Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp613982rdb; Tue, 19 Sep 2023 05:36:36 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHskP5IUQwlqaDTlkfq5RTJqpWScqaZPmVO6qiihDQG04cxmuWzyG7GWcaeMXlJ6r+2NOVG X-Received: by 2002:a05:6a21:99a0:b0:154:edaf:f410 with SMTP id ve32-20020a056a2199a000b00154edaff410mr11736686pzb.58.1695126996260; Tue, 19 Sep 2023 05:36:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695126996; cv=none; d=google.com; s=arc-20160816; b=MUx9no4kEUOptQJviZNOUvosRrzkPv9DWsfWFaCo/fOw1pBraeaZdP7VwlpkG2KdtJ +BBUzmYl8xX2VV299cNqpudFCJhHpj5HgoD/PKjuV/yaL2PfDQKmsqmqwUbB/bTZBxeX QetQi7yAu31Jcqd8lGuMtqH3MYsyPFygFCidnPxZHhA1fHh1xXtB3g5k6Ev824PSkejp xCqzh30jqNiyjW7tzifzHlszzOxUmfp4tLuJD+sl12GHyw0A2BdrFOD0qBPFc6PY6Ejf kB+EBbbn1YwLxzwYuwPFPePXKOEWfOvAKNBLUz64kjrB+0wD1NCouMPcQT2tlNOgaXMj 8ZBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Xr77RdjoeN0z20L00thV/A7rQAaSN7R1FHU4N7VjYYQ=; fh=wazxAf225ZgJekqY/in5X1+MKaVtx67/UOVrRLBDpzU=; b=1EbXURu4oZJ72uw2x1Ld6MR4yA23k1StgtzQPfAiXMTV50bXbPC1g6AnLz5o5C7wiK lq1DeAGErcW/5ZRowCRaR4Tt5V2fh+hom5dGRRJkI43r61Pnod5xrRl8PcyV9l9QRdZw ogCt/8J78dQMWYasR1Dvn6PSRHTdUugC7b+sv+rvrfKhA3Thjb++eKZ+xL+cKdnVrn+/ NidX/ZMiDS/tNcCrrwnCs6krB9qvRC1NL+xZJ5Mz6DOeVjoLFLC3AaDQtlfu5niKQffr jj/TxXzhAQzJkSq1ND5urVdTtwXQ0nJg39wcGW8kWDDdcRZKisZjdss7/H9RwRSWvt18 2n7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hj8hYfkA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id s11-20020a056a00194b00b0068bf4e83dd8si9858896pfk.313.2023.09.19.05.36.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Sep 2023 05:36:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hj8hYfkA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id A039280A7325; Tue, 19 Sep 2023 05:22:05 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231911AbjISMWD (ORCPT + 99 others); Tue, 19 Sep 2023 08:22:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231903AbjISMWB (ORCPT ); Tue, 19 Sep 2023 08:22:01 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7432AE3; Tue, 19 Sep 2023 05:21:55 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 16145C43395; Tue, 19 Sep 2023 12:21:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695126115; bh=Xr77RdjoeN0z20L00thV/A7rQAaSN7R1FHU4N7VjYYQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=hj8hYfkAAndJs8H22CHLVDNHy1zD6xB6w3uANPxPprU0qLeHyjw6DSLsEJ9KSaaBx jq9z0gjpChuLF3L1SjmbjZIAQ14su7/S8qxmtt3n9UmZNg3nqDivH7mUxX+54h89fA E88A+xwaXh+78LyaGxDLimmulMnPgZI2rpuelygDehr7UMOqpQblZFIOlBI2sGH0GE 7mWp5pZFiChwKP1ochLJSCqBFbdBpodJlMl2OF4z7uFIllARBDW4/23B4sn4eiF8Dn Uuh7hOlOXkRHox+mGHWmhMr1MEbPJ/c/A6QC2WZvQwRXeQ8Eg+GhTHJQpQyIAiKYGZ zAbzyB6UeKWeQ== Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-502defbb0c3so9399049e87.0; Tue, 19 Sep 2023 05:21:54 -0700 (PDT) X-Gm-Message-State: AOJu0Yz97GgSSdb9M38+yJMLOPLrVyq+nke84j37IECzVR1JXVrBkglF eQUI2Cy4nv7eXBp+xmXzIHD4BfxtdBS1tL0m0A== X-Received: by 2002:a05:6512:3a8b:b0:500:b88c:ea79 with SMTP id q11-20020a0565123a8b00b00500b88cea79mr11710980lfu.54.1695126113262; Tue, 19 Sep 2023 05:21:53 -0700 (PDT) MIME-Version: 1.0 References: <20230912121120.380420-1-robh@kernel.org> <20230912121120.380420-2-robh@kernel.org> <20230918100102.GA17472@willie-the-truck> In-Reply-To: <20230918100102.GA17472@willie-the-truck> From: Rob Herring Date: Tue, 19 Sep 2023 07:21:40 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] arm64: errata: Add Cortex-A520 speculative unprivileged load workaround To: Will Deacon Cc: Catalin Marinas , Jonathan Corbet , James Morse , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 19 Sep 2023 05:22:05 -0700 (PDT) On Mon, Sep 18, 2023 at 5:01=E2=80=AFAM Will Deacon wrote= : > > On Tue, Sep 12, 2023 at 07:11:15AM -0500, Rob Herring wrote: > > Implement the workaround for ARM Cortex-A520 erratum 2966298. On an > > affected Cortex-A520 core, a speculatively executed unprivileged load > > might leak data from a privileged level via a cache side channel. > > > > The workaround is to execute a TLBI before returning to EL0. A > > non-shareable TLBI to any address is sufficient. > > Can you elaborate at all on how this works, please? Here's the write-up if you haven't read that already: https://developer.arm.com/documentation/SDEN-2444153/0500/?lang=3Den > A TLBI addressing a > cache side channel feels weird (or is "cache" referring to some TLB > structures rather than e.g. the data cache here?). AIUI, the TLBI is simply enough to ensure the permission check happens on the speculative load. It has nothing to do with actual TLB contents. This core has FEAT_E0PD and FEAT_CSV3 which should mitigate this scenario, but this case is a narrow uarch condition which bypasses those checks. > Assuming there's some vulnerable window between the speculative > unprivileged load and the completion of the TLBI, what prevents another > CPU from observing the side-channel during that time? The cache hit is private to the core. How would another core observe that? > Also, does the > TLBI need to be using the same ASID as the unprivileged load? If so, then > a context-switch could widen the vulnerable window quite significantly. No, the TLBI can be any context and/or address including unused addresses. Rob