Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2440713imj;
        Mon, 11 Feb 2019 02:58:48 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ia/0sO6l63NP+5eLQU6XS6TovPW/9qi5+z1S7xrvQ+TP/XRntGbMNpvXijoQfJmVSdu7MNl
X-Received: by 2002:a62:4d45:: with SMTP id a66mr17520943pfb.52.1549882728853;
        Mon, 11 Feb 2019 02:58:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549882728; cv=none;
        d=google.com; s=arc-20160816;
        b=fCq5y8lQAYUusFdAF3HGYTfHV9ousJ14hMgy7XnMALMDemWJDsfVp2AzvWm3khyu6X
         Ev7dAFEOtbFbXK7QsRNMmzqqLpjQXrA4cxcZkskP/fL6GdvUY6NjlQh4zXKr8oVYRi4o
         ffbLtSGwKtAzLJzvkqrjQxBVG9JSVXT9+fQn/Zc0kB9Og4aLLnzV5vLTVskSbaIJOMI8
         +CPqwTfsUB7/RCG8PARVwX/iECnq90XXpaflekudo3pJyE59tUtYdweUrFZ8+JQr8+fA
         Y4RM2m1Fc3KwzzJcLrOLQnOw9PbyuvxVLWrI7Fu/O3+5JyOaJcaOk0NYVwpVDYsXWqGl
         H0bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=fhR/KThpLL1K2GhNW+L5gfan1aeRjCg1XDc+7YqH/ho=;
        b=wivj8WMcZPHAmbWwA7cNRIGizMNTZPKrTsVLNygO1jm7fgtcNS9y85a8/dDHKDte+Y
         OwvN3TLYu9iJgzxs0TbWFkBNQNvuebWGayQyKXYUbXUK3/NVL5cyvniUA73DUOyUWL9H
         f4H+RG4o6d5NW0B1QKEvlfL+PyIKQfjZZbIkEfH47gqpIGPaYaLFn35QN5F/J6URREFZ
         WO+nFoJorG4hlYPkSUbW7UWAPBxrjxyIyoL7oS+Dg1Yb+iJ8+/bXf6JdWQNKQciNzIfs
         sOrAdipvtrre8P7f7LvZ2wkBV4OdGUZAeYeK81B15kgHZD6Xrml2Wa3KBeOsm0RlgHJB
         3oGA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j1si9300301pff.42.2019.02.11.02.58.32;
        Mon, 11 Feb 2019 02:58:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727123AbfBKK6A (ORCPT <rfc822;jekfish0@gmail.com> + 99 others);
        Mon, 11 Feb 2019 05:58:00 -0500
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:45590 "EHLO
        foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726045AbfBKK6A (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 11 Feb 2019 05:58:00 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C153EA78;
        Mon, 11 Feb 2019 02:57:59 -0800 (PST)
Received: from fuggles.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8DC9B3F557;
        Mon, 11 Feb 2019 02:57:58 -0800 (PST)
Date:   Mon, 11 Feb 2019 10:57:55 +0000
From:   Will Deacon <will.deacon@arm.com>
To:     AngeloGioacchino Del Regno <kholk11@gmail.com>
Cc:     Jens Axboe <axboe@kernel.dk>,
        Catalin Marinas <catalin.marinas@arm.com>,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-arm-msm@vger.kernel.org
Subject: Re: [PATCH] arm64/io: Don't use WZR in writel
Message-ID: <20190211105755.GB30880@fuggles.cambridge.arm.com>
References: <68b71c15f32341468a868f6418e4fcb375bc49ba.camel@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <68b71c15f32341468a868f6418e4fcb375bc49ba.camel@gmail.com>
User-Agent: Mutt/1.11.1+86 (6f28e57d73f2) ()
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Feb 09, 2019 at 07:34:53PM +0100, AngeloGioacchino Del Regno wrote:
> From 33fb6d036de273bb71ac1c67d7a91b7a5148e659 Mon Sep 17 00:00:00 2001
> From: "Angelo G. Del Regno" <kholk11@gmail.com>
> Date: Sat, 9 Feb 2019 18:56:46 +0100
> Subject: [PATCH] arm64/io: Don't use WZR in writel
> 
> This is a partial revert of commit ee5e41b5f21a
> ("arm64/io: Allow I/O writes to use {W,X}ZR")
> 
> When we try to use the zero register directly on some SoCs,
> their security will make them freeze due to a firmware bug.
> This behavior is seen with the arm-smmu driver freezing on
> TLBI and TLBSYNC on MSM8996, MSM8998, SDM630, SDM660.

Hmm, this sounds very fragile. I hope they're not trapping and emulating
MMIO accesses and treating the zero register as the stack pointer...

Wouldn't this also be triggerable from userspace by mmap()ing either
/dev/mem or e.g. a PCI bar via sysfs?

> Allocating a temporary register to store the zero for the
> write actually solves the issue on these SoCs.

I don't think this catches all MMIO accesses, so I think we need to
understand more about the actual issue here. For example, is it only the
SMMU that causes this problem? Also, any workaround should be specific to
the broken SoCs.

Will