This short series enables the existing speculative unprivileged load
workaround from Cortex-A520 on Cortex-A510 cores which are also affected
by the erratum. The erratum number is 3117295 and details are available
in the SDEN[1].
Rob
[1] https://developer.arm.com/documentation/SDEN1873361/latest/
Signed-off-by: Rob Herring <[email protected]>
---
Rob Herring (2):
arm64: Rename ARM64_WORKAROUND_2966298
arm64: errata: Add Cortex-A510 speculative unprivileged load workaround
Documentation/arch/arm64/silicon-errata.rst | 2 ++
arch/arm64/Kconfig | 18 ++++++++++++++++++
arch/arm64/kernel/cpu_errata.c | 21 +++++++++++++++++----
arch/arm64/kernel/entry.S | 2 +-
arch/arm64/tools/cpucaps | 2 +-
5 files changed, 39 insertions(+), 6 deletions(-)
---
base-commit: b85ea95d086471afb4ad062012a4d73cd328fa86
change-id: 20240110-arm-errata-a510-23cc219ec1e0
Best regards,
--
Rob Herring <[email protected]>
Implement the workaround for ARM Cortex-A510 erratum 3117295. On an
affected Cortex-A510 core, a speculatively executed unprivileged load
might leak data from a privileged load via a cache side channel. The
issue only exists for loads within a translation regime with the same
translation (e.g. same ASID and VMID). Therefore, the issue only affects
the return to EL0.
The erratum and workaround are the same as ARM Cortex-A520 erratum
2966298, so reuse the existing workaround.
Cc: [email protected]
Signed-off-by: Rob Herring <[email protected]>
---
Documentation/arch/arm64/silicon-errata.rst | 2 ++
arch/arm64/Kconfig | 14 ++++++++++++++
arch/arm64/kernel/cpu_errata.c | 17 +++++++++++++++--
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst
index f47f63bcf67c..7acd64c61f50 100644
--- a/Documentation/arch/arm64/silicon-errata.rst
+++ b/Documentation/arch/arm64/silicon-errata.rst
@@ -71,6 +71,8 @@ stable kernels.
+----------------+-----------------+-----------------+-----------------------------+
| ARM | Cortex-A510 | #2658417 | ARM64_ERRATUM_2658417 |
+----------------+-----------------+-----------------+-----------------------------+
+| ARM | Cortex-A510 | #3117295 | ARM64_ERRATUM_3117295 |
++----------------+-----------------+-----------------+-----------------------------+
| ARM | Cortex-A520 | #2966298 | ARM64_ERRATUM_2966298 |
+----------------+-----------------+-----------------+-----------------------------+
| ARM | Cortex-A53 | #826319 | ARM64_ERRATUM_826319 |
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index ba9f6ceddbbe..456e8680e16e 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1054,6 +1054,20 @@ config ARM64_ERRATUM_2966298
If unsure, say Y.
+config ARM64_ERRATUM_3117295
+ bool "Cortex-A510: 3117295: workaround for speculatively executed unprivileged load"
+ select ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
+ default y
+ help
+ This option adds the workaround for ARM Cortex-A510 erratum 3117295.
+
+ On an affected Cortex-A510 core, a speculatively executed unprivileged
+ load might leak data from a privileged level via a cache side channel.
+
+ Work around this problem by executing a TLBI before returning to EL0.
+
+ If unsure, say Y.
+
config CAVIUM_ERRATUM_22375
bool "Cavium erratum 22375, 24313"
default y
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index cb5e0622168d..8b69fa296470 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -416,6 +416,19 @@ static struct midr_range broken_aarch32_aes[] = {
};
#endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */
+#ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
+static const struct midr_range erratum_spec_unpriv_load_list[] = {
+#ifdef CONFIG_ARM64_ERRATUM_3117295
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A510),
+#endif
+#ifdef CONFIG_ARM64_ERRATUM_2966298
+ /* Cortex-A520 r0p0 to r0p1 */
+ MIDR_REV_RANGE(MIDR_CORTEX_A520, 0, 0, 1),
+#endif
+ {},
+};
+#endif
+
const struct arm64_cpu_capabilities arm64_errata[] = {
#ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE
{
@@ -715,10 +728,10 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
#endif
#ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
{
- .desc = "ARM erratum 2966298",
+ .desc = "ARM erratum 2966298 and 3117295",
.capability = ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD,
/* Cortex-A520 r0p0 - r0p1 */
- ERRATA_MIDR_REV_RANGE(MIDR_CORTEX_A520, 0, 0, 1),
+ ERRATA_MIDR_RANGE_LIST(erratum_spec_unpriv_load_list),
},
#endif
#ifdef CONFIG_AMPERE_ERRATUM_AC03_CPU_38
--
2.43.0
On Wed, Jan 10, 2024 at 11:29:21AM -0600, Rob Herring wrote:
> Implement the workaround for ARM Cortex-A510 erratum 3117295. On an
> affected Cortex-A510 core, a speculatively executed unprivileged load
> might leak data from a privileged load via a cache side channel. The
> issue only exists for loads within a translation regime with the same
> translation (e.g. same ASID and VMID). Therefore, the issue only affects
> the return to EL0.
>
> The erratum and workaround are the same as ARM Cortex-A520 erratum
> 2966298, so reuse the existing workaround.
>
> Cc: [email protected]
> Signed-off-by: Rob Herring <[email protected]>
> ---
> Documentation/arch/arm64/silicon-errata.rst | 2 ++
> arch/arm64/Kconfig | 14 ++++++++++++++
> arch/arm64/kernel/cpu_errata.c | 17 +++++++++++++++--
> 3 files changed, 31 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst
> index f47f63bcf67c..7acd64c61f50 100644
> --- a/Documentation/arch/arm64/silicon-errata.rst
> +++ b/Documentation/arch/arm64/silicon-errata.rst
> @@ -71,6 +71,8 @@ stable kernels.
> +----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A510 | #2658417 | ARM64_ERRATUM_2658417 |
> +----------------+-----------------+-----------------+-----------------------------+
> +| ARM | Cortex-A510 | #3117295 | ARM64_ERRATUM_3117295 |
> ++----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A520 | #2966298 | ARM64_ERRATUM_2966298 |
> +----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A53 | #826319 | ARM64_ERRATUM_826319 |
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index ba9f6ceddbbe..456e8680e16e 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1054,6 +1054,20 @@ config ARM64_ERRATUM_2966298
>
> If unsure, say Y.
>
> +config ARM64_ERRATUM_3117295
> + bool "Cortex-A510: 3117295: workaround for speculatively executed unprivileged load"
> + select ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
> + default y
> + help
> + This option adds the workaround for ARM Cortex-A510 erratum 3117295.
> +
> + On an affected Cortex-A510 core, a speculatively executed unprivileged
> + load might leak data from a privileged level via a cache side channel.
> +
> + Work around this problem by executing a TLBI before returning to EL0.
> +
> + If unsure, say Y.
> +
> config CAVIUM_ERRATUM_22375
> bool "Cavium erratum 22375, 24313"
> default y
> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> index cb5e0622168d..8b69fa296470 100644
> --- a/arch/arm64/kernel/cpu_errata.c
> +++ b/arch/arm64/kernel/cpu_errata.c
> @@ -416,6 +416,19 @@ static struct midr_range broken_aarch32_aes[] = {
> };
> #endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */
>
> +#ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
> +static const struct midr_range erratum_spec_unpriv_load_list[] = {
> +#ifdef CONFIG_ARM64_ERRATUM_3117295
> + MIDR_ALL_VERSIONS(MIDR_CORTEX_A510),
> +#endif
> +#ifdef CONFIG_ARM64_ERRATUM_2966298
> + /* Cortex-A520 r0p0 to r0p1 */
> + MIDR_REV_RANGE(MIDR_CORTEX_A520, 0, 0, 1),
> +#endif
> + {},
> +};
> +#endif
> +
> const struct arm64_cpu_capabilities arm64_errata[] = {
> #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE
> {
> @@ -715,10 +728,10 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
> #endif
> #ifdef CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
> {
> - .desc = "ARM erratum 2966298",
> + .desc = "ARM erratum 2966298 and 3117295",
Minor nit: s/and/or/
> .capability = ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD,
> /* Cortex-A520 r0p0 - r0p1 */
> - ERRATA_MIDR_REV_RANGE(MIDR_CORTEX_A520, 0, 0, 1),
> + ERRATA_MIDR_RANGE_LIST(erratum_spec_unpriv_load_list),
> },
> #endif
> #ifdef CONFIG_AMPERE_ERRATUM_AC03_CPU_38
Regardless of the nit above, this looks good to me.
I applied this atop the v6.7 (with the prior patch), and checked the following combinations:
CONFIG_ARM64_ERRATUM_3117295=y && CONFIG_ARM64_ERRATUM_2966298=y
CONFIG_ARM64_ERRATUM_3117295=y && CONFIG_ARM64_ERRATUM_2966298=n
CONFIG_ARM64_ERRATUM_3117295=n && CONFIG_ARM64_ERRATUM_2966298=y
CONFIG_ARM64_ERRATUM_3117295=n && CONFIG_ARM64_ERRATUM_2966298=n
On all cases the resulting Kconfig looked good i.e.
CONFIG_ARM64_WORKAROUND_CLEAN_CACHE was only selected when at least one of
those was selected), and the kernel built cleanly and booted fine for each
configuration.
I don't have a Cortex-A510 to test on, but I see no reason that this shouldn't
work as described.
With or without the "s/and/or/" fixup above:
Reviewed-by: Mark Rutland <[email protected]>
Catalin, Will, I assume you'd be happy to adjust that when applying, so there's
no reason to send a v2.
Mark.
On Wed, 10 Jan 2024 11:29:19 -0600, Rob Herring wrote:
> This short series enables the existing speculative unprivileged load
> workaround from Cortex-A520 on Cortex-A510 cores which are also affected
> by the erratum. The erratum number is 3117295 and details are available
> in the SDEN[1].
>
> Rob
>
> [...]
Applied to arm64 (for-next/core), thanks!
[1/2] arm64: Rename ARM64_WORKAROUND_2966298
https://git.kernel.org/arm64/c/546b7cde9b1d
[2/2] arm64: errata: Add Cortex-A510 speculative unprivileged load workaround
https://git.kernel.org/arm64/c/f827bcdafa2a
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev