| Message ID | 20211014223125.2605031-5-suzuki.poulose@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: Self-hosted trace related errata workarounds | expand |
Good morning, On Thu, Oct 14, 2021 at 11:31:14PM +0100, Suzuki K Poulose wrote: > Arm Neoverse-N2 and Cortex-A710 cores are affected by an erratum where the > trbe, under some circumstances, might write upto 64bytes to an address after Checkpatch gives me a warning about this line... > the Limit as programmed by the TRBLIMITR_EL1.LIMIT. This might - > > - Corrupt a page in the ring buffer, which may corrupt trace from a > previous session, consumed by userspace. > - Hit the guard page at the end of the vmalloc area and raise a fault. > > To keep the handling simpler, we always leave the last page from the > range, which TRBE is allowed to write. This can be achieved by ensuring > that we always have more than a PAGE worth space in the range, while > calculating the LIMIT for TRBE. And then the LIMIT pointer can be adjusted > to leave the PAGE (TRBLIMITR.LIMIT -= PAGE_SIZE), out of the TRBE range > while enabling it. This makes sure that the TRBE will only write to an area > within its allowed limit (i.e, [head-head+size]) and we do not have to handle I'm pretty sure this line will also be flagged. > address faults within the driver. > > Cc: Anshuman Khandual <anshuman.khandual@arm.com> > Cc: Mathieu Poirier <mathieu.poirier@linaro.org> > Cc: Mike Leach <mike.leach@linaro.org> > Cc: Leo Yan <leo.yan@linaro.org> > Cc: Will Deacon <will@kernel.org> > Cc: Mark Rutland <mark.rutland@arm.com> > Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com> > Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org> > Acked-by: Catalin Marinas <catalin.marinas@arm.com> > Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> > --- > Documentation/arm64/silicon-errata.rst | 4 +++ > arch/arm64/Kconfig | 41 ++++++++++++++++++++++++++ > arch/arm64/kernel/cpu_errata.c | 20 +++++++++++++ > arch/arm64/tools/cpucaps | 1 + > 4 files changed, 66 insertions(+) > > diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst > index 569a92411dcd..5342e895fb60 100644 > --- a/Documentation/arm64/silicon-errata.rst > +++ b/Documentation/arm64/silicon-errata.rst > @@ -96,6 +96,8 @@ stable kernels. > +----------------+-----------------+-----------------+-----------------------------+ > | ARM | Cortex-A710 | #2054223 | ARM64_ERRATUM_2054223 | > +----------------+-----------------+-----------------+-----------------------------+ > +| ARM | Cortex-A710 | #2224489 | ARM64_ERRATUM_2224489 | > ++----------------+-----------------+-----------------+-----------------------------+ > | ARM | Neoverse-N1 | #1188873,1418040| ARM64_ERRATUM_1418040 | > +----------------+-----------------+-----------------+-----------------------------+ > | ARM | Neoverse-N1 | #1349291 | N/A | > @@ -106,6 +108,8 @@ stable kernels. > +----------------+-----------------+-----------------+-----------------------------+ > | ARM | Neoverse-N2 | #2067961 | ARM64_ERRATUM_2067961 | > +----------------+-----------------+-----------------+-----------------------------+ > +| ARM | Neoverse-N2 | #2253138 | ARM64_ERRATUM_2253138 | > ++----------------+-----------------+-----------------+-----------------------------+ > | ARM | MMU-500 | #841119,826419 | N/A | > +----------------+-----------------+-----------------+-----------------------------+ > +----------------+-----------------+-----------------+-----------------------------+ > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 39b78460b9d0..f30029f4a9f9 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -740,6 +740,47 @@ config ARM64_ERRATUM_2067961 > > If unsure, say Y. > > +config ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + bool > + > +config ARM64_ERRATUM_2253138 > + bool "Neoverse-N2: 2253138: workaround TRBE writing to address out-of-range" > + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in > + depends on CORESIGHT_TRBE > + default y > + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + help > + This option adds the workaround for ARM Neoverse-N2 erratum 2253138. > + > + Affected Neoverse-N2 cores might write to an out-of-range address, not reserved > + for TRBE. Under some conditions, the TRBE might generate a write to the next > + virtually addressed page following the last page of the TRBE address space > + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. > + > + Work around this in the driver by always making sure that there is a > + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. > + > + If unsure, say Y. > + > +config ARM64_ERRATUM_2224489 > + bool "Cortex-A710: 2224489: workaround TRBE writing to address out-of-range" > + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in > + depends on CORESIGHT_TRBE > + default y > + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + help > + This option adds the workaround for ARM Cortex-A710 erratum 2224489. > + > + Affected Cortex-A710 cores might write to an out-of-range address, not reserved > + for TRBE. Under some conditions, the TRBE might generate a write to the next > + virtually addressed page following the last page of the TRBE address space > + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. > + > + Work around this in the driver by always making sure that there is a > + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. > + > + If unsure, say Y. > + > config CAVIUM_ERRATUM_22375 > bool "Cavium erratum 22375, 24313" > default y > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c > index bdbeac75ead6..e2978b89d4b8 100644 > --- a/arch/arm64/kernel/cpu_errata.c > +++ b/arch/arm64/kernel/cpu_errata.c > @@ -364,6 +364,18 @@ static const struct midr_range tsb_flush_fail_cpus[] = { > }; > #endif /* CONFIG_ARM64_WORKAROUND_TSB_FLUSH_FAILURE */ > > +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > +static struct midr_range trbe_write_out_of_range_cpus[] = { > +#ifdef CONFIG_ARM64_ERRATUM_2253138 > + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), > +#endif > +#ifdef CONFIG_ARM64_ERRATUM_2224489 > + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), > +#endif > + {}, > +}; > +#endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */ > + > const struct arm64_cpu_capabilities arm64_errata[] = { > #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE > { > @@ -577,6 +589,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { > .capability = ARM64_WORKAROUND_TSB_FLUSH_FAILURE, > ERRATA_MIDR_RANGE_LIST(tsb_flush_fail_cpus), > }, > +#endif > +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > + { > + .desc = "ARM erratum 2253138 or 2224489", > + .capability = ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE, > + .type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE, > + CAP_MIDR_RANGE_LIST(trbe_write_out_of_range_cpus), > + }, > #endif > { > } > diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps > index 2102e15af43d..90628638e0f9 100644 > --- a/arch/arm64/tools/cpucaps > +++ b/arch/arm64/tools/cpucaps > @@ -55,6 +55,7 @@ WORKAROUND_1508412 > WORKAROUND_1542419 > WORKAROUND_TRBE_OVERWRITE_FILL_MODE > WORKAROUND_TSB_FLUSH_FAILURE > +WORKAROUND_TRBE_WRITE_OUT_OF_RANGE > WORKAROUND_CAVIUM_23154 > WORKAROUND_CAVIUM_27456 > WORKAROUND_CAVIUM_30115 > -- > 2.25.4 >
On 18/10/2021 16:50, Mathieu Poirier wrote: > Good morning, > > On Thu, Oct 14, 2021 at 11:31:14PM +0100, Suzuki K Poulose wrote: >> Arm Neoverse-N2 and Cortex-A710 cores are affected by an erratum where the >> trbe, under some circumstances, might write upto 64bytes to an address after > > Checkpatch gives me a warning about this line... > >> the Limit as programmed by the TRBLIMITR_EL1.LIMIT. This might - >> >> - Corrupt a page in the ring buffer, which may corrupt trace from a >> previous session, consumed by userspace. >> - Hit the guard page at the end of the vmalloc area and raise a fault. >> >> To keep the handling simpler, we always leave the last page from the >> range, which TRBE is allowed to write. This can be achieved by ensuring >> that we always have more than a PAGE worth space in the range, while >> calculating the LIMIT for TRBE. And then the LIMIT pointer can be adjusted >> to leave the PAGE (TRBLIMITR.LIMIT -= PAGE_SIZE), out of the TRBE range >> while enabling it. This makes sure that the TRBE will only write to an area >> within its allowed limit (i.e, [head-head+size]) and we do not have to handle > > I'm pretty sure this line will also be flagged. > Thanks for pointing them out. I have fixed it now. Suzuki
diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst index 569a92411dcd..5342e895fb60 100644 --- a/Documentation/arm64/silicon-errata.rst +++ b/Documentation/arm64/silicon-errata.rst @@ -96,6 +96,8 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ARM | Cortex-A710 | #2054223 | ARM64_ERRATUM_2054223 | +----------------+-----------------+-----------------+-----------------------------+ +| ARM | Cortex-A710 | #2224489 | ARM64_ERRATUM_2224489 | ++----------------+-----------------+-----------------+-----------------------------+ | ARM | Neoverse-N1 | #1188873,1418040| ARM64_ERRATUM_1418040 | +----------------+-----------------+-----------------+-----------------------------+ | ARM | Neoverse-N1 | #1349291 | N/A | @@ -106,6 +108,8 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ARM | Neoverse-N2 | #2067961 | ARM64_ERRATUM_2067961 | +----------------+-----------------+-----------------+-----------------------------+ +| ARM | Neoverse-N2 | #2253138 | ARM64_ERRATUM_2253138 | ++----------------+-----------------+-----------------+-----------------------------+ | ARM | MMU-500 | #841119,826419 | N/A | +----------------+-----------------+-----------------+-----------------------------+ +----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 39b78460b9d0..f30029f4a9f9 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -740,6 +740,47 @@ config ARM64_ERRATUM_2067961 If unsure, say Y. +config ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + bool + +config ARM64_ERRATUM_2253138 + bool "Neoverse-N2: 2253138: workaround TRBE writing to address out-of-range" + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in + depends on CORESIGHT_TRBE + default y + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + help + This option adds the workaround for ARM Neoverse-N2 erratum 2253138. + + Affected Neoverse-N2 cores might write to an out-of-range address, not reserved + for TRBE. Under some conditions, the TRBE might generate a write to the next + virtually addressed page following the last page of the TRBE address space + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. + + Work around this in the driver by always making sure that there is a + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. + + If unsure, say Y. + +config ARM64_ERRATUM_2224489 + bool "Cortex-A710: 2224489: workaround TRBE writing to address out-of-range" + depends on COMPILE_TEST # Until the CoreSight TRBE driver changes are in + depends on CORESIGHT_TRBE + default y + select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + help + This option adds the workaround for ARM Cortex-A710 erratum 2224489. + + Affected Cortex-A710 cores might write to an out-of-range address, not reserved + for TRBE. Under some conditions, the TRBE might generate a write to the next + virtually addressed page following the last page of the TRBE address space + (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. + + Work around this in the driver by always making sure that there is a + page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. + + If unsure, say Y. + config CAVIUM_ERRATUM_22375 bool "Cavium erratum 22375, 24313" default y diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index bdbeac75ead6..e2978b89d4b8 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -364,6 +364,18 @@ static const struct midr_range tsb_flush_fail_cpus[] = { }; #endif /* CONFIG_ARM64_WORKAROUND_TSB_FLUSH_FAILURE */ +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE +static struct midr_range trbe_write_out_of_range_cpus[] = { +#ifdef CONFIG_ARM64_ERRATUM_2253138 + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), +#endif +#ifdef CONFIG_ARM64_ERRATUM_2224489 + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), +#endif + {}, +}; +#endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */ + const struct arm64_cpu_capabilities arm64_errata[] = { #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE { @@ -577,6 +589,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { .capability = ARM64_WORKAROUND_TSB_FLUSH_FAILURE, ERRATA_MIDR_RANGE_LIST(tsb_flush_fail_cpus), }, +#endif +#ifdef CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE + { + .desc = "ARM erratum 2253138 or 2224489", + .capability = ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE, + .type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE, + CAP_MIDR_RANGE_LIST(trbe_write_out_of_range_cpus), + }, #endif { } diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index 2102e15af43d..90628638e0f9 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -55,6 +55,7 @@ WORKAROUND_1508412 WORKAROUND_1542419 WORKAROUND_TRBE_OVERWRITE_FILL_MODE WORKAROUND_TSB_FLUSH_FAILURE +WORKAROUND_TRBE_WRITE_OUT_OF_RANGE WORKAROUND_CAVIUM_23154 WORKAROUND_CAVIUM_27456 WORKAROUND_CAVIUM_30115
Arm Neoverse-N2 and Cortex-A710 cores are affected by an erratum where the trbe, under some circumstances, might write upto 64bytes to an address after the Limit as programmed by the TRBLIMITR_EL1.LIMIT. This might - - Corrupt a page in the ring buffer, which may corrupt trace from a previous session, consumed by userspace. - Hit the guard page at the end of the vmalloc area and raise a fault. To keep the handling simpler, we always leave the last page from the range, which TRBE is allowed to write. This can be achieved by ensuring that we always have more than a PAGE worth space in the range, while calculating the LIMIT for TRBE. And then the LIMIT pointer can be adjusted to leave the PAGE (TRBLIMITR.LIMIT -= PAGE_SIZE), out of the TRBE range while enabling it. This makes sure that the TRBE will only write to an area within its allowed limit (i.e, [head-head+size]) and we do not have to handle address faults within the driver. Cc: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Mathieu Poirier <mathieu.poirier@linaro.org> Cc: Mike Leach <mike.leach@linaro.org> Cc: Leo Yan <leo.yan@linaro.org> Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com> Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> --- Documentation/arm64/silicon-errata.rst | 4 +++ arch/arm64/Kconfig | 41 ++++++++++++++++++++++++++ arch/arm64/kernel/cpu_errata.c | 20 +++++++++++++ arch/arm64/tools/cpucaps | 1 + 4 files changed, 66 insertions(+)