From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751953AbdA0Vwz (ORCPT ); Fri, 27 Jan 2017 16:52:55 -0500 Received: from smtp.codeaurora.org ([198.145.29.96]:36584 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751707AbdA0Vw1 (ORCPT ); Fri, 27 Jan 2017 16:52:27 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 0DE98605A0 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=cov@codeaurora.org Subject: Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003 To: Mark Rutland References: <20170125155232.10277-1-cov@codeaurora.org> <20170125155232.10277-2-cov@codeaurora.org> <20170127143848.GA25899@leverpostej> Cc: Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Christoffer Dall , Marc Zyngier , Catalin Marinas , Will Deacon , kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, shankerd@codeaurora.org, timur@codeaurora.org, Jonathan Corbet , linux-doc@vger.kernel.org, Jon Masters , Neil Leeder , Mark Langsdorf From: Christopher Covington Message-ID: Date: Fri, 27 Jan 2017 16:52:23 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2 MIME-Version: 1.0 In-Reply-To: <20170127143848.GA25899@leverpostej> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mark, On 01/27/2017 09:38 AM, Mark Rutland wrote: > On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote: >> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries >> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum >> is triggered, page table entries using the new translation table base >> address (BADDR) will be allocated into the TLB using the old ASID. All >> circumstances leading to the incorrect ASID being cached in the TLB arise >> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory >> operation is in the process of performing a translation using the specific >> TTBRx_EL1 being written, and the memory operation uses a translation table >> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0 >> ASID is not subject to this erratum because hardware is prohibited from >> performing translations from an out-of-context translation regime. >> >> Consider the following pseudo code. >> >> write new BADDR and ASID values to TTBRx_EL1 >> >> Replacing the above sequence with the one below will ensure that no TLB >> entries with an incorrect ASID are used by software. >> >> write reserved value to TTBRx_EL1[ASID] >> ISB >> write new value to TTBRx_EL1[BADDR] >> ISB >> write new value to TTBRx_EL1[ASID] >> ISB >> >> When the above sequence is used, page table entries using the new BADDR >> value may still be incorrectly allocated into the TLB using the reserved >> ASID. Yet this will not reduce functionality, since TLB entries incorrectly >> tagged with the reserved ASID will never be hit by a later instruction. > > I agree that there should be no explicit accesses to the VAs for these > entries. So tasks should not see erroneous VAs, and we shouldn't see > synchronous TLB conflict aborts. > > Regardless, can this allow conflicting TLB entries to be allocated to > the reserved ASID? e.g. if one task has a 4K mapping at a given VA, and > another has a 2M mapping which covers that VA, can both be allocated > into the TLBs under the reserved ASID? > > Can that have any effect on asynchronous TLB lookups or page table > walks, e.g. for speculated accesses? A speculative access that inserts an entry into the TLB could possibly find the conflict but will not signal it. Does that answer your question? Thanks, Cov -- Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christopher Covington Subject: Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003 Date: Fri, 27 Jan 2017 16:52:23 -0500 Message-ID: References: <20170125155232.10277-1-cov@codeaurora.org> <20170125155232.10277-2-cov@codeaurora.org> <20170127143848.GA25899@leverpostej> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Mark Langsdorf , linux-doc@vger.kernel.org, kvm@vger.kernel.org, Marc Zyngier , Catalin Marinas , timur@codeaurora.org, Jonathan Corbet , Will Deacon , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Neil Leeder , Jon Masters , Paolo Bonzini , kvmarm@lists.cs.columbia.edu To: Mark Rutland Return-path: In-Reply-To: <20170127143848.GA25899@leverpostej> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu List-Id: kvm.vger.kernel.org Hi Mark, On 01/27/2017 09:38 AM, Mark Rutland wrote: > On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote: >> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries >> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum >> is triggered, page table entries using the new translation table base >> address (BADDR) will be allocated into the TLB using the old ASID. All >> circumstances leading to the incorrect ASID being cached in the TLB arise >> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory >> operation is in the process of performing a translation using the specific >> TTBRx_EL1 being written, and the memory operation uses a translation table >> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0 >> ASID is not subject to this erratum because hardware is prohibited from >> performing translations from an out-of-context translation regime. >> >> Consider the following pseudo code. >> >> write new BADDR and ASID values to TTBRx_EL1 >> >> Replacing the above sequence with the one below will ensure that no TLB >> entries with an incorrect ASID are used by software. >> >> write reserved value to TTBRx_EL1[ASID] >> ISB >> write new value to TTBRx_EL1[BADDR] >> ISB >> write new value to TTBRx_EL1[ASID] >> ISB >> >> When the above sequence is used, page table entries using the new BADDR >> value may still be incorrectly allocated into the TLB using the reserved >> ASID. Yet this will not reduce functionality, since TLB entries incorrectly >> tagged with the reserved ASID will never be hit by a later instruction. > > I agree that there should be no explicit accesses to the VAs for these > entries. So tasks should not see erroneous VAs, and we shouldn't see > synchronous TLB conflict aborts. > > Regardless, can this allow conflicting TLB entries to be allocated to > the reserved ASID? e.g. if one task has a 4K mapping at a given VA, and > another has a 2M mapping which covers that VA, can both be allocated > into the TLBs under the reserved ASID? > > Can that have any effect on asynchronous TLB lookups or page table > walks, e.g. for speculated accesses? A speculative access that inserts an entry into the TLB could possibly find the conflict but will not signal it. Does that answer your question? Thanks, Cov -- Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project. From mboxrd@z Thu Jan 1 00:00:00 1970 From: cov@codeaurora.org (Christopher Covington) Date: Fri, 27 Jan 2017 16:52:23 -0500 Subject: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003 In-Reply-To: <20170127143848.GA25899@leverpostej> References: <20170125155232.10277-1-cov@codeaurora.org> <20170125155232.10277-2-cov@codeaurora.org> <20170127143848.GA25899@leverpostej> Message-ID: To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org Hi Mark, On 01/27/2017 09:38 AM, Mark Rutland wrote: > On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote: >> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries >> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum >> is triggered, page table entries using the new translation table base >> address (BADDR) will be allocated into the TLB using the old ASID. All >> circumstances leading to the incorrect ASID being cached in the TLB arise >> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory >> operation is in the process of performing a translation using the specific >> TTBRx_EL1 being written, and the memory operation uses a translation table >> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0 >> ASID is not subject to this erratum because hardware is prohibited from >> performing translations from an out-of-context translation regime. >> >> Consider the following pseudo code. >> >> write new BADDR and ASID values to TTBRx_EL1 >> >> Replacing the above sequence with the one below will ensure that no TLB >> entries with an incorrect ASID are used by software. >> >> write reserved value to TTBRx_EL1[ASID] >> ISB >> write new value to TTBRx_EL1[BADDR] >> ISB >> write new value to TTBRx_EL1[ASID] >> ISB >> >> When the above sequence is used, page table entries using the new BADDR >> value may still be incorrectly allocated into the TLB using the reserved >> ASID. Yet this will not reduce functionality, since TLB entries incorrectly >> tagged with the reserved ASID will never be hit by a later instruction. > > I agree that there should be no explicit accesses to the VAs for these > entries. So tasks should not see erroneous VAs, and we shouldn't see > synchronous TLB conflict aborts. > > Regardless, can this allow conflicting TLB entries to be allocated to > the reserved ASID? e.g. if one task has a 4K mapping at a given VA, and > another has a 2M mapping which covers that VA, can both be allocated > into the TLBs under the reserved ASID? > > Can that have any effect on asynchronous TLB lookups or page table > walks, e.g. for speculated accesses? A speculative access that inserts an entry into the TLB could possibly find the conflict but will not signal it. Does that answer your question? Thanks, Cov -- Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.