[PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
@ 2024-12-03 15:19 Catalin Marinas
  2024-12-03 16:22 ` Mark Rutland
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Catalin Marinas @ 2024-12-03 15:19 UTC (permalink / raw)
  To: linux-arm-kernel; +Cc: Will Deacon, Mark Rutland, Marc Zyngier, James Morse

Linux currently sets the TCR_EL1.AS bit unconditionally during CPU
bring-up. On an 8-bit ASID CPU, this is RES0 and ignored, otherwise
16-bit ASIDs are enabled. However, if running in a VM and the hypervisor
reports 8-bit ASIDs (ID_AA64MMFR0_EL1.ASIDBits == 0) on a 16-bit ASIDs
CPU, Linux uses bits 8 to 63 as a generation number for tracking old
process ASIDs. The bottom 8 bits of this generation end up being written
to TTBR1_EL1 and also used for the ASID-based TLBI operations as the
upper 8 bits of the ASID. Following an ASID roll-over event we can have
threads of the same application with the same 8-bit ASID but different
generation numbers running on separate CPUs. Both TLB caching and the
TLBI operations will end up using different actual 16-bit ASIDs for the
same process.

A similar scenario can happen in a big.LITTLE configuration if the boot
CPU only uses 8-bit ASIDs while secondary CPUs have 16-bit ASIDs.

Ensure that the ASID generation is only tracked by bits 16 and up,
leaving bits 15:8 as 0 if the kernel uses 8-bit ASIDs. Note that
clearing TCR_EL1.AS is not sufficient since the architecture requires
that the top 8 bits of the ASID passed to TLBI instructions are 0 rather
than ignored in such configuration.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: <stable@vger.kernel.org>
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: James Morse <james.morse@arm.com>
---
 arch/arm64/mm/context.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c
index 188197590fc9..b2ac06246327 100644
--- a/arch/arm64/mm/context.c
+++ b/arch/arm64/mm/context.c
@@ -32,9 +32,9 @@ static unsigned long nr_pinned_asids;
 static unsigned long *pinned_asid_map;

 #define ASID_MASK		(~GENMASK(asid_bits - 1, 0))
-#define ASID_FIRST_VERSION	(1UL << asid_bits)
+#define ASID_FIRST_VERSION	(1UL << 16)

-#define NUM_USER_ASIDS		ASID_FIRST_VERSION
+#define NUM_USER_ASIDS		(1UL << asid_bits)
 #define ctxid2asid(asid)	((asid) & ~ASID_MASK)
 #define asid2ctxid(asid, genid)	((asid) | (genid))

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
  2024-12-03 15:19 [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs Catalin Marinas
@ 2024-12-03 16:22 ` Mark Rutland
  2024-12-03 18:24 ` Marc Zyngier
  2024-12-05 18:22 ` Catalin Marinas
  2 siblings, 0 replies; 4+ messages in thread
From: Mark Rutland @ 2024-12-03 16:22 UTC (permalink / raw)
  To: Catalin Marinas; +Cc: linux-arm-kernel, Will Deacon, Marc Zyngier, James Morse

On Tue, Dec 03, 2024 at 03:19:41PM +0000, Catalin Marinas wrote:
> Linux currently sets the TCR_EL1.AS bit unconditionally during CPU
> bring-up. On an 8-bit ASID CPU, this is RES0 and ignored, otherwise
> 16-bit ASIDs are enabled. However, if running in a VM and the hypervisor
> reports 8-bit ASIDs (ID_AA64MMFR0_EL1.ASIDBits == 0) on a 16-bit ASIDs
> CPU, Linux uses bits 8 to 63 as a generation number for tracking old
> process ASIDs. The bottom 8 bits of this generation end up being written
> to TTBR1_EL1 and also used for the ASID-based TLBI operations as the
> upper 8 bits of the ASID. Following an ASID roll-over event we can have
> threads of the same application with the same 8-bit ASID but different
> generation numbers running on separate CPUs. Both TLB caching and the
> TLBI operations will end up using different actual 16-bit ASIDs for the
> same process.
> 
> A similar scenario can happen in a big.LITTLE configuration if the boot
> CPU only uses 8-bit ASIDs while secondary CPUs have 16-bit ASIDs.
> 
> Ensure that the ASID generation is only tracked by bits 16 and up,
> leaving bits 15:8 as 0 if the kernel uses 8-bit ASIDs. Note that
> clearing TCR_EL1.AS is not sufficient since the architecture requires
> that the top 8 bits of the ASID passed to TLBI instructions are 0 rather
> than ignored in such configuration.
> 
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> Cc: <stable@vger.kernel.org>
> Cc: Will Deacon <will@kernel.org>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Marc Zyngier <maz@kernel.org>
> Cc: James Morse <james.morse@arm.com>

Acked-by: Mark Rutland <mark.rutland@arm.com>

Mark.

> ---
>  arch/arm64/mm/context.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c
> index 188197590fc9..b2ac06246327 100644
> --- a/arch/arm64/mm/context.c
> +++ b/arch/arm64/mm/context.c
> @@ -32,9 +32,9 @@ static unsigned long nr_pinned_asids;
>  static unsigned long *pinned_asid_map;
>  
>  #define ASID_MASK		(~GENMASK(asid_bits - 1, 0))
> -#define ASID_FIRST_VERSION	(1UL << asid_bits)
> +#define ASID_FIRST_VERSION	(1UL << 16)
>  
> -#define NUM_USER_ASIDS		ASID_FIRST_VERSION
> +#define NUM_USER_ASIDS		(1UL << asid_bits)
>  #define ctxid2asid(asid)	((asid) & ~ASID_MASK)
>  #define asid2ctxid(asid, genid)	((asid) | (genid))
>  


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
  2024-12-03 15:19 [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs Catalin Marinas
  2024-12-03 16:22 ` Mark Rutland
@ 2024-12-03 18:24 ` Marc Zyngier
  2024-12-05 18:22 ` Catalin Marinas
  2 siblings, 0 replies; 4+ messages in thread
From: Marc Zyngier @ 2024-12-03 18:24 UTC (permalink / raw)
  To: Catalin Marinas; +Cc: linux-arm-kernel, Will Deacon, Mark Rutland, James Morse

On Tue, 03 Dec 2024 15:19:41 +0000,
Catalin Marinas <catalin.marinas@arm.com> wrote:
> 
> Linux currently sets the TCR_EL1.AS bit unconditionally during CPU
> bring-up. On an 8-bit ASID CPU, this is RES0 and ignored, otherwise
> 16-bit ASIDs are enabled. However, if running in a VM and the hypervisor
> reports 8-bit ASIDs (ID_AA64MMFR0_EL1.ASIDBits == 0) on a 16-bit ASIDs
> CPU, Linux uses bits 8 to 63 as a generation number for tracking old
> process ASIDs. The bottom 8 bits of this generation end up being written
> to TTBR1_EL1 and also used for the ASID-based TLBI operations as the
> upper 8 bits of the ASID. Following an ASID roll-over event we can have
> threads of the same application with the same 8-bit ASID but different
> generation numbers running on separate CPUs. Both TLB caching and the
> TLBI operations will end up using different actual 16-bit ASIDs for the
> same process.
> 
> A similar scenario can happen in a big.LITTLE configuration if the boot
> CPU only uses 8-bit ASIDs while secondary CPUs have 16-bit ASIDs.
> 
> Ensure that the ASID generation is only tracked by bits 16 and up,
> leaving bits 15:8 as 0 if the kernel uses 8-bit ASIDs. Note that
> clearing TCR_EL1.AS is not sufficient since the architecture requires
> that the top 8 bits of the ASID passed to TLBI instructions are 0 rather
> than ignored in such configuration.
> 
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> Cc: <stable@vger.kernel.org>
> Cc: Will Deacon <will@kernel.org>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Marc Zyngier <maz@kernel.org>
> Cc: James Morse <james.morse@arm.com>
> ---
>  arch/arm64/mm/context.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c
> index 188197590fc9..b2ac06246327 100644
> --- a/arch/arm64/mm/context.c
> +++ b/arch/arm64/mm/context.c
> @@ -32,9 +32,9 @@ static unsigned long nr_pinned_asids;
>  static unsigned long *pinned_asid_map;
>  
>  #define ASID_MASK		(~GENMASK(asid_bits - 1, 0))
> -#define ASID_FIRST_VERSION	(1UL << asid_bits)
> +#define ASID_FIRST_VERSION	(1UL << 16)
>  
> -#define NUM_USER_ASIDS		ASID_FIRST_VERSION
> +#define NUM_USER_ASIDS		(1UL << asid_bits)
>  #define ctxid2asid(asid)	((asid) & ~ASID_MASK)
>  #define asid2ctxid(asid, genid)	((asid) | (genid))

Acked-by: Marc Zyngier <maz@kernel.org>

In the light of this, I think we also need to prevent VM migration
from machines that have 8bit ASIDs to those that have 16bit ASIDs,
because lying to the guest is potentially deadly, for the exact
reasons outlined in the commit message.

I'll post something tomorrow.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
  2024-12-03 15:19 [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs Catalin Marinas
  2024-12-03 16:22 ` Mark Rutland
  2024-12-03 18:24 ` Marc Zyngier
@ 2024-12-05 18:22 ` Catalin Marinas
  2 siblings, 0 replies; 4+ messages in thread
From: Catalin Marinas @ 2024-12-05 18:22 UTC (permalink / raw)
  To: linux-arm-kernel, Catalin Marinas
  Cc: Will Deacon, Mark Rutland, Marc Zyngier, James Morse

On Tue, 03 Dec 2024 15:19:41 +0000, Catalin Marinas wrote:
> Linux currently sets the TCR_EL1.AS bit unconditionally during CPU
> bring-up. On an 8-bit ASID CPU, this is RES0 and ignored, otherwise
> 16-bit ASIDs are enabled. However, if running in a VM and the hypervisor
> reports 8-bit ASIDs (ID_AA64MMFR0_EL1.ASIDBits == 0) on a 16-bit ASIDs
> CPU, Linux uses bits 8 to 63 as a generation number for tracking old
> process ASIDs. The bottom 8 bits of this generation end up being written
> to TTBR1_EL1 and also used for the ASID-based TLBI operations as the
> upper 8 bits of the ASID. Following an ASID roll-over event we can have
> threads of the same application with the same 8-bit ASID but different
> generation numbers running on separate CPUs. Both TLB caching and the
> TLBI operations will end up using different actual 16-bit ASIDs for the
> same process.
> 
> [...]

Applied to arm64 (for-next/fixes), thanks!

[1/1] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
      https://git.kernel.org/arm64/c/c0900d15d31c

-- 
Catalin



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-12-05 18:23 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-03 15:19 [PATCH] arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs Catalin Marinas
2024-12-03 16:22 ` Mark Rutland
2024-12-03 18:24 ` Marc Zyngier
2024-12-05 18:22 ` Catalin Marinas

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).