From patchwork Mon Mar 19 11:19:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 10292165
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	1999860349 for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 19 Mar 2018 11:23:12 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 067A22832B
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 19 Mar 2018 11:23:12 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id EF3B928ADF; Mon, 19 Mar 2018 11:23:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 78ABD2832B
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 19 Mar 2018 11:23:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=xzr+R2hhtOkxSUm4BizYWHsr4IoBmkwIaioxJ1wtDLc=;
	b=N8ZwllZkhRTGW6BO8YagmYsvyG
	upfttI67MOlw2QKMxSne0oJPFovjW2FcxrSaugx/Fgmgm0e29kQFkgIJvUVIglvMwcg3tquDbp9+W
	1NrV1y01NrfsCNuDmAA+dfCokVFCfdIAsEHR2gCvGj/xIDNT5xXXhUBte1uoTg9+SzEHJUI21lufl
	EX+pevs11XUmEKqyvhL/vyvB19EUePFqjZejgJ+U2gxS5I0gTfEW3i9iPlkLtBk8N4bu180btan7k
	5PW+RjPrtr/wbTt9xs58KYecYG+cUripa3QtYDU91SL4GCpIFQEGdvKL70eVmNSG3+ABJz5tIPb5L
	BDy1+GSw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1exssZ-0001iv-Ba; Mon, 19 Mar 2018 11:23:03 +0000
Received: from mail-pl0-x241.google.com ([2607:f8b0:400e:c01::241])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1exspz-00009s-BF
	for linux-arm-kernel@lists.infradead.org;
	Mon, 19 Mar 2018 11:20:34 +0000
Received: by mail-pl0-x241.google.com with SMTP id w12-v6so10010025plp.4
	for <linux-arm-kernel@lists.infradead.org>;
	Mon, 19 Mar 2018 04:20:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=z1n9yiI8e4SshbajkIHRuiePgAtZkk3Bf5opSXSSjt4=;
	b=L8/ht8ZbLnEJAA6TOcWzDFkRntOkM03MuX+MGnNLaLZ/mPRqAffEwsBAmriFi2OsnT
	wazVTBLoZlXw/HhX/HJqf0oM4f7FOj2rNjdBjYNtzWomtWeQJlLvxQaudsLKVvWog0VZ
	ODqiRobCBocSPoYoPl1kokhh5816PpZYmj7C4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=z1n9yiI8e4SshbajkIHRuiePgAtZkk3Bf5opSXSSjt4=;
	b=GPOd00zrMPPDkpWYOmXZySAsWeEn5nA8YgDGF7NkFc8GRmIZufrUoeOpnwGwf/kj6b
	NEII2KFyQrKsaiqv++QXkTcjBKztPrn0YLAqa4ct3VyIY0GV47sPVNXaawbTXIKkJRjH
	vN/LVcEFV5elsd1m9Qwo+yfX7u4llSg5UOf760gDK2HqEyeIMegJpPH4SFXYJ8Y2/j7f
	UKxK7hAb1eu0v9GR0GN1X6/nl2SyKocz6pFxF1V9kd/cqfbYvRI4CzA9OAr5P+9z4PZV
	aV1YgNgkMhP7HWUqsSDMTGeQi7bqOK5V4/iAmAKDSPhYCR7xBD72xy/f2TkbT+NNxD4P
	5XGg==
X-Gm-Message-State: AElRT7FIFsEGVyxiLKLr80Is6OFdFc5v4gq9aPrB8ggBQE91oLxCRclM
	5xrVmrFa1wQuOL4eqW/TBiZwXQjyrGQ=
X-Google-Smtp-Source: 
 AG47ELvVPG9znMlSXW1PZV96RtLqzBlS2GwCtTLdXhRYmRXq9CpEFVxv8194MjuLk1oXFlxkuLp+fw==
X-Received: by 2002:a17:902:bd05:: with SMTP id
	p5-v6mr12062456pls.137.1521458415719;
	Mon, 19 Mar 2018 04:20:15 -0700 (PDT)
Received: from localhost.localdomain ([218.255.99.6])
	by smtp.gmail.com with ESMTPSA id
	g67sm23172968pgc.60.2018.03.19.04.20.13
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 19 Mar 2018 04:20:15 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH 4/6] arm64/mm: stop using __pa_symbol() for
	swapper_pg_dir
Date: Mon, 19 Mar 2018 19:19:56 +0800
Message-Id: <20180319111958.4171-5-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180319111958.4171-1-ard.biesheuvel@linaro.org>
References: <20180319111958.4171-1-ard.biesheuvel@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180319_042023_840498_69300255 
X-CRM114-Status: GOOD (  14.85  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: mark.rutland@arm.com, catalin.marinas@arm.com,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>, will.deacon@arm.com,
	marc.zyngier@arm.com
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

We want to decouple the physical backing of swapper_pg_dir from the
kernel itself, so that leaking the former (which is unavoidable on
cores susceptible to Spectre/Meltdown variant 3a) does not leak the
latter.

This means __pa_symbol() will no longer work, so make preparations
for dropping it, by keeping the physical address of swapper_pg_dir
in a variable.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/include/asm/pgtable.h | 2 ++
 arch/arm64/kernel/cpufeature.c   | 2 +-
 arch/arm64/kernel/hibernate.c    | 2 +-
 arch/arm64/mm/kasan_init.c       | 2 +-
 arch/arm64/mm/mmu.c              | 6 +++++-
 5 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index 7e2c27e63cd8..ce5e51554468 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -723,6 +723,8 @@ extern pgd_t swapper_pg_end[];
 extern pgd_t idmap_pg_dir[PTRS_PER_PGD];
 extern pgd_t tramp_pg_dir[PTRS_PER_PGD];
 
+extern phys_addr_t __pa_swapper_pg_dir;
+
 /*
  * Encode and decode a swap entry:
  *	bits 0-1:	present (must be zero)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 2985a067fc13..4792cd8bad07 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -909,7 +909,7 @@ static int kpti_install_ng_mappings(void *__unused)
 	remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
 
 	cpu_install_idmap();
-	remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir));
+	remap_fn(cpu, num_online_cpus(), __pa_swapper_pg_dir);
 	cpu_uninstall_idmap();
 
 	if (!cpu)
diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c
index 1ec5f28c39fc..5797c9b141dc 100644
--- a/arch/arm64/kernel/hibernate.c
+++ b/arch/arm64/kernel/hibernate.c
@@ -125,7 +125,7 @@ int arch_hibernation_header_save(void *addr, unsigned int max_size)
 		return -EOVERFLOW;
 
 	arch_hdr_invariants(&hdr->invariants);
-	hdr->ttbr1_el1		= __pa_symbol(swapper_pg_dir);
+	hdr->ttbr1_el1		= __pa_swapper_pg_dir;
 	hdr->reenter_kernel	= _cpu_resume;
 
 	/* We can't use __hyp_get_vectors() because kvm may still be loaded */
diff --git a/arch/arm64/mm/kasan_init.c b/arch/arm64/mm/kasan_init.c
index 1f17642811b3..b01c7bb133a6 100644
--- a/arch/arm64/mm/kasan_init.c
+++ b/arch/arm64/mm/kasan_init.c
@@ -236,7 +236,7 @@ void __init kasan_init(void)
 			pfn_pte(sym_to_pfn(kasan_zero_page), PAGE_KERNEL_RO));
 
 	memset(kasan_zero_page, 0, PAGE_SIZE);
-	cpu_replace_ttbr1(__pa_symbol(swapper_pg_dir));
+	cpu_replace_ttbr1(__pa_swapper_pg_dir);
 
 	/* At this point kasan is fully initialized. Enable error messages */
 	init_task.kasan_depth = 0;
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 365fedf22fcd..af6fe001df0c 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -55,6 +55,8 @@ u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
 u64 kimage_voffset __ro_after_init;
 EXPORT_SYMBOL(kimage_voffset);
 
+phys_addr_t __pa_swapper_pg_dir;
+
 /*
  * Empty_zero_page is a special page that is used for zero-initialized data
  * and COW.
@@ -639,6 +641,8 @@ void __init paging_init(void)
 	phys_addr_t pgd_phys = early_pgtable_alloc();
 	pgd_t *pgdp = pgd_set_fixmap(pgd_phys);
 
+	__pa_swapper_pg_dir = __pa_symbol(swapper_pg_dir);
+
 	map_kernel(pgdp);
 	map_mem(pgdp);
 
@@ -652,7 +656,7 @@ void __init paging_init(void)
 	 */
 	cpu_replace_ttbr1(pgd_phys);
 	memcpy(swapper_pg_dir, pgdp, PGD_SIZE);
-	cpu_replace_ttbr1(__pa_symbol(swapper_pg_dir));
+	cpu_replace_ttbr1(__pa_swapper_pg_dir);
 
 	pgd_clear_fixmap();
 	memblock_free(pgd_phys, PAGE_SIZE);