2019-06-03 05:44:50 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
2017-11-02 12:12:34 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2017 ARM Ltd.
|
|
|
|
*/
|
|
|
|
#ifndef __ASM_DAIFFLAGS_H
|
|
|
|
#define __ASM_DAIFFLAGS_H
|
|
|
|
|
|
|
|
#include <linux/irqflags.h>
|
|
|
|
|
2019-06-11 09:38:10 +00:00
|
|
|
#include <asm/arch_gicv3.h>
|
2019-10-02 09:06:12 +00:00
|
|
|
#include <asm/barrier.h>
|
2019-01-31 14:58:51 +00:00
|
|
|
#include <asm/cpufeature.h>
|
2019-10-25 16:42:12 +00:00
|
|
|
#include <asm/ptrace.h>
|
2019-01-31 14:58:51 +00:00
|
|
|
|
2017-11-02 12:12:36 +00:00
|
|
|
#define DAIF_PROCCTX 0
|
|
|
|
#define DAIF_PROCCTX_NOIRQ PSR_I_BIT
|
2019-01-29 18:48:50 +00:00
|
|
|
#define DAIF_ERRCTX (PSR_I_BIT | PSR_A_BIT)
|
arm64: kprobes: Recover pstate.D in single-step exception handler
kprobes manipulates the interrupted PSTATE for single step, and
doesn't restore it. Thus, if we put a kprobe where the pstate.D
(debug) masked, the mask will be cleared after the kprobe hits.
Moreover, in the most complicated case, this can lead a kernel
crash with below message when a nested kprobe hits.
[ 152.118921] Unexpected kernel single-step exception at EL1
When the 1st kprobe hits, do_debug_exception() will be called.
At this point, debug exception (= pstate.D) must be masked (=1).
But if another kprobes hits before single-step of the first kprobe
(e.g. inside user pre_handler), it unmask the debug exception
(pstate.D = 0) and return.
Then, when the 1st kprobe setting up single-step, it saves current
DAIF, mask DAIF, enable single-step, and restore DAIF.
However, since "D" flag in DAIF is cleared by the 2nd kprobe, the
single-step exception happens soon after restoring DAIF.
This has been introduced by commit 7419333fa15e ("arm64: kprobe:
Always clear pstate.D in breakpoint exception handler")
To solve this issue, this stores all DAIF bits and restore it
after single stepping.
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Fixes: 7419333fa15e ("arm64: kprobe: Always clear pstate.D in breakpoint exception handler")
Reviewed-by: James Morse <james.morse@arm.com>
Tested-by: James Morse <james.morse@arm.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
2019-08-01 14:25:49 +00:00
|
|
|
#define DAIF_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT)
|
|
|
|
|
2017-11-02 12:12:36 +00:00
|
|
|
|
2017-11-02 12:12:34 +00:00
|
|
|
/* mask/save/unmask/restore all exceptions, including interrupts. */
|
|
|
|
static inline void local_daif_mask(void)
|
|
|
|
{
|
2019-06-11 09:38:11 +00:00
|
|
|
WARN_ON(system_has_prio_mask_debugging() &&
|
|
|
|
(read_sysreg_s(SYS_ICC_PMR_EL1) == (GIC_PRIO_IRQOFF |
|
|
|
|
GIC_PRIO_PSR_I_SET)));
|
|
|
|
|
2017-11-02 12:12:34 +00:00
|
|
|
asm volatile(
|
|
|
|
"msr daifset, #0xf // local_daif_mask\n"
|
|
|
|
:
|
|
|
|
:
|
|
|
|
: "memory");
|
2019-06-11 09:38:10 +00:00
|
|
|
|
|
|
|
/* Don't really care for a dsb here, we don't intend to enable IRQs */
|
|
|
|
if (system_uses_irq_prio_masking())
|
|
|
|
gic_write_pmr(GIC_PRIO_IRQON | GIC_PRIO_PSR_I_SET);
|
|
|
|
|
2017-11-02 12:12:34 +00:00
|
|
|
trace_hardirqs_off();
|
|
|
|
}
|
|
|
|
|
2020-01-22 12:45:46 +00:00
|
|
|
static inline unsigned long local_daif_save_flags(void)
|
2017-11-02 12:12:34 +00:00
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
2019-01-31 14:58:51 +00:00
|
|
|
flags = read_sysreg(daif);
|
|
|
|
|
|
|
|
if (system_uses_irq_prio_masking()) {
|
|
|
|
/* If IRQs are masked with PMR, reflect it in the flags */
|
2019-06-11 09:38:10 +00:00
|
|
|
if (read_sysreg_s(SYS_ICC_PMR_EL1) != GIC_PRIO_IRQON)
|
2019-01-31 14:58:51 +00:00
|
|
|
flags |= PSR_I_BIT;
|
|
|
|
}
|
2018-08-28 15:51:14 +00:00
|
|
|
|
2020-01-22 12:45:46 +00:00
|
|
|
return flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned long local_daif_save(void)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
flags = local_daif_save_flags();
|
|
|
|
|
2017-11-02 12:12:34 +00:00
|
|
|
local_daif_mask();
|
|
|
|
|
|
|
|
return flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void local_daif_restore(unsigned long flags)
|
|
|
|
{
|
2019-01-31 14:58:51 +00:00
|
|
|
bool irq_disabled = flags & PSR_I_BIT;
|
|
|
|
|
2019-06-11 09:38:11 +00:00
|
|
|
WARN_ON(system_has_prio_mask_debugging() &&
|
|
|
|
!(read_sysreg(daif) & PSR_I_BIT));
|
|
|
|
|
2019-01-31 14:58:51 +00:00
|
|
|
if (!irq_disabled) {
|
2017-11-02 12:12:34 +00:00
|
|
|
trace_hardirqs_on();
|
2018-08-28 15:51:14 +00:00
|
|
|
|
2019-01-31 14:58:51 +00:00
|
|
|
if (system_uses_irq_prio_masking()) {
|
2019-06-11 09:38:10 +00:00
|
|
|
gic_write_pmr(GIC_PRIO_IRQON);
|
2019-10-02 09:06:12 +00:00
|
|
|
pmr_sync();
|
2019-06-11 09:38:10 +00:00
|
|
|
}
|
|
|
|
} else if (system_uses_irq_prio_masking()) {
|
|
|
|
u64 pmr;
|
|
|
|
|
|
|
|
if (!(flags & PSR_A_BIT)) {
|
2019-01-31 14:58:51 +00:00
|
|
|
/*
|
2019-06-11 09:38:10 +00:00
|
|
|
* If interrupts are disabled but we can take
|
|
|
|
* asynchronous errors, we can take NMIs
|
2019-01-31 14:58:51 +00:00
|
|
|
*/
|
2019-06-11 09:38:10 +00:00
|
|
|
flags &= ~PSR_I_BIT;
|
|
|
|
pmr = GIC_PRIO_IRQOFF;
|
|
|
|
} else {
|
|
|
|
pmr = GIC_PRIO_IRQON | GIC_PRIO_PSR_I_SET;
|
2019-01-31 14:58:51 +00:00
|
|
|
}
|
2019-06-11 09:38:10 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* There has been concern that the write to daif
|
|
|
|
* might be reordered before this write to PMR.
|
|
|
|
* From the ARM ARM DDI 0487D.a, section D1.7.1
|
|
|
|
* "Accessing PSTATE fields":
|
|
|
|
* Writes to the PSTATE fields have side-effects on
|
|
|
|
* various aspects of the PE operation. All of these
|
|
|
|
* side-effects are guaranteed:
|
|
|
|
* - Not to be visible to earlier instructions in
|
|
|
|
* the execution stream.
|
|
|
|
* - To be visible to later instructions in the
|
|
|
|
* execution stream
|
|
|
|
*
|
|
|
|
* Also, writes to PMR are self-synchronizing, so no
|
|
|
|
* interrupts with a lower priority than PMR is signaled
|
|
|
|
* to the PE after the write.
|
|
|
|
*
|
|
|
|
* So we don't need additional synchronization here.
|
|
|
|
*/
|
|
|
|
gic_write_pmr(pmr);
|
2019-01-31 14:58:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
write_sysreg(flags, daif);
|
2018-08-28 15:51:14 +00:00
|
|
|
|
2019-01-31 14:58:51 +00:00
|
|
|
if (irq_disabled)
|
2017-11-02 12:12:34 +00:00
|
|
|
trace_hardirqs_off();
|
|
|
|
}
|
|
|
|
|
2019-10-25 16:42:12 +00:00
|
|
|
/*
|
|
|
|
* Called by synchronous exception handlers to restore the DAIF bits that were
|
|
|
|
* modified by taking an exception.
|
|
|
|
*/
|
|
|
|
static inline void local_daif_inherit(struct pt_regs *regs)
|
|
|
|
{
|
|
|
|
unsigned long flags = regs->pstate & DAIF_MASK;
|
|
|
|
|
2020-11-30 11:59:48 +00:00
|
|
|
if (interrupts_enabled(regs))
|
|
|
|
trace_hardirqs_on();
|
|
|
|
|
2019-10-25 16:42:12 +00:00
|
|
|
/*
|
|
|
|
* We can't use local_daif_restore(regs->pstate) here as
|
|
|
|
* system_has_prio_mask_debugging() won't restore the I bit if it can
|
|
|
|
* use the pmr instead.
|
|
|
|
*/
|
|
|
|
write_sysreg(flags, daif);
|
|
|
|
}
|
2017-11-02 12:12:34 +00:00
|
|
|
#endif
|