• Linus Walleij's avatar
    ARM: 9358/2: Implement PAN for LPAE by TTBR0 page table walks disablement · 7af5b901
    Linus Walleij authored
    With LPAE enabled, privileged no-access cannot be enforced using CPU
    domains as such feature is not available. This patch implements PAN
    by disabling TTBR0 page table walks while in kernel mode.
    
    The ARM architecture allows page table walks to be split between TTBR0
    and TTBR1. With LPAE enabled, the split is defined by a combination of
    TTBCR T0SZ and T1SZ bits. Currently, an LPAE-enabled kernel uses TTBR0
    for user addresses and TTBR1 for kernel addresses with the VMSPLIT_2G
    and VMSPLIT_3G configurations. The main advantage for the 3:1 split is
    that TTBR1 is reduced to 2 levels, so potentially faster TLB refill
    (though usually the first level entries are already cached in the TLB).
    
    The PAN support on LPAE-enabled kernels uses TTBR0 when running in user
    space or in kernel space during user access routines (TTBCR T0SZ and
    T1SZ are both 0). When running user accesses are disabled in kernel
    mode, TTBR0 page table walks are disabled by setting TTBCR.EPD0. TTBR1
    is used for kernel accesses (including loadable modules; anything
    covered by swapper_pg_dir) by reducing the TTBCR.T0SZ to the minimum
    (2^(32-7) = 32MB). To avoid user accesses potentially hitting stale TLB
    entries, the ASID is switched to 0 (reserved) by setting TTBCR.A1 and
    using the ASID value in TTBR1. The difference from a non-PAN kernel is
    that with the 3:1 memory split, TTBR1 always uses 3 levels of page
    tables.
    
    As part of the change we are using preprocessor elif definied() clauses
    so balance these clauses by converting relevant precedingt ifdef
    clauses to if defined() clauses.
    Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    Reviewed-by: default avatarKees Cook <keescook@chromium.org>
    Tested-by: default avatarFlorian Fainelli <florian.fainelli@broadcom.com>
    Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
    Signed-off-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
    7af5b901
uaccess.h 17 KB