* [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing
From: Suzuki K Poulose @ 2018-05-24 13:34 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180524113933.GA8689@arm.com>
On 24/05/18 12:39, Will Deacon wrote:
> On Thu, May 24, 2018 at 10:58:43AM +0100, Suzuki K Poulose wrote:
>> On 22/05/18 16:06, Marc Zyngier wrote:
>>> As for Spectre variant-2, we rely on SMCCC 1.1 to provide the
>>> discovery mechanism for detecting the SSBD mitigation.
>>>
>>> A new capability is also allocated for that purpose, and a
>>> config option.
>>>
>>> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
>>
>>
>>> +static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry,
>>> + int scope)
>>> +{
>>> + struct arm_smccc_res res;
>>> + bool supported = true;
>>> +
>>> + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
>>> +
>>> + if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
>>> + return false;
>>> +
>>> + /*
>>> + * The probe function return value is either negative
>>> + * (unsupported or mitigated), positive (unaffected), or zero
>>> + * (requires mitigation). We only need to do anything in the
>>> + * last case.
>>> + */
>>> + switch (psci_ops.conduit) {
>>> + case PSCI_CONDUIT_HVC:
>>> + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
>>> + ARM_SMCCC_ARCH_WORKAROUND_2, &res);
>>> + if ((int)res.a0 != 0)
>>> + supported = false;
>>> + break;
>>> +
>>> + case PSCI_CONDUIT_SMC:
>>> + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
>>> + ARM_SMCCC_ARCH_WORKAROUND_2, &res);
>>> + if ((int)res.a0 != 0)
>>> + supported = false;
>>> + break;
>>> +
>>> + default:
>>> + supported = false;
>>> + }
>>> +
>>> + if (supported) {
>>> + __this_cpu_write(arm64_ssbd_callback_required, 1);
>>> + do_ssbd(true);
>>> + }
>>
>>
>> Marc,
>>
>> As discussed, we have minor issue with the "corner case". If a CPU
>> is hotplugged in which requires the mitigation, after the system has
>> finalised the cap to "not available", the CPU could go ahead and
>> do the "work around" as above, while not effectively doing anything
>> about it at runtime for KVM guests (as thats the only place where
>> we rely on the CAP being set).
>>
>> But, yes this is real corner case. There is no easy way to solve it
>> other than
>>
>> 1) Allow late modifications to CPU hwcaps
>>
>> OR
>>
>> 2) Penalise the fastpath to always check per-cpu setting.
>
> Shouldn't we just avoid bring up CPUs that require the mitigation after
> we've finalised the capability to say that it's not required? Assuming this
> is just another issue with maxcpus=, then I don't much care for it.
Ah! Sorry, yes we do kill the CPU. But it is just that it will set the
ssbd_callback_required flag and issue the do_ssbd(), which is not an issue.
Yes this can only be triggered by maxcpus=.
Suzuki
^ permalink raw reply
* [PATCH 1/5] Documentation: DT: Add optional 'timeout-sec' property for sp805
From: Robin Murphy @ 2018-05-24 13:25 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180523181058.GC27570@roeck-us.net>
On 23/05/18 19:10, Guenter Roeck wrote:
> On Wed, May 23, 2018 at 11:57:25AM +0100, Robin Murphy wrote:
>> On 22/05/18 19:47, Ray Jui wrote:
>>> Update the SP805 binding document to add optional 'timeout-sec'
>>> devicetree property
>>>
>>> Signed-off-by: Ray Jui <ray.jui@broadcom.com>
>>> Reviewed-by: Scott Branden <scott.branden@broadcom.com>
>>> ---
>>> Documentation/devicetree/bindings/watchdog/sp805-wdt.txt | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/Documentation/devicetree/bindings/watchdog/sp805-wdt.txt b/Documentation/devicetree/bindings/watchdog/sp805-wdt.txt
>>> index edc4f0e..f898a86 100644
>>> --- a/Documentation/devicetree/bindings/watchdog/sp805-wdt.txt
>>> +++ b/Documentation/devicetree/bindings/watchdog/sp805-wdt.txt
>>> @@ -19,6 +19,8 @@ Required properties:
>>> Optional properties:
>>> - interrupts : Should specify WDT interrupt number.
>>> +- timeout-sec : Should specify default WDT timeout in seconds. If unset, the
>>> + default timeout is 30 seconds
>>
>> According to the SP805 TRM, the default interval is dependent on the rate of
>> WDOGCLK, but would typically be a lot longer than that :/
>>
> Depends on the definition of "default". In the context of watchdog drivers,
> it is (or should be) a driver default, not a chip default.
DT describes hardware, not driver behaviour.
I appreciate that where a timeout *is* specified, that is effectively a
hardware aspect even if it's something an OS consuming the binding still
has to voluntarily program into the device. The notion of "this is the
longest period of time for which you can reasonably expect to see no
activity under normal operation" is indeed a property of the platform as
a whole - a system with user-accessible PCIe slots may need to reflect
the worst case of one CPU waiting for an ATS invalidation timeout with
interrupts disabled, whereas a much shorter period might be appropriate
for the same SoC in some closed-down embedded device.
The absence of the property, though, doesn't convey anything other than
"I don't know" and/or "it doesn't really matter", and in that situation
the default is always going to be "whatever the OS thinks is
appropriate". The binding itself can't possibly know, whereas an OS
might be configured for some pseudo-real-time application which it knows
warrants a maximum of 100ms regardless of what the DT does or doesn't
say. In the case of SP805, if the OS doesn't reconfigure it at all,
there happens to be an actual hardware default of (2^32 / WDOGCLK), but
since that's already implicit in the compatible it doesn't really need
saying either.
Optional properties don't need to explicitly state what their absence
might infer, especially when it's not directly meaningful (just imagine
trying to do that for bindings/regulator/regulator.txt...), so I would
suggest following the 93% of existing bindings which simply don't try to
claim some default value for this property.
I also think the fact that, within the context of this patch series, the
Linux driver doesn't even do what the binding claims only goes to help
make my point ;)
Robin.
^ permalink raw reply
* [GIT PULL] Rockchip driver updates for 4.18 round 2
From: Heiko Stuebner @ 2018-05-24 13:20 UTC (permalink / raw)
To: linux-arm-kernel
Hi Arnd, Kevin Olof,
please find below a second pull request for Rockchip-specific drivers,
adding power-domain support for some more socs on top of the
previous git tag.
If it looks ok, please pull
Heiko
The following changes since commit 9e59c5f66c624b43c766a9fe3b2430e0e976bf0e:
soc: rockchip: power-domain: Fix wrong value when power up pd with writemask (2018-05-14 11:53:26 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git tags/v4.18-rockchip-drivers-2
for you to fetch changes up to 9bdf401bf49eddba98ae36f7243b888d43496bd6:
soc: rockchip: power-domain: add power domain support for px30 (2018-05-23 20:47:57 +0200)
----------------------------------------------------------------
Power-domain support for Rockchip socs px30, rk3128, rk3228 and rk3036.
----------------------------------------------------------------
Caesar Wang (3):
dt-bindings: power: add RK3036 SoCs header for power-domain
dt-bindings: power: add binding for rk3036 power domains
soc: rockchip: power-domain: add power domain support for rk3036
Elaine Zhang (6):
dt-bindings: power: add RK3128 SoCs header for power-domain
dt-bindings: power: add binding for rk3128 power domains
soc: rockchip: power-domain: add power domain support for rk3128
dt-bindings: power: add RK3228 SoCs header for power-domain
dt-bindings: power: add binding for rk3228 power domains
soc: rockchip: power-domain: add power domain support for rk3228
Finley Xiao (3):
dt-bindings: power: add PX30 SoCs header for power-domain
dt-bindings: power: add binding for px30 power domains
soc: rockchip: power-domain: add power domain support for px30
.../bindings/soc/rockchip/power_domain.txt | 12 +++
drivers/soc/rockchip/pm_domains.c | 115 +++++++++++++++++++++
include/dt-bindings/power/px30-power.h | 27 +++++
include/dt-bindings/power/rk3036-power.h | 13 +++
include/dt-bindings/power/rk3128-power.h | 14 +++
include/dt-bindings/power/rk3228-power.h | 21 ++++
6 files changed, 202 insertions(+)
create mode 100644 include/dt-bindings/power/px30-power.h
create mode 100644 include/dt-bindings/power/rk3036-power.h
create mode 100644 include/dt-bindings/power/rk3128-power.h
create mode 100644 include/dt-bindings/power/rk3228-power.h
^ permalink raw reply
* [PATCH 3/3] arm64: dts: renesas: r8a7795: add ccree binding
From: Gilad Ben-Yossef @ 2018-05-24 13:20 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <CAMuHMdX-t8WfjRKpZ7UxXBbBNojsn-8z7_BM9grmLJcf=9Ks2Q@mail.gmail.com>
On Tue, May 22, 2018 at 10:48 AM, Geert Uytterhoeven
<geert@linux-m68k.org> wrote:
> Hi Gilad,
>
> On Mon, May 21, 2018 at 3:43 PM, Gilad Ben-Yossef <gilad@benyossef.com> wrote:
>> On Thu, May 17, 2018 at 1:16 PM, Geert Uytterhoeven
>> <geert@linux-m68k.org> wrote:
>>> Indeed. From a quick glance, it looks like drivers/crypto/ccree/cc_driver.c
>>> does not distinguish between the absence of the clock property, and an
>>> actual error in getting the clock, and never considers any error a failure
>>> (incl. -PROBE_DEFER).
>>>
>>> As of_clk_get() returns -ENOENT for both a missing clock property and a
>>> missing clock, you should use (devm_)clk_get() instead, and distinguish
>>> between NULL (no clock property) and IS_ERR() (actual failure -> abort).
>>
>> I was trying to do as you suggested but I didn't quite get what is the
>> dev_id (2nd) parameter to devm_clk_get parameter is supposed to be.
>
> It's the (optional) name of the clock, helpful in case there is more than one.
> In your case, NULL is fine.
>
I have assumed as much and tried it, it did not work and so I assumed
I am missing something and asked you.
It turns out I was missing the fact I was using the wrong device tree
file... :-(
So thanks, it works now :-)
Having said that, while using devm)clk_get() is a better approach, it
does not seems to distinguish
between no "clocks" and a failure to clock information - it returns
ENOENT in both cases as well.
Thanks,
Gilad
--
Gilad Ben-Yossef
Chief Coffee Drinker
"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
-- Jean-Baptiste Queru
^ permalink raw reply
* [PATCH 3/3] ARM: dts: k2e: add dts node for k2e hw_rng driver
From: Vitaly Andrianov @ 2018-05-24 13:12 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <1527167538-29837-1-git-send-email-vitalya@ti.com>
This patch adds dts node for k2e hw_random generator driver
Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
---
arch/arm/boot/dts/keystone-k2e-netcp.dtsi | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/arch/arm/boot/dts/keystone-k2e-netcp.dtsi b/arch/arm/boot/dts/keystone-k2e-netcp.dtsi
index a17311c..1db17ec 100644
--- a/arch/arm/boot/dts/keystone-k2e-netcp.dtsi
+++ b/arch/arm/boot/dts/keystone-k2e-netcp.dtsi
@@ -225,3 +225,23 @@ netcp: netcp at 24000000 {
};
};
};
+
+sa_subsys: subsys at 24080000 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+ compatible = "simple-bus";
+ ranges = <0 0x24080000 0x40000>;
+
+ sa_config: subsys at 0 {
+ compatible = "syscon";
+ reg = <0x0 0x100>;
+ };
+
+ rng at 24000 {
+ compatible = "ti,keystone-rng";
+ reg = <0x24000 0x1000>;
+ ti,syscon-sa-cfg = <&sa_config>;
+ clocks = <&clksa>;
+ clock-names = "fck";
+ };
+};
--
2.7.4
^ permalink raw reply related
* [PATCH 2/3] ARM: dts: k2l: add dts node for k2l hw_rng driver
From: Vitaly Andrianov @ 2018-05-24 13:12 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <1527167538-29837-1-git-send-email-vitalya@ti.com>
This patch adds dts node for k2l hw_random generator driver
Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
[t-kristo at ti.com: added missing addresses from node identifiers]
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
---
arch/arm/boot/dts/keystone-k2l-netcp.dtsi | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/arch/arm/boot/dts/keystone-k2l-netcp.dtsi b/arch/arm/boot/dts/keystone-k2l-netcp.dtsi
index 9ec8422..a2e47ba 100644
--- a/arch/arm/boot/dts/keystone-k2l-netcp.dtsi
+++ b/arch/arm/boot/dts/keystone-k2l-netcp.dtsi
@@ -208,3 +208,23 @@ netcp: netcp at 26000000 {
};
};
};
+
+sa_subsys: subsys at 26080000 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+ compatible = "simple-bus";
+ ranges = <0 0x26080000 0x40000>;
+
+ sa_config: subsys at 0 {
+ compatible = "syscon";
+ reg = <0x0 0x100>;
+ };
+
+ rng at 24000 {
+ compatible = "ti,keystone-rng";
+ reg = <0x24000 0x1000>;
+ ti,syscon-sa-cfg = <&sa_config>;
+ clocks = <&clksa>;
+ clock-names = "fck";
+ };
+};
--
2.7.4
^ permalink raw reply related
* [PATCH 1/3] ARM: dts: k2hk: add dts node for k2hk hw_rng driver
From: Vitaly Andrianov @ 2018-05-24 13:12 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <1527167538-29837-1-git-send-email-vitalya@ti.com>
This patch adds dts node for k2hk hw_random generator driver
Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
[t-kristo at ti.com: added missing addresses from node identifiers]
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
---
arch/arm/boot/dts/keystone-k2hk-netcp.dtsi | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/arch/arm/boot/dts/keystone-k2hk-netcp.dtsi b/arch/arm/boot/dts/keystone-k2hk-netcp.dtsi
index b88c068..e203145 100644
--- a/arch/arm/boot/dts/keystone-k2hk-netcp.dtsi
+++ b/arch/arm/boot/dts/keystone-k2hk-netcp.dtsi
@@ -228,3 +228,23 @@ netcp: netcp at 2000000 {
};
};
};
+
+sa_subsys: subsys at 20c0000 {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges = <0 0x20c0000 0x40000>;
+
+ sa_config: subsys at 0 {
+ compatible = "syscon";
+ reg = <0x0 0x100>;
+ };
+
+ rng at 24000 {
+ compatible = "ti,keystone-rng";
+ reg = <0x24000 0x1000>;
+ ti,syscon-sa-cfg = <&sa_config>;
+ clocks = <&clksa>;
+ clock-names = "fck";
+ };
+};
--
2.7.4
^ permalink raw reply related
* [PATCH 0/3] Dts nodes for Keystone2 hw_rng driver
From: Vitaly Andrianov @ 2018-05-24 13:12 UTC (permalink / raw)
To: linux-arm-kernel
This series adds dts nodes for Keystone2 hw_rng driver
Vitaly Andrianov (3):
ARM: dts: k2hk: add dts node for k2hk hw_rng driver
ARM: dts: k2l: add dts node for k2l hw_rng driver
ARM: dts: k2e: add dts node for k2e hw_rng driver
arch/arm/boot/dts/keystone-k2e-netcp.dtsi | 20 ++++++++++++++++++++
arch/arm/boot/dts/keystone-k2hk-netcp.dtsi | 20 ++++++++++++++++++++
arch/arm/boot/dts/keystone-k2l-netcp.dtsi | 20 ++++++++++++++++++++
3 files changed, 60 insertions(+)
--
2.7.4
^ permalink raw reply
* [PATCH 6/9] asm-generic/bitops/atomic.h: Rewrite using atomic_fetch_*
From: Mark Rutland @ 2018-05-24 13:09 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180524124734.GE8689@arm.com>
On Thu, May 24, 2018 at 01:47:39PM +0100, Will Deacon wrote:
> On Thu, May 24, 2018 at 02:44:10PM +0200, Peter Zijlstra wrote:
> > On Thu, May 24, 2018 at 11:59:43AM +0100, Will Deacon wrote:
> > > +static inline void set_bit(unsigned int nr, volatile unsigned long *p)
> > > {
> > > + p += BIT_WORD(nr);
> > > + atomic_long_fetch_or_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> > > }
> > >
> > > +static inline void clear_bit(unsigned int nr, volatile unsigned long *p)
> > > {
> > > + p += BIT_WORD(nr);
> > > + atomic_long_fetch_andnot_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> > > }
> > >
> > > +static inline void change_bit(unsigned int nr, volatile unsigned long *p)
> > > {
> > > + p += BIT_WORD(nr);
> > > + atomic_long_fetch_xor_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> > > }
> >
> > Why use the fetch variants here?
>
> I noticed the same thing just now; I'll drop that and just use the
> non-value-returning variants. It's shame that I can't do the same for
> the lock.h unlock code, but we don't have non-returning release variants.
As an aside, If I complete the autogeneration stuff, it'll be possible
to generate those. I split out the necessary barriers in [1], but I
still have a lot of other preparatory cleanup to do.
IIUC, the void-returning atomic ops are relaxed, so trying to unify that
with the usual rule that no suffix means fence will slow things down
unless we want to do a treewide substitition to fixup for that.
Thanks,
Mark.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/commit/?h=atomics/api-unification&id=c6b9ff2627d06776e427a7f1a7f83caeff3db536
^ permalink raw reply
* [PATCH V2] PCI/portdrv: do not disable device on reboot/shutdown
From: Bjorn Helgaas @ 2018-05-24 13:07 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <82656e20-e821-1944-3399-1667ceb27719@codeaurora.org>
On Thu, May 24, 2018 at 07:43:05AM -0400, Sinan Kaya wrote:
> On 5/23/2018 6:57 PM, Sinan Kaya wrote:
> >> The crash seems to indicate that the hpsa device attempted a DMA after
> >> we cleared the Root Port's PCI_COMMAND_MASTER, which means
> >> hpsa_shutdown() didn't stop DMA from the device (it looks like *most*
> >> shutdown methods don't disable device DMA, so it's in good company).
> > All drivers are expected to shutdown DMA and interrupts in their shutdown()
> > routines. They can skip removing threads, data structures etc. but DMA and
> > interrupt disabling are required. This is the difference between shutdown()
> > and remove() callbacks.
>
> I found this note yesterday to see why we are not disabling the
> devices in the PCI core itself.
>
> pci_device_remove()
>
> /*
> * We would love to complain here if pci_dev->is_enabled is set, that
> * the driver should have called pci_disable_device(), but the
> * unfortunate fact is there are too many odd BIOS and bridge setups
> * that don't like drivers doing that all of the time.
> * Oh well, we can dream of sane hardware when we sleep, no matter how
> * horrible the crap we have to deal with is when we are awake...
> */
>
> Ryan, can you discard the previous patch and test this one instead?
> remove() path in hpsa driver seems to call pci_disable_device() via
>
> hpsa_remove_one()
> hpsa_free_pci_init()
>
> but nothing on the shutdown path.
>
> diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
> index 4ed3d26..3823f04 100644
> --- a/drivers/scsi/hpsa.c
> +++ b/drivers/scsi/hpsa.c
> @@ -8651,6 +8651,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
> h->access.set_intr_mask(h, HPSA_INTR_OFF);
> hpsa_free_irqs(h); /* init_one 4 */
> hpsa_disable_interrupt_mode(h); /* pci_init 2 */
> + pci_disable_device(h->pdev);
> }
I suspect this will make things "work" (if the device can't attempt
DMA, no Unsupported Request error will occur).
But I'm concerned that the reason for the DMA might that hpsa is
transferring buffers from system memory to the hpsa device, and if we
arbitrarily terminate those transfers with pci_disable_device(), we
may leave the hpsa device in an inconsistent state, e.g., with a dirty
filesystem.
But we really need guidance from an hpsa expert. I don't know the
filesystem/SCSI/hpsa details.
Bjorn
^ permalink raw reply
* [PATCH 09/14] ARM: spectre-v2: add PSCI based hardening
From: Russell King - ARM Linux @ 2018-05-24 13:04 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <dcd72fc1-4ec3-217e-30ed-00c6b6b2a122@arm.com>
On Thu, May 24, 2018 at 01:49:51PM +0100, Marc Zyngier wrote:
> On 24/05/18 13:30, Russell King - ARM Linux wrote:
> > On Thu, May 24, 2018 at 01:03:50PM +0100, Marc Zyngier wrote:
> >> On 23/05/18 20:45, Russell King - ARM Linux wrote:
> >>> On Tue, May 22, 2018 at 06:24:13PM +0100, Marc Zyngier wrote:
> >>>> On 21/05/18 12:45, Russell King wrote:
> >>>>> +#ifdef CONFIG_ARM_PSCI
> >>>>> + if (psci_ops.smccc_version != SMCCC_VERSION_1_0) {
> >>>>> + struct arm_smccc_res res;
> >>>>> +
> >>>>> + switch (psci_ops.conduit) {
> >>>>> + case PSCI_CONDUIT_HVC:
> >>>>> + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
> >>>>> + ARM_SMCCC_ARCH_WORKAROUND_1, &res);
> >>>>> + if ((int)res.a0 < 0)
> >>>>> + break;
> >>>>
> >>>> I just realised that there is a small, but significant difference
> >>>> between this and the arm64 version: On arm64, we have a table of
> >>>> vulnerable implementations, and we try the mitigation on a per-cpu
> >>>> basis. Here, you entirely rely on the firmware to discover whether the
> >>>> CPU needs mitigation or not. You then need to check for a return value
> >>>> of 1, which indicates that although the mitigation is implemented, it is
> >>>> not required on this particular CPU.
> >>>
> >>> Okay, so digging further into the documentation seems to suggest that we
> >>> only need to check the firmware for A72 and A57 CPUs, and given this
> >>> statement:
> >>>
> >>> "Arm recommends that the caller only call this on PEs for which a
> >>> firmware based mitigation of CVE-2017-5715 is required, or where
> >>> a local workaround is infeasible."
> >>>
> >>> it seems that the right answer is to ignore the PSCI based methods when
> >>> we have anything but these CPUs. Do you agree?
> >>
> >> For CPUs that are produced by ARM, I agree. I don't know about CPUs
> >> produced by ARM licensees though, so I'd rather use the opposite logic:
> >> Use the firmware unless the CPU is one of those that can be easily
> >> mitigated at EL1 (or isn't affected).
> >
> > The "or isn't affected" is the difficult bit - I guess we could match
> > on the CPU vendor field though, and just reject all ARM CPUs that
> > aren't explicitly listed as having a problem.
>
> That seems sensible. ARM has published an exhaustive status for all its
> cores, which we can trust. For architecture licensees, I'm not aware of
> such a list, but I'd expect them to communicate one if they were affected.
It's not that simple - there's an exhaustive list for those affected
cores, but it says that cores which aren't listed are unaffected.
If we want to explicitly list each core, we need a complete list of
both affected and unaffected cores to ensure that none are missed.
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 8.8Mbps down 630kbps up
According to speedtest.net: 8.21Mbps down 510kbps up
^ permalink raw reply
* [PATCH 09/14] ARM: spectre-v2: add PSCI based hardening
From: Marc Zyngier @ 2018-05-24 12:49 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180524123049.GY17671@n2100.armlinux.org.uk>
On 24/05/18 13:30, Russell King - ARM Linux wrote:
> On Thu, May 24, 2018 at 01:03:50PM +0100, Marc Zyngier wrote:
>> On 23/05/18 20:45, Russell King - ARM Linux wrote:
>>> On Tue, May 22, 2018 at 06:24:13PM +0100, Marc Zyngier wrote:
>>>> On 21/05/18 12:45, Russell King wrote:
>>>>> +#ifdef CONFIG_ARM_PSCI
>>>>> + if (psci_ops.smccc_version != SMCCC_VERSION_1_0) {
>>>>> + struct arm_smccc_res res;
>>>>> +
>>>>> + switch (psci_ops.conduit) {
>>>>> + case PSCI_CONDUIT_HVC:
>>>>> + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
>>>>> + ARM_SMCCC_ARCH_WORKAROUND_1, &res);
>>>>> + if ((int)res.a0 < 0)
>>>>> + break;
>>>>
>>>> I just realised that there is a small, but significant difference
>>>> between this and the arm64 version: On arm64, we have a table of
>>>> vulnerable implementations, and we try the mitigation on a per-cpu
>>>> basis. Here, you entirely rely on the firmware to discover whether the
>>>> CPU needs mitigation or not. You then need to check for a return value
>>>> of 1, which indicates that although the mitigation is implemented, it is
>>>> not required on this particular CPU.
>>>
>>> Okay, so digging further into the documentation seems to suggest that we
>>> only need to check the firmware for A72 and A57 CPUs, and given this
>>> statement:
>>>
>>> "Arm recommends that the caller only call this on PEs for which a
>>> firmware based mitigation of CVE-2017-5715 is required, or where
>>> a local workaround is infeasible."
>>>
>>> it seems that the right answer is to ignore the PSCI based methods when
>>> we have anything but these CPUs. Do you agree?
>>
>> For CPUs that are produced by ARM, I agree. I don't know about CPUs
>> produced by ARM licensees though, so I'd rather use the opposite logic:
>> Use the firmware unless the CPU is one of those that can be easily
>> mitigated at EL1 (or isn't affected).
>
> The "or isn't affected" is the difficult bit - I guess we could match
> on the CPU vendor field though, and just reject all ARM CPUs that
> aren't explicitly listed as having a problem.
That seems sensible. ARM has published an exhaustive status for all its
cores, which we can trust. For architecture licensees, I'm not aware of
such a list, but I'd expect them to communicate one if they were affected.
Thanks,
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply
* [PATCH v4 2/2] arm64: signal: Report signal frame size to userspace via auxv
From: Will Deacon @ 2018-05-24 12:49 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <1527097616-25214-3-git-send-email-Dave.Martin@arm.com>
On Wed, May 23, 2018 at 06:46:56PM +0100, Dave Martin wrote:
> Stateful CPU architecture extensions may require the signal frame
> to grow to a size that exceeds the arch's MINSIGSTKSZ #define.
> However, changing this #define is an ABI break.
>
> To allow userspace the option of determining the signal frame size
> in a more forwards-compatible way, this patch adds a new auxv entry
> tagged with AT_MINSIGSTKSZ, which provides the maximum signal frame
> size that the process can observe during its lifetime.
>
> If AT_MINSIGSTKSZ is absent from the aux vector, the caller can
> assume that the MINSIGSTKSZ #define is sufficient. This allows for
> a consistent interface with older kernels that do not provide
> AT_MINSIGSTKSZ.
>
> The idea is that libc could expose this via sysconf() or some
> similar mechanism.
>
> There is deliberately no AT_SIGSTKSZ. The kernel knows nothing
> about userspace's own stack overheads and should not pretend to
> know.
[...]
> diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
> index fac1c4d..9c18f0e 100644
> --- a/arch/arm64/include/asm/elf.h
> +++ b/arch/arm64/include/asm/elf.h
> @@ -121,6 +121,9 @@
>
> #ifndef __ASSEMBLY__
>
> +#include <linux/bug.h>
> +#include <asm/processor.h> /* for signal_minsigstksz, used by ARCH_DLINFO */
> +
> typedef unsigned long elf_greg_t;
>
> #define ELF_NGREG (sizeof(struct user_pt_regs) / sizeof(elf_greg_t))
> @@ -148,6 +151,14 @@ typedef struct user_fpsimd_state elf_fpregset_t;
> do { \
> NEW_AUX_ENT(AT_SYSINFO_EHDR, \
> (elf_addr_t)current->mm->context.vdso); \
> + \
> + /* \
> + * Should always be nonzero unless there's a kernel bug. If \
> + * the we haven't determined a sensible value to give to \
"If the we"?
> + * userspace, omit the entry: \
> + */ \
> + if (likely(signal_minsigstksz)) \
> + NEW_AUX_ENT(AT_MINSIGSTKSZ, signal_minsigstksz); \
> } while (0)
>
> #define ARCH_HAS_SETUP_ADDITIONAL_PAGES
> diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> index 7675989..65ab83e 100644
> --- a/arch/arm64/include/asm/processor.h
> +++ b/arch/arm64/include/asm/processor.h
> @@ -35,6 +35,8 @@
> #ifdef __KERNEL__
>
> #include <linux/build_bug.h>
> +#include <linux/cache.h>
> +#include <linux/init.h>
> #include <linux/stddef.h>
> #include <linux/string.h>
>
> @@ -244,6 +246,9 @@ void cpu_enable_pan(const struct arm64_cpu_capabilities *__unused);
> void cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused);
> void cpu_clear_disr(const struct arm64_cpu_capabilities *__unused);
>
> +extern unsigned long __ro_after_init signal_minsigstksz; /* sigframe size */
> +extern void __init minsigstksz_setup(void);
> +
> /* Userspace interface for PR_SVE_{SET,GET}_VL prctl()s: */
> #define SVE_SET_VL(arg) sve_set_current_vl(arg)
> #define SVE_GET_VL() sve_get_current_vl()
> diff --git a/arch/arm64/include/uapi/asm/auxvec.h b/arch/arm64/include/uapi/asm/auxvec.h
> index ec0a86d..743c0b8 100644
> --- a/arch/arm64/include/uapi/asm/auxvec.h
> +++ b/arch/arm64/include/uapi/asm/auxvec.h
> @@ -19,7 +19,8 @@
>
> /* vDSO location */
> #define AT_SYSINFO_EHDR 33
> +#define AT_MINSIGSTKSZ 51 /* stack needed for signal delivery */
Curious: but how do we avoid/detect conflicts at -rc1? I guess somebody just
needs to remember to run grep? (I know you have another series consolidating
the ID allocations).
> -#define AT_VECTOR_SIZE_ARCH 1 /* entries in ARCH_DLINFO */
> +#define AT_VECTOR_SIZE_ARCH 2 /* entries in ARCH_DLINFO */
>
> #endif
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 9d1b06d..0e0b53d 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -1619,6 +1619,7 @@ void __init setup_cpu_features(void)
> pr_info("emulated: Privileged Access Never (PAN) using TTBR0_EL1 switching\n");
>
> sve_setup();
> + minsigstksz_setup();
>
> /* Advertise that we have computed the system capabilities */
> set_sys_caps_initialised();
> diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
> index 154b7d3..00b9990 100644
> --- a/arch/arm64/kernel/signal.c
> +++ b/arch/arm64/kernel/signal.c
> @@ -17,6 +17,7 @@
> * along with this program. If not, see <http://www.gnu.org/licenses/>.
> */
>
> +#include <linux/cache.h>
> #include <linux/compat.h>
> #include <linux/errno.h>
> #include <linux/kernel.h>
> @@ -570,8 +571,15 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
> return 0;
> }
>
> -/* Determine the layout of optional records in the signal frame */
> -static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
> +/*
> + * Determine the layout of optional records in the signal frame
> + *
> + * add_all: if true, lays out the biggest possible signal frame for
> + * this task; otherwise, generates a layout for the current state
> + * of the task.
> + */
> +static int setup_sigframe_layout(struct rt_sigframe_user_layout *user,
> + bool add_all)
> {
> int err;
>
> @@ -581,7 +589,7 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
> return err;
>
> /* fault information, if valid */
> - if (current->thread.fault_code) {
> + if (add_all || current->thread.fault_code) {
> err = sigframe_alloc(user, &user->esr_offset,
> sizeof(struct esr_context));
> if (err)
> @@ -591,8 +599,14 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
> if (system_supports_sve()) {
> unsigned int vq = 0;
>
> - if (test_thread_flag(TIF_SVE))
> - vq = sve_vq_from_vl(current->thread.sve_vl);
> + if (add_all || test_thread_flag(TIF_SVE)) {
> + int vl = sve_max_vl;
> +
> + if (!add_all)
> + vl = current->thread.sve_vl;
> +
> + vq = sve_vq_from_vl(vl);
> + }
>
> err = sigframe_alloc(user, &user->sve_offset,
> SVE_SIG_CONTEXT_SIZE(vq));
> @@ -603,7 +617,6 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
> return sigframe_alloc_end(user);
> }
>
> -
> static int setup_sigframe(struct rt_sigframe_user_layout *user,
> struct pt_regs *regs, sigset_t *set)
> {
> @@ -701,7 +714,7 @@ static int get_sigframe(struct rt_sigframe_user_layout *user,
> int err;
>
> init_user_layout(user);
> - err = setup_sigframe_layout(user);
> + err = setup_sigframe_layout(user, false);
> if (err)
> return err;
>
> @@ -936,3 +949,28 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
> thread_flags = READ_ONCE(current_thread_info()->flags);
> } while (thread_flags & _TIF_WORK_MASK);
> }
> +
> +unsigned long __ro_after_init signal_minsigstksz;
> +
> +/*
> + * Determine the stack space required for guaranteed signal devliery.
> + * This function is used to populate AT_MINSIGSTKSZ at process startup.
> + * cpufeatures setup is assumed to be complete.
> + */
> +void __init minsigstksz_setup(void)
> +{
> + struct rt_sigframe_user_layout user;
> +
> + init_user_layout(&user);
> +
> + /*
> + * If this fails, SIGFRAME_MAXSZ needs to be enlarged. It won't
> + * be big enough, but it's our best guess:
> + */
> + if (WARN_ON(setup_sigframe_layout(&user, true)))
> + signal_minsigstksz = SIGFRAME_MAXSZ;
Can we not leave signal_minsigstksz as zero in this case?
Will
^ permalink raw reply
* [PATCH 6/9] asm-generic/bitops/atomic.h: Rewrite using atomic_fetch_*
From: Will Deacon @ 2018-05-24 12:47 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180524124410.GF12198@hirez.programming.kicks-ass.net>
On Thu, May 24, 2018 at 02:44:10PM +0200, Peter Zijlstra wrote:
> On Thu, May 24, 2018 at 11:59:43AM +0100, Will Deacon wrote:
> > +static inline void set_bit(unsigned int nr, volatile unsigned long *p)
> > {
> > + p += BIT_WORD(nr);
> > + atomic_long_fetch_or_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> > }
> >
> > +static inline void clear_bit(unsigned int nr, volatile unsigned long *p)
> > {
> > + p += BIT_WORD(nr);
> > + atomic_long_fetch_andnot_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> > }
> >
> > +static inline void change_bit(unsigned int nr, volatile unsigned long *p)
> > {
> > + p += BIT_WORD(nr);
> > + atomic_long_fetch_xor_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> > }
>
> Why use the fetch variants here?
I noticed the same thing just now; I'll drop that and just use the
non-value-returning variants. It's shame that I can't do the same for
the lock.h unlock code, but we don't have non-returning release variants.
Will
^ permalink raw reply
* [PATCH 6/9] asm-generic/bitops/atomic.h: Rewrite using atomic_fetch_*
From: Peter Zijlstra @ 2018-05-24 12:44 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <1527159586-8578-7-git-send-email-will.deacon@arm.com>
On Thu, May 24, 2018 at 11:59:43AM +0100, Will Deacon wrote:
> +static inline void set_bit(unsigned int nr, volatile unsigned long *p)
> {
> + p += BIT_WORD(nr);
> + atomic_long_fetch_or_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> }
>
> +static inline void clear_bit(unsigned int nr, volatile unsigned long *p)
> {
> + p += BIT_WORD(nr);
> + atomic_long_fetch_andnot_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> }
>
> +static inline void change_bit(unsigned int nr, volatile unsigned long *p)
> {
> + p += BIT_WORD(nr);
> + atomic_long_fetch_xor_relaxed(BIT_MASK(nr), (atomic_long_t *)p);
> }
Why use the fetch variants here?
^ permalink raw reply
* [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation
From: Marc Zyngier @ 2018-05-24 12:36 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180524121944.GC8689@arm.com>
On 24/05/18 13:19, Will Deacon wrote:
> On Thu, May 24, 2018 at 01:16:38PM +0100, Marc Zyngier wrote:
>> On 24/05/18 13:01, Mark Rutland wrote:
>>> On Tue, May 22, 2018 at 04:06:43PM +0100, Marc Zyngier wrote:
>>>> In order to allow userspace to be mitigated on demand, let's
>>>> introduce a new thread flag that prevents the mitigation from
>>>> being turned off when exiting to userspace, and doesn't turn
>>>> it on on entry into the kernel (with the assumtion that the
>>>
>>> Nit: s/assumtion/assumption/
>>>
>>>> mitigation is always enabled in the kernel itself).
>>>>
>>>> This will be used by a prctl interface introduced in a later
>>>> patch.
>>>>
>>>> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
>>>
>>> On the assumption that this flag cannot be flipped while a task is in
>>> userspace:
>>
>> Well, that's the case unless you get into the seccomp thing, which does
>> change TIF_SSBD on all threads of the task, without taking it to the
>> kernel first. That nicely breaks the state machine, and you end-up
>> running non-mitigated in the kernel. Oops.
>>
>> I have a couple of patches fixing that, using a second flag
>> (TIF_SSBD_PENDING) that gets turned into the real thing on exit to
>> userspace. It's pretty ugly though.
>
> ... which introduces the need for atomics on the entry path too :(
Oh, I'm not saying it is nice. It would hit us on the exception return
to userspace for all tasks (and not only the mitigated ones). I'd rather
not have this at all.
> I would /much/ rather kill the seccomp implicit enabling of the mitigation,
> or at least have a way to opt-out per arch since it doesn't seem to be
> technically justified imo.
I agree. The semantics are really odd (the thread still runs unmitigated
until it traps into the kernel), and I don't really get why seccomp
tasks should get a special treatment compared to the rest of the userspace.
But 4.17 is only something like 10 days away, so whatever we decide,
we'd better decide it soon.
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply
* [PATCH v4] dt-bindings: mediatek: Add binding for mt2712 IOMMU and SMI
From: Yong Wu @ 2018-05-24 12:35 UTC (permalink / raw)
To: linux-arm-kernel
This patch adds decriptions for mt2712 IOMMU and SMI.
In order to balance the bandwidth, mt2712 has two M4Us, two
smi-commons, 10 smi-larbs. and mt2712 is also MTK IOMMU gen2 which
uses ARM Short-Descriptor translation table format.
The mt2712 M4U-SMI HW diagram is as below:
EMI
|
------------------------------------
| |
M4U0 M4U1
| |
smi-common0 smi-common1
| |
------------------------- --------------------------------
| | | | | | | | | |
| | | | | | | | | |
larb0 larb1 larb2 larb3 larb6 larb4 larb5 larb7 larb8 larb9
disp0 vdec cam venc jpg mdp1/disp1 mdp2/disp2 mdp3 vdo/nr tvd
All the connections are HW fixed, SW can NOT adjust it.
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
Acked-by: Rob Herring <robh@kernel.org>
---
change notes:
v4: change the license of the new file in this patch to SPDX.
v3: http://lists.infradead.org/pipermail/linux-mediatek/2018-May/013279.html
Add a new ECO port(DISP_RDMA2) in larb0/port7.
v2:
https://lists.linuxfoundation.org/pipermail/iommu/2017-August/023848.html
v1:
https://lists.linuxfoundation.org/pipermail/iommu/2017-August/023665.html
---
.../devicetree/bindings/iommu/mediatek,iommu.txt | 6 +-
.../memory-controllers/mediatek,smi-common.txt | 6 +-
.../memory-controllers/mediatek,smi-larb.txt | 5 +-
include/dt-bindings/memory/mt2712-larb-port.h | 95 ++++++++++++++++++++++
4 files changed, 106 insertions(+), 6 deletions(-)
create mode 100644 include/dt-bindings/memory/mt2712-larb-port.h
diff --git a/Documentation/devicetree/bindings/iommu/mediatek,iommu.txt b/Documentation/devicetree/bindings/iommu/mediatek,iommu.txt
index 53c20ca..df5db73 100644
--- a/Documentation/devicetree/bindings/iommu/mediatek,iommu.txt
+++ b/Documentation/devicetree/bindings/iommu/mediatek,iommu.txt
@@ -40,6 +40,7 @@ video decode local arbiter, all these ports are according to the video HW.
Required properties:
- compatible : must be one of the following string:
"mediatek,mt2701-m4u" for mt2701 which uses generation one m4u HW.
+ "mediatek,mt2712-m4u" for mt2712 which uses generation two m4u HW.
"mediatek,mt8173-m4u" for mt8173 which uses generation two m4u HW.
- reg : m4u register base and size.
- interrupts : the interrupt of m4u.
@@ -50,8 +51,9 @@ Required properties:
according to the local arbiter index, like larb0, larb1, larb2...
- iommu-cells : must be 1. This is the mtk_m4u_id according to the HW.
Specifies the mtk_m4u_id as defined in
- dt-binding/memory/mt2701-larb-port.h for mt2701 and
- dt-binding/memory/mt8173-larb-port.h for mt8173
+ dt-binding/memory/mt2701-larb-port.h for mt2701,
+ dt-binding/memory/mt2712-larb-port.h for mt2712, and
+ dt-binding/memory/mt8173-larb-port.h for mt8173.
Example:
iommu: iommu at 10205000 {
diff --git a/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-common.txt b/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-common.txt
index aa614b2..615abdd 100644
--- a/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-common.txt
+++ b/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-common.txt
@@ -2,8 +2,9 @@ SMI (Smart Multimedia Interface) Common
The hardware block diagram please check bindings/iommu/mediatek,iommu.txt
-Mediatek SMI have two generations of HW architecture, mt8173 uses the second
-generation of SMI HW while mt2701 uses the first generation HW of SMI.
+Mediatek SMI have two generations of HW architecture, mt2712 and mt8173 use
+the second generation of SMI HW while mt2701 uses the first generation HW of
+SMI.
There's slight differences between the two SMI, for generation 2, the
register which control the iommu port is at each larb's register base. But
@@ -15,6 +16,7 @@ not needed for SMI generation 2.
Required properties:
- compatible : must be one of :
"mediatek,mt2701-smi-common"
+ "mediatek,mt2712-smi-common"
"mediatek,mt8173-smi-common"
- reg : the register and size of the SMI block.
- power-domains : a phandle to the power domain of this local arbiter.
diff --git a/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-larb.txt b/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-larb.txt
index ddf46b8..083155c 100644
--- a/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-larb.txt
+++ b/Documentation/devicetree/bindings/memory-controllers/mediatek,smi-larb.txt
@@ -4,8 +4,9 @@ The hardware block diagram please check bindings/iommu/mediatek,iommu.txt
Required properties:
- compatible : must be one of :
- "mediatek,mt8173-smi-larb"
"mediatek,mt2701-smi-larb"
+ "mediatek,mt2712-smi-larb"
+ "mediatek,mt8173-smi-larb"
- reg : the register and size of this local arbiter.
- mediatek,smi : a phandle to the smi_common node.
- power-domains : a phandle to the power domain of this local arbiter.
@@ -15,7 +16,7 @@ Required properties:
the register.
- "smi" : It's the clock for transfer data and command.
-Required property for mt2701:
+Required property for mt2701 and mt2712:
- mediatek,larb-id :the hardware id of this larb.
Example:
diff --git a/include/dt-bindings/memory/mt2712-larb-port.h b/include/dt-bindings/memory/mt2712-larb-port.h
new file mode 100644
index 0000000..6f9aa73
--- /dev/null
+++ b/include/dt-bindings/memory/mt2712-larb-port.h
@@ -0,0 +1,95 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (c) 2017 MediaTek Inc.
+ * Author: Yong Wu <yong.wu@mediatek.com>
+ */
+#ifndef __DTS_IOMMU_PORT_MT2712_H
+#define __DTS_IOMMU_PORT_MT2712_H
+
+#define MTK_M4U_ID(larb, port) (((larb) << 5) | (port))
+
+#define M4U_LARB0_ID 0
+#define M4U_LARB1_ID 1
+#define M4U_LARB2_ID 2
+#define M4U_LARB3_ID 3
+#define M4U_LARB4_ID 4
+#define M4U_LARB5_ID 5
+#define M4U_LARB6_ID 6
+#define M4U_LARB7_ID 7
+#define M4U_LARB8_ID 8
+#define M4U_LARB9_ID 9
+
+/* larb0 */
+#define M4U_PORT_DISP_OVL0 MTK_M4U_ID(M4U_LARB0_ID, 0)
+#define M4U_PORT_DISP_RDMA0 MTK_M4U_ID(M4U_LARB0_ID, 1)
+#define M4U_PORT_DISP_WDMA0 MTK_M4U_ID(M4U_LARB0_ID, 2)
+#define M4U_PORT_DISP_OD_R MTK_M4U_ID(M4U_LARB0_ID, 3)
+#define M4U_PORT_DISP_OD_W MTK_M4U_ID(M4U_LARB0_ID, 4)
+#define M4U_PORT_MDP_RDMA0 MTK_M4U_ID(M4U_LARB0_ID, 5)
+#define M4U_PORT_MDP_WDMA MTK_M4U_ID(M4U_LARB0_ID, 6)
+#define M4U_PORT_DISP_RDMA2 MTK_M4U_ID(M4U_LARB0_ID, 7)
+
+/* larb1 */
+#define M4U_PORT_HW_VDEC_MC_EXT MTK_M4U_ID(M4U_LARB1_ID, 0)
+#define M4U_PORT_HW_VDEC_PP_EXT MTK_M4U_ID(M4U_LARB1_ID, 1)
+#define M4U_PORT_HW_VDEC_UFO_EXT MTK_M4U_ID(M4U_LARB1_ID, 2)
+#define M4U_PORT_HW_VDEC_VLD_EXT MTK_M4U_ID(M4U_LARB1_ID, 3)
+#define M4U_PORT_HW_VDEC_VLD2_EXT MTK_M4U_ID(M4U_LARB1_ID, 4)
+#define M4U_PORT_HW_VDEC_AVC_MV_EXT MTK_M4U_ID(M4U_LARB1_ID, 5)
+#define M4U_PORT_HW_VDEC_PRED_RD_EXT MTK_M4U_ID(M4U_LARB1_ID, 6)
+#define M4U_PORT_HW_VDEC_PRED_WR_EXT MTK_M4U_ID(M4U_LARB1_ID, 7)
+#define M4U_PORT_HW_VDEC_PPWRAP_EXT MTK_M4U_ID(M4U_LARB1_ID, 8)
+#define M4U_PORT_HW_VDEC_TILE MTK_M4U_ID(M4U_LARB1_ID, 9)
+#define M4U_PORT_HW_IMG_RESZ_EXT MTK_M4U_ID(M4U_LARB1_ID, 10)
+
+/* larb2 */
+#define M4U_PORT_CAM_DMA0 MTK_M4U_ID(M4U_LARB2_ID, 0)
+#define M4U_PORT_CAM_DMA1 MTK_M4U_ID(M4U_LARB2_ID, 1)
+#define M4U_PORT_CAM_DMA2 MTK_M4U_ID(M4U_LARB2_ID, 2)
+
+/* larb3 */
+#define M4U_PORT_VENC_RCPU MTK_M4U_ID(M4U_LARB3_ID, 0)
+#define M4U_PORT_VENC_REC MTK_M4U_ID(M4U_LARB3_ID, 1)
+#define M4U_PORT_VENC_BSDMA MTK_M4U_ID(M4U_LARB3_ID, 2)
+#define M4U_PORT_VENC_SV_COMV MTK_M4U_ID(M4U_LARB3_ID, 3)
+#define M4U_PORT_VENC_RD_COMV MTK_M4U_ID(M4U_LARB3_ID, 4)
+#define M4U_PORT_VENC_CUR_CHROMA MTK_M4U_ID(M4U_LARB3_ID, 5)
+#define M4U_PORT_VENC_REF_CHROMA MTK_M4U_ID(M4U_LARB3_ID, 6)
+#define M4U_PORT_VENC_CUR_LUMA MTK_M4U_ID(M4U_LARB3_ID, 7)
+#define M4U_PORT_VENC_REF_LUMA MTK_M4U_ID(M4U_LARB3_ID, 8)
+
+/* larb4 */
+#define M4U_PORT_DISP_OVL1 MTK_M4U_ID(M4U_LARB4_ID, 0)
+#define M4U_PORT_DISP_RDMA1 MTK_M4U_ID(M4U_LARB4_ID, 1)
+#define M4U_PORT_DISP_WDMA1 MTK_M4U_ID(M4U_LARB4_ID, 2)
+#define M4U_PORT_DISP_OD1_R MTK_M4U_ID(M4U_LARB4_ID, 3)
+#define M4U_PORT_DISP_OD1_W MTK_M4U_ID(M4U_LARB4_ID, 4)
+#define M4U_PORT_MDP_RDMA1 MTK_M4U_ID(M4U_LARB4_ID, 5)
+#define M4U_PORT_MDP_WROT1 MTK_M4U_ID(M4U_LARB4_ID, 6)
+
+/* larb5 */
+#define M4U_PORT_DISP_OVL2 MTK_M4U_ID(M4U_LARB5_ID, 0)
+#define M4U_PORT_DISP_WDMA2 MTK_M4U_ID(M4U_LARB5_ID, 1)
+#define M4U_PORT_MDP_RDMA2 MTK_M4U_ID(M4U_LARB5_ID, 2)
+#define M4U_PORT_MDP_WROT0 MTK_M4U_ID(M4U_LARB5_ID, 3)
+
+/* larb6 */
+#define M4U_PORT_JPGDEC_WDMA_0 MTK_M4U_ID(M4U_LARB6_ID, 0)
+#define M4U_PORT_JPGDEC_WDMA_1 MTK_M4U_ID(M4U_LARB6_ID, 1)
+#define M4U_PORT_JPGDEC_BSDMA_0 MTK_M4U_ID(M4U_LARB6_ID, 2)
+#define M4U_PORT_JPGDEC_BSDMA_1 MTK_M4U_ID(M4U_LARB6_ID, 3)
+
+/* larb7 */
+#define M4U_PORT_MDP_RDMA3 MTK_M4U_ID(M4U_LARB7_ID, 0)
+#define M4U_PORT_MDP_WROT2 MTK_M4U_ID(M4U_LARB7_ID, 1)
+
+/* larb8 */
+#define M4U_PORT_VDO MTK_M4U_ID(M4U_LARB8_ID, 0)
+#define M4U_PORT_NR MTK_M4U_ID(M4U_LARB8_ID, 1)
+#define M4U_PORT_WR_CHANNEL0 MTK_M4U_ID(M4U_LARB8_ID, 2)
+
+/* larb9 */
+#define M4U_PORT_TVD MTK_M4U_ID(M4U_LARB9_ID, 0)
+#define M4U_PORT_WR_CHANNEL1 MTK_M4U_ID(M4U_LARB9_ID, 1)
+
+#endif
--
1.9.1
^ permalink raw reply related
* [PATCH 09/14] ARM: spectre-v2: add PSCI based hardening
From: Russell King - ARM Linux @ 2018-05-24 12:30 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <ffeddbce-2cf7-c1d9-573b-dc4c38d1cbd7@arm.com>
On Thu, May 24, 2018 at 01:03:50PM +0100, Marc Zyngier wrote:
> On 23/05/18 20:45, Russell King - ARM Linux wrote:
> > On Tue, May 22, 2018 at 06:24:13PM +0100, Marc Zyngier wrote:
> >> On 21/05/18 12:45, Russell King wrote:
> >>> +#ifdef CONFIG_ARM_PSCI
> >>> + if (psci_ops.smccc_version != SMCCC_VERSION_1_0) {
> >>> + struct arm_smccc_res res;
> >>> +
> >>> + switch (psci_ops.conduit) {
> >>> + case PSCI_CONDUIT_HVC:
> >>> + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
> >>> + ARM_SMCCC_ARCH_WORKAROUND_1, &res);
> >>> + if ((int)res.a0 < 0)
> >>> + break;
> >>
> >> I just realised that there is a small, but significant difference
> >> between this and the arm64 version: On arm64, we have a table of
> >> vulnerable implementations, and we try the mitigation on a per-cpu
> >> basis. Here, you entirely rely on the firmware to discover whether the
> >> CPU needs mitigation or not. You then need to check for a return value
> >> of 1, which indicates that although the mitigation is implemented, it is
> >> not required on this particular CPU.
> >
> > Okay, so digging further into the documentation seems to suggest that we
> > only need to check the firmware for A72 and A57 CPUs, and given this
> > statement:
> >
> > "Arm recommends that the caller only call this on PEs for which a
> > firmware based mitigation of CVE-2017-5715 is required, or where
> > a local workaround is infeasible."
> >
> > it seems that the right answer is to ignore the PSCI based methods when
> > we have anything but these CPUs. Do you agree?
>
> For CPUs that are produced by ARM, I agree. I don't know about CPUs
> produced by ARM licensees though, so I'd rather use the opposite logic:
> Use the firmware unless the CPU is one of those that can be easily
> mitigated at EL1 (or isn't affected).
The "or isn't affected" is the difficult bit - I guess we could match
on the CPU vendor field though, and just reject all ARM CPUs that
aren't explicitly listed as having a problem.
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 8.8Mbps down 630kbps up
According to speedtest.net: 8.21Mbps down 510kbps up
^ permalink raw reply
* [PATCH 14/14] arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
From: Mark Rutland @ 2018-05-24 12:25 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180522150648.28297-15-marc.zyngier@arm.com>
On Tue, May 22, 2018 at 04:06:48PM +0100, Marc Zyngier wrote:
> Now that all our infrastructure is in place, let's expose the
> availability of ARCH_WORKAROUND_2 to guests. We take this opportunity
> to tidy up a couple of SMCCC constants.
>
> Acked-by: Christoffer Dall <christoffer.dall@arm.com>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
> arch/arm/include/asm/kvm_host.h | 12 ++++++++++++
> arch/arm64/include/asm/kvm_host.h | 23 +++++++++++++++++++++++
> arch/arm64/kvm/reset.c | 4 ++++
> virt/kvm/arm/psci.c | 18 ++++++++++++++++--
> 4 files changed, 55 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index c7c28c885a19..d478766b56c1 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -315,6 +315,18 @@ static inline bool kvm_arm_harden_branch_predictor(void)
> return false;
> }
>
> +#define KVM_SSBD_UNKNOWN -1
> +#define KVM_SSBD_FORCE_DISABLE 0
> +#define KVM_SSBD_EL1_ENTRY 1
> +#define KVM_SSBD_FORCE_ENABLE 2
> +#define KVM_SSBD_MITIGATED 3
> +
> +static inline int kvm_arm_have_ssbd(void)
> +{
> + /* No way to detect it yet, pretend it is not there. */
> + return KVM_SSBD_UNKNOWN;
> +}
> +
> static inline void kvm_vcpu_load_sysregs(struct kvm_vcpu *vcpu) {}
> static inline void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu) {}
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 9bef3f69bdcd..082b0dbb85c6 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -455,6 +455,29 @@ static inline bool kvm_arm_harden_branch_predictor(void)
> return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR);
> }
>
> +#define KVM_SSBD_UNKNOWN -1
> +#define KVM_SSBD_FORCE_DISABLE 0
> +#define KVM_SSBD_EL1_ENTRY 1
> +#define KVM_SSBD_FORCE_ENABLE 2
> +#define KVM_SSBD_MITIGATED 3
> +
> +static inline int kvm_arm_have_ssbd(void)
> +{
> + switch (arm64_get_ssbd_state()) {
> + case ARM64_SSBD_FORCE_DISABLE:
> + return KVM_SSBD_FORCE_DISABLE;
> + case ARM64_SSBD_EL1_ENTRY:
> + return KVM_SSBD_EL1_ENTRY;
> + case ARM64_SSBD_FORCE_ENABLE:
> + return KVM_SSBD_FORCE_ENABLE;
> + case ARM64_SSBD_MITIGATED:
> + return KVM_SSBD_MITIGATED;
> + case ARM64_SSBD_UNKNOWN:
> + default:
> + return KVM_SSBD_UNKNOWN;
> + }
> +}
> +
> void kvm_vcpu_load_sysregs(struct kvm_vcpu *vcpu);
> void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu);
>
> diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
> index 3256b9228e75..20a7dfee8494 100644
> --- a/arch/arm64/kvm/reset.c
> +++ b/arch/arm64/kvm/reset.c
> @@ -122,6 +122,10 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu)
> /* Reset PMU */
> kvm_pmu_vcpu_reset(vcpu);
>
> + /* Default workaround setup is enabled (if supported) */
> + if (kvm_arm_have_ssbd() == KVM_SSBD_EL1_ENTRY)
> + vcpu->arch.workaround_flags |= VCPU_WORKAROUND_2_FLAG;
> +
> /* Reset timer */
> return kvm_timer_vcpu_reset(vcpu);
> }
> diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
> index c4762bef13c6..4843bfa1f986 100644
> --- a/virt/kvm/arm/psci.c
> +++ b/virt/kvm/arm/psci.c
> @@ -405,7 +405,7 @@ static int kvm_psci_call(struct kvm_vcpu *vcpu)
> int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> {
> u32 func_id = smccc_get_function(vcpu);
> - u32 val = PSCI_RET_NOT_SUPPORTED;
> + u32 val = SMCCC_RET_NOT_SUPPORTED;
> u32 feature;
>
> switch (func_id) {
> @@ -417,7 +417,21 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> switch(feature) {
> case ARM_SMCCC_ARCH_WORKAROUND_1:
> if (kvm_arm_harden_branch_predictor())
> - val = 0;
> + val = SMCCC_RET_SUCCESS;
> + break;
> + case ARM_SMCCC_ARCH_WORKAROUND_2:
> + switch (kvm_arm_have_ssbd()) {
> + case KVM_SSBD_FORCE_DISABLE:
> + case KVM_SSBD_UNKNOWN:
> + break;
> + case KVM_SSBD_EL1_ENTRY:
> + val = SMCCC_RET_SUCCESS;
> + break;
> + case KVM_SSBD_FORCE_ENABLE:
> + case KVM_SSBD_MITIGATED:
> + val = SMCCC_RET_NOT_REQUIRED;
> + break;
> + }
> break;
> }
> break;
> --
> 2.14.2
>
^ permalink raw reply
* [PATCH 07/24] arm64: ilp32: add documentation on the ILP32 ABI for ARM64
From: Dr. Philipp Tomsich @ 2018-05-24 12:24 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180524121524.GA3873@yury-thinkpad>
Yury & Pavel,
> On 24 May 2018, at 14:15, Yury Norov <ynorov@caviumnetworks.com> wrote:
>
> Hi Pavel,
>
> On Wed, May 23, 2018 at 04:06:20PM +0200, Pavel Machek wrote:
>> On Wed 2018-05-16 11:18:52, Yury Norov wrote:
>>> Based on Andrew Pinski's patch-series.
>>>
>>> Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>
>>
>> So Andrew's signoff should be here?
>
> Yes it should, but it lost since v4. I'll restore it.
>
>>> ---
>>> Documentation/arm64/ilp32.txt | 45 +++++++++++++++++++++++++++++++++++
>>> 1 file changed, 45 insertions(+)
>>> create mode 100644 Documentation/arm64/ilp32.txt
>>>
>>> diff --git a/Documentation/arm64/ilp32.txt b/Documentation/arm64/ilp32.txt
>>> new file mode 100644
>>> index 000000000000..d0fd5109c4b2
>>> --- /dev/null
>>> +++ b/Documentation/arm64/ilp32.txt
>>> @@ -0,0 +1,45 @@
>>> +ILP32 AARCH64 SYSCALL ABI
>>> +=========================
>>> +
>>> +This document describes the ILP32 syscall ABI and where it differs
>>> +from the generic compat linux syscall interface.
>>
>> I was hoping to learn what ILP32 is / what is it good for, but no,
>> this does not tell me... it would be good to do a short explanation
>> here, and maybe reference it from cover letter of the series...
>> Pavel
>
> ILP32 is ABI acronym that means "Integers, Longs and Pointers are 32-bit".
> And LP64 means "Longs and Pointers are 64-bit?.
Just a nitpick: ILP32 is in fact just the memory model, but calling from ILP32
code into the Linux kernel requires modifications to the syscall-ABI due to
datastructure layout changing (every time a pointer or a ?long? is present in
a structure). As such structures are passed between the userspace and the
kernel (and also due to the fact that time_t is an ?unsigned long? in the C
language standard), modifications to the syscall ABI in Linux are needed to
support ILP32 processes calling into the kernel.
Things get a bit more involved, as the final consensus was to pass 64bit
quantities in the lower half of 2 64bit registers instead of as a single register:
this makes the way (on AArch64) that an ILP32 process calls into the kernel
more dissimilar from a LP64 process calling the same syscall.
What this rambling boils down to is: ?ILP32" is the memory model, whereas
this series deals with the ?Linux/AArch64 syscall ABI for ILP32 processes?.
Thanks,
Phil.
>
> There's AN490 - "ILP32 for AArch64 Whitepaper" from ARM which covers
> the topic:
> http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dai0490a/ar01s01.html
>
> And some talks:
> http://connect.linaro.org/resource/bkk16/bkk16-305b/
>
> Briefly, ILP32 is 32-bit ABI that works with AARCH64 instruction set. It looks
> better in some performance tests, and is useful for compatibility with 32-bit
> legacy code.
>
> If you're more familiar with x86 terminology, in ARM world LP64 corresponds
> to x86_64, AARCH32_EL0 corresponds to x86_32, and ILP32 corresponds to x32
> ABI.
>
> I'll add link to AN490 in next submission.
>
> Yury
>
>> --
>> (english) http://www.livejournal.com/~pavelmachek
>> (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
^ permalink raw reply
* [PATCH 10/14] arm64: ssbd: Add prctl interface for per-thread mitigation
From: Will Deacon @ 2018-05-24 12:24 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180522150648.28297-11-marc.zyngier@arm.com>
On Tue, May 22, 2018 at 04:06:44PM +0100, Marc Zyngier wrote:
> If running on a system that performs dynamic SSBD mitigation, allow
> userspace to request the mitigation for itself. This is implemented
> as a prctl call, allowing the mitigation to be enabled or disabled at
> will for this particular thread.
>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/kernel/Makefile | 1 +
> arch/arm64/kernel/ssbd.c | 107 +++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 108 insertions(+)
> create mode 100644 arch/arm64/kernel/ssbd.c
>
> diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
> index bf825f38d206..0025f8691046 100644
> --- a/arch/arm64/kernel/Makefile
> +++ b/arch/arm64/kernel/Makefile
> @@ -54,6 +54,7 @@ arm64-obj-$(CONFIG_ARM64_RELOC_TEST) += arm64-reloc-test.o
> arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o
> arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
> arm64-obj-$(CONFIG_ARM_SDE_INTERFACE) += sdei.o
> +arm64-obj-$(CONFIG_ARM64_SSBD) += ssbd.o
>
> obj-y += $(arm64-obj-y) vdso/ probes/
> obj-m += $(arm64-obj-m)
> diff --git a/arch/arm64/kernel/ssbd.c b/arch/arm64/kernel/ssbd.c
> new file mode 100644
> index 000000000000..34e3c430176b
> --- /dev/null
> +++ b/arch/arm64/kernel/ssbd.c
> @@ -0,0 +1,107 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (C) 2018 ARM Ltd, All Rights Reserved.
> + */
> +
> +#include <linux/sched.h>
> +#include <linux/thread_info.h>
> +
> +#include <asm/cpufeature.h>
> +
> +/*
> + * prctl interface for SSBD
> + * FIXME: Drop the below ifdefery once the common interface has been merged.
> + */
> +#ifdef PR_SPEC_STORE_BYPASS
> +static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
> +{
> + int state = arm64_get_ssbd_state();
> +
> + /* Unsupported or already mitigated */
> + if (state == ARM64_SSBD_UNKNOWN)
> + return -EINVAL;
> + if (state == ARM64_SSBD_MITIGATED)
> + return -EPERM;
I'm not sure this is the best thing to do. If the firmware says that the
CPU is mitigated, we should probably return 0 for PR_SPEC_DISABLE but
-EPERM for PR_SPEC_ENABLE (i.e. the part that doesn't work is disabling
the mitigation).
Will
^ permalink raw reply
* [PATCH 13/14] arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
From: Mark Rutland @ 2018-05-24 12:22 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <20180522150648.28297-14-marc.zyngier@arm.com>
On Tue, May 22, 2018 at 04:06:47PM +0100, Marc Zyngier wrote:
> In order to forward the guest's ARCH_WORKAROUND_2 calls to EL3,
> add a small(-ish) sequence to handle it at EL2. Special care must
> be taken to track the state of the guest itself by updating the
> workaround flags. We also rely on patching to enable calls into
> the firmware.
>
> Note that since we need to execute branches, this always executes
> after the Spectre-v2 mitigation has been applied.
>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/kernel/asm-offsets.c | 1 +
> arch/arm64/kvm/hyp/hyp-entry.S | 38 +++++++++++++++++++++++++++++++++++++-
> 2 files changed, 38 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
> index 5bdda651bd05..323aeb5f2fe6 100644
> --- a/arch/arm64/kernel/asm-offsets.c
> +++ b/arch/arm64/kernel/asm-offsets.c
> @@ -136,6 +136,7 @@ int main(void)
> #ifdef CONFIG_KVM_ARM_HOST
> DEFINE(VCPU_CONTEXT, offsetof(struct kvm_vcpu, arch.ctxt));
> DEFINE(VCPU_FAULT_DISR, offsetof(struct kvm_vcpu, arch.fault.disr_el1));
> + DEFINE(VCPU_WORKAROUND_FLAGS, offsetof(struct kvm_vcpu, arch.workaround_flags));
> DEFINE(CPU_GP_REGS, offsetof(struct kvm_cpu_context, gp_regs));
> DEFINE(CPU_USER_PT_REGS, offsetof(struct kvm_regs, regs));
> DEFINE(CPU_FP_REGS, offsetof(struct kvm_regs, fp_regs));
> diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S
> index bffece27b5c1..5b1fa37ca1f4 100644
> --- a/arch/arm64/kvm/hyp/hyp-entry.S
> +++ b/arch/arm64/kvm/hyp/hyp-entry.S
> @@ -106,8 +106,44 @@ el1_hvc_guest:
> */
> ldr x1, [sp] // Guest's x0
> eor w1, w1, #ARM_SMCCC_ARCH_WORKAROUND_1
> + cbz w1, wa_epilogue
> +
> + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */
> + eor w1, w1, #(ARM_SMCCC_ARCH_WORKAROUND_1 ^ \
> + ARM_SMCCC_ARCH_WORKAROUND_2)
... that took me a second. Lovely. :)
> cbnz w1, el1_trap
> - mov x0, x1
> +
> +#ifdef CONFIG_ARM64_SSBD
> +alternative_cb arm64_enable_wa2_handling
> + b wa2_end
> +alternative_cb_end
> + get_vcpu_ptr x2, x0
> + ldr x0, [x2, #VCPU_WORKAROUND_FLAGS]
> +
> + /* Sanitize the argument and update the guest flags*/
Nit: space before the trailing '*/'. Either that or use a '//' comment.
Otherwise, this looks fine, so with that fixed:
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> + ldr x1, [sp, #8] // Guest's x1
> + clz w1, w1 // Murphy's device:
> + lsr w1, w1, #5 // w1 = !!w1 without using
> + eor w1, w1, #1 // the flags...
> + bfi x0, x1, #VCPU_WORKAROUND_2_FLAG_SHIFT, #1
> + str x0, [x2, #VCPU_WORKAROUND_FLAGS]
> +
> + /* Check that we actually need to perform the call */
> + hyp_ldr_this_cpu x0, arm64_ssbd_callback_required, x2
> + cbz x0, wa2_end
> +
> + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2
> + smc #0
> +
> + /* Don't leak data from the SMC call */
> + mov x3, xzr
> +wa2_end:
> + mov x2, xzr
> + mov x1, xzr
> +#endif
> +
> +wa_epilogue:
> + mov x0, xzr
> add sp, sp, #16
> eret
>
> --
> 2.14.2
>
^ permalink raw reply
* [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation
From: Will Deacon @ 2018-05-24 12:19 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <833776ac-2b8c-b0f7-dcff-9c55afd67c65@arm.com>
On Thu, May 24, 2018 at 01:16:38PM +0100, Marc Zyngier wrote:
> On 24/05/18 13:01, Mark Rutland wrote:
> > On Tue, May 22, 2018 at 04:06:43PM +0100, Marc Zyngier wrote:
> >> In order to allow userspace to be mitigated on demand, let's
> >> introduce a new thread flag that prevents the mitigation from
> >> being turned off when exiting to userspace, and doesn't turn
> >> it on on entry into the kernel (with the assumtion that the
> >
> > Nit: s/assumtion/assumption/
> >
> >> mitigation is always enabled in the kernel itself).
> >>
> >> This will be used by a prctl interface introduced in a later
> >> patch.
> >>
> >> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> >
> > On the assumption that this flag cannot be flipped while a task is in
> > userspace:
>
> Well, that's the case unless you get into the seccomp thing, which does
> change TIF_SSBD on all threads of the task, without taking it to the
> kernel first. That nicely breaks the state machine, and you end-up
> running non-mitigated in the kernel. Oops.
>
> I have a couple of patches fixing that, using a second flag
> (TIF_SSBD_PENDING) that gets turned into the real thing on exit to
> userspace. It's pretty ugly though.
... which introduces the need for atomics on the entry path too :(
I would /much/ rather kill the seccomp implicit enabling of the mitigation,
or at least have a way to opt-out per arch since it doesn't seem to be
technically justified imo.
Will
^ permalink raw reply
* [PATCH v2 2/5] gpio: syscon: Add gpio-syscon for rockchip
From: Heiko Stuebner @ 2018-05-24 12:18 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <860b225a-94e0-c3cb-94c2-5e354e0ccb1f@t-chip.com.cn>
Hi Levin,
Am Donnerstag, 24. Mai 2018, 03:59:36 CEST schrieb Levin Du:
> Hi all, I'd like to quote reply of Robin Murphy at
> http://lists.infradead.org/pipermail/linux-rockchip/2018-May/020619.html
>
> >
> > I would suggest s/pin number/bit number in the associated GRF register/
> > here. At least in this RK3328 case there's only one pin, which isn't
> > numbered, and if you naively considered it pin 0 of this 'bank' you'd
> > already have the wrong number. Since we're dealing with the "random
> > SoC-specific controls" region of the GRF as opposed to the
> > relatively-consistent and organised pinmux parts, I don't think we
> > should rely on any assumptions about how things are laid out.
> >
> > I was initially going to suggest a more specific compatible string as
> > well, but on reflection I think the generic "rockchip,gpio-syscon" for
> > basic "flip this single GRF bit" functionality actually is the right way
> > to go. In the specific RK3328 GPIO_MUTE case, there look to be 4 bits in
> > total related to this pin - the enable, value, and some pull controls
> > (which I assume apply when the output is disabled) - if at some point in
> > future we *did* want to start explicitly controlling the rest of them
> > too, then would be a good time to define a separate
> > "rockchip,rk3328-gpio-mute" binding (and probably a dedicated driver)
> > for that specialised functionality, independently of this basic one.
>
>
> Shall we go the generic "rockchip,gpio-syscon" way, or the specific
> "rockchip,rk3328-gpio-mute" way? I prefer the former one.
>
> The property of "gpio,syscon-dev" in gpio-syscon driver should be
> documented.
> Since the gpio controller is defined in the dtsi file, which inevitably
> contains voodoo
> register addresses. But at the board level dts file, there won't be more
> register
> addresses.
Past experience shows that the GRF is not really suitable for
generalization, as it's more of a dumping ground where chip designers
can put everything that's left over. This is especially true for
GRF_SOC_CONx registers, that really only contain pretty random bits.
So personally, I'd really prefer soc-specific compatibles as everywhere
else, instead of trying to push stuff into the devicetree that won't hold
up on future socs.
> On 2018-05-24 3:53 AM, Rob Herring wrote:
> > On Wed, May 23, 2018 at 10:12 AM, Heiko St?bner <heiko@sntech.de> wrote:
> >> Hi Rob, Levin,
> >>
> >> sorry for being late to the party.
> >>
> >> Am Mittwoch, 23. Mai 2018, 16:43:07 CEST schrieb Rob Herring:
> >>> On Tue, May 22, 2018 at 9:02 PM, Levin Du <djw@t-chip.com.cn> wrote:
> >>>> On 2018-05-23 2:02 AM, Rob Herring wrote:
> >>>>> On Fri, May 18, 2018 at 11:52:05AM +0800, djw at t-chip.com.cn wrote:
> >>>>>> From: Levin Du <djw@t-chip.com.cn>
> >>>>>>
> >>>>>> Some GPIOs sit in the GRF_SOC_CON registers of Rockchip SoCs,
> >>>>>> which do not belong to the general pinctrl.
> >>>>>>
> >>>>>> Adding gpio-syscon support makes controlling regulator or
> >>>>>> LED using these special pins very easy by reusing existing
> >>>>>> drivers, such as gpio-regulator and led-gpio.
> >>>>>>
> >>>>>> Signed-off-by: Levin Du <djw@t-chip.com.cn>
> >>>>>>
> >>>>>> ---
> >>>>>>
> >>>>>> Changes in v2:
> >>>>>> - Rename gpio_syscon10 to gpio_mute in doc
> >>>>>>
> >>>>>> Changes in v1:
> >>>>>> - Refactured for general gpio-syscon usage for Rockchip SoCs.
> >>>>>> - Add doc rockchip,gpio-syscon.txt
> >>>>>>
> >>>>>> .../bindings/gpio/rockchip,gpio-syscon.txt | 41
> >>>>>>
> >>>>>> ++++++++++++++++++++++
> >>>>>>
> >>>>>> drivers/gpio/gpio-syscon.c | 30
> >>>>>>
> >>>>>> ++++++++++++++++
> >>>>>>
> >>>>>> 2 files changed, 71 insertions(+)
> >>>>>> create mode 100644
> >>>>>>
> >>>>>> Documentation/devicetree/bindings/gpio/rockchip,gpio-syscon.txt
> >>>>>>
> >>>>>> diff --git
> >>>>>> a/Documentation/devicetree/bindings/gpio/rockchip,gpio-syscon.txt
> >>>>>> b/Documentation/devicetree/bindings/gpio/rockchip,gpio-syscon.txt
> >>>>>> new file mode 100644
> >>>>>> index 0000000..b1b2a67
> >>>>>> --- /dev/null
> >>>>>> +++ b/Documentation/devicetree/bindings/gpio/rockchip,gpio-syscon.txt
> >>>>>> @@ -0,0 +1,41 @@
> >>>>>> +* Rockchip GPIO support for GRF_SOC_CON registers
> >>>>>> +
> >>>>>> +Required properties:
> >>>>>> +- compatible: Should contain "rockchip,gpio-syscon".
> >>>>>> +- gpio-controller: Marks the device node as a gpio controller.
> >>>>>> +- #gpio-cells: Should be two. The first cell is the pin number and
> >>>>>> + the second cell is used to specify the gpio polarity:
> >>>>>> + 0 = Active high,
> >>>>>> + 1 = Active low.
> >>>>> There's no need for this child node. Just make the parent node a gpio
> >>>>> controller.
> >>>>>
> >>>>> Rob
> >>>> Hi Rob, it is not clear to me. Do you suggest that the grf node should be
> >>>> a
> >>>> gpio controller,
> >>>> like below?
> >>>>
> >>>> + grf: syscon at ff100000 {
> >>>> + compatible = "rockchip,gpio-syscon", "rockchip,rk3328-grf",
> >>>> "syscon", "simple-mfd";
> >>> Yes, but drop "rockchip,gpio-syscon" and "simple-mfd".
> >> I would disagree quite a bit here. The grf are the "general register files",
> >> a bunch of registers used for quite a lot of things, and so it seems
> >> among other users, also a gpio-controller for some more random pins
> >> not controlled through the regular gpio controllers.
> >>
> >> For a more fully stocked grf, please see
> >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/rk3288.dtsi#n855
> >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/rockchip/rk3399.dtsi#n1338
> >>
> >> So the gpio controller should definitly also be a subnode.
> > Sigh, yes, if there are a bunch of functions needing subnodes like the
> > above, then yes that makes sense. But that's not what has been
> > presented. Please make some attempt at defining *all* the functions.
> > An actual binding would be nice, but I'll settle for just a list of
> > things. The list should have functions that have DT dependencies (like
> > clocks for phys in the above) because until you do, you don't need
> > child nodes.
>
> In rk3328.dtsi file, there are lots of line "rockchip,grf = <&grf>;" in
> various nodes,
> such as tsadc, cru, gmac2io, gmac2phy, and also pinctrl, which are not
> sub nodes of
> `grf`, but for reference only. The gpio-syscon node should also have
> similar behavior.
> They are not strongly coupled. The gpio-syscon node should be defined
> outside of the
> `grf` node.
Not necessarily.
I.e. things like the tsadc, cru etc have their own register space and only
some minor additional bits inside the GRF.
Other things like some phys and your mute-gpio are _fully embedded_ inside
the GRF and thus become child devices. This describes the hardware layout
way better, helps unclutter the devicetree and also shows this distinction
between "additional bits" and "embedded" clearly.
Heiko
^ permalink raw reply
* [PATCH 8/9] PM / Domains: Add support for multi PM domains per device to genpd
From: Ulf Hansson @ 2018-05-24 12:17 UTC (permalink / raw)
To: linux-arm-kernel
In-Reply-To: <1687797a-93f1-7e5c-6060-01c12c070964@nvidia.com>
On 24 May 2018 at 11:36, Jon Hunter <jonathanh@nvidia.com> wrote:
>
> On 24/05/18 08:04, Ulf Hansson wrote:
>
> ...
>
>>> Any reason why we could not add a 'boolean' argument to the API to
>>> indicate
>>> whether the new device should be linked? I think that I prefer the API
>>> handles it, but I can see there could be instances where drivers may wish
>>> to
>>> handle it themselves.
>>
>>
>> Coming back to this question. Both Tegra XUSB and Qcom Camera use
>> case, would benefit from doing the linking themselves, as it needs
>> different PM domains to be powered on depending on the current use
>> case - as to avoid wasting power.
>>
>> However, I can understand that you prefer some simplicity over
>> optimizations, as you told us. Then, does it mean that you are
>> insisting on extending the APIs with a boolean for linking, or are you
>> fine with the driver to call device_link_add()?
>
>
> I am fine with the driver calling device_link_add(), but I just wonder if we
> will find a several drivers doing this and then we will end up doing this
> later anyway.
Okay.
>
> The current API is called ...
>
> * genpd_dev_pm_attach_by_id() - Attach a device to one of its PM domain.
> * @dev: Device to attach.
> * @index: The index of the PM domain.
>
> This naming and description is a bit misleading, because really it is not
> attaching the device that is passed, but creating a new device to attach a
> PM domain to. So we should consider renaming and changing the description
> and indicate that users need to link the device.
I picked the name to be consistent with the existing
genpd_dev_pm_attach(). Do you have a better suggestion?
I agree, some details is missing to the description, let me try to
improve it. Actually, I was trying to follow existing descriptions
from genpd_dev_pm_attach(), so perhaps that also needs a little
update.
However, do note that, neither genpd_dev_pm_attach() or
genpd_dev_pm_attach_by_id() is supposed to be called by drivers, but
rather only by the driver core. So description may not be so
important.
In regards to good descriptions, for sure the API added in patch9,
dev_pm_domain_attach_by_id(), needs a good one, as this is what
drivers should be using.
>
> Finally, how is a PM domain attached via calling genpd_dev_pm_attach_by_id()
> detached?
Via the existing genpd_dev_pm_detach(), according to what I have
described in the change log. I clarify the description in regards to
this as well.
Kind regards
Uffe
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox