ARM: 9358/2: Implement PAN for LPAE by TTBR0 page table walks disablement

	  consumed by page tables.  Setting this option will allow

	  user-space 2nd level page tables to reside in high memory.

config CPU_SW_DOMAIN_PAN

	bool "Enable use of CPU domains to implement privileged no-access"

	depends on MMU && !ARM_LPAE

config ARM_PAN

	bool "Enable privileged no-access"

	depends on MMU

	default y

	help

	  Increase kernel security by ensuring that normal kernel accesses

	  by ensuring that magic values (such as LIST_POISON) will always

	  fault when dereferenced.

	  The implementation uses CPU domains when !CONFIG_ARM_LPAE and

	  disabling of TTBR0 page table walks with CONFIG_ARM_LPAE.

config CPU_SW_DOMAIN_PAN

	def_bool y

	depends on ARM_PAN && !ARM_LPAE

	help

	  Enable use of CPU domains to implement privileged no-access.

	  CPUs with low-vector mappings use a best-efforts implementation.

	  Their lower 1MB needs to remain accessible for the vectors, but

	  the remainder of userspace will become appropriately inaccessible.

config CPU_TTBR0_PAN

	def_bool y

	depends on ARM_PAN && ARM_LPAE

	help

	  Enable privileged no-access by disabling TTBR0 page table walks when

	  running in kernel mode.

config HW_PERF_EVENTS

	def_bool y

	depends on ARM_PMU

#include <asm/opcodes-virt.h>

#include <asm/asm-offsets.h>

#include <asm/page.h>

#include <asm/pgtable.h>

#include <asm/thread_info.h>

#include <asm/uaccess-asm.h>

#define PHYS_MASK_SHIFT		(40)

#define PHYS_MASK		((1ULL << PHYS_MASK_SHIFT) - 1)

#ifndef CONFIG_CPU_TTBR0_PAN

/*

 * TTBR0/TTBR1 split (PAGE_OFFSET):

 *   0x40000000: T0SZ = 2, T1SZ = 0 (not used)

#endif

#define TTBR1_SIZE	(((PAGE_OFFSET >> 30) - 1) << 16)

#else

/*

 * With CONFIG_CPU_TTBR0_PAN enabled, TTBR1 is only used during uaccess

 * disabled regions when TTBR0 is disabled.

 */

#define TTBR1_OFFSET	0			/* pointing to swapper_pg_dir */

#define TTBR1_SIZE	0			/* TTBR1 size controlled via TTBCR.T0SZ */

#endif

/*

 * TTBCR register bits.

struct svc_pt_regs {

	struct pt_regs regs;

	u32 dacr;

	u32 ttbcr;

};

#define to_svc_pt_regs(r) container_of(r, struct svc_pt_regs, regs)

#endif

	.endm

#ifdef CONFIG_CPU_SW_DOMAIN_PAN

#if defined(CONFIG_CPU_SW_DOMAIN_PAN)

	.macro	uaccess_disable, tmp, isb=1

	/*

	.endif

	.endm

#elif defined(CONFIG_CPU_TTBR0_PAN)

	.macro	uaccess_disable, tmp, isb=1

	/*

	 * Disable TTBR0 page table walks (EDP0 = 1), use the reserved ASID

	 * from TTBR1 (A1 = 1) and enable TTBR1 page table walks for kernel

	 * addresses by reducing TTBR0 range to 32MB (T0SZ = 7).

	 */

	mrc	p15, 0, \tmp, c2, c0, 2		@ read TTBCR

	orr	\tmp, \tmp, #TTBCR_EPD0 | TTBCR_T0SZ_MASK

	orr	\tmp, \tmp, #TTBCR_A1

	mcr	p15, 0, \tmp, c2, c0, 2		@ write TTBCR

	.if	\isb

	instr_sync

	.endif

	.endm

	.macro	uaccess_enable, tmp, isb=1

	/*

	 * Enable TTBR0 page table walks (T0SZ = 0, EDP0 = 0) and ASID from

	 * TTBR0 (A1 = 0).

	 */

	mrc	p15, 0, \tmp, c2, c0, 2		@ read TTBCR

	bic	\tmp, \tmp, #TTBCR_EPD0 | TTBCR_T0SZ_MASK

	bic	\tmp, \tmp, #TTBCR_A1

	mcr	p15, 0, \tmp, c2, c0, 2		@ write TTBCR

	.if	\isb

	instr_sync

	.endif

	.endm

#else

	.macro	uaccess_disable, tmp, isb=1

#define DACR(x...)	x

#else

#define DACR(x...)

#endif

#ifdef CONFIG_CPU_TTBR0_PAN

#define PAN(x...)	x

#else

#define PAN(x...)

#endif

	/*

	.macro	uaccess_entry, tsk, tmp0, tmp1, tmp2, disable

 DACR(	mrc	p15, 0, \tmp0, c3, c0, 0)

 DACR(	str	\tmp0, [sp, #SVC_DACR])

 PAN(	mrc	p15, 0, \tmp0, c2, c0, 2)

 PAN(	str	\tmp0, [sp, #SVC_TTBCR])

	.if \disable && IS_ENABLED(CONFIG_CPU_SW_DOMAIN_PAN)

	/* kernel=client, user=no access */

	mov	\tmp2, #DACR_UACCESS_DISABLE

	.macro	uaccess_exit, tsk, tmp0, tmp1

 DACR(	ldr	\tmp0, [sp, #SVC_DACR])

 DACR(	mcr	p15, 0, \tmp0, c3, c0, 0)

 PAN(	ldr	\tmp0, [sp, #SVC_TTBCR])

 PAN(	mcr	p15, 0, \tmp0, c2, c0, 2)

	.endm

#undef DACR

#undef PAN

#endif /* __ASM_UACCESS_ASM_H__ */