1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2001 Ben. Herrenschmidt (benh@kernel.crashing.org)
4 *
5 * Modifications for ppc64:
6 * Copyright (C) 2003 Dave Engebretsen <engebret@us.ibm.com>
7 *
8 * Copyright 2008 Michael Ellerman, IBM Corporation.
9 */
10
11 #include <linux/types.h>
12 #include <linux/jump_label.h>
13 #include <linux/kernel.h>
14 #include <linux/string.h>
15 #include <linux/init.h>
16 #include <linux/sched/mm.h>
17 #include <linux/stop_machine.h>
18 #include <asm/cputable.h>
19 #include <asm/code-patching.h>
20 #include <asm/interrupt.h>
21 #include <asm/page.h>
22 #include <asm/sections.h>
23 #include <asm/setup.h>
24 #include <asm/security_features.h>
25 #include <asm/firmware.h>
26 #include <asm/inst.h>
27
28 struct fixup_entry {
29 unsigned long mask;
30 unsigned long value;
31 long start_off;
32 long end_off;
33 long alt_start_off;
34 long alt_end_off;
35 };
36
calc_addr(struct fixup_entry * fcur,long offset)37 static u32 *calc_addr(struct fixup_entry *fcur, long offset)
38 {
39 /*
40 * We store the offset to the code as a negative offset from
41 * the start of the alt_entry, to support the VDSO. This
42 * routine converts that back into an actual address.
43 */
44 return (u32 *)((unsigned long)fcur + offset);
45 }
46
patch_alt_instruction(u32 * src,u32 * dest,u32 * alt_start,u32 * alt_end)47 static int patch_alt_instruction(u32 *src, u32 *dest, u32 *alt_start, u32 *alt_end)
48 {
49 int err;
50 ppc_inst_t instr;
51
52 instr = ppc_inst_read(src);
53
54 if (instr_is_relative_branch(ppc_inst_read(src))) {
55 u32 *target = (u32 *)branch_target(src);
56
57 /* Branch within the section doesn't need translating */
58 if (target < alt_start || target > alt_end) {
59 err = translate_branch(&instr, dest, src);
60 if (err)
61 return 1;
62 }
63 }
64
65 raw_patch_instruction(dest, instr);
66
67 return 0;
68 }
69
patch_feature_section_mask(unsigned long value,unsigned long mask,struct fixup_entry * fcur)70 static int patch_feature_section_mask(unsigned long value, unsigned long mask,
71 struct fixup_entry *fcur)
72 {
73 u32 *start, *end, *alt_start, *alt_end, *src, *dest;
74
75 start = calc_addr(fcur, fcur->start_off);
76 end = calc_addr(fcur, fcur->end_off);
77 alt_start = calc_addr(fcur, fcur->alt_start_off);
78 alt_end = calc_addr(fcur, fcur->alt_end_off);
79
80 if ((alt_end - alt_start) > (end - start))
81 return 1;
82
83 if ((value & fcur->mask & mask) == (fcur->value & mask))
84 return 0;
85
86 src = alt_start;
87 dest = start;
88
89 for (; src < alt_end; src = ppc_inst_next(src, src),
90 dest = ppc_inst_next(dest, dest)) {
91 if (patch_alt_instruction(src, dest, alt_start, alt_end))
92 return 1;
93 }
94
95 for (; dest < end; dest++)
96 raw_patch_instruction(dest, ppc_inst(PPC_RAW_NOP()));
97
98 return 0;
99 }
100
do_feature_fixups_mask(unsigned long value,unsigned long mask,void * fixup_start,void * fixup_end)101 static void do_feature_fixups_mask(unsigned long value, unsigned long mask,
102 void *fixup_start, void *fixup_end)
103 {
104 struct fixup_entry *fcur, *fend;
105
106 fcur = fixup_start;
107 fend = fixup_end;
108
109 for (; fcur < fend; fcur++) {
110 if (patch_feature_section_mask(value, mask, fcur)) {
111 WARN_ON(1);
112 printk("Unable to patch feature section at %p - %p" \
113 " with %p - %p\n",
114 calc_addr(fcur, fcur->start_off),
115 calc_addr(fcur, fcur->end_off),
116 calc_addr(fcur, fcur->alt_start_off),
117 calc_addr(fcur, fcur->alt_end_off));
118 }
119 }
120 }
121
do_feature_fixups(unsigned long value,void * fixup_start,void * fixup_end)122 void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end)
123 {
124 do_feature_fixups_mask(value, ~0, fixup_start, fixup_end);
125 }
126
127 #ifdef CONFIG_PPC_BARRIER_NOSPEC
is_fixup_addr_valid(void * dest,size_t size)128 static bool is_fixup_addr_valid(void *dest, size_t size)
129 {
130 return system_state < SYSTEM_FREEING_INITMEM ||
131 !init_section_contains(dest, size);
132 }
133
do_patch_fixups(long * start,long * end,unsigned int * instrs,int num)134 static int do_patch_fixups(long *start, long *end, unsigned int *instrs, int num)
135 {
136 int i;
137
138 for (i = 0; start < end; start++, i++) {
139 int j;
140 unsigned int *dest = (void *)start + *start;
141
142 if (!is_fixup_addr_valid(dest, sizeof(*instrs) * num))
143 continue;
144
145 pr_devel("patching dest %lx\n", (unsigned long)dest);
146
147 for (j = 0; j < num; j++)
148 patch_instruction(dest + j, ppc_inst(instrs[j]));
149 }
150 return i;
151 }
152 #endif
153
154 #ifdef CONFIG_PPC_BOOK3S_64
do_patch_entry_fixups(long * start,long * end,unsigned int * instrs,bool do_fallback,void * fallback)155 static int do_patch_entry_fixups(long *start, long *end, unsigned int *instrs,
156 bool do_fallback, void *fallback)
157 {
158 int i;
159
160 for (i = 0; start < end; start++, i++) {
161 unsigned int *dest = (void *)start + *start;
162
163 if (!is_fixup_addr_valid(dest, sizeof(*instrs) * 3))
164 continue;
165
166 pr_devel("patching dest %lx\n", (unsigned long)dest);
167
168 // See comment in do_entry_flush_fixups() RE order of patching
169 if (do_fallback) {
170 patch_instruction(dest, ppc_inst(instrs[0]));
171 patch_instruction(dest + 2, ppc_inst(instrs[2]));
172 patch_branch(dest + 1, (unsigned long)fallback, BRANCH_SET_LINK);
173 } else {
174 patch_instruction(dest + 1, ppc_inst(instrs[1]));
175 patch_instruction(dest + 2, ppc_inst(instrs[2]));
176 patch_instruction(dest, ppc_inst(instrs[0]));
177 }
178 }
179 return i;
180 }
181
do_stf_entry_barrier_fixups(enum stf_barrier_type types)182 static void do_stf_entry_barrier_fixups(enum stf_barrier_type types)
183 {
184 unsigned int instrs[3];
185 long *start, *end;
186 int i;
187
188 start = PTRRELOC(&__start___stf_entry_barrier_fixup);
189 end = PTRRELOC(&__stop___stf_entry_barrier_fixup);
190
191 instrs[0] = PPC_RAW_NOP();
192 instrs[1] = PPC_RAW_NOP();
193 instrs[2] = PPC_RAW_NOP();
194
195 i = 0;
196 if (types & STF_BARRIER_FALLBACK) {
197 instrs[i++] = PPC_RAW_MFLR(_R10);
198 instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
199 instrs[i++] = PPC_RAW_MTLR(_R10);
200 } else if (types & STF_BARRIER_EIEIO) {
201 instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
202 } else if (types & STF_BARRIER_SYNC_ORI) {
203 instrs[i++] = PPC_RAW_SYNC();
204 instrs[i++] = PPC_RAW_LD(_R10, _R13, 0);
205 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
206 }
207
208 i = do_patch_entry_fixups(start, end, instrs, types & STF_BARRIER_FALLBACK,
209 &stf_barrier_fallback);
210
211 printk(KERN_DEBUG "stf-barrier: patched %d entry locations (%s barrier)\n", i,
212 (types == STF_BARRIER_NONE) ? "no" :
213 (types == STF_BARRIER_FALLBACK) ? "fallback" :
214 (types == STF_BARRIER_EIEIO) ? "eieio" :
215 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
216 : "unknown");
217 }
218
do_stf_exit_barrier_fixups(enum stf_barrier_type types)219 static void do_stf_exit_barrier_fixups(enum stf_barrier_type types)
220 {
221 unsigned int instrs[6];
222 long *start, *end;
223 int i;
224
225 start = PTRRELOC(&__start___stf_exit_barrier_fixup);
226 end = PTRRELOC(&__stop___stf_exit_barrier_fixup);
227
228 instrs[0] = PPC_RAW_NOP();
229 instrs[1] = PPC_RAW_NOP();
230 instrs[2] = PPC_RAW_NOP();
231 instrs[3] = PPC_RAW_NOP();
232 instrs[4] = PPC_RAW_NOP();
233 instrs[5] = PPC_RAW_NOP();
234
235 i = 0;
236 if (types & STF_BARRIER_FALLBACK || types & STF_BARRIER_SYNC_ORI) {
237 if (cpu_has_feature(CPU_FTR_HVMODE)) {
238 instrs[i++] = PPC_RAW_MTSPR(SPRN_HSPRG1, _R13);
239 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG0);
240 } else {
241 instrs[i++] = PPC_RAW_MTSPR(SPRN_SPRG2, _R13);
242 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG1);
243 }
244 instrs[i++] = PPC_RAW_SYNC();
245 instrs[i++] = PPC_RAW_LD(_R13, _R13, 0);
246 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
247 if (cpu_has_feature(CPU_FTR_HVMODE))
248 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG1);
249 else
250 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG2);
251 } else if (types & STF_BARRIER_EIEIO) {
252 instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
253 }
254
255 i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
256
257 printk(KERN_DEBUG "stf-barrier: patched %d exit locations (%s barrier)\n", i,
258 (types == STF_BARRIER_NONE) ? "no" :
259 (types == STF_BARRIER_FALLBACK) ? "fallback" :
260 (types == STF_BARRIER_EIEIO) ? "eieio" :
261 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
262 : "unknown");
263 }
264
265 static bool stf_exit_reentrant = false;
266 static bool rfi_exit_reentrant = false;
267 static DEFINE_MUTEX(exit_flush_lock);
268
__do_stf_barrier_fixups(void * data)269 static int __do_stf_barrier_fixups(void *data)
270 {
271 enum stf_barrier_type *types = data;
272
273 do_stf_entry_barrier_fixups(*types);
274 do_stf_exit_barrier_fixups(*types);
275
276 return 0;
277 }
278
do_stf_barrier_fixups(enum stf_barrier_type types)279 void do_stf_barrier_fixups(enum stf_barrier_type types)
280 {
281 /*
282 * The call to the fallback entry flush, and the fallback/sync-ori exit
283 * flush can not be safely patched in/out while other CPUs are
284 * executing them. So call __do_stf_barrier_fixups() on one CPU while
285 * all other CPUs spin in the stop machine core with interrupts hard
286 * disabled.
287 *
288 * The branch to mark interrupt exits non-reentrant is enabled first,
289 * then stop_machine runs which will ensure all CPUs are out of the
290 * low level interrupt exit code before patching. After the patching,
291 * if allowed, then flip the branch to allow fast exits.
292 */
293
294 // Prevent static key update races with do_rfi_flush_fixups()
295 mutex_lock(&exit_flush_lock);
296 static_branch_enable(&interrupt_exit_not_reentrant);
297
298 stop_machine(__do_stf_barrier_fixups, &types, NULL);
299
300 if ((types & STF_BARRIER_FALLBACK) || (types & STF_BARRIER_SYNC_ORI))
301 stf_exit_reentrant = false;
302 else
303 stf_exit_reentrant = true;
304
305 if (stf_exit_reentrant && rfi_exit_reentrant)
306 static_branch_disable(&interrupt_exit_not_reentrant);
307
308 mutex_unlock(&exit_flush_lock);
309 }
310
do_uaccess_flush_fixups(enum l1d_flush_type types)311 void do_uaccess_flush_fixups(enum l1d_flush_type types)
312 {
313 unsigned int instrs[4];
314 long *start, *end;
315 int i;
316
317 start = PTRRELOC(&__start___uaccess_flush_fixup);
318 end = PTRRELOC(&__stop___uaccess_flush_fixup);
319
320 instrs[0] = PPC_RAW_NOP();
321 instrs[1] = PPC_RAW_NOP();
322 instrs[2] = PPC_RAW_NOP();
323 instrs[3] = PPC_RAW_BLR();
324
325 i = 0;
326 if (types == L1D_FLUSH_FALLBACK) {
327 instrs[3] = PPC_RAW_NOP();
328 /* fallthrough to fallback flush */
329 }
330
331 if (types & L1D_FLUSH_ORI) {
332 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
333 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
334 }
335
336 if (types & L1D_FLUSH_MTTRIG)
337 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
338
339 i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
340
341 printk(KERN_DEBUG "uaccess-flush: patched %d locations (%s flush)\n", i,
342 (types == L1D_FLUSH_NONE) ? "no" :
343 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
344 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
345 ? "ori+mttrig type"
346 : "ori type" :
347 (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
348 : "unknown");
349 }
350
__do_entry_flush_fixups(void * data)351 static int __do_entry_flush_fixups(void *data)
352 {
353 enum l1d_flush_type types = *(enum l1d_flush_type *)data;
354 unsigned int instrs[3];
355 long *start, *end;
356 int i;
357
358 instrs[0] = PPC_RAW_NOP();
359 instrs[1] = PPC_RAW_NOP();
360 instrs[2] = PPC_RAW_NOP();
361
362 i = 0;
363 if (types == L1D_FLUSH_FALLBACK) {
364 instrs[i++] = PPC_RAW_MFLR(_R10);
365 instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
366 instrs[i++] = PPC_RAW_MTLR(_R10);
367 }
368
369 if (types & L1D_FLUSH_ORI) {
370 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
371 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
372 }
373
374 if (types & L1D_FLUSH_MTTRIG)
375 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
376
377 /*
378 * If we're patching in or out the fallback flush we need to be careful about the
379 * order in which we patch instructions. That's because it's possible we could
380 * take a page fault after patching one instruction, so the sequence of
381 * instructions must be safe even in a half patched state.
382 *
383 * To make that work, when patching in the fallback flush we patch in this order:
384 * - the mflr (dest)
385 * - the mtlr (dest + 2)
386 * - the branch (dest + 1)
387 *
388 * That ensures the sequence is safe to execute at any point. In contrast if we
389 * patch the mtlr last, it's possible we could return from the branch and not
390 * restore LR, leading to a crash later.
391 *
392 * When patching out the fallback flush (either with nops or another flush type),
393 * we patch in this order:
394 * - the branch (dest + 1)
395 * - the mtlr (dest + 2)
396 * - the mflr (dest)
397 *
398 * Note we are protected by stop_machine() from other CPUs executing the code in a
399 * semi-patched state.
400 */
401
402 start = PTRRELOC(&__start___entry_flush_fixup);
403 end = PTRRELOC(&__stop___entry_flush_fixup);
404 i = do_patch_entry_fixups(start, end, instrs, types == L1D_FLUSH_FALLBACK,
405 &entry_flush_fallback);
406
407 start = PTRRELOC(&__start___scv_entry_flush_fixup);
408 end = PTRRELOC(&__stop___scv_entry_flush_fixup);
409 i += do_patch_entry_fixups(start, end, instrs, types == L1D_FLUSH_FALLBACK,
410 &scv_entry_flush_fallback);
411
412 printk(KERN_DEBUG "entry-flush: patched %d locations (%s flush)\n", i,
413 (types == L1D_FLUSH_NONE) ? "no" :
414 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
415 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
416 ? "ori+mttrig type"
417 : "ori type" :
418 (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
419 : "unknown");
420
421 return 0;
422 }
423
do_entry_flush_fixups(enum l1d_flush_type types)424 void do_entry_flush_fixups(enum l1d_flush_type types)
425 {
426 /*
427 * The call to the fallback flush can not be safely patched in/out while
428 * other CPUs are executing it. So call __do_entry_flush_fixups() on one
429 * CPU while all other CPUs spin in the stop machine core with interrupts
430 * hard disabled.
431 */
432 stop_machine(__do_entry_flush_fixups, &types, NULL);
433 }
434
__do_rfi_flush_fixups(void * data)435 static int __do_rfi_flush_fixups(void *data)
436 {
437 enum l1d_flush_type types = *(enum l1d_flush_type *)data;
438 unsigned int instrs[3];
439 long *start, *end;
440 int i;
441
442 start = PTRRELOC(&__start___rfi_flush_fixup);
443 end = PTRRELOC(&__stop___rfi_flush_fixup);
444
445 instrs[0] = PPC_RAW_NOP();
446 instrs[1] = PPC_RAW_NOP();
447 instrs[2] = PPC_RAW_NOP();
448
449 if (types & L1D_FLUSH_FALLBACK)
450 /* b .+16 to fallback flush */
451 instrs[0] = PPC_RAW_BRANCH(16);
452
453 i = 0;
454 if (types & L1D_FLUSH_ORI) {
455 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
456 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
457 }
458
459 if (types & L1D_FLUSH_MTTRIG)
460 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
461
462 i = do_patch_fixups(start, end, instrs, ARRAY_SIZE(instrs));
463
464 printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
465 (types == L1D_FLUSH_NONE) ? "no" :
466 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" :
467 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG)
468 ? "ori+mttrig type"
469 : "ori type" :
470 (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
471 : "unknown");
472
473 return 0;
474 }
475
do_rfi_flush_fixups(enum l1d_flush_type types)476 void do_rfi_flush_fixups(enum l1d_flush_type types)
477 {
478 /*
479 * stop_machine gets all CPUs out of the interrupt exit handler same
480 * as do_stf_barrier_fixups. do_rfi_flush_fixups patching can run
481 * without stop_machine, so this could be achieved with a broadcast
482 * IPI instead, but this matches the stf sequence.
483 */
484
485 // Prevent static key update races with do_stf_barrier_fixups()
486 mutex_lock(&exit_flush_lock);
487 static_branch_enable(&interrupt_exit_not_reentrant);
488
489 stop_machine(__do_rfi_flush_fixups, &types, NULL);
490
491 if (types & L1D_FLUSH_FALLBACK)
492 rfi_exit_reentrant = false;
493 else
494 rfi_exit_reentrant = true;
495
496 if (stf_exit_reentrant && rfi_exit_reentrant)
497 static_branch_disable(&interrupt_exit_not_reentrant);
498
499 mutex_unlock(&exit_flush_lock);
500 }
501
do_barrier_nospec_fixups_range(bool enable,void * fixup_start,void * fixup_end)502 void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
503 {
504 unsigned int instr;
505 long *start, *end;
506 int i;
507
508 start = fixup_start;
509 end = fixup_end;
510
511 instr = PPC_RAW_NOP();
512
513 if (enable) {
514 pr_info("barrier-nospec: using ORI speculation barrier\n");
515 instr = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
516 }
517
518 i = do_patch_fixups(start, end, &instr, 1);
519
520 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
521 }
522
523 #endif /* CONFIG_PPC_BOOK3S_64 */
524
525 #ifdef CONFIG_PPC_BARRIER_NOSPEC
do_barrier_nospec_fixups(bool enable)526 void do_barrier_nospec_fixups(bool enable)
527 {
528 void *start, *end;
529
530 start = PTRRELOC(&__start___barrier_nospec_fixup);
531 end = PTRRELOC(&__stop___barrier_nospec_fixup);
532
533 do_barrier_nospec_fixups_range(enable, start, end);
534 }
535 #endif /* CONFIG_PPC_BARRIER_NOSPEC */
536
537 #ifdef CONFIG_PPC_E500
do_barrier_nospec_fixups_range(bool enable,void * fixup_start,void * fixup_end)538 void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
539 {
540 unsigned int instr[2];
541 long *start, *end;
542 int i;
543
544 start = fixup_start;
545 end = fixup_end;
546
547 instr[0] = PPC_RAW_NOP();
548 instr[1] = PPC_RAW_NOP();
549
550 if (enable) {
551 pr_info("barrier-nospec: using isync; sync as speculation barrier\n");
552 instr[0] = PPC_RAW_ISYNC();
553 instr[1] = PPC_RAW_SYNC();
554 }
555
556 i = do_patch_fixups(start, end, instr, ARRAY_SIZE(instr));
557
558 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
559 }
560
patch_btb_flush_section(long * curr)561 static void __init patch_btb_flush_section(long *curr)
562 {
563 unsigned int *start, *end;
564
565 start = (void *)curr + *curr;
566 end = (void *)curr + *(curr + 1);
567 for (; start < end; start++) {
568 pr_devel("patching dest %lx\n", (unsigned long)start);
569 patch_instruction(start, ppc_inst(PPC_RAW_NOP()));
570 }
571 }
572
do_btb_flush_fixups(void)573 void __init do_btb_flush_fixups(void)
574 {
575 long *start, *end;
576
577 start = PTRRELOC(&__start__btb_flush_fixup);
578 end = PTRRELOC(&__stop__btb_flush_fixup);
579
580 for (; start < end; start += 2)
581 patch_btb_flush_section(start);
582 }
583 #endif /* CONFIG_PPC_E500 */
584
do_lwsync_fixups(unsigned long value,void * fixup_start,void * fixup_end)585 void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
586 {
587 long *start, *end;
588 u32 *dest;
589
590 if (!(value & CPU_FTR_LWSYNC))
591 return ;
592
593 start = fixup_start;
594 end = fixup_end;
595
596 for (; start < end; start++) {
597 dest = (void *)start + *start;
598 raw_patch_instruction(dest, ppc_inst(PPC_INST_LWSYNC));
599 }
600 }
601
do_final_fixups(void)602 static void __init do_final_fixups(void)
603 {
604 #if defined(CONFIG_PPC64) && defined(CONFIG_RELOCATABLE)
605 ppc_inst_t inst;
606 u32 *src, *dest, *end;
607
608 if (PHYSICAL_START == 0)
609 return;
610
611 src = (u32 *)(KERNELBASE + PHYSICAL_START);
612 dest = (u32 *)KERNELBASE;
613 end = (void *)src + (__end_interrupts - _stext);
614
615 while (src < end) {
616 inst = ppc_inst_read(src);
617 raw_patch_instruction(dest, inst);
618 src = ppc_inst_next(src, src);
619 dest = ppc_inst_next(dest, dest);
620 }
621 #endif
622 }
623
624 static unsigned long __initdata saved_cpu_features;
625 static unsigned int __initdata saved_mmu_features;
626 #ifdef CONFIG_PPC64
627 static unsigned long __initdata saved_firmware_features;
628 #endif
629
apply_feature_fixups(void)630 void __init apply_feature_fixups(void)
631 {
632 struct cpu_spec *spec = PTRRELOC(*PTRRELOC(&cur_cpu_spec));
633
634 *PTRRELOC(&saved_cpu_features) = spec->cpu_features;
635 *PTRRELOC(&saved_mmu_features) = spec->mmu_features;
636
637 /*
638 * Apply the CPU-specific and firmware specific fixups to kernel text
639 * (nop out sections not relevant to this CPU or this firmware).
640 */
641 do_feature_fixups(spec->cpu_features,
642 PTRRELOC(&__start___ftr_fixup),
643 PTRRELOC(&__stop___ftr_fixup));
644
645 do_feature_fixups(spec->mmu_features,
646 PTRRELOC(&__start___mmu_ftr_fixup),
647 PTRRELOC(&__stop___mmu_ftr_fixup));
648
649 do_lwsync_fixups(spec->cpu_features,
650 PTRRELOC(&__start___lwsync_fixup),
651 PTRRELOC(&__stop___lwsync_fixup));
652
653 #ifdef CONFIG_PPC64
654 saved_firmware_features = powerpc_firmware_features;
655 do_feature_fixups(powerpc_firmware_features,
656 &__start___fw_ftr_fixup, &__stop___fw_ftr_fixup);
657 #endif
658 do_final_fixups();
659 }
660
update_mmu_feature_fixups(unsigned long mask)661 void __init update_mmu_feature_fixups(unsigned long mask)
662 {
663 saved_mmu_features &= ~mask;
664 saved_mmu_features |= cur_cpu_spec->mmu_features & mask;
665
666 do_feature_fixups_mask(cur_cpu_spec->mmu_features, mask,
667 PTRRELOC(&__start___mmu_ftr_fixup),
668 PTRRELOC(&__stop___mmu_ftr_fixup));
669 mmu_feature_keys_init();
670 }
671
setup_feature_keys(void)672 void __init setup_feature_keys(void)
673 {
674 /*
675 * Initialise jump label. This causes all the cpu/mmu_has_feature()
676 * checks to take on their correct polarity based on the current set of
677 * CPU/MMU features.
678 */
679 jump_label_init();
680 cpu_feature_keys_init();
681 mmu_feature_keys_init();
682 }
683
check_features(void)684 static int __init check_features(void)
685 {
686 WARN(saved_cpu_features != cur_cpu_spec->cpu_features,
687 "CPU features changed after feature patching!\n");
688 WARN(saved_mmu_features != cur_cpu_spec->mmu_features,
689 "MMU features changed after feature patching!\n");
690 #ifdef CONFIG_PPC64
691 WARN(saved_firmware_features != powerpc_firmware_features,
692 "Firmware features changed after feature patching!\n");
693 #endif
694
695 return 0;
696 }
697 late_initcall(check_features);
698
699 #ifdef CONFIG_FTR_FIXUP_SELFTEST
700
701 #define check(x) \
702 if (!(x)) printk("feature-fixups: test failed at line %d\n", __LINE__);
703
patch_feature_section(unsigned long value,struct fixup_entry * fcur)704 static int patch_feature_section(unsigned long value, struct fixup_entry *fcur)
705 {
706 return patch_feature_section_mask(value, ~0, fcur);
707 }
708
709 /* This must be after the text it fixes up, vmlinux.lds.S enforces that atm */
710 static struct fixup_entry fixup;
711
calc_offset(struct fixup_entry * entry,unsigned int * p)712 static long __init calc_offset(struct fixup_entry *entry, unsigned int *p)
713 {
714 return (unsigned long)p - (unsigned long)entry;
715 }
716
test_basic_patching(void)717 static void __init test_basic_patching(void)
718 {
719 extern unsigned int ftr_fixup_test1[];
720 extern unsigned int end_ftr_fixup_test1[];
721 extern unsigned int ftr_fixup_test1_orig[];
722 extern unsigned int ftr_fixup_test1_expected[];
723 int size = 4 * (end_ftr_fixup_test1 - ftr_fixup_test1);
724
725 fixup.value = fixup.mask = 8;
726 fixup.start_off = calc_offset(&fixup, ftr_fixup_test1 + 1);
727 fixup.end_off = calc_offset(&fixup, ftr_fixup_test1 + 2);
728 fixup.alt_start_off = fixup.alt_end_off = 0;
729
730 /* Sanity check */
731 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
732
733 /* Check we don't patch if the value matches */
734 patch_feature_section(8, &fixup);
735 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
736
737 /* Check we do patch if the value doesn't match */
738 patch_feature_section(0, &fixup);
739 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
740
741 /* Check we do patch if the mask doesn't match */
742 memcpy(ftr_fixup_test1, ftr_fixup_test1_orig, size);
743 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
744 patch_feature_section(~8, &fixup);
745 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
746 }
747
test_alternative_patching(void)748 static void __init test_alternative_patching(void)
749 {
750 extern unsigned int ftr_fixup_test2[];
751 extern unsigned int end_ftr_fixup_test2[];
752 extern unsigned int ftr_fixup_test2_orig[];
753 extern unsigned int ftr_fixup_test2_alt[];
754 extern unsigned int ftr_fixup_test2_expected[];
755 int size = 4 * (end_ftr_fixup_test2 - ftr_fixup_test2);
756
757 fixup.value = fixup.mask = 0xF;
758 fixup.start_off = calc_offset(&fixup, ftr_fixup_test2 + 1);
759 fixup.end_off = calc_offset(&fixup, ftr_fixup_test2 + 2);
760 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test2_alt);
761 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test2_alt + 1);
762
763 /* Sanity check */
764 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
765
766 /* Check we don't patch if the value matches */
767 patch_feature_section(0xF, &fixup);
768 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
769
770 /* Check we do patch if the value doesn't match */
771 patch_feature_section(0, &fixup);
772 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
773
774 /* Check we do patch if the mask doesn't match */
775 memcpy(ftr_fixup_test2, ftr_fixup_test2_orig, size);
776 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
777 patch_feature_section(~0xF, &fixup);
778 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
779 }
780
test_alternative_case_too_big(void)781 static void __init test_alternative_case_too_big(void)
782 {
783 extern unsigned int ftr_fixup_test3[];
784 extern unsigned int end_ftr_fixup_test3[];
785 extern unsigned int ftr_fixup_test3_orig[];
786 extern unsigned int ftr_fixup_test3_alt[];
787 int size = 4 * (end_ftr_fixup_test3 - ftr_fixup_test3);
788
789 fixup.value = fixup.mask = 0xC;
790 fixup.start_off = calc_offset(&fixup, ftr_fixup_test3 + 1);
791 fixup.end_off = calc_offset(&fixup, ftr_fixup_test3 + 2);
792 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test3_alt);
793 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test3_alt + 2);
794
795 /* Sanity check */
796 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
797
798 /* Expect nothing to be patched, and the error returned to us */
799 check(patch_feature_section(0xF, &fixup) == 1);
800 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
801 check(patch_feature_section(0, &fixup) == 1);
802 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
803 check(patch_feature_section(~0xF, &fixup) == 1);
804 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
805 }
806
test_alternative_case_too_small(void)807 static void __init test_alternative_case_too_small(void)
808 {
809 extern unsigned int ftr_fixup_test4[];
810 extern unsigned int end_ftr_fixup_test4[];
811 extern unsigned int ftr_fixup_test4_orig[];
812 extern unsigned int ftr_fixup_test4_alt[];
813 extern unsigned int ftr_fixup_test4_expected[];
814 int size = 4 * (end_ftr_fixup_test4 - ftr_fixup_test4);
815 unsigned long flag;
816
817 /* Check a high-bit flag */
818 flag = 1UL << ((sizeof(unsigned long) - 1) * 8);
819 fixup.value = fixup.mask = flag;
820 fixup.start_off = calc_offset(&fixup, ftr_fixup_test4 + 1);
821 fixup.end_off = calc_offset(&fixup, ftr_fixup_test4 + 5);
822 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test4_alt);
823 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test4_alt + 2);
824
825 /* Sanity check */
826 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
827
828 /* Check we don't patch if the value matches */
829 patch_feature_section(flag, &fixup);
830 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
831
832 /* Check we do patch if the value doesn't match */
833 patch_feature_section(0, &fixup);
834 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
835
836 /* Check we do patch if the mask doesn't match */
837 memcpy(ftr_fixup_test4, ftr_fixup_test4_orig, size);
838 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
839 patch_feature_section(~flag, &fixup);
840 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
841 }
842
test_alternative_case_with_branch(void)843 static void test_alternative_case_with_branch(void)
844 {
845 extern unsigned int ftr_fixup_test5[];
846 extern unsigned int end_ftr_fixup_test5[];
847 extern unsigned int ftr_fixup_test5_expected[];
848 int size = 4 * (end_ftr_fixup_test5 - ftr_fixup_test5);
849
850 check(memcmp(ftr_fixup_test5, ftr_fixup_test5_expected, size) == 0);
851 }
852
test_alternative_case_with_external_branch(void)853 static void __init test_alternative_case_with_external_branch(void)
854 {
855 extern unsigned int ftr_fixup_test6[];
856 extern unsigned int end_ftr_fixup_test6[];
857 extern unsigned int ftr_fixup_test6_expected[];
858 int size = 4 * (end_ftr_fixup_test6 - ftr_fixup_test6);
859
860 check(memcmp(ftr_fixup_test6, ftr_fixup_test6_expected, size) == 0);
861 }
862
test_alternative_case_with_branch_to_end(void)863 static void __init test_alternative_case_with_branch_to_end(void)
864 {
865 extern unsigned int ftr_fixup_test7[];
866 extern unsigned int end_ftr_fixup_test7[];
867 extern unsigned int ftr_fixup_test7_expected[];
868 int size = 4 * (end_ftr_fixup_test7 - ftr_fixup_test7);
869
870 check(memcmp(ftr_fixup_test7, ftr_fixup_test7_expected, size) == 0);
871 }
872
test_cpu_macros(void)873 static void __init test_cpu_macros(void)
874 {
875 extern u8 ftr_fixup_test_FTR_macros[];
876 extern u8 ftr_fixup_test_FTR_macros_expected[];
877 unsigned long size = ftr_fixup_test_FTR_macros_expected -
878 ftr_fixup_test_FTR_macros;
879
880 /* The fixups have already been done for us during boot */
881 check(memcmp(ftr_fixup_test_FTR_macros,
882 ftr_fixup_test_FTR_macros_expected, size) == 0);
883 }
884
test_fw_macros(void)885 static void __init test_fw_macros(void)
886 {
887 #ifdef CONFIG_PPC64
888 extern u8 ftr_fixup_test_FW_FTR_macros[];
889 extern u8 ftr_fixup_test_FW_FTR_macros_expected[];
890 unsigned long size = ftr_fixup_test_FW_FTR_macros_expected -
891 ftr_fixup_test_FW_FTR_macros;
892
893 /* The fixups have already been done for us during boot */
894 check(memcmp(ftr_fixup_test_FW_FTR_macros,
895 ftr_fixup_test_FW_FTR_macros_expected, size) == 0);
896 #endif
897 }
898
test_lwsync_macros(void)899 static void __init test_lwsync_macros(void)
900 {
901 extern u8 lwsync_fixup_test[];
902 extern u8 end_lwsync_fixup_test[];
903 extern u8 lwsync_fixup_test_expected_LWSYNC[];
904 extern u8 lwsync_fixup_test_expected_SYNC[];
905 unsigned long size = end_lwsync_fixup_test -
906 lwsync_fixup_test;
907
908 /* The fixups have already been done for us during boot */
909 if (cur_cpu_spec->cpu_features & CPU_FTR_LWSYNC) {
910 check(memcmp(lwsync_fixup_test,
911 lwsync_fixup_test_expected_LWSYNC, size) == 0);
912 } else {
913 check(memcmp(lwsync_fixup_test,
914 lwsync_fixup_test_expected_SYNC, size) == 0);
915 }
916 }
917
918 #ifdef CONFIG_PPC64
test_prefix_patching(void)919 static void __init test_prefix_patching(void)
920 {
921 extern unsigned int ftr_fixup_prefix1[];
922 extern unsigned int end_ftr_fixup_prefix1[];
923 extern unsigned int ftr_fixup_prefix1_orig[];
924 extern unsigned int ftr_fixup_prefix1_expected[];
925 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix1 - ftr_fixup_prefix1);
926
927 fixup.value = fixup.mask = 8;
928 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix1 + 1);
929 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix1 + 3);
930 fixup.alt_start_off = fixup.alt_end_off = 0;
931
932 /* Sanity check */
933 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) == 0);
934
935 patch_feature_section(0, &fixup);
936 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_expected, size) == 0);
937 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) != 0);
938 }
939
test_prefix_alt_patching(void)940 static void __init test_prefix_alt_patching(void)
941 {
942 extern unsigned int ftr_fixup_prefix2[];
943 extern unsigned int end_ftr_fixup_prefix2[];
944 extern unsigned int ftr_fixup_prefix2_orig[];
945 extern unsigned int ftr_fixup_prefix2_expected[];
946 extern unsigned int ftr_fixup_prefix2_alt[];
947 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix2 - ftr_fixup_prefix2);
948
949 fixup.value = fixup.mask = 8;
950 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix2 + 1);
951 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix2 + 3);
952 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix2_alt);
953 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix2_alt + 2);
954 /* Sanity check */
955 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) == 0);
956
957 patch_feature_section(0, &fixup);
958 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_expected, size) == 0);
959 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) != 0);
960 }
961
test_prefix_word_alt_patching(void)962 static void __init test_prefix_word_alt_patching(void)
963 {
964 extern unsigned int ftr_fixup_prefix3[];
965 extern unsigned int end_ftr_fixup_prefix3[];
966 extern unsigned int ftr_fixup_prefix3_orig[];
967 extern unsigned int ftr_fixup_prefix3_expected[];
968 extern unsigned int ftr_fixup_prefix3_alt[];
969 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix3 - ftr_fixup_prefix3);
970
971 fixup.value = fixup.mask = 8;
972 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix3 + 1);
973 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix3 + 4);
974 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix3_alt);
975 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix3_alt + 3);
976 /* Sanity check */
977 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) == 0);
978
979 patch_feature_section(0, &fixup);
980 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_expected, size) == 0);
981 patch_feature_section(0, &fixup);
982 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) != 0);
983 }
984 #else
test_prefix_patching(void)985 static inline void test_prefix_patching(void) {}
test_prefix_alt_patching(void)986 static inline void test_prefix_alt_patching(void) {}
test_prefix_word_alt_patching(void)987 static inline void test_prefix_word_alt_patching(void) {}
988 #endif /* CONFIG_PPC64 */
989
test_feature_fixups(void)990 static int __init test_feature_fixups(void)
991 {
992 printk(KERN_DEBUG "Running feature fixup self-tests ...\n");
993
994 test_basic_patching();
995 test_alternative_patching();
996 test_alternative_case_too_big();
997 test_alternative_case_too_small();
998 test_alternative_case_with_branch();
999 test_alternative_case_with_external_branch();
1000 test_alternative_case_with_branch_to_end();
1001 test_cpu_macros();
1002 test_fw_macros();
1003 test_lwsync_macros();
1004 test_prefix_patching();
1005 test_prefix_alt_patching();
1006 test_prefix_word_alt_patching();
1007
1008 return 0;
1009 }
1010 late_initcall(test_feature_fixups);
1011
1012 #endif /* CONFIG_FTR_FIXUP_SELFTEST */
1013