Message ID | 20211014223125.2605031-5-suzuki.poulose@arm.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | arm64: Self-hosted trace related errata workarounds | expand |
Good morning, On Thu, Oct 14, 2021 at 11:31:14PM +0100, Suzuki K Poulose wrote: > Arm Neoverse-N2 and Cortex-A710 cores are affected by an erratum where the > trbe, under some circumstances, might write upto 64bytes to an address after Checkpatch gives me a warning about this line... > the Limit as programmed by the TRBLIMITR_EL1.LIMIT. This might - > > - Corrupt a page in the ring buffer, which may corrupt trace from a > previous session, consumed by userspace. > - Hit the guard page at the end of the vmalloc area and raise a fault. > > To keep the handling simpler, we always leave the last page from the > range, which TRBE is allowed to write. This can be achieved by ensuring > that we always have more than a PAGE worth space in the range, while > calculating the LIMIT for TRBE. And then the LIMIT pointer can be adjusted > to leave the PAGE (TRBLIMITR.LIMIT -= PAGE_SIZE), out of the TRBE range > while enabling it. This makes sure that the TRBE will only write to an area > within its allowed limit (i.e, [head-head+size]) and we do not have to handle I'm pretty sure this line will also be flagged. > address faults within the driver. > > Cc: Anshuman Khandual <anshuman.khandual@arm.com> > Cc: Mathieu Poirier <mathieu.poirier@linaro.org> > Cc: Mike Leach <mike.leach@linaro.org> > Cc: Leo Yan <leo.yan@linaro.org> > Cc: Will Deacon <will@kernel.org> > Cc: Mark Rutland <mark.rutland@arm.com> > Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com> > Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org> > Acked-by: Catalin Marinas <catalin.marinas@arm.com> > Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> > --- > Documentation/arm64/silicon-errata.rst | 4 +++ > arch/arm64/Kconfig | 41 ++++++++++++++++++++++++++ > arch/arm64/kernel/cpu_errata.c | 20 +++++++++++++ > arch/arm64/tools/cpucaps | 1 + > 4 files changed, 66 insertions(+) > > diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst > index 569a92411dcd..5342e895fb60 100644 > --- a/Documentation/arm64/silicon-errata.rst > +++ b/Documentation/arm64/silicon-errata.rst > @@ -96,6 +96,8 @@ stable kernels. > +----------------+-----------------+-----------------+-----------------------------+ > | ARM | Cortex-A710 | #2054223 | ARM64_ERRATUM_2054223 | > +----------------+-----------------+-----------------+-----------------------------+ > +| ARM | Cortex-A710 | #2224489 | ARM64_ERRATUM_2224489 | > ++----------------+-----------------+-----------------+-----------------------------+ > | ARM | Neoverse-N1 | #1188873,1418040| ARM64_ERRATUM_1418040 | > +----------------+-----------------+-----------------+-----------------------------+ > | ARM | Neoverse-N1 | #1349291 | N/A | > @@ -106,6 +108,8 @@ stable kernels. > +----------------+-----------------+-----------------+-----------------------------+ > | ARM | Neoverse-N2 | #2067961 | ARM64_ERRATUM_2067961 | > +----------------+-----------------+-----------------+-----------------------------+ > +| ARM | Neoverse-N2 | #2253138 | ARM64_ERRATUM_2253138 | > ++----------------+-----------------+-----------------+-----------------------------+ > | ARM | MMU-500 | #841119,826419 | N/A | > +----------------+-----------------+-----------------+-----------------------------+ > +----------------+-----------------+-----------------+-----------------------------+ > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 39b78460b9d0..f30029f4a9f9 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -740,6 +740,47 @@ config ARM64_ERRATUM_2067961 > > If unsure, say Y. > > +config ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + bool > + > +config ARM64_ERRATUM_2253138 > + bool "Neoverse-N2: 2253138: workaround TRBE writing to address out-of-range" > + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in > + depends on CORESIGHT_TRBE > + default y > + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + help > + This option adds the workaround for ARM Neoverse-N2 erratum 2253138. > + > + Affected Neoverse-N2 cores might write to an out-of-range address, not reserved > + for TRBE. Under some conditions, the TRBE might generate a write to the next > + virtually addressed page following the last page of the TRBE address space > + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. > + > + Work around this in the driver by always making sure that there is a > + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. > + > + If unsure, say Y. > + > +config ARM64_ERRATUM_2224489 > + bool "Cortex-A710: 2224489: workaround TRBE writing to address out-of-range" > + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in > + depends on CORESIGHT_TRBE > + default y > + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + help > + This option adds the workaround for ARM Cortex-A710 erratum 2224489. > + > + Affected Cortex-A710 cores might write to an out-of-range address, not reserved > + for TRBE. Under some conditions, the TRBE might generate a write to the next > + virtually addressed page following the last page of the TRBE address space > + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. > + > + Work around this in the driver by always making sure that there is a > + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. > + > + If unsure, say Y. > + > config CAVIUM_ERRATUM_22375 > bool "Cavium erratum 22375, 24313" > default y > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c > index bdbeac75ead6..e2978b89d4b8 100644 > --- a/arch/arm64/kernel/cpu_errata.c > +++ b/arch/arm64/kernel/cpu_errata.c > @@ -364,6 +364,18 @@ static const struct midr_range tsb_flush_fail_cpus[] = { > }; > #endif /* CONFIG_ARM64_WORKAROUND_TSB_FLUSH_FAILURE */ > > +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > +static struct midr_range trbe_write_out_of_range_cpus[] = { > +#ifdef CONFIG_ARM64_ERRATUM_2253138 > + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), > +#endif > +#ifdef CONFIG_ARM64_ERRATUM_2224489 > + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), > +#endif > + {}, > +}; > +#endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */ > + > const struct arm64_cpu_capabilities arm64_errata[] = { > #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE > { > @@ -577,6 +589,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { > .capability = ARM64_WORKAROUND_TSB_FLUSH_FAILURE, > ERRATA_MIDR_RANGE_LIST(tsb_flush_fail_cpus), > }, > +#endif > +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + { > + .desc = "ARM erratum 2253138 or 2224489", > + .capability = ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE, > + .type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE, > + CAP_MIDR_RANGE_LIST(trbe_write_out_of_range_cpus), > + }, > #endif > { > } > diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps > index 2102e15af43d..90628638e0f9 100644 > --- a/arch/arm64/tools/cpucaps > +++ b/arch/arm64/tools/cpucaps > @@ -55,6 +55,7 @@ WORKAROUND_1508412 > WORKAROUND_1542419 > WORKAROUND_TRBE_OVERWRITE_FILL_MODE > WORKAROUND_TSB_FLUSH_FAILURE > +WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > WORKAROUND_CAVIUM_23154 > WORKAROUND_CAVIUM_27456 > WORKAROUND_CAVIUM_30115 > -- > 2.25.4 >
On 18/10/2021 16:50, Mathieu Poirier wrote: > Good morning, > > On Thu, Oct 14, 2021 at 11:31:14PM +0100, Suzuki K Poulose wrote: >> Arm Neoverse-N2 and Cortex-A710 cores are affected by an erratum where the >> trbe, under some circumstances, might write upto 64bytes to an address after > > Checkpatch gives me a warning about this line... > >> the Limit as programmed by the TRBLIMITR_EL1.LIMIT. This might - >> >> - Corrupt a page in the ring buffer, which may corrupt trace from a >> previous session, consumed by userspace. >> - Hit the guard page at the end of the vmalloc area and raise a fault. >> >> To keep the handling simpler, we always leave the last page from the >> range, which TRBE is allowed to write. This can be achieved by ensuring >> that we always have more than a PAGE worth space in the range, while >> calculating the LIMIT for TRBE. And then the LIMIT pointer can be adjusted >> to leave the PAGE (TRBLIMITR.LIMIT -= PAGE_SIZE), out of the TRBE range >> while enabling it. This makes sure that the TRBE will only write to an area >> within its allowed limit (i.e, [head-head+size]) and we do not have to handle > > I'm pretty sure this line will also be flagged. > Thanks for pointing them out. I have fixed it now. Suzuki
diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst index 569a92411dcd..5342e895fb60 100644 --- a/Documentation/arm64/silicon-errata.rst +++ b/Documentation/arm64/silicon-errata.rst @@ -96,6 +96,8 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ARM | Cortex-A710 | #2054223 | ARM64_ERRATUM_2054223 | +----------------+-----------------+-----------------+-----------------------------+ +| ARM | Cortex-A710 | #2224489 | ARM64_ERRATUM_2224489 | ++----------------+-----------------+-----------------+-----------------------------+ | ARM | Neoverse-N1 | #1188873,1418040| ARM64_ERRATUM_1418040 | +----------------+-----------------+-----------------+-----------------------------+ | ARM | Neoverse-N1 | #1349291 | N/A | @@ -106,6 +108,8 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ARM | Neoverse-N2 | #2067961 | ARM64_ERRATUM_2067961 | +----------------+-----------------+-----------------+-----------------------------+ +| ARM | Neoverse-N2 | #2253138 | ARM64_ERRATUM_2253138 | ++----------------+-----------------+-----------------+-----------------------------+ | ARM | MMU-500 | #841119,826419 | N/A | +----------------+-----------------+-----------------+-----------------------------+ +----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 39b78460b9d0..f30029f4a9f9 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -740,6 +740,47 @@ config ARM64_ERRATUM_2067961 If unsure, say Y. +config ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + bool + +config ARM64_ERRATUM_2253138 + bool "Neoverse-N2: 2253138: workaround TRBE writing to address out-of-range" + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in + depends on CORESIGHT_TRBE + default y + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + help + This option adds the workaround for ARM Neoverse-N2 erratum 2253138. + + Affected Neoverse-N2 cores might write to an out-of-range address, not reserved + for TRBE. Under some conditions, the TRBE might generate a write to the next + virtually addressed page following the last page of the TRBE address space + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. + + Work around this in the driver by always making sure that there is a + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. + + If unsure, say Y. + +config ARM64_ERRATUM_2224489 + bool "Cortex-A710: 2224489: workaround TRBE writing to address out-of-range" + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in + depends on CORESIGHT_TRBE + default y + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + help + This option adds the workaround for ARM Cortex-A710 erratum 2224489. + + Affected Cortex-A710 cores might write to an out-of-range address, not reserved + for TRBE. Under some conditions, the TRBE might generate a write to the next + virtually addressed page following the last page of the TRBE address space + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. + + Work around this in the driver by always making sure that there is a + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. + + If unsure, say Y. + config CAVIUM_ERRATUM_22375 bool "Cavium erratum 22375, 24313" default y diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index bdbeac75ead6..e2978b89d4b8 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -364,6 +364,18 @@ static const struct midr_range tsb_flush_fail_cpus[] = { }; #endif /* CONFIG_ARM64_WORKAROUND_TSB_FLUSH_FAILURE */ +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE +static struct midr_range trbe_write_out_of_range_cpus[] = { +#ifdef CONFIG_ARM64_ERRATUM_2253138 + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), +#endif +#ifdef CONFIG_ARM64_ERRATUM_2224489 + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), +#endif + {}, +}; +#endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */ + const struct arm64_cpu_capabilities arm64_errata[] = { #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE { @@ -577,6 +589,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { .capability = ARM64_WORKAROUND_TSB_FLUSH_FAILURE, ERRATA_MIDR_RANGE_LIST(tsb_flush_fail_cpus), }, +#endif +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + { + .desc = "ARM erratum 2253138 or 2224489", + .capability = ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE, + .type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE, + CAP_MIDR_RANGE_LIST(trbe_write_out_of_range_cpus), + }, #endif { } diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index 2102e15af43d..90628638e0f9 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -55,6 +55,7 @@ WORKAROUND_1508412 WORKAROUND_1542419 WORKAROUND_TRBE_OVERWRITE_FILL_MODE WORKAROUND_TSB_FLUSH_FAILURE +WORKAROUND_TRBE_WRITE_OUT_OF_RANGE WORKAROUND_CAVIUM_23154 WORKAROUND_CAVIUM_27456 WORKAROUND_CAVIUM_30115