1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _ASM_X86_ALTERNATIVE_H 3 #define _ASM_X86_ALTERNATIVE_H 4 5 #include <linux/types.h> 6 #include <linux/stringify.h> 7 #include <linux/objtool.h> 8 #include <asm/asm.h> 9 #include <asm/bug.h> 10 11 #define ALT_FLAGS_SHIFT 16 12 13 #define ALT_FLAG_NOT (1 << 0) 14 #define ALT_NOT(feature) ((ALT_FLAG_NOT << ALT_FLAGS_SHIFT) | (feature)) 15 #define ALT_FLAG_DIRECT_CALL (1 << 1) 16 #define ALT_DIRECT_CALL(feature) ((ALT_FLAG_DIRECT_CALL << ALT_FLAGS_SHIFT) | (feature)) 17 #define ALT_CALL_ALWAYS ALT_DIRECT_CALL(X86_FEATURE_ALWAYS) 18 19 #ifndef __ASSEMBLER__ 20 21 #include <linux/stddef.h> 22 23 /* 24 * Alternative inline assembly for SMP. 25 * 26 * The LOCK_PREFIX macro defined here replaces the LOCK and 27 * LOCK_PREFIX macros used everywhere in the source tree. 28 * 29 * SMP alternatives use the same data structures as the other 30 * alternatives and the X86_FEATURE_UP flag to indicate the case of a 31 * UP system running a SMP kernel. The existing apply_alternatives() 32 * works fine for patching a SMP kernel for UP. 33 * 34 * The SMP alternative tables can be kept after boot and contain both 35 * UP and SMP versions of the instructions to allow switching back to 36 * SMP at runtime, when hotplugging in a new CPU, which is especially 37 * useful in virtualized environments. 38 * 39 * The very common lock prefix is handled as special case in a 40 * separate table which is a pure address list without replacement ptr 41 * and size information. That keeps the table sizes small. 42 */ 43 44 #ifdef CONFIG_SMP 45 #define LOCK_PREFIX_HERE \ 46 ".pushsection .smp_locks,\"a\"\n" \ 47 ".balign 4\n" \ 48 ".long 671f - .\n" /* offset */ \ 49 ".popsection\n" \ 50 "671:" 51 52 #define LOCK_PREFIX LOCK_PREFIX_HERE "\n\tlock " 53 54 #else /* ! CONFIG_SMP */ 55 #define LOCK_PREFIX_HERE "" 56 #define LOCK_PREFIX "" 57 #endif 58 59 /* 60 * The patching flags are part of the upper bits of the @ft_flags parameter when 61 * specifying them. The split is currently like this: 62 * 63 * [31... flags ...16][15... CPUID feature bit ...0] 64 * 65 * but since this is all hidden in the macros argument being split, those fields can be 66 * extended in the future to fit in a u64 or however the need arises. 67 */ 68 struct alt_instr { 69 s32 instr_offset; /* original instruction */ 70 s32 repl_offset; /* offset to replacement instruction */ 71 72 union { 73 struct { 74 u32 cpuid: 16; /* CPUID bit set for replacement */ 75 u32 flags: 16; /* patching control flags */ 76 }; 77 u32 ft_flags; 78 }; 79 80 u8 instrlen; /* length of original instruction */ 81 u8 replacementlen; /* length of new instruction */ 82 } __packed; 83 84 extern struct alt_instr __alt_instructions[], __alt_instructions_end[]; 85 86 extern s32 __retpoline_sites[], __retpoline_sites_end[]; 87 extern s32 __return_sites[], __return_sites_end[]; 88 extern s32 __cfi_sites[], __cfi_sites_end[]; 89 extern s32 __ibt_endbr_seal[], __ibt_endbr_seal_end[]; 90 extern s32 __smp_locks[], __smp_locks_end[]; 91 92 /* 93 * Debug flag that can be tested to see whether alternative 94 * instructions were patched in already: 95 */ 96 extern int alternatives_patched; 97 98 extern void alternative_instructions(void); 99 extern void apply_alternatives(struct alt_instr *start, struct alt_instr *end); 100 extern void apply_retpolines(s32 *start, s32 *end); 101 extern void apply_returns(s32 *start, s32 *end); 102 extern void apply_seal_endbr(s32 *start, s32 *end); 103 extern void apply_fineibt(s32 *start_retpoline, s32 *end_retpoine, 104 s32 *start_cfi, s32 *end_cfi); 105 106 struct module; 107 108 struct callthunk_sites { 109 s32 *call_start, *call_end; 110 }; 111 112 #ifdef CONFIG_CALL_THUNKS 113 extern void callthunks_patch_builtin_calls(void); 114 extern void callthunks_patch_module_calls(struct callthunk_sites *sites, 115 struct module *mod); 116 extern void *callthunks_translate_call_dest(void *dest); 117 extern int x86_call_depth_emit_accounting(u8 **pprog, void *func, void *ip); 118 #else 119 static __always_inline void callthunks_patch_builtin_calls(void) {} 120 static __always_inline void 121 callthunks_patch_module_calls(struct callthunk_sites *sites, 122 struct module *mod) {} 123 static __always_inline void *callthunks_translate_call_dest(void *dest) 124 { 125 return dest; 126 } 127 static __always_inline int x86_call_depth_emit_accounting(u8 **pprog, 128 void *func, void *ip) 129 { 130 return 0; 131 } 132 #endif 133 134 #ifdef CONFIG_MITIGATION_ITS 135 extern void its_init_mod(struct module *mod); 136 extern void its_fini_mod(struct module *mod); 137 extern void its_free_mod(struct module *mod); 138 extern u8 *its_static_thunk(int reg); 139 #else /* CONFIG_MITIGATION_ITS */ 140 static inline void its_init_mod(struct module *mod) { } 141 static inline void its_fini_mod(struct module *mod) { } 142 static inline void its_free_mod(struct module *mod) { } 143 static inline u8 *its_static_thunk(int reg) 144 { 145 WARN_ONCE(1, "ITS not compiled in"); 146 147 return NULL; 148 } 149 #endif 150 151 #if defined(CONFIG_MITIGATION_RETHUNK) && defined(CONFIG_OBJTOOL) 152 extern bool cpu_wants_rethunk(void); 153 extern bool cpu_wants_rethunk_at(void *addr); 154 #else 155 static __always_inline bool cpu_wants_rethunk(void) 156 { 157 return false; 158 } 159 static __always_inline bool cpu_wants_rethunk_at(void *addr) 160 { 161 return false; 162 } 163 #endif 164 165 #ifdef CONFIG_SMP 166 extern void alternatives_smp_module_add(struct module *mod, char *name, 167 void *locks, void *locks_end, 168 void *text, void *text_end); 169 extern void alternatives_smp_module_del(struct module *mod); 170 extern void alternatives_enable_smp(void); 171 extern int alternatives_text_reserved(void *start, void *end); 172 extern bool skip_smp_alternatives; 173 #else 174 static inline void alternatives_smp_module_add(struct module *mod, char *name, 175 void *locks, void *locks_end, 176 void *text, void *text_end) {} 177 static inline void alternatives_smp_module_del(struct module *mod) {} 178 static inline void alternatives_enable_smp(void) {} 179 static inline int alternatives_text_reserved(void *start, void *end) 180 { 181 return 0; 182 } 183 #endif /* CONFIG_SMP */ 184 185 #define ALT_CALL_INSTR "call BUG_func" 186 187 #define alt_slen "772b-771b" 188 #define alt_total_slen "773b-771b" 189 #define alt_rlen "775f-774f" 190 191 #define OLDINSTR(oldinstr) \ 192 "# ALT: oldinstr\n" \ 193 "771:\n\t" oldinstr "\n772:\n" \ 194 "# ALT: padding\n" \ 195 ".skip -(((" alt_rlen ")-(" alt_slen ")) > 0) * " \ 196 "((" alt_rlen ")-(" alt_slen ")),0x90\n" \ 197 "773:\n" 198 199 #define ALTINSTR_ENTRY(ft_flags) \ 200 ".pushsection .altinstructions,\"a\"\n" \ 201 ANNOTATE_DATA_SPECIAL \ 202 " .long 771b - .\n" /* label */ \ 203 " .long 774f - .\n" /* new instruction */ \ 204 " .4byte " __stringify(ft_flags) "\n" /* feature + flags */ \ 205 " .byte " alt_total_slen "\n" /* source len */ \ 206 " .byte " alt_rlen "\n" /* replacement len */ \ 207 ".popsection\n" 208 209 #define ALTINSTR_REPLACEMENT(newinstr) /* replacement */ \ 210 ".pushsection .altinstr_replacement, \"ax\"\n" \ 211 ANNOTATE_DATA_SPECIAL \ 212 "# ALT: replacement\n" \ 213 "774:\n\t" newinstr "\n775:\n" \ 214 ".popsection\n" 215 216 /* alternative assembly primitive: */ 217 #define ALTERNATIVE(oldinstr, newinstr, ft_flags) \ 218 OLDINSTR(oldinstr) \ 219 ALTINSTR_ENTRY(ft_flags) \ 220 ALTINSTR_REPLACEMENT(newinstr) 221 222 #define ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) \ 223 ALTERNATIVE(ALTERNATIVE(oldinstr, newinstr1, ft_flags1), newinstr2, ft_flags2) 224 225 /* If @feature is set, patch in @newinstr_yes, otherwise @newinstr_no. */ 226 #define ALTERNATIVE_TERNARY(oldinstr, ft_flags, newinstr_yes, newinstr_no) \ 227 ALTERNATIVE_2(oldinstr, newinstr_no, X86_FEATURE_ALWAYS, newinstr_yes, ft_flags) 228 229 #define ALTERNATIVE_3(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2, \ 230 newinstr3, ft_flags3) \ 231 ALTERNATIVE(ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2), \ 232 newinstr3, ft_flags3) 233 234 /* 235 * Alternative instructions for different CPU types or capabilities. 236 * 237 * This allows to use optimized instructions even on generic binary 238 * kernels. 239 * 240 * length of oldinstr must be longer or equal the length of newinstr 241 * It can be padded with nops as needed. 242 * 243 * For non barrier like inlines please define new variants 244 * without volatile and memory clobber. 245 */ 246 #define alternative(oldinstr, newinstr, ft_flags) \ 247 asm_inline volatile(ALTERNATIVE(oldinstr, newinstr, ft_flags) : : : "memory") 248 249 #define alternative_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) \ 250 asm_inline volatile(ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) ::: "memory") 251 252 /* 253 * Alternative inline assembly with input. 254 * 255 * Peculiarities: 256 * No memory clobber here. 257 * Argument numbers start with 1. 258 * Leaving an unused argument 0 to keep API compatibility. 259 */ 260 #define alternative_input(oldinstr, newinstr, ft_flags, input...) \ 261 asm_inline volatile(ALTERNATIVE(oldinstr, newinstr, ft_flags) \ 262 : : "i" (0), ## input) 263 264 /* Like alternative_input, but with a single output argument */ 265 #define alternative_io(oldinstr, newinstr, ft_flags, output, input...) \ 266 asm_inline volatile(ALTERNATIVE(oldinstr, newinstr, ft_flags) \ 267 : output : "i" (0), ## input) 268 269 /* 270 * Like alternative_io, but for replacing a direct call with another one. 271 * 272 * Use the %c operand modifier which is the generic way to print a bare 273 * constant expression with all syntax-specific punctuation omitted. %P 274 * is the x86-specific variant which can handle constants too, for 275 * historical reasons, but it should be used primarily for PIC 276 * references: i.e., if used for a function, it would add the PLT 277 * suffix. 278 */ 279 #define alternative_call(oldfunc, newfunc, ft_flags, output, input, clobbers...) \ 280 asm_inline volatile(ALTERNATIVE("call %c[old]", "call %c[new]", ft_flags) \ 281 : ALT_OUTPUT_SP(output) \ 282 : [old] "i" (oldfunc), [new] "i" (newfunc) \ 283 COMMA(input) \ 284 : clobbers) 285 286 /* 287 * Like alternative_call, but there are two features and respective functions. 288 * If CPU has feature2, function2 is used. 289 * Otherwise, if CPU has feature1, function1 is used. 290 * Otherwise, old function is used. 291 */ 292 #define alternative_call_2(oldfunc, newfunc1, ft_flags1, newfunc2, ft_flags2, \ 293 output, input, clobbers...) \ 294 asm_inline volatile(ALTERNATIVE_2("call %c[old]", "call %c[new1]", ft_flags1, \ 295 "call %c[new2]", ft_flags2) \ 296 : ALT_OUTPUT_SP(output) \ 297 : [old] "i" (oldfunc), [new1] "i" (newfunc1), \ 298 [new2] "i" (newfunc2) \ 299 COMMA(input) \ 300 : clobbers) 301 302 #define ALT_OUTPUT_SP(...) ASM_CALL_CONSTRAINT, ## __VA_ARGS__ 303 304 /* Macro for creating assembler functions avoiding any C magic. */ 305 #define DEFINE_ASM_FUNC(func, instr, sec) \ 306 asm (".pushsection " #sec ", \"ax\"\n" \ 307 ".global " #func "\n\t" \ 308 ".type " #func ", @function\n\t" \ 309 ASM_FUNC_ALIGN "\n" \ 310 #func ":\n\t" \ 311 ASM_ENDBR \ 312 instr "\n\t" \ 313 ASM_RET \ 314 ".size " #func ", . - " #func "\n\t" \ 315 ".popsection") 316 317 void BUG_func(void); 318 void nop_func(void); 319 320 #else /* __ASSEMBLER__ */ 321 322 #ifdef CONFIG_SMP 323 .macro LOCK_PREFIX 324 672: lock 325 .pushsection .smp_locks,"a" 326 .balign 4 327 .long 672b - . 328 .popsection 329 .endm 330 #else 331 .macro LOCK_PREFIX 332 .endm 333 #endif 334 335 /* 336 * Issue one struct alt_instr descriptor entry (need to put it into 337 * the section .altinstructions, see below). This entry contains 338 * enough information for the alternatives patching code to patch an 339 * instruction. See apply_alternatives(). 340 */ 341 .macro altinstr_entry orig alt ft_flags orig_len alt_len 342 ANNOTATE_DATA_SPECIAL 343 .long \orig - . 344 .long \alt - . 345 .4byte \ft_flags 346 .byte \orig_len 347 .byte \alt_len 348 .endm 349 350 .macro ALT_CALL_INSTR 351 call BUG_func 352 .endm 353 354 /* 355 * Define an alternative between two instructions. If @feature is 356 * present, early code in apply_alternatives() replaces @oldinstr with 357 * @newinstr. ".skip" directive takes care of proper instruction padding 358 * in case @newinstr is longer than @oldinstr. 359 */ 360 #define __ALTERNATIVE(oldinst, newinst, flag) \ 361 740: \ 362 oldinst ; \ 363 741: \ 364 .skip -(((744f-743f)-(741b-740b)) > 0) * ((744f-743f)-(741b-740b)),0x90 ;\ 365 742: \ 366 .pushsection .altinstructions,"a" ; \ 367 altinstr_entry 740b,743f,flag,742b-740b,744f-743f ; \ 368 .popsection ; \ 369 .pushsection .altinstr_replacement,"ax" ; \ 370 743: \ 371 ANNOTATE_DATA_SPECIAL ; \ 372 newinst ; \ 373 744: \ 374 .popsection ; 375 376 .macro ALTERNATIVE oldinstr, newinstr, ft_flags 377 __ALTERNATIVE(\oldinstr, \newinstr, \ft_flags) 378 .endm 379 380 /* 381 * Same as ALTERNATIVE macro above but for two alternatives. If CPU 382 * has @feature1, it replaces @oldinstr with @newinstr1. If CPU has 383 * @feature2, it replaces @oldinstr with @feature2. 384 */ 385 .macro ALTERNATIVE_2 oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2 386 __ALTERNATIVE(__ALTERNATIVE(\oldinstr, \newinstr1, \ft_flags1), 387 \newinstr2, \ft_flags2) 388 .endm 389 390 .macro ALTERNATIVE_3 oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2, newinstr3, ft_flags3 391 __ALTERNATIVE(ALTERNATIVE_2(\oldinstr, \newinstr1, \ft_flags1, \newinstr2, \ft_flags2), 392 \newinstr3, \ft_flags3) 393 .endm 394 395 /* If @feature is set, patch in @newinstr_yes, otherwise @newinstr_no. */ 396 #define ALTERNATIVE_TERNARY(oldinstr, ft_flags, newinstr_yes, newinstr_no) \ 397 ALTERNATIVE_2 oldinstr, newinstr_no, X86_FEATURE_ALWAYS, \ 398 newinstr_yes, ft_flags 399 400 #endif /* __ASSEMBLER__ */ 401 402 #endif /* _ASM_X86_ALTERNATIVE_H */ 403