1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2001 Ben. Herrenschmidt (benh@kernel.crashing.org) 4 * 5 * Modifications for ppc64: 6 * Copyright (C) 2003 Dave Engebretsen <engebret@us.ibm.com> 7 * 8 * Copyright 2008 Michael Ellerman, IBM Corporation. 9 */ 10 11 #include <linux/types.h> 12 #include <linux/jump_label.h> 13 #include <linux/kernel.h> 14 #include <linux/string.h> 15 #include <linux/init.h> 16 #include <linux/sched/mm.h> 17 #include <linux/stop_machine.h> 18 #include <asm/cputable.h> 19 #include <asm/code-patching.h> 20 #include <asm/interrupt.h> 21 #include <asm/page.h> 22 #include <asm/sections.h> 23 #include <asm/setup.h> 24 #include <asm/security_features.h> 25 #include <asm/firmware.h> 26 #include <asm/inst.h> 27 28 struct fixup_entry { 29 unsigned long mask; 30 unsigned long value; 31 long start_off; 32 long end_off; 33 long alt_start_off; 34 long alt_end_off; 35 }; 36 37 static u32 *calc_addr(struct fixup_entry *fcur, long offset) 38 { 39 /* 40 * We store the offset to the code as a negative offset from 41 * the start of the alt_entry, to support the VDSO. This 42 * routine converts that back into an actual address. 43 */ 44 return (u32 *)((unsigned long)fcur + offset); 45 } 46 47 static int patch_alt_instruction(u32 *src, u32 *dest, u32 *alt_start, u32 *alt_end) 48 { 49 int err; 50 struct ppc_inst instr; 51 52 instr = ppc_inst_read(src); 53 54 if (instr_is_relative_branch(ppc_inst_read(src))) { 55 u32 *target = (u32 *)branch_target(src); 56 57 /* Branch within the section doesn't need translating */ 58 if (target < alt_start || target > alt_end) { 59 err = translate_branch(&instr, dest, src); 60 if (err) 61 return 1; 62 } 63 } 64 65 raw_patch_instruction(dest, instr); 66 67 return 0; 68 } 69 70 static int patch_feature_section(unsigned long value, struct fixup_entry *fcur) 71 { 72 u32 *start, *end, *alt_start, *alt_end, *src, *dest; 73 74 start = calc_addr(fcur, fcur->start_off); 75 end = calc_addr(fcur, fcur->end_off); 76 alt_start = calc_addr(fcur, fcur->alt_start_off); 77 alt_end = calc_addr(fcur, fcur->alt_end_off); 78 79 if ((alt_end - alt_start) > (end - start)) 80 return 1; 81 82 if ((value & fcur->mask) == fcur->value) 83 return 0; 84 85 src = alt_start; 86 dest = start; 87 88 for (; src < alt_end; src = ppc_inst_next(src, src), 89 dest = ppc_inst_next(dest, dest)) { 90 if (patch_alt_instruction(src, dest, alt_start, alt_end)) 91 return 1; 92 } 93 94 for (; dest < end; dest++) 95 raw_patch_instruction(dest, ppc_inst(PPC_RAW_NOP())); 96 97 return 0; 98 } 99 100 void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end) 101 { 102 struct fixup_entry *fcur, *fend; 103 104 fcur = fixup_start; 105 fend = fixup_end; 106 107 for (; fcur < fend; fcur++) { 108 if (patch_feature_section(value, fcur)) { 109 WARN_ON(1); 110 printk("Unable to patch feature section at %p - %p" \ 111 " with %p - %p\n", 112 calc_addr(fcur, fcur->start_off), 113 calc_addr(fcur, fcur->end_off), 114 calc_addr(fcur, fcur->alt_start_off), 115 calc_addr(fcur, fcur->alt_end_off)); 116 } 117 } 118 } 119 120 #ifdef CONFIG_PPC_BOOK3S_64 121 static void do_stf_entry_barrier_fixups(enum stf_barrier_type types) 122 { 123 unsigned int instrs[3], *dest; 124 long *start, *end; 125 int i; 126 127 start = PTRRELOC(&__start___stf_entry_barrier_fixup); 128 end = PTRRELOC(&__stop___stf_entry_barrier_fixup); 129 130 instrs[0] = PPC_RAW_NOP(); 131 instrs[1] = PPC_RAW_NOP(); 132 instrs[2] = PPC_RAW_NOP(); 133 134 i = 0; 135 if (types & STF_BARRIER_FALLBACK) { 136 instrs[i++] = PPC_RAW_MFLR(_R10); 137 instrs[i++] = PPC_RAW_NOP(); /* branch patched below */ 138 instrs[i++] = PPC_RAW_MTLR(_R10); 139 } else if (types & STF_BARRIER_EIEIO) { 140 instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */ 141 } else if (types & STF_BARRIER_SYNC_ORI) { 142 instrs[i++] = PPC_RAW_SYNC(); 143 instrs[i++] = PPC_RAW_LD(_R10, _R13, 0); 144 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */ 145 } 146 147 for (i = 0; start < end; start++, i++) { 148 dest = (void *)start + *start; 149 150 pr_devel("patching dest %lx\n", (unsigned long)dest); 151 152 // See comment in do_entry_flush_fixups() RE order of patching 153 if (types & STF_BARRIER_FALLBACK) { 154 patch_instruction(dest, ppc_inst(instrs[0])); 155 patch_instruction(dest + 2, ppc_inst(instrs[2])); 156 patch_branch(dest + 1, 157 (unsigned long)&stf_barrier_fallback, BRANCH_SET_LINK); 158 } else { 159 patch_instruction(dest + 1, ppc_inst(instrs[1])); 160 patch_instruction(dest + 2, ppc_inst(instrs[2])); 161 patch_instruction(dest, ppc_inst(instrs[0])); 162 } 163 } 164 165 printk(KERN_DEBUG "stf-barrier: patched %d entry locations (%s barrier)\n", i, 166 (types == STF_BARRIER_NONE) ? "no" : 167 (types == STF_BARRIER_FALLBACK) ? "fallback" : 168 (types == STF_BARRIER_EIEIO) ? "eieio" : 169 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync" 170 : "unknown"); 171 } 172 173 static void do_stf_exit_barrier_fixups(enum stf_barrier_type types) 174 { 175 unsigned int instrs[6], *dest; 176 long *start, *end; 177 int i; 178 179 start = PTRRELOC(&__start___stf_exit_barrier_fixup); 180 end = PTRRELOC(&__stop___stf_exit_barrier_fixup); 181 182 instrs[0] = PPC_RAW_NOP(); 183 instrs[1] = PPC_RAW_NOP(); 184 instrs[2] = PPC_RAW_NOP(); 185 instrs[3] = PPC_RAW_NOP(); 186 instrs[4] = PPC_RAW_NOP(); 187 instrs[5] = PPC_RAW_NOP(); 188 189 i = 0; 190 if (types & STF_BARRIER_FALLBACK || types & STF_BARRIER_SYNC_ORI) { 191 if (cpu_has_feature(CPU_FTR_HVMODE)) { 192 instrs[i++] = PPC_RAW_MTSPR(SPRN_HSPRG1, _R13); 193 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG0); 194 } else { 195 instrs[i++] = PPC_RAW_MTSPR(SPRN_SPRG2, _R13); 196 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG1); 197 } 198 instrs[i++] = PPC_RAW_SYNC(); 199 instrs[i++] = PPC_RAW_LD(_R13, _R13, 0); 200 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */ 201 if (cpu_has_feature(CPU_FTR_HVMODE)) 202 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG1); 203 else 204 instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG2); 205 } else if (types & STF_BARRIER_EIEIO) { 206 instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */ 207 } 208 209 for (i = 0; start < end; start++, i++) { 210 dest = (void *)start + *start; 211 212 pr_devel("patching dest %lx\n", (unsigned long)dest); 213 214 patch_instruction(dest, ppc_inst(instrs[0])); 215 patch_instruction(dest + 1, ppc_inst(instrs[1])); 216 patch_instruction(dest + 2, ppc_inst(instrs[2])); 217 patch_instruction(dest + 3, ppc_inst(instrs[3])); 218 patch_instruction(dest + 4, ppc_inst(instrs[4])); 219 patch_instruction(dest + 5, ppc_inst(instrs[5])); 220 } 221 printk(KERN_DEBUG "stf-barrier: patched %d exit locations (%s barrier)\n", i, 222 (types == STF_BARRIER_NONE) ? "no" : 223 (types == STF_BARRIER_FALLBACK) ? "fallback" : 224 (types == STF_BARRIER_EIEIO) ? "eieio" : 225 (types == (STF_BARRIER_SYNC_ORI)) ? "hwsync" 226 : "unknown"); 227 } 228 229 static bool stf_exit_reentrant = false; 230 static bool rfi_exit_reentrant = false; 231 232 static int __do_stf_barrier_fixups(void *data) 233 { 234 enum stf_barrier_type *types = data; 235 236 do_stf_entry_barrier_fixups(*types); 237 do_stf_exit_barrier_fixups(*types); 238 239 return 0; 240 } 241 242 void do_stf_barrier_fixups(enum stf_barrier_type types) 243 { 244 /* 245 * The call to the fallback entry flush, and the fallback/sync-ori exit 246 * flush can not be safely patched in/out while other CPUs are 247 * executing them. So call __do_stf_barrier_fixups() on one CPU while 248 * all other CPUs spin in the stop machine core with interrupts hard 249 * disabled. 250 * 251 * The branch to mark interrupt exits non-reentrant is enabled first, 252 * then stop_machine runs which will ensure all CPUs are out of the 253 * low level interrupt exit code before patching. After the patching, 254 * if allowed, then flip the branch to allow fast exits. 255 */ 256 static_branch_enable(&interrupt_exit_not_reentrant); 257 258 stop_machine(__do_stf_barrier_fixups, &types, NULL); 259 260 if ((types & STF_BARRIER_FALLBACK) || (types & STF_BARRIER_SYNC_ORI)) 261 stf_exit_reentrant = false; 262 else 263 stf_exit_reentrant = true; 264 265 if (stf_exit_reentrant && rfi_exit_reentrant) 266 static_branch_disable(&interrupt_exit_not_reentrant); 267 } 268 269 void do_uaccess_flush_fixups(enum l1d_flush_type types) 270 { 271 unsigned int instrs[4], *dest; 272 long *start, *end; 273 int i; 274 275 start = PTRRELOC(&__start___uaccess_flush_fixup); 276 end = PTRRELOC(&__stop___uaccess_flush_fixup); 277 278 instrs[0] = PPC_RAW_NOP(); 279 instrs[1] = PPC_RAW_NOP(); 280 instrs[2] = PPC_RAW_NOP(); 281 instrs[3] = PPC_RAW_BLR(); 282 283 i = 0; 284 if (types == L1D_FLUSH_FALLBACK) { 285 instrs[3] = PPC_RAW_NOP(); 286 /* fallthrough to fallback flush */ 287 } 288 289 if (types & L1D_FLUSH_ORI) { 290 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */ 291 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */ 292 } 293 294 if (types & L1D_FLUSH_MTTRIG) 295 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0); 296 297 for (i = 0; start < end; start++, i++) { 298 dest = (void *)start + *start; 299 300 pr_devel("patching dest %lx\n", (unsigned long)dest); 301 302 patch_instruction(dest, ppc_inst(instrs[0])); 303 304 patch_instruction(dest + 1, ppc_inst(instrs[1])); 305 patch_instruction(dest + 2, ppc_inst(instrs[2])); 306 patch_instruction(dest + 3, ppc_inst(instrs[3])); 307 } 308 309 printk(KERN_DEBUG "uaccess-flush: patched %d locations (%s flush)\n", i, 310 (types == L1D_FLUSH_NONE) ? "no" : 311 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" : 312 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG) 313 ? "ori+mttrig type" 314 : "ori type" : 315 (types & L1D_FLUSH_MTTRIG) ? "mttrig type" 316 : "unknown"); 317 } 318 319 static int __do_entry_flush_fixups(void *data) 320 { 321 enum l1d_flush_type types = *(enum l1d_flush_type *)data; 322 unsigned int instrs[3], *dest; 323 long *start, *end; 324 int i; 325 326 instrs[0] = PPC_RAW_NOP(); 327 instrs[1] = PPC_RAW_NOP(); 328 instrs[2] = PPC_RAW_NOP(); 329 330 i = 0; 331 if (types == L1D_FLUSH_FALLBACK) { 332 instrs[i++] = PPC_RAW_MFLR(_R10); 333 instrs[i++] = PPC_RAW_NOP(); /* branch patched below */ 334 instrs[i++] = PPC_RAW_MTLR(_R10); 335 } 336 337 if (types & L1D_FLUSH_ORI) { 338 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */ 339 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */ 340 } 341 342 if (types & L1D_FLUSH_MTTRIG) 343 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0); 344 345 /* 346 * If we're patching in or out the fallback flush we need to be careful about the 347 * order in which we patch instructions. That's because it's possible we could 348 * take a page fault after patching one instruction, so the sequence of 349 * instructions must be safe even in a half patched state. 350 * 351 * To make that work, when patching in the fallback flush we patch in this order: 352 * - the mflr (dest) 353 * - the mtlr (dest + 2) 354 * - the branch (dest + 1) 355 * 356 * That ensures the sequence is safe to execute at any point. In contrast if we 357 * patch the mtlr last, it's possible we could return from the branch and not 358 * restore LR, leading to a crash later. 359 * 360 * When patching out the fallback flush (either with nops or another flush type), 361 * we patch in this order: 362 * - the branch (dest + 1) 363 * - the mtlr (dest + 2) 364 * - the mflr (dest) 365 * 366 * Note we are protected by stop_machine() from other CPUs executing the code in a 367 * semi-patched state. 368 */ 369 370 start = PTRRELOC(&__start___entry_flush_fixup); 371 end = PTRRELOC(&__stop___entry_flush_fixup); 372 for (i = 0; start < end; start++, i++) { 373 dest = (void *)start + *start; 374 375 pr_devel("patching dest %lx\n", (unsigned long)dest); 376 377 if (types == L1D_FLUSH_FALLBACK) { 378 patch_instruction(dest, ppc_inst(instrs[0])); 379 patch_instruction(dest + 2, ppc_inst(instrs[2])); 380 patch_branch(dest + 1, 381 (unsigned long)&entry_flush_fallback, BRANCH_SET_LINK); 382 } else { 383 patch_instruction(dest + 1, ppc_inst(instrs[1])); 384 patch_instruction(dest + 2, ppc_inst(instrs[2])); 385 patch_instruction(dest, ppc_inst(instrs[0])); 386 } 387 } 388 389 start = PTRRELOC(&__start___scv_entry_flush_fixup); 390 end = PTRRELOC(&__stop___scv_entry_flush_fixup); 391 for (; start < end; start++, i++) { 392 dest = (void *)start + *start; 393 394 pr_devel("patching dest %lx\n", (unsigned long)dest); 395 396 if (types == L1D_FLUSH_FALLBACK) { 397 patch_instruction(dest, ppc_inst(instrs[0])); 398 patch_instruction(dest + 2, ppc_inst(instrs[2])); 399 patch_branch(dest + 1, 400 (unsigned long)&scv_entry_flush_fallback, BRANCH_SET_LINK); 401 } else { 402 patch_instruction(dest + 1, ppc_inst(instrs[1])); 403 patch_instruction(dest + 2, ppc_inst(instrs[2])); 404 patch_instruction(dest, ppc_inst(instrs[0])); 405 } 406 } 407 408 409 printk(KERN_DEBUG "entry-flush: patched %d locations (%s flush)\n", i, 410 (types == L1D_FLUSH_NONE) ? "no" : 411 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" : 412 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG) 413 ? "ori+mttrig type" 414 : "ori type" : 415 (types & L1D_FLUSH_MTTRIG) ? "mttrig type" 416 : "unknown"); 417 418 return 0; 419 } 420 421 void do_entry_flush_fixups(enum l1d_flush_type types) 422 { 423 /* 424 * The call to the fallback flush can not be safely patched in/out while 425 * other CPUs are executing it. So call __do_entry_flush_fixups() on one 426 * CPU while all other CPUs spin in the stop machine core with interrupts 427 * hard disabled. 428 */ 429 stop_machine(__do_entry_flush_fixups, &types, NULL); 430 } 431 432 static int __do_rfi_flush_fixups(void *data) 433 { 434 enum l1d_flush_type types = *(enum l1d_flush_type *)data; 435 unsigned int instrs[3], *dest; 436 long *start, *end; 437 int i; 438 439 start = PTRRELOC(&__start___rfi_flush_fixup); 440 end = PTRRELOC(&__stop___rfi_flush_fixup); 441 442 instrs[0] = PPC_RAW_NOP(); 443 instrs[1] = PPC_RAW_NOP(); 444 instrs[2] = PPC_RAW_NOP(); 445 446 if (types & L1D_FLUSH_FALLBACK) 447 /* b .+16 to fallback flush */ 448 instrs[0] = PPC_INST_BRANCH | 16; 449 450 i = 0; 451 if (types & L1D_FLUSH_ORI) { 452 instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */ 453 instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */ 454 } 455 456 if (types & L1D_FLUSH_MTTRIG) 457 instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0); 458 459 for (i = 0; start < end; start++, i++) { 460 dest = (void *)start + *start; 461 462 pr_devel("patching dest %lx\n", (unsigned long)dest); 463 464 patch_instruction(dest, ppc_inst(instrs[0])); 465 patch_instruction(dest + 1, ppc_inst(instrs[1])); 466 patch_instruction(dest + 2, ppc_inst(instrs[2])); 467 } 468 469 printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i, 470 (types == L1D_FLUSH_NONE) ? "no" : 471 (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" : 472 (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG) 473 ? "ori+mttrig type" 474 : "ori type" : 475 (types & L1D_FLUSH_MTTRIG) ? "mttrig type" 476 : "unknown"); 477 478 return 0; 479 } 480 481 void do_rfi_flush_fixups(enum l1d_flush_type types) 482 { 483 /* 484 * stop_machine gets all CPUs out of the interrupt exit handler same 485 * as do_stf_barrier_fixups. do_rfi_flush_fixups patching can run 486 * without stop_machine, so this could be achieved with a broadcast 487 * IPI instead, but this matches the stf sequence. 488 */ 489 static_branch_enable(&interrupt_exit_not_reentrant); 490 491 stop_machine(__do_rfi_flush_fixups, &types, NULL); 492 493 if (types & L1D_FLUSH_FALLBACK) 494 rfi_exit_reentrant = false; 495 else 496 rfi_exit_reentrant = true; 497 498 if (stf_exit_reentrant && rfi_exit_reentrant) 499 static_branch_disable(&interrupt_exit_not_reentrant); 500 } 501 502 void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end) 503 { 504 unsigned int instr, *dest; 505 long *start, *end; 506 int i; 507 508 start = fixup_start; 509 end = fixup_end; 510 511 instr = PPC_RAW_NOP(); 512 513 if (enable) { 514 pr_info("barrier-nospec: using ORI speculation barrier\n"); 515 instr = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */ 516 } 517 518 for (i = 0; start < end; start++, i++) { 519 dest = (void *)start + *start; 520 521 pr_devel("patching dest %lx\n", (unsigned long)dest); 522 patch_instruction(dest, ppc_inst(instr)); 523 } 524 525 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i); 526 } 527 528 #endif /* CONFIG_PPC_BOOK3S_64 */ 529 530 #ifdef CONFIG_PPC_BARRIER_NOSPEC 531 void do_barrier_nospec_fixups(bool enable) 532 { 533 void *start, *end; 534 535 start = PTRRELOC(&__start___barrier_nospec_fixup); 536 end = PTRRELOC(&__stop___barrier_nospec_fixup); 537 538 do_barrier_nospec_fixups_range(enable, start, end); 539 } 540 #endif /* CONFIG_PPC_BARRIER_NOSPEC */ 541 542 #ifdef CONFIG_PPC_FSL_BOOK3E 543 void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end) 544 { 545 unsigned int instr[2], *dest; 546 long *start, *end; 547 int i; 548 549 start = fixup_start; 550 end = fixup_end; 551 552 instr[0] = PPC_RAW_NOP(); 553 instr[1] = PPC_RAW_NOP(); 554 555 if (enable) { 556 pr_info("barrier-nospec: using isync; sync as speculation barrier\n"); 557 instr[0] = PPC_RAW_ISYNC(); 558 instr[1] = PPC_RAW_SYNC(); 559 } 560 561 for (i = 0; start < end; start++, i++) { 562 dest = (void *)start + *start; 563 564 pr_devel("patching dest %lx\n", (unsigned long)dest); 565 patch_instruction(dest, ppc_inst(instr[0])); 566 patch_instruction(dest + 1, ppc_inst(instr[1])); 567 } 568 569 printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i); 570 } 571 572 static void patch_btb_flush_section(long *curr) 573 { 574 unsigned int *start, *end; 575 576 start = (void *)curr + *curr; 577 end = (void *)curr + *(curr + 1); 578 for (; start < end; start++) { 579 pr_devel("patching dest %lx\n", (unsigned long)start); 580 patch_instruction(start, ppc_inst(PPC_RAW_NOP())); 581 } 582 } 583 584 void do_btb_flush_fixups(void) 585 { 586 long *start, *end; 587 588 start = PTRRELOC(&__start__btb_flush_fixup); 589 end = PTRRELOC(&__stop__btb_flush_fixup); 590 591 for (; start < end; start += 2) 592 patch_btb_flush_section(start); 593 } 594 #endif /* CONFIG_PPC_FSL_BOOK3E */ 595 596 void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end) 597 { 598 long *start, *end; 599 u32 *dest; 600 601 if (!(value & CPU_FTR_LWSYNC)) 602 return ; 603 604 start = fixup_start; 605 end = fixup_end; 606 607 for (; start < end; start++) { 608 dest = (void *)start + *start; 609 raw_patch_instruction(dest, ppc_inst(PPC_INST_LWSYNC)); 610 } 611 } 612 613 static void do_final_fixups(void) 614 { 615 #if defined(CONFIG_PPC64) && defined(CONFIG_RELOCATABLE) 616 struct ppc_inst inst; 617 u32 *src, *dest, *end; 618 619 if (PHYSICAL_START == 0) 620 return; 621 622 src = (u32 *)(KERNELBASE + PHYSICAL_START); 623 dest = (u32 *)KERNELBASE; 624 end = (void *)src + (__end_interrupts - _stext); 625 626 while (src < end) { 627 inst = ppc_inst_read(src); 628 raw_patch_instruction(dest, inst); 629 src = ppc_inst_next(src, src); 630 dest = ppc_inst_next(dest, dest); 631 } 632 #endif 633 } 634 635 static unsigned long __initdata saved_cpu_features; 636 static unsigned int __initdata saved_mmu_features; 637 #ifdef CONFIG_PPC64 638 static unsigned long __initdata saved_firmware_features; 639 #endif 640 641 void __init apply_feature_fixups(void) 642 { 643 struct cpu_spec *spec = PTRRELOC(*PTRRELOC(&cur_cpu_spec)); 644 645 *PTRRELOC(&saved_cpu_features) = spec->cpu_features; 646 *PTRRELOC(&saved_mmu_features) = spec->mmu_features; 647 648 /* 649 * Apply the CPU-specific and firmware specific fixups to kernel text 650 * (nop out sections not relevant to this CPU or this firmware). 651 */ 652 do_feature_fixups(spec->cpu_features, 653 PTRRELOC(&__start___ftr_fixup), 654 PTRRELOC(&__stop___ftr_fixup)); 655 656 do_feature_fixups(spec->mmu_features, 657 PTRRELOC(&__start___mmu_ftr_fixup), 658 PTRRELOC(&__stop___mmu_ftr_fixup)); 659 660 do_lwsync_fixups(spec->cpu_features, 661 PTRRELOC(&__start___lwsync_fixup), 662 PTRRELOC(&__stop___lwsync_fixup)); 663 664 #ifdef CONFIG_PPC64 665 saved_firmware_features = powerpc_firmware_features; 666 do_feature_fixups(powerpc_firmware_features, 667 &__start___fw_ftr_fixup, &__stop___fw_ftr_fixup); 668 #endif 669 do_final_fixups(); 670 } 671 672 void __init setup_feature_keys(void) 673 { 674 /* 675 * Initialise jump label. This causes all the cpu/mmu_has_feature() 676 * checks to take on their correct polarity based on the current set of 677 * CPU/MMU features. 678 */ 679 jump_label_init(); 680 cpu_feature_keys_init(); 681 mmu_feature_keys_init(); 682 } 683 684 static int __init check_features(void) 685 { 686 WARN(saved_cpu_features != cur_cpu_spec->cpu_features, 687 "CPU features changed after feature patching!\n"); 688 WARN(saved_mmu_features != cur_cpu_spec->mmu_features, 689 "MMU features changed after feature patching!\n"); 690 #ifdef CONFIG_PPC64 691 WARN(saved_firmware_features != powerpc_firmware_features, 692 "Firmware features changed after feature patching!\n"); 693 #endif 694 695 return 0; 696 } 697 late_initcall(check_features); 698 699 #ifdef CONFIG_FTR_FIXUP_SELFTEST 700 701 #define check(x) \ 702 if (!(x)) printk("feature-fixups: test failed at line %d\n", __LINE__); 703 704 /* This must be after the text it fixes up, vmlinux.lds.S enforces that atm */ 705 static struct fixup_entry fixup; 706 707 static long calc_offset(struct fixup_entry *entry, unsigned int *p) 708 { 709 return (unsigned long)p - (unsigned long)entry; 710 } 711 712 static void test_basic_patching(void) 713 { 714 extern unsigned int ftr_fixup_test1[]; 715 extern unsigned int end_ftr_fixup_test1[]; 716 extern unsigned int ftr_fixup_test1_orig[]; 717 extern unsigned int ftr_fixup_test1_expected[]; 718 int size = 4 * (end_ftr_fixup_test1 - ftr_fixup_test1); 719 720 fixup.value = fixup.mask = 8; 721 fixup.start_off = calc_offset(&fixup, ftr_fixup_test1 + 1); 722 fixup.end_off = calc_offset(&fixup, ftr_fixup_test1 + 2); 723 fixup.alt_start_off = fixup.alt_end_off = 0; 724 725 /* Sanity check */ 726 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0); 727 728 /* Check we don't patch if the value matches */ 729 patch_feature_section(8, &fixup); 730 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0); 731 732 /* Check we do patch if the value doesn't match */ 733 patch_feature_section(0, &fixup); 734 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0); 735 736 /* Check we do patch if the mask doesn't match */ 737 memcpy(ftr_fixup_test1, ftr_fixup_test1_orig, size); 738 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0); 739 patch_feature_section(~8, &fixup); 740 check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0); 741 } 742 743 static void test_alternative_patching(void) 744 { 745 extern unsigned int ftr_fixup_test2[]; 746 extern unsigned int end_ftr_fixup_test2[]; 747 extern unsigned int ftr_fixup_test2_orig[]; 748 extern unsigned int ftr_fixup_test2_alt[]; 749 extern unsigned int ftr_fixup_test2_expected[]; 750 int size = 4 * (end_ftr_fixup_test2 - ftr_fixup_test2); 751 752 fixup.value = fixup.mask = 0xF; 753 fixup.start_off = calc_offset(&fixup, ftr_fixup_test2 + 1); 754 fixup.end_off = calc_offset(&fixup, ftr_fixup_test2 + 2); 755 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test2_alt); 756 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test2_alt + 1); 757 758 /* Sanity check */ 759 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0); 760 761 /* Check we don't patch if the value matches */ 762 patch_feature_section(0xF, &fixup); 763 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0); 764 765 /* Check we do patch if the value doesn't match */ 766 patch_feature_section(0, &fixup); 767 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0); 768 769 /* Check we do patch if the mask doesn't match */ 770 memcpy(ftr_fixup_test2, ftr_fixup_test2_orig, size); 771 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0); 772 patch_feature_section(~0xF, &fixup); 773 check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0); 774 } 775 776 static void test_alternative_case_too_big(void) 777 { 778 extern unsigned int ftr_fixup_test3[]; 779 extern unsigned int end_ftr_fixup_test3[]; 780 extern unsigned int ftr_fixup_test3_orig[]; 781 extern unsigned int ftr_fixup_test3_alt[]; 782 int size = 4 * (end_ftr_fixup_test3 - ftr_fixup_test3); 783 784 fixup.value = fixup.mask = 0xC; 785 fixup.start_off = calc_offset(&fixup, ftr_fixup_test3 + 1); 786 fixup.end_off = calc_offset(&fixup, ftr_fixup_test3 + 2); 787 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test3_alt); 788 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test3_alt + 2); 789 790 /* Sanity check */ 791 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0); 792 793 /* Expect nothing to be patched, and the error returned to us */ 794 check(patch_feature_section(0xF, &fixup) == 1); 795 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0); 796 check(patch_feature_section(0, &fixup) == 1); 797 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0); 798 check(patch_feature_section(~0xF, &fixup) == 1); 799 check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0); 800 } 801 802 static void test_alternative_case_too_small(void) 803 { 804 extern unsigned int ftr_fixup_test4[]; 805 extern unsigned int end_ftr_fixup_test4[]; 806 extern unsigned int ftr_fixup_test4_orig[]; 807 extern unsigned int ftr_fixup_test4_alt[]; 808 extern unsigned int ftr_fixup_test4_expected[]; 809 int size = 4 * (end_ftr_fixup_test4 - ftr_fixup_test4); 810 unsigned long flag; 811 812 /* Check a high-bit flag */ 813 flag = 1UL << ((sizeof(unsigned long) - 1) * 8); 814 fixup.value = fixup.mask = flag; 815 fixup.start_off = calc_offset(&fixup, ftr_fixup_test4 + 1); 816 fixup.end_off = calc_offset(&fixup, ftr_fixup_test4 + 5); 817 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test4_alt); 818 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test4_alt + 2); 819 820 /* Sanity check */ 821 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0); 822 823 /* Check we don't patch if the value matches */ 824 patch_feature_section(flag, &fixup); 825 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0); 826 827 /* Check we do patch if the value doesn't match */ 828 patch_feature_section(0, &fixup); 829 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0); 830 831 /* Check we do patch if the mask doesn't match */ 832 memcpy(ftr_fixup_test4, ftr_fixup_test4_orig, size); 833 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0); 834 patch_feature_section(~flag, &fixup); 835 check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0); 836 } 837 838 static void test_alternative_case_with_branch(void) 839 { 840 extern unsigned int ftr_fixup_test5[]; 841 extern unsigned int end_ftr_fixup_test5[]; 842 extern unsigned int ftr_fixup_test5_expected[]; 843 int size = 4 * (end_ftr_fixup_test5 - ftr_fixup_test5); 844 845 check(memcmp(ftr_fixup_test5, ftr_fixup_test5_expected, size) == 0); 846 } 847 848 static void test_alternative_case_with_external_branch(void) 849 { 850 extern unsigned int ftr_fixup_test6[]; 851 extern unsigned int end_ftr_fixup_test6[]; 852 extern unsigned int ftr_fixup_test6_expected[]; 853 int size = 4 * (end_ftr_fixup_test6 - ftr_fixup_test6); 854 855 check(memcmp(ftr_fixup_test6, ftr_fixup_test6_expected, size) == 0); 856 } 857 858 static void test_alternative_case_with_branch_to_end(void) 859 { 860 extern unsigned int ftr_fixup_test7[]; 861 extern unsigned int end_ftr_fixup_test7[]; 862 extern unsigned int ftr_fixup_test7_expected[]; 863 int size = 4 * (end_ftr_fixup_test7 - ftr_fixup_test7); 864 865 check(memcmp(ftr_fixup_test7, ftr_fixup_test7_expected, size) == 0); 866 } 867 868 static void test_cpu_macros(void) 869 { 870 extern u8 ftr_fixup_test_FTR_macros[]; 871 extern u8 ftr_fixup_test_FTR_macros_expected[]; 872 unsigned long size = ftr_fixup_test_FTR_macros_expected - 873 ftr_fixup_test_FTR_macros; 874 875 /* The fixups have already been done for us during boot */ 876 check(memcmp(ftr_fixup_test_FTR_macros, 877 ftr_fixup_test_FTR_macros_expected, size) == 0); 878 } 879 880 static void test_fw_macros(void) 881 { 882 #ifdef CONFIG_PPC64 883 extern u8 ftr_fixup_test_FW_FTR_macros[]; 884 extern u8 ftr_fixup_test_FW_FTR_macros_expected[]; 885 unsigned long size = ftr_fixup_test_FW_FTR_macros_expected - 886 ftr_fixup_test_FW_FTR_macros; 887 888 /* The fixups have already been done for us during boot */ 889 check(memcmp(ftr_fixup_test_FW_FTR_macros, 890 ftr_fixup_test_FW_FTR_macros_expected, size) == 0); 891 #endif 892 } 893 894 static void test_lwsync_macros(void) 895 { 896 extern u8 lwsync_fixup_test[]; 897 extern u8 end_lwsync_fixup_test[]; 898 extern u8 lwsync_fixup_test_expected_LWSYNC[]; 899 extern u8 lwsync_fixup_test_expected_SYNC[]; 900 unsigned long size = end_lwsync_fixup_test - 901 lwsync_fixup_test; 902 903 /* The fixups have already been done for us during boot */ 904 if (cur_cpu_spec->cpu_features & CPU_FTR_LWSYNC) { 905 check(memcmp(lwsync_fixup_test, 906 lwsync_fixup_test_expected_LWSYNC, size) == 0); 907 } else { 908 check(memcmp(lwsync_fixup_test, 909 lwsync_fixup_test_expected_SYNC, size) == 0); 910 } 911 } 912 913 #ifdef CONFIG_PPC64 914 static void __init test_prefix_patching(void) 915 { 916 extern unsigned int ftr_fixup_prefix1[]; 917 extern unsigned int end_ftr_fixup_prefix1[]; 918 extern unsigned int ftr_fixup_prefix1_orig[]; 919 extern unsigned int ftr_fixup_prefix1_expected[]; 920 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix1 - ftr_fixup_prefix1); 921 922 fixup.value = fixup.mask = 8; 923 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix1 + 1); 924 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix1 + 3); 925 fixup.alt_start_off = fixup.alt_end_off = 0; 926 927 /* Sanity check */ 928 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) == 0); 929 930 patch_feature_section(0, &fixup); 931 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_expected, size) == 0); 932 check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) != 0); 933 } 934 935 static void __init test_prefix_alt_patching(void) 936 { 937 extern unsigned int ftr_fixup_prefix2[]; 938 extern unsigned int end_ftr_fixup_prefix2[]; 939 extern unsigned int ftr_fixup_prefix2_orig[]; 940 extern unsigned int ftr_fixup_prefix2_expected[]; 941 extern unsigned int ftr_fixup_prefix2_alt[]; 942 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix2 - ftr_fixup_prefix2); 943 944 fixup.value = fixup.mask = 8; 945 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix2 + 1); 946 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix2 + 3); 947 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix2_alt); 948 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix2_alt + 2); 949 /* Sanity check */ 950 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) == 0); 951 952 patch_feature_section(0, &fixup); 953 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_expected, size) == 0); 954 check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) != 0); 955 } 956 957 static void __init test_prefix_word_alt_patching(void) 958 { 959 extern unsigned int ftr_fixup_prefix3[]; 960 extern unsigned int end_ftr_fixup_prefix3[]; 961 extern unsigned int ftr_fixup_prefix3_orig[]; 962 extern unsigned int ftr_fixup_prefix3_expected[]; 963 extern unsigned int ftr_fixup_prefix3_alt[]; 964 int size = sizeof(unsigned int) * (end_ftr_fixup_prefix3 - ftr_fixup_prefix3); 965 966 fixup.value = fixup.mask = 8; 967 fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix3 + 1); 968 fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix3 + 4); 969 fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix3_alt); 970 fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix3_alt + 3); 971 /* Sanity check */ 972 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) == 0); 973 974 patch_feature_section(0, &fixup); 975 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_expected, size) == 0); 976 patch_feature_section(0, &fixup); 977 check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) != 0); 978 } 979 #else 980 static inline void test_prefix_patching(void) {} 981 static inline void test_prefix_alt_patching(void) {} 982 static inline void test_prefix_word_alt_patching(void) {} 983 #endif /* CONFIG_PPC64 */ 984 985 static int __init test_feature_fixups(void) 986 { 987 printk(KERN_DEBUG "Running feature fixup self-tests ...\n"); 988 989 test_basic_patching(); 990 test_alternative_patching(); 991 test_alternative_case_too_big(); 992 test_alternative_case_too_small(); 993 test_alternative_case_with_branch(); 994 test_alternative_case_with_external_branch(); 995 test_alternative_case_with_branch_to_end(); 996 test_cpu_macros(); 997 test_fw_macros(); 998 test_lwsync_macros(); 999 test_prefix_patching(); 1000 test_prefix_alt_patching(); 1001 test_prefix_word_alt_patching(); 1002 1003 return 0; 1004 } 1005 late_initcall(test_feature_fixups); 1006 1007 #endif /* CONFIG_FTR_FIXUP_SELFTEST */ 1008