diff mbox

[1/9] ARM: enable secure platform-only erratas

Message ID 77ce738c15b992a92bee3a18e5468342fb2dc5ab.1500510157.git.mirq-linux@rere.qmqm.pl (mailing list archive)
State New, archived
Headers show

Commit Message

Michał Mirosław July 20, 2017, 12:29 a.m. UTC
Allow secure-only erratas to be used in multiarch kernel.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
---
 arch/arm/Kconfig | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

Comments

Dmitry Osipenko Oct. 5, 2017, 3:53 p.m. UTC | #1
On 20.07.2017 03:29, Michał Mirosław wrote:
> Allow secure-only erratas to be used in multiarch kernel.
> 
> Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
> ---
>  arch/arm/Kconfig | 20 ++++++++++++++------
>  1 file changed, 14 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index a208bfe367b5..a1eff866550b 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -696,6 +696,14 @@ config ARCH_MULTI_CPU_AUTO
>  
>  endmenu
>  
> +config ARCH_ASSUME_SECURE_PLATFORM

What about ARCH_SECURE_PLATFORM?

> +	bool "Enable ERRATAs using secure-only registers"
> +	default !ARCH_MULTIPLATFORM
> +	help
> +	  Allow erratas that need access to secure-only registers.
> +
> +	  Beware: Resulting kernel won't boot on a CPU in non-Secure mode.
> +
>  config ARCH_VIRT
>  	bool "Dummy Virtual Machine"
>  	depends on ARCH_MULTI_V7
> @@ -984,7 +992,7 @@ config ARM_ERRATA_430973
>  config ARM_ERRATA_458693
>  	bool "ARM errata: Processor deadlock when a false hazard is created"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 458693 Cortex-A8 (r2p0)
>  	  erratum. For very specific sequences of memory operations, it is
> @@ -998,7 +1006,7 @@ config ARM_ERRATA_458693
>  config ARM_ERRATA_460075
>  	bool "ARM errata: Data written to the L2 cache can be overwritten with stale data"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 460075 Cortex-A8 (r2p0)
>  	  erratum. Any asynchronous access to the L2 cache may encounter a
> @@ -1011,7 +1019,7 @@ config ARM_ERRATA_460075
>  config ARM_ERRATA_742230
>  	bool "ARM errata: DMB operation may be faulty"
>  	depends on CPU_V7 && SMP
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 742230 Cortex-A9
>  	  (r1p0..r2p2) erratum. Under rare circumstances, a DMB instruction
> @@ -1024,7 +1032,7 @@ config ARM_ERRATA_742230
>  config ARM_ERRATA_742231
>  	bool "ARM errata: Incorrect hazard handling in the SCU may lead to data corruption"
>  	depends on CPU_V7 && SMP
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 742231 Cortex-A9
>  	  (r2p0..r2p2) erratum. Under certain conditions, specific to the
> @@ -1062,7 +1070,7 @@ config ARM_ERRATA_720789
>  config ARM_ERRATA_743622
>  	bool "ARM errata: Faulty hazard checking in the Store Buffer may lead to data corruption"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 743622 Cortex-A9
>  	  (r2p*) erratum. Under very rare conditions, a faulty
> @@ -1076,7 +1084,7 @@ config ARM_ERRATA_743622
>  config ARM_ERRATA_751472
>  	bool "ARM errata: Interrupted ICIALLUIS may prevent completion of broadcasted operation"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 751472 Cortex-A9 (prior
>  	  to r3p0) erratum. An interrupted ICIALLUIS operation may prevent the
>
Dmitry Osipenko Oct. 5, 2017, 6:16 p.m. UTC | #2
On 20.07.2017 03:29, Michał Mirosław wrote:
> Allow secure-only erratas to be used in multiarch kernel.
> 
> Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
> ---
>  arch/arm/Kconfig | 20 ++++++++++++++------
>  1 file changed, 14 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index a208bfe367b5..a1eff866550b 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -696,6 +696,14 @@ config ARCH_MULTI_CPU_AUTO
>  
>  endmenu
>  
> +config ARCH_ASSUME_SECURE_PLATFORM
> +	bool "Enable ERRATAs using secure-only registers"
> +	default !ARCH_MULTIPLATFORM

I think default should always be "Yes" and this option shouldn't affect
multiplatform kernels. So a multiplatform kernel wouldn't be an option for your
device.

> +	help
> +	  Allow erratas that need access to secure-only registers.
> +
> +	  Beware: Resulting kernel won't boot on a CPU in non-Secure mode.
> +

Probably better to say here something like that: Disable this option to avoid
CPU erratas that require access to secure-only registers. This might be needed
in a case of running under a secure monitor.

>  config ARCH_VIRT
>  	bool "Dummy Virtual Machine"
>  	depends on ARCH_MULTI_V7
> @@ -984,7 +992,7 @@ config ARM_ERRATA_430973
>  config ARM_ERRATA_458693
>  	bool "ARM errata: Processor deadlock when a false hazard is created"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 458693 Cortex-A8 (r2p0)
>  	  erratum. For very specific sequences of memory operations, it is
> @@ -998,7 +1006,7 @@ config ARM_ERRATA_458693
>  config ARM_ERRATA_460075
>  	bool "ARM errata: Data written to the L2 cache can be overwritten with stale data"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 460075 Cortex-A8 (r2p0)
>  	  erratum. Any asynchronous access to the L2 cache may encounter a
> @@ -1011,7 +1019,7 @@ config ARM_ERRATA_460075
>  config ARM_ERRATA_742230
>  	bool "ARM errata: DMB operation may be faulty"
>  	depends on CPU_V7 && SMP
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 742230 Cortex-A9
>  	  (r1p0..r2p2) erratum. Under rare circumstances, a DMB instruction
> @@ -1024,7 +1032,7 @@ config ARM_ERRATA_742230
>  config ARM_ERRATA_742231
>  	bool "ARM errata: Incorrect hazard handling in the SCU may lead to data corruption"
>  	depends on CPU_V7 && SMP
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 742231 Cortex-A9
>  	  (r2p0..r2p2) erratum. Under certain conditions, specific to the
> @@ -1062,7 +1070,7 @@ config ARM_ERRATA_720789
>  config ARM_ERRATA_743622
>  	bool "ARM errata: Faulty hazard checking in the Store Buffer may lead to data corruption"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 743622 Cortex-A9
>  	  (r2p*) erratum. Under very rare conditions, a faulty
> @@ -1076,7 +1084,7 @@ config ARM_ERRATA_743622
>  config ARM_ERRATA_751472
>  	bool "ARM errata: Interrupted ICIALLUIS may prevent completion of broadcasted operation"
>  	depends on CPU_V7
> -	depends on !ARCH_MULTIPLATFORM
> +	depends on ARCH_ASSUME_SECURE_PLATFORM
>  	help
>  	  This option enables the workaround for the 751472 Cortex-A9 (prior
>  	  to r3p0) erratum. An interrupted ICIALLUIS operation may prevent the
>
Russell King (Oracle) Dec. 19, 2017, 11:28 p.m. UTC | #3
On Thu, Oct 05, 2017 at 09:16:12PM +0300, Dmitry Osipenko wrote:
> On 20.07.2017 03:29, Michał Mirosław wrote:
> > Allow secure-only erratas to be used in multiarch kernel.
> > 
> > Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
> > ---
> >  arch/arm/Kconfig | 20 ++++++++++++++------
> >  1 file changed, 14 insertions(+), 6 deletions(-)
> > 
> > diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> > index a208bfe367b5..a1eff866550b 100644
> > --- a/arch/arm/Kconfig
> > +++ b/arch/arm/Kconfig
> > @@ -696,6 +696,14 @@ config ARCH_MULTI_CPU_AUTO
> >  
> >  endmenu
> >  
> > +config ARCH_ASSUME_SECURE_PLATFORM
> > +	bool "Enable ERRATAs using secure-only registers"
> > +	default !ARCH_MULTIPLATFORM
> 
> I think default should always be "Yes" and this option shouldn't affect
> multiplatform kernels. So a multiplatform kernel wouldn't be an option
> for your device.

No, that changes the current behaviour.

Current behaviour is for the secure-only errata to be disabled when the
multi-platform option is enabled, because multi-platform kernels have to
be able to run in the non-secure world.  Defaulting this option to "yes"
means that these errata become visible.

I have to wonder why you need this though - your patches seem to be
targetting a platform that runs in non-secure world, and enabling these
errata would make the kernel non-bootable on your platform.
Dmitry Osipenko Dec. 20, 2017, 12:49 p.m. UTC | #4
On 20.12.2017 02:28, Russell King - ARM Linux wrote:
> On Thu, Oct 05, 2017 at 09:16:12PM +0300, Dmitry Osipenko wrote:
>> On 20.07.2017 03:29, Michał Mirosław wrote:
>>> Allow secure-only erratas to be used in multiarch kernel.
>>>
>>> Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
>>> ---
>>>  arch/arm/Kconfig | 20 ++++++++++++++------
>>>  1 file changed, 14 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
>>> index a208bfe367b5..a1eff866550b 100644
>>> --- a/arch/arm/Kconfig
>>> +++ b/arch/arm/Kconfig
>>> @@ -696,6 +696,14 @@ config ARCH_MULTI_CPU_AUTO
>>>  
>>>  endmenu
>>>  
>>> +config ARCH_ASSUME_SECURE_PLATFORM
>>> +	bool "Enable ERRATAs using secure-only registers"
>>> +	default !ARCH_MULTIPLATFORM
>>
>> I think default should always be "Yes" and this option shouldn't affect
>> multiplatform kernels. So a multiplatform kernel wouldn't be an option
>> for your device.
> 
> No, that changes the current behaviour.
> 
> Current behaviour is for the secure-only errata to be disabled when the
> multi-platform option is enabled, because multi-platform kernels have to
> be able to run in the non-secure world.  Defaulting this option to "yes"
> means that these errata become visible.

Indeed, I got it inverted.

> I have to wonder why you need this though - your patches seem to be
> targetting a platform that runs in non-secure world, and enabling these
> errata would make the kernel non-bootable on your platform.

Perhaps because Michał made the Tegra's CPU reset handler hardcoded to either
secure or to non-secure case based on the kernels configuration. I've showed how
we can get rid of that inflexibility in [0], maybe Michał could pick up the idea
in the next iteration of the patches.

[0] https://marc.info/?l=linux-tegra&m=151371042522835
diff mbox

Patch

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index a208bfe367b5..a1eff866550b 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -696,6 +696,14 @@  config ARCH_MULTI_CPU_AUTO
 
 endmenu
 
+config ARCH_ASSUME_SECURE_PLATFORM
+	bool "Enable ERRATAs using secure-only registers"
+	default !ARCH_MULTIPLATFORM
+	help
+	  Allow erratas that need access to secure-only registers.
+
+	  Beware: Resulting kernel won't boot on a CPU in non-Secure mode.
+
 config ARCH_VIRT
 	bool "Dummy Virtual Machine"
 	depends on ARCH_MULTI_V7
@@ -984,7 +992,7 @@  config ARM_ERRATA_430973
 config ARM_ERRATA_458693
 	bool "ARM errata: Processor deadlock when a false hazard is created"
 	depends on CPU_V7
-	depends on !ARCH_MULTIPLATFORM
+	depends on ARCH_ASSUME_SECURE_PLATFORM
 	help
 	  This option enables the workaround for the 458693 Cortex-A8 (r2p0)
 	  erratum. For very specific sequences of memory operations, it is
@@ -998,7 +1006,7 @@  config ARM_ERRATA_458693
 config ARM_ERRATA_460075
 	bool "ARM errata: Data written to the L2 cache can be overwritten with stale data"
 	depends on CPU_V7
-	depends on !ARCH_MULTIPLATFORM
+	depends on ARCH_ASSUME_SECURE_PLATFORM
 	help
 	  This option enables the workaround for the 460075 Cortex-A8 (r2p0)
 	  erratum. Any asynchronous access to the L2 cache may encounter a
@@ -1011,7 +1019,7 @@  config ARM_ERRATA_460075
 config ARM_ERRATA_742230
 	bool "ARM errata: DMB operation may be faulty"
 	depends on CPU_V7 && SMP
-	depends on !ARCH_MULTIPLATFORM
+	depends on ARCH_ASSUME_SECURE_PLATFORM
 	help
 	  This option enables the workaround for the 742230 Cortex-A9
 	  (r1p0..r2p2) erratum. Under rare circumstances, a DMB instruction
@@ -1024,7 +1032,7 @@  config ARM_ERRATA_742230
 config ARM_ERRATA_742231
 	bool "ARM errata: Incorrect hazard handling in the SCU may lead to data corruption"
 	depends on CPU_V7 && SMP
-	depends on !ARCH_MULTIPLATFORM
+	depends on ARCH_ASSUME_SECURE_PLATFORM
 	help
 	  This option enables the workaround for the 742231 Cortex-A9
 	  (r2p0..r2p2) erratum. Under certain conditions, specific to the
@@ -1062,7 +1070,7 @@  config ARM_ERRATA_720789
 config ARM_ERRATA_743622
 	bool "ARM errata: Faulty hazard checking in the Store Buffer may lead to data corruption"
 	depends on CPU_V7
-	depends on !ARCH_MULTIPLATFORM
+	depends on ARCH_ASSUME_SECURE_PLATFORM
 	help
 	  This option enables the workaround for the 743622 Cortex-A9
 	  (r2p*) erratum. Under very rare conditions, a faulty
@@ -1076,7 +1084,7 @@  config ARM_ERRATA_743622
 config ARM_ERRATA_751472
 	bool "ARM errata: Interrupted ICIALLUIS may prevent completion of broadcasted operation"
 	depends on CPU_V7
-	depends on !ARCH_MULTIPLATFORM
+	depends on ARCH_ASSUME_SECURE_PLATFORM
 	help
 	  This option enables the workaround for the 751472 Cortex-A9 (prior
 	  to r3p0) erratum. An interrupted ICIALLUIS operation may prevent the