From patchwork Thu Nov 30 16:39:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 120224 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp14187qgn; Thu, 30 Nov 2017 08:40:43 -0800 (PST) X-Google-Smtp-Source: AGs4zMa7Hg6vGoaE3JjHeCIVYdhpS+wXqjUIxrmVFl4cf/d+5pY36XlKZdFSBokNAu5ysBxmvLMh X-Received: by 10.98.86.70 with SMTP id k67mr7188460pfb.214.1512060043461; Thu, 30 Nov 2017 08:40:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512060043; cv=none; d=google.com; s=arc-20160816; b=tA5BBTIhtpmhg6RW4jKLW18I38mIE5jWfgDl/kfhy/Km0mUn3SDjWzMQn9DhA2ezRw cZFdzwgqURxfGCbWwrFsKsQAqGkHtI3iiyi7mMkA2CdDEhuE1RVi4krnyIRdq33hdpYL wMzNpgUb4ukqC2cKjDbQ8mS7m86a7oI98MabsanadqPn/i4rk3WhomIChvDsJB0i8dNp 3VsFX98xBehxiGjKgIn9MJDsQmkS8Vly9TbkGKuMvT5/IulP4EY0MYNvBm9gZVcPx2r4 oN+5wV59xaSUEbGugcqTLnj3e2Fu7P7LNss1eQbEofMXDdPDX41ZCK2djFOa6EvEJtg/ 2SOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=uGMAFHIDE6QccExS90aDXuF4sFb4LPp2pjv42dL57N0=; b=rTr9nb27lwBwJ2z8Avjz/LtTYkoJPedj6AIXNmM1vBKTGvaLZwyOilaI9mzVov/qq8 cs3XhCs3bnL9MRD+N2m+5Hfjhvy0hhmzOikhqBilWJCxy5DHMIuSIPGfvwd2B1UmL4EC hYgSEa6i4cjje6mMbsKYFh6GoEm8DC7y1IOGA7NmzZzv668DK376g26OqGsm8oYFJbp5 AzXH2JVXP0oSQBrdMaQi2DAJ0G60QjxRpvB0H9FAHMsDfN5jaEdJ5yRRL+NypQCQId/A 2mypSBiln2LpDhrWRqg/0toOjdcm4zrE+yHsVj7NYDfEH+e05EUwHvOykcv+SIVt61qU X0kA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h72si3532928pfj.20.2017.11.30.08.40.43; Thu, 30 Nov 2017 08:40:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753463AbdK3Qkf (ORCPT + 28 others); Thu, 30 Nov 2017 11:40:35 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:57480 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753379AbdK3Qjr (ORCPT ); Thu, 30 Nov 2017 11:39:47 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 406EB1AFA; Thu, 30 Nov 2017 08:39:46 -0800 (PST) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 117483F318; Thu, 30 Nov 2017 08:39:46 -0800 (PST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 6E3FD1AE3DFE; Thu, 30 Nov 2017 16:39:48 +0000 (GMT) From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, ard.biesheuvel@linaro.org, sboyd@codeaurora.org, dave.hansen@linux.intel.com, keescook@chromium.org, msalter@redhat.com, labbott@redhat.com, tglx@linutronix.de, Will Deacon Subject: [PATCH v2 16/18] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 Date: Thu, 30 Nov 2017 16:39:44 +0000 Message-Id: <1512059986-21325-17-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1512059986-21325-1-git-send-email-will.deacon@arm.com> References: <1512059986-21325-1-git-send-email-will.deacon@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Allow explicit disabling of the entry trampoline on the kernel command line (kaiser=off) by adding a fake CPU feature (ARM64_UNMAP_KERNEL_AT_EL0) that can be used to toggle the alternative sequences in our entry code and avoid use of the trampoline altogether if desired. This also allows us to make use of a static key in arm64_kernel_unmapped_at_el0(). Signed-off-by: Will Deacon --- arch/arm64/include/asm/cpucaps.h | 3 ++- arch/arm64/include/asm/mmu.h | 3 ++- arch/arm64/kernel/cpufeature.c | 41 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 11 +++++++---- 4 files changed, 52 insertions(+), 6 deletions(-) -- 2.1.4 diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index 2ff7c5e8efab..b4537ffd1018 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -41,7 +41,8 @@ #define ARM64_WORKAROUND_CAVIUM_30115 20 #define ARM64_HAS_DCPOP 21 #define ARM64_SVE 22 +#define ARM64_UNMAP_KERNEL_AT_EL0 23 -#define ARM64_NCAPS 23 +#define ARM64_NCAPS 24 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index c07954638658..da6f12e40714 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -36,7 +36,8 @@ typedef struct { static inline bool arm64_kernel_unmapped_at_el0(void) { - return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && + cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index c5ba0097887f..72fc55d22ddb 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -845,6 +845,40 @@ static bool has_no_fpsimd(const struct arm64_cpu_capabilities *entry, int __unus ID_AA64PFR0_FP_SHIFT) < 0; } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __kaiser_forced; /* 0: not forced, >0: forced on, <0: forced off */ + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + /* Forced on command line? */ + if (__kaiser_forced) { + pr_info("KAISER forced %s by command line option\n", + __kaiser_forced > 0 ? "ON" : "OFF"); + return __kaiser_forced > 0; + } + + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) + return true; + + return false; +} + +static int __init parse_kaiser(char *str) +{ + bool enabled; + int ret = strtobool(str, &enabled); + + if (ret) + return ret; + + __kaiser_forced = enabled ? 1 : -1; + return 0; +} +__setup("kaiser=", parse_kaiser); +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -931,6 +965,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .def_scope = SCOPE_SYSTEM, .matches = hyp_offset_low, }, +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + { + .capability = ARM64_UNMAP_KERNEL_AT_EL0, + .def_scope = SCOPE_SYSTEM, + .matches = unmap_kernel_at_el0, + }, +#endif { /* FP/SIMD is not implemented */ .capability = ARM64_HAS_NO_FPSIMD, diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index a5ec6ab5c711..d8775f55e930 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -74,6 +74,7 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el == 0 .if \regsize == 64 mrs x30, tpidrro_el0 @@ -82,6 +83,7 @@ mov x30, xzr .endif .endif +alternative_else_nop_endif #endif sub sp, sp, #S_FRAME_SIZE @@ -323,10 +325,10 @@ alternative_else_nop_endif ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp -#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 - eret -#else .if \el == 0 +alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0 bne 4f msr far_el1, x30 tramp_alias x30, tramp_exit_native @@ -334,10 +336,11 @@ alternative_else_nop_endif 4: tramp_alias x30, tramp_exit_compat br x30 +alternative_else_nop_endif +#endif .else eret .endif -#endif .endm .macro irq_stack_entry