From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 9240EC433EF
	for <linux-arm-kernel@archiver.kernel.org>; Thu, 14 Apr 2022 10:05:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:
	Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=0F0h7p3cuxK2RTgQ0q3sIEtg1JF8uyAiq9vmCoU2OQI=; b=ozjunrv9ArA3sp
	fEiQKmt8Qv8zxhJW4H4a81dJ6J1b8YqqnyPZpfRlgw7pE2c04ag39cDv6WDACYQVY6+LXyaVGCBRa
	NAao1FElA8bP7qKbx4i/SAn0zj+Y4GDxkpyJxm1g8PKMpw2FvosNwweTHb3hSG0WNkrmA4NV2fZ+b
	+ev5pxnRckPA2J2kmNPbG/Hh8qSyVt4z8EC+JzWAlbii/NwmvQyzhwB5HFzGn1AxAgsexHFgdYxRv
	PpR/M+sL3ZJMcpIJD3KT63mgIFj+UXPF98wo0SBNJ0kZ5aWTET3fRNy4yv+FmiVJSWHiM5ayNifqP
	CrqXp5WRSy8Te4JFhIeg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1newKV-00525X-8h; Thu, 14 Apr 2022 10:03:59 +0000
Received: from ams.source.kernel.org ([145.40.68.75])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1newKO-00523g-VL
 for linux-arm-kernel@lists.infradead.org; Thu, 14 Apr 2022 10:03:54 +0000
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ams.source.kernel.org (Postfix) with ESMTPS id 8BFB0B828FC;
 Thu, 14 Apr 2022 10:03:49 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 177B2C385A5;
 Thu, 14 Apr 2022 10:03:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1649930628;
 bh=gqK2nbiPJttXIrgw0yGxlsF2R3YJU6ZhSF/i/M9wxdU=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=TspTwBmp5q5+itsPguFXawoYi+SAGGl9WU6mgjxLUq1uZ77x+mLQzRxaZbGX5ZW2l
 7aRuNWa3js1H+yyNJ+Z/MS/0Ym2R20fwOk53hLuyRolLtF4MNAhwXJNIdav6z3UFL5
 34+fqthx6jOk0lpCP10r4wMiJLNVXj4KFwoOqbG1g5aegX+wP9fQud/hwlSB6F3Jw+
 v+A2T/dyXUxAHTOdmTTOqFWigc8kY90tG0fxQpbf5iFQukBwZvy97B5i0tePatzt6N
 R5oObRqdXPuhlKZr39Wpgg3NSY0+shiBFbFjNuytMkuuUoTt0BgssTyr5f3vJiCno6
 wzex1UIRreSPQ==
Date: Thu, 14 Apr 2022 11:03:43 +0100
From: Will Deacon <will@kernel.org>
To: James Morse <james.morse@arm.com>
Cc: linux-arm-kernel@lists.infradead.org, Russell King <linux@armlinux.org.uk>,
 Ard Biesheuvel <ardb@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>
Subject: Re: [PATCH v2 1/2] arm64: errata: Remove AES hwcap for COMPAT tasks
Message-ID: <20220414100342.GA2298@willie-the-truck>
References: <20220413170545.3042558-1-james.morse@arm.com>
 <20220413170545.3042558-2-james.morse@arm.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20220413170545.3042558-2-james.morse@arm.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220414_030353_343081_F3A895DA 
X-CRM114-Status: GOOD (  33.50  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Wed, Apr 13, 2022 at 06:05:44PM +0100, James Morse wrote:
> Cortex-A57 and Cortex-A72 have an erratum where an interrupt that
> occurs between a pair of AES instructions in aarch32 mode may corrupt
> the ELR. The task will subsequently produce the wrong AES result.
> 
> The AES instructions are part of the cryptographic extensions, which are
> optional. User-space software will detect the support for these
> instructions from the hwcaps. If the platform doesn't support these
> instructions a software implementation should be used.
> 
> Remove the hwcap bits on affected parts to indicate user-space should
> not use the AES instructions.
> 
> Signed-off-by: James Morse <james.morse@arm.com>
> ---
>  Documentation/arm64/silicon-errata.rst |  4 ++++
>  arch/arm64/Kconfig                     | 16 ++++++++++++++++
>  arch/arm64/kernel/cpu_errata.c         | 16 ++++++++++++++++
>  arch/arm64/kernel/cpufeature.c         | 11 ++++++++++-
>  arch/arm64/tools/cpucaps               |  1 +
>  5 files changed, 47 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst
> index 466cb9e89047..053dc12696b5 100644
> --- a/Documentation/arm64/silicon-errata.rst
> +++ b/Documentation/arm64/silicon-errata.rst
> @@ -82,10 +82,14 @@ stable kernels.
>  +----------------+-----------------+-----------------+-----------------------------+
>  | ARM            | Cortex-A57      | #1319537        | ARM64_ERRATUM_1319367       |
>  +----------------+-----------------+-----------------+-----------------------------+
> +| ARM            | Cortex-A57      | #1742098        | ARM64_ERRATUM_1742098       |
> ++----------------+-----------------+-----------------+-----------------------------+
>  | ARM            | Cortex-A72      | #853709         | N/A                         |
>  +----------------+-----------------+-----------------+-----------------------------+
>  | ARM            | Cortex-A72      | #1319367        | ARM64_ERRATUM_1319367       |
>  +----------------+-----------------+-----------------+-----------------------------+
> +| ARM            | Cortex-A72      | #1655431        | ARM64_ERRATUM_1742098       |
> ++----------------+-----------------+-----------------+-----------------------------+
>  | ARM            | Cortex-A73      | #858921         | ARM64_ERRATUM_858921        |
>  +----------------+-----------------+-----------------+-----------------------------+
>  | ARM            | Cortex-A76      | #1188873,1418040| ARM64_ERRATUM_1418040       |
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 57c4c995965f..df19e60c4c46 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -491,6 +491,22 @@ config ARM64_ERRATUM_834220
>  
>  	  If unsure, say Y.
>  
> +config ARM64_ERRATUM_1742098
> +	bool "Cortex-A57/A72: 1742098: ELR recorded incorrectly on interrupt taken between cryptographic instructions in a sequence"
> +	depends on COMPAT
> +	default y
> +	help
> +	  This option removes the AES hwcap for aarch32 user-space to
> +	  workaround erratum 1742098 on Cortex-A57 and Cortex-A72.
> +
> +	  Affected parts may corrupt the AES state if an interrupt is
> +	  taken between a pair of AES instructions. These instructions
> +	  are only present if the cryptography extensions are present.
> +	  All software should have a fallback implementation for CPUs
> +	  that don't implement the cryptography extensions.
> +
> +	  If unsure, say Y.
> +
>  config ARM64_ERRATUM_845719
>  	bool "Cortex-A53: 845719: a load might read incorrect data"
>  	depends on COMPAT
> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> index 4c9b5b4b7a0b..8f85dac4cd79 100644
> --- a/arch/arm64/kernel/cpu_errata.c
> +++ b/arch/arm64/kernel/cpu_errata.c
> @@ -393,6 +393,14 @@ static struct midr_range trbe_write_out_of_range_cpus[] = {
>  };
>  #endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */
>  
> +#ifdef CONFIG_ARM64_ERRATUM_1742098
> +static struct midr_range broken_aarch32_aes[] = {
> +	MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
> +	MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
> +	{},
> +};
> +#endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */

Comment here is wrong ^^^

> +
>  const struct arm64_cpu_capabilities arm64_errata[] = {
>  #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE
>  	{
> @@ -655,6 +663,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
>  		/* Cortex-A510 r0p0 - r0p1 */
>  		ERRATA_MIDR_REV_RANGE(MIDR_CORTEX_A510, 0, 0, 1)
>  	},
> +#endif
> +#ifdef CONFIG_ARM64_ERRATUM_1742098
> +	{
> +		.desc = "ARM erratum 1742098",
> +		.capability = ARM64_WORKAROUND_1742098,
> +		CAP_MIDR_RANGE_LIST(broken_aarch32_aes),
> +		.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
> +	},
>  #endif
>  	{
>  	}
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index d72c4b4d389c..3faf16f1c040 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -1922,6 +1922,12 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
>  }
>  #endif /* CONFIG_ARM64_MTE */
>  
> +static void elf_hwcap_fixup(void)
> +{
> +	if (cpus_have_const_cap(ARM64_WORKAROUND_1742098))
> +		compat_elf_hwcap2 &= ~COMPAT_HWCAP2_AES;
> +}

How does this deal with big/little if we late online an affected CPU?  It
would probably be easier if we treated these CPUs as not having the 32-bit
AES instructions at all (rather than removing the hwcap later), then the
early cap check would prevent late onlining.

Will

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel