From: Mark Rutland <firstname.lastname@example.org>
Catalin Marinas <email@example.com>
Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org,
email@example.com, firstname.lastname@example.org, email@example.com
Subject: [PATCH 0/9] arm64: alternatives: improvements
Date: Thu, 1 Sep 2022 16:13:54 +0100 [thread overview]
Message-ID: <firstname.lastname@example.org> (raw)
This series reworks the arm64 alternatives code. The major aim is to
make the patching code more consistent and robust, and as a benefit we
can also make the kernel Image smaller.
Largely, the series makes two structural changes:
1) Replacing cpucap static branches with equivalent alternatives.
This helps with a number of existing pain points:
* Each static branch has metadata in the __jump_table section, which
is not discarded after features are finalized. This wastes some
space, and slows down the patching of other static branches.
* The static branches are patched at a different point in time from
the alternatives, so changes are not atomic. This leaves a
transient period where there could be a mismatch between the
behaviour of alternatives and static branches, which could be
problematic for some features (e.g. pseudo-NMI).
* More (instrumentable) kernel code is executed to patch each static
branch, which can be risky when patching certain features (e.g.
irqflags management for pseudo-NMI).
* When CONFIG_JUMP_LABEL=n, static branches are turned into a load of
a flag and a conditional branch. This means it isn't safe to use
such static branches in an alternative address space (e.g. the
NVHE/PKVM hyp code), where the generated address isn't safe to
Note that all supported toolchains have asm goto support, and since
a0a12c3ed057af57 ("asm goto: eradicate CC_HAS_ASM_GOTO)"
... the CC_HAS_ASM_GOTO Kconfig symbol has been removed, so no
feature check is necessary, and we can always make use of asm goto.
2) Associating callback alternatives with a cpucap.
This removes the need to special-case alternatives with callbacks,
making it clearer when the callbacks will be invoked, and making it
possible to add boot-time callbacks in future.
This also makes it possible to add shared callbacks for common
operations (e.g. where the replacement consists purely of NOPs),
With this series applied, the resulting vmlinux is ~364KiB smaller, and
the resulting Image is 64KiB smaller (due to padding and alignment):
| % ls -al vmlinux-*
| -rwxr-xr-x 1 mark mark 134644592 Sep 1 15:25 vmlinux-after
| -rwxr-xr-x 1 mark mark 135018072 Sep 1 15:23 vmlinux-v6.0-rc3
| % ls -al Image-*
| -rw-r--r-- 1 mark mark 37108224 Sep 1 15:25 Image-after
| -rw-r--r-- 1 mark mark 37173760 Sep 1 15:23 Image-v6.0-rc3
As identified in the trailing "HACK" patch, there are further changes
that could be made in future.
Note: this patch does *NOT* address latent issues with noinstr safety in
the existing alternatives callbacks, which will be addressed in a
separate patch series.
Mark Rutland (9):
arm64: cpufeature: make cpus_have_cap() noinstr-safe
arm64: alternatives: kvm: prepare for cap changes
arm64: alternatives: proton-pack: prepare for cap changes
arm64: alternatives: hoist print out of __apply_alternatives()
arm64: alternatives: make alt_region const
arm64: alternatives: have callbacks take a cap
arm64: alternatives: add alternative_has_feature_*()
arm64: alternatives: add shared NOP callback
HACK: arm64: alternatives: dump summary of alternatives
arch/arm64/include/asm/alternative-macros.h | 59 ++++++++-
arch/arm64/include/asm/assembler.h | 10 +-
arch/arm64/include/asm/cpufeature.h | 15 +--
arch/arm64/include/asm/kvm_mmu.h | 5 +-
arch/arm64/include/asm/lse.h | 5 +-
arch/arm64/kernel/alternative.c | 135 +++++++++++++++-----
arch/arm64/kernel/cpufeature.c | 44 +++----
arch/arm64/kernel/entry.S | 8 +-
arch/arm64/kernel/image-vars.h | 5 +-
arch/arm64/kernel/proton-pack.c | 2 +-
arch/arm64/kvm/hyp/hyp-entry.S | 4 +-
arch/arm64/kvm/va_layout.c | 5 +-
arch/arm64/tools/cpucaps | 2 +
13 files changed, 204 insertions(+), 95 deletions(-)
linux-arm-kernel mailing list
next reply other threads:[~2022-09-01 15:16 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-01 15:13 Mark Rutland [this message]
2022-09-01 15:13 ` [PATCH 1/9] arm64: cpufeature: make cpus_have_cap() noinstr-safe Mark Rutland
2022-09-01 15:13 ` [PATCH 2/9] arm64: alternatives: kvm: prepare for cap changes Mark Rutland
2022-09-01 15:13 ` [PATCH 3/9] arm64: alternatives: proton-pack: " Mark Rutland
2022-09-02 16:19 ` Joey Gouly
2022-09-05 8:46 ` Mark Rutland
2022-09-01 15:13 ` [PATCH 4/9] arm64: alternatives: hoist print out of __apply_alternatives() Mark Rutland
2022-09-01 15:13 ` [PATCH 5/9] arm64: alternatives: make alt_region const Mark Rutland
2022-09-06 15:18 ` Ard Biesheuvel
2022-09-12 9:31 ` Mark Rutland
2022-09-12 10:13 ` Ard Biesheuvel
2022-09-12 12:13 ` Mark Rutland
2022-09-01 15:14 ` [PATCH 6/9] arm64: alternatives: have callbacks take a cap Mark Rutland
2022-09-02 15:54 ` Joey Gouly
2022-09-05 8:48 ` Mark Rutland
2022-09-01 15:14 ` [PATCH 7/9] arm64: alternatives: add alternative_has_feature_*() Mark Rutland
2022-09-01 15:14 ` [PATCH 8/9] arm64: alternatives: add shared NOP callback Mark Rutland
2022-09-01 15:14 ` [PATCH 9/9] HACK: arm64: alternatives: dump summary of alternatives Mark Rutland
2022-09-12 12:36 ` Mark Brown
2022-09-12 16:14 ` Mark Rutland
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).