iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch/sparc/kernel/adi_64.c

397 lines
11 KiB
C
Raw Normal View History

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 482 Based on 1 normalized pattern(s): this work is licensed under the terms of the gnu gpl version 2 extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 48 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Enrico Weigelt <info@metux.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081204.624030236@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-04 10:11:15 +02:00
// SPDX-License-Identifier: GPL-2.0-only
sparc64: Add auxiliary vectors to report platform ADI properties ADI feature on M7 and newer processors has three important properties relevant to userspace apps using ADI capabilities - (1) Size of block of memory an ADI version tag applies to, (2) Number of uppermost bits in virtual address used to encode ADI tag, and (3) The value M7 processor will force the ADI tags to if it detects uncorrectable error in an ADI tagged cacheline. Kernel can retrieve these properties for a platform through machine description provided by the firmware. This patch adds code to retrieve these properties and report them to userspace through auxiliary vectors. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-21 10:15:48 -07:00
/* adi_64.c: support for ADI (Application Data Integrity) feature on
* sparc m7 and newer processors. This feature is also known as
* SSM (Silicon Secured Memory).
*
* Copyright (C) 2016 Oracle and/or its affiliates. All rights reserved.
* Author: Khalid Aziz (khalid.aziz@oracle.com)
*/
#include <linux/init.h>
sparc64: Add support for ADI (Application Data Integrity) ADI is a new feature supported on SPARC M7 and newer processors to allow hardware to catch rogue accesses to memory. ADI is supported for data fetches only and not instruction fetches. An app can enable ADI on its data pages, set version tags on them and use versioned addresses to access the data pages. Upper bits of the address contain the version tag. On M7 processors, upper four bits (bits 63-60) contain the version tag. If a rogue app attempts to access ADI enabled data pages, its access is blocked and processor generates an exception. Please see Documentation/sparc/adi.txt for further details. This patch extends mprotect to enable ADI (TSTATE.mcde), enable/disable MCD (Memory Corruption Detection) on selected memory ranges, enable TTE.mcd in PTEs, return ADI parameters to userspace and save/restore ADI version tags on page swap out/in or migration. ADI is not enabled by default for any task. A task must explicitly enable ADI on a memory range and set version tag for ADI to be effective for the task. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-23 15:46:41 -07:00
#include <linux/slab.h>
#include <linux/mm_types.h>
sparc64: Add auxiliary vectors to report platform ADI properties ADI feature on M7 and newer processors has three important properties relevant to userspace apps using ADI capabilities - (1) Size of block of memory an ADI version tag applies to, (2) Number of uppermost bits in virtual address used to encode ADI tag, and (3) The value M7 processor will force the ADI tags to if it detects uncorrectable error in an ADI tagged cacheline. Kernel can retrieve these properties for a platform through machine description provided by the firmware. This patch adds code to retrieve these properties and report them to userspace through auxiliary vectors. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-21 10:15:48 -07:00
#include <asm/mdesc.h>
#include <asm/adi_64.h>
sparc64: Add support for ADI (Application Data Integrity) ADI is a new feature supported on SPARC M7 and newer processors to allow hardware to catch rogue accesses to memory. ADI is supported for data fetches only and not instruction fetches. An app can enable ADI on its data pages, set version tags on them and use versioned addresses to access the data pages. Upper bits of the address contain the version tag. On M7 processors, upper four bits (bits 63-60) contain the version tag. If a rogue app attempts to access ADI enabled data pages, its access is blocked and processor generates an exception. Please see Documentation/sparc/adi.txt for further details. This patch extends mprotect to enable ADI (TSTATE.mcde), enable/disable MCD (Memory Corruption Detection) on selected memory ranges, enable TTE.mcd in PTEs, return ADI parameters to userspace and save/restore ADI version tags on page swap out/in or migration. ADI is not enabled by default for any task. A task must explicitly enable ADI on a memory range and set version tag for ADI to be effective for the task. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-23 15:46:41 -07:00
#include <asm/mmu_64.h>
#include <asm/pgtable_64.h>
/* Each page of storage for ADI tags can accommodate tags for 128
* pages. When ADI enabled pages are being swapped out, it would be
* prudent to allocate at least enough tag storage space to accommodate
* SWAPFILE_CLUSTER number of pages. Allocate enough tag storage to
* store tags for four SWAPFILE_CLUSTER pages to reduce need for
* further allocations for same vma.
*/
#define TAG_STORAGE_PAGES 8
sparc64: Add auxiliary vectors to report platform ADI properties ADI feature on M7 and newer processors has three important properties relevant to userspace apps using ADI capabilities - (1) Size of block of memory an ADI version tag applies to, (2) Number of uppermost bits in virtual address used to encode ADI tag, and (3) The value M7 processor will force the ADI tags to if it detects uncorrectable error in an ADI tagged cacheline. Kernel can retrieve these properties for a platform through machine description provided by the firmware. This patch adds code to retrieve these properties and report them to userspace through auxiliary vectors. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-21 10:15:48 -07:00
struct adi_config adi_state;
sparc64: Add support for ADI (Application Data Integrity) ADI is a new feature supported on SPARC M7 and newer processors to allow hardware to catch rogue accesses to memory. ADI is supported for data fetches only and not instruction fetches. An app can enable ADI on its data pages, set version tags on them and use versioned addresses to access the data pages. Upper bits of the address contain the version tag. On M7 processors, upper four bits (bits 63-60) contain the version tag. If a rogue app attempts to access ADI enabled data pages, its access is blocked and processor generates an exception. Please see Documentation/sparc/adi.txt for further details. This patch extends mprotect to enable ADI (TSTATE.mcde), enable/disable MCD (Memory Corruption Detection) on selected memory ranges, enable TTE.mcd in PTEs, return ADI parameters to userspace and save/restore ADI version tags on page swap out/in or migration. ADI is not enabled by default for any task. A task must explicitly enable ADI on a memory range and set version tag for ADI to be effective for the task. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-23 15:46:41 -07:00
EXPORT_SYMBOL(adi_state);
sparc64: Add auxiliary vectors to report platform ADI properties ADI feature on M7 and newer processors has three important properties relevant to userspace apps using ADI capabilities - (1) Size of block of memory an ADI version tag applies to, (2) Number of uppermost bits in virtual address used to encode ADI tag, and (3) The value M7 processor will force the ADI tags to if it detects uncorrectable error in an ADI tagged cacheline. Kernel can retrieve these properties for a platform through machine description provided by the firmware. This patch adds code to retrieve these properties and report them to userspace through auxiliary vectors. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-21 10:15:48 -07:00
/* mdesc_adi_init() : Parse machine description provided by the
* hypervisor to detect ADI capabilities
*
* Hypervisor reports ADI capabilities of platform in "hwcap-list" property
* for "cpu" node. If the platform supports ADI, "hwcap-list" property
* contains the keyword "adp". If the platform supports ADI, "platform"
* node will contain "adp-blksz", "adp-nbits" and "ue-on-adp" properties
* to describe the ADI capabilities.
*/
void __init mdesc_adi_init(void)
{
struct mdesc_handle *hp = mdesc_grab();
const char *prop;
u64 pn, *val;
int len;
if (!hp)
goto adi_not_found;
pn = mdesc_node_by_name(hp, MDESC_NODE_NULL, "cpu");
if (pn == MDESC_NODE_NULL)
goto adi_not_found;
prop = mdesc_get_property(hp, pn, "hwcap-list", &len);
if (!prop)
goto adi_not_found;
/*
* Look for "adp" keyword in hwcap-list which would indicate
* ADI support
*/
adi_state.enabled = false;
while (len) {
int plen;
if (!strcmp(prop, "adp")) {
adi_state.enabled = true;
break;
}
plen = strlen(prop) + 1;
prop += plen;
len -= plen;
}
if (!adi_state.enabled)
goto adi_not_found;
/* Find the ADI properties in "platform" node. If all ADI
* properties are not found, ADI support is incomplete and
* do not enable ADI in the kernel.
*/
pn = mdesc_node_by_name(hp, MDESC_NODE_NULL, "platform");
if (pn == MDESC_NODE_NULL)
goto adi_not_found;
val = (u64 *) mdesc_get_property(hp, pn, "adp-blksz", &len);
if (!val)
goto adi_not_found;
adi_state.caps.blksz = *val;
val = (u64 *) mdesc_get_property(hp, pn, "adp-nbits", &len);
if (!val)
goto adi_not_found;
adi_state.caps.nbits = *val;
val = (u64 *) mdesc_get_property(hp, pn, "ue-on-adp", &len);
if (!val)
goto adi_not_found;
adi_state.caps.ue_on_adi = *val;
sparc64: Add support for ADI (Application Data Integrity) ADI is a new feature supported on SPARC M7 and newer processors to allow hardware to catch rogue accesses to memory. ADI is supported for data fetches only and not instruction fetches. An app can enable ADI on its data pages, set version tags on them and use versioned addresses to access the data pages. Upper bits of the address contain the version tag. On M7 processors, upper four bits (bits 63-60) contain the version tag. If a rogue app attempts to access ADI enabled data pages, its access is blocked and processor generates an exception. Please see Documentation/sparc/adi.txt for further details. This patch extends mprotect to enable ADI (TSTATE.mcde), enable/disable MCD (Memory Corruption Detection) on selected memory ranges, enable TTE.mcd in PTEs, return ADI parameters to userspace and save/restore ADI version tags on page swap out/in or migration. ADI is not enabled by default for any task. A task must explicitly enable ADI on a memory range and set version tag for ADI to be effective for the task. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-23 15:46:41 -07:00
/* Some of the code to support swapping ADI tags is written
* assumption that two ADI tags can fit inside one byte. If
* this assumption is broken by a future architecture change,
* that code will have to be revisited. If that were to happen,
* disable ADI support so we do not get unpredictable results
* with programs trying to use ADI and their pages getting
* swapped out
*/
if (adi_state.caps.nbits > 4) {
pr_warn("WARNING: ADI tag size >4 on this platform. Disabling AADI support\n");
adi_state.enabled = false;
}
sparc64: Add auxiliary vectors to report platform ADI properties ADI feature on M7 and newer processors has three important properties relevant to userspace apps using ADI capabilities - (1) Size of block of memory an ADI version tag applies to, (2) Number of uppermost bits in virtual address used to encode ADI tag, and (3) The value M7 processor will force the ADI tags to if it detects uncorrectable error in an ADI tagged cacheline. Kernel can retrieve these properties for a platform through machine description provided by the firmware. This patch adds code to retrieve these properties and report them to userspace through auxiliary vectors. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-21 10:15:48 -07:00
mdesc_release(hp);
return;
adi_not_found:
adi_state.enabled = false;
adi_state.caps.blksz = 0;
adi_state.caps.nbits = 0;
if (hp)
mdesc_release(hp);
}
sparc64: Add support for ADI (Application Data Integrity) ADI is a new feature supported on SPARC M7 and newer processors to allow hardware to catch rogue accesses to memory. ADI is supported for data fetches only and not instruction fetches. An app can enable ADI on its data pages, set version tags on them and use versioned addresses to access the data pages. Upper bits of the address contain the version tag. On M7 processors, upper four bits (bits 63-60) contain the version tag. If a rogue app attempts to access ADI enabled data pages, its access is blocked and processor generates an exception. Please see Documentation/sparc/adi.txt for further details. This patch extends mprotect to enable ADI (TSTATE.mcde), enable/disable MCD (Memory Corruption Detection) on selected memory ranges, enable TTE.mcd in PTEs, return ADI parameters to userspace and save/restore ADI version tags on page swap out/in or migration. ADI is not enabled by default for any task. A task must explicitly enable ADI on a memory range and set version tag for ADI to be effective for the task. Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com> Cc: Khalid Aziz <khalid@gonehiking.org> Reviewed-by: Anthony Yznaga <anthony.yznaga@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-23 15:46:41 -07:00
tag_storage_desc_t *find_tag_store(struct mm_struct *mm,
struct vm_area_struct *vma,
unsigned long addr)
{
tag_storage_desc_t *tag_desc = NULL;
unsigned long i, max_desc, flags;
/* Check if this vma already has tag storage descriptor
* allocated for it.
*/
max_desc = PAGE_SIZE/sizeof(tag_storage_desc_t);
if (mm->context.tag_store) {
tag_desc = mm->context.tag_store;
spin_lock_irqsave(&mm->context.tag_lock, flags);
for (i = 0; i < max_desc; i++) {
if ((addr >= tag_desc->start) &&
((addr + PAGE_SIZE - 1) <= tag_desc->end))
break;
tag_desc++;
}
spin_unlock_irqrestore(&mm->context.tag_lock, flags);
/* If no matching entries were found, this must be a
* freshly allocated page
*/
if (i >= max_desc)
tag_desc = NULL;
}
return tag_desc;
}
tag_storage_desc_t *alloc_tag_store(struct mm_struct *mm,
struct vm_area_struct *vma,
unsigned long addr)
{
unsigned char *tags;
unsigned long i, size, max_desc, flags;
tag_storage_desc_t *tag_desc, *open_desc;
unsigned long end_addr, hole_start, hole_end;
max_desc = PAGE_SIZE/sizeof(tag_storage_desc_t);
open_desc = NULL;
hole_start = 0;
hole_end = ULONG_MAX;
end_addr = addr + PAGE_SIZE - 1;
/* Check if this vma already has tag storage descriptor
* allocated for it.
*/
spin_lock_irqsave(&mm->context.tag_lock, flags);
if (mm->context.tag_store) {
tag_desc = mm->context.tag_store;
/* Look for a matching entry for this address. While doing
* that, look for the first open slot as well and find
* the hole in already allocated range where this request
* will fit in.
*/
for (i = 0; i < max_desc; i++) {
if (tag_desc->tag_users == 0) {
if (open_desc == NULL)
open_desc = tag_desc;
} else {
if ((addr >= tag_desc->start) &&
(tag_desc->end >= (addr + PAGE_SIZE - 1))) {
tag_desc->tag_users++;
goto out;
}
}
if ((tag_desc->start > end_addr) &&
(tag_desc->start < hole_end))
hole_end = tag_desc->start;
if ((tag_desc->end < addr) &&
(tag_desc->end > hole_start))
hole_start = tag_desc->end;
tag_desc++;
}
} else {
size = sizeof(tag_storage_desc_t)*max_desc;
mm->context.tag_store = kzalloc(size, GFP_NOWAIT|__GFP_NOWARN);
if (mm->context.tag_store == NULL) {
tag_desc = NULL;
goto out;
}
tag_desc = mm->context.tag_store;
for (i = 0; i < max_desc; i++, tag_desc++)
tag_desc->tag_users = 0;
open_desc = mm->context.tag_store;
i = 0;
}
/* Check if we ran out of tag storage descriptors */
if (open_desc == NULL) {
tag_desc = NULL;
goto out;
}
/* Mark this tag descriptor slot in use and then initialize it */
tag_desc = open_desc;
tag_desc->tag_users = 1;
/* Tag storage has not been allocated for this vma and space
* is available in tag storage descriptor. Since this page is
* being swapped out, there is high probability subsequent pages
* in the VMA will be swapped out as well. Allocate pages to
* store tags for as many pages in this vma as possible but not
* more than TAG_STORAGE_PAGES. Each byte in tag space holds
* two ADI tags since each ADI tag is 4 bits. Each ADI tag
* covers adi_blksize() worth of addresses. Check if the hole is
* big enough to accommodate full address range for using
* TAG_STORAGE_PAGES number of tag pages.
*/
size = TAG_STORAGE_PAGES * PAGE_SIZE;
end_addr = addr + (size*2*adi_blksize()) - 1;
/* Check for overflow. If overflow occurs, allocate only one page */
if (end_addr < addr) {
size = PAGE_SIZE;
end_addr = addr + (size*2*adi_blksize()) - 1;
/* If overflow happens with the minimum tag storage
* allocation as well, adjust ending address for this
* tag storage.
*/
if (end_addr < addr)
end_addr = ULONG_MAX;
}
if (hole_end < end_addr) {
/* Available hole is too small on the upper end of
* address. Can we expand the range towards the lower
* address and maximize use of this slot?
*/
unsigned long tmp_addr;
end_addr = hole_end - 1;
tmp_addr = end_addr - (size*2*adi_blksize()) + 1;
/* Check for underflow. If underflow occurs, allocate
* only one page for storing ADI tags
*/
if (tmp_addr > addr) {
size = PAGE_SIZE;
tmp_addr = end_addr - (size*2*adi_blksize()) - 1;
/* If underflow happens with the minimum tag storage
* allocation as well, adjust starting address for
* this tag storage.
*/
if (tmp_addr > addr)
tmp_addr = 0;
}
if (tmp_addr < hole_start) {
/* Available hole is restricted on lower address
* end as well
*/
tmp_addr = hole_start + 1;
}
addr = tmp_addr;
size = (end_addr + 1 - addr)/(2*adi_blksize());
size = (size + (PAGE_SIZE-adi_blksize()))/PAGE_SIZE;
size = size * PAGE_SIZE;
}
tags = kzalloc(size, GFP_NOWAIT|__GFP_NOWARN);
if (tags == NULL) {
tag_desc->tag_users = 0;
tag_desc = NULL;
goto out;
}
tag_desc->start = addr;
tag_desc->tags = tags;
tag_desc->end = end_addr;
out:
spin_unlock_irqrestore(&mm->context.tag_lock, flags);
return tag_desc;
}
void del_tag_store(tag_storage_desc_t *tag_desc, struct mm_struct *mm)
{
unsigned long flags;
unsigned char *tags = NULL;
spin_lock_irqsave(&mm->context.tag_lock, flags);
tag_desc->tag_users--;
if (tag_desc->tag_users == 0) {
tag_desc->start = tag_desc->end = 0;
/* Do not free up the tag storage space allocated
* by the first descriptor. This is persistent
* emergency tag storage space for the task.
*/
if (tag_desc != mm->context.tag_store) {
tags = tag_desc->tags;
tag_desc->tags = NULL;
}
}
spin_unlock_irqrestore(&mm->context.tag_lock, flags);
kfree(tags);
}
#define tag_start(addr, tag_desc) \
((tag_desc)->tags + ((addr - (tag_desc)->start)/(2*adi_blksize())))
/* Retrieve any saved ADI tags for the page being swapped back in and
* restore these tags to the newly allocated physical page.
*/
void adi_restore_tags(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, pte_t pte)
{
unsigned char *tag;
tag_storage_desc_t *tag_desc;
unsigned long paddr, tmp, version1, version2;
/* Check if the swapped out page has an ADI version
* saved. If yes, restore version tag to the newly
* allocated page.
*/
tag_desc = find_tag_store(mm, vma, addr);
if (tag_desc == NULL)
return;
tag = tag_start(addr, tag_desc);
paddr = pte_val(pte) & _PAGE_PADDR_4V;
for (tmp = paddr; tmp < (paddr+PAGE_SIZE); tmp += adi_blksize()) {
version1 = (*tag) >> 4;
version2 = (*tag) & 0x0f;
*tag++ = 0;
asm volatile("stxa %0, [%1] %2\n\t"
:
: "r" (version1), "r" (tmp),
"i" (ASI_MCD_REAL));
tmp += adi_blksize();
asm volatile("stxa %0, [%1] %2\n\t"
:
: "r" (version2), "r" (tmp),
"i" (ASI_MCD_REAL));
}
asm volatile("membar #Sync\n\t");
/* Check and mark this tag space for release later if
* the swapped in page was the last user of tag space
*/
del_tag_store(tag_desc, mm);
}
/* A page is about to be swapped out. Save any ADI tags associated with
* this physical page so they can be restored later when the page is swapped
* back in.
*/
int adi_save_tags(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, pte_t oldpte)
{
unsigned char *tag;
tag_storage_desc_t *tag_desc;
unsigned long version1, version2, paddr, tmp;
tag_desc = alloc_tag_store(mm, vma, addr);
if (tag_desc == NULL)
return -1;
tag = tag_start(addr, tag_desc);
paddr = pte_val(oldpte) & _PAGE_PADDR_4V;
for (tmp = paddr; tmp < (paddr+PAGE_SIZE); tmp += adi_blksize()) {
asm volatile("ldxa [%1] %2, %0\n\t"
: "=r" (version1)
: "r" (tmp), "i" (ASI_MCD_REAL));
tmp += adi_blksize();
asm volatile("ldxa [%1] %2, %0\n\t"
: "=r" (version2)
: "r" (tmp), "i" (ASI_MCD_REAL));
*tag = (version1 << 4) | version2;
tag++;
}
return 0;
}
Reference in New Issue Copy Permalink