1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ASM_X86_ALTERNATIVE_H
3 #define _ASM_X86_ALTERNATIVE_H
4
5 #include <linux/types.h>
6 #include <linux/stringify.h>
7 #include <asm/asm.h>
8 #include <asm/bug.h>
9
10 #define ALT_FLAGS_SHIFT 16
11
12 #define ALT_FLAG_NOT (1 << 0)
13 #define ALT_NOT(feature) ((ALT_FLAG_NOT << ALT_FLAGS_SHIFT) | (feature))
14
15 #ifndef __ASSEMBLY__
16
17 #include <linux/stddef.h>
18
19 /*
20 * Alternative inline assembly for SMP.
21 *
22 * The LOCK_PREFIX macro defined here replaces the LOCK and
23 * LOCK_PREFIX macros used everywhere in the source tree.
24 *
25 * SMP alternatives use the same data structures as the other
26 * alternatives and the X86_FEATURE_UP flag to indicate the case of a
27 * UP system running a SMP kernel. The existing apply_alternatives()
28 * works fine for patching a SMP kernel for UP.
29 *
30 * The SMP alternative tables can be kept after boot and contain both
31 * UP and SMP versions of the instructions to allow switching back to
32 * SMP at runtime, when hotplugging in a new CPU, which is especially
33 * useful in virtualized environments.
34 *
35 * The very common lock prefix is handled as special case in a
36 * separate table which is a pure address list without replacement ptr
37 * and size information. That keeps the table sizes small.
38 */
39
40 #ifdef CONFIG_SMP
41 #define LOCK_PREFIX_HERE \
42 ".pushsection .smp_locks,\"a\"\n" \
43 ".balign 4\n" \
44 ".long 671f - .\n" /* offset */ \
45 ".popsection\n" \
46 "671:"
47
48 #define LOCK_PREFIX LOCK_PREFIX_HERE "\n\tlock; "
49
50 #else /* ! CONFIG_SMP */
51 #define LOCK_PREFIX_HERE ""
52 #define LOCK_PREFIX ""
53 #endif
54
55 /*
56 * objtool annotation to ignore the alternatives and only consider the original
57 * instruction(s).
58 */
59 #define ANNOTATE_IGNORE_ALTERNATIVE \
60 "999:\n\t" \
61 ".pushsection .discard.ignore_alts\n\t" \
62 ".long 999b\n\t" \
63 ".popsection\n\t"
64
65 /*
66 * The patching flags are part of the upper bits of the @ft_flags parameter when
67 * specifying them. The split is currently like this:
68 *
69 * [31... flags ...16][15... CPUID feature bit ...0]
70 *
71 * but since this is all hidden in the macros argument being split, those fields can be
72 * extended in the future to fit in a u64 or however the need arises.
73 */
74 struct alt_instr {
75 s32 instr_offset; /* original instruction */
76 s32 repl_offset; /* offset to replacement instruction */
77
78 union {
79 struct {
80 u32 cpuid: 16; /* CPUID bit set for replacement */
81 u32 flags: 16; /* patching control flags */
82 };
83 u32 ft_flags;
84 };
85
86 u8 instrlen; /* length of original instruction */
87 u8 replacementlen; /* length of new instruction */
88 } __packed;
89
90 /*
91 * Debug flag that can be tested to see whether alternative
92 * instructions were patched in already:
93 */
94 extern int alternatives_patched;
95
96 extern void alternative_instructions(void);
97 extern void apply_alternatives(struct alt_instr *start, struct alt_instr *end);
98 extern void apply_retpolines(s32 *start, s32 *end);
99 extern void apply_returns(s32 *start, s32 *end);
100 extern void apply_seal_endbr(s32 *start, s32 *end);
101 extern void apply_fineibt(s32 *start_retpoline, s32 *end_retpoine,
102 s32 *start_cfi, s32 *end_cfi);
103
104 struct module;
105 struct paravirt_patch_site;
106
107 struct callthunk_sites {
108 s32 *call_start, *call_end;
109 struct paravirt_patch_site *pv_start, *pv_end;
110 };
111
112 #ifdef CONFIG_CALL_THUNKS
113 extern void callthunks_patch_builtin_calls(void);
114 extern void callthunks_patch_module_calls(struct callthunk_sites *sites,
115 struct module *mod);
116 extern void *callthunks_translate_call_dest(void *dest);
117 extern int x86_call_depth_emit_accounting(u8 **pprog, void *func);
118 #else
callthunks_patch_builtin_calls(void)119 static __always_inline void callthunks_patch_builtin_calls(void) {}
120 static __always_inline void
callthunks_patch_module_calls(struct callthunk_sites * sites,struct module * mod)121 callthunks_patch_module_calls(struct callthunk_sites *sites,
122 struct module *mod) {}
callthunks_translate_call_dest(void * dest)123 static __always_inline void *callthunks_translate_call_dest(void *dest)
124 {
125 return dest;
126 }
x86_call_depth_emit_accounting(u8 ** pprog,void * func)127 static __always_inline int x86_call_depth_emit_accounting(u8 **pprog,
128 void *func)
129 {
130 return 0;
131 }
132 #endif
133
134 #ifdef CONFIG_MITIGATION_ITS
135 extern void its_init_mod(struct module *mod);
136 extern void its_fini_mod(struct module *mod);
137 extern void its_free_mod(struct module *mod);
138 extern u8 *its_static_thunk(int reg);
139 #else /* CONFIG_MITIGATION_ITS */
its_init_mod(struct module * mod)140 static inline void its_init_mod(struct module *mod) { }
its_fini_mod(struct module * mod)141 static inline void its_fini_mod(struct module *mod) { }
its_free_mod(struct module * mod)142 static inline void its_free_mod(struct module *mod) { }
its_static_thunk(int reg)143 static inline u8 *its_static_thunk(int reg)
144 {
145 WARN_ONCE(1, "ITS not compiled in");
146
147 return NULL;
148 }
149 #endif
150
151 #if defined(CONFIG_RETHUNK) && defined(CONFIG_OBJTOOL)
152 extern bool cpu_wants_rethunk(void);
153 extern bool cpu_wants_rethunk_at(void *addr);
154 #else
cpu_wants_rethunk(void)155 static __always_inline bool cpu_wants_rethunk(void)
156 {
157 return false;
158 }
cpu_wants_rethunk_at(void * addr)159 static __always_inline bool cpu_wants_rethunk_at(void *addr)
160 {
161 return false;
162 }
163 #endif
164
165 #ifdef CONFIG_SMP
166 extern void alternatives_smp_module_add(struct module *mod, char *name,
167 void *locks, void *locks_end,
168 void *text, void *text_end);
169 extern void alternatives_smp_module_del(struct module *mod);
170 extern void alternatives_enable_smp(void);
171 extern int alternatives_text_reserved(void *start, void *end);
172 extern bool skip_smp_alternatives;
173 #else
alternatives_smp_module_add(struct module * mod,char * name,void * locks,void * locks_end,void * text,void * text_end)174 static inline void alternatives_smp_module_add(struct module *mod, char *name,
175 void *locks, void *locks_end,
176 void *text, void *text_end) {}
alternatives_smp_module_del(struct module * mod)177 static inline void alternatives_smp_module_del(struct module *mod) {}
alternatives_enable_smp(void)178 static inline void alternatives_enable_smp(void) {}
alternatives_text_reserved(void * start,void * end)179 static inline int alternatives_text_reserved(void *start, void *end)
180 {
181 return 0;
182 }
183 #endif /* CONFIG_SMP */
184
185 #define b_replacement(num) "664"#num
186 #define e_replacement(num) "665"#num
187
188 #define alt_end_marker "663"
189 #define alt_slen "662b-661b"
190 #define alt_total_slen alt_end_marker"b-661b"
191 #define alt_rlen(num) e_replacement(num)"f-"b_replacement(num)"f"
192
193 #define OLDINSTR(oldinstr, num) \
194 "# ALT: oldnstr\n" \
195 "661:\n\t" oldinstr "\n662:\n" \
196 "# ALT: padding\n" \
197 ".skip -(((" alt_rlen(num) ")-(" alt_slen ")) > 0) * " \
198 "((" alt_rlen(num) ")-(" alt_slen ")),0x90\n" \
199 alt_end_marker ":\n"
200
201 /*
202 * gas compatible max based on the idea from:
203 * http://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax
204 *
205 * The additional "-" is needed because gas uses a "true" value of -1.
206 */
207 #define alt_max_short(a, b) "((" a ") ^ (((" a ") ^ (" b ")) & -(-((" a ") < (" b ")))))"
208
209 /*
210 * Pad the second replacement alternative with additional NOPs if it is
211 * additionally longer than the first replacement alternative.
212 */
213 #define OLDINSTR_2(oldinstr, num1, num2) \
214 "# ALT: oldinstr2\n" \
215 "661:\n\t" oldinstr "\n662:\n" \
216 "# ALT: padding2\n" \
217 ".skip -((" alt_max_short(alt_rlen(num1), alt_rlen(num2)) " - (" alt_slen ")) > 0) * " \
218 "(" alt_max_short(alt_rlen(num1), alt_rlen(num2)) " - (" alt_slen ")), 0x90\n" \
219 alt_end_marker ":\n"
220
221 #define OLDINSTR_3(oldinsn, n1, n2, n3) \
222 "# ALT: oldinstr3\n" \
223 "661:\n\t" oldinsn "\n662:\n" \
224 "# ALT: padding3\n" \
225 ".skip -((" alt_max_short(alt_max_short(alt_rlen(n1), alt_rlen(n2)), alt_rlen(n3)) \
226 " - (" alt_slen ")) > 0) * " \
227 "(" alt_max_short(alt_max_short(alt_rlen(n1), alt_rlen(n2)), alt_rlen(n3)) \
228 " - (" alt_slen ")), 0x90\n" \
229 alt_end_marker ":\n"
230
231 #define ALTINSTR_ENTRY(ft_flags, num) \
232 " .long 661b - .\n" /* label */ \
233 " .long " b_replacement(num)"f - .\n" /* new instruction */ \
234 " .4byte " __stringify(ft_flags) "\n" /* feature + flags */ \
235 " .byte " alt_total_slen "\n" /* source len */ \
236 " .byte " alt_rlen(num) "\n" /* replacement len */
237
238 #define ALTINSTR_REPLACEMENT(newinstr, num) /* replacement */ \
239 "# ALT: replacement " #num "\n" \
240 b_replacement(num)":\n\t" newinstr "\n" e_replacement(num) ":\n"
241
242 /* alternative assembly primitive: */
243 #define ALTERNATIVE(oldinstr, newinstr, ft_flags) \
244 OLDINSTR(oldinstr, 1) \
245 ".pushsection .altinstructions,\"a\"\n" \
246 ALTINSTR_ENTRY(ft_flags, 1) \
247 ".popsection\n" \
248 ".pushsection .altinstr_replacement, \"ax\"\n" \
249 ALTINSTR_REPLACEMENT(newinstr, 1) \
250 ".popsection\n"
251
252 #define ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) \
253 OLDINSTR_2(oldinstr, 1, 2) \
254 ".pushsection .altinstructions,\"a\"\n" \
255 ALTINSTR_ENTRY(ft_flags1, 1) \
256 ALTINSTR_ENTRY(ft_flags2, 2) \
257 ".popsection\n" \
258 ".pushsection .altinstr_replacement, \"ax\"\n" \
259 ALTINSTR_REPLACEMENT(newinstr1, 1) \
260 ALTINSTR_REPLACEMENT(newinstr2, 2) \
261 ".popsection\n"
262
263 /* If @feature is set, patch in @newinstr_yes, otherwise @newinstr_no. */
264 #define ALTERNATIVE_TERNARY(oldinstr, ft_flags, newinstr_yes, newinstr_no) \
265 ALTERNATIVE_2(oldinstr, newinstr_no, X86_FEATURE_ALWAYS, \
266 newinstr_yes, ft_flags)
267
268 #define ALTERNATIVE_3(oldinsn, newinsn1, ft_flags1, newinsn2, ft_flags2, \
269 newinsn3, ft_flags3) \
270 OLDINSTR_3(oldinsn, 1, 2, 3) \
271 ".pushsection .altinstructions,\"a\"\n" \
272 ALTINSTR_ENTRY(ft_flags1, 1) \
273 ALTINSTR_ENTRY(ft_flags2, 2) \
274 ALTINSTR_ENTRY(ft_flags3, 3) \
275 ".popsection\n" \
276 ".pushsection .altinstr_replacement, \"ax\"\n" \
277 ALTINSTR_REPLACEMENT(newinsn1, 1) \
278 ALTINSTR_REPLACEMENT(newinsn2, 2) \
279 ALTINSTR_REPLACEMENT(newinsn3, 3) \
280 ".popsection\n"
281
282 /*
283 * Alternative instructions for different CPU types or capabilities.
284 *
285 * This allows to use optimized instructions even on generic binary
286 * kernels.
287 *
288 * length of oldinstr must be longer or equal the length of newinstr
289 * It can be padded with nops as needed.
290 *
291 * For non barrier like inlines please define new variants
292 * without volatile and memory clobber.
293 */
294 #define alternative(oldinstr, newinstr, ft_flags) \
295 asm_inline volatile (ALTERNATIVE(oldinstr, newinstr, ft_flags) : : : "memory")
296
297 #define alternative_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) \
298 asm_inline volatile(ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) ::: "memory")
299
300 #define alternative_ternary(oldinstr, ft_flags, newinstr_yes, newinstr_no) \
301 asm_inline volatile(ALTERNATIVE_TERNARY(oldinstr, ft_flags, newinstr_yes, newinstr_no) ::: "memory")
302
303 /*
304 * Alternative inline assembly with input.
305 *
306 * Peculiarities:
307 * No memory clobber here.
308 * Argument numbers start with 1.
309 * Leaving an unused argument 0 to keep API compatibility.
310 */
311 #define alternative_input(oldinstr, newinstr, ft_flags, input...) \
312 asm_inline volatile (ALTERNATIVE(oldinstr, newinstr, ft_flags) \
313 : : "i" (0), ## input)
314
315 /*
316 * This is similar to alternative_input. But it has two features and
317 * respective instructions.
318 *
319 * If CPU has feature2, newinstr2 is used.
320 * Otherwise, if CPU has feature1, newinstr1 is used.
321 * Otherwise, oldinstr is used.
322 */
323 #define alternative_input_2(oldinstr, newinstr1, ft_flags1, newinstr2, \
324 ft_flags2, input...) \
325 asm_inline volatile(ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, \
326 newinstr2, ft_flags2) \
327 : : "i" (0), ## input)
328
329 /* Like alternative_input, but with a single output argument */
330 #define alternative_io(oldinstr, newinstr, ft_flags, output, input...) \
331 asm_inline volatile (ALTERNATIVE(oldinstr, newinstr, ft_flags) \
332 : output : "i" (0), ## input)
333
334 /* Like alternative_io, but for replacing a direct call with another one. */
335 #define alternative_call(oldfunc, newfunc, ft_flags, output, input...) \
336 asm_inline volatile (ALTERNATIVE("call %c[old]", "call %c[new]", ft_flags) \
337 : output : [old] "i" (oldfunc), [new] "i" (newfunc), ## input)
338
339 /*
340 * Like alternative_call, but there are two features and respective functions.
341 * If CPU has feature2, function2 is used.
342 * Otherwise, if CPU has feature1, function1 is used.
343 * Otherwise, old function is used.
344 */
345 #define alternative_call_2(oldfunc, newfunc1, ft_flags1, newfunc2, ft_flags2, \
346 output, input...) \
347 asm_inline volatile (ALTERNATIVE_2("call %c[old]", "call %c[new1]", ft_flags1, \
348 "call %c[new2]", ft_flags2) \
349 : output, ASM_CALL_CONSTRAINT \
350 : [old] "i" (oldfunc), [new1] "i" (newfunc1), \
351 [new2] "i" (newfunc2), ## input)
352
353 /*
354 * use this macro(s) if you need more than one output parameter
355 * in alternative_io
356 */
357 #define ASM_OUTPUT2(a...) a
358
359 /*
360 * use this macro if you need clobbers but no inputs in
361 * alternative_{input,io,call}()
362 */
363 #define ASM_NO_INPUT_CLOBBER(clbr...) "i" (0) : clbr
364
365 #else /* __ASSEMBLY__ */
366
367 #ifdef CONFIG_SMP
368 .macro LOCK_PREFIX
369 672: lock
370 .pushsection .smp_locks,"a"
371 .balign 4
372 .long 672b - .
373 .popsection
374 .endm
375 #else
376 .macro LOCK_PREFIX
377 .endm
378 #endif
379
380 /*
381 * objtool annotation to ignore the alternatives and only consider the original
382 * instruction(s).
383 */
384 .macro ANNOTATE_IGNORE_ALTERNATIVE
385 .Lannotate_\@:
386 .pushsection .discard.ignore_alts
387 .long .Lannotate_\@
388 .popsection
389 .endm
390
391 /*
392 * Issue one struct alt_instr descriptor entry (need to put it into
393 * the section .altinstructions, see below). This entry contains
394 * enough information for the alternatives patching code to patch an
395 * instruction. See apply_alternatives().
396 */
397 .macro altinstr_entry orig alt ft_flags orig_len alt_len
398 .long \orig - .
399 .long \alt - .
400 .4byte \ft_flags
401 .byte \orig_len
402 .byte \alt_len
403 .endm
404
405 /*
406 * Define an alternative between two instructions. If @feature is
407 * present, early code in apply_alternatives() replaces @oldinstr with
408 * @newinstr. ".skip" directive takes care of proper instruction padding
409 * in case @newinstr is longer than @oldinstr.
410 */
411 .macro ALTERNATIVE oldinstr, newinstr, ft_flags
412 140:
413 \oldinstr
414 141:
415 .skip -(((144f-143f)-(141b-140b)) > 0) * ((144f-143f)-(141b-140b)),0x90
416 142:
417
418 .pushsection .altinstructions,"a"
419 altinstr_entry 140b,143f,\ft_flags,142b-140b,144f-143f
420 .popsection
421
422 .pushsection .altinstr_replacement,"ax"
423 143:
424 \newinstr
425 144:
426 .popsection
427 .endm
428
429 #define old_len 141b-140b
430 #define new_len1 144f-143f
431 #define new_len2 145f-144f
432 #define new_len3 146f-145f
433
434 /*
435 * gas compatible max based on the idea from:
436 * http://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax
437 *
438 * The additional "-" is needed because gas uses a "true" value of -1.
439 */
440 #define alt_max_2(a, b) ((a) ^ (((a) ^ (b)) & -(-((a) < (b)))))
441 #define alt_max_3(a, b, c) (alt_max_2(alt_max_2(a, b), c))
442
443
444 /*
445 * Same as ALTERNATIVE macro above but for two alternatives. If CPU
446 * has @feature1, it replaces @oldinstr with @newinstr1. If CPU has
447 * @feature2, it replaces @oldinstr with @feature2.
448 */
449 .macro ALTERNATIVE_2 oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2
450 140:
451 \oldinstr
452 141:
453 .skip -((alt_max_2(new_len1, new_len2) - (old_len)) > 0) * \
454 (alt_max_2(new_len1, new_len2) - (old_len)),0x90
455 142:
456
457 .pushsection .altinstructions,"a"
458 altinstr_entry 140b,143f,\ft_flags1,142b-140b,144f-143f
459 altinstr_entry 140b,144f,\ft_flags2,142b-140b,145f-144f
460 .popsection
461
462 .pushsection .altinstr_replacement,"ax"
463 143:
464 \newinstr1
465 144:
466 \newinstr2
467 145:
468 .popsection
469 .endm
470
471 .macro ALTERNATIVE_3 oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2, newinstr3, ft_flags3
472 140:
473 \oldinstr
474 141:
475 .skip -((alt_max_3(new_len1, new_len2, new_len3) - (old_len)) > 0) * \
476 (alt_max_3(new_len1, new_len2, new_len3) - (old_len)),0x90
477 142:
478
479 .pushsection .altinstructions,"a"
480 altinstr_entry 140b,143f,\ft_flags1,142b-140b,144f-143f
481 altinstr_entry 140b,144f,\ft_flags2,142b-140b,145f-144f
482 altinstr_entry 140b,145f,\ft_flags3,142b-140b,146f-145f
483 .popsection
484
485 .pushsection .altinstr_replacement,"ax"
486 143:
487 \newinstr1
488 144:
489 \newinstr2
490 145:
491 \newinstr3
492 146:
493 .popsection
494 .endm
495
496 /* If @feature is set, patch in @newinstr_yes, otherwise @newinstr_no. */
497 #define ALTERNATIVE_TERNARY(oldinstr, ft_flags, newinstr_yes, newinstr_no) \
498 ALTERNATIVE_2 oldinstr, newinstr_no, X86_FEATURE_ALWAYS, \
499 newinstr_yes, ft_flags
500
501 #endif /* __ASSEMBLY__ */
502
503 #endif /* _ASM_X86_ALTERNATIVE_H */
504