linux/arch/powerpc/lib/feature-fixups.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 *  Copyright (C) 2001 Ben. Herrenschmidt (benh@kernel.crashing.org)
   4 *
   5 *  Modifications for ppc64:
   6 *      Copyright (C) 2003 Dave Engebretsen <engebret@us.ibm.com>
   7 *
   8 *  Copyright 2008 Michael Ellerman, IBM Corporation.
   9 */
  10
  11#include <linux/types.h>
  12#include <linux/jump_label.h>
  13#include <linux/kernel.h>
  14#include <linux/string.h>
  15#include <linux/init.h>
  16#include <linux/sched/mm.h>
  17#include <linux/stop_machine.h>
  18#include <asm/cputable.h>
  19#include <asm/code-patching.h>
  20#include <asm/interrupt.h>
  21#include <asm/page.h>
  22#include <asm/sections.h>
  23#include <asm/setup.h>
  24#include <asm/security_features.h>
  25#include <asm/firmware.h>
  26#include <asm/inst.h>
  27
  28struct fixup_entry {
  29        unsigned long   mask;
  30        unsigned long   value;
  31        long            start_off;
  32        long            end_off;
  33        long            alt_start_off;
  34        long            alt_end_off;
  35};
  36
  37static u32 *calc_addr(struct fixup_entry *fcur, long offset)
  38{
  39        /*
  40         * We store the offset to the code as a negative offset from
  41         * the start of the alt_entry, to support the VDSO. This
  42         * routine converts that back into an actual address.
  43         */
  44        return (u32 *)((unsigned long)fcur + offset);
  45}
  46
  47static int patch_alt_instruction(u32 *src, u32 *dest, u32 *alt_start, u32 *alt_end)
  48{
  49        int err;
  50        struct ppc_inst instr;
  51
  52        instr = ppc_inst_read(src);
  53
  54        if (instr_is_relative_branch(ppc_inst_read(src))) {
  55                u32 *target = (u32 *)branch_target(src);
  56
  57                /* Branch within the section doesn't need translating */
  58                if (target < alt_start || target > alt_end) {
  59                        err = translate_branch(&instr, dest, src);
  60                        if (err)
  61                                return 1;
  62                }
  63        }
  64
  65        raw_patch_instruction(dest, instr);
  66
  67        return 0;
  68}
  69
  70static int patch_feature_section(unsigned long value, struct fixup_entry *fcur)
  71{
  72        u32 *start, *end, *alt_start, *alt_end, *src, *dest;
  73
  74        start = calc_addr(fcur, fcur->start_off);
  75        end = calc_addr(fcur, fcur->end_off);
  76        alt_start = calc_addr(fcur, fcur->alt_start_off);
  77        alt_end = calc_addr(fcur, fcur->alt_end_off);
  78
  79        if ((alt_end - alt_start) > (end - start))
  80                return 1;
  81
  82        if ((value & fcur->mask) == fcur->value)
  83                return 0;
  84
  85        src = alt_start;
  86        dest = start;
  87
  88        for (; src < alt_end; src = ppc_inst_next(src, src),
  89                              dest = ppc_inst_next(dest, dest)) {
  90                if (patch_alt_instruction(src, dest, alt_start, alt_end))
  91                        return 1;
  92        }
  93
  94        for (; dest < end; dest++)
  95                raw_patch_instruction(dest, ppc_inst(PPC_RAW_NOP()));
  96
  97        return 0;
  98}
  99
 100void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end)
 101{
 102        struct fixup_entry *fcur, *fend;
 103
 104        fcur = fixup_start;
 105        fend = fixup_end;
 106
 107        for (; fcur < fend; fcur++) {
 108                if (patch_feature_section(value, fcur)) {
 109                        WARN_ON(1);
 110                        printk("Unable to patch feature section at %p - %p" \
 111                                " with %p - %p\n",
 112                                calc_addr(fcur, fcur->start_off),
 113                                calc_addr(fcur, fcur->end_off),
 114                                calc_addr(fcur, fcur->alt_start_off),
 115                                calc_addr(fcur, fcur->alt_end_off));
 116                }
 117        }
 118}
 119
 120#ifdef CONFIG_PPC_BOOK3S_64
 121static void do_stf_entry_barrier_fixups(enum stf_barrier_type types)
 122{
 123        unsigned int instrs[3], *dest;
 124        long *start, *end;
 125        int i;
 126
 127        start = PTRRELOC(&__start___stf_entry_barrier_fixup);
 128        end = PTRRELOC(&__stop___stf_entry_barrier_fixup);
 129
 130        instrs[0] = PPC_RAW_NOP();
 131        instrs[1] = PPC_RAW_NOP();
 132        instrs[2] = PPC_RAW_NOP();
 133
 134        i = 0;
 135        if (types & STF_BARRIER_FALLBACK) {
 136                instrs[i++] = PPC_RAW_MFLR(_R10);
 137                instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
 138                instrs[i++] = PPC_RAW_MTLR(_R10);
 139        } else if (types & STF_BARRIER_EIEIO) {
 140                instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
 141        } else if (types & STF_BARRIER_SYNC_ORI) {
 142                instrs[i++] = PPC_RAW_SYNC();
 143                instrs[i++] = PPC_RAW_LD(_R10, _R13, 0);
 144                instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
 145        }
 146
 147        for (i = 0; start < end; start++, i++) {
 148                dest = (void *)start + *start;
 149
 150                pr_devel("patching dest %lx\n", (unsigned long)dest);
 151
 152                // See comment in do_entry_flush_fixups() RE order of patching
 153                if (types & STF_BARRIER_FALLBACK) {
 154                        patch_instruction(dest, ppc_inst(instrs[0]));
 155                        patch_instruction(dest + 2, ppc_inst(instrs[2]));
 156                        patch_branch(dest + 1,
 157                                     (unsigned long)&stf_barrier_fallback, BRANCH_SET_LINK);
 158                } else {
 159                        patch_instruction(dest + 1, ppc_inst(instrs[1]));
 160                        patch_instruction(dest + 2, ppc_inst(instrs[2]));
 161                        patch_instruction(dest, ppc_inst(instrs[0]));
 162                }
 163        }
 164
 165        printk(KERN_DEBUG "stf-barrier: patched %d entry locations (%s barrier)\n", i,
 166                (types == STF_BARRIER_NONE)                  ? "no" :
 167                (types == STF_BARRIER_FALLBACK)              ? "fallback" :
 168                (types == STF_BARRIER_EIEIO)                 ? "eieio" :
 169                (types == (STF_BARRIER_SYNC_ORI))            ? "hwsync"
 170                                                           : "unknown");
 171}
 172
 173static void do_stf_exit_barrier_fixups(enum stf_barrier_type types)
 174{
 175        unsigned int instrs[6], *dest;
 176        long *start, *end;
 177        int i;
 178
 179        start = PTRRELOC(&__start___stf_exit_barrier_fixup);
 180        end = PTRRELOC(&__stop___stf_exit_barrier_fixup);
 181
 182        instrs[0] = PPC_RAW_NOP();
 183        instrs[1] = PPC_RAW_NOP();
 184        instrs[2] = PPC_RAW_NOP();
 185        instrs[3] = PPC_RAW_NOP();
 186        instrs[4] = PPC_RAW_NOP();
 187        instrs[5] = PPC_RAW_NOP();
 188
 189        i = 0;
 190        if (types & STF_BARRIER_FALLBACK || types & STF_BARRIER_SYNC_ORI) {
 191                if (cpu_has_feature(CPU_FTR_HVMODE)) {
 192                        instrs[i++] = PPC_RAW_MTSPR(SPRN_HSPRG1, _R13);
 193                        instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG0);
 194                } else {
 195                        instrs[i++] = PPC_RAW_MTSPR(SPRN_SPRG2, _R13);
 196                        instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG1);
 197                }
 198                instrs[i++] = PPC_RAW_SYNC();
 199                instrs[i++] = PPC_RAW_LD(_R13, _R13, 0);
 200                instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
 201                if (cpu_has_feature(CPU_FTR_HVMODE))
 202                        instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_HSPRG1);
 203                else
 204                        instrs[i++] = PPC_RAW_MFSPR(_R13, SPRN_SPRG2);
 205        } else if (types & STF_BARRIER_EIEIO) {
 206                instrs[i++] = PPC_RAW_EIEIO() | 0x02000000; /* eieio + bit 6 hint */
 207        }
 208
 209        for (i = 0; start < end; start++, i++) {
 210                dest = (void *)start + *start;
 211
 212                pr_devel("patching dest %lx\n", (unsigned long)dest);
 213
 214                patch_instruction(dest, ppc_inst(instrs[0]));
 215                patch_instruction(dest + 1, ppc_inst(instrs[1]));
 216                patch_instruction(dest + 2, ppc_inst(instrs[2]));
 217                patch_instruction(dest + 3, ppc_inst(instrs[3]));
 218                patch_instruction(dest + 4, ppc_inst(instrs[4]));
 219                patch_instruction(dest + 5, ppc_inst(instrs[5]));
 220        }
 221        printk(KERN_DEBUG "stf-barrier: patched %d exit locations (%s barrier)\n", i,
 222                (types == STF_BARRIER_NONE)                  ? "no" :
 223                (types == STF_BARRIER_FALLBACK)              ? "fallback" :
 224                (types == STF_BARRIER_EIEIO)                 ? "eieio" :
 225                (types == (STF_BARRIER_SYNC_ORI))            ? "hwsync"
 226                                                           : "unknown");
 227}
 228
 229static bool stf_exit_reentrant = false;
 230static bool rfi_exit_reentrant = false;
 231
 232static int __do_stf_barrier_fixups(void *data)
 233{
 234        enum stf_barrier_type *types = data;
 235
 236        do_stf_entry_barrier_fixups(*types);
 237        do_stf_exit_barrier_fixups(*types);
 238
 239        return 0;
 240}
 241
 242void do_stf_barrier_fixups(enum stf_barrier_type types)
 243{
 244        /*
 245         * The call to the fallback entry flush, and the fallback/sync-ori exit
 246         * flush can not be safely patched in/out while other CPUs are
 247         * executing them. So call __do_stf_barrier_fixups() on one CPU while
 248         * all other CPUs spin in the stop machine core with interrupts hard
 249         * disabled.
 250         *
 251         * The branch to mark interrupt exits non-reentrant is enabled first,
 252         * then stop_machine runs which will ensure all CPUs are out of the
 253         * low level interrupt exit code before patching. After the patching,
 254         * if allowed, then flip the branch to allow fast exits.
 255         */
 256        static_branch_enable(&interrupt_exit_not_reentrant);
 257
 258        stop_machine(__do_stf_barrier_fixups, &types, NULL);
 259
 260        if ((types & STF_BARRIER_FALLBACK) || (types & STF_BARRIER_SYNC_ORI))
 261                stf_exit_reentrant = false;
 262        else
 263                stf_exit_reentrant = true;
 264
 265        if (stf_exit_reentrant && rfi_exit_reentrant)
 266                static_branch_disable(&interrupt_exit_not_reentrant);
 267}
 268
 269void do_uaccess_flush_fixups(enum l1d_flush_type types)
 270{
 271        unsigned int instrs[4], *dest;
 272        long *start, *end;
 273        int i;
 274
 275        start = PTRRELOC(&__start___uaccess_flush_fixup);
 276        end = PTRRELOC(&__stop___uaccess_flush_fixup);
 277
 278        instrs[0] = PPC_RAW_NOP();
 279        instrs[1] = PPC_RAW_NOP();
 280        instrs[2] = PPC_RAW_NOP();
 281        instrs[3] = PPC_RAW_BLR();
 282
 283        i = 0;
 284        if (types == L1D_FLUSH_FALLBACK) {
 285                instrs[3] = PPC_RAW_NOP();
 286                /* fallthrough to fallback flush */
 287        }
 288
 289        if (types & L1D_FLUSH_ORI) {
 290                instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
 291                instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
 292        }
 293
 294        if (types & L1D_FLUSH_MTTRIG)
 295                instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
 296
 297        for (i = 0; start < end; start++, i++) {
 298                dest = (void *)start + *start;
 299
 300                pr_devel("patching dest %lx\n", (unsigned long)dest);
 301
 302                patch_instruction(dest, ppc_inst(instrs[0]));
 303
 304                patch_instruction(dest + 1, ppc_inst(instrs[1]));
 305                patch_instruction(dest + 2, ppc_inst(instrs[2]));
 306                patch_instruction(dest + 3, ppc_inst(instrs[3]));
 307        }
 308
 309        printk(KERN_DEBUG "uaccess-flush: patched %d locations (%s flush)\n", i,
 310                (types == L1D_FLUSH_NONE)       ? "no" :
 311                (types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
 312                (types &  L1D_FLUSH_ORI)        ? (types & L1D_FLUSH_MTTRIG)
 313                                                        ? "ori+mttrig type"
 314                                                        : "ori type" :
 315                (types &  L1D_FLUSH_MTTRIG)     ? "mttrig type"
 316                                                : "unknown");
 317}
 318
 319static int __do_entry_flush_fixups(void *data)
 320{
 321        enum l1d_flush_type types = *(enum l1d_flush_type *)data;
 322        unsigned int instrs[3], *dest;
 323        long *start, *end;
 324        int i;
 325
 326        instrs[0] = PPC_RAW_NOP();
 327        instrs[1] = PPC_RAW_NOP();
 328        instrs[2] = PPC_RAW_NOP();
 329
 330        i = 0;
 331        if (types == L1D_FLUSH_FALLBACK) {
 332                instrs[i++] = PPC_RAW_MFLR(_R10);
 333                instrs[i++] = PPC_RAW_NOP(); /* branch patched below */
 334                instrs[i++] = PPC_RAW_MTLR(_R10);
 335        }
 336
 337        if (types & L1D_FLUSH_ORI) {
 338                instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
 339                instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
 340        }
 341
 342        if (types & L1D_FLUSH_MTTRIG)
 343                instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
 344
 345        /*
 346         * If we're patching in or out the fallback flush we need to be careful about the
 347         * order in which we patch instructions. That's because it's possible we could
 348         * take a page fault after patching one instruction, so the sequence of
 349         * instructions must be safe even in a half patched state.
 350         *
 351         * To make that work, when patching in the fallback flush we patch in this order:
 352         *  - the mflr          (dest)
 353         *  - the mtlr          (dest + 2)
 354         *  - the branch        (dest + 1)
 355         *
 356         * That ensures the sequence is safe to execute at any point. In contrast if we
 357         * patch the mtlr last, it's possible we could return from the branch and not
 358         * restore LR, leading to a crash later.
 359         *
 360         * When patching out the fallback flush (either with nops or another flush type),
 361         * we patch in this order:
 362         *  - the branch        (dest + 1)
 363         *  - the mtlr          (dest + 2)
 364         *  - the mflr          (dest)
 365         *
 366         * Note we are protected by stop_machine() from other CPUs executing the code in a
 367         * semi-patched state.
 368         */
 369
 370        start = PTRRELOC(&__start___entry_flush_fixup);
 371        end = PTRRELOC(&__stop___entry_flush_fixup);
 372        for (i = 0; start < end; start++, i++) {
 373                dest = (void *)start + *start;
 374
 375                pr_devel("patching dest %lx\n", (unsigned long)dest);
 376
 377                if (types == L1D_FLUSH_FALLBACK) {
 378                        patch_instruction(dest, ppc_inst(instrs[0]));
 379                        patch_instruction(dest + 2, ppc_inst(instrs[2]));
 380                        patch_branch(dest + 1,
 381                                     (unsigned long)&entry_flush_fallback, BRANCH_SET_LINK);
 382                } else {
 383                        patch_instruction(dest + 1, ppc_inst(instrs[1]));
 384                        patch_instruction(dest + 2, ppc_inst(instrs[2]));
 385                        patch_instruction(dest, ppc_inst(instrs[0]));
 386                }
 387        }
 388
 389        start = PTRRELOC(&__start___scv_entry_flush_fixup);
 390        end = PTRRELOC(&__stop___scv_entry_flush_fixup);
 391        for (; start < end; start++, i++) {
 392                dest = (void *)start + *start;
 393
 394                pr_devel("patching dest %lx\n", (unsigned long)dest);
 395
 396                if (types == L1D_FLUSH_FALLBACK) {
 397                        patch_instruction(dest, ppc_inst(instrs[0]));
 398                        patch_instruction(dest + 2, ppc_inst(instrs[2]));
 399                        patch_branch(dest + 1,
 400                                     (unsigned long)&scv_entry_flush_fallback, BRANCH_SET_LINK);
 401                } else {
 402                        patch_instruction(dest + 1, ppc_inst(instrs[1]));
 403                        patch_instruction(dest + 2, ppc_inst(instrs[2]));
 404                        patch_instruction(dest, ppc_inst(instrs[0]));
 405                }
 406        }
 407
 408
 409        printk(KERN_DEBUG "entry-flush: patched %d locations (%s flush)\n", i,
 410                (types == L1D_FLUSH_NONE)       ? "no" :
 411                (types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
 412                (types &  L1D_FLUSH_ORI)        ? (types & L1D_FLUSH_MTTRIG)
 413                                                        ? "ori+mttrig type"
 414                                                        : "ori type" :
 415                (types &  L1D_FLUSH_MTTRIG)     ? "mttrig type"
 416                                                : "unknown");
 417
 418        return 0;
 419}
 420
 421void do_entry_flush_fixups(enum l1d_flush_type types)
 422{
 423        /*
 424         * The call to the fallback flush can not be safely patched in/out while
 425         * other CPUs are executing it. So call __do_entry_flush_fixups() on one
 426         * CPU while all other CPUs spin in the stop machine core with interrupts
 427         * hard disabled.
 428         */
 429        stop_machine(__do_entry_flush_fixups, &types, NULL);
 430}
 431
 432static int __do_rfi_flush_fixups(void *data)
 433{
 434        enum l1d_flush_type types = *(enum l1d_flush_type *)data;
 435        unsigned int instrs[3], *dest;
 436        long *start, *end;
 437        int i;
 438
 439        start = PTRRELOC(&__start___rfi_flush_fixup);
 440        end = PTRRELOC(&__stop___rfi_flush_fixup);
 441
 442        instrs[0] = PPC_RAW_NOP();
 443        instrs[1] = PPC_RAW_NOP();
 444        instrs[2] = PPC_RAW_NOP();
 445
 446        if (types & L1D_FLUSH_FALLBACK)
 447                /* b .+16 to fallback flush */
 448                instrs[0] = PPC_INST_BRANCH | 16;
 449
 450        i = 0;
 451        if (types & L1D_FLUSH_ORI) {
 452                instrs[i++] = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
 453                instrs[i++] = PPC_RAW_ORI(_R30, _R30, 0); /* L1d flush */
 454        }
 455
 456        if (types & L1D_FLUSH_MTTRIG)
 457                instrs[i++] = PPC_RAW_MTSPR(SPRN_TRIG2, _R0);
 458
 459        for (i = 0; start < end; start++, i++) {
 460                dest = (void *)start + *start;
 461
 462                pr_devel("patching dest %lx\n", (unsigned long)dest);
 463
 464                patch_instruction(dest, ppc_inst(instrs[0]));
 465                patch_instruction(dest + 1, ppc_inst(instrs[1]));
 466                patch_instruction(dest + 2, ppc_inst(instrs[2]));
 467        }
 468
 469        printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
 470                (types == L1D_FLUSH_NONE)       ? "no" :
 471                (types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
 472                (types &  L1D_FLUSH_ORI)        ? (types & L1D_FLUSH_MTTRIG)
 473                                                        ? "ori+mttrig type"
 474                                                        : "ori type" :
 475                (types &  L1D_FLUSH_MTTRIG)     ? "mttrig type"
 476                                                : "unknown");
 477
 478        return 0;
 479}
 480
 481void do_rfi_flush_fixups(enum l1d_flush_type types)
 482{
 483        /*
 484         * stop_machine gets all CPUs out of the interrupt exit handler same
 485         * as do_stf_barrier_fixups. do_rfi_flush_fixups patching can run
 486         * without stop_machine, so this could be achieved with a broadcast
 487         * IPI instead, but this matches the stf sequence.
 488         */
 489        static_branch_enable(&interrupt_exit_not_reentrant);
 490
 491        stop_machine(__do_rfi_flush_fixups, &types, NULL);
 492
 493        if (types & L1D_FLUSH_FALLBACK)
 494                rfi_exit_reentrant = false;
 495        else
 496                rfi_exit_reentrant = true;
 497
 498        if (stf_exit_reentrant && rfi_exit_reentrant)
 499                static_branch_disable(&interrupt_exit_not_reentrant);
 500}
 501
 502void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
 503{
 504        unsigned int instr, *dest;
 505        long *start, *end;
 506        int i;
 507
 508        start = fixup_start;
 509        end = fixup_end;
 510
 511        instr = PPC_RAW_NOP();
 512
 513        if (enable) {
 514                pr_info("barrier-nospec: using ORI speculation barrier\n");
 515                instr = PPC_RAW_ORI(_R31, _R31, 0); /* speculation barrier */
 516        }
 517
 518        for (i = 0; start < end; start++, i++) {
 519                dest = (void *)start + *start;
 520
 521                pr_devel("patching dest %lx\n", (unsigned long)dest);
 522                patch_instruction(dest, ppc_inst(instr));
 523        }
 524
 525        printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
 526}
 527
 528#endif /* CONFIG_PPC_BOOK3S_64 */
 529
 530#ifdef CONFIG_PPC_BARRIER_NOSPEC
 531void do_barrier_nospec_fixups(bool enable)
 532{
 533        void *start, *end;
 534
 535        start = PTRRELOC(&__start___barrier_nospec_fixup);
 536        end = PTRRELOC(&__stop___barrier_nospec_fixup);
 537
 538        do_barrier_nospec_fixups_range(enable, start, end);
 539}
 540#endif /* CONFIG_PPC_BARRIER_NOSPEC */
 541
 542#ifdef CONFIG_PPC_FSL_BOOK3E
 543void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
 544{
 545        unsigned int instr[2], *dest;
 546        long *start, *end;
 547        int i;
 548
 549        start = fixup_start;
 550        end = fixup_end;
 551
 552        instr[0] = PPC_RAW_NOP();
 553        instr[1] = PPC_RAW_NOP();
 554
 555        if (enable) {
 556                pr_info("barrier-nospec: using isync; sync as speculation barrier\n");
 557                instr[0] = PPC_RAW_ISYNC();
 558                instr[1] = PPC_RAW_SYNC();
 559        }
 560
 561        for (i = 0; start < end; start++, i++) {
 562                dest = (void *)start + *start;
 563
 564                pr_devel("patching dest %lx\n", (unsigned long)dest);
 565                patch_instruction(dest, ppc_inst(instr[0]));
 566                patch_instruction(dest + 1, ppc_inst(instr[1]));
 567        }
 568
 569        printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
 570}
 571
 572static void patch_btb_flush_section(long *curr)
 573{
 574        unsigned int *start, *end;
 575
 576        start = (void *)curr + *curr;
 577        end = (void *)curr + *(curr + 1);
 578        for (; start < end; start++) {
 579                pr_devel("patching dest %lx\n", (unsigned long)start);
 580                patch_instruction(start, ppc_inst(PPC_RAW_NOP()));
 581        }
 582}
 583
 584void do_btb_flush_fixups(void)
 585{
 586        long *start, *end;
 587
 588        start = PTRRELOC(&__start__btb_flush_fixup);
 589        end = PTRRELOC(&__stop__btb_flush_fixup);
 590
 591        for (; start < end; start += 2)
 592                patch_btb_flush_section(start);
 593}
 594#endif /* CONFIG_PPC_FSL_BOOK3E */
 595
 596void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
 597{
 598        long *start, *end;
 599        u32 *dest;
 600
 601        if (!(value & CPU_FTR_LWSYNC))
 602                return ;
 603
 604        start = fixup_start;
 605        end = fixup_end;
 606
 607        for (; start < end; start++) {
 608                dest = (void *)start + *start;
 609                raw_patch_instruction(dest, ppc_inst(PPC_INST_LWSYNC));
 610        }
 611}
 612
 613static void do_final_fixups(void)
 614{
 615#if defined(CONFIG_PPC64) && defined(CONFIG_RELOCATABLE)
 616        struct ppc_inst inst;
 617        u32 *src, *dest, *end;
 618
 619        if (PHYSICAL_START == 0)
 620                return;
 621
 622        src = (u32 *)(KERNELBASE + PHYSICAL_START);
 623        dest = (u32 *)KERNELBASE;
 624        end = (void *)src + (__end_interrupts - _stext);
 625
 626        while (src < end) {
 627                inst = ppc_inst_read(src);
 628                raw_patch_instruction(dest, inst);
 629                src = ppc_inst_next(src, src);
 630                dest = ppc_inst_next(dest, dest);
 631        }
 632#endif
 633}
 634
 635static unsigned long __initdata saved_cpu_features;
 636static unsigned int __initdata saved_mmu_features;
 637#ifdef CONFIG_PPC64
 638static unsigned long __initdata saved_firmware_features;
 639#endif
 640
 641void __init apply_feature_fixups(void)
 642{
 643        struct cpu_spec *spec = PTRRELOC(*PTRRELOC(&cur_cpu_spec));
 644
 645        *PTRRELOC(&saved_cpu_features) = spec->cpu_features;
 646        *PTRRELOC(&saved_mmu_features) = spec->mmu_features;
 647
 648        /*
 649         * Apply the CPU-specific and firmware specific fixups to kernel text
 650         * (nop out sections not relevant to this CPU or this firmware).
 651         */
 652        do_feature_fixups(spec->cpu_features,
 653                          PTRRELOC(&__start___ftr_fixup),
 654                          PTRRELOC(&__stop___ftr_fixup));
 655
 656        do_feature_fixups(spec->mmu_features,
 657                          PTRRELOC(&__start___mmu_ftr_fixup),
 658                          PTRRELOC(&__stop___mmu_ftr_fixup));
 659
 660        do_lwsync_fixups(spec->cpu_features,
 661                         PTRRELOC(&__start___lwsync_fixup),
 662                         PTRRELOC(&__stop___lwsync_fixup));
 663
 664#ifdef CONFIG_PPC64
 665        saved_firmware_features = powerpc_firmware_features;
 666        do_feature_fixups(powerpc_firmware_features,
 667                          &__start___fw_ftr_fixup, &__stop___fw_ftr_fixup);
 668#endif
 669        do_final_fixups();
 670}
 671
 672void __init setup_feature_keys(void)
 673{
 674        /*
 675         * Initialise jump label. This causes all the cpu/mmu_has_feature()
 676         * checks to take on their correct polarity based on the current set of
 677         * CPU/MMU features.
 678         */
 679        jump_label_init();
 680        cpu_feature_keys_init();
 681        mmu_feature_keys_init();
 682}
 683
 684static int __init check_features(void)
 685{
 686        WARN(saved_cpu_features != cur_cpu_spec->cpu_features,
 687             "CPU features changed after feature patching!\n");
 688        WARN(saved_mmu_features != cur_cpu_spec->mmu_features,
 689             "MMU features changed after feature patching!\n");
 690#ifdef CONFIG_PPC64
 691        WARN(saved_firmware_features != powerpc_firmware_features,
 692             "Firmware features changed after feature patching!\n");
 693#endif
 694
 695        return 0;
 696}
 697late_initcall(check_features);
 698
 699#ifdef CONFIG_FTR_FIXUP_SELFTEST
 700
 701#define check(x)        \
 702        if (!(x)) printk("feature-fixups: test failed at line %d\n", __LINE__);
 703
 704/* This must be after the text it fixes up, vmlinux.lds.S enforces that atm */
 705static struct fixup_entry fixup;
 706
 707static long calc_offset(struct fixup_entry *entry, unsigned int *p)
 708{
 709        return (unsigned long)p - (unsigned long)entry;
 710}
 711
 712static void test_basic_patching(void)
 713{
 714        extern unsigned int ftr_fixup_test1[];
 715        extern unsigned int end_ftr_fixup_test1[];
 716        extern unsigned int ftr_fixup_test1_orig[];
 717        extern unsigned int ftr_fixup_test1_expected[];
 718        int size = 4 * (end_ftr_fixup_test1 - ftr_fixup_test1);
 719
 720        fixup.value = fixup.mask = 8;
 721        fixup.start_off = calc_offset(&fixup, ftr_fixup_test1 + 1);
 722        fixup.end_off = calc_offset(&fixup, ftr_fixup_test1 + 2);
 723        fixup.alt_start_off = fixup.alt_end_off = 0;
 724
 725        /* Sanity check */
 726        check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
 727
 728        /* Check we don't patch if the value matches */
 729        patch_feature_section(8, &fixup);
 730        check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
 731
 732        /* Check we do patch if the value doesn't match */
 733        patch_feature_section(0, &fixup);
 734        check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
 735
 736        /* Check we do patch if the mask doesn't match */
 737        memcpy(ftr_fixup_test1, ftr_fixup_test1_orig, size);
 738        check(memcmp(ftr_fixup_test1, ftr_fixup_test1_orig, size) == 0);
 739        patch_feature_section(~8, &fixup);
 740        check(memcmp(ftr_fixup_test1, ftr_fixup_test1_expected, size) == 0);
 741}
 742
 743static void test_alternative_patching(void)
 744{
 745        extern unsigned int ftr_fixup_test2[];
 746        extern unsigned int end_ftr_fixup_test2[];
 747        extern unsigned int ftr_fixup_test2_orig[];
 748        extern unsigned int ftr_fixup_test2_alt[];
 749        extern unsigned int ftr_fixup_test2_expected[];
 750        int size = 4 * (end_ftr_fixup_test2 - ftr_fixup_test2);
 751
 752        fixup.value = fixup.mask = 0xF;
 753        fixup.start_off = calc_offset(&fixup, ftr_fixup_test2 + 1);
 754        fixup.end_off = calc_offset(&fixup, ftr_fixup_test2 + 2);
 755        fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test2_alt);
 756        fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test2_alt + 1);
 757
 758        /* Sanity check */
 759        check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
 760
 761        /* Check we don't patch if the value matches */
 762        patch_feature_section(0xF, &fixup);
 763        check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
 764
 765        /* Check we do patch if the value doesn't match */
 766        patch_feature_section(0, &fixup);
 767        check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
 768
 769        /* Check we do patch if the mask doesn't match */
 770        memcpy(ftr_fixup_test2, ftr_fixup_test2_orig, size);
 771        check(memcmp(ftr_fixup_test2, ftr_fixup_test2_orig, size) == 0);
 772        patch_feature_section(~0xF, &fixup);
 773        check(memcmp(ftr_fixup_test2, ftr_fixup_test2_expected, size) == 0);
 774}
 775
 776static void test_alternative_case_too_big(void)
 777{
 778        extern unsigned int ftr_fixup_test3[];
 779        extern unsigned int end_ftr_fixup_test3[];
 780        extern unsigned int ftr_fixup_test3_orig[];
 781        extern unsigned int ftr_fixup_test3_alt[];
 782        int size = 4 * (end_ftr_fixup_test3 - ftr_fixup_test3);
 783
 784        fixup.value = fixup.mask = 0xC;
 785        fixup.start_off = calc_offset(&fixup, ftr_fixup_test3 + 1);
 786        fixup.end_off = calc_offset(&fixup, ftr_fixup_test3 + 2);
 787        fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test3_alt);
 788        fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test3_alt + 2);
 789
 790        /* Sanity check */
 791        check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
 792
 793        /* Expect nothing to be patched, and the error returned to us */
 794        check(patch_feature_section(0xF, &fixup) == 1);
 795        check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
 796        check(patch_feature_section(0, &fixup) == 1);
 797        check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
 798        check(patch_feature_section(~0xF, &fixup) == 1);
 799        check(memcmp(ftr_fixup_test3, ftr_fixup_test3_orig, size) == 0);
 800}
 801
 802static void test_alternative_case_too_small(void)
 803{
 804        extern unsigned int ftr_fixup_test4[];
 805        extern unsigned int end_ftr_fixup_test4[];
 806        extern unsigned int ftr_fixup_test4_orig[];
 807        extern unsigned int ftr_fixup_test4_alt[];
 808        extern unsigned int ftr_fixup_test4_expected[];
 809        int size = 4 * (end_ftr_fixup_test4 - ftr_fixup_test4);
 810        unsigned long flag;
 811
 812        /* Check a high-bit flag */
 813        flag = 1UL << ((sizeof(unsigned long) - 1) * 8);
 814        fixup.value = fixup.mask = flag;
 815        fixup.start_off = calc_offset(&fixup, ftr_fixup_test4 + 1);
 816        fixup.end_off = calc_offset(&fixup, ftr_fixup_test4 + 5);
 817        fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_test4_alt);
 818        fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_test4_alt + 2);
 819
 820        /* Sanity check */
 821        check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
 822
 823        /* Check we don't patch if the value matches */
 824        patch_feature_section(flag, &fixup);
 825        check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
 826
 827        /* Check we do patch if the value doesn't match */
 828        patch_feature_section(0, &fixup);
 829        check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
 830
 831        /* Check we do patch if the mask doesn't match */
 832        memcpy(ftr_fixup_test4, ftr_fixup_test4_orig, size);
 833        check(memcmp(ftr_fixup_test4, ftr_fixup_test4_orig, size) == 0);
 834        patch_feature_section(~flag, &fixup);
 835        check(memcmp(ftr_fixup_test4, ftr_fixup_test4_expected, size) == 0);
 836}
 837
 838static void test_alternative_case_with_branch(void)
 839{
 840        extern unsigned int ftr_fixup_test5[];
 841        extern unsigned int end_ftr_fixup_test5[];
 842        extern unsigned int ftr_fixup_test5_expected[];
 843        int size = 4 * (end_ftr_fixup_test5 - ftr_fixup_test5);
 844
 845        check(memcmp(ftr_fixup_test5, ftr_fixup_test5_expected, size) == 0);
 846}
 847
 848static void test_alternative_case_with_external_branch(void)
 849{
 850        extern unsigned int ftr_fixup_test6[];
 851        extern unsigned int end_ftr_fixup_test6[];
 852        extern unsigned int ftr_fixup_test6_expected[];
 853        int size = 4 * (end_ftr_fixup_test6 - ftr_fixup_test6);
 854
 855        check(memcmp(ftr_fixup_test6, ftr_fixup_test6_expected, size) == 0);
 856}
 857
 858static void test_alternative_case_with_branch_to_end(void)
 859{
 860        extern unsigned int ftr_fixup_test7[];
 861        extern unsigned int end_ftr_fixup_test7[];
 862        extern unsigned int ftr_fixup_test7_expected[];
 863        int size = 4 * (end_ftr_fixup_test7 - ftr_fixup_test7);
 864
 865        check(memcmp(ftr_fixup_test7, ftr_fixup_test7_expected, size) == 0);
 866}
 867
 868static void test_cpu_macros(void)
 869{
 870        extern u8 ftr_fixup_test_FTR_macros[];
 871        extern u8 ftr_fixup_test_FTR_macros_expected[];
 872        unsigned long size = ftr_fixup_test_FTR_macros_expected -
 873                             ftr_fixup_test_FTR_macros;
 874
 875        /* The fixups have already been done for us during boot */
 876        check(memcmp(ftr_fixup_test_FTR_macros,
 877                     ftr_fixup_test_FTR_macros_expected, size) == 0);
 878}
 879
 880static void test_fw_macros(void)
 881{
 882#ifdef CONFIG_PPC64
 883        extern u8 ftr_fixup_test_FW_FTR_macros[];
 884        extern u8 ftr_fixup_test_FW_FTR_macros_expected[];
 885        unsigned long size = ftr_fixup_test_FW_FTR_macros_expected -
 886                             ftr_fixup_test_FW_FTR_macros;
 887
 888        /* The fixups have already been done for us during boot */
 889        check(memcmp(ftr_fixup_test_FW_FTR_macros,
 890                     ftr_fixup_test_FW_FTR_macros_expected, size) == 0);
 891#endif
 892}
 893
 894static void test_lwsync_macros(void)
 895{
 896        extern u8 lwsync_fixup_test[];
 897        extern u8 end_lwsync_fixup_test[];
 898        extern u8 lwsync_fixup_test_expected_LWSYNC[];
 899        extern u8 lwsync_fixup_test_expected_SYNC[];
 900        unsigned long size = end_lwsync_fixup_test -
 901                             lwsync_fixup_test;
 902
 903        /* The fixups have already been done for us during boot */
 904        if (cur_cpu_spec->cpu_features & CPU_FTR_LWSYNC) {
 905                check(memcmp(lwsync_fixup_test,
 906                             lwsync_fixup_test_expected_LWSYNC, size) == 0);
 907        } else {
 908                check(memcmp(lwsync_fixup_test,
 909                             lwsync_fixup_test_expected_SYNC, size) == 0);
 910        }
 911}
 912
 913#ifdef CONFIG_PPC64
 914static void __init test_prefix_patching(void)
 915{
 916        extern unsigned int ftr_fixup_prefix1[];
 917        extern unsigned int end_ftr_fixup_prefix1[];
 918        extern unsigned int ftr_fixup_prefix1_orig[];
 919        extern unsigned int ftr_fixup_prefix1_expected[];
 920        int size = sizeof(unsigned int) * (end_ftr_fixup_prefix1 - ftr_fixup_prefix1);
 921
 922        fixup.value = fixup.mask = 8;
 923        fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix1 + 1);
 924        fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix1 + 3);
 925        fixup.alt_start_off = fixup.alt_end_off = 0;
 926
 927        /* Sanity check */
 928        check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) == 0);
 929
 930        patch_feature_section(0, &fixup);
 931        check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_expected, size) == 0);
 932        check(memcmp(ftr_fixup_prefix1, ftr_fixup_prefix1_orig, size) != 0);
 933}
 934
 935static void __init test_prefix_alt_patching(void)
 936{
 937        extern unsigned int ftr_fixup_prefix2[];
 938        extern unsigned int end_ftr_fixup_prefix2[];
 939        extern unsigned int ftr_fixup_prefix2_orig[];
 940        extern unsigned int ftr_fixup_prefix2_expected[];
 941        extern unsigned int ftr_fixup_prefix2_alt[];
 942        int size = sizeof(unsigned int) * (end_ftr_fixup_prefix2 - ftr_fixup_prefix2);
 943
 944        fixup.value = fixup.mask = 8;
 945        fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix2 + 1);
 946        fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix2 + 3);
 947        fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix2_alt);
 948        fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix2_alt + 2);
 949        /* Sanity check */
 950        check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) == 0);
 951
 952        patch_feature_section(0, &fixup);
 953        check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_expected, size) == 0);
 954        check(memcmp(ftr_fixup_prefix2, ftr_fixup_prefix2_orig, size) != 0);
 955}
 956
 957static void __init test_prefix_word_alt_patching(void)
 958{
 959        extern unsigned int ftr_fixup_prefix3[];
 960        extern unsigned int end_ftr_fixup_prefix3[];
 961        extern unsigned int ftr_fixup_prefix3_orig[];
 962        extern unsigned int ftr_fixup_prefix3_expected[];
 963        extern unsigned int ftr_fixup_prefix3_alt[];
 964        int size = sizeof(unsigned int) * (end_ftr_fixup_prefix3 - ftr_fixup_prefix3);
 965
 966        fixup.value = fixup.mask = 8;
 967        fixup.start_off = calc_offset(&fixup, ftr_fixup_prefix3 + 1);
 968        fixup.end_off = calc_offset(&fixup, ftr_fixup_prefix3 + 4);
 969        fixup.alt_start_off = calc_offset(&fixup, ftr_fixup_prefix3_alt);
 970        fixup.alt_end_off = calc_offset(&fixup, ftr_fixup_prefix3_alt + 3);
 971        /* Sanity check */
 972        check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) == 0);
 973
 974        patch_feature_section(0, &fixup);
 975        check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_expected, size) == 0);
 976        patch_feature_section(0, &fixup);
 977        check(memcmp(ftr_fixup_prefix3, ftr_fixup_prefix3_orig, size) != 0);
 978}
 979#else
 980static inline void test_prefix_patching(void) {}
 981static inline void test_prefix_alt_patching(void) {}
 982static inline void test_prefix_word_alt_patching(void) {}
 983#endif /* CONFIG_PPC64 */
 984
 985static int __init test_feature_fixups(void)
 986{
 987        printk(KERN_DEBUG "Running feature fixup self-tests ...\n");
 988
 989        test_basic_patching();
 990        test_alternative_patching();
 991        test_alternative_case_too_big();
 992        test_alternative_case_too_small();
 993        test_alternative_case_with_branch();
 994        test_alternative_case_with_external_branch();
 995        test_alternative_case_with_branch_to_end();
 996        test_cpu_macros();
 997        test_fw_macros();
 998        test_lwsync_macros();
 999        test_prefix_patching();
1000        test_prefix_alt_patching();
1001        test_prefix_word_alt_patching();
1002
1003        return 0;
1004}
1005late_initcall(test_feature_fixups);
1006
1007#endif /* CONFIG_FTR_FIXUP_SELFTEST */
1008