linux/arch/arm64/kernel/armv8_deprecated.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 *  Copyright (C) 2014 ARM Limited
   4 */
   5
   6#include <linux/cpu.h>
   7#include <linux/init.h>
   8#include <linux/list.h>
   9#include <linux/perf_event.h>
  10#include <linux/sched.h>
  11#include <linux/slab.h>
  12#include <linux/sysctl.h>
  13#include <linux/uaccess.h>
  14
  15#include <asm/cpufeature.h>
  16#include <asm/insn.h>
  17#include <asm/sysreg.h>
  18#include <asm/system_misc.h>
  19#include <asm/traps.h>
  20#include <asm/kprobes.h>
  21
  22#define CREATE_TRACE_POINTS
  23#include "trace-events-emulation.h"
  24
  25/*
  26 * The runtime support for deprecated instruction support can be in one of
  27 * following three states -
  28 *
  29 * 0 = undef
  30 * 1 = emulate (software emulation)
  31 * 2 = hw (supported in hardware)
  32 */
  33enum insn_emulation_mode {
  34        INSN_UNDEF,
  35        INSN_EMULATE,
  36        INSN_HW,
  37};
  38
  39enum legacy_insn_status {
  40        INSN_DEPRECATED,
  41        INSN_OBSOLETE,
  42};
  43
  44struct insn_emulation_ops {
  45        const char              *name;
  46        enum legacy_insn_status status;
  47        struct undef_hook       *hooks;
  48        int                     (*set_hw_mode)(bool enable);
  49};
  50
  51struct insn_emulation {
  52        struct list_head node;
  53        struct insn_emulation_ops *ops;
  54        int current_mode;
  55        int min;
  56        int max;
  57};
  58
  59static LIST_HEAD(insn_emulation);
  60static int nr_insn_emulated __initdata;
  61static DEFINE_RAW_SPINLOCK(insn_emulation_lock);
  62
  63static void register_emulation_hooks(struct insn_emulation_ops *ops)
  64{
  65        struct undef_hook *hook;
  66
  67        BUG_ON(!ops->hooks);
  68
  69        for (hook = ops->hooks; hook->instr_mask; hook++)
  70                register_undef_hook(hook);
  71
  72        pr_notice("Registered %s emulation handler\n", ops->name);
  73}
  74
  75static void remove_emulation_hooks(struct insn_emulation_ops *ops)
  76{
  77        struct undef_hook *hook;
  78
  79        BUG_ON(!ops->hooks);
  80
  81        for (hook = ops->hooks; hook->instr_mask; hook++)
  82                unregister_undef_hook(hook);
  83
  84        pr_notice("Removed %s emulation handler\n", ops->name);
  85}
  86
  87static void enable_insn_hw_mode(void *data)
  88{
  89        struct insn_emulation *insn = (struct insn_emulation *)data;
  90        if (insn->ops->set_hw_mode)
  91                insn->ops->set_hw_mode(true);
  92}
  93
  94static void disable_insn_hw_mode(void *data)
  95{
  96        struct insn_emulation *insn = (struct insn_emulation *)data;
  97        if (insn->ops->set_hw_mode)
  98                insn->ops->set_hw_mode(false);
  99}
 100
 101/* Run set_hw_mode(mode) on all active CPUs */
 102static int run_all_cpu_set_hw_mode(struct insn_emulation *insn, bool enable)
 103{
 104        if (!insn->ops->set_hw_mode)
 105                return -EINVAL;
 106        if (enable)
 107                on_each_cpu(enable_insn_hw_mode, (void *)insn, true);
 108        else
 109                on_each_cpu(disable_insn_hw_mode, (void *)insn, true);
 110        return 0;
 111}
 112
 113/*
 114 * Run set_hw_mode for all insns on a starting CPU.
 115 * Returns:
 116 *  0           - If all the hooks ran successfully.
 117 * -EINVAL      - At least one hook is not supported by the CPU.
 118 */
 119static int run_all_insn_set_hw_mode(unsigned int cpu)
 120{
 121        int rc = 0;
 122        unsigned long flags;
 123        struct insn_emulation *insn;
 124
 125        raw_spin_lock_irqsave(&insn_emulation_lock, flags);
 126        list_for_each_entry(insn, &insn_emulation, node) {
 127                bool enable = (insn->current_mode == INSN_HW);
 128                if (insn->ops->set_hw_mode && insn->ops->set_hw_mode(enable)) {
 129                        pr_warn("CPU[%u] cannot support the emulation of %s",
 130                                cpu, insn->ops->name);
 131                        rc = -EINVAL;
 132                }
 133        }
 134        raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
 135        return rc;
 136}
 137
 138static int update_insn_emulation_mode(struct insn_emulation *insn,
 139                                       enum insn_emulation_mode prev)
 140{
 141        int ret = 0;
 142
 143        switch (prev) {
 144        case INSN_UNDEF: /* Nothing to be done */
 145                break;
 146        case INSN_EMULATE:
 147                remove_emulation_hooks(insn->ops);
 148                break;
 149        case INSN_HW:
 150                if (!run_all_cpu_set_hw_mode(insn, false))
 151                        pr_notice("Disabled %s support\n", insn->ops->name);
 152                break;
 153        }
 154
 155        switch (insn->current_mode) {
 156        case INSN_UNDEF:
 157                break;
 158        case INSN_EMULATE:
 159                register_emulation_hooks(insn->ops);
 160                break;
 161        case INSN_HW:
 162                ret = run_all_cpu_set_hw_mode(insn, true);
 163                if (!ret)
 164                        pr_notice("Enabled %s support\n", insn->ops->name);
 165                break;
 166        }
 167
 168        return ret;
 169}
 170
 171static void __init register_insn_emulation(struct insn_emulation_ops *ops)
 172{
 173        unsigned long flags;
 174        struct insn_emulation *insn;
 175
 176        insn = kzalloc(sizeof(*insn), GFP_KERNEL);
 177        if (!insn)
 178                return;
 179
 180        insn->ops = ops;
 181        insn->min = INSN_UNDEF;
 182
 183        switch (ops->status) {
 184        case INSN_DEPRECATED:
 185                insn->current_mode = INSN_EMULATE;
 186                /* Disable the HW mode if it was turned on at early boot time */
 187                run_all_cpu_set_hw_mode(insn, false);
 188                insn->max = INSN_HW;
 189                break;
 190        case INSN_OBSOLETE:
 191                insn->current_mode = INSN_UNDEF;
 192                insn->max = INSN_EMULATE;
 193                break;
 194        }
 195
 196        raw_spin_lock_irqsave(&insn_emulation_lock, flags);
 197        list_add(&insn->node, &insn_emulation);
 198        nr_insn_emulated++;
 199        raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
 200
 201        /* Register any handlers if required */
 202        update_insn_emulation_mode(insn, INSN_UNDEF);
 203}
 204
 205static int emulation_proc_handler(struct ctl_table *table, int write,
 206                                  void __user *buffer, size_t *lenp,
 207                                  loff_t *ppos)
 208{
 209        int ret = 0;
 210        struct insn_emulation *insn = (struct insn_emulation *) table->data;
 211        enum insn_emulation_mode prev_mode = insn->current_mode;
 212
 213        table->data = &insn->current_mode;
 214        ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
 215
 216        if (ret || !write || prev_mode == insn->current_mode)
 217                goto ret;
 218
 219        ret = update_insn_emulation_mode(insn, prev_mode);
 220        if (ret) {
 221                /* Mode change failed, revert to previous mode. */
 222                insn->current_mode = prev_mode;
 223                update_insn_emulation_mode(insn, INSN_UNDEF);
 224        }
 225ret:
 226        table->data = insn;
 227        return ret;
 228}
 229
 230static void __init register_insn_emulation_sysctl(void)
 231{
 232        unsigned long flags;
 233        int i = 0;
 234        struct insn_emulation *insn;
 235        struct ctl_table *insns_sysctl, *sysctl;
 236
 237        insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
 238                               GFP_KERNEL);
 239        if (!insns_sysctl)
 240                return;
 241
 242        raw_spin_lock_irqsave(&insn_emulation_lock, flags);
 243        list_for_each_entry(insn, &insn_emulation, node) {
 244                sysctl = &insns_sysctl[i];
 245
 246                sysctl->mode = 0644;
 247                sysctl->maxlen = sizeof(int);
 248
 249                sysctl->procname = insn->ops->name;
 250                sysctl->data = insn;
 251                sysctl->extra1 = &insn->min;
 252                sysctl->extra2 = &insn->max;
 253                sysctl->proc_handler = emulation_proc_handler;
 254                i++;
 255        }
 256        raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
 257
 258        register_sysctl("abi", insns_sysctl);
 259}
 260
 261/*
 262 *  Implement emulation of the SWP/SWPB instructions using load-exclusive and
 263 *  store-exclusive.
 264 *
 265 *  Syntax of SWP{B} instruction: SWP{B}<c> <Rt>, <Rt2>, [<Rn>]
 266 *  Where: Rt  = destination
 267 *         Rt2 = source
 268 *         Rn  = address
 269 */
 270
 271/*
 272 * Error-checking SWP macros implemented using ldxr{b}/stxr{b}
 273 */
 274
 275/* Arbitrary constant to ensure forward-progress of the LL/SC loop */
 276#define __SWP_LL_SC_LOOPS       4
 277
 278#define __user_swpX_asm(data, addr, res, temp, temp2, B)        \
 279do {                                                            \
 280        uaccess_enable();                                       \
 281        __asm__ __volatile__(                                   \
 282        "       mov             %w3, %w7\n"                     \
 283        "0:     ldxr"B"         %w2, [%4]\n"                    \
 284        "1:     stxr"B"         %w0, %w1, [%4]\n"               \
 285        "       cbz             %w0, 2f\n"                      \
 286        "       sub             %w3, %w3, #1\n"                 \
 287        "       cbnz            %w3, 0b\n"                      \
 288        "       mov             %w0, %w5\n"                     \
 289        "       b               3f\n"                           \
 290        "2:\n"                                                  \
 291        "       mov             %w1, %w2\n"                     \
 292        "3:\n"                                                  \
 293        "       .pushsection     .fixup,\"ax\"\n"               \
 294        "       .align          2\n"                            \
 295        "4:     mov             %w0, %w6\n"                     \
 296        "       b               3b\n"                           \
 297        "       .popsection"                                    \
 298        _ASM_EXTABLE(0b, 4b)                                    \
 299        _ASM_EXTABLE(1b, 4b)                                    \
 300        : "=&r" (res), "+r" (data), "=&r" (temp), "=&r" (temp2) \
 301        : "r" ((unsigned long)addr), "i" (-EAGAIN),             \
 302          "i" (-EFAULT),                                        \
 303          "i" (__SWP_LL_SC_LOOPS)                               \
 304        : "memory");                                            \
 305        uaccess_disable();                                      \
 306} while (0)
 307
 308#define __user_swp_asm(data, addr, res, temp, temp2) \
 309        __user_swpX_asm(data, addr, res, temp, temp2, "")
 310#define __user_swpb_asm(data, addr, res, temp, temp2) \
 311        __user_swpX_asm(data, addr, res, temp, temp2, "b")
 312
 313/*
 314 * Bit 22 of the instruction encoding distinguishes between
 315 * the SWP and SWPB variants (bit set means SWPB).
 316 */
 317#define TYPE_SWPB (1 << 22)
 318
 319static int emulate_swpX(unsigned int address, unsigned int *data,
 320                        unsigned int type)
 321{
 322        unsigned int res = 0;
 323
 324        if ((type != TYPE_SWPB) && (address & 0x3)) {
 325                /* SWP to unaligned address not permitted */
 326                pr_debug("SWP instruction on unaligned pointer!\n");
 327                return -EFAULT;
 328        }
 329
 330        while (1) {
 331                unsigned long temp, temp2;
 332
 333                if (type == TYPE_SWPB)
 334                        __user_swpb_asm(*data, address, res, temp, temp2);
 335                else
 336                        __user_swp_asm(*data, address, res, temp, temp2);
 337
 338                if (likely(res != -EAGAIN) || signal_pending(current))
 339                        break;
 340
 341                cond_resched();
 342        }
 343
 344        return res;
 345}
 346
 347#define ARM_OPCODE_CONDTEST_FAIL   0
 348#define ARM_OPCODE_CONDTEST_PASS   1
 349#define ARM_OPCODE_CONDTEST_UNCOND 2
 350
 351#define ARM_OPCODE_CONDITION_UNCOND     0xf
 352
 353static unsigned int __kprobes aarch32_check_condition(u32 opcode, u32 psr)
 354{
 355        u32 cc_bits  = opcode >> 28;
 356
 357        if (cc_bits != ARM_OPCODE_CONDITION_UNCOND) {
 358                if ((*aarch32_opcode_cond_checks[cc_bits])(psr))
 359                        return ARM_OPCODE_CONDTEST_PASS;
 360                else
 361                        return ARM_OPCODE_CONDTEST_FAIL;
 362        }
 363        return ARM_OPCODE_CONDTEST_UNCOND;
 364}
 365
 366/*
 367 * swp_handler logs the id of calling process, dissects the instruction, sanity
 368 * checks the memory location, calls emulate_swpX for the actual operation and
 369 * deals with fixup/error handling before returning
 370 */
 371static int swp_handler(struct pt_regs *regs, u32 instr)
 372{
 373        u32 destreg, data, type, address = 0;
 374        const void __user *user_ptr;
 375        int rn, rt2, res = 0;
 376
 377        perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);
 378
 379        type = instr & TYPE_SWPB;
 380
 381        switch (aarch32_check_condition(instr, regs->pstate)) {
 382        case ARM_OPCODE_CONDTEST_PASS:
 383                break;
 384        case ARM_OPCODE_CONDTEST_FAIL:
 385                /* Condition failed - return to next instruction */
 386                goto ret;
 387        case ARM_OPCODE_CONDTEST_UNCOND:
 388                /* If unconditional encoding - not a SWP, undef */
 389                return -EFAULT;
 390        default:
 391                return -EINVAL;
 392        }
 393
 394        rn = aarch32_insn_extract_reg_num(instr, A32_RN_OFFSET);
 395        rt2 = aarch32_insn_extract_reg_num(instr, A32_RT2_OFFSET);
 396
 397        address = (u32)regs->user_regs.regs[rn];
 398        data    = (u32)regs->user_regs.regs[rt2];
 399        destreg = aarch32_insn_extract_reg_num(instr, A32_RT_OFFSET);
 400
 401        pr_debug("addr in r%d->0x%08x, dest is r%d, source in r%d->0x%08x)\n",
 402                rn, address, destreg,
 403                aarch32_insn_extract_reg_num(instr, A32_RT2_OFFSET), data);
 404
 405        /* Check access in reasonable access range for both SWP and SWPB */
 406        user_ptr = (const void __user *)(unsigned long)(address & ~3);
 407        if (!access_ok(user_ptr, 4)) {
 408                pr_debug("SWP{B} emulation: access to 0x%08x not allowed!\n",
 409                        address);
 410                goto fault;
 411        }
 412
 413        res = emulate_swpX(address, &data, type);
 414        if (res == -EFAULT)
 415                goto fault;
 416        else if (res == 0)
 417                regs->user_regs.regs[destreg] = data;
 418
 419ret:
 420        if (type == TYPE_SWPB)
 421                trace_instruction_emulation("swpb", regs->pc);
 422        else
 423                trace_instruction_emulation("swp", regs->pc);
 424
 425        pr_warn_ratelimited("\"%s\" (%ld) uses obsolete SWP{B} instruction at 0x%llx\n",
 426                        current->comm, (unsigned long)current->pid, regs->pc);
 427
 428        arm64_skip_faulting_instruction(regs, 4);
 429        return 0;
 430
 431fault:
 432        pr_debug("SWP{B} emulation: access caused memory abort!\n");
 433        arm64_notify_segfault(address);
 434
 435        return 0;
 436}
 437
 438/*
 439 * Only emulate SWP/SWPB executed in ARM state/User mode.
 440 * The kernel must be SWP free and SWP{B} does not exist in Thumb.
 441 */
 442static struct undef_hook swp_hooks[] = {
 443        {
 444                .instr_mask     = 0x0fb00ff0,
 445                .instr_val      = 0x01000090,
 446                .pstate_mask    = PSR_AA32_MODE_MASK,
 447                .pstate_val     = PSR_AA32_MODE_USR,
 448                .fn             = swp_handler
 449        },
 450        { }
 451};
 452
 453static struct insn_emulation_ops swp_ops = {
 454        .name = "swp",
 455        .status = INSN_OBSOLETE,
 456        .hooks = swp_hooks,
 457        .set_hw_mode = NULL,
 458};
 459
 460static int cp15barrier_handler(struct pt_regs *regs, u32 instr)
 461{
 462        perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);
 463
 464        switch (aarch32_check_condition(instr, regs->pstate)) {
 465        case ARM_OPCODE_CONDTEST_PASS:
 466                break;
 467        case ARM_OPCODE_CONDTEST_FAIL:
 468                /* Condition failed - return to next instruction */
 469                goto ret;
 470        case ARM_OPCODE_CONDTEST_UNCOND:
 471                /* If unconditional encoding - not a barrier instruction */
 472                return -EFAULT;
 473        default:
 474                return -EINVAL;
 475        }
 476
 477        switch (aarch32_insn_mcr_extract_crm(instr)) {
 478        case 10:
 479                /*
 480                 * dmb - mcr p15, 0, Rt, c7, c10, 5
 481                 * dsb - mcr p15, 0, Rt, c7, c10, 4
 482                 */
 483                if (aarch32_insn_mcr_extract_opc2(instr) == 5) {
 484                        dmb(sy);
 485                        trace_instruction_emulation(
 486                                "mcr p15, 0, Rt, c7, c10, 5 ; dmb", regs->pc);
 487                } else {
 488                        dsb(sy);
 489                        trace_instruction_emulation(
 490                                "mcr p15, 0, Rt, c7, c10, 4 ; dsb", regs->pc);
 491                }
 492                break;
 493        case 5:
 494                /*
 495                 * isb - mcr p15, 0, Rt, c7, c5, 4
 496                 *
 497                 * Taking an exception or returning from one acts as an
 498                 * instruction barrier. So no explicit barrier needed here.
 499                 */
 500                trace_instruction_emulation(
 501                        "mcr p15, 0, Rt, c7, c5, 4 ; isb", regs->pc);
 502                break;
 503        }
 504
 505ret:
 506        pr_warn_ratelimited("\"%s\" (%ld) uses deprecated CP15 Barrier instruction at 0x%llx\n",
 507                        current->comm, (unsigned long)current->pid, regs->pc);
 508
 509        arm64_skip_faulting_instruction(regs, 4);
 510        return 0;
 511}
 512
 513static int cp15_barrier_set_hw_mode(bool enable)
 514{
 515        if (enable)
 516                sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_CP15BEN);
 517        else
 518                sysreg_clear_set(sctlr_el1, SCTLR_EL1_CP15BEN, 0);
 519        return 0;
 520}
 521
 522static struct undef_hook cp15_barrier_hooks[] = {
 523        {
 524                .instr_mask     = 0x0fff0fdf,
 525                .instr_val      = 0x0e070f9a,
 526                .pstate_mask    = PSR_AA32_MODE_MASK,
 527                .pstate_val     = PSR_AA32_MODE_USR,
 528                .fn             = cp15barrier_handler,
 529        },
 530        {
 531                .instr_mask     = 0x0fff0fff,
 532                .instr_val      = 0x0e070f95,
 533                .pstate_mask    = PSR_AA32_MODE_MASK,
 534                .pstate_val     = PSR_AA32_MODE_USR,
 535                .fn             = cp15barrier_handler,
 536        },
 537        { }
 538};
 539
 540static struct insn_emulation_ops cp15_barrier_ops = {
 541        .name = "cp15_barrier",
 542        .status = INSN_DEPRECATED,
 543        .hooks = cp15_barrier_hooks,
 544        .set_hw_mode = cp15_barrier_set_hw_mode,
 545};
 546
 547static int setend_set_hw_mode(bool enable)
 548{
 549        if (!cpu_supports_mixed_endian_el0())
 550                return -EINVAL;
 551
 552        if (enable)
 553                sysreg_clear_set(sctlr_el1, SCTLR_EL1_SED, 0);
 554        else
 555                sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_SED);
 556        return 0;
 557}
 558
 559static int compat_setend_handler(struct pt_regs *regs, u32 big_endian)
 560{
 561        char *insn;
 562
 563        perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);
 564
 565        if (big_endian) {
 566                insn = "setend be";
 567                regs->pstate |= PSR_AA32_E_BIT;
 568        } else {
 569                insn = "setend le";
 570                regs->pstate &= ~PSR_AA32_E_BIT;
 571        }
 572
 573        trace_instruction_emulation(insn, regs->pc);
 574        pr_warn_ratelimited("\"%s\" (%ld) uses deprecated setend instruction at 0x%llx\n",
 575                        current->comm, (unsigned long)current->pid, regs->pc);
 576
 577        return 0;
 578}
 579
 580static int a32_setend_handler(struct pt_regs *regs, u32 instr)
 581{
 582        int rc = compat_setend_handler(regs, (instr >> 9) & 1);
 583        arm64_skip_faulting_instruction(regs, 4);
 584        return rc;
 585}
 586
 587static int t16_setend_handler(struct pt_regs *regs, u32 instr)
 588{
 589        int rc = compat_setend_handler(regs, (instr >> 3) & 1);
 590        arm64_skip_faulting_instruction(regs, 2);
 591        return rc;
 592}
 593
 594static struct undef_hook setend_hooks[] = {
 595        {
 596                .instr_mask     = 0xfffffdff,
 597                .instr_val      = 0xf1010000,
 598                .pstate_mask    = PSR_AA32_MODE_MASK,
 599                .pstate_val     = PSR_AA32_MODE_USR,
 600                .fn             = a32_setend_handler,
 601        },
 602        {
 603                /* Thumb mode */
 604                .instr_mask     = 0x0000fff7,
 605                .instr_val      = 0x0000b650,
 606                .pstate_mask    = (PSR_AA32_T_BIT | PSR_AA32_MODE_MASK),
 607                .pstate_val     = (PSR_AA32_T_BIT | PSR_AA32_MODE_USR),
 608                .fn             = t16_setend_handler,
 609        },
 610        {}
 611};
 612
 613static struct insn_emulation_ops setend_ops = {
 614        .name = "setend",
 615        .status = INSN_DEPRECATED,
 616        .hooks = setend_hooks,
 617        .set_hw_mode = setend_set_hw_mode,
 618};
 619
 620/*
 621 * Invoked as late_initcall, since not needed before init spawned.
 622 */
 623static int __init armv8_deprecated_init(void)
 624{
 625        if (IS_ENABLED(CONFIG_SWP_EMULATION))
 626                register_insn_emulation(&swp_ops);
 627
 628        if (IS_ENABLED(CONFIG_CP15_BARRIER_EMULATION))
 629                register_insn_emulation(&cp15_barrier_ops);
 630
 631        if (IS_ENABLED(CONFIG_SETEND_EMULATION)) {
 632                if(system_supports_mixed_endian_el0())
 633                        register_insn_emulation(&setend_ops);
 634                else
 635                        pr_info("setend instruction emulation is not supported on this system\n");
 636        }
 637
 638        cpuhp_setup_state_nocalls(CPUHP_AP_ARM64_ISNDEP_STARTING,
 639                                  "arm64/isndep:starting",
 640                                  run_all_insn_set_hw_mode, NULL);
 641        register_insn_emulation_sysctl();
 642
 643        return 0;
 644}
 645
 646core_initcall(armv8_deprecated_init);
 647