From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH v3 2/3] arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
Date: Mon, 5 Mar 2018 17:42:50 +0000 [thread overview]
Message-ID: <20180305174250.GD13385@arm.com> (raw)
In-Reply-To: <CAKv+Gu91CfVq4nBsLhNRRkGN-0PevGeUPSRqLMf5hTWp9qa6vA@mail.gmail.com>
On Mon, Mar 05, 2018 at 05:41:17PM +0000, Ard Biesheuvel wrote:
> On 5 March 2018 at 17:34, Will Deacon <will.deacon@arm.com> wrote:
> > On Mon, Mar 05, 2018 at 05:26:35PM +0000, Ard Biesheuvel wrote:
> >> On 5 March 2018 at 17:18, Will Deacon <will.deacon@arm.com> wrote:
> >> > On Wed, Feb 14, 2018 at 11:36:44AM +0000, Ard Biesheuvel wrote:
> >> >> Working around Cortex-A53 erratum #843419 involves special handling of
> >> >> ADRP instructions that end up in the last two instruction slots of a
> >> >> 4k page, or whose output register gets overwritten without having been
> >> >> read. (Note that the latter instruction sequence is never emitted by
> >> >> a properly functioning compiler)
> >> >
> >> > Does the workaround currently implemented in the linker also make this
> >> > same assumption? If not, I'm a little wary that we're making an assumption
> >> > about compiler behaviour with no way to detect whether its been violated or
> >> > not.
> >> >
> >>
> >> I can check, but I don't see how a compiler would ever choose 'adrp'
> >> when it emits what amounts to a nop instruction.
> >
> > Agreed, but it wouldn't be the first time we've seen compilers do weird
> > things.
> >
>
> I just checked ld.bfd: it only checks for sequence 1, which is the one
> that affects ADRP instructions at offsets 0xfff8/0xfffc modulo 4 KB.
> It actually checks more elaborately whether the sequence is in fact
> vulnerable rather than assuming any ADRP instruction at such an offset
> may be vulnerable, but in my testing of the current patches, I only
> get a handful of them anyway of which the majority are resolved by
> patching ADRP->ADR.
>
> Sequence 2 is described as follows in the docs:
>
> """
> Sequence 2:
> 1) An ADRP instruction, which writes to a register Rn.
> 2) Another instruction which writes to Rn.
> o This cannot be a branch or an ADRP.
> o This cannot read Rn.
> 3)
> 4)
> Another instruction.
> o This cannot be a branch.
> o This cannot write Rn.
> o This may optionally read Rn.
> A load or store instruction from the "Load/store register (unsigned
> immediate)" encoding class, using Rn as the
> base address register.
> """
>
> and ld.bfd does not check for it at all.
In which case, the code you're proposing for modules is just as good as
what we're doing for the kernel text itself. Might be worth mentioning that
somewhere, but I think it's fine.
Thanks for looking,
Will
next prev parent reply other threads:[~2018-03-05 17:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-14 11:36 [RFC PATCH v3 0/3] arm64/kernel: get rid of GCC large model code Ard Biesheuvel
2018-02-14 11:36 ` [RFC PATCH v3 1/3] arm64/kernel: kaslr: reduce module randomization range to 4 GB Ard Biesheuvel
2018-02-23 17:00 ` Mark Rutland
2018-02-23 17:07 ` Ard Biesheuvel
2018-03-05 12:22 ` Ard Biesheuvel
2018-02-14 11:36 ` [RFC PATCH v3 2/3] arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419 Ard Biesheuvel
2018-02-23 17:15 ` Mark Rutland
2018-02-23 17:17 ` Ard Biesheuvel
2018-02-23 17:25 ` Mark Rutland
2018-02-24 17:54 ` Ard Biesheuvel
2018-02-26 10:53 ` Mark Rutland
2018-03-05 17:18 ` Will Deacon
2018-03-05 17:26 ` Ard Biesheuvel
2018-03-05 17:34 ` Will Deacon
2018-03-05 17:41 ` Ard Biesheuvel
2018-03-05 17:42 ` Will Deacon [this message]
2018-02-14 11:36 ` [RFC PATCH v3 3/3] arm64/kernel: enable A53 erratum #8434319 handling at runtime Ard Biesheuvel
2018-02-23 17:23 ` Mark Rutland
2018-03-05 17:22 ` Will Deacon
2018-03-05 17:29 ` Ard Biesheuvel
2018-03-05 17:40 ` Will Deacon
2018-03-05 18:01 ` Ard Biesheuvel
2018-03-06 15:25 ` Will Deacon
2018-03-05 17:40 ` [RFC PATCH v3 0/3] arm64/kernel: get rid of GCC large model code Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180305174250.GD13385@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.