Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp6079558rdb;
        Mon, 18 Sep 2023 03:40:37 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEEOywqu4o/buMiRpoyAhHfiFg9WAj0d6tgK5JwFjT2rT/3oo65aPOePxBVhmBvfiKTF+Us
X-Received: by 2002:a05:6a20:9749:b0:157:877a:5f5e with SMTP id hs9-20020a056a20974900b00157877a5f5emr7161066pzc.61.1695033637461;
        Mon, 18 Sep 2023 03:40:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695033637; cv=none;
        d=google.com; s=arc-20160816;
        b=pD84Tp7tFu+XHl+P39IAzNuV3EZ7MnBaxmgXuATq/8SkR+HgnMST/Q6zYeKtUUQGT+
         kiUYZlF4LMKNoU9aCI9wXtN2s+PzebOcjp+Bkwil16TEH87ITFOQ5h9QvJux3FUJooc2
         e3lUoVU1LkCQSY4cr1zBzFbr7Swb6MDD7yyQ4QEmrYdoYcwe0qUgMWNCVtFRAyF+O0ZK
         o65ylHSALNwCo4uPA9UnoysCUhJ+UAb6IxiLmDcxnyhmfbidKGPIqjAPnISTn+nXAAJN
         mNXdaN1XYVKBlhs8qHRxlUIQRPMjky1OKxncU/n55PMsgaakifz2sQnMV8rLBUDQwuNm
         TJLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=B28Hd/FTPNeBERy5MFzC0kEHYvdrVQVkzZRboTthoVw=;
        fh=Iv7w+dF35adp/1END+Khxfg6absGP6g8WHMVhSEq6B4=;
        b=qoXAyJ1U8x5GWuVvn1dJVlgG32FlWyl8mzAwy9Eyt0ByBogUDVm0eIy+aGIN1TKfbB
         1vYvpIAqjUEPeBxhGM89FtRv9NGoYM7676y9MzcLLIRd2YBp6U96fbT92XYZ84/Ke79x
         2kdNzrTefFiI20qLlCy3TwS4IeZoJYrqqpv2yIlwd+KNqBW7MEl3uhV/IVj0c0HSW30k
         SeAfKYPVMef+SVszacNxq7p9xqhVtebjXPiYZkdh9pn+XnKm9i0kG+BUZ/mjQu+HBu9R
         2JpLBdf4UMWfJ/udM/OcMaHI9t0+P8pcAx4fQ5zFkvcTGJbz/Fpu2mE/zpApBS5yEFY0
         t5rQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FokAqCRo;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id bx39-20020a056a02052700b00564cd489aa7si8106892pgb.552.2023.09.18.03.40.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 18 Sep 2023 03:40:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FokAqCRo;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id DC5188049D61;
	Mon, 18 Sep 2023 03:02:03 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239364AbjIRKBg (ORCPT <rfc822;berger.sven@gmail.com>
        + 99 others); Mon, 18 Sep 2023 06:01:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58456 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241184AbjIRKBV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Sep 2023 06:01:21 -0400
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C94EF116;
        Mon, 18 Sep 2023 03:01:09 -0700 (PDT)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0CE25C433C7;
        Mon, 18 Sep 2023 10:01:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1695031268;
        bh=hAjJUc7NjqQrT4nlXjGd4nZM5QnVumDd26WazQmTUog=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=FokAqCRotg0mDjp2BYvzUfwtqx2MEPr/isIvp8gs6a+sl/bP7r6TJ6f2ss1xsoAqe
         jRKt7N5kBPjvSRHgEab9Q9TD5/4zKeI+daRoRv5AhPbLxB075yzV2FtwwPyFAB9Cy6
         aGw5ydldaKxqR2xDrXMzgAUICr53BaSZ/ArDUvgr1DHxWuvpLcz00zs+wyHbMOBTP/
         +V66v2sma5fOMiI0bMmikjun2v2es11rqVJtPR4PyU4PUxWkVJRaDSvLL9LDPQi9gb
         aoyrD0IiF/upFPWK+WBOEsjmG86rTrbkpKoVH6wrq/qcVq38v+IkwE8zm6DWRjSGkc
         xPFfneCj6KeFQ==
Date:   Mon, 18 Sep 2023 11:01:02 +0100
From:   Will Deacon <will@kernel.org>
To:     Rob Herring <robh@kernel.org>
Cc:     Catalin Marinas <catalin.marinas@arm.com>,
        Jonathan Corbet <corbet@lwn.net>,
        James Morse <james.morse@arm.com>,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-doc@vger.kernel.org
Subject: Re: [PATCH 2/2] arm64: errata: Add Cortex-A520 speculative
 unprivileged load workaround
Message-ID: <20230918100102.GA17472@willie-the-truck>
References: <20230912121120.380420-1-robh@kernel.org>
 <20230912121120.380420-2-robh@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230912121120.380420-2-robh@kernel.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 18 Sep 2023 03:02:04 -0700 (PDT)

On Tue, Sep 12, 2023 at 07:11:15AM -0500, Rob Herring wrote:
> Implement the workaround for ARM Cortex-A520 erratum 2966298. On an
> affected Cortex-A520 core, a speculatively executed unprivileged load
> might leak data from a privileged level via a cache side channel.
> 
> The workaround is to execute a TLBI before returning to EL0. A
> non-shareable TLBI to any address is sufficient.

Can you elaborate at all on how this works, please? A TLBI addressing a
cache side channel feels weird (or is "cache" referring to some TLB
structures rather than e.g. the data cache here?).

Assuming there's some vulnerable window between the speculative
unprivileged load and the completion of the TLBI, what prevents another
CPU from observing the side-channel during that time? Also, does the
TLBI need to be using the same ASID as the unprivileged load? If so, then
a context-switch could widen the vulnerable window quite significantly.

Anyway, hopefully I'm barking up the wrong tree, but it would be helpful
to have some intuition behind the workaround in order to review (and
maintain) this patch.

Cheers,

Will