• Mark Rutland's avatar
    arm64: Avoid cpus_have_const_cap() for ARM64_HAS_BTI · bbbb6577
    Mark Rutland authored
    In system_supports_bti() we use cpus_have_const_cap() to check for
    ARM64_HAS_BTI, but this is not necessary and alternative_has_cap_*() or
    cpus_have_final_*cap() would be preferable.
    
    For historical reasons, cpus_have_const_cap() is more complicated than
    it needs to be. Before cpucaps are finalized, it will perform a bitmap
    test of the system_cpucaps bitmap, and once cpucaps are finalized it
    will use an alternative branch. This used to be necessary to handle some
    race conditions in the window between cpucap detection and the
    subsequent patching of alternatives and static branches, where different
    branches could be out-of-sync with one another (or w.r.t. alternative
    sequences). Now that we use alternative branches instead of static
    branches, these are all patched atomically w.r.t. one another, and there
    are only a handful of cases that need special care in the window between
    cpucap detection and alternative patching.
    
    Due to the above, it would be nice to remove cpus_have_const_cap(), and
    migrate callers over to alternative_has_cap_*(), cpus_have_final_cap(),
    or cpus_have_cap() depending on when their requirements. This will
    remove redundant instructions and improve code generation, and will make
    it easier to determine how each callsite will behave before, during, and
    after alternative patching.
    
    When CONFIG_ARM64_BTI_KERNEL=y, the ARM64_HAS_BTI cpucap is a strict
    boot cpu feature which is detected and patched early on the boot cpu.
    All uses guarded by CONFIG_ARM64_BTI_KERNEL happen after the boot CPU
    has detected ARM64_HAS_BTI and patched boot alternatives, and hence can
    safely use alternative_has_cap_*() or cpus_have_final_boot_cap().
    
    Regardless of CONFIG_ARM64_BTI_KERNEL, all other uses of ARM64_HAS_BTI
    happen after system capabilities have been finalized and alternatives
    have been patched. Hence these can safely use alternative_has_cap_*) or
    cpus_have_final_cap().
    
    This patch splits system_supports_bti() into system_supports_bti() and
    system_supports_bti_kernel(), with the former handling where the cpucap
    affects userspace functionality, and ther latter handling where the
    cpucap affects kernel functionality. The use of cpus_have_const_cap() is
    replaced by cpus_have_final_cap() in cpus_have_const_cap, and
    cpus_have_final_boot_cap() in system_supports_bti_kernel(). This will
    avoid generating code to test the system_cpucaps bitmap and should be
    better for all subsequent calls at runtime. The use of
    cpus_have_final_cap() and cpus_have_final_boot_cap() will make it easier
    to spot if code is chaanged such that these run before the ARM64_HAS_BTI
    cpucap is guaranteed to have been finalized.
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    Reviewed-by: default avatarMark Brown <broonie@kernel.org>
    Cc: Ard Biesheuvel <ardb@kernel.org>
    Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
    Cc: Will Deacon <will@kernel.org>
    Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    bbbb6577
efi.c 6.04 KB