[mirror_ubuntu-jammy-kernel.git] / arch / arm64 / mm / proc.S

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * Based on arch/arm/mm/proc.S
 *
 * Copyright (C) 2001 Deep Blue Solutions Ltd.
 * Copyright (C) 2012 ARM Ltd.
 * Author: Catalin Marinas <catalin.marinas@arm.com>
 */

#include <linux/init.h>
#include <linux/linkage.h>
#include <asm/assembler.h>
#include <asm/asm-offsets.h>
#include <asm/hwcap.h>
#include <asm/pgtable.h>
#include <asm/pgtable-hwdef.h>
#include <asm/cpufeature.h>
#include <asm/alternative.h>

#ifdef CONFIG_ARM64_64K_PAGES
#define TCR_TG_FLAGS	TCR_TG0_64K | TCR_TG1_64K
#elif defined(CONFIG_ARM64_16K_PAGES)
#define TCR_TG_FLAGS	TCR_TG0_16K | TCR_TG1_16K
#else /* CONFIG_ARM64_4K_PAGES */
#define TCR_TG_FLAGS	TCR_TG0_4K | TCR_TG1_4K
#endif

#ifdef CONFIG_RANDOMIZE_BASE
#define TCR_KASLR_FLAGS	TCR_NFD1
#else
#define TCR_KASLR_FLAGS	0
#endif

#define TCR_SMP_FLAGS	TCR_SHARED

/* PTWs cacheable, inner/outer WBWA */
#define TCR_CACHE_FLAGS	TCR_IRGN_WBWA | TCR_ORGN_WBWA

#ifdef CONFIG_KASAN_SW_TAGS
#define TCR_KASAN_FLAGS TCR_TBI1
#else
#define TCR_KASAN_FLAGS 0
#endif

/* Default MAIR_EL1 */
#define MAIR_EL1_SET							\
	(MAIR_ATTRIDX(MAIR_ATTR_DEVICE_nGnRnE, MT_DEVICE_nGnRnE) |	\
	 MAIR_ATTRIDX(MAIR_ATTR_DEVICE_nGnRE, MT_DEVICE_nGnRE) |	\
	 MAIR_ATTRIDX(MAIR_ATTR_DEVICE_GRE, MT_DEVICE_GRE) |		\
	 MAIR_ATTRIDX(MAIR_ATTR_NORMAL_NC, MT_NORMAL_NC) |		\
	 MAIR_ATTRIDX(MAIR_ATTR_NORMAL, MT_NORMAL) |			\
	 MAIR_ATTRIDX(MAIR_ATTR_NORMAL_WT, MT_NORMAL_WT))

#ifdef CONFIG_CPU_PM
/**
 * cpu_do_suspend - save CPU registers context
 *
 * x0: virtual address of context pointer
 */
SYM_FUNC_START(cpu_do_suspend)
	mrs	x2, tpidr_el0
	mrs	x3, tpidrro_el0
	mrs	x4, contextidr_el1
	mrs	x5, osdlr_el1
	mrs	x6, cpacr_el1
	mrs	x7, tcr_el1
	mrs	x8, vbar_el1
	mrs	x9, mdscr_el1
	mrs	x10, oslsr_el1
	mrs	x11, sctlr_el1
alternative_if_not ARM64_HAS_VIRT_HOST_EXTN
	mrs	x12, tpidr_el1
alternative_else
	mrs	x12, tpidr_el2
alternative_endif
	mrs	x13, sp_el0
	stp	x2, x3, [x0]
	stp	x4, x5, [x0, #16]
	stp	x6, x7, [x0, #32]
	stp	x8, x9, [x0, #48]
	stp	x10, x11, [x0, #64]
	stp	x12, x13, [x0, #80]
	ret
SYM_FUNC_END(cpu_do_suspend)

/**
 * cpu_do_resume - restore CPU register context
 *
 * x0: Address of context pointer
 */
	.pushsection ".idmap.text", "awx"
SYM_FUNC_START(cpu_do_resume)
	ldp	x2, x3, [x0]
	ldp	x4, x5, [x0, #16]
	ldp	x6, x8, [x0, #32]
	ldp	x9, x10, [x0, #48]
	ldp	x11, x12, [x0, #64]
	ldp	x13, x14, [x0, #80]
	msr	tpidr_el0, x2
	msr	tpidrro_el0, x3
	msr	contextidr_el1, x4
	msr	cpacr_el1, x6

	/* Don't change t0sz here, mask those bits when restoring */
	mrs	x7, tcr_el1
	bfi	x8, x7, TCR_T0SZ_OFFSET, TCR_TxSZ_WIDTH

	msr	tcr_el1, x8
	msr	vbar_el1, x9

	/*
	 * __cpu_setup() cleared MDSCR_EL1.MDE and friends, before unmasking
	 * debug exceptions. By restoring MDSCR_EL1 here, we may take a debug
	 * exception. Mask them until local_daif_restore() in cpu_suspend()
	 * resets them.
	 */
	disable_daif
	msr	mdscr_el1, x10

	msr	sctlr_el1, x12
alternative_if_not ARM64_HAS_VIRT_HOST_EXTN
	msr	tpidr_el1, x13
alternative_else
	msr	tpidr_el2, x13
alternative_endif
	msr	sp_el0, x14
	/*
	 * Restore oslsr_el1 by writing oslar_el1
	 */
	msr	osdlr_el1, x5
	ubfx	x11, x11, #1, #1
	msr	oslar_el1, x11
	reset_pmuserenr_el0 x0			// Disable PMU access from EL0
	reset_amuserenr_el0 x0			// Disable AMU access from EL0

alternative_if ARM64_HAS_RAS_EXTN
	msr_s	SYS_DISR_EL1, xzr
alternative_else_nop_endif

	isb
	ret
SYM_FUNC_END(cpu_do_resume)
	.popsection
#endif

	.pushsection ".idmap.text", "awx"

.macro	__idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
	adrp	\tmp1, empty_zero_page
	phys_to_ttbr \tmp2, \tmp1
	offset_ttbr1 \tmp2, \tmp1
	msr	ttbr1_el1, \tmp2
	isb
	tlbi	vmalle1
	dsb	nsh
	isb
.endm

/*
 * void idmap_cpu_replace_ttbr1(phys_addr_t ttbr1)
 *
 * This is the low-level counterpart to cpu_replace_ttbr1, and should not be
 * called by anything else. It can only be executed from a TTBR0 mapping.
 */
SYM_FUNC_START(idmap_cpu_replace_ttbr1)
	save_and_disable_daif flags=x2

	__idmap_cpu_set_reserved_ttbr1 x1, x3

	offset_ttbr1 x0, x3
	msr	ttbr1_el1, x0
	isb

	restore_daif x2

	ret
SYM_FUNC_END(idmap_cpu_replace_ttbr1)
	.popsection

#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
	.pushsection ".idmap.text", "awx"

	.macro	__idmap_kpti_get_pgtable_ent, type
	dc	cvac, cur_\()\type\()p		// Ensure any existing dirty
	dmb	sy				// lines are written back before
	ldr	\type, [cur_\()\type\()p]	// loading the entry
	tbz	\type, #0, skip_\()\type	// Skip invalid and
	tbnz	\type, #11, skip_\()\type	// non-global entries
	.endm

	.macro __idmap_kpti_put_pgtable_ent_ng, type
	orr	\type, \type, #PTE_NG		// Same bit for blocks and pages
	str	\type, [cur_\()\type\()p]	// Update the entry and ensure
	dmb	sy				// that it is visible to all
	dc	civac, cur_\()\type\()p		// CPUs.
	.endm

/*
 * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
 *
 * Called exactly once from stop_machine context by each CPU found during boot.
 */
__idmap_kpti_flag:
	.long	1
SYM_FUNC_START(idmap_kpti_install_ng_mappings)
	cpu		.req	w0
	num_cpus	.req	w1
	swapper_pa	.req	x2
	swapper_ttb	.req	x3
	flag_ptr	.req	x4
	cur_pgdp	.req	x5
	end_pgdp	.req	x6
	pgd		.req	x7
	cur_pudp	.req	x8
	end_pudp	.req	x9
	pud		.req	x10
	cur_pmdp	.req	x11
	end_pmdp	.req	x12
	pmd		.req	x13
	cur_ptep	.req	x14
	end_ptep	.req	x15
	pte		.req	x16

	mrs	swapper_ttb, ttbr1_el1
	restore_ttbr1	swapper_ttb
	adr	flag_ptr, __idmap_kpti_flag

	cbnz	cpu, __idmap_kpti_secondary

	/* We're the boot CPU. Wait for the others to catch up */
	sevl
1:	wfe
	ldaxr	w17, [flag_ptr]
	eor	w17, w17, num_cpus
	cbnz	w17, 1b

	/* We need to walk swapper, so turn off the MMU. */
	pre_disable_mmu_workaround
	mrs	x17, sctlr_el1
	bic	x17, x17, #SCTLR_ELx_M
	msr	sctlr_el1, x17
	isb

	/* Everybody is enjoying the idmap, so we can rewrite swapper. */
	/* PGD */
	mov	cur_pgdp, swapper_pa
	add	end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8)
do_pgd:	__idmap_kpti_get_pgtable_ent	pgd
	tbnz	pgd, #1, walk_puds
next_pgd:
	__idmap_kpti_put_pgtable_ent_ng	pgd
skip_pgd:
	add	cur_pgdp, cur_pgdp, #8
	cmp	cur_pgdp, end_pgdp
	b.ne	do_pgd

	/* Publish the updated tables and nuke all the TLBs */
	dsb	sy
	tlbi	vmalle1is
	dsb	ish
	isb

	/* We're done: fire up the MMU again */
	mrs	x17, sctlr_el1
	orr	x17, x17, #SCTLR_ELx_M
	msr	sctlr_el1, x17
	isb

	/*
	 * Invalidate the local I-cache so that any instructions fetched
	 * speculatively from the PoC are discarded, since they may have
	 * been dynamically patched at the PoU.
	 */
	ic	iallu
	dsb	nsh
	isb

	/* Set the flag to zero to indicate that we're all done */
	str	wzr, [flag_ptr]
	ret

	/* PUD */
walk_puds:
	.if CONFIG_PGTABLE_LEVELS > 3
	pte_to_phys	cur_pudp, pgd
	add	end_pudp, cur_pudp, #(PTRS_PER_PUD * 8)
do_pud:	__idmap_kpti_get_pgtable_ent	pud
	tbnz	pud, #1, walk_pmds
next_pud:
	__idmap_kpti_put_pgtable_ent_ng	pud
skip_pud:
	add	cur_pudp, cur_pudp, 8
	cmp	cur_pudp, end_pudp
	b.ne	do_pud
	b	next_pgd
	.else /* CONFIG_PGTABLE_LEVELS <= 3 */
	mov	pud, pgd
	b	walk_pmds
next_pud:
	b	next_pgd
	.endif

	/* PMD */
walk_pmds:
	.if CONFIG_PGTABLE_LEVELS > 2
	pte_to_phys	cur_pmdp, pud
	add	end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8)
do_pmd:	__idmap_kpti_get_pgtable_ent	pmd
	tbnz	pmd, #1, walk_ptes
next_pmd:
	__idmap_kpti_put_pgtable_ent_ng	pmd
skip_pmd:
	add	cur_pmdp, cur_pmdp, #8
	cmp	cur_pmdp, end_pmdp
	b.ne	do_pmd
	b	next_pud
	.else /* CONFIG_PGTABLE_LEVELS <= 2 */
	mov	pmd, pud
	b	walk_ptes
next_pmd:
	b	next_pud
	.endif

	/* PTE */
walk_ptes:
	pte_to_phys	cur_ptep, pmd
	add	end_ptep, cur_ptep, #(PTRS_PER_PTE * 8)
do_pte:	__idmap_kpti_get_pgtable_ent	pte
	__idmap_kpti_put_pgtable_ent_ng	pte
skip_pte:
	add	cur_ptep, cur_ptep, #8
	cmp	cur_ptep, end_ptep
	b.ne	do_pte
	b	next_pmd

	.unreq	cpu
	.unreq	num_cpus
	.unreq	swapper_pa
	.unreq	cur_pgdp
	.unreq	end_pgdp
	.unreq	pgd
	.unreq	cur_pudp
	.unreq	end_pudp
	.unreq	pud
	.unreq	cur_pmdp
	.unreq	end_pmdp
	.unreq	pmd
	.unreq	cur_ptep
	.unreq	end_ptep
	.unreq	pte

	/* Secondary CPUs end up here */
__idmap_kpti_secondary:
	/* Uninstall swapper before surgery begins */
	__idmap_cpu_set_reserved_ttbr1 x16, x17

	/* Increment the flag to let the boot CPU we're ready */
1:	ldxr	w16, [flag_ptr]
	add	w16, w16, #1
	stxr	w17, w16, [flag_ptr]
	cbnz	w17, 1b

	/* Wait for the boot CPU to finish messing around with swapper */
	sevl
1:	wfe
	ldxr	w16, [flag_ptr]
	cbnz	w16, 1b

	/* All done, act like nothing happened */
	offset_ttbr1 swapper_ttb, x16
	msr	ttbr1_el1, swapper_ttb
	isb
	ret

	.unreq	swapper_ttb
	.unreq	flag_ptr
SYM_FUNC_END(idmap_kpti_install_ng_mappings)
	.popsection
#endif

/*
 *	__cpu_setup
 *
 *	Initialise the processor for turning the MMU on.  Return in x0 the
 *	value of the SCTLR_EL1 register.
 */
	.pushsection ".idmap.text", "awx"
SYM_FUNC_START(__cpu_setup)
	tlbi	vmalle1				// Invalidate local TLB
	dsb	nsh

	mov	x0, #3 << 20
	msr	cpacr_el1, x0			// Enable FP/ASIMD
	mov	x0, #1 << 12			// Reset mdscr_el1 and disable
	msr	mdscr_el1, x0			// access to the DCC from EL0
	isb					// Unmask debug exceptions now,
	enable_dbg				// since this is per-cpu
	reset_pmuserenr_el0 x0			// Disable PMU access from EL0
	reset_amuserenr_el0 x0			// Disable AMU access from EL0

	/*
	 * Memory region attributes
	 */
	mov_q	x5, MAIR_EL1_SET
	msr	mair_el1, x5
	/*
	 * Prepare SCTLR
	 */
	mov_q	x0, SCTLR_EL1_SET
	/*
	 * Set/prepare TCR and TTBR. We use 512GB (39-bit) address range for
	 * both user and kernel.
	 */
	mov_q	x10, TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \
			TCR_TG_FLAGS | TCR_KASLR_FLAGS | TCR_ASID16 | \
			TCR_TBI0 | TCR_A1 | TCR_KASAN_FLAGS
	tcr_clear_errata_bits x10, x9, x5

#ifdef CONFIG_ARM64_VA_BITS_52
	ldr_l		x9, vabits_actual
	sub		x9, xzr, x9
	add		x9, x9, #64
	tcr_set_t1sz	x10, x9
#else
	ldr_l		x9, idmap_t0sz
#endif
	tcr_set_t0sz	x10, x9

	/*
	 * Set the IPS bits in TCR_EL1.
	 */
	tcr_compute_pa_size x10, #TCR_IPS_SHIFT, x5, x6
#ifdef CONFIG_ARM64_HW_AFDBM
	/*
	 * Enable hardware update of the Access Flags bit.
	 * Hardware dirty bit management is enabled later,
	 * via capabilities.
	 */
	mrs	x9, ID_AA64MMFR1_EL1
	and	x9, x9, #0xf
	cbz	x9, 1f
	orr	x10, x10, #TCR_HA		// hardware Access flag update
1:
#endif	/* CONFIG_ARM64_HW_AFDBM */
	msr	tcr_el1, x10
	ret					// return to head.S
SYM_FUNC_END(__cpu_setup)
Commit	Line	Data
caab277b	1	/* SPDX-License-Identifier: GPL-2.0-only */
9cce7a43 CM	2	/*
	3	* Based on arch/arm/mm/proc.S
	4	*
	5	* Copyright (C) 2001 Deep Blue Solutions Ltd.
	6	* Copyright (C) 2012 ARM Ltd.
	7	* Author: Catalin Marinas <catalin.marinas@arm.com>
9cce7a43 CM	8	*/
	9
	10	#include <linux/init.h>
	11	#include <linux/linkage.h>
	12	#include <asm/assembler.h>
	13	#include <asm/asm-offsets.h>
	14	#include <asm/hwcap.h>
9cce7a43	15	#include <asm/pgtable.h>
cabe1c81	16	#include <asm/pgtable-hwdef.h>
104a0c02 AP	17	#include <asm/cpufeature.h>
104a0c02 AP	18	#include <asm/alternative.h>
9cce7a43	19
35a86976 CM	20	#ifdef CONFIG_ARM64_64K_PAGES
35a86976 CM	21	#define TCR_TG_FLAGS TCR_TG0_64K \| TCR_TG1_64K
44eaacf1 SP	22	#elif defined(CONFIG_ARM64_16K_PAGES)
	23	#define TCR_TG_FLAGS TCR_TG0_16K \| TCR_TG1_16K
	24	#else /* CONFIG_ARM64_4K_PAGES */
35a86976 CM	25	#define TCR_TG_FLAGS TCR_TG0_4K \| TCR_TG1_4K
	26	#endif
	27
e03e61c3 WD	28	#ifdef CONFIG_RANDOMIZE_BASE
	29	#define TCR_KASLR_FLAGS TCR_NFD1
	30	#else
	31	#define TCR_KASLR_FLAGS 0
	32	#endif
	33
35a86976	34	#define TCR_SMP_FLAGS TCR_SHARED
9cce7a43	35
35a86976 CM	36	/* PTWs cacheable, inner/outer WBWA */
	37	#define TCR_CACHE_FLAGS TCR_IRGN_WBWA \| TCR_ORGN_WBWA
	38
21696c16 AK	39	#ifdef CONFIG_KASAN_SW_TAGS
	40	#define TCR_KASAN_FLAGS TCR_TBI1
	41	#else
	42	#define TCR_KASAN_FLAGS 0
	43	#endif
	44
95b3f74b CM	45	/* Default MAIR_EL1 */
	46	#define MAIR_EL1_SET \
	47	(MAIR_ATTRIDX(MAIR_ATTR_DEVICE_nGnRnE, MT_DEVICE_nGnRnE) \| \
	48	MAIR_ATTRIDX(MAIR_ATTR_DEVICE_nGnRE, MT_DEVICE_nGnRE) \| \
	49	MAIR_ATTRIDX(MAIR_ATTR_DEVICE_GRE, MT_DEVICE_GRE) \| \
	50	MAIR_ATTRIDX(MAIR_ATTR_NORMAL_NC, MT_NORMAL_NC) \| \
	51	MAIR_ATTRIDX(MAIR_ATTR_NORMAL, MT_NORMAL) \| \
	52	MAIR_ATTRIDX(MAIR_ATTR_NORMAL_WT, MT_NORMAL_WT))
9cce7a43	53
af3cfdbf	54	#ifdef CONFIG_CPU_PM
6732bc65 LP	55	/**
	56	* cpu_do_suspend - save CPU registers context
	57	*
	58	* x0: virtual address of context pointer
	59	*/
f4659254	60	SYM_FUNC_START(cpu_do_suspend)
6732bc65 LP	61	mrs x2, tpidr_el0
	62	mrs x3, tpidrro_el0
	63	mrs x4, contextidr_el1
827a108e JPB	64	mrs x5, osdlr_el1
	65	mrs x6, cpacr_el1
	66	mrs x7, tcr_el1
	67	mrs x8, vbar_el1
	68	mrs x9, mdscr_el1
	69	mrs x10, oslsr_el1
	70	mrs x11, sctlr_el1
6d99b689	71	alternative_if_not ARM64_HAS_VIRT_HOST_EXTN
827a108e	72	mrs x12, tpidr_el1
6d99b689	73	alternative_else
827a108e	74	mrs x12, tpidr_el2
6d99b689	75	alternative_endif
827a108e	76	mrs x13, sp_el0
6732bc65	77	stp x2, x3, [x0]
827a108e JPB	78	stp x4, x5, [x0, #16]
	79	stp x6, x7, [x0, #32]
	80	stp x8, x9, [x0, #48]
	81	stp x10, x11, [x0, #64]
	82	stp x12, x13, [x0, #80]
6732bc65	83	ret
f4659254	84	SYM_FUNC_END(cpu_do_suspend)
6732bc65 LP	85
	86	/**
	87	* cpu_do_resume - restore CPU register context
	88	*
cabe1c81	89	* x0: Address of context pointer
6732bc65	90	*/
439e70e2	91	.pushsection ".idmap.text", "awx"
f4659254	92	SYM_FUNC_START(cpu_do_resume)
6732bc65 LP	93	ldp x2, x3, [x0]
6732bc65 LP	94	ldp x4, x5, [x0, #16]
cabe1c81 JM	95	ldp x6, x8, [x0, #32]
	96	ldp x9, x10, [x0, #48]
	97	ldp x11, x12, [x0, #64]
623b476f	98	ldp x13, x14, [x0, #80]
6732bc65 LP	99	msr tpidr_el0, x2
	100	msr tpidrro_el0, x3
	101	msr contextidr_el1, x4
6732bc65	102	msr cpacr_el1, x6
cabe1c81 JM	103
cabe1c81 JM	104	/* Don't change t0sz here, mask those bits when restoring */
827a108e JPB	105	mrs x7, tcr_el1
827a108e JPB	106	bfi x8, x7, TCR_T0SZ_OFFSET, TCR_TxSZ_WIDTH
cabe1c81	107
6732bc65 LP	108	msr tcr_el1, x8
6732bc65 LP	109	msr vbar_el1, x9
744c6c37 JM	110
	111	/*
	112	* __cpu_setup() cleared MDSCR_EL1.MDE and friends, before unmasking
	113	* debug exceptions. By restoring MDSCR_EL1 here, we may take a debug
0fbeb318	114	* exception. Mask them until local_daif_restore() in cpu_suspend()
744c6c37 JM	115	* resets them.
744c6c37 JM	116	*/
0fbeb318	117	disable_daif
6732bc65	118	msr mdscr_el1, x10
744c6c37	119
cabe1c81	120	msr sctlr_el1, x12
6d99b689	121	alternative_if_not ARM64_HAS_VIRT_HOST_EXTN
623b476f	122	msr tpidr_el1, x13
6d99b689 JM	123	alternative_else
	124	msr tpidr_el2, x13
	125	alternative_endif
623b476f	126	msr sp_el0, x14
6732bc65 LP	127	/*
	128	* Restore oslsr_el1 by writing oslar_el1
	129	*/
827a108e	130	msr osdlr_el1, x5
6732bc65 LP	131	ubfx x11, x11, #1, #1
6732bc65 LP	132	msr oslar_el1, x11
f436b2ac	133	reset_pmuserenr_el0 x0 // Disable PMU access from EL0
87a1f063	134	reset_amuserenr_el0 x0 // Disable AMU access from EL0
68ddbf09 JM	135
	136	alternative_if ARM64_HAS_RAS_EXTN
	137	msr_s SYS_DISR_EL1, xzr
	138	alternative_else_nop_endif
	139
6732bc65 LP	140	isb
6732bc65 LP	141	ret
f4659254	142	SYM_FUNC_END(cpu_do_resume)
b6113038	143	.popsection
6732bc65 LP	144	#endif
6732bc65 LP	145
439e70e2	146	.pushsection ".idmap.text", "awx"
f992b4df WD	147
	148	.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
	149	adrp \tmp1, empty_zero_page
fa0465fc	150	phys_to_ttbr \tmp2, \tmp1
c812026c	151	offset_ttbr1 \tmp2, \tmp1
f992b4df WD	152	msr ttbr1_el1, \tmp2
	153	isb
	154	tlbi vmalle1
	155	dsb nsh
	156	isb
	157	.endm
	158
50e1881d	159	/*
5ffdfaed	160	* void idmap_cpu_replace_ttbr1(phys_addr_t ttbr1)
50e1881d MR	161	*
	162	* This is the low-level counterpart to cpu_replace_ttbr1, and should not be
	163	* called by anything else. It can only be executed from a TTBR0 mapping.
	164	*/
f4659254	165	SYM_FUNC_START(idmap_cpu_replace_ttbr1)
0fbeb318	166	save_and_disable_daif flags=x2
50e1881d	167
f992b4df	168	__idmap_cpu_set_reserved_ttbr1 x1, x3
50e1881d	169
c812026c	170	offset_ttbr1 x0, x3
5ffdfaed	171	msr ttbr1_el1, x0
50e1881d MR	172	isb
50e1881d MR	173
0fbeb318	174	restore_daif x2
50e1881d MR	175
50e1881d MR	176	ret
f4659254	177	SYM_FUNC_END(idmap_cpu_replace_ttbr1)
50e1881d MR	178	.popsection
50e1881d MR	179
f992b4df	180	#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
439e70e2	181	.pushsection ".idmap.text", "awx"
f992b4df WD	182
	183	.macro __idmap_kpti_get_pgtable_ent, type
	184	dc cvac, cur_\()\type\()p // Ensure any existing dirty
	185	dmb sy // lines are written back before
	186	ldr \type, [cur_\()\type\()p] // loading the entry
2ce77f6d WD	187	tbz \type, #0, skip_\()\type // Skip invalid and
2ce77f6d WD	188	tbnz \type, #11, skip_\()\type // non-global entries
f992b4df WD	189	.endm
	190
	191	.macro __idmap_kpti_put_pgtable_ent_ng, type
	192	orr \type, \type, #PTE_NG // Same bit for blocks and pages
71c8fc0c WD	193	str \type, [cur_\()\type\()p] // Update the entry and ensure
	194	dmb sy // that it is visible to all
	195	dc civac, cur_\()\type\()p // CPUs.
f992b4df WD	196	.endm
	197
	198	/*
	199	* void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
	200	*
	201	* Called exactly once from stop_machine context by each CPU found during boot.
	202	*/
	203	__idmap_kpti_flag:
	204	.long 1
f4659254	205	SYM_FUNC_START(idmap_kpti_install_ng_mappings)
f992b4df WD	206	cpu .req w0
	207	num_cpus .req w1
	208	swapper_pa .req x2
	209	swapper_ttb .req x3
	210	flag_ptr .req x4
	211	cur_pgdp .req x5
	212	end_pgdp .req x6
	213	pgd .req x7
	214	cur_pudp .req x8
	215	end_pudp .req x9
	216	pud .req x10
	217	cur_pmdp .req x11
	218	end_pmdp .req x12
	219	pmd .req x13
	220	cur_ptep .req x14
	221	end_ptep .req x15
	222	pte .req x16
	223
	224	mrs swapper_ttb, ttbr1_el1
e842dfb5	225	restore_ttbr1 swapper_ttb
f992b4df WD	226	adr flag_ptr, __idmap_kpti_flag
	227
	228	cbnz cpu, __idmap_kpti_secondary
	229
	230	/* We're the boot CPU. Wait for the others to catch up */
	231	sevl
	232	1: wfe
e3ec6582 ST	233	ldaxr w17, [flag_ptr]
	234	eor w17, w17, num_cpus
	235	cbnz w17, 1b
f992b4df WD	236
	237	/* We need to walk swapper, so turn off the MMU. */
	238	pre_disable_mmu_workaround
e3ec6582 ST	239	mrs x17, sctlr_el1
	240	bic x17, x17, #SCTLR_ELx_M
	241	msr sctlr_el1, x17
f992b4df WD	242	isb
	243
	244	/* Everybody is enjoying the idmap, so we can rewrite swapper. */
	245	/* PGD */
	246	mov cur_pgdp, swapper_pa
	247	add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8)
	248	do_pgd: __idmap_kpti_get_pgtable_ent pgd
	249	tbnz pgd, #1, walk_puds
f992b4df	250	next_pgd:
2ce77f6d WD	251	__idmap_kpti_put_pgtable_ent_ng pgd
2ce77f6d WD	252	skip_pgd:
f992b4df WD	253	add cur_pgdp, cur_pgdp, #8
	254	cmp cur_pgdp, end_pgdp
	255	b.ne do_pgd
	256
	257	/* Publish the updated tables and nuke all the TLBs */
	258	dsb sy
	259	tlbi vmalle1is
	260	dsb ish
	261	isb
	262
	263	/* We're done: fire up the MMU again */
e3ec6582 ST	264	mrs x17, sctlr_el1
	265	orr x17, x17, #SCTLR_ELx_M
	266	msr sctlr_el1, x17
f992b4df WD	267	isb
f992b4df WD	268
f32c7a8e MR	269	/*
	270	* Invalidate the local I-cache so that any instructions fetched
	271	* speculatively from the PoC are discarded, since they may have
	272	* been dynamically patched at the PoU.
	273	*/
	274	ic iallu
	275	dsb nsh
	276	isb
	277
f992b4df WD	278	/* Set the flag to zero to indicate that we're all done */
	279	str wzr, [flag_ptr]
	280	ret
	281
	282	/* PUD */
	283	walk_puds:
	284	.if CONFIG_PGTABLE_LEVELS > 3
	285	pte_to_phys cur_pudp, pgd
	286	add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8)
	287	do_pud: __idmap_kpti_get_pgtable_ent pud
	288	tbnz pud, #1, walk_pmds
f992b4df	289	next_pud:
2ce77f6d WD	290	__idmap_kpti_put_pgtable_ent_ng pud
2ce77f6d WD	291	skip_pud:
f992b4df WD	292	add cur_pudp, cur_pudp, 8
	293	cmp cur_pudp, end_pudp
	294	b.ne do_pud
	295	b next_pgd
	296	.else /* CONFIG_PGTABLE_LEVELS <= 3 */
	297	mov pud, pgd
	298	b walk_pmds
	299	next_pud:
	300	b next_pgd
	301	.endif
	302
	303	/* PMD */
	304	walk_pmds:
	305	.if CONFIG_PGTABLE_LEVELS > 2
	306	pte_to_phys cur_pmdp, pud
	307	add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8)
	308	do_pmd: __idmap_kpti_get_pgtable_ent pmd
	309	tbnz pmd, #1, walk_ptes
f992b4df	310	next_pmd:
2ce77f6d WD	311	__idmap_kpti_put_pgtable_ent_ng pmd
2ce77f6d WD	312	skip_pmd:
f992b4df WD	313	add cur_pmdp, cur_pmdp, #8
	314	cmp cur_pmdp, end_pmdp
	315	b.ne do_pmd
	316	b next_pud
	317	.else /* CONFIG_PGTABLE_LEVELS <= 2 */
	318	mov pmd, pud
	319	b walk_ptes
	320	next_pmd:
	321	b next_pud
	322	.endif
	323
	324	/* PTE */
	325	walk_ptes:
	326	pte_to_phys cur_ptep, pmd
	327	add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8)
	328	do_pte: __idmap_kpti_get_pgtable_ent pte
	329	__idmap_kpti_put_pgtable_ent_ng pte
2ce77f6d	330	skip_pte:
f992b4df WD	331	add cur_ptep, cur_ptep, #8
	332	cmp cur_ptep, end_ptep
	333	b.ne do_pte
	334	b next_pmd
	335
e3ec6582 ST	336	.unreq cpu
	337	.unreq num_cpus
	338	.unreq swapper_pa
	339	.unreq cur_pgdp
	340	.unreq end_pgdp
	341	.unreq pgd
	342	.unreq cur_pudp
	343	.unreq end_pudp
	344	.unreq pud
	345	.unreq cur_pmdp
	346	.unreq end_pmdp
	347	.unreq pmd
	348	.unreq cur_ptep
	349	.unreq end_ptep
	350	.unreq pte
	351
f992b4df WD	352	/* Secondary CPUs end up here */
	353	__idmap_kpti_secondary:
	354	/* Uninstall swapper before surgery begins */
e3ec6582	355	__idmap_cpu_set_reserved_ttbr1 x16, x17
f992b4df WD	356
f992b4df WD	357	/* Increment the flag to let the boot CPU we're ready */
e3ec6582 ST	358	1: ldxr w16, [flag_ptr]
	359	add w16, w16, #1
	360	stxr w17, w16, [flag_ptr]
f992b4df WD	361	cbnz w17, 1b
	362
	363	/* Wait for the boot CPU to finish messing around with swapper */
	364	sevl
	365	1: wfe
e3ec6582 ST	366	ldxr w16, [flag_ptr]
e3ec6582 ST	367	cbnz w16, 1b
f992b4df WD	368
f992b4df WD	369	/* All done, act like nothing happened */
e3ec6582	370	offset_ttbr1 swapper_ttb, x16
f992b4df WD	371	msr ttbr1_el1, swapper_ttb
	372	isb
	373	ret
	374
f992b4df WD	375	.unreq swapper_ttb
f992b4df WD	376	.unreq flag_ptr
f4659254	377	SYM_FUNC_END(idmap_kpti_install_ng_mappings)
f992b4df WD	378	.popsection
	379	#endif
	380
9cce7a43 CM	381	/*
	382	* __cpu_setup
	383	*
	384	* Initialise the processor for turning the MMU on. Return in x0 the
	385	* value of the SCTLR_EL1 register.
	386	*/
439e70e2	387	.pushsection ".idmap.text", "awx"
f4659254	388	SYM_FUNC_START(__cpu_setup)
fa7aae8a WD	389	tlbi vmalle1 // Invalidate local TLB
fa7aae8a WD	390	dsb nsh
9cce7a43 CM	391
	392	mov x0, #3 << 20
	393	msr cpacr_el1, x0 // Enable FP/ASIMD
d8d23fa0 WD	394	mov x0, #1 << 12 // Reset mdscr_el1 and disable
d8d23fa0 WD	395	msr mdscr_el1, x0 // access to the DCC from EL0
2ce39ad1 WD	396	isb // Unmask debug exceptions now,
2ce39ad1 WD	397	enable_dbg // since this is per-cpu
f436b2ac	398	reset_pmuserenr_el0 x0 // Disable PMU access from EL0
87a1f063 IV	399	reset_amuserenr_el0 x0 // Disable AMU access from EL0
87a1f063 IV	400
9cce7a43	401	/*
95b3f74b	402	* Memory region attributes
9cce7a43	403	*/
95b3f74b	404	mov_q x5, MAIR_EL1_SET
9cce7a43 CM	405	msr mair_el1, x5
	406	/*
	407	* Prepare SCTLR
	408	*/
7a00d68e	409	mov_q x0, SCTLR_EL1_SET
9cce7a43 CM	410	/*
	411	* Set/prepare TCR and TTBR. We use 512GB (39-bit) address range for
	412	* both user and kernel.
	413	*/
dc374b47	414	mov_q x10, TCR_TxSZ(VA_BITS) \| TCR_CACHE_FLAGS \| TCR_SMP_FLAGS \| \
e03e61c3	415	TCR_TG_FLAGS \| TCR_KASLR_FLAGS \| TCR_ASID16 \| \
21696c16	416	TCR_TBI0 \| TCR_A1 \| TCR_KASAN_FLAGS
3e32131a	417	tcr_clear_errata_bits x10, x9, x5
67e7fdfc	418
b6d00d47	419	#ifdef CONFIG_ARM64_VA_BITS_52
2c624fe6	420	ldr_l x9, vabits_actual
67e7fdfc SC	421	sub x9, xzr, x9
67e7fdfc SC	422	add x9, x9, #64
b6d00d47	423	tcr_set_t1sz x10, x9
67e7fdfc SC	424	#else
	425	ldr_l x9, idmap_t0sz
	426	#endif
	427	tcr_set_t0sz x10, x9
dd006da2	428
87366d8c	429	/*
787fd1d0	430	* Set the IPS bits in TCR_EL1.
87366d8c	431	*/
787fd1d0	432	tcr_compute_pa_size x10, #TCR_IPS_SHIFT, x5, x6
2f4b829c CM	433	#ifdef CONFIG_ARM64_HW_AFDBM
2f4b829c CM	434	/*
05abb595 SP	435	* Enable hardware update of the Access Flags bit.
	436	* Hardware dirty bit management is enabled later,
	437	* via capabilities.
2f4b829c CM	438	*/
	439	mrs x9, ID_AA64MMFR1_EL1
	440	and x9, x9, #0xf
05abb595 SP	441	cbz x9, 1f
	442	orr x10, x10, #TCR_HA // hardware Access flag update
	443	1:
2f4b829c	444	#endif /* CONFIG_ARM64_HW_AFDBM */
9cce7a43 CM	445	msr tcr_el1, x10
9cce7a43 CM	446	ret // return to head.S
f4659254	447	SYM_FUNC_END(__cpu_setup)