tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

arm64: add ARM64_HAS_GIC_PRIO_RELAXED_SYNC cpucap

When Priority Mask Hint Enable (PMHE) == 0b1, the GIC may use the PMR
value to determine whether to signal an IRQ to a PE, and consequently
after a change to the PMR value, a DSB SY may be required to ensure that
interrupts are signalled to a CPU in finite time. When PMHE == 0b0,
interrupts are always signalled to the relevant PE, and all masking
occurs locally, without requiring a DSB SY.

Since commit:

f226650494c6aa87 ("arm64: Relax ICC_PMR_EL1 accesses when ICC_CTLR_EL1.PMHE is clear")

... we handle this dynamically: in most cases a static key is used to
determine whether to issue a DSB SY, but the entry code must read from
ICC_CTLR_EL1 as static keys aren't accessible from plain assembly.

It would be much nicer to use an alternative instruction sequence for
the DSB, as this would avoid the need to read from ICC_CTLR_EL1 in the
entry code, and for most other code this will result in simpler code
generation with fewer instructions and fewer branches.

This patch adds a new ARM64_HAS_GIC_PRIO_RELAXED_SYNC cpucap which is
only set when ICC_CTLR_EL1.PMHE == 0b0 (and GIC priority masking is in
use). This allows us to replace the existing users of the
`gic_pmr_sync` static key with alternative sequences which default to a
DSB SY and are relaxed to a NOP when PMHE is not in use.

The entry assembly management of the PMR is slightly restructured to use
a branch (rather than multiple NOPs) when priority masking is not in
use. This is more in keeping with other alternatives in the entry
assembly, and permits the use of a separate alternatives for the
PMHE-dependent DSB SY (and removal of the conditional branch this
currently requires). For consistency I've adjusted both the save and
restore paths.

According to bloat-o-meter, when building defconfig +
CONFIG_ARM64_PSEUDO_NMI=y this shrinks the kernel text by ~4KiB:

| add/remove: 4/2 grow/shrink: 42/310 up/down: 332/-5032 (-4700)

The resulting vmlinux is ~66KiB smaller, though the resulting Image size
is unchanged due to padding and alignment:

| [mark@lakrids:~/src/linux]% ls -al vmlinux-*
| -rwxr-xr-x 1 mark mark 137508344 Jan 17 14:11 vmlinux-after
| -rwxr-xr-x 1 mark mark 137575440 Jan 17 13:49 vmlinux-before
| [mark@lakrids:~/src/linux]% ls -al Image-*
| -rw-r--r-- 1 mark mark 38777344 Jan 17 14:11 Image-after
| -rw-r--r-- 1 mark mark 38777344 Jan 17 13:49 Image-before

Prior to this patch we did not verify the state of ICC_CTLR_EL1.PMHE on
secondary CPUs. As of this patch this is verified by the cpufeature code
when using GIC priority masking (i.e. when using pseudo-NMIs).

Note that since commit:

7e3a57fa6ca831fa ("arm64: Document ICC_CTLR_EL3.PMHE setting requirements")

... Documentation/arm64/booting.rst specifies:

| - ICC_CTLR_EL3.PMHE (bit 6) must be set to the same value across
| all CPUs the kernel is executing on, and must stay constant
| for the lifetime of the kernel.

... so that should not adversely affect any compliant systems, and as
we'll only check for the absense of PMHE when using pseudo-NMIs, this
will only fire when such mismatch will adversely affect the system.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: Mark Brown <broonie@kernel.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20230130145429.903791-5-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

authored by

Mark Rutland and committed by
Catalin Marinas 8bf0a804 4b43f1cd

+71 -33
+5
arch/arm/include/asm/arch_gicv3.h
··· 252 252 WARN_ON_ONCE(true); 253 253 } 254 254 255 + static inline bool gic_has_relaxed_pmr_sync(void) 256 + { 257 + return false; 258 + } 259 + 255 260 #endif /* !__ASSEMBLY__ */ 256 261 #endif /* !__ASM_ARCH_GICV3_H */
+5
arch/arm64/include/asm/arch_gicv3.h
··· 190 190 asm volatile ("msr daifclr, #3" : : : "memory"); 191 191 } 192 192 193 + static inline bool gic_has_relaxed_pmr_sync(void) 194 + { 195 + return cpus_have_cap(ARM64_HAS_GIC_PRIO_RELAXED_SYNC); 196 + } 197 + 193 198 #endif /* __ASSEMBLY__ */ 194 199 #endif /* __ASM_ARCH_GICV3_H */
+7 -4
arch/arm64/include/asm/barrier.h
··· 11 11 12 12 #include <linux/kasan-checks.h> 13 13 14 + #include <asm/alternative-macros.h> 15 + 14 16 #define __nops(n) ".rept " #n "\nnop\n.endr\n" 15 17 #define nops(n) asm volatile(__nops(n)) 16 18 ··· 43 41 #ifdef CONFIG_ARM64_PSEUDO_NMI 44 42 #define pmr_sync() \ 45 43 do { \ 46 - extern struct static_key_false gic_pmr_sync; \ 47 - \ 48 - if (static_branch_unlikely(&gic_pmr_sync)) \ 49 - dsb(sy); \ 44 + asm volatile( \ 45 + ALTERNATIVE_CB("dsb sy", \ 46 + ARM64_HAS_GIC_PRIO_RELAXED_SYNC, \ 47 + alt_cb_patch_nops) \ 48 + ); \ 50 49 } while(0) 51 50 #else 52 51 #define pmr_sync() do {} while (0)
+36
arch/arm64/kernel/cpufeature.c
··· 2056 2056 2057 2057 return enable_pseudo_nmi; 2058 2058 } 2059 + 2060 + static bool has_gic_prio_relaxed_sync(const struct arm64_cpu_capabilities *entry, 2061 + int scope) 2062 + { 2063 + /* 2064 + * If we're not using priority masking then we won't be poking PMR_EL1, 2065 + * and there's no need to relax synchronization of writes to it, and 2066 + * ICC_CTLR_EL1 might not be accessible and we must avoid reads from 2067 + * that. 2068 + * 2069 + * ARM64_HAS_GIC_PRIO_MASKING has a lower index, and is a boot CPU 2070 + * feature, so will be detected earlier. 2071 + */ 2072 + BUILD_BUG_ON(ARM64_HAS_GIC_PRIO_RELAXED_SYNC <= ARM64_HAS_GIC_PRIO_MASKING); 2073 + if (!cpus_have_cap(ARM64_HAS_GIC_PRIO_MASKING)) 2074 + return false; 2075 + 2076 + /* 2077 + * When Priority Mask Hint Enable (PMHE) == 0b0, PMR is not used as a 2078 + * hint for interrupt distribution, a DSB is not necessary when 2079 + * unmasking IRQs via PMR, and we can relax the barrier to a NOP. 2080 + * 2081 + * Linux itself doesn't use 1:N distribution, so has no need to 2082 + * set PMHE. The only reason to have it set is if EL3 requires it 2083 + * (and we can't change it). 2084 + */ 2085 + return (gic_read_ctlr() & ICC_CTLR_EL1_PMHE_MASK) == 0; 2086 + } 2059 2087 #endif 2060 2088 2061 2089 #ifdef CONFIG_ARM64_BTI ··· 2573 2545 .capability = ARM64_HAS_GIC_PRIO_MASKING, 2574 2546 .type = ARM64_CPUCAP_STRICT_BOOT_CPU_FEATURE, 2575 2547 .matches = can_use_gic_priorities, 2548 + }, 2549 + { 2550 + /* 2551 + * Depends on ARM64_HAS_GIC_PRIO_MASKING 2552 + */ 2553 + .capability = ARM64_HAS_GIC_PRIO_RELAXED_SYNC, 2554 + .type = ARM64_CPUCAP_STRICT_BOOT_CPU_FEATURE, 2555 + .matches = has_gic_prio_relaxed_sync, 2576 2556 }, 2577 2557 #endif 2578 2558 #ifdef CONFIG_ARM64_E0PD
+16 -9
arch/arm64/kernel/entry.S
··· 311 311 .endif 312 312 313 313 #ifdef CONFIG_ARM64_PSEUDO_NMI 314 - /* Save pmr */ 315 - alternative_if ARM64_HAS_GIC_PRIO_MASKING 314 + alternative_if_not ARM64_HAS_GIC_PRIO_MASKING 315 + b .Lskip_pmr_save\@ 316 + alternative_else_nop_endif 317 + 316 318 mrs_s x20, SYS_ICC_PMR_EL1 317 319 str x20, [sp, #S_PMR_SAVE] 318 320 mov x20, #GIC_PRIO_IRQON | GIC_PRIO_PSR_I_SET 319 321 msr_s SYS_ICC_PMR_EL1, x20 320 - alternative_else_nop_endif 322 + 323 + .Lskip_pmr_save\@: 321 324 #endif 322 325 323 326 /* ··· 339 336 .endif 340 337 341 338 #ifdef CONFIG_ARM64_PSEUDO_NMI 342 - /* Restore pmr */ 343 - alternative_if ARM64_HAS_GIC_PRIO_MASKING 339 + alternative_if_not ARM64_HAS_GIC_PRIO_MASKING 340 + b .Lskip_pmr_restore\@ 341 + alternative_else_nop_endif 342 + 344 343 ldr x20, [sp, #S_PMR_SAVE] 345 344 msr_s SYS_ICC_PMR_EL1, x20 346 - mrs_s x21, SYS_ICC_CTLR_EL1 347 - tbz x21, #6, .L__skip_pmr_sync\@ // Check for ICC_CTLR_EL1.PMHE 348 - dsb sy // Ensure priority change is seen by redistributor 349 - .L__skip_pmr_sync\@: 345 + 346 + /* Ensure priority change is seen by redistributor */ 347 + alternative_if_not ARM64_HAS_GIC_PRIO_RELAXED_SYNC 348 + dsb sy 350 349 alternative_else_nop_endif 350 + 351 + .Lskip_pmr_restore\@: 351 352 #endif 352 353 353 354 ldp x21, x22, [sp, #S_PC] // load ELR, SPSR
-2
arch/arm64/kernel/image-vars.h
··· 67 67 KVM_NVHE_ALIAS(vgic_v2_cpuif_trap); 68 68 KVM_NVHE_ALIAS(vgic_v3_cpuif_trap); 69 69 70 - /* Static key checked in pmr_sync(). */ 71 70 #ifdef CONFIG_ARM64_PSEUDO_NMI 72 - KVM_NVHE_ALIAS(gic_pmr_sync); 73 71 /* Static key checked in GIC_PRIO_IRQOFF. */ 74 72 KVM_NVHE_ALIAS(gic_nonsecure_priorities); 75 73 #endif
+1
arch/arm64/tools/cpucaps
··· 30 30 HAS_GENERIC_AUTH_IMP_DEF 31 31 HAS_GIC_CPUIF_SYSREGS 32 32 HAS_GIC_PRIO_MASKING 33 + HAS_GIC_PRIO_RELAXED_SYNC 33 34 HAS_LDAPR 34 35 HAS_LSE_ATOMICS 35 36 HAS_NO_FPSIMD
+1 -18
drivers/irqchip/irq-gic-v3.c
··· 89 89 */ 90 90 static DEFINE_STATIC_KEY_FALSE(supports_pseudo_nmis); 91 91 92 - /* 93 - * Global static key controlling whether an update to PMR allowing more 94 - * interrupts requires to be propagated to the redistributor (DSB SY). 95 - * And this needs to be exported for modules to be able to enable 96 - * interrupts... 97 - */ 98 - DEFINE_STATIC_KEY_FALSE(gic_pmr_sync); 99 - EXPORT_SYMBOL(gic_pmr_sync); 100 - 101 92 DEFINE_STATIC_KEY_FALSE(gic_nonsecure_priorities); 102 93 EXPORT_SYMBOL(gic_nonsecure_priorities); 103 94 ··· 1759 1768 for (i = 0; i < gic_data.ppi_nr; i++) 1760 1769 refcount_set(&ppi_nmi_refs[i], 0); 1761 1770 1762 - /* 1763 - * Linux itself doesn't use 1:N distribution, so has no need to 1764 - * set PMHE. The only reason to have it set is if EL3 requires it 1765 - * (and we can't change it). 1766 - */ 1767 - if (gic_read_ctlr() & ICC_CTLR_EL1_PMHE_MASK) 1768 - static_branch_enable(&gic_pmr_sync); 1769 - 1770 1771 pr_info("Pseudo-NMIs enabled using %s ICC_PMR_EL1 synchronisation\n", 1771 - static_branch_unlikely(&gic_pmr_sync) ? "forced" : "relaxed"); 1772 + gic_has_relaxed_pmr_sync() ? "relaxed" : "forced"); 1772 1773 1773 1774 /* 1774 1775 * How priority values are used by the GIC depends on two things: