Merge branch 'kpti' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

config QCOM_FALKOR_ERRATUM_1003

	bool "Falkor E1003: Incorrect translation due to ASID change"

	default y

	select ARM64_PAN if ARM64_SW_TTBR0_PAN

	help

	  On Falkor v1, an incorrect ASID may be cached in the TLB when ASID

	  and BADDR are changed together in TTBRx_EL1. The workaround for this

	  issue is to use a reserved ASID in cpu_do_switch_mm() before

	  switching to the new ASID. Saying Y here selects ARM64_PAN if

	  ARM64_SW_TTBR0_PAN is selected. This is done because implementing and

	  maintaining the E1003 workaround in the software PAN emulation code

	  would be an unnecessary complication. The affected Falkor v1 CPU

	  implements ARMv8.1 hardware PAN support and using hardware PAN

	  support versus software PAN emulation is mutually exclusive at

	  runtime.

	  If unsure, say Y.

	  and BADDR are changed together in TTBRx_EL1. Since we keep the ASID

	  in TTBR1_EL1, this situation only occurs in the entry trampoline and

	  then only for entries in the walk cache, since the leaf translation

	  is unchanged. Work around the erratum by invalidating the walk cache

	  entries for the trampoline before entering the kernel proper.

config QCOM_FALKOR_ERRATUM_1009

	bool "Falkor E1009: Prematurely complete a DSB after a TLBI"

	  However for 4K, we choose a higher default value, 11 as opposed to 10, giving us

	  4M allocations matching the default size used by generic code.

config UNMAP_KERNEL_AT_EL0

	bool "Unmap kernel when running in userspace (aka \"KAISER\")"

	default y

	help

	  Some attacks against KASLR make use of the timing difference between

	  a permission fault which could arise from a page table entry that is

	  present in the TLB, and a translation fault which always requires a

	  page table walk. This option defends against these attacks by unmapping

	  the kernel whilst running in userspace, therefore forcing translation

	  faults for all of kernel space.

	  If unsure, say Y.

menuconfig ARMV8_DEPRECATED

	bool "Emulate deprecated/obsolete ARMv8 instructions"

	depends on COMPAT

#include <asm/alternative.h>

#include <asm/kernel-pgtable.h>

#include <asm/mmu.h>

#include <asm/sysreg.h>

#include <asm/assembler.h>

	add	\tmp1, \tmp1, #SWAPPER_DIR_SIZE	// reserved_ttbr0 at the end of swapper_pg_dir

	msr	ttbr0_el1, \tmp1		// set reserved TTBR0_EL1

	isb

	sub	\tmp1, \tmp1, #SWAPPER_DIR_SIZE

	bic	\tmp1, \tmp1, #TTBR_ASID_MASK

	msr	ttbr1_el1, \tmp1		// set reserved ASID

	isb

	.endm

	.macro	__uaccess_ttbr0_enable, tmp1

	.macro	__uaccess_ttbr0_enable, tmp1, tmp2

	get_thread_info \tmp1

	ldr	\tmp1, [\tmp1, #TSK_TI_TTBR0]	// load saved TTBR0_EL1

	mrs	\tmp2, ttbr1_el1

	extr    \tmp2, \tmp2, \tmp1, #48

	ror     \tmp2, \tmp2, #16

	msr	ttbr1_el1, \tmp2		// set the active ASID

	isb

	msr	ttbr0_el1, \tmp1		// set the non-PAN TTBR0_EL1

	isb

	.endm

alternative_else_nop_endif

	.endm

	.macro	uaccess_ttbr0_enable, tmp1, tmp2

	.macro	uaccess_ttbr0_enable, tmp1, tmp2, tmp3

alternative_if_not ARM64_HAS_PAN

	save_and_disable_irq \tmp2		// avoid preemption

	__uaccess_ttbr0_enable \tmp1

	restore_irq \tmp2

	save_and_disable_irq \tmp3		// avoid preemption

	__uaccess_ttbr0_enable \tmp1, \tmp2

	restore_irq \tmp3

alternative_else_nop_endif

	.endm

#else

	.macro	uaccess_ttbr0_disable, tmp1

	.endm

	.macro	uaccess_ttbr0_enable, tmp1, tmp2

	.macro	uaccess_ttbr0_enable, tmp1, tmp2, tmp3

	.endm

#endif

alternative_else_nop_endif

	.endm

	.macro	uaccess_enable_not_uao, tmp1, tmp2

	uaccess_ttbr0_enable \tmp1, \tmp2

	.macro	uaccess_enable_not_uao, tmp1, tmp2, tmp3

	uaccess_ttbr0_enable \tmp1, \tmp2, \tmp3

alternative_if ARM64_ALT_PAN_NOT_UAO

	SET_PSTATE_PAN(0)

alternative_else_nop_endif

#include <asm/asm-offsets.h>

#include <asm/cpufeature.h>

#include <asm/debug-monitors.h>

#include <asm/mmu_context.h>

#include <asm/page.h>

#include <asm/pgtable-hwdef.h>

#include <asm/ptrace.h>

	.endm

/*

 * Errata workaround prior to TTBR0_EL1 update

 *

 * 	val:	TTBR value with new BADDR, preserved

 * 	tmp0:	temporary register, clobbered

 * 	tmp1:	other temporary register, clobbered

 */

	.macro	pre_ttbr0_update_workaround, val, tmp0, tmp1

#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003

alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003

	mrs	\tmp0, ttbr0_el1

	mov	\tmp1, #FALKOR_RESERVED_ASID

	bfi	\tmp0, \tmp1, #48, #16		// reserved ASID + old BADDR

	msr	ttbr0_el1, \tmp0

	isb

	bfi	\tmp0, \val, #0, #48		// reserved ASID + new BADDR

	msr	ttbr0_el1, \tmp0

	isb

alternative_else_nop_endif

#endif

	.endm

/*

 * Errata workaround post TTBR0_EL1 update.

 * Errata workaround post TTBRx_EL1 update.

 */

	.macro	post_ttbr0_update_workaround

	.macro	post_ttbr_update_workaround

#ifdef CONFIG_CAVIUM_ERRATUM_27456

alternative_if ARM64_WORKAROUND_CAVIUM_27456

	ic	iallu

#define ARM64_WORKAROUND_CAVIUM_30115		20

#define ARM64_HAS_DCPOP				21

#define ARM64_SVE				22

#define ARM64_UNMAP_KERNEL_AT_EL0		23

#define ARM64_NCAPS				23

#define ARM64_NCAPS				24

#endif /* __ASM_CPUCAPS_H */

	FIX_APEI_GHES_NMI,

#endif /* CONFIG_ACPI_APEI_GHES */

#ifdef CONFIG_UNMAP_KERNEL_AT_EL0

	FIX_ENTRY_TRAMP_DATA,

	FIX_ENTRY_TRAMP_TEXT,

#define TRAMP_VALIAS		(__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))

#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */

	__end_of_permanent_fixed_addresses,

	/*