From patchwork Mon Mar 19 11:19:58 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 10292161
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5618460349 for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 19 Mar 2018 11:22:10 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42C5728F75
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 19 Mar 2018 11:22:10 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3765C2920D; Mon, 19 Mar 2018 11:22:10 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9A1832920A
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 19 Mar 2018 11:22:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=GX4N1cpvrKQYch088WGLsckBB2l15mqYtI25x1RonFI=;
	b=Dd/+uLmg4Na4odJSykCbLprppc
	mI/baBGP6mRh7G598iNS0KDJKTWET4NSElcyh6vBDtHzwQsP3dfL+yYcytEVF2sp6l8xhaCiUf77E
	Nz7oONsqwEcJOZ26fJ/moX29T1knIaKZUlSANZXWccWc7ZmV+lB3ZUoz8XUBC5Gpe9QvKZCeGkRzD
	8rWcNBhTNxUdkq3vWi+EzUTckgZERNHNXxYJ59blTxcjWI21Uf6uP2E8XyuO3Os35qNrbzgpdjfEy
	C1U3QMXRyyZ5c8mF5W62mpPopZxLnbK+SxqGt5fnmF4Uj1ku1IyEatVcm/tyPoQAXWtWH3KTFNTW5
	KQZ/8Ntg==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1exsrc-00016j-57; Mon, 19 Mar 2018 11:22:04 +0000
Received: from mail-pl0-x241.google.com ([2607:f8b0:400e:c01::241])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1exspz-0000Aa-9B
	for linux-arm-kernel@lists.infradead.org;
	Mon, 19 Mar 2018 11:20:31 +0000
Received: by mail-pl0-x241.google.com with SMTP id 9-v6so10007009ple.11
	for <linux-arm-kernel@lists.infradead.org>;
	Mon, 19 Mar 2018 04:20:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=VsNgLxPvE/PSWj4I5IuqzyD+JS07tqEsy4oSMmminS4=;
	b=Io3sU3qOLiXiRZPBrj8qeFuOJ6iN13Q2engTXtWGOroXTNxrW+AyoN5lKrMG1FsQxn
	ByZ+eGb1Rn6CJnMEf4mhUerw1sbwNLxXiGiEE/i5lI4WePCL+ksYBOyRbNm5oUWDqnW1
	qNgDMCtL9AQcOeiVslY5oam+XdaFB7ZpPVPGc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=VsNgLxPvE/PSWj4I5IuqzyD+JS07tqEsy4oSMmminS4=;
	b=JzS4qs16nwQlXWxro5R6k5wP7/xhn2KtsvBu7znJjGft0NUXxwxB5NTfXU3VOBWnZs
	nkSc3Bpu7H/ewLyboZBOoH5w8wYxRUOgQpIap+EY6n8OLeFi89i1t/2DH/mpmyLT0NQD
	sv5HYqdcs5/QO1yubXmoy2xJKOXZOGvB4QzumNpCksn/7N6EjqfHxxmvE5YuzlyvqUti
	uvMghIId7XkkFg7Jd07lgbhVj9K7ezP/ER5EHp/GCcH/yqTsXr3HIxU7sHqKYFSiSYmz
	RdXWCorT2z1pMRB2YmCW1c3masdiJZjGJ1lmb5e1ZhTi6qRLoHQ+W1eygKo/KMtxFcM7
	nxxA==
X-Gm-Message-State: AElRT7G5BnZxx1sARnx8dwTaqua+prhGa1l+NBRqIGjIW9DarZLCBwYm
	JMQZnsqO6NwcxSBrcPRxnebGI5YJcpo=
X-Google-Smtp-Source: 
 AG47ELtc7w18PkJFVfoY1ds1hvX64Po1s2DfEjBrhcbrG/tRlc+TUTj9HTDzolyP6e5lnO63LGfxGw==
X-Received: by 2002:a17:902:20e6:: with SMTP id
	v35-v6mr12090954plg.226.1521458419632;
	Mon, 19 Mar 2018 04:20:19 -0700 (PDT)
Received: from localhost.localdomain ([218.255.99.6])
	by smtp.gmail.com with ESMTPSA id
	g67sm23172968pgc.60.2018.03.19.04.20.17
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 19 Mar 2018 04:20:19 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH 6/6] arm64/mm: use independent physical allocation for
	pgdir segment
Date: Mon, 19 Mar 2018 19:19:58 +0800
Message-Id: <20180319111958.4171-7-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180319111958.4171-1-ard.biesheuvel@linaro.org>
References: <20180319111958.4171-1-ard.biesheuvel@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180319_042023_818174_7E86B1CA 
X-CRM114-Status: GOOD (  17.85  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: mark.rutland@arm.com, catalin.marinas@arm.com,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>, will.deacon@arm.com,
	marc.zyngier@arm.com
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

In order to avoid leaking the physical placement of the kernel via
the value off TTBR1_EL1 on platforms that are affected by variant 3a,
replace the statically allocated page table region with a dynamically
allocated buffer whose placement in the physical address space does
not correlate with the placement of the kernel itself.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/mm/mmu.c | 41 ++++++++------------
 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 55c84d63244d..6c16e71c26e2 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -572,7 +572,7 @@ core_initcall(map_entry_trampoline);
 /*
  * Create fine-grained mappings for the kernel.
  */
-static void __init map_kernel(pgd_t *pgdp)
+static void __init map_kernel(pgd_t *pgdp, phys_addr_t pgdir_phys)
 {
 	static struct vm_struct vmlinux_text, vmlinux_rodata, vmlinux_inittext,
 				vmlinux_initdata, vmlinux_data, vmlinux_pgdir;
@@ -603,8 +603,7 @@ static void __init map_kernel(pgd_t *pgdp)
 			   __pa_symbol(_data), PAGE_KERNEL,
 			   &vmlinux_data, 0, VM_NO_GUARD);
 	map_kernel_segment(pgdp, __pgdir_segment_start, __pgdir_segment_end,
-			   __pa_symbol(__pgdir_segment_start), PAGE_KERNEL,
-			   &vmlinux_pgdir, 0, 0);
+			   pgdir_phys, PAGE_KERNEL, &vmlinux_pgdir, 0, 0);
 
 	if (!READ_ONCE(pgd_val(*pgd_offset_raw(pgdp, FIXADDR_START)))) {
 		/*
@@ -639,36 +638,28 @@ static void __init map_kernel(pgd_t *pgdp)
  */
 void __init paging_init(void)
 {
-	phys_addr_t pgd_phys = early_pgtable_alloc();
-	pgd_t *pgdp = pgd_set_fixmap(pgd_phys);
+	int pgdir_segment_size = __pgdir_segment_end - __pgdir_segment_start;
+	phys_addr_t pgdir_phys = memblock_alloc(pgdir_segment_size, PAGE_SIZE);
+	phys_addr_t p;
+	pgd_t *pgdp;
+
+	for (p = 0; p < pgdir_segment_size; p += PAGE_SIZE)
+		clear_page_phys(p);
 
-	__pa_swapper_pg_dir = __pa_symbol(swapper_pg_dir);
+	__pa_swapper_pg_dir = pgdir_phys + (u64)swapper_pg_dir -
+			      (u64)__pgdir_segment_start;
 
-	map_kernel(pgdp);
+	pgdp = pgd_set_fixmap(__pa_swapper_pg_dir);
+
+	map_kernel(pgdp, pgdir_phys);
 	map_mem(pgdp);
 
-	/*
-	 * We want to reuse the original swapper_pg_dir so we don't have to
-	 * communicate the new address to non-coherent secondaries in
-	 * secondary_entry, and so cpu_switch_mm can generate the address with
-	 * adrp+add rather than a load from some global variable.
-	 *
-	 * To do this we need to go via a temporary pgd.
-	 */
-	cpu_replace_ttbr1(pgd_phys);
-	memcpy(swapper_pg_dir, pgdp, PGD_SIZE);
 	cpu_replace_ttbr1(__pa_swapper_pg_dir);
 
 	pgd_clear_fixmap();
-	memblock_free(pgd_phys, PAGE_SIZE);
 
-	/*
-	 * We only reuse the PGD from the swapper_pg_dir, not the pud + pmd
-	 * allocated with it.
-	 */
-	memblock_free(__pa_symbol(swapper_pg_dir) + PAGE_SIZE,
-		      __pa_symbol(swapper_pg_end) - __pa_symbol(swapper_pg_dir)
-		      - PAGE_SIZE);
+	/* the statically allocated pgdir is no longer used after this point */
+	memblock_free(__pa_symbol(__pgdir_segment_start), pgdir_segment_size);
 }
 
 /*