From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4509FCD5BB5 for ; Tue, 19 Sep 2023 12:50:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230021AbjISMuF (ORCPT ); Tue, 19 Sep 2023 08:50:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232132AbjISMuE (ORCPT ); Tue, 19 Sep 2023 08:50:04 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6029899; Tue, 19 Sep 2023 05:49:59 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E9F72C433C8; Tue, 19 Sep 2023 12:49:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695127799; bh=520/TMq8NFW2iQ+ZTcU9+02cqKlryVSnwNhQDKuXV90=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=HCkRNCJri6FDrgwwZscrHZ6ykwim+ugIG8iBuQHgkmkFYv/wqpyBueh7E2yEUftKk zAUk6vJP/11tua/GEqIsnAG+tFISI07E+Jp+MbdzliCPt4EgqRhBhLYU1XDrejIflp 9BY10MstZ/dF/3f30XDf24fAj2YS3+/3CDpNPC5tQf96ltWrx4ITj8Nm6dOLNG3iJD Fpdlfd08BiGPg+vqXrULM3qy0nPAxgqsxPsU2Jz/jWvKIOa7M+3xuZUmM+KE0N2qO7 ocme7tqXdMZrIfHZPI4sqrWBrKcF5BZbRNU4Uv0d3RQNS7+x0tMhz/aPNHbmIx4BbN Inr2sN/5/nu7Q== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qiaAu-00EKwa-F4; Tue, 19 Sep 2023 13:49:56 +0100 Date: Tue, 19 Sep 2023 13:49:55 +0100 Message-ID: <86zg1icop8.wl-maz@kernel.org> From: Marc Zyngier To: Rob Herring Cc: Will Deacon , Catalin Marinas , Jonathan Corbet , James Morse , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH 2/2] arm64: errata: Add Cortex-A520 speculative unprivileged load workaround In-Reply-To: References: <20230912121120.380420-1-robh@kernel.org> <20230912121120.380420-2-robh@kernel.org> <20230918100102.GA17472@willie-the-truck> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/28.2 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: robh@kernel.org, will@kernel.org, catalin.marinas@arm.com, corbet@lwn.net, james.morse@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: linux-doc@vger.kernel.org On Tue, 19 Sep 2023 13:29:07 +0100, Rob Herring wrote: >=20 > On Mon, Sep 18, 2023 at 5:18=E2=80=AFAM Marc Zyngier wrote: > > > > On 2023-09-18 11:01, Will Deacon wrote: > > > On Tue, Sep 12, 2023 at 07:11:15AM -0500, Rob Herring wrote: > > >> Implement the workaround for ARM Cortex-A520 erratum 2966298. On an > > >> affected Cortex-A520 core, a speculatively executed unprivileged load > > >> might leak data from a privileged level via a cache side channel. > > >> > > >> The workaround is to execute a TLBI before returning to EL0. A > > >> non-shareable TLBI to any address is sufficient. > > > > > > Can you elaborate at all on how this works, please? A TLBI addressing= a > > > cache side channel feels weird (or is "cache" referring to some TLB > > > structures rather than e.g. the data cache here?). > > > > > > Assuming there's some vulnerable window between the speculative > > > unprivileged load and the completion of the TLBI, what prevents anoth= er > > > CPU from observing the side-channel during that time? Also, does the > > > TLBI need to be using the same ASID as the unprivileged load? If so, > > > then > > > a context-switch could widen the vulnerable window quite significantl= y. > > > > Another 'interesting' case is the KVM world switch. If EL0 is > > affected, what about EL1? Can such a data leak exist cross-EL1, > > or from EL2 to El1? Asking for a friend... >=20 > I'm checking for a definitive answer, but page table isolation also > avoids the issue. Wouldn't these scenarios all be similar to page > table isolation in that the EL2 or prior EL1 context is unmapped? No, EL2 is always mapped, and we don't have anything like KPTI there. Maybe the saving grace is that EL2 and EL2&0 are different translation regimes from EL1&0, but there's nothing in the commit message that indicates it. As for EL1-to-EL1 leaks, it again completely depends on how the TLBs are tagged. You'd hope that having different VMIDs would save the bacon, but if you can leak EL1 translations into EL0, it means that the associated permission and/or tags do not contain all the required information... M. --=20 Without deviation from the norm, progress is not possible. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 349C6CD5BAD for ; Tue, 19 Sep 2023 12:50:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Subject:Cc:To:From:Message-ID:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Qi5Rg0kkTWBkDeYjzptIgS/NqQm0CPCiLQPNalfAwQ8=; b=s70F+wKSzZ+9Uv /O2YfORwbJSs/5NA3MVei/jIFdM5VXLA+GJyUCLII352YNIYthNUgcCXAgMx6MhjMLZnWmA52F212 UZW2VyliK2u+WDr74zyRbb5dX/sieCbyu0FP7fDexIZLOCLotY7Pug0+nYd86BRdLz25boJD/ahju vz2FwhPSGu17l5RqP0oxyN/cNJRg7JF8hkddqFRgVm9HcS8+E5tP+/7GD/pY+Aos5wWJa/wHXDCcJ qEsuSQAeMyuHnoW0zzjw+UGHp1AewS6lpdCv/q8GwtW1lnanOUhLHR1hTcLQO5Kage2DJLAnDy/5y euN/J80SOsOEOQbm7DdQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qiaB1-000SQ4-1f; Tue, 19 Sep 2023 12:50:03 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qiaAy-000SOY-2n for linux-arm-kernel@lists.infradead.org; Tue, 19 Sep 2023 12:50:02 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AECCA615EB; Tue, 19 Sep 2023 12:49:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E9F72C433C8; Tue, 19 Sep 2023 12:49:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695127799; bh=520/TMq8NFW2iQ+ZTcU9+02cqKlryVSnwNhQDKuXV90=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=HCkRNCJri6FDrgwwZscrHZ6ykwim+ugIG8iBuQHgkmkFYv/wqpyBueh7E2yEUftKk zAUk6vJP/11tua/GEqIsnAG+tFISI07E+Jp+MbdzliCPt4EgqRhBhLYU1XDrejIflp 9BY10MstZ/dF/3f30XDf24fAj2YS3+/3CDpNPC5tQf96ltWrx4ITj8Nm6dOLNG3iJD Fpdlfd08BiGPg+vqXrULM3qy0nPAxgqsxPsU2Jz/jWvKIOa7M+3xuZUmM+KE0N2qO7 ocme7tqXdMZrIfHZPI4sqrWBrKcF5BZbRNU4Uv0d3RQNS7+x0tMhz/aPNHbmIx4BbN Inr2sN/5/nu7Q== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qiaAu-00EKwa-F4; Tue, 19 Sep 2023 13:49:56 +0100 Date: Tue, 19 Sep 2023 13:49:55 +0100 Message-ID: <86zg1icop8.wl-maz@kernel.org> From: Marc Zyngier To: Rob Herring Cc: Will Deacon , Catalin Marinas , Jonathan Corbet , James Morse , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH 2/2] arm64: errata: Add Cortex-A520 speculative unprivileged load workaround In-Reply-To: References: <20230912121120.380420-1-robh@kernel.org> <20230912121120.380420-2-robh@kernel.org> <20230918100102.GA17472@willie-the-truck> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/28.2 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: robh@kernel.org, will@kernel.org, catalin.marinas@arm.com, corbet@lwn.net, james.morse@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230919_055001_012077_F5059F64 X-CRM114-Status: GOOD ( 30.90 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gVHVlLCAxOSBTZXAgMjAyMyAxMzoyOTowNyArMDEwMCwKUm9iIEhlcnJpbmcgPHJvYmhAa2Vy bmVsLm9yZz4gd3JvdGU6Cj4gCj4gT24gTW9uLCBTZXAgMTgsIDIwMjMgYXQgNToxOOKAr0FNIE1h cmMgWnluZ2llciA8bWF6QG1pc3RlcmpvbmVzLm9yZz4gd3JvdGU6Cj4gPgo+ID4gT24gMjAyMy0w OS0xOCAxMTowMSwgV2lsbCBEZWFjb24gd3JvdGU6Cj4gPiA+IE9uIFR1ZSwgU2VwIDEyLCAyMDIz IGF0IDA3OjExOjE1QU0gLTA1MDAsIFJvYiBIZXJyaW5nIHdyb3RlOgo+ID4gPj4gSW1wbGVtZW50 IHRoZSB3b3JrYXJvdW5kIGZvciBBUk0gQ29ydGV4LUE1MjAgZXJyYXR1bSAyOTY2Mjk4LiBPbiBh bgo+ID4gPj4gYWZmZWN0ZWQgQ29ydGV4LUE1MjAgY29yZSwgYSBzcGVjdWxhdGl2ZWx5IGV4ZWN1 dGVkIHVucHJpdmlsZWdlZCBsb2FkCj4gPiA+PiBtaWdodCBsZWFrIGRhdGEgZnJvbSBhIHByaXZp bGVnZWQgbGV2ZWwgdmlhIGEgY2FjaGUgc2lkZSBjaGFubmVsLgo+ID4gPj4KPiA+ID4+IFRoZSB3 b3JrYXJvdW5kIGlzIHRvIGV4ZWN1dGUgYSBUTEJJIGJlZm9yZSByZXR1cm5pbmcgdG8gRUwwLiBB Cj4gPiA+PiBub24tc2hhcmVhYmxlIFRMQkkgdG8gYW55IGFkZHJlc3MgaXMgc3VmZmljaWVudC4K PiA+ID4KPiA+ID4gQ2FuIHlvdSBlbGFib3JhdGUgYXQgYWxsIG9uIGhvdyB0aGlzIHdvcmtzLCBw bGVhc2U/IEEgVExCSSBhZGRyZXNzaW5nIGEKPiA+ID4gY2FjaGUgc2lkZSBjaGFubmVsIGZlZWxz IHdlaXJkIChvciBpcyAiY2FjaGUiIHJlZmVycmluZyB0byBzb21lIFRMQgo+ID4gPiBzdHJ1Y3R1 cmVzIHJhdGhlciB0aGFuIGUuZy4gdGhlIGRhdGEgY2FjaGUgaGVyZT8pLgo+ID4gPgo+ID4gPiBB c3N1bWluZyB0aGVyZSdzIHNvbWUgdnVsbmVyYWJsZSB3aW5kb3cgYmV0d2VlbiB0aGUgc3BlY3Vs YXRpdmUKPiA+ID4gdW5wcml2aWxlZ2VkIGxvYWQgYW5kIHRoZSBjb21wbGV0aW9uIG9mIHRoZSBU TEJJLCB3aGF0IHByZXZlbnRzIGFub3RoZXIKPiA+ID4gQ1BVIGZyb20gb2JzZXJ2aW5nIHRoZSBz aWRlLWNoYW5uZWwgZHVyaW5nIHRoYXQgdGltZT8gQWxzbywgZG9lcyB0aGUKPiA+ID4gVExCSSBu ZWVkIHRvIGJlIHVzaW5nIHRoZSBzYW1lIEFTSUQgYXMgdGhlIHVucHJpdmlsZWdlZCBsb2FkPyBJ ZiBzbywKPiA+ID4gdGhlbgo+ID4gPiBhIGNvbnRleHQtc3dpdGNoIGNvdWxkIHdpZGVuIHRoZSB2 dWxuZXJhYmxlIHdpbmRvdyBxdWl0ZSBzaWduaWZpY2FudGx5Lgo+ID4KPiA+IEFub3RoZXIgJ2lu dGVyZXN0aW5nJyBjYXNlIGlzIHRoZSBLVk0gd29ybGQgc3dpdGNoLiBJZiBFTDAgaXMKPiA+IGFm ZmVjdGVkLCB3aGF0IGFib3V0IEVMMT8gQ2FuIHN1Y2ggYSBkYXRhIGxlYWsgZXhpc3QgY3Jvc3Mt RUwxLAo+ID4gb3IgZnJvbSBFTDIgdG8gRWwxPyBBc2tpbmcgZm9yIGEgZnJpZW5kLi4uCj4gCj4g SSdtIGNoZWNraW5nIGZvciBhIGRlZmluaXRpdmUgYW5zd2VyLCBidXQgcGFnZSB0YWJsZSBpc29s YXRpb24gYWxzbwo+IGF2b2lkcyB0aGUgaXNzdWUuIFdvdWxkbid0IHRoZXNlIHNjZW5hcmlvcyBh bGwgYmUgc2ltaWxhciB0byBwYWdlCj4gdGFibGUgaXNvbGF0aW9uIGluIHRoYXQgdGhlIEVMMiBv ciBwcmlvciBFTDEgY29udGV4dCBpcyB1bm1hcHBlZD8KCk5vLCBFTDIgaXMgYWx3YXlzIG1hcHBl ZCwgYW5kIHdlIGRvbid0IGhhdmUgYW55dGhpbmcgbGlrZSBLUFRJIHRoZXJlLgoKTWF5YmUgdGhl IHNhdmluZyBncmFjZSBpcyB0aGF0IEVMMiBhbmQgRUwyJjAgYXJlIGRpZmZlcmVudCB0cmFuc2xh dGlvbgpyZWdpbWVzIGZyb20gRUwxJjAsIGJ1dCB0aGVyZSdzIG5vdGhpbmcgaW4gdGhlIGNvbW1p dCBtZXNzYWdlIHRoYXQKaW5kaWNhdGVzIGl0LiBBcyBmb3IgRUwxLXRvLUVMMSBsZWFrcywgaXQg YWdhaW4gY29tcGxldGVseSBkZXBlbmRzIG9uCmhvdyB0aGUgVExCcyBhcmUgdGFnZ2VkLgoKWW91 J2QgaG9wZSB0aGF0IGhhdmluZyBkaWZmZXJlbnQgVk1JRHMgd291bGQgc2F2ZSB0aGUgYmFjb24s IGJ1dCBpZgp5b3UgY2FuIGxlYWsgRUwxIHRyYW5zbGF0aW9ucyBpbnRvIEVMMCwgaXQgbWVhbnMg dGhhdCB0aGUgYXNzb2NpYXRlZApwZXJtaXNzaW9uIGFuZC9vciB0YWdzIGRvIG5vdCBjb250YWlu IGFsbCB0aGUgcmVxdWlyZWQgaW5mb3JtYXRpb24uLi4KCglNLgoKLS0gCldpdGhvdXQgZGV2aWF0 aW9uIGZyb20gdGhlIG5vcm0sIHByb2dyZXNzIGlzIG5vdCBwb3NzaWJsZS4KCl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4LWFybS1rZXJuZWwgbWFp bGluZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlz dHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK