1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org>
4 */
5
6 #ifndef __ASM_CPUFEATURE_H
7 #define __ASM_CPUFEATURE_H
8
9 #include <asm/alternative-macros.h>
10 #include <asm/cpucaps.h>
11 #include <asm/cputype.h>
12 #include <asm/hwcap.h>
13 #include <asm/sysreg.h>
14
15 #define MAX_CPU_FEATURES 192
16 #define cpu_feature(x) KERNEL_HWCAP_ ## x
17
18 #define ARM64_SW_FEATURE_OVERRIDE_NOKASLR 0
19 #define ARM64_SW_FEATURE_OVERRIDE_HVHE 4
20 #define ARM64_SW_FEATURE_OVERRIDE_RODATA_OFF 8
21
22 #ifndef __ASSEMBLY__
23
24 #include <linux/bug.h>
25 #include <linux/jump_label.h>
26 #include <linux/kernel.h>
27 #include <linux/cpumask.h>
28
29 /*
30 * CPU feature register tracking
31 *
32 * The safe value of a CPUID feature field is dependent on the implications
33 * of the values assigned to it by the architecture. Based on the relationship
34 * between the values, the features are classified into 3 types - LOWER_SAFE,
35 * HIGHER_SAFE and EXACT.
36 *
37 * The lowest value of all the CPUs is chosen for LOWER_SAFE and highest
38 * for HIGHER_SAFE. It is expected that all CPUs have the same value for
39 * a field when EXACT is specified, failing which, the safe value specified
40 * in the table is chosen.
41 */
42
43 enum ftr_type {
44 FTR_EXACT, /* Use a predefined safe value */
45 FTR_LOWER_SAFE, /* Smaller value is safe */
46 FTR_HIGHER_SAFE, /* Bigger value is safe */
47 FTR_HIGHER_OR_ZERO_SAFE, /* Bigger value is safe, but 0 is biggest */
48 };
49
50 #define FTR_STRICT true /* SANITY check strict matching required */
51 #define FTR_NONSTRICT false /* SANITY check ignored */
52
53 #define FTR_SIGNED true /* Value should be treated as signed */
54 #define FTR_UNSIGNED false /* Value should be treated as unsigned */
55
56 #define FTR_VISIBLE true /* Feature visible to the user space */
57 #define FTR_HIDDEN false /* Feature is hidden from the user */
58
59 #define FTR_VISIBLE_IF_IS_ENABLED(config) \
60 (IS_ENABLED(config) ? FTR_VISIBLE : FTR_HIDDEN)
61
62 struct arm64_ftr_bits {
63 bool sign; /* Value is signed ? */
64 bool visible;
65 bool strict; /* CPU Sanity check: strict matching required ? */
66 enum ftr_type type;
67 u8 shift;
68 u8 width;
69 s64 safe_val; /* safe value for FTR_EXACT features */
70 };
71
72 /*
73 * Describe the early feature override to the core override code:
74 *
75 * @val Values that are to be merged into the final
76 * sanitised value of the register. Only the bitfields
77 * set to 1 in @mask are valid
78 * @mask Mask of the features that are overridden by @val
79 *
80 * A @mask field set to full-1 indicates that the corresponding field
81 * in @val is a valid override.
82 *
83 * A @mask field set to full-0 with the corresponding @val field set
84 * to full-0 denotes that this field has no override
85 *
86 * A @mask field set to full-0 with the corresponding @val field set
87 * to full-1 denotes that this field has an invalid override.
88 */
89 struct arm64_ftr_override {
90 u64 val;
91 u64 mask;
92 };
93
94 /*
95 * @arm64_ftr_reg - Feature register
96 * @strict_mask Bits which should match across all CPUs for sanity.
97 * @sys_val Safe value across the CPUs (system view)
98 */
99 struct arm64_ftr_reg {
100 const char *name;
101 u64 strict_mask;
102 u64 user_mask;
103 u64 sys_val;
104 u64 user_val;
105 struct arm64_ftr_override *override;
106 const struct arm64_ftr_bits *ftr_bits;
107 };
108
109 extern struct arm64_ftr_reg arm64_ftr_reg_ctrel0;
110
111 /*
112 * CPU capabilities:
113 *
114 * We use arm64_cpu_capabilities to represent system features, errata work
115 * arounds (both used internally by kernel and tracked in system_cpucaps) and
116 * ELF HWCAPs (which are exposed to user).
117 *
118 * To support systems with heterogeneous CPUs, we need to make sure that we
119 * detect the capabilities correctly on the system and take appropriate
120 * measures to ensure there are no incompatibilities.
121 *
122 * This comment tries to explain how we treat the capabilities.
123 * Each capability has the following list of attributes :
124 *
125 * 1) Scope of Detection : The system detects a given capability by
126 * performing some checks at runtime. This could be, e.g, checking the
127 * value of a field in CPU ID feature register or checking the cpu
128 * model. The capability provides a call back ( @matches() ) to
129 * perform the check. Scope defines how the checks should be performed.
130 * There are three cases:
131 *
132 * a) SCOPE_LOCAL_CPU: check all the CPUs and "detect" if at least one
133 * matches. This implies, we have to run the check on all the
134 * booting CPUs, until the system decides that state of the
135 * capability is finalised. (See section 2 below)
136 * Or
137 * b) SCOPE_SYSTEM: check all the CPUs and "detect" if all the CPUs
138 * matches. This implies, we run the check only once, when the
139 * system decides to finalise the state of the capability. If the
140 * capability relies on a field in one of the CPU ID feature
141 * registers, we use the sanitised value of the register from the
142 * CPU feature infrastructure to make the decision.
143 * Or
144 * c) SCOPE_BOOT_CPU: Check only on the primary boot CPU to detect the
145 * feature. This category is for features that are "finalised"
146 * (or used) by the kernel very early even before the SMP cpus
147 * are brought up.
148 *
149 * The process of detection is usually denoted by "update" capability
150 * state in the code.
151 *
152 * 2) Finalise the state : The kernel should finalise the state of a
153 * capability at some point during its execution and take necessary
154 * actions if any. Usually, this is done, after all the boot-time
155 * enabled CPUs are brought up by the kernel, so that it can make
156 * better decision based on the available set of CPUs. However, there
157 * are some special cases, where the action is taken during the early
158 * boot by the primary boot CPU. (e.g, running the kernel at EL2 with
159 * Virtualisation Host Extensions). The kernel usually disallows any
160 * changes to the state of a capability once it finalises the capability
161 * and takes any action, as it may be impossible to execute the actions
162 * safely. A CPU brought up after a capability is "finalised" is
163 * referred to as "Late CPU" w.r.t the capability. e.g, all secondary
164 * CPUs are treated "late CPUs" for capabilities determined by the boot
165 * CPU.
166 *
167 * At the moment there are two passes of finalising the capabilities.
168 * a) Boot CPU scope capabilities - Finalised by primary boot CPU via
169 * setup_boot_cpu_capabilities().
170 * b) Everything except (a) - Run via setup_system_capabilities().
171 *
172 * 3) Verification: When a CPU is brought online (e.g, by user or by the
173 * kernel), the kernel should make sure that it is safe to use the CPU,
174 * by verifying that the CPU is compliant with the state of the
175 * capabilities finalised already. This happens via :
176 *
177 * secondary_start_kernel()-> check_local_cpu_capabilities()
178 *
179 * As explained in (2) above, capabilities could be finalised at
180 * different points in the execution. Each newly booted CPU is verified
181 * against the capabilities that have been finalised by the time it
182 * boots.
183 *
184 * a) SCOPE_BOOT_CPU : All CPUs are verified against the capability
185 * except for the primary boot CPU.
186 *
187 * b) SCOPE_LOCAL_CPU, SCOPE_SYSTEM: All CPUs hotplugged on by the
188 * user after the kernel boot are verified against the capability.
189 *
190 * If there is a conflict, the kernel takes an action, based on the
191 * severity (e.g, a CPU could be prevented from booting or cause a
192 * kernel panic). The CPU is allowed to "affect" the state of the
193 * capability, if it has not been finalised already. See section 5
194 * for more details on conflicts.
195 *
196 * 4) Action: As mentioned in (2), the kernel can take an action for each
197 * detected capability, on all CPUs on the system. Appropriate actions
198 * include, turning on an architectural feature, modifying the control
199 * registers (e.g, SCTLR, TCR etc.) or patching the kernel via
200 * alternatives. The kernel patching is batched and performed at later
201 * point. The actions are always initiated only after the capability
202 * is finalised. This is usally denoted by "enabling" the capability.
203 * The actions are initiated as follows :
204 * a) Action is triggered on all online CPUs, after the capability is
205 * finalised, invoked within the stop_machine() context from
206 * enable_cpu_capabilitie().
207 *
208 * b) Any late CPU, brought up after (1), the action is triggered via:
209 *
210 * check_local_cpu_capabilities() -> verify_local_cpu_capabilities()
211 *
212 * 5) Conflicts: Based on the state of the capability on a late CPU vs.
213 * the system state, we could have the following combinations :
214 *
215 * x-----------------------------x
216 * | Type | System | Late CPU |
217 * |-----------------------------|
218 * | a | y | n |
219 * |-----------------------------|
220 * | b | n | y |
221 * x-----------------------------x
222 *
223 * Two separate flag bits are defined to indicate whether each kind of
224 * conflict can be allowed:
225 * ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU - Case(a) is allowed
226 * ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU - Case(b) is allowed
227 *
228 * Case (a) is not permitted for a capability that the system requires
229 * all CPUs to have in order for the capability to be enabled. This is
230 * typical for capabilities that represent enhanced functionality.
231 *
232 * Case (b) is not permitted for a capability that must be enabled
233 * during boot if any CPU in the system requires it in order to run
234 * safely. This is typical for erratum work arounds that cannot be
235 * enabled after the corresponding capability is finalised.
236 *
237 * In some non-typical cases either both (a) and (b), or neither,
238 * should be permitted. This can be described by including neither
239 * or both flags in the capability's type field.
240 *
241 * In case of a conflict, the CPU is prevented from booting. If the
242 * ARM64_CPUCAP_PANIC_ON_CONFLICT flag is specified for the capability,
243 * then a kernel panic is triggered.
244 */
245
246
247 /*
248 * Decide how the capability is detected.
249 * On any local CPU vs System wide vs the primary boot CPU
250 */
251 #define ARM64_CPUCAP_SCOPE_LOCAL_CPU ((u16)BIT(0))
252 #define ARM64_CPUCAP_SCOPE_SYSTEM ((u16)BIT(1))
253 /*
254 * The capabilitiy is detected on the Boot CPU and is used by kernel
255 * during early boot. i.e, the capability should be "detected" and
256 * "enabled" as early as possibly on all booting CPUs.
257 */
258 #define ARM64_CPUCAP_SCOPE_BOOT_CPU ((u16)BIT(2))
259 #define ARM64_CPUCAP_SCOPE_MASK \
260 (ARM64_CPUCAP_SCOPE_SYSTEM | \
261 ARM64_CPUCAP_SCOPE_LOCAL_CPU | \
262 ARM64_CPUCAP_SCOPE_BOOT_CPU)
263
264 #define SCOPE_SYSTEM ARM64_CPUCAP_SCOPE_SYSTEM
265 #define SCOPE_LOCAL_CPU ARM64_CPUCAP_SCOPE_LOCAL_CPU
266 #define SCOPE_BOOT_CPU ARM64_CPUCAP_SCOPE_BOOT_CPU
267 #define SCOPE_ALL ARM64_CPUCAP_SCOPE_MASK
268
269 /*
270 * Is it permitted for a late CPU to have this capability when system
271 * hasn't already enabled it ?
272 */
273 #define ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU ((u16)BIT(4))
274 /* Is it safe for a late CPU to miss this capability when system has it */
275 #define ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU ((u16)BIT(5))
276 /* Panic when a conflict is detected */
277 #define ARM64_CPUCAP_PANIC_ON_CONFLICT ((u16)BIT(6))
278 /*
279 * When paired with SCOPE_LOCAL_CPU, all early CPUs must satisfy the
280 * condition. This is different from SCOPE_SYSTEM where the check is performed
281 * only once at the end of the SMP boot on the sanitised ID registers.
282 * SCOPE_SYSTEM is not suitable for cases where the capability depends on
283 * properties local to a CPU like MIDR_EL1.
284 */
285 #define ARM64_CPUCAP_MATCH_ALL_EARLY_CPUS ((u16)BIT(7))
286
287 /*
288 * CPU errata workarounds that need to be enabled at boot time if one or
289 * more CPUs in the system requires it. When one of these capabilities
290 * has been enabled, it is safe to allow any CPU to boot that doesn't
291 * require the workaround. However, it is not safe if a "late" CPU
292 * requires a workaround and the system hasn't enabled it already.
293 */
294 #define ARM64_CPUCAP_LOCAL_CPU_ERRATUM \
295 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU)
296 /*
297 * CPU feature detected at boot time based on system-wide value of a
298 * feature. It is safe for a late CPU to have this feature even though
299 * the system hasn't enabled it, although the feature will not be used
300 * by Linux in this case. If the system has enabled this feature already,
301 * then every late CPU must have it.
302 */
303 #define ARM64_CPUCAP_SYSTEM_FEATURE \
304 (ARM64_CPUCAP_SCOPE_SYSTEM | ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU)
305 /*
306 * CPU feature detected at boot time based on feature of one or more CPUs.
307 * All possible conflicts for a late CPU are ignored.
308 * NOTE: this means that a late CPU with the feature will *not* cause the
309 * capability to be advertised by cpus_have_*cap()!
310 */
311 #define ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE \
312 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | \
313 ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU | \
314 ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU)
315 /*
316 * CPU feature detected at boot time and present on all early CPUs. Late CPUs
317 * are permitted to have the feature even if it hasn't been enabled, although
318 * the feature will not be used by Linux in this case. If all early CPUs have
319 * the feature, then every late CPU must have it.
320 */
321 #define ARM64_CPUCAP_EARLY_LOCAL_CPU_FEATURE \
322 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | \
323 ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU | \
324 ARM64_CPUCAP_MATCH_ALL_EARLY_CPUS)
325
326 /*
327 * CPU feature detected at boot time, on one or more CPUs. A late CPU
328 * is not allowed to have the capability when the system doesn't have it.
329 * It is Ok for a late CPU to miss the feature.
330 */
331 #define ARM64_CPUCAP_BOOT_RESTRICTED_CPU_LOCAL_FEATURE \
332 (ARM64_CPUCAP_SCOPE_LOCAL_CPU | \
333 ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU)
334
335 /*
336 * CPU feature used early in the boot based on the boot CPU. All secondary
337 * CPUs must match the state of the capability as detected by the boot CPU. In
338 * case of a conflict, a kernel panic is triggered.
339 */
340 #define ARM64_CPUCAP_STRICT_BOOT_CPU_FEATURE \
341 (ARM64_CPUCAP_SCOPE_BOOT_CPU | ARM64_CPUCAP_PANIC_ON_CONFLICT)
342
343 /*
344 * CPU feature used early in the boot based on the boot CPU. It is safe for a
345 * late CPU to have this feature even though the boot CPU hasn't enabled it,
346 * although the feature will not be used by Linux in this case. If the boot CPU
347 * has enabled this feature already, then every late CPU must have it.
348 */
349 #define ARM64_CPUCAP_BOOT_CPU_FEATURE \
350 (ARM64_CPUCAP_SCOPE_BOOT_CPU | ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU)
351
352 struct arm64_cpu_capabilities {
353 const char *desc;
354 u16 capability;
355 u16 type;
356 bool (*matches)(const struct arm64_cpu_capabilities *caps, int scope);
357 /*
358 * Take the appropriate actions to configure this capability
359 * for this CPU. If the capability is detected by the kernel
360 * this will be called on all the CPUs in the system,
361 * including the hotplugged CPUs, regardless of whether the
362 * capability is available on that specific CPU. This is
363 * useful for some capabilities (e.g, working around CPU
364 * errata), where all the CPUs must take some action (e.g,
365 * changing system control/configuration). Thus, if an action
366 * is required only if the CPU has the capability, then the
367 * routine must check it before taking any action.
368 */
369 void (*cpu_enable)(const struct arm64_cpu_capabilities *cap);
370 union {
371 struct { /* To be used for erratum handling only */
372 struct midr_range midr_range;
373 const struct arm64_midr_revidr {
374 u32 midr_rv; /* revision/variant */
375 u32 revidr_mask;
376 } * const fixed_revs;
377 };
378
379 const struct midr_range *midr_range_list;
380 struct { /* Feature register checking */
381 u32 sys_reg;
382 u8 field_pos;
383 u8 field_width;
384 u8 min_field_value;
385 u8 max_field_value;
386 u8 hwcap_type;
387 bool sign;
388 unsigned long hwcap;
389 };
390 };
391
392 /*
393 * An optional list of "matches/cpu_enable" pair for the same
394 * "capability" of the same "type" as described by the parent.
395 * Only matches(), cpu_enable() and fields relevant to these
396 * methods are significant in the list. The cpu_enable is
397 * invoked only if the corresponding entry "matches()".
398 * However, if a cpu_enable() method is associated
399 * with multiple matches(), care should be taken that either
400 * the match criteria are mutually exclusive, or that the
401 * method is robust against being called multiple times.
402 */
403 const struct arm64_cpu_capabilities *match_list;
404 const struct cpumask *cpus;
405 };
406
cpucap_default_scope(const struct arm64_cpu_capabilities * cap)407 static inline int cpucap_default_scope(const struct arm64_cpu_capabilities *cap)
408 {
409 return cap->type & ARM64_CPUCAP_SCOPE_MASK;
410 }
411
cpucap_match_all_early_cpus(const struct arm64_cpu_capabilities * cap)412 static inline bool cpucap_match_all_early_cpus(const struct arm64_cpu_capabilities *cap)
413 {
414 return cap->type & ARM64_CPUCAP_MATCH_ALL_EARLY_CPUS;
415 }
416
417 /*
418 * Generic helper for handling capabilities with multiple (match,enable) pairs
419 * of call backs, sharing the same capability bit.
420 * Iterate over each entry to see if at least one matches.
421 */
422 static inline bool
cpucap_multi_entry_cap_matches(const struct arm64_cpu_capabilities * entry,int scope)423 cpucap_multi_entry_cap_matches(const struct arm64_cpu_capabilities *entry,
424 int scope)
425 {
426 const struct arm64_cpu_capabilities *caps;
427
428 for (caps = entry->match_list; caps->matches; caps++)
429 if (caps->matches(caps, scope))
430 return true;
431
432 return false;
433 }
434
is_vhe_hyp_code(void)435 static __always_inline bool is_vhe_hyp_code(void)
436 {
437 /* Only defined for code run in VHE hyp context */
438 return __is_defined(__KVM_VHE_HYPERVISOR__);
439 }
440
is_nvhe_hyp_code(void)441 static __always_inline bool is_nvhe_hyp_code(void)
442 {
443 /* Only defined for code run in NVHE hyp context */
444 return __is_defined(__KVM_NVHE_HYPERVISOR__);
445 }
446
is_hyp_code(void)447 static __always_inline bool is_hyp_code(void)
448 {
449 return is_vhe_hyp_code() || is_nvhe_hyp_code();
450 }
451
452 extern DECLARE_BITMAP(system_cpucaps, ARM64_NCAPS);
453
454 extern DECLARE_BITMAP(boot_cpucaps, ARM64_NCAPS);
455
456 #define for_each_available_cap(cap) \
457 for_each_set_bit(cap, system_cpucaps, ARM64_NCAPS)
458
459 bool this_cpu_has_cap(unsigned int cap);
460 void cpu_set_feature(unsigned int num);
461 bool cpu_have_feature(unsigned int num);
462 unsigned long cpu_get_elf_hwcap(void);
463 unsigned long cpu_get_elf_hwcap2(void);
464 unsigned long cpu_get_elf_hwcap3(void);
465
466 #define cpu_set_named_feature(name) cpu_set_feature(cpu_feature(name))
467 #define cpu_have_named_feature(name) cpu_have_feature(cpu_feature(name))
468
boot_capabilities_finalized(void)469 static __always_inline bool boot_capabilities_finalized(void)
470 {
471 return alternative_has_cap_likely(ARM64_ALWAYS_BOOT);
472 }
473
system_capabilities_finalized(void)474 static __always_inline bool system_capabilities_finalized(void)
475 {
476 return alternative_has_cap_likely(ARM64_ALWAYS_SYSTEM);
477 }
478
479 /*
480 * Test for a capability with a runtime check.
481 *
482 * Before the capability is detected, this returns false.
483 */
cpus_have_cap(unsigned int num)484 static __always_inline bool cpus_have_cap(unsigned int num)
485 {
486 if (__builtin_constant_p(num) && !cpucap_is_possible(num))
487 return false;
488 if (num >= ARM64_NCAPS)
489 return false;
490 return arch_test_bit(num, system_cpucaps);
491 }
492
493 /*
494 * Test for a capability without a runtime check.
495 *
496 * Before boot capabilities are finalized, this will BUG().
497 * After boot capabilities are finalized, this is patched to avoid a runtime
498 * check.
499 *
500 * @num must be a compile-time constant.
501 */
cpus_have_final_boot_cap(int num)502 static __always_inline bool cpus_have_final_boot_cap(int num)
503 {
504 if (boot_capabilities_finalized())
505 return alternative_has_cap_unlikely(num);
506 else
507 BUG();
508 }
509
510 /*
511 * Test for a capability without a runtime check.
512 *
513 * Before system capabilities are finalized, this will BUG().
514 * After system capabilities are finalized, this is patched to avoid a runtime
515 * check.
516 *
517 * @num must be a compile-time constant.
518 */
cpus_have_final_cap(int num)519 static __always_inline bool cpus_have_final_cap(int num)
520 {
521 if (system_capabilities_finalized())
522 return alternative_has_cap_unlikely(num);
523 else
524 BUG();
525 }
526
527 static inline int __attribute_const__
cpuid_feature_extract_signed_field_width(u64 features,int field,int width)528 cpuid_feature_extract_signed_field_width(u64 features, int field, int width)
529 {
530 return (s64)(features << (64 - width - field)) >> (64 - width);
531 }
532
533 static inline int __attribute_const__
cpuid_feature_extract_signed_field(u64 features,int field)534 cpuid_feature_extract_signed_field(u64 features, int field)
535 {
536 return cpuid_feature_extract_signed_field_width(features, field, 4);
537 }
538
539 static __always_inline unsigned int __attribute_const__
cpuid_feature_extract_unsigned_field_width(u64 features,int field,int width)540 cpuid_feature_extract_unsigned_field_width(u64 features, int field, int width)
541 {
542 return (u64)(features << (64 - width - field)) >> (64 - width);
543 }
544
545 static __always_inline unsigned int __attribute_const__
cpuid_feature_extract_unsigned_field(u64 features,int field)546 cpuid_feature_extract_unsigned_field(u64 features, int field)
547 {
548 return cpuid_feature_extract_unsigned_field_width(features, field, 4);
549 }
550
arm64_ftr_mask(const struct arm64_ftr_bits * ftrp)551 static inline u64 arm64_ftr_mask(const struct arm64_ftr_bits *ftrp)
552 {
553 return (u64)GENMASK(ftrp->shift + ftrp->width - 1, ftrp->shift);
554 }
555
arm64_ftr_reg_user_value(const struct arm64_ftr_reg * reg)556 static inline u64 arm64_ftr_reg_user_value(const struct arm64_ftr_reg *reg)
557 {
558 return (reg->user_val | (reg->sys_val & reg->user_mask));
559 }
560
561 static inline int __attribute_const__
cpuid_feature_extract_field_width(u64 features,int field,int width,bool sign)562 cpuid_feature_extract_field_width(u64 features, int field, int width, bool sign)
563 {
564 if (WARN_ON_ONCE(!width))
565 width = 4;
566 return (sign) ?
567 cpuid_feature_extract_signed_field_width(features, field, width) :
568 cpuid_feature_extract_unsigned_field_width(features, field, width);
569 }
570
571 static inline int __attribute_const__
cpuid_feature_extract_field(u64 features,int field,bool sign)572 cpuid_feature_extract_field(u64 features, int field, bool sign)
573 {
574 return cpuid_feature_extract_field_width(features, field, 4, sign);
575 }
576
arm64_ftr_value(const struct arm64_ftr_bits * ftrp,u64 val)577 static inline s64 arm64_ftr_value(const struct arm64_ftr_bits *ftrp, u64 val)
578 {
579 return (s64)cpuid_feature_extract_field_width(val, ftrp->shift, ftrp->width, ftrp->sign);
580 }
581
id_aa64mmfr0_mixed_endian_el0(u64 mmfr0)582 static inline bool id_aa64mmfr0_mixed_endian_el0(u64 mmfr0)
583 {
584 return cpuid_feature_extract_unsigned_field(mmfr0, ID_AA64MMFR0_EL1_BIGEND_SHIFT) == 0x1 ||
585 cpuid_feature_extract_unsigned_field(mmfr0, ID_AA64MMFR0_EL1_BIGENDEL0_SHIFT) == 0x1;
586 }
587
id_aa64pfr0_32bit_el1(u64 pfr0)588 static inline bool id_aa64pfr0_32bit_el1(u64 pfr0)
589 {
590 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL1_EL1_SHIFT);
591
592 return val == ID_AA64PFR0_EL1_EL1_AARCH32;
593 }
594
id_aa64pfr0_32bit_el0(u64 pfr0)595 static inline bool id_aa64pfr0_32bit_el0(u64 pfr0)
596 {
597 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL1_EL0_SHIFT);
598
599 return val == ID_AA64PFR0_EL1_EL0_AARCH32;
600 }
601
id_aa64pfr0_sve(u64 pfr0)602 static inline bool id_aa64pfr0_sve(u64 pfr0)
603 {
604 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL1_SVE_SHIFT);
605
606 return val > 0;
607 }
608
id_aa64pfr1_sme(u64 pfr1)609 static inline bool id_aa64pfr1_sme(u64 pfr1)
610 {
611 u32 val = cpuid_feature_extract_unsigned_field(pfr1, ID_AA64PFR1_EL1_SME_SHIFT);
612
613 return val > 0;
614 }
615
id_aa64pfr0_mpam(u64 pfr0)616 static inline bool id_aa64pfr0_mpam(u64 pfr0)
617 {
618 u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_EL1_MPAM_SHIFT);
619
620 return val > 0;
621 }
622
id_aa64pfr1_mte(u64 pfr1)623 static inline bool id_aa64pfr1_mte(u64 pfr1)
624 {
625 u32 val = cpuid_feature_extract_unsigned_field(pfr1, ID_AA64PFR1_EL1_MTE_SHIFT);
626
627 return val >= ID_AA64PFR1_EL1_MTE_MTE2;
628 }
629
630 void __init setup_boot_cpu_features(void);
631 void __init setup_system_features(void);
632 void __init setup_user_features(void);
633
634 void check_local_cpu_capabilities(void);
635
636 u64 read_sanitised_ftr_reg(u32 id);
637 u64 __read_sysreg_by_encoding(u32 sys_id);
638
cpu_supports_mixed_endian_el0(void)639 static inline bool cpu_supports_mixed_endian_el0(void)
640 {
641 return id_aa64mmfr0_mixed_endian_el0(read_cpuid(ID_AA64MMFR0_EL1));
642 }
643
644
supports_csv2p3(int scope)645 static inline bool supports_csv2p3(int scope)
646 {
647 u64 pfr0;
648 u8 csv2_val;
649
650 if (scope == SCOPE_LOCAL_CPU)
651 pfr0 = read_sysreg_s(SYS_ID_AA64PFR0_EL1);
652 else
653 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1);
654
655 csv2_val = cpuid_feature_extract_unsigned_field(pfr0,
656 ID_AA64PFR0_EL1_CSV2_SHIFT);
657 return csv2_val == 3;
658 }
659
supports_clearbhb(int scope)660 static inline bool supports_clearbhb(int scope)
661 {
662 u64 isar2;
663
664 if (scope == SCOPE_LOCAL_CPU)
665 isar2 = read_sysreg_s(SYS_ID_AA64ISAR2_EL1);
666 else
667 isar2 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR2_EL1);
668
669 return cpuid_feature_extract_unsigned_field(isar2,
670 ID_AA64ISAR2_EL1_CLRBHB_SHIFT);
671 }
672
673 const struct cpumask *system_32bit_el0_cpumask(void);
674 const struct cpumask *fallback_32bit_el0_cpumask(void);
675 DECLARE_STATIC_KEY_FALSE(arm64_mismatched_32bit_el0);
676
system_supports_32bit_el0(void)677 static inline bool system_supports_32bit_el0(void)
678 {
679 u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1);
680
681 return static_branch_unlikely(&arm64_mismatched_32bit_el0) ||
682 id_aa64pfr0_32bit_el0(pfr0);
683 }
684
system_supports_4kb_granule(void)685 static inline bool system_supports_4kb_granule(void)
686 {
687 u64 mmfr0;
688 u32 val;
689
690 mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1);
691 val = cpuid_feature_extract_unsigned_field(mmfr0,
692 ID_AA64MMFR0_EL1_TGRAN4_SHIFT);
693
694 return (val >= ID_AA64MMFR0_EL1_TGRAN4_SUPPORTED_MIN) &&
695 (val <= ID_AA64MMFR0_EL1_TGRAN4_SUPPORTED_MAX);
696 }
697
system_supports_64kb_granule(void)698 static inline bool system_supports_64kb_granule(void)
699 {
700 u64 mmfr0;
701 u32 val;
702
703 mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1);
704 val = cpuid_feature_extract_unsigned_field(mmfr0,
705 ID_AA64MMFR0_EL1_TGRAN64_SHIFT);
706
707 return (val >= ID_AA64MMFR0_EL1_TGRAN64_SUPPORTED_MIN) &&
708 (val <= ID_AA64MMFR0_EL1_TGRAN64_SUPPORTED_MAX);
709 }
710
system_supports_16kb_granule(void)711 static inline bool system_supports_16kb_granule(void)
712 {
713 u64 mmfr0;
714 u32 val;
715
716 mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1);
717 val = cpuid_feature_extract_unsigned_field(mmfr0,
718 ID_AA64MMFR0_EL1_TGRAN16_SHIFT);
719
720 return (val >= ID_AA64MMFR0_EL1_TGRAN16_SUPPORTED_MIN) &&
721 (val <= ID_AA64MMFR0_EL1_TGRAN16_SUPPORTED_MAX);
722 }
723
system_supports_mixed_endian_el0(void)724 static inline bool system_supports_mixed_endian_el0(void)
725 {
726 return id_aa64mmfr0_mixed_endian_el0(read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1));
727 }
728
system_supports_mixed_endian(void)729 static inline bool system_supports_mixed_endian(void)
730 {
731 u64 mmfr0;
732 u32 val;
733
734 mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1);
735 val = cpuid_feature_extract_unsigned_field(mmfr0,
736 ID_AA64MMFR0_EL1_BIGEND_SHIFT);
737
738 return val == 0x1;
739 }
740
system_supports_fpsimd(void)741 static __always_inline bool system_supports_fpsimd(void)
742 {
743 return alternative_has_cap_likely(ARM64_HAS_FPSIMD);
744 }
745
system_uses_hw_pan(void)746 static inline bool system_uses_hw_pan(void)
747 {
748 return alternative_has_cap_unlikely(ARM64_HAS_PAN);
749 }
750
system_uses_ttbr0_pan(void)751 static inline bool system_uses_ttbr0_pan(void)
752 {
753 return IS_ENABLED(CONFIG_ARM64_SW_TTBR0_PAN) &&
754 !system_uses_hw_pan();
755 }
756
system_supports_sve(void)757 static __always_inline bool system_supports_sve(void)
758 {
759 return alternative_has_cap_unlikely(ARM64_SVE);
760 }
761
system_supports_sme(void)762 static __always_inline bool system_supports_sme(void)
763 {
764 return alternative_has_cap_unlikely(ARM64_SME);
765 }
766
system_supports_sme2(void)767 static __always_inline bool system_supports_sme2(void)
768 {
769 return alternative_has_cap_unlikely(ARM64_SME2);
770 }
771
system_supports_fa64(void)772 static __always_inline bool system_supports_fa64(void)
773 {
774 return alternative_has_cap_unlikely(ARM64_SME_FA64);
775 }
776
system_supports_tpidr2(void)777 static __always_inline bool system_supports_tpidr2(void)
778 {
779 return system_supports_sme();
780 }
781
system_supports_fpmr(void)782 static __always_inline bool system_supports_fpmr(void)
783 {
784 return alternative_has_cap_unlikely(ARM64_HAS_FPMR);
785 }
786
system_supports_cnp(void)787 static __always_inline bool system_supports_cnp(void)
788 {
789 return alternative_has_cap_unlikely(ARM64_HAS_CNP);
790 }
791
system_supports_address_auth(void)792 static inline bool system_supports_address_auth(void)
793 {
794 return cpus_have_final_boot_cap(ARM64_HAS_ADDRESS_AUTH);
795 }
796
system_supports_generic_auth(void)797 static inline bool system_supports_generic_auth(void)
798 {
799 return alternative_has_cap_unlikely(ARM64_HAS_GENERIC_AUTH);
800 }
801
system_has_full_ptr_auth(void)802 static inline bool system_has_full_ptr_auth(void)
803 {
804 return system_supports_address_auth() && system_supports_generic_auth();
805 }
806
system_uses_irq_prio_masking(void)807 static __always_inline bool system_uses_irq_prio_masking(void)
808 {
809 return alternative_has_cap_unlikely(ARM64_HAS_GIC_PRIO_MASKING);
810 }
811
system_supports_mte(void)812 static inline bool system_supports_mte(void)
813 {
814 return alternative_has_cap_unlikely(ARM64_MTE);
815 }
816
system_has_prio_mask_debugging(void)817 static inline bool system_has_prio_mask_debugging(void)
818 {
819 return IS_ENABLED(CONFIG_ARM64_DEBUG_PRIORITY_MASKING) &&
820 system_uses_irq_prio_masking();
821 }
822
system_supports_bti(void)823 static inline bool system_supports_bti(void)
824 {
825 return cpus_have_final_cap(ARM64_BTI);
826 }
827
system_supports_bti_kernel(void)828 static inline bool system_supports_bti_kernel(void)
829 {
830 return IS_ENABLED(CONFIG_ARM64_BTI_KERNEL) &&
831 cpus_have_final_boot_cap(ARM64_BTI);
832 }
833
system_supports_tlb_range(void)834 static inline bool system_supports_tlb_range(void)
835 {
836 return alternative_has_cap_unlikely(ARM64_HAS_TLB_RANGE);
837 }
838
system_supports_lpa2(void)839 static inline bool system_supports_lpa2(void)
840 {
841 return cpus_have_final_cap(ARM64_HAS_LPA2);
842 }
843
system_supports_poe(void)844 static inline bool system_supports_poe(void)
845 {
846 return alternative_has_cap_unlikely(ARM64_HAS_S1POE);
847 }
848
system_supports_gcs(void)849 static inline bool system_supports_gcs(void)
850 {
851 return alternative_has_cap_unlikely(ARM64_HAS_GCS);
852 }
853
system_supports_haft(void)854 static inline bool system_supports_haft(void)
855 {
856 return cpus_have_final_cap(ARM64_HAFT);
857 }
858
system_supports_mpam(void)859 static __always_inline bool system_supports_mpam(void)
860 {
861 return alternative_has_cap_unlikely(ARM64_MPAM);
862 }
863
system_supports_mpam_hcr(void)864 static __always_inline bool system_supports_mpam_hcr(void)
865 {
866 return alternative_has_cap_unlikely(ARM64_MPAM_HCR);
867 }
868
system_supports_pmuv3(void)869 static inline bool system_supports_pmuv3(void)
870 {
871 return cpus_have_final_cap(ARM64_HAS_PMUV3);
872 }
873
system_supports_bbml2_noabort(void)874 static inline bool system_supports_bbml2_noabort(void)
875 {
876 return alternative_has_cap_unlikely(ARM64_HAS_BBML2_NOABORT);
877 }
878
879 int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt);
880 bool try_emulate_mrs(struct pt_regs *regs, u32 isn);
881
id_aa64mmfr0_parange_to_phys_shift(int parange)882 static inline u32 id_aa64mmfr0_parange_to_phys_shift(int parange)
883 {
884 switch (parange) {
885 case ID_AA64MMFR0_EL1_PARANGE_32: return 32;
886 case ID_AA64MMFR0_EL1_PARANGE_36: return 36;
887 case ID_AA64MMFR0_EL1_PARANGE_40: return 40;
888 case ID_AA64MMFR0_EL1_PARANGE_42: return 42;
889 case ID_AA64MMFR0_EL1_PARANGE_44: return 44;
890 case ID_AA64MMFR0_EL1_PARANGE_48: return 48;
891 case ID_AA64MMFR0_EL1_PARANGE_52: return 52;
892 /*
893 * A future PE could use a value unknown to the kernel.
894 * However, by the "D10.1.4 Principles of the ID scheme
895 * for fields in ID registers", ARM DDI 0487C.a, any new
896 * value is guaranteed to be higher than what we know already.
897 * As a safe limit, we return the limit supported by the kernel.
898 */
899 default: return CONFIG_ARM64_PA_BITS;
900 }
901 }
902
903 /* Check whether hardware update of the Access flag is supported */
cpu_has_hw_af(void)904 static inline bool cpu_has_hw_af(void)
905 {
906 u64 mmfr1;
907
908 if (!IS_ENABLED(CONFIG_ARM64_HW_AFDBM))
909 return false;
910
911 /*
912 * Use cached version to avoid emulated msr operation on KVM
913 * guests.
914 */
915 mmfr1 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1);
916 return cpuid_feature_extract_unsigned_field(mmfr1,
917 ID_AA64MMFR1_EL1_HAFDBS_SHIFT);
918 }
919
cpu_has_pan(void)920 static inline bool cpu_has_pan(void)
921 {
922 u64 mmfr1 = read_cpuid(ID_AA64MMFR1_EL1);
923 return cpuid_feature_extract_unsigned_field(mmfr1,
924 ID_AA64MMFR1_EL1_PAN_SHIFT);
925 }
926
927 #ifdef CONFIG_ARM64_AMU_EXTN
928 /* Check whether the cpu supports the Activity Monitors Unit (AMU) */
929 extern bool cpu_has_amu_feat(int cpu);
930 #else
cpu_has_amu_feat(int cpu)931 static inline bool cpu_has_amu_feat(int cpu)
932 {
933 return false;
934 }
935 #endif
936
937 /* Get a cpu that supports the Activity Monitors Unit (AMU) */
938 extern int get_cpu_with_amu_feat(void);
939
get_vmid_bits(u64 mmfr1)940 static inline unsigned int get_vmid_bits(u64 mmfr1)
941 {
942 int vmid_bits;
943
944 vmid_bits = cpuid_feature_extract_unsigned_field(mmfr1,
945 ID_AA64MMFR1_EL1_VMIDBits_SHIFT);
946 if (vmid_bits == ID_AA64MMFR1_EL1_VMIDBits_16)
947 return 16;
948
949 /*
950 * Return the default here even if any reserved
951 * value is fetched from the system register.
952 */
953 return 8;
954 }
955
956 s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new, s64 cur);
957 struct arm64_ftr_reg *get_arm64_ftr_reg(u32 sys_id);
958
959 extern struct arm64_ftr_override id_aa64mmfr0_override;
960 extern struct arm64_ftr_override id_aa64mmfr1_override;
961 extern struct arm64_ftr_override id_aa64mmfr2_override;
962 extern struct arm64_ftr_override id_aa64pfr0_override;
963 extern struct arm64_ftr_override id_aa64pfr1_override;
964 extern struct arm64_ftr_override id_aa64zfr0_override;
965 extern struct arm64_ftr_override id_aa64smfr0_override;
966 extern struct arm64_ftr_override id_aa64isar1_override;
967 extern struct arm64_ftr_override id_aa64isar2_override;
968
969 extern struct arm64_ftr_override arm64_sw_feature_override;
970
971 static inline
arm64_apply_feature_override(u64 val,int feat,int width,const struct arm64_ftr_override * override)972 u64 arm64_apply_feature_override(u64 val, int feat, int width,
973 const struct arm64_ftr_override *override)
974 {
975 u64 oval = override->val;
976
977 /*
978 * When it encounters an invalid override (e.g., an override that
979 * cannot be honoured due to a missing CPU feature), the early idreg
980 * override code will set the mask to 0x0 and the value to non-zero for
981 * the field in question. In order to determine whether the override is
982 * valid or not for the field we are interested in, we first need to
983 * disregard bits belonging to other fields.
984 */
985 oval &= GENMASK_ULL(feat + width - 1, feat);
986
987 /*
988 * The override is valid if all value bits are accounted for in the
989 * mask. If so, replace the masked bits with the override value.
990 */
991 if (oval == (oval & override->mask)) {
992 val &= ~override->mask;
993 val |= oval;
994 }
995
996 /* Extract the field from the updated value */
997 return cpuid_feature_extract_unsigned_field(val, feat);
998 }
999
arm64_test_sw_feature_override(int feat)1000 static inline bool arm64_test_sw_feature_override(int feat)
1001 {
1002 /*
1003 * Software features are pseudo CPU features that have no underlying
1004 * CPUID system register value to apply the override to.
1005 */
1006 return arm64_apply_feature_override(0, feat, 4,
1007 &arm64_sw_feature_override);
1008 }
1009
kaslr_disabled_cmdline(void)1010 static inline bool kaslr_disabled_cmdline(void)
1011 {
1012 return arm64_test_sw_feature_override(ARM64_SW_FEATURE_OVERRIDE_NOKASLR);
1013 }
1014
1015 u32 get_kvm_ipa_limit(void);
1016 void dump_cpu_features(void);
1017
cpu_has_bti(void)1018 static inline bool cpu_has_bti(void)
1019 {
1020 if (!IS_ENABLED(CONFIG_ARM64_BTI))
1021 return false;
1022
1023 return arm64_apply_feature_override(read_cpuid(ID_AA64PFR1_EL1),
1024 ID_AA64PFR1_EL1_BT_SHIFT, 4,
1025 &id_aa64pfr1_override);
1026 }
1027
cpu_has_pac(void)1028 static inline bool cpu_has_pac(void)
1029 {
1030 u64 isar1, isar2;
1031
1032 if (!IS_ENABLED(CONFIG_ARM64_PTR_AUTH))
1033 return false;
1034
1035 isar1 = read_cpuid(ID_AA64ISAR1_EL1);
1036 isar2 = read_cpuid(ID_AA64ISAR2_EL1);
1037
1038 if (arm64_apply_feature_override(isar1, ID_AA64ISAR1_EL1_APA_SHIFT, 4,
1039 &id_aa64isar1_override))
1040 return true;
1041
1042 if (arm64_apply_feature_override(isar1, ID_AA64ISAR1_EL1_API_SHIFT, 4,
1043 &id_aa64isar1_override))
1044 return true;
1045
1046 return arm64_apply_feature_override(isar2, ID_AA64ISAR2_EL1_APA3_SHIFT, 4,
1047 &id_aa64isar2_override);
1048 }
1049
cpu_has_lva(void)1050 static inline bool cpu_has_lva(void)
1051 {
1052 u64 mmfr2;
1053
1054 mmfr2 = read_sysreg_s(SYS_ID_AA64MMFR2_EL1);
1055 mmfr2 &= ~id_aa64mmfr2_override.mask;
1056 mmfr2 |= id_aa64mmfr2_override.val;
1057 return cpuid_feature_extract_unsigned_field(mmfr2,
1058 ID_AA64MMFR2_EL1_VARange_SHIFT);
1059 }
1060
cpu_has_lpa2(void)1061 static inline bool cpu_has_lpa2(void)
1062 {
1063 #ifdef CONFIG_ARM64_LPA2
1064 u64 mmfr0;
1065 int feat;
1066
1067 mmfr0 = read_sysreg(id_aa64mmfr0_el1);
1068 mmfr0 &= ~id_aa64mmfr0_override.mask;
1069 mmfr0 |= id_aa64mmfr0_override.val;
1070 feat = cpuid_feature_extract_signed_field(mmfr0,
1071 ID_AA64MMFR0_EL1_TGRAN_SHIFT);
1072
1073 return feat >= ID_AA64MMFR0_EL1_TGRAN_LPA2;
1074 #else
1075 return false;
1076 #endif
1077 }
1078
1079 #endif /* __ASSEMBLY__ */
1080
1081 #endif
1082