Received: by 10.213.65.68 with SMTP id h4csp925911imn; Thu, 22 Mar 2018 11:32:12 -0700 (PDT) X-Google-Smtp-Source: AG47ELsg9xNf0eVgqtZOYP5tRYxp9QMZfxQiu2ck8OM22s2rtFB0xnPoTv+SQ1d+tkSd/V7QokCn X-Received: by 2002:a17:902:8f97:: with SMTP id z23-v6mr26213158plo.162.1521743532919; Thu, 22 Mar 2018 11:32:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521743532; cv=none; d=google.com; s=arc-20160816; b=0q3k2c9vmB6lKn9aZHAtsnK9P93/PPVnePGCSstcrJOVE4QvXJpW3f19u6+jIw/ctx PcDzUIP/X0tcUYz2tFI1stizOGvuykhICW6rjxM/WfjUFyRuho1zK7tXGtYvHxYuLZeA phH92hE3G/Vof1xhGmACFi8qg8ysgN5ji7nhTVMx6+7pb//VHgKyf6l27gK4JNUk3EpB jvrbJW+Qvf1BT1L9xqfPBshpF/9Gw06ZVjCCH4YosvsrrHqmvFoo1QfTFwmxF+ZoBZIC lBtn1Gv5KcuE6FxEr9jTwIAZ9qNBa3uVPC9Fnsr8C/JDejnF+Fm7XmMlvhx8G/eJpsOc PwfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=4UDoEtUiB4Roqwjn3kjVKgxd+95MwUmpft/wTQacm9k=; b=i0nrEelDKfLFAmzqthg1onrCmWsfQdP58CnCMNG9M5f8hNG8v8hK/7uSOiobzJCRaK hTJVSEeqRmqbhP7YD/WKnLfjpyQtA21QJ1YaaT8I+HooqTmdA7e/2avArhiBCnyeydBS 9cCMD0P53v3X5BEBhXkvnrNiGRe/1XtoiwPgCASOemU34yEs0w+dFVm0dcQ/RX+YEoVB cO50Velfme7LBcA7afdwhljGJG6nyVmfyrLwHAo8Ae1Hn1GDCqwd07cCQ6pbUfs8hx9y VLEDYPJ1GM5Q0DOpVZX2L61lvVaIPQ8CUtWwjqlDEmiaQGhkCd9aEdWpPFToL83vNirB +ChA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u27si5302686pfk.241.2018.03.22.11.31.34; Thu, 22 Mar 2018 11:32:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751733AbeCVSaa (ORCPT + 99 others); Thu, 22 Mar 2018 14:30:30 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41784 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751692AbeCVSa2 (ORCPT ); Thu, 22 Mar 2018 14:30:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8648A1529; Thu, 22 Mar 2018 11:30:28 -0700 (PDT) Received: from [10.1.210.88] (e110467-lin.cambridge.arm.com [10.1.210.88]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2F0443F487; Thu, 22 Mar 2018 11:30:27 -0700 (PDT) Subject: Re: [PATCH] arm64: tlbflush: avoid writing RES0 bits To: Philip Elcan , linux-arm-kernel@lists.infradead.org, Catalin Marinas , Will Deacon , Mark Rutland , linux-kernel@vger.kernel.org Cc: Thomas Speier , Shanker Donthineni References: <1521666172-2494-1-git-send-email-pelcan@codeaurora.org> From: Robin Murphy Message-ID: <00ae42df-d0b7-f63b-9cca-4c3e65a3938e@arm.com> Date: Thu, 22 Mar 2018 18:30:25 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1521666172-2494-1-git-send-email-pelcan@codeaurora.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 21/03/18 21:02, Philip Elcan wrote: > Bits [47:44] of the TLBI register operand are RES0 for instructions that > require a VA, per the ARM ARM spec, so TLBI operations should avoid writing > non-zero values to these bits. If we're going to start sanitising addresses to respect RES0 bits, then we should probably do it properly to cope with the cases where bits 63:47 are also RES0, and others - I guess we never actually try to do something like VAE1IS with a kernel VA, but AFAICS that would still be busted even after this patch. Robin. > Signed-off-by: Philip Elcan > --- > arch/arm64/include/asm/tlbflush.h | 16 ++++++++++------ > 1 file changed, 10 insertions(+), 6 deletions(-) > > diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h > index 9e82dd7..dbd22a9 100644 > --- a/arch/arm64/include/asm/tlbflush.h > +++ b/arch/arm64/include/asm/tlbflush.h > @@ -60,6 +60,9 @@ > __tlbi(op, (arg) | USER_ASID_FLAG); \ > } while (0) > > +/* This macro masks out RES0 bits in the TLBI operand */ > +#define __TLBI_VADDR(addr) (addr & ~GENMASK_ULL(47, 44)) > + > /* > * TLB Management > * ============== > @@ -128,7 +131,8 @@ static inline void flush_tlb_mm(struct mm_struct *mm) > static inline void flush_tlb_page(struct vm_area_struct *vma, > unsigned long uaddr) > { > - unsigned long addr = uaddr >> 12 | (ASID(vma->vm_mm) << 48); > + unsigned long addr = __TLBI_VADDR(uaddr >> 12) | > + (ASID(vma->vm_mm) << 48); > > dsb(ishst); > __tlbi(vale1is, addr); > @@ -154,8 +158,8 @@ static inline void __flush_tlb_range(struct vm_area_struct *vma, > return; > } > > - start = asid | (start >> 12); > - end = asid | (end >> 12); > + start = asid | __TLBI_VADDR(start >> 12); > + end = asid | __TLBI_VADDR(end >> 12); > > dsb(ishst); > for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) { > @@ -185,8 +189,8 @@ static inline void flush_tlb_kernel_range(unsigned long start, unsigned long end > return; > } > > - start >>= 12; > - end >>= 12; > + start = __TLBI_VADDR(start >> 12); > + end = __TLBI_VADDR(end >> 12); > > dsb(ishst); > for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) > @@ -202,7 +206,7 @@ static inline void flush_tlb_kernel_range(unsigned long start, unsigned long end > static inline void __flush_tlb_pgtable(struct mm_struct *mm, > unsigned long uaddr) > { > - unsigned long addr = uaddr >> 12 | (ASID(mm) << 48); > + unsigned long addr = __TLBI_VADDR(uaddr >> 12) | (ASID(mm) << 48); > > __tlbi(vae1is, addr); > __tlbi_user(vae1is, addr); >