License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 15:07:57 +01:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
2008-10-22 22:26:29 -07:00
|
|
|
#ifndef _ASM_X86_PROCESSOR_H
|
|
|
|
|
#define _ASM_X86_PROCESSOR_H
|
2008-01-30 13:31:03 +01:00
|
|
|
|
2008-01-30 13:31:27 +01:00
|
|
|
#include <asm/processor-flags.h>
|
|
|
|
|
|
2008-01-30 13:31:27 +01:00
|
|
|
/* Forward declaration, a strange C thing */
|
|
|
|
|
struct task_struct;
|
|
|
|
|
struct mm_struct;
|
2019-11-11 23:03:21 +01:00
|
|
|
struct io_bitmap;
|
2015-07-29 01:41:16 -04:00
|
|
|
struct vm86;
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2008-01-30 13:31:57 +01:00
|
|
|
#include <asm/math_emu.h>
|
|
|
|
|
#include <asm/segment.h>
|
|
|
|
|
#include <asm/types.h>
|
2015-09-05 09:32:43 +02:00
|
|
|
#include <uapi/asm/sigcontext.h>
|
2008-01-30 13:31:57 +01:00
|
|
|
#include <asm/current.h>
|
2016-01-26 22:12:04 +01:00
|
|
|
#include <asm/cpufeatures.h>
|
2025-05-08 17:02:31 +02:00
|
|
|
#include <asm/cpuid/api.h>
|
2008-01-30 13:31:57 +01:00
|
|
|
#include <asm/page.h>
|
2009-02-11 10:20:05 -08:00
|
|
|
#include <asm/pgtable_types.h>
|
2008-01-30 13:31:33 +01:00
|
|
|
#include <asm/percpu.h>
|
2008-01-30 13:31:57 +01:00
|
|
|
#include <asm/desc_defs.h>
|
2008-01-30 13:32:38 +01:00
|
|
|
#include <asm/nops.h>
|
2012-03-28 18:11:12 +01:00
|
|
|
#include <asm/special_insns.h>
|
2015-04-22 09:57:24 +02:00
|
|
|
#include <asm/fpu/types.h>
|
2017-07-11 10:33:45 -05:00
|
|
|
#include <asm/unwind_hints.h>
|
x86/vmx: Introduce VMX_FEATURES_*
Add a VMX-specific variant of X86_FEATURE_* flags, which will eventually
supplant the synthetic VMX flags defined in cpufeatures word 8. Use the
Intel-defined layouts for the major VMX execution controls so that their
word entries can be directly populated from their respective MSRs, and
so that the VMX_FEATURE_* flags can be used to define the existing bit
definitions in asm/vmx.h, i.e. force developers to define a VMX_FEATURE
flag when adding support for a new hardware feature.
The majority of Intel's (and compatible CPU's) VMX capabilities are
enumerated via MSRs and not CPUID, i.e. querying /proc/cpuinfo doesn't
naturally provide any insight into the virtualization capabilities of
VMX enabled CPUs. Commit
e38e05a85828d ("x86: extended "flags" to show virtualization HW feature
in /proc/cpuinfo")
attempted to address the issue by synthesizing select VMX features into
a Linux-defined word in cpufeatures.
Lack of reporting of VMX capabilities via /proc/cpuinfo is problematic
because there is no sane way for a user to query the capabilities of
their platform, e.g. when trying to find a platform to test a feature or
debug an issue that has a hardware dependency. Lack of reporting is
especially problematic when the user isn't familiar with VMX, e.g. the
format of the MSRs is non-standard, existence of some MSRs is reported
by bits in other MSRs, several "features" from KVM's point of view are
enumerated as 3+ distinct features by hardware, etc...
The synthetic cpufeatures approach has several flaws:
- The set of synthesized VMX flags has become extremely stale with
respect to the full set of VMX features, e.g. only one new flag
(EPT A/D) has been added in the the decade since the introduction of
the synthetic VMX features. Failure to keep the VMX flags up to
date is likely due to the lack of a mechanism that forces developers
to consider whether or not a new feature is worth reporting.
- The synthetic flags may incorrectly be misinterpreted as affecting
kernel behavior, i.e. KVM, the kernel's sole consumer of VMX,
completely ignores the synthetic flags.
- New CPU vendors that support VMX have duplicated the hideous code
that propagates VMX features from MSRs to cpufeatures. Bringing the
synthetic VMX flags up to date would exacerbate the copy+paste
trainwreck.
Define separate VMX_FEATURE flags to set the stage for enumerating VMX
capabilities outside of the cpu_has() framework, and for adding
functional usage of VMX_FEATURE_* to help ensure the features reported
via /proc/cpuinfo is up to date with respect to kernel recognition of
VMX capabilities.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20191221044513.21680-10-sean.j.christopherson@intel.com
2019-12-20 20:45:03 -08:00
|
|
|
#include <asm/vmxfeatures.h>
|
2020-03-20 14:53:48 +00:00
|
|
|
#include <asm/vdso/processor.h>
|
2023-06-12 17:10:52 -07:00
|
|
|
#include <asm/shstk.h>
|
2008-02-21 04:24:40 +01:00
|
|
|
|
2008-01-30 13:31:57 +01:00
|
|
|
#include <linux/personality.h>
|
2008-01-30 13:31:33 +01:00
|
|
|
#include <linux/cache.h>
|
2008-01-30 13:31:57 +01:00
|
|
|
#include <linux/threads.h>
|
2009-09-02 11:49:52 +02:00
|
|
|
#include <linux/math64.h>
|
2010-03-25 14:51:50 +01:00
|
|
|
#include <linux/err.h>
|
2012-03-28 18:11:12 +01:00
|
|
|
#include <linux/irqflags.h>
|
2017-07-17 16:10:07 -05:00
|
|
|
#include <linux/mem_encrypt.h>
|
2012-03-28 18:11:12 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We handle most unaligned accesses in hardware. On the other hand
|
|
|
|
|
* unaligned DMA can be quite expensive on some Nehalem processors.
|
|
|
|
|
*
|
|
|
|
|
* Based on this we disable the IP header alignment in network drivers.
|
|
|
|
|
*/
|
|
|
|
|
#define NET_IP_ALIGN 0
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2009-06-01 23:43:10 +05:30
|
|
|
#define HBP_NUM 4
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2015-05-24 09:58:12 +02:00
|
|
|
/*
|
|
|
|
|
* These alignment constraints are for performance in the vSMP case,
|
|
|
|
|
* but in the task_struct case we must also meet hardware imposed
|
|
|
|
|
* alignment requirements of the FPU state:
|
|
|
|
|
*/
|
2008-01-30 13:31:31 +01:00
|
|
|
#ifdef CONFIG_X86_VSMP
|
2008-02-21 04:24:40 +01:00
|
|
|
# define ARCH_MIN_TASKALIGN (1 << INTERNODE_CACHE_SHIFT)
|
|
|
|
|
# define ARCH_MIN_MMSTRUCT_ALIGN (1 << INTERNODE_CACHE_SHIFT)
|
2008-01-30 13:31:31 +01:00
|
|
|
#else
|
2015-05-24 09:58:12 +02:00
|
|
|
# define ARCH_MIN_TASKALIGN __alignof__(union fpregs_state)
|
2008-02-21 04:24:40 +01:00
|
|
|
# define ARCH_MIN_MMSTRUCT_ALIGN 0
|
2008-01-30 13:31:31 +01:00
|
|
|
#endif
|
|
|
|
|
|
2025-03-04 09:51:18 +01:00
|
|
|
extern u16 __read_mostly tlb_lli_4k;
|
|
|
|
|
extern u16 __read_mostly tlb_lli_2m;
|
|
|
|
|
extern u16 __read_mostly tlb_lli_4m;
|
|
|
|
|
extern u16 __read_mostly tlb_lld_4k;
|
|
|
|
|
extern u16 __read_mostly tlb_lld_2m;
|
|
|
|
|
extern u16 __read_mostly tlb_lld_4m;
|
|
|
|
|
extern u16 __read_mostly tlb_lld_1g;
|
2012-06-28 09:02:19 +08:00
|
|
|
|
2008-01-30 13:31:33 +01:00
|
|
|
/*
|
2023-08-14 10:18:29 +02:00
|
|
|
* CPU type and hardware bug flags. Kept separately for each CPU.
|
2008-01-30 13:31:33 +01:00
|
|
|
*/
|
|
|
|
|
|
2023-08-14 10:18:29 +02:00
|
|
|
struct cpuinfo_topology {
|
|
|
|
|
// Real APIC ID read from the local APIC
|
|
|
|
|
u32 apicid;
|
|
|
|
|
// The initial APIC ID provided by CPUID
|
|
|
|
|
u32 initial_apicid;
|
2023-08-14 10:18:30 +02:00
|
|
|
|
|
|
|
|
// Physical package ID
|
|
|
|
|
u32 pkg_id;
|
2023-08-14 10:18:31 +02:00
|
|
|
|
|
|
|
|
// Physical die ID on AMD, Relative on Intel
|
|
|
|
|
u32 die_id;
|
2023-08-14 10:18:34 +02:00
|
|
|
|
2023-08-14 10:18:35 +02:00
|
|
|
// Compute unit ID - AMD specific
|
|
|
|
|
u32 cu_id;
|
|
|
|
|
|
2023-08-14 10:18:34 +02:00
|
|
|
// Core ID relative to the package
|
|
|
|
|
u32 core_id;
|
2023-08-14 10:18:37 +02:00
|
|
|
|
|
|
|
|
// Logical ID mappings
|
|
|
|
|
u32 logical_pkg_id;
|
|
|
|
|
u32 logical_die_id;
|
2024-11-15 06:07:58 +00:00
|
|
|
u32 logical_core_id;
|
2023-08-14 10:18:38 +02:00
|
|
|
|
2024-02-13 22:04:10 +01:00
|
|
|
// AMD Node ID and Nodes per Package info
|
|
|
|
|
u32 amd_node_id;
|
|
|
|
|
|
2023-08-14 10:18:38 +02:00
|
|
|
// Cache level topology IDs
|
|
|
|
|
u32 llc_id;
|
|
|
|
|
u32 l2c_id;
|
x86/cpu: Add CPU type to struct cpuinfo_topology
Sometimes it is required to take actions based on if a CPU is a performance or
efficiency core. As an example, intel_pstate driver uses the Intel core-type
to determine CPU scaling. Also, some CPU vulnerabilities only affect
a specific CPU type, like RFDS only affects Intel Atom. Hybrid systems that
have variants P+E, P-only(Core) and E-only(Atom), it is not straightforward to
identify which variant is affected by a type specific vulnerability.
Such processors do have CPUID field that can uniquely identify them. Like,
P+E, P-only and E-only enumerates CPUID.1A.CORE_TYPE identification, while P+E
additionally enumerates CPUID.7.HYBRID. Based on this information, it is
possible for boot CPU to identify if a system has mixed CPU types.
Add a new field hw_cpu_type to struct cpuinfo_topology that stores the
hardware specific CPU type. This saves the overhead of IPIs to get the CPU
type of a different CPU. CPU type is populated early in the boot process,
before vulnerabilities are enumerated.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Co-developed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/r/20241025171459.1093-5-mario.limonciello@amd.com
2024-10-25 12:14:58 -05:00
|
|
|
|
|
|
|
|
// Hardware defined CPU-type
|
|
|
|
|
union {
|
|
|
|
|
u32 cpu_type;
|
|
|
|
|
struct {
|
|
|
|
|
// CPUID.1A.EAX[23-0]
|
|
|
|
|
u32 intel_native_model_id :24;
|
|
|
|
|
// CPUID.1A.EAX[31-24]
|
|
|
|
|
u32 intel_type :8;
|
|
|
|
|
};
|
|
|
|
|
struct {
|
|
|
|
|
// CPUID 0x80000026.EBX
|
|
|
|
|
u32 amd_num_processors :16,
|
|
|
|
|
amd_power_eff_ranking :8,
|
|
|
|
|
amd_native_model_id :4,
|
|
|
|
|
amd_type :4;
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-08-14 10:18:29 +02:00
|
|
|
};
|
|
|
|
|
|
2008-01-30 13:31:33 +01:00
|
|
|
struct cpuinfo_x86 {
|
2024-04-16 14:19:03 -07:00
|
|
|
union {
|
|
|
|
|
/*
|
|
|
|
|
* The particular ordering (low-to-high) of (vendor,
|
|
|
|
|
* family, model) is done in case range of models, like
|
|
|
|
|
* it is usually done on AMD, need to be compared.
|
|
|
|
|
*/
|
|
|
|
|
struct {
|
|
|
|
|
__u8 x86_model;
|
|
|
|
|
/* CPU family */
|
|
|
|
|
__u8 x86;
|
|
|
|
|
/* CPU vendor */
|
|
|
|
|
__u8 x86_vendor;
|
|
|
|
|
__u8 x86_reserved;
|
|
|
|
|
};
|
|
|
|
|
/* combined vendor, family, model */
|
|
|
|
|
__u32 x86_vfm;
|
|
|
|
|
};
|
2018-01-01 09:52:10 +08:00
|
|
|
__u8 x86_stepping;
|
2017-02-12 22:12:08 +01:00
|
|
|
#ifdef CONFIG_X86_64
|
2008-02-21 04:24:40 +01:00
|
|
|
/* Number of 4K pages in DTLB/ITLB combined(in pages): */
|
2009-01-23 17:18:52 -08:00
|
|
|
int x86_tlbsize;
|
2019-12-20 20:45:04 -08:00
|
|
|
#endif
|
|
|
|
|
#ifdef CONFIG_X86_VMX_FEATURE_NAMES
|
|
|
|
|
__u32 vmx_capability[NVMXINTS];
|
2009-03-12 12:37:34 +00:00
|
|
|
#endif
|
2008-02-21 04:24:40 +01:00
|
|
|
__u8 x86_virt_bits;
|
|
|
|
|
__u8 x86_phys_bits;
|
|
|
|
|
/* Max extended CPUID function supported: */
|
|
|
|
|
__u32 extended_cpuid_level;
|
|
|
|
|
/* Maximum supported CPUID level, -1=no CPUID: */
|
|
|
|
|
int cpuid_level;
|
2019-09-16 15:39:58 -07:00
|
|
|
/*
|
|
|
|
|
* Align to size of unsigned long because the x86_capability array
|
|
|
|
|
* is passed to bitops which require the alignment. Use unnamed
|
|
|
|
|
* union to enforce the array is aligned to size of unsigned long.
|
|
|
|
|
*/
|
|
|
|
|
union {
|
|
|
|
|
__u32 x86_capability[NCAPINTS + NBUGINTS];
|
|
|
|
|
unsigned long x86_capability_alignment;
|
|
|
|
|
};
|
2008-02-21 04:24:40 +01:00
|
|
|
char x86_vendor_id[16];
|
|
|
|
|
char x86_model_id[64];
|
2023-08-14 10:18:29 +02:00
|
|
|
struct cpuinfo_topology topo;
|
2008-02-21 04:24:40 +01:00
|
|
|
/* in KB - valid for CPUS which support this call: */
|
2018-02-13 13:22:08 -06:00
|
|
|
unsigned int x86_cache_size;
|
2008-02-21 04:24:40 +01:00
|
|
|
int x86_cache_alignment; /* In bytes */
|
2020-05-05 15:36:17 -07:00
|
|
|
/* Cache QoS architectural values, valid only on the BSP: */
|
2015-01-23 18:45:43 +00:00
|
|
|
int x86_cache_max_rmid; /* max index */
|
|
|
|
|
int x86_cache_occ_scale; /* scale to bytes */
|
2020-05-05 15:36:17 -07:00
|
|
|
int x86_cache_mbm_width_offset;
|
2008-02-21 04:24:40 +01:00
|
|
|
int x86_power;
|
|
|
|
|
unsigned long loops_per_jiffy;
|
2022-01-31 15:01:09 -08:00
|
|
|
/* protected processor identification number */
|
|
|
|
|
u64 ppin;
|
2008-02-21 04:24:40 +01:00
|
|
|
u16 x86_clflush_size;
|
|
|
|
|
/* number of cores as seen by the OS: */
|
|
|
|
|
u16 booted_cores;
|
|
|
|
|
/* Index into per_cpu list: */
|
|
|
|
|
u16 cpu_index;
|
2021-01-08 23:10:52 +11:00
|
|
|
/* Is SMT active on this core? */
|
|
|
|
|
bool smt_active;
|
2011-10-12 17:46:33 -07:00
|
|
|
u32 microcode;
|
2018-08-24 10:03:50 -07:00
|
|
|
/* Address space bits used by the cache internally */
|
|
|
|
|
u8 x86_cache_bits;
|
2017-11-14 07:42:56 -05:00
|
|
|
unsigned initialized : 1;
|
2016-10-28 01:22:25 -07:00
|
|
|
} __randomize_layout;
|
2008-01-30 13:31:33 +01:00
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
#define X86_VENDOR_INTEL 0
|
|
|
|
|
#define X86_VENDOR_CYRIX 1
|
|
|
|
|
#define X86_VENDOR_AMD 2
|
|
|
|
|
#define X86_VENDOR_UMC 3
|
|
|
|
|
#define X86_VENDOR_CENTAUR 5
|
|
|
|
|
#define X86_VENDOR_TRANSMETA 7
|
|
|
|
|
#define X86_VENDOR_NSC 8
|
2018-09-23 17:33:12 +08:00
|
|
|
#define X86_VENDOR_HYGON 9
|
2019-06-18 08:37:05 +00:00
|
|
|
#define X86_VENDOR_ZHAOXIN 10
|
2021-10-17 11:44:10 +02:00
|
|
|
#define X86_VENDOR_VORTEX 11
|
|
|
|
|
#define X86_VENDOR_NUM 12
|
2008-02-21 04:24:40 +01:00
|
|
|
|
|
|
|
|
#define X86_VENDOR_UNKNOWN 0xff
|
2008-01-30 13:31:33 +01:00
|
|
|
|
2008-01-30 13:31:39 +01:00
|
|
|
/*
|
|
|
|
|
* capabilities of CPUs
|
|
|
|
|
*/
|
2008-02-21 04:24:40 +01:00
|
|
|
extern struct cpuinfo_x86 boot_cpu_data;
|
|
|
|
|
extern struct cpuinfo_x86 new_cpu_data;
|
|
|
|
|
|
2017-12-04 15:07:32 +01:00
|
|
|
extern __u32 cpu_caps_cleared[NCAPINTS + NBUGINTS];
|
|
|
|
|
extern __u32 cpu_caps_set[NCAPINTS + NBUGINTS];
|
2008-01-30 13:31:33 +01:00
|
|
|
|
2014-11-04 08:26:42 +00:00
|
|
|
DECLARE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info);
|
2008-01-30 13:31:33 +01:00
|
|
|
#define cpu_data(cpu) per_cpu(cpu_info, cpu)
|
|
|
|
|
|
2008-07-21 22:40:37 +05:30
|
|
|
extern const struct seq_operations cpuinfo_op;
|
|
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
#define cache_line_size() (boot_cpu_data.x86_cache_alignment)
|
|
|
|
|
|
|
|
|
|
extern void cpu_detect(struct cpuinfo_x86 *c);
|
2008-01-30 13:31:39 +01:00
|
|
|
|
2018-08-20 11:58:35 +02:00
|
|
|
static inline unsigned long long l1tf_pfn_limit(void)
|
2018-06-13 15:48:26 -07:00
|
|
|
{
|
2018-08-24 10:03:50 -07:00
|
|
|
return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT);
|
2018-06-13 15:48:26 -07:00
|
|
|
}
|
|
|
|
|
|
2024-10-17 08:29:48 +02:00
|
|
|
void init_cpu_devs(void);
|
|
|
|
|
void get_cpu_vendor(struct cpuinfo_x86 *c);
|
2008-06-21 03:24:19 -07:00
|
|
|
extern void early_cpu_init(void);
|
2025-03-04 09:51:19 +01:00
|
|
|
extern void identify_secondary_cpu(unsigned int cpu);
|
2008-01-30 13:31:33 +01:00
|
|
|
extern void print_cpu_info(struct cpuinfo_x86 *);
|
2012-02-12 09:53:57 -08:00
|
|
|
void print_cpu_msr(struct cpuinfo_x86 *);
|
2008-01-30 13:31:39 +01:00
|
|
|
|
2017-06-12 10:26:14 -07:00
|
|
|
/*
|
|
|
|
|
* Friendlier CR3 helpers.
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned long read_cr3_pa(void)
|
|
|
|
|
{
|
|
|
|
|
return __read_cr3() & CR3_ADDR_MASK;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-17 16:10:08 -05:00
|
|
|
static inline unsigned long native_read_cr3_pa(void)
|
|
|
|
|
{
|
|
|
|
|
return __native_read_cr3() & CR3_ADDR_MASK;
|
|
|
|
|
}
|
|
|
|
|
|
2008-01-30 13:31:27 +01:00
|
|
|
static inline void load_cr3(pgd_t *pgdir)
|
|
|
|
|
{
|
2017-07-17 16:10:07 -05:00
|
|
|
write_cr3(__sme_pa(pgdir));
|
2008-01-30 13:31:27 +01:00
|
|
|
}
|
2008-01-30 13:31:03 +01:00
|
|
|
|
2017-12-04 15:07:17 +01:00
|
|
|
/*
|
|
|
|
|
* Note that while the legacy 'TSS' name comes from 'Task State Segment',
|
|
|
|
|
* on modern x86 CPUs the TSS also holds information important to 64-bit mode,
|
|
|
|
|
* unrelated to the task-switch mechanism:
|
|
|
|
|
*/
|
2008-01-30 13:31:31 +01:00
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
|
/* This is the TSS defined by the hardware. */
|
|
|
|
|
struct x86_hw_tss {
|
2008-02-21 04:24:40 +01:00
|
|
|
unsigned short back_link, __blh;
|
|
|
|
|
unsigned long sp0;
|
|
|
|
|
unsigned short ss0, __ss0h;
|
2015-04-02 12:41:45 -07:00
|
|
|
unsigned long sp1;
|
2015-03-10 11:06:00 -07:00
|
|
|
|
|
|
|
|
/*
|
2015-04-02 12:41:45 -07:00
|
|
|
* We don't use ring 1, so ss1 is a convenient scratch space in
|
|
|
|
|
* the same cacheline as sp0. We use ss1 to cache the value in
|
|
|
|
|
* MSR_IA32_SYSENTER_CS. When we context switch
|
|
|
|
|
* MSR_IA32_SYSENTER_CS, we first check if the new value being
|
|
|
|
|
* written matches ss1, and, if it's not, then we wrmsr the new
|
|
|
|
|
* value and update ss1.
|
2015-03-10 11:06:00 -07:00
|
|
|
*
|
2015-04-02 12:41:45 -07:00
|
|
|
* The only reason we context switch MSR_IA32_SYSENTER_CS is
|
|
|
|
|
* that we set it to zero in vm86 tasks to avoid corrupting the
|
|
|
|
|
* stack if we were to go through the sysenter path from vm86
|
|
|
|
|
* mode.
|
2015-03-10 11:06:00 -07:00
|
|
|
*/
|
|
|
|
|
unsigned short ss1; /* MSR_IA32_SYSENTER_CS */
|
|
|
|
|
|
|
|
|
|
unsigned short __ss1h;
|
2008-02-21 04:24:40 +01:00
|
|
|
unsigned long sp2;
|
|
|
|
|
unsigned short ss2, __ss2h;
|
|
|
|
|
unsigned long __cr3;
|
|
|
|
|
unsigned long ip;
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
unsigned long ax;
|
|
|
|
|
unsigned long cx;
|
|
|
|
|
unsigned long dx;
|
|
|
|
|
unsigned long bx;
|
|
|
|
|
unsigned long sp;
|
|
|
|
|
unsigned long bp;
|
|
|
|
|
unsigned long si;
|
|
|
|
|
unsigned long di;
|
|
|
|
|
unsigned short es, __esh;
|
|
|
|
|
unsigned short cs, __csh;
|
|
|
|
|
unsigned short ss, __ssh;
|
|
|
|
|
unsigned short ds, __dsh;
|
|
|
|
|
unsigned short fs, __fsh;
|
|
|
|
|
unsigned short gs, __gsh;
|
|
|
|
|
unsigned short ldt, __ldth;
|
|
|
|
|
unsigned short trace;
|
|
|
|
|
unsigned short io_bitmap_base;
|
|
|
|
|
|
2008-01-30 13:31:31 +01:00
|
|
|
} __attribute__((packed));
|
|
|
|
|
#else
|
|
|
|
|
struct x86_hw_tss {
|
2008-02-21 04:24:40 +01:00
|
|
|
u32 reserved1;
|
|
|
|
|
u64 sp0;
|
|
|
|
|
u64 sp1;
|
2017-12-04 15:07:21 +01:00
|
|
|
|
2018-09-03 15:59:43 -07:00
|
|
|
/*
|
|
|
|
|
* Since Linux does not use ring 2, the 'sp2' slot is unused by
|
|
|
|
|
* hardware. entry_SYSCALL_64 uses it as scratch space to stash
|
|
|
|
|
* the user RSP value.
|
|
|
|
|
*/
|
2008-02-21 04:24:40 +01:00
|
|
|
u64 sp2;
|
2018-09-03 15:59:43 -07:00
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
u64 reserved2;
|
|
|
|
|
u64 ist[7];
|
|
|
|
|
u32 reserved3;
|
|
|
|
|
u32 reserved4;
|
|
|
|
|
u16 reserved5;
|
|
|
|
|
u16 io_bitmap_base;
|
|
|
|
|
|
2017-02-20 08:56:13 -08:00
|
|
|
} __attribute__((packed));
|
2008-01-30 13:31:31 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
2008-02-21 04:24:40 +01:00
|
|
|
* IO-bitmap sizes:
|
2008-01-30 13:31:31 +01:00
|
|
|
*/
|
2008-02-21 04:24:40 +01:00
|
|
|
#define IO_BITMAP_BITS 65536
|
2019-11-12 18:45:29 +01:00
|
|
|
#define IO_BITMAP_BYTES (IO_BITMAP_BITS / BITS_PER_BYTE)
|
|
|
|
|
#define IO_BITMAP_LONGS (IO_BITMAP_BYTES / sizeof(long))
|
2019-11-11 23:03:20 +01:00
|
|
|
|
2019-11-11 23:03:28 +01:00
|
|
|
#define IO_BITMAP_OFFSET_VALID_MAP \
|
2019-11-12 18:45:29 +01:00
|
|
|
(offsetof(struct tss_struct, io_bitmap.bitmap) - \
|
2019-11-11 23:03:20 +01:00
|
|
|
offsetof(struct tss_struct, x86_tss))
|
|
|
|
|
|
2019-11-11 23:03:28 +01:00
|
|
|
#define IO_BITMAP_OFFSET_VALID_ALL \
|
|
|
|
|
(offsetof(struct tss_struct, io_bitmap.mapall) - \
|
|
|
|
|
offsetof(struct tss_struct, x86_tss))
|
|
|
|
|
|
2019-11-12 21:40:33 +01:00
|
|
|
#ifdef CONFIG_X86_IOPL_IOPERM
|
2019-11-11 23:03:20 +01:00
|
|
|
/*
|
2019-11-11 23:03:28 +01:00
|
|
|
* sizeof(unsigned long) coming from an extra "long" at the end of the
|
|
|
|
|
* iobitmap. The limit is inclusive, i.e. the last valid byte.
|
2019-11-11 23:03:20 +01:00
|
|
|
*/
|
2019-11-12 21:40:33 +01:00
|
|
|
# define __KERNEL_TSS_LIMIT \
|
2019-11-11 23:03:28 +01:00
|
|
|
(IO_BITMAP_OFFSET_VALID_ALL + IO_BITMAP_BYTES + \
|
|
|
|
|
sizeof(unsigned long) - 1)
|
2019-11-12 21:40:33 +01:00
|
|
|
#else
|
|
|
|
|
# define __KERNEL_TSS_LIMIT \
|
|
|
|
|
(offsetof(struct tss_struct, x86_tss) + sizeof(struct x86_hw_tss) - 1)
|
|
|
|
|
#endif
|
2019-11-11 23:03:20 +01:00
|
|
|
|
|
|
|
|
/* Base offset outside of TSS_LIMIT so unpriviledged IO causes #GP */
|
|
|
|
|
#define IO_BITMAP_OFFSET_INVALID (__KERNEL_TSS_LIMIT + 1)
|
2008-01-30 13:31:31 +01:00
|
|
|
|
2017-12-04 17:25:07 -08:00
|
|
|
struct entry_stack {
|
2020-06-17 18:25:57 +02:00
|
|
|
char stack[PAGE_SIZE];
|
2017-12-04 15:07:28 +01:00
|
|
|
};
|
|
|
|
|
|
2017-12-04 17:25:07 -08:00
|
|
|
struct entry_stack_page {
|
|
|
|
|
struct entry_stack stack;
|
2017-12-04 15:07:29 +01:00
|
|
|
} __aligned(PAGE_SIZE);
|
2017-12-04 15:07:19 +01:00
|
|
|
|
2019-11-12 18:45:29 +01:00
|
|
|
/*
|
|
|
|
|
* All IO bitmap related data stored in the TSS:
|
|
|
|
|
*/
|
|
|
|
|
struct x86_io_bitmap {
|
2019-11-11 23:03:22 +01:00
|
|
|
/* The sequence number of the last active bitmap. */
|
|
|
|
|
u64 prev_sequence;
|
|
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
/*
|
2019-11-11 23:03:20 +01:00
|
|
|
* Store the dirty size of the last io bitmap offender. The next
|
|
|
|
|
* one will have to do the cleanup as the switch out to a non io
|
|
|
|
|
* bitmap user will just set x86_tss.io_bitmap_base to a value
|
|
|
|
|
* outside of the TSS limit. So for sane tasks there is no need to
|
|
|
|
|
* actually touch the io_bitmap at all.
|
2008-02-21 04:24:40 +01:00
|
|
|
*/
|
2019-11-12 18:45:29 +01:00
|
|
|
unsigned int prev_max;
|
2008-01-30 13:31:31 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The extra 1 is there because the CPU will access an
|
|
|
|
|
* additional byte beyond the end of the IO permission
|
|
|
|
|
* bitmap. The extra byte must be all 1 bits, and must
|
|
|
|
|
* be within the limit.
|
|
|
|
|
*/
|
2019-11-12 18:45:29 +01:00
|
|
|
unsigned long bitmap[IO_BITMAP_LONGS + 1];
|
2019-11-11 23:03:28 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Special I/O bitmap to emulate IOPL(3). All bytes zero,
|
|
|
|
|
* except the additional byte at the end.
|
|
|
|
|
*/
|
|
|
|
|
unsigned long mapall[IO_BITMAP_LONGS + 1];
|
2019-11-12 18:45:29 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct tss_struct {
|
|
|
|
|
/*
|
|
|
|
|
* The fixed hardware portion. This must not cross a page boundary
|
|
|
|
|
* at risk of violating the SDM's advice and potentially triggering
|
|
|
|
|
* errata.
|
|
|
|
|
*/
|
|
|
|
|
struct x86_hw_tss x86_tss;
|
|
|
|
|
|
|
|
|
|
struct x86_io_bitmap io_bitmap;
|
2017-12-04 15:07:19 +01:00
|
|
|
} __aligned(PAGE_SIZE);
|
2008-02-21 04:24:40 +01:00
|
|
|
|
2017-12-04 15:07:29 +01:00
|
|
|
DECLARE_PER_CPU_PAGE_ALIGNED(struct tss_struct, cpu_tss_rw);
|
2008-01-30 13:31:31 +01:00
|
|
|
|
2019-04-14 18:00:06 +02:00
|
|
|
/* Per CPU interrupt stacks */
|
|
|
|
|
struct irq_stack {
|
|
|
|
|
char stack[IRQ_STACK_SIZE];
|
|
|
|
|
} __aligned(IRQ_STACK_SIZE);
|
|
|
|
|
|
2025-03-03 11:52:42 -05:00
|
|
|
DECLARE_PER_CPU_CACHE_HOT(struct irq_stack *, hardirq_stack_ptr);
|
|
|
|
|
#ifdef CONFIG_X86_64
|
|
|
|
|
DECLARE_PER_CPU_CACHE_HOT(bool, hardirq_stack_inuse);
|
|
|
|
|
#else
|
|
|
|
|
DECLARE_PER_CPU_CACHE_HOT(struct irq_stack *, softirq_stack_ptr);
|
|
|
|
|
#endif
|
|
|
|
|
|
2025-03-03 11:52:43 -05:00
|
|
|
DECLARE_PER_CPU_CACHE_HOT(unsigned long, cpu_current_top_of_stack);
|
|
|
|
|
/* const-qualified alias provided by the linker. */
|
|
|
|
|
DECLARE_PER_CPU_CACHE_HOT(const unsigned long __percpu_seg_override,
|
|
|
|
|
const_cpu_current_top_of_stack);
|
|
|
|
|
|
2008-03-03 14:12:56 -03:00
|
|
|
#ifdef CONFIG_X86_64
|
2018-03-13 18:48:05 +01:00
|
|
|
static inline unsigned long cpu_kernelmode_gs_base(int cpu)
|
|
|
|
|
{
|
2025-01-23 14:07:40 -05:00
|
|
|
#ifdef CONFIG_SMP
|
|
|
|
|
return per_cpu_offset(cpu);
|
|
|
|
|
#else
|
|
|
|
|
return 0;
|
|
|
|
|
#endif
|
2018-03-13 18:48:05 +01:00
|
|
|
}
|
|
|
|
|
|
2023-06-23 14:14:05 +03:00
|
|
|
extern asmlinkage void entry_SYSCALL32_ignore(void);
|
2018-03-13 18:48:04 +01:00
|
|
|
|
|
|
|
|
/* Save actual FS/GS selectors and bases to current->thread */
|
2020-05-28 16:13:52 -04:00
|
|
|
void current_save_fsgs(void);
|
2025-01-23 14:07:39 -05:00
|
|
|
#endif /* X86_64 */
|
2008-01-30 13:31:03 +01:00
|
|
|
|
2009-09-09 19:22:48 +02:00
|
|
|
struct perf_event;
|
|
|
|
|
|
2008-01-30 13:31:31 +01:00
|
|
|
struct thread_struct {
|
2008-02-21 04:24:40 +01:00
|
|
|
/* Cached TLS descriptors: */
|
|
|
|
|
struct desc_struct tls_array[GDT_ENTRY_TLS_ENTRIES];
|
2017-11-02 00:59:16 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
2008-02-21 04:24:40 +01:00
|
|
|
unsigned long sp0;
|
2017-11-02 00:59:16 -07:00
|
|
|
#endif
|
2008-02-21 04:24:40 +01:00
|
|
|
unsigned long sp;
|
2008-01-30 13:31:31 +01:00
|
|
|
#ifdef CONFIG_X86_32
|
2008-02-21 04:24:40 +01:00
|
|
|
unsigned long sysenter_cs;
|
2008-01-30 13:31:31 +01:00
|
|
|
#else
|
2008-02-21 04:24:40 +01:00
|
|
|
unsigned short es;
|
|
|
|
|
unsigned short ds;
|
|
|
|
|
unsigned short fsindex;
|
|
|
|
|
unsigned short gsindex;
|
2008-01-30 13:31:31 +01:00
|
|
|
#endif
|
2016-09-13 14:29:21 -07:00
|
|
|
|
2009-05-04 03:29:52 +04:00
|
|
|
#ifdef CONFIG_X86_64
|
2016-04-26 12:23:29 -07:00
|
|
|
unsigned long fsbase;
|
|
|
|
|
unsigned long gsbase;
|
|
|
|
|
#else
|
|
|
|
|
/*
|
|
|
|
|
* XXX: this could presumably be unsigned short. Alternatively,
|
|
|
|
|
* 32-bit kernels could be taught to use fsindex instead.
|
|
|
|
|
*/
|
|
|
|
|
unsigned long fs;
|
|
|
|
|
unsigned long gs;
|
2009-05-04 03:29:52 +04:00
|
|
|
#endif
|
2015-04-23 12:49:20 +02:00
|
|
|
|
2009-09-09 19:22:48 +02:00
|
|
|
/* Save middle states of ptrace breakpoints */
|
|
|
|
|
struct perf_event *ptrace_bps[HBP_NUM];
|
|
|
|
|
/* Debug status used for traps, single steps, etc... */
|
2020-09-02 15:26:02 +02:00
|
|
|
unsigned long virtual_dr6;
|
2010-02-18 18:24:18 +01:00
|
|
|
/* Keep track of the exact dr7 value set by the user */
|
|
|
|
|
unsigned long ptrace_dr7;
|
2008-02-21 04:24:40 +01:00
|
|
|
/* Fault info: */
|
|
|
|
|
unsigned long cr2;
|
2012-03-12 14:55:55 +05:30
|
|
|
unsigned long trap_nr;
|
2008-02-21 04:24:40 +01:00
|
|
|
unsigned long error_code;
|
2015-07-29 01:41:16 -04:00
|
|
|
#ifdef CONFIG_VM86
|
2008-02-21 04:24:40 +01:00
|
|
|
/* Virtual 86 mode info */
|
2015-07-29 01:41:16 -04:00
|
|
|
struct vm86 *vm86;
|
2008-01-30 13:31:31 +01:00
|
|
|
#endif
|
2008-02-21 04:24:40 +01:00
|
|
|
/* IO permissions: */
|
2019-11-11 23:03:21 +01:00
|
|
|
struct io_bitmap *io_bitmap;
|
2019-11-11 23:03:28 +01:00
|
|
|
|
|
|
|
|
/*
|
2021-03-18 15:28:01 +01:00
|
|
|
* IOPL. Privilege level dependent I/O permission which is
|
2019-11-11 23:03:29 +01:00
|
|
|
* emulated via the I/O bitmap to prevent user space from disabling
|
|
|
|
|
* interrupts.
|
2019-11-11 23:03:28 +01:00
|
|
|
*/
|
|
|
|
|
unsigned long iopl_emul;
|
2015-07-17 12:28:11 +02:00
|
|
|
|
2021-09-17 11:20:04 +02:00
|
|
|
unsigned int iopl_warn:1;
|
2016-07-14 13:22:56 -07:00
|
|
|
|
2021-06-23 14:02:18 +02:00
|
|
|
/*
|
|
|
|
|
* Protection Keys Register for Userspace. Loaded immediately on
|
|
|
|
|
* context switch. Store it in thread_struct to avoid a lookup in
|
|
|
|
|
* the tasks's FPU xstate buffer. This value is only valid when a
|
|
|
|
|
* task is scheduled out. For 'current' the authoritative source of
|
|
|
|
|
* PKRU is the hardware itself.
|
|
|
|
|
*/
|
|
|
|
|
u32 pkru;
|
|
|
|
|
|
2023-06-12 17:10:52 -07:00
|
|
|
#ifdef CONFIG_X86_USER_SHADOW_STACK
|
|
|
|
|
unsigned long features;
|
|
|
|
|
unsigned long features_locked;
|
2023-06-12 17:10:54 -07:00
|
|
|
|
|
|
|
|
struct thread_shstk shstk;
|
2023-06-12 17:10:52 -07:00
|
|
|
#endif
|
2008-01-30 13:31:31 +01:00
|
|
|
};
|
|
|
|
|
|
2025-04-09 23:11:26 +02:00
|
|
|
#ifdef CONFIG_X86_DEBUG_FPU
|
|
|
|
|
extern struct fpu *x86_task_fpu(struct task_struct *task);
|
|
|
|
|
#else
|
|
|
|
|
# define x86_task_fpu(task) ((struct fpu *)((void *)(task) + sizeof(*(task))))
|
|
|
|
|
#endif
|
2021-10-13 16:55:45 +02:00
|
|
|
|
|
|
|
|
extern void fpu_thread_struct_whitelist(unsigned long *offset, unsigned long *size);
|
|
|
|
|
|
2017-08-16 13:26:03 -07:00
|
|
|
static inline void arch_thread_struct_whitelist(unsigned long *offset,
|
|
|
|
|
unsigned long *size)
|
|
|
|
|
{
|
2021-10-13 16:55:45 +02:00
|
|
|
fpu_thread_struct_whitelist(offset, size);
|
2017-08-16 13:26:03 -07:00
|
|
|
}
|
|
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
static inline void
|
2017-11-02 00:59:10 -07:00
|
|
|
native_load_sp0(unsigned long sp0)
|
2008-01-30 13:31:31 +01:00
|
|
|
{
|
2017-12-04 15:07:29 +01:00
|
|
|
this_cpu_write(cpu_tss_rw.x86_tss.sp0, sp0);
|
2008-01-30 13:31:31 +01:00
|
|
|
}
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2020-05-28 16:13:50 -04:00
|
|
|
static __always_inline void native_swapgs(void)
|
2008-01-30 13:32:08 +01:00
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_X86_64
|
|
|
|
|
asm volatile("swapgs" ::: "memory");
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-07 13:37:45 +02:00
|
|
|
static __always_inline unsigned long current_top_of_stack(void)
|
2015-03-05 19:19:02 -08:00
|
|
|
{
|
2017-12-04 15:07:21 +01:00
|
|
|
/*
|
|
|
|
|
* We can't read directly from tss.sp0: sp0 on x86_32 is special in
|
|
|
|
|
* and around vm86 mode and sp0 on x86_64 is special because of the
|
|
|
|
|
* entry trampoline.
|
|
|
|
|
*/
|
x86/percpu: Introduce const-qualified const_pcpu_hot to micro-optimize code generation
Some variables in pcpu_hot, currently current_task and top_of_stack
are actually per-thread variables implemented as per-CPU variables
and thus stable for the duration of the respective task. There is
already an attempt to eliminate redundant reads from these variables
using this_cpu_read_stable() asm macro, which hides the dependency
on the read memory address. However, the compiler has limited ability
to eliminate asm common subexpressions, so this approach results in a
limited success.
The solution is to allow more aggressive elimination by aliasing
pcpu_hot into a const-qualified const_pcpu_hot, and to read stable
per-CPU variables from this constant copy.
The current per-CPU infrastructure does not support reads from
const-qualified variables. However, when the compiler supports segment
qualifiers, it is possible to declare the const-aliased variable in
the relevant named address space. The compiler considers access to the
variable, declared in this way, as a read from a constant location,
and will optimize reads from the variable accordingly.
By implementing constant-qualified const_pcpu_hot, the compiler can
eliminate redundant reads from the constant variables, reducing the
number of loads from current_task from 3766 to 3217 on a test build,
a -14.6% reduction.
The reduction of loads translates to the following code savings:
text data bss dec hex filename
25,477,353 4389456 808452 30675261 1d4113d vmlinux-old.o
25,476,074 4389440 808452 30673966 1d40c2e vmlinux-new.o
representing a code size reduction of -1279 bytes.
[ mingo: Updated the changelog, EXPORT(const_pcpu_hot). ]
Co-developed-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20231020162004.135244-1-ubizjak@gmail.com
2023-10-20 18:19:20 +02:00
|
|
|
if (IS_ENABLED(CONFIG_USE_X86_SEG_SUPPORT))
|
2025-03-03 11:52:43 -05:00
|
|
|
return this_cpu_read_const(const_cpu_current_top_of_stack);
|
x86/percpu: Introduce const-qualified const_pcpu_hot to micro-optimize code generation
Some variables in pcpu_hot, currently current_task and top_of_stack
are actually per-thread variables implemented as per-CPU variables
and thus stable for the duration of the respective task. There is
already an attempt to eliminate redundant reads from these variables
using this_cpu_read_stable() asm macro, which hides the dependency
on the read memory address. However, the compiler has limited ability
to eliminate asm common subexpressions, so this approach results in a
limited success.
The solution is to allow more aggressive elimination by aliasing
pcpu_hot into a const-qualified const_pcpu_hot, and to read stable
per-CPU variables from this constant copy.
The current per-CPU infrastructure does not support reads from
const-qualified variables. However, when the compiler supports segment
qualifiers, it is possible to declare the const-aliased variable in
the relevant named address space. The compiler considers access to the
variable, declared in this way, as a read from a constant location,
and will optimize reads from the variable accordingly.
By implementing constant-qualified const_pcpu_hot, the compiler can
eliminate redundant reads from the constant variables, reducing the
number of loads from current_task from 3766 to 3217 on a test build,
a -14.6% reduction.
The reduction of loads translates to the following code savings:
text data bss dec hex filename
25,477,353 4389456 808452 30675261 1d4113d vmlinux-old.o
25,476,074 4389440 808452 30673966 1d40c2e vmlinux-new.o
representing a code size reduction of -1279 bytes.
[ mingo: Updated the changelog, EXPORT(const_pcpu_hot). ]
Co-developed-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20231020162004.135244-1-ubizjak@gmail.com
2023-10-20 18:19:20 +02:00
|
|
|
|
2025-03-03 11:52:43 -05:00
|
|
|
return this_cpu_read_stable(cpu_current_top_of_stack);
|
2015-03-05 19:19:02 -08:00
|
|
|
}
|
|
|
|
|
|
2022-05-07 13:37:45 +02:00
|
|
|
static __always_inline bool on_thread_stack(void)
|
2017-11-02 00:59:17 -07:00
|
|
|
{
|
|
|
|
|
return (unsigned long)(current_top_of_stack() -
|
|
|
|
|
current_stack_pointer) < THREAD_SIZE;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-28 09:40:23 +02:00
|
|
|
#ifdef CONFIG_PARAVIRT_XXL
|
2008-01-30 13:31:31 +01:00
|
|
|
#include <asm/paravirt.h>
|
|
|
|
|
#else
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2017-11-02 00:59:10 -07:00
|
|
|
static inline void load_sp0(unsigned long sp0)
|
2008-01-30 13:31:31 +01:00
|
|
|
{
|
2017-11-02 00:59:10 -07:00
|
|
|
native_load_sp0(sp0);
|
2008-01-30 13:31:31 +01:00
|
|
|
}
|
|
|
|
|
|
2018-08-28 09:40:23 +02:00
|
|
|
#endif /* CONFIG_PARAVIRT_XXL */
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2021-09-29 15:02:14 -07:00
|
|
|
unsigned long __get_wchan(struct task_struct *p);
|
2008-01-30 13:31:03 +01:00
|
|
|
|
2024-02-28 23:20:32 +01:00
|
|
|
extern void select_idle_routine(void);
|
2016-12-09 19:29:11 +01:00
|
|
|
extern void amd_e400_c1e_apic_setup(void);
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
extern unsigned long boot_option_idle_override;
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2010-11-03 17:06:14 +01:00
|
|
|
enum idle_boot_override {IDLE_NO_OVERRIDE=0, IDLE_HALT, IDLE_NOMWAIT,
|
2013-02-10 01:38:39 -05:00
|
|
|
IDLE_POLL};
|
2010-11-03 17:06:14 +01:00
|
|
|
|
2008-01-30 13:31:39 +01:00
|
|
|
extern void enable_sep_cpu(void);
|
|
|
|
|
|
2010-05-20 21:04:29 -05:00
|
|
|
|
2008-01-30 13:31:39 +01:00
|
|
|
/* Defined in head.S */
|
2008-02-21 04:24:40 +01:00
|
|
|
extern struct desc_ptr early_gdt_descr;
|
2008-01-30 13:31:39 +01:00
|
|
|
|
2022-09-15 13:10:42 +02:00
|
|
|
extern void switch_gdt_and_percpu_base(int);
|
2017-03-14 10:05:08 -07:00
|
|
|
extern void load_direct_gdt(int);
|
2017-03-14 10:05:07 -07:00
|
|
|
extern void load_fixmap_gdt(int);
|
2008-01-30 13:31:39 +01:00
|
|
|
extern void cpu_init(void);
|
2024-07-09 08:40:48 -07:00
|
|
|
extern void cpu_init_exception_handling(bool boot_cpu);
|
|
|
|
|
extern void cpu_init_replace_early_idt(void);
|
2019-07-10 21:42:46 +02:00
|
|
|
extern void cr4_init(void);
|
2008-01-30 13:31:39 +01:00
|
|
|
|
2012-09-03 15:24:17 +02:00
|
|
|
extern void set_task_blockstep(struct task_struct *task, bool on);
|
|
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
/* Boot loader type from the setup header: */
|
|
|
|
|
extern int bootloader_type;
|
2009-05-07 16:54:11 -07:00
|
|
|
extern int bootloader_version;
|
2008-01-30 13:31:39 +01:00
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
extern char ignore_fpu_irq;
|
2008-01-30 13:31:27 +01:00
|
|
|
|
|
|
|
|
#define HAVE_ARCH_PICK_MMAP_LAYOUT 1
|
|
|
|
|
#define ARCH_HAS_PREFETCHW
|
|
|
|
|
|
2008-01-30 13:31:40 +01:00
|
|
|
#ifdef CONFIG_X86_32
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 17:48:18 +01:00
|
|
|
# define BASE_PREFETCH ""
|
2008-02-21 04:24:40 +01:00
|
|
|
# define ARCH_HAS_PREFETCH
|
2008-01-30 13:31:40 +01:00
|
|
|
#else
|
2024-03-19 11:40:12 +01:00
|
|
|
# define BASE_PREFETCH "prefetcht0 %1"
|
2008-01-30 13:31:40 +01:00
|
|
|
#endif
|
|
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
/*
|
|
|
|
|
* Prefetch instructions for Pentium III (+) and AMD Athlon (+)
|
|
|
|
|
*
|
|
|
|
|
* It's not worth to care about 3dnow prefetches for the K6
|
|
|
|
|
* because they are microcoded there and very slow.
|
|
|
|
|
*/
|
2008-01-30 13:31:40 +01:00
|
|
|
static inline void prefetch(const void *x)
|
|
|
|
|
{
|
2024-03-19 11:40:12 +01:00
|
|
|
alternative_input(BASE_PREFETCH, "prefetchnta %1",
|
2008-01-30 13:31:40 +01:00
|
|
|
X86_FEATURE_XMM,
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 17:48:18 +01:00
|
|
|
"m" (*(const char *)x));
|
2008-01-30 13:31:40 +01:00
|
|
|
}
|
|
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
/*
|
|
|
|
|
* 3dnow prefetch to get an exclusive cache line.
|
|
|
|
|
* Useful for spinlocks to avoid one state transition in the
|
|
|
|
|
* cache coherency protocol:
|
|
|
|
|
*/
|
2020-06-03 13:40:22 +02:00
|
|
|
static __always_inline void prefetchw(const void *x)
|
2008-01-30 13:31:40 +01:00
|
|
|
{
|
2024-03-19 11:40:12 +01:00
|
|
|
alternative_input(BASE_PREFETCH, "prefetchw %1",
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 17:48:18 +01:00
|
|
|
X86_FEATURE_3DNOWPREFETCH,
|
|
|
|
|
"m" (*(const char *)x));
|
2008-01-30 13:31:40 +01:00
|
|
|
}
|
|
|
|
|
|
2015-03-10 11:05:59 -07:00
|
|
|
#define TOP_OF_INIT_STACK ((unsigned long)&init_stack + sizeof(init_stack) - \
|
|
|
|
|
TOP_OF_KERNEL_STACK_PADDING)
|
|
|
|
|
|
2017-11-02 00:59:11 -07:00
|
|
|
#define task_top_of_stack(task) ((unsigned long)(task_pt_regs(task) + 1))
|
|
|
|
|
|
2017-11-02 00:59:16 -07:00
|
|
|
#define task_pt_regs(task) \
|
|
|
|
|
({ \
|
|
|
|
|
unsigned long __ptr = (unsigned long)task_stack_page(task); \
|
|
|
|
|
__ptr += THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; \
|
|
|
|
|
((struct pt_regs *)__ptr) - 1; \
|
|
|
|
|
})
|
|
|
|
|
|
2008-01-30 13:31:57 +01:00
|
|
|
#ifdef CONFIG_X86_32
|
2008-02-21 04:24:40 +01:00
|
|
|
#define INIT_THREAD { \
|
2015-03-10 11:05:59 -07:00
|
|
|
.sp0 = TOP_OF_INIT_STACK, \
|
2008-02-21 04:24:40 +01:00
|
|
|
.sysenter_cs = __KERNEL_CS, \
|
2008-01-30 13:31:57 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#else
|
2024-03-21 14:05:06 -04:00
|
|
|
extern unsigned long __top_init_kernel_stack[];
|
2023-03-16 22:21:03 +00:00
|
|
|
|
2024-03-04 00:33:33 -08:00
|
|
|
#define INIT_THREAD { \
|
2024-03-21 14:05:06 -04:00
|
|
|
.sp = (unsigned long)&__top_init_kernel_stack, \
|
2023-03-16 22:21:03 +00:00
|
|
|
}
|
2008-01-30 13:31:57 +01:00
|
|
|
|
|
|
|
|
#endif /* CONFIG_X86_64 */
|
|
|
|
|
|
2008-02-21 05:18:40 +01:00
|
|
|
extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
|
|
|
|
|
unsigned long new_sp);
|
|
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
/*
|
|
|
|
|
* This decides where the kernel will search for a free chunk of vm
|
2008-01-30 13:31:27 +01:00
|
|
|
* space during mmap's.
|
|
|
|
|
*/
|
2017-03-06 17:17:18 +03:00
|
|
|
#define __TASK_UNMAPPED_BASE(task_size) (PAGE_ALIGN(task_size / 3))
|
2017-07-17 01:59:52 +03:00
|
|
|
#define TASK_UNMAPPED_BASE __TASK_UNMAPPED_BASE(TASK_SIZE_LOW)
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2008-02-21 04:24:40 +01:00
|
|
|
#define KSTK_EIP(task) (task_pt_regs(task)->ip)
|
2025-03-03 13:31:11 -05:00
|
|
|
#define KSTK_ESP(task) (task_pt_regs(task)->sp)
|
2008-01-30 13:31:27 +01:00
|
|
|
|
2008-04-14 00:24:18 +02:00
|
|
|
/* Get/set a process' ability to use the timestamp counter instruction */
|
|
|
|
|
#define GET_TSC_CTL(adr) get_tsc_mode((adr))
|
|
|
|
|
#define SET_TSC_CTL(val) set_tsc_mode((val))
|
|
|
|
|
|
|
|
|
|
extern int get_tsc_mode(unsigned long adr);
|
|
|
|
|
extern int set_tsc_mode(unsigned int val);
|
|
|
|
|
|
2017-03-20 01:16:26 -07:00
|
|
|
DECLARE_PER_CPU(u64, msr_misc_features_shadow);
|
|
|
|
|
|
2023-08-14 10:18:40 +02:00
|
|
|
static inline u32 per_cpu_llc_id(unsigned int cpu)
|
2023-08-14 10:18:38 +02:00
|
|
|
{
|
|
|
|
|
return per_cpu(cpu_info.topo.llc_id, cpu);
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-14 10:18:40 +02:00
|
|
|
static inline u32 per_cpu_l2c_id(unsigned int cpu)
|
2023-08-14 10:18:38 +02:00
|
|
|
{
|
|
|
|
|
return per_cpu(cpu_info.topo.l2c_id, cpu);
|
|
|
|
|
}
|
2021-08-17 17:10:46 -05:00
|
|
|
|
2017-06-13 18:28:30 +02:00
|
|
|
#ifdef CONFIG_CPU_SUP_AMD
|
2024-06-13 10:26:37 +02:00
|
|
|
/*
|
|
|
|
|
* Issue a DIV 0/1 insn to clear any division data from previous DIV
|
|
|
|
|
* operations.
|
|
|
|
|
*/
|
|
|
|
|
static __always_inline void amd_clear_divider(void)
|
|
|
|
|
{
|
|
|
|
|
asm volatile(ALTERNATIVE("", "div %2\n\t", X86_BUG_DIV0)
|
|
|
|
|
:: "a" (0), "d" (0), "r" (1));
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-25 14:17:39 +02:00
|
|
|
extern void amd_check_microcode(void);
|
2017-06-13 18:28:30 +02:00
|
|
|
#else
|
2023-08-05 00:06:43 +02:00
|
|
|
static inline void amd_clear_divider(void) { }
|
2023-07-25 14:17:39 +02:00
|
|
|
static inline void amd_check_microcode(void) { }
|
2017-06-13 18:28:30 +02:00
|
|
|
#endif
|
2009-09-16 11:33:40 +02:00
|
|
|
|
2012-03-28 18:11:12 +01:00
|
|
|
extern unsigned long arch_align_stack(unsigned long sp);
|
2018-12-28 00:36:03 -08:00
|
|
|
void free_init_pages(const char *what, unsigned long begin, unsigned long end);
|
2019-10-29 14:13:49 -07:00
|
|
|
extern void free_kernel_image_pages(const char *what, void *begin, void *end);
|
2012-03-28 18:11:12 +01:00
|
|
|
|
|
|
|
|
void default_idle(void);
|
2013-02-09 23:08:07 -05:00
|
|
|
#ifdef CONFIG_XEN
|
|
|
|
|
bool xen_set_default_idle(void);
|
|
|
|
|
#else
|
|
|
|
|
#define xen_set_default_idle 0
|
|
|
|
|
#endif
|
2012-03-28 18:11:12 +01:00
|
|
|
|
2022-03-08 16:30:47 +01:00
|
|
|
void __noreturn stop_this_cpu(void *dummy);
|
2023-01-09 07:35:50 -08:00
|
|
|
void microcode_check(struct cpuinfo_x86 *prev_info);
|
2023-01-09 07:35:51 -08:00
|
|
|
void store_cpu_caps(struct cpuinfo_x86 *info);
|
x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
Introduce the 'l1tf=' kernel command line option to allow for boot-time
switching of mitigation that is used on processors affected by L1TF.
The possible values are:
full
Provides all available mitigations for the L1TF vulnerability. Disables
SMT and enables all mitigations in the hypervisors. SMT control via
/sys/devices/system/cpu/smt/control is still possible after boot.
Hypervisors will issue a warning when the first VM is started in
a potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
full,force
Same as 'full', but disables SMT control. Implies the 'nosmt=force'
command line option. sysfs control of SMT and the hypervisor flush
control is disabled.
flush
Leaves SMT enabled and enables the conditional hypervisor mitigation.
Hypervisors will issue a warning when the first VM is started in a
potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
flush,nosmt
Disables SMT and enables the conditional hypervisor mitigation. SMT
control via /sys/devices/system/cpu/smt/control is still possible
after boot. If SMT is reenabled or flushing disabled at runtime
hypervisors will issue a warning.
flush,nowarn
Same as 'flush', but hypervisors will not warn when
a VM is started in a potentially insecure configuration.
off
Disables hypervisor mitigations and doesn't emit any warnings.
Default is 'flush'.
Let KVM adhere to these semantics, which means:
- 'lt1f=full,force' : Performe L1D flushes. No runtime control
possible.
- 'l1tf=full'
- 'l1tf-flush'
- 'l1tf=flush,nosmt' : Perform L1D flushes and warn on VM start if
SMT has been runtime enabled or L1D flushing
has been run-time enabled
- 'l1tf=flush,nowarn' : Perform L1D flushes and no warnings are emitted.
- 'l1tf=off' : L1D flushes are not performed and no warnings
are emitted.
KVM can always override the L1D flushing behavior using its 'vmentry_l1d_flush'
module parameter except when lt1f=full,force is set.
This makes KVM's private 'nosmt' option redundant, and as it is a bit
non-systematic anyway (this is something to control globally, not on
hypervisor level), remove that option.
Add the missing Documentation entry for the l1tf vulnerability sysfs file
while at it.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20180713142323.202758176@linutronix.de
2018-07-13 16:23:25 +02:00
|
|
|
|
x86/sme: Use percpu boolean to control WBINVD during kexec
TL;DR:
Prepare to unify how TDX and SME do cache flushing during kexec by
making a percpu boolean control whether to do the WBINVD.
-- Background --
On SME platforms, dirty cacheline aliases with and without encryption
bit can coexist, and the CPU can flush them back to memory in random
order. During kexec, the caches must be flushed before jumping to the
new kernel otherwise the dirty cachelines could silently corrupt the
memory used by the new kernel due to different encryption property.
TDX also needs a cache flush during kexec for the same reason. It would
be good to have a generic way to flush the cache instead of scattering
checks for each feature all around.
When SME is enabled, the kernel basically encrypts all memory including
the kernel itself and a simple memory write from the kernel could dirty
cachelines. Currently, the kernel uses WBINVD to flush the cache for
SME during kexec in two places:
1) the one in stop_this_cpu() for all remote CPUs when the kexec-ing CPU
stops them;
2) the one in the relocate_kernel() where the kexec-ing CPU jumps to the
new kernel.
-- Solution --
Unlike SME, TDX can only dirty cachelines when it is used (i.e., when
SEAMCALLs are performed). Since there are no more SEAMCALLs after the
aforementioned WBINVDs, leverage this for TDX.
To unify the approach for SME and TDX, use a percpu boolean to indicate
the cache may be in an incoherent state and needs flushing during kexec,
and set the boolean for SME. TDX can then leverage it.
While SME could use a global flag (since it's enabled at early boot and
enabled on all CPUs), the percpu flag fits TDX better:
The percpu flag can be set when a CPU makes a SEAMCALL, and cleared when
another WBINVD on the CPU obviates the need for a kexec-time WBINVD.
Saving kexec-time WBINVD is valuable, because there is an existing
race[*] where kexec could proceed while another CPU is active. WBINVD
could make this race worse, so it's worth skipping it when possible.
-- Side effect to SME --
Today the first WBINVD in the stop_this_cpu() is performed when SME is
*supported* by the platform, and the second WBINVD is done in
relocate_kernel() when SME is *activated* by the kernel. Make things
simple by changing to do the second WBINVD when the platform supports
SME. This allows the kernel to simply turn on this percpu boolean when
bringing up a CPU by checking whether the platform supports SME.
No other functional change intended.
[*] The aforementioned race:
During kexec native_stop_other_cpus() is called to stop all remote CPUs
before jumping to the new kernel. native_stop_other_cpus() firstly
sends normal REBOOT vector IPIs to stop remote CPUs and waits them to
stop. If that times out, it sends NMI to stop the CPUs that are still
alive. The race happens when native_stop_other_cpus() has to send NMIs
and could potentially result in the system hang (for more information
please see [1]).
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/kvm/b963fcd60abe26c7ec5dc20b42f1a2ebbcc72397.1750934177.git.kai.huang@intel.com/ [1]
Link: https://lore.kernel.org/all/20250901160930.1785244-3-pbonzini%40redhat.com
2025-09-01 18:09:25 +02:00
|
|
|
DECLARE_PER_CPU(bool, cache_state_incoherent);
|
|
|
|
|
|
x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
Introduce the 'l1tf=' kernel command line option to allow for boot-time
switching of mitigation that is used on processors affected by L1TF.
The possible values are:
full
Provides all available mitigations for the L1TF vulnerability. Disables
SMT and enables all mitigations in the hypervisors. SMT control via
/sys/devices/system/cpu/smt/control is still possible after boot.
Hypervisors will issue a warning when the first VM is started in
a potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
full,force
Same as 'full', but disables SMT control. Implies the 'nosmt=force'
command line option. sysfs control of SMT and the hypervisor flush
control is disabled.
flush
Leaves SMT enabled and enables the conditional hypervisor mitigation.
Hypervisors will issue a warning when the first VM is started in a
potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
flush,nosmt
Disables SMT and enables the conditional hypervisor mitigation. SMT
control via /sys/devices/system/cpu/smt/control is still possible
after boot. If SMT is reenabled or flushing disabled at runtime
hypervisors will issue a warning.
flush,nowarn
Same as 'flush', but hypervisors will not warn when
a VM is started in a potentially insecure configuration.
off
Disables hypervisor mitigations and doesn't emit any warnings.
Default is 'flush'.
Let KVM adhere to these semantics, which means:
- 'lt1f=full,force' : Performe L1D flushes. No runtime control
possible.
- 'l1tf=full'
- 'l1tf-flush'
- 'l1tf=flush,nosmt' : Perform L1D flushes and warn on VM start if
SMT has been runtime enabled or L1D flushing
has been run-time enabled
- 'l1tf=flush,nowarn' : Perform L1D flushes and no warnings are emitted.
- 'l1tf=off' : L1D flushes are not performed and no warnings
are emitted.
KVM can always override the L1D flushing behavior using its 'vmentry_l1d_flush'
module parameter except when lt1f=full,force is set.
This makes KVM's private 'nosmt' option redundant, and as it is a bit
non-systematic anyway (this is something to control globally, not on
hypervisor level), remove that option.
Add the missing Documentation entry for the l1tf vulnerability sysfs file
while at it.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20180713142323.202758176@linutronix.de
2018-07-13 16:23:25 +02:00
|
|
|
enum l1tf_mitigations {
|
|
|
|
|
L1TF_MITIGATION_OFF,
|
2025-04-18 11:17:20 -05:00
|
|
|
L1TF_MITIGATION_AUTO,
|
x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
Introduce the 'l1tf=' kernel command line option to allow for boot-time
switching of mitigation that is used on processors affected by L1TF.
The possible values are:
full
Provides all available mitigations for the L1TF vulnerability. Disables
SMT and enables all mitigations in the hypervisors. SMT control via
/sys/devices/system/cpu/smt/control is still possible after boot.
Hypervisors will issue a warning when the first VM is started in
a potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
full,force
Same as 'full', but disables SMT control. Implies the 'nosmt=force'
command line option. sysfs control of SMT and the hypervisor flush
control is disabled.
flush
Leaves SMT enabled and enables the conditional hypervisor mitigation.
Hypervisors will issue a warning when the first VM is started in a
potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
flush,nosmt
Disables SMT and enables the conditional hypervisor mitigation. SMT
control via /sys/devices/system/cpu/smt/control is still possible
after boot. If SMT is reenabled or flushing disabled at runtime
hypervisors will issue a warning.
flush,nowarn
Same as 'flush', but hypervisors will not warn when
a VM is started in a potentially insecure configuration.
off
Disables hypervisor mitigations and doesn't emit any warnings.
Default is 'flush'.
Let KVM adhere to these semantics, which means:
- 'lt1f=full,force' : Performe L1D flushes. No runtime control
possible.
- 'l1tf=full'
- 'l1tf-flush'
- 'l1tf=flush,nosmt' : Perform L1D flushes and warn on VM start if
SMT has been runtime enabled or L1D flushing
has been run-time enabled
- 'l1tf=flush,nowarn' : Perform L1D flushes and no warnings are emitted.
- 'l1tf=off' : L1D flushes are not performed and no warnings
are emitted.
KVM can always override the L1D flushing behavior using its 'vmentry_l1d_flush'
module parameter except when lt1f=full,force is set.
This makes KVM's private 'nosmt' option redundant, and as it is a bit
non-systematic anyway (this is something to control globally, not on
hypervisor level), remove that option.
Add the missing Documentation entry for the l1tf vulnerability sysfs file
while at it.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20180713142323.202758176@linutronix.de
2018-07-13 16:23:25 +02:00
|
|
|
L1TF_MITIGATION_FLUSH_NOWARN,
|
|
|
|
|
L1TF_MITIGATION_FLUSH,
|
|
|
|
|
L1TF_MITIGATION_FLUSH_NOSMT,
|
|
|
|
|
L1TF_MITIGATION_FULL,
|
|
|
|
|
L1TF_MITIGATION_FULL_FORCE
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern enum l1tf_mitigations l1tf_mitigation;
|
|
|
|
|
|
2019-02-18 22:04:08 +01:00
|
|
|
enum mds_mitigations {
|
|
|
|
|
MDS_MITIGATION_OFF,
|
2025-01-08 14:24:43 -06:00
|
|
|
MDS_MITIGATION_AUTO,
|
2019-02-18 22:04:08 +01:00
|
|
|
MDS_MITIGATION_FULL,
|
2019-02-20 09:40:40 +01:00
|
|
|
MDS_MITIGATION_VMWERV,
|
2019-02-18 22:04:08 +01:00
|
|
|
};
|
|
|
|
|
|
2023-08-09 15:05:00 +02:00
|
|
|
extern bool gds_ucode_mitigated(void);
|
|
|
|
|
|
x86/barrier: Do not serialize MSR accesses on AMD
AMD does not have the requirement for a synchronization barrier when
acccessing a certain group of MSRs. Do not incur that unnecessary
penalty there.
There will be a CPUID bit which explicitly states that a MFENCE is not
needed. Once that bit is added to the APM, this will be extended with
it.
While at it, move to processor.h to avoid include hell. Untangling that
file properly is a matter for another day.
Some notes on the performance aspect of why this is relevant, courtesy
of Kishon VijayAbraham <Kishon.VijayAbraham@amd.com>:
On a AMD Zen4 system with 96 cores, a modified ipi-bench[1] on a VM
shows x2AVIC IPI rate is 3% to 4% lower than AVIC IPI rate. The
ipi-bench is modified so that the IPIs are sent between two vCPUs in the
same CCX. This also requires to pin the vCPU to a physical core to
prevent any latencies. This simulates the use case of pinning vCPUs to
the thread of a single CCX to avoid interrupt IPI latency.
In order to avoid run-to-run variance (for both x2AVIC and AVIC), the
below configurations are done:
1) Disable Power States in BIOS (to prevent the system from going to
lower power state)
2) Run the system at fixed frequency 2500MHz (to prevent the system
from increasing the frequency when the load is more)
With the above configuration:
*) Performance measured using ipi-bench for AVIC:
Average Latency: 1124.98ns [Time to send IPI from one vCPU to another vCPU]
Cumulative throughput: 42.6759M/s [Total number of IPIs sent in a second from
48 vCPUs simultaneously]
*) Performance measured using ipi-bench for x2AVIC:
Average Latency: 1172.42ns [Time to send IPI from one vCPU to another vCPU]
Cumulative throughput: 40.9432M/s [Total number of IPIs sent in a second from
48 vCPUs simultaneously]
From above, x2AVIC latency is ~4% more than AVIC. However, the expectation is
x2AVIC performance to be better or equivalent to AVIC. Upon analyzing
the perf captures, it is observed significant time is spent in
weak_wrmsr_fence() invoked by x2apic_send_IPI().
With the fix to skip weak_wrmsr_fence()
*) Performance measured using ipi-bench for x2AVIC:
Average Latency: 1117.44ns [Time to send IPI from one vCPU to another vCPU]
Cumulative throughput: 42.9608M/s [Total number of IPIs sent in a second from
48 vCPUs simultaneously]
Comparing the performance of x2AVIC with and without the fix, it can be seen
the performance improves by ~4%.
Performance captured using an unmodified ipi-bench using the 'mesh-ipi' option
with and without weak_wrmsr_fence() on a Zen4 system also showed significant
performance improvement without weak_wrmsr_fence(). The 'mesh-ipi' option ignores
CCX or CCD and just picks random vCPU.
Average throughput (10 iterations) with weak_wrmsr_fence(),
Cumulative throughput: 4933374 IPI/s
Average throughput (10 iterations) without weak_wrmsr_fence(),
Cumulative throughput: 6355156 IPI/s
[1] https://github.com/bytedance/kvm-utils/tree/master/microbenchmark/ipi-bench
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230622095212.20940-1-bp@alien8.de
2023-10-27 14:24:16 +02:00
|
|
|
/*
|
|
|
|
|
* Make previous memory operations globally visible before
|
|
|
|
|
* a WRMSR.
|
|
|
|
|
*
|
|
|
|
|
* MFENCE makes writes visible, but only affects load/store
|
|
|
|
|
* instructions. WRMSR is unfortunately not a load/store
|
|
|
|
|
* instruction and is unaffected by MFENCE. The LFENCE ensures
|
|
|
|
|
* that the WRMSR is not reordered.
|
|
|
|
|
*
|
|
|
|
|
* Most WRMSRs are full serializing instructions themselves and
|
|
|
|
|
* do not require this barrier. This is only required for the
|
|
|
|
|
* IA32_TSC_DEADLINE and X2APIC MSRs.
|
|
|
|
|
*/
|
|
|
|
|
static inline void weak_wrmsr_fence(void)
|
|
|
|
|
{
|
|
|
|
|
alternative("mfence; lfence", "", ALT_NOT(X86_FEATURE_APIC_MSRS_FENCE));
|
|
|
|
|
}
|
|
|
|
|
|
2008-10-22 22:26:29 -07:00
|
|
|
#endif /* _ASM_X86_PROCESSOR_H */
|