From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3CA8CA9EAB for ; Sat, 19 Oct 2019 09:55:32 +0000 (UTC) Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by mail.kernel.org (Postfix) with ESMTP id 1903E222CD for ; Sat, 19 Oct 2019 09:55:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="iwRQbDJL" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1903E222CD Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvmarm-bounces@lists.cs.columbia.edu Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 970524A896; Sat, 19 Oct 2019 05:55:31 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@kernel.org Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcADdRvuEUmq; Sat, 19 Oct 2019 05:55:30 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 7AE824A988; Sat, 19 Oct 2019 05:55:30 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 5A9AF4A896 for ; Sat, 19 Oct 2019 05:55:29 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U75n1FyzK57c for ; Sat, 19 Oct 2019 05:55:28 -0400 (EDT) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 54E3D4A847 for ; Sat, 19 Oct 2019 05:55:28 -0400 (EDT) Received: from big-swifty.lan (78.163-31-62.static.virginmediabusiness.co.uk [62.31.163.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E2AD2222BD; Sat, 19 Oct 2019 09:55:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571478927; bh=N9Z0vUut0qPCNXvusFnCmmykyf3NqqvywC9U3wgaJ8A=; h=From:To:Cc:Subject:Date:From; b=iwRQbDJLsLS02h0MbcugXlJQkxWnxa+MGT0Kw2YwxaVrq6WI/99bX9SeBccY9+F63 gM0+5fS5rfMhmh6ovbTkM6ZowJrola1sXlMN1n9ORzu8AJI+FJNp2K0LPv4PSb+puR IQSOeby8p0kdiBV3pTVtGYUzsVm6mw2sxJJ48iaM= From: Marc Zyngier To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org Subject: [PATCH v2 0/5] arm64: KVM: Add workaround for errata 1319367 and 1319537 Date: Sat, 19 Oct 2019 10:55:16 +0100 Message-Id: <20191019095521.31722-1-maz@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Cc: Catalin Marinas , Will Deacon X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu Similarily to erratum 1165522 that affects Cortex-A76, our good old friends A57 and A72 respectively suffer from errata 1319537 and 1319367, potentially resulting in TLB corruption if the CPU speculates an AT instruction while switching guests. The fix is slightly more involved since we don't have VHE to help us here, but the idea is the same: When switching a guest in, we must prevent any speculated AT from being able to parse the page tables until S2 is up and running. Only at this stage can we allow AT to take place. For this, we always restore the guest sysregs first, except for its SCTLR and TCR registers, which must be set with SCTLR.M=1 and TCR.EPD{0,1} = {1, 1}, effectively disabling the PTW and TLB allocation. Once S2 is setup, we restore the guest's SCTLR and TCR. Similar things must be done on TLB invalidation... Fun. This has been tested on an AMD Seattle box. * From v1 [1]: - Reworked patch 4 to close the speculation window on the host - Fixed comments - Collected ABs/RBs [1] https://lore.kernel.org/kvmarm/20190925111941.88103-1-maz@kernel.org/ Marc Zyngier (5): arm64: Add ARM64_WORKAROUND_1319367 for all A57 and A72 versions arm64: KVM: Reorder system register restoration and stage-2 activation arm64: KVM: Disable EL1 PTW when invalidating S2 TLBs arm64: KVM: Prevent speculative S1 PTW when restoring vcpu context arm64: Enable and document ARM errata 1319367 and 1319537 Documentation/arm64/silicon-errata.rst | 4 +++ arch/arm64/Kconfig | 10 ++++++ arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/kernel/cpu_errata.c | 13 +++++-- arch/arm64/kvm/hyp/switch.c | 48 ++++++++++++++++++++++---- arch/arm64/kvm/hyp/sysreg-sr.c | 35 +++++++++++++++++-- arch/arm64/kvm/hyp/tlb.c | 23 ++++++++++++ 7 files changed, 124 insertions(+), 12 deletions(-) -- 2.20.1 _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A86ACA9EAB for ; Sat, 19 Oct 2019 09:55:36 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 401CF222D1 for ; Sat, 19 Oct 2019 09:55:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Jwy9Tuo/"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="iwRQbDJL" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 401CF222D1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=7FssU61FACbvzveCM9MzFkTjf9IWfpNHc3CULJ3OxS8=; b=Jwy9Tuo/I5Z7Jo RA5v6bTNAHNtWBTj77nt9fNEgS1ggC0OOGVi5GSG9OI/hphY4VmLD0bnwoxSnzMdG2rj+TB6LeU0E YDrs27+JHT2GQuYmVYB49EQUqibcB0BGyXwJF1iuSY34a1+IeQIykqss938BbWRSx/kQH7RNtrWaj dUhdf5zAVgG4JgEuazKA6WLVomuUA+9df5R2vf7OllND6AXw/S9Z2Nz3eCx4Qbe46/b+W6DMNBQB6 9bQs6UDFYLMef4M2n14wUvIC/lcBiXFZKMg1upX1Mbw9YTFJ/NRb0bT8DunWiiPoZKLuouCR1Tueu XWNu1OYVbqASLwSBrPDg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iLlSN-0001oS-DW; Sat, 19 Oct 2019 09:55:31 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iLlSK-0001nV-Dj for linux-arm-kernel@lists.infradead.org; Sat, 19 Oct 2019 09:55:29 +0000 Received: from big-swifty.lan (78.163-31-62.static.virginmediabusiness.co.uk [62.31.163.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E2AD2222BD; Sat, 19 Oct 2019 09:55:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571478927; bh=N9Z0vUut0qPCNXvusFnCmmykyf3NqqvywC9U3wgaJ8A=; h=From:To:Cc:Subject:Date:From; b=iwRQbDJLsLS02h0MbcugXlJQkxWnxa+MGT0Kw2YwxaVrq6WI/99bX9SeBccY9+F63 gM0+5fS5rfMhmh6ovbTkM6ZowJrola1sXlMN1n9ORzu8AJI+FJNp2K0LPv4PSb+puR IQSOeby8p0kdiBV3pTVtGYUzsVm6mw2sxJJ48iaM= From: Marc Zyngier To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org Subject: [PATCH v2 0/5] arm64: KVM: Add workaround for errata 1319367 and 1319537 Date: Sat, 19 Oct 2019 10:55:16 +0100 Message-Id: <20191019095521.31722-1-maz@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191019_025528_488533_C4A9692D X-CRM114-Status: GOOD ( 11.47 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Suzuki K Poulose , Catalin Marinas , James Morse , Will Deacon , Julien Thierry Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org Similarily to erratum 1165522 that affects Cortex-A76, our good old friends A57 and A72 respectively suffer from errata 1319537 and 1319367, potentially resulting in TLB corruption if the CPU speculates an AT instruction while switching guests. The fix is slightly more involved since we don't have VHE to help us here, but the idea is the same: When switching a guest in, we must prevent any speculated AT from being able to parse the page tables until S2 is up and running. Only at this stage can we allow AT to take place. For this, we always restore the guest sysregs first, except for its SCTLR and TCR registers, which must be set with SCTLR.M=1 and TCR.EPD{0,1} = {1, 1}, effectively disabling the PTW and TLB allocation. Once S2 is setup, we restore the guest's SCTLR and TCR. Similar things must be done on TLB invalidation... Fun. This has been tested on an AMD Seattle box. * From v1 [1]: - Reworked patch 4 to close the speculation window on the host - Fixed comments - Collected ABs/RBs [1] https://lore.kernel.org/kvmarm/20190925111941.88103-1-maz@kernel.org/ Marc Zyngier (5): arm64: Add ARM64_WORKAROUND_1319367 for all A57 and A72 versions arm64: KVM: Reorder system register restoration and stage-2 activation arm64: KVM: Disable EL1 PTW when invalidating S2 TLBs arm64: KVM: Prevent speculative S1 PTW when restoring vcpu context arm64: Enable and document ARM errata 1319367 and 1319537 Documentation/arm64/silicon-errata.rst | 4 +++ arch/arm64/Kconfig | 10 ++++++ arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/kernel/cpu_errata.c | 13 +++++-- arch/arm64/kvm/hyp/switch.c | 48 ++++++++++++++++++++++---- arch/arm64/kvm/hyp/sysreg-sr.c | 35 +++++++++++++++++-- arch/arm64/kvm/hyp/tlb.c | 23 ++++++++++++ 7 files changed, 124 insertions(+), 12 deletions(-) -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B937CCA9EAD for ; Sat, 19 Oct 2019 09:55:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8FCE5222BD for ; Sat, 19 Oct 2019 09:55:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571478941; bh=N9Z0vUut0qPCNXvusFnCmmykyf3NqqvywC9U3wgaJ8A=; h=From:To:Cc:Subject:Date:List-ID:From; b=A40WGv84x4yQRaoiRGn3fH65H+ddNVaWCaFlmy26uVxism0LC9Puy9MzTrV05zefS QnPPFVRALKovvRGeHRwDz2zupgAXyU8EzgQS10hpmNyKFdgREeVtW3DpX2K+AtgKGZ acfNA+Kv33LyPgYWJs5aZsZTWOG3oNN0VdtoCfpI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725777AbfJSJz2 (ORCPT ); Sat, 19 Oct 2019 05:55:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:53412 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725283AbfJSJz1 (ORCPT ); Sat, 19 Oct 2019 05:55:27 -0400 Received: from big-swifty.lan (78.163-31-62.static.virginmediabusiness.co.uk [62.31.163.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E2AD2222BD; Sat, 19 Oct 2019 09:55:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571478927; bh=N9Z0vUut0qPCNXvusFnCmmykyf3NqqvywC9U3wgaJ8A=; h=From:To:Cc:Subject:Date:From; b=iwRQbDJLsLS02h0MbcugXlJQkxWnxa+MGT0Kw2YwxaVrq6WI/99bX9SeBccY9+F63 gM0+5fS5rfMhmh6ovbTkM6ZowJrola1sXlMN1n9ORzu8AJI+FJNp2K0LPv4PSb+puR IQSOeby8p0kdiBV3pTVtGYUzsVm6mw2sxJJ48iaM= From: Marc Zyngier To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org Cc: Mark Rutland , Suzuki K Poulose , Catalin Marinas , James Morse , Will Deacon , Julien Thierry Subject: [PATCH v2 0/5] arm64: KVM: Add workaround for errata 1319367 and 1319537 Date: Sat, 19 Oct 2019 10:55:16 +0100 Message-Id: <20191019095521.31722-1-maz@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Similarily to erratum 1165522 that affects Cortex-A76, our good old friends A57 and A72 respectively suffer from errata 1319537 and 1319367, potentially resulting in TLB corruption if the CPU speculates an AT instruction while switching guests. The fix is slightly more involved since we don't have VHE to help us here, but the idea is the same: When switching a guest in, we must prevent any speculated AT from being able to parse the page tables until S2 is up and running. Only at this stage can we allow AT to take place. For this, we always restore the guest sysregs first, except for its SCTLR and TCR registers, which must be set with SCTLR.M=1 and TCR.EPD{0,1} = {1, 1}, effectively disabling the PTW and TLB allocation. Once S2 is setup, we restore the guest's SCTLR and TCR. Similar things must be done on TLB invalidation... Fun. This has been tested on an AMD Seattle box. * From v1 [1]: - Reworked patch 4 to close the speculation window on the host - Fixed comments - Collected ABs/RBs [1] https://lore.kernel.org/kvmarm/20190925111941.88103-1-maz@kernel.org/ Marc Zyngier (5): arm64: Add ARM64_WORKAROUND_1319367 for all A57 and A72 versions arm64: KVM: Reorder system register restoration and stage-2 activation arm64: KVM: Disable EL1 PTW when invalidating S2 TLBs arm64: KVM: Prevent speculative S1 PTW when restoring vcpu context arm64: Enable and document ARM errata 1319367 and 1319537 Documentation/arm64/silicon-errata.rst | 4 +++ arch/arm64/Kconfig | 10 ++++++ arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/kernel/cpu_errata.c | 13 +++++-- arch/arm64/kvm/hyp/switch.c | 48 ++++++++++++++++++++++---- arch/arm64/kvm/hyp/sysreg-sr.c | 35 +++++++++++++++++-- arch/arm64/kvm/hyp/tlb.c | 23 ++++++++++++ 7 files changed, 124 insertions(+), 12 deletions(-) -- 2.20.1