arm64: erratum: Work around Falkor erratum #E1003 in trampoline code

Commit d1777e686ad1 upstream.

We rely on an atomic swizzling of TTBR1 when transitioning from the entry
trampoline to the kernel proper on an exception. We can't rely on this
atomicity in the face of Falkor erratum #E1003, so on affected cores we
can issue a TLB invalidation to invalidate the walk cache prior to
jumping into the kernel. There is still the possibility of a TLB conflict
here due to conflicting walk cache entries prior to the invalidation, but
this doesn't appear to be the case on these CPUs in practice.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 15a511c0cbd1b1c8f800ce8c8921fb2390fb2d05)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index b0066730b78618e5d14a3fa880acb089d5416382..4a84debc136cb37bb94950f68d28e432b0f540eb 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -521,20 +521,13 @@ config CAVIUM_ERRATUM_30115
 config QCOM_FALKOR_ERRATUM_1003
        bool "Falkor E1003: Incorrect translation due to ASID change"
        default y
-       select ARM64_PAN if ARM64_SW_TTBR0_PAN
        help
          On Falkor v1, an incorrect ASID may be cached in the TLB when ASID
-         and BADDR are changed together in TTBRx_EL1. The workaround for this
-         issue is to use a reserved ASID in cpu_do_switch_mm() before
-         switching to the new ASID. Saying Y here selects ARM64_PAN if
-         ARM64_SW_TTBR0_PAN is selected. This is done because implementing and
-         maintaining the E1003 workaround in the software PAN emulation code
-         would be an unnecessary complication. The affected Falkor v1 CPU
-         implements ARMv8.1 hardware PAN support and using hardware PAN
-         support versus software PAN emulation is mutually exclusive at
-         runtime.
-
-         If unsure, say Y.
+         and BADDR are changed together in TTBRx_EL1. Since we keep the ASID
+         in TTBR1_EL1, this situation only occurs in the entry trampoline and
+         then only for entries in the walk cache, since the leaf translation
+         is unchanged. Work around the erratum by invalidating the walk cache
+         entries for the trampoline before entering the kernel proper.
 
 config QCOM_FALKOR_ERRATUM_1009
        bool "Falkor E1009: Prematurely complete a DSB after a TLBI"

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 0210893435dd81c652848948c37f40bb560041c8..1f185f8c973c3747327b790258ec2afeab7ebaa3 100644 (file)
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -943,6 +943,18 @@ __ni_sys_trace:
        sub     \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE)
        bic     \tmp, \tmp, #USER_ASID_FLAG
        msr     ttbr1_el1, \tmp
+#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003
+alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003
+       /* ASID already in \tmp[63:48] */
+       movk    \tmp, #:abs_g2_nc:(TRAMP_VALIAS >> 12)
+       movk    \tmp, #:abs_g1_nc:(TRAMP_VALIAS >> 12)
+       /* 2MB boundary containing the vectors, so we nobble the walk cache */
+       movk    \tmp, #:abs_g0_nc:((TRAMP_VALIAS & ~(SZ_2M - 1)) >> 12)
+       isb
+       tlbi    vae1, \tmp
+       dsb     nsh
+alternative_else_nop_endif
+#endif /* CONFIG_QCOM_FALKOR_ERRATUM_1003 */
        .endm
 
        .macro tramp_unmap_kernel, tmp