1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  Copyright (C) 2001 Ben. Herrenschmidt (benh@kernel.crashing.org)
4  *
5  *  Modifications for ppc64:
6  *      Copyright (C) 2003 Dave Engebretsen <engebret@us.ibm.com>
7  *
8  *  Copyright 2008 Michael Ellerman, IBM Corporation.
9  */
10 
11 #include <linux/types.h>
12 #include <linux/jump_label.h>
13 #include <linux/kernel.h>
14 #include <linux/string.h>
15 #include <linux/init.h>
16 #include <linux/sched/mm.h>
17 #include <linux/stop_machine.h>
18 #include <asm/cputable.h>
19 #include <asm/code-patching.h>
20 #include <asm/interrupt.h>
21 #include <asm/page.h>
22 #include <asm/sections.h>
23 #include <asm/setup.h>
24 #include <asm/security_features.h>
25 #include <asm/firmware.h>
26 #include <asm/inst.h>
27 
28 /*
29  * Used to generate warnings if mmu or cpu feature check functions that
30  * use static keys before they are initialized.
31  */
32 bool static_key_feature_checks_initialized __read_mostly;
33 EXPORT_SYMBOL_GPL(static_key_feature_checks_initialized);
34 
35 struct fixup_entry {
36 	unsigned long	mask;
37 	unsigned long	value;
38 	long		start_off;
39 	long		end_off;
40 	long		alt_start_off;
41 	long		alt_end_off;
42 };
43 
calc_addr(struct fixup_entry * fcur,long offset)44 static u32 *calc_addr(struct fixup_entry *fcur, long offset)
45 {
46 	/*
47 	 * We store the offset to the code as a negative offset from
48 	 * the start of the alt_entry, to support the VDSO. This
49 	 * routine converts that back into an actual address.
50 	 */
51 	return (u32 *)((unsigned long)fcur + offset);
52 }
53 
patch_alt_instruction(u32 * src,u32 * dest,u32 * alt_start,u32 * alt_end)54 static int patch_alt_instruction(u32 *src, u32 *dest, u32 *alt_start, u32 *alt_end)
55 {
56 	int err;
57 	ppc_inst_t instr;
58 
59 	instr = ppc_inst_read(src);
60 
61 	if (instr_is_relative_branch(ppc_inst_read(src))) {
62 		u32 *target = (u32 *)branch_target(src);
63 
64 		/* Branch within the section doesn't need translating */
65 		if (target < alt_start || target > alt_end) {
66 			err = translate_branch(&instr, dest, src);
67 			if (err)
68 				return 1;
69 		}
70 	}
71 
72 	raw_patch_instruction(dest, instr);
73 
74 	return 0;
75 }
76 
patch_feature_section_mask(unsigned long value,unsigned long mask,struct fixup_entry * fcur)77 static int patch_feature_section_mask(unsigned long value, unsigned long mask,
78 				      struct fixup_entry *fcur)
79 {
80 	u32 *start, *end, *alt_start, *alt_end, *src, *dest;
81 
82 	start = calc_addr(fcur, fcur->start_off);
83 	end = calc_addr(fcur, fcur->end_off);
84 	alt_start = calc_addr(fcur, fcur->alt_start_off);
85 	alt_end = calc_addr(fcur, fcur->alt_end_off);
86 
87 	if ((alt_end - alt_start) > (end - start))
88 		return 1;
89 
90 	if ((value & fcur->mask & mask) == (fcur->value & mask))
91 		return 0;
92 
93 	src = alt_start;
94 	dest = start;
95 
96 	for (; src < alt_end; src = ppc_inst_next(src, src),
97 			      dest = ppc_inst_next(dest, dest)) {
98 		if (patch_alt_instruction(src, dest, alt_start, alt_end))
99 			return 1;
100 	}
101 
102 	for (; dest < end; dest++)
103 		raw_patch_instruction(dest, ppc_inst(PPC_RAW_NOP()));
104 
105 	return 0;
106 }
107 
do_feature_fixups_mask(unsigned long value,unsigned long mask,void * fixup_start,void * fixup_end)108 static void do_feature_fixups_mask(unsigned long value, unsigned long mask,
109 				   void *fixup_start, void *fixup_end)
110 {
111 	struct fixup_entry *fcur, *fend;
112 
113 	fcur = fixup_start;
114 	fend = fixup_end;
115 
116 	for (; fcur < fend; fcur++) {
117 		if (patch_feature_section_mask(value, mask, fcur)) {
118 			WARN_ON(1);
119 			printk("Unable to patch feature section at %p - %p" \
120 				" with %p - %p\n",
121 				calc_addr(fcur, fcur->start_off),
122 				calc_addr(fcur, fcur->end_off),
123 				calc_addr(fcur, fcur->alt_start_off),
124 				calc_addr(fcur, fcur->alt_end_off));
125 		}
126 	}
127 }
128 
do_feature_fixups(unsigned long value,void * fixup_start,void * fixup_end)129 void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end)
130 {
131 	do_feature_fixups_mask(value, ~0, fixup_start, fixup_end);
132 }
133 
134 #ifdef CONFIG_PPC_BARRIER_NOSPEC
is_fixup_addr_valid(void * dest,size_t size)135 static bool is_fixup_addr_valid(void *dest, size_t size)
136 {
137 	return system_state < SYSTEM_FREEING_INITMEM ||
138 	       !init_section_contains(dest, size);
139 }
140 
do_patch_fixups(long * start,long * end,unsigned int * instrs,int num)141 static int do_patch_fixups(long *start, long *end, unsigned int *instrs, int num)
142 {
143 	int i;
144 
145 	for (i = 0; start < end; start++, i++) {
146 		int j;
147 		unsigned int *dest = (void *)start + *start;
148 
149 		if (!is_fixup_addr_valid(dest, sizeof(*instrs) * num))
150 			continue;
151 
152 		pr_devel("patching dest %lx\n", (unsigned long)dest);
153 
154 		for (j = 0; j < num; j++)
155 			patch_instruction(dest + j, ppc_inst(instrs[j]));
156 	}
157 	return i;
158 }
159 #endif
160 
161 #ifdef CONFIG_PPC_BOOK3S_64
do_patch_entry_fixups(long * start,long * end,unsigned int * instrs,bool do_fallback,void * fallback)162 static int do_patch_entry_fixups(long *start, long *end, unsigned int *instrs,
163 				 bool do_fallback, void *fallback)
164 {
165 	int i;
166 
167 	for (i = 0; start < end; start++, i++) {
168 		unsigned int *dest = (void *)start + *start;
169 
170 		if (!is_fixup_addr_valid(dest, sizeof(*instrs) * 3))
171 			continue;
172 
173 		pr_devel("patching dest %lx\n", (unsigned long)dest);
174 
175 		// See comment in do_entry_flush_fixups() RE order of patching
176 		if (do_fallback) {
177 			patch_instruction(dest, ppc_inst(instrs[0]));
178 			patch_instruction(dest + 2, ppc_inst(instrs[2]));
179 			patch_branch(dest + 1, (unsigned long)fallback, BRANCH_SET_LINK);
180 		} else {
181 			patch_instruction(dest + 1, ppc_inst(instrs[1]));
182 			patch_instruction(dest + 2, ppc_inst(instrs[2]));
183 			patch_instruction(dest, ppc_inst(instrs[0]));
184 		}
185 	}
186 	return i;
187 }
188 
do_stf_entry_barrier_fixups(enum stf_barrier_type types)189 static void do_stf_entry_barrier_fixups(enum stf_barrier_type types)
190 {
191 	unsigned int instrs[3];
192 	long *start, *end;
193 	int i;
194 
195 	start = PTRRELOC(&__start___stf_entry_barrier_fixup);
196 	end = PTRRELOC(&__stop___stf_entry_barrier_fixup);
197 
198 	instrs[0] = PPC_RAW_NOP();
199 	instrs[1] = PPC_RAW_NOP();
200 	instrs[2] = PPC_RAW_NOP();
201 
202 	i = 0;
203 	if (types & STF_BARRIER_FALLBACK) {
204 		instrs[i++] = PPC_RAW_MFLR(_R10);
205 		instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
206 		instrs[i++] = PPC_RAW_MTLR(_R10);
207 	} else if (types & STF_BARRIER_EIEIO) {
208 		instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
209 	} else if (types & STF_BARRIER_SYNC_ORI) {
210 		instrs[i++] = PPC_RAW_SYNC();
211 		instrs[i++] = PPC_RAW_LD(_R10, _R13, 0);
212 		instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
213 	}
214 
215 	i = do_patch_entry_fixups(start, end, instrs, types & STF_BARRIER_FALLBACK,
216 				  &stf_barrier_fallback);
217 
218 	printk(KERN_DEBUG "stf-barrier: patched %d entry locations (%s barrier)\n", i,
219 		(types == STF_BARRIER_NONE)                  ? "no" :
220 		(types == STF_BARRIER_FALLBACK)              ? "fallback" :
221 		(types == STF_BARRIER_EIEIO)                 ? "eieio" :
222 		(types == (STF_BARRIER_SYNC_ORI))            ? "hwsync"
223 		                                           : "unknown");
224 }
225 
do_stf_exit_barrier_fixups(enum stf_barrier_type types)226 static void do_stf_exit_barrier_fixups(enum stf_barrier_type types)
227 {
228 	unsigned int instrs[6];
229 	long *start, *end;
230 	int i;
231 
232 	start = PTRRELOC(&__start___stf_exit_barrier_fixup);
233 	end = PTRRELOC(&__stop___stf_exit_barrier_fixup);
234 
235 	instrs[0] = PPC_RAW_NOP();
236 	instrs[1] = PPC_RAW_NOP();
237 	instrs[2] = PPC_RAW_NOP();
238 	instrs[3] = PPC_RAW_NOP();
239 	instrs[4] = PPC_RAW_NOP();
240 	instrs[5] = PPC_RAW_NOP();
241 
242 	i = 0;
243 	if (types & STF_BARRIER_FALLBACK || types & STF_BARRIER_SYNC_ORI) {
244 		if (cpu_has_feature(CPU_FTR_HVMODE)) {
245 			instrs[i++] = PPC_RAW_MTSPR(SPRN_HSPRG1, _R13);
246 			instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG0);
247 		} else {
248 			instrs[i++] = PPC_RAW_MTSPR(SPRN_SPRG2, _R13);
249 			instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG1);
250 	        }
251 		instrs[i++] = PPC_RAW_SYNC();
252 		instrs[i++] = PPC_RAW_LD(_R13, _R13, 0);
253 		instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
254 		if (cpu_has_feature(CPU_FTR_HVMODE))
255 			instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG1);
256 		else
257 			instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG2);
258 	} else if (types & STF_BARRIER_EIEIO) {
259 		instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
260 	}
261 
262 	i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
263 
264 	printk(KERN_DEBUG "stf-barrier: patched %d exit locations (%s barrier)\n", i,
265 		(types == STF_BARRIER_NONE)                  ? "no" :
266 		(types == STF_BARRIER_FALLBACK)              ? "fallback" :
267 		(types == STF_BARRIER_EIEIO)                 ? "eieio" :
268 		(types == (STF_BARRIER_SYNC_ORI))            ? "hwsync"
269 		                                           : "unknown");
270 }
271 
272 static bool stf_exit_reentrant = false;
273 static bool rfi_exit_reentrant = false;
274 static DEFINE_MUTEX(exit_flush_lock);
275 
__do_stf_barrier_fixups(void * data)276 static int __do_stf_barrier_fixups(void *data)
277 {
278 	enum stf_barrier_type *types = data;
279 
280 	do_stf_entry_barrier_fixups(*types);
281 	do_stf_exit_barrier_fixups(*types);
282 
283 	return 0;
284 }
285 
do_stf_barrier_fixups(enum stf_barrier_type types)286 void do_stf_barrier_fixups(enum stf_barrier_type types)
287 {
288 	/*
289 	 * The call to the fallback entry flush, and the fallback/sync-ori exit
290 	 * flush can not be safely patched in/out while other CPUs are
291 	 * executing them. So call __do_stf_barrier_fixups() on one CPU while
292 	 * all other CPUs spin in the stop machine core with interrupts hard
293 	 * disabled.
294 	 *
295 	 * The branch to mark interrupt exits non-reentrant is enabled first,
296 	 * then stop_machine runs which will ensure all CPUs are out of the
297 	 * low level interrupt exit code before patching. After the patching,
298 	 * if allowed, then flip the branch to allow fast exits.
299 	 */
300 
301 	// Prevent static key update races with do_rfi_flush_fixups()
302 	mutex_lock(&exit_flush_lock);
303 	static_branch_enable(&interrupt_exit_not_reentrant);
304 
305 	stop_machine(__do_stf_barrier_fixups, &types, NULL);
306 
307 	if ((types & STF_BARRIER_FALLBACK) || (types & STF_BARRIER_SYNC_ORI))
308 		stf_exit_reentrant = false;
309 	else
310 		stf_exit_reentrant = true;
311 
312 	if (stf_exit_reentrant && rfi_exit_reentrant)
313 		static_branch_disable(&interrupt_exit_not_reentrant);
314 
315 	mutex_unlock(&exit_flush_lock);
316 }
317 
do_uaccess_flush_fixups(enum l1d_flush_type types)318 void do_uaccess_flush_fixups(enum l1d_flush_type types)
319 {
320 	unsigned int instrs[4];
321 	long *start, *end;
322 	int i;
323 
324 	start = PTRRELOC(&__start___uaccess_flush_fixup);
325 	end = PTRRELOC(&__stop___uaccess_flush_fixup);
326 
327 	instrs[0] = PPC_RAW_NOP();
328 	instrs[1] = PPC_RAW_NOP();
329 	instrs[2] = PPC_RAW_NOP();
330 	instrs[3] = PPC_RAW_BLR();
331 
332 	i = 0;
333 	if (types == L1D_FLUSH_FALLBACK) {
334 		instrs[3] = PPC_RAW_NOP();
335 		/* fallthrough to fallback flush */
336 	}
337 
338 	if (types & L1D_FLUSH_ORI) {
339 		instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
340 		instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
341 	}
342 
343 	if (types & L1D_FLUSH_MTTRIG)
344 		instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
345 
346 	i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
347 
348 	printk(KERN_DEBUG "uaccess-flush: patched %d locations (%s flush)\n", i,
349 		(types == L1D_FLUSH_NONE)       ? "no" :
350 		(types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
351 		(types &  L1D_FLUSH_ORI)        ? (types & L1D_FLUSH_MTTRIG)
352 							? "ori+mttrig type"
353 							: "ori type" :
354 		(types &  L1D_FLUSH_MTTRIG)     ? "mttrig type"
355 						: "unknown");
356 }
357 
__do_entry_flush_fixups(void * data)358 static int __do_entry_flush_fixups(void *data)
359 {
360 	enum l1d_flush_type types = *(enum l1d_flush_type *)data;
361 	unsigned int instrs[3];
362 	long *start, *end;
363 	int i;
364 
365 	instrs[0] = PPC_RAW_NOP();
366 	instrs[1] = PPC_RAW_NOP();
367 	instrs[2] = PPC_RAW_NOP();
368 
369 	i = 0;
370 	if (types == L1D_FLUSH_FALLBACK) {
371 		instrs[i++] = PPC_RAW_MFLR(_R10);
372 		instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
373 		instrs[i++] = PPC_RAW_MTLR(_R10);
374 	}
375 
376 	if (types & L1D_FLUSH_ORI) {
377 		instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
378 		instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
379 	}
380 
381 	if (types & L1D_FLUSH_MTTRIG)
382 		instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
383 
384 	/*
385 	 * If we're patching in or out the fallback flush we need to be careful about the
386 	 * order in which we patch instructions. That's because it's possible we could
387 	 * take a page fault after patching one instruction, so the sequence of
388 	 * instructions must be safe even in a half patched state.
389 	 *
390 	 * To make that work, when patching in the fallback flush we patch in this order:
391 	 *  - the mflr		(dest)
392 	 *  - the mtlr		(dest + 2)
393 	 *  - the branch	(dest + 1)
394 	 *
395 	 * That ensures the sequence is safe to execute at any point. In contrast if we
396 	 * patch the mtlr last, it's possible we could return from the branch and not
397 	 * restore LR, leading to a crash later.
398 	 *
399 	 * When patching out the fallback flush (either with nops or another flush type),
400 	 * we patch in this order:
401 	 *  - the branch	(dest + 1)
402 	 *  - the mtlr		(dest + 2)
403 	 *  - the mflr		(dest)
404 	 *
405 	 * Note we are protected by stop_machine() from other CPUs executing the code in a
406 	 * semi-patched state.
407 	 */
408 
409 	start = PTRRELOC(&__start___entry_flush_fixup);
410 	end = PTRRELOC(&__stop___entry_flush_fixup);
411 	i = do_patch_entry_fixups(start, end, instrs, types == L1D_FLUSH_FALLBACK,
412 				  &entry_flush_fallback);
413 
414 	start = PTRRELOC(&__start___scv_entry_flush_fixup);
415 	end = PTRRELOC(&__stop___scv_entry_flush_fixup);
416 	i += do_patch_entry_fixups(start, end, instrs, types == L1D_FLUSH_FALLBACK,
417 				   &scv_entry_flush_fallback);
418 
419 	printk(KERN_DEBUG "entry-flush: patched %d locations (%s flush)\n", i,
420 		(types == L1D_FLUSH_NONE)       ? "no" :
421 		(types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
422 		(types &  L1D_FLUSH_ORI)        ? (types & L1D_FLUSH_MTTRIG)
423 							? "ori+mttrig type"
424 							: "ori type" :
425 		(types &  L1D_FLUSH_MTTRIG)     ? "mttrig type"
426 						: "unknown");
427 
428 	return 0;
429 }
430 
do_entry_flush_fixups(enum l1d_flush_type types)431 void do_entry_flush_fixups(enum l1d_flush_type types)
432 {
433 	/*
434 	 * The call to the fallback flush can not be safely patched in/out while
435 	 * other CPUs are executing it. So call __do_entry_flush_fixups() on one
436 	 * CPU while all other CPUs spin in the stop machine core with interrupts
437 	 * hard disabled.
438 	 */
439 	stop_machine(__do_entry_flush_fixups, &types, NULL);
440 }
441 
__do_rfi_flush_fixups(void * data)442 static int __do_rfi_flush_fixups(void *data)
443 {
444 	enum l1d_flush_type types = *(enum l1d_flush_type *)data;
445 	unsigned int instrs[3];
446 	long *start, *end;
447 	int i;
448 
449 	start = PTRRELOC(&__start___rfi_flush_fixup);
450 	end = PTRRELOC(&__stop___rfi_flush_fixup);
451 
452 	instrs[0] = PPC_RAW_NOP();
453 	instrs[1] = PPC_RAW_NOP();
454 	instrs[2] = PPC_RAW_NOP();
455 
456 	if (types & L1D_FLUSH_FALLBACK)
457 		/* b .+16 to fallback flush */
458 		instrs[0] = PPC_RAW_BRANCH(16);
459 
460 	i = 0;
461 	if (types & L1D_FLUSH_ORI) {
462 		instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
463 		instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
464 	}
465 
466 	if (types & L1D_FLUSH_MTTRIG)
467 		instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
468 
469 	i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
470 
471 	printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
472 		(types == L1D_FLUSH_NONE)       ? "no" :
473 		(types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
474 		(types &  L1D_FLUSH_ORI)        ? (types & L1D_FLUSH_MTTRIG)
475 							? "ori+mttrig type"
476 							: "ori type" :
477 		(types &  L1D_FLUSH_MTTRIG)     ? "mttrig type"
478 						: "unknown");
479 
480 	return 0;
481 }
482 
do_rfi_flush_fixups(enum l1d_flush_type types)483 void do_rfi_flush_fixups(enum l1d_flush_type types)
484 {
485 	/*
486 	 * stop_machine gets all CPUs out of the interrupt exit handler same
487 	 * as do_stf_barrier_fixups. do_rfi_flush_fixups patching can run
488 	 * without stop_machine, so this could be achieved with a broadcast
489 	 * IPI instead, but this matches the stf sequence.
490 	 */
491 
492 	// Prevent static key update races with do_stf_barrier_fixups()
493 	mutex_lock(&exit_flush_lock);
494 	static_branch_enable(&interrupt_exit_not_reentrant);
495 
496 	stop_machine(__do_rfi_flush_fixups, &types, NULL);
497 
498 	if (types & L1D_FLUSH_FALLBACK)
499 		rfi_exit_reentrant = false;
500 	else
501 		rfi_exit_reentrant = true;
502 
503 	if (stf_exit_reentrant && rfi_exit_reentrant)
504 		static_branch_disable(&interrupt_exit_not_reentrant);
505 
506 	mutex_unlock(&exit_flush_lock);
507 }
508 
do_barrier_nospec_fixups_range(bool enable,void * fixup_start,void * fixup_end)509 void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
510 {
511 	unsigned int instr;
512 	long *start, *end;
513 	int i;
514 
515 	start = fixup_start;
516 	end = fixup_end;
517 
518 	instr = PPC_RAW_NOP();
519 
520 	if (enable) {
521 		pr_info("barrier-nospec: using ORI speculation barrier\n");
522 		instr = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
523 	}
524 
525 	i = do_patch_fixups(start, end, &instr, 1);
526 
527 	printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
528 }
529 
530 #endif /* CONFIG_PPC_BOOK3S_64 */
531 
532 #ifdef CONFIG_PPC_BARRIER_NOSPEC
do_barrier_nospec_fixups(bool enable)533 void do_barrier_nospec_fixups(bool enable)
534 {
535 	void *start, *end;
536 
537 	start = PTRRELOC(&__start___barrier_nospec_fixup);
538 	end = PTRRELOC(&__stop___barrier_nospec_fixup);
539 
540 	do_barrier_nospec_fixups_range(enable, start, end);
541 }
542 #endif /* CONFIG_PPC_BARRIER_NOSPEC */
543 
544 #ifdef CONFIG_PPC_E500
do_barrier_nospec_fixups_range(bool enable,void * fixup_start,void * fixup_end)545 void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
546 {
547 	unsigned int instr[2];
548 	long *start, *end;
549 	int i;
550 
551 	start = fixup_start;
552 	end = fixup_end;
553 
554 	instr[0] = PPC_RAW_NOP();
555 	instr[1] = PPC_RAW_NOP();
556 
557 	if (enable) {
558 		pr_info("barrier-nospec: using isync; sync as speculation barrier\n");
559 		instr[0] = PPC_RAW_ISYNC();
560 		instr[1] = PPC_RAW_SYNC();
561 	}
562 
563 	i = do_patch_fixups(start, end, instr, ARRAY_SIZE(instr));
564 
565 	printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
566 }
567 
patch_btb_flush_section(long * curr)568 static void __init patch_btb_flush_section(long *curr)
569 {
570 	unsigned int *start, *end;
571 
572 	start = (void *)curr + *curr;
573 	end = (void *)curr + *(curr + 1);
574 	for (; start < end; start++) {
575 		pr_devel("patching dest %lx\n", (unsigned long)start);
576 		patch_instruction(start, ppc_inst(PPC_RAW_NOP()));
577 	}
578 }
579 
do_btb_flush_fixups(void)580 void __init do_btb_flush_fixups(void)
581 {
582 	long *start, *end;
583 
584 	start = PTRRELOC(&__start__btb_flush_fixup);
585 	end = PTRRELOC(&__stop__btb_flush_fixup);
586 
587 	for (; start < end; start += 2)
588 		patch_btb_flush_section(start);
589 }
590 #endif /* CONFIG_PPC_E500 */
591 
do_lwsync_fixups(unsigned long value,void * fixup_start,void * fixup_end)592 void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
593 {
594 	long *start, *end;
595 	u32 *dest;
596 
597 	if (!(value & CPU_FTR_LWSYNC))
598 		return ;
599 
600 	start = fixup_start;
601 	end = fixup_end;
602 
603 	for (; start < end; start++) {
604 		dest = (void *)start + *start;
605 		raw_patch_instruction(dest, ppc_inst(PPC_INST_LWSYNC));
606 	}
607 }
608 
do_final_fixups(void)609 static void __init do_final_fixups(void)
610 {
611 #if defined(CONFIG_PPC64) && defined(CONFIG_RELOCATABLE)
612 	ppc_inst_t inst;
613 	u32 *src, *dest, *end;
614 
615 	if (PHYSICAL_START == 0)
616 		return;
617 
618 	src = (u32 *)(KERNELBASE + PHYSICAL_START);
619 	dest = (u32 *)KERNELBASE;
620 	end = (void *)src + (__end_interrupts - _stext);
621 
622 	while (src < end) {
623 		inst = ppc_inst_read(src);
624 		raw_patch_instruction(dest, inst);
625 		src = ppc_inst_next(src, src);
626 		dest = ppc_inst_next(dest, dest);
627 	}
628 #endif
629 }
630 
631 static unsigned long __initdata saved_cpu_features;
632 static unsigned int __initdata saved_mmu_features;
633 #ifdef CONFIG_PPC64
634 static unsigned long __initdata saved_firmware_features;
635 #endif
636 
apply_feature_fixups(void)637 void __init apply_feature_fixups(void)
638 {
639 	struct cpu_spec *spec = PTRRELOC(*PTRRELOC(&cur_cpu_spec));
640 
641 	*PTRRELOC(&saved_cpu_features) = spec->cpu_features;
642 	*PTRRELOC(&saved_mmu_features) = spec->mmu_features;
643 
644 	/*
645 	 * Apply the CPU-specific and firmware specific fixups to kernel text
646 	 * (nop out sections not relevant to this CPU or this firmware).
647 	 */
648 	do_feature_fixups(spec->cpu_features,
649 			  PTRRELOC(&__start___ftr_fixup),
650 			  PTRRELOC(&__stop___ftr_fixup));
651 
652 	do_feature_fixups(spec->mmu_features,
653 			  PTRRELOC(&__start___mmu_ftr_fixup),
654 			  PTRRELOC(&__stop___mmu_ftr_fixup));
655 
656 	do_lwsync_fixups(spec->cpu_features,
657 			 PTRRELOC(&__start___lwsync_fixup),
658 			 PTRRELOC(&__stop___lwsync_fixup));
659 
660 #ifdef CONFIG_PPC64
661 	saved_firmware_features = powerpc_firmware_features;
662 	do_feature_fixups(powerpc_firmware_features,
663 			  &__start___fw_ftr_fixup, &__stop___fw_ftr_fixup);
664 #endif
665 	do_final_fixups();
666 }
667 
update_mmu_feature_fixups(unsigned long mask)668 void __init update_mmu_feature_fixups(unsigned long mask)
669 {
670 	saved_mmu_features &= ~mask;
671 	saved_mmu_features |= cur_cpu_spec->mmu_features & mask;
672 
673 	do_feature_fixups_mask(cur_cpu_spec->mmu_features, mask,
674 			       PTRRELOC(&__start___mmu_ftr_fixup),
675 			       PTRRELOC(&__stop___mmu_ftr_fixup));
676 	mmu_feature_keys_init();
677 }
678 
setup_feature_keys(void)679 void __init setup_feature_keys(void)
680 {
681 	/*
682 	 * Initialise jump label. This causes all the cpu/mmu_has_feature()
683 	 * checks to take on their correct polarity based on the current set of
684 	 * CPU/MMU features.
685 	 */
686 	jump_label_init();
687 	cpu_feature_keys_init();
688 	mmu_feature_keys_init();
689 	static_key_feature_checks_initialized = true;
690 }
691 
check_features(void)692 static int __init check_features(void)
693 {
694 	WARN(saved_cpu_features != cur_cpu_spec->cpu_features,
695 	     "CPU features changed after feature patching!\n");
696 	WARN(saved_mmu_features != cur_cpu_spec->mmu_features,
697 	     "MMU features changed after feature patching!\n");
698 #ifdef CONFIG_PPC64
699 	WARN(saved_firmware_features != powerpc_firmware_features,
700 	     "Firmware features changed after feature patching!\n");
701 #endif
702 
703 	return 0;
704 }
705 late_initcall(check_features);
706 
707 #ifdef CONFIG_FTR_FIXUP_SELFTEST
708 
709 #define check(x)	\
710 	if (!(x)) printk("feature-fixups: test failed at line %d\n", __LINE__);
711 
patch_feature_section(unsigned long value,struct fixup_entry * fcur)712 static int patch_feature_section(unsigned long value, struct fixup_entry *fcur)
713 {
714 	return patch_feature_section_mask(value, ~0, fcur);
715 }
716 
717 /* This must be after the text it fixes up, vmlinux.lds.S enforces that atm */
718 static struct fixup_entry fixup;
719 
calc_offset(struct fixup_entry * entry,unsigned int * p)720 static long __init calc_offset(struct fixup_entry *entry, unsigned int *p)
721 {
722 	return (unsigned long)p - (unsigned long)entry;
723 }
724 
test_basic_patching(void)725 static void __init test_basic_patching(void)
726 {
727 	extern unsigned int ftr_fixup_test1[];
728 	extern unsigned int end_ftr_fixup_test1[];
729 	extern unsigned int ftr_fixup_test1_orig[];
730 	extern unsigned int ftr_fixup_test1_expected[];
731 	int size = 4 * (end_ftr_fixup_test1 - ftr_fixup_test1);
732 
733 	fixup.value = fixup.mask = 8;
734 	fixup.start_off = calc_offset(&fixup, ftr_fixup_test1 + 1);
735 	fixup.end_off = calc_offset(&fixup, ftr_fixup_test1 + 2);
736 	fixup.alt_start_off = fixup.alt_end_off = 0;
737 
738 	/* Sanity check */
739 	check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
740 
741 	/* Check we don't patch if the value matches */
742 	patch_feature_section(8, &fixup);
743 	check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
744 
745 	/* Check we do patch if the value doesn't match */
746 	patch_feature_section(0, &fixup);
747 	check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
748 
749 	/* Check we do patch if the mask doesn't match */
750 	memcpy(ftr_fixup_test1, ftr_fixup_test1_orig, size);
751 	check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
752 	patch_feature_section(~8, &fixup);
753 	check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
754 }
755 
test_alternative_patching(void)756 static void __init test_alternative_patching(void)
757 {
758 	extern unsigned int ftr_fixup_test2[];
759 	extern unsigned int end_ftr_fixup_test2[];
760 	extern unsigned int ftr_fixup_test2_orig[];
761 	extern unsigned int ftr_fixup_test2_alt[];
762 	extern unsigned int ftr_fixup_test2_expected[];
763 	int size = 4 * (end_ftr_fixup_test2 - ftr_fixup_test2);
764 
765 	fixup.value = fixup.mask = 0xF;
766 	fixup.start_off = calc_offset(&fixup, ftr_fixup_test2 + 1);
767 	fixup.end_off = calc_offset(&fixup, ftr_fixup_test2 + 2);
768 	fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test2_alt);
769 	fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test2_alt + 1);
770 
771 	/* Sanity check */
772 	check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
773 
774 	/* Check we don't patch if the value matches */
775 	patch_feature_section(0xF, &fixup);
776 	check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
777 
778 	/* Check we do patch if the value doesn't match */
779 	patch_feature_section(0, &fixup);
780 	check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
781 
782 	/* Check we do patch if the mask doesn't match */
783 	memcpy(ftr_fixup_test2, ftr_fixup_test2_orig, size);
784 	check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
785 	patch_feature_section(~0xF, &fixup);
786 	check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
787 }
788 
test_alternative_case_too_big(void)789 static void __init test_alternative_case_too_big(void)
790 {
791 	extern unsigned int ftr_fixup_test3[];
792 	extern unsigned int end_ftr_fixup_test3[];
793 	extern unsigned int ftr_fixup_test3_orig[];
794 	extern unsigned int ftr_fixup_test3_alt[];
795 	int size = 4 * (end_ftr_fixup_test3 - ftr_fixup_test3);
796 
797 	fixup.value = fixup.mask = 0xC;
798 	fixup.start_off = calc_offset(&fixup, ftr_fixup_test3 + 1);
799 	fixup.end_off = calc_offset(&fixup, ftr_fixup_test3 + 2);
800 	fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test3_alt);
801 	fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test3_alt + 2);
802 
803 	/* Sanity check */
804 	check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
805 
806 	/* Expect nothing to be patched, and the error returned to us */
807 	check(patch_feature_section(0xF, &fixup) == 1);
808 	check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
809 	check(patch_feature_section(0, &fixup) == 1);
810 	check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
811 	check(patch_feature_section(~0xF, &fixup) == 1);
812 	check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
813 }
814 
test_alternative_case_too_small(void)815 static void __init test_alternative_case_too_small(void)
816 {
817 	extern unsigned int ftr_fixup_test4[];
818 	extern unsigned int end_ftr_fixup_test4[];
819 	extern unsigned int ftr_fixup_test4_orig[];
820 	extern unsigned int ftr_fixup_test4_alt[];
821 	extern unsigned int ftr_fixup_test4_expected[];
822 	int size = 4 * (end_ftr_fixup_test4 - ftr_fixup_test4);
823 	unsigned long flag;
824 
825 	/* Check a high-bit flag */
826 	flag = 1UL << ((sizeof(unsigned long) - 1) * 8);
827 	fixup.value = fixup.mask = flag;
828 	fixup.start_off = calc_offset(&fixup, ftr_fixup_test4 + 1);
829 	fixup.end_off = calc_offset(&fixup, ftr_fixup_test4 + 5);
830 	fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test4_alt);
831 	fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test4_alt + 2);
832 
833 	/* Sanity check */
834 	check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
835 
836 	/* Check we don't patch if the value matches */
837 	patch_feature_section(flag, &fixup);
838 	check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
839 
840 	/* Check we do patch if the value doesn't match */
841 	patch_feature_section(0, &fixup);
842 	check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
843 
844 	/* Check we do patch if the mask doesn't match */
845 	memcpy(ftr_fixup_test4, ftr_fixup_test4_orig, size);
846 	check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
847 	patch_feature_section(~flag, &fixup);
848 	check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
849 }
850 
test_alternative_case_with_branch(void)851 static void test_alternative_case_with_branch(void)
852 {
853 	extern unsigned int ftr_fixup_test5[];
854 	extern unsigned int end_ftr_fixup_test5[];
855 	extern unsigned int ftr_fixup_test5_expected[];
856 	int size = 4 * (end_ftr_fixup_test5 - ftr_fixup_test5);
857 
858 	check(memcmp(ftr_fixup_test5, ftr_fixup_test5_expected, size) == 0);
859 }
860 
test_alternative_case_with_external_branch(void)861 static void __init test_alternative_case_with_external_branch(void)
862 {
863 	extern unsigned int ftr_fixup_test6[];
864 	extern unsigned int end_ftr_fixup_test6[];
865 	extern unsigned int ftr_fixup_test6_expected[];
866 	int size = 4 * (end_ftr_fixup_test6 - ftr_fixup_test6);
867 
868 	check(memcmp(ftr_fixup_test6, ftr_fixup_test6_expected, size) == 0);
869 }
870 
test_alternative_case_with_branch_to_end(void)871 static void __init test_alternative_case_with_branch_to_end(void)
872 {
873 	extern unsigned int ftr_fixup_test7[];
874 	extern unsigned int end_ftr_fixup_test7[];
875 	extern unsigned int ftr_fixup_test7_expected[];
876 	int size = 4 * (end_ftr_fixup_test7 - ftr_fixup_test7);
877 
878 	check(memcmp(ftr_fixup_test7, ftr_fixup_test7_expected, size) == 0);
879 }
880 
test_cpu_macros(void)881 static void __init test_cpu_macros(void)
882 {
883 	extern u8 ftr_fixup_test_FTR_macros[];
884 	extern u8 ftr_fixup_test_FTR_macros_expected[];
885 	unsigned long size = ftr_fixup_test_FTR_macros_expected -
886 			     ftr_fixup_test_FTR_macros;
887 
888 	/* The fixups have already been done for us during boot */
889 	check(memcmp(ftr_fixup_test_FTR_macros,
890 		     ftr_fixup_test_FTR_macros_expected, size) == 0);
891 }
892 
test_fw_macros(void)893 static void __init test_fw_macros(void)
894 {
895 #ifdef CONFIG_PPC64
896 	extern u8 ftr_fixup_test_FW_FTR_macros[];
897 	extern u8 ftr_fixup_test_FW_FTR_macros_expected[];
898 	unsigned long size = ftr_fixup_test_FW_FTR_macros_expected -
899 			     ftr_fixup_test_FW_FTR_macros;
900 
901 	/* The fixups have already been done for us during boot */
902 	check(memcmp(ftr_fixup_test_FW_FTR_macros,
903 		     ftr_fixup_test_FW_FTR_macros_expected, size) == 0);
904 #endif
905 }
906 
test_lwsync_macros(void)907 static void __init test_lwsync_macros(void)
908 {
909 	extern u8 lwsync_fixup_test[];
910 	extern u8 end_lwsync_fixup_test[];
911 	extern u8 lwsync_fixup_test_expected_LWSYNC[];
912 	extern u8 lwsync_fixup_test_expected_SYNC[];
913 	unsigned long size = end_lwsync_fixup_test -
914 			     lwsync_fixup_test;
915 
916 	/* The fixups have already been done for us during boot */
917 	if (cur_cpu_spec->cpu_features & CPU_FTR_LWSYNC) {
918 		check(memcmp(lwsync_fixup_test,
919 			     lwsync_fixup_test_expected_LWSYNC, size) == 0);
920 	} else {
921 		check(memcmp(lwsync_fixup_test,
922 			     lwsync_fixup_test_expected_SYNC, size) == 0);
923 	}
924 }
925 
926 #ifdef CONFIG_PPC64
test_prefix_patching(void)927 static void __init test_prefix_patching(void)
928 {
929 	extern unsigned int ftr_fixup_prefix1[];
930 	extern unsigned int end_ftr_fixup_prefix1[];
931 	extern unsigned int ftr_fixup_prefix1_orig[];
932 	extern unsigned int ftr_fixup_prefix1_expected[];
933 	int size = sizeof(unsigned int) * (end_ftr_fixup_prefix1 - ftr_fixup_prefix1);
934 
935 	fixup.value = fixup.mask = 8;
936 	fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix1 + 1);
937 	fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix1 + 3);
938 	fixup.alt_start_off = fixup.alt_end_off = 0;
939 
940 	/* Sanity check */
941 	check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) == 0);
942 
943 	patch_feature_section(0, &fixup);
944 	check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_expected, size) == 0);
945 	check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) != 0);
946 }
947 
test_prefix_alt_patching(void)948 static void __init test_prefix_alt_patching(void)
949 {
950 	extern unsigned int ftr_fixup_prefix2[];
951 	extern unsigned int end_ftr_fixup_prefix2[];
952 	extern unsigned int ftr_fixup_prefix2_orig[];
953 	extern unsigned int ftr_fixup_prefix2_expected[];
954 	extern unsigned int ftr_fixup_prefix2_alt[];
955 	int size = sizeof(unsigned int) * (end_ftr_fixup_prefix2 - ftr_fixup_prefix2);
956 
957 	fixup.value = fixup.mask = 8;
958 	fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix2 + 1);
959 	fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix2 + 3);
960 	fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix2_alt);
961 	fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix2_alt + 2);
962 	/* Sanity check */
963 	check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) == 0);
964 
965 	patch_feature_section(0, &fixup);
966 	check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_expected, size) == 0);
967 	check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) != 0);
968 }
969 
test_prefix_word_alt_patching(void)970 static void __init test_prefix_word_alt_patching(void)
971 {
972 	extern unsigned int ftr_fixup_prefix3[];
973 	extern unsigned int end_ftr_fixup_prefix3[];
974 	extern unsigned int ftr_fixup_prefix3_orig[];
975 	extern unsigned int ftr_fixup_prefix3_expected[];
976 	extern unsigned int ftr_fixup_prefix3_alt[];
977 	int size = sizeof(unsigned int) * (end_ftr_fixup_prefix3 - ftr_fixup_prefix3);
978 
979 	fixup.value = fixup.mask = 8;
980 	fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix3 + 1);
981 	fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix3 + 4);
982 	fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix3_alt);
983 	fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix3_alt + 3);
984 	/* Sanity check */
985 	check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) == 0);
986 
987 	patch_feature_section(0, &fixup);
988 	check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_expected, size) == 0);
989 	patch_feature_section(0, &fixup);
990 	check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) != 0);
991 }
992 #else
test_prefix_patching(void)993 static inline void test_prefix_patching(void) {}
test_prefix_alt_patching(void)994 static inline void test_prefix_alt_patching(void) {}
test_prefix_word_alt_patching(void)995 static inline void test_prefix_word_alt_patching(void) {}
996 #endif /* CONFIG_PPC64 */
997 
test_feature_fixups(void)998 static int __init test_feature_fixups(void)
999 {
1000 	printk(KERN_DEBUG "Running feature fixup self-tests ...\n");
1001 
1002 	test_basic_patching();
1003 	test_alternative_patching();
1004 	test_alternative_case_too_big();
1005 	test_alternative_case_too_small();
1006 	test_alternative_case_with_branch();
1007 	test_alternative_case_with_external_branch();
1008 	test_alternative_case_with_branch_to_end();
1009 	test_cpu_macros();
1010 	test_fw_macros();
1011 	test_lwsync_macros();
1012 	test_prefix_patching();
1013 	test_prefix_alt_patching();
1014 	test_prefix_word_alt_patching();
1015 
1016 	return 0;
1017 }
1018 late_initcall(test_feature_fixups);
1019 
1020 #endif /* CONFIG_FTR_FIXUP_SELFTEST */
1021