From: Marc Zyngier <maz@kernel.org>
To: James Morse <james.morse@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Lorenzo Pieralisi <lpieralisi@kernel.org>,
Sudeep Holla <sudeep.holla@arm.com>,
Oliver Upton <oliver.upton@linux.dev>
Subject: Re: [RFC PATCH 3/3] arm64: errata: Disable FWB on parts with non-ARM interconnects
Date: Thu, 16 Feb 2023 18:46:47 +0000 [thread overview]
Message-ID: <86mt5dxxbc.wl-maz@kernel.org> (raw)
In-Reply-To: <20230216182201.1705406-4-james.morse@arm.com>
On Thu, 16 Feb 2023 18:22:01 +0000,
James Morse <james.morse@arm.com> wrote:
>
> Force Write Back (FWB) allows the hypervisor to force non-cacheable
> accesses made by a guest to be cacheable. This saves the hypervisor
> from doing cache maintenance on all pages the guest can access, to
> ensure the guest doesn't see stale (and possibly sensitive) data when
> making a non-cacheable access.
>
> When stage1 translation is disabled, the SCTRL_E1.I bit controls the
> attributes used for instruction fetch, one of the options results in a
> non-cacheable access. A whole host of CPUs missed the FWB override
> in this case, meaning a KVM guest could fetch stale/junk data instead of
> instructions.
>
> The workaround is to always do the cache maintenance. These parts don't
> have fine-grained-traps, so it isn't feasible to detect the guest
> disabling the MMU. Instead, disable FWB on the host.
>
> While the CPUs are affected, this erratum doesn't occur on parts using
> Arm's CMN interconnects. Use the Errata Management API to discover whether
> this CPU is affected.
>
> Because guest execution is compromised, the workaround is enabled by
> default. If the Errata Management API isn't implemented by firmware, the
> workaround will be enabled. If a target platform is not affected, and it
> isn't possible to add support for the Errata Management API, the erratum
> can be disabled in Kconfig.
I'm feeling a bit sick...
My main concern is hardly anyone implements this errata management
API, if at all. We should:
- give people an option to disable this from the command-line if they
know they are on an unaffected system
- have some form of DT property that indicates the HW isn't affected
Thoughts?
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-02-16 18:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-16 18:21 [RFC PATCH 0/3] arm64: errata: Disable FWB on parts with non-ARM interconnects James Morse
2023-02-16 18:21 ` [RFC PATCH 1/3] firmware: smccc: Add support for erratum discovery API James Morse
2023-02-16 18:22 ` [RFC PATCH 2/3] arm64: cputype: Add new part numbers for Cortex-X3, and Neoverse-V2 James Morse
2023-02-16 18:22 ` [RFC PATCH 3/3] arm64: errata: Disable FWB on parts with non-ARM interconnects James Morse
2023-02-16 18:46 ` Marc Zyngier [this message]
2023-02-21 17:48 ` James Morse
2023-02-16 18:52 ` [RFC PATCH 0/3] " Oliver Upton
2023-02-21 17:41 ` James Morse
2023-02-24 19:00 ` Oliver Upton
2023-02-21 14:38 ` Ard Biesheuvel
2023-02-21 17:41 ` James Morse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86mt5dxxbc.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=lpieralisi@kernel.org \
--cc=mark.rutland@arm.com \
--cc=oliver.upton@linux.dev \
--cc=sudeep.holla@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.