From: "Suzuki K. Poulose" <suzuki.poulose@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: catalin.marinas@arm.com, will.deacon@arm.com,
mark.rutland@arm.com, ard.biesheuvel@linaro.org,
linux-kernel@vger.kernel.org, takahiro.akashi@linaro.org,
"Suzuki K. Poulose" <suzuki.poulose@arm.com>
Subject: [PATCH 5/5] arm64: Ensure the secondary CPUs have safe ASIDBits size
Date: Wed, 18 Nov 2015 17:09:00 +0000 [thread overview]
Message-ID: <1447866540-23207-5-git-send-email-suzuki.poulose@arm.com> (raw)
In-Reply-To: <1447866540-23207-1-git-send-email-suzuki.poulose@arm.com>
The ID_AA64MMFR0_EL1:ASIDBits determines the size of the mm context
id and is used in the early boot to make decisions. The value is
picked up from the Boot CPU and cannot be delayed until other CPUs
are up. If a secondary CPU has a smaller size than that of the Boot
CPU, things will break horribly and the usual SANITY check is not good
enough to prevent the system from crashing. Prevent this by failing CPUs with
ASID smaller than that of the boot CPU.
Also moves the fail_incapable_cpu() out of the CONFIG_HOTPLUG_CPU.
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Suzuki K. Poulose <suzuki.poulose@arm.com>
---
arch/arm64/kernel/cpufeature.c | 81 +++++++++++++++++++++++++++++-----------
1 file changed, 59 insertions(+), 22 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 5629f2c..769782a 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -293,6 +293,28 @@ static struct arm64_ftr_reg arm64_ftr_regs[] = {
ARM64_FTR_REG(SYS_CNTFRQ_EL0, ftr_generic32),
};
+/*
+ * Park the calling CPU which doesn't have the capability
+ * as advertised by the system.
+ */
+static void fail_incapable_cpu(void)
+{
+ int cpu = smp_processor_id();
+
+ pr_crit("CPU%d: will not boot\n", cpu);
+
+ /* Mark this CPU absent */
+ set_cpu_present(cpu, 0);
+
+ /* Check if we can park ourselves */
+ if (cpu_ops[cpu] && cpu_ops[cpu]->cpu_die)
+ cpu_ops[cpu]->cpu_die(cpu);
+ asm(
+ "1: wfe\n"
+ " wfi\n"
+ " b 1b");
+}
+
static int search_cmp_ftr_reg(const void *id, const void *regp)
{
return (int)(unsigned long)id - (int)((const struct arm64_ftr_reg *)regp)->sys_id;
@@ -459,6 +481,40 @@ static int check_update_ftr_reg(u32 sys_id, int cpu, u64 val, u64 boot)
}
/*
+ * The asid_bits, which determine the width of the mm context
+ * id, is based on the boot CPU value. If the new CPU doesn't
+ * have an ASID >= boot CPU, we are in trouble. Fail this CPU.
+ */
+static void check_cpu_asid_bits(int cpu,
+ struct cpuinfo_arm64 *info,
+ struct cpuinfo_arm64 *boot)
+{
+ u32 asid_boot = cpuid_feature_extract_unsigned_field(boot->reg_id_aa64mmfr0,
+ ID_AA64MMFR0_ASID_SHIFT);
+ u32 asid_cur = cpuid_feature_extract_unsigned_field(info->reg_id_aa64mmfr0,
+ ID_AA64MMFR0_ASID_SHIFT);
+ if (asid_cur < asid_boot) {
+ pr_crit("CPU%d: has incompatible ASIDBits: %u vs Boot CPU:%u\n",
+ cpu, asid_cur, asid_boot);
+ fail_incapable_cpu();
+ }
+ return;
+}
+
+/*
+ * Checks whether the cpu is missing any of the features
+ * the kernel has already started using at early boot,
+ * before the other CPUs are brought up. This is intended
+ * for checking features where variations can be fatal.
+ */
+static void check_early_cpu_features(int cpu,
+ struct cpuinfo_arm64 *info,
+ struct cpuinfo_arm64 *boot)
+{
+ check_cpu_asid_bits(cpu, info, boot);
+}
+
+/*
* Update system wide CPU feature registers with the values from a
* non-boot CPU. Also performs SANITY checks to make sure that there
* aren't any insane variations from that of the boot CPU.
@@ -469,6 +525,9 @@ void update_cpu_features(int cpu,
{
int taint = 0;
+ /* Make sure there are no fatal feature variations for this cpu */
+ check_early_cpu_features(cpu, info, boot);
+
/*
* The kernel can handle differing I-cache policies, but otherwise
* caches should look identical. Userspace JITs will make use of
@@ -826,28 +885,6 @@ static u64 __raw_read_system_reg(u32 sys_id)
}
/*
- * Park the calling CPU which doesn't have the capability
- * as advertised by the system.
- */
-static void fail_incapable_cpu(void)
-{
- int cpu = smp_processor_id();
-
- pr_crit("CPU%d: will not boot\n", cpu);
-
- /* Mark this CPU absent */
- set_cpu_present(cpu, 0);
-
- /* Check if we can park ourselves */
- if (cpu_ops[cpu] && cpu_ops[cpu]->cpu_die)
- cpu_ops[cpu]->cpu_die(cpu);
- asm(
- "1: wfe\n"
- " wfi\n"
- " b 1b");
-}
-
-/*
* Run through the enabled system capabilities and enable() it on this CPU.
* The capabilities were decided based on the available CPUs at the boot time.
* Any new CPU should match the system wide status of the capability. If the
--
1.7.9.5
WARNING: multiple messages have this Message-ID (diff)
From: suzuki.poulose@arm.com (Suzuki K. Poulose)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 5/5] arm64: Ensure the secondary CPUs have safe ASIDBits size
Date: Wed, 18 Nov 2015 17:09:00 +0000 [thread overview]
Message-ID: <1447866540-23207-5-git-send-email-suzuki.poulose@arm.com> (raw)
In-Reply-To: <1447866540-23207-1-git-send-email-suzuki.poulose@arm.com>
The ID_AA64MMFR0_EL1:ASIDBits determines the size of the mm context
id and is used in the early boot to make decisions. The value is
picked up from the Boot CPU and cannot be delayed until other CPUs
are up. If a secondary CPU has a smaller size than that of the Boot
CPU, things will break horribly and the usual SANITY check is not good
enough to prevent the system from crashing. Prevent this by failing CPUs with
ASID smaller than that of the boot CPU.
Also moves the fail_incapable_cpu() out of the CONFIG_HOTPLUG_CPU.
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Suzuki K. Poulose <suzuki.poulose@arm.com>
---
arch/arm64/kernel/cpufeature.c | 81 +++++++++++++++++++++++++++++-----------
1 file changed, 59 insertions(+), 22 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 5629f2c..769782a 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -293,6 +293,28 @@ static struct arm64_ftr_reg arm64_ftr_regs[] = {
ARM64_FTR_REG(SYS_CNTFRQ_EL0, ftr_generic32),
};
+/*
+ * Park the calling CPU which doesn't have the capability
+ * as advertised by the system.
+ */
+static void fail_incapable_cpu(void)
+{
+ int cpu = smp_processor_id();
+
+ pr_crit("CPU%d: will not boot\n", cpu);
+
+ /* Mark this CPU absent */
+ set_cpu_present(cpu, 0);
+
+ /* Check if we can park ourselves */
+ if (cpu_ops[cpu] && cpu_ops[cpu]->cpu_die)
+ cpu_ops[cpu]->cpu_die(cpu);
+ asm(
+ "1: wfe\n"
+ " wfi\n"
+ " b 1b");
+}
+
static int search_cmp_ftr_reg(const void *id, const void *regp)
{
return (int)(unsigned long)id - (int)((const struct arm64_ftr_reg *)regp)->sys_id;
@@ -459,6 +481,40 @@ static int check_update_ftr_reg(u32 sys_id, int cpu, u64 val, u64 boot)
}
/*
+ * The asid_bits, which determine the width of the mm context
+ * id, is based on the boot CPU value. If the new CPU doesn't
+ * have an ASID >= boot CPU, we are in trouble. Fail this CPU.
+ */
+static void check_cpu_asid_bits(int cpu,
+ struct cpuinfo_arm64 *info,
+ struct cpuinfo_arm64 *boot)
+{
+ u32 asid_boot = cpuid_feature_extract_unsigned_field(boot->reg_id_aa64mmfr0,
+ ID_AA64MMFR0_ASID_SHIFT);
+ u32 asid_cur = cpuid_feature_extract_unsigned_field(info->reg_id_aa64mmfr0,
+ ID_AA64MMFR0_ASID_SHIFT);
+ if (asid_cur < asid_boot) {
+ pr_crit("CPU%d: has incompatible ASIDBits: %u vs Boot CPU:%u\n",
+ cpu, asid_cur, asid_boot);
+ fail_incapable_cpu();
+ }
+ return;
+}
+
+/*
+ * Checks whether the cpu is missing any of the features
+ * the kernel has already started using@early boot,
+ * before the other CPUs are brought up. This is intended
+ * for checking features where variations can be fatal.
+ */
+static void check_early_cpu_features(int cpu,
+ struct cpuinfo_arm64 *info,
+ struct cpuinfo_arm64 *boot)
+{
+ check_cpu_asid_bits(cpu, info, boot);
+}
+
+/*
* Update system wide CPU feature registers with the values from a
* non-boot CPU. Also performs SANITY checks to make sure that there
* aren't any insane variations from that of the boot CPU.
@@ -469,6 +525,9 @@ void update_cpu_features(int cpu,
{
int taint = 0;
+ /* Make sure there are no fatal feature variations for this cpu */
+ check_early_cpu_features(cpu, info, boot);
+
/*
* The kernel can handle differing I-cache policies, but otherwise
* caches should look identical. Userspace JITs will make use of
@@ -826,28 +885,6 @@ static u64 __raw_read_system_reg(u32 sys_id)
}
/*
- * Park the calling CPU which doesn't have the capability
- * as advertised by the system.
- */
-static void fail_incapable_cpu(void)
-{
- int cpu = smp_processor_id();
-
- pr_crit("CPU%d: will not boot\n", cpu);
-
- /* Mark this CPU absent */
- set_cpu_present(cpu, 0);
-
- /* Check if we can park ourselves */
- if (cpu_ops[cpu] && cpu_ops[cpu]->cpu_die)
- cpu_ops[cpu]->cpu_die(cpu);
- asm(
- "1: wfe\n"
- " wfi\n"
- " b 1b");
-}
-
-/*
* Run through the enabled system capabilities and enable() it on this CPU.
* The capabilities were decided based on the available CPUs at the boot time.
* Any new CPU should match the system wide status of the capability. If the
--
1.7.9.5
next prev parent reply other threads:[~2015-11-18 17:09 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 17:03 [PATCH 0/5] arm64: cpufeature: Fixes for 4.4-rc1 Suzuki K. Poulose
2015-11-18 17:03 ` Suzuki K. Poulose
2015-11-18 17:08 ` [PATCH 1/5] arm64: cpufeature: Add helpers for extracting unsigned values Suzuki K. Poulose
2015-11-18 17:08 ` Suzuki K. Poulose
2015-11-18 17:08 ` [PATCH 2/5] arm64: cpufeature: Track unsigned fields Suzuki K. Poulose
2015-11-18 17:08 ` Suzuki K. Poulose
2015-11-19 4:57 ` AKASHI Takahiro
2015-11-19 4:57 ` AKASHI Takahiro
2015-11-19 10:03 ` Suzuki K. Poulose
2015-11-19 10:03 ` Suzuki K. Poulose
2015-11-19 10:06 ` Suzuki K. Poulose
2015-11-19 10:06 ` Suzuki K. Poulose
2015-11-19 18:45 ` Catalin Marinas
2015-11-19 18:45 ` Catalin Marinas
2015-11-20 13:37 ` Suzuki K. Poulose
2015-11-20 13:37 ` Suzuki K. Poulose
2015-11-18 17:08 ` [PATCH 3/5] arm64: debug: Treat the BRPs/WRPs as unsigned Suzuki K. Poulose
2015-11-18 17:08 ` Suzuki K. Poulose
2015-11-23 17:29 ` Will Deacon
2015-11-23 17:29 ` Will Deacon
2015-11-18 17:08 ` [PATCH 4/5] arm64: Make fail_incapable_cpu reusable Suzuki K. Poulose
2015-11-18 17:08 ` Suzuki K. Poulose
2015-11-18 17:09 ` Suzuki K. Poulose [this message]
2015-11-18 17:09 ` [PATCH 5/5] arm64: Ensure the secondary CPUs have safe ASIDBits size Suzuki K. Poulose
2015-11-23 17:29 ` Will Deacon
2015-11-23 17:29 ` Will Deacon
2015-11-23 23:48 ` Suzuki K. Poulose
2015-11-23 23:48 ` Suzuki K. Poulose
2015-11-26 18:13 ` [PATCH 0/5] arm64: cpufeature: Fixes for 4.4-rc1 Catalin Marinas
2015-11-26 18:13 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1447866540-23207-5-git-send-email-suzuki.poulose@arm.com \
--to=suzuki.poulose@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=takahiro.akashi@linaro.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.