[mirror_ubuntu-focal-kernel.git] / arch / arm64 / kernel / armv8_deprecated.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 *  Copyright (C) 2014 ARM Limited
 */

#include <linux/cpu.h>
#include <linux/init.h>
#include <linux/list.h>
#include <linux/perf_event.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/sysctl.h>
#include <linux/uaccess.h>

#include <asm/cpufeature.h>
#include <asm/insn.h>
#include <asm/sysreg.h>
#include <asm/system_misc.h>
#include <asm/traps.h>
#include <asm/kprobes.h>

#define CREATE_TRACE_POINTS
#include "trace-events-emulation.h"

/*
 * The runtime support for deprecated instruction support can be in one of
 * following three states -
 *
 * 0 = undef
 * 1 = emulate (software emulation)
 * 2 = hw (supported in hardware)
 */
enum insn_emulation_mode {
	INSN_UNDEF,
	INSN_EMULATE,
	INSN_HW,
};

enum legacy_insn_status {
	INSN_DEPRECATED,
	INSN_OBSOLETE,
};

struct insn_emulation_ops {
	const char		*name;
	enum legacy_insn_status	status;
	struct undef_hook	*hooks;
	int			(*set_hw_mode)(bool enable);
};

struct insn_emulation {
	struct list_head node;
	struct insn_emulation_ops *ops;
	int current_mode;
	int min;
	int max;
};

static LIST_HEAD(insn_emulation);
static int nr_insn_emulated __initdata;
static DEFINE_RAW_SPINLOCK(insn_emulation_lock);

static void register_emulation_hooks(struct insn_emulation_ops *ops)
{
	struct undef_hook *hook;

	BUG_ON(!ops->hooks);

	for (hook = ops->hooks; hook->instr_mask; hook++)
		register_undef_hook(hook);

	pr_notice("Registered %s emulation handler\n", ops->name);
}

static void remove_emulation_hooks(struct insn_emulation_ops *ops)
{
	struct undef_hook *hook;

	BUG_ON(!ops->hooks);

	for (hook = ops->hooks; hook->instr_mask; hook++)
		unregister_undef_hook(hook);

	pr_notice("Removed %s emulation handler\n", ops->name);
}

static void enable_insn_hw_mode(void *data)
{
	struct insn_emulation *insn = (struct insn_emulation *)data;
	if (insn->ops->set_hw_mode)
		insn->ops->set_hw_mode(true);
}

static void disable_insn_hw_mode(void *data)
{
	struct insn_emulation *insn = (struct insn_emulation *)data;
	if (insn->ops->set_hw_mode)
		insn->ops->set_hw_mode(false);
}

/* Run set_hw_mode(mode) on all active CPUs */
static int run_all_cpu_set_hw_mode(struct insn_emulation *insn, bool enable)
{
	if (!insn->ops->set_hw_mode)
		return -EINVAL;
	if (enable)
		on_each_cpu(enable_insn_hw_mode, (void *)insn, true);
	else
		on_each_cpu(disable_insn_hw_mode, (void *)insn, true);
	return 0;
}

/*
 * Run set_hw_mode for all insns on a starting CPU.
 * Returns:
 *  0 		- If all the hooks ran successfully.
 * -EINVAL	- At least one hook is not supported by the CPU.
 */
static int run_all_insn_set_hw_mode(unsigned int cpu)
{
	int rc = 0;
	unsigned long flags;
	struct insn_emulation *insn;

	raw_spin_lock_irqsave(&insn_emulation_lock, flags);
	list_for_each_entry(insn, &insn_emulation, node) {
		bool enable = (insn->current_mode == INSN_HW);
		if (insn->ops->set_hw_mode && insn->ops->set_hw_mode(enable)) {
			pr_warn("CPU[%u] cannot support the emulation of %s",
				cpu, insn->ops->name);
			rc = -EINVAL;
		}
	}
	raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
	return rc;
}

static int update_insn_emulation_mode(struct insn_emulation *insn,
				       enum insn_emulation_mode prev)
{
	int ret = 0;

	switch (prev) {
	case INSN_UNDEF: /* Nothing to be done */
		break;
	case INSN_EMULATE:
		remove_emulation_hooks(insn->ops);
		break;
	case INSN_HW:
		if (!run_all_cpu_set_hw_mode(insn, false))
			pr_notice("Disabled %s support\n", insn->ops->name);
		break;
	}

	switch (insn->current_mode) {
	case INSN_UNDEF:
		break;
	case INSN_EMULATE:
		register_emulation_hooks(insn->ops);
		break;
	case INSN_HW:
		ret = run_all_cpu_set_hw_mode(insn, true);
		if (!ret)
			pr_notice("Enabled %s support\n", insn->ops->name);
		break;
	}

	return ret;
}

static void __init register_insn_emulation(struct insn_emulation_ops *ops)
{
	unsigned long flags;
	struct insn_emulation *insn;

	insn = kzalloc(sizeof(*insn), GFP_KERNEL);
	if (!insn)
		return;

	insn->ops = ops;
	insn->min = INSN_UNDEF;

	switch (ops->status) {
	case INSN_DEPRECATED:
		insn->current_mode = INSN_EMULATE;
		/* Disable the HW mode if it was turned on at early boot time */
		run_all_cpu_set_hw_mode(insn, false);
		insn->max = INSN_HW;
		break;
	case INSN_OBSOLETE:
		insn->current_mode = INSN_UNDEF;
		insn->max = INSN_EMULATE;
		break;
	}

	raw_spin_lock_irqsave(&insn_emulation_lock, flags);
	list_add(&insn->node, &insn_emulation);
	nr_insn_emulated++;
	raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);

	/* Register any handlers if required */
	update_insn_emulation_mode(insn, INSN_UNDEF);
}

static int emulation_proc_handler(struct ctl_table *table, int write,
				  void __user *buffer, size_t *lenp,
				  loff_t *ppos)
{
	int ret = 0;
	struct insn_emulation *insn = (struct insn_emulation *) table->data;
	enum insn_emulation_mode prev_mode = insn->current_mode;

	table->data = &insn->current_mode;
	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);

	if (ret || !write || prev_mode == insn->current_mode)
		goto ret;

	ret = update_insn_emulation_mode(insn, prev_mode);
	if (ret) {
		/* Mode change failed, revert to previous mode. */
		insn->current_mode = prev_mode;
		update_insn_emulation_mode(insn, INSN_UNDEF);
	}
ret:
	table->data = insn;
	return ret;
}

static void __init register_insn_emulation_sysctl(void)
{
	unsigned long flags;
	int i = 0;
	struct insn_emulation *insn;
	struct ctl_table *insns_sysctl, *sysctl;

	insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
			       GFP_KERNEL);
	if (!insns_sysctl)
		return;

	raw_spin_lock_irqsave(&insn_emulation_lock, flags);
	list_for_each_entry(insn, &insn_emulation, node) {
		sysctl = &insns_sysctl[i];

		sysctl->mode = 0644;
		sysctl->maxlen = sizeof(int);

		sysctl->procname = insn->ops->name;
		sysctl->data = insn;
		sysctl->extra1 = &insn->min;
		sysctl->extra2 = &insn->max;
		sysctl->proc_handler = emulation_proc_handler;
		i++;
	}
	raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);

	register_sysctl("abi", insns_sysctl);
}

/*
 *  Implement emulation of the SWP/SWPB instructions using load-exclusive and
 *  store-exclusive.
 *
 *  Syntax of SWP{B} instruction: SWP{B}<c> <Rt>, <Rt2>, [<Rn>]
 *  Where: Rt  = destination
 *	   Rt2 = source
 *	   Rn  = address
 */

/*
 * Error-checking SWP macros implemented using ldxr{b}/stxr{b}
 */

/* Arbitrary constant to ensure forward-progress of the LL/SC loop */
#define __SWP_LL_SC_LOOPS	4

#define __user_swpX_asm(data, addr, res, temp, temp2, B)	\
do {								\
	uaccess_enable();					\
	__asm__ __volatile__(					\
	"	mov		%w3, %w7\n"			\
	"0:	ldxr"B"		%w2, [%4]\n"			\
	"1:	stxr"B"		%w0, %w1, [%4]\n"		\
	"	cbz		%w0, 2f\n"			\
	"	sub		%w3, %w3, #1\n"			\
	"	cbnz		%w3, 0b\n"			\
	"	mov		%w0, %w5\n"			\
	"	b		3f\n"				\
	"2:\n"							\
	"	mov		%w1, %w2\n"			\
	"3:\n"							\
	"	.pushsection	 .fixup,\"ax\"\n"		\
	"	.align		2\n"				\
	"4:	mov		%w0, %w6\n"			\
	"	b		3b\n"				\
	"	.popsection"					\
	_ASM_EXTABLE(0b, 4b)					\
	_ASM_EXTABLE(1b, 4b)					\
	: "=&r" (res), "+r" (data), "=&r" (temp), "=&r" (temp2)	\
	: "r" ((unsigned long)addr), "i" (-EAGAIN),		\
	  "i" (-EFAULT),					\
	  "i" (__SWP_LL_SC_LOOPS)				\
	: "memory");						\
	uaccess_disable();					\
} while (0)

#define __user_swp_asm(data, addr, res, temp, temp2) \
	__user_swpX_asm(data, addr, res, temp, temp2, "")
#define __user_swpb_asm(data, addr, res, temp, temp2) \
	__user_swpX_asm(data, addr, res, temp, temp2, "b")

/*
 * Bit 22 of the instruction encoding distinguishes between
 * the SWP and SWPB variants (bit set means SWPB).
 */
#define TYPE_SWPB (1 << 22)

static int emulate_swpX(unsigned int address, unsigned int *data,
			unsigned int type)
{
	unsigned int res = 0;

	if ((type != TYPE_SWPB) && (address & 0x3)) {
		/* SWP to unaligned address not permitted */
		pr_debug("SWP instruction on unaligned pointer!\n");
		return -EFAULT;
	}

	while (1) {
		unsigned long temp, temp2;

		if (type == TYPE_SWPB)
			__user_swpb_asm(*data, address, res, temp, temp2);
		else
			__user_swp_asm(*data, address, res, temp, temp2);

		if (likely(res != -EAGAIN) || signal_pending(current))
			break;

		cond_resched();
	}

	return res;
}

#define ARM_OPCODE_CONDTEST_FAIL   0
#define ARM_OPCODE_CONDTEST_PASS   1
#define ARM_OPCODE_CONDTEST_UNCOND 2

#define	ARM_OPCODE_CONDITION_UNCOND	0xf

static unsigned int __kprobes aarch32_check_condition(u32 opcode, u32 psr)
{
	u32 cc_bits  = opcode >> 28;

	if (cc_bits != ARM_OPCODE_CONDITION_UNCOND) {
		if ((*aarch32_opcode_cond_checks[cc_bits])(psr))
			return ARM_OPCODE_CONDTEST_PASS;
		else
			return ARM_OPCODE_CONDTEST_FAIL;
	}
	return ARM_OPCODE_CONDTEST_UNCOND;
}

/*
 * swp_handler logs the id of calling process, dissects the instruction, sanity
 * checks the memory location, calls emulate_swpX for the actual operation and
 * deals with fixup/error handling before returning
 */
static int swp_handler(struct pt_regs *regs, u32 instr)
{
	u32 destreg, data, type, address = 0;
	const void __user *user_ptr;
	int rn, rt2, res = 0;

	perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);

	type = instr & TYPE_SWPB;

	switch (aarch32_check_condition(instr, regs->pstate)) {
	case ARM_OPCODE_CONDTEST_PASS:
		break;
	case ARM_OPCODE_CONDTEST_FAIL:
		/* Condition failed - return to next instruction */
		goto ret;
	case ARM_OPCODE_CONDTEST_UNCOND:
		/* If unconditional encoding - not a SWP, undef */
		return -EFAULT;
	default:
		return -EINVAL;
	}

	rn = aarch32_insn_extract_reg_num(instr, A32_RN_OFFSET);
	rt2 = aarch32_insn_extract_reg_num(instr, A32_RT2_OFFSET);

	address = (u32)regs->user_regs.regs[rn];
	data	= (u32)regs->user_regs.regs[rt2];
	destreg = aarch32_insn_extract_reg_num(instr, A32_RT_OFFSET);

	pr_debug("addr in r%d->0x%08x, dest is r%d, source in r%d->0x%08x)\n",
		rn, address, destreg,
		aarch32_insn_extract_reg_num(instr, A32_RT2_OFFSET), data);

	/* Check access in reasonable access range for both SWP and SWPB */
	user_ptr = (const void __user *)(unsigned long)(address & ~3);
	if (!access_ok(user_ptr, 4)) {
		pr_debug("SWP{B} emulation: access to 0x%08x not allowed!\n",
			address);
		goto fault;
	}

	res = emulate_swpX(address, &data, type);
	if (res == -EFAULT)
		goto fault;
	else if (res == 0)
		regs->user_regs.regs[destreg] = data;

ret:
	if (type == TYPE_SWPB)
		trace_instruction_emulation("swpb", regs->pc);
	else
		trace_instruction_emulation("swp", regs->pc);

	pr_warn_ratelimited("\"%s\" (%ld) uses obsolete SWP{B} instruction at 0x%llx\n",
			current->comm, (unsigned long)current->pid, regs->pc);

	arm64_skip_faulting_instruction(regs, 4);
	return 0;

fault:
	pr_debug("SWP{B} emulation: access caused memory abort!\n");
	arm64_notify_segfault(address);

	return 0;
}

/*
 * Only emulate SWP/SWPB executed in ARM state/User mode.
 * The kernel must be SWP free and SWP{B} does not exist in Thumb.
 */
static struct undef_hook swp_hooks[] = {
	{
		.instr_mask	= 0x0fb00ff0,
		.instr_val	= 0x01000090,
		.pstate_mask	= PSR_AA32_MODE_MASK,
		.pstate_val	= PSR_AA32_MODE_USR,
		.fn		= swp_handler
	},
	{ }
};

static struct insn_emulation_ops swp_ops = {
	.name = "swp",
	.status = INSN_OBSOLETE,
	.hooks = swp_hooks,
	.set_hw_mode = NULL,
};

static int cp15barrier_handler(struct pt_regs *regs, u32 instr)
{
	perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);

	switch (aarch32_check_condition(instr, regs->pstate)) {
	case ARM_OPCODE_CONDTEST_PASS:
		break;
	case ARM_OPCODE_CONDTEST_FAIL:
		/* Condition failed - return to next instruction */
		goto ret;
	case ARM_OPCODE_CONDTEST_UNCOND:
		/* If unconditional encoding - not a barrier instruction */
		return -EFAULT;
	default:
		return -EINVAL;
	}

	switch (aarch32_insn_mcr_extract_crm(instr)) {
	case 10:
		/*
		 * dmb - mcr p15, 0, Rt, c7, c10, 5
		 * dsb - mcr p15, 0, Rt, c7, c10, 4
		 */
		if (aarch32_insn_mcr_extract_opc2(instr) == 5) {
			dmb(sy);
			trace_instruction_emulation(
				"mcr p15, 0, Rt, c7, c10, 5 ; dmb", regs->pc);
		} else {
			dsb(sy);
			trace_instruction_emulation(
				"mcr p15, 0, Rt, c7, c10, 4 ; dsb", regs->pc);
		}
		break;
	case 5:
		/*
		 * isb - mcr p15, 0, Rt, c7, c5, 4
		 *
		 * Taking an exception or returning from one acts as an
		 * instruction barrier. So no explicit barrier needed here.
		 */
		trace_instruction_emulation(
			"mcr p15, 0, Rt, c7, c5, 4 ; isb", regs->pc);
		break;
	}

ret:
	pr_warn_ratelimited("\"%s\" (%ld) uses deprecated CP15 Barrier instruction at 0x%llx\n",
			current->comm, (unsigned long)current->pid, regs->pc);

	arm64_skip_faulting_instruction(regs, 4);
	return 0;
}

static int cp15_barrier_set_hw_mode(bool enable)
{
	if (enable)
		sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_CP15BEN);
	else
		sysreg_clear_set(sctlr_el1, SCTLR_EL1_CP15BEN, 0);
	return 0;
}

static struct undef_hook cp15_barrier_hooks[] = {
	{
		.instr_mask	= 0x0fff0fdf,
		.instr_val	= 0x0e070f9a,
		.pstate_mask	= PSR_AA32_MODE_MASK,
		.pstate_val	= PSR_AA32_MODE_USR,
		.fn		= cp15barrier_handler,
	},
	{
		.instr_mask	= 0x0fff0fff,
		.instr_val	= 0x0e070f95,
		.pstate_mask	= PSR_AA32_MODE_MASK,
		.pstate_val	= PSR_AA32_MODE_USR,
		.fn		= cp15barrier_handler,
	},
	{ }
};

static struct insn_emulation_ops cp15_barrier_ops = {
	.name = "cp15_barrier",
	.status = INSN_DEPRECATED,
	.hooks = cp15_barrier_hooks,
	.set_hw_mode = cp15_barrier_set_hw_mode,
};

static int setend_set_hw_mode(bool enable)
{
	if (!cpu_supports_mixed_endian_el0())
		return -EINVAL;

	if (enable)
		sysreg_clear_set(sctlr_el1, SCTLR_EL1_SED, 0);
	else
		sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_SED);
	return 0;
}

static int compat_setend_handler(struct pt_regs *regs, u32 big_endian)
{
	char *insn;

	perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);

	if (big_endian) {
		insn = "setend be";
		regs->pstate |= PSR_AA32_E_BIT;
	} else {
		insn = "setend le";
		regs->pstate &= ~PSR_AA32_E_BIT;
	}

	trace_instruction_emulation(insn, regs->pc);
	pr_warn_ratelimited("\"%s\" (%ld) uses deprecated setend instruction at 0x%llx\n",
			current->comm, (unsigned long)current->pid, regs->pc);

	return 0;
}

static int a32_setend_handler(struct pt_regs *regs, u32 instr)
{
	int rc = compat_setend_handler(regs, (instr >> 9) & 1);
	arm64_skip_faulting_instruction(regs, 4);
	return rc;
}

static int t16_setend_handler(struct pt_regs *regs, u32 instr)
{
	int rc = compat_setend_handler(regs, (instr >> 3) & 1);
	arm64_skip_faulting_instruction(regs, 2);
	return rc;
}

static struct undef_hook setend_hooks[] = {
	{
		.instr_mask	= 0xfffffdff,
		.instr_val	= 0xf1010000,
		.pstate_mask	= PSR_AA32_MODE_MASK,
		.pstate_val	= PSR_AA32_MODE_USR,
		.fn		= a32_setend_handler,
	},
	{
		/* Thumb mode */
		.instr_mask	= 0x0000fff7,
		.instr_val	= 0x0000b650,
		.pstate_mask	= (PSR_AA32_T_BIT | PSR_AA32_MODE_MASK),
		.pstate_val	= (PSR_AA32_T_BIT | PSR_AA32_MODE_USR),
		.fn		= t16_setend_handler,
	},
	{}
};

static struct insn_emulation_ops setend_ops = {
	.name = "setend",
	.status = INSN_DEPRECATED,
	.hooks = setend_hooks,
	.set_hw_mode = setend_set_hw_mode,
};

/*
 * Invoked as late_initcall, since not needed before init spawned.
 */
static int __init armv8_deprecated_init(void)
{
	if (IS_ENABLED(CONFIG_SWP_EMULATION))
		register_insn_emulation(&swp_ops);

	if (IS_ENABLED(CONFIG_CP15_BARRIER_EMULATION))
		register_insn_emulation(&cp15_barrier_ops);

	if (IS_ENABLED(CONFIG_SETEND_EMULATION)) {
		if(system_supports_mixed_endian_el0())
			register_insn_emulation(&setend_ops);
		else
			pr_info("setend instruction emulation is not supported on this system\n");
	}

	cpuhp_setup_state_nocalls(CPUHP_AP_ARM64_ISNDEP_STARTING,
				  "arm64/isndep:starting",
				  run_all_insn_set_hw_mode, NULL);
	register_insn_emulation_sysctl();

	return 0;
}

core_initcall(armv8_deprecated_init);
Commit	Line	Data
d2912cb1	1	// SPDX-License-Identifier: GPL-2.0-only
587064b6 PA	2	/*
587064b6 PA	3	* Copyright (C) 2014 ARM Limited
587064b6 PA	4	*/
587064b6 PA	5
c852f320	6	#include <linux/cpu.h>
587064b6 PA	7	#include <linux/init.h>
587064b6 PA	8	#include <linux/list.h>
bd35a4ad PA	9	#include <linux/perf_event.h>
bd35a4ad PA	10	#include <linux/sched.h>
587064b6 PA	11	#include <linux/slab.h>
587064b6 PA	12	#include <linux/sysctl.h>
92faa7be	13	#include <linux/uaccess.h>
587064b6	14
338d4f49	15	#include <asm/cpufeature.h>
bd35a4ad	16	#include <asm/insn.h>
870828e5	17	#include <asm/sysreg.h>
bd35a4ad	18	#include <asm/system_misc.h>
587064b6	19	#include <asm/traps.h>
7d134b2c	20	#include <asm/kprobes.h>
587064b6	21
d784e298 PA	22	#define CREATE_TRACE_POINTS
	23	#include "trace-events-emulation.h"
	24
587064b6 PA	25	/*
	26	* The runtime support for deprecated instruction support can be in one of
	27	* following three states -
	28	*
	29	* 0 = undef
	30	* 1 = emulate (software emulation)
	31	* 2 = hw (supported in hardware)
	32	*/
	33	enum insn_emulation_mode {
	34	INSN_UNDEF,
	35	INSN_EMULATE,
	36	INSN_HW,
	37	};
	38
	39	enum legacy_insn_status {
	40	INSN_DEPRECATED,
	41	INSN_OBSOLETE,
	42	};
	43
	44	struct insn_emulation_ops {
	45	const char *name;
	46	enum legacy_insn_status status;
	47	struct undef_hook *hooks;
	48	int (*set_hw_mode)(bool enable);
	49	};
	50
	51	struct insn_emulation {
	52	struct list_head node;
	53	struct insn_emulation_ops *ops;
	54	int current_mode;
	55	int min;
	56	int max;
	57	};
	58
	59	static LIST_HEAD(insn_emulation);
a7c61a34	60	static int nr_insn_emulated __initdata;
587064b6 PA	61	static DEFINE_RAW_SPINLOCK(insn_emulation_lock);
	62
	63	static void register_emulation_hooks(struct insn_emulation_ops *ops)
	64	{
	65	struct undef_hook *hook;
	66
	67	BUG_ON(!ops->hooks);
	68
	69	for (hook = ops->hooks; hook->instr_mask; hook++)
	70	register_undef_hook(hook);
	71
	72	pr_notice("Registered %s emulation handler\n", ops->name);
	73	}
	74
	75	static void remove_emulation_hooks(struct insn_emulation_ops *ops)
	76	{
	77	struct undef_hook *hook;
	78
	79	BUG_ON(!ops->hooks);
	80
	81	for (hook = ops->hooks; hook->instr_mask; hook++)
	82	unregister_undef_hook(hook);
	83
	84	pr_notice("Removed %s emulation handler\n", ops->name);
	85	}
	86
736d474f SP	87	static void enable_insn_hw_mode(void *data)
	88	{
	89	struct insn_emulation insn = (struct insn_emulation )data;
	90	if (insn->ops->set_hw_mode)
	91	insn->ops->set_hw_mode(true);
	92	}
	93
	94	static void disable_insn_hw_mode(void *data)
	95	{
	96	struct insn_emulation insn = (struct insn_emulation )data;
	97	if (insn->ops->set_hw_mode)
	98	insn->ops->set_hw_mode(false);
	99	}
	100
	101	/* Run set_hw_mode(mode) on all active CPUs */
	102	static int run_all_cpu_set_hw_mode(struct insn_emulation *insn, bool enable)
	103	{
	104	if (!insn->ops->set_hw_mode)
	105	return -EINVAL;
	106	if (enable)
	107	on_each_cpu(enable_insn_hw_mode, (void *)insn, true);
	108	else
	109	on_each_cpu(disable_insn_hw_mode, (void *)insn, true);
	110	return 0;
	111	}
	112
	113	/*
	114	* Run set_hw_mode for all insns on a starting CPU.
	115	* Returns:
	116	* 0 - If all the hooks ran successfully.
	117	* -EINVAL - At least one hook is not supported by the CPU.
	118	*/
27c01a8c	119	static int run_all_insn_set_hw_mode(unsigned int cpu)
736d474f SP	120	{
	121	int rc = 0;
	122	unsigned long flags;
	123	struct insn_emulation *insn;
	124
	125	raw_spin_lock_irqsave(&insn_emulation_lock, flags);
	126	list_for_each_entry(insn, &insn_emulation, node) {
	127	bool enable = (insn->current_mode == INSN_HW);
	128	if (insn->ops->set_hw_mode && insn->ops->set_hw_mode(enable)) {
27c01a8c	129	pr_warn("CPU[%u] cannot support the emulation of %s",
736d474f SP	130	cpu, insn->ops->name);
	131	rc = -EINVAL;
	132	}
	133	}
	134	raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
	135	return rc;
	136	}
	137
587064b6 PA	138	static int update_insn_emulation_mode(struct insn_emulation *insn,
	139	enum insn_emulation_mode prev)
	140	{
	141	int ret = 0;
	142
	143	switch (prev) {
	144	case INSN_UNDEF: /* Nothing to be done */
	145	break;
	146	case INSN_EMULATE:
	147	remove_emulation_hooks(insn->ops);
	148	break;
	149	case INSN_HW:
736d474f	150	if (!run_all_cpu_set_hw_mode(insn, false))
587064b6	151	pr_notice("Disabled %s support\n", insn->ops->name);
587064b6 PA	152	break;
	153	}
	154
	155	switch (insn->current_mode) {
	156	case INSN_UNDEF:
	157	break;
	158	case INSN_EMULATE:
	159	register_emulation_hooks(insn->ops);
	160	break;
	161	case INSN_HW:
736d474f SP	162	ret = run_all_cpu_set_hw_mode(insn, true);
736d474f SP	163	if (!ret)
587064b6	164	pr_notice("Enabled %s support\n", insn->ops->name);
587064b6 PA	165	break;
	166	}
	167
	168	return ret;
	169	}
	170
a7c61a34	171	static void __init register_insn_emulation(struct insn_emulation_ops *ops)
587064b6 PA	172	{
	173	unsigned long flags;
	174	struct insn_emulation *insn;
	175
	176	insn = kzalloc(sizeof(*insn), GFP_KERNEL);
3e7c93bd YY	177	if (!insn)
	178	return;
	179
587064b6 PA	180	insn->ops = ops;
	181	insn->min = INSN_UNDEF;
	182
	183	switch (ops->status) {
	184	case INSN_DEPRECATED:
	185	insn->current_mode = INSN_EMULATE;
736d474f SP	186	/* Disable the HW mode if it was turned on at early boot time */
736d474f SP	187	run_all_cpu_set_hw_mode(insn, false);
587064b6 PA	188	insn->max = INSN_HW;
	189	break;
	190	case INSN_OBSOLETE:
	191	insn->current_mode = INSN_UNDEF;
	192	insn->max = INSN_EMULATE;
	193	break;
	194	}
	195
	196	raw_spin_lock_irqsave(&insn_emulation_lock, flags);
	197	list_add(&insn->node, &insn_emulation);
	198	nr_insn_emulated++;
	199	raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
	200
	201	/* Register any handlers if required */
	202	update_insn_emulation_mode(insn, INSN_UNDEF);
	203	}
	204
	205	static int emulation_proc_handler(struct ctl_table *table, int write,
	206	void __user buffer, size_t lenp,
	207	loff_t *ppos)
	208	{
	209	int ret = 0;
	210	struct insn_emulation insn = (struct insn_emulation ) table->data;
	211	enum insn_emulation_mode prev_mode = insn->current_mode;
	212
	213	table->data = &insn->current_mode;
	214	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
	215
	216	if (ret \|\| !write \|\| prev_mode == insn->current_mode)
	217	goto ret;
	218
	219	ret = update_insn_emulation_mode(insn, prev_mode);
90963395	220	if (ret) {
587064b6 PA	221	/* Mode change failed, revert to previous mode. */
	222	insn->current_mode = prev_mode;
	223	update_insn_emulation_mode(insn, INSN_UNDEF);
	224	}
	225	ret:
	226	table->data = insn;
	227	return ret;
	228	}
	229
38b9aeb3	230	static void __init register_insn_emulation_sysctl(void)
587064b6 PA	231	{
	232	unsigned long flags;
	233	int i = 0;
	234	struct insn_emulation *insn;
	235	struct ctl_table insns_sysctl, sysctl;
	236
6396bb22 KC	237	insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
6396bb22 KC	238	GFP_KERNEL);
3e7c93bd YY	239	if (!insns_sysctl)
3e7c93bd YY	240	return;
587064b6 PA	241
	242	raw_spin_lock_irqsave(&insn_emulation_lock, flags);
	243	list_for_each_entry(insn, &insn_emulation, node) {
	244	sysctl = &insns_sysctl[i];
	245
	246	sysctl->mode = 0644;
	247	sysctl->maxlen = sizeof(int);
	248
	249	sysctl->procname = insn->ops->name;
	250	sysctl->data = insn;
	251	sysctl->extra1 = &insn->min;
	252	sysctl->extra2 = &insn->max;
	253	sysctl->proc_handler = emulation_proc_handler;
	254	i++;
	255	}
	256	raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
	257
38b9aeb3	258	register_sysctl("abi", insns_sysctl);
587064b6 PA	259	}
587064b6 PA	260
bd35a4ad PA	261	/*
	262	* Implement emulation of the SWP/SWPB instructions using load-exclusive and
	263	* store-exclusive.
	264	*
	265	* Syntax of SWP{B} instruction: SWP{B}<c> <Rt>, <Rt2>, [<Rn>]
	266	* Where: Rt = destination
	267	* Rt2 = source
	268	* Rn = address
	269	*/
	270
	271	/*
	272	* Error-checking SWP macros implemented using ldxr{b}/stxr{b}
	273	*/
1c5b51df WD	274
	275	/* Arbitrary constant to ensure forward-progress of the LL/SC loop */
	276	#define __SWP_LL_SC_LOOPS 4
	277
	278	#define __user_swpX_asm(data, addr, res, temp, temp2, B) \
bd38967d CM	279	do { \
bd38967d CM	280	uaccess_enable(); \
bd35a4ad	281	__asm__ __volatile__( \
1c5b51df	282	" mov %w3, %w7\n" \
1c5b51df WD	283	"0: ldxr"B" %w2, [%4]\n" \
1c5b51df WD	284	"1: stxr"B" %w0, %w1, [%4]\n" \
bd35a4ad	285	" cbz %w0, 2f\n" \
1c5b51df WD	286	" sub %w3, %w3, #1\n" \
	287	" cbnz %w3, 0b\n" \
	288	" mov %w0, %w5\n" \
589cb22b	289	" b 3f\n" \
bd35a4ad	290	"2:\n" \
589cb22b WD	291	" mov %w1, %w2\n" \
589cb22b WD	292	"3:\n" \
bd35a4ad PA	293	" .pushsection .fixup,\"ax\"\n" \
bd35a4ad PA	294	" .align 2\n" \
1c5b51df	295	"4: mov %w0, %w6\n" \
589cb22b	296	" b 3b\n" \
bd35a4ad	297	" .popsection" \
6c94f27a AB	298	_ASM_EXTABLE(0b, 4b) \
6c94f27a AB	299	_ASM_EXTABLE(1b, 4b) \
1c5b51df	300	: "=&r" (res), "+r" (data), "=&r" (temp), "=&r" (temp2) \
55de49f9 MR	301	: "r" ((unsigned long)addr), "i" (-EAGAIN), \
55de49f9 MR	302	"i" (-EFAULT), \
1c5b51df	303	"i" (__SWP_LL_SC_LOOPS) \
bd38967d CM	304	: "memory"); \
	305	uaccess_disable(); \
	306	} while (0)
bd35a4ad	307
1c5b51df WD	308	#define __user_swp_asm(data, addr, res, temp, temp2) \
	309	__user_swpX_asm(data, addr, res, temp, temp2, "")
	310	#define __user_swpb_asm(data, addr, res, temp, temp2) \
	311	__user_swpX_asm(data, addr, res, temp, temp2, "b")
bd35a4ad PA	312
	313	/*
	314	* Bit 22 of the instruction encoding distinguishes between
	315	* the SWP and SWPB variants (bit set means SWPB).
	316	*/
	317	#define TYPE_SWPB (1 << 22)
	318
bd35a4ad PA	319	static int emulate_swpX(unsigned int address, unsigned int *data,
	320	unsigned int type)
	321	{
	322	unsigned int res = 0;
	323
	324	if ((type != TYPE_SWPB) && (address & 0x3)) {
	325	/* SWP to unaligned address not permitted */
	326	pr_debug("SWP instruction on unaligned pointer!\n");
	327	return -EFAULT;
	328	}
	329
	330	while (1) {
1c5b51df	331	unsigned long temp, temp2;
bd35a4ad PA	332
bd35a4ad PA	333	if (type == TYPE_SWPB)
1c5b51df	334	__user_swpb_asm(*data, address, res, temp, temp2);
bd35a4ad	335	else
1c5b51df	336	__user_swp_asm(*data, address, res, temp, temp2);
bd35a4ad PA	337
	338	if (likely(res != -EAGAIN) \|\| signal_pending(current))
	339	break;
	340
	341	cond_resched();
	342	}
	343
	344	return res;
	345	}
	346
bca8f17f MZ	347	#define ARM_OPCODE_CONDTEST_FAIL 0
	348	#define ARM_OPCODE_CONDTEST_PASS 1
	349	#define ARM_OPCODE_CONDTEST_UNCOND 2
	350
2af3ec08 DL	351	#define ARM_OPCODE_CONDITION_UNCOND 0xf
	352
	353	static unsigned int __kprobes aarch32_check_condition(u32 opcode, u32 psr)
	354	{
	355	u32 cc_bits = opcode >> 28;
	356
	357	if (cc_bits != ARM_OPCODE_CONDITION_UNCOND) {
	358	if ((*aarch32_opcode_cond_checks[cc_bits])(psr))
	359	return ARM_OPCODE_CONDTEST_PASS;
	360	else
	361	return ARM_OPCODE_CONDTEST_FAIL;
	362	}
	363	return ARM_OPCODE_CONDTEST_UNCOND;
	364	}
	365
bd35a4ad PA	366	/*
	367	* swp_handler logs the id of calling process, dissects the instruction, sanity
	368	* checks the memory location, calls emulate_swpX for the actual operation and
	369	* deals with fixup/error handling before returning
	370	*/
	371	static int swp_handler(struct pt_regs *regs, u32 instr)
	372	{
	373	u32 destreg, data, type, address = 0;
9085b34d	374	const void __user *user_ptr;
bd35a4ad PA	375	int rn, rt2, res = 0;
	376
	377	perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);
	378
	379	type = instr & TYPE_SWPB;
	380
2af3ec08	381	switch (aarch32_check_condition(instr, regs->pstate)) {
bd35a4ad PA	382	case ARM_OPCODE_CONDTEST_PASS:
	383	break;
	384	case ARM_OPCODE_CONDTEST_FAIL:
	385	/* Condition failed - return to next instruction */
	386	goto ret;
	387	case ARM_OPCODE_CONDTEST_UNCOND:
	388	/* If unconditional encoding - not a SWP, undef */
	389	return -EFAULT;
	390	default:
	391	return -EINVAL;
	392	}
	393
	394	rn = aarch32_insn_extract_reg_num(instr, A32_RN_OFFSET);
	395	rt2 = aarch32_insn_extract_reg_num(instr, A32_RT2_OFFSET);
	396
	397	address = (u32)regs->user_regs.regs[rn];
	398	data = (u32)regs->user_regs.regs[rt2];
	399	destreg = aarch32_insn_extract_reg_num(instr, A32_RT_OFFSET);
	400
	401	pr_debug("addr in r%d->0x%08x, dest is r%d, source in r%d->0x%08x)\n",
	402	rn, address, destreg,
	403	aarch32_insn_extract_reg_num(instr, A32_RT2_OFFSET), data);
	404
	405	/* Check access in reasonable access range for both SWP and SWPB */
9085b34d	406	user_ptr = (const void __user *)(unsigned long)(address & ~3);
96d4f267	407	if (!access_ok(user_ptr, 4)) {
bd35a4ad PA	408	pr_debug("SWP{B} emulation: access to 0x%08x not allowed!\n",
	409	address);
	410	goto fault;
	411	}
	412
	413	res = emulate_swpX(address, &data, type);
	414	if (res == -EFAULT)
	415	goto fault;
	416	else if (res == 0)
	417	regs->user_regs.regs[destreg] = data;
	418
	419	ret:
d784e298 PA	420	if (type == TYPE_SWPB)
	421	trace_instruction_emulation("swpb", regs->pc);
	422	else
	423	trace_instruction_emulation("swp", regs->pc);
	424
bd35a4ad PA	425	pr_warn_ratelimited("\"%s\" (%ld) uses obsolete SWP{B} instruction at 0x%llx\n",
	426	current->comm, (unsigned long)current->pid, regs->pc);
	427
6436beee	428	arm64_skip_faulting_instruction(regs, 4);
bd35a4ad PA	429	return 0;
	430
	431	fault:
390bf177	432	pr_debug("SWP{B} emulation: access caused memory abort!\n");
2c9120f3	433	arm64_notify_segfault(address);
bd35a4ad PA	434
	435	return 0;
	436	}
	437
	438	/*
	439	* Only emulate SWP/SWPB executed in ARM state/User mode.
	440	* The kernel must be SWP free and SWP{B} does not exist in Thumb.
	441	*/
	442	static struct undef_hook swp_hooks[] = {
	443	{
	444	.instr_mask = 0x0fb00ff0,
	445	.instr_val = 0x01000090,
d64567f6 MR	446	.pstate_mask = PSR_AA32_MODE_MASK,
d64567f6 MR	447	.pstate_val = PSR_AA32_MODE_USR,
bd35a4ad PA	448	.fn = swp_handler
	449	},
	450	{ }
	451	};
	452
	453	static struct insn_emulation_ops swp_ops = {
	454	.name = "swp",
	455	.status = INSN_OBSOLETE,
	456	.hooks = swp_hooks,
	457	.set_hw_mode = NULL,
	458	};
	459
c852f320 PA	460	static int cp15barrier_handler(struct pt_regs *regs, u32 instr)
	461	{
	462	perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);
	463
2af3ec08	464	switch (aarch32_check_condition(instr, regs->pstate)) {
c852f320 PA	465	case ARM_OPCODE_CONDTEST_PASS:
	466	break;
	467	case ARM_OPCODE_CONDTEST_FAIL:
	468	/* Condition failed - return to next instruction */
	469	goto ret;
	470	case ARM_OPCODE_CONDTEST_UNCOND:
	471	/* If unconditional encoding - not a barrier instruction */
	472	return -EFAULT;
	473	default:
	474	return -EINVAL;
	475	}
	476
	477	switch (aarch32_insn_mcr_extract_crm(instr)) {
	478	case 10:
	479	/*
	480	* dmb - mcr p15, 0, Rt, c7, c10, 5
	481	* dsb - mcr p15, 0, Rt, c7, c10, 4
	482	*/
d784e298	483	if (aarch32_insn_mcr_extract_opc2(instr) == 5) {
c852f320	484	dmb(sy);
d784e298 PA	485	trace_instruction_emulation(
	486	"mcr p15, 0, Rt, c7, c10, 5 ; dmb", regs->pc);
	487	} else {
c852f320	488	dsb(sy);
d784e298 PA	489	trace_instruction_emulation(
	490	"mcr p15, 0, Rt, c7, c10, 4 ; dsb", regs->pc);
	491	}
c852f320 PA	492	break;
	493	case 5:
	494	/*
	495	* isb - mcr p15, 0, Rt, c7, c5, 4
	496	*
	497	* Taking an exception or returning from one acts as an
	498	* instruction barrier. So no explicit barrier needed here.
	499	*/
d784e298 PA	500	trace_instruction_emulation(
d784e298 PA	501	"mcr p15, 0, Rt, c7, c5, 4 ; isb", regs->pc);
c852f320 PA	502	break;
	503	}
	504
	505	ret:
	506	pr_warn_ratelimited("\"%s\" (%ld) uses deprecated CP15 Barrier instruction at 0x%llx\n",
	507	current->comm, (unsigned long)current->pid, regs->pc);
	508
6436beee	509	arm64_skip_faulting_instruction(regs, 4);
c852f320 PA	510	return 0;
	511	}
	512
c852f320 PA	513	static int cp15_barrier_set_hw_mode(bool enable)
c852f320 PA	514	{
736d474f	515	if (enable)
25be597a	516	sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_CP15BEN);
736d474f	517	else
25be597a	518	sysreg_clear_set(sctlr_el1, SCTLR_EL1_CP15BEN, 0);
736d474f	519	return 0;
c852f320 PA	520	}
	521
	522	static struct undef_hook cp15_barrier_hooks[] = {
	523	{
	524	.instr_mask = 0x0fff0fdf,
	525	.instr_val = 0x0e070f9a,
d64567f6 MR	526	.pstate_mask = PSR_AA32_MODE_MASK,
d64567f6 MR	527	.pstate_val = PSR_AA32_MODE_USR,
c852f320 PA	528	.fn = cp15barrier_handler,
	529	},
	530	{
	531	.instr_mask = 0x0fff0fff,
	532	.instr_val = 0x0e070f95,
d64567f6 MR	533	.pstate_mask = PSR_AA32_MODE_MASK,
d64567f6 MR	534	.pstate_val = PSR_AA32_MODE_USR,
c852f320 PA	535	.fn = cp15barrier_handler,
	536	},
	537	{ }
	538	};
	539
	540	static struct insn_emulation_ops cp15_barrier_ops = {
	541	.name = "cp15_barrier",
	542	.status = INSN_DEPRECATED,
	543	.hooks = cp15_barrier_hooks,
	544	.set_hw_mode = cp15_barrier_set_hw_mode,
	545	};
	546
2d888f48 SP	547	static int setend_set_hw_mode(bool enable)
	548	{
	549	if (!cpu_supports_mixed_endian_el0())
	550	return -EINVAL;
	551
	552	if (enable)
25be597a	553	sysreg_clear_set(sctlr_el1, SCTLR_EL1_SED, 0);
2d888f48	554	else
25be597a	555	sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_SED);
2d888f48 SP	556	return 0;
	557	}
	558
	559	static int compat_setend_handler(struct pt_regs *regs, u32 big_endian)
	560	{
	561	char *insn;
	562
	563	perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);
	564
	565	if (big_endian) {
	566	insn = "setend be";
d64567f6	567	regs->pstate \|= PSR_AA32_E_BIT;
2d888f48 SP	568	} else {
2d888f48 SP	569	insn = "setend le";
d64567f6	570	regs->pstate &= ~PSR_AA32_E_BIT;
2d888f48 SP	571	}
	572
	573	trace_instruction_emulation(insn, regs->pc);
	574	pr_warn_ratelimited("\"%s\" (%ld) uses deprecated setend instruction at 0x%llx\n",
	575	current->comm, (unsigned long)current->pid, regs->pc);
	576
	577	return 0;
	578	}
	579
	580	static int a32_setend_handler(struct pt_regs *regs, u32 instr)
	581	{
	582	int rc = compat_setend_handler(regs, (instr >> 9) & 1);
6436beee	583	arm64_skip_faulting_instruction(regs, 4);
2d888f48 SP	584	return rc;
	585	}
	586
	587	static int t16_setend_handler(struct pt_regs *regs, u32 instr)
	588	{
	589	int rc = compat_setend_handler(regs, (instr >> 3) & 1);
6436beee	590	arm64_skip_faulting_instruction(regs, 2);
2d888f48 SP	591	return rc;
	592	}
	593
	594	static struct undef_hook setend_hooks[] = {
	595	{
	596	.instr_mask = 0xfffffdff,
	597	.instr_val = 0xf1010000,
d64567f6 MR	598	.pstate_mask = PSR_AA32_MODE_MASK,
d64567f6 MR	599	.pstate_val = PSR_AA32_MODE_USR,
2d888f48 SP	600	.fn = a32_setend_handler,
	601	},
	602	{
	603	/* Thumb mode */
	604	.instr_mask = 0x0000fff7,
	605	.instr_val = 0x0000b650,
d64567f6 MR	606	.pstate_mask = (PSR_AA32_T_BIT \| PSR_AA32_MODE_MASK),
d64567f6 MR	607	.pstate_val = (PSR_AA32_T_BIT \| PSR_AA32_MODE_USR),
2d888f48 SP	608	.fn = t16_setend_handler,
	609	},
	610	{}
	611	};
	612
	613	static struct insn_emulation_ops setend_ops = {
	614	.name = "setend",
	615	.status = INSN_DEPRECATED,
	616	.hooks = setend_hooks,
	617	.set_hw_mode = setend_set_hw_mode,
	618	};
	619
587064b6 PA	620	/*
	621	* Invoked as late_initcall, since not needed before init spawned.
	622	*/
	623	static int __init armv8_deprecated_init(void)
	624	{
bd35a4ad PA	625	if (IS_ENABLED(CONFIG_SWP_EMULATION))
	626	register_insn_emulation(&swp_ops);
	627
c852f320 PA	628	if (IS_ENABLED(CONFIG_CP15_BARRIER_EMULATION))
	629	register_insn_emulation(&cp15_barrier_ops);
	630
2d888f48 SP	631	if (IS_ENABLED(CONFIG_SETEND_EMULATION)) {
	632	if(system_supports_mixed_endian_el0())
	633	register_insn_emulation(&setend_ops);
	634	else
117f5727	635	pr_info("setend instruction emulation is not supported on this system\n");
2d888f48 SP	636	}
2d888f48 SP	637
27c01a8c	638	cpuhp_setup_state_nocalls(CPUHP_AP_ARM64_ISNDEP_STARTING,
73c1b41e	639	"arm64/isndep:starting",
27c01a8c	640	run_all_insn_set_hw_mode, NULL);
38b9aeb3	641	register_insn_emulation_sysctl();
587064b6 PA	642
	643	return 0;
	644	}
	645
c0d8832e	646	core_initcall(armv8_deprecated_init);