From patchwork Tue Apr 3 11:08:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132712 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3665370ljb; Tue, 3 Apr 2018 04:09:40 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+NfPj13ZGHc0cES2RiuqTd44POeh8cmkLxnqKsCWomN2PgKR4MZIofwBO7caw2E8q0rvGp X-Received: by 2002:a17:902:720a:: with SMTP id ba10-v6mr13776265plb.294.1522753780817; Tue, 03 Apr 2018 04:09:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753780; cv=none; d=google.com; s=arc-20160816; b=dO8e0geD6tYvpdNgo5iW0sqMSBT+COvo6RkQZeIzKa8L7z1hoG9Rgs/bnxmeFVjK4K wrHSapHvaJ7yosS2F7yCYP03m61hC6SW5uNV9/atlBvbaI+nprixNd/MZwChqgQlj2my NASqjO4dkN6G7+AbBCO4X5mEAfHGQLjglBPlBDy4vpeEQ6/t5DpzmzeJ4UYmBo7OnCpp Uf2SgB3RZS6owEMfHjOC9XDOl7GUaGekuMv9s51tIqJRKm5lCJEQN+hUuFfTDh1t/ECw UZhcCo2O8Mv50w+mEDZAMIt4wBIyOaGAGIo8uhd60dRi0A+Wiw79joFMwfDyRtWDFq0X pmow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=n6zG+7scF7+6BzFf1U4JSox8ZNs75kgpq8fmU6YIjSo=; b=YGCGrgd3Le3SIogNejgF6QlyjdC6DP4KSW94wc7SywwkulbKK/KZTwMS29eYlQpglP ocdvBckFkFJGCs9KoyCxI1gv5Ze1i5m9WPtMeuFrth3gwEdrZ7aBqFNeXtFqiOykNmqR kwdhNbJLuy6N+OGGEPp3nUYx+H1wTT6n8NKGOP3rfLtSW5MuBZtqn/Cmcrbu3KRlDVtV BJzOYvXgUoVnv3ixf70+V+dJcAKFkvrRSxj8sPBVqayueINLuQOble6PiHRrl8fuQgf7 Oi2DCzyB0Bevk6sFuElGl/VTaJCweKnPaKVLb+L93Zr0nQ9TMolBgG88eZdWZFSiJXog MrNQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d14-v6si302866plj.191.2018.04.03.04.09.40; Tue, 03 Apr 2018 04:09:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755254AbeDCLJk (ORCPT + 11 others); Tue, 3 Apr 2018 07:09:40 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59280 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755063AbeDCLJj (ORCPT ); Tue, 3 Apr 2018 07:09:39 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 575D81435; Tue, 3 Apr 2018 04:09:39 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 26CF03F587; Tue, 3 Apr 2018 04:09:38 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 01/27] arm64: mm: Use non-global mappings for kernel space Date: Tue, 3 Apr 2018 12:08:57 +0100 Message-Id: <20180403110923.43575-2-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit e046eb0c9bf2 upstream. In preparation for unmapping the kernel whilst running in userspace, make the kernel mappings non-global so we can avoid expensive TLB invalidation on kernel exit to userspace. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/kernel-pgtable.h | 12 ++++++++++-- arch/arm64/include/asm/pgtable-prot.h | 21 +++++++++++++++------ 2 files changed, 25 insertions(+), 8 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h index 7e51d1b57c0c..e4ddac983640 100644 --- a/arch/arm64/include/asm/kernel-pgtable.h +++ b/arch/arm64/include/asm/kernel-pgtable.h @@ -71,8 +71,16 @@ /* * Initial memory map attributes. */ -#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) +#define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) +#define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) +#else +#define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS +#define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS +#endif #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 2142c7726e76..84b5283d2e7f 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -34,8 +34,16 @@ #include -#define PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) +#define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define PROT_DEFAULT (_PROT_DEFAULT | PTE_NG) +#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_SECT_NG) +#else +#define PROT_DEFAULT _PROT_DEFAULT +#define PROT_SECT_DEFAULT _PROT_SECT_DEFAULT +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) @@ -48,6 +56,7 @@ #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) #define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) +#define _HYP_PAGE_DEFAULT (_PAGE_DEFAULT & ~PTE_NG) #define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE) #define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY) @@ -55,15 +64,15 @@ #define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE) #define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT) -#define PAGE_HYP __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) -#define PAGE_HYP_EXEC __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) -#define PAGE_HYP_RO __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) +#define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) +#define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) +#define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) #define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) #define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) -#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_PXN | PTE_UXN) +#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) #define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE) #define PAGE_COPY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN) From patchwork Tue Apr 3 11:08:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132713 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3665492ljb; Tue, 3 Apr 2018 04:09:47 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+iK006fakzKdF1dKbFpxpRw+mx0RTIHyTHY8zYSQymY2n34q6kcxjO5PV58+nTBRPl/WV6 X-Received: by 2002:a17:902:7084:: with SMTP id z4-v6mr14103250plk.395.1522753787297; Tue, 03 Apr 2018 04:09:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753787; cv=none; d=google.com; s=arc-20160816; b=0V065MhbIes6CmBaHpz0MIGjeoSXOECFR7F8L8itNBA/fjU4Re90QEcDXYiiIRpkk4 9SsfYTvuh5p1vepNWJjTN9HOMcvE9sl96zZ0U12mnLl0KuOpthTjW73IModSqXS2n2K0 K1rnQDM/Y1j1jhla+VpFY3BG9GukiEftYUYg0oZKQfoybnXgnfnBZGH9VecuCecDUUhN dOIRLwQw90aixFJ9JBgg57r5NdGHmV73uDxcA5HOWxNFhVYiZczyBV/VuRtvKJBM0VdN Tv3JCpI34ZDR7f6IgQJwqeW+k6+qdEvPjDhJggBKoUID+45IxGiZCzim4xcZ0Y7xA6ov Bs8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=4Ve8vJXvE4K0iWNHu/gh8BISMn0rrIS+L+xpS3MqlgU=; b=zAuwjCGLWiUepXhAPzhrnXVDVRjbSN+42lBWbo+dEH/NBReYOMrrHHRMLe4RxVNxbi 0AxuaJ81iQuI2OzumsmWawJ25iOqHIcbjq+Y3Y0jkTJi7qaPyXBG0GOhUEDZsL3zCaR8 FaQ3c3FLPEHlNaziUdY0NJdFyF4tYxmiMZbSf+1/Sl1P20SbIgp8GUK9f2WMQTsAj3ft giLSL/3LNQhqHLtxY0fLYu58Hy7Qu5C/prczG+E74ii7jjKzogrof8OcgHxIuW006jMn hE+/KlOs1YjM90QqbnzEEygBz6p64IbZRs5JyiPh3tb504l1HRbfZepxS5oOwTbKAYx9 FSHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d14-v6si302866plj.191.2018.04.03.04.09.47; Tue, 03 Apr 2018 04:09:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754994AbeDCLJq (ORCPT + 11 others); Tue, 3 Apr 2018 07:09:46 -0400 Received: from foss.arm.com ([217.140.101.70]:59284 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754869AbeDCLJq (ORCPT ); Tue, 3 Apr 2018 07:09:46 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EEB8E1435; Tue, 3 Apr 2018 04:09:45 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BE0D13F587; Tue, 3 Apr 2018 04:09:44 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 02/27] arm64: mm: Move ASID from TTBR0 to TTBR1 Date: Tue, 3 Apr 2018 12:08:58 +0100 Message-Id: <20180403110923.43575-3-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 7655abb95386 upstream. In preparation for mapping kernelspace and userspace with different ASIDs, move the ASID to TTBR1 and update switch_mm to context-switch TTBR0 via an invalid mapping (the zero page). Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/mmu_context.h | 7 +++++++ arch/arm64/include/asm/pgtable-hwdef.h | 1 + arch/arm64/include/asm/proc-fns.h | 6 ------ arch/arm64/mm/proc.S | 9 ++++++--- 4 files changed, 14 insertions(+), 9 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index a50185375f09..b96c4799f881 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -50,6 +50,13 @@ static inline void cpu_set_reserved_ttbr0(void) isb(); } +static inline void cpu_switch_mm(pgd_t *pgd, struct mm_struct *mm) +{ + BUG_ON(pgd == swapper_pg_dir); + cpu_set_reserved_ttbr0(); + cpu_do_switch_mm(virt_to_phys(pgd),mm); +} + /* * TCR.T0SZ value to use when the ID map is active. Usually equals * TCR_T0SZ(VA_BITS), unless system RAM is positioned very high in diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h index eb0c2bd90de9..8df4cb6ac6f7 100644 --- a/arch/arm64/include/asm/pgtable-hwdef.h +++ b/arch/arm64/include/asm/pgtable-hwdef.h @@ -272,6 +272,7 @@ #define TCR_TG1_4K (UL(2) << TCR_TG1_SHIFT) #define TCR_TG1_64K (UL(3) << TCR_TG1_SHIFT) +#define TCR_A1 (UL(1) << 22) #define TCR_ASID16 (UL(1) << 36) #define TCR_TBI0 (UL(1) << 37) #define TCR_HA (UL(1) << 39) diff --git a/arch/arm64/include/asm/proc-fns.h b/arch/arm64/include/asm/proc-fns.h index 14ad6e4e87d1..16cef2e8449e 100644 --- a/arch/arm64/include/asm/proc-fns.h +++ b/arch/arm64/include/asm/proc-fns.h @@ -35,12 +35,6 @@ extern u64 cpu_do_resume(phys_addr_t ptr, u64 idmap_ttbr); #include -#define cpu_switch_mm(pgd,mm) \ -do { \ - BUG_ON(pgd == swapper_pg_dir); \ - cpu_do_switch_mm(virt_to_phys(pgd),mm); \ -} while (0) - #endif /* __ASSEMBLY__ */ #endif /* __KERNEL__ */ #endif /* __ASM_PROCFNS_H */ diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 352c73b6a59e..3378f3e21224 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -132,9 +132,12 @@ ENDPROC(cpu_do_resume) * - pgd_phys - physical address of new TTB */ ENTRY(cpu_do_switch_mm) + mrs x2, ttbr1_el1 mmid x1, x1 // get mm->context.id - bfi x0, x1, #48, #16 // set the ASID - msr ttbr0_el1, x0 // set TTBR0 + bfi x2, x1, #48, #16 // set the ASID + msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set) + isb + msr ttbr0_el1, x0 // now update TTBR0 isb alternative_if ARM64_WORKAROUND_CAVIUM_27456 ic iallu @@ -222,7 +225,7 @@ ENTRY(__cpu_setup) * both user and kernel. */ ldr x10, =TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \ - TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 + TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 | TCR_A1 tcr_set_idmap_t0sz x10, x9 /* From patchwork Tue Apr 3 11:08:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132714 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3665595ljb; Tue, 3 Apr 2018 04:09:51 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/w9RNXAII0UMk1c5AeXI7FdPEQX8NJ3wU5A7xxrardiBF7aj3u3iJdC2QAo52VfwsesKCX X-Received: by 2002:a17:902:a508:: with SMTP id s8-v6mr13980104plq.216.1522753791568; Tue, 03 Apr 2018 04:09:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753791; cv=none; d=google.com; s=arc-20160816; b=tcFb3qML4OAC/XcCDA3ltCOAhTEJhnWsb7zhMO3XyDl2vEDr9aItiGm+OtTEclvVcw UnBNeIrzAkDN+C5mnbprkO7OBLp0u95ePznZvme0uXMO8qzmWGkbFywGHK+4jRKkcpNY 2lO91gNyVwtyvx53c0DE36AkP1k1iKN8PaVJBEm8KH5lXq47/3LzLeAzT82fBcWNKrv3 Pbb+4KFuzv2g+GK64a7JLSvD/IijxsJaUWrYD1RfzewwIr3ItVY4BjxtfiZKMfNBOIbT WJeAqaVRV7nLssakyntp056A5rpnv3NjT0uQwmpSxzNNJZysPgO5YQ4r9dxy+ZkR52XU HSeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=VtpXUx5TADztEWI3h4SIBOp2oYKNf7VS1KhYmXnvNJk=; b=y51EvSEFyC25tSmiSjmL1CmjNYkxlj0RIP3fDV1yPp1IFOyBWc/zGP/sFT96IE8n+O LnpAd+Gys5oyx/qlhBi3GMATY1ceGAcjUAeqv7BizKj9H9Bp2QVuXkiMUoKtvOL+QXit eUR+Y0/3V/EJ5jEI616+PNakbxLOo4xTN7yaA+mJoBjzZy1YzOH2yWVcG2KX0e8hSck9 fGSlaGkMPd5kapNoclYc245JCubt80F1JhG80mxjBIY8nCXByN/yZMOhGgLBVc2lE7ML GqkPU5jSod47YpclT9x18+BpUyQKmfn8auDaWBSC3JFkaXVsyrzX6Q2TCF4jD5xYmGwu 3NPQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d14-v6si302866plj.191.2018.04.03.04.09.51; Tue, 03 Apr 2018 04:09:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755257AbeDCLJu (ORCPT + 11 others); Tue, 3 Apr 2018 07:09:50 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59292 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755063AbeDCLJu (ORCPT ); Tue, 3 Apr 2018 07:09:50 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2DADB1435; Tue, 3 Apr 2018 04:09:50 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id F0D4A3F587; Tue, 3 Apr 2018 04:09:48 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 03/27] arm64: mm: Allocate ASIDs in pairs Date: Tue, 3 Apr 2018 12:08:59 +0100 Message-Id: <20180403110923.43575-4-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 0c8ea531b774 upstream. In preparation for separate kernel/user ASIDs, allocate them in pairs for each mm_struct. The bottom bit distinguishes the two: if it is set, then the ASID will map only userspace. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/mmu.h | 2 ++ arch/arm64/mm/context.c | 25 +++++++++++++++++-------- 2 files changed, 19 insertions(+), 8 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index 8d9fce037b2f..49924e56048e 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -16,6 +16,8 @@ #ifndef __ASM_MMU_H #define __ASM_MMU_H +#define USER_ASID_FLAG (UL(1) << 48) + typedef struct { atomic64_t id; void *vdso; diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c index efcf1f7ef1e4..f00f5eeb556f 100644 --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -39,7 +39,16 @@ static cpumask_t tlb_flush_pending; #define ASID_MASK (~GENMASK(asid_bits - 1, 0)) #define ASID_FIRST_VERSION (1UL << asid_bits) -#define NUM_USER_ASIDS ASID_FIRST_VERSION + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define NUM_USER_ASIDS (ASID_FIRST_VERSION >> 1) +#define asid2idx(asid) (((asid) & ~ASID_MASK) >> 1) +#define idx2asid(idx) (((idx) << 1) & ~ASID_MASK) +#else +#define NUM_USER_ASIDS (ASID_FIRST_VERSION) +#define asid2idx(asid) ((asid) & ~ASID_MASK) +#define idx2asid(idx) asid2idx(idx) +#endif /* Get the ASIDBits supported by the current CPU */ static u32 get_cpu_asid_bits(void) @@ -104,7 +113,7 @@ static void flush_context(unsigned int cpu) */ if (asid == 0) asid = per_cpu(reserved_asids, i); - __set_bit(asid & ~ASID_MASK, asid_map); + __set_bit(asid2idx(asid), asid_map); per_cpu(reserved_asids, i) = asid; } @@ -159,16 +168,16 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) * We had a valid ASID in a previous life, so try to re-use * it if possible. */ - asid &= ~ASID_MASK; - if (!__test_and_set_bit(asid, asid_map)) + if (!__test_and_set_bit(asid2idx(asid), asid_map)) return newasid; } /* * Allocate a free ASID. If we can't find one, take a note of the - * currently active ASIDs and mark the TLBs as requiring flushes. - * We always count from ASID #1, as we use ASID #0 when setting a - * reserved TTBR0 for the init_mm. + * currently active ASIDs and mark the TLBs as requiring flushes. We + * always count from ASID #2 (index 1), as we use ASID #0 when setting + * a reserved TTBR0 for the init_mm and we allocate ASIDs in even/odd + * pairs. */ asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx); if (asid != NUM_USER_ASIDS) @@ -185,7 +194,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) set_asid: __set_bit(asid, asid_map); cur_idx = asid; - return asid | generation; + return idx2asid(asid) | generation; } void check_and_switch_context(struct mm_struct *mm, unsigned int cpu) From patchwork Tue Apr 3 11:09:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132715 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3665646ljb; Tue, 3 Apr 2018 04:09:53 -0700 (PDT) X-Google-Smtp-Source: AIpwx49Lv4UEOfc5OXHEF8h+iPkjPu668voiGNv/QTWTlr5hyu8heUTZt9tThpnolidm7Mm2wMSs X-Received: by 2002:a17:902:4481:: with SMTP id l1-v6mr13784697pld.43.1522753793854; Tue, 03 Apr 2018 04:09:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753793; cv=none; d=google.com; s=arc-20160816; b=ukwVO9AqoXPbdH+92fy9MMkLGaWon2SoOYmWYbI7knoVEgmybWpkDh2YptkkplVzRH AhuI6Mgv0Ua72aTSBhAGEqAGVItSfzD1jjD/tb6GcwIUIjBoPPRAvaEeqS662Vsr512L CcvM5ltAO7nj36kpWCqZapOBwD2lu1h5O6f98MU3SpznfFypEQ98iZkmeqLsNRN8qpFC n2P2Fpc8JGY+8d0ECsDsPCKGd3aUQERhGgldDiflPzbEC3DyXe4g2tomkJS80BlUCnNU OtOFzS0Mhu9w+n87uK8WjTdezGENQSLmdvUjRR5NQxvUUzAOQgtdZfborMm8wWiY6cqc QSTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=xSQJNOZ8OWbKD/Rm9JtTYEBveTC1+4wIrAMazFqpyPE=; b=lNEkub+8UPqPEVwC1QmaWOK9DCk1xDjWjPyT2/O1+ZdLW6QslSjNNP6NhSMHgJRaUI 6HBKIaXG3gTYa0ueVZIfQmP9/OofsbI953pm6tb10XZTo257kuFvoZz/Pgl/MrkHGPFP fSQPfGTwFMXejNLMJOMEQNrW0icPGqVWKol1+oc3natICPz5EWzX8gU5NHydoghc+Zr0 5pLEbtwOCRt6d9UVlIg43pdWeSTB8BnGTEuXrm1gKvJLxC8j585SDHlzm/ZJ5eT0YrFi NfoN0RgEOvONWt3VXHtdtihEHORjGKb5OoKrlxad9AlleWp5Z2U6idzYKaDwmctYXydA j+VQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d14-v6si302866plj.191.2018.04.03.04.09.53; Tue, 03 Apr 2018 04:09:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755287AbeDCLJx (ORCPT + 11 others); Tue, 3 Apr 2018 07:09:53 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59298 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755063AbeDCLJw (ORCPT ); Tue, 3 Apr 2018 07:09:52 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 92F151435; Tue, 3 Apr 2018 04:09:52 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 623523F587; Tue, 3 Apr 2018 04:09:51 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 04/27] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper Date: Tue, 3 Apr 2018 12:09:00 +0100 Message-Id: <20180403110923.43575-5-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit fc0e1299da54 upstream. In order for code such as TLB invalidation to operate efficiently when the decision to map the kernel at EL0 is determined at runtime, this patch introduces a helper function, arm64_kernel_unmapped_at_el0, to determine whether or not the kernel is mapped whilst running in userspace. Currently, this just reports the value of CONFIG_UNMAP_KERNEL_AT_EL0, but will later be hooked up to a fake CPU capability using a static key. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/mmu.h | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.11.0 diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index 49924e56048e..279e75b8a49e 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -18,6 +18,8 @@ #define USER_ASID_FLAG (UL(1) << 48) +#ifndef __ASSEMBLY__ + typedef struct { atomic64_t id; void *vdso; @@ -30,6 +32,11 @@ typedef struct { */ #define ASID(mm) ((mm)->context.id.counter & 0xffff) +static inline bool arm64_kernel_unmapped_at_el0(void) +{ + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); +} + extern void paging_init(void); extern void bootmem_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); @@ -39,4 +46,5 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys, pgprot_t prot, bool allow_block_mappings); extern void *fixmap_remap_fdt(phys_addr_t dt_phys); +#endif /* !__ASSEMBLY__ */ #endif From patchwork Tue Apr 3 11:09:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132716 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3665708ljb; Tue, 3 Apr 2018 04:09:56 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/oWNlfwtUCkCfetcK3Lhxrhqq/eh/uZEeC5TPoOOA/4M6Wne0z8PIcInqSi0/3PyR5WjmW X-Received: by 10.99.60.89 with SMTP id i25mr1433925pgn.208.1522753796436; Tue, 03 Apr 2018 04:09:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753796; cv=none; d=google.com; s=arc-20160816; b=xrIaVBMVIGr5954WkEIrXk9P6FunkzCnK3RGD4uJrhKDyW43H5H1RXdKCuBF1LrISW QXByoc0gb6whxS4ZjEKe5kmAOwF/zj2bosvwEkZSsp0Vk9B4PLzeaB/xgNCaY4m47Jny DYYZhKwQkCFjMOAfpMlEqCDc7IOzaJAUQIX8pEXO04RBVZO+5aULSATfkHzXC8vLx2DL 6b0hwFmH+gQ39L6h2mybKPB0NWaAckAf8s146K+X1qQ7CYRohjJYpqIQlYGpy/s9hOxM J9ZwWz64T5euFzJBIWzExRHpCHzd+zNXyI55NuZcKgINRCJUx5SGzDYK8UN3GR6gBg1a 4nVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=PYDlewgEzJ8qoCXR+3aNWczCjvP3Y/G8NsLLxKYG1qA=; b=E/O1M30zRiGPWG/c3M7W6BvRXCR1vjFDRvE3ouYA4YQfjUWCkVvYo3+9zYWQCEe7MO MoDbkln1c/ifkdJhiPhlGH57lQXhwlCa4SckfZGEIFE6kTG2oFcpZgBnp6al/iOmy2fV vBxvqJO9z+ejgZloIIvRilN6cVkHxit5OrmKsfRIlDKa+A1p7w+ZMwJqj7I/XK2/yUxB mJiTm5GPPLW9YCEytTebW9JmLo6zLr/y9QT8CCX/nzDDmeMAzA/NzQ4Y7tlGwil33OxX CVDVxU3xq7muG2b1OFrln3wITEZ60pu7BFpJmsLkKY4M3BbONzs9nKU3GinBtTqzzDrd tB2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d14-v6si302866plj.191.2018.04.03.04.09.56; Tue, 03 Apr 2018 04:09:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755315AbeDCLJz (ORCPT + 11 others); Tue, 3 Apr 2018 07:09:55 -0400 Received: from foss.arm.com ([217.140.101.70]:59304 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755242AbeDCLJz (ORCPT ); Tue, 3 Apr 2018 07:09:55 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 006F11435; Tue, 3 Apr 2018 04:09:55 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C3D4D3F587; Tue, 3 Apr 2018 04:09:53 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 05/27] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI Date: Tue, 3 Apr 2018 12:09:01 +0100 Message-Id: <20180403110923.43575-6-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 9b0de864b5bc upstream. Since an mm has both a kernel and a user ASID, we need to ensure that broadcast TLB maintenance targets both address spaces so that things like CoW continue to work with the uaccess primitives in the kernel. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/tlbflush.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h index deab52374119..ad6bd8b26ada 100644 --- a/arch/arm64/include/asm/tlbflush.h +++ b/arch/arm64/include/asm/tlbflush.h @@ -23,6 +23,7 @@ #include #include +#include /* * Raw TLBI operations. @@ -42,6 +43,11 @@ #define __tlbi(op, ...) __TLBI_N(op, ##__VA_ARGS__, 1, 0) +#define __tlbi_user(op, arg) do { \ + if (arm64_kernel_unmapped_at_el0()) \ + __tlbi(op, (arg) | USER_ASID_FLAG); \ +} while (0) + /* * TLB Management * ============== @@ -103,6 +109,7 @@ static inline void flush_tlb_mm(struct mm_struct *mm) dsb(ishst); __tlbi(aside1is, asid); + __tlbi_user(aside1is, asid); dsb(ish); } @@ -113,6 +120,7 @@ static inline void flush_tlb_page(struct vm_area_struct *vma, dsb(ishst); __tlbi(vale1is, addr); + __tlbi_user(vale1is, addr); dsb(ish); } @@ -139,10 +147,13 @@ static inline void __flush_tlb_range(struct vm_area_struct *vma, dsb(ishst); for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) { - if (last_level) + if (last_level) { __tlbi(vale1is, addr); - else + __tlbi_user(vale1is, addr); + } else { __tlbi(vae1is, addr); + __tlbi_user(vae1is, addr); + } } dsb(ish); } @@ -182,6 +193,7 @@ static inline void __flush_tlb_pgtable(struct mm_struct *mm, unsigned long addr = uaddr >> 12 | (ASID(mm) << 48); __tlbi(vae1is, addr); + __tlbi_user(vae1is, addr); dsb(ish); } From patchwork Tue Apr 3 11:09:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132738 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666898ljb; Tue, 3 Apr 2018 04:11:01 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/X2qeks/CakNbgC3gY/3MszwRujSJWaApk2Y1wgrLhWTNE2am+r/codo/CcTwsMBSSVRj5 X-Received: by 10.101.82.69 with SMTP id q5mr8836017pgp.358.1522753861755; Tue, 03 Apr 2018 04:11:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753861; cv=none; d=google.com; s=arc-20160816; b=C+YpjXiFN8RmbgrnEt3QXkV2CL0W4KYXem/Nn/344QRk5H1z8LNTflXu1oBfOEMuwZ TnM6P/pjeEsI2S27OSttZMIJgImGb7GcTNGpbqFIUuQDbADZFeKAe2yrP+vj5q4Cde0G LITJDmLUrUO8wAq1HjPGguZyf0S2uj7+KYkzlAoXOHwYSATPOoy9F2Qe1OnVsTnbvGSl t3EUUwwkUZSM4XUYKIKrQ3r0HnchLtLl8v5lLYRMtsiOEkt44KtZGGcmG3pOQjGMN+G5 odhIpV7xkfFgYFMq+z+DrXEsMV8d1TfI4TheCLqwSJ5io3nOZpd+9sIPAPtQCk/jV+e7 LfVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=+yZNSPgt+6qEDZDOtUEY4lmQfPBaZ/4xfWig0xnF/Pk=; b=ZoUSE7HBQxmYQTy3F01oeWEZZQLtVoERMi5Fzsbpi1+9z7Q+xpqXWc48FxrTK27JbC 2cP2ii2nwfgjoUZ4cy7ynyBFfNcLiPXMHwdmKacISw1L74+Pl0R3UW1jXuHbcIAr6ZSx 3JtFKAiOUzksrENPU1ho0z2UQTWCbtARmmWIyJdB3oEBK/FweD0G6br3BB6rZvJzYgiz vJsI5BPNHKftzNtxpf4EOa00SeAgskmMwQUFHwYqEkZ3tvWQ+sfo/eN4it/GUX73PJWN CxjPjbJhqhPYd3WO30jw8EH9Nyi/DrRx0ZmvM8DDaBD5hYL4tHbwyWx6m3zAKrDUp3HE 8xlQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.11.01; Tue, 03 Apr 2018 04:11:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755364AbeDCLJ6 (ORCPT + 11 others); Tue, 3 Apr 2018 07:09:58 -0400 Received: from foss.arm.com ([217.140.101.70]:59308 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755242AbeDCLJ5 (ORCPT ); Tue, 3 Apr 2018 07:09:57 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 36F981596; Tue, 3 Apr 2018 04:09:57 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 066893F587; Tue, 3 Apr 2018 04:09:55 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 06/27] arm64: factor out entry stack manipulation Date: Tue, 3 Apr 2018 12:09:02 +0100 Message-Id: <20180403110923.43575-7-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org commit b11e5759bfac upstream. In subsequent patches, we will detect stack overflow in our exception entry code, by verifying the SP after it has been decremented to make space for the exception regs. This verification code is small, and we can minimize its impact by placing it directly in the vectors. To avoid redundant modification of the SP, we also need to move the initial decrement of the SP into the vectors. As a preparatory step, this patch introduces kernel_ventry, which performs this decrement, and updates the entry code accordingly. Subsequent patches will fold SP verification into kernel_ventry. There should be no functional change as a result of this patch. Signed-off-by: Ard Biesheuvel [Mark: turn into prep patch, expand commit msg] Signed-off-by: Mark Rutland Reviewed-by: Will Deacon Tested-by: Laura Abbott Cc: Catalin Marinas Cc: James Morse Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/entry.S | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index b4c7db434654..f5aa8f010254 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -68,8 +68,13 @@ #define BAD_FIQ 2 #define BAD_ERROR 3 - .macro kernel_entry, el, regsize = 64 + .macro kernel_ventry label + .align 7 sub sp, sp, #S_FRAME_SIZE + b \label + .endm + + .macro kernel_entry, el, regsize = 64 .if \regsize == 32 mov w0, w0 // zero upper 32 bits of x0 .endif @@ -257,31 +262,31 @@ tsk .req x28 // current thread_info .align 11 ENTRY(vectors) - ventry el1_sync_invalid // Synchronous EL1t - ventry el1_irq_invalid // IRQ EL1t - ventry el1_fiq_invalid // FIQ EL1t - ventry el1_error_invalid // Error EL1t + kernel_ventry el1_sync_invalid // Synchronous EL1t + kernel_ventry el1_irq_invalid // IRQ EL1t + kernel_ventry el1_fiq_invalid // FIQ EL1t + kernel_ventry el1_error_invalid // Error EL1t - ventry el1_sync // Synchronous EL1h - ventry el1_irq // IRQ EL1h - ventry el1_fiq_invalid // FIQ EL1h - ventry el1_error_invalid // Error EL1h + kernel_ventry el1_sync // Synchronous EL1h + kernel_ventry el1_irq // IRQ EL1h + kernel_ventry el1_fiq_invalid // FIQ EL1h + kernel_ventry el1_error_invalid // Error EL1h - ventry el0_sync // Synchronous 64-bit EL0 - ventry el0_irq // IRQ 64-bit EL0 - ventry el0_fiq_invalid // FIQ 64-bit EL0 - ventry el0_error_invalid // Error 64-bit EL0 + kernel_ventry el0_sync // Synchronous 64-bit EL0 + kernel_ventry el0_irq // IRQ 64-bit EL0 + kernel_ventry el0_fiq_invalid // FIQ 64-bit EL0 + kernel_ventry el0_error_invalid // Error 64-bit EL0 #ifdef CONFIG_COMPAT - ventry el0_sync_compat // Synchronous 32-bit EL0 - ventry el0_irq_compat // IRQ 32-bit EL0 - ventry el0_fiq_invalid_compat // FIQ 32-bit EL0 - ventry el0_error_invalid_compat // Error 32-bit EL0 + kernel_ventry el0_sync_compat // Synchronous 32-bit EL0 + kernel_ventry el0_irq_compat // IRQ 32-bit EL0 + kernel_ventry el0_fiq_invalid_compat // FIQ 32-bit EL0 + kernel_ventry el0_error_invalid_compat // Error 32-bit EL0 #else - ventry el0_sync_invalid // Synchronous 32-bit EL0 - ventry el0_irq_invalid // IRQ 32-bit EL0 - ventry el0_fiq_invalid // FIQ 32-bit EL0 - ventry el0_error_invalid // Error 32-bit EL0 + kernel_ventry el0_sync_invalid // Synchronous 32-bit EL0 + kernel_ventry el0_irq_invalid // IRQ 32-bit EL0 + kernel_ventry el0_fiq_invalid // FIQ 32-bit EL0 + kernel_ventry el0_error_invalid // Error 32-bit EL0 #endif END(vectors) From patchwork Tue Apr 3 11:09:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132717 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3665894ljb; Tue, 3 Apr 2018 04:10:07 -0700 (PDT) X-Google-Smtp-Source: AIpwx48WE982v+R16KUwIs+sdnoFTtLCGy4JQqRpxT+x9lw45aJn1fsrs3L9cBNR4JRHs1RouIJD X-Received: by 2002:a17:902:6ac1:: with SMTP id i1-v6mr13410164plt.152.1522753807003; Tue, 03 Apr 2018 04:10:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753806; cv=none; d=google.com; s=arc-20160816; b=FpuaLdfNYx91JrK3X0GXzDhHP5A8W+0s7zz/E53BNstQzr/I8MM6eVIVJC6gDjS0Js VdKO9prIQUB/w7MGw+D3FyX6A2VOIRJCV4TF8FsQAJOWhSR82gK+0H4fgT87rYHlc4vy ofNHNjcTI5BxPW6rtH/4a8W86NtYMRrGjEmLdF04r2WwfeNsI2e32x93dUfh20jgJ68o /d4HvUj8EeFoEY2USB/pfXKDAWZvonk8rD7XOAiqzksJ6IR/+k3gVOu47Zr/zxuyHcUJ 5dN1uRVEAEk5FGYdtkaq0qQcuJOIEGp3XbR2hqE/RO+dHdXBGxEF/LrY1LBFFrJFwWAB We7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=ULEC0sabRFRFzZMXzMCqq8OaN3CA8uhTjvo0X2Gu/L4=; b=YTCnbPZnBfL0wbEEBozvgcOFyVLN+vrCXq/o80qA/1J5qY/r0J1KDM5D6TYgRbKklo BJrvP4Y/MouWZ/kPp/APD5DGnZSqaUlMBh/eZ5aZTiEDaoa9IGpotLDabLitPLWIx2C8 wpRD0N40dxqx9Moo/SyO36bozMF1TGAX1v9yOEeFy00qAhNyEVPTEmYwNuRXEHF72nIX 9K+SA6k/5GVJcfWkjDeshb4FqR8dltKahCq0d7SeOdYElBFXv2AOF7oGXsHpp3rd+l9w G4zFv+V78eBjUG/G0FPbeZmc3EVBokJ96TytoVTAJ/K6vo0O28QP9+43/Q+8SUEIss+2 dRqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k63si1862166pgc.577.2018.04.03.04.10.06; Tue, 03 Apr 2018 04:10:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755481AbeDCLKC (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:02 -0400 Received: from foss.arm.com ([217.140.101.70]:59316 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755063AbeDCLJ7 (ORCPT ); Tue, 3 Apr 2018 07:09:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 72FFC1435; Tue, 3 Apr 2018 04:09:59 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 428AD3F587; Tue, 3 Apr 2018 04:09:58 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 07/27] module: extend 'rodata=off' boot cmdline parameter to module mappings Date: Tue, 3 Apr 2018 12:09:03 +0100 Message-Id: <20180403110923.43575-8-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: AKASHI Takahiro commit 39290b389ea upstream. The current "rodata=off" parameter disables read-only kernel mappings under CONFIG_DEBUG_RODATA: commit d2aa1acad22f ("mm/init: Add 'rodata=off' boot cmdline parameter to disable read-only kernel mappings") This patch is a logical extension to module mappings ie. read-only mappings at module loading can be disabled even if CONFIG_DEBUG_SET_MODULE_RONX (mainly for debug use). Please note, however, that it only affects RO/RW permissions, keeping NX set. This is the first step to make CONFIG_DEBUG_SET_MODULE_RONX mandatory (always-on) in the future as CONFIG_DEBUG_RODATA on x86 and arm64. Suggested-by: and Acked-by: Mark Rutland Signed-off-by: AKASHI Takahiro Reviewed-by: Kees Cook Acked-by: Rusty Russell Link: http://lkml.kernel.org/r/20161114061505.15238-1-takahiro.akashi@linaro.org Signed-off-by: Jessica Yu Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- include/linux/init.h | 3 +++ init/main.c | 7 +++++-- kernel/module.c | 20 +++++++++++++++++--- 3 files changed, 25 insertions(+), 5 deletions(-) -- 2.11.0 diff --git a/include/linux/init.h b/include/linux/init.h index 683508f6bb4e..0cca4142987f 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -133,6 +133,9 @@ void prepare_namespace(void); void __init load_default_modules(void); int __init init_rootfs(void); +#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_DEBUG_SET_MODULE_RONX) +extern bool rodata_enabled; +#endif #ifdef CONFIG_DEBUG_RODATA void mark_rodata_ro(void); #endif diff --git a/init/main.c b/init/main.c index 99f026565608..f22957afb37e 100644 --- a/init/main.c +++ b/init/main.c @@ -81,6 +81,7 @@ #include #include #include +#include #include #include @@ -914,14 +915,16 @@ static int try_to_run_init_process(const char *init_filename) static noinline void __init kernel_init_freeable(void); -#ifdef CONFIG_DEBUG_RODATA -static bool rodata_enabled = true; +#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_SET_MODULE_RONX) +bool rodata_enabled __ro_after_init = true; static int __init set_debug_rodata(char *str) { return strtobool(str, &rodata_enabled); } __setup("rodata=", set_debug_rodata); +#endif +#ifdef CONFIG_DEBUG_RODATA static void mark_readonly(void) { if (rodata_enabled) diff --git a/kernel/module.c b/kernel/module.c index 07bfb9971f2f..0651f2d25fc9 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -1911,6 +1911,9 @@ static void frob_writable_data(const struct module_layout *layout, /* livepatching wants to disable read-only so it can frob module. */ void module_disable_ro(const struct module *mod) { + if (!rodata_enabled) + return; + frob_text(&mod->core_layout, set_memory_rw); frob_rodata(&mod->core_layout, set_memory_rw); frob_ro_after_init(&mod->core_layout, set_memory_rw); @@ -1920,6 +1923,9 @@ void module_disable_ro(const struct module *mod) void module_enable_ro(const struct module *mod, bool after_init) { + if (!rodata_enabled) + return; + frob_text(&mod->core_layout, set_memory_ro); frob_rodata(&mod->core_layout, set_memory_ro); frob_text(&mod->init_layout, set_memory_ro); @@ -1952,6 +1958,9 @@ void set_all_modules_text_rw(void) { struct module *mod; + if (!rodata_enabled) + return; + mutex_lock(&module_mutex); list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) @@ -1968,6 +1977,9 @@ void set_all_modules_text_ro(void) { struct module *mod; + if (!rodata_enabled) + return; + mutex_lock(&module_mutex); list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) @@ -1981,10 +1993,12 @@ void set_all_modules_text_ro(void) static void disable_ro_nx(const struct module_layout *layout) { - frob_text(layout, set_memory_rw); - frob_rodata(layout, set_memory_rw); + if (rodata_enabled) { + frob_text(layout, set_memory_rw); + frob_rodata(layout, set_memory_rw); + frob_ro_after_init(layout, set_memory_rw); + } frob_rodata(layout, set_memory_x); - frob_ro_after_init(layout, set_memory_rw); frob_ro_after_init(layout, set_memory_x); frob_writable_data(layout, set_memory_x); } From patchwork Tue Apr 3 11:09:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132736 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666814ljb; Tue, 3 Apr 2018 04:10:56 -0700 (PDT) X-Google-Smtp-Source: AIpwx49P/Yr27F6M+BC2M83GTVj82MJfO4rUVD4Vl0zPgKcxNGqExx2Qyt+b5joiiVlFfvoNl5JP X-Received: by 10.99.127.72 with SMTP id p8mr8959870pgn.52.1522753856554; Tue, 03 Apr 2018 04:10:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753856; cv=none; d=google.com; s=arc-20160816; b=U/yhn+eyck6tPSH/c2+N3TISZ5mpVoTJvbFibH1v5Rrugz4CjchXK1Xf7D0RB2TfWb YMdTKd3XSZkh/WmBEgOITqprVw46hmNcPZmbm/O6RgAvZaTMwg3cnu/esbdEYL8vWwqi VrFlZWDliWs3TX3ABT2t109BhfUlik4ofR5O8l7U1Tri3potc7lglGOraSNpnnqNnCcN YGOwIhBHN/bg+0QmxB+3mveZWuxtDPxqUAtw/5WN3zlVGwWlxXB/hLdZ5rjGm9CDyPSO SY+i7azAAXbuVjJIhKV1pW0KvuOFFAMWJF+g23jPlJ2yemscX2WDDqpDFV9/lvRCvx4k 0rEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=s2znFkQt0k0N5fvVxi82w81upXXYJ7S73ksDGrsvaOE=; b=Src0HPnQBuUX1U2lxl1TQns9kbudckPhZx233oWLzkDvw5XPj4Lh58jtwETBBJ0wxJ OgA3D97IO8nvyviAnjbbebZAlwjBEAS1TUtOVXmFQveLhV1El6FNArJiulHS3x4zmykz ZSz40jYW+zLYqFDoNMF8RnFZnJm5nJfoich6bCXvIGImmUiKZy6SuQgH1sZZBzLVSgDz mATnXLMIZi0+TuVz4vM9vCNuSAUd3PhDFJm0B4G0ITeb04AQivRMAAnVKJRBn9O85dAE 7NYwdLopqYikFuc4r1cwNmC3JSxYfXb8CjqwfYfYn3++48m8wkmUB6zM3aqDocTWi5dn Dozw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.56; Tue, 03 Apr 2018 04:10:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755283AbeDCLKz (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:55 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59322 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755311AbeDCLKB (ORCPT ); Tue, 3 Apr 2018 07:10:01 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 61F3C1596; Tue, 3 Apr 2018 04:10:01 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 315D53F587; Tue, 3 Apr 2018 04:10:00 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 08/27] arm64: entry: Add exception trampoline page for exceptions from EL0 Date: Tue, 3 Apr 2018 12:09:04 +0100 Message-Id: <20180403110923.43575-9-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit c7b9adaf85f8 upstream. To allow unmapping of the kernel whilst running at EL0, we need to point the exception vectors at an entry trampoline that can map/unmap the kernel on entry/exit respectively. This patch adds the trampoline page, although it is not yet plugged into the vector table and is therefore unused. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon [Alex: avoid dependency on SW PAN patches] Signed-off-by: Alex Shi [v4.9 backport] [Mark: remove dummy SW PAN definitions] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/entry.S | 86 +++++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 17 ++++++++ 2 files changed, 103 insertions(+) -- 2.11.0 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index f5aa8f010254..08f6f059e960 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -29,9 +29,11 @@ #include #include #include +#include #include #include #include +#include /* * Context tracking subsystem. Used to instrument transitions @@ -806,6 +808,90 @@ __ni_sys_trace: .popsection // .entry.text +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +/* + * Exception vectors trampoline. + */ + .pushsection ".entry.tramp.text", "ax" + + .macro tramp_map_kernel, tmp + mrs \tmp, ttbr1_el1 + sub \tmp, \tmp, #SWAPPER_DIR_SIZE + bic \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + .endm + + .macro tramp_unmap_kernel, tmp + mrs \tmp, ttbr1_el1 + add \tmp, \tmp, #SWAPPER_DIR_SIZE + orr \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + /* + * We avoid running the post_ttbr_update_workaround here because the + * user and kernel ASIDs don't have conflicting mappings, so any + * "blessing" as described in: + * + * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com + * + * will not hurt correctness. Whilst this may partially defeat the + * point of using split ASIDs in the first place, it avoids + * the hit of invalidating the entire I-cache on every return to + * userspace. + */ + .endm + + .macro tramp_ventry, regsize = 64 + .align 7 +1: + .if \regsize == 64 + msr tpidrro_el0, x30 // Restored in kernel_ventry + .endif + tramp_map_kernel x30 + ldr x30, =vectors + prfm plil1strm, [x30, #(1b - tramp_vectors)] + msr vbar_el1, x30 + add x30, x30, #(1b - tramp_vectors) + isb + br x30 + .endm + + .macro tramp_exit, regsize = 64 + adr x30, tramp_vectors + msr vbar_el1, x30 + tramp_unmap_kernel x30 + .if \regsize == 64 + mrs x30, far_el1 + .endif + eret + .endm + + .align 11 +ENTRY(tramp_vectors) + .space 0x400 + + tramp_ventry + tramp_ventry + tramp_ventry + tramp_ventry + + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 +END(tramp_vectors) + +ENTRY(tramp_exit_native) + tramp_exit +END(tramp_exit_native) + +ENTRY(tramp_exit_compat) + tramp_exit 32 +END(tramp_exit_compat) + + .ltorg + .popsection // .entry.tramp.text +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + /* * Special system call wrappers. */ diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 1105aab1e6d6..466a43adec9f 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -56,6 +56,17 @@ jiffies = jiffies_64; #define HIBERNATE_TEXT #endif +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define TRAMP_TEXT \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \ + *(.entry.tramp.text) \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_end) = .; +#else +#define TRAMP_TEXT +#endif + /* * The size of the PE/COFF section that covers the kernel image, which * runs from stext to _edata, must be a round multiple of the PE/COFF @@ -128,6 +139,7 @@ SECTIONS HYPERVISOR_TEXT IDMAP_TEXT HIBERNATE_TEXT + TRAMP_TEXT *(.fixup) *(.gnu.warning) . = ALIGN(16); @@ -216,6 +228,11 @@ SECTIONS swapper_pg_dir = .; . += SWAPPER_DIR_SIZE; +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + tramp_pg_dir = .; + . += PAGE_SIZE; +#endif + _end = .; STABS_DEBUG From patchwork Tue Apr 3 11:09:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132737 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666820ljb; Tue, 3 Apr 2018 04:10:57 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+zs9LXlrX3IFvBtMrNFJjNpzrKGoAa/9Y0OWaZ7/COeBkZ+kRSBpwvvp92XFWACHd3tBqz X-Received: by 2002:a17:902:6984:: with SMTP id l4-v6mr14148752plk.61.1522753856950; Tue, 03 Apr 2018 04:10:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753856; cv=none; d=google.com; s=arc-20160816; b=e9BiceIM7c5wn1QOPaCgg6YeSokEis1uishXPZH/wXEcl15A5RfOVZ/WUQIYbNtR7J cxk8GvupMYJIjdmtIGFvlWIx0YL5AxFX09umLvjLAnBlaaFL36HkqbhNp09dTiFCwN04 xFcsUKS03W0knJOao8JiNS/UFy7yc2ac2wP67Lhwt0OEtvRsH35qqx6k0uIH8FxQPLDa mTQVYLmT6LToRtYnPdIb1p+xjUqe4dKif5DzmMvr5NGyKT5wP0k8BNh64liIXaeJFKl3 +lGYtinDpvvUstPFYfVaoYuROcImyG7pn8S7DfALZi3TWguMfr3iTpSavyCx2MCpb8el FFAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=9nygfsDsyRjriGFwkLzZ5wuocQewr6CBS18ei7IRwM8=; b=nxaN+cCxSekG2PXTf4MglfLWNDqmITq1R1sE8l0OHWNC8FcKKtFerqzGc18LInnBO8 mDJxtEulOzcj6fiIooYtLc44kwQCbbS9JEvhoqe33hKhloup4OKmzH+oXupJ0jLIW+QI tUx82YHj3sKjiJqlpG3Gnu1zIz4cmS83WM/tKXkEJxK8fjzEgxfRDgBfxoojPaikAX5j UQZD5w+3zcwQTVZFJNnUNomJkPeP57DkNHv5MN0TuG0/2RbFdUwiQsqIJTlhyURkuiJj ZmVDTySVN5uLmPYm215xeiHA9CeNaYn2O6VvYbbrLFMBFOMyAl5wSU3GKsr0Wmy9+x4k uCIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.56; Tue, 03 Apr 2018 04:10:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755172AbeDCLKy (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:54 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59328 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755443AbeDCLKE (ORCPT ); Tue, 3 Apr 2018 07:10:04 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A885A1435; Tue, 3 Apr 2018 04:10:03 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 77AB13F587; Tue, 3 Apr 2018 04:10:02 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 09/27] arm64: mm: Map entry trampoline into trampoline and kernel page tables Date: Tue, 3 Apr 2018 12:09:05 +0100 Message-Id: <20180403110923.43575-10-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 51a0048beb44 upstream. The exception entry trampoline needs to be mapped at the same virtual address in both the trampoline page table (which maps nothing else) and also the kernel page table, so that we can swizzle TTBR1_EL1 on exceptions from and return to EL0. This patch maps the trampoline at a fixed virtual address in the fixmap area of the kernel virtual address space, which allows the kernel proper to be randomized with respect to the trampoline when KASLR is enabled. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi Reviewed-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/fixmap.h | 5 +++++ arch/arm64/include/asm/pgtable.h | 1 + arch/arm64/kernel/asm-offsets.c | 6 +++++- arch/arm64/mm/mmu.c | 23 +++++++++++++++++++++++ 4 files changed, 34 insertions(+), 1 deletion(-) -- 2.11.0 Signed-off-by: Mark Rutland [v4.9 backport] diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h index caf86be815ba..7b1d88c18143 100644 --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -51,6 +51,11 @@ enum fixed_addresses { FIX_EARLYCON_MEM_BASE, FIX_TEXT_POKE0, + +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_TEXT, +#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ __end_of_permanent_fixed_addresses, /* diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index 7acd3c5c7643..3a30a3994e4a 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -692,6 +692,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, extern pgd_t swapper_pg_dir[PTRS_PER_PGD]; extern pgd_t idmap_pg_dir[PTRS_PER_PGD]; +extern pgd_t tramp_pg_dir[PTRS_PER_PGD]; /* * Encode and decode a swap entry: diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c index c58ddf8c4062..5f4bf3c6f016 100644 --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -144,11 +145,14 @@ int main(void) DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2)); DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); - BLANK(); DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address)); DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address)); DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next)); DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val)); + BLANK(); +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + DEFINE(TRAMP_VALIAS, TRAMP_VALIAS); +#endif return 0; } diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 638f7f2bd79c..3a57fec16b32 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -419,6 +419,29 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end, vm_area_add_early(vma); } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __init map_entry_trampoline(void) +{ + extern char __entry_tramp_text_start[]; + + pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC; + phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start); + + /* The trampoline is always mapped and can therefore be global */ + pgprot_val(prot) &= ~PTE_NG; + + /* Map only the text into the trampoline page table */ + memset(tramp_pg_dir, 0, PGD_SIZE); + __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, + prot, pgd_pgtable_alloc, 0); + + /* ...as well as the kernel page table */ + __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + return 0; +} +core_initcall(map_entry_trampoline); +#endif + /* * Create fine-grained mappings for the kernel. */ From patchwork Tue Apr 3 11:09:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132718 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3665963ljb; Tue, 3 Apr 2018 04:10:10 -0700 (PDT) X-Google-Smtp-Source: AIpwx48D2LFb/Pbu+1cyNM9gHzEVPFExtDCZ7HZOGhS7EYSQGIyiu5vSyDYcNjtfkObSzlS99Uoq X-Received: by 2002:a17:902:32a2:: with SMTP id z31-v6mr14049839plb.41.1522753810649; Tue, 03 Apr 2018 04:10:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753810; cv=none; d=google.com; s=arc-20160816; b=0pZtGScfdFfQs4Nkm8lGd6KlzIejoP28QXHgngg7kPj9nniqagc9Zy5ugLpzWo//z6 mVJ1TDs964XEf649dUouIEwzcdqyvCSZKMQyLxnasE/mlfuutN9nnV+QAtuHDVAZV6AD Kg5g7+ZpKo8tfOMmMaSLUqDtAeu9xfQ/wA2gr762SXfGzfjK1zI5RasJTCq6HoAq9ZD7 P5bU8StuT1EMcBeNnWAGkqI/Ggmp0WZfJajfqd8JN+XCWjUv7i3X5QIRKw6BcnizKJ5j x4ZqO1xCnMa9b+0HBhfJW9nGTqiqaSglu2iel2nzKpL1ikjGDARTqiQHaf8qKVn3Dsf2 JnCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=TSGLKWVtHredrz4STIIQIGxjUpOVnk+aKaR2CppEihg=; b=UMvVUf0l45MJPB15pnmWTGeBnaH3v9YXQ5L4nlVwnOkkmFw7KKXbDFKGF1S9yi5BJx wV96pMQrn1y3y3xBtwQZsisxAkpEDJTIJTck8ZNQiKtfO3U3BcV8taAwTyyvHp3LVI9Z t7vuMFL4tqkOTMz5zfN9HiN6vgV40TKRMtr/nSzC0xVSGIcci7Ou/pUCKYzdbtEexLGB l224etb26wAMF94jU6BUQmixZqhK8/C8IBFPTyFnFNi2hoOkN7PyvkHbhuIAhfjKEZ2P 1uy8n631Ni44hjy4HDNMqEcZIlv9dr9p/mcm4a7+KU4HqsGdKSZLl0EfigsM51gAcib+ sGVg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k63si1862166pgc.577.2018.04.03.04.10.10; Tue, 03 Apr 2018 04:10:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755063AbeDCLKI (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:08 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59336 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755482AbeDCLKG (ORCPT ); Tue, 3 Apr 2018 07:10:06 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 98D8515AB; Tue, 3 Apr 2018 04:10:05 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 680D23F587; Tue, 3 Apr 2018 04:10:04 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 10/27] arm64: entry: Explicitly pass exception level to kernel_ventry macro Date: Tue, 3 Apr 2018 12:09:06 +0100 Message-Id: <20180403110923.43575-11-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 5b1f7fe41909 upstream. We will need to treat exceptions from EL0 differently in kernel_ventry, so rework the macro to take the exception level as an argument and construct the branch target using that. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] [Mark: avoid dependency on C error handler backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/entry.S | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 08f6f059e960..0a9f6e7a76d6 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -70,10 +70,10 @@ #define BAD_FIQ 2 #define BAD_ERROR 3 - .macro kernel_ventry label + .macro kernel_ventry, el, label, regsize = 64 .align 7 sub sp, sp, #S_FRAME_SIZE - b \label + b el\()\el\()_\label .endm .macro kernel_entry, el, regsize = 64 @@ -264,31 +264,31 @@ tsk .req x28 // current thread_info .align 11 ENTRY(vectors) - kernel_ventry el1_sync_invalid // Synchronous EL1t - kernel_ventry el1_irq_invalid // IRQ EL1t - kernel_ventry el1_fiq_invalid // FIQ EL1t - kernel_ventry el1_error_invalid // Error EL1t + kernel_ventry 1, sync_invalid // Synchronous EL1t + kernel_ventry 1, irq_invalid // IRQ EL1t + kernel_ventry 1, fiq_invalid // FIQ EL1t + kernel_ventry 1, error_invalid // Error EL1t - kernel_ventry el1_sync // Synchronous EL1h - kernel_ventry el1_irq // IRQ EL1h - kernel_ventry el1_fiq_invalid // FIQ EL1h - kernel_ventry el1_error_invalid // Error EL1h + kernel_ventry 1, sync // Synchronous EL1h + kernel_ventry 1, irq // IRQ EL1h + kernel_ventry 1, fiq_invalid // FIQ EL1h + kernel_ventry 1, error_invalid // Error EL1h - kernel_ventry el0_sync // Synchronous 64-bit EL0 - kernel_ventry el0_irq // IRQ 64-bit EL0 - kernel_ventry el0_fiq_invalid // FIQ 64-bit EL0 - kernel_ventry el0_error_invalid // Error 64-bit EL0 + kernel_ventry 0, sync // Synchronous 64-bit EL0 + kernel_ventry 0, irq // IRQ 64-bit EL0 + kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0 + kernel_ventry 0, error_invalid // Error 64-bit EL0 #ifdef CONFIG_COMPAT - kernel_ventry el0_sync_compat // Synchronous 32-bit EL0 - kernel_ventry el0_irq_compat // IRQ 32-bit EL0 - kernel_ventry el0_fiq_invalid_compat // FIQ 32-bit EL0 - kernel_ventry el0_error_invalid_compat // Error 32-bit EL0 + kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0 + kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0 + kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0 + kernel_ventry 0, error_invalid_compat, 32 // Error 32-bit EL0 #else - kernel_ventry el0_sync_invalid // Synchronous 32-bit EL0 - kernel_ventry el0_irq_invalid // IRQ 32-bit EL0 - kernel_ventry el0_fiq_invalid // FIQ 32-bit EL0 - kernel_ventry el0_error_invalid // Error 32-bit EL0 + kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0 + kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0 + kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0 + kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0 #endif END(vectors) From patchwork Tue Apr 3 11:09:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132735 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666763ljb; Tue, 3 Apr 2018 04:10:53 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/MJxrdETSEp1JJIcAiO9FunJBOKwORwwqRYREZY5uR/5pTcFIjkzMZDBidivSacs6gHyk9 X-Received: by 2002:a17:902:ab86:: with SMTP id f6-v6mr14120480plr.258.1522753853525; Tue, 03 Apr 2018 04:10:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753853; cv=none; d=google.com; s=arc-20160816; b=Wknq64ovI8gqpxpgm8Bfhmqj+ckJDtmPY2+sUT4Nfn0g+3quiqqBlOKm43XIQeUJGz /ISgZpwX6jVnvK+YPzKJsd+6oJeR4gyJo07TZzicw0rqLsXpPwMiV4lyXp9o5plQwCaG /q2b7eQXJ8M5nfs1MvRl7UkuaV19wzdQzvnKM58YNrKAy4UGcFNw4idha/lTbEZgRZNx SX4ewKrqP0JYJX6lDKF293EdeCZgPZmSEHdlSRkhXjKaYv2JfHKcDvC8a7KOKlQ6Biic 2yuCY8HWq7t9F2wuiopXyTmxQawg6ugR0vBDdiHDmvqHyIUBzCz2Qj3tSq5GeyXS2uWu fZxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=1vFrnyjWcbCEEwIOXW5FqwNy+gD7OTbsQlP+2W2znRg=; b=OO9GJER5vXv4O+1jVzQai3jswmZrrA5OHNU7b5w4BNbsJvLeO4OUl8H96nyC/zw5oB RYa0AMToUsDfKNOqi3w+uwCjE1jer4SFpWYfGRn3LthTRIPZoYeotKpdiZqO8t6ofGE2 IGkOkol5IOjQBblTKn7c8I00QW8Hckn53d3u4i6227fWzAYxLK/aZE1znQmGHvfw8K/P VFcOz3C+JUyjlrEQ3aNMx3+f48bi4yFhksJ5KoiqA4VkFn/V/UzOYIBOeumFkfkyxn7l jfCsrOCZCPLz7lkgnCBELrdEMR1GAdAGhnrTk5KlTdrqniBjmBgpnNhCdQe1lv9raODj cdEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.53; Tue, 03 Apr 2018 04:10:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755379AbeDCLKJ (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:09 -0400 Received: from foss.arm.com ([217.140.101.70]:59340 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755484AbeDCLKH (ORCPT ); Tue, 3 Apr 2018 07:10:07 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7D65715AD; Tue, 3 Apr 2018 04:10:07 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 4CAF93F587; Tue, 3 Apr 2018 04:10:06 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 11/27] arm64: entry: Hook up entry trampoline to exception vectors Date: Tue, 3 Apr 2018 12:09:07 +0100 Message-Id: <20180403110923.43575-12-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 4bf3286d29f3 upstream. Hook up the entry trampoline to our exception vectors so that all exceptions from and returns to EL0 go via the trampoline, which swizzles the vector base register accordingly. Transitioning to and from the kernel clobbers x30, so we use tpidrro_el0 and far_el1 as scratch registers for native tasks. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/entry.S | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 0a9f6e7a76d6..623c160bf68e 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -72,10 +72,26 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + .if \el == 0 + .if \regsize == 64 + mrs x30, tpidrro_el0 + msr tpidrro_el0, xzr + .else + mov x30, xzr + .endif + .endif +#endif + sub sp, sp, #S_FRAME_SIZE b el\()\el\()_\label .endm + .macro tramp_alias, dst, sym + mov_q \dst, TRAMP_VALIAS + add \dst, \dst, #(\sym - .entry.tramp.text) + .endm + .macro kernel_entry, el, regsize = 64 .if \regsize == 32 mov w0, w0 // zero upper 32 bits of x0 @@ -157,18 +173,20 @@ ct_user_enter ldr x23, [sp, #S_SP] // load return stack pointer msr sp_el0, x23 + tst x22, #PSR_MODE32_BIT // native task? + b.eq 3f + #ifdef CONFIG_ARM64_ERRATUM_845719 alternative_if ARM64_WORKAROUND_845719 - tbz x22, #4, 1f #ifdef CONFIG_PID_IN_CONTEXTIDR mrs x29, contextidr_el1 msr contextidr_el1, x29 #else msr contextidr_el1, xzr #endif -1: alternative_else_nop_endif #endif +3: .endif msr elr_el1, x21 // set up the return data msr spsr_el1, x22 @@ -189,7 +207,22 @@ alternative_else_nop_endif ldp x28, x29, [sp, #16 * 14] ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp - eret // return to kernel + +#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 + eret +#else + .if \el == 0 + bne 4f + msr far_el1, x30 + tramp_alias x30, tramp_exit_native + br x30 +4: + tramp_alias x30, tramp_exit_compat + br x30 + .else + eret + .endif +#endif .endm .macro get_thread_info, rd From patchwork Tue Apr 3 11:09:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132723 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666188ljb; Tue, 3 Apr 2018 04:10:23 -0700 (PDT) X-Google-Smtp-Source: AIpwx48ECA2jXSIpDoidSiA64taWaA1SJGp0DjK0E6bPk8ZuNrDs/SOMrHQ6PLkRi4Mi21QDPrIk X-Received: by 10.98.153.204 with SMTP id t73mr10249288pfk.121.1522753823083; Tue, 03 Apr 2018 04:10:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753823; cv=none; d=google.com; s=arc-20160816; b=wtffT5G4q6CCnyeg7d1323I4Voc5+OcsDZD0D4JZ/YKLKYbNJ0Ez5cQsofSMGsjG/5 o0ltcSruK/2yru4y3IMS53AzFEkEaKf0Ld/GcI/USZnNsijO6ejtZeKlI0tXY5EadXso u6nClL57wJmeGWYKkD6Mtc998r7IOrJJdrhq5fDncxlH/Oy+IcCSziZpkSBkqyPI7r0X cEU1IJfBD+jiFIn4gl7kD3Xcr4s4vCov0cKWwAJw+4fNB0iEJe09Ee335xhfyK7nMi7P ak2adNLh+5VtXOmct/PFbNEL5KEMrgm4ssMKMinctu8CpTfIuOzKRUR1UK7W8ET7IWOA fooA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=hlGzOL1YZh7B9yHlRhiKlYg5+B+uUsT2UQFiB5bUwBA=; b=U9vO8pSQFyv2XYgeeBm0WywH4nD+fdXjGi1LQ8PCWWvjSlahPqj8DJAoRgv5syaowL jqfxiWKTLPq0I+twlKuzjjEC5BRC0LNBfg5CIK1+ZQtB7xgjKb5+QTE4SZA0UNHxKimw jX9oSpeSkXYz7fBU523IXE5VzZhkb6WhupqPApBu60NPPZl+hSFSx610UHtjdfz8+Dnv 2TkSBTax3PaPBYOi2jGj600Hht8K3Fkd7uO0vEzoibciTxCUortoJ0mMUFjTzdePeDF5 hAe4xU0P4UfZMGE/4zEuzFQRZkkJJ7iTE8WohMA2Ags6kWlxs6xCT+/pSxPTVKC5GxxU Tfkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.22; Tue, 03 Apr 2018 04:10:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755308AbeDCLKV (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:21 -0400 Received: from foss.arm.com ([217.140.101.70]:59344 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755487AbeDCLKK (ORCPT ); Tue, 3 Apr 2018 07:10:10 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 15D041435; Tue, 3 Apr 2018 04:10:10 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id D95583F587; Tue, 3 Apr 2018 04:10:08 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 12/27] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks Date: Tue, 3 Apr 2018 12:09:08 +0100 Message-Id: <20180403110923.43575-13-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 18011eac28c7 upstream. When unmapping the kernel at EL0, we use tpidrro_el0 as a scratch register during exception entry from native tasks and subsequently zero it in the kernel_ventry macro. We can therefore avoid zeroing tpidrro_el0 in the context-switch path for native tasks using the entry trampoline. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/process.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0e7394915c70..0972ce58316d 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -306,17 +306,17 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start, static void tls_thread_switch(struct task_struct *next) { - unsigned long tpidr, tpidrro; + unsigned long tpidr; tpidr = read_sysreg(tpidr_el0); *task_user_tls(current) = tpidr; - tpidr = *task_user_tls(next); - tpidrro = is_compat_thread(task_thread_info(next)) ? - next->thread.tp_value : 0; + if (is_compat_thread(task_thread_info(next))) + write_sysreg(next->thread.tp_value, tpidrro_el0); + else if (!arm64_kernel_unmapped_at_el0()) + write_sysreg(0, tpidrro_el0); - write_sysreg(tpidr, tpidr_el0); - write_sysreg(tpidrro, tpidrro_el0); + write_sysreg(*task_user_tls(next), tpidr_el0); } /* Restore the UAO state depending on next's addr_limit */ From patchwork Tue Apr 3 11:09:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132719 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666071ljb; Tue, 3 Apr 2018 04:10:16 -0700 (PDT) X-Google-Smtp-Source: AIpwx49WhIx169kyogPHy2cIqiuIIbKnBiaW/F58pAlJgtsOQqA774nHv+sMz+fFjxxawJzEZHOK X-Received: by 2002:a17:902:9a44:: with SMTP id x4-v6mr13642363plv.312.1522753816527; Tue, 03 Apr 2018 04:10:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753816; cv=none; d=google.com; s=arc-20160816; b=AzlksoCO35/OrN6YtuQfW2M1O2aDlJJbtLroIqb1sZeFjlpurN7PseuouK3WtDjexD CcirJMv0Z6xb7YcXc0URLZagQ/uYz4Rpnf0QT2ePdMgQUX+fkIYcjmOVCAjOheSSnisv 4is9u4jpKOQ0+Iv+bZOcN4XiwnH4kSBMjjPo6hEqoSEECfVOnBH3FmysrGWd1R/Q3Wpc Cb5EWHZlaUaDcMXEiaTfJ2c0QsN7J4Niarz4fdBbezfMsZk2llyOw46vzd2FXG73gfzH ZjVIdEviPT2A/9ONTnU4cLWv7hvb6SsPPXzAdpbkkPPWtg2lP//avhudsXCxFdN5966F vtJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=rKcJsu4nXOhVOdZreRrI1YIOBRzprPuT+zJqzRfJL5g=; b=fX8PRGc5IKs6cOruuTCbsMJQYkA2MiEBb26XYqvaAhcN8CRWCUar3dtqajtQSdmcBn iJhZD6QtJZFnjQD9GXlaQvRxvZPwtofjBGguoagUGjoenTkpGCTi8K4zPcKHq06ZKaF6 4wl/xcyqCau7lSDWylqO2GQdDO01kLHmztE5faHluGApGld8jEpjvDEFuQNnC97vVDy9 X4Y4koSZSWCfqneFOTplhiT7lourizbn5m0B7aARscxOv8jkzbMVzPHTySBKj2uMzucM ETJuwPERI7SoF3z+Q0FIli9H6fE3z6Kzs2HXHcDqKgaihkKY63PRhe/KvK8WtfCX8TmR GXZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.16; Tue, 03 Apr 2018 04:10:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755483AbeDCLKN (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:13 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59352 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755432AbeDCLKM (ORCPT ); Tue, 3 Apr 2018 07:10:12 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 38E1C1435; Tue, 3 Apr 2018 04:10:12 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 0858D3F587; Tue, 3 Apr 2018 04:10:10 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 13/27] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 Date: Tue, 3 Apr 2018 12:09:09 +0100 Message-Id: <20180403110923.43575-14-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit ea1e3de85e94 upstream. Allow explicit disabling of the entry trampoline on the kernel command line (kpti=off) by adding a fake CPU feature (ARM64_UNMAP_KERNEL_AT_EL0) that can be used to toggle the alternative sequences in our entry code and avoid use of the trampoline altogether if desired. This also allows us to make use of a static key in arm64_kernel_unmapped_at_el0(). Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon [Alex: use first free cpucap number, use cpus_have_cap] Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/cpucaps.h | 3 ++- arch/arm64/include/asm/mmu.h | 3 ++- arch/arm64/kernel/cpufeature.c | 41 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 9 +++++---- 4 files changed, 50 insertions(+), 6 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index 87b446535185..7ddf233f05bd 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -34,7 +34,8 @@ #define ARM64_HAS_32BIT_EL0 13 #define ARM64_HYP_OFFSET_LOW 14 #define ARM64_MISMATCHED_CACHE_LINE_SIZE 15 +#define ARM64_UNMAP_KERNEL_AT_EL0 16 -#define ARM64_NCAPS 16 +#define ARM64_NCAPS 17 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index 279e75b8a49e..a813edf28737 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -34,7 +34,8 @@ typedef struct { static inline bool arm64_kernel_unmapped_at_el0(void) { - return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && + cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 3a129d48674e..74b168c51abd 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -746,6 +746,40 @@ static bool hyp_offset_low(const struct arm64_cpu_capabilities *entry, return idmap_addr > GENMASK(VA_BITS - 2, 0) && !is_kernel_in_hyp_mode(); } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + /* Forced on command line? */ + if (__kpti_forced) { + pr_info_once("kernel page table isolation forced %s by command line option\n", + __kpti_forced > 0 ? "ON" : "OFF"); + return __kpti_forced > 0; + } + + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) + return true; + + return false; +} + +static int __init parse_kpti(char *str) +{ + bool enabled; + int ret = strtobool(str, &enabled); + + if (ret) + return ret; + + __kpti_forced = enabled ? 1 : -1; + return 0; +} +__setup("kpti=", parse_kpti); +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -829,6 +863,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .def_scope = SCOPE_SYSTEM, .matches = hyp_offset_low, }, +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + { + .capability = ARM64_UNMAP_KERNEL_AT_EL0, + .def_scope = SCOPE_SYSTEM, + .matches = unmap_kernel_at_el0, + }, +#endif {}, }; diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 623c160bf68e..b16d0534cda3 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -73,6 +73,7 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el == 0 .if \regsize == 64 mrs x30, tpidrro_el0 @@ -81,6 +82,7 @@ mov x30, xzr .endif .endif +alternative_else_nop_endif #endif sub sp, sp, #S_FRAME_SIZE @@ -208,10 +210,9 @@ alternative_else_nop_endif ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp -#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 - eret -#else .if \el == 0 +alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 bne 4f msr far_el1, x30 tramp_alias x30, tramp_exit_native @@ -219,10 +220,10 @@ alternative_else_nop_endif 4: tramp_alias x30, tramp_exit_compat br x30 +#endif .else eret .endif -#endif .endm .macro get_thread_info, rd From patchwork Tue Apr 3 11:09:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132720 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666102ljb; Tue, 3 Apr 2018 04:10:18 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/+iy+d2a+1MpOcjjiCFDKamREaNLXPZrgw+iclnR1uE94v3nqHpvvOZqcjmi6PvRHWXyOk X-Received: by 2002:a17:902:6e01:: with SMTP id u1-v6mr13499220plk.96.1522753817992; Tue, 03 Apr 2018 04:10:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753817; cv=none; d=google.com; s=arc-20160816; b=x6Dosz1PHmEu/LNl/DcealN8AJ1SsbjOCyyMzWDVQ46YOhVVLhDg/hAG95uivM+bn/ TOvvDMGTlSdP+kQUxJPwrxgoHl+sooHKs5/qhKzDNEUxMeuuLFS+qn1m7m0/0QY0Fx4j YR3nucXKNLYSnGipPzP1YFMJCqLm6g0tNFMgKNUXzYIgjE2gB36W8Iqu6jglmxCzNdKY gp5d62uLffDswrSu5C2vMOCsg9iY1noE9oylO0T3w0rB9z/VM8NlOMBb/xzy7ujJkUsx gGVm6cFXtGirLlj4O6xHw8T1D1MrqFVhoHGE8q0eVkKzyhNwV581lssoPqR8A+D07vO2 1k7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=i4z871HHcnpi7bzQfkQgrYExALEu7KrJsUgkTkD6V5c=; b=fAU/AhHjSoOqv+rjCRJLHPFXMDwOuziztTl12/u7oDphCetqlFV6Ov6Sz5H0cqxP4A Qq0n6IpvZvyHAJjanBiOmp2nvCBs+erqS7lMSUXFhuXmKPi24DW3oQMYxS2x4Q2ZJLdU r9rXLloAa6ySqS/u+2bWlzHj56e3hvn4pHO7SADuw9wOe0Bv27xuNWFOMl+d8YXldY1T Ip/DyIiQUJwSHVfgV103vQFiBxOKWbGK8ga+SNEKEHOTZQKtQ7ojCuHy1jFhz1mTJ2YT 2UO6FTfnwJIFDRCpzUpkiv+xoms+JmwhXinj0S6jXaeS3tmW6tsso2N2+EvbD85N3m0z F4IA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.17; Tue, 03 Apr 2018 04:10:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755432AbeDCLKP (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:15 -0400 Received: from foss.arm.com ([217.140.101.70]:59358 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755402AbeDCLKO (ORCPT ); Tue, 3 Apr 2018 07:10:14 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 390C01435; Tue, 3 Apr 2018 04:10:14 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 084F03F587; Tue, 3 Apr 2018 04:10:12 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 14/27] arm64: kaslr: Put kernel vectors address in separate data page Date: Tue, 3 Apr 2018 12:09:10 +0100 Message-Id: <20180403110923.43575-15-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 6c27c4082f4f upstream. The literal pool entry for identifying the vectors base is the only piece of information in the trampoline page that identifies the true location of the kernel. This patch moves it into a page-aligned region of the .rodata section and maps this adjacent to the trampoline text via an additional fixmap entry, which protects against any accidental leakage of the trampoline contents. Suggested-by: Ard Biesheuvel Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon [Alex: avoid ARM64_WORKAROUND_QCOM_FALKOR_E1003 dependency] Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/fixmap.h | 1 + arch/arm64/kernel/entry.S | 14 ++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 5 ++++- arch/arm64/mm/mmu.c | 10 +++++++++- 4 files changed, 28 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h index 7b1d88c18143..d8e58051f32d 100644 --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -53,6 +53,7 @@ enum fixed_addresses { FIX_TEXT_POKE0, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index b16d0534cda3..805dc76517c3 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -881,7 +881,13 @@ __ni_sys_trace: msr tpidrro_el0, x30 // Restored in kernel_ventry .endif tramp_map_kernel x30 +#ifdef CONFIG_RANDOMIZE_BASE + adr x30, tramp_vectors + PAGE_SIZE + isb + ldr x30, [x30] +#else ldr x30, =vectors +#endif prfm plil1strm, [x30, #(1b - tramp_vectors)] msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) @@ -924,6 +930,14 @@ END(tramp_exit_compat) .ltorg .popsection // .entry.tramp.text +#ifdef CONFIG_RANDOMIZE_BASE + .pushsection ".rodata", "a" + .align PAGE_SHIFT + .globl __entry_tramp_data_start +__entry_tramp_data_start: + .quad vectors + .popsection // .rodata +#endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ /* diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 466a43adec9f..6a584558b29d 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -252,7 +252,10 @@ ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K, ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) <= SZ_4K, "Hibernate exit text too big or misaligned") #endif - +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE, + "Entry trampoline text too big") +#endif /* * If padding is applied before .head.text, virt<->phys conversions will fail. */ diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 3a57fec16b32..4cd4862845cd 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -435,8 +435,16 @@ static int __init map_entry_trampoline(void) __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, prot, pgd_pgtable_alloc, 0); - /* ...as well as the kernel page table */ + /* Map both the text and data into the kernel page table */ __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { + extern char __entry_tramp_data_start[]; + + __set_fixmap(FIX_ENTRY_TRAMP_DATA, + __pa_symbol(__entry_tramp_data_start), + PAGE_KERNEL_RO); + } + return 0; } core_initcall(map_entry_trampoline); From patchwork Tue Apr 3 11:09:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132721 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666115ljb; Tue, 3 Apr 2018 04:10:18 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/ZtznwCgvx4DmLp0cVtTrNBU5PHSnDCV4rn29dUIwO8bzQ/FJ8ffRKe45NNKAO54eNJ+yL X-Received: by 10.99.119.133 with SMTP id s127mr8704526pgc.441.1522753818703; Tue, 03 Apr 2018 04:10:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753818; cv=none; d=google.com; s=arc-20160816; b=nh0/6sMV6+ZRiUDcc3buXH9cI2PCrn7bWgDmK+drsvT95s1eo0EdLnuV+vc/Qd3ciW +vy4swk50/GggokHAZDre0zjwEZz6QnTt6fZ5ac7y9wsyCbBoVtfUyTa3WZ4znreDGKy 0Mq0WLKDB6q1yH70V+/fScmAfesYkN26+RUeEbPbeWl3hCO59Q3UoTywpoikejnu561J y/AuOQbYV5+HGuI1IU8FjziXo9rsEicxncXKxvna7QC3ELBwMHbLoGZ6bqRyFZg1kDOF i96KhNmdshgrJHO4xPnTE//ykwOkXwY5/CqjlxJukzMj9Gnu0Rir9dmqoMYjmONpMCMJ WkuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=SyjfI/248zJ3zLzsfCokwWZeN30fAPHlRn3Kd9hKkzE=; b=0053uwverQHmmXuVz3uX29Vf9c+GE5UwJi8gzJdWU/zSD5yhOdEcVJpmzucZrAGonW N5wEOjQUvvBeDqzSeLZ1gsHYTIO2wbauXWTYWUOqHp/HDCs5mkpIs1rCYrQoRty0Cpgc n7IBh2yS7TyU/73ELuMxlZxmqVG/P79Re+q9y3m5AAdfqdzaqa6jbE+wSKFqz91xAbOQ qEhXsDd1U+eZtBh2xojeEhflgHaHbVGaWijU/b8J94mDwFTyYrZzltGkwPO8nI9e3/8c M+QVwzECP50BcdVKQtfcagy6xc9TENf9ZzXCHDEsfQGgNNOR4l7V9cJn8eWG4xZU6WaX 23Qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.18; Tue, 03 Apr 2018 04:10:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755502AbeDCLKR (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:17 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59364 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755402AbeDCLKQ (ORCPT ); Tue, 3 Apr 2018 07:10:16 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1995E1435; Tue, 3 Apr 2018 04:10:16 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DD31D3F587; Tue, 3 Apr 2018 04:10:14 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 15/27] arm64: use RET instruction for exiting the trampoline Date: Tue, 3 Apr 2018 12:09:11 +0100 Message-Id: <20180403110923.43575-16-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit be04a6d1126b upstream. Speculation attacks against the entry trampoline can potentially resteer the speculative instruction stream through the indirect branch and into arbitrary gadgets within the kernel. This patch defends against these attacks by forcing a misprediction through the return stack: a dummy BL instruction loads an entry into the stack, so that the predicted program flow of the subsequent RET instruction is to a branch-to-self instruction which is finally resolved as a branch to the kernel vectors with speculation suppressed. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/entry.S | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 805dc76517c3..f35ca1e54b5a 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -880,6 +880,14 @@ __ni_sys_trace: .if \regsize == 64 msr tpidrro_el0, x30 // Restored in kernel_ventry .endif + /* + * Defend against branch aliasing attacks by pushing a dummy + * entry onto the return stack and using a RET instruction to + * enter the full-fat kernel vectors. + */ + bl 2f + b . +2: tramp_map_kernel x30 #ifdef CONFIG_RANDOMIZE_BASE adr x30, tramp_vectors + PAGE_SIZE @@ -892,7 +900,7 @@ __ni_sys_trace: msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) isb - br x30 + ret .endm .macro tramp_exit, regsize = 64 From patchwork Tue Apr 3 11:09:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132722 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666158ljb; Tue, 3 Apr 2018 04:10:20 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/YwC1u7Ot3gFhvX/HP9SwlAJl4uMxjkJsieDDUpjTvaW6HLK1GpdbmxrMVh2vZ3QrcXO62 X-Received: by 2002:a17:902:158b:: with SMTP id m11-v6mr13642035pla.300.1522753820538; Tue, 03 Apr 2018 04:10:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753820; cv=none; d=google.com; s=arc-20160816; b=mNYfFffygqVkavwyWM4IrTX9s1AjluWbGHPcVAriZf+RCwMSsvwtdJLdokgLQMYZjZ zzXfEJMahzo/lHfgZBa1rAX0yye175x1IdMHOO+eBrqjnH8y3AoMcXGsYaRGjxsTcZAY VIgw7poHzkIhsEe6A3Cw4qwSs6ZUhWOxHi19elQTKhM2dwrgJuvHCBzlIZCBWyh07jRE vj7RvOA2OczoLLkx+LzaFQT2QpqwbmBOMFtiQyVJw3zEsLbYw1/KnGO80DYgAJpcqTnJ LDxM6QM+RL1lArQiwNWKFwUiwTGjErCwNjOrmpamsyU0yyTnyRodRk7hlE2hT9W21V0k b7Pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=rWmmMK/ZiYuDHn+CJ4397Yu+O6Nc6r9VsJHBYOA2KeQ=; b=QLDpsM2RweS7kPNynqXEwUz92DlmgROD7KQD96CgrJCn1AYkCY94tBM9uD5MI+dare fy1i/MEtktrwGtwlLnP3KovNSuZP8yBtNsfucmpGrztE0WjJhW3si8iknOxpzGdRZW34 pXPDsZuR5BP5Ry5XT5dgEo0EPUO6/eWS7c1QI+KrSjoUJDxH2A3aFK2q61+P+W7IbVpF khuV8LrVImPmit2YoXzttLHH38pPUeNv2B/jgC3LABhMYLxiyux8xqKIrXJ25joq/fQy 6OMa/2yL4LcmoVAhdU9YVW+qk7TrJYVMEViXBBBLiO7YWmAlsON5X5m3913MZ4xf7ynE lv9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.20; Tue, 03 Apr 2018 04:10:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755503AbeDCLKT (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:19 -0400 Received: from foss.arm.com ([217.140.101.70]:59368 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755402AbeDCLKS (ORCPT ); Tue, 3 Apr 2018 07:10:18 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0620B1435; Tue, 3 Apr 2018 04:10:18 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C9AA33F587; Tue, 3 Apr 2018 04:10:16 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 16/27] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 Date: Tue, 3 Apr 2018 12:09:12 +0100 Message-Id: <20180403110923.43575-17-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 084eb77cd3a8 upstream. Add a Kconfig entry to control use of the entry trampoline, which allows us to unmap the kernel whilst running in userspace and improve the robustness of KASLR. Reviewed-by: Mark Rutland Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) -- 2.11.0 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 7769c2e27788..6b6e9f89e40a 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -733,6 +733,19 @@ config FORCE_MAX_ZONEORDER However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 4M allocations matching the default size used by generic code. +config UNMAP_KERNEL_AT_EL0 + bool "Unmap kernel when running in userspace (aka \"KAISER\")" + default y + help + Some attacks against KASLR make use of the timing difference between + a permission fault which could arise from a page table entry that is + present in the TLB, and a translation fault which always requires a + page table walk. This option defends against these attacks by unmapping + the kernel whilst running in userspace, therefore forcing translation + faults for all of kernel space. + + If unsure, say Y. + menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT From patchwork Tue Apr 3 11:09:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132724 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666207ljb; Tue, 3 Apr 2018 04:10:24 -0700 (PDT) X-Google-Smtp-Source: AIpwx48q07ZDHe+Ya3f1edjwA+xYbRv8zX9W/Joa7H3JAefzJXEkzgtYjFUFyQ4vYYNGj0BxsgF0 X-Received: by 10.101.69.4 with SMTP id n4mr8964618pgq.101.1522753824061; Tue, 03 Apr 2018 04:10:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753824; cv=none; d=google.com; s=arc-20160816; b=QpLiePLliRDOmHZcb7yyDfBjSbeonpPLSWgIeCZ1cguGhobS9rJpJcTAQI/3Am9+eK HForaE39EUHyhTlqyhqfaRV6Ooj0gFouyIqfY/slP0vJALJ6V+Qcip0zTVpKzyz8n0s8 cQL2ZHuPdW/rhHpQu/5wpX2a0TaANvSywvZrFbIX9nkWC9IrpnFRjy0dqUNbgcDkDazE 6cJnLEFHBQxZSkrHMm6l70glFHCIxzZC6TGbwZmEt6YKywNrn9LJRFiFezoe3t/PYwv8 afBZs5SOzrTSDlLlPsN4X//xtO1/9olHsNjpCY6KNixW3uuoD42vXPihH5HJXzcTjiFe Ooow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=x07lGMQeBgSVfgYlYVfMVy6GREMPF2+70e8QxcXlUfI=; b=WcaGzeuqUu+k7S0NzOlUOeUf6ggf6TTETF6kbXKRgf7Faxe2PKKslkWRAzZ20TnmDD x1wx329yGdiR7GIf6lT8alU69jil9YGkfBxPHR16cT2VdWIb7RwPN0hu4piZMqT27xzd 44O3456bvjPN77rr6JvmS5h0H8Vv1SRgQBPsShv1f0F2PwTITHJveq18snuQlvSCekEi Yfbofl/pxEj7ReVc09xXyxHIvYixbXLUtYpGlKslKf/sA8DQxnDu7IK3vGVeqCzpKtTe jydRSOjQ3xuvtH99Y+gI1Bt/OiBftQmBRKC16Lg+DVX5p1wG7bysm6aqXgTUtFxlPxQg +dOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.23; Tue, 03 Apr 2018 04:10:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755402AbeDCLKV (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:21 -0400 Received: from foss.arm.com ([217.140.101.70]:59376 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755308AbeDCLKU (ORCPT ); Tue, 3 Apr 2018 07:10:20 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E69DD1435; Tue, 3 Apr 2018 04:10:19 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B61DD3F587; Tue, 3 Apr 2018 04:10:18 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 17/27] arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Date: Tue, 3 Apr 2018 12:09:13 +0100 Message-Id: <20180403110923.43575-18-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 0617052ddde3 upstream. Although CONFIG_UNMAP_KERNEL_AT_EL0 does make KASLR more robust, it's actually more useful as a mitigation against speculation attacks that can leak arbitrary kernel data to userspace through speculation. Reword the Kconfig help message to reflect this, and make the option depend on EXPERT so that it is on by default for the majority of users. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/Kconfig | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) -- 2.11.0 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 6b6e9f89e40a..c8471cf46cbb 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -734,15 +734,14 @@ config FORCE_MAX_ZONEORDER 4M allocations matching the default size used by generic code. config UNMAP_KERNEL_AT_EL0 - bool "Unmap kernel when running in userspace (aka \"KAISER\")" + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT default y help - Some attacks against KASLR make use of the timing difference between - a permission fault which could arise from a page table entry that is - present in the TLB, and a translation fault which always requires a - page table walk. This option defends against these attacks by unmapping - the kernel whilst running in userspace, therefore forcing translation - faults for all of kernel space. + Speculation attacks against some high-performance processors can + be used to bypass MMU permission checks and leak kernel data to + userspace. This can be defended against by unmapping the kernel + when running in userspace, mapping it back in on exception entry + via a trampoline page in the vector table. If unsure, say Y. From patchwork Tue Apr 3 11:09:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132725 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666235ljb; Tue, 3 Apr 2018 04:10:25 -0700 (PDT) X-Google-Smtp-Source: AIpwx49xK3DJtQ50J8A2Vn30V789HMbg5SiepzSqx9mWguNCEsFQOvd5Hd+WpPLSNrwRilidJi31 X-Received: by 10.101.73.74 with SMTP id q10mr8909712pgs.323.1522753825482; Tue, 03 Apr 2018 04:10:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753825; cv=none; d=google.com; s=arc-20160816; b=atesTyywPqO/qQ9RADt/nGM8FTEH1thlnOb0ccp602QmTAx5dSNge2Il8dvbMa8gWv 4mYk/JtXnQDjbcI6YJKd64CWnuh3iDZ2eINKkpS2A3S2/WPO8UbzdapQ6ZvnwMeIbE0z TFU2VwHuvAUqrIzHM/XKAc6KTuHq+cJ5pz5UIrXJR7JqR4X8b20fuCxn1eQ/9YQVEH+0 9PvtdbGRZe5tHFtY7t0Zdi2Wzf9pEGAbFCFWXFoU2Vmacg7HW3BmJf5kRhSOlvUJ10F9 mEtU28qI+GKeSsH1G4bqUB/p0IEOUxq0sYzcvjfIs4xIj/rHRLzgHDAuuk+MQhNy8hzo /C2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=E7uAr9GEB9STMdtCvsAc2NKLt5sT2dmVR3BwmQ8MBPU=; b=05iF5Y2JBVvsHHjxbx4MGO7PXjH+Y2mu5+7ug8AHrUXu0MiTyXpfW+PBAJEs5BgOjp v3TozzjILPcOUXuLzwaVHdsjqeyNYDa/isuzninWUFPqHOjduSARv/97vMYJFO0Nuc/P hoG2C8uySE/0xwoRVb6hQOpNj23D3IvoCSwvDA2XflAOnMIVZrDd3tuwovs4q3tm1PwX UmTqrvjDB7IAlF1ZyKNQJfRe/f0Yai3mfFQxUMjMwTdBgE+6K1WnDmKlF5Lr4yaHp+eE TFsuWCEEs1gSciVJNKRozyo4Q557kZ+lELHUshdYAG/LS8y69BxIDqxiOWJEXXILCRyq apMg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.25; Tue, 03 Apr 2018 04:10:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754963AbeDCLKX (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:23 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59382 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755504AbeDCLKW (ORCPT ); Tue, 3 Apr 2018 07:10:22 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C39481435; Tue, 3 Apr 2018 04:10:21 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 92F933F587; Tue, 3 Apr 2018 04:10:20 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 18/27] arm64: Take into account ID_AA64PFR0_EL1.CSV3 Date: Tue, 3 Apr 2018 12:09:14 +0100 Message-Id: <20180403110923.43575-19-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 179a56f6f9fb upstream. For non-KASLR kernels where the KPTI behaviour has not been overridden on the command line we can use ID_AA64PFR0_EL1.CSV3 to determine whether or not we should unmap the kernel whilst running at EL0. Reviewed-by: Suzuki K Poulose Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas [Alex: s/read_sanitised_ftr_reg/read_system_reg/ to match v4.9 naming] Signed-off-by: Alex Shi [v4.9 backport] [Mark: correct zero bits in ftr_id_aa64pfr0 to account for CSV3] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 7393cc767edb..7cb7f7cdcfbc 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -117,6 +117,7 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64pfr0 */ +#define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 #define ID_AA64PFR0_FP_SHIFT 16 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 74b168c51abd..d24e59cedae5 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -93,7 +93,8 @@ static const struct arm64_ftr_bits ftr_id_aa64isar0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { - ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 32, 0), + ARM64_FTR_BITS(FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 28, 0), ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 28, 4, 0), ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, ID_AA64PFR0_GIC_SHIFT, 4, 0), S_ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI), @@ -752,6 +753,8 @@ static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, int __unused) { + u64 pfr0 = read_system_reg(SYS_ID_AA64PFR0_EL1); + /* Forced on command line? */ if (__kpti_forced) { pr_info_once("kernel page table isolation forced %s by command line option\n", @@ -763,7 +766,9 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - return false; + /* Defer to CPU feature registers */ + return !cpuid_feature_extract_unsigned_field(pfr0, + ID_AA64PFR0_CSV3_SHIFT); } static int __init parse_kpti(char *str) @@ -865,6 +870,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { }, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 { + .desc = "Kernel page table isolation (KPTI)", .capability = ARM64_UNMAP_KERNEL_AT_EL0, .def_scope = SCOPE_SYSTEM, .matches = unmap_kernel_at_el0, From patchwork Tue Apr 3 11:09:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132726 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666270ljb; Tue, 3 Apr 2018 04:10:28 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+9qJLqANur7SXy+XPxL78suZKqzFWUt5iCnf7gl5g41VfOUXo5HrUCmtUkbifjAiMC/FAL X-Received: by 2002:a17:902:ac1:: with SMTP id 59-v6mr7205573plp.367.1522753827891; Tue, 03 Apr 2018 04:10:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753827; cv=none; d=google.com; s=arc-20160816; b=qNWFL5gTtcS4vnbfcINY9MtwRDSNObzqIzrh2VgOghumK7UFRj2kB4Plg4XAmtgIP6 0F+LVRU9Bxxozh7obgMZJNOq5lmTNowJuB52MV7Ne5JuQOcvKz+hV9SG2JajLhuftglz J68m0lX0gvVM8vVIfD2d3wFTsc5TgMygOrG6kUGn5CUdW6n0bfxOSh+G2B7xhY52ttlr U/8jS3NyCRI5fsIPfx/8trG9lnhWI8iFPQEwKUX0slbWQg5uOFljcPl7B9ONlSSOd9CV VwjTdB4nsSQPRkp+N2ekab3V7zpm6dhFFC4LXHRfbFLs6szB3UPuD1NV6fgiCrrp53iR 2j6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=nugr1gNs2+A6YmEXb5yDYTJgZC1y4wCv/9OtCfTQelA=; b=pah7HWjP5pErBzYv7rGUw78kfzoQOe37g+RRkmCI3cN6TR4d1UK2cik5XGOpkjYGrc ZHCTynsh3decUiTLVxkmGC4YDGgjKBJ/ULSEr79g4ZPLkpVZzv4PGxP/C5sqe7DQ/SRx G0Pb4QbGqAx3V54iLUFqzF9UOkR60sZ7T+NyAkNyFV6lzLoONK/r3jKdD+anv8NBPMIO qsKXi9hd1SbfDSlfOdORY9ytpnGHrOnudZiBcqHi0TVVZv+zsE2ENRTyN3/Ob09du9Ec eu77PSXHnVWTtrpYeBnqee1on4tiNpy/4zhNhEbaPog94tLT0+zH+a9xlYTIzFxxGYS4 F18Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.27; Tue, 03 Apr 2018 04:10:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755410AbeDCLKZ (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:25 -0400 Received: from foss.arm.com ([217.140.101.70]:59388 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755312AbeDCLKX (ORCPT ); Tue, 3 Apr 2018 07:10:23 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id ABE3F1596; Tue, 3 Apr 2018 04:10:23 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 7B8FC3F587; Tue, 3 Apr 2018 04:10:22 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 19/27] arm64: Allow checking of a CPU-local erratum Date: Tue, 3 Apr 2018 12:09:15 +0100 Message-Id: <20180403110923.43575-20-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier commit 8f4137588261d7504f4aa022dc9d1a1fd1940e8e upstream. this_cpu_has_cap() only checks the feature array, and not the errata one. In order to be able to check for a CPU-local erratum, allow it to inspect the latter as well. This is consistent with cpus_have_cap()'s behaviour, which includes errata already. Acked-by: Thomas Gleixner Acked-by: Daniel Lezcano Reviewed-by: Suzuki K Poulose Signed-off-by: Marc Zyngier Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/cpufeature.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d24e59cedae5..810f8bf7c57f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1103,20 +1103,29 @@ static void __init setup_feature_capabilities(void) * Check if the current CPU has a given feature capability. * Should be called from non-preemptible context. */ -bool this_cpu_has_cap(unsigned int cap) +static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array, + unsigned int cap) { const struct arm64_cpu_capabilities *caps; if (WARN_ON(preemptible())) return false; - for (caps = arm64_features; caps->desc; caps++) + for (caps = cap_array; caps->desc; caps++) if (caps->capability == cap && caps->matches) return caps->matches(caps, SCOPE_LOCAL_CPU); return false; } +extern const struct arm64_cpu_capabilities arm64_errata[]; + +bool this_cpu_has_cap(unsigned int cap) +{ + return (__this_cpu_has_cap(arm64_features, cap) || + __this_cpu_has_cap(arm64_errata, cap)); +} + void __init setup_cpu_features(void) { u32 cwg; From patchwork Tue Apr 3 11:09:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132727 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666299ljb; Tue, 3 Apr 2018 04:10:29 -0700 (PDT) X-Google-Smtp-Source: AIpwx490mQicAKbj/4j7mQrsxtPgB9toA+2y5ow6VN+II9VKb1UV+Ksc1gzDPUefMw9ayew+64Wk X-Received: by 10.98.31.216 with SMTP id l85mr10270781pfj.80.1522753829652; Tue, 03 Apr 2018 04:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753829; cv=none; d=google.com; s=arc-20160816; b=lNrmtOIj43+gR77QhUi2NNZUt5M+Yg1bcLG+uQsF58N2fzlh42PcFzwNLDwlsY1YXJ cPj3+wiRwKgEPqmEmhnjcx1jXWXqZIut8GyYlJ7rh+X9xJUYJL7v+cnlY3nKq5OCkkDj EYgx7IiiYouo3ftiE4GfD0zhuflycdtLOzMInFSFNHl1eOTl0SFjZDSyoMhikNZEttBf OokinCpwZqq9LP78jmYKPloMqCdiv9935OZw4q3C+f28g/KkIlTUTOYSRioCsNqnFn+J G5gvTAjKPfG2vdI6hUx0/1wp1B7lpLbgVtysSNIA0utWxbfhieAShwqI155BCso0rsxr XlQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=XhA+PUYoAplAPvt5LqtysvruiGYelA0zrSokHSwRZYU=; b=t/A8iZ7jBO1vVD3lb/44BWD5uhTPjWACqm5TNbsSkzPOvpy0pFxZwEO2hmj/HS0Yb+ hgpbdDl/VvKA9r/4yYh3aXkFahaXLUyIeUhy9cQuVAl15hEpYwgNxnkmocctomabP0UZ WafWKxN0Sg7GZ2pCjtps9M7s5ItxvSCv9d2dwtJgr/SrT4ouL2L5dt8F4wVyQTnFMfEQ CDHFJxYWkxyU6FjE1dB2LDsfB1WmQuOGhWs2fwkFvafptiyuUzpCDfLDJnwmNfPXLFwy WT3dvwZd5jkRQ2dMLB+cyMSRcpwYwP7fAobZ72talp8L6oQKPXfSknPDuaGAWAYmwlZZ JpJQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.29; Tue, 03 Apr 2018 04:10:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755312AbeDCLK1 (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:27 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59394 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755427AbeDCLKZ (ORCPT ); Tue, 3 Apr 2018 07:10:25 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B3FE41435; Tue, 3 Apr 2018 04:10:25 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 835503F587; Tue, 3 Apr 2018 04:10:24 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 20/27] arm64: capabilities: Handle duplicate entries for a capability Date: Tue, 3 Apr 2018 12:09:16 +0100 Message-Id: <20180403110923.43575-21-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Suzuki K Poulose commit 67948af41f2e upstream. Sometimes a single capability could be listed multiple times with differing matches(), e.g, CPU errata for different MIDR versions. This breaks verify_local_cpu_feature() and this_cpu_has_cap() as we stop checking for a capability on a CPU with the first entry in the given table, which is not sufficient. Make sure we run the checks for all entries of the same capability. We do this by fixing __this_cpu_has_cap() to run through all the entries in the given table for a match and reuse it for verify_local_cpu_feature(). Cc: Mark Rutland Cc: Will Deacon Acked-by: Marc Zyngier Signed-off-by: Suzuki K Poulose Signed-off-by: Catalin Marinas Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/cpufeature.c | 44 ++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 21 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 810f8bf7c57f..2d7c7796cce1 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -969,6 +969,26 @@ static void __init setup_elf_hwcaps(const struct arm64_cpu_capabilities *hwcaps) cap_set_elf_hwcap(hwcaps); } +/* + * Check if the current CPU has a given feature capability. + * Should be called from non-preemptible context. + */ +static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array, + unsigned int cap) +{ + const struct arm64_cpu_capabilities *caps; + + if (WARN_ON(preemptible())) + return false; + + for (caps = cap_array; caps->desc; caps++) + if (caps->capability == cap && + caps->matches && + caps->matches(caps, SCOPE_LOCAL_CPU)) + return true; + return false; +} + void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps, const char *info) { @@ -1037,8 +1057,9 @@ verify_local_elf_hwcaps(const struct arm64_cpu_capabilities *caps) } static void -verify_local_cpu_features(const struct arm64_cpu_capabilities *caps) +verify_local_cpu_features(const struct arm64_cpu_capabilities *caps_list) { + const struct arm64_cpu_capabilities *caps = caps_list; for (; caps->matches; caps++) { if (!cpus_have_cap(caps->capability)) continue; @@ -1046,7 +1067,7 @@ verify_local_cpu_features(const struct arm64_cpu_capabilities *caps) * If the new CPU misses an advertised feature, we cannot proceed * further, park the cpu. */ - if (!caps->matches(caps, SCOPE_LOCAL_CPU)) { + if (!__this_cpu_has_cap(caps_list, caps->capability)) { pr_crit("CPU%d: missing feature: %s\n", smp_processor_id(), caps->desc); cpu_die_early(); @@ -1099,25 +1120,6 @@ static void __init setup_feature_capabilities(void) enable_cpu_capabilities(arm64_features); } -/* - * Check if the current CPU has a given feature capability. - * Should be called from non-preemptible context. - */ -static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array, - unsigned int cap) -{ - const struct arm64_cpu_capabilities *caps; - - if (WARN_ON(preemptible())) - return false; - - for (caps = cap_array; caps->desc; caps++) - if (caps->capability == cap && caps->matches) - return caps->matches(caps, SCOPE_LOCAL_CPU); - - return false; -} - extern const struct arm64_cpu_capabilities arm64_errata[]; bool this_cpu_has_cap(unsigned int cap) From patchwork Tue Apr 3 11:09:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132734 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666680ljb; Tue, 3 Apr 2018 04:10:49 -0700 (PDT) X-Google-Smtp-Source: AIpwx48E/EfNzzZNLDxgUNnkKsKdnIyYaO5G+nCzJhP4Wk3TCADRoyEYdRCiFlQ1jkDlvuMbUEIr X-Received: by 2002:a17:902:228:: with SMTP id 37-v6mr13732543plc.141.1522753849005; Tue, 03 Apr 2018 04:10:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753849; cv=none; d=google.com; s=arc-20160816; b=Y5NeK0aUTs4v2stXkvKwUBzF1WCx+askzbMuVxyW05l6Zydo22Wg80Ebpi1jneH4Cn Oljzbi0uQfJnRSFZb23tJZy2SCYF/OHUePWAEi2bs7VNfcuEBdunzWdg/vGNqDQ93FNO 5nehHw5+ALUXF8aYeEs1vnLOXmcDxbvt/zowSm5ErnRC7ypcN8pR09vBKbtkE0QmN4oU PCXdiYWVgj6/e3UhkgI1Ts1+7Vge2tEOmItx1F8XAF0/UUxuS4zdokpvfXdmGwQdJnYk JJtgDwlyEbHbDUgZf41HJsLdS32GiqjQib96wb1Bh9VD/ivzgfE9NoZ1eFJg03IxNGKq NRGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=VlZJmP5LbalzgNv22QGek8nUbG/L58GGQ8kJyIqh1Yw=; b=jwwW/VkxmgcfKAqEbS/Fs7dDjq1j/F0bIDCFgRPqWKn+YQxmOXTJDcuMowUxA38T61 7vmj9qRBVvL5fZN8o6xLmALc0b243tcFNyXBk9XAn7Ze1gJ3m7mpF9FQrKoB0lAK77v9 sBjBJ+GPRXkSV/PtmL9POPLhasx1EZO1wTUXgdV2lcOsRM/+G8LP/LAakg6zSEfIObgi 78UKgi+5O+Mza5flPUo7mgWJbsa49CudHoMGbLm3m4H0DB9M8S9oFy6qeXurot8fBEQ9 pNFLw3sRKgwn0uzPJK5VAufL+JtlA2c+rv9Cz0kX9hM42P8cTb451TPbcyOgcamdq1LV qQEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.48; Tue, 03 Apr 2018 04:10:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755427AbeDCLK3 (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:29 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59400 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755252AbeDCLK2 (ORCPT ); Tue, 3 Apr 2018 07:10:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 90C4E1435; Tue, 3 Apr 2018 04:10:27 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 602B43F587; Tue, 3 Apr 2018 04:10:26 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 21/27] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs Date: Tue, 3 Apr 2018 12:09:17 +0100 Message-Id: <20180403110923.43575-22-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jayachandran C commit 0d90718871fe upstream. Add the older Broadcom ID as well as the new Cavium ID for ThunderX2 CPUs. Signed-off-by: Jayachandran C Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/cputype.h | 3 +++ 1 file changed, 3 insertions(+) -- 2.11.0 diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index 26a68ddb11c1..1d47930c30dc 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -81,6 +81,7 @@ #define CAVIUM_CPU_PART_THUNDERX 0x0A1 #define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2 +#define CAVIUM_CPU_PART_THUNDERX2 0x0AF #define BRCM_CPU_PART_VULCAN 0x516 @@ -88,6 +89,8 @@ #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) +#define MIDR_CAVIUM_THUNDERX2 MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX2) +#define MIDR_BRCM_VULCAN MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN) #ifndef __ASSEMBLY__ From patchwork Tue Apr 3 11:09:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132732 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666550ljb; Tue, 3 Apr 2018 04:10:41 -0700 (PDT) X-Google-Smtp-Source: AIpwx49QMB32rlW9CEneYgHq1rPqeOXZbXdgVQwbe/xLLUDUnrhR2YolJmq3UVxo2cOiwIfdzxsq X-Received: by 10.101.82.69 with SMTP id q5mr8835228pgp.358.1522753841766; Tue, 03 Apr 2018 04:10:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753841; cv=none; d=google.com; s=arc-20160816; b=tOCt7+xuipmchL0bPBWOVryYFfsZNBF57GKg8wbEfDXwMuBlmuzlMSWDTQzlH1iAus 0i9+oglRaXoEMMpqBT/NxTLktF/JFnEHOJDceJIo29FbRiWVQtvMmXP1Q9vEj3rAryle RReZkPywXKucCDm23N5fXdvy2p3FUVtynBbWTWhsGd0Pk9Puc8vxof+8XYjc+wBBKeBH mlMVSjQXi/GC9HfXylFGx0VMoLSB188dGgcow+EV+c7bBRwuP6e4W/DTKv6VpQ77pi3G ld3jjshIl8mAyCY1BWUTVjR3OWFDHtM8yhHs6nIvN2s33bRxCqWiU8IbtyK57+vQUpyI d3wQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=yHRO5QQlmbJ8rBeu01Hh0vrI6SmPPMBcx+jqTXECNRg=; b=OX02Fh9aZUz2qnDC/gmqs81N7EUrwGy+oU+Ezzrf7SrsNxmRZpSa743bBJUkfWDjIH bEkvTjXuhAJxEpwxnPiHwpFv/8irk7BLDYtTGf6+YCxZaeTCDoDWVo/iSHEYBOlLKwOS UfJYFL9ZPj90+sGxcUeV/qb9/8K32USTn1lrmJ4poEFlA8mS56doHALohzb47PjsgR1R XGnWY8d/F3e1I/pscXY337+GujxIog7CbHkZXLJomSFH9+KP4nljOcLiOdp/UEW9Fvs6 MrcJNCPCvf+HlHIYQJLUyt7ZF7N7CbHpb3HztFMy5hmXxNYRL48a8rAMarCWa9wYOhug XiaA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.41; Tue, 03 Apr 2018 04:10:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755162AbeDCLKj (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:39 -0400 Received: from foss.arm.com ([217.140.101.70]:59406 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755487AbeDCLK3 (ORCPT ); Tue, 3 Apr 2018 07:10:29 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A06001435; Tue, 3 Apr 2018 04:10:29 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 6FCCB3F587; Tue, 3 Apr 2018 04:10:28 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 22/27] arm64: Turn on KPTI only on CPUs that need it Date: Tue, 3 Apr 2018 12:09:18 +0100 Message-Id: <20180403110923.43575-23-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jayachandran C commit 0ba2e29c7fc1 upstream. Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in unmap_kernel_at_el0(). These CPUs are not vulnerable to CVE-2017-5754 and do not need KPTI when KASLR is off. Acked-by: Will Deacon Signed-off-by: Jayachandran C Signed-off-by: Catalin Marinas Signed-off-by: Will Deacon Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/cpufeature.c | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.11.0 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 2d7c7796cce1..6015a3cac930 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -766,6 +766,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; + /* Don't force KPTI for CPUs that are not vulnerable */ + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { + case MIDR_CAVIUM_THUNDERX2: + case MIDR_BRCM_VULCAN: + return false; + } + /* Defer to CPU feature registers */ return !cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV3_SHIFT); From patchwork Tue Apr 3 11:09:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132728 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666398ljb; Tue, 3 Apr 2018 04:10:35 -0700 (PDT) X-Google-Smtp-Source: AIpwx48a3eqPES+tCUR9lrUnt2RcdJAwpn0OvbHwDhasazzI2y6rOBuBDqUaT4woLHQqKGPq5+45 X-Received: by 2002:a17:902:2006:: with SMTP id n6-v6mr13736753pla.150.1522753835404; Tue, 03 Apr 2018 04:10:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753835; cv=none; d=google.com; s=arc-20160816; b=E/rys1iFN+jsXVA2j8PfURSp1qmzl6mkoLBkWwzN/1Eo15e0ZJnOZBYV7Gf3uQp8ua 7EEBsD4Ygv8vC0Ng98xB9KD2RIa/NoPWdsPrU6pneZ6piN+q4R7R/azB+r7nfcZBmeuK 5eOAYYhB+PzMulDxVuwCxpRAVDoT3DgAiulkEfl/xa4yZxfUyYK0Sf+niYyhBGXBfYYJ MNdVN2yfQUR+ELSnip1l1ncF1+d85sfRbBuFbs9BSzAiZDuKyTJmqz11Hbq/rQfPEyOz OzAqBanxDh3zL70iLzE1o2eRGp6hRbNb7EwP/x70RliBS7vjP4Hf8c7ON5qYD+qz73A1 RV/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=0aZT62Qhz4A5hsQ52XO23qhuszan3r9AMzWeDz4Lcvs=; b=TpXkJetTeqGg6yQ2X1URWC0bRSE34VZCk80UfHr2xl9jbfAA5euFazGhpaGmQnmwRI fCyNyDy7gxrFbOn/iAT4dTCjZTh9GO5YKv1wIMMbiEKvL7Aa+MWlHxSFICsNrKvkCmYw xpNK+82Mo/jmaKzCurnnMHfqtaaADwiWkw+QTClKrQqp2Toc9oe5d09JZAT2WVNG1z47 nhlVs7nJsWYffzn0tAXsvI9CVaho5a/TlLua2sfNJaCGfvWsxWR01hqfp+TSphDlTX8Q mZ1CqWbvvqLKGoVl9Zowv/vbYM3iDBAq5syi9oIa7iSylU3rsNOaKHRMWSLaAc9iUF/e cPMg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.35; Tue, 03 Apr 2018 04:10:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755515AbeDCLKd (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:33 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59412 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755361AbeDCLKb (ORCPT ); Tue, 3 Apr 2018 07:10:31 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8CA371596; Tue, 3 Apr 2018 04:10:31 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 5C39D3F587; Tue, 3 Apr 2018 04:10:30 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 23/27] arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() Date: Tue, 3 Apr 2018 12:09:19 +0100 Message-Id: <20180403110923.43575-24-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 41acec624087 upstream. To allow systems which do not require kpti to continue running with global kernel mappings (which appears to be a requirement for Cavium ThunderX due to a CPU erratum), make the use of nG in the kernel page tables dependent on arm64_kernel_unmapped_at_el0(), which is resolved at runtime. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/kernel-pgtable.h | 12 ++---------- arch/arm64/include/asm/pgtable-prot.h | 30 ++++++++++++++---------------- 2 files changed, 16 insertions(+), 26 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h index e4ddac983640..7e51d1b57c0c 100644 --- a/arch/arm64/include/asm/kernel-pgtable.h +++ b/arch/arm64/include/asm/kernel-pgtable.h @@ -71,16 +71,8 @@ /* * Initial memory map attributes. */ -#define _SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define _SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) - -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -#define SWAPPER_PTE_FLAGS (_SWAPPER_PTE_FLAGS | PTE_NG) -#define SWAPPER_PMD_FLAGS (_SWAPPER_PMD_FLAGS | PMD_SECT_NG) -#else -#define SWAPPER_PTE_FLAGS _SWAPPER_PTE_FLAGS -#define SWAPPER_PMD_FLAGS _SWAPPER_PMD_FLAGS -#endif +#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) +#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) #if ARM64_SWAPPER_USES_SECTION_MAPS #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 84b5283d2e7f..f705d96a76f2 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -37,13 +37,11 @@ #define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) #define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -#define PROT_DEFAULT (_PROT_DEFAULT | PTE_NG) -#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_SECT_NG) -#else -#define PROT_DEFAULT _PROT_DEFAULT -#define PROT_SECT_DEFAULT _PROT_SECT_DEFAULT -#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ +#define PTE_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PTE_NG : 0) +#define PMD_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PMD_SECT_NG : 0) + +#define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG) +#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG) #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) @@ -55,22 +53,22 @@ #define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) -#define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) -#define _HYP_PAGE_DEFAULT (_PAGE_DEFAULT & ~PTE_NG) +#define _PAGE_DEFAULT (_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL)) +#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT -#define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE) -#define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY) -#define PAGE_KERNEL_ROX __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY) -#define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE) -#define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT) +#define PAGE_KERNEL __pgprot(PROT_NORMAL) +#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY) +#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY) +#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN) +#define PAGE_KERNEL_EXEC_CONT __pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT) #define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) #define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) #define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) -#define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) -#define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) +#define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) +#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) #define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) From patchwork Tue Apr 3 11:09:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132729 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666449ljb; Tue, 3 Apr 2018 04:10:38 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+cBuVISo/NwALVzoQIL3uDv4Mp1y3JPOZm83A0UDvrJc0wWYSey9M2bQReAJiGXGMkLg3+ X-Received: by 2002:a17:902:9a03:: with SMTP id v3-v6mr6226187plp.162.1522753837891; Tue, 03 Apr 2018 04:10:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753837; cv=none; d=google.com; s=arc-20160816; b=bfKEiYvS2zvuM2LoyJSmXoF4etvTOW/I3gENXtv2QgYrFXxRH0wdiQ+bzj9wHwRAml dPNXM+Y302UTv4oFFHJNj3ovMtnffqPKgVR6Xq4W9UDZ3k9rrX0QBRag907fw6r812g5 ZFKca2yYWEFtG2JbMUkxq8xsMOLsdTlR1fyFR4OStfbxeZOo9sW3tTUwIrgnq8ABMWSm yuNI09azC36aIebqbMbILi3wquJNATEUw7EWzW0QQnaNM1/ilbGzNVXnU/r/Hn3Or61Z w+sS/s+xZ31RRYDRvu9XpfcxRnm69Vr2QGW4xyuRsjJLQIR+x6Q45CgzQdq/kxpYeZ6Z 9d2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=QXlKM4HvVlDti/F2cFYr6iHkR5XYUdzPAdLDXcXojWY=; b=VEVs9Z6Y+jduSq6zP31zO924MnEZn8yh7gCBywOMBEFn2L7hWS7ww3UWEaANHRVAGv 0pXHuXDWNy5eEMX4zTxTOZBrbBWg5g1A19/KkYL0If2BT/85MOAmv+cVFxWhQpREvlxs ClB1tPhRYQC1mH2/cDglK6PCVmLiG9ZiHIZFiVO0FZ4t3ASc7ClS6tWttP5JsUdaHiTn mlpfgG0iCSziUrecZitkauLWTP8cGbylHjRp+fySb1enxnbTbvxW8fuHG6SpNuqPNdmC KXcd/xJfLFbiAVSAG02jdfcRF+sd49627Kc8l5iplWdkrpBRXfy6pqV7fOrb/8lF9ctZ 2A5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.37; Tue, 03 Apr 2018 04:10:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755439AbeDCLKf (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:35 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59420 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755361AbeDCLKd (ORCPT ); Tue, 3 Apr 2018 07:10:33 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 716BD1435; Tue, 3 Apr 2018 04:10:33 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 40E493F587; Tue, 3 Apr 2018 04:10:32 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 24/27] arm64: kpti: Add ->enable callback to remap swapper using nG mappings Date: Tue, 3 Apr 2018 12:09:20 +0100 Message-Id: <20180403110923.43575-25-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit f992b4dfd58b upstream. Defaulting to global mappings for kernel space is generally good for performance and appears to be necessary for Cavium ThunderX. If we subsequently decide that we need to enable kpti, then we need to rewrite our existing page table entries to be non-global. This is fiddly, and made worse by the possible use of contiguous mappings, which require a strict break-before-make sequence. Since the enable callback runs on each online CPU from stop_machine context, we can have all CPUs enter the idmap, where secondaries can wait for the primary CPU to rewrite swapper with its MMU off. It's all fairly horrible, but at least it only runs once. Nicolas Dechesne found a bug on this commit which cause boot failure on db410c etc board. Ard Biesheuvel found it writting wrong contenct to ttbr1_el1 in __idmap_cpu_set_reserved_ttbr1 macro and fixed it by give it the right content. Tested-by: Marc Zyngier Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Ard Biesheuvel [Alex: avoid dependency on 52-bit PA patches and TTBR/MMU erratum patches] Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/assembler.h | 3 + arch/arm64/kernel/cpufeature.c | 25 +++++ arch/arm64/mm/proc.S | 201 +++++++++++++++++++++++++++++++++++-- 3 files changed, 222 insertions(+), 7 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 851290d2bfe3..7193bf97b8da 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -413,4 +413,7 @@ alternative_endif movk \reg, :abs_g0_nc:\val .endm + .macro pte_to_phys, phys, pte + and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) + .endm #endif /* __ASM_ASSEMBLER_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 6015a3cac930..8d41a3f94954 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -778,6 +778,30 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, ID_AA64PFR0_CSV3_SHIFT); } +static int kpti_install_ng_mappings(void *__unused) +{ + typedef void (kpti_remap_fn)(int, int, phys_addr_t); + extern kpti_remap_fn idmap_kpti_install_ng_mappings; + kpti_remap_fn *remap_fn; + + static bool kpti_applied = false; + int cpu = smp_processor_id(); + + if (kpti_applied) + return 0; + + remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings); + + cpu_install_idmap(); + remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir)); + cpu_uninstall_idmap(); + + if (!cpu) + kpti_applied = true; + + return 0; +} + static int __init parse_kpti(char *str) { bool enabled; @@ -881,6 +905,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .capability = ARM64_UNMAP_KERNEL_AT_EL0, .def_scope = SCOPE_SYSTEM, .matches = unmap_kernel_at_el0, + .enable = kpti_install_ng_mappings, }, #endif {}, diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 3378f3e21224..5c268f5767b4 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -148,6 +148,16 @@ alternative_else_nop_endif ENDPROC(cpu_do_switch_mm) .pushsection ".idmap.text", "ax" + +.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2 + adrp \tmp1, empty_zero_page + msr ttbr1_el1, \tmp1 + isb + tlbi vmalle1 + dsb nsh + isb +.endm + /* * void idmap_cpu_replace_ttbr1(phys_addr_t new_pgd) * @@ -158,13 +168,7 @@ ENTRY(idmap_cpu_replace_ttbr1) mrs x2, daif msr daifset, #0xf - adrp x1, empty_zero_page - msr ttbr1_el1, x1 - isb - - tlbi vmalle1 - dsb nsh - isb + __idmap_cpu_set_reserved_ttbr1 x1, x3 msr ttbr1_el1, x0 isb @@ -175,6 +179,189 @@ ENTRY(idmap_cpu_replace_ttbr1) ENDPROC(idmap_cpu_replace_ttbr1) .popsection +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + .pushsection ".idmap.text", "ax" + + .macro __idmap_kpti_get_pgtable_ent, type + dc cvac, cur_\()\type\()p // Ensure any existing dirty + dmb sy // lines are written back before + ldr \type, [cur_\()\type\()p] // loading the entry + tbz \type, #0, next_\()\type // Skip invalid entries + .endm + + .macro __idmap_kpti_put_pgtable_ent_ng, type + orr \type, \type, #PTE_NG // Same bit for blocks and pages + str \type, [cur_\()\type\()p] // Update the entry and ensure it + dc civac, cur_\()\type\()p // is visible to all CPUs. + .endm + +/* + * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper) + * + * Called exactly once from stop_machine context by each CPU found during boot. + */ +__idmap_kpti_flag: + .long 1 +ENTRY(idmap_kpti_install_ng_mappings) + cpu .req w0 + num_cpus .req w1 + swapper_pa .req x2 + swapper_ttb .req x3 + flag_ptr .req x4 + cur_pgdp .req x5 + end_pgdp .req x6 + pgd .req x7 + cur_pudp .req x8 + end_pudp .req x9 + pud .req x10 + cur_pmdp .req x11 + end_pmdp .req x12 + pmd .req x13 + cur_ptep .req x14 + end_ptep .req x15 + pte .req x16 + + mrs swapper_ttb, ttbr1_el1 + adr flag_ptr, __idmap_kpti_flag + + cbnz cpu, __idmap_kpti_secondary + + /* We're the boot CPU. Wait for the others to catch up */ + sevl +1: wfe + ldaxr w18, [flag_ptr] + eor w18, w18, num_cpus + cbnz w18, 1b + + /* We need to walk swapper, so turn off the MMU. */ + mrs x18, sctlr_el1 + bic x18, x18, #SCTLR_ELx_M + msr sctlr_el1, x18 + isb + + /* Everybody is enjoying the idmap, so we can rewrite swapper. */ + /* PGD */ + mov cur_pgdp, swapper_pa + add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8) +do_pgd: __idmap_kpti_get_pgtable_ent pgd + tbnz pgd, #1, walk_puds + __idmap_kpti_put_pgtable_ent_ng pgd +next_pgd: + add cur_pgdp, cur_pgdp, #8 + cmp cur_pgdp, end_pgdp + b.ne do_pgd + + /* Publish the updated tables and nuke all the TLBs */ + dsb sy + tlbi vmalle1is + dsb ish + isb + + /* We're done: fire up the MMU again */ + mrs x18, sctlr_el1 + orr x18, x18, #SCTLR_ELx_M + msr sctlr_el1, x18 + isb + + /* Set the flag to zero to indicate that we're all done */ + str wzr, [flag_ptr] + ret + + /* PUD */ +walk_puds: + .if CONFIG_PGTABLE_LEVELS > 3 + pte_to_phys cur_pudp, pgd + add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8) +do_pud: __idmap_kpti_get_pgtable_ent pud + tbnz pud, #1, walk_pmds + __idmap_kpti_put_pgtable_ent_ng pud +next_pud: + add cur_pudp, cur_pudp, 8 + cmp cur_pudp, end_pudp + b.ne do_pud + b next_pgd + .else /* CONFIG_PGTABLE_LEVELS <= 3 */ + mov pud, pgd + b walk_pmds +next_pud: + b next_pgd + .endif + + /* PMD */ +walk_pmds: + .if CONFIG_PGTABLE_LEVELS > 2 + pte_to_phys cur_pmdp, pud + add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8) +do_pmd: __idmap_kpti_get_pgtable_ent pmd + tbnz pmd, #1, walk_ptes + __idmap_kpti_put_pgtable_ent_ng pmd +next_pmd: + add cur_pmdp, cur_pmdp, #8 + cmp cur_pmdp, end_pmdp + b.ne do_pmd + b next_pud + .else /* CONFIG_PGTABLE_LEVELS <= 2 */ + mov pmd, pud + b walk_ptes +next_pmd: + b next_pud + .endif + + /* PTE */ +walk_ptes: + pte_to_phys cur_ptep, pmd + add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8) +do_pte: __idmap_kpti_get_pgtable_ent pte + __idmap_kpti_put_pgtable_ent_ng pte +next_pte: + add cur_ptep, cur_ptep, #8 + cmp cur_ptep, end_ptep + b.ne do_pte + b next_pmd + + /* Secondary CPUs end up here */ +__idmap_kpti_secondary: + /* Uninstall swapper before surgery begins */ + __idmap_cpu_set_reserved_ttbr1 x18, x17 + + /* Increment the flag to let the boot CPU we're ready */ +1: ldxr w18, [flag_ptr] + add w18, w18, #1 + stxr w17, w18, [flag_ptr] + cbnz w17, 1b + + /* Wait for the boot CPU to finish messing around with swapper */ + sevl +1: wfe + ldxr w18, [flag_ptr] + cbnz w18, 1b + + /* All done, act like nothing happened */ + msr ttbr1_el1, swapper_ttb + isb + ret + + .unreq cpu + .unreq num_cpus + .unreq swapper_pa + .unreq swapper_ttb + .unreq flag_ptr + .unreq cur_pgdp + .unreq end_pgdp + .unreq pgd + .unreq cur_pudp + .unreq end_pudp + .unreq pud + .unreq cur_pmdp + .unreq end_pmdp + .unreq pmd + .unreq cur_ptep + .unreq end_ptep + .unreq pte +ENDPROC(idmap_kpti_install_ng_mappings) + .popsection +#endif + /* * __cpu_setup * From patchwork Tue Apr 3 11:09:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132730 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666487ljb; Tue, 3 Apr 2018 04:10:39 -0700 (PDT) X-Google-Smtp-Source: AIpwx48lKEJ9a7VpXD8/AUjxMY5UWG5Cn+4P0gJE95alJGrvfJlVwGwCICEtq2P72zuNtV4Hjy1X X-Received: by 2002:a17:902:7582:: with SMTP id j2-v6mr7083394pll.46.1522753839447; Tue, 03 Apr 2018 04:10:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753839; cv=none; d=google.com; s=arc-20160816; b=Zeo/XxXBLEj7CsLLznqtM2zRKp2xwTVI5K3G4+80JnVeArM1ONGeTXVqMxJU2F/huT 34r+2CCJylXL3N3DyM3td0PgC9KD2UvImHAVcXpCab02dXR963gobIK0hgwMYp8jm8gg FKem0HRZ7ZV8NYfLdWki8YS+A5nqxqAkRjpZPflteZlJbiXMe5Ph6VYMlQnw1pDBd3w0 DOrVBA/pA+hEfDlgVxktdLeagnEADcg/YZxrz2kDNxa/YklonM4r9ojtucTPc4TH6Pk/ MOFxw9fMPXeK9I3OIBptMwmr1cm0cCIMA2ZgTV7SRE6u5Pv30H75vOO4orYTre97WgYr 1fpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=mzKQPtYBSLp/5rEejpOTylIbjpD2eXF1kcfkcg+UApw=; b=F52OZRGhfK13GYz8E66xoNEl6N51++FvZ7asLBOzfhwWlXj3Obn8ZPzA59MGYjP9Hi GW0NTyduq66u1HqKLHAgLq0RDKrMWcpS3AbfhMDNhKbWWV50ubXoAYfB4asO84huxxWA XGKBCLsI5LwWSgi8ZjgVoiezqn5DxGNgQjXUsJPIpcwmOSbXVpkX4XMj1FAKYA1t7/RY l4qM8pWYJfmdoIsws8G5f8yPHeL6ItjoOYmFnl7uAYg6HJnY7uhK39lCdICDmZhkeTeP 4GcLB8OoTTRZUSjak9Ziobd5BL9dqDKuI8hUtQWdxjXSXRbc/qSWigWqjw6VK031CLgt Q94A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.39; Tue, 03 Apr 2018 04:10:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755444AbeDCLKh (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:37 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59426 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755267AbeDCLKf (ORCPT ); Tue, 3 Apr 2018 07:10:35 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7179F1596; Tue, 3 Apr 2018 04:10:35 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 40E593F587; Tue, 3 Apr 2018 04:10:34 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 25/27] arm64: Force KPTI to be disabled on Cavium ThunderX Date: Tue, 3 Apr 2018 12:09:21 +0100 Message-Id: <20180403110923.43575-26-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier commit 6dc52b15c4a4 upstream. Cavium ThunderX's erratum 27456 results in a corruption of icache entries that are loaded from memory that is mapped as non-global (i.e. ASID-tagged). As KPTI is based on memory being mapped non-global, let's prevent it from kicking in if this erratum is detected. Signed-off-by: Marc Zyngier [will: Update comment] Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas [Alex: use cpus_have_cap as cpus_have_const_cap doesn't exist in v4.9] Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/cpufeature.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 8d41a3f94954..5056fc597ae9 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -753,12 +753,23 @@ static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, int __unused) { + char const *str = "command line option"; u64 pfr0 = read_system_reg(SYS_ID_AA64PFR0_EL1); - /* Forced on command line? */ + /* + * For reasons that aren't entirely clear, enabling KPTI on Cavium + * ThunderX leads to apparent I-cache corruption of kernel text, which + * ends as well as you might imagine. Don't even try. + */ + if (cpus_have_cap(ARM64_WORKAROUND_CAVIUM_27456)) { + str = "ARM64_WORKAROUND_CAVIUM_27456"; + __kpti_forced = -1; + } + + /* Forced? */ if (__kpti_forced) { - pr_info_once("kernel page table isolation forced %s by command line option\n", - __kpti_forced > 0 ? "ON" : "OFF"); + pr_info_once("kernel page table isolation forced %s by %s\n", + __kpti_forced > 0 ? "ON" : "OFF", str); return __kpti_forced > 0; } From patchwork Tue Apr 3 11:09:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132731 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666530ljb; Tue, 3 Apr 2018 04:10:40 -0700 (PDT) X-Google-Smtp-Source: AIpwx4831TtMn5RtuKI3RIo6OGzcch+abdg4+84be5ccyraL4R6VXBPn0v/lfOFyVC9CPssRUZwS X-Received: by 2002:a17:902:7785:: with SMTP id o5-v6mr11947586pll.356.1522753840716; Tue, 03 Apr 2018 04:10:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753840; cv=none; d=google.com; s=arc-20160816; b=r7xZa8+K7T8Ruajo7vYfXTgCLe4bjUXk2YefGdYz3oKnGQHmCRHUsKRxKEQQxTTJPs U+YvVdZycCaSHiWZnTLhLtmd66a7o5D1mZUQsso2JTqXgrykmZJJ3Kl4rQyJOvnaAmfb oX2JfvxfJ0nJMgfaLYWE1/+I+Gj0nvHfoBenKKN6nnsjB4iKcykmV2MmIPLcA9iBFa/A XdTAuARwIacpC4Uc1BkSRS6EMDYj53v6vUQr0AdBn/0UrSnoxsKjLgx6gbNvp3t/eY0o U1aIFeUjGRRxS0wgCYnwCBTZQ98tnNrr+0iEuCkyicJXNvpw3at2ZTZzSLuQWZfytmrn W6FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=xPfm9nry8I7PGE6eR3ftu7Td/FDq9QTxHsBb14QXJ2U=; b=MR3d6Fk22R1Ihp6+ak8TlQ3USpTchEwju0C5t/8mk7XebOEadV6zI5OfFMYqF0fSKd zjXn1tEyEInopVOsn5PeQC2zDYgF/AKsUjgkprH+FuEkAQkxiFkaAxgSaJpezOEOB8Og PpP9f0SZiBwVDi4vfg6gZjqh+LyLJ5TTBq4Dj7LmMWWEuCjAIos9gnHLa/kkJW38o7kA w6G8womHrNGGOpVm8oOXjRNST1hxAQwLJvJOd4zUortZaA0k6bLlUoy32kogiUdLIhga RDqgkpJ/QehMAU1e92a4/BHpWgc2XdEot9N6Pw1fp9mgJWy//5JZOb8BKTZcDlQc8LQG wbew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.40; Tue, 03 Apr 2018 04:10:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755267AbeDCLKi (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:38 -0400 Received: from foss.arm.com ([217.140.101.70]:59432 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755361AbeDCLKh (ORCPT ); Tue, 3 Apr 2018 07:10:37 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1B7711435; Tue, 3 Apr 2018 04:10:37 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DF1933F587; Tue, 3 Apr 2018 04:10:35 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 26/27] arm64: entry: Reword comment about post_ttbr_update_workaround Date: Tue, 3 Apr 2018 12:09:22 +0100 Message-Id: <20180403110923.43575-27-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit f167211a93ac upstream. We don't fully understand the Cavium ThunderX erratum, but it appears that mapping the kernel as nG can lead to horrible consequences such as attempting to execute userspace from kernel context. Since kpti isn't enabled for these CPUs anyway, simplify the comment justifying the lack of post_ttbr_update_workaround in the exception trampoline. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/entry.S | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index f35ca1e54b5a..8d1600b18562 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -861,16 +861,9 @@ __ni_sys_trace: orr \tmp, \tmp, #USER_ASID_FLAG msr ttbr1_el1, \tmp /* - * We avoid running the post_ttbr_update_workaround here because the - * user and kernel ASIDs don't have conflicting mappings, so any - * "blessing" as described in: - * - * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com - * - * will not hurt correctness. Whilst this may partially defeat the - * point of using split ASIDs in the first place, it avoids - * the hit of invalidating the entire I-cache on every return to - * userspace. + * We avoid running the post_ttbr_update_workaround here because + * it's only needed by Cavium ThunderX, which requires KPTI to be + * disabled. */ .endm From patchwork Tue Apr 3 11:09:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132733 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666574ljb; Tue, 3 Apr 2018 04:10:43 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+hODj9fP3v9yQu9UuHyRjowcbGmYaWqydfJ2ozy0Gr+mtOJwtmB/Xx4och0z/4DA9wi6ou X-Received: by 10.98.204.12 with SMTP id a12mr10248007pfg.3.1522753843581; Tue, 03 Apr 2018 04:10:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753843; cv=none; d=google.com; s=arc-20160816; b=TktPC2DGxMAozeacYxNS/GjZPzMWLDPzc2H3skN2E9M4emjtkYJfWQ+129Y9V6yBXw 7xgt0qYVR+d9V7DVirtnAMvcLe7phJNxSA4PiTyryHyxsjzKhaI9dJjcyN5OkRGRXqk8 VPKu2iMgaNDhUyfCSj4nlT41zqv9J5arku5T57+Z70qtMei2DI35DkpEijhyTzaXzgJg uqQa1QhL73SXpRiQxSu8SgU2yaWHLaqlZBELZO5Cu9G0oSL5uMWH8xR6tG+ZfEY9lCEM pA8EuQ9aipaT0i0GzyakyHzzVXVSo96K9kHukoQ46ur9ob7AMqa361DXBtKj1xP0v/+d jZlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=f/tI2dYzkiSlxD+EVxQqHQPi9ilezdvGnes4ReF8T64=; b=ZTn76l7Qd+HpKXDmAPaYdh77+uxEY0P32uNEAiODizgYJn7APiPPGWxRBk3rokS2ST Y0j25msn7+y77D6LQF8Q7W+XXapvi+DDV86wVXizAjKS3dtXiKOKdhZxtk0CwkxkcnbW i5QBpfHsPULtCgq6boCjcKWTAZe4lbrisGnEslQe9VpQFBNdCzUZuEYye03Gy8SpuVz/ FpMqy6dxy/D/CK5xnrr2aKctt6Oobe3aBThbavn43lnUOfIrGoJXgr33pTWj9fZBjAc9 78agSFu7tz8WbUb9Tl1sBTC8xmikVm2ulK7TBnjwvevGTIP8kgS2rgYg9V5up1drkQzP jrrQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si295691plr.273.2018.04.03.04.10.43; Tue, 03 Apr 2018 04:10:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755270AbeDCLKl (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:41 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59438 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755516AbeDCLKj (ORCPT ); Tue, 3 Apr 2018 07:10:39 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 040B81435; Tue, 3 Apr 2018 04:10:39 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C7B013F587; Tue, 3 Apr 2018 04:10:37 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 27/27] arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives Date: Tue, 3 Apr 2018 12:09:23 +0100 Message-Id: <20180403110923.43575-28-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 439e70e27a51 upstream. The identity map is mapped as both writeable and executable by the SWAPPER_MM_MMUFLAGS and this is relied upon by the kpti code to manage a synchronisation flag. Update the .pushsection flags to reflect the actual mapping attributes. Reported-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/kernel/cpu-reset.S | 2 +- arch/arm64/kernel/head.S | 2 +- arch/arm64/kernel/sleep.S | 2 +- arch/arm64/mm/proc.S | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) -- 2.11.0 diff --git a/arch/arm64/kernel/cpu-reset.S b/arch/arm64/kernel/cpu-reset.S index 65f42d257414..f736a6f81ecd 100644 --- a/arch/arm64/kernel/cpu-reset.S +++ b/arch/arm64/kernel/cpu-reset.S @@ -16,7 +16,7 @@ #include .text -.pushsection .idmap.text, "ax" +.pushsection .idmap.text, "awx" /* * __cpu_soft_restart(el2_switch, entry, arg0, arg1, arg2) - Helper for diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 539bebc1222f..fa52817d84c5 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -473,7 +473,7 @@ ENDPROC(__primary_switched) * end early head section, begin head code that is also used for * hotplug and needs to have the same protections as the text region */ - .section ".idmap.text","ax" + .section ".idmap.text","awx" ENTRY(kimage_vaddr) .quad _text - TEXT_OFFSET diff --git a/arch/arm64/kernel/sleep.S b/arch/arm64/kernel/sleep.S index 1bec41b5fda3..0030d6964e65 100644 --- a/arch/arm64/kernel/sleep.S +++ b/arch/arm64/kernel/sleep.S @@ -95,7 +95,7 @@ ENTRY(__cpu_suspend_enter) ret ENDPROC(__cpu_suspend_enter) - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(cpu_resume) bl el2_setup // if in EL2 drop to EL1 cleanly bl __cpu_setup diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 5c268f5767b4..c07d9cc057e6 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -83,7 +83,7 @@ ENDPROC(cpu_do_suspend) * * x0: Address of context pointer */ - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(cpu_do_resume) ldp x2, x3, [x0] ldp x4, x5, [x0, #16] @@ -147,7 +147,7 @@ alternative_else_nop_endif ret ENDPROC(cpu_do_switch_mm) - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" .macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2 adrp \tmp1, empty_zero_page @@ -180,7 +180,7 @@ ENDPROC(idmap_cpu_replace_ttbr1) .popsection #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" .macro __idmap_kpti_get_pgtable_ent, type dc cvac, cur_\()\type\()p // Ensure any existing dirty @@ -368,7 +368,7 @@ ENDPROC(idmap_kpti_install_ng_mappings) * Initialise the processor for turning the MMU on. Return in x0 the * value of the SCTLR_EL1 register. */ - .pushsection ".idmap.text", "ax" + .pushsection ".idmap.text", "awx" ENTRY(__cpu_setup) tlbi vmalle1 // Invalidate local TLB dsb nsh