1 /* 2 * Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 */ 8 9 #ifndef __ASM_CPUFEATURE_H 10 #define __ASM_CPUFEATURE_H 11 12 #include <asm/cpucaps.h> 13 #include <asm/cputype.h> 14 #include <asm/hwcap.h> 15 #include <asm/sysreg.h> 16 17 /* 18 * In the arm64 world (as in the ARM world), elf_hwcap is used both internally 19 * in the kernel and for user space to keep track of which optional features 20 * are supported by the current system. So let's map feature 'x' to HWCAP_x. 21 * Note that HWCAP_x constants are bit fields so we need to take the log. 22 */ 23 24 #define MAX_CPU_FEATURES (8 * sizeof(elf_hwcap)) 25 #define cpu_feature(x) ilog2(HWCAP_ ## x) 26 27 #ifndef __ASSEMBLY__ 28 29 #include <linux/bug.h> 30 #include <linux/jump_label.h> 31 #include <linux/kernel.h> 32 33 /* 34 * CPU feature register tracking 35 * 36 * The safe value of a CPUID feature field is dependent on the implications 37 * of the values assigned to it by the architecture. Based on the relationship 38 * between the values, the features are classified into 3 types - LOWER_SAFE, 39 * HIGHER_SAFE and EXACT. 40 * 41 * The lowest value of all the CPUs is chosen for LOWER_SAFE and highest 42 * for HIGHER_SAFE. It is expected that all CPUs have the same value for 43 * a field when EXACT is specified, failing which, the safe value specified 44 * in the table is chosen. 45 */ 46 47 enum ftr_type { 48 FTR_EXACT, /* Use a predefined safe value */ 49 FTR_LOWER_SAFE, /* Smaller value is safe */ 50 FTR_HIGHER_SAFE,/* Bigger value is safe */ 51 }; 52 53 #define FTR_STRICT true /* SANITY check strict matching required */ 54 #define FTR_NONSTRICT false /* SANITY check ignored */ 55 56 #define FTR_SIGNED true /* Value should be treated as signed */ 57 #define FTR_UNSIGNED false /* Value should be treated as unsigned */ 58 59 #define FTR_VISIBLE true /* Feature visible to the user space */ 60 #define FTR_HIDDEN false /* Feature is hidden from the user */ 61 62 #define FTR_VISIBLE_IF_IS_ENABLED(config) \ 63 (IS_ENABLED(config) ? FTR_VISIBLE : FTR_HIDDEN) 64 65 struct arm64_ftr_bits { 66 bool sign; /* Value is signed ? */ 67 bool visible; 68 bool strict; /* CPU Sanity check: strict matching required ? */ 69 enum ftr_type type; 70 u8 shift; 71 u8 width; 72 s64 safe_val; /* safe value for FTR_EXACT features */ 73 }; 74 75 /* 76 * @arm64_ftr_reg - Feature register 77 * @strict_mask Bits which should match across all CPUs for sanity. 78 * @sys_val Safe value across the CPUs (system view) 79 */ 80 struct arm64_ftr_reg { 81 const char *name; 82 u64 strict_mask; 83 u64 user_mask; 84 u64 sys_val; 85 u64 user_val; 86 const struct arm64_ftr_bits *ftr_bits; 87 }; 88 89 extern struct arm64_ftr_reg arm64_ftr_reg_ctrel0; 90 91 /* 92 * CPU capabilities: 93 * 94 * We use arm64_cpu_capabilities to represent system features, errata work 95 * arounds (both used internally by kernel and tracked in cpu_hwcaps) and 96 * ELF HWCAPs (which are exposed to user). 97 * 98 * To support systems with heterogeneous CPUs, we need to make sure that we 99 * detect the capabilities correctly on the system and take appropriate 100 * measures to ensure there are no incompatibilities. 101 * 102 * This comment tries to explain how we treat the capabilities. 103 * Each capability has the following list of attributes : 104 * 105 * 1) Scope of Detection : The system detects a given capability by 106 * performing some checks at runtime. This could be, e.g, checking the 107 * value of a field in CPU ID feature register or checking the cpu 108 * model. The capability provides a call back ( @matches() ) to 109 * perform the check. Scope defines how the checks should be performed. 110 * There are three cases: 111 * 112 * a) SCOPE_LOCAL_CPU: check all the CPUs and "detect" if at least one 113 * matches. This implies, we have to run the check on all the 114 * booting CPUs, until the system decides that state of the 115 * capability is finalised. (See section 2 below) 116 * Or 117 * b) SCOPE_SYSTEM: check all the CPUs and "detect" if all the CPUs 118 * matches. This implies, we run the check only once, when the 119 * system decides to finalise the state of the capability. If the 120 * capability relies on a field in one of the CPU ID feature 121 * registers, we use the sanitised value of the register from the 122 * CPU feature infrastructure to make the decision. 123 * Or 124 * c) SCOPE_BOOT_CPU: Check only on the primary boot CPU to detect the 125 * feature. This category is for features that are "finalised" 126 * (or used) by the kernel very early even before the SMP cpus 127 * are brought up. 128 * 129 * The process of detection is usually denoted by "update" capability 130 * state in the code. 131 * 132 * 2) Finalise the state : The kernel should finalise the state of a 133 * capability at some point during its execution and take necessary 134 * actions if any. Usually, this is done, after all the boot-time 135 * enabled CPUs are brought up by the kernel, so that it can make 136 * better decision based on the available set of CPUs. However, there 137 * are some special cases, where the action is taken during the early 138 * boot by the primary boot CPU. (e.g, running the kernel at EL2 with 139 * Virtualisation Host Extensions). The kernel usually disallows any 140 * changes to the state of a capability once it finalises the capability 141 * and takes any action, as it may be impossible to execute the actions 142 * safely. A CPU brought up after a capability is "finalised" is 143 * referred to as "Late CPU" w.r.t the capability. e.g, all secondary 144 * CPUs are treated "late CPUs" for capabilities determined by the boot 145 * CPU. 146 * 147 * At the moment there are two passes of finalising the capabilities. 148 * a) Boot CPU scope capabilities - Finalised by primary boot CPU via 149 * setup_boot_cpu_capabilities(). 150 * b) Everything except (a) - Run via setup_system_capabilities(). 151 * 152 * 3) Verification: When a CPU is brought online (e.g, by user or by the 153 * kernel), the kernel should make sure that it is safe to use the CPU, 154 * by verifying that the CPU is compliant with the state of the 155 * capabilities finalised already. This happens via : 156 * 157 * secondary_start_kernel()-> check_local_cpu_capabilities() 158 * 159 * As explained in (2) above, capabilities could be finalised at 160 * different points in the execution. Each newly booted CPU is verified 161 * against the capabilities that have been finalised by the time it 162 * boots. 163 * 164 * a) SCOPE_BOOT_CPU : All CPUs are verified against the capability 165 * except for the primary boot CPU. 166 * 167 * b) SCOPE_LOCAL_CPU, SCOPE_SYSTEM: All CPUs hotplugged on by the 168 * user after the kernel boot are verified against the capability. 169 * 170 * If there is a conflict, the kernel takes an action, based on the 171 * severity (e.g, a CPU could be prevented from booting or cause a 172 * kernel panic). The CPU is allowed to "affect" the state of the 173 * capability, if it has not been finalised already. See section 5 174 * for more details on conflicts. 175 * 176 * 4) Action: As mentioned in (2), the kernel can take an action for each 177 * detected capability, on all CPUs on the system. Appropriate actions 178 * include, turning on an architectural feature, modifying the control 179 * registers (e.g, SCTLR, TCR etc.) or patching the kernel via 180 * alternatives. The kernel patching is batched and performed at later 181 * point. The actions are always initiated only after the capability 182 * is finalised. This is usally denoted by "enabling" the capability. 183 * The actions are initiated as follows : 184 * a) Action is triggered on all online CPUs, after the capability is 185 * finalised, invoked within the stop_machine() context from 186 * enable_cpu_capabilitie(). 187 * 188 * b) Any late CPU, brought up after (1), the action is triggered via: 189 * 190 * check_local_cpu_capabilities() -> verify_local_cpu_capabilities() 191 * 192 * 5) Conflicts: Based on the state of the capability on a late CPU vs. 193 * the system state, we could have the following combinations : 194 * 195 * x-----------------------------x 196 * | Type | System | Late CPU | 197 * |-----------------------------| 198 * | a | y | n | 199 * |-----------------------------| 200 * | b | n | y | 201 * x-----------------------------x 202 * 203 * Two separate flag bits are defined to indicate whether each kind of 204 * conflict can be allowed: 205 * ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU - Case(a) is allowed 206 * ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU - Case(b) is allowed 207 * 208 * Case (a) is not permitted for a capability that the system requires 209 * all CPUs to have in order for the capability to be enabled. This is 210 * typical for capabilities that represent enhanced functionality. 211 * 212 * Case (b) is not permitted for a capability that must be enabled 213 * during boot if any CPU in the system requires it in order to run 214 * safely. This is typical for erratum work arounds that cannot be 215 * enabled after the corresponding capability is finalised. 216 * 217 * In some non-typical cases either both (a) and (b), or neither, 218 * should be permitted. This can be described by including neither 219 * or both flags in the capability's type field. 220 */ 221 222 223 /* 224 * Decide how the capability is detected. 225 * On any local CPU vs System wide vs the primary boot CPU 226 */ 227 #define ARM64_CPUCAP_SCOPE_LOCAL_CPU ((u16)BIT(0)) 228 #define ARM64_CPUCAP_SCOPE_SYSTEM ((u16)BIT(1)) 229 /* 230 * The capabilitiy is detected on the Boot CPU and is used by kernel 231 * during early boot. i.e, the capability should be "detected" and 232 * "enabled" as early as possibly on all booting CPUs. 233 */ 234 #define ARM64_CPUCAP_SCOPE_BOOT_CPU ((u16)BIT(2)) 235 #define ARM64_CPUCAP_SCOPE_MASK \ 236 (ARM64_CPUCAP_SCOPE_SYSTEM | \ 237 ARM64_CPUCAP_SCOPE_LOCAL_CPU | \ 238 ARM64_CPUCAP_SCOPE_BOOT_CPU) 239 240 #define SCOPE_SYSTEM ARM64_CPUCAP_SCOPE_SYSTEM 241 #define SCOPE_LOCAL_CPU ARM64_CPUCAP_SCOPE_LOCAL_CPU 242 #define SCOPE_BOOT_CPU ARM64_CPUCAP_SCOPE_BOOT_CPU 243 #define SCOPE_ALL ARM64_CPUCAP_SCOPE_MASK 244 245 /* 246 * Is it permitted for a late CPU to have this capability when system 247 * hasn't already enabled it ? 248 */ 249 #define ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU ((u16)BIT(4)) 250 /* Is it safe for a late CPU to miss this capability when system has it */ 251 #define ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU ((u16)BIT(5)) 252 253 /* 254 * CPU errata workarounds that need to be enabled at boot time if one or 255 * more CPUs in the system requires it. When one of these capabilities 256 * has been enabled, it is safe to allow any CPU to boot that doesn't 257 * require the workaround. However, it is not safe if a "late" CPU 258 * requires a workaround and the system hasn't enabled it already. 259 */ 260 #define ARM64_CPUCAP_LOCAL_CPU_ERRATUM \ 261 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU) 262 /* 263 * CPU feature detected at boot time based on system-wide value of a 264 * feature. It is safe for a late CPU to have this feature even though 265 * the system hasn't enabled it, although the feature will not be used 266 * by Linux in this case. If the system has enabled this feature already, 267 * then every late CPU must have it. 268 */ 269 #define ARM64_CPUCAP_SYSTEM_FEATURE \ 270 (ARM64_CPUCAP_SCOPE_SYSTEM | ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU) 271 /* 272 * CPU feature detected at boot time based on feature of one or more CPUs. 273 * All possible conflicts for a late CPU are ignored. 274 */ 275 #define ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE \ 276 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | \ 277 ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU | \ 278 ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU) 279 280 /* 281 * CPU feature detected at boot time, on one or more CPUs. A late CPU 282 * is not allowed to have the capability when the system doesn't have it. 283 * It is Ok for a late CPU to miss the feature. 284 */ 285 #define ARM64_CPUCAP_BOOT_RESTRICTED_CPU_LOCAL_FEATURE \ 286 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | \ 287 ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU) 288 289 /* 290 * CPU feature used early in the boot based on the boot CPU. All secondary 291 * CPUs must match the state of the capability as detected by the boot CPU. 292 */ 293 #define ARM64_CPUCAP_STRICT_BOOT_CPU_FEATURE ARM64_CPUCAP_SCOPE_BOOT_CPU 294 295 struct arm64_cpu_capabilities { 296 const char *desc; 297 u16 capability; 298 u16 type; 299 bool (*matches)(const struct arm64_cpu_capabilities *caps, int scope); 300 /* 301 * Take the appropriate actions to enable this capability for this CPU. 302 * For each successfully booted CPU, this method is called for each 303 * globally detected capability. 304 */ 305 void (*cpu_enable)(const struct arm64_cpu_capabilities *cap); 306 union { 307 struct { /* To be used for erratum handling only */ 308 struct midr_range midr_range; 309 const struct arm64_midr_revidr { 310 u32 midr_rv; /* revision/variant */ 311 u32 revidr_mask; 312 } * const fixed_revs; 313 }; 314 315 const struct midr_range *midr_range_list; 316 struct { /* Feature register checking */ 317 u32 sys_reg; 318 u8 field_pos; 319 u8 min_field_value; 320 u8 hwcap_type; 321 bool sign; 322 unsigned long hwcap; 323 }; 324 /* 325 * A list of "matches/cpu_enable" pair for the same 326 * "capability" of the same "type" as described by the parent. 327 * Only matches(), cpu_enable() and fields relevant to these 328 * methods are significant in the list. The cpu_enable is 329 * invoked only if the corresponding entry "matches()". 330 * However, if a cpu_enable() method is associated 331 * with multiple matches(), care should be taken that either 332 * the match criteria are mutually exclusive, or that the 333 * method is robust against being called multiple times. 334 */ 335 const struct arm64_cpu_capabilities *match_list; 336 }; 337 }; 338 339 static inline int cpucap_default_scope(const struct arm64_cpu_capabilities *cap) 340 { 341 return cap->type & ARM64_CPUCAP_SCOPE_MASK; 342 } 343 344 static inline bool 345 cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) 346 { 347 return !!(cap->type & ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU); 348 } 349 350 static inline bool 351 cpucap_late_cpu_permitted(const struct arm64_cpu_capabilities *cap) 352 { 353 return !!(cap->type & ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU); 354 } 355 356 extern DECLARE_BITMAP(cpu_hwcaps, ARM64_NCAPS); 357 extern struct static_key_false cpu_hwcap_keys[ARM64_NCAPS]; 358 extern struct static_key_false arm64_const_caps_ready; 359 360 bool this_cpu_has_cap(unsigned int cap); 361 362 static inline bool cpu_have_feature(unsigned int num) 363 { 364 return elf_hwcap & (1UL << num); 365 } 366 367 /* System capability check for constant caps */ 368 static inline bool __cpus_have_const_cap(int num) 369 { 370 if (num >= ARM64_NCAPS) 371 return false; 372 return static_branch_unlikely(&cpu_hwcap_keys[num]); 373 } 374 375 static inline bool cpus_have_cap(unsigned int num) 376 { 377 if (num >= ARM64_NCAPS) 378 return false; 379 return test_bit(num, cpu_hwcaps); 380 } 381 382 static inline bool cpus_have_const_cap(int num) 383 { 384 if (static_branch_likely(&arm64_const_caps_ready)) 385 return __cpus_have_const_cap(num); 386 else 387 return cpus_have_cap(num); 388 } 389 390 static inline void cpus_set_cap(unsigned int num) 391 { 392 if (num >= ARM64_NCAPS) { 393 pr_warn("Attempt to set an illegal CPU capability (%d >= %d)\n", 394 num, ARM64_NCAPS); 395 } else { 396 __set_bit(num, cpu_hwcaps); 397 } 398 } 399 400 static inline int __attribute_const__ 401 cpuid_feature_extract_signed_field_width(u64 features, int field, int width) 402 { 403 return (s64)(features << (64 - width - field)) >> (64 - width); 404 } 405 406 static inline int __attribute_const__ 407 cpuid_feature_extract_signed_field(u64 features, int field) 408 { 409 return cpuid_feature_extract_signed_field_width(features, field, 4); 410 } 411 412 static inline unsigned int __attribute_const__ 413 cpuid_feature_extract_unsigned_field_width(u64 features, int field, int width) 414 { 415 return (u64)(features << (64 - width - field)) >> (64 - width); 416 } 417 418 static inline unsigned int __attribute_const__ 419 cpuid_feature_extract_unsigned_field(u64 features, int field) 420 { 421 return cpuid_feature_extract_unsigned_field_width(features, field, 4); 422 } 423 424 static inline u64 arm64_ftr_mask(const struct arm64_ftr_bits *ftrp) 425 { 426 return (u64)GENMASK(ftrp->shift + ftrp->width - 1, ftrp->shift); 427 } 428 429 static inline u64 arm64_ftr_reg_user_value(const struct arm64_ftr_reg *reg) 430 { 431 return (reg->user_val | (reg->sys_val & reg->user_mask)); 432 } 433 434 static inline int __attribute_const__ 435 cpuid_feature_extract_field_width(u64 features, int field, int width, bool sign) 436 { 437 return (sign) ? 438 cpuid_feature_extract_signed_field_width(features, field, width) : 439 cpuid_feature_extract_unsigned_field_width(features, field, width); 440 } 441 442 static inline int __attribute_const__ 443 cpuid_feature_extract_field(u64 features, int field, bool sign) 444 { 445 return cpuid_feature_extract_field_width(features, field, 4, sign); 446 } 447 448 static inline s64 arm64_ftr_value(const struct arm64_ftr_bits *ftrp, u64 val) 449 { 450 return (s64)cpuid_feature_extract_field_width(val, ftrp->shift, ftrp->width, ftrp->sign); 451 } 452 453 static inline bool id_aa64mmfr0_mixed_endian_el0(u64 mmfr0) 454 { 455 return cpuid_feature_extract_unsigned_field(mmfr0, ID_AA64MMFR0_BIGENDEL_SHIFT) == 0x1 || 456 cpuid_feature_extract_unsigned_field(mmfr0, ID_AA64MMFR0_BIGENDEL0_SHIFT) == 0x1; 457 } 458 459 static inline bool id_aa64pfr0_32bit_el0(u64 pfr0) 460 { 461 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL0_SHIFT); 462 463 return val == ID_AA64PFR0_EL0_32BIT_64BIT; 464 } 465 466 static inline bool id_aa64pfr0_sve(u64 pfr0) 467 { 468 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_SVE_SHIFT); 469 470 return val > 0; 471 } 472 473 void __init setup_cpu_features(void); 474 void check_local_cpu_capabilities(void); 475 476 477 u64 read_sanitised_ftr_reg(u32 id); 478 479 static inline bool cpu_supports_mixed_endian_el0(void) 480 { 481 return id_aa64mmfr0_mixed_endian_el0(read_cpuid(ID_AA64MMFR0_EL1)); 482 } 483 484 static inline bool system_supports_32bit_el0(void) 485 { 486 return cpus_have_const_cap(ARM64_HAS_32BIT_EL0); 487 } 488 489 static inline bool system_supports_mixed_endian_el0(void) 490 { 491 return id_aa64mmfr0_mixed_endian_el0(read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1)); 492 } 493 494 static inline bool system_supports_fpsimd(void) 495 { 496 return !cpus_have_const_cap(ARM64_HAS_NO_FPSIMD); 497 } 498 499 static inline bool system_uses_ttbr0_pan(void) 500 { 501 return IS_ENABLED(CONFIG_ARM64_SW_TTBR0_PAN) && 502 !cpus_have_const_cap(ARM64_HAS_PAN); 503 } 504 505 static inline bool system_supports_sve(void) 506 { 507 return IS_ENABLED(CONFIG_ARM64_SVE) && 508 cpus_have_const_cap(ARM64_SVE); 509 } 510 511 static inline bool system_supports_cnp(void) 512 { 513 return IS_ENABLED(CONFIG_ARM64_CNP) && 514 cpus_have_const_cap(ARM64_HAS_CNP); 515 } 516 517 #define ARM64_SSBD_UNKNOWN -1 518 #define ARM64_SSBD_FORCE_DISABLE 0 519 #define ARM64_SSBD_KERNEL 1 520 #define ARM64_SSBD_FORCE_ENABLE 2 521 #define ARM64_SSBD_MITIGATED 3 522 523 static inline int arm64_get_ssbd_state(void) 524 { 525 #ifdef CONFIG_ARM64_SSBD 526 extern int ssbd_state; 527 return ssbd_state; 528 #else 529 return ARM64_SSBD_UNKNOWN; 530 #endif 531 } 532 533 #ifdef CONFIG_ARM64_SSBD 534 void arm64_set_ssbd_mitigation(bool state); 535 #else 536 static inline void arm64_set_ssbd_mitigation(bool state) {} 537 #endif 538 539 extern int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); 540 541 static inline u32 id_aa64mmfr0_parange_to_phys_shift(int parange) 542 { 543 switch (parange) { 544 case 0: return 32; 545 case 1: return 36; 546 case 2: return 40; 547 case 3: return 42; 548 case 4: return 44; 549 case 5: return 48; 550 case 6: return 52; 551 /* 552 * A future PE could use a value unknown to the kernel. 553 * However, by the "D10.1.4 Principles of the ID scheme 554 * for fields in ID registers", ARM DDI 0487C.a, any new 555 * value is guaranteed to be higher than what we know already. 556 * As a safe limit, we return the limit supported by the kernel. 557 */ 558 default: return CONFIG_ARM64_PA_BITS; 559 } 560 } 561 #endif /* __ASSEMBLY__ */ 562 563 #endif 564