From: Andre Przywara <andre.przywara@arm.com>
To: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: drjones@redhat.com, kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu
Subject: Re: [kvm-unit-tests PATCH 6/6] arm64: Disable TTBR1_EL1 translation table walks
Date: Wed, 3 Mar 2021 17:32:56 +0000 [thread overview]
Message-ID: <20210303173256.1b41fb34@slackpad.fritz.box> (raw)
In-Reply-To: <20210227104201.14403-7-alexandru.elisei@arm.com>
On Sat, 27 Feb 2021 10:42:01 +0000
Alexandru Elisei <alexandru.elisei@arm.com> wrote:
> From an architectural point of view, the PE can speculate instruction
> fetches and data reads at any time when the MMU is enabled using the
> translation tables from TTBR0_EL1 and TTBR1_EL1. kvm-unit-tests uses an
> identity map, and as such it only programs TTBR0_EL1 with a valid table and
> leaves TTBR1_EL1 unchanged. The reset value for TTBR1_EL1 is UNKNOWN, which
> means it is possible for the PE to perform reads from memory locations
> where accesses can cause side effects (like memory-mapped devices) as part
> of the speculated translation table walk.
>
> So far, this hasn't been a problem, because KVM resets TTBR{0,1}_EL1 to
> zero, and that address is used for emulation for both qemu and kvmtool and
> it doesn't point to a real device. However, kvm-unit-tests shouldn't rely
> on a particular combination of hypervisor and userspace for correctness.
> Another situation where we can't rely on these assumptions being true is
> when kvm-unit-tests is run as an EFI app.
>
> To prevent reads from arbitrary addresses, set the TCR_EL1.EPD1 bit to
> disable speculative translation table walks using TTBR1_EL1.
>
> This is similar to EDK2 commit fafb7e9c110e ("ArmPkg: correct TTBR1_EL1
> settings in TCR_EL1"). Also mentioned in that commit is the Cortex-A57
> erratum 822227 which impacts the hypervisor, but kvm-unit-tests is
> protected against it because asm_mmu_enable sets both the TCR_EL1.TG0 and
> TCR_EL1.TG1 bits when programming the register.
>
> Suggested-by: Mark Rutland <mark.rutland@arm.com>
> Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
That sounds like a good idea. Verified the bit against the ARM ARM.
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Cheers,
Andre
> ---
> lib/arm64/asm/pgtable-hwdef.h | 1 +
> arm/cstart64.S | 3 ++-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/lib/arm64/asm/pgtable-hwdef.h b/lib/arm64/asm/pgtable-hwdef.h
> index 48a1d1ab1ac2..8c41fe123fb3 100644
> --- a/lib/arm64/asm/pgtable-hwdef.h
> +++ b/lib/arm64/asm/pgtable-hwdef.h
> @@ -136,6 +136,7 @@
> #define TCR_ORGN_WBnWA ((UL(3) << 10) | (UL(3) << 26))
> #define TCR_ORGN_MASK ((UL(3) << 10) | (UL(3) << 26))
> #define TCR_SHARED ((UL(3) << 12) | (UL(3) << 28))
> +#define TCR_EPD1 (UL(1) << 23)
> #define TCR_TG0_4K (UL(0) << 14)
> #define TCR_TG0_64K (UL(1) << 14)
> #define TCR_TG0_16K (UL(2) << 14)
> diff --git a/arm/cstart64.S b/arm/cstart64.S
> index 42a838ff4c38..3d359c8387c9 100644
> --- a/arm/cstart64.S
> +++ b/arm/cstart64.S
> @@ -181,7 +181,8 @@ asm_mmu_enable:
> ldr x1, =TCR_TxSZ(VA_BITS) | \
> TCR_TG_FLAGS | \
> TCR_IRGN_WBWA | TCR_ORGN_WBWA | \
> - TCR_SHARED
> + TCR_SHARED | \
> + TCR_EPD1
> mrs x2, id_aa64mmfr0_el1
> bfi x1, x2, #32, #3
> msr tcr_el1, x1
prev parent reply other threads:[~2021-03-04 0:29 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-27 10:41 [kvm-unit-tests PATCH 0/6] Misc assembly fixes and cleanups Alexandru Elisei
2021-02-27 10:41 ` [kvm-unit-tests PATCH 1/6] arm64: Remove unnecessary ISB when writing to SPSel Alexandru Elisei
2021-03-03 17:35 ` Andre Przywara
2021-02-27 10:41 ` [kvm-unit-tests PATCH 2/6] arm/arm64: Remove dcache_line_size global variable Alexandru Elisei
2021-03-04 15:00 ` Andre Przywara
2021-03-15 15:46 ` Alexandru Elisei
2021-03-16 15:40 ` Andre Przywara
2021-03-22 12:01 ` Alexandru Elisei
2021-02-27 10:41 ` [kvm-unit-tests PATCH 3/6] arm/arm64: Remove unnecessary ISB when doing dcache maintenance Alexandru Elisei
2021-03-12 14:59 ` Andrew Jones
2021-03-15 16:22 ` Alexandru Elisei
2021-02-27 10:41 ` [kvm-unit-tests PATCH 4/6] lib: arm64: Consolidate register definitions to sysreg.h Alexandru Elisei
2021-03-03 17:32 ` Andre Przywara
2021-02-27 10:42 ` [kvm-unit-tests PATCH 5/6] arm64: Configure SCTLR_EL1 at boot Alexandru Elisei
2021-03-03 17:32 ` Andre Przywara
2021-02-27 10:42 ` [kvm-unit-tests PATCH 6/6] arm64: Disable TTBR1_EL1 translation table walks Alexandru Elisei
2021-03-03 17:32 ` Andre Przywara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210303173256.1b41fb34@slackpad.fritz.box \
--to=andre.przywara@arm.com \
--cc=alexandru.elisei@arm.com \
--cc=drjones@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).