From: Catalin Marinas <catalin.marinas@arm.com>
To: Oliver Upton <oliver.upton@linux.dev>
Cc: kvmarm@lists.linux.dev, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>, Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
Darren Hart <darren@os.amperecomputing.com>,
D Scott Phillips <scott@os.amperecomputing.com>
Subject: Re: [PATCH 0/3] KVM: arm64: Work around Ampere1 erratum AC03_CPU_38
Date: Thu, 15 Jun 2023 09:36:14 +0100 [thread overview]
Message-ID: <ZIrNfh8ArloYtbem@arm.com> (raw)
In-Reply-To: <ZIpIAB5EOls/Io4+@linux.dev>
On Wed, Jun 14, 2023 at 11:06:40PM +0000, Oliver Upton wrote:
> Hey Catalin,
>
> On Wed, Jun 14, 2023 at 05:57:55PM +0100, Catalin Marinas wrote:
> > On Fri, Jun 09, 2023 at 10:01:01PM +0000, Oliver Upton wrote:
> > > Small series to work around a CPU erratum on AmpereOne. While the
> > > implementation does not advertise support for FEAT_HAFDBS (due to
> > > another erratum), the associated control bits do not have RES0 behavior
> > > as required by the architecture.
> > >
> > > Usage of HAFDBS at stage-1 is unaffected, since HA and HD are only
> > > enabled on implementations that advertise the feature. However, KVM
> > > relies on HA having RES0 semantics if the feature isn't implemented. The
> > > end result is that KVM enables a broken hardware access flag
> > > implementation that could lead to correctness issues.
> >
> > Just curious, what's the correctness issue here? The access flag is
> > mostly indicative of which pages are old for swapping out/discarding.
> > It's not like the dirty state which would be dangerous if we get wrong.
>
> I probably could have helped out by giving the full context.
>
> The software-observable behavior on this system is that the A or D
> updates could arrive after a PTE has been marked as invalid, which could
> corrupt software metadata stuffed into the page tables. We do exactly
> that at stage-2 in KVM for parallel fault handling, where a magic value
> indicates a PTE is being updated by another thread.
Ah, ok, that's dangerous indeed. Thanks for the details (you may want to
add them in the patch description or the erratum kconfig entry).
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Oliver Upton <oliver.upton@linux.dev>
Cc: kvmarm@lists.linux.dev, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>, Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
Darren Hart <darren@os.amperecomputing.com>,
D Scott Phillips <scott@os.amperecomputing.com>
Subject: Re: [PATCH 0/3] KVM: arm64: Work around Ampere1 erratum AC03_CPU_38
Date: Thu, 15 Jun 2023 09:36:14 +0100 [thread overview]
Message-ID: <ZIrNfh8ArloYtbem@arm.com> (raw)
In-Reply-To: <ZIpIAB5EOls/Io4+@linux.dev>
On Wed, Jun 14, 2023 at 11:06:40PM +0000, Oliver Upton wrote:
> Hey Catalin,
>
> On Wed, Jun 14, 2023 at 05:57:55PM +0100, Catalin Marinas wrote:
> > On Fri, Jun 09, 2023 at 10:01:01PM +0000, Oliver Upton wrote:
> > > Small series to work around a CPU erratum on AmpereOne. While the
> > > implementation does not advertise support for FEAT_HAFDBS (due to
> > > another erratum), the associated control bits do not have RES0 behavior
> > > as required by the architecture.
> > >
> > > Usage of HAFDBS at stage-1 is unaffected, since HA and HD are only
> > > enabled on implementations that advertise the feature. However, KVM
> > > relies on HA having RES0 semantics if the feature isn't implemented. The
> > > end result is that KVM enables a broken hardware access flag
> > > implementation that could lead to correctness issues.
> >
> > Just curious, what's the correctness issue here? The access flag is
> > mostly indicative of which pages are old for swapping out/discarding.
> > It's not like the dirty state which would be dangerous if we get wrong.
>
> I probably could have helped out by giving the full context.
>
> The software-observable behavior on this system is that the A or D
> updates could arrive after a PTE has been marked as invalid, which could
> corrupt software metadata stuffed into the page tables. We do exactly
> that at stage-2 in KVM for parallel fault handling, where a magic value
> indicates a PTE is being updated by another thread.
Ah, ok, that's dangerous indeed. Thanks for the details (you may want to
add them in the patch description or the erratum kconfig entry).
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-06-15 8:36 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-09 22:01 [PATCH 0/3] KVM: arm64: Work around Ampere1 erratum AC03_CPU_38 Oliver Upton
2023-06-09 22:01 ` Oliver Upton
2023-06-09 22:01 ` [PATCH 1/3] arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 Oliver Upton
2023-06-09 22:01 ` Oliver Upton
2023-06-14 16:58 ` Catalin Marinas
2023-06-14 16:58 ` Catalin Marinas
2023-06-14 17:15 ` D Scott Phillips
2023-06-14 17:15 ` D Scott Phillips
2023-06-09 22:01 ` [PATCH 2/3] KVM: arm64: Refactor HFGxTR configuration into separate helpers Oliver Upton
2023-06-09 22:01 ` Oliver Upton
2023-06-09 22:01 ` [PATCH 3/3] KVM: arm64: Prevent guests from enabling HA/HD on Ampere1 Oliver Upton
2023-06-09 22:01 ` Oliver Upton
2023-06-14 16:57 ` [PATCH 0/3] KVM: arm64: Work around Ampere1 erratum AC03_CPU_38 Catalin Marinas
2023-06-14 16:57 ` Catalin Marinas
2023-06-14 23:06 ` Oliver Upton
2023-06-14 23:06 ` Oliver Upton
2023-06-15 8:36 ` Catalin Marinas [this message]
2023-06-15 8:36 ` Catalin Marinas
2023-06-15 9:51 ` Marc Zyngier
2023-06-15 9:51 ` Marc Zyngier
2023-06-20 13:15 ` Oliver Upton
2023-06-20 13:15 ` Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZIrNfh8ArloYtbem@arm.com \
--to=catalin.marinas@arm.com \
--cc=darren@os.amperecomputing.com \
--cc=james.morse@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=scott@os.amperecomputing.com \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.