Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp212399rwb; Tue, 15 Nov 2022 22:26:39 -0800 (PST) X-Google-Smtp-Source: AA0mqf5Kmu4fE1Hj0meDHtJOp4XM6+snp1FG8erqKQhdyc0Pu+bKs2dSRNMY47MiFsi7I1mn00w1 X-Received: by 2002:aa7:c405:0:b0:461:4f34:d8f4 with SMTP id j5-20020aa7c405000000b004614f34d8f4mr18449868edq.144.1668579999047; Tue, 15 Nov 2022 22:26:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668579999; cv=none; d=google.com; s=arc-20160816; b=MHRsLUibZge3PC0vVp6aRr26p7SPxuFh8tEKZXMMHKuMHmkR5a0lQUi62tA31zbaR/ tpc6PcI1+88bRoB505bq05AGKLe1cjVuGECLKekitOjPavFYjuUb+fStYst64mOzKsp/ QwogJoR9YfelFQXECsHLb0VMNblyMdLxqfdoOJmCBlZavTZRCwI7e3hxlM9G/V60ZN2A 85DXuc3zqfwlmTf4d0CGUWgjuo8gt7gnrmIr3kYpx5Do9VTV8eMvUtsTt1yC+VOgawMV EShg8hKCqs6aBb5fjwWXm4y6pd/WNyrP5MtjQUse5Ak54NoPJV2UNPyC69SV4z7HZqPG 32Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=Vh3gjrK9ZP9RlReZN1PBsb5q53vGfk0NgyxrkV0FV10=; b=SecNVSeEfqlhw/vQPYhqD0bEjj0ldfmHsrGnyoZjGcHAC4NmvWnRPiaUkJHYuHgPu5 RwVHoiW3HMvDoZdrnvr8jzQuM4qpr61kSYlcjA2qdQigqr/f8yhyaQnqP1vq1IzMfcZt FiMAukHGi5KliLntxfVBJwUAYSglVq404FvdWiYID7Ou5KGyPbg8LdiWVeKRJto30M/C t0l8h2rOoqJ3PFjurGNF0g1Vl/8B4bETgM+3iNFwzYWAH8LwVfG80v0nbmGx7zO/ASDw mp0dyYgwjgQ647zz/cwxQW6qsSfiGWxNU+qDDZaBGzqcvBZpae3U7gkZBGaLYX/SPkyZ UTKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qf36-20020a1709077f2400b007813b1924ccsi14343927ejc.934.2022.11.15.22.26.18; Tue, 15 Nov 2022 22:26:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232367AbiKPFuG (ORCPT + 90 others); Wed, 16 Nov 2022 00:50:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230083AbiKPFuC (ORCPT ); Wed, 16 Nov 2022 00:50:02 -0500 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8CF202315D; Tue, 15 Nov 2022 21:50:01 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8080813D5; Tue, 15 Nov 2022 21:50:07 -0800 (PST) Received: from [10.162.40.17] (unknown [10.162.40.17]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1B2933F73B; Tue, 15 Nov 2022 21:49:57 -0800 (PST) Message-ID: Date: Wed, 16 Nov 2022 11:19:54 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Subject: Re: [PATCH V2 2/2] arm64: errata: Workaround possible Cortex-A715 [ESR|FAR]_ELx corruption Content-Language: en-US To: Will Deacon Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, catalin.marinas@arm.com, Suzuki K Poulose , James Morse , Jonathan Corbet , Mark Rutland , linux-doc@vger.kernel.org References: <20221113012645.190301-1-anshuman.khandual@arm.com> <20221113012645.190301-3-anshuman.khandual@arm.com> <20221115133854.GC524@willie-the-truck> <20221115134226.GD524@willie-the-truck> From: Anshuman Khandual In-Reply-To: <20221115134226.GD524@willie-the-truck> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/15/22 19:12, Will Deacon wrote: > On Tue, Nov 15, 2022 at 01:38:54PM +0000, Will Deacon wrote: >> On Sun, Nov 13, 2022 at 06:56:45AM +0530, Anshuman Khandual wrote: >>> If a Cortex-A715 cpu sees a page mapping permissions change from executable >>> to non-executable, it may corrupt the ESR_ELx and FAR_ELx registers, on the >>> next instruction abort caused by permission fault. >>> >>> Only user-space does executable to non-executable permission transition via >>> mprotect() system call which calls ptep_modify_prot_start() and ptep_modify >>> _prot_commit() helpers, while changing the page mapping. The platform code >>> can override these helpers via __HAVE_ARCH_PTEP_MODIFY_PROT_TRANSACTION. >>> >>> Work around the problem via doing a break-before-make TLB invalidation, for >>> all executable user space mappings, that go through mprotect() system call. >>> This overrides ptep_modify_prot_start() and ptep_modify_prot_commit(), via >>> defining HAVE_ARCH_PTEP_MODIFY_PROT_TRANSACTION on the platform thus giving >>> an opportunity to intercept user space exec mappings, and do the necessary >>> TLB invalidation. Similar interceptions are also implemented for HugeTLB. >>> >>> Cc: Catalin Marinas >>> Cc: Will Deacon >>> Cc: Jonathan Corbet >>> Cc: Mark Rutland >>> Cc: linux-arm-kernel@lists.infradead.org >>> Cc: linux-doc@vger.kernel.org >>> Cc: linux-kernel@vger.kernel.org >>> Signed-off-by: Anshuman Khandual >>> --- >>> Documentation/arm64/silicon-errata.rst | 2 ++ >>> arch/arm64/Kconfig | 16 ++++++++++++++++ >>> arch/arm64/include/asm/hugetlb.h | 9 +++++++++ >>> arch/arm64/include/asm/pgtable.h | 9 +++++++++ >>> arch/arm64/kernel/cpu_errata.c | 7 +++++++ >>> arch/arm64/mm/hugetlbpage.c | 21 +++++++++++++++++++++ >>> arch/arm64/mm/mmu.c | 21 +++++++++++++++++++++ >>> arch/arm64/tools/cpucaps | 1 + >>> 8 files changed, 86 insertions(+) >> >> [...] >> >>> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c >>> index 9a7c38965154..c1fb0ce1473c 100644 >>> --- a/arch/arm64/mm/mmu.c >>> +++ b/arch/arm64/mm/mmu.c >>> @@ -1702,3 +1702,24 @@ static int __init prevent_bootmem_remove_init(void) >>> } >>> early_initcall(prevent_bootmem_remove_init); >>> #endif >>> + >>> +pte_t ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) >>> +{ >>> + if (IS_ENABLED(CONFIG_ARM64_WORKAROUND_2645198)) { >>> + pte_t pte = READ_ONCE(*ptep); >>> + /* >>> + * Break-before-make (BBM) is required for all user space mappings >>> + * when the permission changes from executable to non-executable >>> + * in cases where cpu is affected with errata #2645198. >>> + */ >>> + if (pte_user_exec(pte) && cpus_have_const_cap(ARM64_WORKAROUND_2645198)) >>> + return ptep_clear_flush(vma, addr, ptep); >>> + } >>> + return ptep_get_and_clear(vma->vm_mm, addr, ptep); >>> +} >>> + >>> +void ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, >>> + pte_t old_pte, pte_t pte) >>> +{ >>> + __set_pte_at(vma->vm_mm, addr, ptep, pte); >>> +} >> >> So these are really similar to the generic copies and, in looking at >> change_pte_range(), it appears that we already invalidate the TLB, it just >> happens _after_ writing the new version. >> >> So with your change, I think we end up invalidating twice. Can we instead >> change the generic code to invalidate the TLB before writing the new entry? > > Bah, scratch that, the invalidations are all batched, aren't they? Right. > > It just seems silly that we have to add all this code just to do a TLB > invalidation. Right, but only when affected by this errata. Otherwise it is just same as the existing generic definitions.