1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (C) 2017 Arm Ltd.
3 #define pr_fmt(fmt) "sdei: " fmt
4 
5 #include <linux/arm-smccc.h>
6 #include <linux/arm_sdei.h>
7 #include <linux/hardirq.h>
8 #include <linux/irqflags.h>
9 #include <linux/sched/task_stack.h>
10 #include <linux/uaccess.h>
11 
12 #include <asm/alternative.h>
13 #include <asm/exception.h>
14 #include <asm/kprobes.h>
15 #include <asm/mmu.h>
16 #include <asm/ptrace.h>
17 #include <asm/sections.h>
18 #include <asm/stacktrace.h>
19 #include <asm/sysreg.h>
20 #include <asm/vmap_stack.h>
21 
22 unsigned long sdei_exit_mode;
23 
24 /*
25  * VMAP'd stacks checking for stack overflow on exception using sp as a scratch
26  * register, meaning SDEI has to switch to its own stack. We need two stacks as
27  * a critical event may interrupt a normal event that has just taken a
28  * synchronous exception, and is using sp as scratch register. For a critical
29  * event interrupting a normal event, we can't reliably tell if we were on the
30  * sdei stack.
31  * For now, we allocate stacks when the driver is probed.
32  */
33 DECLARE_PER_CPU(unsigned long *, sdei_stack_normal_ptr);
34 DECLARE_PER_CPU(unsigned long *, sdei_stack_critical_ptr);
35 
36 #ifdef CONFIG_VMAP_STACK
37 DEFINE_PER_CPU(unsigned long *, sdei_stack_normal_ptr);
38 DEFINE_PER_CPU(unsigned long *, sdei_stack_critical_ptr);
39 #endif
40 
_free_sdei_stack(unsigned long * __percpu * ptr,int cpu)41 static void _free_sdei_stack(unsigned long * __percpu *ptr, int cpu)
42 {
43 	unsigned long *p;
44 
45 	p = per_cpu(*ptr, cpu);
46 	if (p) {
47 		per_cpu(*ptr, cpu) = NULL;
48 		vfree(p);
49 	}
50 }
51 
free_sdei_stacks(void)52 static void free_sdei_stacks(void)
53 {
54 	int cpu;
55 
56 	for_each_possible_cpu(cpu) {
57 		_free_sdei_stack(&sdei_stack_normal_ptr, cpu);
58 		_free_sdei_stack(&sdei_stack_critical_ptr, cpu);
59 	}
60 }
61 
_init_sdei_stack(unsigned long * __percpu * ptr,int cpu)62 static int _init_sdei_stack(unsigned long * __percpu *ptr, int cpu)
63 {
64 	unsigned long *p;
65 
66 	p = arch_alloc_vmap_stack(SDEI_STACK_SIZE, cpu_to_node(cpu));
67 	if (!p)
68 		return -ENOMEM;
69 	per_cpu(*ptr, cpu) = p;
70 
71 	return 0;
72 }
73 
init_sdei_stacks(void)74 static int init_sdei_stacks(void)
75 {
76 	int cpu;
77 	int err = 0;
78 
79 	for_each_possible_cpu(cpu) {
80 		err = _init_sdei_stack(&sdei_stack_normal_ptr, cpu);
81 		if (err)
82 			break;
83 		err = _init_sdei_stack(&sdei_stack_critical_ptr, cpu);
84 		if (err)
85 			break;
86 	}
87 
88 	if (err)
89 		free_sdei_stacks();
90 
91 	return err;
92 }
93 
on_sdei_normal_stack(unsigned long sp,struct stack_info * info)94 static bool on_sdei_normal_stack(unsigned long sp, struct stack_info *info)
95 {
96 	unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_normal_ptr);
97 	unsigned long high = low + SDEI_STACK_SIZE;
98 
99 	return on_stack(sp, low, high, STACK_TYPE_SDEI_NORMAL, info);
100 }
101 
on_sdei_critical_stack(unsigned long sp,struct stack_info * info)102 static bool on_sdei_critical_stack(unsigned long sp, struct stack_info *info)
103 {
104 	unsigned long low = (unsigned long)raw_cpu_read(sdei_stack_critical_ptr);
105 	unsigned long high = low + SDEI_STACK_SIZE;
106 
107 	return on_stack(sp, low, high, STACK_TYPE_SDEI_CRITICAL, info);
108 }
109 
_on_sdei_stack(unsigned long sp,struct stack_info * info)110 bool _on_sdei_stack(unsigned long sp, struct stack_info *info)
111 {
112 	if (!IS_ENABLED(CONFIG_VMAP_STACK))
113 		return false;
114 
115 	if (on_sdei_critical_stack(sp, info))
116 		return true;
117 
118 	if (on_sdei_normal_stack(sp, info))
119 		return true;
120 
121 	return false;
122 }
123 
sdei_arch_get_entry_point(int conduit)124 unsigned long sdei_arch_get_entry_point(int conduit)
125 {
126 	/*
127 	 * SDEI works between adjacent exception levels. If we booted at EL1 we
128 	 * assume a hypervisor is marshalling events. If we booted at EL2 and
129 	 * dropped to EL1 because we don't support VHE, then we can't support
130 	 * SDEI.
131 	 */
132 	if (is_hyp_mode_available() && !is_kernel_in_hyp_mode()) {
133 		pr_err("Not supported on this hardware/boot configuration\n");
134 		return 0;
135 	}
136 
137 	if (IS_ENABLED(CONFIG_VMAP_STACK)) {
138 		if (init_sdei_stacks())
139 			return 0;
140 	}
141 
142 	sdei_exit_mode = (conduit == SMCCC_CONDUIT_HVC) ? SDEI_EXIT_HVC : SDEI_EXIT_SMC;
143 
144 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
145 	if (arm64_kernel_unmapped_at_el0()) {
146 		unsigned long offset;
147 
148 		offset = (unsigned long)__sdei_asm_entry_trampoline -
149 			 (unsigned long)__entry_tramp_text_start;
150 		return TRAMP_VALIAS + offset;
151 	} else
152 #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
153 		return (unsigned long)__sdei_asm_handler;
154 
155 }
156 
157 /*
158  * __sdei_handler() returns one of:
159  *  SDEI_EV_HANDLED -  success, return to the interrupted context.
160  *  SDEI_EV_FAILED  -  failure, return this error code to firmare.
161  *  virtual-address -  success, return to this address.
162  */
_sdei_handler(struct pt_regs * regs,struct sdei_registered_event * arg)163 static __kprobes unsigned long _sdei_handler(struct pt_regs *regs,
164 					     struct sdei_registered_event *arg)
165 {
166 	u32 mode;
167 	int i, err = 0;
168 	int clobbered_registers = 4;
169 	u64 elr = read_sysreg(elr_el1);
170 	u32 kernel_mode = read_sysreg(CurrentEL) | 1;	/* +SPSel */
171 	unsigned long vbar = read_sysreg(vbar_el1);
172 
173 	if (arm64_kernel_unmapped_at_el0())
174 		clobbered_registers++;
175 
176 	/* Retrieve the missing registers values */
177 	for (i = 0; i < clobbered_registers; i++) {
178 		/* from within the handler, this call always succeeds */
179 		sdei_api_event_context(i, ®s->regs[i]);
180 	}
181 
182 	/*
183 	 * We didn't take an exception to get here, set PAN. UAO will be cleared
184 	 * by sdei_event_handler()s force_uaccess_begin() call.
185 	 */
186 	__uaccess_enable_hw_pan();
187 
188 	err = sdei_event_handler(regs, arg);
189 	if (err)
190 		return SDEI_EV_FAILED;
191 
192 	if (elr != read_sysreg(elr_el1)) {
193 		/*
194 		 * We took a synchronous exception from the SDEI handler.
195 		 * This could deadlock, and if you interrupt KVM it will
196 		 * hyp-panic instead.
197 		 */
198 		pr_warn("unsafe: exception during handler\n");
199 	}
200 
201 	mode = regs->pstate & (PSR_MODE32_BIT | PSR_MODE_MASK);
202 
203 	/*
204 	 * If we interrupted the kernel with interrupts masked, we always go
205 	 * back to wherever we came from.
206 	 */
207 	if (mode == kernel_mode && !interrupts_enabled(regs))
208 		return SDEI_EV_HANDLED;
209 
210 	/*
211 	 * Otherwise, we pretend this was an IRQ. This lets user space tasks
212 	 * receive signals before we return to them, and KVM to invoke it's
213 	 * world switch to do the same.
214 	 *
215 	 * See DDI0487B.a Table D1-7 'Vector offsets from vector table base
216 	 * address'.
217 	 */
218 	if (mode == kernel_mode)
219 		return vbar + 0x280;
220 	else if (mode & PSR_MODE32_BIT)
221 		return vbar + 0x680;
222 
223 	return vbar + 0x480;
224 }
225 
226 
227 asmlinkage noinstr unsigned long
__sdei_handler(struct pt_regs * regs,struct sdei_registered_event * arg)228 __sdei_handler(struct pt_regs *regs, struct sdei_registered_event *arg)
229 {
230 	unsigned long ret;
231 
232 	arm64_enter_nmi(regs);
233 
234 	ret = _sdei_handler(regs, arg);
235 
236 	arm64_exit_nmi(regs);
237 
238 	return ret;
239 }
240