Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp6079558rdb; Mon, 18 Sep 2023 03:40:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEEOywqu4o/buMiRpoyAhHfiFg9WAj0d6tgK5JwFjT2rT/3oo65aPOePxBVhmBvfiKTF+Us X-Received: by 2002:a05:6a20:9749:b0:157:877a:5f5e with SMTP id hs9-20020a056a20974900b00157877a5f5emr7161066pzc.61.1695033637461; Mon, 18 Sep 2023 03:40:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695033637; cv=none; d=google.com; s=arc-20160816; b=pD84Tp7tFu+XHl+P39IAzNuV3EZ7MnBaxmgXuATq/8SkR+HgnMST/Q6zYeKtUUQGT+ kiUYZlF4LMKNoU9aCI9wXtN2s+PzebOcjp+Bkwil16TEH87ITFOQ5h9QvJux3FUJooc2 e3lUoVU1LkCQSY4cr1zBzFbr7Swb6MDD7yyQ4QEmrYdoYcwe0qUgMWNCVtFRAyF+O0ZK o65ylHSALNwCo4uPA9UnoysCUhJ+UAb6IxiLmDcxnyhmfbidKGPIqjAPnISTn+nXAAJN mNXdaN1XYVKBlhs8qHRxlUIQRPMjky1OKxncU/n55PMsgaakifz2sQnMV8rLBUDQwuNm TJLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=B28Hd/FTPNeBERy5MFzC0kEHYvdrVQVkzZRboTthoVw=; fh=Iv7w+dF35adp/1END+Khxfg6absGP6g8WHMVhSEq6B4=; b=qoXAyJ1U8x5GWuVvn1dJVlgG32FlWyl8mzAwy9Eyt0ByBogUDVm0eIy+aGIN1TKfbB 1vYvpIAqjUEPeBxhGM89FtRv9NGoYM7676y9MzcLLIRd2YBp6U96fbT92XYZ84/Ke79x 2kdNzrTefFiI20qLlCy3TwS4IeZoJYrqqpv2yIlwd+KNqBW7MEl3uhV/IVj0c0HSW30k SeAfKYPVMef+SVszacNxq7p9xqhVtebjXPiYZkdh9pn+XnKm9i0kG+BUZ/mjQu+HBu9R 2JpLBdf4UMWfJ/udM/OcMaHI9t0+P8pcAx4fQ5zFkvcTGJbz/Fpu2mE/zpApBS5yEFY0 t5rQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FokAqCRo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id bx39-20020a056a02052700b00564cd489aa7si8106892pgb.552.2023.09.18.03.40.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 03:40:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FokAqCRo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id DC5188049D61; Mon, 18 Sep 2023 03:02:03 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239364AbjIRKBg (ORCPT + 99 others); Mon, 18 Sep 2023 06:01:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58456 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241184AbjIRKBV (ORCPT ); Mon, 18 Sep 2023 06:01:21 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C94EF116; Mon, 18 Sep 2023 03:01:09 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0CE25C433C7; Mon, 18 Sep 2023 10:01:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695031268; bh=hAjJUc7NjqQrT4nlXjGd4nZM5QnVumDd26WazQmTUog=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=FokAqCRotg0mDjp2BYvzUfwtqx2MEPr/isIvp8gs6a+sl/bP7r6TJ6f2ss1xsoAqe jRKt7N5kBPjvSRHgEab9Q9TD5/4zKeI+daRoRv5AhPbLxB075yzV2FtwwPyFAB9Cy6 aGw5ydldaKxqR2xDrXMzgAUICr53BaSZ/ArDUvgr1DHxWuvpLcz00zs+wyHbMOBTP/ +V66v2sma5fOMiI0bMmikjun2v2es11rqVJtPR4PyU4PUxWkVJRaDSvLL9LDPQi9gb aoyrD0IiF/upFPWK+WBOEsjmG86rTrbkpKoVH6wrq/qcVq38v+IkwE8zm6DWRjSGkc xPFfneCj6KeFQ== Date: Mon, 18 Sep 2023 11:01:02 +0100 From: Will Deacon To: Rob Herring Cc: Catalin Marinas , Jonathan Corbet , James Morse , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH 2/2] arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Message-ID: <20230918100102.GA17472@willie-the-truck> References: <20230912121120.380420-1-robh@kernel.org> <20230912121120.380420-2-robh@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230912121120.380420-2-robh@kernel.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 18 Sep 2023 03:02:04 -0700 (PDT) On Tue, Sep 12, 2023 at 07:11:15AM -0500, Rob Herring wrote: > Implement the workaround for ARM Cortex-A520 erratum 2966298. On an > affected Cortex-A520 core, a speculatively executed unprivileged load > might leak data from a privileged level via a cache side channel. > > The workaround is to execute a TLBI before returning to EL0. A > non-shareable TLBI to any address is sufficient. Can you elaborate at all on how this works, please? A TLBI addressing a cache side channel feels weird (or is "cache" referring to some TLB structures rather than e.g. the data cache here?). Assuming there's some vulnerable window between the speculative unprivileged load and the completion of the TLBI, what prevents another CPU from observing the side-channel during that time? Also, does the TLBI need to be using the same ASID as the unprivileged load? If so, then a context-switch could widen the vulnerable window quite significantly. Anyway, hopefully I'm barking up the wrong tree, but it would be helpful to have some intuition behind the workaround in order to review (and maintain) this patch. Cheers, Will