Commit 471470bc authored by Rob Herring's avatar Rob Herring Committed by Will Deacon
Browse files

arm64: errata: Add Cortex-A520 speculative unprivileged load workaround 



Implement the workaround for ARM Cortex-A520 erratum 2966298. On an
affected Cortex-A520 core, a speculatively executed unprivileged load
might leak data from a privileged load via a cache side channel. The
issue only exists for loads within a translation regime with the same
translation (e.g. same ASID and VMID). Therefore, the issue only affects
the return to EL0.

The workaround is to execute a TLBI before returning to EL0 after all
loads of privileged data. A non-shareable TLBI to any address is
sufficient.

The workaround isn't necessary if page table isolation (KPTI) is
enabled, but for simplicity it will be. Page table isolation should
normally be disabled for Cortex-A520 as it supports the CSV3 feature
and the E0PD feature (used when KASLR is enabled).

Cc: stable@vger.kernel.org
Signed-off-by: default avatarRob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20230921194156.1050055-2-robh@kernel.org


Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent a654a69b

Documentation/arch/arm64/silicon-errata.rst

+2 −0
Original line number Diff line number Diff line
@@ -71,6 +71,8 @@ stable kernels. 
+----------------+-----------------+-----------------+-----------------------------+

| ARM            | Cortex-A510     | #2658417        | ARM64_ERRATUM_2658417       |

+----------------+-----------------+-----------------+-----------------------------+

| ARM            | Cortex-A520     | #2966298        | ARM64_ERRATUM_2966298       |

+----------------+-----------------+-----------------+-----------------------------+

| ARM            | Cortex-A53      | #826319         | ARM64_ERRATUM_826319        |

+----------------+-----------------+-----------------+-----------------------------+

| ARM            | Cortex-A53      | #827319         | ARM64_ERRATUM_827319        |

arch/arm64/Kconfig

+13 −0
Original line number Diff line number Diff line
@@ -1037,6 +1037,19 @@ config ARM64_ERRATUM_2645198 


	  If unsure, say Y.



config ARM64_ERRATUM_2966298

	bool "Cortex-A520: 2966298: workaround for speculatively executed unprivileged load"

	default y

	help

	  This option adds the workaround for ARM Cortex-A520 erratum 2966298.



	  On an affected Cortex-A520 core, a speculatively executed unprivileged

	  load might leak data from a privileged level via a cache side channel.



	  Work around this problem by executing a TLBI before returning to EL0.



	  If unsure, say Y.



config CAVIUM_ERRATUM_22375

	bool "Cavium erratum 22375, 24313"

	default y

arch/arm64/kernel/cpu_errata.c

+8 −0
Original line number Diff line number Diff line
@@ -730,6 +730,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { 
		.cpu_enable = cpu_clear_bf16_from_user_emulation,

	},

#endif

#ifdef CONFIG_ARM64_ERRATUM_2966298

	{

		.desc = "ARM erratum 2966298",

		.capability = ARM64_WORKAROUND_2966298,

		/* Cortex-A520 r0p0 - r0p1 */

		ERRATA_MIDR_REV_RANGE(MIDR_CORTEX_A520, 0, 0, 1),

	},

#endif

#ifdef CONFIG_AMPERE_ERRATUM_AC03_CPU_38

	{

		.desc = "AmpereOne erratum AC03_CPU_38",

arch/arm64/kernel/entry.S

+4 −0
Original line number Diff line number Diff line
@@ -428,6 +428,10 @@ alternative_else_nop_endif 
	ldp	x28, x29, [sp, #16 * 14]



	.if	\el == 0

alternative_if ARM64_WORKAROUND_2966298

	tlbi	vale1, xzr

	dsb	nsh

alternative_else_nop_endif

alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0

	ldr	lr, [sp, #S_LR]

	add	sp, sp, #PT_REGS_SIZE		// restore sp

arch/arm64/tools/cpucaps

+1 −0
Original line number Diff line number Diff line
@@ -84,6 +84,7 @@ WORKAROUND_2077057 
WORKAROUND_2457168

WORKAROUND_2645198

WORKAROUND_2658417

WORKAROUND_2966298

WORKAROUND_AMPERE_AC03_CPU_38

WORKAROUND_TRBE_OVERWRITE_FILL_MODE

WORKAROUND_TSB_FLUSH_FAILURE