From: Will Deacon <will.deacon@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
Jonathan Corbet <corbet@lwn.net>,
Mark Langsdorf <mlangsdo@redhat.com>,
kvm@vger.kernel.org, Marc Zyngier <marc.zyngier@arm.com>,
Jon Masters <jcm@redhat.com>,
timur@codeaurora.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
kvmarm@lists.cs.columbia.edu
Subject: Re: [PATCH v3 2/5] arm64: Work around Falkor erratum 1003
Date: Thu, 12 Jan 2017 16:07:34 +0000 [thread overview]
Message-ID: <20170112160733.GG13843@arm.com> (raw)
In-Reply-To: <20170112155558.ud4ln3lk5lpwxrq3@localhost>
On Thu, Jan 12, 2017 at 03:55:58PM +0000, Catalin Marinas wrote:
> On Wed, Jan 11, 2017 at 06:22:08PM +0000, Marc Zyngier wrote:
> > On 11/01/17 18:06, Catalin Marinas wrote:
> > > On Wed, Jan 11, 2017 at 09:41:15AM -0500, Christopher Covington wrote:
> > >> diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
> > >> index 32682be..9ee46df 100644
> > >> --- a/arch/arm64/mm/proc.S
> > >> +++ b/arch/arm64/mm/proc.S
> > >> @@ -23,6 +23,7 @@
> > >> #include <asm/assembler.h>
> > >> #include <asm/asm-offsets.h>
> > >> #include <asm/hwcap.h>
> > >> +#include <asm/mmu_context.h>
> > >> #include <asm/pgtable.h>
> > >> #include <asm/pgtable-hwdef.h>
> > >> #include <asm/cpufeature.h>
> > >> @@ -140,6 +141,18 @@ ENDPROC(cpu_do_resume)
> > >> ENTRY(cpu_do_switch_mm)
> > >> mmid x1, x1 // get mm->context.id
> > >> bfi x0, x1, #48, #16 // set the ASID
> > >> +#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003
> > >> +alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003
> > >> + mrs x2, ttbr0_el1
> > >> + mov x3, #FALKOR_RESERVED_ASID
> > >> + bfi x2, x3, #48, #16 // reserved ASID + old BADDR
> > >> + msr ttbr0_el1, x2
> > >> + isb
> > >> + bfi x2, x0, #0, #48 // reserved ASID + new BADDR
> > >> + msr ttbr0_el1, x2
> > >> + isb
> > >> +alternative_else_nop_endif
> > >> +#endif
> > >> msr ttbr0_el1, x0 // set TTBR0
> > >> isb
> > >> post_ttbr0_update_workaround
> > >
> > > Please move the above hunk to a pre_ttbr0_update_workaround macro for
> > > consistency with post_ttbr0_update_workaround.
> >
> > In which case (and also for consistency), should we add that pre_ttbr0
> > macro to entry.S, just before __uaccess_ttbr0_enable? It may not be
> > needed in the SW pan case, but it is probably worth entertaining the
> > idea that there may be something to do there...
>
> It may actually be needed in entry.S as well. With SW PAN, we move the
> context switching from cpu_do_switch_mm to the kernel_exit macro when
> returning to user. In this case we are switching from the reserved ASID
> 0 and reserved TTBR0_EL1 (pointing to a zeroed page) to the user's
> TTBR0_EL1 and ASID. If the ASID switch isn't taken into account, we may
> end up with new TLB entries being tagged with the reserved ASID. Apart
> from a potential loss of protection with TTBR0 PAN, is there anything
> else that could go wrong? Maybe a TLB conflict if we mix TLBs from
> multiple address spaces tagged with the same reserved ASID.
>
> If the above is an issue, we would need to patch
> __uaccess_ttbr0_enable() as well, though I'm more inclined to make this
> erratum not selectable when TTBR0 PAN is enabled.
I don't think that's a reasonable approach. By all means change the
default, but we need to support kernel images with both of these kconfig
options enabled.
Will
WARNING: multiple messages have this Message-ID (diff)
From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 2/5] arm64: Work around Falkor erratum 1003
Date: Thu, 12 Jan 2017 16:07:34 +0000 [thread overview]
Message-ID: <20170112160733.GG13843@arm.com> (raw)
In-Reply-To: <20170112155558.ud4ln3lk5lpwxrq3@localhost>
On Thu, Jan 12, 2017 at 03:55:58PM +0000, Catalin Marinas wrote:
> On Wed, Jan 11, 2017 at 06:22:08PM +0000, Marc Zyngier wrote:
> > On 11/01/17 18:06, Catalin Marinas wrote:
> > > On Wed, Jan 11, 2017 at 09:41:15AM -0500, Christopher Covington wrote:
> > >> diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
> > >> index 32682be..9ee46df 100644
> > >> --- a/arch/arm64/mm/proc.S
> > >> +++ b/arch/arm64/mm/proc.S
> > >> @@ -23,6 +23,7 @@
> > >> #include <asm/assembler.h>
> > >> #include <asm/asm-offsets.h>
> > >> #include <asm/hwcap.h>
> > >> +#include <asm/mmu_context.h>
> > >> #include <asm/pgtable.h>
> > >> #include <asm/pgtable-hwdef.h>
> > >> #include <asm/cpufeature.h>
> > >> @@ -140,6 +141,18 @@ ENDPROC(cpu_do_resume)
> > >> ENTRY(cpu_do_switch_mm)
> > >> mmid x1, x1 // get mm->context.id
> > >> bfi x0, x1, #48, #16 // set the ASID
> > >> +#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003
> > >> +alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003
> > >> + mrs x2, ttbr0_el1
> > >> + mov x3, #FALKOR_RESERVED_ASID
> > >> + bfi x2, x3, #48, #16 // reserved ASID + old BADDR
> > >> + msr ttbr0_el1, x2
> > >> + isb
> > >> + bfi x2, x0, #0, #48 // reserved ASID + new BADDR
> > >> + msr ttbr0_el1, x2
> > >> + isb
> > >> +alternative_else_nop_endif
> > >> +#endif
> > >> msr ttbr0_el1, x0 // set TTBR0
> > >> isb
> > >> post_ttbr0_update_workaround
> > >
> > > Please move the above hunk to a pre_ttbr0_update_workaround macro for
> > > consistency with post_ttbr0_update_workaround.
> >
> > In which case (and also for consistency), should we add that pre_ttbr0
> > macro to entry.S, just before __uaccess_ttbr0_enable? It may not be
> > needed in the SW pan case, but it is probably worth entertaining the
> > idea that there may be something to do there...
>
> It may actually be needed in entry.S as well. With SW PAN, we move the
> context switching from cpu_do_switch_mm to the kernel_exit macro when
> returning to user. In this case we are switching from the reserved ASID
> 0 and reserved TTBR0_EL1 (pointing to a zeroed page) to the user's
> TTBR0_EL1 and ASID. If the ASID switch isn't taken into account, we may
> end up with new TLB entries being tagged with the reserved ASID. Apart
> from a potential loss of protection with TTBR0 PAN, is there anything
> else that could go wrong? Maybe a TLB conflict if we mix TLBs from
> multiple address spaces tagged with the same reserved ASID.
>
> If the above is an issue, we would need to patch
> __uaccess_ttbr0_enable() as well, though I'm more inclined to make this
> erratum not selectable when TTBR0 PAN is enabled.
I don't think that's a reasonable approach. By all means change the
default, but we need to support kernel images with both of these kconfig
options enabled.
Will
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will.deacon@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: "Marc Zyngier" <marc.zyngier@arm.com>,
"Christopher Covington" <cov@codeaurora.org>,
"Mark Langsdorf" <mlangsdo@redhat.com>,
linux-doc@vger.kernel.org, kvm@vger.kernel.org,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Jon Masters" <jcm@redhat.com>,
timur@codeaurora.org, "Jonathan Corbet" <corbet@lwn.net>,
linux-kernel@vger.kernel.org, shankerd@codeaurora.org,
"Christoffer Dall" <christoffer.dall@linaro.org>,
"Mark Salter" <msalter@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v3 2/5] arm64: Work around Falkor erratum 1003
Date: Thu, 12 Jan 2017 16:07:34 +0000 [thread overview]
Message-ID: <20170112160733.GG13843@arm.com> (raw)
In-Reply-To: <20170112155558.ud4ln3lk5lpwxrq3@localhost>
On Thu, Jan 12, 2017 at 03:55:58PM +0000, Catalin Marinas wrote:
> On Wed, Jan 11, 2017 at 06:22:08PM +0000, Marc Zyngier wrote:
> > On 11/01/17 18:06, Catalin Marinas wrote:
> > > On Wed, Jan 11, 2017 at 09:41:15AM -0500, Christopher Covington wrote:
> > >> diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
> > >> index 32682be..9ee46df 100644
> > >> --- a/arch/arm64/mm/proc.S
> > >> +++ b/arch/arm64/mm/proc.S
> > >> @@ -23,6 +23,7 @@
> > >> #include <asm/assembler.h>
> > >> #include <asm/asm-offsets.h>
> > >> #include <asm/hwcap.h>
> > >> +#include <asm/mmu_context.h>
> > >> #include <asm/pgtable.h>
> > >> #include <asm/pgtable-hwdef.h>
> > >> #include <asm/cpufeature.h>
> > >> @@ -140,6 +141,18 @@ ENDPROC(cpu_do_resume)
> > >> ENTRY(cpu_do_switch_mm)
> > >> mmid x1, x1 // get mm->context.id
> > >> bfi x0, x1, #48, #16 // set the ASID
> > >> +#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003
> > >> +alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003
> > >> + mrs x2, ttbr0_el1
> > >> + mov x3, #FALKOR_RESERVED_ASID
> > >> + bfi x2, x3, #48, #16 // reserved ASID + old BADDR
> > >> + msr ttbr0_el1, x2
> > >> + isb
> > >> + bfi x2, x0, #0, #48 // reserved ASID + new BADDR
> > >> + msr ttbr0_el1, x2
> > >> + isb
> > >> +alternative_else_nop_endif
> > >> +#endif
> > >> msr ttbr0_el1, x0 // set TTBR0
> > >> isb
> > >> post_ttbr0_update_workaround
> > >
> > > Please move the above hunk to a pre_ttbr0_update_workaround macro for
> > > consistency with post_ttbr0_update_workaround.
> >
> > In which case (and also for consistency), should we add that pre_ttbr0
> > macro to entry.S, just before __uaccess_ttbr0_enable? It may not be
> > needed in the SW pan case, but it is probably worth entertaining the
> > idea that there may be something to do there...
>
> It may actually be needed in entry.S as well. With SW PAN, we move the
> context switching from cpu_do_switch_mm to the kernel_exit macro when
> returning to user. In this case we are switching from the reserved ASID
> 0 and reserved TTBR0_EL1 (pointing to a zeroed page) to the user's
> TTBR0_EL1 and ASID. If the ASID switch isn't taken into account, we may
> end up with new TLB entries being tagged with the reserved ASID. Apart
> from a potential loss of protection with TTBR0 PAN, is there anything
> else that could go wrong? Maybe a TLB conflict if we mix TLBs from
> multiple address spaces tagged with the same reserved ASID.
>
> If the above is an issue, we would need to patch
> __uaccess_ttbr0_enable() as well, though I'm more inclined to make this
> erratum not selectable when TTBR0 PAN is enabled.
I don't think that's a reasonable approach. By all means change the
default, but we need to support kernel images with both of these kconfig
options enabled.
Will
next prev parent reply other threads:[~2017-01-12 16:05 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-11 14:41 [PATCH v3 1/5] arm64: Define Falkor v1 CPU Christopher Covington
2017-01-11 14:41 ` Christopher Covington
2017-01-11 14:41 ` [PATCH v3 2/5] arm64: Work around Falkor erratum 1003 Christopher Covington
2017-01-11 14:41 ` Christopher Covington
2017-01-11 14:41 ` Christopher Covington
2017-01-11 18:06 ` Catalin Marinas
2017-01-11 18:06 ` Catalin Marinas
2017-01-11 18:22 ` Marc Zyngier
2017-01-11 18:22 ` Marc Zyngier
2017-01-11 18:22 ` Marc Zyngier
2017-01-11 18:40 ` Mark Rutland
2017-01-11 18:40 ` Mark Rutland
2017-01-12 15:45 ` Catalin Marinas
2017-01-12 15:45 ` Catalin Marinas
2017-01-12 15:45 ` Catalin Marinas
2017-01-12 16:12 ` Mark Rutland
2017-01-12 16:12 ` Mark Rutland
2017-01-12 16:12 ` Mark Rutland
2017-01-24 14:27 ` Christopher Covington
2017-01-24 14:27 ` Christopher Covington
2017-01-12 15:55 ` Catalin Marinas
2017-01-12 15:55 ` Catalin Marinas
2017-01-12 16:07 ` Will Deacon [this message]
2017-01-12 16:07 ` Will Deacon
2017-01-12 16:07 ` Will Deacon
2017-01-11 18:33 ` Mark Rutland
2017-01-11 18:33 ` Mark Rutland
2017-01-11 18:35 ` Timur Tabi
2017-01-11 18:35 ` Timur Tabi
2017-01-11 18:35 ` Timur Tabi
2017-01-11 18:37 ` Mark Rutland
2017-01-11 18:37 ` Mark Rutland
2017-01-11 18:40 ` Timur Tabi
2017-01-11 18:40 ` Timur Tabi
2017-01-11 18:40 ` Timur Tabi
2017-01-11 18:45 ` Mark Rutland
2017-01-11 18:45 ` Mark Rutland
2017-01-16 14:26 ` Christopher Covington
2017-01-16 14:26 ` Christopher Covington
2017-01-11 18:50 ` Marc Zyngier
2017-01-11 18:50 ` Marc Zyngier
2017-01-11 18:50 ` Marc Zyngier
2017-01-12 9:59 ` Catalin Marinas
2017-01-12 9:59 ` Catalin Marinas
2017-01-12 9:59 ` Catalin Marinas
2017-01-24 14:54 ` Christopher Covington
2017-01-24 14:54 ` Christopher Covington
2017-01-11 14:41 ` [PATCH v3 3/5] arm64: Create and use __tlbi_dsb() macros Christopher Covington
2017-01-11 14:41 ` Christopher Covington
2017-01-11 14:41 ` Christopher Covington
2017-01-12 16:58 ` Will Deacon
2017-01-12 16:58 ` Will Deacon
2017-01-12 16:58 ` Will Deacon
2017-01-13 15:12 ` Christopher Covington
2017-01-13 15:12 ` Christopher Covington
2017-01-13 15:12 ` Christopher Covington
2017-01-13 16:12 ` Will Deacon
2017-01-13 16:12 ` Will Deacon
2017-01-24 22:03 ` Christopher Covington
2017-01-24 22:03 ` Christopher Covington
2017-01-24 22:03 ` Christopher Covington
2017-01-11 14:41 ` [PATCH v3 4/5] arm64: Use __tlbi_dsb() macros in KVM code Christopher Covington
2017-01-11 14:41 ` Christopher Covington
2017-01-11 14:41 ` Christopher Covington
2017-01-11 14:41 ` [PATCH v3 5/5] arm64: Work around Falkor erratum 1009 Christopher Covington
2017-01-11 14:41 ` Christopher Covington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170112160733.GG13843@arm.com \
--to=will.deacon@arm.com \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=jcm@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mlangsdo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=timur@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.