Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
MIME-Version: 1.0
References: <YipOoAaBIHjeCKOq@dev-arch.thelio-3990X> <YkSHJ65qGHO4bonJ@shell.armlinux.org.uk>
 <CAMj1kXFcrG6TrSU+KcmXCVM7ZWZ2fMjiN8c_dtEwxBugJS_UAQ@mail.gmail.com> <10062923.nUPlyArG6x@localhost.localdomain>
In-Reply-To: <10062923.nUPlyArG6x@localhost.localdomain>
From:   Ard Biesheuvel <ardb@kernel.org>
Date:   Wed, 30 Mar 2022 19:42:31 +0200
Message-ID: <CAMj1kXGbNtJPEowha8=vFgjdv_m2viHJ2Q7AqtJeqOPLa8-1Sg@mail.gmail.com>
Subject: Re: CONFIG_THUMB2_KERNEL=y boot failure after Spectre BHB fixes
To:     Christian Eggers <ceggers@arri.de>
Cc:     "Russell King (Oracle)" <linux@armlinux.org.uk>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        llvm@lists.linux.dev, Nathan Chancellor <nathan@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk

On Wed, 30 Mar 2022 at 19:33, Christian Eggers <ceggers@arri.de> wrote:
>
> On Wednesday, 30 March 2022, 18:45:18 CEST, Ard Biesheuvel wrote:
> >
> On Wed, 30 Mar 2022 at 18:37, Russell King (Oracle)
> > <linux@armlinux.org.uk> wrote:
> > >
> > > On Wed, Mar 30, 2022 at 06:34:25PM +0200, Ard Biesheuvel wrote:
> > > > On Wed, 30 Mar 2022 at 18:12, Russell King (Oracle)
> > > > <linux@armlinux.org.uk> wrote:
> > > > >
> > > > > On Tue, Mar 22, 2022 at 06:49:17PM +0100, Christian Eggers wrote:
> > > > > > Hi Nathan, hi Russel,
> > > > > >
> > > > > > I stumbled today over the same problem (no output on serial console
> > > > > > with v5.15.28-rt36). During `git bisect`, I had also some commits
> > > > > > where a few lines of output were visible.
> > > > > >
> > > > > > At commit 8d9d651ff227 ("ARM: use LOADADDR() to get load address of
> > > > > > sections"), the system boots up to here:
> > > > > >
> > > > > > start_kernel()
> > > > > > +--setup_arch()
> > > > > > +--paging_init()
> > > > > > +--devicemaps_init()
> > > > > > +--eary_trap_init(vectors_base = 0xC7FFE000)
> > > > > > +--copy_from_lma(vectors_base = 0xC7FFE000, __vectors_start=0x0, __vectors_end=0x20)
> > > > > > +--__memcpy()
> > > > > >
> > > > > > copy_template.S:113
> > > > > > ldr8w r1, r3, r4, r5, r6, r7, r8, ip, lr, abort=20f
> > > > > > r1 = 0
> > > > > >
> > > > > >
> > > > > > With the final v5.15.28-rt36 I found out that the system boots fine
> > > > > > after disabling CONFIG_HARDEN_BRANCH_HISTORY.
> > > > > >
> > > > > > Is there anything else I could analyze? My SoC system is a NXP i.MX6LL
> > > > > > with a ARMv7 core. I have access to a JTAG debugger.
> > > > >
> > > > > I think this is already fixed in mainline. Commit:
> > > > >
> > > > > 6c7cb60bff7a ("ARM: fix Thumb2 regression")
> > > > >
> > > >
> > > > It's still broken - I sent a couple of patches on Monday, among which
> > > > one to fix the boot issue with loop8 on Thumb2. The problem is 'b . +
> > > > 4', which produces a narrow encoding, and so it skips the subsequent
> > > > subs instruction and loops forever.
> > >
> > > And what's the current status? Sorry, I've way too much email from the
> > > last 2.5 weeks to find it myself.
> > >
> >
> > https://lore.kernel.org/linux-arm-kernel/20220328134714.205342-1-ardb@kernel.org/
> >
> > Nobody bothered to respond yet, I can drop the first two in the patch
> > tracker if you like.
>
> I just switched to v5.15.31-rt38 which already includes
> 6c7cb60bff7a ("ARM: fix Thumb2 regression")
>
> This kernel boots fine now, even with CONFIG_HARDEN_BRANCH_HISTORY=y. After
> applying the patch series from Ard, the system still boots fine.
>
> I haven't any understanding what these patches do. Is there anything I shall
> test?
>

Thanks for confirming. The first fix affects all Thumb2
configurations, my patch only affects Thumb2 configurations that
actually enable the loop8 mitigation for Spectre-BHB.

What type of CPU are you booting on?