-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path0005-haoc-kernel.patch
More file actions
13472 lines (12850 loc) · 401 KB
/
0005-haoc-kernel.patch
File metadata and controls
13472 lines (12850 loc) · 401 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
From 099672494b5fbd626031f313bbdbc42d1eb3f02d Mon Sep 17 00:00:00 2001
From: liuzh <liuzhh@zgclab.edu.cn>
Date: Wed, 22 May 2024 16:36:55 +0800
Subject: [PATCH] Squashed commit of the following:
commit 909ad06b3bf629d9af4e143347c1d1ef8a3a5808
Author: liuzh <liuzhh@zgclab.edu.cn>
Date: Wed May 22 16:23:13 2024 +0800
fix mte_sync_tags() parameters after rebase to 6.6.0-27.0.0.
commit 1cbf51371b0539a45f816419b2da82cf36162b4a
Author: ljl <ljl2013@163.com>
Date: Mon Mar 25 08:01:32 2024 +0000
IEE SI: Removed redundant codes.
commit 0178bfc79ad1769a36f4165348a671d2182cff55
Author: zhangsy <zhangshiyang17@mails.ucas.ac.cn>
Date: Mon Mar 25 11:01:11 2024 +0800
Fix bugs on qemu when opening CONFIG_CREDP.
commit 8e714f6e8f2ace5a6fc900b4bce6b03c83c41870
Author: ljl <ljl2013@163.com>
Date: Thu Mar 21 04:44:26 2024 +0000
IEE SI: Remove PAN operations as BTLB BUG is already fixed.
commit 7b5fc74cb99e377d3bc59da81612cd6f3dd8a4d8
Author: ljl <lvjinglin2013@163.com>
Date: Wed Mar 20 18:31:47 2024 +0800
IEE SI: Migration of iee rwx gate.
commit aad2c7e89c9c4ad8ff0fb3ee53cd1b974144a283
Author: liuzh <liuzhh@zgclab.edu.cn>
Date: Mon Mar 18 15:32:43 2024 +0800
modify slub.c set_track_prepare()
commit 7452bac06ec09bf8321dfdbfb8b6a429d2cd8637
Author: zhangsy <zhangshiyang17@mails.ucas.ac.cn>
Date: Thu Mar 21 11:26:19 2024 +0800
Set pgd of lm Privileged.
commit 33934cfc3eed798a3a687bf86c6bd92697e68ba9
Author: zhangsy <zhangshiyang17@mails.ucas.ac.cn>
Date: Tue Mar 19 17:14:32 2024 +0800
Delete some redundant code and put trans_pgd into IEE.
commit 2bfe9008a72f8b8ac237bc7a5f99f9d40e84c247
Author: zhangshiyang17@mails.ucas.ac.cn <zhangshiyang17@mails.ucas.ac.cn>
Date: Mon Mar 18 11:47:50 2024 +0000
Fix bugs on physical when opening CONFIG_IEE and CONFIG_PTP.
commit dafa2df600757511ce3e8f178e05e28adabdf39b
Author: zhangsy <zhangshiyang17@mails.ucas.ac.cn>
Date: Mon Mar 18 10:40:42 2024 +0800
Fix bugs on qemu when opening CONFIG_IEE and CONFIG_PTP.
commit 9231a9f6b34c62090b5f202c9c64a52bfdac7a73
Author: zhangsy <zhangshiyang17@mails.ucas.ac.cn>
Date: Thu Mar 14 16:34:53 2024 +0800
Fix compiling bugs of CONFIG_PTP.
commit 6469df3bcce32896c2cb297d3cd7ead82c33f35d
Author: zhangsy <zhangshiyang17@mails.ucas.ac.cn>
Date: Thu Mar 14 11:10:00 2024 +0800
Fix bugs on qemu when opening CONFIG_IEE and CONFIG_INTERRUPTABLE.
commit 5f1773dada622a3514c9ed6aa72dd50e918f2664
Author: zhangsy <zhangshiyang17@mails.ucas.ac.cn>
Date: Wed Mar 13 17:31:39 2024 +0800
Fix bugs on qemu when opening CONFIG_IEE.
commit 73f433a093fa84cffa5e11e86bed6f17c9b30a39
Author: liuzh <liuzhh@zgclab.edu.cn>
Date: Tue Mar 12 15:32:29 2024 +0800
fix the map of IEE_SI_TEXT.
commit 9b92deb4b2338093d9b04f4b81f162855b31c983
Author: liuzh <liuzhh@zgclab.edu.cn>
Date: Sun Mar 10 16:11:13 2024 +0800
modified to be able to compile.
can start the kernel with qemu and successfully reach `start_kernel()`.
commit e892ec4790d72e9433b48b0221e7e6dc4c361dd9
Author: liuzh <liuzhh@zgclab.edu.cn>
Date: Thu Mar 7 14:27:45 2024 +0800
fix some conflicts
commit fdec7e39345e81e867e01258487f88801b790b02
Author: liuzh <liuzhh@zgclab.edu.cn>
Date: Wed Mar 6 12:31:11 2024 +0800
migrate openeuler-commit code. (need some fix before compiling)
---
Makefile | 3 +-
arch/arm64/Kconfig | 18 +
arch/arm64/include/asm/assembler.h | 67 +
arch/arm64/include/asm/daifflags.h | 16 +
arch/arm64/include/asm/efi.h | 4 +
arch/arm64/include/asm/fixmap.h | 3 +
arch/arm64/include/asm/hw_breakpoint.h | 12 +
arch/arm64/include/asm/iee-access.h | 36 +
arch/arm64/include/asm/iee-cred.h | 150 ++
arch/arm64/include/asm/iee-def.h | 74 +
arch/arm64/include/asm/iee-si.h | 64 +
arch/arm64/include/asm/iee-slab.h | 23 +
arch/arm64/include/asm/iee-token.h | 40 +
arch/arm64/include/asm/iee.h | 10 +
arch/arm64/include/asm/kernel-pgtable.h | 21 +
arch/arm64/include/asm/koi.h | 335 +++++
arch/arm64/include/asm/memory.h | 24 +
arch/arm64/include/asm/mmu_context.h | 20 +
arch/arm64/include/asm/pgalloc.h | 4 +
arch/arm64/include/asm/pgtable-hwdef.h | 11 +
arch/arm64/include/asm/pgtable.h | 304 +++-
arch/arm64/include/asm/pointer_auth.h | 5 +
arch/arm64/include/asm/sysreg.h | 58 +
arch/arm64/include/asm/tlb.h | 9 +
arch/arm64/include/asm/tlbflush.h | 58 +-
arch/arm64/kernel/Makefile | 2 +
arch/arm64/kernel/armv8_deprecated.c | 16 +
arch/arm64/kernel/asm-offsets.c | 11 +
arch/arm64/kernel/cpu_errata.c | 12 +
arch/arm64/kernel/cpufeature.c | 79 +
arch/arm64/kernel/debug-monitors.c | 4 +
arch/arm64/kernel/entry-common.c | 4 +
arch/arm64/kernel/entry.S | 611 ++++++++
arch/arm64/kernel/fpsimd.c | 4 +
arch/arm64/kernel/head.S | 56 +
arch/arm64/kernel/hibernate.c | 14 +
arch/arm64/kernel/hw_breakpoint.c | 99 ++
arch/arm64/kernel/iee/Makefile | 1 +
arch/arm64/kernel/iee/iee-func.c | 187 +++
arch/arm64/kernel/iee/iee-gate.S | 174 +++
arch/arm64/kernel/iee/iee.c | 1360 +++++++++++++++++
arch/arm64/kernel/koi/Makefile | 1 +
arch/arm64/kernel/koi/koi.c | 1327 +++++++++++++++++
arch/arm64/kernel/mte.c | 5 +
arch/arm64/kernel/process.c | 19 +-
arch/arm64/kernel/proton-pack.c | 8 +
arch/arm64/kernel/setup.c | 33 +
arch/arm64/kernel/traps.c | 26 +
arch/arm64/kernel/vmlinux.lds.S | 61 +
arch/arm64/mm/context.c | 91 +-
arch/arm64/mm/fault.c | 9 +
arch/arm64/mm/fixmap.c | 74 +-
arch/arm64/mm/init.c | 34 +
arch/arm64/mm/mmu.c | 1780 +++++++++++++++++++----
arch/arm64/mm/pgd.c | 39 +
arch/arm64/mm/proc.S | 28 +
arch/arm64/mm/trans_pgd.c | 46 +
drivers/firmware/efi/arm-runtime.c | 4 +
drivers/firmware/efi/memmap.c | 20 +
drivers/tty/serial/earlycon.c | 4 +
drivers/usb/early/ehci-dbgp.c | 4 +
fs/coredump.c | 8 +
fs/exec.c | 20 +
fs/nfs/flexfilelayout/flexfilelayout.c | 9 +
fs/nfs/nfs4idmap.c | 9 +
fs/nfsd/auth.c | 38 +
fs/nfsd/nfs4callback.c | 12 +-
fs/nfsd/nfs4recover.c | 9 +
fs/nfsd/nfsfh.c | 9 +
fs/open.c | 26 +
fs/overlayfs/dir.c | 9 +
fs/overlayfs/super.c | 12 +
fs/smb/client/cifs_spnego.c | 9 +
fs/smb/client/cifsacl.c | 9 +
include/asm-generic/early_ioremap.h | 3 +
include/asm-generic/fixmap.h | 18 +
include/asm-generic/pgalloc.h | 54 +
include/asm-generic/vmlinux.lds.h | 24 +-
include/linux/cred.h | 45 +-
include/linux/efi.h | 9 +
include/linux/iee-func.h | 27 +
include/linux/module.h | 1 +
include/linux/sched.h | 19 +
init/main.c | 28 +-
kernel/cred.c | 182 +++
kernel/exit.c | 8 +
kernel/fork.c | 316 ++--
kernel/groups.c | 7 +
kernel/kthread.c | 13 +
kernel/smpboot.c | 9 +
kernel/sys.c | 107 ++
kernel/umh.c | 10 +
kernel/user_namespace.c | 18 +
mm/Kconfig | 12 +
mm/damon/ops-common.c | 1 +
mm/debug_vm_pgtable.c | 24 +
mm/early_ioremap.c | 57 +
mm/huge_memory.c | 30 +-
mm/init-mm.c | 17 +
mm/memory.c | 14 +
mm/slub.c | 198 ++-
mm/sparse-vmemmap.c | 21 +
mm/vmalloc.c | 2 +-
net/dns_resolver/dns_key.c | 9 +
security/commoncap.c | 169 +++
security/keys/keyctl.c | 23 +
security/keys/process_keys.c | 53 +
security/security.c | 15 +
109 files changed, 8945 insertions(+), 397 deletions(-)
create mode 100644 arch/arm64/include/asm/iee-access.h
create mode 100644 arch/arm64/include/asm/iee-cred.h
create mode 100644 arch/arm64/include/asm/iee-def.h
create mode 100644 arch/arm64/include/asm/iee-si.h
create mode 100644 arch/arm64/include/asm/iee-slab.h
create mode 100644 arch/arm64/include/asm/iee-token.h
create mode 100644 arch/arm64/include/asm/iee.h
create mode 100644 arch/arm64/include/asm/koi.h
create mode 100644 arch/arm64/kernel/iee/Makefile
create mode 100644 arch/arm64/kernel/iee/iee-func.c
create mode 100644 arch/arm64/kernel/iee/iee-gate.S
create mode 100644 arch/arm64/kernel/iee/iee.c
create mode 100644 arch/arm64/kernel/koi/Makefile
create mode 100644 arch/arm64/kernel/koi/koi.c
create mode 100644 include/linux/iee-func.h
diff --git a/Makefile b/Makefile
index 8e6d9b894b1e..20c367b5957d 100644
--- a/Makefile
+++ b/Makefile
@@ -554,7 +554,7 @@ LINUXINCLUDE := \
-I$(objtree)/include \
$(USERINCLUDE)
-KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE
+KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE -march=armv8.1-a
KBUILD_CFLAGS :=
KBUILD_CFLAGS += -std=gnu11
@@ -563,6 +563,7 @@ KBUILD_CFLAGS += -funsigned-char
KBUILD_CFLAGS += -fno-common
KBUILD_CFLAGS += -fno-PIE
KBUILD_CFLAGS += -fno-strict-aliasing
+KBUILD_CFLAGS += -march=armv8.1-a
KBUILD_CPPFLAGS := -D__KERNEL__
KBUILD_RUSTFLAGS := $(rust_common_flags) \
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 2a875546bdc7..7448afc90c0a 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1730,6 +1730,24 @@ config UNMAP_KERNEL_AT_EL0
If unsure, say Y.
+# Config for iee
+config IEE
+ depends on ARM64
+ depends on ARM64_PAN
+ depends on ARM64_VA_BITS_48
+ depends on ARM64_4K_PAGES
+ def_bool y
+
+# Config for support of interruption of iee
+config IEE_INTERRUPTABLE
+ depends on IEE
+ def_bool n
+
+# Config for credentials isolation
+config CREDP
+ depends on IEE
+ def_bool y
+
config MITIGATE_SPECTRE_BRANCH_HISTORY
bool "Mitigate Spectre style attacks against branch history" if EXPERT
default y
diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
index 38b23786aeb4..6af10d509c2e 100644
--- a/arch/arm64/include/asm/assembler.h
+++ b/arch/arm64/include/asm/assembler.h
@@ -26,6 +26,41 @@
#include <asm/ptrace.h>
#include <asm/thread_info.h>
+#ifdef CONFIG_IEE
+ .macro iee_si_restore_daif, flags:req
+ msr daifclr, #0xf
+ tbnz \flags, #6, 114221f
+ tbnz \flags, #7, 114210f
+ tbnz \flags, #8, 114100f
+ msr daifset, #0b000
+ b 114514f
+114221:
+ tbnz \flags, #7, 114211f
+ tbnz \flags, #8, 114101f
+ msr daifset, #0b001
+ b 114514f
+114211:
+ tbnz \flags, #8, 114111f
+ msr daifset, #0b011
+ b 114514f
+114210:
+ tbnz \flags, #8, 114110f
+ msr daifset, #0b010
+ b 114514f
+114100:
+ msr daifset, #0b100
+ b 114514f
+114101:
+ msr daifset, #0b101
+ b 114514f
+114110:
+ msr daifset, #0b110
+ b 114514f
+114111:
+ msr daifset, #0b111
+114514:
+ .endm
+#endif
/*
* Provide a wxN alias for each wN register so what we can paste a xN
* reference after a 'w' to obtain the 32-bit version.
@@ -52,7 +87,11 @@ alternative_else_nop_endif
.macro disable_daif
disable_allint
+// #ifdef CONFIG_IEE
+// msr daifset, #0x7
+// #else
msr daifset, #0xf
+// #endif
.endm
.macro enable_daif
@@ -69,7 +108,11 @@ alternative_else_nop_endif
.endm
.macro restore_irq, flags
+// #ifdef CONFIG_IEE
+// iee_si_restore_daif \flags
+// #else
msr daif, \flags
+// #endif
.endm
.macro enable_dbg
@@ -77,20 +120,44 @@ alternative_else_nop_endif
.endm
.macro disable_step_tsk, flgs, tmp
+// #ifdef CONFIG_IEE
+// 1145:
+// tbz \flgs, #TIF_SINGLESTEP, 9990f
+// mrs \tmp, mdscr_el1
+// bic \tmp, \tmp, #DBG_MDSCR_SS
+// orr \tmp, \tmp, #DBG_MDSCR_MDE
+// msr mdscr_el1, \tmp
+// isb // Synchronise with enable_dbg
+// mrs \tmp, mdscr_el1
+// tbz \tmp, #15, 1145b
+// #else
tbz \flgs, #TIF_SINGLESTEP, 9990f
mrs \tmp, mdscr_el1
bic \tmp, \tmp, #DBG_MDSCR_SS
msr mdscr_el1, \tmp
isb // Synchronise with enable_dbg
+// #endif
9990:
.endm
/* call with daif masked */
.macro enable_step_tsk, flgs, tmp
+// #ifdef CONFIG_IEE
+// 1146:
+// tbz \flgs, #TIF_SINGLESTEP, 9990f
+// mrs \tmp, mdscr_el1
+// orr \tmp, \tmp, #DBG_MDSCR_SS
+// orr \tmp, \tmp, #DBG_MDSCR_MDE
+// msr mdscr_el1, \tmp
+// isb // Synchronise with enable_dbg
+// mrs \tmp, mdscr_el1
+// tbz \tmp, #15, 1146b
+// #else
tbz \flgs, #TIF_SINGLESTEP, 9990f
mrs \tmp, mdscr_el1
orr \tmp, \tmp, #DBG_MDSCR_SS
msr mdscr_el1, \tmp
+// #endif
9990:
.endm
diff --git a/arch/arm64/include/asm/daifflags.h b/arch/arm64/include/asm/daifflags.h
index 2417cc6b1631..cb5b4c2e03b8 100644
--- a/arch/arm64/include/asm/daifflags.h
+++ b/arch/arm64/include/asm/daifflags.h
@@ -26,11 +26,19 @@ static inline void local_daif_mask(void)
(read_sysreg_s(SYS_ICC_PMR_EL1) == (GIC_PRIO_IRQOFF |
GIC_PRIO_PSR_I_SET)));
+// #ifdef CONFIG_IEE
+// asm volatile(
+// "msr daifset, #0x7 // local_daif_mask\n"
+// :
+// :
+// : "memory");
+// #else
asm volatile(
"msr daifset, #0xf // local_daif_mask\n"
:
:
: "memory");
+// #endif
/* Don't really care for a dsb here, we don't intend to enable IRQs */
if (system_uses_irq_prio_masking())
@@ -118,7 +126,11 @@ static inline void local_daif_restore(unsigned long flags)
gic_write_pmr(pmr);
}
+// #ifdef CONFIG_IEE
+// iee_si_write_daif(flags);
+// #else
write_sysreg(flags, daif);
+// #endif
/* If we can take asynchronous errors we can take NMIs */
if (system_uses_nmi()) {
@@ -151,7 +163,11 @@ static inline void local_daif_inherit(struct pt_regs *regs)
* system_has_prio_mask_debugging() won't restore the I bit if it can
* use the pmr instead.
*/
+// #ifdef CONFIG_IEE
+// iee_si_write_daif(flags);
+// #else
write_sysreg(flags, daif);
+// #endif
/* The ALLINT field is at the same position in pstate and ALLINT */
if (system_uses_nmi()) {
diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h
index bcd5622aa096..76c4bd6c2b20 100644
--- a/arch/arm64/include/asm/efi.h
+++ b/arch/arm64/include/asm/efi.h
@@ -58,7 +58,11 @@ void arch_efi_call_virt_teardown(void);
#define arch_efi_save_flags(state_flags) \
((void)((state_flags) = read_sysreg(daif)))
+// #ifdef CONFIG_IEE
+// #define arch_efi_restore_flags(state_flags) iee_si_write_daif(state_flags)
+// #else
#define arch_efi_restore_flags(state_flags) write_sysreg(state_flags, daif)
+// #endif
/* arch specific definitions used by the stub code */
diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
index 58c294a96676..095a0731dce3 100644
--- a/arch/arm64/include/asm/fixmap.h
+++ b/arch/arm64/include/asm/fixmap.h
@@ -108,6 +108,9 @@ void __init fixmap_copy(pgd_t *pgdir);
#define __late_clear_fixmap(idx) __set_fixmap((idx), 0, FIXMAP_PAGE_CLEAR)
extern void __set_fixmap(enum fixed_addresses idx, phys_addr_t phys, pgprot_t prot);
+#ifdef CONFIG_PTP
+extern void __iee_set_fixmap_pre_init(enum fixed_addresses idx, phys_addr_t phys, pgprot_t prot);
+#endif
#include <asm-generic/fixmap.h>
diff --git a/arch/arm64/include/asm/hw_breakpoint.h b/arch/arm64/include/asm/hw_breakpoint.h
index 84055329cd8b..f72d89bb9a32 100644
--- a/arch/arm64/include/asm/hw_breakpoint.h
+++ b/arch/arm64/include/asm/hw_breakpoint.h
@@ -104,6 +104,18 @@ static inline void decode_ctrl_reg(u32 reg,
write_sysreg(VAL, dbg##REG##N##_el1);\
} while (0)
+#ifdef CONFIG_IEE
+#define IEE_SI_AARCH64_DBG_READ(N, REG, VAL) do{\
+ VAL = this_cpu_read(iee_si_user_##REG##N);\
+} while (0)
+
+#define IEE_SI_AARCH64_DBG_WRITE(N, REG, VAL) do{\
+ u64 __val = (u64)(VAL); \
+ this_cpu_write(iee_si_user_##REG##N, __val);\
+ iee_rwx_gate_entry(IEE_WRITE_AFSR0);\
+} while (0)
+#endif
+
struct task_struct;
struct notifier_block;
struct perf_event_attr;
diff --git a/arch/arm64/include/asm/iee-access.h b/arch/arm64/include/asm/iee-access.h
new file mode 100644
index 000000000000..79604c21a510
--- /dev/null
+++ b/arch/arm64/include/asm/iee-access.h
@@ -0,0 +1,36 @@
+#ifndef _LINUX_IEE_ACCESS_H
+#define _LINUX_IEE_ACCESS_H
+
+#include <asm/iee-def.h>
+#include <asm/iee-slab.h>
+
+extern unsigned long long iee_rw_gate(int flag, ...);
+
+#ifdef CONFIG_IEE
+void iee_write_in_byte(void *ptr, u64 data, int length)
+{
+ iee_rw_gate(IEE_WRITE_IN_BYTE, ptr, data, length);
+}
+
+void iee_memset(void *ptr, int data, size_t n)
+{
+ iee_rw_gate(IEE_MEMSET, ptr, data, n);
+}
+
+void iee_set_track(struct track *ptr, struct track *data)
+{
+ iee_rw_gate(IEE_OP_SET_TRACK, ptr, data);
+}
+
+void iee_set_freeptr(freeptr_t *pptr, freeptr_t ptr)
+{
+ iee_rw_gate(IEE_OP_SET_FREEPTR, pptr, ptr);
+}
+
+void iee_write_entry_task(struct task_struct *tsk)
+{
+ iee_rw_gate(IEE_WRITE_ENTRY_TASK, tsk);
+}
+#endif
+
+#endif
\ No newline at end of file
diff --git a/arch/arm64/include/asm/iee-cred.h b/arch/arm64/include/asm/iee-cred.h
new file mode 100644
index 000000000000..b8c3bb53f98a
--- /dev/null
+++ b/arch/arm64/include/asm/iee-cred.h
@@ -0,0 +1,150 @@
+#ifndef _LINUX_IEE_CRED_H
+#define _LINUX_IEE_CRED_H
+
+#include <linux/cred.h>
+#include <asm/iee-def.h>
+
+extern unsigned long long iee_rw_gate(int flag, ...);
+
+#ifdef CONFIG_CREDP
+static void __maybe_unused iee_copy_cred(const struct cred *old, struct cred *new)
+{
+ iee_rw_gate(IEE_OP_COPY_CRED,old,new);
+}
+
+static void __maybe_unused iee_set_cred_uid(struct cred *cred, kuid_t uid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_UID,cred,uid);
+}
+
+static void __maybe_unused iee_set_cred_gid(struct cred *cred, kgid_t gid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_GID,cred,gid);
+}
+
+static void __maybe_unused iee_set_cred_suid(struct cred *cred, kuid_t suid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_SUID,cred,suid);
+}
+
+static void __maybe_unused iee_set_cred_sgid(struct cred *cred, kgid_t sgid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_SGID,cred,sgid);
+}
+
+static void __maybe_unused iee_set_cred_euid(struct cred *cred, kuid_t euid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_EUID,cred,euid);
+}
+
+static void __maybe_unused iee_set_cred_egid(struct cred *cred, kgid_t egid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_EGID,cred,egid);
+}
+
+static void __maybe_unused iee_set_cred_fsuid(struct cred *cred, kuid_t fsuid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_FSUID,cred,fsuid);
+}
+
+static void __maybe_unused iee_set_cred_fsgid(struct cred *cred, kgid_t fsgid)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_FSGID,cred,fsgid);
+}
+
+static void __maybe_unused iee_set_cred_user(struct cred *cred, struct user_struct *user)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_USER,cred,user);
+}
+
+static void __maybe_unused iee_set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_USER_NS,cred,user_ns);
+}
+
+static void __maybe_unused iee_set_cred_ucounts(struct cred *cred, struct ucounts *ucounts)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_UCOUNTS,cred,ucounts);
+}
+
+static void __maybe_unused iee_set_cred_group_info(struct cred *cred, struct group_info *group_info)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_GROUP_INFO,cred,group_info);
+}
+
+static void __maybe_unused iee_set_cred_securebits(struct cred *cred, unsigned securebits)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_SECUREBITS,cred,securebits);
+}
+
+static void __maybe_unused iee_set_cred_cap_inheritable(struct cred *cred, kernel_cap_t cap_inheritable)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_CAP_INHER,cred,cap_inheritable);
+}
+
+static void __maybe_unused iee_set_cred_cap_permitted(struct cred *cred, kernel_cap_t cap_permitted)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_CAP_PERM,cred,cap_permitted);
+}
+
+static void __maybe_unused iee_set_cred_cap_effective(struct cred *cred, kernel_cap_t cap_effective)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_CAP_EFFECT,cred,cap_effective);
+}
+
+static void __maybe_unused iee_set_cred_cap_bset(struct cred *cred, kernel_cap_t cap_bset)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_CAP_BSET,cred,cap_bset);
+}
+
+static void __maybe_unused iee_set_cred_cap_ambient(struct cred *cred, kernel_cap_t cap_ambient)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_CAP_AMBIENT,cred,cap_ambient);
+}
+
+#ifdef CONFIG_KEYS
+static void __maybe_unused iee_set_cred_jit_keyring(struct cred *cred, unsigned char jit_keyring)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_JIT_KEYRING,cred,jit_keyring);
+}
+
+static void __maybe_unused iee_set_cred_session_keyring(struct cred *cred, struct key *session_keyring)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_SESS_KEYRING,cred,session_keyring);
+}
+
+static void __maybe_unused iee_set_cred_process_keyring(struct cred *cred, struct key *process_keyring)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_PROC_KEYRING,cred,process_keyring);
+}
+
+static void __maybe_unused iee_set_cred_thread_keyring(struct cred *cred, struct key *thread_keyring)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_THREAD_KEYRING,cred,thread_keyring);
+}
+
+static void __maybe_unused iee_set_cred_request_key_auth(struct cred *cred, struct key *request_key_auth)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_REQ_KEYRING,cred,request_key_auth);
+}
+#endif
+
+static void __maybe_unused iee_set_cred_atomic_set_usage(struct cred *cred, int i)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_ATSET_USAGE,cred,i);
+}
+
+#ifdef CONFIG_SECURITY
+static void __maybe_unused iee_set_cred_security(struct cred *cred, void *security)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_SECURITY,cred,security);
+}
+#endif
+
+static void __maybe_unused iee_set_cred_rcu(struct cred *cred, struct rcu_head *rcu)
+{
+ iee_rw_gate(IEE_OP_SET_CRED_RCU,cred,rcu);
+}
+#endif
+
+#endif
\ No newline at end of file
diff --git a/arch/arm64/include/asm/iee-def.h b/arch/arm64/include/asm/iee-def.h
new file mode 100644
index 000000000000..76e59259e4d1
--- /dev/null
+++ b/arch/arm64/include/asm/iee-def.h
@@ -0,0 +1,74 @@
+// Function Identifiers with Parameters Description
+
+#define IEE_WRITE_IN_BYTE 0 // Parameters: void *ptr, __u64 data, int length
+#define IEE_OP_SET_PTE 1 // Parameters: pte_t *ptep, pte_t pte
+#define IEE_OP_SET_PMD 2 // Parameters: pmd_t *pmdp, pmd_t pmd
+#define IEE_OP_SET_PUD 3 // Parameters: pud_t *pudp, pud_t pud
+#define IEE_OP_SET_P4D 4 // Parameters: p4d_t *p4dp, p4d_t p4d
+#define IEE_OP_SET_BM_PTE 5 // Parameters: pte_t *ptep, pte_t pte
+#define IEE_OP_SET_SWAPPER_PGD 6 // Parameters: pgd_t *pgdp, pgd_t pgd
+#define IEE_OP_SET_TRAMP_PGD 7 // Parameters: pgd_t *pgdp, pgd_t pgd
+#define IEE_OP_SET_CMPXCHG 8 // Parameters: pte_t *ptep, pteval_t old_pteval, pteval_t new_pteval
+#define IEE_OP_SET_XCHG 9 // Parameters: pte_t *ptep, pteval_t pteval
+#define IEE_OP_COPY_CRED 10 // Parameters: struct cred *old, struct cred *new
+#define IEE_OP_SET_CRED_UID 11 // Parameters: struct cred *cred, kuid_t uid
+#define IEE_OP_SET_CRED_GID 12 // Parameters: struct cred *cred, kgid_t gid
+#define IEE_OP_SET_CRED_SUID 13 // Parameters: struct cred *cred, kuid_t suid
+#define IEE_OP_SET_CRED_SGID 14 // Parameters: struct cred *cred, kgid_t sgid
+#define IEE_OP_SET_CRED_EUID 15 // Parameters: struct cred *cred, kuid_t euid
+#define IEE_OP_SET_CRED_EGID 16 // Parameters: struct cred *cred, kgid_t egid
+#define IEE_OP_SET_CRED_FSUID 17 // Parameters: struct cred *cred, kuid_t fsuid
+#define IEE_OP_SET_CRED_FSGID 18 // Parameters: struct cred *cred, kgid_t fsgid
+#define IEE_OP_SET_CRED_USER 19 // Parameters: struct cred *cred, struct user_struct *user
+#define IEE_OP_SET_CRED_USER_NS 20 // Parameters: struct cred *cred, struct user_namespace *user_ns
+#define IEE_OP_SET_CRED_GROUP_INFO 21 // Parameters: struct cred *cred, struct group_info *group_info
+#define IEE_OP_SET_CRED_SECUREBITS 22 // Parameters: struct cred *cred, unsigned securebits
+#define IEE_OP_SET_CRED_CAP_INHER 23 // Parameters: struct cred *cred, kernel_cap_t cap_inheritable
+#define IEE_OP_SET_CRED_CAP_PERM 24 // Parameters: struct cred *cred, kernel_cap_t cap_permitted
+#define IEE_OP_SET_CRED_CAP_EFFECT 25 // Parameters: struct cred *cred, kernel_cap_t cap_effective
+#define IEE_OP_SET_CRED_CAP_BSET 26 // Parameters: struct cred *cred, kernel_cap_t cap_bset
+#define IEE_OP_SET_CRED_CAP_AMBIENT 27 // Parameters: struct cred *cred, kernel_cap_t cap_ambient
+#define IEE_OP_SET_CRED_JIT_KEYRING 28 // Parameters: struct cred *cred, unsigned char jit_keyring
+#define IEE_OP_SET_CRED_SESS_KEYRING 29 // Parameters: struct cred *cred, struct key *session_keyring
+#define IEE_OP_SET_CRED_PROC_KEYRING 30 // Parameters: struct cred *cred, struct key *process_keyring
+#define IEE_OP_SET_CRED_THREAD_KEYRING 31 // Parameters: struct cred *cred, struct key *thread_keyring
+#define IEE_OP_SET_CRED_REQ_KEYRING 32 // Parameters: struct cred *cred, struct key *request_key_auth
+#define IEE_OP_SET_CRED_NON_RCU 33 // Parameters: struct cred *cred, int non_rcu
+#define IEE_OP_SET_CRED_ATSET_USAGE 34 // Parameters: struct cred *cred, int i
+#define IEE_OP_SET_CRED_ATOP_USAGE 35 // Parameters: struct cred *cred, int flag
+#define IEE_OP_SET_CRED_SECURITY 36 // Parameters: struct cred *cred, void *security
+#define IEE_OP_SET_CRED_RCU 37 // Parameters: struct cred *cred, struct rcu_head *rcu
+#define IEE_MEMSET 38 // Parameters: void *ptr, int data, size_t n
+#define IEE_OP_SET_TRACK 39 // Parameters: struct track *ptr, struct track *data
+#define IEE_OP_SET_FREEPTR 40 // Parameters: void **pptr, void *ptr
+#define IEE_OP_SET_PTE_U 41 // Parameters: pte_t *ptep, pte_t pte
+#define IEE_OP_SET_PTE_P 42 // Parameters: pte_t *ptep, pte_t pte
+#define IEE_SET_TOKEN_MM 43 // Parameters: struct task_token *token, struct mm_struct *mm
+#define IEE_SET_TOKEN_PGD 44 // Parameters: struct task_token *token, pgd_t *pgd
+#define IEE_INIT_TOKEN 45 // Parameters: struct task_struct *tsk, void *kernel_stack, void *iee_stack
+#define IEE_FREE_TOKEN 46 // Parameters: struct task_struct *tsk
+#define IEE_READ_TOKEN_STACK 47 // Parameters: struct task_struct *tsk
+#define IEE_WRITE_ENTRY_TASK 48 // Parameters: struct task_struct *tsk
+#define IEE_OP_SET_CRED_UCOUNTS 49 // Parameters: struct cred *cred, struct ucounts *ucounts
+#ifdef CONFIG_KOI
+#define IEE_READ_KOI_STACK 50 // Parameters: struct task_struct *tsk
+#define IEE_WRITE_KOI_STACK 51 // Parameters: struct task_struct *tsk, unsigned long koi_stack
+#define IEE_READ_TOKEN_TTBR1 52 // Parameters: struct task_struct *tsk
+#define IEE_WRITE_TOKEN_TTBR1 53 // Parameters: struct task_struct *tsk, unsigned long current_ttbr1
+#define IEE_READ_KOI_KERNEL_STACK 54 // Parameters: struct task_struct *tsk
+#define IEE_WRITE_KOI_KERNEL_STACK 55 // Parameters: struct task_struct *tsk, unsigned long kernel_stack
+#define IEE_READ_KOI_STACK_BASE 56 // Parameters: struct task_struct *tsk
+#define IEE_WRITE_KOI_STACK_BASE 57 // Parameters: struct task_struct *tsk, unsigned long koi_stack_base
+#endif
+
+/* Add new IEE ops here */
+
+#define AT_ADD 1
+#define AT_INC_NOT_ZERO 2
+#define AT_SUB_AND_TEST 3
+/* Atomic ops for atomic_t */
+
+#ifdef CONFIG_KOI
+#define IEE_SWITCH_TO_KERNEL 7
+#define IEE_SWITCH_TO_KOI 8
+#endif
\ No newline at end of file
diff --git a/arch/arm64/include/asm/iee-si.h b/arch/arm64/include/asm/iee-si.h
new file mode 100644
index 000000000000..e67d81db66a5
--- /dev/null
+++ b/arch/arm64/include/asm/iee-si.h
@@ -0,0 +1,64 @@
+#ifndef _LINUX_IEE_SI_H
+#define _LINUX_IEE_SI_H
+
+#include <asm/sysreg.h>
+#define __iee_si_code __section(".iee.si_text")
+#define __iee_si_data __section(".iee.si_data")
+
+/* Used for copying globals that iee rwx gate needs. */
+extern unsigned long iee_base_idmap_pg_dir;
+extern unsigned long iee_base_reserved_pg_dir;
+extern unsigned long iee_base__bp_harden_el1_vectors;
+extern bool iee_init_done;
+extern unsigned long iee_si_tcr;
+
+/* The following are __init functions used for iee si initialization. */
+extern void iee_si_prepare_data(void);
+
+extern unsigned long __iee_si_start[];
+// Handler function for sensitive inst
+u64 iee_si_handler(int flag, ...);
+/*
+ * TODO: scan a page to check whether it contains sensitive instructions
+ * return 1 when finding sensitive inst, 0 on safe page.
+ */
+extern int iee_si_scan_page(unsigned long addr);
+
+
+#define DBG_MDSCR_SS (1 << 0)
+#define DBG_MDSCR_MDE (1 << 15)
+
+#define IEE_SI_TEST 0
+#define IEE_WRITE_SCTLR 1
+#define IEE_WRITE_TTBR0 2
+#define IEE_WRITE_VBAR 3
+#define IEE_WRITE_TCR 4
+#define IEE_WRITE_MDSCR 5
+#define IEE_CONTEXT_SWITCH 6
+// #define IEE_WRITE_AFSR0 10
+/* Provide ttbr1 switch gate for KOI */
+#ifdef CONFIG_KOI
+#define IEE_SWITCH_TO_KERNEL 7
+#define IEE_SWITCH_TO_KOI 8
+#endif
+/* MASK modify-permitted bits on IEE protected sys registers */
+#define IEE_SCTLR_MASK (SCTLR_EL1_CP15BEN | SCTLR_EL1_SED | SCTLR_EL1_UCT | SCTLR_EL1_UCI |\
+ SCTLR_EL1_BT0 | SCTLR_EL1_BT1 | SCTLR_EL1_TCF0_MASK | SCTLR_ELx_DSSBS |\
+ SCTLR_ELx_ENIA | SCTLR_ELx_ENIB | SCTLR_ELx_ENDA | SCTLR_ELx_ENDB|\
+ SCTLR_EL1_SPINTMASK | SCTLR_EL1_NMI | SCTLR_EL1_TIDCP | SCTLR_EL1_MSCEn|\
+ SCTLR_ELx_ENTP2 | SCTLR_EL1_TCF_MASK)
+#define IEE_TTBR0_MASK ~0
+#define IEE_TTBR1_MASK ~0
+#define IEE_TCR_MASK (TCR_HD | TCR_T0SZ_MASK | TCR_E0PD1)
+#define IEE_MDSCR_MASK (DBG_MDSCR_SS | DBG_MDSCR_MDE)
+
+#define IEE_DBGBCR_BT 0b0000 << 20
+#define IEE_DBGBCR_SSC 0b00 << 14
+#define IEE_DBGBCR_HMC 0b1 << 13
+#define IEE_DBGBCR_BAS 0b1111 << 5
+#define IEE_DBGBCR_PMC 0b11 << 1
+#define IEE_DBGBCR_E 0b1
+#define IEE_DBGBCR IEE_DBGBCR_BT | IEE_DBGBCR_SSC | IEE_DBGBCR_HMC | IEE_DBGBCR_BAS \
+ | IEE_DBGBCR_PMC | IEE_DBGBCR_E
+
+#endif
\ No newline at end of file
diff --git a/arch/arm64/include/asm/iee-slab.h b/arch/arm64/include/asm/iee-slab.h
new file mode 100644
index 000000000000..4f3c17c7da00
--- /dev/null
+++ b/arch/arm64/include/asm/iee-slab.h
@@ -0,0 +1,23 @@
+#ifndef _LINUX_IEE_SLAB_H
+#define _LINUX_IEE_SLAB_H
+/*
+ * Tracking user of a slab.
+ */
+#include <linux/stackdepot.h>
+
+#define TRACK_ADDRS_COUNT 16
+struct track {
+ unsigned long addr; /* Called from address */
+#ifdef CONFIG_STACKDEPOT
+ depot_stack_handle_t handle;
+#endif
+ int cpu; /* Was running on cpu */
+ int pid; /* Pid context */
+ unsigned long when; /* When did the operation occur */
+};
+
+enum track_item { TRACK_ALLOC, TRACK_FREE };
+
+typedef struct { unsigned long v; } freeptr_t;
+
+#endif
\ No newline at end of file
diff --git a/arch/arm64/include/asm/iee-token.h b/arch/arm64/include/asm/iee-token.h
new file mode 100644
index 000000000000..152474e1a187
--- /dev/null
+++ b/arch/arm64/include/asm/iee-token.h
@@ -0,0 +1,40 @@
+#ifndef _LINUX_IEE_TOKEN_H
+#define _LINUX_IEE_TOKEN_H
+
+#include <asm/iee-def.h>
+
+extern unsigned long long iee_rw_gate(int flag, ...);
+struct task_token;
+struct task_struct;
+struct mm_struct;
+
+#ifdef CONFIG_IEE
+void iee_set_token_mm(struct task_struct *tsk, struct mm_struct *mm)
+{
+ iee_rw_gate(IEE_SET_TOKEN_MM, tsk, mm);
+}
+
+void iee_set_token_pgd(struct task_struct *tsk, pgd_t *pgd)
+{
+ iee_rw_gate(IEE_SET_TOKEN_PGD, tsk, pgd);
+}
+
+void iee_init_token(struct task_struct *tsk, void *kernel_stack, void *iee_stack)
+{
+ iee_rw_gate(IEE_INIT_TOKEN, tsk, kernel_stack, iee_stack);
+}
+
+void iee_free_token(struct task_struct *tsk)
+{
+ iee_rw_gate(IEE_FREE_TOKEN, tsk);
+}
+
+unsigned long iee_read_token_stack(struct task_struct *tsk)
+{
+ unsigned long ret;
+ ret = iee_rw_gate(IEE_READ_TOKEN_STACK, tsk);
+ return ret;
+}
+#endif
+
+#endif
\ No newline at end of file
diff --git a/arch/arm64/include/asm/iee.h b/arch/arm64/include/asm/iee.h
new file mode 100644
index 000000000000..598f6d0b2626
--- /dev/null
+++ b/arch/arm64/include/asm/iee.h
@@ -0,0 +1,10 @@
+#ifndef _LINUX_IEE_H
+#define _LINUX_IEE_H
+#define __iee_code __section(".iee.text")
+#define __iee_header __section(".iee.text.header")
+
+u64 iee_dispatch(int flag, ...);
+
+#include <asm/iee-def.h>
+
+#endif
diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h
index 85d26143faa5..e7a3081ce285 100644
--- a/arch/arm64/include/asm/kernel-pgtable.h
+++ b/arch/arm64/include/asm/kernel-pgtable.h
@@ -118,4 +118,25 @@
#define SWAPPER_RX_MMUFLAGS (SWAPPER_RW_MMUFLAGS | PTE_RDONLY)
#endif
+#ifdef CONFIG_IEE
+
+#ifdef CONFIG_ARM64_4K_PAGES // zgcXXX: it has been deleted in 6.6.
+#define ARM64_SWAPPER_USES_SECTION_MAPS 1
+#else
+#define ARM64_SWAPPER_USES_SECTION_MAPS 0
+#endif
+
+#define SWAPPER_MM_MMUFLAGS (PTE_ATTRINDX(MT_NORMAL) | SWAPPER_PTE_FLAGS) // zgcXXX: warning: 6.6 delete this macro. should delete this line later.
+
+#define SWAPPER_PTE_FLAGS_IDMAP (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_RDONLY)
+#define SWAPPER_PMD_FLAGS_IDMAP (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PMD_SECT_RDONLY)
+
+#if ARM64_SWAPPER_USES_SECTION_MAPS
+#define SWAPPER_MM_MMUFLAGS_IDMAP (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS_IDMAP)
+#else
+#define SWAPPER_MM_MMUFLAGS_IDMAP (PTE_ATTRINDX(MT_NORMAL) | SWAPPER_PTE_FLAGS_IDMAP)
+#endif
+
+#endif
+
#endif /* __ASM_KERNEL_PGTABLE_H */
diff --git a/arch/arm64/include/asm/koi.h b/arch/arm64/include/asm/koi.h
new file mode 100644
index 000000000000..48d9a1378a1d
--- /dev/null
+++ b/arch/arm64/include/asm/koi.h
@@ -0,0 +1,335 @@
+#include "linux/mm.h"
+#include "asm/current.h"
+#include "asm/pgtable-hwdef.h"
+#include "asm/pgtable-types.h"
+#include "asm/pgtable.h"
+#include "linux/mm_types.h"
+#include "linux/pgtable.h"
+#include "linux/printk.h"
+#include "linux/slab.h"
+#include "linux/string.h"
+#include <linux/sched.h>
+#include "linux/hashtable.h"
+#include "linux/module.h"
+#include "linux/vmalloc.h"
+#include "stacktrace.h"
+#include "asm/mmu.h"
+#ifdef CONFIG_IEE
+#include "asm/iee-si.h"
+#include "asm/iee-def.h"
+#endif