arm64: entry: Add exception trampoline page for exceptions from EL0

commit c7b9adaf85f8 upstream.

To allow unmapping of the kernel whilst running at EL0, we need to
point the exception vectors at an entry trampoline that can map/unmap
the kernel on entry/exit respectively.

This patch adds the trampoline page, although it is not yet plugged
into the vector table and is therefore unused.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Alex Shi <alex.shi@linaro.org>
Conflicts:
	add asm/mmu.h in entry.S for ASID marco
	add kernel-pgtable.h in entry.S for SWAPPER_DIR_SIZE and
	RESERVED_TTBR0_SIZE
	no SW PAN in vmlinux.lds.S

diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h
index e4ddac9..135e829 100644 (file)
--- a/arch/arm64/include/asm/kernel-pgtable.h
+++ b/arch/arm64/include/asm/kernel-pgtable.h
@@ -54,6 +54,8 @@
 #define SWAPPER_DIR_SIZE       (SWAPPER_PGTABLE_LEVELS * PAGE_SIZE)
 #define IDMAP_DIR_SIZE         (IDMAP_PGTABLE_LEVELS * PAGE_SIZE)
 
+#define RESERVED_TTBR0_SIZE    (0) /*no CONFIG_ARM64_SW_TTBR0_PAN  introduced */
+
 /* Initial memory map size */
 #if ARM64_SWAPPER_USES_SECTION_MAPS
 #define SWAPPER_BLOCK_SHIFT    SECTION_SHIFT

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 60b202a..f0c6b37 100644 (file)
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -29,9 +29,11 @@
 #include <asm/esr.h>
 #include <asm/irq.h>
 #include <asm/memory.h>
+#include <asm/mmu.h>
 #include <asm/thread_info.h>
 #include <asm/asm-uaccess.h>
 #include <asm/unistd.h>
+#include <asm/kernel-pgtable.h>
 
 /*
  * Context tracking subsystem.  Used to instrument transitions
@@ -828,6 +830,90 @@ __ni_sys_trace:
 
        .popsection                             // .entry.text
 
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+/*
+ * Exception vectors trampoline.
+ */
+       .pushsection ".entry.tramp.text", "ax"
+
+       .macro tramp_map_kernel, tmp
+       mrs     \tmp, ttbr1_el1
+       sub     \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE)
+       bic     \tmp, \tmp, #USER_ASID_FLAG
+       msr     ttbr1_el1, \tmp
+       .endm
+
+       .macro tramp_unmap_kernel, tmp
+       mrs     \tmp, ttbr1_el1
+       add     \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE)
+       orr     \tmp, \tmp, #USER_ASID_FLAG
+       msr     ttbr1_el1, \tmp
+       /*
+        * We avoid running the post_ttbr_update_workaround here because the
+        * user and kernel ASIDs don't have conflicting mappings, so any
+        * "blessing" as described in:
+        *
+        *   http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com
+        *
+        * will not hurt correctness. Whilst this may partially defeat the
+        * point of using split ASIDs in the first place, it avoids
+        * the hit of invalidating the entire I-cache on every return to
+        * userspace.
+        */
+       .endm
+
+       .macro tramp_ventry, regsize = 64
+       .align  7
+1:
+       .if     \regsize == 64
+       msr     tpidrro_el0, x30        // Restored in kernel_ventry
+       .endif
+       tramp_map_kernel        x30
+       ldr     x30, =vectors
+       prfm    plil1strm, [x30, #(1b - tramp_vectors)]
+       msr     vbar_el1, x30
+       add     x30, x30, #(1b - tramp_vectors)
+       isb
+       br      x30
+       .endm
+
+       .macro tramp_exit, regsize = 64
+       adr     x30, tramp_vectors
+       msr     vbar_el1, x30
+       tramp_unmap_kernel      x30
+       .if     \regsize == 64
+       mrs     x30, far_el1
+       .endif
+       eret
+       .endm
+
+       .align  11
+ENTRY(tramp_vectors)
+       .space  0x400
+
+       tramp_ventry
+       tramp_ventry
+       tramp_ventry
+       tramp_ventry
+
+       tramp_ventry    32
+       tramp_ventry    32
+       tramp_ventry    32
+       tramp_ventry    32
+END(tramp_vectors)
+
+ENTRY(tramp_exit_native)
+       tramp_exit
+END(tramp_exit_native)
+
+ENTRY(tramp_exit_compat)
+       tramp_exit      32
+END(tramp_exit_compat)
+
+       .ltorg
+       .popsection                             // .entry.tramp.text
+#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
+
 /*
  * Special system call wrappers.
  */

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 1105aab..466a43a 100644 (file)
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -56,6 +56,17 @@ jiffies = jiffies_64;
 #define HIBERNATE_TEXT
 #endif
 
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+#define TRAMP_TEXT                                     \
+       . = ALIGN(PAGE_SIZE);                           \
+       VMLINUX_SYMBOL(__entry_tramp_text_start) = .;   \
+       *(.entry.tramp.text)                            \
+       . = ALIGN(PAGE_SIZE);                           \
+       VMLINUX_SYMBOL(__entry_tramp_text_end) = .;
+#else
+#define TRAMP_TEXT
+#endif
+
 /*
  * The size of the PE/COFF section that covers the kernel image, which
  * runs from stext to _edata, must be a round multiple of the PE/COFF
@@ -128,6 +139,7 @@ SECTIONS
                        HYPERVISOR_TEXT
                        IDMAP_TEXT
                        HIBERNATE_TEXT
+                       TRAMP_TEXT
                        *(.fixup)
                        *(.gnu.warning)
                . = ALIGN(16);
@@ -216,6 +228,11 @@ SECTIONS
        swapper_pg_dir = .;
        . += SWAPPER_DIR_SIZE;
 
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+       tramp_pg_dir = .;
+       . += PAGE_SIZE;
+#endif
+
        _end = .;
 
        STABS_DEBUG