From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Dave Martin <dave.martin@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
James Morse <james.morse@arm.com>
Subject: [PATCH 4.9 08/43] arm64: capabilities: Add flags to handle the conflicts on late CPU
Date: Wed, 6 Apr 2022 20:26:17 +0200 [thread overview]
Message-ID: <20220406182436.925544626@linuxfoundation.org> (raw)
In-Reply-To: <20220406182436.675069715@linuxfoundation.org>
From: Suzuki K Poulose <suzuki.poulose@arm.com>
[ Upstream commit 5b4747c5dce7a873e1e7fe1608835825f714267a ]
When a CPU is brought up, it is checked against the caps that are
known to be enabled on the system (via verify_local_cpu_capabilities()).
Based on the state of the capability on the CPU vs. that of System we
could have the following combinations of conflict.
x-----------------------------x
| Type | System | Late CPU |
|-----------------------------|
| a | y | n |
|-----------------------------|
| b | n | y |
x-----------------------------x
Case (a) is not permitted for caps which are system features, which the
system expects all the CPUs to have (e.g VHE). While (a) is ignored for
all errata work arounds. However, there could be exceptions to the plain
filtering approach. e.g, KPTI is an optional feature for a late CPU as
long as the system already enables it.
Case (b) is not permitted for errata work arounds that cannot be activated
after the kernel has finished booting.And we ignore (b) for features. Here,
yet again, KPTI is an exception, where if a late CPU needs KPTI we are too
late to enable it (because we change the allocation of ASIDs etc).
Add two different flags to indicate how the conflict should be handled.
ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU - CPUs may have the capability
ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU - CPUs may not have the cappability.
Now that we have the flags to describe the behavior of the errata and
the features, as we treat them, define types for ERRATUM and FEATURE.
Cc: Will Deacon <will.deacon@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Dave Martin <dave.martin@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/cpufeature.h | 68 ++++++++++++++++++++++++++++++++++++
arch/arm64/kernel/cpu_errata.c | 10 ++---
arch/arm64/kernel/cpufeature.c | 22 +++++------
3 files changed, 84 insertions(+), 16 deletions(-)
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -130,6 +130,7 @@ extern struct arm64_ftr_reg arm64_ftr_re
* an action, based on the severity (e.g, a CPU could be prevented from
* booting or cause a kernel panic). The CPU is allowed to "affect" the
* state of the capability, if it has not been finalised already.
+ * See section 5 for more details on conflicts.
*
* 4) Action: As mentioned in (2), the kernel can take an action for each
* detected capability, on all CPUs on the system. Appropriate actions
@@ -147,6 +148,34 @@ extern struct arm64_ftr_reg arm64_ftr_re
*
* check_local_cpu_capabilities() -> verify_local_cpu_capabilities()
*
+ * 5) Conflicts: Based on the state of the capability on a late CPU vs.
+ * the system state, we could have the following combinations :
+ *
+ * x-----------------------------x
+ * | Type | System | Late CPU |
+ * |-----------------------------|
+ * | a | y | n |
+ * |-----------------------------|
+ * | b | n | y |
+ * x-----------------------------x
+ *
+ * Two separate flag bits are defined to indicate whether each kind of
+ * conflict can be allowed:
+ * ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU - Case(a) is allowed
+ * ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU - Case(b) is allowed
+ *
+ * Case (a) is not permitted for a capability that the system requires
+ * all CPUs to have in order for the capability to be enabled. This is
+ * typical for capabilities that represent enhanced functionality.
+ *
+ * Case (b) is not permitted for a capability that must be enabled
+ * during boot if any CPU in the system requires it in order to run
+ * safely. This is typical for erratum work arounds that cannot be
+ * enabled after the corresponding capability is finalised.
+ *
+ * In some non-typical cases either both (a) and (b), or neither,
+ * should be permitted. This can be described by including neither
+ * or both flags in the capability's type field.
*/
@@ -160,6 +189,33 @@ extern struct arm64_ftr_reg arm64_ftr_re
#define SCOPE_SYSTEM ARM64_CPUCAP_SCOPE_SYSTEM
#define SCOPE_LOCAL_CPU ARM64_CPUCAP_SCOPE_LOCAL_CPU
+/*
+ * Is it permitted for a late CPU to have this capability when system
+ * hasn't already enabled it ?
+ */
+#define ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU ((u16)BIT(4))
+/* Is it safe for a late CPU to miss this capability when system has it */
+#define ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU ((u16)BIT(5))
+
+/*
+ * CPU errata workarounds that need to be enabled at boot time if one or
+ * more CPUs in the system requires it. When one of these capabilities
+ * has been enabled, it is safe to allow any CPU to boot that doesn't
+ * require the workaround. However, it is not safe if a "late" CPU
+ * requires a workaround and the system hasn't enabled it already.
+ */
+#define ARM64_CPUCAP_LOCAL_CPU_ERRATUM \
+ (ARM64_CPUCAP_SCOPE_LOCAL_CPU | ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU)
+/*
+ * CPU feature detected at boot time based on system-wide value of a
+ * feature. It is safe for a late CPU to have this feature even though
+ * the system hasn't enabled it, although the featuer will not be used
+ * by Linux in this case. If the system has enabled this feature already,
+ * then every late CPU must have it.
+ */
+#define ARM64_CPUCAP_SYSTEM_FEATURE \
+ (ARM64_CPUCAP_SCOPE_SYSTEM | ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU)
+
struct arm64_cpu_capabilities {
const char *desc;
u16 capability;
@@ -193,6 +249,18 @@ static inline int cpucap_default_scope(c
return cap->type & ARM64_CPUCAP_SCOPE_MASK;
}
+static inline bool
+cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap)
+{
+ return !!(cap->type & ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU);
+}
+
+static inline bool
+cpucap_late_cpu_permitted(const struct arm64_cpu_capabilities *cap)
+{
+ return !!(cap->type & ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU);
+}
+
extern DECLARE_BITMAP(cpu_hwcaps, ARM64_NCAPS);
extern struct static_key_false cpu_hwcap_keys[ARM64_NCAPS];
extern struct static_key_false arm64_const_caps_ready;
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -369,14 +369,14 @@ static bool has_ssbd_mitigation(const st
#endif /* CONFIG_ARM64_SSBD */
#define MIDR_RANGE(model, min, max) \
- .type = ARM64_CPUCAP_SCOPE_LOCAL_CPU, \
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
.matches = is_affected_midr_range, \
.midr_model = model, \
.midr_range_min = min, \
.midr_range_max = max
#define MIDR_ALL_VERSIONS(model) \
- .type = ARM64_CPUCAP_SCOPE_LOCAL_CPU, \
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
.matches = is_affected_midr_range, \
.midr_model = model, \
.midr_range_min = 0, \
@@ -459,14 +459,14 @@ const struct arm64_cpu_capabilities arm6
.desc = "Mismatched cache line size",
.capability = ARM64_MISMATCHED_CACHE_LINE_SIZE,
.matches = has_mismatched_cache_type,
- .type = ARM64_CPUCAP_SCOPE_LOCAL_CPU,
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
.cpu_enable = cpu_enable_trap_ctr_access,
},
{
.desc = "Mismatched cache type",
.capability = ARM64_MISMATCHED_CACHE_TYPE,
.matches = has_mismatched_cache_type,
- .type = ARM64_CPUCAP_SCOPE_LOCAL_CPU,
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
.cpu_enable = cpu_enable_trap_ctr_access,
},
#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
@@ -504,7 +504,7 @@ const struct arm64_cpu_capabilities arm6
#ifdef CONFIG_ARM64_SSBD
{
.desc = "Speculative Store Bypass Disable",
- .type = ARM64_CPUCAP_SCOPE_LOCAL_CPU,
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
.capability = ARM64_SSBD,
.matches = has_ssbd_mitigation,
},
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -865,7 +865,7 @@ static const struct arm64_cpu_capabiliti
{
.desc = "GIC system register CPU interface",
.capability = ARM64_HAS_SYSREG_GIC_CPUIF,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = has_useable_gicv3_cpuif,
.sys_reg = SYS_ID_AA64PFR0_EL1,
.field_pos = ID_AA64PFR0_GIC_SHIFT,
@@ -876,7 +876,7 @@ static const struct arm64_cpu_capabiliti
{
.desc = "Privileged Access Never",
.capability = ARM64_HAS_PAN,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = has_cpuid_feature,
.sys_reg = SYS_ID_AA64MMFR1_EL1,
.field_pos = ID_AA64MMFR1_PAN_SHIFT,
@@ -889,7 +889,7 @@ static const struct arm64_cpu_capabiliti
{
.desc = "LSE atomic instructions",
.capability = ARM64_HAS_LSE_ATOMICS,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = has_cpuid_feature,
.sys_reg = SYS_ID_AA64ISAR0_EL1,
.field_pos = ID_AA64ISAR0_ATOMICS_SHIFT,
@@ -900,14 +900,14 @@ static const struct arm64_cpu_capabiliti
{
.desc = "Software prefetching using PRFM",
.capability = ARM64_HAS_NO_HW_PREFETCH,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = has_no_hw_prefetch,
},
#ifdef CONFIG_ARM64_UAO
{
.desc = "User Access Override",
.capability = ARM64_HAS_UAO,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = has_cpuid_feature,
.sys_reg = SYS_ID_AA64MMFR2_EL1,
.field_pos = ID_AA64MMFR2_UAO_SHIFT,
@@ -921,21 +921,21 @@ static const struct arm64_cpu_capabiliti
#ifdef CONFIG_ARM64_PAN
{
.capability = ARM64_ALT_PAN_NOT_UAO,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = cpufeature_pan_not_uao,
},
#endif /* CONFIG_ARM64_PAN */
{
.desc = "Virtualization Host Extensions",
.capability = ARM64_HAS_VIRT_HOST_EXTN,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = runs_at_el2,
.cpu_enable = cpu_copy_el2regs,
},
{
.desc = "32-bit EL0 Support",
.capability = ARM64_HAS_32BIT_EL0,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = has_cpuid_feature,
.sys_reg = SYS_ID_AA64PFR0_EL1,
.sign = FTR_UNSIGNED,
@@ -945,14 +945,14 @@ static const struct arm64_cpu_capabiliti
{
.desc = "Reduced HYP mapping offset",
.capability = ARM64_HYP_OFFSET_LOW,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = hyp_offset_low,
},
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
{
.desc = "Kernel page table isolation (KPTI)",
.capability = ARM64_UNMAP_KERNEL_AT_EL0,
- .type = ARM64_CPUCAP_SCOPE_SYSTEM,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = unmap_kernel_at_el0,
.cpu_enable = kpti_install_ng_mappings,
},
@@ -963,7 +963,7 @@ static const struct arm64_cpu_capabiliti
#define HWCAP_CAP(reg, field, s, min_value, cap_type, cap) \
{ \
.desc = #cap, \
- .type = ARM64_CPUCAP_SCOPE_SYSTEM, \
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE, \
.matches = has_cpuid_feature, \
.sys_reg = reg, \
.field_pos = field, \
next prev parent reply other threads:[~2022-04-06 19:27 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-06 18:26 [PATCH 4.9 00/43] 4.9.310-rc1 review Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 01/43] arm64: errata: Provide macro for major and minor cpu revisions Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 02/43] arm64: Remove useless UAO IPI and describe how this gets enabled Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 03/43] arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35 Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 04/43] arm64: capabilities: Update prototype for enable call back Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 05/43] arm64: capabilities: Move errata work around check on boot CPU Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 06/43] arm64: capabilities: Move errata processing code Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 07/43] arm64: capabilities: Prepare for fine grained capabilities Greg Kroah-Hartman
2022-04-06 18:26 ` Greg Kroah-Hartman [this message]
2022-04-06 18:26 ` [PATCH 4.9 09/43] arm64: capabilities: Clean up midr range helpers Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 10/43] arm64: Add helpers for checking CPU MIDR against a range Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 11/43] arm64: capabilities: Add support for checks based on a list of MIDRs Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 12/43] clocksource/drivers/arm_arch_timer: Remove fsl-a008585 parameter Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 13/43] clocksource/drivers/arm_arch_timer: Introduce generic errata handling infrastructure Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 14/43] arm64: arch_timer: Add infrastructure for multiple erratum detection methods Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 15/43] arm64: arch_timer: Add erratum handler for CPU-specific capability Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 16/43] arm64: arch_timer: Add workaround for ARM erratum 1188873 Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 17/43] arm64: arch_timer: avoid unused function warning Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 18/43] arm64: Add silicon-errata.txt entry for ARM erratum 1188873 Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 19/43] arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 20/43] arm64: Add part number for Neoverse N1 Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 21/43] arm64: Add part number for Arm Cortex-A77 Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 22/43] arm64: Add Neoverse-N2, Cortex-A710 CPU part definition Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 23/43] arm64: Add Cortex-X2 " Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 24/43] arm64: Add helper to decode register from instruction Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 25/43] arm64: entry.S: Add ventry overflow sanity checks Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 26/43] arm64: entry: Make the trampoline cleanup optional Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 27/43] arm64: entry: Free up another register on kptis tramp_exit path Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 28/43] arm64: entry: Move the trampoline data page before the text page Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 29/43] arm64: entry: Allow tramp_alias to access symbols after the 4K boundary Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 30/43] arm64: entry: Dont assume tramp_vectors is the start of the vectors Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 31/43] arm64: entry: Move trampoline macros out of ifdefd section Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 32/43] arm64: entry: Make the kpti trampolines kpti sequence optional Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 33/43] arm64: entry: Allow the trampoline text to occupy multiple pages Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 34/43] arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 35/43] arm64: Move arm64_update_smccc_conduit() out of SSBD ifdef Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 36/43] arm64: entry: Add vectors that have the bhb mitigation sequences Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 37/43] arm64: entry: Add macro for reading symbol addresses from the trampoline Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 38/43] arm64: Add percpu vectors for EL1 Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 39/43] KVM: arm64: Add templates for BHB mitigation sequences Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 40/43] arm64: Mitigate spectre style branch history side channels Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 41/43] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 42/43] arm64: add ID_AA64ISAR2_EL1 sys register Greg Kroah-Hartman
2022-04-06 18:26 ` [PATCH 4.9 43/43] arm64: Use the clearbhb instruction in mitigations Greg Kroah-Hartman
2022-04-06 20:57 ` [PATCH 4.9 00/43] 4.9.310-rc1 review Florian Fainelli
2022-04-06 21:55 ` Pavel Machek
2022-04-06 22:51 ` Shuah Khan
2022-04-07 9:32 ` Guenter Roeck
2022-04-07 10:23 ` Greg Kroah-Hartman
2022-04-07 17:20 ` James Morse
2022-04-12 5:51 ` Greg Kroah-Hartman
2022-04-07 11:20 ` Naresh Kamboju
2022-04-07 11:28 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220406182436.925544626@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=dave.martin@arm.com \
--cc=james.morse@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=stable@vger.kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox