Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2001 Ben. Herrenschmidt (benh@kernel.crashing.org)
4 *
5 * Modifications for ppc64:
6 * Copyright (C) 2003 Dave Engebretsen <engebret@us.ibm.com>
7 *
8 * Copyright 2008 Michael Ellerman, IBM Corporation.
9 */
10
11#include <linux/types.h>
12#include <linux/jump_label.h>
13#include <linux/kernel.h>
14#include <linux/string.h>
15#include <linux/init.h>
16#include <linux/sched/mm.h>
17#include <linux/stop_machine.h>
18#include <asm/cputable.h>
19#include <asm/code-patching.h>
20#include <asm/interrupt.h>
21#include <asm/page.h>
22#include <asm/sections.h>
23#include <asm/setup.h>
24#include <asm/security_features.h>
25#include <asm/firmware.h>
26#include <asm/inst.h>
27
28struct fixup_entry {
29 unsigned long mask;
30 unsigned long value;
31 long start_off;
32 long end_off;
33 long alt_start_off;
34 long alt_end_off;
35};
36
37static u32 *calc_addr(struct fixup_entry *fcur, long offset)
38{
39 /*
40 * We store the offset to the code as a negative offset from
41 * the start of the alt_entry, to support the VDSO. This
42 * routine converts that back into an actual address.
43 */
44 return (u32 *)((unsigned long)fcur + offset);
45}
46
47static int patch_alt_instruction(u32 *src, u32 *dest, u32 *alt_start, u32 *alt_end)
48{
49 int err;
50 ppc_inst_t instr;
51
52 instr = ppc_inst_read(src);
53
54 if (instr_is_relative_branch(ppc_inst_read(src))) {
55 u32 *target = (u32 *)branch_target(src);
56
57 /* Branch within the section doesn't need translating */
58 if (target < alt_start || target > alt_end) {
59 err = translate_branch(&instr, dest, src);
60 if (err)
61 return 1;
62 }
63 }
64
65 raw_patch_instruction(dest, instr);
66
67 return 0;
68}
69
70static int patch_feature_section_mask(unsigned long value, unsigned long mask,
71 struct fixup_entry *fcur)
72{
73 u32 *start, *end, *alt_start, *alt_end, *src, *dest;
74
75 start = calc_addr(fcur, fcur->start_off);
76 end = calc_addr(fcur, fcur->end_off);
77 alt_start = calc_addr(fcur, fcur->alt_start_off);
78 alt_end = calc_addr(fcur, fcur->alt_end_off);
79
80 if ((alt_end - alt_start) > (end - start))
81 return 1;
82
83 if ((value & fcur->mask & mask) == (fcur->value & mask))
84 return 0;
85
86 src = alt_start;
87 dest = start;
88
89 for (; src < alt_end; src = ppc_inst_next(src, src),
90 dest = ppc_inst_next(dest, dest)) {
91 if (patch_alt_instruction(src, dest, alt_start, alt_end))
92 return 1;
93 }
94
95 for (; dest < end; dest++)
96 raw_patch_instruction(dest, ppc_inst(PPC_RAW_NOP()));
97
98 return 0;
99}
100
101static void do_feature_fixups_mask(unsigned long value, unsigned long mask,
102 void *fixup_start, void *fixup_end)
103{
104 struct fixup_entry *fcur, *fend;
105
106 fcur = fixup_start;
107 fend = fixup_end;
108
109 for (; fcur < fend; fcur++) {
110 if (patch_feature_section_mask(value, mask, fcur)) {
111 WARN_ON(1);
112 printk("Unable to patch feature section at %p - %p" \
113 " with %p - %p\n",
114 calc_addr(fcur, fcur->start_off),
115 calc_addr(fcur, fcur->end_off),
116 calc_addr(fcur, fcur->alt_start_off),
117 calc_addr(fcur, fcur->alt_end_off));
118 }
119 }
120}
121
122void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end)
123{
124 do_feature_fixups_mask(value, ~0, fixup_start, fixup_end);
125}
126
127#ifdef CONFIG_PPC_BARRIER_NOSPEC
128static bool is_fixup_addr_valid(void *dest, size_t size)
129{
130 return system_state < SYSTEM_FREEING_INITMEM ||
131 !init_section_contains(dest, size);
132}
133
134static int do_patch_fixups(long *start, long *end, unsigned int *instrs, int num)
135{
136 int i;
137
138 for (i = 0; start < end; start++, i++) {
139 int j;
140 unsigned int *dest = (void *)start + *start;
141
142 if (!is_fixup_addr_valid(dest, sizeof(*instrs) * num))
143 continue;
144
145 pr_devel("patching dest %lx\n", (unsigned long)dest);
146
147 for (j = 0; j < num; j++)
148 patch_instruction(dest + j, ppc_inst(instrs[j]));
149 }
150 return i;
151}
152#endif
153
154#ifdef CONFIG_PPC_BOOK3S_64
155static int do_patch_entry_fixups(long *start, long *end, unsigned int *instrs,
156 bool do_fallback, void *fallback)
157{
158 int i;
159
160 for (i = 0; start < end; start++, i++) {
161 unsigned int *dest = (void *)start + *start;
162
163 if (!is_fixup_addr_valid(dest, sizeof(*instrs) * 3))
164 continue;
165
166 pr_devel("patching dest %lx\n", (unsigned long)dest);
167
168 // See comment in do_entry_flush_fixups() RE order of patching
169 if (do_fallback) {
170 patch_instruction(dest, ppc_inst(instrs[0]));
171 patch_instruction(dest + 2, ppc_inst(instrs[2]));
172 patch_branch(dest + 1, (unsigned long)fallback, BRANCH_SET_LINK);
173 } else {
174 patch_instruction(dest + 1, ppc_inst(instrs[1]));
175 patch_instruction(dest + 2, ppc_inst(instrs[2]));
176 patch_instruction(dest, ppc_inst(instrs[0]));
177 }
178 }
179 return i;
180}
181
182static void do_stf_entry_barrier_fixups(enum stf_barrier_type types)
183{
184 unsigned int instrs[3];
185 long *start, *end;
186 int i;
187
188 start = PTRRELOC(&__start___stf_entry_barrier_fixup);
189 end = PTRRELOC(&__stop___stf_entry_barrier_fixup);
190
191 instrs[0] = PPC_RAW_NOP();
192 instrs[1] = PPC_RAW_NOP();
193 instrs[2] = PPC_RAW_NOP();
194
195 i = 0;
196 if (types & STF_BARRIER_FALLBACK) {
197 instrs[i++] = PPC_RAW_MFLR(_R10);
198 instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
199 instrs[i++] = PPC_RAW_MTLR(_R10);
200 } else if (types & STF_BARRIER_EIEIO) {
201 instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
202 } else if (types & STF_BARRIER_SYNC_ORI) {
203 instrs[i++] = PPC_RAW_SYNC();
204 instrs[i++] = PPC_RAW_LD(_R10, _R13, 0);
205 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
206 }
207
208 i = do_patch_entry_fixups(start, end, instrs, types & STF_BARRIER_FALLBACK,
209 &stf_barrier_fallback);
210
211 printk(KERN_DEBUG "stf-barrier: patched %d entry locations (%s barrier)\n", i,
212 (types == STF_BARRIER_NONE) ? "no" :
213 (types == STF_BARRIER_FALLBACK) ? "fallback" :
214 (types == STF_BARRIER_EIEIO) ? "eieio" :
215 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
216 : "unknown");
217}
218
219static void do_stf_exit_barrier_fixups(enum stf_barrier_type types)
220{
221 unsigned int instrs[6];
222 long *start, *end;
223 int i;
224
225 start = PTRRELOC(&__start___stf_exit_barrier_fixup);
226 end = PTRRELOC(&__stop___stf_exit_barrier_fixup);
227
228 instrs[0] = PPC_RAW_NOP();
229 instrs[1] = PPC_RAW_NOP();
230 instrs[2] = PPC_RAW_NOP();
231 instrs[3] = PPC_RAW_NOP();
232 instrs[4] = PPC_RAW_NOP();
233 instrs[5] = PPC_RAW_NOP();
234
235 i = 0;
236 if (types & STF_BARRIER_FALLBACK || types & STF_BARRIER_SYNC_ORI) {
237 if (cpu_has_feature(CPU_FTR_HVMODE)) {
238 instrs[i++] = PPC_RAW_MTSPR(SPRN_HSPRG1, _R13);
239 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG0);
240 } else {
241 instrs[i++] = PPC_RAW_MTSPR(SPRN_SPRG2, _R13);
242 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG1);
243 }
244 instrs[i++] = PPC_RAW_SYNC();
245 instrs[i++] = PPC_RAW_LD(_R13, _R13, 0);
246 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
247 if (cpu_has_feature(CPU_FTR_HVMODE))
248 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG1);
249 else
250 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG2);
251 } else if (types & STF_BARRIER_EIEIO) {
252 instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
253 }
254
255 i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
256
257 printk(KERN_DEBUG "stf-barrier: patched %d exit locations (%s barrier)\n", i,
258 (types == STF_BARRIER_NONE) ? "no" :
259 (types == STF_BARRIER_FALLBACK) ? "fallback" :
260 (types == STF_BARRIER_EIEIO) ? "eieio" :
261 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
262 : "unknown");
263}
264
265static bool stf_exit_reentrant = false;
266static bool rfi_exit_reentrant = false;
267static DEFINE_MUTEX(exit_flush_lock);
268
269static int __do_stf_barrier_fixups(void *data)
270{
271 enum stf_barrier_type *types = data;
272
273 do_stf_entry_barrier_fixups(*types);
274 do_stf_exit_barrier_fixups(*types);
275
276 return 0;
277}
278
279void do_stf_barrier_fixups(enum stf_barrier_type types)
280{
281 /*
282 * The call to the fallback entry flush, and the fallback/sync-ori exit
283 * flush can not be safely patched in/out while other CPUs are
284 * executing them. So call __do_stf_barrier_fixups() on one CPU while
285 * all other CPUs spin in the stop machine core with interrupts hard
286 * disabled.
287 *
288 * The branch to mark interrupt exits non-reentrant is enabled first,
289 * then stop_machine runs which will ensure all CPUs are out of the
290 * low level interrupt exit code before patching. After the patching,
291 * if allowed, then flip the branch to allow fast exits.
292 */
293
294 // Prevent static key update races with do_rfi_flush_fixups()
295 mutex_lock(&exit_flush_lock);
296 static_branch_enable(&interrupt_exit_not_reentrant);
297
298 stop_machine(__do_stf_barrier_fixups, &types, NULL);
299
300 if ((types & STF_BARRIER_FALLBACK) || (types & STF_BARRIER_SYNC_ORI))
301 stf_exit_reentrant = false;
302 else
303 stf_exit_reentrant = true;
304
305 if (stf_exit_reentrant && rfi_exit_reentrant)
306 static_branch_disable(&interrupt_exit_not_reentrant);
307
308 mutex_unlock(&exit_flush_lock);
309}
310
311void do_uaccess_flush_fixups(enum l1d_flush_type types)
312{
313 unsigned int instrs[4];
314 long *start, *end;
315 int i;
316
317 start = PTRRELOC(&__start___uaccess_flush_fixup);
318 end = PTRRELOC(&__stop___uaccess_flush_fixup);
319
320 instrs[0] = PPC_RAW_NOP();
321 instrs[1] = PPC_RAW_NOP();
322 instrs[2] = PPC_RAW_NOP();
323 instrs[3] = PPC_RAW_BLR();
324
325 i = 0;
326 if (types == L1D_FLUSH_FALLBACK) {
327 instrs[3] = PPC_RAW_NOP();
328 /* fallthrough to fallback flush */
329 }
330
331 if (types & L1D_FLUSH_ORI) {
332 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
333 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
334 }
335
336 if (types & L1D_FLUSH_MTTRIG)
337 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
338
339 i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
340
341 printk(KERN_DEBUG "uaccess-flush: patched %d locations (%s flush)\n", i,
342 (types == L1D_FLUSH_NONE) ? "no" :
343 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
344 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
345 ? "ori+mttrig type"
346 : "ori type" :
347 (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
348 : "unknown");
349}
350
351static int __do_entry_flush_fixups(void *data)
352{
353 enum l1d_flush_type types = *(enum l1d_flush_type *)data;
354 unsigned int instrs[3];
355 long *start, *end;
356 int i;
357
358 instrs[0] = PPC_RAW_NOP();
359 instrs[1] = PPC_RAW_NOP();
360 instrs[2] = PPC_RAW_NOP();
361
362 i = 0;
363 if (types == L1D_FLUSH_FALLBACK) {
364 instrs[i++] = PPC_RAW_MFLR(_R10);
365 instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
366 instrs[i++] = PPC_RAW_MTLR(_R10);
367 }
368
369 if (types & L1D_FLUSH_ORI) {
370 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
371 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
372 }
373
374 if (types & L1D_FLUSH_MTTRIG)
375 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
376
377 /*
378 * If we're patching in or out the fallback flush we need to be careful about the
379 * order in which we patch instructions. That's because it's possible we could
380 * take a page fault after patching one instruction, so the sequence of
381 * instructions must be safe even in a half patched state.
382 *
383 * To make that work, when patching in the fallback flush we patch in this order:
384 * - the mflr (dest)
385 * - the mtlr (dest + 2)
386 * - the branch (dest + 1)
387 *
388 * That ensures the sequence is safe to execute at any point. In contrast if we
389 * patch the mtlr last, it's possible we could return from the branch and not
390 * restore LR, leading to a crash later.
391 *
392 * When patching out the fallback flush (either with nops or another flush type),
393 * we patch in this order:
394 * - the branch (dest + 1)
395 * - the mtlr (dest + 2)
396 * - the mflr (dest)
397 *
398 * Note we are protected by stop_machine() from other CPUs executing the code in a
399 * semi-patched state.
400 */
401
402 start = PTRRELOC(&__start___entry_flush_fixup);
403 end = PTRRELOC(&__stop___entry_flush_fixup);
404 i = do_patch_entry_fixups(start, end, instrs, types == L1D_FLUSH_FALLBACK,
405 &entry_flush_fallback);
406
407 start = PTRRELOC(&__start___scv_entry_flush_fixup);
408 end = PTRRELOC(&__stop___scv_entry_flush_fixup);
409 i += do_patch_entry_fixups(start, end, instrs, types == L1D_FLUSH_FALLBACK,
410 &scv_entry_flush_fallback);
411
412 printk(KERN_DEBUG "entry-flush: patched %d locations (%s flush)\n", i,
413 (types == L1D_FLUSH_NONE) ? "no" :
414 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
415 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
416 ? "ori+mttrig type"
417 : "ori type" :
418 (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
419 : "unknown");
420
421 return 0;
422}
423
424void do_entry_flush_fixups(enum l1d_flush_type types)
425{
426 /*
427 * The call to the fallback flush can not be safely patched in/out while
428 * other CPUs are executing it. So call __do_entry_flush_fixups() on one
429 * CPU while all other CPUs spin in the stop machine core with interrupts
430 * hard disabled.
431 */
432 stop_machine(__do_entry_flush_fixups, &types, NULL);
433}
434
435static int __do_rfi_flush_fixups(void *data)
436{
437 enum l1d_flush_type types = *(enum l1d_flush_type *)data;
438 unsigned int instrs[3];
439 long *start, *end;
440 int i;
441
442 start = PTRRELOC(&__start___rfi_flush_fixup);
443 end = PTRRELOC(&__stop___rfi_flush_fixup);
444
445 instrs[0] = PPC_RAW_NOP();
446 instrs[1] = PPC_RAW_NOP();
447 instrs[2] = PPC_RAW_NOP();
448
449 if (types & L1D_FLUSH_FALLBACK)
450 /* b .+16 to fallback flush */
451 instrs[0] = PPC_RAW_BRANCH(16);
452
453 i = 0;
454 if (types & L1D_FLUSH_ORI) {
455 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
456 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
457 }
458
459 if (types & L1D_FLUSH_MTTRIG)
460 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
461
462 i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
463
464 printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
465 (types == L1D_FLUSH_NONE) ? "no" :
466 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
467 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
468 ? "ori+mttrig type"
469 : "ori type" :
470 (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
471 : "unknown");
472
473 return 0;
474}
475
476void do_rfi_flush_fixups(enum l1d_flush_type types)
477{
478 /*
479 * stop_machine gets all CPUs out of the interrupt exit handler same
480 * as do_stf_barrier_fixups. do_rfi_flush_fixups patching can run
481 * without stop_machine, so this could be achieved with a broadcast
482 * IPI instead, but this matches the stf sequence.
483 */
484
485 // Prevent static key update races with do_stf_barrier_fixups()
486 mutex_lock(&exit_flush_lock);
487 static_branch_enable(&interrupt_exit_not_reentrant);
488
489 stop_machine(__do_rfi_flush_fixups, &types, NULL);
490
491 if (types & L1D_FLUSH_FALLBACK)
492 rfi_exit_reentrant = false;
493 else
494 rfi_exit_reentrant = true;
495
496 if (stf_exit_reentrant && rfi_exit_reentrant)
497 static_branch_disable(&interrupt_exit_not_reentrant);
498
499 mutex_unlock(&exit_flush_lock);
500}
501
502void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
503{
504 unsigned int instr;
505 long *start, *end;
506 int i;
507
508 start = fixup_start;
509 end = fixup_end;
510
511 instr = PPC_RAW_NOP();
512
513 if (enable) {
514 pr_info("barrier-nospec: using ORI speculation barrier\n");
515 instr = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
516 }
517
518 i = do_patch_fixups(start, end, &instr, 1);
519
520 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
521}
522
523#endif /* CONFIG_PPC_BOOK3S_64 */
524
525#ifdef CONFIG_PPC_BARRIER_NOSPEC
526void do_barrier_nospec_fixups(bool enable)
527{
528 void *start, *end;
529
530 start = PTRRELOC(&__start___barrier_nospec_fixup);
531 end = PTRRELOC(&__stop___barrier_nospec_fixup);
532
533 do_barrier_nospec_fixups_range(enable, start, end);
534}
535#endif /* CONFIG_PPC_BARRIER_NOSPEC */
536
537#ifdef CONFIG_PPC_E500
538void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
539{
540 unsigned int instr[2];
541 long *start, *end;
542 int i;
543
544 start = fixup_start;
545 end = fixup_end;
546
547 instr[0] = PPC_RAW_NOP();
548 instr[1] = PPC_RAW_NOP();
549
550 if (enable) {
551 pr_info("barrier-nospec: using isync; sync as speculation barrier\n");
552 instr[0] = PPC_RAW_ISYNC();
553 instr[1] = PPC_RAW_SYNC();
554 }
555
556 i = do_patch_fixups(start, end, instr, ARRAY_SIZE(instr));
557
558 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
559}
560
561static void __init patch_btb_flush_section(long *curr)
562{
563 unsigned int *start, *end;
564
565 start = (void *)curr + *curr;
566 end = (void *)curr + *(curr + 1);
567 for (; start < end; start++) {
568 pr_devel("patching dest %lx\n", (unsigned long)start);
569 patch_instruction(start, ppc_inst(PPC_RAW_NOP()));
570 }
571}
572
573void __init do_btb_flush_fixups(void)
574{
575 long *start, *end;
576
577 start = PTRRELOC(&__start__btb_flush_fixup);
578 end = PTRRELOC(&__stop__btb_flush_fixup);
579
580 for (; start < end; start += 2)
581 patch_btb_flush_section(start);
582}
583#endif /* CONFIG_PPC_E500 */
584
585void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
586{
587 long *start, *end;
588 u32 *dest;
589
590 if (!(value & CPU_FTR_LWSYNC))
591 return ;
592
593 start = fixup_start;
594 end = fixup_end;
595
596 for (; start < end; start++) {
597 dest = (void *)start + *start;
598 raw_patch_instruction(dest, ppc_inst(PPC_INST_LWSYNC));
599 }
600}
601
602static void __init do_final_fixups(void)
603{
604#if defined(CONFIG_PPC64) && defined(CONFIG_RELOCATABLE)
605 ppc_inst_t inst;
606 u32 *src, *dest, *end;
607
608 if (PHYSICAL_START == 0)
609 return;
610
611 src = (u32 *)(KERNELBASE + PHYSICAL_START);
612 dest = (u32 *)KERNELBASE;
613 end = (void *)src + (__end_interrupts - _stext);
614
615 while (src < end) {
616 inst = ppc_inst_read(src);
617 raw_patch_instruction(dest, inst);
618 src = ppc_inst_next(src, src);
619 dest = ppc_inst_next(dest, dest);
620 }
621#endif
622}
623
624static unsigned long __initdata saved_cpu_features;
625static unsigned int __initdata saved_mmu_features;
626#ifdef CONFIG_PPC64
627static unsigned long __initdata saved_firmware_features;
628#endif
629
630void __init apply_feature_fixups(void)
631{
632 struct cpu_spec *spec = PTRRELOC(*PTRRELOC(&cur_cpu_spec));
633
634 *PTRRELOC(&saved_cpu_features) = spec->cpu_features;
635 *PTRRELOC(&saved_mmu_features) = spec->mmu_features;
636
637 /*
638 * Apply the CPU-specific and firmware specific fixups to kernel text
639 * (nop out sections not relevant to this CPU or this firmware).
640 */
641 do_feature_fixups(spec->cpu_features,
642 PTRRELOC(&__start___ftr_fixup),
643 PTRRELOC(&__stop___ftr_fixup));
644
645 do_feature_fixups(spec->mmu_features,
646 PTRRELOC(&__start___mmu_ftr_fixup),
647 PTRRELOC(&__stop___mmu_ftr_fixup));
648
649 do_lwsync_fixups(spec->cpu_features,
650 PTRRELOC(&__start___lwsync_fixup),
651 PTRRELOC(&__stop___lwsync_fixup));
652
653#ifdef CONFIG_PPC64
654 saved_firmware_features = powerpc_firmware_features;
655 do_feature_fixups(powerpc_firmware_features,
656 &__start___fw_ftr_fixup, &__stop___fw_ftr_fixup);
657#endif
658 do_final_fixups();
659}
660
661void __init update_mmu_feature_fixups(unsigned long mask)
662{
663 saved_mmu_features &= ~mask;
664 saved_mmu_features |= cur_cpu_spec->mmu_features & mask;
665
666 do_feature_fixups_mask(cur_cpu_spec->mmu_features, mask,
667 PTRRELOC(&__start___mmu_ftr_fixup),
668 PTRRELOC(&__stop___mmu_ftr_fixup));
669 mmu_feature_keys_init();
670}
671
672void __init setup_feature_keys(void)
673{
674 /*
675 * Initialise jump label. This causes all the cpu/mmu_has_feature()
676 * checks to take on their correct polarity based on the current set of
677 * CPU/MMU features.
678 */
679 jump_label_init();
680 cpu_feature_keys_init();
681 mmu_feature_keys_init();
682}
683
684static int __init check_features(void)
685{
686 WARN(saved_cpu_features != cur_cpu_spec->cpu_features,
687 "CPU features changed after feature patching!\n");
688 WARN(saved_mmu_features != cur_cpu_spec->mmu_features,
689 "MMU features changed after feature patching!\n");
690#ifdef CONFIG_PPC64
691 WARN(saved_firmware_features != powerpc_firmware_features,
692 "Firmware features changed after feature patching!\n");
693#endif
694
695 return 0;
696}
697late_initcall(check_features);
698
699#ifdef CONFIG_FTR_FIXUP_SELFTEST
700
701#define check(x) \
702 if (!(x)) printk("feature-fixups: test failed at line %d\n", __LINE__);
703
704static int patch_feature_section(unsigned long value, struct fixup_entry *fcur)
705{
706 return patch_feature_section_mask(value, ~0, fcur);
707}
708
709/* This must be after the text it fixes up, vmlinux.lds.S enforces that atm */
710static struct fixup_entry fixup;
711
712static long __init calc_offset(struct fixup_entry *entry, unsigned int *p)
713{
714 return (unsigned long)p - (unsigned long)entry;
715}
716
717static void __init test_basic_patching(void)
718{
719 extern unsigned int ftr_fixup_test1[];
720 extern unsigned int end_ftr_fixup_test1[];
721 extern unsigned int ftr_fixup_test1_orig[];
722 extern unsigned int ftr_fixup_test1_expected[];
723 int size = 4 * (end_ftr_fixup_test1 - ftr_fixup_test1);
724
725 fixup.value = fixup.mask = 8;
726 fixup.start_off = calc_offset(&fixup, ftr_fixup_test1 + 1);
727 fixup.end_off = calc_offset(&fixup, ftr_fixup_test1 + 2);
728 fixup.alt_start_off = fixup.alt_end_off = 0;
729
730 /* Sanity check */
731 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
732
733 /* Check we don't patch if the value matches */
734 patch_feature_section(8, &fixup);
735 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
736
737 /* Check we do patch if the value doesn't match */
738 patch_feature_section(0, &fixup);
739 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
740
741 /* Check we do patch if the mask doesn't match */
742 memcpy(ftr_fixup_test1, ftr_fixup_test1_orig, size);
743 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
744 patch_feature_section(~8, &fixup);
745 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
746}
747
748static void __init test_alternative_patching(void)
749{
750 extern unsigned int ftr_fixup_test2[];
751 extern unsigned int end_ftr_fixup_test2[];
752 extern unsigned int ftr_fixup_test2_orig[];
753 extern unsigned int ftr_fixup_test2_alt[];
754 extern unsigned int ftr_fixup_test2_expected[];
755 int size = 4 * (end_ftr_fixup_test2 - ftr_fixup_test2);
756
757 fixup.value = fixup.mask = 0xF;
758 fixup.start_off = calc_offset(&fixup, ftr_fixup_test2 + 1);
759 fixup.end_off = calc_offset(&fixup, ftr_fixup_test2 + 2);
760 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test2_alt);
761 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test2_alt + 1);
762
763 /* Sanity check */
764 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
765
766 /* Check we don't patch if the value matches */
767 patch_feature_section(0xF, &fixup);
768 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
769
770 /* Check we do patch if the value doesn't match */
771 patch_feature_section(0, &fixup);
772 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
773
774 /* Check we do patch if the mask doesn't match */
775 memcpy(ftr_fixup_test2, ftr_fixup_test2_orig, size);
776 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
777 patch_feature_section(~0xF, &fixup);
778 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
779}
780
781static void __init test_alternative_case_too_big(void)
782{
783 extern unsigned int ftr_fixup_test3[];
784 extern unsigned int end_ftr_fixup_test3[];
785 extern unsigned int ftr_fixup_test3_orig[];
786 extern unsigned int ftr_fixup_test3_alt[];
787 int size = 4 * (end_ftr_fixup_test3 - ftr_fixup_test3);
788
789 fixup.value = fixup.mask = 0xC;
790 fixup.start_off = calc_offset(&fixup, ftr_fixup_test3 + 1);
791 fixup.end_off = calc_offset(&fixup, ftr_fixup_test3 + 2);
792 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test3_alt);
793 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test3_alt + 2);
794
795 /* Sanity check */
796 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
797
798 /* Expect nothing to be patched, and the error returned to us */
799 check(patch_feature_section(0xF, &fixup) == 1);
800 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
801 check(patch_feature_section(0, &fixup) == 1);
802 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
803 check(patch_feature_section(~0xF, &fixup) == 1);
804 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
805}
806
807static void __init test_alternative_case_too_small(void)
808{
809 extern unsigned int ftr_fixup_test4[];
810 extern unsigned int end_ftr_fixup_test4[];
811 extern unsigned int ftr_fixup_test4_orig[];
812 extern unsigned int ftr_fixup_test4_alt[];
813 extern unsigned int ftr_fixup_test4_expected[];
814 int size = 4 * (end_ftr_fixup_test4 - ftr_fixup_test4);
815 unsigned long flag;
816
817 /* Check a high-bit flag */
818 flag = 1UL << ((sizeof(unsigned long) - 1) * 8);
819 fixup.value = fixup.mask = flag;
820 fixup.start_off = calc_offset(&fixup, ftr_fixup_test4 + 1);
821 fixup.end_off = calc_offset(&fixup, ftr_fixup_test4 + 5);
822 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test4_alt);
823 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test4_alt + 2);
824
825 /* Sanity check */
826 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
827
828 /* Check we don't patch if the value matches */
829 patch_feature_section(flag, &fixup);
830 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
831
832 /* Check we do patch if the value doesn't match */
833 patch_feature_section(0, &fixup);
834 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
835
836 /* Check we do patch if the mask doesn't match */
837 memcpy(ftr_fixup_test4, ftr_fixup_test4_orig, size);
838 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
839 patch_feature_section(~flag, &fixup);
840 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
841}
842
843static void test_alternative_case_with_branch(void)
844{
845 extern unsigned int ftr_fixup_test5[];
846 extern unsigned int end_ftr_fixup_test5[];
847 extern unsigned int ftr_fixup_test5_expected[];
848 int size = 4 * (end_ftr_fixup_test5 - ftr_fixup_test5);
849
850 check(memcmp(ftr_fixup_test5, ftr_fixup_test5_expected, size) == 0);
851}
852
853static void __init test_alternative_case_with_external_branch(void)
854{
855 extern unsigned int ftr_fixup_test6[];
856 extern unsigned int end_ftr_fixup_test6[];
857 extern unsigned int ftr_fixup_test6_expected[];
858 int size = 4 * (end_ftr_fixup_test6 - ftr_fixup_test6);
859
860 check(memcmp(ftr_fixup_test6, ftr_fixup_test6_expected, size) == 0);
861}
862
863static void __init test_alternative_case_with_branch_to_end(void)
864{
865 extern unsigned int ftr_fixup_test7[];
866 extern unsigned int end_ftr_fixup_test7[];
867 extern unsigned int ftr_fixup_test7_expected[];
868 int size = 4 * (end_ftr_fixup_test7 - ftr_fixup_test7);
869
870 check(memcmp(ftr_fixup_test7, ftr_fixup_test7_expected, size) == 0);
871}
872
873static void __init test_cpu_macros(void)
874{
875 extern u8 ftr_fixup_test_FTR_macros[];
876 extern u8 ftr_fixup_test_FTR_macros_expected[];
877 unsigned long size = ftr_fixup_test_FTR_macros_expected -
878 ftr_fixup_test_FTR_macros;
879
880 /* The fixups have already been done for us during boot */
881 check(memcmp(ftr_fixup_test_FTR_macros,
882 ftr_fixup_test_FTR_macros_expected, size) == 0);
883}
884
885static void __init test_fw_macros(void)
886{
887#ifdef CONFIG_PPC64
888 extern u8 ftr_fixup_test_FW_FTR_macros[];
889 extern u8 ftr_fixup_test_FW_FTR_macros_expected[];
890 unsigned long size = ftr_fixup_test_FW_FTR_macros_expected -
891 ftr_fixup_test_FW_FTR_macros;
892
893 /* The fixups have already been done for us during boot */
894 check(memcmp(ftr_fixup_test_FW_FTR_macros,
895 ftr_fixup_test_FW_FTR_macros_expected, size) == 0);
896#endif
897}
898
899static void __init test_lwsync_macros(void)
900{
901 extern u8 lwsync_fixup_test[];
902 extern u8 end_lwsync_fixup_test[];
903 extern u8 lwsync_fixup_test_expected_LWSYNC[];
904 extern u8 lwsync_fixup_test_expected_SYNC[];
905 unsigned long size = end_lwsync_fixup_test -
906 lwsync_fixup_test;
907
908 /* The fixups have already been done for us during boot */
909 if (cur_cpu_spec->cpu_features & CPU_FTR_LWSYNC) {
910 check(memcmp(lwsync_fixup_test,
911 lwsync_fixup_test_expected_LWSYNC, size) == 0);
912 } else {
913 check(memcmp(lwsync_fixup_test,
914 lwsync_fixup_test_expected_SYNC, size) == 0);
915 }
916}
917
918#ifdef CONFIG_PPC64
919static void __init test_prefix_patching(void)
920{
921 extern unsigned int ftr_fixup_prefix1[];
922 extern unsigned int end_ftr_fixup_prefix1[];
923 extern unsigned int ftr_fixup_prefix1_orig[];
924 extern unsigned int ftr_fixup_prefix1_expected[];
925 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix1 - ftr_fixup_prefix1);
926
927 fixup.value = fixup.mask = 8;
928 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix1 + 1);
929 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix1 + 3);
930 fixup.alt_start_off = fixup.alt_end_off = 0;
931
932 /* Sanity check */
933 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) == 0);
934
935 patch_feature_section(0, &fixup);
936 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_expected, size) == 0);
937 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) != 0);
938}
939
940static void __init test_prefix_alt_patching(void)
941{
942 extern unsigned int ftr_fixup_prefix2[];
943 extern unsigned int end_ftr_fixup_prefix2[];
944 extern unsigned int ftr_fixup_prefix2_orig[];
945 extern unsigned int ftr_fixup_prefix2_expected[];
946 extern unsigned int ftr_fixup_prefix2_alt[];
947 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix2 - ftr_fixup_prefix2);
948
949 fixup.value = fixup.mask = 8;
950 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix2 + 1);
951 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix2 + 3);
952 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix2_alt);
953 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix2_alt + 2);
954 /* Sanity check */
955 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) == 0);
956
957 patch_feature_section(0, &fixup);
958 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_expected, size) == 0);
959 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) != 0);
960}
961
962static void __init test_prefix_word_alt_patching(void)
963{
964 extern unsigned int ftr_fixup_prefix3[];
965 extern unsigned int end_ftr_fixup_prefix3[];
966 extern unsigned int ftr_fixup_prefix3_orig[];
967 extern unsigned int ftr_fixup_prefix3_expected[];
968 extern unsigned int ftr_fixup_prefix3_alt[];
969 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix3 - ftr_fixup_prefix3);
970
971 fixup.value = fixup.mask = 8;
972 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix3 + 1);
973 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix3 + 4);
974 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix3_alt);
975 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix3_alt + 3);
976 /* Sanity check */
977 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) == 0);
978
979 patch_feature_section(0, &fixup);
980 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_expected, size) == 0);
981 patch_feature_section(0, &fixup);
982 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) != 0);
983}
984#else
985static inline void test_prefix_patching(void) {}
986static inline void test_prefix_alt_patching(void) {}
987static inline void test_prefix_word_alt_patching(void) {}
988#endif /* CONFIG_PPC64 */
989
990static int __init test_feature_fixups(void)
991{
992 printk(KERN_DEBUG "Running feature fixup self-tests ...\n");
993
994 test_basic_patching();
995 test_alternative_patching();
996 test_alternative_case_too_big();
997 test_alternative_case_too_small();
998 test_alternative_case_with_branch();
999 test_alternative_case_with_external_branch();
1000 test_alternative_case_with_branch_to_end();
1001 test_cpu_macros();
1002 test_fw_macros();
1003 test_lwsync_macros();
1004 test_prefix_patching();
1005 test_prefix_alt_patching();
1006 test_prefix_word_alt_patching();
1007
1008 return 0;
1009}
1010late_initcall(test_feature_fixups);
1011
1012#endif /* CONFIG_FTR_FIXUP_SELFTEST */
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2001 Ben. Herrenschmidt (benh@kernel.crashing.org)
4 *
5 * Modifications for ppc64:
6 * Copyright (C) 2003 Dave Engebretsen <engebret@us.ibm.com>
7 *
8 * Copyright 2008 Michael Ellerman, IBM Corporation.
9 */
10
11#include <linux/types.h>
12#include <linux/jump_label.h>
13#include <linux/kernel.h>
14#include <linux/string.h>
15#include <linux/init.h>
16#include <linux/sched/mm.h>
17#include <asm/cputable.h>
18#include <asm/code-patching.h>
19#include <asm/page.h>
20#include <asm/sections.h>
21#include <asm/setup.h>
22#include <asm/security_features.h>
23#include <asm/firmware.h>
24
25struct fixup_entry {
26 unsigned long mask;
27 unsigned long value;
28 long start_off;
29 long end_off;
30 long alt_start_off;
31 long alt_end_off;
32};
33
34static unsigned int *calc_addr(struct fixup_entry *fcur, long offset)
35{
36 /*
37 * We store the offset to the code as a negative offset from
38 * the start of the alt_entry, to support the VDSO. This
39 * routine converts that back into an actual address.
40 */
41 return (unsigned int *)((unsigned long)fcur + offset);
42}
43
44static int patch_alt_instruction(unsigned int *src, unsigned int *dest,
45 unsigned int *alt_start, unsigned int *alt_end)
46{
47 unsigned int instr;
48
49 instr = *src;
50
51 if (instr_is_relative_branch(*src)) {
52 unsigned int *target = (unsigned int *)branch_target(src);
53
54 /* Branch within the section doesn't need translating */
55 if (target < alt_start || target > alt_end) {
56 instr = translate_branch(dest, src);
57 if (!instr)
58 return 1;
59 }
60 }
61
62 raw_patch_instruction(dest, instr);
63
64 return 0;
65}
66
67static int patch_feature_section(unsigned long value, struct fixup_entry *fcur)
68{
69 unsigned int *start, *end, *alt_start, *alt_end, *src, *dest;
70
71 start = calc_addr(fcur, fcur->start_off);
72 end = calc_addr(fcur, fcur->end_off);
73 alt_start = calc_addr(fcur, fcur->alt_start_off);
74 alt_end = calc_addr(fcur, fcur->alt_end_off);
75
76 if ((alt_end - alt_start) > (end - start))
77 return 1;
78
79 if ((value & fcur->mask) == fcur->value)
80 return 0;
81
82 src = alt_start;
83 dest = start;
84
85 for (; src < alt_end; src++, dest++) {
86 if (patch_alt_instruction(src, dest, alt_start, alt_end))
87 return 1;
88 }
89
90 for (; dest < end; dest++)
91 raw_patch_instruction(dest, PPC_INST_NOP);
92
93 return 0;
94}
95
96void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end)
97{
98 struct fixup_entry *fcur, *fend;
99
100 fcur = fixup_start;
101 fend = fixup_end;
102
103 for (; fcur < fend; fcur++) {
104 if (patch_feature_section(value, fcur)) {
105 WARN_ON(1);
106 printk("Unable to patch feature section at %p - %p" \
107 " with %p - %p\n",
108 calc_addr(fcur, fcur->start_off),
109 calc_addr(fcur, fcur->end_off),
110 calc_addr(fcur, fcur->alt_start_off),
111 calc_addr(fcur, fcur->alt_end_off));
112 }
113 }
114}
115
116#ifdef CONFIG_PPC_BOOK3S_64
117static void do_stf_entry_barrier_fixups(enum stf_barrier_type types)
118{
119 unsigned int instrs[3], *dest;
120 long *start, *end;
121 int i;
122
123 start = PTRRELOC(&__start___stf_entry_barrier_fixup),
124 end = PTRRELOC(&__stop___stf_entry_barrier_fixup);
125
126 instrs[0] = 0x60000000; /* nop */
127 instrs[1] = 0x60000000; /* nop */
128 instrs[2] = 0x60000000; /* nop */
129
130 i = 0;
131 if (types & STF_BARRIER_FALLBACK) {
132 instrs[i++] = 0x7d4802a6; /* mflr r10 */
133 instrs[i++] = 0x60000000; /* branch patched below */
134 instrs[i++] = 0x7d4803a6; /* mtlr r10 */
135 } else if (types & STF_BARRIER_EIEIO) {
136 instrs[i++] = 0x7e0006ac; /* eieio + bit 6 hint */
137 } else if (types & STF_BARRIER_SYNC_ORI) {
138 instrs[i++] = 0x7c0004ac; /* hwsync */
139 instrs[i++] = 0xe94d0000; /* ld r10,0(r13) */
140 instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */
141 }
142
143 for (i = 0; start < end; start++, i++) {
144 dest = (void *)start + *start;
145
146 pr_devel("patching dest %lx\n", (unsigned long)dest);
147
148 patch_instruction(dest, instrs[0]);
149
150 if (types & STF_BARRIER_FALLBACK)
151 patch_branch(dest + 1, (unsigned long)&stf_barrier_fallback,
152 BRANCH_SET_LINK);
153 else
154 patch_instruction(dest + 1, instrs[1]);
155
156 patch_instruction(dest + 2, instrs[2]);
157 }
158
159 printk(KERN_DEBUG "stf-barrier: patched %d entry locations (%s barrier)\n", i,
160 (types == STF_BARRIER_NONE) ? "no" :
161 (types == STF_BARRIER_FALLBACK) ? "fallback" :
162 (types == STF_BARRIER_EIEIO) ? "eieio" :
163 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
164 : "unknown");
165}
166
167static void do_stf_exit_barrier_fixups(enum stf_barrier_type types)
168{
169 unsigned int instrs[6], *dest;
170 long *start, *end;
171 int i;
172
173 start = PTRRELOC(&__start___stf_exit_barrier_fixup),
174 end = PTRRELOC(&__stop___stf_exit_barrier_fixup);
175
176 instrs[0] = 0x60000000; /* nop */
177 instrs[1] = 0x60000000; /* nop */
178 instrs[2] = 0x60000000; /* nop */
179 instrs[3] = 0x60000000; /* nop */
180 instrs[4] = 0x60000000; /* nop */
181 instrs[5] = 0x60000000; /* nop */
182
183 i = 0;
184 if (types & STF_BARRIER_FALLBACK || types & STF_BARRIER_SYNC_ORI) {
185 if (cpu_has_feature(CPU_FTR_HVMODE)) {
186 instrs[i++] = 0x7db14ba6; /* mtspr 0x131, r13 (HSPRG1) */
187 instrs[i++] = 0x7db04aa6; /* mfspr r13, 0x130 (HSPRG0) */
188 } else {
189 instrs[i++] = 0x7db243a6; /* mtsprg 2,r13 */
190 instrs[i++] = 0x7db142a6; /* mfsprg r13,1 */
191 }
192 instrs[i++] = 0x7c0004ac; /* hwsync */
193 instrs[i++] = 0xe9ad0000; /* ld r13,0(r13) */
194 instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */
195 if (cpu_has_feature(CPU_FTR_HVMODE)) {
196 instrs[i++] = 0x7db14aa6; /* mfspr r13, 0x131 (HSPRG1) */
197 } else {
198 instrs[i++] = 0x7db242a6; /* mfsprg r13,2 */
199 }
200 } else if (types & STF_BARRIER_EIEIO) {
201 instrs[i++] = 0x7e0006ac; /* eieio + bit 6 hint */
202 }
203
204 for (i = 0; start < end; start++, i++) {
205 dest = (void *)start + *start;
206
207 pr_devel("patching dest %lx\n", (unsigned long)dest);
208
209 patch_instruction(dest, instrs[0]);
210 patch_instruction(dest + 1, instrs[1]);
211 patch_instruction(dest + 2, instrs[2]);
212 patch_instruction(dest + 3, instrs[3]);
213 patch_instruction(dest + 4, instrs[4]);
214 patch_instruction(dest + 5, instrs[5]);
215 }
216 printk(KERN_DEBUG "stf-barrier: patched %d exit locations (%s barrier)\n", i,
217 (types == STF_BARRIER_NONE) ? "no" :
218 (types == STF_BARRIER_FALLBACK) ? "fallback" :
219 (types == STF_BARRIER_EIEIO) ? "eieio" :
220 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
221 : "unknown");
222}
223
224
225void do_stf_barrier_fixups(enum stf_barrier_type types)
226{
227 do_stf_entry_barrier_fixups(types);
228 do_stf_exit_barrier_fixups(types);
229}
230
231void do_rfi_flush_fixups(enum l1d_flush_type types)
232{
233 unsigned int instrs[3], *dest;
234 long *start, *end;
235 int i;
236
237 start = PTRRELOC(&__start___rfi_flush_fixup),
238 end = PTRRELOC(&__stop___rfi_flush_fixup);
239
240 instrs[0] = 0x60000000; /* nop */
241 instrs[1] = 0x60000000; /* nop */
242 instrs[2] = 0x60000000; /* nop */
243
244 if (types & L1D_FLUSH_FALLBACK)
245 /* b .+16 to fallback flush */
246 instrs[0] = 0x48000010;
247
248 i = 0;
249 if (types & L1D_FLUSH_ORI) {
250 instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */
251 instrs[i++] = 0x63de0000; /* ori 30,30,0 L1d flush*/
252 }
253
254 if (types & L1D_FLUSH_MTTRIG)
255 instrs[i++] = 0x7c12dba6; /* mtspr TRIG2,r0 (SPR #882) */
256
257 for (i = 0; start < end; start++, i++) {
258 dest = (void *)start + *start;
259
260 pr_devel("patching dest %lx\n", (unsigned long)dest);
261
262 patch_instruction(dest, instrs[0]);
263 patch_instruction(dest + 1, instrs[1]);
264 patch_instruction(dest + 2, instrs[2]);
265 }
266
267 printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
268 (types == L1D_FLUSH_NONE) ? "no" :
269 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
270 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
271 ? "ori+mttrig type"
272 : "ori type" :
273 (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
274 : "unknown");
275}
276
277void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
278{
279 unsigned int instr, *dest;
280 long *start, *end;
281 int i;
282
283 start = fixup_start;
284 end = fixup_end;
285
286 instr = 0x60000000; /* nop */
287
288 if (enable) {
289 pr_info("barrier-nospec: using ORI speculation barrier\n");
290 instr = 0x63ff0000; /* ori 31,31,0 speculation barrier */
291 }
292
293 for (i = 0; start < end; start++, i++) {
294 dest = (void *)start + *start;
295
296 pr_devel("patching dest %lx\n", (unsigned long)dest);
297 patch_instruction(dest, instr);
298 }
299
300 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
301}
302
303#endif /* CONFIG_PPC_BOOK3S_64 */
304
305#ifdef CONFIG_PPC_BARRIER_NOSPEC
306void do_barrier_nospec_fixups(bool enable)
307{
308 void *start, *end;
309
310 start = PTRRELOC(&__start___barrier_nospec_fixup),
311 end = PTRRELOC(&__stop___barrier_nospec_fixup);
312
313 do_barrier_nospec_fixups_range(enable, start, end);
314}
315#endif /* CONFIG_PPC_BARRIER_NOSPEC */
316
317#ifdef CONFIG_PPC_FSL_BOOK3E
318void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
319{
320 unsigned int instr[2], *dest;
321 long *start, *end;
322 int i;
323
324 start = fixup_start;
325 end = fixup_end;
326
327 instr[0] = PPC_INST_NOP;
328 instr[1] = PPC_INST_NOP;
329
330 if (enable) {
331 pr_info("barrier-nospec: using isync; sync as speculation barrier\n");
332 instr[0] = PPC_INST_ISYNC;
333 instr[1] = PPC_INST_SYNC;
334 }
335
336 for (i = 0; start < end; start++, i++) {
337 dest = (void *)start + *start;
338
339 pr_devel("patching dest %lx\n", (unsigned long)dest);
340 patch_instruction(dest, instr[0]);
341 patch_instruction(dest + 1, instr[1]);
342 }
343
344 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
345}
346
347static void patch_btb_flush_section(long *curr)
348{
349 unsigned int *start, *end;
350
351 start = (void *)curr + *curr;
352 end = (void *)curr + *(curr + 1);
353 for (; start < end; start++) {
354 pr_devel("patching dest %lx\n", (unsigned long)start);
355 patch_instruction(start, PPC_INST_NOP);
356 }
357}
358
359void do_btb_flush_fixups(void)
360{
361 long *start, *end;
362
363 start = PTRRELOC(&__start__btb_flush_fixup);
364 end = PTRRELOC(&__stop__btb_flush_fixup);
365
366 for (; start < end; start += 2)
367 patch_btb_flush_section(start);
368}
369#endif /* CONFIG_PPC_FSL_BOOK3E */
370
371void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
372{
373 long *start, *end;
374 unsigned int *dest;
375
376 if (!(value & CPU_FTR_LWSYNC))
377 return ;
378
379 start = fixup_start;
380 end = fixup_end;
381
382 for (; start < end; start++) {
383 dest = (void *)start + *start;
384 raw_patch_instruction(dest, PPC_INST_LWSYNC);
385 }
386}
387
388static void do_final_fixups(void)
389{
390#if defined(CONFIG_PPC64) && defined(CONFIG_RELOCATABLE)
391 int *src, *dest;
392 unsigned long length;
393
394 if (PHYSICAL_START == 0)
395 return;
396
397 src = (int *)(KERNELBASE + PHYSICAL_START);
398 dest = (int *)KERNELBASE;
399 length = (__end_interrupts - _stext) / sizeof(int);
400
401 while (length--) {
402 raw_patch_instruction(dest, *src);
403 src++;
404 dest++;
405 }
406#endif
407}
408
409static unsigned long __initdata saved_cpu_features;
410static unsigned int __initdata saved_mmu_features;
411#ifdef CONFIG_PPC64
412static unsigned long __initdata saved_firmware_features;
413#endif
414
415void __init apply_feature_fixups(void)
416{
417 struct cpu_spec *spec = PTRRELOC(*PTRRELOC(&cur_cpu_spec));
418
419 *PTRRELOC(&saved_cpu_features) = spec->cpu_features;
420 *PTRRELOC(&saved_mmu_features) = spec->mmu_features;
421
422 /*
423 * Apply the CPU-specific and firmware specific fixups to kernel text
424 * (nop out sections not relevant to this CPU or this firmware).
425 */
426 do_feature_fixups(spec->cpu_features,
427 PTRRELOC(&__start___ftr_fixup),
428 PTRRELOC(&__stop___ftr_fixup));
429
430 do_feature_fixups(spec->mmu_features,
431 PTRRELOC(&__start___mmu_ftr_fixup),
432 PTRRELOC(&__stop___mmu_ftr_fixup));
433
434 do_lwsync_fixups(spec->cpu_features,
435 PTRRELOC(&__start___lwsync_fixup),
436 PTRRELOC(&__stop___lwsync_fixup));
437
438#ifdef CONFIG_PPC64
439 saved_firmware_features = powerpc_firmware_features;
440 do_feature_fixups(powerpc_firmware_features,
441 &__start___fw_ftr_fixup, &__stop___fw_ftr_fixup);
442#endif
443 do_final_fixups();
444}
445
446void __init setup_feature_keys(void)
447{
448 /*
449 * Initialise jump label. This causes all the cpu/mmu_has_feature()
450 * checks to take on their correct polarity based on the current set of
451 * CPU/MMU features.
452 */
453 jump_label_init();
454 cpu_feature_keys_init();
455 mmu_feature_keys_init();
456}
457
458static int __init check_features(void)
459{
460 WARN(saved_cpu_features != cur_cpu_spec->cpu_features,
461 "CPU features changed after feature patching!\n");
462 WARN(saved_mmu_features != cur_cpu_spec->mmu_features,
463 "MMU features changed after feature patching!\n");
464#ifdef CONFIG_PPC64
465 WARN(saved_firmware_features != powerpc_firmware_features,
466 "Firmware features changed after feature patching!\n");
467#endif
468
469 return 0;
470}
471late_initcall(check_features);
472
473#ifdef CONFIG_FTR_FIXUP_SELFTEST
474
475#define check(x) \
476 if (!(x)) printk("feature-fixups: test failed at line %d\n", __LINE__);
477
478/* This must be after the text it fixes up, vmlinux.lds.S enforces that atm */
479static struct fixup_entry fixup;
480
481static long calc_offset(struct fixup_entry *entry, unsigned int *p)
482{
483 return (unsigned long)p - (unsigned long)entry;
484}
485
486static void test_basic_patching(void)
487{
488 extern unsigned int ftr_fixup_test1[];
489 extern unsigned int end_ftr_fixup_test1[];
490 extern unsigned int ftr_fixup_test1_orig[];
491 extern unsigned int ftr_fixup_test1_expected[];
492 int size = 4 * (end_ftr_fixup_test1 - ftr_fixup_test1);
493
494 fixup.value = fixup.mask = 8;
495 fixup.start_off = calc_offset(&fixup, ftr_fixup_test1 + 1);
496 fixup.end_off = calc_offset(&fixup, ftr_fixup_test1 + 2);
497 fixup.alt_start_off = fixup.alt_end_off = 0;
498
499 /* Sanity check */
500 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
501
502 /* Check we don't patch if the value matches */
503 patch_feature_section(8, &fixup);
504 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
505
506 /* Check we do patch if the value doesn't match */
507 patch_feature_section(0, &fixup);
508 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
509
510 /* Check we do patch if the mask doesn't match */
511 memcpy(ftr_fixup_test1, ftr_fixup_test1_orig, size);
512 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
513 patch_feature_section(~8, &fixup);
514 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
515}
516
517static void test_alternative_patching(void)
518{
519 extern unsigned int ftr_fixup_test2[];
520 extern unsigned int end_ftr_fixup_test2[];
521 extern unsigned int ftr_fixup_test2_orig[];
522 extern unsigned int ftr_fixup_test2_alt[];
523 extern unsigned int ftr_fixup_test2_expected[];
524 int size = 4 * (end_ftr_fixup_test2 - ftr_fixup_test2);
525
526 fixup.value = fixup.mask = 0xF;
527 fixup.start_off = calc_offset(&fixup, ftr_fixup_test2 + 1);
528 fixup.end_off = calc_offset(&fixup, ftr_fixup_test2 + 2);
529 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test2_alt);
530 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test2_alt + 1);
531
532 /* Sanity check */
533 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
534
535 /* Check we don't patch if the value matches */
536 patch_feature_section(0xF, &fixup);
537 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
538
539 /* Check we do patch if the value doesn't match */
540 patch_feature_section(0, &fixup);
541 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
542
543 /* Check we do patch if the mask doesn't match */
544 memcpy(ftr_fixup_test2, ftr_fixup_test2_orig, size);
545 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
546 patch_feature_section(~0xF, &fixup);
547 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
548}
549
550static void test_alternative_case_too_big(void)
551{
552 extern unsigned int ftr_fixup_test3[];
553 extern unsigned int end_ftr_fixup_test3[];
554 extern unsigned int ftr_fixup_test3_orig[];
555 extern unsigned int ftr_fixup_test3_alt[];
556 int size = 4 * (end_ftr_fixup_test3 - ftr_fixup_test3);
557
558 fixup.value = fixup.mask = 0xC;
559 fixup.start_off = calc_offset(&fixup, ftr_fixup_test3 + 1);
560 fixup.end_off = calc_offset(&fixup, ftr_fixup_test3 + 2);
561 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test3_alt);
562 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test3_alt + 2);
563
564 /* Sanity check */
565 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
566
567 /* Expect nothing to be patched, and the error returned to us */
568 check(patch_feature_section(0xF, &fixup) == 1);
569 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
570 check(patch_feature_section(0, &fixup) == 1);
571 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
572 check(patch_feature_section(~0xF, &fixup) == 1);
573 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
574}
575
576static void test_alternative_case_too_small(void)
577{
578 extern unsigned int ftr_fixup_test4[];
579 extern unsigned int end_ftr_fixup_test4[];
580 extern unsigned int ftr_fixup_test4_orig[];
581 extern unsigned int ftr_fixup_test4_alt[];
582 extern unsigned int ftr_fixup_test4_expected[];
583 int size = 4 * (end_ftr_fixup_test4 - ftr_fixup_test4);
584 unsigned long flag;
585
586 /* Check a high-bit flag */
587 flag = 1UL << ((sizeof(unsigned long) - 1) * 8);
588 fixup.value = fixup.mask = flag;
589 fixup.start_off = calc_offset(&fixup, ftr_fixup_test4 + 1);
590 fixup.end_off = calc_offset(&fixup, ftr_fixup_test4 + 5);
591 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test4_alt);
592 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test4_alt + 2);
593
594 /* Sanity check */
595 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
596
597 /* Check we don't patch if the value matches */
598 patch_feature_section(flag, &fixup);
599 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
600
601 /* Check we do patch if the value doesn't match */
602 patch_feature_section(0, &fixup);
603 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
604
605 /* Check we do patch if the mask doesn't match */
606 memcpy(ftr_fixup_test4, ftr_fixup_test4_orig, size);
607 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
608 patch_feature_section(~flag, &fixup);
609 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
610}
611
612static void test_alternative_case_with_branch(void)
613{
614 extern unsigned int ftr_fixup_test5[];
615 extern unsigned int end_ftr_fixup_test5[];
616 extern unsigned int ftr_fixup_test5_expected[];
617 int size = 4 * (end_ftr_fixup_test5 - ftr_fixup_test5);
618
619 check(memcmp(ftr_fixup_test5, ftr_fixup_test5_expected, size) == 0);
620}
621
622static void test_alternative_case_with_external_branch(void)
623{
624 extern unsigned int ftr_fixup_test6[];
625 extern unsigned int end_ftr_fixup_test6[];
626 extern unsigned int ftr_fixup_test6_expected[];
627 int size = 4 * (end_ftr_fixup_test6 - ftr_fixup_test6);
628
629 check(memcmp(ftr_fixup_test6, ftr_fixup_test6_expected, size) == 0);
630}
631
632static void test_alternative_case_with_branch_to_end(void)
633{
634 extern unsigned int ftr_fixup_test7[];
635 extern unsigned int end_ftr_fixup_test7[];
636 extern unsigned int ftr_fixup_test7_expected[];
637 int size = 4 * (end_ftr_fixup_test7 - ftr_fixup_test7);
638
639 check(memcmp(ftr_fixup_test7, ftr_fixup_test7_expected, size) == 0);
640}
641
642static void test_cpu_macros(void)
643{
644 extern u8 ftr_fixup_test_FTR_macros[];
645 extern u8 ftr_fixup_test_FTR_macros_expected[];
646 unsigned long size = ftr_fixup_test_FTR_macros_expected -
647 ftr_fixup_test_FTR_macros;
648
649 /* The fixups have already been done for us during boot */
650 check(memcmp(ftr_fixup_test_FTR_macros,
651 ftr_fixup_test_FTR_macros_expected, size) == 0);
652}
653
654static void test_fw_macros(void)
655{
656#ifdef CONFIG_PPC64
657 extern u8 ftr_fixup_test_FW_FTR_macros[];
658 extern u8 ftr_fixup_test_FW_FTR_macros_expected[];
659 unsigned long size = ftr_fixup_test_FW_FTR_macros_expected -
660 ftr_fixup_test_FW_FTR_macros;
661
662 /* The fixups have already been done for us during boot */
663 check(memcmp(ftr_fixup_test_FW_FTR_macros,
664 ftr_fixup_test_FW_FTR_macros_expected, size) == 0);
665#endif
666}
667
668static void test_lwsync_macros(void)
669{
670 extern u8 lwsync_fixup_test[];
671 extern u8 end_lwsync_fixup_test[];
672 extern u8 lwsync_fixup_test_expected_LWSYNC[];
673 extern u8 lwsync_fixup_test_expected_SYNC[];
674 unsigned long size = end_lwsync_fixup_test -
675 lwsync_fixup_test;
676
677 /* The fixups have already been done for us during boot */
678 if (cur_cpu_spec->cpu_features & CPU_FTR_LWSYNC) {
679 check(memcmp(lwsync_fixup_test,
680 lwsync_fixup_test_expected_LWSYNC, size) == 0);
681 } else {
682 check(memcmp(lwsync_fixup_test,
683 lwsync_fixup_test_expected_SYNC, size) == 0);
684 }
685}
686
687static int __init test_feature_fixups(void)
688{
689 printk(KERN_DEBUG "Running feature fixup self-tests ...\n");
690
691 test_basic_patching();
692 test_alternative_patching();
693 test_alternative_case_too_big();
694 test_alternative_case_too_small();
695 test_alternative_case_with_branch();
696 test_alternative_case_with_external_branch();
697 test_alternative_case_with_branch_to_end();
698 test_cpu_macros();
699 test_fw_macros();
700 test_lwsync_macros();
701
702 return 0;
703}
704late_initcall(test_feature_fixups);
705
706#endif /* CONFIG_FTR_FIXUP_SELFTEST */