1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ASM_X86_ALTERNATIVE_H
3 #define _ASM_X86_ALTERNATIVE_H
4
5 #include <linux/types.h>
6 #include <linux/stringify.h>
7 #include <asm/asm.h>
8 #include <asm/bug.h>
9
10 #define ALT_FLAGS_SHIFT 16
11
12 #define ALT_FLAG_NOT (1 << 0)
13 #define ALT_NOT(feature) ((ALT_FLAG_NOT << ALT_FLAGS_SHIFT) | (feature))
14 #define ALT_FLAG_DIRECT_CALL (1 << 1)
15 #define ALT_DIRECT_CALL(feature) ((ALT_FLAG_DIRECT_CALL << ALT_FLAGS_SHIFT) | (feature))
16 #define ALT_CALL_ALWAYS ALT_DIRECT_CALL(X86_FEATURE_ALWAYS)
17
18 #ifndef __ASSEMBLY__
19
20 #include <linux/stddef.h>
21
22 /*
23 * Alternative inline assembly for SMP.
24 *
25 * The LOCK_PREFIX macro defined here replaces the LOCK and
26 * LOCK_PREFIX macros used everywhere in the source tree.
27 *
28 * SMP alternatives use the same data structures as the other
29 * alternatives and the X86_FEATURE_UP flag to indicate the case of a
30 * UP system running a SMP kernel. The existing apply_alternatives()
31 * works fine for patching a SMP kernel for UP.
32 *
33 * The SMP alternative tables can be kept after boot and contain both
34 * UP and SMP versions of the instructions to allow switching back to
35 * SMP at runtime, when hotplugging in a new CPU, which is especially
36 * useful in virtualized environments.
37 *
38 * The very common lock prefix is handled as special case in a
39 * separate table which is a pure address list without replacement ptr
40 * and size information. That keeps the table sizes small.
41 */
42
43 #ifdef CONFIG_SMP
44 #define LOCK_PREFIX_HERE \
45 ".pushsection .smp_locks,\"a\"\n" \
46 ".balign 4\n" \
47 ".long 671f - .\n" /* offset */ \
48 ".popsection\n" \
49 "671:"
50
51 #define LOCK_PREFIX LOCK_PREFIX_HERE "\n\tlock; "
52
53 #else /* ! CONFIG_SMP */
54 #define LOCK_PREFIX_HERE ""
55 #define LOCK_PREFIX ""
56 #endif
57
58 /*
59 * objtool annotation to ignore the alternatives and only consider the original
60 * instruction(s).
61 */
62 #define ANNOTATE_IGNORE_ALTERNATIVE \
63 "999:\n\t" \
64 ".pushsection .discard.ignore_alts\n\t" \
65 ".long 999b\n\t" \
66 ".popsection\n\t"
67
68 /*
69 * The patching flags are part of the upper bits of the @ft_flags parameter when
70 * specifying them. The split is currently like this:
71 *
72 * [31... flags ...16][15... CPUID feature bit ...0]
73 *
74 * but since this is all hidden in the macros argument being split, those fields can be
75 * extended in the future to fit in a u64 or however the need arises.
76 */
77 struct alt_instr {
78 s32 instr_offset; /* original instruction */
79 s32 repl_offset; /* offset to replacement instruction */
80
81 union {
82 struct {
83 u32 cpuid: 16; /* CPUID bit set for replacement */
84 u32 flags: 16; /* patching control flags */
85 };
86 u32 ft_flags;
87 };
88
89 u8 instrlen; /* length of original instruction */
90 u8 replacementlen; /* length of new instruction */
91 } __packed;
92
93 extern struct alt_instr __alt_instructions[], __alt_instructions_end[];
94
95 /*
96 * Debug flag that can be tested to see whether alternative
97 * instructions were patched in already:
98 */
99 extern int alternatives_patched;
100
101 extern void alternative_instructions(void);
102 extern void apply_alternatives(struct alt_instr *start, struct alt_instr *end);
103 extern void apply_retpolines(s32 *start, s32 *end);
104 extern void apply_returns(s32 *start, s32 *end);
105 extern void apply_seal_endbr(s32 *start, s32 *end);
106 extern void apply_fineibt(s32 *start_retpoline, s32 *end_retpoine,
107 s32 *start_cfi, s32 *end_cfi);
108
109 struct module;
110
111 struct callthunk_sites {
112 s32 *call_start, *call_end;
113 struct alt_instr *alt_start, *alt_end;
114 };
115
116 #ifdef CONFIG_CALL_THUNKS
117 extern void callthunks_patch_builtin_calls(void);
118 extern void callthunks_patch_module_calls(struct callthunk_sites *sites,
119 struct module *mod);
120 extern void *callthunks_translate_call_dest(void *dest);
121 extern int x86_call_depth_emit_accounting(u8 **pprog, void *func, void *ip);
122 #else
callthunks_patch_builtin_calls(void)123 static __always_inline void callthunks_patch_builtin_calls(void) {}
124 static __always_inline void
callthunks_patch_module_calls(struct callthunk_sites * sites,struct module * mod)125 callthunks_patch_module_calls(struct callthunk_sites *sites,
126 struct module *mod) {}
callthunks_translate_call_dest(void * dest)127 static __always_inline void *callthunks_translate_call_dest(void *dest)
128 {
129 return dest;
130 }
x86_call_depth_emit_accounting(u8 ** pprog,void * func,void * ip)131 static __always_inline int x86_call_depth_emit_accounting(u8 **pprog,
132 void *func, void *ip)
133 {
134 return 0;
135 }
136 #endif
137
138 #ifdef CONFIG_MITIGATION_ITS
139 extern void its_init_mod(struct module *mod);
140 extern void its_fini_mod(struct module *mod);
141 extern void its_free_mod(struct module *mod);
142 extern u8 *its_static_thunk(int reg);
143 #else /* CONFIG_MITIGATION_ITS */
its_init_mod(struct module * mod)144 static inline void its_init_mod(struct module *mod) { }
its_fini_mod(struct module * mod)145 static inline void its_fini_mod(struct module *mod) { }
its_free_mod(struct module * mod)146 static inline void its_free_mod(struct module *mod) { }
its_static_thunk(int reg)147 static inline u8 *its_static_thunk(int reg)
148 {
149 WARN_ONCE(1, "ITS not compiled in");
150
151 return NULL;
152 }
153 #endif
154
155 #if defined(CONFIG_MITIGATION_RETHUNK) && defined(CONFIG_OBJTOOL)
156 extern bool cpu_wants_rethunk(void);
157 extern bool cpu_wants_rethunk_at(void *addr);
158 #else
cpu_wants_rethunk(void)159 static __always_inline bool cpu_wants_rethunk(void)
160 {
161 return false;
162 }
cpu_wants_rethunk_at(void * addr)163 static __always_inline bool cpu_wants_rethunk_at(void *addr)
164 {
165 return false;
166 }
167 #endif
168
169 #ifdef CONFIG_SMP
170 extern void alternatives_smp_module_add(struct module *mod, char *name,
171 void *locks, void *locks_end,
172 void *text, void *text_end);
173 extern void alternatives_smp_module_del(struct module *mod);
174 extern void alternatives_enable_smp(void);
175 extern int alternatives_text_reserved(void *start, void *end);
176 extern bool skip_smp_alternatives;
177 #else
alternatives_smp_module_add(struct module * mod,char * name,void * locks,void * locks_end,void * text,void * text_end)178 static inline void alternatives_smp_module_add(struct module *mod, char *name,
179 void *locks, void *locks_end,
180 void *text, void *text_end) {}
alternatives_smp_module_del(struct module * mod)181 static inline void alternatives_smp_module_del(struct module *mod) {}
alternatives_enable_smp(void)182 static inline void alternatives_enable_smp(void) {}
alternatives_text_reserved(void * start,void * end)183 static inline int alternatives_text_reserved(void *start, void *end)
184 {
185 return 0;
186 }
187 #endif /* CONFIG_SMP */
188
189 #define ALT_CALL_INSTR "call BUG_func"
190
191 #define alt_slen "772b-771b"
192 #define alt_total_slen "773b-771b"
193 #define alt_rlen "775f-774f"
194
195 #define OLDINSTR(oldinstr) \
196 "# ALT: oldinstr\n" \
197 "771:\n\t" oldinstr "\n772:\n" \
198 "# ALT: padding\n" \
199 ".skip -(((" alt_rlen ")-(" alt_slen ")) > 0) * " \
200 "((" alt_rlen ")-(" alt_slen ")),0x90\n" \
201 "773:\n"
202
203 #define ALTINSTR_ENTRY(ft_flags) \
204 ".pushsection .altinstructions,\"a\"\n" \
205 " .long 771b - .\n" /* label */ \
206 " .long 774f - .\n" /* new instruction */ \
207 " .4byte " __stringify(ft_flags) "\n" /* feature + flags */ \
208 " .byte " alt_total_slen "\n" /* source len */ \
209 " .byte " alt_rlen "\n" /* replacement len */ \
210 ".popsection\n"
211
212 #define ALTINSTR_REPLACEMENT(newinstr) /* replacement */ \
213 ".pushsection .altinstr_replacement, \"ax\"\n" \
214 "# ALT: replacement\n" \
215 "774:\n\t" newinstr "\n775:\n" \
216 ".popsection\n"
217
218 /* alternative assembly primitive: */
219 #define ALTERNATIVE(oldinstr, newinstr, ft_flags) \
220 OLDINSTR(oldinstr) \
221 ALTINSTR_ENTRY(ft_flags) \
222 ALTINSTR_REPLACEMENT(newinstr)
223
224 #define ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) \
225 ALTERNATIVE(ALTERNATIVE(oldinstr, newinstr1, ft_flags1), newinstr2, ft_flags2)
226
227 /* If @feature is set, patch in @newinstr_yes, otherwise @newinstr_no. */
228 #define ALTERNATIVE_TERNARY(oldinstr, ft_flags, newinstr_yes, newinstr_no) \
229 ALTERNATIVE_2(oldinstr, newinstr_no, X86_FEATURE_ALWAYS, newinstr_yes, ft_flags)
230
231 #define ALTERNATIVE_3(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2, \
232 newinstr3, ft_flags3) \
233 ALTERNATIVE(ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2), \
234 newinstr3, ft_flags3)
235
236 /*
237 * Alternative instructions for different CPU types or capabilities.
238 *
239 * This allows to use optimized instructions even on generic binary
240 * kernels.
241 *
242 * length of oldinstr must be longer or equal the length of newinstr
243 * It can be padded with nops as needed.
244 *
245 * For non barrier like inlines please define new variants
246 * without volatile and memory clobber.
247 */
248 #define alternative(oldinstr, newinstr, ft_flags) \
249 asm_inline volatile(ALTERNATIVE(oldinstr, newinstr, ft_flags) : : : "memory")
250
251 #define alternative_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) \
252 asm_inline volatile(ALTERNATIVE_2(oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2) ::: "memory")
253
254 /*
255 * Alternative inline assembly with input.
256 *
257 * Peculiarities:
258 * No memory clobber here.
259 * Argument numbers start with 1.
260 * Leaving an unused argument 0 to keep API compatibility.
261 */
262 #define alternative_input(oldinstr, newinstr, ft_flags, input...) \
263 asm_inline volatile(ALTERNATIVE(oldinstr, newinstr, ft_flags) \
264 : : "i" (0), ## input)
265
266 /* Like alternative_input, but with a single output argument */
267 #define alternative_io(oldinstr, newinstr, ft_flags, output, input...) \
268 asm_inline volatile(ALTERNATIVE(oldinstr, newinstr, ft_flags) \
269 : output : "i" (0), ## input)
270
271 /*
272 * Like alternative_io, but for replacing a direct call with another one.
273 *
274 * Use the %c operand modifier which is the generic way to print a bare
275 * constant expression with all syntax-specific punctuation omitted. %P
276 * is the x86-specific variant which can handle constants too, for
277 * historical reasons, but it should be used primarily for PIC
278 * references: i.e., if used for a function, it would add the PLT
279 * suffix.
280 */
281 #define alternative_call(oldfunc, newfunc, ft_flags, output, input...) \
282 asm_inline volatile(ALTERNATIVE("call %c[old]", "call %c[new]", ft_flags) \
283 : ALT_OUTPUT_SP(output) \
284 : [old] "i" (oldfunc), [new] "i" (newfunc), ## input)
285
286 /*
287 * Like alternative_call, but there are two features and respective functions.
288 * If CPU has feature2, function2 is used.
289 * Otherwise, if CPU has feature1, function1 is used.
290 * Otherwise, old function is used.
291 */
292 #define alternative_call_2(oldfunc, newfunc1, ft_flags1, newfunc2, ft_flags2, \
293 output, input...) \
294 asm_inline volatile(ALTERNATIVE_2("call %c[old]", "call %c[new1]", ft_flags1, \
295 "call %c[new2]", ft_flags2) \
296 : ALT_OUTPUT_SP(output) \
297 : [old] "i" (oldfunc), [new1] "i" (newfunc1), \
298 [new2] "i" (newfunc2), ## input)
299
300 /*
301 * use this macro(s) if you need more than one output parameter
302 * in alternative_io
303 */
304 #define ASM_OUTPUT2(a...) a
305
306 /*
307 * use this macro if you need clobbers but no inputs in
308 * alternative_{input,io,call}()
309 */
310 #define ASM_NO_INPUT_CLOBBER(clbr...) "i" (0) : clbr
311
312 #define ALT_OUTPUT_SP(...) ASM_CALL_CONSTRAINT, ## __VA_ARGS__
313
314 /* Macro for creating assembler functions avoiding any C magic. */
315 #define DEFINE_ASM_FUNC(func, instr, sec) \
316 asm (".pushsection " #sec ", \"ax\"\n" \
317 ".global " #func "\n\t" \
318 ".type " #func ", @function\n\t" \
319 ASM_FUNC_ALIGN "\n" \
320 #func ":\n\t" \
321 ASM_ENDBR \
322 instr "\n\t" \
323 ASM_RET \
324 ".size " #func ", . - " #func "\n\t" \
325 ".popsection")
326
327 void BUG_func(void);
328 void nop_func(void);
329
330 #else /* __ASSEMBLY__ */
331
332 #ifdef CONFIG_SMP
333 .macro LOCK_PREFIX
334 672: lock
335 .pushsection .smp_locks,"a"
336 .balign 4
337 .long 672b - .
338 .popsection
339 .endm
340 #else
341 .macro LOCK_PREFIX
342 .endm
343 #endif
344
345 /*
346 * objtool annotation to ignore the alternatives and only consider the original
347 * instruction(s).
348 */
349 .macro ANNOTATE_IGNORE_ALTERNATIVE
350 .Lannotate_\@:
351 .pushsection .discard.ignore_alts
352 .long .Lannotate_\@
353 .popsection
354 .endm
355
356 /*
357 * Issue one struct alt_instr descriptor entry (need to put it into
358 * the section .altinstructions, see below). This entry contains
359 * enough information for the alternatives patching code to patch an
360 * instruction. See apply_alternatives().
361 */
362 .macro altinstr_entry orig alt ft_flags orig_len alt_len
363 .long \orig - .
364 .long \alt - .
365 .4byte \ft_flags
366 .byte \orig_len
367 .byte \alt_len
368 .endm
369
370 .macro ALT_CALL_INSTR
371 call BUG_func
372 .endm
373
374 /*
375 * Define an alternative between two instructions. If @feature is
376 * present, early code in apply_alternatives() replaces @oldinstr with
377 * @newinstr. ".skip" directive takes care of proper instruction padding
378 * in case @newinstr is longer than @oldinstr.
379 */
380 #define __ALTERNATIVE(oldinst, newinst, flag) \
381 740: \
382 oldinst ; \
383 741: \
384 .skip -(((744f-743f)-(741b-740b)) > 0) * ((744f-743f)-(741b-740b)),0x90 ;\
385 742: \
386 .pushsection .altinstructions,"a" ; \
387 altinstr_entry 740b,743f,flag,742b-740b,744f-743f ; \
388 .popsection ; \
389 .pushsection .altinstr_replacement,"ax" ; \
390 743: \
391 newinst ; \
392 744: \
393 .popsection ;
394
395 .macro ALTERNATIVE oldinstr, newinstr, ft_flags
396 __ALTERNATIVE(\oldinstr, \newinstr, \ft_flags)
397 .endm
398
399 #define old_len 141b-140b
400 #define new_len1 144f-143f
401 #define new_len2 145f-144f
402 #define new_len3 146f-145f
403
404 /*
405 * Same as ALTERNATIVE macro above but for two alternatives. If CPU
406 * has @feature1, it replaces @oldinstr with @newinstr1. If CPU has
407 * @feature2, it replaces @oldinstr with @feature2.
408 */
409 .macro ALTERNATIVE_2 oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2
410 __ALTERNATIVE(__ALTERNATIVE(\oldinstr, \newinstr1, \ft_flags1),
411 \newinstr2, \ft_flags2)
412 .endm
413
414 .macro ALTERNATIVE_3 oldinstr, newinstr1, ft_flags1, newinstr2, ft_flags2, newinstr3, ft_flags3
415 __ALTERNATIVE(ALTERNATIVE_2(\oldinstr, \newinstr1, \ft_flags1, \newinstr2, \ft_flags2),
416 \newinstr3, \ft_flags3)
417 .endm
418
419 /* If @feature is set, patch in @newinstr_yes, otherwise @newinstr_no. */
420 #define ALTERNATIVE_TERNARY(oldinstr, ft_flags, newinstr_yes, newinstr_no) \
421 ALTERNATIVE_2 oldinstr, newinstr_no, X86_FEATURE_ALWAYS, \
422 newinstr_yes, ft_flags
423
424 #endif /* __ASSEMBLY__ */
425
426 #endif /* _ASM_X86_ALTERNATIVE_H */
427