1 /* 2 * Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 */ 8 9 #ifndef __ASM_CPUFEATURE_H 10 #define __ASM_CPUFEATURE_H 11 12 #include <asm/cpucaps.h> 13 #include <asm/cputype.h> 14 #include <asm/fpsimd.h> 15 #include <asm/hwcap.h> 16 #include <asm/sigcontext.h> 17 #include <asm/sysreg.h> 18 19 /* 20 * In the arm64 world (as in the ARM world), elf_hwcap is used both internally 21 * in the kernel and for user space to keep track of which optional features 22 * are supported by the current system. So let's map feature 'x' to HWCAP_x. 23 * Note that HWCAP_x constants are bit fields so we need to take the log. 24 */ 25 26 #define MAX_CPU_FEATURES (8 * sizeof(elf_hwcap)) 27 #define cpu_feature(x) ilog2(HWCAP_ ## x) 28 29 #ifndef __ASSEMBLY__ 30 31 #include <linux/bug.h> 32 #include <linux/jump_label.h> 33 #include <linux/kernel.h> 34 35 /* 36 * CPU feature register tracking 37 * 38 * The safe value of a CPUID feature field is dependent on the implications 39 * of the values assigned to it by the architecture. Based on the relationship 40 * between the values, the features are classified into 3 types - LOWER_SAFE, 41 * HIGHER_SAFE and EXACT. 42 * 43 * The lowest value of all the CPUs is chosen for LOWER_SAFE and highest 44 * for HIGHER_SAFE. It is expected that all CPUs have the same value for 45 * a field when EXACT is specified, failing which, the safe value specified 46 * in the table is chosen. 47 */ 48 49 enum ftr_type { 50 FTR_EXACT, /* Use a predefined safe value */ 51 FTR_LOWER_SAFE, /* Smaller value is safe */ 52 FTR_HIGHER_SAFE,/* Bigger value is safe */ 53 }; 54 55 #define FTR_STRICT true /* SANITY check strict matching required */ 56 #define FTR_NONSTRICT false /* SANITY check ignored */ 57 58 #define FTR_SIGNED true /* Value should be treated as signed */ 59 #define FTR_UNSIGNED false /* Value should be treated as unsigned */ 60 61 #define FTR_VISIBLE true /* Feature visible to the user space */ 62 #define FTR_HIDDEN false /* Feature is hidden from the user */ 63 64 #define FTR_VISIBLE_IF_IS_ENABLED(config) \ 65 (IS_ENABLED(config) ? FTR_VISIBLE : FTR_HIDDEN) 66 67 struct arm64_ftr_bits { 68 bool sign; /* Value is signed ? */ 69 bool visible; 70 bool strict; /* CPU Sanity check: strict matching required ? */ 71 enum ftr_type type; 72 u8 shift; 73 u8 width; 74 s64 safe_val; /* safe value for FTR_EXACT features */ 75 }; 76 77 /* 78 * @arm64_ftr_reg - Feature register 79 * @strict_mask Bits which should match across all CPUs for sanity. 80 * @sys_val Safe value across the CPUs (system view) 81 */ 82 struct arm64_ftr_reg { 83 const char *name; 84 u64 strict_mask; 85 u64 user_mask; 86 u64 sys_val; 87 u64 user_val; 88 const struct arm64_ftr_bits *ftr_bits; 89 }; 90 91 extern struct arm64_ftr_reg arm64_ftr_reg_ctrel0; 92 93 /* 94 * CPU capabilities: 95 * 96 * We use arm64_cpu_capabilities to represent system features, errata work 97 * arounds (both used internally by kernel and tracked in cpu_hwcaps) and 98 * ELF HWCAPs (which are exposed to user). 99 * 100 * To support systems with heterogeneous CPUs, we need to make sure that we 101 * detect the capabilities correctly on the system and take appropriate 102 * measures to ensure there are no incompatibilities. 103 * 104 * This comment tries to explain how we treat the capabilities. 105 * Each capability has the following list of attributes : 106 * 107 * 1) Scope of Detection : The system detects a given capability by 108 * performing some checks at runtime. This could be, e.g, checking the 109 * value of a field in CPU ID feature register or checking the cpu 110 * model. The capability provides a call back ( @matches() ) to 111 * perform the check. Scope defines how the checks should be performed. 112 * There are three cases: 113 * 114 * a) SCOPE_LOCAL_CPU: check all the CPUs and "detect" if at least one 115 * matches. This implies, we have to run the check on all the 116 * booting CPUs, until the system decides that state of the 117 * capability is finalised. (See section 2 below) 118 * Or 119 * b) SCOPE_SYSTEM: check all the CPUs and "detect" if all the CPUs 120 * matches. This implies, we run the check only once, when the 121 * system decides to finalise the state of the capability. If the 122 * capability relies on a field in one of the CPU ID feature 123 * registers, we use the sanitised value of the register from the 124 * CPU feature infrastructure to make the decision. 125 * Or 126 * c) SCOPE_BOOT_CPU: Check only on the primary boot CPU to detect the 127 * feature. This category is for features that are "finalised" 128 * (or used) by the kernel very early even before the SMP cpus 129 * are brought up. 130 * 131 * The process of detection is usually denoted by "update" capability 132 * state in the code. 133 * 134 * 2) Finalise the state : The kernel should finalise the state of a 135 * capability at some point during its execution and take necessary 136 * actions if any. Usually, this is done, after all the boot-time 137 * enabled CPUs are brought up by the kernel, so that it can make 138 * better decision based on the available set of CPUs. However, there 139 * are some special cases, where the action is taken during the early 140 * boot by the primary boot CPU. (e.g, running the kernel at EL2 with 141 * Virtualisation Host Extensions). The kernel usually disallows any 142 * changes to the state of a capability once it finalises the capability 143 * and takes any action, as it may be impossible to execute the actions 144 * safely. A CPU brought up after a capability is "finalised" is 145 * referred to as "Late CPU" w.r.t the capability. e.g, all secondary 146 * CPUs are treated "late CPUs" for capabilities determined by the boot 147 * CPU. 148 * 149 * At the moment there are two passes of finalising the capabilities. 150 * a) Boot CPU scope capabilities - Finalised by primary boot CPU via 151 * setup_boot_cpu_capabilities(). 152 * b) Everything except (a) - Run via setup_system_capabilities(). 153 * 154 * 3) Verification: When a CPU is brought online (e.g, by user or by the 155 * kernel), the kernel should make sure that it is safe to use the CPU, 156 * by verifying that the CPU is compliant with the state of the 157 * capabilities finalised already. This happens via : 158 * 159 * secondary_start_kernel()-> check_local_cpu_capabilities() 160 * 161 * As explained in (2) above, capabilities could be finalised at 162 * different points in the execution. Each newly booted CPU is verified 163 * against the capabilities that have been finalised by the time it 164 * boots. 165 * 166 * a) SCOPE_BOOT_CPU : All CPUs are verified against the capability 167 * except for the primary boot CPU. 168 * 169 * b) SCOPE_LOCAL_CPU, SCOPE_SYSTEM: All CPUs hotplugged on by the 170 * user after the kernel boot are verified against the capability. 171 * 172 * If there is a conflict, the kernel takes an action, based on the 173 * severity (e.g, a CPU could be prevented from booting or cause a 174 * kernel panic). The CPU is allowed to "affect" the state of the 175 * capability, if it has not been finalised already. See section 5 176 * for more details on conflicts. 177 * 178 * 4) Action: As mentioned in (2), the kernel can take an action for each 179 * detected capability, on all CPUs on the system. Appropriate actions 180 * include, turning on an architectural feature, modifying the control 181 * registers (e.g, SCTLR, TCR etc.) or patching the kernel via 182 * alternatives. The kernel patching is batched and performed at later 183 * point. The actions are always initiated only after the capability 184 * is finalised. This is usally denoted by "enabling" the capability. 185 * The actions are initiated as follows : 186 * a) Action is triggered on all online CPUs, after the capability is 187 * finalised, invoked within the stop_machine() context from 188 * enable_cpu_capabilitie(). 189 * 190 * b) Any late CPU, brought up after (1), the action is triggered via: 191 * 192 * check_local_cpu_capabilities() -> verify_local_cpu_capabilities() 193 * 194 * 5) Conflicts: Based on the state of the capability on a late CPU vs. 195 * the system state, we could have the following combinations : 196 * 197 * x-----------------------------x 198 * | Type | System | Late CPU | 199 * |-----------------------------| 200 * | a | y | n | 201 * |-----------------------------| 202 * | b | n | y | 203 * x-----------------------------x 204 * 205 * Two separate flag bits are defined to indicate whether each kind of 206 * conflict can be allowed: 207 * ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU - Case(a) is allowed 208 * ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU - Case(b) is allowed 209 * 210 * Case (a) is not permitted for a capability that the system requires 211 * all CPUs to have in order for the capability to be enabled. This is 212 * typical for capabilities that represent enhanced functionality. 213 * 214 * Case (b) is not permitted for a capability that must be enabled 215 * during boot if any CPU in the system requires it in order to run 216 * safely. This is typical for erratum work arounds that cannot be 217 * enabled after the corresponding capability is finalised. 218 * 219 * In some non-typical cases either both (a) and (b), or neither, 220 * should be permitted. This can be described by including neither 221 * or both flags in the capability's type field. 222 */ 223 224 225 /* 226 * Decide how the capability is detected. 227 * On any local CPU vs System wide vs the primary boot CPU 228 */ 229 #define ARM64_CPUCAP_SCOPE_LOCAL_CPU ((u16)BIT(0)) 230 #define ARM64_CPUCAP_SCOPE_SYSTEM ((u16)BIT(1)) 231 /* 232 * The capabilitiy is detected on the Boot CPU and is used by kernel 233 * during early boot. i.e, the capability should be "detected" and 234 * "enabled" as early as possibly on all booting CPUs. 235 */ 236 #define ARM64_CPUCAP_SCOPE_BOOT_CPU ((u16)BIT(2)) 237 #define ARM64_CPUCAP_SCOPE_MASK \ 238 (ARM64_CPUCAP_SCOPE_SYSTEM | \ 239 ARM64_CPUCAP_SCOPE_LOCAL_CPU | \ 240 ARM64_CPUCAP_SCOPE_BOOT_CPU) 241 242 #define SCOPE_SYSTEM ARM64_CPUCAP_SCOPE_SYSTEM 243 #define SCOPE_LOCAL_CPU ARM64_CPUCAP_SCOPE_LOCAL_CPU 244 #define SCOPE_BOOT_CPU ARM64_CPUCAP_SCOPE_BOOT_CPU 245 #define SCOPE_ALL ARM64_CPUCAP_SCOPE_MASK 246 247 /* 248 * Is it permitted for a late CPU to have this capability when system 249 * hasn't already enabled it ? 250 */ 251 #define ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU ((u16)BIT(4)) 252 /* Is it safe for a late CPU to miss this capability when system has it */ 253 #define ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU ((u16)BIT(5)) 254 255 /* 256 * CPU errata workarounds that need to be enabled at boot time if one or 257 * more CPUs in the system requires it. When one of these capabilities 258 * has been enabled, it is safe to allow any CPU to boot that doesn't 259 * require the workaround. However, it is not safe if a "late" CPU 260 * requires a workaround and the system hasn't enabled it already. 261 */ 262 #define ARM64_CPUCAP_LOCAL_CPU_ERRATUM \ 263 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU) 264 /* 265 * CPU feature detected at boot time based on system-wide value of a 266 * feature. It is safe for a late CPU to have this feature even though 267 * the system hasn't enabled it, although the featuer will not be used 268 * by Linux in this case. If the system has enabled this feature already, 269 * then every late CPU must have it. 270 */ 271 #define ARM64_CPUCAP_SYSTEM_FEATURE \ 272 (ARM64_CPUCAP_SCOPE_SYSTEM | ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU) 273 /* 274 * CPU feature detected at boot time based on feature of one or more CPUs. 275 * All possible conflicts for a late CPU are ignored. 276 */ 277 #define ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE \ 278 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | \ 279 ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU | \ 280 ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU) 281 282 /* 283 * CPU feature detected at boot time, on one or more CPUs. A late CPU 284 * is not allowed to have the capability when the system doesn't have it. 285 * It is Ok for a late CPU to miss the feature. 286 */ 287 #define ARM64_CPUCAP_BOOT_RESTRICTED_CPU_LOCAL_FEATURE \ 288 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | \ 289 ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU) 290 291 /* 292 * CPU feature used early in the boot based on the boot CPU. All secondary 293 * CPUs must match the state of the capability as detected by the boot CPU. 294 */ 295 #define ARM64_CPUCAP_STRICT_BOOT_CPU_FEATURE ARM64_CPUCAP_SCOPE_BOOT_CPU 296 297 struct arm64_cpu_capabilities { 298 const char *desc; 299 u16 capability; 300 u16 type; 301 bool (*matches)(const struct arm64_cpu_capabilities *caps, int scope); 302 /* 303 * Take the appropriate actions to enable this capability for this CPU. 304 * For each successfully booted CPU, this method is called for each 305 * globally detected capability. 306 */ 307 void (*cpu_enable)(const struct arm64_cpu_capabilities *cap); 308 union { 309 struct { /* To be used for erratum handling only */ 310 struct midr_range midr_range; 311 const struct arm64_midr_revidr { 312 u32 midr_rv; /* revision/variant */ 313 u32 revidr_mask; 314 } * const fixed_revs; 315 }; 316 317 const struct midr_range *midr_range_list; 318 struct { /* Feature register checking */ 319 u32 sys_reg; 320 u8 field_pos; 321 u8 min_field_value; 322 u8 hwcap_type; 323 bool sign; 324 unsigned long hwcap; 325 }; 326 /* 327 * A list of "matches/cpu_enable" pair for the same 328 * "capability" of the same "type" as described by the parent. 329 * Only matches(), cpu_enable() and fields relevant to these 330 * methods are significant in the list. The cpu_enable is 331 * invoked only if the corresponding entry "matches()". 332 * However, if a cpu_enable() method is associated 333 * with multiple matches(), care should be taken that either 334 * the match criteria are mutually exclusive, or that the 335 * method is robust against being called multiple times. 336 */ 337 const struct arm64_cpu_capabilities *match_list; 338 }; 339 }; 340 341 static inline int cpucap_default_scope(const struct arm64_cpu_capabilities *cap) 342 { 343 return cap->type & ARM64_CPUCAP_SCOPE_MASK; 344 } 345 346 static inline bool 347 cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) 348 { 349 return !!(cap->type & ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU); 350 } 351 352 static inline bool 353 cpucap_late_cpu_permitted(const struct arm64_cpu_capabilities *cap) 354 { 355 return !!(cap->type & ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU); 356 } 357 358 extern DECLARE_BITMAP(cpu_hwcaps, ARM64_NCAPS); 359 extern struct static_key_false cpu_hwcap_keys[ARM64_NCAPS]; 360 extern struct static_key_false arm64_const_caps_ready; 361 362 bool this_cpu_has_cap(unsigned int cap); 363 364 static inline bool cpu_have_feature(unsigned int num) 365 { 366 return elf_hwcap & (1UL << num); 367 } 368 369 /* System capability check for constant caps */ 370 static inline bool __cpus_have_const_cap(int num) 371 { 372 if (num >= ARM64_NCAPS) 373 return false; 374 return static_branch_unlikely(&cpu_hwcap_keys[num]); 375 } 376 377 static inline bool cpus_have_cap(unsigned int num) 378 { 379 if (num >= ARM64_NCAPS) 380 return false; 381 return test_bit(num, cpu_hwcaps); 382 } 383 384 static inline bool cpus_have_const_cap(int num) 385 { 386 if (static_branch_likely(&arm64_const_caps_ready)) 387 return __cpus_have_const_cap(num); 388 else 389 return cpus_have_cap(num); 390 } 391 392 static inline void cpus_set_cap(unsigned int num) 393 { 394 if (num >= ARM64_NCAPS) { 395 pr_warn("Attempt to set an illegal CPU capability (%d >= %d)\n", 396 num, ARM64_NCAPS); 397 } else { 398 __set_bit(num, cpu_hwcaps); 399 } 400 } 401 402 static inline int __attribute_const__ 403 cpuid_feature_extract_signed_field_width(u64 features, int field, int width) 404 { 405 return (s64)(features << (64 - width - field)) >> (64 - width); 406 } 407 408 static inline int __attribute_const__ 409 cpuid_feature_extract_signed_field(u64 features, int field) 410 { 411 return cpuid_feature_extract_signed_field_width(features, field, 4); 412 } 413 414 static inline unsigned int __attribute_const__ 415 cpuid_feature_extract_unsigned_field_width(u64 features, int field, int width) 416 { 417 return (u64)(features << (64 - width - field)) >> (64 - width); 418 } 419 420 static inline unsigned int __attribute_const__ 421 cpuid_feature_extract_unsigned_field(u64 features, int field) 422 { 423 return cpuid_feature_extract_unsigned_field_width(features, field, 4); 424 } 425 426 static inline u64 arm64_ftr_mask(const struct arm64_ftr_bits *ftrp) 427 { 428 return (u64)GENMASK(ftrp->shift + ftrp->width - 1, ftrp->shift); 429 } 430 431 static inline u64 arm64_ftr_reg_user_value(const struct arm64_ftr_reg *reg) 432 { 433 return (reg->user_val | (reg->sys_val & reg->user_mask)); 434 } 435 436 static inline int __attribute_const__ 437 cpuid_feature_extract_field_width(u64 features, int field, int width, bool sign) 438 { 439 return (sign) ? 440 cpuid_feature_extract_signed_field_width(features, field, width) : 441 cpuid_feature_extract_unsigned_field_width(features, field, width); 442 } 443 444 static inline int __attribute_const__ 445 cpuid_feature_extract_field(u64 features, int field, bool sign) 446 { 447 return cpuid_feature_extract_field_width(features, field, 4, sign); 448 } 449 450 static inline s64 arm64_ftr_value(const struct arm64_ftr_bits *ftrp, u64 val) 451 { 452 return (s64)cpuid_feature_extract_field_width(val, ftrp->shift, ftrp->width, ftrp->sign); 453 } 454 455 static inline bool id_aa64mmfr0_mixed_endian_el0(u64 mmfr0) 456 { 457 return cpuid_feature_extract_unsigned_field(mmfr0, ID_AA64MMFR0_BIGENDEL_SHIFT) == 0x1 || 458 cpuid_feature_extract_unsigned_field(mmfr0, ID_AA64MMFR0_BIGENDEL0_SHIFT) == 0x1; 459 } 460 461 static inline bool id_aa64pfr0_32bit_el0(u64 pfr0) 462 { 463 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL0_SHIFT); 464 465 return val == ID_AA64PFR0_EL0_32BIT_64BIT; 466 } 467 468 static inline bool id_aa64pfr0_sve(u64 pfr0) 469 { 470 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_SVE_SHIFT); 471 472 return val > 0; 473 } 474 475 void __init setup_cpu_features(void); 476 void check_local_cpu_capabilities(void); 477 478 479 u64 read_sanitised_ftr_reg(u32 id); 480 481 static inline bool cpu_supports_mixed_endian_el0(void) 482 { 483 return id_aa64mmfr0_mixed_endian_el0(read_cpuid(ID_AA64MMFR0_EL1)); 484 } 485 486 static inline bool system_supports_32bit_el0(void) 487 { 488 return cpus_have_const_cap(ARM64_HAS_32BIT_EL0); 489 } 490 491 static inline bool system_supports_mixed_endian_el0(void) 492 { 493 return id_aa64mmfr0_mixed_endian_el0(read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1)); 494 } 495 496 static inline bool system_supports_fpsimd(void) 497 { 498 return !cpus_have_const_cap(ARM64_HAS_NO_FPSIMD); 499 } 500 501 static inline bool system_uses_ttbr0_pan(void) 502 { 503 return IS_ENABLED(CONFIG_ARM64_SW_TTBR0_PAN) && 504 !cpus_have_const_cap(ARM64_HAS_PAN); 505 } 506 507 static inline bool system_supports_sve(void) 508 { 509 return IS_ENABLED(CONFIG_ARM64_SVE) && 510 cpus_have_const_cap(ARM64_SVE); 511 } 512 513 /* 514 * Read the pseudo-ZCR used by cpufeatures to identify the supported SVE 515 * vector length. 516 * 517 * Use only if SVE is present. 518 * This function clobbers the SVE vector length. 519 */ 520 static inline u64 read_zcr_features(void) 521 { 522 u64 zcr; 523 unsigned int vq_max; 524 525 /* 526 * Set the maximum possible VL, and write zeroes to all other 527 * bits to see if they stick. 528 */ 529 sve_kernel_enable(NULL); 530 write_sysreg_s(ZCR_ELx_LEN_MASK, SYS_ZCR_EL1); 531 532 zcr = read_sysreg_s(SYS_ZCR_EL1); 533 zcr &= ~(u64)ZCR_ELx_LEN_MASK; /* find sticky 1s outside LEN field */ 534 vq_max = sve_vq_from_vl(sve_get_vl()); 535 zcr |= vq_max - 1; /* set LEN field to maximum effective value */ 536 537 return zcr; 538 } 539 540 #endif /* __ASSEMBLY__ */ 541 542 #endif 543