From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH -stable] arm64: mm: don't write garbage into TTBR1_EL1 register
Date: Mon, 26 Feb 2018 11:30:50 +0000 [thread overview]
Message-ID: <20180226113050.GE8736@arm.com> (raw)
In-Reply-To: <CAKv+Gu9rZEAk1RMUEk=7XCVVkLQ-chDu7GTGArCG0YeYcmx52w@mail.gmail.com>
On Sat, Feb 24, 2018 at 08:50:42AM +0000, Ard Biesheuvel wrote:
> On 24 February 2018 at 08:34, Greg KH <gregkh@linuxfoundation.org> wrote:
> > On Fri, Feb 23, 2018 at 06:29:02PM +0000, Ard Biesheuvel wrote:
> >> diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
> >> index 08572f95bd8a..2b473ddeb7a3 100644
> >> --- a/arch/arm64/mm/proc.S
> >> +++ b/arch/arm64/mm/proc.S
> >> @@ -155,7 +155,7 @@ ENDPROC(cpu_do_switch_mm)
> >>
> >> .macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
> >> adrp \tmp1, empty_zero_page
> >> - msr ttbr1_el1, \tmp2
> >> + msr ttbr1_el1, \tmp1
> >
> > I don't understand why this isn't also needed in Linus's tree. What
> > commit there prevents this from being required?
> >
>
> Linus's tree has
>
> +.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
> + adrp \tmp1, empty_zero_page
> + phys_to_ttbr \tmp1, \tmp2
> + msr ttbr1_el1, \tmp2
> + isb
> + tlbi vmalle1
> + dsb nsh
> + isb
> +.endm
>
> but phys_to_ttbr does not exist in the v4.15 and earlier trees (it is
> related to 52-bit physical address support which landed in v4.16), so
> it was removed for the backport. However, that means tmp2 is never
> assigned, and whatever was there is poked into the translation table
> base register.
Damnit, sorry again. I changed the argument order of phys_to_ttbr along
the way, so must've confused myself during the backporting exercise. It's
also one of those things that will lead to potential TLB corruption in rare
circumstances where the junk in TTBR1 ends up giving a valid translation,
so it didn't crop up in my testing. How did Nicolas see this? The bug
report I saw didn't look related.
> But let's wait for team-ARM to ack this in any case.
Acked-by: Will Deacon <will.deacon@arm.com>
Greg -- please can you apply this to the 4.14 and 4.15 stable trees?
Will
next prev parent reply other threads:[~2018-02-26 11:30 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-23 18:29 [PATCH -stable] arm64: mm: don't write garbage into TTBR1_EL1 register Ard Biesheuvel
2018-02-23 20:33 ` Nicolas Dechesne
2018-02-24 8:34 ` Greg KH
2018-02-24 8:49 ` Nicolas Dechesne
2018-02-24 8:50 ` Ard Biesheuvel
2018-02-26 11:30 ` Will Deacon [this message]
2018-02-26 11:37 ` Ard Biesheuvel
2018-02-28 10:23 ` Jan Glauber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180226113050.GE8736@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).