Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp6168ybp;
        Thu, 3 Oct 2019 09:24:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwwb3bS0illMbnEuTLfVhDcfxYSWX+DNi3b65r3tgMCtgZFsvD52ib+GMO4p+udiZEwVn1f
X-Received: by 2002:aa7:d718:: with SMTP id t24mr10251262edq.300.1570119869329;
        Thu, 03 Oct 2019 09:24:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570119869; cv=none;
        d=google.com; s=arc-20160816;
        b=a0P9mu5nu2qWCmSeL7FqK2ayOoxstXmblbnQxaP7HqPzAgWFUV8hb3UJ8ewuASfDar
         CkQ/8TsWk9VVWtjgR2onIU1XL7xuFbFlf775Hm2Qdi04w4Ka6xJR6quXc/otz5GCdLIs
         7xrt8O7I9GB/W3S0IpyknMEJ+OXGsDO6srhHjAD9RXl9GfCIES+1d0K3kebXhHtmElC/
         +0rvuRY7cVkFH43Zp1lyxMvhHLvnDDtJIq7+vOXt6NmR1HhEW6XHoD4kgmKJtjEtwBOc
         7OL3NX7INZfxU7GRZo54uQA23lZ8CyVCanJ8NzOJdejzP53V+2LQ8n2ISwbxVWI+T5BP
         B4aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=OmPZf5g3QblDgCVezlg6MstCoPzRQOp1JjpYNzTesHg=;
        b=S1LGC79vVe6ZjPc9uoSoL3K55qSfC9Ixe+Ln4j4KS7+fQ18FeBQXbxU8Bv7UATrhbE
         IUR+23mYnfgxrdRRdP0Z3afWC6MQ0Vc2rwkGdo2FjUu2rlp0ZmYt+MusGduE11ONIIZh
         qp8c3MQaeE9i8mpNJHTu7q80U2QZ6Y40llfgew3OnOP3fpSZ5gapFzVE7TahLwiWdY+0
         3oHtLwbHSWNHA4pYwFG2Q7YXWhA/DdfLGI5XwLYxJn2FFpBLZF78Qf5IDckdJ6fTBA/Y
         E8Vaoo2mBiiT6gM5/hgFmmITQJgv1+5pLwCCQw328YPzSmOoaB4P5WjqH87jBen5oPnQ
         rmXw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=XevJ1U8j;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w43si1859367edd.332.2019.10.03.09.24.04;
        Thu, 03 Oct 2019 09:24:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=XevJ1U8j;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389640AbfJCQW0 (ORCPT <rfc822;mailist1go@gmail.com>
        + 99 others); Thu, 3 Oct 2019 12:22:26 -0400
Received: from mail.kernel.org ([198.145.29.99]:51000 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2389604AbfJCQWX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 Oct 2019 12:22:23 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 277AE2054F;
        Thu,  3 Oct 2019 16:22:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1570119742;
        bh=5+gaino9OOA9X8Xne5BCealAkcfuaOmUJ83C6CllR6w=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=XevJ1U8jX+3MlqmUGVR/vBJamnHsR7BwdYaD4hrNEyKhnsvGNM1xCiEIbq1UmWumH
         jGvYc4rvRy0d2NjGqWmgCZCJ8jcynb43Zkq+EPoT2sMZV5sDVNH2iaVfUy2kTypxwe
         aK6XV5/BIWjtgiz7oUg4UVXbZFh+8rtRCR4eaZhg=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Mark Rutland <mark.rutland@arm.com>,
        Will Deacon <will@kernel.org>
Subject: [PATCH 4.19 176/211] Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}"
Date:   Thu,  3 Oct 2019 17:54:02 +0200
Message-Id: <20191003154526.871065283@linuxfoundation.org>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20191003154447.010950442@linuxfoundation.org>
References: <20191003154447.010950442@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Will Deacon <will@kernel.org>

commit d0b7a302d58abe24ed0f32a0672dd4c356bb73db upstream.

This reverts commit 24fe1b0efad4fcdd32ce46cffeab297f22581707.

Commit 24fe1b0efad4fcdd ("arm64: Remove unnecessary ISBs from
set_{pte,pmd,pud}") removed ISB instructions immediately following updates
to the page table, on the grounds that they are not required by the
architecture and a DSB alone is sufficient to ensure that subsequent data
accesses use the new translation:

  DDI0487E_a, B2-128:

  | ... no instruction that appears in program order after the DSB
  | instruction can alter any state of the system or perform any part of
  | its functionality until the DSB completes other than:
  |
  | * Being fetched from memory and decoded
  | * Reading the general-purpose, SIMD and floating-point,
  |   Special-purpose, or System registers that are directly or indirectly
  |   read without causing side-effects.

However, the same document also states the following:

  DDI0487E_a, B2-125:

  | DMB and DSB instructions affect reads and writes to the memory system
  | generated by Load/Store instructions and data or unified cache
  | maintenance instructions being executed by the PE. Instruction fetches
  | or accesses caused by a hardware translation table access are not
  | explicit accesses.

which appears to claim that the DSB alone is insufficient.  Unfortunately,
some CPU designers have followed the second clause above, whereas in Linux
we've been relying on the first. This means that our mapping sequence:

	MOV	X0, <valid pte>
	STR	X0, [Xptep]	// Store new PTE to page table
	DSB	ISHST
	LDR	X1, [X2]	// Translates using the new PTE

can actually raise a translation fault on the load instruction because the
translation can be performed speculatively before the page table update and
then marked as "faulting" by the CPU. For user PTEs, this is ok because we
can handle the spurious fault, but for kernel PTEs and intermediate table
entries this results in a panic().

Revert the offending commit to reintroduce the missing barriers.

Cc: <stable@vger.kernel.org>
Fixes: 24fe1b0efad4fcdd ("arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}")
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/include/asm/pgtable.h |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -224,8 +224,10 @@ static inline void set_pte(pte_t *ptep,
 	 * Only if the new pte is valid and kernel, otherwise TLB maintenance
 	 * or update_mmu_cache() have the necessary barriers.
 	 */
-	if (pte_valid_not_user(pte))
+	if (pte_valid_not_user(pte)) {
 		dsb(ishst);
+		isb();
+	}
 }
 
 extern void __sync_icache_dcache(pte_t pteval);
@@ -432,6 +434,7 @@ static inline void set_pmd(pmd_t *pmdp,
 {
 	WRITE_ONCE(*pmdp, pmd);
 	dsb(ishst);
+	isb();
 }
 
 static inline void pmd_clear(pmd_t *pmdp)
@@ -483,6 +486,7 @@ static inline void set_pud(pud_t *pudp,
 {
 	WRITE_ONCE(*pudp, pud);
 	dsb(ishst);
+	isb();
 }
 
 static inline void pud_clear(pud_t *pudp)