archive mirror
 help / color / mirror / Atom feed
From: Mark Rutland <>
	Catalin Marinas <>
Subject: [PATCH 0/9] arm64: alternatives: improvements
Date: Thu,  1 Sep 2022 16:13:54 +0100	[thread overview]
Message-ID: <> (raw)

This series reworks the arm64 alternatives code. The major aim is to
make the patching code more consistent and robust, and as a benefit we
can also make the kernel Image smaller.

Largely, the series makes two structural changes:

1) Replacing cpucap static branches with equivalent alternatives.

   This helps with a number of existing pain points:

   * Each static branch has metadata in the __jump_table section, which
     is not discarded after features are finalized. This wastes some
     space, and slows down the patching of other static branches.
   * The static branches are patched at a different point in time from
     the alternatives, so changes are not atomic. This leaves a
     transient period where there could be a mismatch between the
     behaviour of alternatives and static branches, which could be
     problematic for some features (e.g. pseudo-NMI).
   * More (instrumentable) kernel code is executed to patch each static
     branch, which can be risky when patching certain features (e.g.
     irqflags management for pseudo-NMI).
   * When CONFIG_JUMP_LABEL=n, static branches are turned into a load of
     a flag and a conditional branch. This means it isn't safe to use
     such static branches in an alternative address space (e.g. the
     NVHE/PKVM hyp code), where the generated address isn't safe to

   Note that all supported toolchains have asm goto support, and since

     a0a12c3ed057af57 ("asm goto: eradicate CC_HAS_ASM_GOTO)"

   ... the CC_HAS_ASM_GOTO Kconfig symbol has been removed, so no
   feature check is necessary, and we can always make use of asm goto.

2) Associating callback alternatives with a cpucap.

   This removes the need to special-case alternatives with callbacks,
   making it clearer when the callbacks will be invoked, and making it
   possible to add boot-time callbacks in future.

   This also makes it possible to add shared callbacks for common
   operations (e.g. where the replacement consists purely of NOPs),
   saving space.

With this series applied, the resulting vmlinux is ~364KiB smaller, and
the resulting Image is 64KiB smaller (due to padding and alignment):

| % ls -al vmlinux-*           
| -rwxr-xr-x 1 mark mark 134644592 Sep  1 15:25 vmlinux-after
| -rwxr-xr-x 1 mark mark 135018072 Sep  1 15:23 vmlinux-v6.0-rc3
| % ls -al Image-*  
| -rw-r--r-- 1 mark mark 37108224 Sep  1 15:25 Image-after
| -rw-r--r-- 1 mark mark 37173760 Sep  1 15:23 Image-v6.0-rc3

As identified in the trailing "HACK" patch, there are further changes
that could be made in future.

Note: this patch does *NOT* address latent issues with noinstr safety in
the existing alternatives callbacks, which will be addressed in a
separate patch series.


Mark Rutland (9):
  arm64: cpufeature: make cpus_have_cap() noinstr-safe
  arm64: alternatives: kvm: prepare for cap changes
  arm64: alternatives: proton-pack: prepare for cap changes
  arm64: alternatives: hoist print out of __apply_alternatives()
  arm64: alternatives: make alt_region const
  arm64: alternatives: have callbacks take a cap
  arm64: alternatives: add alternative_has_feature_*()
  arm64: alternatives: add shared NOP callback
  HACK: arm64: alternatives: dump summary of alternatives

 arch/arm64/include/asm/alternative-macros.h |  59 ++++++++-
 arch/arm64/include/asm/assembler.h          |  10 +-
 arch/arm64/include/asm/cpufeature.h         |  15 +--
 arch/arm64/include/asm/kvm_mmu.h            |   5 +-
 arch/arm64/include/asm/lse.h                |   5 +-
 arch/arm64/kernel/alternative.c             | 135 +++++++++++++++-----
 arch/arm64/kernel/cpufeature.c              |  44 +++----
 arch/arm64/kernel/entry.S                   |   8 +-
 arch/arm64/kernel/image-vars.h              |   5 +-
 arch/arm64/kernel/proton-pack.c             |   2 +-
 arch/arm64/kvm/hyp/hyp-entry.S              |   4 +-
 arch/arm64/kvm/va_layout.c                  |   5 +-
 arch/arm64/tools/cpucaps                    |   2 +
 13 files changed, 204 insertions(+), 95 deletions(-)


linux-arm-kernel mailing list

             reply	other threads:[~2022-09-01 15:16 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-01 15:13 Mark Rutland [this message]
2022-09-01 15:13 ` [PATCH 1/9] arm64: cpufeature: make cpus_have_cap() noinstr-safe Mark Rutland
2022-09-01 15:13 ` [PATCH 2/9] arm64: alternatives: kvm: prepare for cap changes Mark Rutland
2022-09-01 15:13 ` [PATCH 3/9] arm64: alternatives: proton-pack: " Mark Rutland
2022-09-02 16:19   ` Joey Gouly
2022-09-05  8:46     ` Mark Rutland
2022-09-01 15:13 ` [PATCH 4/9] arm64: alternatives: hoist print out of __apply_alternatives() Mark Rutland
2022-09-01 15:13 ` [PATCH 5/9] arm64: alternatives: make alt_region const Mark Rutland
2022-09-06 15:18   ` Ard Biesheuvel
2022-09-12  9:31     ` Mark Rutland
2022-09-12 10:13       ` Ard Biesheuvel
2022-09-12 12:13         ` Mark Rutland
2022-09-01 15:14 ` [PATCH 6/9] arm64: alternatives: have callbacks take a cap Mark Rutland
2022-09-02 15:54   ` Joey Gouly
2022-09-05  8:48     ` Mark Rutland
2022-09-01 15:14 ` [PATCH 7/9] arm64: alternatives: add alternative_has_feature_*() Mark Rutland
2022-09-01 15:14 ` [PATCH 8/9] arm64: alternatives: add shared NOP callback Mark Rutland
2022-09-01 15:14 ` [PATCH 9/9] HACK: arm64: alternatives: dump summary of alternatives Mark Rutland
2022-09-12 12:36   ` Mark Brown
2022-09-12 16:14     ` Mark Rutland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).