[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 13/16] xen/arm: arm64: Add Cortex-A53 cache errata workaround

On Tue, 7 Jun 2016, Julien Grall wrote:
> The ARM errata 819472, 827319 and 824069 define the same workaround for
> these hardware issues in certain Cortex-A53 parts.
> 
> The cache instructions "dc cvac" and "dc cvau" need to be upgraded to
> "dc civac".
> 
> Use the alternative framework to replace those instructions only on
> affected cores.
> 
> Whilst the errata affect cache instructions issued at any exception
> level, it is not necessary to trap EL1/EL0 data cache instructions
> access in order to upgrade them. Indeed the data cache corruption would
> always be at the address used by the data cache instructions. Note that
> this address could point to a shared memory between guests and the
> hypervisors, however all the information present in it are be validated
> before any use.
> 
> Therefore a malicious guest could only hurt itself. Note that all the
> guests should implement/enable the workaround for the affected cores.
> 
> Signed-off-by: Julien Grall <julien.grall@xxxxxxx>

Acked-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>


> ---
>     Changes in v3:
>         - Remove conflict introduced whilst rebasing this series
> ---
>  docs/misc/arm/silicon-errata.txt |  3 ++
>  xen/arch/arm/Kconfig             | 71 
> ++++++++++++++++++++++++++++++++++++++++
>  xen/arch/arm/arm64/cache.S       |  2 ++
>  xen/arch/arm/cpuerrata.c         | 17 ++++++++++
>  xen/include/asm-arm/arm64/page.h |  7 +++-
>  xen/include/asm-arm/cpufeature.h |  4 ++-
>  xen/include/asm-arm/processor.h  |  6 ++++
>  7 files changed, 108 insertions(+), 2 deletions(-)
> 
> diff --git a/docs/misc/arm/silicon-errata.txt 
> b/docs/misc/arm/silicon-errata.txt
> index 374a63a..fe9f52e 100644
> --- a/docs/misc/arm/silicon-errata.txt
> +++ b/docs/misc/arm/silicon-errata.txt
> @@ -42,4 +42,7 @@ stable hypervisors.
>  | Implementor    | Component       | Erratum ID      | Kconfig               
>   |
>  
> +----------------+-----------------+-----------------+-------------------------+
>  | ARM            | Cortex-A15      | #766422         | N/A                   
>   |
> +| ARM            | Cortex-A53      | #827319         | ARM64_ERRATUM_827319  
>   |
> +| ARM            | Cortex-A53      | #824069         | ARM64_ERRATUM_824069  
>   |
> +| ARM            | Cortex-A53      | #819472         | ARM64_ERRATUM_819472  
>   |
>  | ARM            | Cortex-A57      | #852523         | N/A                   
>   |
> diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> index 0141bd9..a473d9c 100644
> --- a/xen/arch/arm/Kconfig
> +++ b/xen/arch/arm/Kconfig
> @@ -53,6 +53,77 @@ config ALTERNATIVE
>  
>  endmenu
>  
> +menu "ARM errata workaround via the alternative framework"
> +     depends on ALTERNATIVE
> +
> +config ARM64_ERRATUM_827319
> +     bool "Cortex-A53: 827319: Data cache clean instructions might cause 
> overlapping transactions to the interconnect"
> +     default y
> +     depends on ARM_64
> +     help
> +       This option adds an alternative code sequence to work around ARM
> +       erratum 827319 on Cortex-A53 parts up to r0p2 with an AMBA 5 CHI
> +       master interface and an L2 cache.
> +
> +       Under certain conditions this erratum can cause a clean line eviction
> +       to occur at the same time as another transaction to the same address
> +       on the AMBA 5 CHI interface, which can cause data corruption if the
> +       interconnect reorders the two transactions.
> +
> +       The workaround promotes data cache clean instructions to
> +       data cache clean-and-invalidate.
> +       Please note that this does not necessarily enable the workaround,
> +       as it depends on the alternative framework, which will only patch
> +       the kernel if an affected CPU is detected.
> +
> +       If unsure, say Y.
> +
> +config ARM64_ERRATUM_824069
> +     bool "Cortex-A53: 824069: Cache line might not be marked as clean after 
> a CleanShared snoop"
> +     default y
> +     depends on ARM_64
> +     help
> +       This option adds an alternative code sequence to work around ARM
> +       erratum 824069 on Cortex-A53 parts up to r0p2 when it is connected
> +       to a coherent interconnect.
> +
> +       If a Cortex-A53 processor is executing a store or prefetch for
> +       write instruction at the same time as a processor in another
> +       cluster is executing a cache maintenance operation to the same
> +       address, then this erratum might cause a clean cache line to be
> +       incorrectly marked as dirty.
> +
> +       The workaround promotes data cache clean instructions to
> +       data cache clean-and-invalidate.
> +       Please note that this option does not necessarily enable the
> +       workaround, as it depends on the alternative framework, which will
> +       only patch the kernel if an affected CPU is detected.
> +
> +       If unsure, say Y.
> +
> +config ARM64_ERRATUM_819472
> +     bool "Cortex-A53: 819472: Store exclusive instructions might cause data 
> corruption"
> +     default y
> +     depends on ARM_64
> +     help
> +       This option adds an alternative code sequence to work around ARM
> +       erratum 819472 on Cortex-A53 parts up to r0p1 with an L2 cache
> +       present when it is connected to a coherent interconnect.
> +
> +       If the processor is executing a load and store exclusive sequence at
> +       the same time as a processor in another cluster is executing a cache
> +       maintenance operation to the same address, then this erratum might
> +       cause data corruption.
> +
> +       The workaround promotes data cache clean instructions to
> +       data cache clean-and-invalidate.
> +       Please note that this does not necessarily enable the workaround,
> +       as it depends on the alternative framework, which will only patch
> +       the kernel if an affected CPU is detected.
> +
> +       If unsure, say Y.
> +endmenu
> +
>  source "common/Kconfig"
>  
>  source "drivers/Kconfig"
> diff --git a/xen/arch/arm/arm64/cache.S b/xen/arch/arm/arm64/cache.S
> index eff4e16..9a88a2b 100644
> --- a/xen/arch/arm/arm64/cache.S
> +++ b/xen/arch/arm/arm64/cache.S
> @@ -19,6 +19,8 @@
>   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
>   */
>  
> +#include <asm/alternative.h>
> +
>  /*
>   * dcache_line_size - get the minimum D-cache line size from the CTR 
> register.
>   */
> diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
> index 52d39f8..211b520 100644
> --- a/xen/arch/arm/cpuerrata.c
> +++ b/xen/arch/arm/cpuerrata.c
> @@ -17,6 +17,23 @@ is_affected_midr_range(const struct arm_cpu_capabilities 
> *entry)
>  }
>  
>  static const struct arm_cpu_capabilities arm_errata[] = {
> +#if defined(CONFIG_ARM64_ERRATUM_827319) || \
> +    defined(CONFIG_ARM64_ERRATUM_824069)
> +    {
> +        /* Cortex-A53 r0p[012] */
> +        .desc = "ARM errata 827319, 824069",
> +        .capability = ARM64_WORKAROUND_CLEAN_CACHE,
> +        MIDR_RANGE(MIDR_CORTEX_A53, 0x00, 0x02),
> +    },
> +#endif
> +#ifdef CONFIG_ARM64_ERRATUM_819472
> +    {
> +        /* Cortex-A53 r0[01] */
> +        .desc = "ARM erratum 819472",
> +        .capability = ARM64_WORKAROUND_CLEAN_CACHE,
> +        MIDR_RANGE(MIDR_CORTEX_A53, 0x00, 0x01),
> +    },
> +#endif
>      {},
>  };
>  
> diff --git a/xen/include/asm-arm/arm64/page.h 
> b/xen/include/asm-arm/arm64/page.h
> index fbdc8fb..79ef7bd 100644
> --- a/xen/include/asm-arm/arm64/page.h
> +++ b/xen/include/asm-arm/arm64/page.h
> @@ -3,6 +3,8 @@
>  
>  #ifndef __ASSEMBLY__
>  
> +#include <asm/alternative.h>
> +
>  /* Write a pagetable entry */
>  static inline void write_pte(lpae_t *p, lpae_t pte)
>  {
> @@ -18,7 +20,10 @@ static inline void write_pte(lpae_t *p, lpae_t pte)
>  #define __invalidate_dcache_one(R) "dc ivac, %" #R ";"
>  
>  /* Inline ASM to flush dcache on register R (may be an inline asm operand) */
> -#define __clean_dcache_one(R) "dc cvac, %" #R ";"
> +#define __clean_dcache_one(R)                   \
> +    ALTERNATIVE("dc cvac, %" #R ";",            \
> +                "dc civac, %" #R ";",           \
> +                ARM64_WORKAROUND_CLEAN_CACHE)   \
>  
>  /* Inline ASM to clean and invalidate dcache on register R (may be an
>   * inline asm operand) */
> diff --git a/xen/include/asm-arm/cpufeature.h 
> b/xen/include/asm-arm/cpufeature.h
> index fb57295..474a778 100644
> --- a/xen/include/asm-arm/cpufeature.h
> +++ b/xen/include/asm-arm/cpufeature.h
> @@ -35,7 +35,9 @@
>  #endif
>  #define cpu_has_security  (boot_cpu_feature32(security) > 0)
>  
> -#define ARM_NCAPS           0
> +#define ARM64_WORKAROUND_CLEAN_CACHE    0
> +
> +#define ARM_NCAPS           1
>  
>  #ifndef __ASSEMBLY__
>  
> diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h
> index dba9b9a..5089bfd 100644
> --- a/xen/include/asm-arm/processor.h
> +++ b/xen/include/asm-arm/processor.h
> @@ -44,6 +44,12 @@
>          _model == (model) && _rv >= (rv_min) && _rv <= (rv_max);        \
>  })
>  
> +#define ARM_CPU_IMP_ARM             0x41
> +
> +#define ARM_CPU_PART_CORTEX_A53     0xD03
> +
> +#define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, 
> ARM_CPU_PART_CORTEX_A53)
> +
>  /* MPIDR Multiprocessor Affinity Register */
>  #define _MPIDR_UP           (30)
>  #define MPIDR_UP            (_AC(1,U) << _MPIDR_UP)
> -- 
> 1.9.1
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.