arm64: mm: Make kaslr_requires_kpti() a static inline

In preparation for moving the first assignment of arm64_use_ng_mappings
to an earlier stage in the boot, ensure that kaslr_requires_kpti() is
accessible without relying on the core kernel's view on whether or not
KASLR is enabled. So make it a static inline, and move the
kaslr_enabled() check out of it and into the callers, one of which will
disappear in a subsequent patch.

Once/when support for the obsolete ThunderX 1 platform is dropped, this
check reduces to a E0PD feature check on the local CPU.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20240214122845.2033971-61-ardb+git@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
index 2fcf51231d6eba71677e084bbc38a5837b7cc7c6..d0b8b4b413b6e91c7fbc78cc8b8a59bf610c9ea6 100644 (file)
--- a/arch/arm64/include/asm/mmu.h
+++ b/arch/arm64/include/asm/mmu.h
@@ -71,7 +71,43 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys,
                               pgprot_t prot, bool page_mappings_only);
 extern void *fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot);
 extern void mark_linear_text_alias_ro(void);
-extern bool kaslr_requires_kpti(void);
+
+/*
+ * This check is triggered during the early boot before the cpufeature
+ * is initialised. Checking the status on the local CPU allows the boot
+ * CPU to detect the need for non-global mappings and thus avoiding a
+ * pagetable re-write after all the CPUs are booted. This check will be
+ * anyway run on individual CPUs, allowing us to get the consistent
+ * state once the SMP CPUs are up and thus make the switch to non-global
+ * mappings if required.
+ */
+static inline bool kaslr_requires_kpti(void)
+{
+       /*
+        * E0PD does a similar job to KPTI so can be used instead
+        * where available.
+        */
+       if (IS_ENABLED(CONFIG_ARM64_E0PD)) {
+               u64 mmfr2 = read_sysreg_s(SYS_ID_AA64MMFR2_EL1);
+               if (cpuid_feature_extract_unsigned_field(mmfr2,
+                                               ID_AA64MMFR2_EL1_E0PD_SHIFT))
+                       return false;
+       }
+
+       /*
+        * Systems affected by Cavium erratum 24756 are incompatible
+        * with KPTI.
+        */
+       if (IS_ENABLED(CONFIG_CAVIUM_ERRATUM_27456)) {
+               extern const struct midr_range cavium_erratum_27456_cpus[];
+
+               if (is_midr_in_range_list(read_cpuid_id(),
+                                         cavium_erratum_27456_cpus))
+                       return false;
+       }
+
+       return true;
+}
 
 #define INIT_MM_CONTEXT(name)  \
        .pgd = init_pg_dir,

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index d0ffb872a31a5133f921cbfebd2bb7ca71c9846d..7064cf13f226ac3e8224b6099536f68c5ac49662 100644 (file)
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1620,46 +1620,6 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope)
        return has_cpuid_feature(entry, scope);
 }
 
-/*
- * This check is triggered during the early boot before the cpufeature
- * is initialised. Checking the status on the local CPU allows the boot
- * CPU to detect the need for non-global mappings and thus avoiding a
- * pagetable re-write after all the CPUs are booted. This check will be
- * anyway run on individual CPUs, allowing us to get the consistent
- * state once the SMP CPUs are up and thus make the switch to non-global
- * mappings if required.
- */
-bool kaslr_requires_kpti(void)
-{
-       if (!IS_ENABLED(CONFIG_RANDOMIZE_BASE))
-               return false;
-
-       /*
-        * E0PD does a similar job to KPTI so can be used instead
-        * where available.
-        */
-       if (IS_ENABLED(CONFIG_ARM64_E0PD)) {
-               u64 mmfr2 = read_sysreg_s(SYS_ID_AA64MMFR2_EL1);
-               if (cpuid_feature_extract_unsigned_field(mmfr2,
-                                               ID_AA64MMFR2_EL1_E0PD_SHIFT))
-                       return false;
-       }
-
-       /*
-        * Systems affected by Cavium erratum 24756 are incompatible
-        * with KPTI.
-        */
-       if (IS_ENABLED(CONFIG_CAVIUM_ERRATUM_27456)) {
-               extern const struct midr_range cavium_erratum_27456_cpus[];
-
-               if (is_midr_in_range_list(read_cpuid_id(),
-                                         cavium_erratum_27456_cpus))
-                       return false;
-       }
-
-       return kaslr_enabled();
-}
-
 static bool __meltdown_safe = true;
 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
 
@@ -1712,7 +1672,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
        }
 
        /* Useful for KASLR robustness */
-       if (kaslr_requires_kpti()) {
+       if (kaslr_enabled() && kaslr_requires_kpti()) {
                if (!__kpti_forced) {
                        str = "KASLR";
                        __kpti_forced = 1;

diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
index 97d2143669cfa38c9f8d77d1df26a967ca40576d..0ef45d1927b37e145c347b8b2ca8f665e179bf8b 100644 (file)
--- a/arch/arm64/kernel/setup.c
+++ b/arch/arm64/kernel/setup.c
@@ -288,7 +288,7 @@ void __init __no_sanitize_address setup_arch(char **cmdline_p)
         * mappings from the start, avoiding the cost of rewriting
         * everything later.
         */
-       arm64_use_ng_mappings = kaslr_requires_kpti();
+       arm64_use_ng_mappings = kaslr_enabled() && kaslr_requires_kpti();
 
        early_fixmap_init();
        early_ioremap_init();