[PATCH v4 1/4] arm64: Define Falkor v1 CPU

[PATCH v4 1/4] arm64: Define Falkor v1 CPU

[Christopher Covington]

From: Shanker Donthineni <shankerd@codeaurora.org>

Define the MIDR implementer and part number field values for the Qualcomm
Datacenter Technologies Falkor processor version 1 in the usual manner.

Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Christopher Covington <cov@codeaurora.org>
---
 arch/arm64/include/asm/cputype.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h
index 26a68ddb11c1..ee605612f60c 100644
--- a/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -71,6 +71,7 @@
 #define ARM_CPU_IMP_APM			0x50
 #define ARM_CPU_IMP_CAVIUM		0x43
 #define ARM_CPU_IMP_BRCM		0x42
+#define ARM_CPU_IMP_QCOM		0x51
 
 #define ARM_CPU_PART_AEM_V8		0xD0F
 #define ARM_CPU_PART_FOUNDATION		0xD00
@@ -84,10 +85,13 @@
 
 #define BRCM_CPU_PART_VULCAN		0x516
 
+#define QCOM_CPU_PART_FALKOR_V1		0x800
+
 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53)
 #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
+#define MIDR_QCOM_FALKOR_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR_V1)
 
 #ifndef __ASSEMBLY__
 
-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora
Forum, a Linux Foundation Collaborative Project.

[PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Christopher Covington]

The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries
using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum
is triggered, page table entries using the new translation table base
address (BADDR) will be allocated into the TLB using the old ASID. All
circumstances leading to the incorrect ASID being cached in the TLB arise
when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory
operation is in the process of performing a translation using the specific
TTBRx_EL1 being written, and the memory operation uses a translation table
descriptor designated as non-global. EL2 and EL3 code changing the EL1&0
ASID is not subject to this erratum because hardware is prohibited from
performing translations from an out-of-context translation regime.

Consider the following pseudo code.

  write new BADDR and ASID values to TTBRx_EL1

Replacing the above sequence with the one below will ensure that no TLB
entries with an incorrect ASID are used by software.

  write reserved value to TTBRx_EL1[ASID]
  ISB
  write new value to TTBRx_EL1[BADDR]
  ISB
  write new value to TTBRx_EL1[ASID]
  ISB

When the above sequence is used, page table entries using the new BADDR
value may still be incorrectly allocated into the TLB using the reserved
ASID. Yet this will not reduce functionality, since TLB entries incorrectly
tagged with the reserved ASID will never be hit by a later instruction.

Based on work by Shanker Donthineni <shankerd@codeaurora.org>

Signed-off-by: Christopher Covington <cov@codeaurora.org>
---
 Documentation/arm64/silicon-errata.txt |  1 +
 arch/arm64/Kconfig                     | 11 +++++++++++
 arch/arm64/include/asm/assembler.h     | 23 +++++++++++++++++++++++
 arch/arm64/include/asm/cpucaps.h       |  3 ++-
 arch/arm64/include/asm/mmu_context.h   |  8 +++++++-
 arch/arm64/kernel/cpu_errata.c         |  7 +++++++
 arch/arm64/mm/context.c                | 11 +++++++++++
 arch/arm64/mm/proc.S                   |  1 +
 8 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt
index 405da11fc3e4..e090415a97d3 100644
--- a/Documentation/arm64/silicon-errata.txt
+++ b/Documentation/arm64/silicon-errata.txt
@@ -63,3 +63,4 @@ stable kernels.
 | Cavium         | ThunderX SMMUv2 | #27704          | N/A		       |
 |                |                 |                 |                         |
 | Freescale/NXP  | LS2080A/LS1043A | A-008585        | FSL_ERRATUM_A008585     |
+| Qualcomm       | Falkor v1       | E1003           | QCOM_FALKOR_ERRATUM_1003|
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 111742126897..366c7d4d1cc5 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -479,6 +479,17 @@ config CAVIUM_ERRATUM_27456
 
 	  If unsure, say Y.
 
+config QCOM_FALKOR_ERRATUM_1003
+	bool "Falkor E1003: Incorrect translation due to ASID change"
+	default y
+	help
+	  On Falkor v1, an incorrect ASID may be cached in the TLB when ASID
+	  and BADDR are changed together in TTBRx_EL1. The workaround for this
+	  issue is to use a reserved ASID in cpu_do_switch_mm() before
+	  switching to the new ASID.
+
+	  If unsure, say Y.
+
 endmenu
 
 
diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
index 3a4301163e04..1b67c3782d00 100644
--- a/arch/arm64/include/asm/assembler.h
+++ b/arch/arm64/include/asm/assembler.h
@@ -25,6 +25,7 @@
 
 #include <asm/asm-offsets.h>
 #include <asm/cpufeature.h>
+#include <asm/mmu_context.h>
 #include <asm/page.h>
 #include <asm/pgtable-hwdef.h>
 #include <asm/ptrace.h>
@@ -441,6 +442,28 @@ alternative_endif
 	.endm
 
 /*
+ * Errata workaround prior to TTBR0_EL1 update
+ *
+ * 	val:	TTBR value with new BADDR, preserved
+ * 	tmp0:	temporary register, clobbered
+ * 	tmp1:	other temporary register, clobbered
+ */
+	.macro	pre_ttbr0_update_workaround, val, tmp0, tmp1
+#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003
+alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003
+	mrs	\tmp0, ttbr0_el1
+	mov	\tmp1, #FALKOR_RESERVED_ASID
+	bfi	\tmp0, \tmp1, #48, #16		// reserved ASID + old BADDR
+	msr	ttbr0_el1, \tmp0
+	isb
+	bfi	\tmp0, \val, #0, #48		// reserved ASID + new BADDR
+	msr	ttbr0_el1, \tmp0
+	isb
+alternative_else_nop_endif
+#endif
+	.endm
+
+/*
  * Errata workaround post TTBR0_EL1 update.
  */
 	.macro	post_ttbr0_update_workaround
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 4174f09678c4..5aaf7eede432 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -35,7 +35,8 @@
 #define ARM64_HYP_OFFSET_LOW			14
 #define ARM64_MISMATCHED_CACHE_LINE_SIZE	15
 #define ARM64_HAS_NO_FPSIMD			16
+#define ARM64_WORKAROUND_QCOM_FALKOR_E1003	17
 
-#define ARM64_NCAPS				17
+#define ARM64_NCAPS				18
 
 #endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h
index 0363fe80455c..9632b0508037 100644
--- a/arch/arm64/include/asm/mmu_context.h
+++ b/arch/arm64/include/asm/mmu_context.h
@@ -19,6 +19,10 @@
 #ifndef __ASM_MMU_CONTEXT_H
 #define __ASM_MMU_CONTEXT_H
 
+#define FALKOR_RESERVED_ASID	1
+
+#ifndef __ASSEMBLY__
+
 #include <linux/compiler.h>
 #include <linux/sched.h>
 
@@ -220,4 +224,6 @@ switch_mm(struct mm_struct *prev, struct mm_struct *next,
 
 void verify_cpu_asid_bits(void);
 
-#endif
+#endif /* !__ASSEMBLY__ */
+
+#endif /* !__ASM_MMU_CONTEXT_H */
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index b75e917aac46..787b5422c559 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -130,6 +130,13 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
 		.def_scope = SCOPE_LOCAL_CPU,
 		.enable = cpu_enable_trap_ctr_access,
 	},
+#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003
+	{
+		.desc = "Qualcomm Falkor erratum 1003",
+		.capability = ARM64_WORKAROUND_QCOM_FALKOR_E1003,
+		MIDR_RANGE(MIDR_QCOM_FALKOR_V1, 0x00, 0x00),
+	},
+#endif
 	{
 	}
 };
diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c
index 4c63cb154859..67df38184903 100644
--- a/arch/arm64/mm/context.c
+++ b/arch/arm64/mm/context.c
@@ -79,6 +79,13 @@ void verify_cpu_asid_bits(void)
 	}
 }
 
+static void set_reserved_asid_bits(void)
+{
+	if (IS_ENABLED(CONFIG_QCOM_FALKOR_ERRATUM_1003) &&
+	    cpus_have_cap(ARM64_WORKAROUND_QCOM_FALKOR_E1003))
+		__set_bit(FALKOR_RESERVED_ASID, asid_map);
+}
+
 static void flush_context(unsigned int cpu)
 {
 	int i;
@@ -87,6 +94,8 @@ static void flush_context(unsigned int cpu)
 	/* Update the list of reserved ASIDs and the ASID bitmap. */
 	bitmap_clear(asid_map, 0, NUM_USER_ASIDS);
 
+	set_reserved_asid_bits();
+
 	/*
 	 * Ensure the generation bump is observed before we xchg the
 	 * active_asids.
@@ -244,6 +253,8 @@ static int asids_init(void)
 		panic("Failed to allocate bitmap for %lu ASIDs\n",
 		      NUM_USER_ASIDS);
 
+	set_reserved_asid_bits();
+
 	pr_info("ASID allocator initialised with %lu entries\n", NUM_USER_ASIDS);
 	return 0;
 }
diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
index 32682be978e0..cd4d53d7e458 100644
--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -138,6 +138,7 @@ ENDPROC(cpu_do_resume)
  *	- pgd_phys - physical address of new TTB
  */
 ENTRY(cpu_do_switch_mm)
+	pre_ttbr0_update_workaround x0, x1, x2
 	mmid	x1, x1				// get mm->context.id
 	bfi	x0, x1, #48, #16		// set the ASID
 	msr	ttbr0_el1, x0			// set TTBR0
-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora
Forum, a Linux Foundation Collaborative Project.

[PATCH v4 3/4] arm64: Use __tlbi() macros in KVM code

[Christopher Covington]

Refactor the KVM code to use the __tlbi macros, which will allow an errata
workaround that repeats tlbi dsb sequences to only change one location.
This is not intended to change the generated assembly and comparing before
and after vmlinux objdump shows no functional changes.

Signed-off-by: Christopher Covington <cov@codeaurora.org>
---
 arch/arm64/kvm/hyp/tlb.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/arch/arm64/kvm/hyp/tlb.c b/arch/arm64/kvm/hyp/tlb.c
index 88e2f2b938f0..e8e7ba2bc11f 100644
--- a/arch/arm64/kvm/hyp/tlb.c
+++ b/arch/arm64/kvm/hyp/tlb.c
@@ -16,6 +16,7 @@
  */
 
 #include <asm/kvm_hyp.h>
+#include <asm/tlbflush.h>
 
 void __hyp_text __kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa)
 {
@@ -32,7 +33,7 @@ void __hyp_text __kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa)
 	 * whole of Stage-1. Weep...
 	 */
 	ipa >>= 12;
-	asm volatile("tlbi ipas2e1is, %0" : : "r" (ipa));
+	__tlbi(ipas2e1is, ipa);
 
 	/*
 	 * We have to ensure completion of the invalidation at Stage-2,
@@ -41,7 +42,7 @@ void __hyp_text __kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa)
 	 * the Stage-1 invalidation happened first.
 	 */
 	dsb(ish);
-	asm volatile("tlbi vmalle1is" : : );
+	__tlbi(vmalle1is);
 	dsb(ish);
 	isb();
 
@@ -57,7 +58,7 @@ void __hyp_text __kvm_tlb_flush_vmid(struct kvm *kvm)
 	write_sysreg(kvm->arch.vttbr, vttbr_el2);
 	isb();
 
-	asm volatile("tlbi vmalls12e1is" : : );
+	__tlbi(vmalls12e1is);
 	dsb(ish);
 	isb();
 
@@ -72,7 +73,7 @@ void __hyp_text __kvm_tlb_flush_local_vmid(struct kvm_vcpu *vcpu)
 	write_sysreg(kvm->arch.vttbr, vttbr_el2);
 	isb();
 
-	asm volatile("tlbi vmalle1" : : );
+	__tlbi(vmalle1);
 	dsb(nsh);
 	isb();
 
@@ -82,7 +83,7 @@ void __hyp_text __kvm_tlb_flush_local_vmid(struct kvm_vcpu *vcpu)
 void __hyp_text __kvm_flush_vm_context(void)
 {
 	dsb(ishst);
-	asm volatile("tlbi alle1is	\n"
-		     "ic ialluis	  ": : );
+	__tlbi(alle1is);
+	asm volatile("ic ialluis" : : );
 	dsb(ish);
 }
-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora
Forum, a Linux Foundation Collaborative Project.

[PATCH v4 4/4] arm64: Work around Falkor erratum 1009

[Christopher Covington]

During a TLB invalidate sequence targeting the inner shareable domain,
Falkor may prematurely complete the DSB before all loads and stores using
the old translation are observed. Instruction fetches are not subject to
the conditions of this erratum. If the original code sequence includes
multiple TLB invalidate instructions followed by a single DSB, onle one of
the TLB instructions needs to be repeated to work around this erratum.
While the erratum only applies to cases in which the TLBI specifies the
inner-shareable domain (*IS form of TLBI) and the DSB is ISH form or
stronger (OSH, SYS), this changes applies the workaround overabundantly--
to local TLBI, DSB NSH sequences as well--for simplicity.

Based on work by Shanker Donthineni <shankerd@codeaurora.org>

Signed-off-by: Christopher Covington <cov@codeaurora.org>
---
 Documentation/arm64/silicon-errata.txt |  1 +
 arch/arm64/Kconfig                     | 10 ++++++++++
 arch/arm64/include/asm/cpucaps.h       |  3 ++-
 arch/arm64/include/asm/tlbflush.h      | 18 +++++++++++++++---
 arch/arm64/kernel/cpu_errata.c         |  7 +++++++
 5 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt
index e090415a97d3..d1ccd5f479ae 100644
--- a/Documentation/arm64/silicon-errata.txt
+++ b/Documentation/arm64/silicon-errata.txt
@@ -64,3 +64,4 @@ stable kernels.
 |                |                 |                 |                         |
 | Freescale/NXP  | LS2080A/LS1043A | A-008585        | FSL_ERRATUM_A008585     |
 | Qualcomm       | Falkor v1       | E1003           | QCOM_FALKOR_ERRATUM_1003|
+| Qualcomm       | Falkor v1       | E1009           | QCOM_FALKOR_ERRATUM_1009|
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 366c7d4d1cc5..69b73cbdc6b7 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -490,6 +490,16 @@ config QCOM_FALKOR_ERRATUM_1003
 
 	  If unsure, say Y.
 
+config QCOM_FALKOR_ERRATUM_1009
+	bool "Falkor E1009: Prematurely complete a DSB after a TLBI"
+	default y
+	help
+	  Falkor CPU may prematurely complete a DSB following a TLBI xxIS
+	  invalidate maintenance operation. Repeat the TLBI operation one
+	  more time to fix the issue.
+
+	  If unsure, say Y.
+
 endmenu
 
 
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 5aaf7eede432..55bcd02e4a3f 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -36,7 +36,8 @@
 #define ARM64_MISMATCHED_CACHE_LINE_SIZE	15
 #define ARM64_HAS_NO_FPSIMD			16
 #define ARM64_WORKAROUND_QCOM_FALKOR_E1003	17
+#define ARM64_WORKAROUND_REPEAT_TLBI		18
 
-#define ARM64_NCAPS				18
+#define ARM64_NCAPS				19
 
 #endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h
index deab52374119..fc434f421c7b 100644
--- a/arch/arm64/include/asm/tlbflush.h
+++ b/arch/arm64/include/asm/tlbflush.h
@@ -36,9 +36,21 @@
  * not. The macros handles invoking the asm with or without the
  * register argument as appropriate.
  */
-#define __TLBI_0(op, arg)		asm ("tlbi " #op)
-#define __TLBI_1(op, arg)		asm ("tlbi " #op ", %0" : : "r" (arg))
-#define __TLBI_N(op, arg, n, ...)	__TLBI_##n(op, arg)
+#define __TLBI_0(op, arg) asm volatile ("tlbi " #op "\n"		       \
+			    ALTERNATIVE("nop\n		nop",		       \
+					"dsb ish\n	tlbi " #op,	       \
+					ARM64_WORKAROUND_REPEAT_TLBI,	       \
+					CONFIG_QCOM_FALKOR_ERRATUM_1009)       \
+			    : : )
+
+#define __TLBI_1(op, arg) asm volatile ("tlbi " #op ", %0\n"		       \
+			    ALTERNATIVE("nop\n		nop",		       \
+					"dsb ish\n	tlbi " #op ", %0",     \
+					ARM64_WORKAROUND_REPEAT_TLBI,	       \
+					CONFIG_QCOM_FALKOR_ERRATUM_1009)       \
+			    : : "r" (arg))
+
+#define __TLBI_N(op, arg, n, ...) __TLBI_##n(op, arg)
 
 #define __tlbi(op, ...)		__TLBI_N(op, ##__VA_ARGS__, 1, 0)
 
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 787b5422c559..e644364b5351 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -137,6 +137,13 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
 		MIDR_RANGE(MIDR_QCOM_FALKOR_V1, 0x00, 0x00),
 	},
 #endif
+#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1009
+	{
+		.desc = "Qualcomm Falkor erratum 1009",
+		.capability = ARM64_WORKAROUND_REPEAT_TLBI,
+		MIDR_RANGE(MIDR_QCOM_FALKOR_V1, 0x00, 0x00),
+	},
+#endif
 	{
 	}
 };
-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora
Forum, a Linux Foundation Collaborative Project.

Re: [PATCH v4 3/4] arm64: Use __tlbi() macros in KVM code

[Christoffer Dall]

On Wed, Jan 25, 2017 at 10:52:31AM -0500, Christopher Covington wrote:
> Refactor the KVM code to use the __tlbi macros, which will allow an errata
> workaround that repeats tlbi dsb sequences to only change one location.
> This is not intended to change the generated assembly and comparing before
> and after vmlinux objdump shows no functional changes.
> 
> Signed-off-by: Christopher Covington <cov@codeaurora.org>

Acked-by: Christoffer Dall <christoffer.dall@linaro.org>

Re: [PATCH v4 3/4] arm64: Use __tlbi() macros in KVM code

[Will Deacon]

On Wed, Jan 25, 2017 at 08:39:43PM +0100, Christoffer Dall wrote:
> On Wed, Jan 25, 2017 at 10:52:31AM -0500, Christopher Covington wrote:
> > Refactor the KVM code to use the __tlbi macros, which will allow an errata
> > workaround that repeats tlbi dsb sequences to only change one location.
> > This is not intended to change the generated assembly and comparing before
> > and after vmlinux objdump shows no functional changes.
> > 
> > Signed-off-by: Christopher Covington <cov@codeaurora.org>
> 
> Acked-by: Christoffer Dall <christoffer.dall@linaro.org>

Thanks, I'll queue this one via arm64.

Will

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Mark Rutland]

On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:
> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries
> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum
> is triggered, page table entries using the new translation table base
> address (BADDR) will be allocated into the TLB using the old ASID. All
> circumstances leading to the incorrect ASID being cached in the TLB arise
> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory
> operation is in the process of performing a translation using the specific
> TTBRx_EL1 being written, and the memory operation uses a translation table
> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0
> ASID is not subject to this erratum because hardware is prohibited from
> performing translations from an out-of-context translation regime.
>
> Consider the following pseudo code.
>
>   write new BADDR and ASID values to TTBRx_EL1
>
> Replacing the above sequence with the one below will ensure that no TLB
> entries with an incorrect ASID are used by software.
>
>   write reserved value to TTBRx_EL1[ASID]
>   ISB
>   write new value to TTBRx_EL1[BADDR]
>   ISB
>   write new value to TTBRx_EL1[ASID]
>   ISB
>
> When the above sequence is used, page table entries using the new BADDR
> value may still be incorrectly allocated into the TLB using the reserved
> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
> tagged with the reserved ASID will never be hit by a later instruction.

I agree that there should be no explicit accesses to the VAs for these
entries. So tasks should not see erroneous VAs, and we shouldn't see
synchronous TLB conflict aborts.

Regardless, can this allow conflicting TLB entries to be allocated to
the reserved ASID? e.g. if one task has a 4K mapping at a given VA, and
another has a 2M mapping which covers that VA, can both be allocated
into the TLBs under the reserved ASID?

Can that have any effect on asynchronous TLB lookups or page table
walks, e.g. for speculated accesses?

Thanks,
Mark.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Mark Rutland]

On Fri, Jan 27, 2017 at 02:38:49PM +0000, Mark Rutland wrote:

> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose
> the contents to any other person, use it for any purpose, or store or
> copy the information in any medium. Thank you.

Urrgh; I used the wrong mail configuration.

Please ignore the above from the prior email.

Mark.

Re: [PATCH v4 3/4] arm64: Use __tlbi() macros in KVM code

[Will Deacon]

On Wed, Jan 25, 2017 at 10:52:31AM -0500, Christopher Covington wrote:
> Refactor the KVM code to use the __tlbi macros, which will allow an errata
> workaround that repeats tlbi dsb sequences to only change one location.
> This is not intended to change the generated assembly and comparing before
> and after vmlinux objdump shows no functional changes.
> 
> Signed-off-by: Christopher Covington <cov@codeaurora.org>
> ---
>  arch/arm64/kvm/hyp/tlb.c | 13 +++++++------
>  1 file changed, 7 insertions(+), 6 deletions(-)

[...]

> @@ -82,7 +83,7 @@ void __hyp_text __kvm_tlb_flush_local_vmid(struct kvm_vcpu *vcpu)
>  void __hyp_text __kvm_flush_vm_context(void)
>  {
>  	dsb(ishst);
> -	asm volatile("tlbi alle1is	\n"
> -		     "ic ialluis	  ": : );
> +	__tlbi(alle1is);
> +	asm volatile("ic ialluis" : : );
>  	dsb(ish);

Should be a separate patch, but this can now be a __flush_icache_all instead
of the open-coded asm.

Will

Re: [PATCH v4 4/4] arm64: Work around Falkor erratum 1009

[Will Deacon]

On Wed, Jan 25, 2017 at 10:52:32AM -0500, Christopher Covington wrote:
> During a TLB invalidate sequence targeting the inner shareable domain,
> Falkor may prematurely complete the DSB before all loads and stores using
> the old translation are observed. Instruction fetches are not subject to
> the conditions of this erratum. If the original code sequence includes
> multiple TLB invalidate instructions followed by a single DSB, onle one of
> the TLB instructions needs to be repeated to work around this erratum.
> While the erratum only applies to cases in which the TLBI specifies the
> inner-shareable domain (*IS form of TLBI) and the DSB is ISH form or
> stronger (OSH, SYS), this changes applies the workaround overabundantly--
> to local TLBI, DSB NSH sequences as well--for simplicity.
> 
> Based on work by Shanker Donthineni <shankerd@codeaurora.org>
> 
> Signed-off-by: Christopher Covington <cov@codeaurora.org>
> ---
>  Documentation/arm64/silicon-errata.txt |  1 +
>  arch/arm64/Kconfig                     | 10 ++++++++++
>  arch/arm64/include/asm/cpucaps.h       |  3 ++-
>  arch/arm64/include/asm/tlbflush.h      | 18 +++++++++++++++---
>  arch/arm64/kernel/cpu_errata.c         |  7 +++++++
>  5 files changed, 35 insertions(+), 4 deletions(-)

Thanks, this one looks good to me. It doesn't apply without the other
erratum workaround (due to conflicts), so I'll have to wait for the
discussion with Mark to each a conclusion before I can queue it.

One minor comment inline...

> diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h
> index deab52374119..fc434f421c7b 100644
> --- a/arch/arm64/include/asm/tlbflush.h
> +++ b/arch/arm64/include/asm/tlbflush.h
> @@ -36,9 +36,21 @@
>   * not. The macros handles invoking the asm with or without the
>   * register argument as appropriate.
>   */
> -#define __TLBI_0(op, arg)		asm ("tlbi " #op)
> -#define __TLBI_1(op, arg)		asm ("tlbi " #op ", %0" : : "r" (arg))
> -#define __TLBI_N(op, arg, n, ...)	__TLBI_##n(op, arg)
> +#define __TLBI_0(op, arg) asm volatile ("tlbi " #op "\n"		       \
> +			    ALTERNATIVE("nop\n		nop",		       \
> +					"dsb ish\n	tlbi " #op,	       \
> +					ARM64_WORKAROUND_REPEAT_TLBI,	       \
> +					CONFIG_QCOM_FALKOR_ERRATUM_1009)       \
> +			    : : )
> +
> +#define __TLBI_1(op, arg) asm volatile ("tlbi " #op ", %0\n"		       \
> +			    ALTERNATIVE("nop\n		nop",		       \
> +					"dsb ish\n	tlbi " #op ", %0",     \
> +					ARM64_WORKAROUND_REPEAT_TLBI,	       \
> +					CONFIG_QCOM_FALKOR_ERRATUM_1009)       \
> +			    : : "r" (arg))

I don't think you need to make these volatile.

Will

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Timur Tabi]

On 01/25/2017 09:52 AM, Christopher Covington wrote:
> +		.desc = "Qualcomm Falkor erratum 1003",

FYI, this needs to say, "Qualcomm Technologies Falkor ...".  Same thing with 
the 1009 patch.

-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc.  Qualcomm Technologies, Inc. is a member of the
Code Aurora Forum, a Linux Foundation Collaborative Project.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Christopher Covington]

Hi Mark,

On 01/27/2017 09:38 AM, Mark Rutland wrote:
> On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:
>> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries
>> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum
>> is triggered, page table entries using the new translation table base
>> address (BADDR) will be allocated into the TLB using the old ASID. All
>> circumstances leading to the incorrect ASID being cached in the TLB arise
>> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory
>> operation is in the process of performing a translation using the specific
>> TTBRx_EL1 being written, and the memory operation uses a translation table
>> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0
>> ASID is not subject to this erratum because hardware is prohibited from
>> performing translations from an out-of-context translation regime.
>>
>> Consider the following pseudo code.
>>
>>   write new BADDR and ASID values to TTBRx_EL1
>>
>> Replacing the above sequence with the one below will ensure that no TLB
>> entries with an incorrect ASID are used by software.
>>
>>   write reserved value to TTBRx_EL1[ASID]
>>   ISB
>>   write new value to TTBRx_EL1[BADDR]
>>   ISB
>>   write new value to TTBRx_EL1[ASID]
>>   ISB
>>
>> When the above sequence is used, page table entries using the new BADDR
>> value may still be incorrectly allocated into the TLB using the reserved
>> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
>> tagged with the reserved ASID will never be hit by a later instruction.
> 
> I agree that there should be no explicit accesses to the VAs for these
> entries. So tasks should not see erroneous VAs, and we shouldn't see
> synchronous TLB conflict aborts.
> 
> Regardless, can this allow conflicting TLB entries to be allocated to
> the reserved ASID? e.g. if one task has a 4K mapping at a given VA, and
> another has a 2M mapping which covers that VA, can both be allocated
> into the TLBs under the reserved ASID?
> 
> Can that have any effect on asynchronous TLB lookups or page table
> walks, e.g. for speculated accesses?

A speculative access that inserts an entry into the TLB could
possibly find the conflict but will not signal it. Does that answer
your question?

Thanks,
Cov

-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code
Aurora Forum, a Linux Foundation Collaborative Project.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Mark Rutland]

Hi,

On Fri, Jan 27, 2017 at 04:52:23PM -0500, Christopher Covington wrote:
> On 01/27/2017 09:38 AM, Mark Rutland wrote:
> > On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:

> >> Replacing the above sequence with the one below will ensure that no TLB
> >> entries with an incorrect ASID are used by software.
> >>
> >>   write reserved value to TTBRx_EL1[ASID]
> >>   ISB
> >>   write new value to TTBRx_EL1[BADDR]
> >>   ISB
> >>   write new value to TTBRx_EL1[ASID]
> >>   ISB
> >>
> >> When the above sequence is used, page table entries using the new BADDR
> >> value may still be incorrectly allocated into the TLB using the reserved
> >> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
> >> tagged with the reserved ASID will never be hit by a later instruction.
> > 
> > I agree that there should be no explicit accesses to the VAs for these
> > entries. So tasks should not see erroneous VAs, and we shouldn't see
> > synchronous TLB conflict aborts.
> > 
> > Regardless, can this allow conflicting TLB entries to be allocated to
> > the reserved ASID? e.g. if one task has a 4K mapping at a given VA, and
> > another has a 2M mapping which covers that VA, can both be allocated
> > into the TLBs under the reserved ASID?
> > 
> > Can that have any effect on asynchronous TLB lookups or page table
> > walks, e.g. for speculated accesses?
> 
> A speculative access that inserts an entry into the TLB could
> possibly find the conflict but will not signal it. Does that answer
> your question?

Yes!

The other case I was worried about was intermediate caching. I take it
the values in TLBs are not used as part of subsequent page table walks?

If so, the above sounds fine to me.

Otherwise, we'll need additional TLB maintenance.

Thanks,
Mark.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Christopher Covington]

Hi Mark,

On 01/30/2017 05:56 AM, Mark Rutland wrote:
> Hi,
> 
> On Fri, Jan 27, 2017 at 04:52:23PM -0500, Christopher Covington wrote:
>> On 01/27/2017 09:38 AM, Mark Rutland wrote:
>>> On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:
> 
>>>> Replacing the above sequence with the one below will ensure that no TLB
>>>> entries with an incorrect ASID are used by software.
>>>>
>>>>   write reserved value to TTBRx_EL1[ASID]
>>>>   ISB
>>>>   write new value to TTBRx_EL1[BADDR]
>>>>   ISB
>>>>   write new value to TTBRx_EL1[ASID]
>>>>   ISB
>>>>
>>>> When the above sequence is used, page table entries using the new BADDR
>>>> value may still be incorrectly allocated into the TLB using the reserved
>>>> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
>>>> tagged with the reserved ASID will never be hit by a later instruction.
>>>
>>> I agree that there should be no explicit accesses to the VAs for these
>>> entries. So tasks should not see erroneous VAs, and we shouldn't see
>>> synchronous TLB conflict aborts.
>>>
>>> Regardless, can this allow conflicting TLB entries to be allocated to
>>> the reserved ASID? e.g. if one task has a 4K mapping at a given VA, and
>>> another has a 2M mapping which covers that VA, can both be allocated
>>> into the TLBs under the reserved ASID?
>>>
>>> Can that have any effect on asynchronous TLB lookups or page table
>>> walks, e.g. for speculated accesses?
>>
>> A speculative access that inserts an entry into the TLB could
>> possibly find the conflict but will not signal it. Does that answer
>> your question?
> 
> Yes!
> 
> The other case I was worried about was intermediate caching. I take it
> the values in TLBs are not used as part of subsequent page table walks?
> 
> If so, the above sounds fine to me.
> 
> Otherwise, we'll need additional TLB maintenance.

Errant TLB entries will not be used for any legitimate subsequent page
table walks.

I have some minor changes which I'll send as v5 based on
kernel/git/arm64/linux.git for-next/core.

Thanks,
Cov

-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code
Aurora Forum, a Linux Foundation Collaborative Project.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Mark Rutland]

On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:
> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries
> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum
> is triggered, page table entries using the new translation table base
> address (BADDR) will be allocated into the TLB using the old ASID. All
> circumstances leading to the incorrect ASID being cached in the TLB arise
> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory
> operation is in the process of performing a translation using the specific
> TTBRx_EL1 being written, and the memory operation uses a translation table
> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0
> ASID is not subject to this erratum because hardware is prohibited from
> performing translations from an out-of-context translation regime.
> 
> Consider the following pseudo code.
> 
>   write new BADDR and ASID values to TTBRx_EL1
> 
> Replacing the above sequence with the one below will ensure that no TLB
> entries with an incorrect ASID are used by software.
> 
>   write reserved value to TTBRx_EL1[ASID]
>   ISB
>   write new value to TTBRx_EL1[BADDR]
>   ISB
>   write new value to TTBRx_EL1[ASID]
>   ISB
> 
> When the above sequence is used, page table entries using the new BADDR
> value may still be incorrectly allocated into the TLB using the reserved
> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
> tagged with the reserved ASID will never be hit by a later instruction.

Based on my understanding that entries allocated to the reserved ASID
will not be used for subsequent page table walks (and so we don't have
asynchronous behaviour to contend with), this sounds fine to me.

Thanks for taking the time to clarify the details on that.

> Based on work by Shanker Donthineni <shankerd@codeaurora.org>
> 
> Signed-off-by: Christopher Covington <cov@codeaurora.org>
> ---
>  Documentation/arm64/silicon-errata.txt |  1 +
>  arch/arm64/Kconfig                     | 11 +++++++++++
>  arch/arm64/include/asm/assembler.h     | 23 +++++++++++++++++++++++
>  arch/arm64/include/asm/cpucaps.h       |  3 ++-
>  arch/arm64/include/asm/mmu_context.h   |  8 +++++++-
>  arch/arm64/kernel/cpu_errata.c         |  7 +++++++
>  arch/arm64/mm/context.c                | 11 +++++++++++
>  arch/arm64/mm/proc.S                   |  1 +
>  8 files changed, 63 insertions(+), 2 deletions(-)

Don't we need to use pre_ttbr0_update_workaround in <asm/asm-uaccess.h>
for CONFIG_ARM64_SW_TTBR0_PAN? We implicitly switch to the reserved ASID
for the empty table in __uaccess_ttbr0_disable.

That also means we have to invalidate the reserved ASID so as to not
accidentally hit while uaccess is disabled.

Thanks,
Mark.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Christopher Covington]

On 01/31/2017 07:37 AM, Mark Rutland wrote:
> On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:
>> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries
>> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum
>> is triggered, page table entries using the new translation table base
>> address (BADDR) will be allocated into the TLB using the old ASID. All
>> circumstances leading to the incorrect ASID being cached in the TLB arise
>> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory
>> operation is in the process of performing a translation using the specific
>> TTBRx_EL1 being written, and the memory operation uses a translation table
>> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0
>> ASID is not subject to this erratum because hardware is prohibited from
>> performing translations from an out-of-context translation regime.
>>
>> Consider the following pseudo code.
>>
>>   write new BADDR and ASID values to TTBRx_EL1
>>
>> Replacing the above sequence with the one below will ensure that no TLB
>> entries with an incorrect ASID are used by software.
>>
>>   write reserved value to TTBRx_EL1[ASID]
>>   ISB
>>   write new value to TTBRx_EL1[BADDR]
>>   ISB
>>   write new value to TTBRx_EL1[ASID]
>>   ISB
>>
>> When the above sequence is used, page table entries using the new BADDR
>> value may still be incorrectly allocated into the TLB using the reserved
>> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
>> tagged with the reserved ASID will never be hit by a later instruction.
> 
> Based on my understanding that entries allocated to the reserved ASID
> will not be used for subsequent page table walks (and so we don't have
> asynchronous behaviour to contend with), this sounds fine to me.
> 
> Thanks for taking the time to clarify the details on that.
> 
>> Based on work by Shanker Donthineni <shankerd@codeaurora.org>
>>
>> Signed-off-by: Christopher Covington <cov@codeaurora.org>
>> ---
>>  Documentation/arm64/silicon-errata.txt |  1 +
>>  arch/arm64/Kconfig                     | 11 +++++++++++
>>  arch/arm64/include/asm/assembler.h     | 23 +++++++++++++++++++++++
>>  arch/arm64/include/asm/cpucaps.h       |  3 ++-
>>  arch/arm64/include/asm/mmu_context.h   |  8 +++++++-
>>  arch/arm64/kernel/cpu_errata.c         |  7 +++++++
>>  arch/arm64/mm/context.c                | 11 +++++++++++
>>  arch/arm64/mm/proc.S                   |  1 +
>>  8 files changed, 63 insertions(+), 2 deletions(-)
> 
> Don't we need to use pre_ttbr0_update_workaround in <asm/asm-uaccess.h>
> for CONFIG_ARM64_SW_TTBR0_PAN? We implicitly switch to the reserved ASID
> for the empty table in __uaccess_ttbr0_disable.
> 
> That also means we have to invalidate the reserved ASID so as to not
> accidentally hit while uaccess is disabled.

The CPU in question (Falkor v1) has hardware PAN support. Do we need
to worry about including the workaround in the SW PAN code in that case?

Thanks,
Cov

-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code
Aurora Forum, a Linux Foundation Collaborative Project.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Marc Zyngier]

On 31/01/17 17:48, Christopher Covington wrote:
> On 01/31/2017 07:37 AM, Mark Rutland wrote:
>> On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:
>>> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries
>>> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum
>>> is triggered, page table entries using the new translation table base
>>> address (BADDR) will be allocated into the TLB using the old ASID. All
>>> circumstances leading to the incorrect ASID being cached in the TLB arise
>>> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory
>>> operation is in the process of performing a translation using the specific
>>> TTBRx_EL1 being written, and the memory operation uses a translation table
>>> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0
>>> ASID is not subject to this erratum because hardware is prohibited from
>>> performing translations from an out-of-context translation regime.
>>>
>>> Consider the following pseudo code.
>>>
>>>   write new BADDR and ASID values to TTBRx_EL1
>>>
>>> Replacing the above sequence with the one below will ensure that no TLB
>>> entries with an incorrect ASID are used by software.
>>>
>>>   write reserved value to TTBRx_EL1[ASID]
>>>   ISB
>>>   write new value to TTBRx_EL1[BADDR]
>>>   ISB
>>>   write new value to TTBRx_EL1[ASID]
>>>   ISB
>>>
>>> When the above sequence is used, page table entries using the new BADDR
>>> value may still be incorrectly allocated into the TLB using the reserved
>>> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
>>> tagged with the reserved ASID will never be hit by a later instruction.
>>
>> Based on my understanding that entries allocated to the reserved ASID
>> will not be used for subsequent page table walks (and so we don't have
>> asynchronous behaviour to contend with), this sounds fine to me.
>>
>> Thanks for taking the time to clarify the details on that.
>>
>>> Based on work by Shanker Donthineni <shankerd@codeaurora.org>
>>>
>>> Signed-off-by: Christopher Covington <cov@codeaurora.org>
>>> ---
>>>  Documentation/arm64/silicon-errata.txt |  1 +
>>>  arch/arm64/Kconfig                     | 11 +++++++++++
>>>  arch/arm64/include/asm/assembler.h     | 23 +++++++++++++++++++++++
>>>  arch/arm64/include/asm/cpucaps.h       |  3 ++-
>>>  arch/arm64/include/asm/mmu_context.h   |  8 +++++++-
>>>  arch/arm64/kernel/cpu_errata.c         |  7 +++++++
>>>  arch/arm64/mm/context.c                | 11 +++++++++++
>>>  arch/arm64/mm/proc.S                   |  1 +
>>>  8 files changed, 63 insertions(+), 2 deletions(-)
>>
>> Don't we need to use pre_ttbr0_update_workaround in <asm/asm-uaccess.h>
>> for CONFIG_ARM64_SW_TTBR0_PAN? We implicitly switch to the reserved ASID
>> for the empty table in __uaccess_ttbr0_disable.
>>
>> That also means we have to invalidate the reserved ASID so as to not
>> accidentally hit while uaccess is disabled.
> 
> The CPU in question (Falkor v1) has hardware PAN support. Do we need
> to worry about including the workaround in the SW PAN code in that case?

Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
that case too, and hope that people do enable the HW version.

Thanks,

	M.
-- 
Jazz is not dead. It just smells funny...

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Christopher Covington]

On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> On 31/01/17 17:48, Christopher Covington wrote:
>> On 01/31/2017 07:37 AM, Mark Rutland wrote:
>>> On Wed, Jan 25, 2017 at 10:52:30AM -0500, Christopher Covington wrote:
>>>> The Qualcomm Datacenter Technologies Falkor v1 CPU may allocate TLB entries
>>>> using an incorrect ASID when TTBRx_EL1 is being updated. When the erratum
>>>> is triggered, page table entries using the new translation table base
>>>> address (BADDR) will be allocated into the TLB using the old ASID. All
>>>> circumstances leading to the incorrect ASID being cached in the TLB arise
>>>> when software writes TTBRx_EL1[ASID] and TTBRx_EL1[BADDR], a memory
>>>> operation is in the process of performing a translation using the specific
>>>> TTBRx_EL1 being written, and the memory operation uses a translation table
>>>> descriptor designated as non-global. EL2 and EL3 code changing the EL1&0
>>>> ASID is not subject to this erratum because hardware is prohibited from
>>>> performing translations from an out-of-context translation regime.
>>>>
>>>> Consider the following pseudo code.
>>>>
>>>>   write new BADDR and ASID values to TTBRx_EL1
>>>>
>>>> Replacing the above sequence with the one below will ensure that no TLB
>>>> entries with an incorrect ASID are used by software.
>>>>
>>>>   write reserved value to TTBRx_EL1[ASID]
>>>>   ISB
>>>>   write new value to TTBRx_EL1[BADDR]
>>>>   ISB
>>>>   write new value to TTBRx_EL1[ASID]
>>>>   ISB
>>>>
>>>> When the above sequence is used, page table entries using the new BADDR
>>>> value may still be incorrectly allocated into the TLB using the reserved
>>>> ASID. Yet this will not reduce functionality, since TLB entries incorrectly
>>>> tagged with the reserved ASID will never be hit by a later instruction.
>>>
>>> Based on my understanding that entries allocated to the reserved ASID
>>> will not be used for subsequent page table walks (and so we don't have
>>> asynchronous behaviour to contend with), this sounds fine to me.
>>>
>>> Thanks for taking the time to clarify the details on that.
>>>
>>>> Based on work by Shanker Donthineni <shankerd@codeaurora.org>
>>>>
>>>> Signed-off-by: Christopher Covington <cov@codeaurora.org>
>>>> ---
>>>>  Documentation/arm64/silicon-errata.txt |  1 +
>>>>  arch/arm64/Kconfig                     | 11 +++++++++++
>>>>  arch/arm64/include/asm/assembler.h     | 23 +++++++++++++++++++++++
>>>>  arch/arm64/include/asm/cpucaps.h       |  3 ++-
>>>>  arch/arm64/include/asm/mmu_context.h   |  8 +++++++-
>>>>  arch/arm64/kernel/cpu_errata.c         |  7 +++++++
>>>>  arch/arm64/mm/context.c                | 11 +++++++++++
>>>>  arch/arm64/mm/proc.S                   |  1 +
>>>>  8 files changed, 63 insertions(+), 2 deletions(-)
>>>
>>> Don't we need to use pre_ttbr0_update_workaround in <asm/asm-uaccess.h>
>>> for CONFIG_ARM64_SW_TTBR0_PAN? We implicitly switch to the reserved ASID
>>> for the empty table in __uaccess_ttbr0_disable.
>>>
>>> That also means we have to invalidate the reserved ASID so as to not
>>> accidentally hit while uaccess is disabled.
>>
>> The CPU in question (Falkor v1) has hardware PAN support. Do we need
>> to worry about including the workaround in the SW PAN code in that case?
> 
> Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> that case too, and hope that people do enable the HW version.

Okay, I'll do my best to add support for the SW PAN case. I rebased and
submitted v6 of the E1009 patch [1] so that it no longer depends on this
patch landing first, if you all are inclined to pick it up while work on
this E1003 patch continues.

1. https://patchwork.kernel.org/patch/9547923/

Thanks,
Christopher

-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code
Aurora Forum, a Linux Foundation Collaborative Project.

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Will Deacon]

On Wed, Feb 01, 2017 at 11:29:22AM -0500, Christopher Covington wrote:
> On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> > Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> > enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> > that case too, and hope that people do enable the HW version.
> 
> Okay, I'll do my best to add support for the SW PAN case. I rebased and
> submitted v6 of the E1009 patch [1] so that it no longer depends on this
> patch landing first, if you all are inclined to pick it up while work on
> this E1003 patch continues.

The alternative is not enabling SW_PAN (at runtime) if this errata is
present, along with a warning stating that hardware-PAN should be
enabled in kconfig instead. Not sure what distributions will make of that
though.

> 1. https://patchwork.kernel.org/patch/9547923/

Yup, I queued that one locally and I'll push to -next tomorrow.

Thanks,

Will

Re: [PATCH v4 3/4] arm64: Use __tlbi() macros in KVM code

[Punit Agrawal]

Will Deacon <will.deacon@arm.com> writes:

> On Wed, Jan 25, 2017 at 08:39:43PM +0100, Christoffer Dall wrote:
>> On Wed, Jan 25, 2017 at 10:52:31AM -0500, Christopher Covington wrote:
>> > Refactor the KVM code to use the __tlbi macros, which will allow an errata
>> > workaround that repeats tlbi dsb sequences to only change one location.
>> > This is not intended to change the generated assembly and comparing before
>> > and after vmlinux objdump shows no functional changes.
>> > 
>> > Signed-off-by: Christopher Covington <cov@codeaurora.org>
>> 
>> Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
>
> Thanks, I'll queue this one via arm64.

I just noticed this patch but there's been a similar patch from Mark
that I've been carrying as part of the KVM TLB monitoring series[0].

[0] http://www.mail-archive.com/kvmarm@lists.cs.columbia.edu/msg09359.html

>
> Will
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

Re: [PATCH v4 3/4] arm64: Use __tlbi() macros in KVM code

[Will Deacon]

On Wed, Feb 01, 2017 at 05:02:43PM +0000, Punit Agrawal wrote:
> Will Deacon <will.deacon@arm.com> writes:
> 
> > On Wed, Jan 25, 2017 at 08:39:43PM +0100, Christoffer Dall wrote:
> >> On Wed, Jan 25, 2017 at 10:52:31AM -0500, Christopher Covington wrote:
> >> > Refactor the KVM code to use the __tlbi macros, which will allow an errata
> >> > workaround that repeats tlbi dsb sequences to only change one location.
> >> > This is not intended to change the generated assembly and comparing before
> >> > and after vmlinux objdump shows no functional changes.
> >> > 
> >> > Signed-off-by: Christopher Covington <cov@codeaurora.org>
> >> 
> >> Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
> >
> > Thanks, I'll queue this one via arm64.
> 
> I just noticed this patch but there's been a similar patch from Mark
> that I've been carrying as part of the KVM TLB monitoring series[0].
> 
> [0] http://www.mail-archive.com/kvmarm@lists.cs.columbia.edu/msg09359.html

Well I've already queued the one from Christopher. It's weird that Mark's
version appears to miss the local VMID case (but it does have the
flush_icache_all I wanted :).

Anyway, I'm not reverting anything, so you'll need to rebase when this
lot lands in mainline.

Will

Re: [PATCH v4 3/4] arm64: Use __tlbi() macros in KVM code

[Punit Agrawal]

Will Deacon <will.deacon@arm.com> writes:

> On Wed, Feb 01, 2017 at 05:02:43PM +0000, Punit Agrawal wrote:
>> Will Deacon <will.deacon@arm.com> writes:
>> 
>> > On Wed, Jan 25, 2017 at 08:39:43PM +0100, Christoffer Dall wrote:
>> >> On Wed, Jan 25, 2017 at 10:52:31AM -0500, Christopher Covington wrote:
>> >> > Refactor the KVM code to use the __tlbi macros, which will allow an errata
>> >> > workaround that repeats tlbi dsb sequences to only change one location.
>> >> > This is not intended to change the generated assembly and comparing before
>> >> > and after vmlinux objdump shows no functional changes.
>> >> > 
>> >> > Signed-off-by: Christopher Covington <cov@codeaurora.org>
>> >> 
>> >> Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
>> >
>> > Thanks, I'll queue this one via arm64.
>> 
>> I just noticed this patch but there's been a similar patch from Mark
>> that I've been carrying as part of the KVM TLB monitoring series[0].
>> 
>> [0] http://www.mail-archive.com/kvmarm@lists.cs.columbia.edu/msg09359.html
>
> Well I've already queued the one from Christopher. It's weird that Mark's
> version appears to miss the local VMID case (but it does have the
> flush_icache_all I wanted :).
>
> Anyway, I'm not reverting anything, so you'll need to rebase when this
> lot lands in mainline.

Sure. I'll drop the patch the next time around.

The patch is unrelated to that series and should've gone in when
we introduced the __tlbi() macro but got left out somehow.

>
> Will
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Catalin Marinas]

On Wed, Feb 01, 2017 at 04:33:58PM +0000, Will Deacon wrote:
> On Wed, Feb 01, 2017 at 11:29:22AM -0500, Christopher Covington wrote:
> > On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> > > Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> > > enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> > > that case too, and hope that people do enable the HW version.
> > 
> > Okay, I'll do my best to add support for the SW PAN case. I rebased and
> > submitted v6 of the E1009 patch [1] so that it no longer depends on this
> > patch landing first, if you all are inclined to pick it up while work on
> > this E1003 patch continues.
> 
> The alternative is not enabling SW_PAN (at runtime) if this errata is
> present, along with a warning stating that hardware-PAN should be
> enabled in kconfig instead. Not sure what distributions will make of that
> though.

The problem with this patch is that when ARM64_SW_TTBR0_PAN is enabled
and in the absence of hardware PAN (or ARM64_PAN disabled),
cpu_do_switch_mm is no longer called for user process switching, so the
workaround is pretty much useless.

I'm ok with adding the Kconfig dependency below to
QCOM_FALKOR_ERRATUM_1003:

	depends on !ARM64_SW_TTBR0_PAN || ARM64_PAN

together with a run-time warning if ARM64_SW_TTBR0_PAN is being used.

I'm not keen on adding the workaround to the uaccess macros. They are
complex enough already and people who do want SW PAN (and single Image)
would end up with 6-8 extra unnecessary nops on each side of a uaccess
(and nops are not entirely free).

-- 
Catalin

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Will Deacon]

On Wed, Feb 01, 2017 at 05:36:09PM +0000, Catalin Marinas wrote:
> On Wed, Feb 01, 2017 at 04:33:58PM +0000, Will Deacon wrote:
> > On Wed, Feb 01, 2017 at 11:29:22AM -0500, Christopher Covington wrote:
> > > On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> > > > Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> > > > enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> > > > that case too, and hope that people do enable the HW version.
> > > 
> > > Okay, I'll do my best to add support for the SW PAN case. I rebased and
> > > submitted v6 of the E1009 patch [1] so that it no longer depends on this
> > > patch landing first, if you all are inclined to pick it up while work on
> > > this E1003 patch continues.
> > 
> > The alternative is not enabling SW_PAN (at runtime) if this errata is
> > present, along with a warning stating that hardware-PAN should be
> > enabled in kconfig instead. Not sure what distributions will make of that
> > though.
> 
> The problem with this patch is that when ARM64_SW_TTBR0_PAN is enabled
> and in the absence of hardware PAN (or ARM64_PAN disabled),
> cpu_do_switch_mm is no longer called for user process switching, so the
> workaround is pretty much useless.

Oh, I see what you mean now.

> I'm ok with adding the Kconfig dependency below to
> QCOM_FALKOR_ERRATUM_1003:
> 
> 	depends on !ARM64_SW_TTBR0_PAN || ARM64_PAN
> 
> together with a run-time warning if ARM64_SW_TTBR0_PAN is being used.

That makes it look like hardware-PAN is the cause of the erratum. Maybe
just select ARM64_PAN if the erratum workaround is selected, then
runtime warning if we find that the h/w doesn't have PAN but does have
the erratum (which should never fire)?

Will

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Catalin Marinas]

On Wed, Feb 01, 2017 at 05:41:05PM +0000, Will Deacon wrote:
> On Wed, Feb 01, 2017 at 05:36:09PM +0000, Catalin Marinas wrote:
> > On Wed, Feb 01, 2017 at 04:33:58PM +0000, Will Deacon wrote:
> > > On Wed, Feb 01, 2017 at 11:29:22AM -0500, Christopher Covington wrote:
> > > > On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> > > > > Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> > > > > enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> > > > > that case too, and hope that people do enable the HW version.
> > > > 
> > > > Okay, I'll do my best to add support for the SW PAN case. I rebased and
> > > > submitted v6 of the E1009 patch [1] so that it no longer depends on this
> > > > patch landing first, if you all are inclined to pick it up while work on
> > > > this E1003 patch continues.
> > > 
> > > The alternative is not enabling SW_PAN (at runtime) if this errata is
> > > present, along with a warning stating that hardware-PAN should be
> > > enabled in kconfig instead. Not sure what distributions will make of that
> > > though.
> > 
> > The problem with this patch is that when ARM64_SW_TTBR0_PAN is enabled
> > and in the absence of hardware PAN (or ARM64_PAN disabled),
> > cpu_do_switch_mm is no longer called for user process switching, so the
> > workaround is pretty much useless.
> 
> Oh, I see what you mean now.
> 
> > I'm ok with adding the Kconfig dependency below to
> > QCOM_FALKOR_ERRATUM_1003:
> > 
> > 	depends on !ARM64_SW_TTBR0_PAN || ARM64_PAN
> > 
> > together with a run-time warning if ARM64_SW_TTBR0_PAN is being used.
> 
> That makes it look like hardware-PAN is the cause of the erratum.

With the right Kconfig comment we could make this clearer.

> Maybe
> just select ARM64_PAN if the erratum workaround is selected, then
> runtime warning if we find that the h/w doesn't have PAN but does have
> the erratum (which should never fire)?

You still need this workaround even if you don't want any PAN (both sw
and hw PAN disabled). I wouldn't want to select ARM64_PAN since it's not
a dependency. It's more like if you do need a PAN, make sure you only
use the hw one.

-- 
Catalin

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Catalin Marinas]

On Wed, Feb 01, 2017 at 05:49:34PM +0000, Catalin Marinas wrote:
> On Wed, Feb 01, 2017 at 05:41:05PM +0000, Will Deacon wrote:
> > On Wed, Feb 01, 2017 at 05:36:09PM +0000, Catalin Marinas wrote:
> > > On Wed, Feb 01, 2017 at 04:33:58PM +0000, Will Deacon wrote:
> > > > On Wed, Feb 01, 2017 at 11:29:22AM -0500, Christopher Covington wrote:
> > > > > On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> > > > > > Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> > > > > > enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> > > > > > that case too, and hope that people do enable the HW version.
> > > > > 
> > > > > Okay, I'll do my best to add support for the SW PAN case. I rebased and
> > > > > submitted v6 of the E1009 patch [1] so that it no longer depends on this
> > > > > patch landing first, if you all are inclined to pick it up while work on
> > > > > this E1003 patch continues.
> > > > 
> > > > The alternative is not enabling SW_PAN (at runtime) if this errata is
> > > > present, along with a warning stating that hardware-PAN should be
> > > > enabled in kconfig instead. Not sure what distributions will make of that
> > > > though.
> > > 
> > > The problem with this patch is that when ARM64_SW_TTBR0_PAN is enabled
> > > and in the absence of hardware PAN (or ARM64_PAN disabled),
> > > cpu_do_switch_mm is no longer called for user process switching, so the
> > > workaround is pretty much useless.
> > 
> > Oh, I see what you mean now.
> > 
> > > I'm ok with adding the Kconfig dependency below to
> > > QCOM_FALKOR_ERRATUM_1003:
> > > 
> > > 	depends on !ARM64_SW_TTBR0_PAN || ARM64_PAN
> > > 
> > > together with a run-time warning if ARM64_SW_TTBR0_PAN is being used.
> > 
> > That makes it look like hardware-PAN is the cause of the erratum.
> 
> With the right Kconfig comment we could make this clearer.
> 
> > Maybe
> > just select ARM64_PAN if the erratum workaround is selected, then
> > runtime warning if we find that the h/w doesn't have PAN but does have
> > the erratum (which should never fire)?
> 
> You still need this workaround even if you don't want any PAN (both sw
> and hw PAN disabled). I wouldn't want to select ARM64_PAN since it's not
> a dependency. It's more like if you do need a PAN, make sure you only
> use the hw one.

Alternatively, your select idea could be refined to:

	select ARM64_PAN if ARM64_SW_TTBR0_PAN

but we still need a proper comment as people would wonder what this is
for.

-- 
Catalin

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Will Deacon]

On Wed, Feb 01, 2017 at 05:49:34PM +0000, Catalin Marinas wrote:
> On Wed, Feb 01, 2017 at 05:41:05PM +0000, Will Deacon wrote:
> > On Wed, Feb 01, 2017 at 05:36:09PM +0000, Catalin Marinas wrote:
> > > On Wed, Feb 01, 2017 at 04:33:58PM +0000, Will Deacon wrote:
> > > > On Wed, Feb 01, 2017 at 11:29:22AM -0500, Christopher Covington wrote:
> > > > > On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> > > > > > Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> > > > > > enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> > > > > > that case too, and hope that people do enable the HW version.
> > > > > 
> > > > > Okay, I'll do my best to add support for the SW PAN case. I rebased and
> > > > > submitted v6 of the E1009 patch [1] so that it no longer depends on this
> > > > > patch landing first, if you all are inclined to pick it up while work on
> > > > > this E1003 patch continues.
> > > > 
> > > > The alternative is not enabling SW_PAN (at runtime) if this errata is
> > > > present, along with a warning stating that hardware-PAN should be
> > > > enabled in kconfig instead. Not sure what distributions will make of that
> > > > though.
> > > 
> > > The problem with this patch is that when ARM64_SW_TTBR0_PAN is enabled
> > > and in the absence of hardware PAN (or ARM64_PAN disabled),
> > > cpu_do_switch_mm is no longer called for user process switching, so the
> > > workaround is pretty much useless.
> > 
> > Oh, I see what you mean now.
> > 
> > > I'm ok with adding the Kconfig dependency below to
> > > QCOM_FALKOR_ERRATUM_1003:
> > > 
> > > 	depends on !ARM64_SW_TTBR0_PAN || ARM64_PAN
> > > 
> > > together with a run-time warning if ARM64_SW_TTBR0_PAN is being used.
> > 
> > That makes it look like hardware-PAN is the cause of the erratum.
> 
> With the right Kconfig comment we could make this clearer.

It's not just a comment though, the kconfig option for the workaround
will disappear from menuconfig as long as the dependencies aren't met.
The dependency is really that SW_PAN depends on !ERRATUM_1003, but that
doesn't work for the distributions.

> > Maybe
> > just select ARM64_PAN if the erratum workaround is selected, then
> > runtime warning if we find that the h/w doesn't have PAN but does have
> > the erratum (which should never fire)?
> 
> You still need this workaround even if you don't want any PAN (both sw
> and hw PAN disabled). I wouldn't want to select ARM64_PAN since it's not
> a dependency. It's more like if you do need a PAN, make sure you only
> use the hw one.

True, in the case that all PAN options are disabled we still want this
to work. How about:

  select ARM64_PAN if ARM64_SW_TTBR0_PAN

?

In fact, what's the reason for supporting SW_PAN and ARM64_PAN as a
config combination? Why not just have "PAN" that enables them both and
uses the hardware feature if it's there?

Will

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Catalin Marinas]

On Wed, Feb 01, 2017 at 05:59:48PM +0000, Will Deacon wrote:
> On Wed, Feb 01, 2017 at 05:49:34PM +0000, Catalin Marinas wrote:
> > On Wed, Feb 01, 2017 at 05:41:05PM +0000, Will Deacon wrote:
> > > On Wed, Feb 01, 2017 at 05:36:09PM +0000, Catalin Marinas wrote:
> > > > On Wed, Feb 01, 2017 at 04:33:58PM +0000, Will Deacon wrote:
> > > > > On Wed, Feb 01, 2017 at 11:29:22AM -0500, Christopher Covington wrote:
> > > > > > On 01/31/2017 12:56 PM, Marc Zyngier wrote:
> > > > > > > Given that all ARMv8 CPUs can support SW_PAN, it is more likely to be
> > > > > > > enabled than the ARMv8.1 PAN. I'd vote for supporting the workaround in
> > > > > > > that case too, and hope that people do enable the HW version.
> > > > > > 
> > > > > > Okay, I'll do my best to add support for the SW PAN case. I rebased and
> > > > > > submitted v6 of the E1009 patch [1] so that it no longer depends on this
> > > > > > patch landing first, if you all are inclined to pick it up while work on
> > > > > > this E1003 patch continues.
> > > > > 
> > > > > The alternative is not enabling SW_PAN (at runtime) if this errata is
> > > > > present, along with a warning stating that hardware-PAN should be
> > > > > enabled in kconfig instead. Not sure what distributions will make of that
> > > > > though.
> > > > 
> > > > The problem with this patch is that when ARM64_SW_TTBR0_PAN is enabled
> > > > and in the absence of hardware PAN (or ARM64_PAN disabled),
> > > > cpu_do_switch_mm is no longer called for user process switching, so the
> > > > workaround is pretty much useless.
> > > 
> > > Oh, I see what you mean now.
> > > 
> > > > I'm ok with adding the Kconfig dependency below to
> > > > QCOM_FALKOR_ERRATUM_1003:
> > > > 
> > > > 	depends on !ARM64_SW_TTBR0_PAN || ARM64_PAN
> > > > 
> > > > together with a run-time warning if ARM64_SW_TTBR0_PAN is being used.
> > > 
> > > That makes it look like hardware-PAN is the cause of the erratum.
> > 
> > With the right Kconfig comment we could make this clearer.
> 
> It's not just a comment though, the kconfig option for the workaround
> will disappear from menuconfig as long as the dependencies aren't met.
> The dependency is really that SW_PAN depends on !ERRATUM_1003, but that
> doesn't work for the distributions.

I agree.

> > > Maybe
> > > just select ARM64_PAN if the erratum workaround is selected, then
> > > runtime warning if we find that the h/w doesn't have PAN but does have
> > > the erratum (which should never fire)?
> > 
> > You still need this workaround even if you don't want any PAN (both sw
> > and hw PAN disabled). I wouldn't want to select ARM64_PAN since it's not
> > a dependency. It's more like if you do need a PAN, make sure you only
> > use the hw one.
> 
> True, in the case that all PAN options are disabled we still want this
> to work. How about:
> 
>   select ARM64_PAN if ARM64_SW_TTBR0_PAN

As I replied to myself, the above would work for me as well, so let's go
for this.

> In fact, what's the reason for supporting SW_PAN and ARM64_PAN as a
> config combination? Why not just have "PAN" that enables them both and
> uses the hardware feature if it's there?

Because SW PAN has a non-trivial performance hit. You would enable SW
PAN only if you are paranoid about security. HW PAN, OTOH, is very cheap
and I wouldn't want to miss enabling it in a single Image supporting
ARMv8.0 and ARMv8.1 just because SW PAN is slow on ARMv8.0.

IOW, ARM64_PAN is default y while ARM64_SW_TTBR0_PAN is default n.

-- 
Catalin

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Will Deacon]

On Wed, Feb 01, 2017 at 06:22:44PM +0000, Catalin Marinas wrote:
> On Wed, Feb 01, 2017 at 05:59:48PM +0000, Will Deacon wrote:
> > On Wed, Feb 01, 2017 at 05:49:34PM +0000, Catalin Marinas wrote:
> > > On Wed, Feb 01, 2017 at 05:41:05PM +0000, Will Deacon wrote:
> > > > Maybe
> > > > just select ARM64_PAN if the erratum workaround is selected, then
> > > > runtime warning if we find that the h/w doesn't have PAN but does have
> > > > the erratum (which should never fire)?
> > > 
> > > You still need this workaround even if you don't want any PAN (both sw
> > > and hw PAN disabled). I wouldn't want to select ARM64_PAN since it's not
> > > a dependency. It's more like if you do need a PAN, make sure you only
> > > use the hw one.
> > 
> > True, in the case that all PAN options are disabled we still want this
> > to work. How about:
> > 
> >   select ARM64_PAN if ARM64_SW_TTBR0_PAN
> 
> As I replied to myself, the above would work for me as well, so let's go
> for this.
> 
> > In fact, what's the reason for supporting SW_PAN and ARM64_PAN as a
> > config combination? Why not just have "PAN" that enables them both and
> > uses the hardware feature if it's there?
> 
> Because SW PAN has a non-trivial performance hit. You would enable SW
> PAN only if you are paranoid about security. HW PAN, OTOH, is very cheap
> and I wouldn't want to miss enabling it in a single Image supporting
> ARMv8.0 and ARMv8.1 just because SW PAN is slow on ARMv8.0.
> 
> IOW, ARM64_PAN is default y while ARM64_SW_TTBR0_PAN is default n.

Ok, in that case, then how about another permutation: we make
ARM64_SW_TTBR0_PAN depend on ARM64_PAN? Then when you select "PAN Support"
you get a new menu option underneath it for the emulation? I think that
solves the erratum case and the use-case above.

Will

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Catalin Marinas]

On Wed, Feb 01, 2017 at 06:34:01PM +0000, Will Deacon wrote:
> On Wed, Feb 01, 2017 at 06:22:44PM +0000, Catalin Marinas wrote:
> > On Wed, Feb 01, 2017 at 05:59:48PM +0000, Will Deacon wrote:
> > > On Wed, Feb 01, 2017 at 05:49:34PM +0000, Catalin Marinas wrote:
> > > > On Wed, Feb 01, 2017 at 05:41:05PM +0000, Will Deacon wrote:
> > > > > Maybe
> > > > > just select ARM64_PAN if the erratum workaround is selected, then
> > > > > runtime warning if we find that the h/w doesn't have PAN but does have
> > > > > the erratum (which should never fire)?
> > > > 
> > > > You still need this workaround even if you don't want any PAN (both sw
> > > > and hw PAN disabled). I wouldn't want to select ARM64_PAN since it's not
> > > > a dependency. It's more like if you do need a PAN, make sure you only
> > > > use the hw one.
> > > 
> > > True, in the case that all PAN options are disabled we still want this
> > > to work. How about:
> > > 
> > >   select ARM64_PAN if ARM64_SW_TTBR0_PAN
> > 
> > As I replied to myself, the above would work for me as well, so let's go
> > for this.
> > 
> > > In fact, what's the reason for supporting SW_PAN and ARM64_PAN as a
> > > config combination? Why not just have "PAN" that enables them both and
> > > uses the hardware feature if it's there?
> > 
> > Because SW PAN has a non-trivial performance hit. You would enable SW
> > PAN only if you are paranoid about security. HW PAN, OTOH, is very cheap
> > and I wouldn't want to miss enabling it in a single Image supporting
> > ARMv8.0 and ARMv8.1 just because SW PAN is slow on ARMv8.0.
> > 
> > IOW, ARM64_PAN is default y while ARM64_SW_TTBR0_PAN is default n.
> 
> Ok, in that case, then how about another permutation: we make
> ARM64_SW_TTBR0_PAN depend on ARM64_PAN? Then when you select "PAN Support"
> you get a new menu option underneath it for the emulation? I think that
> solves the erratum case and the use-case above.

The problem is that ARM64_PAN is an ARMv8.1 feature and currently
grouped accordingly in Kconfig. ARM64_SW_TTBR0_PAN is complementary (and
even not recommended on ARMv8.1). We can do this if we break the ARMv8.x
feature grouping but just for this erratum, I don't think it's worth.

-- 
Catalin

Re: [PATCH v4 2/4] arm64: Work around Falkor erratum 1003

[Christopher Covington]

On 02/01/2017 01:38 PM, Catalin Marinas wrote:
> On Wed, Feb 01, 2017 at 06:34:01PM +0000, Will Deacon wrote:
>> On Wed, Feb 01, 2017 at 06:22:44PM +0000, Catalin Marinas wrote:
>>> On Wed, Feb 01, 2017 at 05:59:48PM +0000, Will Deacon wrote:
>>>> On Wed, Feb 01, 2017 at 05:49:34PM +0000, Catalin Marinas wrote:
>>>>> On Wed, Feb 01, 2017 at 05:41:05PM +0000, Will Deacon wrote:
>>>>>> Maybe
>>>>>> just select ARM64_PAN if the erratum workaround is selected, then
>>>>>> runtime warning if we find that the h/w doesn't have PAN but does have
>>>>>> the erratum (which should never fire)?
>>>>>
>>>>> You still need this workaround even if you don't want any PAN (both sw
>>>>> and hw PAN disabled). I wouldn't want to select ARM64_PAN since it's not
>>>>> a dependency. It's more like if you do need a PAN, make sure you only
>>>>> use the hw one.
>>>>
>>>> True, in the case that all PAN options are disabled we still want this
>>>> to work. How about:
>>>>
>>>>   select ARM64_PAN if ARM64_SW_TTBR0_PAN
>>>
>>> As I replied to myself, the above would work for me as well, so let's go
>>> for this.
>>>
>>>> In fact, what's the reason for supporting SW_PAN and ARM64_PAN as a
>>>> config combination? Why not just have "PAN" that enables them both and
>>>> uses the hardware feature if it's there?
>>>
>>> Because SW PAN has a non-trivial performance hit. You would enable SW
>>> PAN only if you are paranoid about security. HW PAN, OTOH, is very cheap
>>> and I wouldn't want to miss enabling it in a single Image supporting
>>> ARMv8.0 and ARMv8.1 just because SW PAN is slow on ARMv8.0.
>>>
>>> IOW, ARM64_PAN is default y while ARM64_SW_TTBR0_PAN is default n.
>>
>> Ok, in that case, then how about another permutation: we make
>> ARM64_SW_TTBR0_PAN depend on ARM64_PAN? Then when you select "PAN Support"
>> you get a new menu option underneath it for the emulation? I think that
>> solves the erratum case and the use-case above.
> 
> The problem is that ARM64_PAN is an ARMv8.1 feature and currently
> grouped accordingly in Kconfig. ARM64_SW_TTBR0_PAN is complementary (and
> even not recommended on ARMv8.1). We can do this if we break the ARMv8.x
> feature grouping but just for this erratum, I don't think it's worth.

Thanks all. I've used "select ARM64_PAN if ARM64_SW_TTBR0_PAN" in v6.

Thanks,
Cov

-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code
Aurora Forum, a Linux Foundation Collaborative Project.