From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0BF5AC3DA6D for ; Tue, 20 May 2025 16:16:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+bA5hB3P244m3E1IkxB45PPLYHEAFdiborJEATZb2e4=; b=OZCH4wnjrZxTfgaAoYCRhvAIjn Z6kUhckUynRqn7N/LmmMkDY7ee5EXhXJs+b7NJav1EHZ5Uye4blrcrhGrCwxUmfmLyejyi8VefAao s0K19tp4C5PyEJ7HIygV60RTrC3h5iqkTG3C/3/chQHJ69U/3Y+Kz7nQDLiFKpmqxn5PzxZh0CvTJ f5cdw2LwdrH+zeX04VtOfXBDbnh3oHMJnayzxvxvVhg9RWVR884WkRAkX0uisphyKAmqjMBdzFKjh DI7XqeUdqSqSMnA0FJFAe1NDW1mtBQr0o+uFD841Z7NPJMT/7toQJ7QoiI6kKzDS8KeeGSr7Dj/IG B8TFKjTQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1uHPe6-0000000DUI8-1TNk; Tue, 20 May 2025 16:16:50 +0000 Received: from sea.source.kernel.org ([2600:3c0a:e001:78e:0:1991:8:25]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1uHP1I-0000000DNDC-0Dxl for linux-arm-kernel@lists.infradead.org; Tue, 20 May 2025 15:36:45 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id BEEFF452D2; Tue, 20 May 2025 15:36:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A1CAC4CEE9; Tue, 20 May 2025 15:36:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1747755403; bh=Conk5wmTRBFgJqeOey3vIZLSaIYd1LtCQeoGQUNeNO8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=MypPgrEl0zXVAW6TJEV5KlrD7m47IwuWJGbKb32pXOJXKfBv3t6hHNu70Pqsejp8P /8gUMVYI9IVDWM9LBQYBbMDRiN6bSRcwwndsU4FhJ4RhtFAZ6gHO2jhkhuIF6uONAn rwstbVffTJlSYhqu3UISHizcLzhhsYY/7+fI9UqaxtEcpTgfqq/eBXyZPfLSVnYBhh Lili5GN+9HzOMg1rCLwZaH78zgBVeK8X69eacgDi4J0zvJH55t2aopAgGY0d3ng0z8 VctSg/jelKqI1g+vrOTo3KhqckJIQc+nqWFWM06y3REsXmNzzJYeL5ukDonEDDOVAg hX+uvfbyyzxmg== Date: Tue, 20 May 2025 16:36:39 +0100 From: Will Deacon To: Ada Couprie Diaz Cc: linux-arm-kernel@lists.infradead.org, Catalin Marinas , Mark Rutland , "Luis Claudio R. Goncalves" , Sebastian Andrzej Siewior Subject: Re: [PATCH v2 06/11] arm64: debug: split hardware breakpoint exeception entry Message-ID: <20250520153638.GF18901@willie-the-truck> References: <20250512174326.133905-1-ada.coupriediaz@arm.com> <20250512174326.133905-7-ada.coupriediaz@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250512174326.133905-7-ada.coupriediaz@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250520_083644_139102_2C2819F8 X-CRM114-Status: GOOD ( 25.62 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org nit: typo in $subject ("exeception"). On Mon, May 12, 2025 at 06:43:21PM +0100, Ada Couprie Diaz wrote: > Currently all debug exceptions share common entry code and are routed > to `do_debug_exception()`, which calls dynamically-registered > handlers for each specific debug exception. This is unfortunate as > different debug exceptions have different entry handling requirements, > and it would be better to handle these distinct requirements earlier. > > Hardware breakpoints exceptions are generated by the hardware after user > configuration. As such, they can be exploited when training branch > predictors outisde of the userspace VA range: they still need to call "outisde" > `arm64_apply_bp_hardening()` if needed to mitigate against this attack. > Move the call to `arm64_apply_bp_hardening()` to `entry-common.c` as > it is needed for exceptions coming from EL0 only. > > However, they do not need to handle the Cortex-A76 erratum #1463225 as > it only applies to single stepping exceptions. > It does not set an address in FAR_EL1 either, only the hardware > watchpoint does. > > Split the hardware breakpoint exception entry, adjust > the function signature, and handling of the Cortex-A76 erratum to fit > the behaviour of the exception. > > Signed-off-by: Ada Couprie Diaz > --- > arch/arm64/include/asm/exception.h | 1 + > arch/arm64/kernel/entry-common.c | 28 ++++++++++++++++++++++++++++ > arch/arm64/kernel/hw_breakpoint.c | 15 +++++++++++---- > 3 files changed, 40 insertions(+), 4 deletions(-) > > diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h > index d48fc16584cd..c593fe639697 100644 > --- a/arch/arm64/include/asm/exception.h > +++ b/arch/arm64/include/asm/exception.h > @@ -61,6 +61,7 @@ void do_el0_gcs(struct pt_regs *regs, unsigned long esr); > void do_el1_gcs(struct pt_regs *regs, unsigned long esr); > void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, > struct pt_regs *regs); > +void do_breakpoint(unsigned long esr, struct pt_regs *regs); > void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); > void do_sve_acc(unsigned long esr, struct pt_regs *regs); > void do_sme_acc(unsigned long esr, struct pt_regs *regs); > diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c > index 92d78b329e67..6ff52fc94da7 100644 > --- a/arch/arm64/kernel/entry-common.c > +++ b/arch/arm64/kernel/entry-common.c > @@ -503,6 +503,15 @@ static void noinstr el1_mops(struct pt_regs *regs, unsigned long esr) > exit_to_kernel_mode(regs); > } > > +static void noinstr el1_breakpt(struct pt_regs *regs, unsigned long esr) > +{ > + arm64_enter_el1_dbg(regs); > + debug_exception_enter(regs); > + do_breakpoint(esr, regs); > + debug_exception_exit(regs); > + arm64_exit_el1_dbg(regs); > +} > + > static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) > { > unsigned long far = read_sysreg(far_el1); > @@ -552,6 +561,8 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) > el1_mops(regs, esr); > break; > case ESR_ELx_EC_BREAKPT_CUR: > + el1_breakpt(regs, esr); > + break; > case ESR_ELx_EC_SOFTSTP_CUR: > case ESR_ELx_EC_WATCHPT_CUR: > case ESR_ELx_EC_BRK64: > @@ -746,6 +757,19 @@ static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) > exit_to_user_mode(regs); > } > > +static void noinstr el0_breakpt(struct pt_regs *regs, unsigned long esr) > +{ > + if (!is_ttbr0_addr(regs->pc)) > + arm64_apply_bp_hardening(); I think this is a change in behaviour, as arm64_apply_bp_hardening() is now called before enter_from_user_mode() and debug_exception_enter(). Is that safe and intentional? Will