Re: [PATCH] arm64: Restore forced disabling of KPTI on ThunderX

From: dann frazier <dann.frazier@canonical.com>
To: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>, Mark Brown <broonie@kernel.org>,
	linux-arm-kernel@lists.infradead.org,
	Marc Zyngier <maz@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH] arm64: Restore forced disabling of KPTI on ThunderX
Date: Thu, 23 Sep 2021 08:45:49 -0600	[thread overview]
Message-ID: <YUyTHaBgH6R/nXOm@xps13.dannf> (raw)
In-Reply-To: <c19e8819-5c52-b235-759d-3fd4a63d9777@arm.com>

On Thu, Sep 23, 2021 at 10:41:00AM +0100, Suzuki K Poulose wrote:
> On 22/09/2021 14:59, dann frazier wrote:
> > A noted side-effect of commit 0c6c2d3615ef ("arm64: Generate cpucaps.h")
> > is that cpucaps are now sorted, changing the enumeration order. This
> > assumed no dependencies between cpucaps, which turned out not to be true
> > in one case. UNMAP_KERNEL_AT_EL0 currently needs to be processed after
> > WORKAROUND_CAVIUM_27456. ThunderX systems are incompatible with KPTI, so
> > unmap_kernel_at_el0() bails if WORKAROUND_CAVIUM_27456 is set. But because
> > of the sorting, WORKAROUND_CAVIUM_27456 will not yet have been considered
> > when unmap_kernel_at_el0() checks for it, so the kernel tries to
> > run w/ KPTI - and quickly falls over.
> > 
> > Because all ThunderX implementations have homogeneous CPUs, we can remove
> > this dependency by just checking the current CPU for the erratum.
> > 
> > Fixes: 0c6c2d3615ef ("arm64: Generate cpucaps.h")
> > Suggested-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> > Cc: stable@vger.kernel.org # 5.13+
> > Signed-off-by: dann frazier <dann.frazier@canonical.com>
> > ---
> >   arch/arm64/kernel/cpufeature.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> > index f8a3067d10c6..7275b49034f3 100644
> > --- a/arch/arm64/kernel/cpufeature.c
> > +++ b/arch/arm64/kernel/cpufeature.c
> > @@ -1528,7 +1528,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
> >   	 * ThunderX leads to apparent I-cache corruption of kernel text, which
> >   	 * ends as well as you might imagine. Don't even try.
> >   	 */
> > -	if (cpus_have_const_cap(ARM64_WORKAROUND_CAVIUM_27456)) {
> > +	if (this_cpu_has_cap(ARM64_WORKAROUND_CAVIUM_27456)) {
> 
> Please could you also update the comment right above this line to
> explain, why we do this and why this is fine (just like you have
> in the description) ? Something like :
> 
> 	 * Since we cannot rely on the order of the cpucaps
>  	 * we cannot rely on the cpus_have_*cap() helpers to
> 	 * detect the erratum on the system. However, since
> 	 * affected CPUs are always in a homoegeneous configuration
> 	 * we could rely on this_cpu_has_cap()
> 	 */
> 
> So that looking at the code, it is easier to comprehend what we
> figured out in the mailing list (and the description)

Sure thing, v2 coming shortly.

  -dann

> With that:
> 
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> 
> Suzuki

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel