1 /*
2 * Copyright (c) 2007-2009 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31
32 #include <debug.h>
33 #include <mach_ldebug.h>
34 #include <mach_kdp.h>
35
36 #include <kern/misc_protos.h>
37 #include <kern/thread.h>
38 #include <kern/timer_queue.h>
39 #include <kern/processor.h>
40 #include <kern/startup.h>
41 #include <kern/debug.h>
42 #include <prng/random.h>
43 #include <machine/machine_routines.h>
44 #include <machine/commpage.h>
45 #if HIBERNATION
46 #include <machine/pal_hibernate.h>
47 #endif /* HIBERNATION */
48 /* ARM64_TODO unify boot.h */
49 #if __arm64__
50 #include <pexpert/arm64/apple_arm64_common.h>
51 #include <pexpert/arm64/boot.h>
52 #elif __arm__
53 #include <pexpert/arm/boot.h>
54 #else
55 #error Unsupported arch
56 #endif
57 #include <pexpert/arm/consistent_debug.h>
58 #include <pexpert/device_tree.h>
59 #include <arm/proc_reg.h>
60 #include <arm/pmap.h>
61 #include <arm/caches_internal.h>
62 #include <arm/cpu_internal.h>
63 #include <arm/cpu_data_internal.h>
64 #include <arm/cpuid_internal.h>
65 #include <arm/io_map_entries.h>
66 #include <arm/misc_protos.h>
67 #include <arm/machine_cpu.h>
68 #include <arm/rtclock.h>
69 #include <vm/vm_map.h>
70
71 #include <libkern/kernel_mach_header.h>
72 #include <libkern/stack_protector.h>
73 #include <libkern/section_keywords.h>
74 #include <san/kasan.h>
75 #include <sys/kdebug.h>
76
77 #include <pexpert/pexpert.h>
78
79 #include <console/serial_protos.h>
80
81 #if CONFIG_TELEMETRY
82 #include <kern/telemetry.h>
83 #endif
84 #if MONOTONIC
85 #include <kern/monotonic.h>
86 #endif /* MONOTONIC */
87
88 #if KPERF
89 #include <kperf/kptimer.h>
90 #endif /* KPERF */
91
92 #if HIBERNATION
93 #include <IOKit/IOPlatformExpert.h>
94 #endif /* HIBERNATION */
95
96 extern void patch_low_glo(void);
97 extern int serial_init(void);
98 extern void sleep_token_buffer_init(void);
99
100 extern vm_offset_t intstack_top;
101 #if __arm64__
102 extern vm_offset_t excepstack_top;
103 #else
104 extern vm_offset_t fiqstack_top;
105 #endif
106
107 extern const char version[];
108 extern const char version_variant[];
109 extern int disableConsoleOutput;
110
111 int pc_trace_buf[PC_TRACE_BUF_SIZE] = {0};
112 int pc_trace_cnt = PC_TRACE_BUF_SIZE;
113 int debug_task;
114
115 SECURITY_READ_ONLY_LATE(bool) static_kernelcache = false;
116
117 #if HAS_BP_RET
118 /* Enable both branch target retention (0x2) and branch direction retention (0x1) across sleep */
119 uint32_t bp_ret = 3;
120 extern void set_bp_ret(void);
121 #endif
122
123 #if INTERRUPT_MASKED_DEBUG
124 TUNABLE_DT_WRITEABLE(sched_hygiene_mode_t, interrupt_masked_debug_mode,
125 "machine-timeouts", "interrupt-masked-debug-mode",
126 "interrupt-masked-debug-mode",
127 SCHED_HYGIENE_MODE_PANIC,
128 TUNABLE_DT_CHECK_CHOSEN);
129
130 boolean_t interrupt_masked_debug_pmc = 1;
131 MACHINE_TIMEOUT32_WRITEABLE(interrupt_masked_timeout, "interrupt-masked",
132 0xd0000, MACHINE_TIMEOUT_UNIT_TIMEBASE, /* 35.499ms */
133 NULL);
134 #if __arm64__
135 #define SSHOT_INTERRUPT_MASKED_TIMEOUT 0xf9999 /* 64-bit: 42.599ms */
136 #else
137 #define SSHOT_INTERRUPT_MASKED_TIMEOUT 0x124f80 /* 32-bit: 50ms */
138 #endif
139 MACHINE_TIMEOUT32_WRITEABLE(stackshot_interrupt_masked_timeout, "sshot-interrupt-masked",
140 SSHOT_INTERRUPT_MASKED_TIMEOUT, MACHINE_TIMEOUT_UNIT_TIMEBASE,
141 NULL);
142 #undef SSHOT_INTERRUPT_MASKED_TIMEOUT
143 #endif
144
145 /*
146 * A 6-second timeout will give the watchdog code a chance to run
147 * before a panic is triggered by the xcall routine.
148 */
149 #define XCALL_ACK_TIMEOUT_NS ((uint64_t) 6000000000)
150 uint64_t xcall_ack_timeout_abstime;
151
152 boot_args const_boot_args __attribute__((section("__DATA, __const")));
153 boot_args *BootArgs __attribute__((section("__DATA, __const")));
154
155 TUNABLE(uint32_t, arm_diag, "diag", 0);
156 #ifdef APPLETYPHOON
157 static unsigned cpus_defeatures = 0x0;
158 extern void cpu_defeatures_set(unsigned int);
159 #endif
160
161 #if __arm64__ && __ARM_GLOBAL_SLEEP_BIT__
162 extern volatile boolean_t arm64_stall_sleep;
163 #endif
164
165 extern boolean_t force_immediate_debug_halt;
166
167 #if HAS_APPLE_PAC
168 SECURITY_READ_ONLY_LATE(boolean_t) diversify_user_jop = TRUE;
169 #endif
170
171 SECURITY_READ_ONLY_LATE(uint64_t) gDramBase;
172 SECURITY_READ_ONLY_LATE(uint64_t) gDramSize;
173
174 SECURITY_READ_ONLY_LATE(bool) serial_console_enabled = false;
175 SECURITY_READ_ONLY_LATE(bool) enable_processor_exit = false;
176
177 /*
178 * Forward definition
179 */
180 void arm_init(boot_args * args);
181
182 #if __arm64__
183 unsigned int page_shift_user32; /* for page_size as seen by a 32-bit task */
184
185 extern void configure_misc_apple_boot_args(void);
186 extern void configure_misc_apple_regs(void);
187 extern void configure_timer_apple_regs(void);
188 #endif /* __arm64__ */
189
190
191 /*
192 * JOP rebasing
193 */
194
195 #define dyldLogFunc(msg, ...)
196 #include <mach/dyld_kernel_fixups.h>
197
198 extern uint32_t __thread_starts_sect_start[] __asm("section$start$__TEXT$__thread_starts");
199 extern uint32_t __thread_starts_sect_end[] __asm("section$end$__TEXT$__thread_starts");
200 #if defined(HAS_APPLE_PAC)
201 extern void OSRuntimeSignStructors(kernel_mach_header_t * header);
202 extern void OSRuntimeSignStructorsInFileset(kernel_mach_header_t * header);
203 #endif /* defined(HAS_APPLE_PAC) */
204
205 extern vm_offset_t vm_kernel_slide;
206 extern vm_offset_t segLOWESTKC, segHIGHESTKC, segLOWESTROKC, segHIGHESTROKC;
207 extern vm_offset_t segLOWESTAuxKC, segHIGHESTAuxKC, segLOWESTROAuxKC, segHIGHESTROAuxKC;
208 extern vm_offset_t segLOWESTRXAuxKC, segHIGHESTRXAuxKC, segHIGHESTNLEAuxKC;
209
210 static void
arm_slide_rebase_and_sign_image(void)211 arm_slide_rebase_and_sign_image(void)
212 {
213 kernel_mach_header_t *k_mh, *kc_mh = NULL;
214 kernel_segment_command_t *seg;
215 uintptr_t slide;
216
217 k_mh = &_mh_execute_header;
218 if (kernel_mach_header_is_in_fileset(k_mh)) {
219 /*
220 * The kernel is part of a MH_FILESET kernel collection, determine slide
221 * based on first segment's mach-o vmaddr (requires first kernel load
222 * command to be LC_SEGMENT_64 of the __TEXT segment)
223 */
224 seg = (kernel_segment_command_t *)((uintptr_t)k_mh + sizeof(*k_mh));
225 assert(seg->cmd == LC_SEGMENT_KERNEL);
226 slide = (uintptr_t)k_mh - seg->vmaddr;
227
228 /*
229 * The kernel collection linker guarantees that the boot collection mach
230 * header vmaddr is the hardcoded kernel link address (as specified to
231 * ld64 when linking the kernel).
232 */
233 kc_mh = (kernel_mach_header_t*)(VM_KERNEL_LINK_ADDRESS + slide);
234 assert(kc_mh->filetype == MH_FILESET);
235
236 /*
237 * rebase and sign jops
238 * Note that we can't call any functions before this point, so
239 * we have to hard-code the knowledge that the base of the KC
240 * is the KC's mach-o header. This would change if any
241 * segment's VA started *before* the text segment
242 * (as the HIB segment does on x86).
243 */
244 const void *collection_base_pointers[KCNumKinds] = {[0] = kc_mh, };
245 kernel_collection_slide((struct mach_header_64 *)kc_mh, collection_base_pointers);
246
247 PE_set_kc_header(KCKindPrimary, kc_mh, slide);
248
249 /*
250 * iBoot doesn't slide load command vmaddrs in an MH_FILESET kernel
251 * collection, so adjust them now, and determine the vmaddr range
252 * covered by read-only segments for the CTRR rorgn.
253 */
254 kernel_collection_adjust_mh_addrs((struct mach_header_64 *)kc_mh, slide, false,
255 (uintptr_t *)&segLOWESTKC, (uintptr_t *)&segHIGHESTKC,
256 (uintptr_t *)&segLOWESTROKC, (uintptr_t *)&segHIGHESTROKC,
257 NULL, NULL, NULL);
258 #if defined(HAS_APPLE_PAC)
259 OSRuntimeSignStructorsInFileset(kc_mh);
260 #endif /* defined(HAS_APPLE_PAC) */
261 } else {
262 /*
263 * Static kernelcache: iBoot slid kernel MachO vmaddrs, determine slide
264 * using hardcoded kernel link address
265 */
266 slide = (uintptr_t)k_mh - VM_KERNEL_LINK_ADDRESS;
267
268 /* rebase and sign jops */
269 static_kernelcache = &__thread_starts_sect_end[0] != &__thread_starts_sect_start[0];
270 if (static_kernelcache) {
271 rebase_threaded_starts( &__thread_starts_sect_start[0],
272 &__thread_starts_sect_end[0],
273 (uintptr_t)k_mh, (uintptr_t)k_mh - slide, slide);
274 }
275 #if defined(HAS_APPLE_PAC)
276 OSRuntimeSignStructors(&_mh_execute_header);
277 #endif /* defined(HAS_APPLE_PAC) */
278 }
279
280
281 /*
282 * Initialize slide global here to avoid duplicating this logic in
283 * arm_vm_init()
284 */
285 vm_kernel_slide = slide;
286 }
287
288 void
arm_auxkc_init(void * mh,void * base)289 arm_auxkc_init(void *mh, void *base)
290 {
291 /*
292 * The kernel collection linker guarantees that the lowest vmaddr in an
293 * AuxKC collection is 0 (but note that the mach header is higher up since
294 * RW segments precede RO segments in the AuxKC).
295 */
296 uintptr_t slide = (uintptr_t)base;
297 kernel_mach_header_t *akc_mh = (kernel_mach_header_t*)mh;
298
299 assert(akc_mh->filetype == MH_FILESET);
300 PE_set_kc_header_and_base(KCKindAuxiliary, akc_mh, base, slide);
301
302 /* rebase and sign jops */
303 const void *collection_base_pointers[KCNumKinds];
304 memcpy(collection_base_pointers, PE_get_kc_base_pointers(), sizeof(collection_base_pointers));
305 kernel_collection_slide((struct mach_header_64 *)akc_mh, collection_base_pointers);
306
307 kernel_collection_adjust_mh_addrs((struct mach_header_64 *)akc_mh, slide, false,
308 (uintptr_t *)&segLOWESTAuxKC, (uintptr_t *)&segHIGHESTAuxKC, (uintptr_t *)&segLOWESTROAuxKC,
309 (uintptr_t *)&segHIGHESTROAuxKC, (uintptr_t *)&segLOWESTRXAuxKC, (uintptr_t *)&segHIGHESTRXAuxKC,
310 (uintptr_t *)&segHIGHESTNLEAuxKC);
311 #if defined(HAS_APPLE_PAC)
312 OSRuntimeSignStructorsInFileset(akc_mh);
313 #endif /* defined(HAS_APPLE_PAC) */
314 }
315
316 /*
317 * Routine: arm_setup_pre_sign
318 * Function: Perform HW initialization that must happen ahead of the first PAC sign
319 * operation.
320 */
321 static void
arm_setup_pre_sign(void)322 arm_setup_pre_sign(void)
323 {
324 #if __arm64__
325 /* DATA TBI, if enabled, affects the number of VA bits that contain the signature */
326 arm_set_kernel_tbi();
327 #endif /* __arm64 */
328 }
329
330 /*
331 * Routine: arm_init
332 * Function: Runs on the boot CPU, once, on entry from iBoot.
333 */
334
335 __startup_func
336 void
arm_init(boot_args * args)337 arm_init(
338 boot_args *args)
339 {
340 unsigned int maxmem;
341 uint32_t memsize;
342 uint64_t xmaxmem;
343 thread_t thread;
344
345 arm_setup_pre_sign();
346
347 arm_slide_rebase_and_sign_image();
348
349 /* If kernel integrity is supported, use a constant copy of the boot args. */
350 const_boot_args = *args;
351 BootArgs = args = &const_boot_args;
352
353 cpu_data_init(&BootCpuData);
354 #if defined(HAS_APPLE_PAC)
355 /* bootstrap cpu process dependent key for kernel has been loaded by start.s */
356 BootCpuData.rop_key = ml_default_rop_pid();
357 BootCpuData.jop_key = ml_default_jop_pid();
358 #endif /* defined(HAS_APPLE_PAC) */
359
360 PE_init_platform(FALSE, args); /* Get platform expert set up */
361
362 #if __arm64__
363 configure_timer_apple_regs();
364 wfe_timeout_configure();
365 wfe_timeout_init();
366
367 configure_misc_apple_boot_args();
368 configure_misc_apple_regs();
369
370
371 {
372 /*
373 * Select the advertised kernel page size.
374 */
375 if (args->memSize > 1ULL * 1024 * 1024 * 1024) {
376 /*
377 * arm64 device with > 1GB of RAM:
378 * kernel uses 16KB pages.
379 */
380 PAGE_SHIFT_CONST = PAGE_MAX_SHIFT;
381 } else {
382 /*
383 * arm64 device with <= 1GB of RAM:
384 * kernel uses hardware page size
385 * (4KB for H6/H7, 16KB for H8+).
386 */
387 PAGE_SHIFT_CONST = ARM_PGSHIFT;
388 }
389
390 /* 32-bit apps always see 16KB page size */
391 page_shift_user32 = PAGE_MAX_SHIFT;
392 #ifdef APPLETYPHOON
393 if (PE_parse_boot_argn("cpus_defeatures", &cpus_defeatures, sizeof(cpus_defeatures))) {
394 if ((cpus_defeatures & 0xF) != 0) {
395 cpu_defeatures_set(cpus_defeatures & 0xF);
396 }
397 }
398 #endif
399 }
400 #endif
401
402 ml_parse_cpu_topology();
403
404
405 master_cpu = ml_get_boot_cpu_number();
406 assert(master_cpu >= 0 && master_cpu <= ml_get_max_cpu_number());
407
408 BootCpuData.cpu_number = (unsigned short)master_cpu;
409 #if __arm__
410 BootCpuData.cpu_exc_vectors = (vm_offset_t)&ExceptionVectorsTable;
411 #endif
412 BootCpuData.intstack_top = (vm_offset_t) &intstack_top;
413 BootCpuData.istackptr = BootCpuData.intstack_top;
414 #if __arm64__
415 BootCpuData.excepstack_top = (vm_offset_t) &excepstack_top;
416 BootCpuData.excepstackptr = BootCpuData.excepstack_top;
417 #else
418 BootCpuData.fiqstack_top = (vm_offset_t) &fiqstack_top;
419 BootCpuData.fiqstackptr = BootCpuData.fiqstack_top;
420 #endif
421 CpuDataEntries[master_cpu].cpu_data_vaddr = &BootCpuData;
422 CpuDataEntries[master_cpu].cpu_data_paddr = (void *)((uintptr_t)(args->physBase)
423 + ((uintptr_t)&BootCpuData
424 - (uintptr_t)(args->virtBase)));
425
426 thread = thread_bootstrap();
427 thread->machine.CpuDatap = &BootCpuData;
428 thread->machine.pcpu_data_base = (vm_offset_t)0;
429 machine_set_current_thread(thread);
430
431 /*
432 * Preemption is enabled for this thread so that it can lock mutexes without
433 * tripping the preemption check. In reality scheduling is not enabled until
434 * this thread completes, and there are no other threads to switch to, so
435 * preemption level is not really meaningful for the bootstrap thread.
436 */
437 thread->machine.preemption_count = 0;
438 #if __arm__ && __ARM_USER_PROTECT__
439 {
440 unsigned int ttbr0_val, ttbr1_val;
441 __asm__ volatile ("mrc p15,0,%0,c2,c0,0\n" : "=r"(ttbr0_val));
442 __asm__ volatile ("mrc p15,0,%0,c2,c0,1\n" : "=r"(ttbr1_val));
443 thread->machine.uptw_ttb = ttbr0_val;
444 thread->machine.kptw_ttb = ttbr1_val;
445 }
446 #endif
447 processor_t boot_processor = PERCPU_GET_MASTER(processor);
448 boot_processor->kernel_timer = &thread->system_timer;
449 boot_processor->thread_timer = &thread->system_timer;
450
451 cpu_bootstrap();
452
453 rtclock_early_init();
454
455 kernel_debug_string_early("kernel_startup_bootstrap");
456 kernel_startup_bootstrap();
457
458 /*
459 * Initialize the timer callout world
460 */
461 timer_call_init();
462
463 cpu_init();
464
465 processor_bootstrap();
466
467 if (PE_parse_boot_argn("maxmem", &maxmem, sizeof(maxmem))) {
468 xmaxmem = (uint64_t) maxmem * (1024 * 1024);
469 } else if (PE_get_default("hw.memsize", &memsize, sizeof(memsize))) {
470 xmaxmem = (uint64_t) memsize;
471 } else {
472 xmaxmem = 0;
473 }
474
475 #if INTERRUPT_MASKED_DEBUG
476 int wdt_boot_arg = 0;
477 /* Disable if WDT is disabled */
478 if ((PE_parse_boot_argn("wdt", &wdt_boot_arg,
479 sizeof(wdt_boot_arg)) && (wdt_boot_arg == -1)) || kern_feature_override(KF_INTERRUPT_MASKED_DEBUG_OVRD)) {
480 interrupt_masked_debug_mode = SCHED_HYGIENE_MODE_OFF;
481 } else if (kern_feature_override(KF_INTERRUPT_MASKED_DEBUG_PMC_OVRD)) {
482 /*
483 * The interrupt watchdog facility can, in adition to checking time, capture
484 * metrics provided by the cycle and instruction counters available in some
485 * systems. Check if we should enable this feature based on the validation
486 * overrides.
487 */
488 interrupt_masked_debug_pmc = 0;
489 }
490
491 #endif
492
493 nanoseconds_to_absolutetime(XCALL_ACK_TIMEOUT_NS, &xcall_ack_timeout_abstime);
494
495 #if HAS_BP_RET
496 PE_parse_boot_argn("bpret", &bp_ret, sizeof(bp_ret));
497 set_bp_ret(); // Apply branch predictor retention settings to boot CPU
498 #endif
499
500 PE_parse_boot_argn("immediate_NMI", &force_immediate_debug_halt, sizeof(force_immediate_debug_halt));
501
502 #if __ARM_PAN_AVAILABLE__
503 __builtin_arm_wsr("pan", 1);
504 #endif /* __ARM_PAN_AVAILABLE__ */
505
506 arm_vm_init(xmaxmem, args);
507
508 if (debug_boot_arg) {
509 patch_low_glo();
510 }
511
512 #if __arm64__ && WITH_CLASSIC_S2R
513 sleep_token_buffer_init();
514 #endif
515
516 PE_consistent_debug_inherit();
517
518 /* Setup debugging output. */
519 const unsigned int serial_exists = serial_init();
520 kernel_startup_initialize_upto(STARTUP_SUB_KPRINTF);
521 kprintf("kprintf initialized\n");
522
523 serialmode = 0;
524 if (PE_parse_boot_argn("serial", &serialmode, sizeof(serialmode))) {
525 /* Do we want a serial keyboard and/or console? */
526 kprintf("Serial mode specified: %08X\n", serialmode);
527 disable_iolog_serial_output = (serialmode & SERIALMODE_NO_IOLOG) != 0;
528 int force_sync = serialmode & SERIALMODE_SYNCDRAIN;
529 if (force_sync || PE_parse_boot_argn("drain_uart_sync", &force_sync, sizeof(force_sync))) {
530 if (force_sync) {
531 serialmode |= SERIALMODE_SYNCDRAIN;
532 kprintf(
533 "WARNING: Forcing uart driver to output synchronously."
534 "printf()s/IOLogs will impact kernel performance.\n"
535 "You are advised to avoid using 'drain_uart_sync' boot-arg.\n");
536 }
537 }
538 }
539 if (kern_feature_override(KF_SERIAL_OVRD)) {
540 serialmode = 0;
541 }
542
543 /* Start serial if requested and a serial device was enumerated in serial_init(). */
544 if ((serialmode & SERIALMODE_OUTPUT) && serial_exists) {
545 serial_console_enabled = true;
546 (void)switch_to_serial_console(); /* Switch into serial mode from video console */
547 disableConsoleOutput = FALSE; /* Allow printfs to happen */
548 }
549 PE_create_console();
550
551 /* setup console output */
552 PE_init_printf(FALSE);
553
554 #if __arm64__
555 #if DEBUG
556 dump_kva_space();
557 #endif
558 #endif
559
560 cpu_machine_idle_init(TRUE);
561
562 #if (__ARM_ARCH__ == 7)
563 if (arm_diag & 0x8000) {
564 set_mmu_control((get_mmu_control()) ^ SCTLR_PREDIC);
565 }
566 #endif
567
568 PE_init_platform(TRUE, &BootCpuData);
569
570 #if __arm64__
571 extern bool cpu_config_correct;
572 if (!cpu_config_correct) {
573 panic("The cpumask=N boot arg cannot be used together with cpus=N, and the boot CPU must be enabled");
574 }
575
576 ml_map_cpu_pio();
577 #endif
578
579 cpu_timebase_init(TRUE);
580
581 #if KPERF
582 /* kptimer_curcpu_up() must be called after cpu_timebase_init */
583 kptimer_curcpu_up();
584 #endif /* KPERF */
585
586 PE_init_cpu();
587 fiq_context_init(TRUE);
588
589
590 #if HIBERNATION
591 pal_hib_init();
592 #endif /* HIBERNATION */
593
594 /*
595 * gPhysBase/Size only represent kernel-managed memory. These globals represent
596 * the actual DRAM base address and size as reported by iBoot through the
597 * device tree.
598 */
599 DTEntry chosen;
600 unsigned int dt_entry_size;
601 unsigned long const *dram_base;
602 unsigned long const *dram_size;
603 if (SecureDTLookupEntry(NULL, "/chosen", &chosen) != kSuccess) {
604 panic("%s: Unable to find 'chosen' DT node", __FUNCTION__);
605 }
606
607 if (SecureDTGetProperty(chosen, "dram-base", (void const **)&dram_base, &dt_entry_size) != kSuccess) {
608 panic("%s: Unable to find 'dram-base' entry in the 'chosen' DT node", __FUNCTION__);
609 }
610
611 if (SecureDTGetProperty(chosen, "dram-size", (void const **)&dram_size, &dt_entry_size) != kSuccess) {
612 panic("%s: Unable to find 'dram-size' entry in the 'chosen' DT node", __FUNCTION__);
613 }
614
615 gDramBase = *dram_base;
616 gDramSize = *dram_size;
617
618 /*
619 * Initialize the stack protector for all future calls
620 * to C code. Since kernel_bootstrap() eventually
621 * switches stack context without returning through this
622 * function, we do not risk failing the check even though
623 * we mutate the guard word during execution.
624 */
625 __stack_chk_guard = (unsigned long)early_random();
626 /* Zero a byte of the protector to guard
627 * against string vulnerabilities
628 */
629 __stack_chk_guard &= ~(0xFFULL << 8);
630 machine_startup(args);
631 }
632
633 /*
634 * Routine: arm_init_cpu
635 * Function:
636 * Runs on S2R resume (all CPUs) and SMP boot (non-boot CPUs only).
637 */
638
639 void
arm_init_cpu(cpu_data_t * cpu_data_ptr)640 arm_init_cpu(
641 cpu_data_t *cpu_data_ptr)
642 {
643 #if __ARM_PAN_AVAILABLE__
644 __builtin_arm_wsr("pan", 1);
645 #endif
646
647 #ifdef __arm64__
648 configure_timer_apple_regs();
649 configure_misc_apple_regs();
650 #endif
651
652 cpu_data_ptr->cpu_flags &= ~SleepState;
653 #if defined(ARMA7)
654 cpu_data_ptr->cpu_CLW_active = 1;
655 #endif
656
657
658 machine_set_current_thread(cpu_data_ptr->cpu_active_thread);
659
660 #if HIBERNATION
661 if ((cpu_data_ptr == &BootCpuData) && (gIOHibernateState == kIOHibernateStateWakingFromHibernate)) {
662 // the "normal" S2R code captures wake_abstime too early, so on a hibernation resume we fix it up here
663 extern uint64_t wake_abstime;
664 wake_abstime = gIOHibernateCurrentHeader->lastHibAbsTime;
665
666 // since the hw clock stops ticking across hibernation, we need to apply an offset;
667 // iBoot computes this offset for us and passes it via the hibernation header
668 extern uint64_t hwclock_conttime_offset;
669 hwclock_conttime_offset = gIOHibernateCurrentHeader->hwClockOffset;
670
671 // during hibernation, we captured the idle thread's state from inside the PPL context, so we have to
672 // fix up its preemption count
673 unsigned int expected_preemption_count = (gEnforceQuiesceSafety ? 2 : 1);
674 if (cpu_data_ptr->cpu_active_thread->machine.preemption_count != expected_preemption_count) {
675 panic("unexpected preemption count %u on boot cpu thread (should be %u)",
676 cpu_data_ptr->cpu_active_thread->machine.preemption_count,
677 expected_preemption_count);
678 }
679 cpu_data_ptr->cpu_active_thread->machine.preemption_count--;
680 }
681 #endif /* HIBERNATION */
682
683 #if __arm64__
684 wfe_timeout_init();
685 pmap_clear_user_ttb();
686 flush_mmu_tlb();
687 #endif
688
689 cpu_machine_idle_init(FALSE);
690
691 cpu_init();
692
693 #if (__ARM_ARCH__ == 7)
694 if (arm_diag & 0x8000) {
695 set_mmu_control((get_mmu_control()) ^ SCTLR_PREDIC);
696 }
697 #endif
698 #ifdef APPLETYPHOON
699 if ((cpus_defeatures & (0xF << 4 * cpu_data_ptr->cpu_number)) != 0) {
700 cpu_defeatures_set((cpus_defeatures >> 4 * cpu_data_ptr->cpu_number) & 0xF);
701 }
702 #endif
703 /* Initialize the timebase before serial_init, as some serial
704 * drivers use mach_absolute_time() to implement rate control
705 */
706 cpu_timebase_init(FALSE);
707
708 #if KPERF
709 /* kptimer_curcpu_up() must be called after cpu_timebase_init */
710 kptimer_curcpu_up();
711 #endif /* KPERF */
712
713 if (cpu_data_ptr == &BootCpuData) {
714 #if __arm64__ && __ARM_GLOBAL_SLEEP_BIT__
715 /*
716 * Prevent CPUs from going into deep sleep until all
717 * CPUs are ready to do so.
718 */
719 arm64_stall_sleep = TRUE;
720 #endif
721 serial_init();
722 PE_init_platform(TRUE, NULL);
723 commpage_update_timebase();
724 }
725 PE_init_cpu();
726
727 fiq_context_init(TRUE);
728 cpu_data_ptr->rtcPop = EndOfAllTime;
729 timer_resync_deadlines();
730
731 #if DEVELOPMENT || DEBUG
732 PE_arm_debug_enable_trace();
733 #endif /* DEVELOPMENT || DEBUG */
734
735
736 kprintf("arm_cpu_init(): cpu %d online\n", cpu_data_ptr->cpu_number);
737
738 if (cpu_data_ptr == &BootCpuData) {
739 if (kdebug_enable == 0) {
740 __kdebug_only uint64_t elapsed = kdebug_wake();
741 KDBG(IOKDBG_CODE(DBG_HIBERNATE, 15), mach_absolute_time() - elapsed);
742 }
743
744 #if CONFIG_TELEMETRY
745 bootprofile_wake_from_sleep();
746 #endif /* CONFIG_TELEMETRY */
747 }
748 #if MONOTONIC && defined(__arm64__)
749 mt_wake_per_core();
750 #endif /* MONOTONIC && defined(__arm64__) */
751
752 #if defined(KERNEL_INTEGRITY_CTRR)
753 if (ctrr_cluster_locked[cpu_data_ptr->cpu_cluster_id] != CTRR_LOCKED) {
754 lck_spin_lock(&ctrr_cpu_start_lck);
755 ctrr_cluster_locked[cpu_data_ptr->cpu_cluster_id] = CTRR_LOCKED;
756 thread_wakeup(&ctrr_cluster_locked[cpu_data_ptr->cpu_cluster_id]);
757 lck_spin_unlock(&ctrr_cpu_start_lck);
758 }
759 #endif
760
761 slave_main(NULL);
762 }
763
764 /*
765 * Routine: arm_init_idle_cpu
766 * Function: Resume from non-retention WFI. Called from the reset vector.
767 */
768 void __attribute__((noreturn))
arm_init_idle_cpu(cpu_data_t * cpu_data_ptr)769 arm_init_idle_cpu(
770 cpu_data_t *cpu_data_ptr)
771 {
772 #if __ARM_PAN_AVAILABLE__
773 __builtin_arm_wsr("pan", 1);
774 #endif
775 #if defined(ARMA7)
776 cpu_data_ptr->cpu_CLW_active = 1;
777 #endif
778
779 machine_set_current_thread(cpu_data_ptr->cpu_active_thread);
780
781 #if __arm64__
782 wfe_timeout_init();
783 pmap_clear_user_ttb();
784 flush_mmu_tlb();
785 /* Enable asynchronous exceptions */
786 __builtin_arm_wsr("DAIFClr", DAIFSC_ASYNCF);
787 #endif
788
789 #if (__ARM_ARCH__ == 7)
790 if (arm_diag & 0x8000) {
791 set_mmu_control((get_mmu_control()) ^ SCTLR_PREDIC);
792 }
793 #endif
794 #ifdef APPLETYPHOON
795 if ((cpus_defeatures & (0xF << 4 * cpu_data_ptr->cpu_number)) != 0) {
796 cpu_defeatures_set((cpus_defeatures >> 4 * cpu_data_ptr->cpu_number) & 0xF);
797 }
798 #endif
799
800 /*
801 * Update the active debug object to reflect that debug registers have been reset.
802 * This will force any thread with active debug state to resync the debug registers
803 * if it returns to userspace on this CPU.
804 */
805 if (cpu_data_ptr->cpu_user_debug != NULL) {
806 arm_debug_set(NULL);
807 }
808
809 fiq_context_init(FALSE);
810
811 cpu_idle_exit(TRUE);
812 }
813