNU_PROPERTY_ALIGN ELF32_GNU_PROPERTY_ALIGN 38 35 39 36 #else 40 37 ··· 47 42 #define elf_addr_t Elf64_Off 48 43 #define Elf_Half Elf64_Half 49 44 #define Elf_Word Elf64_Word 45 + #define ELF_GNU_PROPERTY_ALIGN ELF64_GNU_PROPERTY_ALIGN 50 46 51 47 #endif 52 48 ··· 62 56 extern int elf_coredump_extra_notes_size(void); 63 57 extern int elf_coredump_extra_notes_write(struct coredump_params *cprm); 64 58 #endif 59 + 60 + /* 61 + * NT_GNU_PROPERTY_TYPE_0 header: 62 + * Keep this internal until/unless there is an agreed UAPI definition. 63 + * pr_type values (GNU_PROPERTY_*) are public and defined in the UAPI header. 64 + */ 65 + struct gnu_property { 66 + u32 pr_type; 67 + u32 pr_datasz; 68 + }; 69 + 70 + struct arch_elf_state; 71 + 72 + #ifndef CONFIG_ARCH_USE_GNU_PROPERTY 73 + static inline int arch_parse_elf_property(u32 type, const void *data, 74 + size_t datasz, bool compat, 75 + struct arch_elf_state *arch) 76 + { 77 + return 0; 78 + } 79 + #else 80 + extern int arch_parse_elf_property(u32 type, const void *data, size_t datasz, 81 + bool compat, struct arch_elf_state *arch); 82 + #endif 83 + 84 + #ifdef CONFIG_ARCH_HAVE_ELF_PROT 85 + int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state, 86 + bool has_interp, bool is_interp); 87 + #else 88 + static inline int arch_elf_adjust_prot(int prot, 89 + const struct arch_elf_state *state, 90 + bool has_interp, bool is_interp) 91 + { 92 + return prot; 93 + } 94 + #endif 95 + 65 96 #endif /* _LINUX_ELF_H */

+4 -4

include/linux/linkage.h

··· 105 105 106 106 /* === DEPRECATED annotations === */ 107 107 108 - #ifndef CONFIG_X86 108 + #ifndef CONFIG_ARCH_USE_SYM_ANNOTATIONS 109 109 #ifndef GLOBAL 110 110 /* deprecated, use SYM_DATA*, SYM_ENTRY, or similar */ 111 111 #define GLOBAL(name) \ ··· 118 118 #define ENTRY(name) \ 119 119 SYM_FUNC_START(name) 120 120 #endif 121 - #endif /* CONFIG_X86 */ 121 + #endif /* CONFIG_ARCH_USE_SYM_ANNOTATIONS */ 122 122 #endif /* LINKER_SCRIPT */ 123 123 124 - #ifndef CONFIG_X86 124 + #ifndef CONFIG_ARCH_USE_SYM_ANNOTATIONS 125 125 #ifndef WEAK 126 126 /* deprecated, use SYM_FUNC_START_WEAK* */ 127 127 #define WEAK(name) \ ··· 143 143 #define ENDPROC(name) \ 144 144 SYM_FUNC_END(name) 145 145 #endif 146 - #endif /* CONFIG_X86 */ 146 + #endif /* CONFIG_ARCH_USE_SYM_ANNOTATIONS */ 147 147 148 148 /* === generic annotations === */ 149 149

+3

include/linux/mm.h

··· 325 325 #elif defined(CONFIG_SPARC64) 326 326 # define VM_SPARC_ADI VM_ARCH_1 /* Uses ADI tag for access control */ 327 327 # define VM_ARCH_CLEAR VM_SPARC_ADI 328 + #elif defined(CONFIG_ARM64) 329 + # define VM_ARM64_BTI VM_ARCH_1 /* BTI guarded page, a.k.a. GP bit */ 330 + # define VM_ARCH_CLEAR VM_ARM64_BTI 328 331 #elif !defined(CONFIG_MMU) 329 332 # define VM_MAPPED_COPY VM_ARCH_1 /* T if mapped copy of data (nommu mmap) */ 330 333 #endif

+3

include/linux/mmzone.h

··· 156 156 NR_MLOCK, /* mlock()ed pages found and moved off LRU */ 157 157 NR_PAGETABLE, /* used for pagetables */ 158 158 NR_KERNEL_STACK_KB, /* measured in KiB */ 159 + #if IS_ENABLED(CONFIG_SHADOW_CALL_STACK) 160 + NR_KERNEL_SCS_KB, /* measured in KiB */ 161 + #endif 159 162 /* Second 128 byte cacheline */ 160 163 NR_BOUNCE, 161 164 #if IS_ENABLED(CONFIG_ZSMALLOC)

-7

include/linux/psci.h

··· 21 21 int psci_set_osi_mode(void); 22 22 bool psci_has_osi_support(void); 23 23 24 - enum smccc_version { 25 - SMCCC_VERSION_1_0, 26 - SMCCC_VERSION_1_1, 27 - }; 28 - 29 24 struct psci_operations { 30 25 u32 (*get_version)(void); 31 26 int (*cpu_suspend)(u32 state, unsigned long entry_point); ··· 30 35 int (*affinity_info)(unsigned long target_affinity, 31 36 unsigned long lowest_affinity_level); 32 37 int (*migrate_info_type)(void); 33 - enum arm_smccc_conduit conduit; 34 - enum smccc_version smccc_version; 35 38 }; 36 39 37 40 extern struct psci_operations psci_ops;

+72

include/linux/scs.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + /* 3 + * Shadow Call Stack support. 4 + * 5 + * Copyright (C) 2019 Google LLC 6 + */ 7 + 8 + #ifndef _LINUX_SCS_H 9 + #define _LINUX_SCS_H 10 + 11 + #include <linux/gfp.h> 12 + #include <linux/poison.h> 13 + #include <linux/sched.h> 14 + #include <linux/sizes.h> 15 + 16 + #ifdef CONFIG_SHADOW_CALL_STACK 17 + 18 + /* 19 + * In testing, 1 KiB shadow stack size (i.e. 128 stack frames on a 64-bit 20 + * architecture) provided ~40% safety margin on stack usage while keeping 21 + * memory allocation overhead reasonable. 22 + */ 23 + #define SCS_SIZE SZ_1K 24 + #define GFP_SCS (GFP_KERNEL | __GFP_ZERO) 25 + 26 + /* An illegal pointer value to mark the end of the shadow stack. */ 27 + #define SCS_END_MAGIC (0x5f6UL + POISON_POINTER_DELTA) 28 + 29 + /* Allocate a static per-CPU shadow stack */ 30 + #define DEFINE_SCS(name) \ 31 + DEFINE_PER_CPU(unsigned long [SCS_SIZE/sizeof(long)], name) \ 32 + 33 + #define task_scs(tsk) (task_thread_info(tsk)->scs_base) 34 + #define task_scs_sp(tsk) (task_thread_info(tsk)->scs_sp) 35 + 36 + void scs_init(void); 37 + int scs_prepare(struct task_struct *tsk, int node); 38 + void scs_release(struct task_struct *tsk); 39 + 40 + static inline void scs_task_reset(struct task_struct *tsk) 41 + { 42 + /* 43 + * Reset the shadow stack to the base address in case the task 44 + * is reused. 45 + */ 46 + task_scs_sp(tsk) = task_scs(tsk); 47 + } 48 + 49 + static inline unsigned long *__scs_magic(void *s) 50 + { 51 + return (unsigned long *)(s + SCS_SIZE) - 1; 52 + } 53 + 54 + static inline bool task_scs_end_corrupted(struct task_struct *tsk) 55 + { 56 + unsigned long *magic = __scs_magic(task_scs(tsk)); 57 + unsigned long sz = task_scs_sp(tsk) - task_scs(tsk); 58 + 59 + return sz >= SCS_SIZE - 1 || READ_ONCE_NOCHECK(*magic) != SCS_END_MAGIC; 60 + } 61 + 62 + #else /* CONFIG_SHADOW_CALL_STACK */ 63 + 64 + static inline void scs_init(void) {} 65 + static inline void scs_task_reset(struct task_struct *tsk) {} 66 + static inline int scs_prepare(struct task_struct *tsk, int node) { return 0; } 67 + static inline void scs_release(struct task_struct *tsk) {} 68 + static inline bool task_scs_end_corrupted(struct task_struct *tsk) { return false; } 69 + 70 + #endif /* CONFIG_SHADOW_CALL_STACK */ 71 + 72 + #endif /* _LINUX_SCS_H */

+11

include/uapi/linux/elf.h

··· 36 36 #define PT_LOPROC 0x70000000 37 37 #define PT_HIPROC 0x7fffffff 38 38 #define PT_GNU_EH_FRAME 0x6474e550 39 + #define PT_GNU_PROPERTY 0x6474e553 39 40 40 41 #define PT_GNU_STACK (PT_LOOS + 0x474e551) 41 42 ··· 368 367 * Notes used in ET_CORE. Architectures export some of the arch register sets 369 368 * using the corresponding note types via the PTRACE_GETREGSET and 370 369 * PTRACE_SETREGSET requests. 370 + * The note name for all these is "LINUX". 371 371 */ 372 372 #define NT_PRSTATUS 1 373 373 #define NT_PRFPREG 2 ··· 431 429 #define NT_MIPS_FP_MODE 0x801 /* MIPS floating-point mode */ 432 430 #define NT_MIPS_MSA 0x802 /* MIPS SIMD registers */ 433 431 432 + /* Note types with note name "GNU" */ 433 + #define NT_GNU_PROPERTY_TYPE_0 5 434 + 434 435 /* Note header in a PT_NOTE section */ 435 436 typedef struct elf32_note { 436 437 Elf32_Word n_namesz; /* Name size */ ··· 447 442 Elf64_Word n_descsz; /* Content size */ 448 443 Elf64_Word n_type; /* Content type */ 449 444 } Elf64_Nhdr; 445 + 446 + /* .note.gnu.property types for EM_AARCH64: */ 447 + #define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000 448 + 449 + /* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */ 450 + #define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) 450 451 451 452 #endif /* _UAPI_LINUX_ELF_H */

+8

init/init_task.c

··· 11 11 #include <linux/mm.h> 12 12 #include <linux/audit.h> 13 13 #include <linux/numa.h> 14 + #include <linux/scs.h> 14 15 15 16 #include <asm/pgtable.h> 16 17 #include <linux/uaccess.h> ··· 50 49 .siglock = __SPIN_LOCK_UNLOCKED(init_sighand.siglock), 51 50 .signalfd_wqh = __WAIT_QUEUE_HEAD_INITIALIZER(init_sighand.signalfd_wqh), 52 51 }; 52 + 53 + #ifdef CONFIG_SHADOW_CALL_STACK 54 + unsigned long init_shadow_call_stack[SCS_SIZE / sizeof(long)] 55 + __init_task_data = { 56 + [(SCS_SIZE / sizeof(long)) - 1] = SCS_END_MAGIC 57 + }; 58 + #endif 53 59 54 60 /* 55 61 * Set up the first task table, touch at your own risk!. Base=0,

+1

kernel/Makefile

··· 103 103 obj-$(CONFIG_IRQ_WORK) += irq_work.o 104 104 obj-$(CONFIG_CPU_PM) += cpu_pm.o 105 105 obj-$(CONFIG_BPF) += bpf/ 106 + obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o 106 107 107 108 obj-$(CONFIG_PERF_EVENTS) += events/ 108 109

+9

kernel/fork.c

··· 94 94 #include <linux/thread_info.h> 95 95 #include <linux/stackleak.h> 96 96 #include <linux/kasan.h> 97 + #include <linux/scs.h> 97 98 98 99 #include <asm/pgtable.h> 99 100 #include <asm/pgalloc.h> ··· 457 456 458 457 void free_task(struct task_struct *tsk) 459 458 { 459 + scs_release(tsk); 460 + 460 461 #ifndef CONFIG_THREAD_INFO_IN_TASK 461 462 /* 462 463 * The task is finally done with both the stack and thread_info, ··· 843 840 NULL, free_vm_stack_cache); 844 841 #endif 845 842 843 + scs_init(); 844 + 846 845 lockdep_init_task(&init_task); 847 846 uprobes_init(); 848 847 } ··· 901 896 refcount_set(&tsk->stack_refcount, 1); 902 897 #endif 903 898 899 + if (err) 900 + goto free_stack; 901 + 902 + err = scs_prepare(tsk, node); 904 903 if (err) 905 904 goto free_stack; 906 905

+5

kernel/sched/core.c

··· 11 11 #include <linux/nospec.h> 12 12 13 13 #include <linux/kcov.h> 14 + #include <linux/scs.h> 14 15 15 16 #include <asm/switch_to.h> 16 17 #include <asm/tlb.h> ··· 3926 3925 #ifdef CONFIG_SCHED_STACK_END_CHECK 3927 3926 if (task_stack_end_corrupted(prev)) 3928 3927 panic("corrupted stack end detected inside scheduler\n"); 3928 + 3929 + if (task_scs_end_corrupted(prev)) 3930 + panic("corrupted shadow stack detected inside scheduler\n"); 3929 3931 #endif 3930 3932 3931 3933 #ifdef CONFIG_DEBUG_ATOMIC_SLEEP ··· 6092 6088 idle->se.exec_start = sched_clock(); 6093 6089 idle->flags |= PF_IDLE; 6094 6090 6091 + scs_task_reset(idle); 6095 6092 kasan_unpoison_task_stack(idle); 6096 6093 6097 6094 #ifdef CONFIG_SMP

+104

kernel/scs.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* 3 + * Shadow Call Stack support. 4 + * 5 + * Copyright (C) 2019 Google LLC 6 + */ 7 + 8 + #include <linux/kasan.h> 9 + #include <linux/mm.h> 10 + #include <linux/scs.h> 11 + #include <linux/slab.h> 12 + #include <linux/vmstat.h> 13 + 14 + static struct kmem_cache *scs_cache; 15 + 16 + static void __scs_account(void *s, int account) 17 + { 18 + struct page *scs_page = virt_to_page(s); 19 + 20 + mod_zone_page_state(page_zone(scs_page), NR_KERNEL_SCS_KB, 21 + account * (SCS_SIZE / SZ_1K)); 22 + } 23 + 24 + static void *scs_alloc(int node) 25 + { 26 + void *s = kmem_cache_alloc_node(scs_cache, GFP_SCS, node); 27 + 28 + if (!s) 29 + return NULL; 30 + 31 + *__scs_magic(s) = SCS_END_MAGIC; 32 + 33 + /* 34 + * Poison the allocation to catch unintentional accesses to 35 + * the shadow stack when KASAN is enabled. 36 + */ 37 + kasan_poison_object_data(scs_cache, s); 38 + __scs_account(s, 1); 39 + return s; 40 + } 41 + 42 + static void scs_free(void *s) 43 + { 44 + __scs_account(s, -1); 45 + kasan_unpoison_object_data(scs_cache, s); 46 + kmem_cache_free(scs_cache, s); 47 + } 48 + 49 + void __init scs_init(void) 50 + { 51 + scs_cache = kmem_cache_create("scs_cache", SCS_SIZE, 0, 0, NULL); 52 + } 53 + 54 + int scs_prepare(struct task_struct *tsk, int node) 55 + { 56 + void *s = scs_alloc(node); 57 + 58 + if (!s) 59 + return -ENOMEM; 60 + 61 + task_scs(tsk) = task_scs_sp(tsk) = s; 62 + return 0; 63 + } 64 + 65 + static void scs_check_usage(struct task_struct *tsk) 66 + { 67 + static unsigned long highest; 68 + 69 + unsigned long *p, prev, curr = highest, used = 0; 70 + 71 + if (!IS_ENABLED(CONFIG_DEBUG_STACK_USAGE)) 72 + return; 73 + 74 + for (p = task_scs(tsk); p < __scs_magic(tsk); ++p) { 75 + if (!READ_ONCE_NOCHECK(*p)) 76 + break; 77 + used++; 78 + } 79 + 80 + while (used > curr) { 81 + prev = cmpxchg_relaxed(&highest, curr, used); 82 + 83 + if (prev == curr) { 84 + pr_info("%s (%d): highest shadow stack usage: %lu bytes\n", 85 + tsk->comm, task_pid_nr(tsk), used); 86 + break; 87 + } 88 + 89 + curr = prev; 90 + } 91 + } 92 + 93 + void scs_release(struct task_struct *tsk) 94 + { 95 + void *s = task_scs(tsk); 96 + 97 + if (!s) 98 + return; 99 + 100 + WARN(task_scs_end_corrupted(tsk), 101 + "corrupted shadow stack detected when freeing task\n"); 102 + scs_check_usage(tsk); 103 + scs_free(s); 104 + }

+3

lib/Kconfig

··· 83 83 config ARCH_HAS_FAST_MULTIPLIER 84 84 bool 85 85 86 + config ARCH_USE_SYM_ANNOTATIONS 87 + bool 88 + 86 89 config INDIRECT_PIO 87 90 bool "Access I/O in non-MMIO mode" 88 91 depends on ARM64

+6

mm/page_alloc.c

··· 5420 5420 " managed:%lukB" 5421 5421 " mlocked:%lukB" 5422 5422 " kernel_stack:%lukB" 5423 + #ifdef CONFIG_SHADOW_CALL_STACK 5424 + " shadow_call_stack:%lukB" 5425 + #endif 5423 5426 " pagetables:%lukB" 5424 5427 " bounce:%lukB" 5425 5428 " free_pcp:%lukB" ··· 5445 5442 K(zone_managed_pages(zone)), 5446 5443 K(zone_page_state(zone, NR_MLOCK)), 5447 5444 zone_page_state(zone, NR_KERNEL_STACK_KB), 5445 + #ifdef CONFIG_SHADOW_CALL_STACK 5446 + zone_page_state(zone, NR_KERNEL_SCS_KB), 5447 + #endif 5448 5448 K(zone_page_state(zone, NR_PAGETABLE)), 5449 5449 K(zone_page_state(zone, NR_BOUNCE)), 5450 5450 K(free_pcp),

+3

mm/vmstat.c

··· 1119 1119 "nr_mlock", 1120 1120 "nr_page_table_pages", 1121 1121 "nr_kernel_stack", 1122 + #if IS_ENABLED(CONFIG_SHADOW_CALL_STACK) 1123 + "nr_shadow_call_stack", 1124 + #endif 1122 1125 "nr_bounce", 1123 1126 #if IS_ENABLED(CONFIG_ZSMALLOC) 1124 1127 "nr_zspages",

-1

tools/testing/selftests/wireguard/qemu/debug.config

··· 57 57 CONFIG_USER_STACKTRACE_SUPPORT=y 58 58 CONFIG_DEBUG_SG=y 59 59 CONFIG_DEBUG_NOTIFIERS=y 60 - CONFIG_DOUBLEFAULT=y 61 60 CONFIG_X86_DEBUG_FPU=y 62 61 CONFIG_DEBUG_SECTION_MISMATCH=y 63 62 CONFIG_DEBUG_PAGEALLOC=y

+1 -3

virt/kvm/arm/arm.c

··· 1387 1387 1388 1388 static int init_common_resources(void) 1389 1389 { 1390 - kvm_set_ipa_limit(); 1391 - 1392 - return 0; 1390 + return kvm_set_ipa_limit(); 1393 1391 } 1394 1392 1395 1393 static int init_subsystems(void)